INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.54' (ECDSA) to the list of known hosts. 2018/04/20 20:26:04 fuzzer started 2018/04/20 20:26:04 dialing manager at 10.128.0.26:40315 2018/04/20 20:26:11 kcov=true, comps=false 2018/04/20 20:26:13 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00002ac000)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000000040)) ioctl$VHOST_NET_SET_BACKEND(r0, 0xaf01, &(0x7f0000d7c000)) 2018/04/20 20:26:13 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={&(0x7f0000000280)={0x10}, 0xc, &(0x7f0000000000)={&(0x7f00000002c0)={0x18, 0x27, 0x1ff307543bf68163, 0x0, 0x0, {0x14, 0x100000000000000}, [@nested={0x4, 0x7}]}, 0x18}, 0x1}, 0x0) 2018/04/20 20:26:13 executing program 7: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='oom_adj\x00') pwritev(r0, &(0x7f0000000340)=[{&(0x7f00000000c0)='D', 0x1}], 0x1, 0x0) 2018/04/20 20:26:13 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x803, 0x3) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@broute={'broute\x00', 0x20, 0x2, 0x2f8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000c0], 0x0, &(0x7f0000000900), &(0x7f00000000c0)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffc, 0x2, [{{{0x3, 0x0, 0x0, 'gre0\x00', 'bcsf0\x00', 'ip6tnl0\x00', 'bcsf0\x00', @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [], @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], 0x70, 0x108, 0x138}, [@common=@RATEEST={'RATEEST\x00', 0x20, {{'syz0\x00'}}}, @common=@LED={'LED\x00', 0x28, {{'syz0\x00'}}}]}, @common=@AUDIT={'AUDIT\x00', 0x8}}, {{{0x3, 0x0, 0x0, 'bcsh0\x00', 'ip6gre0\x00', 'gretap0\x00', 'ipddp0\x00', @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, [], @random="ee067bca9f8d", [], 0x70, 0xe8, 0x130}, [@common=@AUDIT={'AUDIT\x00', 0x8}, @common=@RATEEST={'RATEEST\x00', 0x20, {{'syz1\x00'}}}]}, @common=@ERROR={'ERROR\x00', 0x20, {"364c0eb3bb262ad19cd13b05ba6ef2182ea1e01a5d5910d480e2dc4b87cd"}}}]}, {0x0, '\x00', 0x2, 0xfffffffffffffffe}]}, 0x370) 2018/04/20 20:26:13 executing program 4: r0 = socket(0x11, 0xa, 0x0) getsockname$ipx(r0, &(0x7f0000000080), &(0x7f00000000c0)=0xfcfc) 2018/04/20 20:26:13 executing program 3: mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f000000d000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0x3f) open$dir(&(0x7f0000e12ff8)='./file0\x00', 0x0, 0x0) recvfrom$unix(r2, &(0x7f0000bf5000), 0x0, 0x0, &(0x7f00007ed000)=@file={0x0, './file0\x00'}, 0xa) r3 = getpgid(0x0) fcntl$setsig(r1, 0xa, 0x12) r4 = dup2(r1, r2) fcntl$setown(r4, 0x8, r3) tkill(r0, 0x16) creat(&(0x7f00001c0000)='./file0\x00', 0x0) 2018/04/20 20:26:13 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f000052f000)={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}, 0x7}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000c9af18)={{{@in=@rand_addr, @in6=@dev={0xfe, 0x80}, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@multicast2=0xe0000002, 0x0, 0x3c}, 0x0, @in6=@ipv4={[], [0xff, 0xff], @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}}, 0xe8) sendmsg(r0, &(0x7f00000024c0)={0x0, 0x0, &(0x7f0000002400)}, 0x0) 2018/04/20 20:26:13 executing program 6: r0 = syz_open_procfs(0x0, &(0x7f0000000380)="6d6f756e74696e666f004388f750c83d14c4a3a9ac1488a477660ae763892c38ac6568b3e891941f02f1265047502f6c2dd9f65572005da7147991090bef7131eabf3110d638f0d2e6a49a2bc4a08d63e2da7af47e6c379723f04b7b505b6a06beedb2a86e30a86bc0d37a6438b99a4503c1c147cc5172df09c10eea22b1fcfb05ab850fb1fa7d86e5d217d4a59a70ba6ccaa8343014d5cbdf9cec8b13073ffe66b7490e5dc8a2ff8d0bc42cf8a84fdee6") mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f000000a000)='./file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f00000001c0)="2750e35d428fe823843c88fa1acabc33c8776e7874d1") mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000000340)='bdev\x00', 0x100000, &(0x7f00000002c0)) mount(&(0x7f0000000080)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000000040)='ubifs\x00', 0x1004, 0x0) mount(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='.', &(0x7f0000000140)='vxfs\x00', 0x3080, &(0x7f0000000200)) mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5010, &(0x7f00000e7000)) mount(&(0x7f000000a000)='.', &(0x7f0000000180)='.', &(0x7f0000000200)='ramfs\x00', 0x0, &(0x7f0000d1cfff)) preadv(r0, &(0x7f00000023c0)=[{&(0x7f0000002400)=""/4096, 0x1000}], 0x1, 0x0) syzkaller login: [ 42.778221] ip (3808) used greatest stack depth: 54672 bytes left [ 42.796569] ip (3806) used greatest stack depth: 54440 bytes left [ 42.927558] ip (3820) used greatest stack depth: 54408 bytes left [ 43.703618] ip (3899) used greatest stack depth: 54200 bytes left [ 44.069823] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.076360] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.093717] device