INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.19' (ECDSA) to the list of known hosts.
2018/04/17 15:05:25 fuzzer started
2018/04/17 15:05:26 dialing manager at 10.128.0.26:43021
2018/04/17 15:05:32 kcov=true, comps=false
2018/04/17 15:05:35 executing program 0:
r0 = perf_event_open(&(0x7f00003a8000)={0x2, 0x78, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000180)="d619c5936c28d8d7e6d9f032b6d553de2b53c5fe85897ee4199c43527d28fd4d37e3216b7b92889505c35e203550c19ddd29be84d431d835eed0633a86b7e65369e6421fc98bf5a34f993871b8ad02a27a84e4f7da2f63aae862cb91e1f8fd4ccec1")

2018/04/17 15:05:35 executing program 2:
syz_emit_ethernet(0x7a, &(0x7f00000002c0)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "6d44bf", 0x44, 0x2b, 0x0, @ipv4={[], [0xff, 0xff], @local={0xac, 0x14, 0x14, 0xaa}}, @local={0xfe, 0x80, [], 0xaa}, {[], @gre={{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x880b}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd}, {0x8, 0x88be, 0x0, {{0x0, 0x1}, 0x1}}, {0x8, 0x22eb, 0x0, {{0x0, 0x2}, 0x2}}, {0x8, 0x6558}}}}}}}, &(0x7f0000000080))

2018/04/17 15:05:35 executing program 7:
r0 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
listen(r0, 0x8)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x6, 0x0, @local={0xfe, 0x80, [], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @tcp={{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, &(0x7f00000002c0))
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x6, 0x0, @local={0xfe, 0x80, [], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @tcp={{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10}}}}}}}, &(0x7f00000002c0))

2018/04/17 15:05:35 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4)
setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000383000)=0x1, 0x4)
setsockopt$inet_tcp_int(r0, 0x6, 0x800000000000002, &(0x7f0000000000)=0x7fff, 0xfffffffffffffc49)
sendto$inet(r0, &(0x7f0000482000), 0x0, 0x800000120000401, &(0x7f0000e45ff0)={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10)

2018/04/17 15:05:35 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000bba000)={0x2, 0x78, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000272fdc))
write(0xffffffffffffffff, &(0x7f0000b84ec6), 0x0)
ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f0000000040))
ioctl$TIOCSBRK(r0, 0x40044590)

2018/04/17 15:05:35 executing program 5:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0)
recvmsg(r0, &(0x7f0000000800)={&(0x7f0000000380)=@sco, 0x3cf, &(0x7f0000000700), 0x0, &(0x7f0000000740)=""/148, 0x94}, 0x0)
recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000300)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000cc0)=""/4096, 0x1000}, {&(0x7f0000003f00)=""/4096, 0x1000}], 0x2, &(0x7f0000000400)=""/29, 0x1d}, 0x0)
recvmsg(r0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x0, &(0x7f0000000940), 0x0, &(0x7f0000000240)=""/183, 0xb7}, 0x0)

2018/04/17 15:05:35 executing program 6:

2018/04/17 15:05:35 executing program 1:
r0 = socket$inet6(0xa, 0x80001, 0x0)
perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x5, 0x108000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000a83000)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}, {{0xa, 0x0, 0x0, @loopback={0x0, 0x1}}}}, 0x108)

