INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.8' (ECDSA) to the list of known hosts. 2018/04/07 03:20:53 fuzzer started 2018/04/07 03:20:53 dialing manager at 10.128.0.26:38639 2018/04/07 03:21:00 kcov=true, comps=false 2018/04/07 03:21:03 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f00000000c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="180000001d00ffff00000000000000000500000040000000ed990e38bcaa2a3b630d9b21fd274c601af658595497cd9ee63d26f777ab0b832c5260ba7fc244ef6401235669bac56bb604c0f84d6c9c493945693e0dcbf1beb16800fc9e5d482a922c5185852d843694a98a57d1d4fc291ed6e815c90b42114019dd7afee25c71b559e5f4480bce8d0b04d33ee765"], 0x1}, 0x1}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000b3dfc8)={&(0x7f0000001580)={0x10}, 0xc, &(0x7f00000015c0)={&(0x7f0000abf000)={0x18, 0x22, 0x109, 0x0, 0x0, {0x4}, [@nested={0x4, 0x12}]}, 0x18}, 0x1}, 0x0) recvmsg(r0, &(0x7f0000000680)={&(0x7f00000003c0)=@un=@abs, 0x80, &(0x7f0000000580)=[{&(0x7f0000000440)=""/148, 0x94}, {&(0x7f0000000500)=""/104, 0x68}], 0x2, &(0x7f00000005c0)=""/142, 0x8e, 0x2}, 0x0) 2018/04/07 03:21:03 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast6-avx\x00'}, 0x58) recvmsg(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000180)=@generic, 0x80, &(0x7f0000000480)=[{&(0x7f0000000200)=""/207, 0xcf}], 0x1, &(0x7f0000000540)=""/158, 0x9e}, 0x0) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000282fef)="1e336500ff4ad5e700000022000000ec", 0x10) sendmmsg$alg(r1, &(0x7f0000000080)=[{0x0, 0x0, &(0x7f000011a000), 0x12b}], 0x3a860b6b5182e8, 0x0) 2018/04/07 03:21:03 executing program 7: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendmmsg(r0, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000000380), 0x0, &(0x7f00000003c0)}}, {{&(0x7f00000004c0)=@in6={0xa, 0x4e22, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x80, &(0x7f0000000680), 0x0, &(0x7f00000000c0)=[{0x10, 0x29, 0x2}], 0x10}}], 0x2, 0x0) 2018/04/07 03:21:03 executing program 3: r0 = socket(0x11, 0x803, 0x300) r1 = socket(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}, 0x100000002}, 0x1c) sendto$inet(r1, &(0x7f0000509f92), 0xff77, 0x0, &(0x7f000055fff0)={0x2, 0x4e23, @loopback=0x7f000001}, 0x10) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000daeffc)=0x9, 0x4) recvmmsg(r0, &(0x7f00000062c0)=[{{0x0, 0x0, &(0x7f0000005a80)=[{&(0x7f00000059c0)=""/185, 0xb9}], 0x1, &(0x7f0000005ac0)=""/27, 0x1b}}, {{&(0x7f0000005b00), 0x80, &(0x7f0000006140), 0x0, &(0x7f00000061c0)=""/198, 0xc6}}], 0x2, 0x0, 0x0) 2018/04/07 03:21:03 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl(r0, 0x4000000000001278, &(0x7f0000000140)) 2018/04/07 03:21:03 executing program 4: r0 = memfd_create(&(0x7f0000000ffc)='\x00', 0x200) write$eventfd(r0, &(0x7f0000500ff8), 0x8) 2018/04/07 03:21:03 executing program 6: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/fib_trie\x00') readv(r0, &(0x7f0000002740)=[{&(0x7f00000016c0)=""/4096, 0x1000}], 0x1) 2018/04/07 03:21:03 executing program 1: setrlimit(0x8000000000006, &(0x7f00000a3ff0)) r0 = socket(0x40000000015, 0x5, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000200)=0x5) setreuid(r1, 0x0) execve(&(0x7f0000000080)='./file0\x00', &(0x7f0000000300), &(0x7f00000004c0)) syzkaller login: [ 43.074656] ip (3812) used greatest stack depth: 54408 bytes left [ 44.069588] ip (3907) used greatest stack depth: 54200 bytes left [ 44.816550] ip (3972) used greatest stack depth: 54160 bytes left [ 46.068438] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.161333] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.185859] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.240202] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.288865] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.346198] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.395105] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.550633] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.919825] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.124113] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.264255] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.280776] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.338539] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.363886] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.489067] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.546748] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.685657] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.692122] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.701624] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.884975] