INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.29' (ECDSA) to the list of known hosts.
2018/04/21 11:51:11 fuzzer started
2018/04/21 11:51:12 dialing manager at 10.128.0.26:35229
2018/04/21 11:51:18 kcov=true, comps=false
2018/04/21 11:51:21 executing program 0:

2018/04/21 11:51:21 executing program 2:

2018/04/21 11:51:21 executing program 7:

2018/04/21 11:51:21 executing program 3:

2018/04/21 11:51:21 executing program 5:

2018/04/21 11:51:21 executing program 4:

2018/04/21 11:51:21 executing program 6:

2018/04/21 11:51:21 executing program 1:

syzkaller login: [   42.912217] ip (3769) used greatest stack depth: 54688 bytes left
[   43.631427] ip (3837) used greatest stack depth: 54408 bytes left
[   43.901679] ip (3866) used greatest stack depth: 54200 bytes left
[   44.494963] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.501444] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.545967] device bridge_slave_0 entered promiscuous mode
[   44.617320] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.623814] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.673672] device bridge_slave_0 entered promiscuous mode
[   44.758152] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.764704] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.786893] device bridge_slave_0 entered promiscuous mode
[   44.797439] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.803937] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.816167] device bridge_slave_0 entered promiscuous mode
[   44.831356] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.837856] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.853587] device bridge_slave_0 entered promiscuous mode
[   44.894396] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.900911] bridge0: port 2(bridge_slave_1) entered disabled state
[   44.926004] device bridge_slave_1 entered promiscuous mode
[   44.932808] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.939280] bridge0: port 2(bridge_slave_1) entered disabled state
[   44.959558] device bridge_slave_1 entered promiscuous mode
[   44.966284] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.972735] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.990675] device bridge_slave_0 entered promiscuous mode
[   45.007520] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.014004] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.044057] device bridge_slave_1 entered promiscuous mode
[   45.069294] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.075818] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.088749] device bridge_slave_0 entered promiscuous mode
[   45.097627] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.104134] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.119385] device bridge_slave_1 entered promiscuous mode
[   45.126004] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.132578] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.150695] device bridge_slave_1 entered promiscuous mode
[   45.177850] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   45.187461] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   45.197579] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   45.205363] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.211817] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.244800] device bridge_slave_1 entered promiscuous mode
[   45.253452] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.259915] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.297426] device bridge_slave_1 entered promiscuous mode
[   45.325819] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   45.337272] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   45.363123] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.369596] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.406189] device bridge_slave_0 entered promiscuous mode
[   45.422762] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   45.430347] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   45.453789] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   45.466535] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   45.494739] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   45.524817] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   45.557325] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   45.590989] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.597491] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.646732] device bridge_slave_1 entered promiscuous mode
