INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.2' (ECDSA) to the list of known hosts. 2018/04/07 06:10:59 fuzzer started 2018/04/07 06:10:59 dialing manager at 10.128.0.26:38639 2018/04/07 06:11:05 kcov=true, comps=false 2018/04/07 06:11:08 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) write(r0, &(0x7f0000000040)="240000002400f95c084a5d7f000020000180007701000000ff010000000000000000002f", 0x24) 2018/04/07 06:11:08 executing program 1: mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x0, 0x10000032, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r0, 0x0, 0xd1, &(0x7f0000000ffc), 0x4) 2018/04/07 06:11:08 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0xc812, r0, 0x0) r1 = socket$inet(0x15, 0x5, 0x0) getsockopt$inet_mreqn(r1, 0x114, 0x2710, &(0x7f0000000000)={@remote, @remote}, &(0x7f0000000040)=0xfee8) 2018/04/07 06:11:08 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00005e1fa8)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f000064d000)=[{0x0, 0x0, &(0x7f00007b7000), 0x1f7}], 0x1, 0x4008000) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) accept$alg(r1, 0x0, 0x0) 2018/04/07 06:11:08 executing program 2: futex(&(0x7f0000000080)=0x1, 0x800000000086, 0x0, &(0x7f0000000000)={0x77359400}, &(0x7f0000048000), 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0xfffffffffffffffe, 0x100000000000032, 0xffffffffffffffff, 0x0) tkill(r0, 0x1000000000016) 2018/04/07 06:11:08 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000040)='./file1\x00', 0x0) fallocate(r1, 0x0, 0x0, 0x9) fallocate(r1, 0x8000000001, 0x2000b774, 0x8000043) 2018/04/07 06:11:08 executing program 6: r0 = socket$inet(0x2, 0x2, 0x0) perf_event_open(&(0x7f0000b5a000)={0x4000000002, 0x78, 0x1e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$inet(r0, &(0x7f0000eed000)={0x2, 0x4e21}, 0x10) syz_emit_ethernet(0x423, &(0x7f000018f000)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x415, 0x0, 0x0, 0x0, 0x11, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}, @multicast1=0xe0000001}, @dccp={{0x0, 0x4e21, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "d73cde", 0x0, "f53475"}, "b441d632cdbbcb211363807aec73d3883762a61dc02d349bfa3ac974b987aa7fb97eb324d594fbbb77bab759418aa8d451d921e8f5d2cf2b08292111701192e97cac366dd3eb2e0fb039e58314ef4709c5f3556db6a1ab6b4fb2bdd83cdc26e8395ec4984ec3faf71a611d1569545d654cded93be827a85188b803c19c1b56aab522862a718b81e512b49690994d3425e33bd93f0e744c66a083c1f9f1bd7bb8f9e123c08f3f041ed3fdc058136cf0071a47cc0e38720a12e11e842a7b5b26dff07f578fdb9a7b14662a625c1ee76c41ccb2b1fc6376aa718e1067b9e4af511ef5b360dbfad326108bb033db193dab27974eb8c462739eaee51d87f31c516e7e391073770da3202e02c41a7277c847df24bd5b0a7ab6e252f3c8ebf00688cc55311d887e8bfd95a7f4c6a126af3fe26714ddb869c66d18f870631bbd497e8a06881b754ecdcdd0dcffc51cd52a6b560f8d64b63a1674745edc5f53b18a8ffcc5c2fbc4d2bbcc2faf3c189d9b36c0655d1394f5c127ec86b8a764a87b546c2b6ac37d0a8ec3edd7cda6f930570763dbdc0640d219749bd57c7c89eaadfdae41d654a46b17be069a32a7d94d29b612fbe61b8bd11a2d10ba5d4ac7014fc0465c3f144598bd1f913343e7293711040eee0ae8df1e49f04ed1037d4b742aed0e932116060aaf6b985238d2e10fb5b11d19d7801befed4833287d96a85a7cdd9e211a672760335655576fc0fa0336621c2b2b1018ef71bb5077c67ee5fa8d479d6776013363e98b1f1213712be7e47549b6035459008c509f0f983130a451531381ee3c1ab9e1cbb8e558b56ca1a70939389addc5f9632b37ff3f634abb504bb0be0a51649683f6e29588c15cda40255e173328681884ffef6729e9058c5623e1401fdcc7b8cb5623a8fd725fbeea05fc417c44e46500619218dff7c70aa068994c58883cada505a2aa85b6620dfe9c45b707c9aa1222b86972eae564b28a05ddfa3545df231fde2707d4bf67dc6ba41daba91dee8081e5c7e2bcfbebebd42d5ab8a32d6e098fd57233e3b813dc0d772134775def451823b7fef2bc93da01722cd613b9a3db7e2d4c51fb7b56006ee9cea53b62343599a56167388d45247f9289fb1cab67a7cb0c3665ddf1e1411875b4de3428b32fc6603691a023d8e4cb93c667acb7b535fb5f77af9a49640cbe8ffe3a193cf4df1b556a67cb753c60bdf978b871aa513c07074c6602037ebc32199290e3c7ac6f103ad9358951ad4de0c8f1b34951b0e6a48295975cf08b2c3c95064855fc95317e386f1c18608d1d08699003c998b93332cd316f17a5139d350cbfa9dabc3f77c4197a0186e50913978e980a7a028e7ccdeee718af028200e94a6b3a0ec93ba14b0c64dfaf3967e230d8cf876f26287d436ebc9588b52b43f2380836bfe3"}}}}}, 0x0) poll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0) 2018/04/07 06:11:08 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)=@ipv4_deladdr={0x28, 0x15, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r1}, [@IFA_ADDRESS={0x8, 0x1, @local={0xac, 0x14, 0x14, 0xaa}}, @IFA_LOCAL={0x8, 0x2, @local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) syzkaller login: [ 44.110771] ip (3761) used greatest stack depth: 54888 bytes left [ 44.195116] ip (3768) used greatest stack depth: 54672 bytes left [ 