INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.7' (ECDSA) to the list of known hosts.
2018/04/07 02:36:42 fuzzer started
2018/04/07 02:36:42 dialing manager at 10.128.0.26:38639
2018/04/07 02:36:48 kcov=true, comps=false
2018/04/07 02:36:51 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa}, 0x1c)
sendmmsg(r0, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000000380), 0x0, &(0x7f00000003c0)}}, {{&(0x7f00000004c0)=@in6={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x80, &(0x7f0000000680), 0x0, &(0x7f00000000c0)=[{0x10, 0x0, 0x0, "3ba0"}], 0x10}}], 0x2, 0x0)

2018/04/07 02:36:51 executing program 2:
perf_event_open(&(0x7f0000d2af88)={0x2, 0x70, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={&(0x7f0000f8d000)={0x10}, 0xc, &(0x7f00008a7000)={&(0x7f0000000040)={0x14, 0x3, 0x6, 0x2000000000101}, 0x14}, 0x1}, 0x0)

2018/04/07 02:36:51 executing program 7:
r0 = syz_open_dev$sndseq(&(0x7f00000000c0)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r0, 0x40bc5311, &(0x7f0000000140)={0x80})

2018/04/07 02:36:51 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000005b80)="8000000000040000ae000000d90300006c000000010000000000000000000000002000000020000080740000000000002b5ebe5a0000ffff53ef", 0x3a, 0x400}], 0x0, &(0x7f0000000080))

2018/04/07 02:36:51 executing program 4:
r0 = memfd_create(&(0x7f0000000000)="17", 0x0)
write$binfmt_elf32(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006"], 0x13)
execveat(r0, &(0x7f0000ff7000)='./file0\x00', &(0x7f0000000580), &(0x7f000034bff8)=[&(0x7f0000ff7000)="00000000000000060804002000fffc0c6565643b799365005f1b76"], 0x1000)

2018/04/07 02:36:51 executing program 5:
r0 = memfd_create(&(0x7f0000000000)="17", 0x0)
write$binfmt_elf32(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c4600000000fdffffffffffffff0300060000000000000000003800000000000000020000000180200004"], 0x2d)
execveat(r0, &(0x7f0000ff7000)='./file0\x00', &(0x7f0000000580), &(0x7f000034bff8)=[&(0x7f0000ff7000)="00000000000000060804002000fffc0c6565643b799365005f1b76"], 0x1000)

2018/04/07 02:36:51 executing program 6:
perf_event_open(&(0x7f0000223000)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000280)={0x10}, 0xc, &(0x7f0000000380)={&(0x7f0000000800)={0x14, 0x27, 0x1ff307543bf68163, 0x0, 0x0, {0x3}}, 0x14}, 0x1}, 0x0)

2018/04/07 02:36:51 executing program 1:
r0 = memfd_create(&(0x7f0000000000)="17", 0x0)
write$binfmt_elf32(r0, &(0x7f00000001c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x6, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x20}, [{}]}, 0x58)
execveat(r0, &(0x7f0000ff7000)='./file0\x00', &(0x7f0000000580), &(0x7f000034bff8)=[&(0x7f0000ff7000)="00000000000000060804002000fffc0c6565643b799365005f1b76"], 0x1000)

syzkaller login: [   45.179635] ip (3902) used greatest stack depth: 54200 bytes left
[   46.015850] ip (3977) used greatest stack depth: 54160 bytes left
[   47.194404] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.262494] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.365530] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.388616] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.397536] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.502215] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.577698] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.587768] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   56.062870] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.118761] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.143575] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.201095] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.274997] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.287571] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.348298] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.376787] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.834884] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   56.841142] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   56.851790] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   56.885056] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   56.894148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   56.910950] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   56.933776] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   56.939993] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   56.953560] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   56.991748] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.003391] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.009658] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.037634] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.061147] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.087133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.121866] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.128117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.142584] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.178680] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.185742] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.218336] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.246307] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.258461] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.290601] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
2018/04/07 02:37:08 executing program 0:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
sendto$inet(r0, &(0x7f0000000000)='H', 0x1, 0x0, &(0x7f0000000040)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}}, 0x10)
sendto$inet(r0, &(0x7f000026cfff)="ff", 0x1, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}}, 0x10)
shutdown(r0, 0x1)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='lo\x00', 0x10)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa}}, 0x0, 0x0, 0x0, 0x0, 0x93cca066bcd113d5}, 0x98)