bridge_slave_0 entered promiscuous mode [ 44.134095] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.140583] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.169684] device bridge_slave_0 entered promiscuous mode [ 44.201953] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.208451] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.255113] device bridge_slave_0 entered promiscuous mode [ 44.280755] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.287270] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.321963] device bridge_slave_0 entered promiscuous mode [ 44.337805] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.344270] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.356851] device bridge_slave_0 entered promiscuous mode [ 44.366916] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.373363] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.383614] device bridge_slave_0 entered promiscuous mode [ 44.393346] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.399774] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.408293] device bridge_slave_0 entered promiscuous mode [ 44.425171] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.431678] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.461242] device bridge_slave_1 entered promiscuous mode [ 44.470764] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.477204] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.487952] device bridge_slave_0 entered promiscuous mode [ 44.498648] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.505102] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.515913] device bridge_slave_1 entered promiscuous mode [ 44.528822] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.535271] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.547802] device bridge_slave_1 entered promiscuous mode [ 44.557435] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.563880] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.590466] device bridge_slave_1 entered promiscuous mode [ 44.597169] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.603608] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.624810] device bridge_slave_1 entered promiscuous mode [ 44.633524] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.639948] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.677933] device bridge_slave_1 entered promiscuous mode [ 44.687104] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 44.694470] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.700946] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.729441] device bridge_slave_1 entered promiscuous mode [ 44.738601] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 44.747891] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.754344] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.773610] device bridge_slave_1 entered promiscuous mode [ 44.780370] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 44.789263] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 44.809733] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 44.850239] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 44.915134] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 44.924735] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 44.953906] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 44.970894] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 44.985406] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.017207] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.043975] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.063546] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.159457] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.213911] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.844995] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 45.873623] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 45.917570] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.014535] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.069015] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.077981] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.113161] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.122992] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.146841] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.154838] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.173626] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.235531] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.292674] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.342785] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.359875] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.392085] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.501600] ip (4104) used greatest stack depth: 53656 bytes left [ 47.049709] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 47.128186] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 47.143187] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 47.196405] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 47.225313] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 47.257631] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 47.353354] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 47.365080] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 47.383695] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 47.391400] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 47.407760] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 47.416224] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 47.468571] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 47.477891] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.499305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.530834] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 47.544295] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 47.552582] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.580164] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.625507] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 47.635631] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 47.642956] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 47.650114] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.685903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.714102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.736458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.750767] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 47.766366] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 47.778369] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 47.786315] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 47.793202] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.803719] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 47.825441] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.841599] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 47.853118] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 47.860803] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 47.870304] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 47.879820] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.895542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.923848] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.950799] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 47.968620] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.982767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.000917] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.015251] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.025335] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.042151] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.068834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.102366] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.126876] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.149261] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.180795] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.191436] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.203759] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.216603] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.230727] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.241893] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.276424] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.314112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.344216] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.382437] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.395955] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.403741] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.416601] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.182221] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.188687] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.195518] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.201962] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.244288] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.253926] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.260396] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.267304] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.273772] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.282976] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.290070] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 50.298132] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 50.318689] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.325147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.331985] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.338436] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.368920] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.384883] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.391350] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.398246] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.404721] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.445319] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.619402] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.625892] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.632763] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.639221] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.655982] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.674167] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.680623] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.687480] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.693932] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.733399] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.750118] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.756604] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.763448] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.769897] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.791953] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.802855] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.809323] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.816144] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.822583] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.862953] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.297779] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.312690] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.344677] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.381650] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.394393] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.401636] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 59.433175] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 59.628914] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 59.858375] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 59.866961] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 59.903172] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.053509] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.158975] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.252534] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 60.259096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.269624] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.356360] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 60.362591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.374686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.404829] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.670382] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 60.676698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.689587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.719376] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 60.729179] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.757595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.783220] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 60.789419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.800291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.844474] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 60.850731] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.859130] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.014325] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 61.020601] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.029153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.255004] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 61.261327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.274834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/20 20:26:40 executing program 2: open(&(0x7f00000001c0)='./file0\x00', 0x8000000000403ff, 0x0) syz_mount_image$vfat(&(0x7f0000000600)='vfat\x00', &(0x7f0000000740)='./file0\x00', 0x0, 0x0, &(0x7f0000000640), 0x1800, &(0x7f00000006c0)=ANY=[]) r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x2, 0x0) setsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x0, &(0x7f0000000000), 0x4) syz_mount_image$bfs(&(0x7f0000000040)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000840)=[{&(0x7f0000000180), 