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.891311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.901748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.039639] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.045910] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.054646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.096224] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.106208] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.112724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.126934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.149712] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.169855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.200662] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.212184] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.248270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.284104] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.292592] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.316629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.402367] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.408675] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.428765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/07 03:21:20 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'sit0\x00'}) sendmsg$nl_route(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="280000001c00070f000000000000000007000000", @ANYBLOB="000002000a000200cb8e8bd70cf274d04351a7aaaaaaaaaaaa0000"], 0x2}, 0x1}, 0x0) 2018/04/07 03:21:20 executing program 5: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x2000000000027, &(0x7f0000000080)={@multicast1=0xe0000001, @remote={0xac, 0x14, 0x14, 0xbb}}, 0xc) bind$inet(r0, &(0x7f0000eed000)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) syz_emit_ethernet(0x2a, &(0x7f00003f3fd5)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1=0xe0000001}, @udp={0x0, 0x4e21, 0x8}}}}}, 0x0) 2018/04/07 03:21:20 executing program 7: r0 = socket$inet6(0xa, 0x3, 0x3b) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x9}, 0x1c) sendmmsg(r0, &(0x7f0000009300)=[{{0x0, 0x0, &(0x7f0000002440)=[{&(0x7f0000001180)="dd70abec118d1feecb85325abaac28ec08f3094f88061b964d26630acbf075931751e20ca3d0afbbc3b58c1ec54251a8e5cc45a59ff1be6120ef971e07fa795fa34343b62de96dce308626e830de9dc97b41c14eac77ba03b6c82b87a508b3763eb9495832ee90009128cfdde559107f0b9f667fc8249429b030ebbeb3c54cbe052a606d545a12b43c884343d3bf8f8092f4e5916991a0ac86baa5f7f85f70a199612bad8090170df901be30ddc3ef95b9324d81075b64bf34295b90910a02847380a4309ac6ad12123b6d450b149c93d4ebf2774cb8d3cdc73529e2631e05dec4e8b421e65c2ac3adde2387a82d66cb457468125d265b88c1ea5fc1ae13887c289e2abc8af80be783265fe61d9df876efd846896018b1700cec767f01e9ba3dfc332559edd051dd3186b82881c376786ba27b64191ee264fb1d67c05e81ec5fc514e34a119a05b19d8d1d0ea03ceb1b37bae4a015eaca3e79d8343f41e19e4e05bc36091595e25f09016a50d37899e8b34773f8f317b18c3f35745b3f38d3c319914d9aae71bc12ad713909920a7aab65092b38df3137088d58bd3d4700151db6b3ea47e2f8dc7c0e15c799d1866b8ead64d59a1c7aa523bafcdefd52ee0bfe774e1445dade547aca0dfe1bee6f8b6811dbfd772323b066a6b89e06a578b92cb670ef0c91c95fc9eca45ef70e89770faac131e654bf9cadd579873fd6286e9bd52d4d50a050e6adb029886bbf2d6725bdb3ea083bdf072469bcc4f6066b6d4f6ba5d78c61b414c37f134b9dccb2192155d0e05ce787a24123b058ebc36ce30ddea042ccd25f320fe24836f2e57a85546d918d90d6d7087b5416925524ad92c88be2a7f52d35d895c3ab32eeec69cea6420e0cbf0f312b2f856d0b3640480bb03a965416c9a3d27441cc543a9e91e1b8905e37ed8b6cd3dc01449040030b6a1eeea9bf58214cff688eb341ee1ce5ca915e770296bf9dfc92443a9d6da284fca948f6bd0788ad7b364b8ad9c356626e169edecddd696e0704aab6cbb2e03b2e9092714851d136d7edefeafc71c534f84c209c01599d3276e683919b56567e2a1071d66fb1776bcc96af93aa6503c6bd27cd22af55ab04101bd60bba1a75c2b1daa562e384cfe8f1195fd701cf0aa3fe423b5e1d24453482dcf9a8f5afbbd191dd0a09f1c7b8124b501f463701192a37288146b2a0f32de8f4fa420ae5066ef6aef2974e1889e1be8ca1b3fdaff31c2382a0d26c070ddfa5e5823a2b34d8a7a7cada6768f990610e5cb63e968df9b6c07652b5fa6d35ab07cd", 0x398}, {&(0x7f00000021c0)="106680b3c55aee89c336a0c07c8e9a", 0xf}, {&(0x7f00000022c0)="a7569e884cacf1197f42d701a5bf079e66b4ab4baf1d9b937834453ca72f09313829429de14c93d39da5216b413f54eba2e609cec81017de5764f46bc47cb4de51d12a25055695fcb89bd86309f798d22aca71649ffbe60cf8a9246d0b27bbc7f11c9b011a4e4bbb9fec7d08ba7243eda943f35c2f0a0ae2ddf8e52a728709690ecd10f218df65c2c7ffab26094ba33e69e3f6b3002cd9ac2dbc7647a278cdd4eb2ac49800ec5ebcaf1f605a8cc0d9b31e182cf0de2db9395c452b76e1d4172c0af8472221ae0326fea9fdecf201f17b38de08ef1ee0bbc77737018d75d4c9655cf203f6f3f4f5e8e91700ab625c84", 0xef}], 0x3, &(0x7f00000024c0)}}], 