2018/04/07 02:37:08 executing program 3:
r0 = socket$inet(0x2, 0x1000000000001, 0x0)
ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f00000001c0)={{0x2, 0x0, @dev={0xac, 0x14, 0x14}}, {0x0, @random="1ec05a3b7661"}, 0xff7ffffffffffffd, {0x2}, 'lo\x00'})

2018/04/07 02:37:08 executing program 5:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000480)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-blowfish-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000dc1000)="71e67a15", 0x4)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000267fe4)={0x0, 0x0, &(0x7f0000938ff8), 0x0, &(0x7f00005c7ff0)=[@op={0x10, 0x117, 0x3, 0x1}], 0x10}, 0x0)
recvmmsg(r1, &(0x7f0000007200)=[{{&(0x7f0000000100)=@l2, 0x80, &(0x7f0000000440)=[{&(0x7f0000000380)=""/135, 0x87}], 0x1, &(0x7f0000000200)=""/144, 0x90}}], 0x1, 0x0, 0x0)

2018/04/07 02:37:08 executing program 4:
r0 = memfd_create(&(0x7f0000000000)="17", 0x0)
write$binfmt_elf32(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006"], 0x13)
execveat(r0, &(0x7f0000ff7000)='./file0\x00', &(0x7f0000000580), &(0x7f000034bff8)=[&(0x7f0000ff7000)="00000000000000060804002000fffc0c6565643b799365005f1b76"], 0x1000)

2018/04/07 02:37:08 executing program 7:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000002c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast6-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000dc1000)="71e67a15cdf0311cfc093a52a7d86bd1", 0x10)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000267fe4)={0x0, 0x0, &(0x7f0000938ff8), 0x0, &(0x7f00005c7ff0)=[@op={0x10, 0x117, 0x3, 0x1}], 0x10}, 0x0)
sendto(r1, &(0x7f0000000000)="8d85c86e46e8ef4fea219de5c76d9408bbfeca0d9741e1a0c43669d9bd527f6cd4cf5b0e1b1022a2a7e5610d52e46040dba8da2803e30c7a5f0a70cb64d287dc619a69913f3e0dde5329316e64c0fe0d", 0x50, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000007200)=[{{&(0x7f0000000100)=@l2, 0x80, &(0x7f0000000440)=[{&(0x7f00000001c0)=""/33, 0x21}, {&(0x7f0000000380)=""/135, 0x87}], 0x2, &(0x7f0000000200)=""/144, 0x90}}], 0x1, 0x0, 0x0)

2018/04/07 02:37:08 executing program 2:
r0 = syz_open_dev$tun(&(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'bridge0\x00', 0xfffffffffffffffe})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0xf)

2018/04/07 02:37:08 executing program 6:
r0 = inotify_init()
mkdir(&(0x7f0000042ff6)='./control\x00', 0x0)
inotify_add_watch(r0, &(0x7f000003a000)='./control\x00', 0x1000802)
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
inotify_add_watch(r0, &(0x7f00000000c0)='./control\x00', 0x40)

2018/04/07 02:37:08 executing program 1:
r0 = open(&(0x7f0000103ff8)='./file0\x00', 0x141042, 0x0)
sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)=@in6={0xa, 0x4e20, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c, &(0x7f0000000200)}, 0x1)
memfd_create(&(0x7f0000000140)="6d696d655f74797065da70726f63776c616e31403a766d6e657430656d30726d643573756d73797374656d7070703000", 0x0)
ftruncate(r0, 0x8000)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000a61000)='/dev/ptmx\x00', 0x801, 0x0)
sendfile(r1, r0, &(0x7f0000335ff8), 0xffffffff)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000040))