syzkaller login: [   44.618384] ip (3749) used greatest stack depth: 54688 bytes left
[   45.193641] ip (3796) used greatest stack depth: 54408 bytes left
[   46.173425] ip (3895) used greatest stack depth: 54200 bytes left
[   46.551326] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.557836] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.605158] device bridge_slave_0 entered promiscuous mode
[   46.651998] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.658554] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.694236] device bridge_slave_0 entered promiscuous mode
[   46.756990] ip (3935) used greatest stack depth: 53960 bytes left
[   46.774843] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.781345] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.838113] device bridge_slave_1 entered promiscuous mode
[   46.858547] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.865130] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.906773] device bridge_slave_0 entered promiscuous mode
[   46.924958] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.931445] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.950679] device bridge_slave_1 entered promiscuous mode
[   46.960803] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.967336] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.984867] device bridge_slave_0 entered promiscuous mode
[   47.002746] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.009240] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.033412] device bridge_slave_0 entered promiscuous mode
[   47.053395] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   47.074848] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.081341] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.122886] device bridge_slave_0 entered promiscuous mode
[   47.137371] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.143847] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.164296] device bridge_slave_0 entered promiscuous mode
[   47.186357] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   47.196251] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.202748] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.220785] device bridge_slave_1 entered promiscuous mode
[   47.229170] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   47.239231] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.245724] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.268461] device bridge_slave_0 entered promiscuous mode
[   47.282137] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.288634] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.324263] device bridge_slave_1 entered promiscuous mode
[   47.334557] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.341110] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.361105] device bridge_slave_1 entered promiscuous mode
[   47.387089] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.393604] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.413658] device bridge_slave_1 entered promiscuous mode
[   47.432269] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   47.439645] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   47.448146] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.454593] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.493378] device bridge_slave_1 entered promiscuous mode
[   47.519325] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.525822] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.575067] device bridge_slave_1 entered promiscuous mode
[   47.591997] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   47.599612] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   47.622358] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   47.631021] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   47.648749] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   47.670517] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   47.708096] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   47.822021] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   47.867659] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   47.877931] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   47.900934] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   48.215939] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   48.441218] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   48.558130] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   48.646621] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   48.703752] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   48.793530] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   48.819351] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   48.898147] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   48.907886] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   48.919337] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   48.929646] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   48.937414] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   49.006151] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   49.088278] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   49.131245] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   49.141734] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   49.477557] ip (4133) used greatest stack depth: 53656 bytes left
[   49.486535] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   49.676713] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   49.828971] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   49.869146] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   49.876359] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   49.889439] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   50.029368] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   50.036950] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   50.055138] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   50.080776] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   50.089331] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   50.101430] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   50.112279] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   50.129429] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   50.169590] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   50.197785] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   50.258657] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   50.277619] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   50.284792] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   50.293904] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   50.313350] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   50.332242] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   50.339509] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   50.349523] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   50.367783] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   50.377115] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   50.398814] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   50.472311] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   50.511560] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   50.518796] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   50.534847] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   50.579292] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   50.587994] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   50.598972] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   50.624575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   50.644735] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   50.668550] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   50.679812] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   50.688371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   50.697798] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   50.720500] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   50.732779] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   50.742476] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   50.749645] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   50.762603] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   50.787809] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   50.811148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   50.835688] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   50.850883] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   50.875076] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   50.894456] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   50.906117] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   50.921240] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   50.934587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   50.950972] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   50.976836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   51.006706] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   51.023186] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   51.041398] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   51.048679] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   51.057596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   51.077013] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   51.126187] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   51.166454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   52.863268] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.869760] bridge0: port 2(bridge_slave_1) entered forwarding state
[   52.876669] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.883151] bridge0: port 1(bridge_slave_0) entered forwarding state
[   52.910830] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   52.917392] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   53.034339] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.040834] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.047715] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.054192] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.110994] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   53.131420] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.137917] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.144763] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.151222] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.167437] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   53.183321] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.189810] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.196678] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.203157] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.238300] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   53.413557] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.420122] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.426998] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.433508] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.474718] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   53.486798] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.493267] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.500147] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.506575] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.517557] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   53.536210] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.542693] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.549563] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.556020] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.618467] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   53.631714] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.638203] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.645147] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.651628] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.722541] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   53.919213] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   53.934614] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   53.965609] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   53.974669] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   53.982876] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   53.991920] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   53.999864] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   62.421016] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   62.490405] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   62.654849] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   62.947768] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   63.035519] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   63.062397] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   63.241738] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   63.252505] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   63.268328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   63.295995] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   63.308103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   63.315913] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   63.379835] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   63.398895] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   63.405172] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   63.415593] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   63.522672] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   63.739128] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   63.748131] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   63.761253] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   63.857964] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   63.864290] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   63.879232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   63.999461] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   64.005775] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   64.017382] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   64.191615] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   64.197914] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   64.209426] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   64.353874] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   64.360205] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   64.376733] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   69.087987] netlink: 'syz-executor5': attribute type 29 has an invalid length.
[   69.095517] netlink: 8 bytes leftover after parsing attributes in process `syz-executor5'.
2018/04/17 15:06:02 executing program 7:

