INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts.
2018/04/20 05:36:47 fuzzer started
2018/04/20 05:36:47 dialing manager at 10.128.0.26:41811
2018/04/20 05:36:53 kcov=true, comps=false
2018/04/20 05:36:56 executing program 0:

2018/04/20 05:36:56 executing program 1:

2018/04/20 05:36:56 executing program 7:

2018/04/20 05:36:56 executing program 4:

2018/04/20 05:36:56 executing program 2:

2018/04/20 05:36:56 executing program 3:

2018/04/20 05:36:56 executing program 5:

2018/04/20 05:36:56 executing program 6:

syzkaller login: [   39.258318] ip (3779) used greatest stack depth: 54672 bytes left
[   39.516492] ip (3803) used greatest stack depth: 54312 bytes left
[   40.378314] ip (3888) used greatest stack depth: 54200 bytes left
[   40.792405] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.798918] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.808910] device bridge_slave_0 entered promiscuous mode
[   40.843928] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.850424] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.886845] device bridge_slave_0 entered promiscuous mode
[   40.908935] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.915425] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.930940] device bridge_slave_0 entered promiscuous mode
[   40.944200] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.950678] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.978916] device bridge_slave_0 entered promiscuous mode
[   40.989888] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.996371] bridge0: port 1(bridge_slave_0) entered disabled state
[   41.006775] device bridge_slave_0 entered promiscuous mode
[   41.019559] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.026020] bridge0: port 1(bridge_slave_0) entered disabled state
[   41.034958] device bridge_slave_0 entered promiscuous mode
[   41.045505] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.051954] bridge0: port 2(bridge_slave_1) entered disabled state
[   41.062751] device bridge_slave_1 entered promiscuous mode
[   41.070286] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.076720] bridge0: port 1(bridge_slave_0) entered disabled state
[   41.097260] device bridge_slave_0 entered promiscuous mode
[   41.122826] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.129322] bridge0: port 1(bridge_slave_0) entered disabled state
[   41.149355] device bridge_slave_0 entered promiscuous mode
[   41.165704] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.172240] bridge0: port 2(bridge_slave_1) entered disabled state
[   41.188889] device bridge_slave_1 entered promiscuous mode
[   41.196365] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.202856] bridge0: port 2(bridge_slave_1) entered disabled state
[   41.221143] device bridge_slave_1 entered promiscuous mode
[   41.230744] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.237216] bridge0: port 2(bridge_slave_1) entered disabled state
[   41.259211] device bridge_slave_1 entered promiscuous mode
[   41.271207] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   41.278367] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.284867] bridge0: port 2(bridge_slave_1) entered disabled state
[   41.303586] device bridge_slave_1 entered promiscuous mode
[   41.313358] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.319832] bridge0: port 2(bridge_slave_1) entered disabled state
[   41.344764] device bridge_slave_1 entered promiscuous mode
[   41.353963] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   41.362560] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.369005] bridge0: port 2(bridge_slave_1) entered disabled state
[   41.378005] device bridge_slave_1 entered promiscuous mode
[   41.386016] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.392510] bridge0: port 2(bridge_slave_1) entered disabled state
[   41.426197] device bridge_slave_1 entered promiscuous mode
[   41.433810] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   41.442801] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   41.460715] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   41.528364] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   41.555749] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   41.576984] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   41.596949] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   41.639508] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   41.680437] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   41.695791] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   41.733763] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   41.782701] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   41.790814] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   41.890785] ip (3991) used greatest stack depth: 53976 bytes left
[   41.908509] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   42.447161] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   42.538952] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   42.620936] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   42.655986] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   42.666979] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   42.758066] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   42.765939] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   42.800090] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   42.817636] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   42.830229] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   42.877558] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   42.888523] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   42.982785] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   43.034987] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   43.044837] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   43.094897] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   43.665783] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   43.729531] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   43.768330] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   43.840416] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   43.862755] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   43.950397] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   43.980527] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   44.010771] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   44.019703] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   44.046710] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   44.095461] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   44.106559] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   44.114985] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   44.123375] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.164402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   44.207997] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   44.218343] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   44.226938] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.242780] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   44.273288] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   44.281985] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   44.289766] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.310531] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   44.332552] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   44.339769] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.348546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   44.374715] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   44.385437] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   44.392626] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   44.404920] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   44.440806] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   44.448857] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   44.457901] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   44.501754] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   44.525653] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   44.536687] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   44.547992] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   44.555850] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   44.565186] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.595900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   44.625349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   44.649312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   44.669637] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.685509] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   44.698491] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.706530] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   44.722465] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   44.737108] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   44.744292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.755315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   44.775173] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   44.790723] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   44.816832] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   44.824521] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   44.831666] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   44.846708] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   44.886094] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   44.915470] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   44.935992] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   44.946176] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   44.959741] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   44.978246] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   45.013267] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   45.042296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   46.801446] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.807947] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.814839] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.821304] bridge0: port 1(bridge_slave_0) entered forwarding state
[   46.846713] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   46.853266] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   46.911701] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.918190] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.925795] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.932256] bridge0: port 1(bridge_slave_0) entered forwarding state
[   46.957570] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   46.983565] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.990125] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.997007] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.003553] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.093993] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.128213] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.134743] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.141627] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.148123] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.217539] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.240169] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.246677] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.253557] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.260052] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.318487] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.332269] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.338759] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.345640] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.352142] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.380580] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.391098] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.397582] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.404436] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.410910] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.419379] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.440155] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.446650] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.453528] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.459984] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.493599] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.904542] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   47.927645] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   47.954839] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   47.982346] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   47.999731] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   48.029234] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   48.036915] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   56.317323] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.354933] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.450312] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.627898] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.647392] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.711824] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.870124] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   57.011584] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   57.090539] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.096838] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.107896] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.150699] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.163549] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.176634] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.216122] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.222736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.234591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.414462] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.420799] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.431633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.479882] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.486202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.496748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.613437] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.620094] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.631670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.728358] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.734647] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.745650] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.899122] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.905593] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.916654] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
2018/04/20 05:37:22 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f000072d000)='smaps\x00')
readv(r0, &(0x7f00009a5f80)=[{&(0x7f0000214000)=""/4096, 0x1000}], 0x100000000000021a)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc))
r2 = syz_open_pts(r1, 0x0)
read(r2, &(0x7f000066b000)=""/1, 0x1)
readv(r0, &(0x7f0000f5c000)=[{&(0x7f0000002840)=""/4096, 0x1000}], 0x1)
ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000000)={0x3, <r3=>0x0, 0x10001, 0x2})
ioctl$DRM_IOCTL_SG_FREE(r0, 0x40106439, &(0x7f0000000040)={0xffffffffffffffff, r3})