[   45.681537] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   45.703674] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   45.882114] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   46.107733] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   46.410498] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   46.475712] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   46.492530] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   46.529249] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   46.541287] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   46.601243] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   46.641911] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   46.694200] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   46.715865] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   46.735137] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   46.743266] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   46.807342] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   46.862360] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   46.931750] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   47.119865] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   47.156797] ==================================================================
[   47.164200] BUG: KMSAN: uninit-value in get_page_from_freelist+0x5e50/0xb600
[   47.171389] CPU: 0 PID: 3643 Comm: syz-executor6 Not tainted 4.16.0+ #84
[   47.178227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   47.187580] Call Trace:
[   47.190180]  dump_stack+0x185/0x1d0
[   47.193823]  ? get_page_from_freelist+0x5e50/0xb600
[   47.198865]  kmsan_report+0x142/0x240
[   47.202670]  __msan_warning_32+0x6c/0xb0
[   47.206739]  get_page_from_freelist+0x5e50/0xb600
[   47.211594]  ? __alloc_pages_nodemask+0xf5b/0x5dc0
[   47.216536]  ? kernel_poison_pages+0x40/0x360
[   47.221038]  ? save_stack_trace+0xa5/0xf0
[   47.225188]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   47.230655]  ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   47.236027]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   47.241485]  ? update_stack_state+0x885/0xa40
[   47.246338]  ? save_stack_trace+0xa5/0xf0
[   47.250500]  ? kmsan_set_origin_inline+0x6b/0x120
[   47.255346]  ? __msan_poison_alloca+0x15c/0x1d0
[   47.260034]  __alloc_pages_nodemask+0x789/0x5dc0
[   47.264802]  ? kernel_text_address+0x34d/0x3a0
[   47.269392]  ? __kernel_text_address+0x34/0xe0
[   47.273977]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   47.279430]  ? __save_stack_trace+0x893/0xa80
[   47.283941]  ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   47.289308]  ? kmsan_set_origin+0x9e/0x160
[   47.293538]  alloc_pages_current+0x6b5/0x970
[   47.297954]  get_zeroed_page+0x3f/0xd0
[   47.301852]  __pud_alloc+0xab/0x440
[   47.305484]  ? copy_process+0x6d15/0x9b30
[   47.309646]  copy_page_range+0x3bda/0x3f10
[   47.313882]  ? _cond_resched+0x3c/0xd0
[   47.317770]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   47.323222]  ? __rb_insert_augmented+0xd4e/0x13e0
[   47.328066]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[   47.333426]  ? init_admin_reserve+0x160/0x160
[   47.337921]  ? __vma_link_rb+0xc0e/0xcd0
[   47.341984]  copy_process+0x6d15/0x9b30
[   47.345978]  _do_fork+0x311/0xf00
[   47.349436]  ? prepare_exit_to_usermode+0x149/0x3a0
[   47.354461]  SYSC_clone+0xf6/0x110
[   47.358007]  SyS_clone+0x77/0xa0
[   47.361381]  do_syscall_64+0x309/0x430
[   47.365268]  ? sys_vfork+0x70/0x70
[   47.368810]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   47.373992] RIP: 0033:0x41f1a9
[   47.377173] RSP: 002b:0000000000a3fad0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   47.384877] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000041f1a9
[   47.392145] RDX: 0000000000a3fadc RSI: 0000000000000000 RDI: 0000000000100011
[   47.399498] RBP: 0000000000a3fc80 R08: 0000000000a44a60 R09: 0000000000000025
[   47.406774] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000a3fe60
[   47.414040] R13: 0000000000a3fe28 R14: 0000000000000000 R15: 0000000000000000
[   47.421305] 
[   47.422918] Uninit was stored to memory at:
[   47.427237]  kmsan_internal_chain_origin+0x12b/0x210
[   47.432342]  __msan_chain_origin+0x69/0xc0
[   47.436577]  free_unref_page_commit+0x4fb/0x530
[   47.441242]  free_pages+0x290/0x320
[   47.444865]  tlb_finish_mmu+0x3f7/0x5c0
[   47.448835]  exit_mmap+0x498/0x950
[   47.452366]  __mmput+0x16c/0x610
[   47.455727]  mmput+0xab/0xf0
[   47.458827]  exit_mm+0x6ed/0x7a0
[   47.462192]  do_exit+0xc01/0x38d0
[   47.465643]  do_group_exit+0x1a0/0x360
[   47.469524]  SYSC_exit_group+0x21/0x30
[   47.473408]  SyS_exit_group+0x25/0x30
[   47.477204]  do_syscall_64+0x309/0x430
[   47.481090]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   47.486267] Uninit was stored to memory at:
[   47.490588]  kmsan_internal_chain_origin+0x12b/0x210
[   47.495695]  __msan_chain_origin+0x69/0xc0
[   47.499928]  unmap_page_range+0xeb4/0x3be0
