INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.47' (ECDSA) to the list of known hosts.
2018/04/11 08:29:11 fuzzer started
2018/04/11 08:29:12 dialing manager at 10.128.0.26:36259
syzkaller login: [   33.682343] random: crng init done
2018/04/11 08:29:17 kcov=true, comps=false
2018/04/11 08:29:20 executing program 0:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'ccm(camellia)\x00'}, 0x58)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x5)

2018/04/11 08:29:20 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000004ffb))
getdents64(r0, &(0x7f0000000180)=""/75, 0x1e)
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
getdents64(r0, &(0x7f0000271fb8)=""/72, 0x48)

2018/04/11 08:29:20 executing program 7:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x80, 0x401}, {0x6, 0x2}]}, 0x10)

2018/04/11 08:29:20 executing program 2:
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000300fc0)={0x2, 0x1, 0x0, 0x3, 0x8, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1=0xe0000001}}]}, 0x40}, 0x1}, 0x0)

2018/04/11 08:29:20 executing program 3:
r0 = socket$inet6(0xa, 0x805, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000100)="ff0204000000000100000000000000000000000000000205", 0x18)
sendto$inet6(r0, &(0x7f0000000000)="d3", 0x1, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c)

2018/04/11 08:29:20 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000400)=[{0x2d}, {0x16}]}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000003c40)={&(0x7f0000000080)={0x10}, 0xc, &(0x7f0000003c00)={&(0x7f0000000540)=@newlink={0x20, 0x10, 0x1}, 0x20}, 0x1}, 0x0)

2018/04/11 08:29:20 executing program 5:
r0 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc0189436, &(0x7f0000000040)={{&(0x7f0000ff9000/0x4000)=nil, 0x4000}, 0x40003})

2018/04/11 08:29:20 executing program 6:
timer_create(0xfffffffffffffffd, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000816000))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{}, {0x0, 0x1c9c380}}, 0x0)
timer_gettime(0x0, &(0x7f0000000040))