2018/04/20 05:37:22 executing program 3:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes-fixed-time)\x00'}, 0x58)
r1 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}, 0x10)
r2 = fcntl$getown(r1, 0x9)
getpgrp(r2)
gettid()
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000100)={r0, r1})
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00003bcfd0), 0x0)

2018/04/20 05:37:24 executing program 0:

2018/04/20 05:37:24 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'lo\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000300)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="400000001400110100000000000000000a000000", @ANYRES32=r1, @ANYBLOB="00e400000000001400010000052b140000000000000000000000464453b28ee2fd"], 0x30c}, 0x1}, 0x0)

2018/04/20 05:37:24 executing program 2:

2018/04/20 05:37:24 executing program 6:
r0 = socket(0x40000000015, 0x5, 0x0)
setsockopt$sock_int(r0, 0x1, 0x23, &(0x7f0000000040)=0x100000001, 0x4)
bind$inet(r0, &(0x7f0000fc4ff0)={0x2, 0x0, @loopback=0x7f000001}, 0x10)
ioctl$sock_SIOCBRADDBR(r0, 0x89a0, &(0x7f0000000240)='bpq0\x00')
setsockopt(r0, 0x1f00000000000, 0x4, &(0x7f0000000280)="02000000", 0xfffffffffffffe87)
setsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, &(0x7f0000000200)=0x1c0000000000000, 0x4)
connect$inet(r0, &(0x7f0000adf000)={0x2, 0x0, @loopback=0x7f000001}, 0x10)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000080)={<r1=>0x0, @in={{0x2, 0x4e24, @rand_addr=0xfffffffeffffffff}}, 0x5, 0x8, 0x7f, 0x5, 0x15}, &(0x7f0000000000)=0x98)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000140)=ANY=[@ANYRES32=r1, @ANYBLOB="66000000b2d7fd75e478d3e0aade4b9da110853e513a3c8fa2412ce2a4c8b45174526cf6fd43687a08c4fbc8800b70d899d670e0729832cacc1204c335718a5378f5ca5536d0427f4efff4faa596ce0d6a1fc6c403701cf26e1cababee5a67771efa9144eb8b2171d6fb"], &(0x7f00000001c0)=0x6e)
sendmsg$alg(r0, &(0x7f0000159fc8)={0x0, 0x0, &(0x7f0000fc8000), 0x0, &(0x7f0000000e8e)}, 0x0)