[   69.177774] netlink: 'syz-executor5': attribute type 29 has an invalid length.
[   69.185295] netlink: 8 bytes leftover after parsing attributes in process `syz-executor5'.
[   69.214816] netlink: 'syz-executor5': attribute type 29 has an invalid length.
[   69.222415] netlink: 8 bytes leftover after parsing attributes in process `syz-executor5'.
2018/04/17 15:06:02 executing program 7:

[   69.342302] netlink: 'syz-executor5': attribute type 29 has an invalid length.
[   69.349849] netlink: 8 bytes leftover after parsing attributes in process `syz-executor5'.
2018/04/17 15:06:02 executing program 2:

[   69.419738] netlink: 'syz-executor5': attribute type 29 has an invalid length.
[   69.427301] netlink: 8 bytes leftover after parsing attributes in process `syz-executor5'.
2018/04/17 15:06:02 executing program 7:

[   69.528188] netlink: 'syz-executor5': attribute type 29 has an invalid length.
[   69.535803] netlink: 8 bytes leftover after parsing attributes in process `syz-executor5'.
2018/04/17 15:06:02 executing program 2:

2018/04/17 15:06:02 executing program 7:

[   69.637642] netlink: 'syz-executor5': attribute type 29 has an invalid length.
[   69.645213] netlink: 8 bytes leftover after parsing attributes in process `syz-executor5'.
2018/04/17 15:06:02 executing program 2:

2018/04/17 15:06:02 executing program 3:
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x6, 0x0, @local={0xfe, 0x80, [], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @tcp={{0x4e20, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, &(0x7f00000002c0))

[   69.726892] netlink: 'syz-executor5': attribute type 29 has an invalid length.
[   69.734502] netlink: 8 bytes leftover after parsing attributes in process `syz-executor5'.
[   69.822103] netlink: 'syz-executor5': attribute type 29 has an invalid length.
[   69.829629] netlink: 8 bytes leftover after parsing attributes in process `syz-executor5'.
[   69.879357] netlink: 'syz-executor5': attribute type 29 has an invalid length.
[   69.887087] netlink: 8 bytes leftover after parsing attributes in process `syz-executor5'.
2018/04/17 15:06:03 executing program 0:
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
unshare(0x8000400)
setsockopt$RDS_GET_MR(r0, 0x114, 0x2, &(0x7f0000000140)={{&(0x7f0000000080)=""/171, 0xab}, &(0x7f0000000000), 0x20}, 0x20)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000006c0)={r0, 0x28, &(0x7f0000000680)}, 0x10)

2018/04/17 15:06:03 executing program 5:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0)
recvmsg(r0, &(0x7f0000000800)={&(0x7f0000000380)=@sco, 0x3cf, &(0x7f0000000700), 0x0, &(0x7f0000000740)=""/148, 0x94}, 0x0)
recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000300)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000cc0)=""/4096, 0x1000}, {&(0x7f0000003f00)=""/4096, 0x1000}], 0x2, &(0x7f0000000400)=""/29, 0x1d}, 0x0)
recvmsg(r0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x0, &(0x7f0000000940), 0x0, &(0x7f0000000240)=""/183, 0xb7}, 0x0)

2018/04/17 15:06:03 executing program 4:
r0 = dup(0xffffffffffffff9c)
getsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f0000000040)=0x5, &(0x7f0000000080)=0x4)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
r2 = syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x0)
unshare(0x40600)
socket$inet6_icmp(0xa, 0x2, 0x3a)
r3 = dup3(r1, r2, 0x0)
ioctl$EVIOCGBITKEY(r3, 0x80404521, &(0x7f0000000180)=""/238)

2018/04/17 15:06:03 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000a7c000)=0x2d, 0x4)
r1 = dup3(r0, r0, 0x80000)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8)
connect$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10)
connect$inet(r0, &(0x7f0000593000)={0x2, 0x0, @broadcast=0xffffffff}, 0x10)

