[....] Starting enhanced syslogd: rsyslogd[ 12.993448] audit: type=1400 audit(1516311408.025:5): avc: denied { syslog } for pid=3502 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.452099] audit: type=1400 audit(1516311414.483:6): avc: denied { map } for pid=3642 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.15.215' (ECDSA) to the list of known hosts. 2018/01/18 21:37:00 fuzzer started [ 25.661959] audit: type=1400 audit(1516311420.693:7): avc: denied { map } for pid=3653 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/01/18 21:37:00 dialing manager at 10.128.0.26:42219 [ 28.804945] can: request_module (can-proto-0) failed. [ 28.814188] can: request_module (can-proto-0) failed. 2018/01/18 21:37:04 kcov=true, comps=false 2018/01/18 21:37:05 executing program 7: openat$selinux_status(0xffffffffffffff9c, &(0x7f0000b73000-0x10)='/selinux/status\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = inotify_init1(0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000d22000-0xc)={0x0, 0x0, 0x0}, &(0x7f0000360000)=0xfffffd62) fcntl$setown(r0, 0x8, r1) fcntl$getownex(r0, 0x10, &(0x7f000000d000)={0x0, 0x0}) ptrace$setopts(0x4206, r2, 0x0, 0x0) ptrace(0x4207, r2) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000c0a000)="b47ae86c288a7c079b14d9a9c64aecdb0995899382dd9a192d7923f364") 2018/01/18 21:37:05 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000b9e000-0xb)='/dev/loop#\x00', 0x0, 0x0) mmap(&(0x7f000001a000/0x4000)=nil, 0x4000, 0x7, 0x0, r0, 0x0) 2018/01/18 21:37:05 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000003000+0xb03)={&(0x7f0000003000)={0x10, 0x34000, 0x0, 0x0}, 0xc, &(0x7f0000016000-0x10)={&(0x7f000000e000-0x1120)={0x20, 0x26, 0x829, 0xffffffffffffffff, 0xffffffffffffffff, {0x3, 0x0, 0x0}, [@nested={0xc, 0x0, [@typed={0x8, 0x1, @binary=""}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x0}, 0x0) 2018/01/18 21:37:05 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000796000)='./file0\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000944000)='./file0\x00', 0x1000000) 2018/01/18 21:37:05 executing program 6: mmap(&(0x7f0000000000/0x5c000)=nil, 0x5c000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000018000)={@multicast2=0xe0000002, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, 0x0, 0x0, []}, 0x3dc5) 2018/01/18 21:37:05 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000001000-0x1e)='/selinux/commit_pending_bools\x00', 0x1, 0x0) pwritev(r0, &(0x7f0000127000)=[{&(0x7f0000bb5000-0x9d)="83", 0x1}], 0x1, 0x7fffc) 2018/01/18 21:37:05 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x4, 0x4, 0x4, 0x9, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1c) openat$vcs(0xffffffffffffff9c, &(0x7f0000b63000)='/dev/vcs\x00', 0x0, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000a10000-0xb)='/dev/hwrng\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000028000)={r0, &(0x7f00004e6000-0x1)="", &(0x7f00003a4000-0x1)="16", 0x0}, 0x20) close(r0) [ 30.750477] audit: type=1400 audit(1516311425.782:8): avc: denied { map } for pid=3653 comm="syz-fuzzer" path="/root/syzkaller-shm369429590" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2018/01/18 21:37:05 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f000013f000)="1309") [ 30.793889] audit: type=1400 audit(1516311425.825:9): avc: denied { map } for pid=3698 comm="syz-executor6" path="/sys/kernel/debug/kcov" dev="debugfs" ino=78 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 31.268776] ip (3767) used greatest stack depth: 16304 bytes left [ 31.432808] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 32.090213] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 32.420981] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 32.625693] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 32.826612] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 32.903818] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 33.071942] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 33.265303] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 34.085110] audit: type=1400 audit(1516311429.115:10): avc: denied { sys_admin } for pid=3699 comm="syz-executor5" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2018/01/18 21:37:09 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000000)="fff8", 0x0) pwritev(r0, &(0x7f0000f5c000)=[], 0x10000000000002e2, 0x0) [ 34.175119] audit: type=1400 audit(1516311429.183:11): avc: denied { sys_chroot } for pid=4452 comm="syz-executor5" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2018/01/18 21:37:09 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x4, 0x4, 0x4, 0x9, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1c) 2018/01/18 21:37:09 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) io_setup(0x4, &(0x7f00003ff000)=0x0) [ 34.284257] audit: type=1400 audit(1516311429.311:12): avc: denied { map_create } for pid=4493 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 34.308371] audit: type=1400 audit(1516311429.312:13): avc: denied { map_read map_write } for pid=4493 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 2018/01/18 21:37:09 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000011000)='mountinfo\x00') readv(r0, &(0x7f0000b84000-0x8)=[{&(0x7f0000d1d000)=""/188, 0xbc}], 0x1) mount(&(0x7f00005a3000)='./file0\x00', &(0x7f000013c000)='.', &(0x7f0000a60000)='ramfs\x00', 0x0, &(0x7f0000d1d000-0x1)="d6") preadv(r0, &(0x7f00006a5000)=[{&(0x7f0000866000)=""/229, 0x30}], 0x1, 0x10000) 2018/01/18 21:37:09 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) listen(r0, 0x40000000000005) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000419000)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) [ 34.430325] audit: type=1400 audit(1516311429.448:14): avc: denied { dac_override } for pid=4522 comm="syz-executor5" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2018/01/18 21:37:09 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000b22000)='/dev/hwrng\x00', 0x103841, 0x0) [ 34.537232] audit: type=1400 audit(1516311429.540:15): avc: denied { name_bind } for pid=4541 comm="syz-executor5" src=20020 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 2018/01/18 21:37:09 executing program 5: mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x7, 0x44031, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000002f000-0x78)={0x0, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlock(&(0x7f0000281000/0x2000)=nil, 0x2000) prctl$seccomp(0x16, 0x0, &(0x7f000095e000-0x10)={0x0, &(0x7f0000626000)=[]}) openat(0xffffffffffffffff, &(0x7f0000066000)='./file0\x00', 0x0, 0x0) 2018/01/18 21:37:09 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000000)="fff8", 0x0) pwritev(r0, &(0x7f0000da4000-0x30)=[{&(0x7f0000c30000)="", 0x0}, {&(0x7f0000261000-0x2d)="f949eb6619437f57d3fab0a144af958081e7935a078b9f139b9dafe057832beb4aadf5a3e5b62c5288d47965504e1583c6bffae6b3f2d2a5f03f96d22d13e47a7f9db1803c8dbcfc09e51150be328707", 0x50}], 0x2, 0x0) [ 34.636053] audit: type=1400 audit(1516311429.540:16): avc: denied { node_bind } for pid=4541 comm="syz-executor5" saddr=::1 src=20020 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:node_t:s0 tclass=dccp_socket permissive=1 [ 34.709859] audit: type=1400 audit(1516311429.546:17): avc: denied { name_connect } for pid=4541 comm="syz-executor5" dest=20020 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 [ 34.979205] ptrace attach of "/root/syz-executor7"[4652] was attempted by "/root/syz-executor7"[4662] [ 35.027492] ptrace attach of "/root/syz-executor7"[4652] was attempted by "/root/syz-executor7"[4669] 2018/01/18 21:37:10 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000000)="fff8", 0x0) pwritev(r0, &(0x7f0000da4000-0x30)=[{&(0x7f0000167000)='\t', 0x1}], 0x1, 0x0) 2018/01/18 21:37:10 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f000000d000-0x10)="7461736b00be24c3ae8da23c921d0838") ioctl$TIOCMGET(r0, 0x5415, &(0x7f0000230000-0x4)=0x0) clock_gettime(0x0, &(0x7f0000874000-0x8)={0x0, 0x0}) futimesat(r0, &(0x7f000000c000)='./file0\x00', &(0x7f000000c000)={{r1, 0x0}, {0x0, 0x0}}) 2018/01/18 21:37:10 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f000097e000)={@loopback={0x0, 