0x0, 0x70a0e5a1}], 0x0, 0x0) fallocate(r0, 0x11, 0x0, 0x100000001) 2018/04/20 20:26:40 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x5, 0xc, 0x4, 0xb, 0x0, 0xffffffffffffff9c}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={r0, &(0x7f0000000040), &(0x7f00000000c0)}, 0x20) 2018/04/20 20:26:40 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000d65000)={&(0x7f0000de2ff4)={0x10}, 0xc, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000000601ffff000000000000000d00000000"], 0x14}, 0x1}, 0x0) 2018/04/20 20:26:40 executing program 7: socketpair$unix(0x1, 0x10000000005, 0x0, &(0x7f0000001900)={0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) sendmsg$unix(r1, &(0x7f00000018c0)={&(0x7f0000000200)=@abs, 0x6e, &(0x7f0000001680), 0x0, &(0x7f0000001840)=[@rights={0x10, 0x1, 0x1, [r0]}], 0x10}, 0x0) 2018/04/20 20:26:41 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000dec000)={0x6, 0x4, 0x338d, 0x7}, 0x2c) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000000c0)={r0, &(0x7f0000000040)}, 0x10) 2018/04/20 20:26:41 executing program 7: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000580)) 2018/04/20 20:26:43 executing program 0: 2018/04/20 20:26:43 executing program 7: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x2}, 0x1c) 2018/04/20 20:26:43 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='/group.stat\x00', 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40286608, 0x4000000000000000) 2018/04/20 20:26:43 executing program 3: 2018/04/20 20:26:43 executing program 4: r0 = socket$inet6(0xa, 0x80003, 0x2b) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x7}, 0x1c) 2018/04/20 20:26:43 executing program 6: r0 = syz_open_procfs(0x0, &(0x7f0000000380)="6d6f756e74696e666f004388f750c83d14c4a3a9ac1488a477660ae763892c38ac6568b3e891941f02f1265047502f6c2dd9f65572005da7147991090bef7131eabf3110d638f0d2e6a49a2bc4a08d63e2da7af47e6c379723f04b7b505b6a06beedb2a86e30a86bc0d37a6438b99a4503c1c147cc5172df09c10eea22b1fcfb05ab850fb1fa7d86e5d217d4a59a70ba6ccaa8343014d5cbdf9cec8b13073ffe66b7490e5dc8a2ff8d0bc42cf8a84fdee6") mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f000000a000)='./file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f00000001c0)="2750e35d428fe823843c88fa1acabc33c8776e7874d1") mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000000340)='bdev\x00', 0x100000, &(0x7f00000002c0)) mount(&(0x7f0000000080)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000000040)='ubifs\x00', 0x1004, 0x0) mount(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='.', &(0x7f0000000140)='vxfs\x00', 0x3080, &(0x7f0000000200)) mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5010, &(0x7f00000e7000)) mount(&(0x7f000000a000)='.', &(0x7f0000000180)='.', &(0x7f0000000200)='ramfs\x00', 0x0, &(0x7f0000d1cfff)) preadv(r0, &(0x7f00000023c0)=[{&(0x7f0000002400)=""/4096, 0x1000}], 0x1, 0x0) 2018/04/20 20:26:43 executing program 2: 2018/04/20 20:26:43 executing program 5: 2018/04/20 20:26:43 executing program 5: 2018/04/20 20:26:43 executing program 3: 2018/04/20 20:26:43 executing program 0: 2018/04/20 20:26:43 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x5}, 0x1c) 2018/04/20 20:26:43 executing program 4: r0 = socket(0x10, 0x2, 0xc) sendmsg$nl_netfilter(r0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYBLOB="1400000010000000000000010000000000000000"], 0x14}, 0x1}, 0x0) 2018/04/20 20:26:43 executing program 2: 2018/04/20 20:26:43 executing program 6: 2018/04/20 20:26:43 executing program 7: 2018/04/20 20:26:43 executing program 3: 2018/04/20 20:26:43 executing program 7: 2018/04/20 20:26:43 executing program 2: 2018/04/20 20:26:43 executing program 5: 2018/04/20 20:26:43 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d05000000000000000010400000000000000002000000000000000000000000000000000000000000000080020000000000700000000000000600000000000000010000000000000000100000001000000010000000100000610000000400000000000000000000000000000000000000000000004501000000000000000000000001", 0xca, 0x10000}], 0x0, &(0x7f00000002c0)=ANY=[]) 2018/04/20 20:26:43 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000000)=[@in={0x2, 0x0, @broadcast=0xffffffff}], 0x1) 2018/04/20 20:26:43 executing program 6: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00005a4000)={&(0x7f0000327ff4)={0x10, 0x34000}, 0xc, &(0x7f0000007ff0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2000000058f5c58b5fb756af1e800be2043aad92dd"], 0x1}, 0x1}, 0x0) r0 = socket$nl_xfrm(0x11, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000015c0)={'tunl0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8916, &(0x7f0000000000)={'bond0\x00', r1}) 2018/04/20 20:26:43 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0xfffffffffffffffc, 