[   47.504156]  unmap_single_vma+0x45b/0x5f0
[   47.508300]  unmap_vmas+0x1f4/0x360
[   47.511919]  exit_mmap+0x3da/0x950
[   47.515452]  __mmput+0x16c/0x610
[   47.518809]  mmput+0xab/0xf0
[   47.521821]  exit_mm+0x6ed/0x7a0
[   47.525183]  do_exit+0xc01/0x38d0
[   47.528636]  do_group_exit+0x1a0/0x360
[   47.532531]  SYSC_exit_group+0x21/0x30
[   47.536182] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   47.536406]  SyS_exit_group+0x25/0x30
[   47.536429]  do_syscall_64+0x309/0x430
[   47.550916]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   47.556095] Uninit was stored to memory at:
[   47.560417]  kmsan_internal_chain_origin+0x12b/0x210
[   47.565518]  __msan_chain_origin+0x69/0xc0
[   47.569755]  free_unref_page_commit+0x4fb/0x530
[   47.574423]  free_pages+0x290/0x320
[   47.578047]  tlb_finish_mmu+0x3f7/0x5c0
[   47.582027]  exit_mmap+0x498/0x950
[   47.585563]  __mmput+0x16c/0x610
[   47.588929]  mmput+0xab/0xf0
[   47.591952]  exit_mm+0x6ed/0x7a0
[   47.595315]  do_exit+0xc01/0x38d0
[   47.598764]  do_group_exit+0x1a0/0x360
[   47.602647]  SYSC_exit_group+0x21/0x30
[   47.606528]  SyS_exit_group+0x25/0x30
[   47.610321]  do_syscall_64+0x309/0x430
[   47.614208]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   47.619385] Local variable description: ----tlb@exit_mmap
[   47.624907] Variable was created at:
[   47.628627]  exit_mmap+0x48/0x950
[   47.632070]  __mmput+0x16c/0x610
[   47.635423] ==================================================================
[   47.642768] Disabling lock debugging due to kernel taint
[   47.648207] Kernel panic - not syncing: panic_on_warn set ...
[   47.648207] 
[   47.655566] CPU: 0 PID: 3643 Comm: syz-executor6 Tainted: G    B            4.16.0+ #84
[   47.663696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   47.673049] Call Trace:
[   47.675645]  dump_stack+0x185/0x1d0
[   47.679276]  panic+0x39d/0x940
[   47.682490]  ? get_page_from_freelist+0x5e50/0xb600
[   47.687506]  kmsan_report+0x238/0x240
[   47.691310]  __msan_warning_32+0x6c/0xb0
[   47.695373]  get_page_from_freelist+0x5e50/0xb600
[   47.700228]  ? __alloc_pages_nodemask+0xf5b/0x5dc0
[   47.705156]  ? kernel_poison_pages+0x40/0x360
[   47.709657]  ? save_stack_trace+0xa5/0xf0
[   47.710839] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   47.713803]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   47.713822]  ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   47.713834]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   47.713847]  ? update_stack_state+0x885/0xa40
[   47.713862]  ? save_stack_trace+0xa5/0xf0
[   47.713872]  ? kmsan_set_origin_inline+0x6b/0x120
[   47.713895]  ? __msan_poison_alloca+0x15c/0x1d0
[   47.754936]  __alloc_pages_nodemask+0x789/0x5dc0
[   47.760789]  ? kernel_text_address+0x34d/0x3a0
[   47.765376]  ? __kernel_text_address+0x34/0xe0
[   47.769962]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   47.775416]  ? __save_stack_trace+0x893/0xa80
[   47.779920]  ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   47.785289]  ? kmsan_set_origin+0x9e/0x160
[   47.789526]  alloc_pages_current+0x6b5/0x970
[   47.793938]  get_zeroed_page+0x3f/0xd0
[   47.797821]  __pud_alloc+0xab/0x440
[   47.801446]  ? copy_process+0x6d15/0x9b30
[   47.805588]  copy_page_range+0x3bda/0x3f10
[   47.809821]  ? _cond_resched+0x3c/0xd0
[   47.813709]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   47.819158]  ? __rb_insert_augmented+0xd4e/0x13e0
[   47.824003]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[   47.829365]  ? init_admin_reserve+0x160/0x160
[   47.833858]  ? __vma_link_rb+0xc0e/0xcd0
[   47.837923]  copy_process+0x6d15/0x9b30
[   47.841083] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   47.841914]  _do_fork+0x311/0xf00
[   47.852091]  ? prepare_exit_to_usermode+0x149/0x3a0
[   47.857105]  SYSC_clone+0xf6/0x110
[   47.860652]  SyS_clone+0x77/0xa0
[   47.864021]  do_syscall_64+0x309/0x430
[   47.867911]  ? sys_vfork+0x70/0x70
[   47.871453]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   47.876636] RIP: 0033:0x41f1a9
[   47.879817] RSP: 002b:0000000000a3fad0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   47.887525] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000041f1a9
[   47.887948] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   47.894784] RDX: 0000000000a3fadc RSI: 0000000000000000 RDI: 0000000000100011
[   47.894791] RBP: 0000000000a3fc80 R08: 0000000000a44a60 R09: 0000000000000025
[   47.894797] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000a3fe60
[   47.894803] R13: 0000000000a3fe28 R14: 0000000000000000 R15: 0000000000000000
[   47.895266] Dumping ftrace buffer:
[   47.895269]    (ftrace buffer empty)
[   47.895273] Kernel Offset: disabled
[   47.941854] Rebooting in 86400 seconds..