0x1}, 0x400, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0}, 0x20) 2018/01/18 21:37:10 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000ed2000-0x8)='./file0\x00', 0x0) mount(&(0x7f000000a000)='./file0\x00', &(0x7f0000027000-0x8)='./file0\x00', &(0x7f000000c000)='ramfs\x00', 0x3, &(0x7f000032e000)="") chdir(&(0x7f0000e3e000-0x8)='./file0\x00') rename(&(0x7f0000704000-0x8)='./file0\x00', &(0x7f0000fa7000-0x8)='./file0\x00') 2018/01/18 21:37:10 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000796000)='./file0\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000944000)='./file0\x00', 0x1000000) 2018/01/18 21:37:10 executing program 0: mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x3, 0x32, 0xffffffffffffffff, 0x0) io_setup(0x200, &(0x7f0000000000)=0x0) 2018/01/18 21:37:10 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000ea8000-0x10)='/dev/sequencer2\x00', 0x224000, 0x0) sendmsg$unix(r0, &(0x7f0000a40000-0x38)={&(0x7f00006d9000-0x8)=@abs={0x0, 0x0, 0xffffffffffffffff}, 0x8, &(0x7f0000fac000)=[], 0x0, &(0x7f00007c5000-0x88)=[], 0x0, 0x0}, 0x0) 2018/01/18 21:37:10 executing program 6: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$EVIOCGPROP(0xffffffffffffffff, 0x80404509, &(0x7f000011c000)=""/9) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000b9e000-0xb)='/dev/loop#\x00', 0x0, 0x4000000006) mmap(&(0x7f000001a000/0x4000)=nil, 0x4000, 0x7, 0x51, r0, 0x0) getresuid(&(0x7f0000a44000-0x4)=0x0, &(0x7f000001a000)=0x0, &(0x7f0000803000)=0x0) 2018/01/18 21:37:10 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000b22000-0x5)='keyring\x00', &(0x7f00001f1000)={0x73, 0x79, 0x7a, 0xffffffffffffffff, 0x0}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$restrict_keyring(0x1d, r0, &(0x7f000081b000-0x3)='.dead\x00', &(0x7f00007fb000)='GPL\x00') 2018/01/18 21:37:10 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) 2018/01/18 21:37:10 executing program 3: 2018/01/18 21:37:10 executing program 7: mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x0, 0x44031, 0xffffffffffffffff, 0x0) 2018/01/18 21:37:10 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000a0000-0x1)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000019000-0x8)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) vmsplice(r0, &(0x7f0000a44000)=[{&(0x7f0000a39000-0xd2)="b2", 0x1}], 0x1, 0x0) mremap(&(0x7f0000ba3000/0x3000)=nil, 0x3000, 0x2000, 0x0, &(0x7f0000b45000/0x2000)=nil) madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) 2018/01/18 21:37:10 executing program 6: 2018/01/18 21:37:10 executing program 3: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000056000-0xc)={0x0, 0x0, 0x0}, &(0x7f0000717000)=0xc) syz_open_procfs(r0, &(0x7f000050b000-0x1a)="7e65740024eef0eaa6f1032ce2578aa27d445b40e5f5a1fb149c") 2018/01/18 21:37:10 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000f8c000)='/dev/ptmx\x00', 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x4, 0x4, 0x4, 0x9, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1c) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000)=0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000028000)={r0, &(0x7f00004e6000-0x1)="", &(0x7f00003a4000-0x1)="16", 0x0}, 0x20) 2018/01/18 21:37:10 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f000073f000)="74086e750000000000000000008c00", 0x0) pwritev(r0, &(0x7f0000f51000-0x70)=[{&(0x7f000019a000)="aa", 0x1}], 0x1, 0x59) 2018/01/18 21:37:10 executing program 2: 2018/01/18 21:37:10 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f000095d000-0x4)=0x0, 0x2ea) 2018/01/18 21:37:10 executing program 2: 2018/01/18 21:37:10 executing program 6: 2018/01/18 21:37:10 executing program 4: 2018/01/18 21:37:10 executing program 7: 2018/01/18 21:37:10 executing program 3: 2018/01/18 21:37:10 executing program 6: 2018/01/18 21:37:10 executing program 2: 2018/01/18 21:37:10 executing program 1: 2018/01/18 21:37:10 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000a0000-0x1)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000019000-0x8)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) vmsplice(r0, &(0x7f0000a44000)=[{&(0x7f0000a39000-0xd2)="b2", 0x1}], 0x1, 0x0) mremap(&(0x7f0000ba3000/0x3000)=nil, 0x3000, 0x2000, 0x0, &(0x7f0000b45000/0x2000)=nil) madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) 2018/01/18 21:37:10 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000f8c000)='/dev/ptmx\x00', 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x4, 0x4, 0x4, 0x9, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1c) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000)=0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000028000)={r0, &(0x7f00004e6000-0x1)="", &(0x7f00003a4000-0x1)="16", 0x0}, 0x20) 2018/01/18 21:37:10 executing program 3: 2018/01/18 21:37:10 executing program 4: 2018/01/18 21:37:10 executing program 2: 2018/01/18 21:37:10 executing program 7: 2018/01/18 21:37:10 executing program 6: 2018/01/18 21:37:10 executing program 1: 2018/01/18 21:37:10 executing program 7: 2018/01/18 21:37:10 executing program 6: 2018/01/18 21:37:10 executing program 4: 2018/01/18 21:37:10 executing program 1: 2018/01/18 21:37:10 executing program 3: 2018/01/18 21:37:10 executing program 5: 2018/01/18 21:37:10 executing program 2: 2018/01/18 21:37:10 executing program 0: 2018/01/18 21:37:10 executing program 0: 2018/01/18 21:37:10 executing program 1: 2018/01/18 21:37:10 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000cba000-0x4)=0x0, 0x4) bind$inet(r0, &(0x7f0000c17000-0x10)={0x2, 0x1, @multicast1=0xe0000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) sendto$inet(r0, &(0x7f0000fa1000-0x1)="", 0xffffffffffffff41, 0x20020003, &(0x7f0000386000-0x10)={0x2, 0x1, @loopback=0x7f000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) 2018/01/18 21:37:10 executing program 7: 2018/01/18 21:37:10 executing program 4: 2018/01/18 21:37:10 executing program 6: 2018/01/18 21:37:10 executing program 5: 2018/01/18 21:37:10 executing program 3: 2018/01/18 21:37:10 executing program 1: 2018/01/18 21:37:10 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000614000)="74756e08000000000000008000000000", 0x0) pwritev(r0, &(0x7f00000a4000-0x10)=[{&(0x7f000079e000-0x200)="b5", 0x1}], 0x1, 0x0) 2018/01/18 21:37:10 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000ab8000-0x1000)="", 0x0, 0x0, &(0x7f0000111000-0x1c)={0xa, 0xffffffffffffffff, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0xaa}, 0x0}, 0x1c) sendto$inet6(0xffffffffffffffff, &(0x7f0000ab0000-0xf7)="", 0x0, 0x0, &(0x7f0000abf000)={0xa, 0xffffffffffffffff, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) perf_event_open(&(0x7f0000271000)={0x2, 0x78, 0x47, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mq_open(&(0x7f00009c5000-0x21)='proc\'cpusetkeyringppp0cpuset!em0\x00', 0x0, 0x0, &(0x7f0000027000-0x40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) perf_event_open(&(0x7f0000271000)={0x0, 0x78, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$unix(0x1, 0x40000000000001, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f00000b0000-0xc)=@file={0x1, "e91f7189591e9233614b"}, 0xc) listen(r1, 0x2b) connect$unix(r0, &(0x7f0000fd2000)=@file={0x1, "e91f7189591e9233614b"}, 0xc) 2018/01/18 21:37:10 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000271000)={0x2, 0x78, 0x47, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000271000)={0x0, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f00000b0000-0xc)=@file={0x1, "e91f7189591e9233614b"}, 0xc) listen(r0, 0x2b) 2018/01/18 21:37:10 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000271000)={0x2, 0x78, 0x47, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000fd7000)=0x75) 2018/01/18 21:37:10 executing program 6: mmap(&(0x7f0000000000/0xe76000)=nil, 0xe76000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r0, &(0x7f00005fb000-0x2e)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0xffffffffffffffff, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x4, 0x0, 0x0, 0x0}}, 0x2e) sendmsg$nl_crypto(r0, &(0x7f0000380000-0x38)={&(0x7f00009dd000)={0x10, 0x0, 0x0, 0x0}, 0xc, &(0x7f00002cf000-0x10)={&(0x7f000097b000)=@delrng={0x10, 