2018/04/20 05:37:24 executing program 5:
unshare(0x400)
r0 = openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x101081, 0x90)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffff9c, 0x84, 0x1a, &(0x7f00000000c0)={<r1=>0x0, 0x80, "5c5e106e95af86e9991d29e2d43966126e946c08b33f748b36609561012f21d9c16ef953408bcf27825154f53282a58b4fd4200cb348bd3264c31f70e9fdb6f9ad176cb80a734f799bbd50bfa7c0580678aa35c83a0c3c8e031ec25658ca3383813d63160837284950da57cd701323a83baf31985ea568ad79f9e12b0d1e2d3b"}, &(0x7f0000000180)=0x88)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f00000001c0)={r1, 0x6d, "3618554860d1eb48fa79576a24104abca3f7394f2b46c273ba13319d88247f90b10ba83d9815fa2fd0a445a5d38ef115d13e1f76734a423c66a871673949ec207d628f50b51319767253b280d16bcb7efd7d4302ed54fd65e1bbfcc1480c47b4a01b36387efef59434644030a9"}, &(0x7f0000000240)=0x75)
r2 = socket$inet6(0xa, 0x3, 0x1)
r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/snat_reroute\x00', 0x2, 0x0)
ioctl$TCGETS(r3, 0x5401, &(0x7f0000000040))
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r2, 0x29, 0x41, &(0x7f0000000380)={'security\x00', 0x1000000000000064}, 0x48)

2018/04/20 05:37:24 executing program 7:
r0 = socket$inet6(0xa, 0x8000000000000003, 0x5)
sendmmsg(r0, &(0x7f0000000040)=[{{&(0x7f0000000000)=ANY=[], 0x0, &(0x7f0000000680), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="28000000000000002900000002000000ffff000000000000964f4f8fe3d917090000800000000000"], 0x28}}], 0x1, 0x0)

2018/04/20 05:37:24 executing program 1:
r0 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000001000)={{0x100000001}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x0, 0xd})
ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0)

2018/04/20 05:37:24 executing program 4:

[   64.157768] netlink: 40 bytes leftover after parsing attributes in process `syz-executor3'.
2018/04/20 05:37:24 executing program 2:

2018/04/20 05:37:24 executing program 4:
perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = timerfd_create(0x0, 0x0)
unshare(0x20000400)
timerfd_settime(r0, 0x0, &(0x7f0000000100)={{0x77359400}}, &(0x7f0000000140))

2018/04/20 05:37:24 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000700)="6664001a000000")
getdents64(r0, &(0x7f0000000040)=""/189, 0xabf70f75d9c5818)

[   64.208663] netlink: 40 bytes leftover after parsing attributes in process `syz-executor3'.
2018/04/20 05:37:24 executing program 7:
r0 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0)

2018/04/20 05:37:24 executing program 7:

2018/04/20 05:37:24 executing program 6:
syz_mount_image$f2fs(&(0x7f0000000180)='f2fs\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000080)="1020f5f20100070009000000030000000c0000000900000002000000010000000000000000480000000000000d00000022000400020000000200000002000000020000001a000000000400000004000000080000000c00000010000000140000030000000100000002", 0x69, 0x1400}], 0x0, &(0x7f0000000240)={[{@background_gc_off='background_gc=off', 0x2c}, {@nobarrier='nobarrier', 0x2c}]})

2018/04/20 05:37:24 executing program 2:

2018/04/20 05:37:24 executing program 3:

2018/04/20 05:37:24 executing program 4:
r0 = syz_open_procfs(0x0, &(0x7f0000000700)="6664001a000000")
getdents64(r0, &(0x7f0000000040)=""/189, 0xabf70f75d9c5818)

2018/04/20 05:37:24 executing program 1:

2018/04/20 05:37:24 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000700)="6664001a000000")
getdents64(r0, &(0x7f0000000040)=""/189, 0xabf70f75d9c5818)