[   42.414607] ip (3577) used greatest stack depth: 54888 bytes left
[   42.519123] ip (3586) used greatest stack depth: 54672 bytes left
[   43.152401] ip (3649) used greatest stack depth: 54408 bytes left
[   43.949612] ip (3724) used greatest stack depth: 54200 bytes left
[   46.070167] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   46.096616] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   46.110868] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   46.169190] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   46.203625] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   46.301176] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   46.427888] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   46.518916] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   54.249085] ==================================================================
[   54.256490] BUG: KMSAN: uninit-value in rcu_cblist_dequeue+0x1bb/0x290
[   54.263156] CPU: 1 PID: 4603 Comm: syz-executor5 Not tainted 4.16.0+ #83
[   54.269990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   54.279335] Call Trace:
[   54.281911]  <IRQ>
[   54.284061]  dump_stack+0x185/0x1d0
[   54.287689]  ? rcu_cblist_dequeue+0x1bb/0x290
[   54.292182]  kmsan_report+0x142/0x240
[   54.295985]  __msan_warning_32+0x6c/0xb0
[   54.300048]  rcu_cblist_dequeue+0x1bb/0x290
[   54.304368]  ? put_filp+0x160/0x160
[   54.307992]  rcu_process_callbacks+0x17cf/0x2070
[   54.312751]  ? rcu_scheduler_starting+0xe0/0xe0
[   54.317421]  __do_softirq+0x56d/0x93d
[   54.321223]  irq_exit+0x202/0x240
[   54.324674]  exiting_irq+0xe/0x10
[   54.328128]  smp_apic_timer_interrupt+0x64/0x90
[   54.332791]  apic_timer_interrupt+0xf/0x20
[   54.337009]  </IRQ>
[   54.339245] RIP: 0010:__msan_poison_alloca+0x14c/0x1d0
[   54.344504] RSP: 0018:ffff88016dbff130 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff12
[   54.352204] RAX: 00000000d840004d RBX: 00000000d840004d RCX: ffff88016dbff170
[   54.359463] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 00000000ba25a52e
[   54.366725] RBP: ffff88016dbff1d0 R08: 0000000001080020 R09: 0000000000000002
[   54.373987] R10: ffffffff872016d0 R11: ffff88016dbf0000 R12: 0000000000000000
[   54.381248] R13: ffffffff87cad860 R14: 0000000000000246 R15: ffff88016e6d9d80
[   54.388524]  ? __entry_text_end+0x1/0x1
[   54.392507]  ? unmap_page_range+0x1db4/0x3be0
[   54.397623]  ? page_remove_rmap+0x85/0xe30
[   54.401855]  ? unmap_page_range+0x1db4/0x3be0
[   54.406348]  ? unmap_page_range+0x1db4/0x3be0
[   54.410841]  page_remove_rmap+0x85/0xe30
[   54.414905]  unmap_page_range+0x1db4/0x3be0
[   54.419240]  unmap_single_vma+0x45b/0x5f0
[   54.423391]  unmap_vmas+0x1f4/0x360
[   54.427018]  exit_mmap+0x3da/0x950
[   54.430566]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[   54.435925]  ? __mmput+0x3f/0x610
[   54.439376]  __mmput+0x16c/0x610
[   54.442738]  mmput+0xab/0xf0
[   54.445758]  flush_old_exec+0x1adb/0x2170
[   54.449910]  load_elf_binary+0x134d/0x8f90
[   54.454153]  ? kmsan_set_origin_inline+0x6b/0x120
[   54.458987]  ? __msan_poison_alloca+0x15c/0x1d0
[   54.463653]  ? kmsan_set_origin_inline+0x6b/0x120
[   54.468490]  ? __msan_poison_alloca+0x15c/0x1d0
[   54.473150]  ? search_binary_handler+0x2ef/0xac0
[   54.477901]  ? load_script+0x5c/0xcd0
[   54.481691]  ? search_binary_handler+0x2ef/0xac0
[   54.486435]  ? load_script+0x61/0xcd0
[   54.490229]  ? load_elf_binary+0x4ba1/0x8f90
[   54.494636]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[   54.499994]  ? load_script+0xcd0/0xcd0