0x14, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, "", []}, 0xfff1}, 0x1, 0x0, 0x0, 0x0}, 0x0) 2018/01/18 21:37:10 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00008ad000)='mounts\x00') readv(r0, &(0x7f0000f3e000-0x50)=[{&(0x7f000047d000)=""/105, 0x69}], 0x1) readv(r0, &(0x7f0000dd2000)=[{&(0x7f0000512000)=""/238, 0xee}], 0x1) 2018/01/18 21:37:10 executing program 1: socket$inet6_sctp(0xa, 0x0, 0x84) 2018/01/18 21:37:10 executing program 7: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) utimes(&(0x7f0000001000-0x8)='./file0\x00', &(0x7f0000ea4000-0x20)={{0x77359400, 0x0}, {0x0, 0x0}}) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000d48000)='/dev/sg#\x00', 0x1fffffffffe, 0xb0041) readlink(&(0x7f000017f000)='./file0\x00', &(0x7f0000d4e000)=""/142, 0x8e) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r0) socketpair$inet_icmp(0x2, 0x2, 0x1, &(0x7f0000ee1000)={0x0, 0x0}) r1 = syz_open_procfs(0x0, &(0x7f0000a9d000)='net/netlink\x00') readv(r1, &(0x7f0000aa3000-0x50)=[{&(0x7f00005ef000)=""/4096, 0x1000}], 0x1) syz_open_dev$sg(&(0x7f000015a000)='/dev/sg#\x00', 0x6d27, 0x101000) set_robust_list(&(0x7f000041a000-0x18)={&(0x7f0000a7b000/0x1000)=nil, 0x1, &(0x7f0000f89000/0x2000)=nil}, 0xfffffd56) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) pipe(&(0x7f0000d29000)={0x0, 0x0}) fsync(r1) getsockopt$inet_tcp_int(r2, 0x6, 0x1f, &(0x7f0000be7000-0x4)=0x0, &(0x7f00007b0000-0x4)=0x4) r3 = socket(0x10, 0x3, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f000036b000)={0x8001, 0x0, 0x0}, 0x4) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000f46000)='/selinux/member\x00', 0x2, 0x0) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000fa4000)={0x1, &(0x7f0000f96000-0x10)=[{0x6, 0x0, 0x0, 0x0}]}, 0x10) write(r3, &(0x7f000008e000-0x26)="26000000130047f10701c1b00e000000000000000100000009ef18ffff00f132050014006e35", 0x26) 2018/01/18 21:37:10 executing program 2: 2018/01/18 21:37:10 executing program 5: mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f00006e0000-0xa)='attr/prev\x00') 2018/01/18 21:37:10 executing program 4: 2018/01/18 21:37:10 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000058000)={0x1, {{0xa, 0xffffffffffffffff, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1}, 0x0}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000e70000-0x510)={0x1, {{0xa, 0xffffffffffffffff, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1}, 0x0}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0, 0x2, [{{0xa, 0xffffffffffffffff, 0x0, @loopback={0x0, 0x1}, 0x0}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, {{0xa, 0xffffffffffffffff, 0x0, @loopback={0x0, 0x1}, 0x0}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, 0x190) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00008ee000-0x310)={0x1, {{0xa, 0xffffffffffffffff, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1}, 0x0}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0, 0x0, []}, 0x90) 2018/01/18 21:37:10 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000271000)={0x100000002, 0x78, 0x48, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) flock(r0, 0x2) 2018/01/18 21:37:10 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x88200, 0xa) creat(&(0x7f0000368000)='./file0\x00', 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000ab8000-0x1000)="", 0x0, 0x0, &(0x7f0000111000-0x1c)={0xa, 0xffffffffffffffff, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0xaa}, 0x0}, 0x1c) perf_event_open(&(0x7f0000271000)={0x2, 0x78, 0x47, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mq_open(&(0x7f00009c5000-0x21)='proc\'cpusetkeyringppp0cpuset!em0\x00', 0x0, 0x0, &(0x7f0000027000-0x40)={0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0}) r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f00000b0000-0xc)=@file={0x1, "e91f7189591e9233614b"}, 0xc) 2018/01/18 21:37:10 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00002fd000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000ae5000)=@ioapic={0x2, 0x0, 0x0, 0x0, 0x0, [{0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}]}) [ 35.714106] IPv4: Oversized IP packet from 127.0.0.1 2018/01/18 21:37:10 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) syz_open_dev$usbmon(&(0x7f00002d9000)='/dev/usbmon#\x00', 0x7, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f000030f000-0x12)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c80, 0x0) syz_open_procfs(0x0, &(0x7f0000329000+0xff2)='net/ip6_mr_cache\x00') 2018/01/18 21:37:10 executing program 2: socket$inet6_sctp(0xa, 0x1, 0x84) 2018/01/18 21:37:10 executing program 3: mmap(&(0x7f0000000000/0xe76000)=nil, 0xe76000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f00005fb000-0x2e)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x1, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x4, 0x0, 0x2, 0x0}}, 0x2e) sendmsg$nl_crypto(r1, &(0x7f0000380000-0x38)={&(0x7f00009dd000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00002cf000-0x10)={&(0x7f000097b000)=@delrng={0x10, 0x14, 0x200, 0x1, 0x3, "", []}, 0xfff1}, 0x1, 0x0, 0x0, 0x8820}, 0x81) 2018/01/18 21:37:10 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0xe, &(0x7f0000683000)={@dev={[0xaa, 0xaa, 0xaa, 0xaa], 0xffffffffffffffff, 0x0}, @random="080028000006", [], {@generic={0x6558, ""}}}, &(0x7f0000a2f000)={0x0, 0x0, []}) 2018/01/18 21:37:10 executing program 6: mmap(&(0x7f0000000000/0xe76000)=nil, 0xe76000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r0, &(0x7f00005fb000-0x2e)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0xffffffffffffffff, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x4, 0x0, 0x0, 0x0}}, 0x2e) sendmsg$nl_crypto(r0, &(0x7f0000380000-0x38)={&(0x7f00009dd000)={0x10, 0x0, 0x0, 0x0}, 0xc, &(0x7f00002cf000-0x10)={&(0x7f000097b000)=@delrng={0x10, 0x14, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, "", []}, 0xfff1}, 0x1, 0x0, 0x0, 0x0}, 0x0) 2018/01/18 21:37:10 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00002fd000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000ae5000)=@ioapic={0x2, 0x0, 0x0, 0x0, 0x0, [{0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}]}) 2018/01/18 21:37:10 executing program 0: mmap(&(0x7f0000000000/0xe76000)=nil, 0xe76000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r0, &(0x7f00005fb000-0x2e)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0xffffffffffffffff, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x4, 0x0, 0x0, 0x0}}, 0x2e) sendmsg$nl_crypto(r0, &(0x7f0000380000-0x38)={&(0x7f00009dd000)={0x10, 0x0, 0x0, 0x0}, 0xc, &(0x7f00002cf000-0x10)={&(0x7f000097b000)=@delrng={0x10, 0x14, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, "", []}, 0xfff1}, 0x1, 0x0, 0x0, 0x0}, 0x0) 2018/01/18 21:37:10 executing program 4: mmap(&(0x7f0000000000/0x1b000)=nil, 0x1b000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f000001b000-0xb)='/dev/loop#\x00', 0xfffffffffffffffe, 0x8002) ioctl(r0, 0x440000000000127d, &(0x7f0000018000-0x1)="") 2018/01/18 21:37:10 executing program 7: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) utimes(&(0x7f0000001000-0x8)='./file0\x00', &(0x7f0000ea4000-0x20)={{0x77359400, 0x0}, {0x0, 0x0}}) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000d48000)='/dev/sg#\x00', 0x1fffffffffe, 0xb0041) readlink(&(0x7f000017f000)='./file0\x00', &(0x7f0000d4e000)=""/142, 0x8e) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r0) socketpair$inet_icmp(0x2, 0x2, 0x1, &(0x7f0000ee1000)={0x0, 0x0}) r1 = syz_open_procfs(0x0, &(0x7f0000a9d000)='net/netlink\x00') readv(r1, &(0x7f0000aa3000-0x50)=[{&(0x7f00005ef000)=""/4096, 0x1000}], 0x1) syz_open_dev$sg(&(0x7f000015a000)='/dev/sg#\x00', 0x6d27, 0x101000) set_robust_list(&(0x7f000041a000-0x18)={&(0x7f0000a7b000/0x1000)=nil, 0x1, &(0x7f0000f89000/0x2000)=nil}, 0xfffffd56) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) pipe(&(0x7f0000d29000)={0x0, 0x0}) fsync(r1) getsockopt$inet_tcp_int(r2, 0x6, 0x1f, &(0x7f0000be7000-0x4)=0x0, &(0x7f00007b0000-0x4)=0x4) r3 = socket(0x10, 0x3, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f000036b000)={0x8001, 0x0, 0x0}, 0x4) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000f46000)='/selinux/member\x00', 