44.689742] ip (3811) used greatest stack depth: 54408 bytes left [ 45.704898] ip (3911) used greatest stack depth: 53960 bytes left [ 47.713246] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.791752] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.800234] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.827980] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.850329] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.893387] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.049148] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.231453] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.411684] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.579842] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.620819] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.787425] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.819916] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.859421] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.082430] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.169694] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.175966] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.188569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.287994] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.294309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.306739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.333413] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.424295] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.430555] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.441620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.572355] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.578613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.591406] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.696366] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.702676] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.710262] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.729780] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.749505] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.786871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.827705] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.846474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.874694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.145954] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.152381] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.163873] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/07 06:11:25 executing program 6: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000eb3ff8), &(0x7f0000940000)=0x8) r2 = fcntl$dupfd(r0, 0x0, r0) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f00000000c0)={r1}, &(0x7f0000000100)=0x8) 2018/04/07 06:11:25 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x3b, &(0x7f00000000c0)="5780d0297b6ab6dbb320e11d1cd55545ff44b7f4e856afe8", 0x18) 2018/04/07 06:11:25 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f000001bfc8)={&(0x7f0000016000)={0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000021000)=@mpls_getroute={0x1c, 0x1a, 0x9, 0x0, 0x0, {0x1c}}, 0x1c}, 0x1}, 0x0) 2018/04/07 06:11:25 executing program 6: r0 = socket(0xa, 0x100000001, 0x0) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000001c0)={@empty, @mcast2={0xff, 0x2, [], 0x1}, @remote={0xfe, 0x80, [], 0xbb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x803ffdfb}) 2018/04/07 06:11:25 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x3b, &(0x7f00000000c0)="5780d0297b6ab6dbb320e11d1cd55545ff44b7f4e856afe8", 0x18) 2018/04/07 06:11:26 executing program 5: r0 = socket$inet(0x15, 0x400000080005, 0x0) bind$inet(r0, &(0x7f000001bff0)={0x2, 0x0, @loopback=0x7f000001}, 0x10) connect$inet(r0, &(0x7f000001a000)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}}, 0x10) sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000012000), 0x0, &(0x7f0000024fb8)=[{0x1}], 0x10}, 0x0) 2018/04/07 06:11:26 executing program 6: r0 = socket$inet(0x2, 0x4000000000000005, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'erspan0\x00', &(0x7f0000000000)=@ethtool_cmd={0x26, 0x100}}) 2018/04/07 06:11:26 executing program 1: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00006b9000)='/dev/sequencer\x00', 0x1, 0x0) write$sndseq(r0, &(0x7f00000000c0)=[{0x5, 0xf7, 0x0, 0x0, @time}], 0x30) 2018/04/07 06:11:26 executing program 0: mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(&(0x7f0000212ff8)='./file0\x00', &(0x7f000078eff8)='./file0\x00', &(0x7f0000982ff9)='mqueue\x00', 0x0, &(0x7f0000653fff)) r0 = creat(&(0x7f0000015ff4)='./file0/bus\x00', 