2018/04/17 15:06:03 executing program 7:
add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={0x73, 0x79, 0x7a}, &(0x7f0000000100), 0x0, 0xfffffffffffffffe)
add_key$keyring(&(0x7f0000000440)='keyring\x00', &(0x7f0000000480)={0x73, 0x79, 0x7a}, 0x0, 0x0, 0xfffffffffffffffe)
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x80, 0x0)
syz_open_dev$urandom(&(0x7f0000000100)='/dev/urandom\x00', 0x0, 0x50080)
ioctl$KDSETKEYCODE(r0, 0x4b4d, &(0x7f0000000040)={0x0, 0xfff})
r1 = getpgid(0x0)
setpriority(0x3, r1, 0x81)

2018/04/17 15:06:03 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
bind$inet(r0, &(0x7f0000738ff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10)
sendto$inet(r0, &(0x7f0000000b40), 0x0, 0x20020003, &(0x7f0000000b00)={0x2, 0x4e21, @loopback=0x7f000001}, 0x10)
socketpair(0x3, 0x2, 0xfffffffffffffffb, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$cgroup(r1, &(0x7f0000000140)='syz1\x00', 0x200002, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000f43ffc)=0xfffffffffffffffc, 0x4)
ppoll(&(0x7f0000000180)=[{r0, 0x200}, {r3, 0x188}, {r2, 0x40}, {r3, 0x1000}], 0x4, &(0x7f00000001c0)={0x77359400}, &(0x7f0000000200)={0x3}, 0x8)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0x7fff, 0x80000001}, 0x14)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000000)=0xfffffffffffff001, 0x4)
sendto$inet(r0, &(0x7f00000000c0)="92", 0x1, 0x0, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14}}, 0x10)

2018/04/17 15:06:03 executing program 3:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000b5dfa8)={0x26, 'hash\x00', 0x0, 0x0, 'rmd128-generic\x00'}, 0x58)
accept$alg(r0, 0x0, 0x0)
r1 = open(&(0x7f00004b8ff8)='./file0\x00', 0x28042, 0x0)
fallocate(r1, 0x0, 0x10004, 0x7d)
sendfile(r1, r1, &(0x7f0000000000)=0x1, 0x80000400)

2018/04/17 15:06:03 executing program 6:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x0, 0x4, &(0x7f0000000080)=@raw=[@generic={0x7fff, 0x46}, @alu={0x4, 0x7fffffff, 0xb, 0x7, 0xf, 0xfffffffd, 0x10}], &(0x7f00000000c0)='GPL\x00', 0x8, 0x12, &(0x7f0000000100)=""/18, 0x41f00, 0x1}, 0x48)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000001c0)={0x0, r0, 0x5, 0x1}, 0x14)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={<r1=>0x0, <r2=>0x0})
r3 = gettid()
r4 = perf_event_open(&(0x7f0000000300)={0x3, 0x70, 0x3f, 0x1, 0x8001, 0x3, 0x0, 0x20, 0x2080, 0x2, 0x9854, 0xcb91, 0x1, 0xff, 0x7, 0x0, 0x3, 0x3, 0x52, 0x2, 0x9, 0x7fff, 0x800, 0x100000001, 0x80, 0xffffffffffffffe1, 0xb4b, 0x9b9, 0xe074, 0x5, 0x100000000, 0x8001, 0x6, 0x800, 0x5, 0x7, 0x5, 0x80000000, 0x0, 0x3a, 0x0, @perf_bp={&(0x7f00000002c0)}, 0x820, 0x5, 0x7, 0x2, 0x2, 0x0, 0xffffffffffff40a6}, r3, 0x3, r1, 0x3)
ioctl$VHOST_SET_VRING_BASE(r2, 0x4008af12, &(0x7f00000003c0)={0x2, 0x10000})
recvmsg$kcm(r2, &(0x7f0000000480)={0x0, 0xff98, &(0x7f0000000380)=[{&(0x7f0000000540)=""/49, 0x31}], 0x0, &(0x7f0000000580)=""/77, 0x4d}, 0x2003)
recvmsg$kcm(r1, &(0x7f0000000200)={&(0x7f0000000040)=@ax25, 0x10, &(0x7f0000000000)=[{&(0x7f0000000080)=""/151, 0xffffff77}], 0x1, &(0x7f00000001c0)=""/17, 0x11}, 0x0)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)=@vsock, 0xfffffffffffffda6, &(0x7f00000000c0)=[{&(0x7f0000000180)=""/154, 0x9a}], 0x1, &(0x7f0000000240)=""/105, 0x69}, 0x0)
close(r1)
sendmsg(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100), 0x28a, &(0x7f0000000000)}, 0x0)
perf_event_open(&(0x7f0000348f88)={0x0, 0x78}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000011fd4)={0x5, 0x3, 0x4, 0x1, 0x0, 0x1}, 0x2c)
close(0xffffffffffffffff)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}, 0x10)
perf_event_open(&(0x7f00000004c0)={0x0, 0x70, 0x4, 0x9, 0x3, 0x4, 0x0, 0x2, 0x40008, 0x5, 0x2, 0x6, 0x80000001, 0x1000, 0x8, 0x100, 0x800, 0x3, 0x6, 0x1, 0x7, 0x0, 0x1000, 0x8, 0x100000000, 0x1, 0x23, 0x7, 0x8, 0x8, 0x0, 0x9, 0x7fffffff, 0x0, 0x30000000, 0x8, 0x1, 0x0, 0x0, 0x9, 0x1, @perf_config_ext={0x8, 0x9}, 0xb6ab92d5df58fd70, 0x0, 0x1, 0x3, 0xfdc, 0x8, 0x400}, r3, 0x6, r4, 0x2)