0x2, 0x0) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000fa4000)={0x1, &(0x7f0000f96000-0x10)=[{0x6, 0x0, 0x0, 0x0}]}, 0x10) write(r3, &(0x7f000008e000-0x26)="26000000130047f10701c1b00e000000000000000100000009ef18ffff00f132050014006e35", 0x26) [ 35.788692] kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu 2018/01/18 21:37:10 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00002fd000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000ae5000)=@ioapic={0x2, 0x0, 0x0, 0x0, 0x0, [{0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}]}) 2018/01/18 21:37:10 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000afe000-0x9)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000ae5000)=@ioapic={0x2, 0x0, 0x0, 0x0, 0x0, [{0x0, 0x3, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x81, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0], 0x0}]}) 2018/01/18 21:37:10 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, &(0x7f0000eea000-0x1f4)="b2", 0x1, 0x0, &(0x7f0000aa9000)={0xa, 0xffffffffffffffff, 0x0, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0xbb}, 0x2}, 0x1c) listen(r0, 0xfffffffffffffff9) accept4$inet(r0, &(0x7f0000ee5000-0x10)={0x0, 0xffffffffffffffff, @empty=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000573000+0xddc)=0x67f9d12aa0333333, 0x0) 2018/01/18 21:37:10 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000271000)={0x2, 0x78, 0x47, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x802, 0x0) write(r0, &(0x7f0000fd8000)="240000001a0025c0f56bb4040000001d020b00ff000000e500000000060002007fff00b7", 0x24) [ 35.859381] IPv4: Oversized IP packet from 127.0.0.1 [ 35.871600] IPv4: Oversized IP packet from 127.0.0.1 2018/01/18 21:37:10 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) creat(&(0x7f0000368000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000271000)={0x2, 0x78, 0x47, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000fd7000)=0x0) mount(&(0x7f0000018000)='./file0\x00', &(0x7f0000027000)='./file0\x00', &(0x7f0000019000-0x6)='ramfs\x00', 0x0, &(0x7f000000a000)="") 2018/01/18 21:37:10 executing program 2: 2018/01/18 21:37:10 executing program 0: 2018/01/18 21:37:10 executing program 3: 2018/01/18 21:37:11 executing program 3: 2018/01/18 21:37:11 executing program 2: 2018/01/18 21:37:11 executing program 0: mmap(&(0x7f0000000000/0xf7b000)=nil, 0xf7b000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000f78000)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(cast6)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00001ec000)="0a0775b0d5e383e5b3b60ced5c54dbb7", 0x10) 2018/01/18 21:37:11 executing program 7: mmap(&(0x7f0000000000/0xe76000)=nil, 0xe76000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r0, &(0x7f00005fb000-0x2e)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0xffffffffffffffff, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x4, 0x0, 0x0, 0x0}}, 0x2e) 2018/01/18 21:37:11 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000271000)={0x2, 0x78, 0x47, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000fd7000)=0x0) mkdir(&(0x7f0000639000)='./file0\x00', 0x0) mount(&(0x7f0000018000)='./file0\x00', &(0x7f0000027000)='./file0\x00', &(0x7f0000019000-0x6)='ramfs\x00', 0x0, &(0x7f000000a000)="") creat(&(0x7f000068e000-0x8)='./file0\x00', 0x0) 2018/01/18 21:37:11 executing program 2: 2018/01/18 21:37:11 executing program 3: [ 35.950345] netlink: 'syz-executor4': attribute type 2 has an invalid length. 2018/01/18 21:37:11 executing program 4: 2018/01/18 21:37:11 executing program 6: 2018/01/18 21:37:11 executing program 4: 2018/01/18 21:37:11 executing program 7: 2018/01/18 21:37:11 executing program 0: 2018/01/18 21:37:11 executing program 1: 2018/01/18 21:37:11 executing program 5: 2018/01/18 21:37:11 executing program 3: 2018/01/18 21:37:11 executing program 2: 2018/01/18 21:37:11 executing program 2: 2018/01/18 21:37:11 executing program 5: 2018/01/18 21:37:11 executing program 3: 2018/01/18 21:37:11 executing program 7: 2018/01/18 21:37:11 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000001000-0x1e)='/selinux/commit_pending_bools\x00', 0x1, 0x0) pwritev(r0, &(0x7f0000127000)=[{&(0x7f0000bb5000-0x9d)="83", 0x1}], 0x1, 0x0) 2018/01/18 21:37:11 executing program 6: 2018/01/18 21:37:11 executing program 7: 2018/01/18 21:37:11 executing program 4: 2018/01/18 21:37:11 executing program 3: 2018/01/18 21:37:11 executing program 0: 2018/01/18 21:37:11 executing program 5: 2018/01/18 21:37:11 executing program 2: 2018/01/18 21:37:11 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000182000-0x9)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000507000)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, [0x0, 0x0, 0x0]}, {0x0, 0x0, [0x0, 0x0, 0x0]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0]}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000df8000/0x18000)=nil, &(0x7f0000de0000)=[@text32={0x20, &(0x7f00001a2000)="c4e3596829c0ea2b52000008010f300f00d7642e0f01df0f9050c8b926090000b885000000ba000000000f30b805000000b98000c0fe0f01d9c4c37d194a0449660f72f3fb", 0x45}], 0x1, 0x0, &(0x7f0000817000)=[], 0x0) 2018/01/18 21:37:11 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x5, 0x4, 0x4, 0x9, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) 2018/01/18 21:37:11 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x6, 0x0) ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f0000242000)=@get={0x1, &(0x7f00003ce000)=""/187, 0x4}) 2018/01/18 21:37:11 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000000)="fff8", 0x0) pwritev(r0, &(0x7f0000127000)=[{&(0x7f0000bb5000-0x9d)="83f2732503", 0x5}, {&(0x7f0000497000)="", 0x0}], 0x2, 0x7fffc) 2018/01/18 21:37:11 executing program 7: r0 = socket$inet6(0xa, 0x100000000000002, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) listen(r0, 0x1) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000000)={0x0}, &(0x7f0000000000)=0x4) setsockopt$inet6_buf(r0, 0x29, 0x20, &(0x7f0000003000-0xbd)="2ee9877d580ad32fd7906bb6af1000e4cd9781039daf1d4c619c10da5f9f37f69f", 0x21) 2018/01/18 21:37:11 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f000047e000-0x11)='/dev/vga_arbiter\x00', 0x48080, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000700000)={{{@in6=@loopback={0x0, 0x0}, @in6=@empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0}, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, {{@in=@remote={0x0, 0x0, 0xffffffffffffffff, 0x0}, 0xffffffffffffffff, 0x0}, 0x0, @in=@multicast2=0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, &(0x7f000085f000-0x4)=0xe8) setsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000759000-0xc)={r1, @rand_addr=0x3, @dev={0xac, 0x14, 0x0, 0xc}}, 0xc) r2 = add_key(&(0x7f0000963000-0x5)='user\x00', &(0x7f0000ad8000-0x5)={0x73, 0x79, 0x7a, 0x0, 0x0}, &(0x7f0000461000-0x6e)="e9", 0x1, 0xfffffffffffffffe) socketpair$inet(0x2, 0x3, 0x8001, &(0x7f0000746000)={0x0, 0x0}) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000e96000-0xe8)={{{@in=@broadcast=0x0, @in=@multicast2=0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0}, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, {{@in6=@mcast1={0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0}, 0xffffffffffffffff, 0x0}, 0x0, @in=@rand_addr=0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, &(0x7f0000896000+0x1e4)=0xe8) setsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f000035a000)={{{@in=@broadcast=0xffffffff, @in6=@loopback={0x0, 0x1}, 0x0, 0x7, 0x1, 0x7fff, 0xa, 0x80, 0x20, 0x7f, 0x0, r4}, {0x1, 0x86, 0x2332, 0x5, 0x6, 0x0, 0x80000001, 0xffffffffffffffc1}, {0x6, 0x5, 0x0, 0x10001}, 0x5a4e0fd1, 0x7, 0x1, 0x0, 0x1, 0x1}, {{@in=@dev={0xac, 0x14, 0x0, 0x15}, 0x0, 0x6c}, 0x2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1}, 0x4, 0x2, 0x2, 0x8e, 0x9, 0x1, 0xffffffffa818c5dc}}, 0xe8) keyctl$get_persistent(0x16, 0x0, r2) 2018/01/18 21:37:11 executing program 2: mmap(&(0x7f0000000000/0x20000)=nil, 0x20000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000016000-0xd)='/dev/usbmon#\x00', 0x9, 0x40000) mmap(&(0x7f0000020000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000020000)={&(0x7f000000f000-0x8)=[0xfffffffffffffff9, 