0x0) mq_timedreceive(r0, &(0x7f0000000080)=""/89, 0x59, 0x0, 0x0) 2018/04/07 06:11:26 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x3b, &(0x7f00000000c0)="5780d0297b6ab6dbb320e11d1cd55545ff44b7f4e856afe8", 0x18) 2018/04/07 06:11:26 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_dccp(0xa, 0x6, 0x0) io_setup(0x8, &(0x7f00000000c0)=0x0) io_submit(r1, 0x1, &(0x7f0000000100)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000a00)='0', 0x1}]) 2018/04/07 06:11:26 executing program 6: r0 = syz_open_procfs(0x0, &(0x7f0000000180)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0185879, &(0x7f0000000040)={0x0, &(0x7f00000000c0)}) 2018/04/07 06:11:26 executing program 3: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0x70bd2a}, 0x10}, 0x1}, 0x0) 2018/04/07 06:11:26 executing program 1: mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(&(0x7f0000212ff8)='./file0\x00', &(0x7f000078eff8)='./file0\x00', &(0x7f0000982ff9)='mqueue\x00', 0x0, &(0x7f0000653fff)) umount2(&(0x7f0000000280)='./file0\x00', 0x4) creat(&(0x7f0000015ff4)='./file0/bus\x00', 0x0) 2018/04/07 06:11:26 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000028091f8cb9f0abfe967cc2337"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0xce, &(0x7f0000000180)=""/206}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0xf, 0x5, &(0x7f0000000040)=@framed={{0x18}, [@jmp={0x5, 0x0, 0x5}], {0x95}}, &(0x7f0000000200)='syzkaller\x00', 0x80000001, 0x228, &(0x7f0000000300)=""/187}, 0x48) 2018/04/07 06:11:26 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0xc812, r0, 0x0) r1 = socket$inet(0x15, 0x5, 0x0) getsockopt$inet_mreqn(r1, 0x114, 0x2710, &(0x7f0000000000)={@remote, @remote}, &(0x7f0000000040)=0xfee8) 2018/04/07 06:11:26 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f0000ca6000)={&(0x7f0000e05000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, @in=@local={0xac, 0x14, 0xffffffffffffffff, 0xaa}}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14}}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}]}, 0xa0}, 0x1}, 0x0) 2018/04/07 06:11:26 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0xc812, r0, 0x0) r1 = socket$inet(0x15, 0x5, 0x0) getsockopt$inet_mreqn(r1, 0x114, 0x2710, &(0x7f0000000000)={@remote, @remote}, &(0x7f0000000040)=0xfee8) 2018/04/07 06:11:26 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xe2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r0, 0x7, &(0x7f0000002000)={0x1}) fcntl$lock(r0, 0x7, &(0x7f00008c4000)={0x0, 0x0, 0xdb, 0xfffffffffffffffd}) 2018/04/07 06:11:26 executing program 6: ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(0xffffffffffffffff, 0xc0145401, &(0x7f0000000040)) syz_emit_ethernet(0x4a, &(0x7f00000000c0)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [], {@ipv6={0x86dd, {0x0, 0x6, "26b372", 0x14, 0x21, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, &(0x7f00000002c0)={0x0, 0x3, [0x0, 0xfffffffffffffffd]}) 2018/04/07 06:11:26 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x3b, &(0x7f00000000c0)="5780d0297b6ab6dbb320e11d1cd55545ff44b7f4e856afe8", 0x18) 2018/04/07 06:11:26 executing program 3: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc08c5114, &(0x7f0000c79fb0)) [ 59.937802] dccp_invalid_packet: P.Data Offset(68) too large 2018/04/07 06:11:27 executing program 3: r0 = syz_open_dev$tun(&(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={"64596df17c0e4200", 0x4000000000000401}) ioctl$TTUNGETFILTER(r0, 0x801054db, &(0x7f0000000000)=""/16) 2018/04/07 06:11:27 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x4c, &(0x7f0000000640), 0x4) 2018/04/07 06:11:27 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCXONC(r0, 0x540a, 0x0) ppoll(&(0x7f0000d35ff0)=[{r0}], 0x1, &(0x7f0000542ff0)={0x77359400}, &(0x7f0000ea3000), 0x8) ioctl$TCXONC(r0, 0x540a, 0x1) 2018/04/07 06:11:27 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x18, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x60}, 0x1}, 0x0) 2018/04/07 06:11:27 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f00009ff000)=@framed={{0x18}, [], {0x95}}, &(0x7f00002bf000)='syzkaller\x00', 0x4, 0x436, &(0x7f0000000040)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1000000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f000031aff8)={r0, r1}) sendmmsg(r2, &(0x7f0000008340)=[{{&(0x7f00000046c0)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}}, 0x80, &(0x7f0000004800)=[{&(0x7f00000047c0)="b4", 0x1}], 0x1}}, {{&(0x7f0000004840)=@pppoe={0x18, 0x0, {0x0, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], 'sit0\x00'}}, 0x80, &(0x7f00000049c0)=[{&(0x7f0000004980)='\b', 0x1}], 0x1, &(0x7f0000007b40)}}], 0x2, 0x0) 2018/04/07 06:11:27 