[   70.332152] ==================================================================
[   70.339791] WARNING: memcpy-param-overlap in generic_perform_write+0x4c6/0x990
[   70.347296] __msan_memcpy(ffff8801c585f000, ffff8801c585f001, 4095)
[   70.353798] CPU: 0 PID: 5801 Comm: syz-executor3 Not tainted 4.16.0+ #84
[   70.360651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   70.370021] Call Trace:
[   70.372657]  dump_stack+0x185/0x1d0
[   70.376336]  __msan_memcpy+0x90/0x1f0
[   70.380187]  iov_iter_copy_from_user_atomic+0xb04/0x17d0
[   70.385640] ==================================================================
[   70.393013] BUG: KMSAN: uninit-value in kernel_text_address+0x248/0x3a0
[   70.399775] CPU: 0 PID: 5801 Comm: syz-executor3 Not tainted 4.16.0+ #84
[   70.406609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   70.415958] Call Trace:
[   70.418556]  dump_stack+0x14a/0x1d0
[   70.422197]  ? kernel_text_address+0x248/0x3a0
[   70.426782]  kmsan_report+0x142/0x240
2018/04/17 15:06:03 executing program 5:
r0 = eventfd2(0x80000001, 0x0)
pipe(&(0x7f0000000040))
pipe(&(0x7f0000000000))
readv(r0, &(0x7f0000001600)=[{&(0x7f0000000100)=""/8, 0x8}, {&(0x7f0000001500)=""/231, 0x1}], 0x2)

[   70.430595]  __msan_warning_32+0x6c/0xb0
[   70.434662]  kernel_text_address+0x248/0x3a0
[   70.439085]  __kernel_text_address+0x34/0xe0
[   70.443502]  show_trace_log_lvl+0x954/0x1030
[   70.447923]  ? generic_perform_write+0x4c6/0x990
[   70.452694]  show_stack+0xfc/0x150
[   70.456239]  ? print_worker_info+0x1b0/0x660
[   70.460649]  dump_stack+0x185/0x1d0
[   70.464281]  __msan_memcpy+0x90/0x1f0
[   70.468090]  iov_iter_copy_from_user_atomic+0xb04/0x17d0
[   70.473559]  generic_perform_write+0x4c6/0x990
[   70.478154]  __generic_file_write_iter+0x43b/0x990
2018/04/17 15:06:03 executing program 7:
r0 = getpgid(0x0)
r1 = syz_open_procfs(r0, &(0x7f0000000180)='gid_map\x00')
preadv(r1, &(0x7f0000000000), 0x0, 0x0)
ioctl$sock_inet_tcp_SIOCATMARK(r1, 0x8905, &(0x7f0000000040))