0x631], 0x2, 0x6, 0x0, 0xc4, 0x9, 0x7, {0xfffffffffffffe01, 0x2119387a, 0x5, 0x80000001, 0xee03, 0x2, 0x2, 0xfffffffffffff800, 0x8, 0x5, 0x1, 0x7993, 0x0, 0x2, "220ebf27c8c3c62e896829faf10629e6434aeb2d0a0643b0c82fbf69f2c34ec2"}}) mmap(&(0x7f0000020000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) stat(&(0x7f0000007000-0x8)='./file0\x00', &(0x7f0000021000-0x44)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioprio_get$uid(0x3, r1) mmap(&(0x7f0000021000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r2 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000021000)='/selinux/mls\x00', 0x0, 0x0) ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f000000f000-0x5b)=""/91) r3 = syz_open_dev$evdev(&(0x7f000001e000+0x46)='/dev/input/event#\x00', 0x0, 0x0) mmap(&(0x7f0000022000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r2, 0x84, 0x15, &(0x7f0000009000-0x1)={0x2}, 0x1) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f000000b000-0x20)={@ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [0xff, 0xff], @remote={0xac, 0x14, 0x0, 0xbb}}, 0x0, 0x0, 0x0, 0x1, 0x80000000, 0x2, 0x400}, &(0x7f0000022000)=0x20) ioctl$EVIOCGMASK(r3, 0x80104592, &(0x7f0000003000)={0x0, 0xffffffffffffff7f, &(0x7f000001e000-0x1)=""}) 2018/01/18 21:37:11 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = add_key(&(0x7f0000147000-0x8)='big_key\x00', &(0x7f0000b2b000)={0x73, 0x79, 0x7a, 0xffffffffffffffff, 0x0}, &(0x7f00005ee000)="da602df744320a89af9d87b98d4b67a901ef3265579c01c8b24b00d84a50f97f9d4ea5d11fe92156a7da53f48f184bc69e3364a8a8eae6f431f5f12f15f23ea7abb403c65af037ab47c9b8aaa87da885bfd2e33dc42fe66378a4b0d29dc93f4156f64e3d83568b973ef0184d2dd4c0b21b5c25819cdcba7c709bdd7a5f9472b608bd2ee2583b452fb746843553a8837fbb698d7fecf8f521a69b5099927e728ec16510fd4781dff40e3aa854d0fb0a365a68449917b81bcfa207dc8a1bb16679fb1fb74eb9a83214dc416afa163ab79cea4c757ac0e0c461bf708c52dda38e187b05b202cdaccd4312f735761982692c0d49f59fde0a66ad5339b130edfc65db6299b4edc9dce620c67526cb5cb1739d2be456d640ce84b0c6e84e3adb5ddc6b386547c6513ee5385d83de03d2b74e8650f894da721f6c5658cb5710f3528e49efd563b10d26d0628cee8c10425acbb24bd7a519a57b6f681d488b9ae24b309e4797de553efa9de4ab304f709ccb2e9c501f516631fa4c8d52dc6017109a3d50bcf7c50b2d7b5928609f530e7bbb2c46b1c6eba2b1ae901c29627e5f0f59f235d271e0897591a309f22e5884553f5b083f84c2ab8fc9abb267eaa8917bc76686f93dac9c6b7d94c3ae71bdadcbc541afc6912a7eef2a5a119d2bb60576dab3c8e7083f7cb81133e464bc381b64ef3d54e3765c920efc33b9664f6d2ee542bae75fcee3c60eb1fa4031e827eeb7c44b89e71640e6196e43d88a53e7a72942a892ba4f8e4b9bdc126d6d5f78a37483d597139348ce84a9994f6eb72b19ff74d045d45dd341234839322574a249793caf6b7325da40f373ce2df288d080134f0da61379ceea4baf051e06a40118e64af4318d7afc35f13fc24f30ac0999c0954acceaf6f1714f5351f368a6d1f02f5b60db8421a06df614708b1e51ce6801ba62d7fbb58c4693e95ad8e6e10d27ddb7deb207b6afa5b95bf51bada200f54d9481b2ff8dc246021b61eaa38037d6653c7a81e31fbe487826fa055e8beb1d423e7b4a6df47382b934591157216009aefa5a6f3275882c74ae32da7fb555cb9ad77dfebaf374a413edf041f40ea33d29ef78154fa467fa7f29819d480d7343a01d3d46a89f64f98f4c82201af54dfde2e0de93df2fca4f2b603dd2defab15546029c519dc596167a51edac47a32d449c68a0de8fcafcb24c8af58c6cd6a49045df1812052812a31cda9495a318542d3286ed398b6a500fb9cf5fcc0754dfdc75c2b52c96d5414d74d67820d30eb0db510f1c9ac47fd06390bba9a9bfbfb7c442bda44fb1e7d3ae93c677fd79aa6211c2cd6cadaea0ce32c202517720717bf0720d552649e50bed9f5640a04cfc139dc07c31d1d250f3f4404ea8b3c703974770a28d3778a82aecc4d24e5aa4b19a67d86e842d10599725314a508274d6816f62a02f2de013fffdbe18b72408d739aa0af5e0bd837c9f046dbf9f582b9ca01f058f767252fb40d27814ed2f0e06ba3e08e2cd03d8d31d5323e95d204bd0fac3d895a9c69c1fac82605f44a28e1715164484577fc8fa58a412ae0b54fbb4d11286564f00ac73900b6347ca267494c55b5490690028450e2c1160b21ee88ac07d6fda19a78919b5ebebcb3dcd2b7ff8535f4b59c9c0dfa3c5f70e26e6d7fe28af502155f0f898c1f4acc9eecf1d62083001f22918758b27c72162f369854a2b7560d07380277d8a1ae1c721581c2189623a663ee2a1", 0x4d1, 0xfffffffffffffffb) keyctl$revoke(0x3, r0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f000005a000-0x11)='/selinux/enforce\x00', 0x8000, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f000024c000)={0xaa, 0x10, 0x0}) 2018/01/18 21:37:11 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) listen(r0, 0x40000000000005) r1 = socket$inet6(0xa, 0x6, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f000054a000)={0x0, @in={{0x2, 0x3, @rand_addr=0x1f, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0xfffffffffffffffe, 0x800, 0x9, 0xffffffffffffffff, 0x3, 0xfffffffffffffffa, 0x7, 0x80000001, 0x3, 0x7ff, 0x10001, 0x6, 0x0, 0x2, 0x10000]}, &(0x7f00004da000)=0x108) setsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000cf5000)={r2, 0x1cc1}, 0x8) connect$inet6(r1, &(0x7f0000419000)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) sendmmsg(r1, &(0x7f00007d8000)=[{{0x0, 0x0, &(0x7f00007d8000-0x70)=[], 0x0, &(0x7f0000496000-0x1b0)=[{0x10, 0x10d, 0xffb0, ""}], 0x10, 0x0}, 0x0}], 0x1, 0x0) 2018/01/18 21:37:11 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000633000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00002c4000)=0x5f8) poll(&(0x7f0000563000-0x28)=[{r0, 0x0, 0x0}], 0x1, 0x10001) ioctl$KDGKBMODE(r0, 0x4b44, &(0x7f0000e39000-0x4)=0x0) ioctl$TCSETSF(r0, 0x5404, &(0x7f0000687000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) 2018/01/18 21:37:11 executing program 5: mmap(&(0x7f0000000000/0xfdc000)=nil, 0xfdc000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffff9c, 0xc008640a, &(0x7f000021c000-0x8)={0x0, 0x0}) ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f0000000000)={r0, 0x0, 0x8005}) sigaltstack(&(0x7f0000000000/0x4000)=nil, &(0x7f0000000000)=0x0) r1 = syz_open_dev$mouse(&(0x7f00008be000)='/dev/input/mouse#\x00', 0x7, 0x20000) mmap(&(0x7f0000fdc000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_FREE_BUFS(r1, 0x4008641a, &(0x7f0000939000-0x8)={0x3, &(0x7f0000fdd000-0xc)=[0x2, 0x8, 0xfff]}) sigaltstack(&(0x7f0000001000/0x4000)=nil, &(0x7f0000005000-0x4)=0x0) mmap(&(0x7f0000fdd000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) syz_open_dev$evdev(&(0x7f0000fdd000)='/dev/input/event#\x00', 0x81, 0x88100) ioctl$sock_inet_SIOCSIFBRDADDR(r1, 0x891a, &(0x7f0000124000-0x20)={@syzn={0x73, 0x79, 0x7a, 0x0, 0x0}, @ifru_flags=0x6000}) 2018/01/18 21:37:11 executing program 0: mmap(&(0x7f0000000000/0x90e000)=nil, 0x90e000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f000000a000-0x18)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000000c000-0x20)={{&(0x7f0000905000/0x3000)=nil, 0x3000}, 0x1, 0x0}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f000000c000)={&(0x7f0000905000/0x4000)=nil, 0x4000}) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f000005f000-0x10)='/dev/sequencer2\x00', 0x8000, 0x0) mmap(&(0x7f000090e000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00006af000-0x9)='/dev/vcs\x00', 0x400000, 0x0) eventfd2(0xff, 0x80000) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r1, 0x404c534a, &(0x7f000090e000)={0x0, 0xffff, 0x400, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 2018/01/18 21:37:11 executing program 7: r0 = socket$unix(0x1, 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00001bf000-0xa)='setgroups\x00') sendfile(r0, r1, &(0x7f0000fc0000)=0x5a, 0x102) pipe(&(0x7f000045d000)={0x0, 0x0}) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) epoll_wait(r1, &(0x7f0000000000)=[{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}], 0x8, 0x9) 2018/01/18 21:37:11 executing program 6: r0 = socket(0x3, 0x800, 0x1) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[], 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0) readv(r1, &(0x7f0000001000-0x10)=[{&(0x7f0000001000)=""/60, 0x3c}], 0x1) 2018/01/18 21:37:11 executing program 1: r0 = socket(0x9, 0x801, 0x800) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) accept4$inet(r0, &(0x7f0000001000-0x10)={0x0, 0xffffffffffffffff, @multicast1=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000000)=0x10, 0x80800) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000013000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x9, &(0x7f000035f000-0x8)={0x0, 0x0}) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f00001ac000)=0x7ff, 