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0xc812, r0, 0x0) r1 = socket$inet(0x15, 0x5, 0x0) getsockopt$inet_mreqn(r1, 0x114, 0x2710, &(0x7f0000000000)={@remote, @remote}, &(0x7f0000000040)=0xfee8) 2018/04/07 06:11:27 executing program 4: setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x3b, &(0x7f00000000c0)="5780d0297b6ab6dbb320e11d1cd55545ff44b7f4e856afe8", 0x18) 2018/04/07 06:11:27 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000ff0)={&(0x7f0000001ee8)={0x2, 0xe, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80}}}]}, 0x60}, 0x1}, 0x0) 2018/04/07 06:11:27 executing program 0: r0 = socket$kcm(0x29, 0x2, 0x0) sendmmsg(r0, &(0x7f0000002dc0)=[{{&(0x7f0000002040)=@can={0x1d}, 0x80, &(0x7f00000025c0)=[{&(0x7f0000002080)='h', 0x1}], 0x1, &(0x7f00000036c0)=ANY=[]}}, {{&(0x7f0000002680)=@can={0x1d}, 0x80, &(0x7f0000002800)=[{&(0x7f00000026c0)="b0", 0x1}], 0x1, &(0x7f0000002840)}}], 0x2, 0x0) close(r0) 2018/04/07 06:11:27 executing program 4: setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x3b, &(0x7f00000000c0)="5780d0297b6ab6dbb320e11d1cd55545ff44b7f4e856afe8", 0x18) 2018/04/07 06:11:27 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0xc812, r0, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x114, 0x2710, &(0x7f0000000000)={@remote, @remote}, &(0x7f0000000040)=0xfee8) 2018/04/07 06:11:27 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file1\x00', 0x0) write$cgroup_type(r1, &(0x7f0000000040)='threaded\x00', 0xffc5) fallocate(r1, 0x0, 0x0, 0x10003) write$tun(r1, &(0x7f0000000200)={@pi, @void, @mpls={[], @generic="1f3c48087d6d2151db2bc34764df413ecde954c6711ab06a8f50d17a3daf22bc8242281234481671196c221de86681700f1c96b009f9c633"}}, 0x3c) 2018/04/07 06:11:27 executing program 6: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001000)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r0, 0x6, &(0x7f000001d000)={0x0, 0x0, 0x0, 0x880}) fcntl$lock(r0, 0x6, &(0x7f0000000180)={0x1, 0x0, 0x1fe000000}) 2018/04/07 06:11:27 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000028fc8)={&(0x7f0000007ff4)={0x10}, 0xc, &(0x7f0000000040)={&(0x7f0000023000)={0x14, 0x20, 0xaff}, 0x14}, 0x1}, 0x0) 2018/04/07 06:11:27 executing program 4: setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x3b, &(0x7f00000000c0)="5780d0297b6ab6dbb320e11d1cd55545ff44b7f4e856afe8", 0x18) 2018/04/07 06:11:27 executing program 5: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xb, 0x40, 0xa9, 0xa37, 0x1, 0x1}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x12, &(0x7f0000000040)=@raw=[@jmp={0x5}, @alu, @alu, @map={0x18, 0x0, 0x1}, @exit={0x95}, @initr0={0x18}, @call={0x85}, @initr0={0x18}, @exit={0x95}], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x9e, &(0x7f0000000140)=""/158}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r0, &(0x7f0000000280)="ba", &(0x7f0000001440)}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000380)={r0, &(0x7f00000000c0)}, 0x10) 2018/04/07 06:11:27 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0xc812, r0, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x114, 0x2710, &(0x7f0000000000)={@remote, @remote}, &(0x7f0000000040)=0xfee8) 2018/04/07 06:11:27 executing program 0: setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000}, 0x10) r0 = socket(0x11, 0x4000000000080003, 0x0) sendmmsg(r0, &(0x7f0000003e80)=[{{&(0x7f0000000040)=@in6={0xa, 0x0, 0x3, @mcast1={0xff, 0x1, [], 0x1}}, 0x1c, &(0x7f0000000300), 0x0, &(0x7f0000000340)}}, {{&(0x7f0000000dc0)=@sco={0x1f}, 0x8, &(0x7f0000000e40), 0x0, &(0x7f00000012c0)}}], 0x2, 0x0) 2018/04/07 06:11:28 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x101d}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x7, 0x1f, 0x1, 0x0, 0x1}], {0x95}}, &(0x7f0000000000)='syzkaller\x00', 0x5c6e, 0xfb, &(0x7f00001a7f05)=""/251}, 0x48) 2018/04/07 06:11:28 executing program 1: io_setup(0xc8, &(0x7f000086a000)=0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) io_submit(r0, 0x1, &(0x7f00001b2000)=[&(0x7f0000a42fc0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f00000bcf3f)}]) io_getevents(r0, 0x0, 0x0, &(0x7f0000e72fe0), &(0x7f00009ca000)) 2018/04/07 06:11:28 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x1, &(0x7f0000000040)=0x0) dup3(r0, r1, 0x0) io_submit(r2, 0x1, &(0x7f00000000c0)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000200), 0x138}]) 2018/04/07 06:11:28 executing program 3: prctl$seccomp(0x2f, 0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)}) 2018/04/07 06:11:28 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) r1 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x1, &(0x7f0000000040)=0x0) dup3(r0, r1, 0x0) io_submit(r2, 