[   54.503876]  search_binary_handler+0x2ef/0xac0
[   54.508460]  do_execveat_common+0x1f4d/0x2ce0
[   54.512962]  SYSC_execve+0xe2/0x110
[   54.516593]  SyS_execve+0x56/0x80
[   54.520046]  do_syscall_64+0x309/0x430
[   54.523932]  ? set_binfmt+0x1b0/0x1b0
[   54.527736]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   54.532915] RIP: 0033:0x453be7
[   54.536093] RSP: 002b:0000000000a3fb28 EFLAGS: 00000207 ORIG_RAX: 000000000000003b
[   54.543794] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000453be7
[   54.551055] RDX: 00007ffde9a017b8 RSI: 0000000000a3fb60 RDI: 00000000004c7148
[   54.558317] RBP: 0000000000a3fce0 R08: 0000000000000000 R09: 0000000000000025
[   54.565584] R10: 0000000000000008 R11: 0000000000000207 R12: 0000000000a3ff10
[   54.572843] R13: 0000000000411160 R14: 0000000000000000 R15: 0000000000000000
[   54.580106] 
[   54.581719] Uninit was stored to memory at:
[   54.586034]  kmsan_internal_chain_origin+0x12b/0x210
[   54.591130]  __msan_chain_origin+0x69/0xc0
[   54.595356]  rcu_cblist_dequeue+0x1e0/0x290
[   54.599665]  rcu_process_callbacks+0x17cf/0x2070
[   54.604417]  __do_softirq+0x56d/0x93d
[   54.608199] Uninit was stored to memory at:
[   54.612515]  kmsan_internal_chain_origin+0x12b/0x210
[   54.617613]  __msan_chain_origin+0x69/0xc0
[   54.621846]  rcu_segcblist_enqueue+0x24c/0x2d0
[   54.626421]  __call_rcu+0x227/0xef0
[   54.630042]  kfree_call_rcu+0x35/0x40
[   54.633838]  sock_destroy_inode+0x71/0xd0
[   54.637977]  evict+0xc7b/0xda0
[   54.641161]  iput+0xb85/0xf10
[   54.644263]  dentry_unlink_inode+0x84b/0x8a0
[   54.648666]  __dentry_kill+0x86e/0xd20
[   54.652554]  dput+0xbde/0xce0
[   54.655654]  __fput+0x933/0xa10
[   54.658926]  ____fput+0x37/0x40
[   54.662201]  task_work_run+0x243/0x2c0
[   54.666080]  do_exit+0x10e1/0x38d0
[   54.669617]  do_group_exit+0x1a0/0x360
[   54.673507]  SYSC_exit_group+0x21/0x30
[   54.677390]  SyS_exit_group+0x25/0x30
[   54.681181]  do_syscall_64+0x309/0x430
[   54.685065]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   54.690235] Uninit was created at:
[   54.693770]  kmsan_alloc_meta_for_pages+0x161/0x3a0
[   54.698780]  kmsan_alloc_page+0x82/0xe0
[   54.702749]  __alloc_pages_nodemask+0xf5b/0x5dc0
[   54.707497]  alloc_pages_current+0x6b5/0x970
[   54.711897]  new_slab+0x366/0x1bb0
[   54.715434]  ___slab_alloc+0x1512/0x1f60
[   54.719487]  kmem_cache_alloc+0x9a2/0xb90
[   54.723626]  sock_alloc_inode+0x5f/0x2b0
[   54.727676]  new_inode_pseudo+0x8a/0x430
[   54.731726]  __sock_create+0x392/0xf60
[   54.735604]  sock_create_kern+0xf0/0x100
[   54.739659]  inet_ctl_sock_create+0xee/0x2c0
[   54.744060]  icmpv6_sk_init+0x1c8/0x680
[   54.748029]  ops_init+0x60f/0x7b0
[   54.751473]  setup_net+0x213/0xcf0
[   54.755003]  copy_net_ns+0x572/0xc40
[   54.758709]  create_new_namespaces+0x7f5/0xe80
[   54.763372]  unshare_nsproxy_namespaces+0x23b/0x320
[   54.768379]  SYSC_unshare+0x88c/0x10f0
[   54.772259]  SyS_unshare+0x36/0x50
[   54.775403] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   54.775788]  do_syscall_64+0x309/0x430
[   54.775814]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   54.790881] ==================================================================
[   54.798226] Disabling lock debugging due to kernel taint
[   54.803669] Kernel panic - not syncing: panic_on_warn set ...
[   54.803669] 
[   54.811033] CPU: 1 PID: 4603 Comm: syz-executor5 Tainted: G    B            4.16.0+ #83
[   54.819162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   54.828505] Call Trace:
[   54.831081]  <IRQ>