0x4) ioctl$EVIOCGEFFECTS(0xffffffffffffffff, 0x80044584, &(0x7f00004b3000-0x24)=""/36) 2018/01/18 21:37:11 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000371000)={0x9, 0x1, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00001ff000-0x1c)={0xa, 0x2, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}, 0x1c) listen(r1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000ad0000-0x4)='tls\x00', 0x4) sendto$inet6(r0, &(0x7f0000eba000-0x1)="", 0xffffffffffffff53, 0x20000004, &(0x7f0000cc8000-0x1c)={0xa, 0x2, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}, 0x1c) [ 36.276998] TCP: request_sock_TCPv6: Possible SYN flooding on port 20030. Sending cookies. Check SNMP counters. [ 36.290940] ================================================================== [ 36.298364] BUG: KASAN: slab-out-of-bounds in tcp_v6_syn_recv_sock+0x628/0x23a0 [ 36.305789] Write of size 160 at addr ffff8801d4e89460 by task syz-executor7/5025 [ 36.313378] [ 36.314986] CPU: 1 PID: 5025 Comm: syz-executor7 Not tainted 4.15.0-rc8+ #178 [ 36.322234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.331560] Call Trace: [ 36.334119] [ 36.336254] dump_stack+0x194/0x257 [ 36.339865] ? arch_local_irq_restore+0x53/0x53 [ 36.344510] ? show_regs_print_info+0x18/0x18 [ 36.348987] ? tcp_v6_send_synack+0xaa0/0xaa0 [ 36.353465] ? tcp_v6_syn_recv_sock+0x628/0x23a0 [ 36.358203] print_address_description+0x73/0x250 [ 36.363029] ? tcp_v6_syn_recv_sock+0x628/0x23a0 [ 36.367795] kasan_report+0x25b/0x340 [ 36.371586] check_memory_region+0x137/0x190 [ 36.375975] memcpy+0x37/0x50 [ 36.379061] tcp_v6_syn_recv_sock+0x628/0x23a0 [ 36.383638] ? tcp_v6_conn_request+0x270/0x270 [ 36.388194] ? __local_bh_enable_ip+0x121/0x230 [ 36.392849] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 36.397851] ? ip6_dst_lookup_tail+0xdbd/0x18f0 [ 36.402497] ? trace_hardirqs_on+0xd/0x10 [ 36.406620] ? __local_bh_enable_ip+0x121/0x230 [ 36.411273] ? ip6_dst_lookup_tail+0x40a/0x18f0 [ 36.415941] ? ip6_copy_metadata+0xad0/0xad0 [ 36.420340] ? selinux_netlbl_inet_conn_request+0x81/0x3c0 [ 36.425943] ? selinux_netlbl_skbuff_setsid+0x5d0/0x5d0 [ 36.431295] ? __bfs+0x686/0x750 [ 36.434635] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.439642] tcp_get_cookie_sock+0x102/0x540 [ 36.444033] ? selinux_inet_conn_request+0x25b/0x390 [ 36.449123] ? cookie_ecn_ok+0x120/0x120 [ 36.453177] ? xfrm_lookup_route+0x4f/0x1a0 [ 36.457486] ? ip6_dst_lookup_flow+0x1ca/0x270 [ 36.462048] ? ip6_dst_lookup+0x60/0x60 [ 36.466012] ? tcp_select_initial_window+0x30c/0x410 [ 36.471110] cookie_v6_check+0x177d/0x2160 [ 36.475347] ? cookie_v6_init_sequence+0xe0/0xe0 [ 36.480102] ? sk_filter_trim_cap+0x40a/0x9c0 [ 36.484579] ? lock_downgrade+0x980/0x980 [ 36.489059] ? lock_release+0xa40/0xa40 [ 36.493029] ? __lock_is_held+0xb6/0x140 [ 36.497096] ? sk_filter_trim_cap+0xe7/0x9c0 [ 36.501508] ? tcp_v6_inbound_md5_hash+0x155/0x5c0 [ 36.506430] tcp_v6_do_rcv+0xe4d/0x11c0 [ 36.510388] ? tcp_v6_do_rcv+0xe4d/0x11c0 [ 36.514516] ? tcp_v6_fill_cb+0x440/0x490 [ 36.518662] tcp_v6_rcv+0x2309/0x2b60 [ 36.522496] ? tcp_v6_reqsk_send_ack+0x370/0x370 [ 36.527256] ip6_input_finish+0x37e/0x17a0 [ 36.531469] ? ip6_input+0x3b4/0x560 [ 36.535193] ? ip6_rcv_finish+0x7a0/0x7a0 [ 36.539327] ? nf_hook_slow+0xd3/0x1a0 [ 36.543203] ip6_input+0xe9/0x560 [ 36.546643] ? ip6_input_finish+0x17a0/0x17a0 [ 36.551117] ? __lock_acquire+0x664/0x3e00 [ 36.555338] ? find_held_lock+0x35/0x1d0 [ 36.559390] ? ip6_rcv_finish+0x7a0/0x7a0 [ 36.563521] ? ipv6_rcv+0x16cd/0x1fa0 [ 36.567312] ip6_rcv_finish+0x1a9/0x7a0 [ 36.571268] ? ip6_make_skb+0x5e0/0x5e0 [ 36.575225] ? __lock_is_held+0xb6/0x140 [ 36.579271] ? nf_hook_slow+0xd3/0x1a0 [ 36.583148] ipv6_rcv+0xf37/0x1fa0 [ 36.586686] ? ip6_input+0x560/0x560 [ 36.590400] ? check_noncircular+0x20/0x20 [ 36.594611] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 36.599802] ? ip6_make_skb+0x5e0/0x5e0 [ 36.603762] ? ip6_input+0x560/0x560 [ 36.607460] __netif_receive_skb_core+0x1a41/0x3460 [ 36.612451] ? find_held_lock+0x35/0x1d0 [ 36.616511] ? nf_ingress+0x9f0/0x9f0 [ 36.620551] ? lock_downgrade+0x980/0x980 [ 36.624706] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 36.629883] ? is_bpf_text_address+0x7b/0x120 [ 36.634359] ? lock_downgrade+0x980/0x980 [ 36.638492] ? lock_release+0xa40/0xa40 [ 36.642450] ? __free_insn_slot+0x5c0/0x5c0 [ 36.646764] ? rcutorture_record_progress+0x10/0x10 [ 36.651773] ? is_bpf_text_address+0xa4/0x120 [ 36.656254] ? check_noncircular+0x20/0x20 [ 36.660475] ? __kernel_text_address+0xd/0x40 [ 36.664949] ? unwind_get_return_address+0x61/0xa0 [ 36.669862] ? __save_stack_trace+0x7e/0xd0 [ 36.674172] ? depot_save_stack+0x12c/0x490 [ 36.678478] ? put_cred_rcu+0x263/0x400 [ 36.682439] ? find_held_lock+0x35/0x1d0 [ 36.686495] ? lock_acquire+0x1d5/0x580 [ 36.690445] ? process_backlog+0x45f/0x740 [ 36.694652] ? lock_acquire+0x1d5/0x580 [ 36.698602] ? process_backlog+0x1ab/0x740 [ 36.702826] ? lock_release+0xa40/0xa40 [ 36.706801] __netif_receive_skb+0x2c/0x1b0 [ 36.711098] ? __netif_receive_skb+0x2c/0x1b0 [ 36.715578] process_backlog+0x203/0x740 [ 36.719614] ? mark_held_locks+0xaf/0x100 [ 36.723762] net_rx_action+0x792/0x1910 [ 36.727723] ? put_cred_rcu+0x263/0x400 [ 36.731689] ? napi_complete_done+0x6c0/0x6c0 [ 36.736183] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.741219] ? note_gp_changes+0x650/0x650 [ 36.745437] ? timerqueue_add+0x1e9/0x280 [ 36.749579] ? enqueue_hrtimer+0x171/0x4a0 [ 36.753794] ? __remove_hrtimer+0x190/0x190 [ 36.758106] ? find_held_lock+0x35/0x1d0 [ 36.762169] ? lock_downgrade+0x980/0x980 [ 36.766317] ? rcu_pm_notify+0xc0/0xc0 [ 36.770202] ? check_noncircular+0x20/0x20 [ 36.774416] ? print_irqtrace_events+0x270/0x270 [ 36.779158] ? lock_downgrade+0x980/0x980 [ 36.783290] ? __irqentry_text_end+0x1f8cf4/0x1f8cf4 [ 36.788372] ? do_timer+0x50/0x50 [ 36.791823] ? __lock_is_held+0xb6/0x140 [ 36.795889] __do_softirq+0x2d7/0xb85 [ 36.799666] ? task_prio+0x40/0x40 [ 36.803201] ? __irqentry_text_end+0x1f8cf4/0x1f8cf4 [ 36.808278] ? irq_exit+0xbb/0x200 [ 36.811798] ? smp_apic_timer_interrupt+0x16b/0x700 [ 36.816787] ? smp_reschedule_interrupt+0xe6/0x670 [ 36.821693] ? smp_call_function_single_interrupt+0x640/0x640 [ 36.827554] ? _raw_spin_lock+0x32/0x40 [ 36.831514] ? _raw_spin_unlock+0x22/0x30 [ 36.835642] ? handle_edge_irq+0x2b4/0x7c0 [ 36.839853] ? task_prio+0x40/0x40 [ 36.843388] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.848231] do_softirq_own_stack+0x2a/0x40 [ 36.852528] [ 36.854742] do_softirq.part.19+0x14d/0x190 [ 36.859046] ? ip6_finish_output2+0xb73/0x23a0 [ 36.863605] __local_bh_enable_ip+0x1ee/0x230 [ 36.868082] ip6_finish_output2+0xba6/0x23a0 [ 36.872491] ? ip6_sk_dst_lookup_flow+0x7f0/0x7f0 [ 36.877319] ? ip6_mtu+0x36f/0x4d0 [ 36.880843] ? check_noncircular+0x20/0x20 [ 36.885062] ? lock_release+0xa40/0xa40 [ 36.889062] ? __lock_is_held+0xb6/0x140 [ 36.893125] ip6_finish_output+0x302/0x930 [ 36.897335] ? ip6_finish_output+0x302/0x930 [ 36.901736] ip6_output+0x1eb/0x840 [ 36.905345] ? ip6_finish_output+0x930/0x930 [ 36.909751] ? ip6_fragment+0x3470/0x3470 [ 36.913893] ip6_xmit+0xd84/0x2090 [ 36.917443] ? ip6_finish_output2+0x23a0/0x23a0 [ 36.922098] ? fl6_update_dst+0x127/0x2b0 [ 36.926227] ? check_noncircular+0x20/0x20 [ 36.930439] ? inet6_csk_route_socket+0x691/0xe80 [ 36.935274] ? lock_acquire+0x1d5/0x580 [ 36.939221] ? lock_acquire+0x1d5/0x580 [ 36.943176] ? inet6_csk_xmit+0x114/0x580 [ 36.947307] ? ip6_forward_finish+0x140/0x140 [ 36.951790] ? lock_release+0xa40/0xa40 [ 36.955748] ? __lock_is_held+0xb6/0x140 [ 36.959811] inet6_csk_xmit+0x2fc/0x580 [ 36.963771] ? inet6_csk_update_pmtu+0x160/0x160 [ 36.968508] ? skb_clone+0x20d/0x480 [ 36.972205] ? tcp_schedule_loss_probe+0x5f0/0x5f0 [ 36.977147] tcp_transmit_skb+0x1b1b/0x38c0 [ 36.981472] ? bictcp_cong_avoid+0xf20/0xf20 [ 36.985859] ? __tcp_select_window+0x900/0x900 [ 36.990423] ? lock_downgrade+0x980/0x980 [ 36.995350] ? handle_mm_fault+0x410/0x8d0 [ 36.999559] ? down_read_trylock+0xdb/0x170 [ 37.003855] ? __do_page_fault+0x32d/0xc90 [ 37.008071] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 37.012628] ? vmacache_find+0x5f/0x280 [ 