2018/04/07 02:37:08 executing program 3:
mkdir(&(0x7f0000109282)='./file0\x00', 0x0)
mount(&(0x7f0000018000)='./file0\x00', &(0x7f0000216000)='./file0\x00', &(0x7f0000018ffa)='ramfs\x00', 0x50, &(0x7f0000ffb000))
r0 = creat(&(0x7f00000ec000)='./file0/bus\x00', 0xbc9cc8fbd81cb4b1)
fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1})
ftruncate(r0, 0x7)
truncate(&(0x7f0000000040)='./file0/bus\x00', 0x0)

2018/04/07 02:37:08 executing program 2:
r0 = memfd_create(&(0x7f0000002901)='dev ', 0x0)
write(r0, &(0x7f0000000080)="16", 0x1)
sendfile(r0, r0, &(0x7f0000000140), 0x10000)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0)
mincore(&(0x7f0000002000/0x1000)=nil, 0x1000, &(0x7f0000000180)=""/232)

2018/04/07 02:37:08 executing program 6:
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x5, &(0x7f0000346fc8)=ANY=[@ANYBLOB="18000000005760000000000000183f00711010000000000015000000000000009500000000000000"], &(0x7f0000000000)="bcd0d62fec957b0cb79be7fbdba39382b58a29007b39cfaa5341ca8a607bcb63bc69b5ac44eba7e81ebe06531c7d4c0616ec374aa0aead02c6bfd2d86dde8e8449dcdf7533f50e1cdc105864eb4b28c750ab49eebce33cef727b5bf7c843dc612e624f4240672266d4ab0e6ef6efc4aa6f61c5fc3c9f12e96c237a3934f5d7714c10d2ce8d831ef5de43dff72f67e11b7534bedab663f00876149cc6b5e2e6b361a556393d623558bc656564848deef5be41c4ae4a086ec2389ce22c3b65e0f42035226d6ea72a5e1263911e328b938ee1a7451f5da93fcd8307001d429b4e48569c52557205e9bb341db31d7053d0e62d1378059847c6e04585a4a84a172a6a658ad8af442e", 0x80, 0xfb, &(0x7f0000000140)=""/251, 0x40f00}, 0x48)

2018/04/07 02:37:08 executing program 5:
r0 = socket$inet6(0xa, 0x5, 0x0)
r1 = memfd_create(&(0x7f000003affa)='posix_acl_access{Y\x00', 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x40, &(0x7f0000000f9b), 0x0)

2018/04/07 02:37:08 executing program 4:
r0 = memfd_create(&(0x7f0000000000)="17", 0x0)
write$binfmt_elf32(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006"], 0x13)
execveat(r0, &(0x7f0000ff7000)='./file0\x00', &(0x7f0000000580), &(0x7f000034bff8)=[&(0x7f0000ff7000)="00000000000000060804002000fffc0c6565643b799365005f1b76"], 0x1000)

2018/04/07 02:37:08 executing program 1:
r0 = open(&(0x7f0000103ff8)='./file0\x00', 0x141042, 0x0)
sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)=@in6={0xa, 0x4e20, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c, &(0x7f0000000200)}, 0x1)
memfd_create(&(0x7f0000000140)="6d696d655f74797065da70726f63776c616e31403a766d6e657430656d30726d643573756d73797374656d7070703000", 0x0)
ftruncate(r0, 0x8000)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000a61000)='/dev/ptmx\x00', 0x801, 0x0)
sendfile(r1, r0, &(0x7f0000335ff8), 0xffffffff)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000040))

2018/04/07 02:37:08 executing program 7:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000002c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast6-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000dc1000)="71e67a15cdf0311cfc093a52a7d86bd1", 0x10)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000267fe4)={0x0, 0x0, &(0x7f0000938ff8), 0x0, &(0x7f00005c7ff0)=[@op={0x10, 0x117, 0x3, 0x1}], 0x10}, 0x0)
sendto(r1, &(0x7f0000000000)="8d85c86e46e8ef4fea219de5c76d9408bbfeca0d9741e1a0c43669d9bd527f6cd4cf5b0e1b1022a2a7e5610d52e46040dba8da2803e30c7a5f0a70cb64d287dc619a69913f3e0dde5329316e64c0fe0d", 0x50, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000007200)=[{{&(0x7f0000000100)=@l2, 0x80, &(0x7f0000000440)=[{&(0x7f00000001c0)=""/33, 0x21}, {&(0x7f0000000380)=""/135, 0x87}], 0x2, &(0x7f0000000200)=""/144, 0x90}}], 0x1, 0x0, 0x0)