2018/04/20 05:37:24 executing program 5:

2018/04/20 05:37:24 executing program 5:

2018/04/20 05:37:24 executing program 3:

2018/04/20 05:37:24 executing program 1:

2018/04/20 05:37:24 executing program 2:
r0 = socket$inet6(0xa, 0x3, 0x3a)
connect$inet6(r0, &(0x7f0000002fe4)={0xa}, 0x1c)
sendmsg(r0, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000000ff0)=[{&(0x7f0000013ffe)="0600", 0x2}], 0x1, &(0x7f0000026000)}, 0x2000c080)
write(r0, &(0x7f0000000000)="d09fb0c39f17", 0x6)

2018/04/20 05:37:24 executing program 7:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x5, 0x7, 0x4, 0x7}, 0x2c)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r0, &(0x7f0000000040)}, 0x10)

2018/04/20 05:37:24 executing program 4:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0x0, 0x0})
socket$kcm(0x29, 0x2, 0x0)
r0 = socket$kcm(0x2b, 0x1, 0x0)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4, 0x32}, 0x2c)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r1, 0x50, &(0x7f00000000c0)}, 0x10)
socketpair$inet(0x16, 0x0, 0x0, &(0x7f0000000180))
recvmsg$kcm(r0, &(0x7f0000003cc0)={&(0x7f0000003bc0)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, 0x80, &(0x7f0000003c40), 0x0, &(0x7f0000003c80)=""/22, 0x16}, 0x0)

[   64.796990] ==================================================================
[   64.804519] BUG: KMSAN: uninit-value in rawv6_sendmsg+0x4bee/0x4cc0
[   64.810936] CPU: 0 PID: 5832 Comm: syz-executor2 Not tainted 4.16.0+ #84
[   64.817773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.827131] Call Trace:
[   64.829816]  dump_stack+0x185/0x1d0
[   64.833449]  ? rawv6_sendmsg+0x4bee/0x4cc0
[   64.837692]  kmsan_report+0x142/0x240
[   64.841503]  __msan_warning_32+0x6c/0xb0
2018/04/20 05:37:24 executing program 7:
syz_mount_image$f2fs(&(0x7f0000000180)='f2fs\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000080)="1020f5f20100070009000000030000000c0000000900000002000000010000000000000000480000000000000d00000022000400020000000200000002000000020000001a000000000400000004000000080000000c00000010000000140000030000000100000002", 0x69, 0x1400}], 0x0, &(0x7f0000000040)={[{@nobarrier='nobarrier', 0x2c}]})

[   64.845569]  rawv6_sendmsg+0x4bee/0x4cc0
[   64.849632]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   64.855091]  ? futex_wait_queue_me+0x687/0x710
[   64.859695]  ? compat_rawv6_ioctl+0x30/0x30
[   64.864022]  inet_sendmsg+0x48d/0x740
[   64.867829]  ? security_socket_sendmsg+0x9e/0x210
[   64.872683]  ? inet_getname+0x500/0x500
[   64.876665]  sock_write_iter+0x3b9/0x470
[   64.880743]  ? sock_read_iter+0x480/0x480
[   64.884900]  __vfs_write+0x719/0x910
[   64.888628]  vfs_write+0x463/0x8d0
[   64.892177]  SYSC_write+0x172/0x360
2018/04/20 05:37:24 executing program 0:
syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f0000000040)='/\x00', 0x0, 0x0, &(0x7f0000000240), 0x20, &(0x7f0000000080)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, [0x30]}, 0x2c}]})

[   64.895808]  SyS_write+0x55/0x80
[   64.899193]  do_syscall_64+0x309/0x430
[   64.903089]  ? SYSC_read+0x360/0x360
[   64.906812]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   64.911999] RIP: 0033:0x455379
[   64.915185] RSP: 002b:00007fd7be03bc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   64.922896] RAX: ffffffffffffffda RBX: 00007fd7be03c6d4 RCX: 0000000000455379
[   64.930162] RDX: 0000000000000006 RSI: 0000000020000000 RDI: 0000000000000013
[   64.937434] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
2018/04/20 05:37:24 executing program 5:
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}})
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2)