0x1, &(0x7f00000000c0)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000200)}]) 2018/04/07 06:11:28 executing program 4: r0 = socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x3b, &(0x7f00000000c0)="5780d0297b6ab6dbb320e11d1cd55545ff44b7f4e856afe8", 0x18) 2018/04/07 06:11:28 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0xc812, r0, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x114, 0x2710, &(0x7f0000000000)={@remote, @remote}, &(0x7f0000000040)=0xfee8) 2018/04/07 06:11:28 executing program 0: r0 = socket$inet(0x2b, 0x1, 0x0) getsockopt$sock_buf(r0, 0x1, 0x1c, &(0x7f0000000280)=""/131, &(0x7f0000000200)=0x10) 2018/04/07 06:11:28 executing program 7: socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet(0x15, 0x5, 0x0) getsockopt$inet_mreqn(r0, 0x114, 0x2710, &(0x7f0000000000)={@remote, @remote}, &(0x7f0000000040)=0xfee8) 2018/04/07 06:11:28 executing program 3: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000909000/0x4000)=nil, 0x4000}, 0x1}) madvise(&(0x7f000090b000/0x3000)=nil, 0x3000, 0x4) 2018/04/07 06:11:28 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00004f7000)='d', 0x1) r1 = accept4$alg(r0, 0x0, 0x0, 0x800) sendmsg$key(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000946ff8)={&(0x7f00000000c0)={0x2, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, [@sadb_x_filter={0x0, 0x1a, @in6=@dev={0xfe, 0x80}, @in=@remote={0xac, 0x14, 0x14, 0xbb}}]}, 0xfffffdbe}, 0x1}, 0x0) 2018/04/07 06:11:28 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt(r0, 0x10e, 0xb, &(0x7f0000f67000), 0x2) 2018/04/07 06:11:28 executing program 0: r0 = open(&(0x7f000084aff8)='./file0\x00', 0x400000000060842, 0x0) fsetxattr(r0, &(0x7f0000095ff7)=@known='user.syz\x00', &(0x7f00009cc000)='\x00', 0x0, 0x0) getxattr(&(0x7f0000000000)='./file0\x00', &(0x7f00006caff7)=@known='user.syz\x00', &(0x7f000002e000), 0xc302a7a380fe1469) 2018/04/07 06:11:28 executing program 4: r0 = socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x3b, &(0x7f00000000c0)="5780d0297b6ab6dbb320e11d1cd55545ff44b7f4e856afe8", 0x18) 2018/04/07 06:11:28 executing program 6: r0 = socket$inet(0x2, 0x3, 0x800000800000001) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x6}, 0x2c) getsockopt$inet_mreqsrc(r0, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f0000000040)=0x28) 2018/04/07 06:11:28 executing program 5: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f0000010fdc)="2300000024009115460000000000001201000000000000270241000000000013007352", 0x23}], 0x1}, 0x0) 2018/04/07 06:11:28 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001000)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r0, 0x6, &(0x7f000001d000)={0x0, 0x0, 0x0, 0x880}) fcntl$lock(r0, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x1fe000000}) 2018/04/07 06:11:28 executing program 1: perf_event_open(&(0x7f0000b5a000)={0x4000000002, 0x78, 0x1e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='ns/ipc\x00') syz_open_procfs(0x0, &(0x7f0000000000)='ns/ipc\x00') 2018/04/07 06:11:28 executing program 7: socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet(0x15, 0x5, 0x0) getsockopt$inet_mreqn(r0, 0x114, 0x2710, &(0x7f0000000000)={@remote, @remote}, &(0x7f0000000040)=0xfee8) 2018/04/07 06:11:28 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x4000000000000087) io_setup(0x95, &(0x7f0000c6b000)=0x0) io_submit(r1, 0x1, &(0x7f0000356ff0)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000001ec0), 0xfffffda5}]) 2018/04/07 06:11:28 executing program 5: r0 = socket$inet(0x2, 0x3, 0x6) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000c40)=@raw={'raw\x00', 0x9, 0x3, 0x8, 0x108, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x230, 0xffffffff, 0xffffffff, 0x230, 0xffffffff, 0x3, &(0x7f0000000140), {[{{@uncond, 0x0, 0x3ea, 0x108, 0x0, {}, [@inet=@rpfilter={0x28, 'rpfilter\x00'}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz1\x00'}}}, {{@uncond, 0x0, 0xe8, 0x130, 0x0, {}, [@inet=@rpfilter={0x0, 'rpfilter\x00'}, @inet=@rpfilter={0x28, 'rpfilter\x00'}]}, @common=@inet=@LOG={0x0, 'LOG\x00', 0x0, {0x0, 0x0, "7416ebb33ec644872cc647d7aae9fd205b2a5d5dc4888937d3df603481e6"}}}], {{[], 0x0, 0xfffffffffffffdcb, 0x98}, {0xffffffffffffff5c, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x18) 2018/04/07 06:11:28 executing program 3: r0 = socket$inet(0x2, 0x4000000805, 0x0) perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet(r0, &(0x7f0000fa3fff)='\t', 0x1, 0x0, &(0x7f00006f7000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}}, 0x10) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000794ffc)=0x7, 0x4) 2018/04/07 06:11:28 executing program 6: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000040)='io.max\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB='8:4\r'], 