2018/04/07 02:37:09 executing program 3:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000000), &(0x7f0000000040)=0x8)

2018/04/07 02:37:09 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='stack\x00')
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='attr/current\x00')
sendfile(r1, r0, &(0x7f0000000080), 0x400000000002b)

2018/04/07 02:37:09 executing program 6:
r0 = open(&(0x7f0000103ff8)='./file0\x00', 0x141042, 0x0)
sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)=@in6={0xa, 0x4e20, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c, &(0x7f0000000200)}, 0x1)
memfd_create(&(0x7f0000000140)="6d696d655f74797065da70726f63776c616e31403a766d6e657430656d30726d643573756d73797374656d7070703000", 0x0)
ftruncate(r0, 0x8000)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000a61000)='/dev/ptmx\x00', 0x801, 0x0)
sendfile(r1, r0, &(0x7f0000335ff8), 0xffffffff)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000040))

2018/04/07 02:37:09 executing program 7:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000002c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast6-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000dc1000)="71e67a15cdf0311cfc093a52a7d86bd1", 0x10)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000267fe4)={0x0, 0x0, &(0x7f0000938ff8), 0x0, &(0x7f00005c7ff0)=[@op={0x10, 0x117, 0x3, 0x1}], 0x10}, 0x0)
sendto(r1, &(0x7f0000000000)="8d85c86e46e8ef4fea219de5c76d9408bbfeca0d9741e1a0c43669d9bd527f6cd4cf5b0e1b1022a2a7e5610d52e46040dba8da2803e30c7a5f0a70cb64d287dc619a69913f3e0dde5329316e64c0fe0d", 0x50, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000007200)=[{{&(0x7f0000000100)=@l2, 0x80, &(0x7f0000000440)=[{&(0x7f00000001c0)=""/33, 0x21}, {&(0x7f0000000380)=""/135, 0x87}], 0x2, &(0x7f0000000200)=""/144, 0x90}}], 0x1, 0x0, 0x0)

2018/04/07 02:37:09 executing program 5:
perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
request_key(&(0x7f0000000000)='encrypted\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a, 0x3}, &(0x7f0000000080)='\x00', 0xfffffffffffffffe)
add_key(&(0x7f00000000c0)='encrypted\x00', &(0x7f0000000100)={0x73, 0x79, 0x7a, 0x3}, &(0x7f0000000200), 0x0, 0xfffffffffffffffe)

2018/04/07 02:37:09 executing program 2:
r0 = memfd_create(&(0x7f0000002901)='dev ', 0x0)
write(r0, &(0x7f0000000080)="16", 0x1)
sendfile(r0, r0, &(0x7f0000000140), 0x10000)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0)
mincore(&(0x7f0000002000/0x1000)=nil, 0x1000, &(0x7f0000000180)=""/232)

2018/04/07 02:37:09 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='dctcp\x00', 0x6)
sendto$inet(r0, &(0x7f0000fa0fff), 0xffffffffffffffbb, 0x20020003, &(0x7f0000385ff0)={0x2, 0x4e21, @loopback=0x7f000001}, 0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00')
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='scalable\x00', 0x9)
shutdown(r0, 0x1)

2018/04/07 02:37:09 executing program 4:
r0 = memfd_create(&(0x7f0000000000)="17", 0x0)
write$binfmt_elf32(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006"], 0x13)
execveat(r0, &(0x7f0000ff7000)='./file0\x00', &(0x7f0000000580), &(0x7f000034bff8)=[&(0x7f0000ff7000)="00000000000000060804002000fffc0c6565643b799365005f1b76"], 0x1000)