[   54.833225]  dump_stack+0x185/0x1d0
[   54.836848]  panic+0x39d/0x940
[   54.840054]  ? rcu_cblist_dequeue+0x1bb/0x290
[   54.844548]  kmsan_report+0x238/0x240
[   54.848343]  __msan_warning_32+0x6c/0xb0
[   54.852399]  rcu_cblist_dequeue+0x1bb/0x290
[   54.856713]  ? put_filp+0x160/0x160
[   54.860333]  rcu_process_callbacks+0x17cf/0x2070
[   54.865088]  ? rcu_scheduler_starting+0xe0/0xe0
[   54.869752]  __do_softirq+0x56d/0x93d
[   54.873561]  irq_exit+0x202/0x240
[   54.877009]  exiting_irq+0xe/0x10
[   54.880464]  smp_apic_timer_interrupt+0x64/0x90
[   54.885127]  apic_timer_interrupt+0xf/0x20
[   54.889349]  </IRQ>
[   54.891582] RIP: 0010:__msan_poison_alloca+0x14c/0x1d0
[   54.896850] RSP: 0018:ffff88016dbff130 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff12
[   54.904557] RAX: 00000000d840004d RBX: 00000000d840004d RCX: ffff88016dbff170
[   54.911821] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 00000000ba25a52e
[   54.919088] RBP: ffff88016dbff1d0 R08: 0000000001080020 R09: 0000000000000002
[   54.926354] R10: ffffffff872016d0 R11: ffff88016dbf0000 R12: 0000000000000000
[   54.927738] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   54.933614] R13: ffffffff87cad860 R14: 0000000000000246 R15: ffff88016e6d9d80
[   54.933635]  ? __entry_text_end+0x1/0x1
[   54.933665]  ? unmap_page_range+0x1db4/0x3be0
[   54.955406]  ? page_remove_rmap+0x85/0xe30
[   54.959638]  ? unmap_page_range+0x1db4/0x3be0
[   54.959837] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   54.964123]  ? unmap_page_range+0x1db4/0x3be0
[   54.964138]  page_remove_rmap+0x85/0xe30
[   54.964151]  unmap_page_range+0x1db4/0x3be0
[   54.964180]  unmap_single_vma+0x45b/0x5f0
[   54.987174]  unmap_vmas+0x1f4/0x360
[   54.990804]  exit_mmap+0x3da/0x950
[   54.994345]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[   54.999704]  ? __mmput+0x3f/0x610
[   55.003152]  __mmput+0x16c/0x610
[   55.006512]  mmput+0xab/0xf0
[   55.009539]  flush_old_exec+0x1adb/0x2170
[   55.013707]  load_elf_binary+0x134d/0x8f90
[   55.017946]  ? kmsan_set_origin_inline+0x6b/0x120
[   55.022791]  ? __msan_poison_alloca+0x15c/0x1d0
[   55.027457]  ? kmsan_set_origin_inline+0x6b/0x120
[   55.032291]  ? __msan_poison_alloca+0x15c/0x1d0
[   55.036956]  ? search_binary_handler+0x2ef/0xac0
[   55.041705]  ? load_script+0x5c/0xcd0
[   55.045501]  ? search_binary_handler+0x2ef/0xac0
[   55.050253]  ? load_script+0x61/0xcd0
[   55.054045]  ? load_elf_binary+0x4ba1/0x8f90
[   55.058448]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[   55.063811]  ? load_script+0xcd0/0xcd0
[   55.067698]  search_binary_handler+0x2ef/0xac0
[   55.072278]  do_execveat_common+0x1f4d/0x2ce0
[   55.076781]  SYSC_execve+0xe2/0x110
[   55.080411]  SyS_execve+0x56/0x80
[   55.083860]  do_syscall_64+0x309/0x430
[   55.087748]  ? set_binfmt+0x1b0/0x1b0
[   55.091553]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   55.096732] RIP: 0033:0x453be7
[   55.099909] RSP: 002b:0000000000a3fb28 EFLAGS: 00000207 ORIG_RAX: 000000000000003b
[   55.107612] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000453be7
[   55.114874] RDX: 00007ffde9a017b8 RSI: 0000000000a3fb60 RDI: 00000000004c7148
[   55.122134] RBP: 0000000000a3fce0 R08: 0000000000000000 R09: 0000000000000025
[   55.129398] R10: 0000000000000008 R11: 0000000000000207 R12: 0000000000a3ff10
[   55.136664] R13: 0000000000411160 R14: 0000000000000000 R15: 0000000000000000
[   55.144357] Dumping ftrace buffer:
[   55.147875]    (ftrace buffer empty)
[   55.151556] Kernel Offset: disabled
[   55.155154] Rebooting in 86400 seconds..