[   64.944704] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[   64.951977] R13: 00000000000006c1 R14: 00000000006fd2b8 R15: 0000000000000000
[   64.959253] 
[   64.960875] Uninit was stored to memory at:
[   64.965207]  kmsan_internal_chain_origin+0x12b/0x210
[   64.970313]  kmsan_memcpy_origins+0x11d/0x170
[   64.974809]  __msan_memcpy+0x19f/0x1f0
[   64.978752]  skb_copy_bits+0x63a/0xdb0
[   64.982641]  rawv6_sendmsg+0x427e/0x4cc0
[   64.986706]  inet_sendmsg+0x48d/0x740
[   64.990519]  sock_write_iter+0x3b9/0x470
[   64.994588]  __vfs_write+0x719/0x910
[   64.998422]  vfs_write+0x463/0x8d0
[   65.001968]  SYSC_write+0x172/0x360
[   65.005604]  SyS_write+0x55/0x80
[   65.008971]  do_syscall_64+0x309/0x430
[   65.012862]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   65.018043] Uninit was created at:
[   65.021591]  kmsan_alloc_meta_for_pages+0x161/0x3a0
[   65.026611]  kmsan_alloc_page+0x82/0xe0
[   65.030602]  __alloc_pages_nodemask+0xf5b/0x5dc0
[   65.035359]  alloc_pages_current+0x6b5/0x970
[   65.039773]  skb_page_frag_refill+0x3ba/0x5e0
[   65.044280]  sk_page_frag_refill+0xa4/0x340
[   65.048621]  __ip6_append_data+0x1a20/0x4bb0
[   65.053042]  ip6_append_data+0x40e/0x6b0
[   65.057107]  rawv6_sendmsg+0x2787/0x4cc0
[   65.061170]  inet_sendmsg+0x48d/0x740
[   65.064980]  sock_write_iter+0x3b9/0x470
[   65.069046]  __vfs_write+0x719/0x910
[   65.072766]  vfs_write+0x463/0x8d0
[   65.076301]  SYSC_write+0x172/0x360
[   65.079916]  SyS_write+0x55/0x80
[   65.083296]  do_syscall_64+0x309/0x430
[   65.087174]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   65.092792] ==================================================================
[   65.100135] Disabling lock debugging due to kernel taint
[   65.105572] Kernel panic - not syncing: panic_on_warn set ...
[   65.105572] 
[   65.112921] CPU: 0 PID: 5832 Comm: syz-executor2 Tainted: G    B            4.16.0+ #84
[   65.121045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   65.130380] Call Trace:
[   65.132962]  dump_stack+0x185/0x1d0
[   65.136587]  panic+0x39d/0x940
[   65.139788]  ? rawv6_sendmsg+0x4bee/0x4cc0
[   65.144007]  kmsan_report+0x238/0x240
[   65.147797]  __msan_warning_32+0x6c/0xb0
[   65.151843]  rawv6_sendmsg+0x4bee/0x4cc0
[   65.155889]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   65.161322]  ? futex_wait_queue_me+0x687/0x710
[   65.165902]  ? compat_rawv6_ioctl+0x30/0x30
[   65.170206]  inet_sendmsg+0x48d/0x740
[   65.173990]  ? security_socket_sendmsg+0x9e/0x210
[   65.178820]  ? inet_getname+0x500/0x500
[   65.182778]  sock_write_iter+0x3b9/0x470
[   65.186827]  ? sock_read_iter+0x480/0x480
[   65.190959]  __vfs_write+0x719/0x910
[   65.194664]  vfs_write+0x463/0x8d0
[   65.198194]  SYSC_write+0x172/0x360
[   65.201810]  SyS_write+0x55/0x80
[   65.205160]  do_syscall_64+0x309/0x430
[   65.209038]  ? SYSC_read+0x360/0x360
[   65.212747]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   65.217917] RIP: 0033:0x455379
[   65.221092] RSP: 002b:00007fd7be03bc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   65.228786] RAX: ffffffffffffffda RBX: 00007fd7be03c6d4 RCX: 0000000000455379
[   65.236050] RDX: 0000000000000006 RSI: 0000000020000000 RDI: 0000000000000013
[   65.243303] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[   65.250554] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[   65.257805] R13: 00000000000006c1 R14: 00000000006fd2b8 R15: 0000000000000000
[   65.265550] Dumping ftrace buffer:
[   65.269077]    (ftrace buffer empty)
[   65.272764] Kernel Offset: disabled
[   65.276366] Rebooting in 86400 seconds..