[   59.883550] ==================================================================
[   59.890953] BUG: KMSAN: uninit-value in kernel_text_address+0x248/0x3a0
[   59.897698] CPU: 1 PID: 5160 Comm: syz-executor1 Not tainted 4.16.0+ #81
[   59.904528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   59.913876] Call Trace:
[   59.916460]  dump_stack+0x185/0x1d0
[   59.920093]  ? kernel_text_address+0x248/0x3a0
[   59.924672]  kmsan_report+0x142/0x240
[   59.928471]  __msan_warning_32+0x6c/0xb0
[   59.932532]  kernel_text_address+0x248/0x3a0
[   59.936938]  ? __schedule+0x674/0x730
[   59.940732]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[   59.946091]  ? __schedule+0x674/0x730
[   59.949887]  __kernel_text_address+0x34/0xe0
[   59.954287]  ? __schedule+0x674/0x730
[   59.958087]  unwind_get_return_address+0x8c/0x130
[   59.962932]  __save_stack_trace+0x45c/0xa80
[   59.967255]  ? __schedule+0x674/0x730
[   59.971052]  ? __msan_poison_alloca+0x15c/0x1d0
[   59.975725]  ? save_stack_trace_tsk+0x58/0x2f0
[   59.980307]  save_stack_trace_tsk+0x258/0x2f0
[   59.984810]  proc_pid_stack+0x26a/0x470
[   59.988790]  proc_single_show+0x1af/0x300
[   59.992937]  ? proc_pid_wchan+0x250/0x250
[   59.997079]  ? proc_single_open+0x90/0x90
[   60.001223]  seq_read+0xc7d/0x2260
[   60.004783]  do_iter_read+0x880/0xd70
[   60.008592]  ? seq_open+0x360/0x360
[   60.012217]  vfs_readv+0x1ec/0x260
[   60.015767]  default_file_splice_read+0xa9a/0x1120
[   60.020719]  ? SYSC_tee+0x13d0/0x13d0
[   60.024515]  splice_direct_to_actor+0x4c6/0x1040
[   60.029268]  ? do_splice_direct+0x540/0x540
[   60.033588]  ? security_file_permission+0x28f/0x4b0
[   60.038601]  ? rw_verify_area+0x35e/0x580
[   60.042752]  do_splice_direct+0x335/0x540
[   60.046904]  do_sendfile+0x1067/0x1e40
[   60.050804]  SYSC_sendfile64+0x1b3/0x300
[   60.054869]  SyS_sendfile64+0x64/0x90
[   60.058661]  do_syscall_64+0x309/0x430
[   60.062546]  ? SYSC_sendfile+0x320/0x320
[   60.066602]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   60.071784] RIP: 0033:0x455259
[   60.074963] RSP: 002b:00007f17dec79c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[   60.082664] RAX: ffffffffffffffda RBX: 00007f17dec7a6d4 RCX: 0000000000455259
[   60.089929] RDX: 0000000020000080 RSI: 0000000000000013 RDI: 0000000000000014
[   60.097190] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[   60.104453] R10: 000400000000002b R11: 0000000000000246 R12: 00000000ffffffff
[   60.111717] R13: 00000000000004c6 R14: 00000000006fa330 R15: 0000000000000000
[   60.118980] 
[   60.120599] Uninit was stored to memory at:
[   60.124919]  kmsan_internal_chain_origin+0x12b/0x210
[   60.130015]  __msan_chain_origin+0x69/0xc0
[   60.134247]  update_stack_state+0x959/0xa40
[   60.138565]  __unwind_start+0x335/0x630
[   60.142538]  __save_stack_trace+0x3e1/0xa80
[   60.146857]  save_stack_trace_tsk+0x258/0x2f0
[   60.151345]  proc_pid_stack+0x26a/0x470
[   60.155317]  proc_single_show+0x1af/0x300
[   60.159456]  seq_read+0xc7d/0x2260
[   60.162988]  do_iter_read+0x880/0xd70
[   60.166782]  vfs_readv+0x1ec/0x260
[   60.170314]  default_file_splice_read+0xa9a/0x1120
[   60.175240]  splice_direct_to_actor+0x4c6/0x1040
[   60.179989]  do_splice_direct+0x335/0x540