37.016600] ? tcp_small_queue_check.isra.26+0x31c/0x450 [ 37.022037] ? tcp_tso_segs+0x240/0x240 [ 37.025990] ? pvclock_read_flags+0x160/0x160 [ 37.030470] ? mm_fault_error+0x2c0/0x2c0 [ 37.034616] ? sched_clock_cpu+0x1b/0x170 [ 37.038740] ? tcp_init_tso_segs+0x11a/0x200 [ 37.043135] tcp_write_xmit+0x686/0x51d0 [ 37.047180] ? __kmalloc_node_track_caller+0x47/0x70 [ 37.052298] ? tcp_transmit_skb+0x38c0/0x38c0 [ 37.056772] ? iov_iter_advance+0x2a1/0x13f0 [ 37.061191] ? iov_iter_copy_from_user_atomic+0xe30/0xe30 [ 37.066709] ? copy_user_enhanced_fast_string+0xe/0x20 [ 37.071976] ? copyin+0x91/0xb0 [ 37.075240] ? _copy_from_iter_full+0x22b/0xbb0 [ 37.079900] ? check_stack_object+0x140/0x140 [ 37.084375] ? skb_entail+0x5f6/0x8a0 [ 37.088156] ? iov_iter_advance+0x13f0/0x13f0 [ 37.092623] ? tcp_sendmsg_locked+0x28b4/0x3b60 [ 37.097277] tcp_push_one+0xca/0x100 [ 37.100979] tcp_sendmsg_locked+0x1f67/0x3b60 [ 37.105512] ? tcp_sendpage+0x60/0x60 [ 37.109327] ? print_irqtrace_events+0x270/0x270 [ 37.114056] ? find_held_lock+0x35/0x1d0 [ 37.118110] ? lock_acquire+0x1d5/0x580 [ 37.122072] ? lock_acquire+0x1d5/0x580 [ 37.126039] ? tcp_sendmsg+0x21/0x50 [ 37.129775] ? mark_held_locks+0xaf/0x100 [ 37.133907] ? do_raw_spin_trylock+0x190/0x190 [ 37.138479] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 37.143484] ? lock_sock_nested+0x91/0x110 [ 37.147699] ? trace_hardirqs_on+0xd/0x10 [ 37.151825] ? __local_bh_enable_ip+0x121/0x230 [ 37.156488] tcp_sendmsg+0x2f/0x50 [ 37.160014] inet_sendmsg+0x11f/0x5e0 [ 37.163793] ? __might_sleep+0x95/0x190 [ 37.167749] ? inet_recvmsg+0x5f0/0x5f0 [ 37.171706] ? selinux_socket_sendmsg+0x36/0x40 [ 37.176351] ? security_socket_sendmsg+0x89/0xb0 [ 37.181173] ? inet_recvmsg+0x5f0/0x5f0 [ 37.185136] sock_sendmsg+0xca/0x110 [ 37.188834] SYSC_sendto+0x361/0x5c0 [ 37.192533] ? SYSC_connect+0x4a0/0x4a0 [ 37.196502] ? sock_has_perm+0x2a4/0x420 [ 37.200547] ? selinux_secmark_relabel_packet+0xc0/0xc0 [ 37.205895] ? selinux_netlbl_sock_rcv_skb+0x730/0x730 [ 37.211191] ? compat_SyS_futex+0x288/0x380 [ 37.215486] ? compat_sock_common_setsockopt+0xb9/0x140 [ 37.220837] ? compat_SyS_get_robust_list+0x300/0x300 [ 37.225999] ? sock_common_setsockopt+0xd0/0xd0 [ 37.230661] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 37.235405] SyS_sendto+0x40/0x50 [ 37.238836] ? SyS_getpeername+0x30/0x30 [ 37.242880] do_fast_syscall_32+0x3ee/0xf9d [ 37.247179] ? do_raw_spin_trylock+0x190/0x190 [ 37.251747] ? do_int80_syscall_32+0x9d0/0x9d0 [ 37.256323] ? syscall_return_slowpath+0x2ad/0x550 [ 37.261236] ? prepare_exit_to_usermode+0x340/0x340 [ 37.266235] ? sysret32_from_system_call+0x5/0x3b [ 37.271072] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.275904] entry_SYSENTER_compat+0x54/0x63 [ 37.280288] RIP: 0023:0xf7fb2c79 [ 37.283645] RSP: 002b:00000000f77ae08c EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 37.291329] RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 0000000020eb9fff [ 37.298576] RDX: 00000000ffffff53 RSI: 0000000020000004 RDI: 0000000020cc7fe4 [ 37.305820] RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000 [ 37.313072] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 37.320314] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 37.327595] [ 37.329200] Allocated by task 5025: [ 37.332803] save_stack+0x43/0xd0 [ 37.336232] kasan_kmalloc+0xad/0xe0 [ 37.339927] kasan_slab_alloc+0x12/0x20 [ 37.343881] kmem_cache_alloc+0x12e/0x760 [ 37.348012] sk_prot_alloc+0x65/0x2a0 [ 37.352617] sk_clone_lock+0x152/0x1570 [ 37.356568] inet_csk_clone_lock+0x92/0x4f0 [ 37.360863] tcp_create_openreq_child+0x9b/0x1b70 [ 37.365680] tcp_v6_syn_recv_sock+0x22d/0x23a0 [ 37.370237] tcp_get_cookie_sock+0x102/0x540 [ 37.374619] cookie_v6_check+0x177d/0x2160 [ 37.378827] tcp_v6_do_rcv+0xe4d/0x11c0 [ 37.382772] tcp_v6_rcv+0x2309/0x2b60 [ 37.386549] ip6_input_finish+0x37e/0x17a0 [ 37.390757] ip6_input+0xe9/0x560 [ 37.394184] ip6_rcv_finish+0x1a9/0x7a0 [ 37.398135] ipv6_rcv+0xf37/0x1fa0 [ 37.401649] __netif_receive_skb_core+0x1a41/0x3460 [ 37.406638] __netif_receive_skb+0x2c/0x1b0 [ 37.410937] process_backlog+0x203/0x740 [ 37.414972] net_rx_action+0x792/0x1910 [ 37.418919] __do_softirq+0x2d7/0xb85 [ 37.422692] [ 37.424295] Freed by task 0: [ 37.427282] (stack is not available) [ 37.430967] [ 37.432579] The buggy address belongs to the object at ffff8801d4e88a80 [ 37.432579] which belongs to the cache TCP of size 2528 [ 37.444600] The buggy address is located 0 bytes to the right of [ 37.444600] 2528-byte region [ffff8801d4e88a80, ffff8801d4e89460) [ 37.456881] The buggy address belongs to the page: [ 37.461783] page:ffffea000753a200 count:1 mapcount:0 mapping:ffff8801d4e88000 index:0xffff8801d4e89ffd compound_mapcount: 0 [ 37.473036] flags: 0x2fffc0000008100(slab|head) [ 37.477681] raw: 02fffc0000008100 ffff8801d4e88000 ffff8801d4e89ffd 0000000100000003 [ 37.485538] raw: ffffea00075b4a20 ffff8801d6f8ae48 ffff8801d7f61ac0 0000000000000000 [ 37.493393] page dumped because: kasan: bad access detected [ 37.499076] [ 37.500681] Memory state around the buggy address: [ 37.505587] ffff8801d4e89300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.512927] ffff8801d4e89380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.520267] >ffff8801d4e89400: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 37.527604] ^ [ 37.534069] ffff8801d4e89480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.541403] ffff8801d4e89500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.548733] ================================================================== [ 37.556063] Disabling lock debugging due to kernel taint [ 37.561553] Kernel panic - not syncing: panic_on_warn set ... [ 37.561553] [ 37.568896] CPU: 1 PID: 5025 Comm: syz-executor7 Tainted: G B 4.15.0-rc8+ #178 [ 37.577444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.586766] Call Trace: [ 37.589322] [ 37.591453] dump_stack+0x194/0x257 [ 37.595057] ? arch_local_irq_restore+0x53/0x53 [ 37.599700] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 37.604429] ? vsnprintf+0x1ed/0x1900 [ 37.608204] ? tcp_v6_syn_recv_sock+0x600/0x23a0 [ 37.612935] panic+0x1e4/0x41c [ 37.616101] ? refcount_error_report+0x214/0x214 [ 37.620830] ? add_taint+0x1c/0x50 [ 37.624344] ? add_taint+0x1c/0x50 [ 37.627856] ? tcp_v6_syn_recv_sock+0x628/0x23a0 [ 37.632587] kasan_end_report+0x50/0x50 [ 37.636532] kasan_report+0x144/0x340 [ 37.640309] check_memory_region+0x137/0x190 [ 37.644691] memcpy+0x37/0x50 [ 37.647768] tcp_v6_syn_recv_sock+0x628/0x23a0 [ 37.652329] ? tcp_v6_conn_request+0x270/0x270 [ 37.656880] ? __local_bh_enable_ip+0x121/0x230 [ 37.661543] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 37.666532] ? ip6_dst_lookup_tail+0xdbd/0x18f0 [ 37.671172] ? trace_hardirqs_on+0xd/0x10 [ 37.675291] ? __local_bh_enable_ip+0x121/0x230 [ 37.679936] ? ip6_dst_lookup_tail+0x40a/0x18f0 [ 37.684588] ? ip6_copy_metadata+0xad0/0xad0 [ 37.688972] ? selinux_netlbl_inet_conn_request+0x81/0x3c0 [ 37.694565] ? selinux_netlbl_skbuff_setsid+0x5d0/0x5d0 [ 37.699908] ? __bfs+0x686/0x750 [ 37.703246] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.708242] tcp_get_cookie_sock+0x102/0x540 [ 37.712624] ? selinux_inet_conn_request+0x25b/0x390 [ 37.717701] ? cookie_ecn_ok+0x120/0x120 [ 37.721736] ? xfrm_lookup_route+0x4f/0x1a0 [ 37.726036] ? ip6_dst_lookup_flow+0x1ca/0x270 [ 37.730593] ? ip6_dst_lookup+0x60/0x60 [ 37.734544] ? tcp_select_initial_window+0x30c/0x410 [ 37.739626] cookie_v6_check+0x177d/0x2160 [ 37.743841] ? cookie_v6_init_sequence+0xe0/0xe0 [ 37.748576] ? sk_filter_trim_cap+0x40a/0x9c0 [ 37.753043] ? lock_downgrade+0x980/0x980 [ 37.757164] ? lock_release+0xa40/0xa40 [ 37.761111] ? __lock_is_held+0xb6/0x140 [ 37.765153] ? sk_filter_trim_cap+0xe7/0x9c0 [ 37.769545] ? tcp_v6_inbound_md5_hash+0x155/0x5c0 [ 37.774453] tcp_v6_do_rcv+0xe4d/0x11c0 [ 37.778400] ? tcp_v6_do_rcv+0xe4d/0x11c0 [ 37.782524] ? tcp_v6_fill_cb+0x440/0x490 [ 37.786661] tcp_v6_rcv+0x2309/0x2b60 [ 37.790452] ? tcp_v6_reqsk_send_ack+0x370/0x370 [ 37.795188] ip6_input_finish+0x37e/0x17a0 [ 37.799393] ? ip6_input+0x3b4/0x560 [ 37.803094] ? ip6_rcv_finish+0x7a0/0x7a0 [ 37.807218] ? nf_hook_slow+0xd3/0x1a0 [ 37.811080] ip6_input+0xe9/0x560 [ 