0x4) 2018/04/07 06:11:28 executing program 7: socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet(0x15, 0x5, 0x0) getsockopt$inet_mreqn(r0, 0x114, 0x2710, &(0x7f0000000000)={@remote, @remote}, &(0x7f0000000040)=0xfee8) 2018/04/07 06:11:28 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000834ff3)='uid_map\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000200)=""/237, 0xed}], 0x1, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'lo\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r1, 0x8924, &(0x7f0000000200)={'bond0\x00', r2}) 2018/04/07 06:11:28 executing program 0: epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000032ff4)={0x70000010}) mprotect(&(0x7f0000032000/0x1000)=nil, 0x1000, 0x5) setitimer(0x0, &(0x7f0000032fe0)={{}, {0x0, 0x2710}}, 0x0) 2018/04/07 06:11:28 executing program 4: r0 = socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x3b, &(0x7f00000000c0)="5780d0297b6ab6dbb320e11d1cd55545ff44b7f4e856afe8", 0x18) 2018/04/07 06:11:28 executing program 5: r0 = socket(0xa, 0x6, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000034000)={0x0, {{0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}}}}, 0x88) getsockopt$inet6_buf(r0, 0x29, 0x10000000000030, &(0x7f0000034000)=""/144, &(0x7f0000000ffc)=0x90) 2018/04/07 06:11:28 executing program 3: r0 = socket$inet(0x2, 0x4000000805, 0x0) perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet(r0, &(0x7f0000fa3fff)='\t', 0x1, 0x0, &(0x7f00006f7000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}}, 0x10) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000794ffc)=0x7, 0x4) 2018/04/07 06:11:28 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='maps\x00') preadv(r0, &(0x7f0000000500)=[{&(0x7f0000000540)=""/248, 0xf8}], 0x1, 0x0) 2018/04/07 06:11:28 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000057fee)='/dev/input/event#\x00', 0xafd, 0x8000040000001) write$evdev(r0, &(0x7f00008c1fd0)=[{{}, 0x2}], 0x18) 2018/04/07 06:11:29 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x3b, &(0x7f00000000c0)="5780d0297b6ab6dbb320e11d1cd55545ff44b7f4e856afe8", 0x18) 2018/04/07 06:11:29 executing program 6: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f000045fff8)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) ptrace(0x4207, r1) ptrace$setregset(0x4205, r1, 0x1, &(0x7f00000002c0)={&(0x7f0000000000), 0xffffffa2}) 2018/04/07 06:11:29 executing program 1: r0 = socket$inet6(0xa, 0x80003, 0x2b) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x7}, 0x1c) sendmmsg(r0, &(0x7f0000000c40)=[{{0x0, 0x0, &(0x7f0000000500), 0x0, &(0x7f0000000000)}}, {{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000003740)="1bb6e2a674cc41e96fb2d732889138c2ee60a9042c461029ec4d496e55fba6015d08f690135abd7e1b1587c7e380e2cdca595c1e56b1635e6c3f4452d0fc84647fa6afd396794eae98f9b53151048a297d7342967496a01ea897592c9c1cd5faa71d619480fcd6688341f7b631dc0ca2ab25542bc28294faa3ef143b7bbec25610f60aa0f1ca4915111fe50c6ee18d4c71bdd469b2bef2d0653465a018c95edebc20cdd91d955ded39577099e011b882a1389ac990e3479db2f67154b4da2cf2ec5f20643afba767fd19861a63888d1a81646c9042f664d98d72254c94bfea2726fa6ac994a482080a8740282de5e80022e76904bc1f857b2fd041020ef3c5cf9f993c1ff73bfc56812f27796c39f31647fc2739b1e3deef088a423728183af747f99550b7c94489004fba6d0a5207d2943669fe7d5d8986e43a26d7598ef7a247441f1576547ade32191c04cc4efb6ce41d8999e136bc3aa0f2366f2d1c1b098c669e28692064fa5d61056bc04dba9b5019fa60c350e7e9025d6e1129242e37cd03472ccb214be37788fe1ecf3d209ffd1857fb01f653f202276c32bf73495a11521db00e6439adcd5593ee1f66bc9b0c78fd49da57625bf252629a2ae0dc5a08c6c41694917653a763d3dcc8740ad5b0ed08e08438a15b456d62f5da2f98bbf8b198abc5debcebc0b3995868510bb0eb5237d0f8f8224ce8d6238737a87f5f5d6255fcda93a288767b7b9a2a701b19fa19694b8f74ffbdb1fc81556a1abcd1acabba16381eb89ab8e3d1160e13d6ca3b172947ede0e1d9df26d156c073d94f3841113f46ca71b44615d7e15088239859317246786ce0fd0509a918dda7f91623c7c3fd6623202bec7724be0165de0a69356acb6f7a4a5047a6cf5a67664e17a446a90dbb80ce03ff892451920cf1f89129219dde2f80b723bbdbcf1a54a2a046acebee754fa4ecebb859be364a9dc7ce53e89246af82e14527822f0af46064b96d0d7d45b1c0e69dea099476378287805cf18699298c1a42bb9f4e9b8acb1bcbba8ef9abcd4db27b2a7ad1d6677c0a79cd1b4b69b7af211f2554b122c72fc7d1b92c556555e55ba4586f0399ef2a2198f72be6df2130547ee7d02f74566307781b7da34736dcfdd63816e5def8353d36183cfc0d9cf7460cdd2f66d5f93bfcc5a5e1bdeb70e9ec60204ffe3ba874fc37a245cd5ecb46a0858818e5d41658c33196516a8275c2622c2d831552d1be40124a0175e0451228b52fae4dd73c5d2503ff862294b3034a9f0114daad6e39e24d0d45276b4406b33e25617edf8aaf383db13f97f2580db2d040c0a71d15c186bdcf46cd25328a45de222886da5253292d6c7c51b3aaa9df434a93427cc490b17