0x32, 0xffffffffffffffff, 0x0) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000040), 0x4) 2018/04/20 20:26:43 executing program 4: 2018/04/20 20:26:44 executing program 5: 2018/04/20 20:26:44 executing program 7: 2018/04/20 20:26:44 executing program 2: r0 = getpid() sched_setattr(r0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) pipe2(&(0x7f0000989000)={0xffffffffffffffff}, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) pause() r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000bc8000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000d62fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f000009aff8)='./file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) dup2(r1, r2) 2018/04/20 20:26:44 executing program 1: 2018/04/20 20:26:44 executing program 6: bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x12, 0x3, &(0x7f0000000080)=@framed={{0x18}, [], {0x95}}, &(0x7f0000000200)='syzkaller\x00', 0x0, 0xbb, &(0x7f0000000300)=""/187}, 0x48) 2018/04/20 20:26:44 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000005000)='/dev/sg#\x00', 0x0, 0x8002) write(r0, &(0x7f0000f4af9d)="6a3db85e1e8d000000000009003e15d61dcc43b6ed5ed2bc7018cebc9b97ae21b14d872c5a8ce22cad160096aa1f", 0x2e) 2018/04/20 20:26:44 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000e40)={0x2, 0x12, 0x0, 0x0, 0x2}, 0x10}, 0x1}, 0x0) 2018/04/20 20:26:44 executing program 5: pipe2(&(0x7f00008df000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f00004abf1b)="ae", 0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x8) vmsplice(r1, &(0x7f0000cf7fe0)=[{&(0x7f00002a7000)='#', 0x1}], 0x1, 0x0) readv(r0, &(0x7f0000c9e000)=[{&(0x7f0000c25f19)=""/231, 0xe7}], 0x1) 2018/04/20 20:26:44 executing program 7: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000140)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000040)={[0x35]}, 0x1) 2018/04/20 20:26:44 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f00000001c0)=0x100000000000002, 0x4) shutdown(r0, 0x0) recvmsg(r0, &(0x7f0000000bc0)={&(0x7f0000000380)=@pppol2tp={0x0, 0x0, {0x0, 0xffffffffffffffff, {0x0, 0x0, @remote}}}, 0x80, &(0x7f0000000a00), 0x0, &(0x7f0000000ac0)=""/207, 0xcf}, 0x0) 2018/04/20 20:26:44 executing program 1: bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x1, 0x7, 0x5, 0x6}, 0x2c) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x13, 0x0, 0x7ffff9, 0x0, 0x20000000, 0x0}, 0x2c) bpf$MAP_CREATE(0x3, &(0x7f0000000040)={0x13, 0x0, 0x6e8000}, 0x14) 2018/04/20 20:26:44 executing program 4: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f000045fff8)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) ptrace(0x4207, r1) ptrace$getregset(0x4209, r1, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=""/4096, 0x1000}) 2018/04/20 20:26:45 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000fc9000)={0x1, 0x9, 0x800000209e1f, 0x8000000001}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f00000000c0), &(0x7f0000000200)}, 0x20) 2018/04/20 20:26:45 executing program 6: perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x0, 0x0) close(r0) 2018/04/20 20:26:45 executing program 7: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000000)='io.max\x00', 0x2, 0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="393a340d231c04e0c2b07604d6"], 0xd) 2018/04/20 20:26:45 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f000006bbc5)='/dev/sequencer\x00', 0x40a02, 0x0) write$sndseq(r0, &(0x7f0000fbde80)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote={{0x81, 0x5}, 0x0, &(0x7f0000932fd0)={0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}}}], 0x30) 2018/04/20 20:26:45 executing program 4: r0 = syz_open_dev$tun(&(0x7f0000000280)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={"0aa5992061c091bd7511ffffff00", 0x200000002}) 2018/04/20 20:26:45 executing program 1: mmap(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x0, 0x1b071, 0xffffffffffffffff, 0x0) msync(&(0x7f000000e000/0x3000)=nil, 0x3000, 0x0) 2018/04/20 20:26:45 executing program 5: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0xc0305302, &(0x7f0000000000)) 2018/04/20 20:26:45 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x15, 0x80005, 0x0) getsockopt(r0, 0x200000000114, 0x8, &(0x7f0000ee3000)=""/4096, &(0x7f0000000000)=0x1000) 2018/04/20 20:26:45 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MCAST_LEAVE_GROUP(r0, 0x29, 0x1b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}, 0x3) 2018/04/20 20:26:45 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @broadcast=0xffffffff}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f00006dc000)=[{0x6, 0x0, 0x0, 0xa1}]}, 0x10) sendto$inet(r1, &(0x7f0000000140), 0x0, 0x200007ff, &(0x7f0000003e00)={0x2, 