37.814508] ? ip6_input_finish+0x17a0/0x17a0 [ 37.818975] ? __lock_acquire+0x664/0x3e00 [ 37.823186] ? find_held_lock+0x35/0x1d0 [ 37.827226] ? ip6_rcv_finish+0x7a0/0x7a0 [ 37.831347] ? ipv6_rcv+0x16cd/0x1fa0 [ 37.835122] ip6_rcv_finish+0x1a9/0x7a0 [ 37.839071] ? ip6_make_skb+0x5e0/0x5e0 [ 37.843020] ? __lock_is_held+0xb6/0x140 [ 37.847056] ? nf_hook_slow+0xd3/0x1a0 [ 37.850922] ipv6_rcv+0xf37/0x1fa0 [ 37.854446] ? ip6_input+0x560/0x560 [ 37.858139] ? check_noncircular+0x20/0x20 [ 37.862343] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 37.867513] ? ip6_make_skb+0x5e0/0x5e0 [ 37.871465] ? ip6_input+0x560/0x560 [ 37.875153] __netif_receive_skb_core+0x1a41/0x3460 [ 37.880141] ? find_held_lock+0x35/0x1d0 [ 37.884181] ? nf_ingress+0x9f0/0x9f0 [ 37.887963] ? lock_downgrade+0x980/0x980 [ 37.892104] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 37.897273] ? is_bpf_text_address+0x7b/0x120 [ 37.901832] ? lock_downgrade+0x980/0x980 [ 37.905953] ? lock_release+0xa40/0xa40 [ 37.909905] ? __free_insn_slot+0x5c0/0x5c0 [ 37.914207] ? rcutorture_record_progress+0x10/0x10 [ 37.919198] ? is_bpf_text_address+0xa4/0x120 [ 37.923668] ? check_noncircular+0x20/0x20 [ 37.927876] ? __kernel_text_address+0xd/0x40 [ 37.932345] ? unwind_get_return_address+0x61/0xa0 [ 37.937247] ? __save_stack_trace+0x7e/0xd0 [ 37.941544] ? depot_save_stack+0x12c/0x490 [ 37.945841] ? put_cred_rcu+0x263/0x400 [ 37.949789] ? find_held_lock+0x35/0x1d0 [ 37.953827] ? lock_acquire+0x1d5/0x580 [ 37.957779] ? process_backlog+0x45f/0x740 [ 37.961983] ? lock_acquire+0x1d5/0x580 [ 37.965933] ? process_backlog+0x1ab/0x740 [ 37.970145] ? lock_release+0xa40/0xa40 [ 37.974102] __netif_receive_skb+0x2c/0x1b0 [ 37.978412] ? __netif_receive_skb+0x2c/0x1b0 [ 37.982883] process_backlog+0x203/0x740 [ 37.986918] ? mark_held_locks+0xaf/0x100 [ 37.991048] net_rx_action+0x792/0x1910 [ 37.995003] ? put_cred_rcu+0x263/0x400 [ 37.998966] ? napi_complete_done+0x6c0/0x6c0 [ 38.003460] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.008461] ? note_gp_changes+0x650/0x650 [ 38.012671] ? timerqueue_add+0x1e9/0x280 [ 38.016796] ? enqueue_hrtimer+0x171/0x4a0 [ 38.021006] ? __remove_hrtimer+0x190/0x190 [ 38.025306] ? find_held_lock+0x35/0x1d0 [ 38.029357] ? lock_downgrade+0x980/0x980 [ 38.033484] ? rcu_pm_notify+0xc0/0xc0 [ 38.037361] ? check_noncircular+0x20/0x20 [ 38.041570] ? print_irqtrace_events+0x270/0x270 [ 38.046300] ? lock_downgrade+0x980/0x980 [ 38.050425] ? __irqentry_text_end+0x1f8cf4/0x1f8cf4 [ 38.055501] ? do_timer+0x50/0x50 [ 38.060241] ? __lock_is_held+0xb6/0x140 [ 38.064288] __do_softirq+0x2d7/0xb85 [ 38.068060] ? task_prio+0x40/0x40 [ 38.071581] ? __irqentry_text_end+0x1f8cf4/0x1f8cf4 [ 38.076654] ? irq_exit+0xbb/0x200 [ 38.080168] ? smp_apic_timer_interrupt+0x16b/0x700 [ 38.085156] ? smp_reschedule_interrupt+0xe6/0x670 [ 38.090062] ? smp_call_function_single_interrupt+0x640/0x640 [ 38.095930] ? _raw_spin_lock+0x32/0x40 [ 38.099888] ? _raw_spin_unlock+0x22/0x30 [ 38.104023] ? handle_edge_irq+0x2b4/0x7c0 [ 38.108234] ? task_prio+0x40/0x40 [ 38.111756] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.116585] do_softirq_own_stack+0x2a/0x40 [ 38.120880] [ 38.123093] do_softirq.part.19+0x14d/0x190 [ 38.127387] ? ip6_finish_output2+0xb73/0x23a0 [ 38.131944] __local_bh_enable_ip+0x1ee/0x230 [ 38.136414] ip6_finish_output2+0xba6/0x23a0 [ 38.140802] ? ip6_sk_dst_lookup_flow+0x7f0/0x7f0 [ 38.145624] ? ip6_mtu+0x36f/0x4d0 [ 38.149137] ? check_noncircular+0x20/0x20 [ 38.153344] ? lock_release+0xa40/0xa40 [ 38.157306] ? __lock_is_held+0xb6/0x140 [ 38.161350] ip6_finish_output+0x302/0x930 [ 38.165556] ? ip6_finish_output+0x302/0x930 [ 38.169942] ip6_output+0x1eb/0x840 [ 38.173545] ? ip6_finish_output+0x930/0x930 [ 38.177932] ? ip6_fragment+0x3470/0x3470 [ 38.182060] ip6_xmit+0xd84/0x2090 [ 38.185604] ? ip6_finish_output2+0x23a0/0x23a0 [ 38.190246] ? fl6_update_dst+0x127/0x2b0 [ 38.194368] ? check_noncircular+0x20/0x20 [ 38.198576] ? inet6_csk_route_socket+0x691/0xe80 [ 38.203392] ? lock_acquire+0x1d5/0x580 [ 38.207338] ? lock_acquire+0x1d5/0x580 [ 38.211285] ? inet6_csk_xmit+0x114/0x580 [ 38.215409] ? ip6_forward_finish+0x140/0x140 [ 38.219879] ? lock_release+0xa40/0xa40 [ 38.223826] ? __lock_is_held+0xb6/0x140 [ 38.227874] inet6_csk_xmit+0x2fc/0x580 [ 38.231825] ? inet6_csk_update_pmtu+0x160/0x160 [ 38.236553] ? skb_clone+0x20d/0x480 [ 38.240240] ? tcp_schedule_loss_probe+0x5f0/0x5f0 [ 38.245154] tcp_transmit_skb+0x1b1b/0x38c0 [ 38.249460] ? bictcp_cong_avoid+0xf20/0xf20 [ 38.253840] ? __tcp_select_window+0x900/0x900 [ 38.258397] ? lock_downgrade+0x980/0x980 [ 38.262525] ? handle_mm_fault+0x410/0x8d0 [ 38.266732] ? down_read_trylock+0xdb/0x170 [ 38.271027] ? __do_page_fault+0x32d/0xc90 [ 38.275233] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 38.279786] ? vmacache_find+0x5f/0x280 [ 38.283743] ? tcp_small_queue_check.isra.26+0x31c/0x450 [ 38.289165] ? tcp_tso_segs+0x240/0x240 [ 38.293111] ? pvclock_read_flags+0x160/0x160 [ 38.297579] ? mm_fault_error+0x2c0/0x2c0 [ 38.301709] ? sched_clock_cpu+0x1b/0x170 [ 38.305827] ? tcp_init_tso_segs+0x11a/0x200 [ 38.310211] tcp_write_xmit+0x686/0x51d0 [ 38.314248] ? __kmalloc_node_track_caller+0x47/0x70 [ 38.319343] ? tcp_transmit_skb+0x38c0/0x38c0 [ 38.323822] ? iov_iter_advance+0x2a1/0x13f0 [ 38.328217] ? iov_iter_copy_from_user_atomic+0xe30/0xe30 [ 38.333728] ? copy_user_enhanced_fast_string+0xe/0x20 [ 38.338977] ? copyin+0x91/0xb0 [ 38.342232] ? _copy_from_iter_full+0x22b/0xbb0 [ 38.346875] ? check_stack_object+0x140/0x140 [ 38.351347] ? skb_entail+0x5f6/0x8a0 [ 38.355124] ? iov_iter_advance+0x13f0/0x13f0 [ 38.359588] ? tcp_sendmsg_locked+0x28b4/0x3b60 [ 38.364236] tcp_push_one+0xca/0x100 [ 38.367927] tcp_sendmsg_locked+0x1f67/0x3b60 [ 38.372420] ? tcp_sendpage+0x60/0x60 [ 38.376216] ? print_irqtrace_events+0x270/0x270 [ 38.380944] ? find_held_lock+0x35/0x1d0 [ 38.384985] ? lock_acquire+0x1d5/0x580 [ 38.388935] ? lock_acquire+0x1d5/0x580 [ 38.392883] ? tcp_sendmsg+0x21/0x50 [ 38.396580] ? mark_held_locks+0xaf/0x100 [ 38.400700] ? do_raw_spin_trylock+0x190/0x190 [ 38.405266] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 38.410263] ? lock_sock_nested+0x91/0x110 [ 38.414478] ? trace_hardirqs_on+0xd/0x10 [ 38.418601] ? __local_bh_enable_ip+0x121/0x230 [ 38.423250] tcp_sendmsg+0x2f/0x50 [ 38.426767] inet_sendmsg+0x11f/0x5e0 [ 38.430553] ? __might_sleep+0x95/0x190 [ 38.434515] ? inet_recvmsg+0x5f0/0x5f0 [ 38.438463] ? selinux_socket_sendmsg+0x36/0x40 [ 38.443105] ? security_socket_sendmsg+0x89/0xb0 [ 38.447836] ? inet_recvmsg+0x5f0/0x5f0 [ 38.451792] sock_sendmsg+0xca/0x110 [ 38.455479] SYSC_sendto+0x361/0x5c0 [ 38.459171] ? SYSC_connect+0x4a0/0x4a0 [ 38.463122] ? sock_has_perm+0x2a4/0x420 [ 38.467157] ? selinux_secmark_relabel_packet+0xc0/0xc0 [ 38.472496] ? selinux_netlbl_sock_rcv_skb+0x730/0x730 [ 38.477767] ? compat_SyS_futex+0x288/0x380 [ 38.482068] ? compat_sock_common_setsockopt+0xb9/0x140 [ 38.487410] ? compat_SyS_get_robust_list+0x300/0x300 [ 38.492571] ? sock_common_setsockopt+0xd0/0xd0 [ 38.497308] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 38.502039] SyS_sendto+0x40/0x50 [ 38.505464] ? SyS_getpeername+0x30/0x30 [ 38.509501] do_fast_syscall_32+0x3ee/0xf9d [ 38.513798] ? do_raw_spin_trylock+0x190/0x190 [ 38.518354] ? do_int80_syscall_32+0x9d0/0x9d0 [ 38.522912] ? syscall_return_slowpath+0x2ad/0x550 [ 38.527816] ? prepare_exit_to_usermode+0x340/0x340 [ 38.532808] ? sysret32_from_system_call+0x5/0x3b [ 38.537626] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.542444] entry_SYSENTER_compat+0x54/0x63 [ 38.546822] RIP: 0023:0xf7fb2c79 [ 38.550158] RSP: 002b:00000000f77ae08c EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 38.557838] RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 0000000020eb9fff [ 38.565077] RDX: 00000000ffffff53 RSI: 0000000020000004 RDI: 0000000020cc7fe4 [ 38.572317] RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000 [ 38.579558] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 38.586801] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 38.594527] Dumping ftrace buffer: [ 38.598039] (ftrace buffer empty) [ 38.601721] Kernel Offset: disabled [ 38.605317] Rebooting in 86400 seconds..