eb3ced0cd2d9bc2430bfb33b8a56f508bc789bda7e40c03a340d96f8cbc2ac83323b68fefffc050dae75d394520c28d5c967d2aafa2657d77b3137418de623c40cf0307acc7b1d8ae07f29ae4764a33e75c0dbf785674d7b851c498a47f2c13f581fc02dbe992216b392df11576b32defcec402dbc988b7faa53698b8e1a9274ffc75d9b50ebcd1c284a786a7bb08d15e8d9e20610154bc1c00224355ef2f53dc9ae1e0de8232745eae82ed2f0fa26aeccd613a9399dfcb0c8745bd60ae06993d2c467303768ce2707057d44e87be71245f4c8cf1ddf94dc81506b2060322086aaff7b804d35613bb7a599d4f162be44e81ccadf1455d76bc02e12aecb95cbd5e9737ebccfdfbf18613a4faa8cbdc34f828c189509c319a4c685c8d3fa99e007aad6468ec279b30bf7e10f4c32e5c70751e122cdf94ebac0933a59483e2e790e04429c3d93284aaa4f9e21d6879431ca94d4c49b86dad4ec2b79b68d167feca90d9e2a6e90470b69358a060226f9af8ce837aa8d0299c0d4be50a045991802dfa0a1a2dba8beba7dd4f56585fe8a87be07c52db2f9b69602931874176d1dda1c989737e419156d2a4ed30969ab8f6a86e593e2917ba7f09ac759361e5644dd98328ca6ed78adfeba93bee1bb69baacb3e1eea32e4ec62ed03c06f937cc383f6146a2daa57", 0x5b5}], 0x1, &(0x7f0000000a80)}}], 0x2, 0x0) 2018/04/07 06:11:29 executing program 7: mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0xc812, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x15, 0x5, 0x0) getsockopt$inet_mreqn(r0, 0x114, 0x2710, &(0x7f0000000000)={@remote, @remote}, &(0x7f0000000040)=0xfee8) 2018/04/07 06:11:29 executing program 5: mkdir(&(0x7f0000b17ff8)='./file0\x00', 0x0) r0 = open(&(0x7f0000aa0000)='./file0\x00', 0x0, 0x0) fcntl$dupfd(r0, 0x800000000402, 0xffffffffffffffff) r1 = openat(0xffffffffffffff9c, &(0x7f00004e2ff8)='./file0\x00', 0x0, 0x0) fcntl$dupfd(r1, 0x402, 0xffffffffffffffff) fcntl$notify(r0, 0x402, 0x4) 2018/04/07 06:11:29 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') fcntl$notify(r0, 0x402, 0xa) fchdir(r0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x200002, 0x0) 2018/04/07 06:11:29 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) r2 = open(&(0x7f00004b8ff8)='./file0\x00', 0x28042, 0x0) fallocate(r2, 0x0, 0x0, 0x40007) sendfile(r1, r2, &(0x7f0000ccb000), 0x3ff) 2018/04/07 06:11:29 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x3b, &(0x7f00000000c0)="5780d0297b6ab6dbb320e11d1cd55545ff44b7f4e856afe8", 0x18) 2018/04/07 06:11:29 executing program 0: mmap(&(0x7f0000000000/0xd25000)=nil, 0xd25000, 0x0, 0x32, 0xffffffffffffffff, 0x0) futex(&(0x7f0000001000), 0x8c, 0x1, &(0x7f0000000000), &(0x7f0000000040), 0x0) 2018/04/07 06:11:29 executing program 7: mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0xc812, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x15, 0x5, 0x0) getsockopt$inet_mreqn(r0, 0x114, 0x2710, &(0x7f0000000000)={@remote, @remote}, &(0x7f0000000040)=0xfee8) [ 62.330844] ================================================================== [ 62.338262] BUG: KMSAN: uninit-value in sha_transform+0x58ec/0x6320 [ 62.344666] CPU: 0 PID: 5351 Comm: syz-executor3 Not tainted 4.16.0+ #81 [ 62.351507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.360856] Call Trace: [ 62.363448] dump_stack+0x185/0x1d0 [ 62.367073] ? sha_transform+0x58ec/0x6320 [ 62.371305] kmsan_report+0x142/0x240 [ 62.375110] __msan_warning_32+0x6c/0xb0 [ 62.379167] sha_transform+0x58ec/0x6320 [ 62.383239] ? kernel_text_address+0x34d/0x3a0 [ 62.387828] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 62.393289] ? __msan_poison_alloca+0x15c/0x1d0 [ 62.398062] ? shash_ahash_finup+0x468/0xa30 [ 62.402475] crypto_sha1_finup+0x51c/0x600 [ 62.406808] ? crypto_hash_walk_first+0x210/0x380 [ 62.411653] ? shash_ahash_finup+0x5e/0xa30 [ 62.415975] ? shash_ahash_finup+0x3e8/0xa30 [ 62.420391] ? crypto_sha1_update+0x5b0/0x5b0 [ 62.424892] ? crypto_sha1_update+0x5b0/0x5b0 [ 62.429387] shash_ahash_finup+0x468/0xa30 [ 62.433628] shash_ahash_digest+0x5c6/0x600 [ 62.437953] shash_async_digest+0x11c/0x1b0 [ 62.442292] crypto_ahash_op+0x89a/0xc10 [ 62.446358] ? __kmalloc+0x23c/0x350 [ 62.450075] ? shash_async_finup+0x1b0/0x1b0 [ 62.454482] ? shash_async_finup+0x1b0/0x1b0 [ 62.458896] crypto_ahash_digest+0xe4/0x160 [ 62.463226] hash_sendpage+0xb40/0xe10 [ 62.467120] ? hash_recvmsg+0xd50/0xd50 [ 62.471097] sock_sendpage+0x1de/0x2c0 [ 62.474997] pipe_to_sendpage+0x31b/0x430 [ 62.479149] ? sock_fasync+0x2b0/0x2b0 [ 62.483047] ? propagate_umount+0x3a30/0x3a30 [ 62.487548] __splice_from_pipe+0x49a/0xf30 [ 62.491878] ? generic_splice_sendpage+0x2a0/0x2a0 [ 62.496817] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 62.502189] generic_splice_sendpage+0x1c6/0x2a0 [ 62.506961] ? iter_file_splice_write+0x1710/0x1710 [ 62.511970] ? iter_file_splice_write+0x1710/0x1710 [ 62.516988] direct_splice_actor+0x19b/0x200 [ 62.521379] splice_direct_to_actor+0x764/0x1040 [ 62.526113] ? do_splice_direct+0x540/0x540 [ 