[   60.184127]  do_sendfile+0x1067/0x1e40
[   60.188006]  SYSC_sendfile64+0x1b3/0x300
[   60.192062]  SyS_sendfile64+0x64/0x90
[   60.195851]  do_syscall_64+0x309/0x430
[   60.199732]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   60.204907] Local variable description: ----oc.i.i@__alloc_pages_nodemask
[   60.211815] Variable was created at:
[   60.215526]  __alloc_pages_nodemask+0x10f/0x5dc0
[   60.220269]  alloc_pages_vma+0xcc8/0x1800
[   60.224400] ==================================================================
[   60.231741] Disabling lock debugging due to kernel taint
[   60.237181] Kernel panic - not syncing: panic_on_warn set ...
[   60.237181] 
[   60.244540] CPU: 1 PID: 5160 Comm: syz-executor1 Tainted: G    B            4.16.0+ #81
[   60.252671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   60.262011] Call Trace:
[   60.264596]  dump_stack+0x185/0x1d0
[   60.268223]  panic+0x39d/0x940
[   60.271436]  ? kernel_text_address+0x248/0x3a0
[   60.276011]  kmsan_report+0x238/0x240
[   60.279807]  __msan_warning_32+0x6c/0xb0
[   60.283866]  kernel_text_address+0x248/0x3a0
[   60.288267]  ? __schedule+0x674/0x730
[   60.292060]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[   60.297417]  ? __schedule+0x674/0x730
[   60.301214]  __kernel_text_address+0x34/0xe0
[   60.305614]  ? __schedule+0x674/0x730
[   60.309410]  unwind_get_return_address+0x8c/0x130
[   60.314248]  __save_stack_trace+0x45c/0xa80
[   60.318565]  ? __schedule+0x674/0x730
[   60.322363]  ? __msan_poison_alloca+0x15c/0x1d0
[   60.327034]  ? save_stack_trace_tsk+0x58/0x2f0
[   60.331613]  save_stack_trace_tsk+0x258/0x2f0
[   60.336107]  proc_pid_stack+0x26a/0x470
[   60.340080]  proc_single_show+0x1af/0x300
[   60.344224]  ? proc_pid_wchan+0x250/0x250
[   60.348368]  ? proc_single_open+0x90/0x90
[   60.352512]  seq_read+0xc7d/0x2260
[   60.356060]  do_iter_read+0x880/0xd70
[   60.359863]  ? seq_open+0x360/0x360
[   60.363486]  vfs_readv+0x1ec/0x260
[   60.367034]  default_file_splice_read+0xa9a/0x1120
[   60.371985]  ? SYSC_tee+0x13d0/0x13d0
[   60.375789]  splice_direct_to_actor+0x4c6/0x1040
[   60.380537]  ? do_splice_direct+0x540/0x540
[   60.384857]  ? security_file_permission+0x28f/0x4b0
[   60.389873]  ? rw_verify_area+0x35e/0x580
[   60.394019]  do_splice_direct+0x335/0x540
[   60.398166]  do_sendfile+0x1067/0x1e40
[   60.402061]  SYSC_sendfile64+0x1b3/0x300
[   60.406121]  SyS_sendfile64+0x64/0x90
[   60.409916]  do_syscall_64+0x309/0x430
[   60.413822]  ? SYSC_sendfile+0x320/0x320
[   60.417883]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   60.423063] RIP: 0033:0x455259
[   60.426241] RSP: 002b:00007f17dec79c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[   60.433942] RAX: ffffffffffffffda RBX: 00007f17dec7a6d4 RCX: 0000000000455259
[   60.441202] RDX: 0000000020000080 RSI: 0000000000000013 RDI: 0000000000000014
[   60.448462] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[   60.455723] R10: 000400000000002b R11: 0000000000000246 R12: 00000000ffffffff
[   60.462981] R13: 00000000000004c6 R14: 00000000006fa330 R15: 0000000000000000
[   60.470636] Dumping ftrace buffer:
[   60.474151]    (ftrace buffer empty)
[   60.477834] Kernel Offset: disabled
[   60.481432] Rebooting in 86400 seconds..