0x4e23}, 0x10) sendto$inet(r1, &(0x7f0000000240)="c3401c34468c8e399aa4eedc3d6bd8f1d65c856a27d61154adc2b2a9763ae0201c0d32e11f38e9dd18c58f6bd779650fc30f93653bdaecf323c9f6502ceab47e6d114347b289546465a5eb278de12b1989f64cc99412e36880d20c34d91051b22f6c400000002b7bcdec844f667da0867d08d4154004997e31649b2b5eb2790c39f4", 0x82, 0x4000000003, &(0x7f0000000000)={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000180)='bbr\x00', 0x4) recvfrom(r0, &(0x7f0000001480)=""/4096, 0x1000, 0x0, &(0x7f00000001c0)=@ethernet={0x0, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}}, 0x80) writev(r1, &(0x7f0000df9000)=[{&(0x7f0000354ff8)='\'', 0x1}], 0x1) 2018/04/20 20:26:45 executing program 1: syz_mount_image$msdos(&(0x7f0000000000)='msdos\x00', &(0x7f00000000c0)='./file0\x00', 0xe800, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c90756b66732e66617400020401000200027400f8", 0x16}], 0x0, &(0x7f0000000040)={[{@check_relaxed='check=relaxed', 0x2c}, {@nocase='nocase', 0x2c}]}) mkdir(&(0x7f0000000080)='./file0/f.le0\x00', 0x0) 2018/04/20 20:26:45 executing program 7: r0 = creat(&(0x7f0000000140)='./file0\x00', 0x0) ioctl$fiemap(r0, 0x40086602, &(0x7f0000000480)=ANY=[]) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r1, &(0x7f0000000100)=ANY=[], 0x1023c) truncate(&(0x7f0000000240)='./file0\x00', 0xfaee) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000040)={0x0, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2}}, 0x10) 2018/04/20 20:26:45 executing program 0: socketpair$inet(0x1d, 0x0, 0xe, &(0x7f0000001f80)) 2018/04/20 20:26:45 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000eccfa8)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x8) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f000048f000)="ad56b6c5824c8eb995298992ea54c7beef9f5d56530f90c2", 0x18) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f00000013c0)="df6ee06b9038b3cf", 0x8}], 0x1, &(0x7f0000007000)}, 0x0) io_setup(0x7, &(0x7f0000000200)=0x0) io_submit(r2, 0x1, &(0x7f0000bd9fe0)=[&(0x7f0000c2bfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f000007d000)="b3", 0x1}]) 2018/04/20 20:26:45 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast=0xffffffff}, 0x10) r1 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x6, 0x0) getsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f0000000100), &(0x7f0000000140)=0x4) sendto$inet(r0, &(0x7f0000000140), 0x0, 0x200007ff, &(0x7f0000003e00)={0x2, 0x4e23}, 0x10) sendto$inet(r0, &(0x7f00006fd000)="c3", 0x1, 0x51, &(0x7f0000e66000)={0x2, 0x0, @broadcast=0xffffffff}, 0x10) ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f0000000080)=@add_del={0x2, &(0x7f0000000040)='ipddp0\x00', 0x7}) 2018/04/20 20:26:45 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000e1afc8)={&(0x7f00008d1ff4)={0x10}, 0xc, &(0x7f0000007000)={&(0x7f0000621000)={0x14, 0x1d, 0x3, 0x0, 0x0, {0x1f}}, 0x14}, 0x1}, 0x0) 2018/04/20 20:26:45 executing program 7: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x100000000000000, 0x1, &(0x7f00000000c0)=[{&(0x7f0000010000)="400000000002000019000000dc0100002c000000010000000000000000000000002000000020000040000000000000003d5cbe5a0000ffff53ef", 0x3a, 0x400}], 0x0, &(0x7f0000000140)) 2018/04/20 20:26:45 executing program 1: syz_mount_image$reiserfs(&(0x7f0000000000)='reiserfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000780), 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="6a71666d7401"]) 2018/04/20 20:26:45 executing program 5: r0 = bpf$MAP_CREATE(0x0, &(0x7f000092efe4)={0x10, 0x4, 0x4, 0xa}, 0x356) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r0, &(0x7f0000000040), &(0x7f0000000000)="e807df"}, 0x20) 2018/04/20 20:26:45 executing program 0: open_by_handle_at(0xffffffffffffff9c, &(0x7f0000000040)={0x9, 0x800000001, "86"}, 0x0) [ 72.018282] ================================================================== [ 72.025688] BUG: KMSAN: uninit-value in gcmaes_decrypt+0x2ec/0xea0 [ 72.032012] CPU: 0 PID: 5953 Comm: syz-executor3 Not tainted 4.16.0+ #84 [ 72.038847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.048198] Call Trace: [ 72.050797] dump_stack+0x185/0x1d0 [ 72.054427] ? gcmaes_decrypt+0x2ec/0xea0 [ 72.058581] kmsan_report+0x142/0x240 [ 72.062384] __msan_warning_32+0x6c/0xb0 2018/04/20 20:26:46 executing program 2: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000000)={0x7}, 0x4) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x3, 0x0, @loopback={0x0, 0x1}}], 0x1c) connect$inet6(r0, &(0x7f00008c0000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}}, 0x1c) 2018/04/20 20:26:46 executing program 6: r0 = syz_open_dev$evdev(&(0x7f0000131fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl(r0, 0x140104591, &(0x7f0000000040)) [ 72.066449] gcmaes_decrypt+0x2ec/0xea0 [ 72.070439] generic_gcmaes_decrypt+0x181/0x1e0 [ 72.075112] ? generic_gcmaes_encrypt+0x1e0/0x1e0 [ 72.079956] gcmaes_wrapper_decrypt+0x2f5/0x340 [ 72.084626] ? gcmaes_wrapper_encrypt+0x2d0/0x2d0 [ 72.089467] aead_recvmsg+0x17e1/0x2960 [ 72.093456] ? aead_sendmsg+0x1b0/0x1b0 [ 72.097432] sock_read_iter+0x405/0x480 [ 72.101428] ? kernel_sock_ip_overhead+0x350/0x350 [ 72.106361] aio_read+0x5c1/0x6f0 [ 72.109818] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 72.115198] ? fget+0x41b/0x460 2018/04/20 20:26:46 executing program 7: r0 = socket(0x10, 0x802, 0x0) write(r0, &(0x7f00000002c0)="220000002000070700be0000090007010a0000ff0c0000feff1f0010050013000004", 0x22) [ 72.118489] do_io_submit+0x1afe/0x2ed0 [ 72.122465] ? kmsan_set_origin_inline+0x6b/0x120 [ 72.127329] SYSC_io_submit+0x98/0xb0 [ 72.131134] SyS_io_submit+0x56/0x80 [ 72.134848] do_syscall_64+0x309/0x430 [ 72.138739] ? SYSC_io_destroy+0x390/0x390 [ 72.142982] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 72.148169] RIP: 0033:0x455379 [ 72.151358] RSP: 002b:00007f48cf181c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 72.159069] RAX: ffffffffffffffda RBX: 00007f48cf1826d4 RCX: 0000000000455379 [ 72.166335] RDX: 0000000020bd9fe0 RSI: 0000000000000001 RDI: 00007f48cf161000 [ 72.173600] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 72.180863] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 72.188130] R13: 000000000000018d R14: 00000000006f55d8 R15: 0000000000000000 [ 72.195396] [ 72.197011] Uninit was created at: [ 72.200562] kmsan_internal_poison_shadow+0xb8/0x1b0 [ 72.205672] kmsan_kmalloc+0x94/0x100 [ 72.209469] __kmalloc+0x23c/0x350 [ 72.213004] sock_kmalloc+0x14e/0x270 2018/04/20 20:26:46 executing program 5: r0 = syz_open_dev$sndseq(&(0x7f0000000140)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4", 0xa9824f69d1376637, 0x10800a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000efb000)='/dev/sequencer2\x00', 0x0, 0x0) [ 72.216810] af_alg_alloc_areq+0x85/0x320 [ 72.220958] aead_recvmsg+0x65a/0x2960 [ 72.224849] sock_read_iter+0x405/0x480 [ 72.228829] aio_read+0x5c1/0x6f0 [ 72.232283] do_io_submit+0x1afe/0x2ed0 [ 72.236262] SYSC_io_submit+0x98/0xb0 [ 72.240066] SyS_io_submit+0x56/0x80 [ 72.243782] do_syscall_64+0x309/0x430 [ 72.247671] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 72.252847] ================================================================== [ 72.260201] Disabling lock debugging due to kernel taint 2018/04/20 20:26:46 executing program 7: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x100800141846, 0x0) syz_mount_image$ntfs(&(0x7f0000000440)='ntfs\x00', &(0x7f0000000480)='./bus\x00', 0x0, 0x0, &(0x7f00000006c0), 0x1000, &(0x7f0000000000)=ANY=[]) r1 = dup(r0) r2 = open(&(0x7f0000002000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_FD(r2, 0x4c00, r1) [ 72.265643] Kernel panic - not syncing: panic_on_warn set ... [ 72.265643] [ 72.273010] CPU: 0 PID: 5953 Comm: syz-executor3 Tainted: G B 4.16.0+ #84 [ 72.281145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.290518] Call Trace: [ 72.293107] dump_stack+0x185/0x1d0 [ 72.296740] panic+0x39d/0x940 [ 72.299955] ? gcmaes_decrypt+0x2ec/0xea0 [ 72.304102] kmsan_report+0x238/0x240 [ 72.307905] __msan_warning_32+0x6c/0xb0 [ 72.311967] gcmaes_decrypt+0x2ec/0xea0 [ 72.315954] generic_gcmaes_decrypt+0x181/0x1e0 [ 72.320627] ? generic_gcmaes_encrypt+0x1e0/0x1e0 [ 72.325475] gcmaes_wrapper_decrypt+0x2f5/0x340 [ 72.330142] ? gcmaes_wrapper_encrypt+0x2d0/0x2d0 [ 72.334986] aead_recvmsg+0x17e1/0x2960 [ 72.338976] ? aead_sendmsg+0x1b0/0x1b0 [ 72.342952] sock_read_iter+0x405/0x480 [ 72.346935] ? kernel_sock_ip_overhead+0x350/0x350 [ 72.351869] aio_read+0x5c1/0x6f0 [ 72.355335] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 72.360697] ? fget+0x41b/0x460 [ 72.363988] do_io_submit+0x1afe/0x2ed0 [ 72.367968] ? kmsan_set_origin_inline+0x6b/0x120 [ 72.372836] SYSC_io_submit+0x98/0xb0 [ 72.376641] SyS_io_submit+0x56/0x80 [ 72.380357] do_syscall_64+0x309/0x430 [ 72.384254] ? SYSC_io_destroy+0x390/0x390 [ 72.388496] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 72.393682] RIP: 0033:0x455379 [ 72.396871] RSP: 002b:00007f48cf181c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 72.404579] RAX: ffffffffffffffda RBX: 00007f48cf1826d4 RCX: 0000000000455379 [ 72.411849] RDX: 0000000020bd9fe0 RSI: 0000000000000001 RDI: 00007f48cf161000 [ 72.419117] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 72.426384] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 72.433649] R13: 000000000000018d R14: 00000000006f55d8 R15: 0000000000000000 [ 72.441413] Dumping ftrace buffer: [ 72.444939] (ftrace buffer empty) [ 72.448621] Kernel Offset: disabled [ 72.452221] Rebooting in 86400 seconds..