62.530416] ? security_file_permission+0x28f/0x4b0 [ 62.535413] ? rw_verify_area+0x35e/0x580 [ 62.539540] do_splice_direct+0x335/0x540 [ 62.543667] do_sendfile+0x1067/0x1e40 [ 62.547541] SYSC_sendfile64+0x1b3/0x300 [ 62.551671] SyS_sendfile64+0x64/0x90 [ 62.555452] do_syscall_64+0x309/0x430 [ 62.559318] ? SYSC_sendfile+0x320/0x320 [ 62.563378] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 62.568544] RIP: 0033:0x455259 [ 62.571708] RSP: 002b:00007f077615fc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 62.579391] RAX: ffffffffffffffda RBX: 00007f07761606d4 RCX: 0000000000455259 [ 62.586639] RDX: 0000000020ccb000 RSI: 0000000000000015 RDI: 0000000000000014 [ 62.593885] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 62.601130] R10: 00000000000003ff R11: 0000000000000246 R12: 00000000ffffffff [ 62.608376] R13: 00000000000004c6 R14: 00000000006fa330 R15: 0000000000000000 [ 62.615625] [ 62.617231] Uninit was created at: [ 62.620756] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 62.625749] kmsan_alloc_page+0x82/0xe0 [ 62.629700] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 62.634433] alloc_pages_vma+0xcc8/0x1800 [ 62.638557] shmem_alloc_and_acct_page+0x6d5/0x1000 [ 62.643548] shmem_getpage_gfp+0x35db/0x5770 [ 62.647932] shmem_fallocate+0xde2/0x1610 [ 62.652065] vfs_fallocate+0x9dc/0xde0 [ 62.655939] SYSC_fallocate+0x119/0x1d0 [ 62.659894] SyS_fallocate+0x64/0x90 [ 62.663584] do_syscall_64+0x309/0x430 [ 62.667449] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 62.672609] ================================================================== [ 62.679939] Disabling lock debugging due to kernel taint [ 62.685365] Kernel panic - not syncing: panic_on_warn set ... [ 62.685365] [ 62.692709] CPU: 0 PID: 5351 Comm: syz-executor3 Tainted: G B 4.16.0+ #81 [ 62.700826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.710162] Call Trace: [ 62.712734] dump_stack+0x185/0x1d0 [ 62.716337] panic+0x39d/0x940 [ 62.719516] ? sha_transform+0x58ec/0x6320 [ 62.723729] kmsan_report+0x238/0x240 [ 62.727506] __msan_warning_32+0x6c/0xb0 [ 62.731544] sha_transform+0x58ec/0x6320 [ 62.735601] ? kernel_text_address+0x34d/0x3a0 [ 62.740170] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 62.745600] ? __msan_poison_alloca+0x15c/0x1d0 [ 62.750247] ? shash_ahash_finup+0x468/0xa30 [ 62.754640] crypto_sha1_finup+0x51c/0x600 [ 62.758858] ? crypto_hash_walk_first+0x210/0x380 [ 62.763678] ? shash_ahash_finup+0x5e/0xa30 [ 62.767988] ? shash_ahash_finup+0x3e8/0xa30 [ 62.772387] ? crypto_sha1_update+0x5b0/0x5b0 [ 62.776862] ? crypto_sha1_update+0x5b0/0x5b0 [ 62.781336] shash_ahash_finup+0x468/0xa30 [ 62.785550] shash_ahash_digest+0x5c6/0x600 [ 62.789851] shash_async_digest+0x11c/0x1b0 [ 62.794153] crypto_ahash_op+0x89a/0xc10 [ 62.798192] ? __kmalloc+0x23c/0x350 [ 62.801882] ? shash_async_finup+0x1b0/0x1b0 [ 62.806277] ? shash_async_finup+0x1b0/0x1b0 [ 62.810663] crypto_ahash_digest+0xe4/0x160 [ 62.814963] hash_sendpage+0xb40/0xe10 [ 62.818830] ? hash_recvmsg+0xd50/0xd50 [ 62.822786] sock_sendpage+0x1de/0x2c0 [ 62.826658] pipe_to_sendpage+0x31b/0x430 [ 62.830784] ? sock_fasync+0x2b0/0x2b0 [ 62.834649] ? propagate_umount+0x3a30/0x3a30 [ 62.839130] __splice_from_pipe+0x49a/0xf30 [ 62.843430] ? generic_splice_sendpage+0x2a0/0x2a0 [ 62.848425] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 62.853767] generic_splice_sendpage+0x1c6/0x2a0 [ 62.858505] ? iter_file_splice_write+0x1710/0x1710 [ 62.863502] ? iter_file_splice_write+0x1710/0x1710 [ 62.868497] direct_splice_actor+0x19b/0x200 [ 62.872887] splice_direct_to_actor+0x764/0x1040 [ 62.877620] ? do_splice_direct+0x540/0x540 [ 62.881925] ? security_file_permission+0x28f/0x4b0 [ 62.886921] ? rw_verify_area+0x35e/0x580 [ 62.891062] do_splice_direct+0x335/0x540 [ 62.895191] do_sendfile+0x1067/0x1e40 [ 62.899068] SYSC_sendfile64+0x1b3/0x300 [ 62.903111] SyS_sendfile64+0x64/0x90 [ 62.906889] do_syscall_64+0x309/0x430 [ 62.910758] ? SYSC_sendfile+0x320/0x320 [ 62.914797] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 62.919962] RIP: 0033:0x455259 [ 62.923128] RSP: 002b:00007f077615fc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 62.930812] RAX: ffffffffffffffda RBX: 00007f07761606d4 RCX: 0000000000455259 [ 62.938246] RDX: 0000000020ccb000 RSI: 0000000000000015 RDI: 0000000000000014 [ 62.945495] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 62.952747] R10: 00000000000003ff R11: 0000000000000246 R12: 00000000ffffffff [ 62.960089] R13: 00000000000004c6 R14: 00000000006fa330 R15: 0000000000000000 [ 62.967828] Dumping ftrace buffer: [ 62.971342] (ftrace buffer empty) [ 62.975025] Kernel Offset: disabled [ 62.978626] Rebooting in 86400 seconds..