[   70.483091]  ? rcu_all_qs+0x32/0x1f0
[   70.486815]  generic_file_write_iter+0x814/0xbf0
[   70.491580]  ? __generic_file_write_iter+0x990/0x990
[   70.496687]  do_iter_readv_writev+0x7bb/0x970
[   70.501194]  ? __generic_file_write_iter+0x990/0x990
[   70.506304]  do_iter_write+0x30d/0xd40
[   70.510199]  ? kmsan_set_origin_inline+0x6b/0x120
[   70.515057]  ? __generic_file_write_iter+0x990/0x990
[   70.520166]  vfs_iter_write+0x118/0x180
[   70.524151]  iter_file_splice_write+0xbc3/0x1710
[   70.528932]  ? splice_from_pipe+0x2c0/0x2c0
[   70.533258]  ? splice_from_pipe+0x2c0/0x2c0
[   70.537584]  direct_splice_actor+0x19b/0x200
[   70.542013]  splice_direct_to_actor+0x764/0x1040
[   70.546779]  ? do_splice_direct+0x540/0x540
[   70.551110]  ? security_file_permission+0x28f/0x4b0
[   70.556136]  ? rw_verify_area+0x35e/0x580
[   70.560290]  do_splice_direct+0x335/0x540
[   70.564444]  do_sendfile+0x1067/0x1e40
[   70.568348]  SYSC_sendfile64+0x1b3/0x300
[   70.572419]  SyS_sendfile64+0x64/0x90
[   70.576218]  do_syscall_64+0x309/0x430
2018/04/17 15:06:03 executing program 1:
r0 = accept4$alg(0xffffffffffffff9c, 0x0, 0x0, 0x80000)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'ip6gretap0\x00', 0x1})
lseek(r0, 0x0, 0x1)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f00003cf000)={&(0x7f0000f4dff4)={0x10}, 0xc, &(0x7f00005ad000)={&(0x7f0000003a80)=@newsa={0x138, 0x10, 0x5, 0x0, 0x0, {{@in=@remote={0xac, 0x14, 0x14, 0xbb}}, {@in=@local={0xac, 0x14, 0x14, 0xaa}, 0x0, 0x32}, @in, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha224\x00'}}}]}, 0x138}, 0x1}, 0x0)
set_tid_address(&(0x7f0000000040))

[   70.580113]  ? SYSC_sendfile+0x320/0x320
[   70.584182]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   70.589365] RIP: 0033:0x455329
[   70.592548] RSP: 002b:00007f94b6801c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[   70.600251] RAX: ffffffffffffffda RBX: 00007f94b68026d4 RCX: 0000000000455329
[   70.607532] RDX: 0000000020000000 RSI: 0000000000000015 RDI: 0000000000000015
[   70.614802] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[   70.622080] R10: 0000000080000400 R11: 0000000000000246 R12: 00000000ffffffff
2018/04/17 15:06:03 executing program 7:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x22, &(0x7f0000000040)={@empty, @loopback=0x7f000001}, 0xc)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10)
sendto$inet(r0, &(0x7f00006af000), 0x0, 0x0, &(0x7f000000a000)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10)

[   70.629351] R13: 00000000000004c6 R14: 00000000006fa330 R15: 0000000000000000
[   70.636619] 
[   70.638244] Local variable description: ----ug.i@mem_cgroup_uncharge_list
[   70.645160] Variable was created at:
[   70.648888]  mem_cgroup_uncharge_list+0x42/0x1e0
[   70.653654]  release_pages+0x1647/0x1670
[   70.657705] ==================================================================
[   70.665064] Disabling lock debugging due to kernel taint
[   70.670508] Kernel panic - not syncing: panic_on_warn set ...
[   70.670508] 
[   70.677885] CPU: 0 PID: 5801 Comm: syz-executor3 Tainted: G    B            4.16.0+ #84
[   70.686046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   70.695396] Call Trace:
[   70.697997]  dump_stack+0x14a/0x1d0
[   70.701633]  panic+0x39d/0x940
[   70.704857]  ? kernel_text_address+0x248/0x3a0
[   70.709439]  kmsan_report+0x238/0x240
[   70.713246]  __msan_warning_32+0x6c/0xb0
[   70.717321]  kernel_text_address+0x248/0x3a0
[   70.721736]  __kernel_text_address+0x34/0xe0
[   70.726153]  show_trace_log_lvl+0x954/0x1030
2018/04/17 15:06:03 executing program 7:
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000040)={@in6={{0xa, 0x0, 0x0, @loopback={0x0, 0x1}}}, 0x0, 0x7, 0x0, "9ec23bee3f97f0a7e56a0a48890c173dd6a56c265ac7c8b9462087934bd63f2cb35b37d3fd927309cd354cccfcc9c642a16d40457f7d158339c2739ec36608f2c42477fa3b5cb867a8ce3d22d24ed3d0"}, 0xd8)
bind$inet6(r0, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c)
sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140)='IPVS\x00')
sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x74, r1, 0x400, 0x70bd2b, 0x25dfdbfb, {0x9}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8001}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x647}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x5}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x5}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9}, @IPVS_CMD_ATTR_SERVICE={0x2c, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x6c}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x5}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'sh\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x45}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x67}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

[   70.730563]  ? generic_perform_write+0x4c6/0x990
[   70.735330]  show_stack+0xfc/0x150
[   70.738868]  ? print_worker_info+0x1b0/0x660
[   70.743281]  dump_stack+0x185/0x1d0
[   70.746913]  __msan_memcpy+0x90/0x1f0
[   70.750713]  iov_iter_copy_from_user_atomic+0xb04/0x17d0
[   70.756174]  generic_perform_write+0x4c6/0x990
[   70.760768]  __generic_file_write_iter+0x43b/0x990
[   70.765697]  ? rcu_all_qs+0x32/0x1f0
[   70.769415]  generic_file_write_iter+0x814/0xbf0
[   70.774178]  ? __generic_file_write_iter+0x990/0x990
[   70.779284]  do_iter_readv_writev+0x7bb/0x970
2018/04/17 15:06:03 executing program 1:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
ioctl$void(r0, 0x5450)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffffffffffff9)

[   70.783790]  ? __generic_file_write_iter+0x990/0x990
[   70.788897]  do_iter_write+0x30d/0xd40
[   70.792795]  ? kmsan_set_origin_inline+0x6b/0x120
[   70.797650]  ? __generic_file_write_iter+0x990/0x990
[   70.802758]  vfs_iter_write+0x118/0x180
[   70.806741]  iter_file_splice_write+0xbc3/0x1710
[   70.811519]  ? splice_from_pipe+0x2c0/0x2c0
[   70.815838]  ? splice_from_pipe+0x2c0/0x2c0
[   70.820164]  direct_splice_actor+0x19b/0x200
[   70.824586]  splice_direct_to_actor+0x764/0x1040
[   70.829350]  ? do_splice_direct+0x540/0x540
[   70.833678]  ? security_file_permission+0x28f/0x4b0
[   70.838707]  ? rw_verify_area+0x35e/0x580
[   70.842866]  do_splice_direct+0x335/0x540
[   70.847034]  do_sendfile+0x1067/0x1e40
[   70.850943]  SYSC_sendfile64+0x1b3/0x300
[   70.855012]  SyS_sendfile64+0x64/0x90
[   70.858822]  do_syscall_64+0x309/0x430
[   70.862718]  ? SYSC_sendfile+0x320/0x320
[   70.866787]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   70.871975] RIP: 0033:0x455329
[   70.875163] RSP: 002b:00007f94b6801c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[   70.882865] RAX: ffffffffffffffda RBX: 00007f94b68026d4 RCX: 0000000000455329
[   70.890137] RDX: 0000000020000000 RSI: 0000000000000015 RDI: 0000000000000015
[   70.897404] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[   70.904669] R10: 0000000080000400 R11: 0000000000000246 R12: 00000000ffffffff
[   70.911936] R13: 00000000000004c6 R14: 00000000006fa330 R15: 0000000000000000
[   70.919650] Dumping ftrace buffer:
[   70.923175]    (ftrace buffer empty)
[   70.926858] Kernel Offset: disabled
[   70.930460] Rebooting in 86400 seconds..