0x1, 0x0) 2018/04/07 03:21:20 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f00004b7000)='/dev/usbmon#\x00', 0x0, 0x0) r1 = gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f000053b000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r2, 0x2000000005452, &(0x7f0000008ff8)=0x3f) fcntl$setown(r2, 0x8, r1) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read$eventfd(r0, &(0x7f0000745000), 0x8) fcntl$setsig(r2, 0xa, 0x12) pread64(r0, &(0x7f0000e95f16)=""/234, 0xea, 0x0) poll(&(0x7f0000027ff8)=[{r3}], 0x1, 0x8000) dup3(r2, r3, 0x0) tkill(r1, 0x16) 2018/04/07 03:21:20 executing program 5: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x2000000000027, &(0x7f0000000080)={@multicast1=0xe0000001, @remote={0xac, 0x14, 0x14, 0xbb}}, 0xc) bind$inet(r0, &(0x7f0000eed000)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) syz_emit_ethernet(0x2a, &(0x7f00003f3fd5)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1=0xe0000001}, @udp={0x0, 0x4e21, 0x8}}}}}, 0x0) 2018/04/07 03:21:20 executing program 1: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, &(0x7f0000527ff8), 0x2, 0x0) mbind(&(0x7f000089a000/0x3000)=nil, 0x3000, 0x3, &(0x7f0000c28000)=0x800003f, 0xf0, 0x0) 2018/04/07 03:21:20 executing program 7: r0 = syz_open_dev$sndtimer(&(0x7f0000061000)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f000060c000)={{0x100000001}}) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0xfffffffffffffffe}) ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0) epoll_wait(r1, &(0x7f0000379000)=[{}], 0x1, 0x8d) 2018/04/07 03:21:20 executing program 4: r0 = socket$packet(0x11, 0x800000000002, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x3}, 0x4) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) sendto$inet(r1, &(0x7f0000762fff), 0xfdc7, 0x0, &(0x7f000057bff0)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) r2 = socket(0xa, 0x2, 0x0) r3 = open(&(0x7f00004b8ff8)='./file0\x00', 0x28042, 0x0) connect$inet6(r2, &(0x7f0000d3cfe4)={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}, 0x3}, 0x1c) fallocate(r3, 0x0, 0xffff, 0x1f) sendfile(r2, r3, &(0x7f00005faff8), 0xfffb) 2018/04/07 03:21:21 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f00004b7000)='/dev/usbmon#\x00', 0x0, 0x0) r1 = gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f000053b000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r2, 0x2000000005452, &(0x7f0000008ff8)=0x3f) fcntl$setown(r2, 0x8, r1) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read$eventfd(r0, &(0x7f0000745000), 0x8) fcntl$setsig(r2, 0xa, 0x12) pread64(r0, &(0x7f0000e95f16)=""/234, 0xea, 0x0) poll(&(0x7f0000027ff8)=[{r3}], 0x1, 0x8000) dup3(r2, r3, 0x0) tkill(r1, 0x16) 2018/04/07 03:21:21 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000280)={{{@in=@remote={0xac, 0x14, 0x14, 0xbb}, @in=@loopback=0x7f000001, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@mcast1={0xff, 0x1, [], 0x1}, 0x0, 0xff}, 0x0, @in=@multicast1=0xe0000001}}, 0xe8) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [0xff, 0xff], @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x1c) 2018/04/07 03:21:21 executing program 1: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, &(0x7f0000527ff8), 0x2, 0x0) mbind(&(0x7f000089a000/0x3000)=nil, 0x3000, 0x3, &(0x7f0000c28000)=0x800003f, 0xf0, 0x0) 2018/04/07 03:21:21 executing program 5: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x2000000000027, &(0x7f0000000080)={@multicast1=0xe0000001, @remote={0xac, 0x14, 0x14, 0xbb}}, 0xc) bind$inet(r0, &(0x7f0000eed000)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) syz_emit_ethernet(0x2a, &(0x7f00003f3fd5)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1=0xe0000001}, @udp={0x0, 0x4e21, 0x8}}}}}, 0x0) 2018/04/07 03:21:21 executing program 6: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f000079df88)) msgrcv(r0, &(0x7f0000000000)={0x0, ""/29}, 0x25, 0x0, 0x0) msgsnd(r0, &(0x7f0000c40ff8)=ANY=[@ANYBLOB="000000800000"], 0x1, 0x0) msgsnd(r0, &(0x7f00004adff7)={0x2}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) 2018/04/07 03:21:21 executing program 4: r0 = socket$packet(0x11, 0x800000000002, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x3}, 0x4) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) sendto$inet(r1, &(0x7f0000762fff), 0xfdc7, 0x0, &(0x7f000057bff0)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) r2 = socket(0xa, 0x2, 0x0) r3 = open(&(0x7f00004b8ff8)='./file0\x00', 0x28042, 0x0) connect$inet6(r2, &(0x7f0000d3cfe4)={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}, 0x3}, 0x1c) fallocate(r3, 0x0, 0xffff, 0x1f) sendfile(r2, r3, &(0x7f00005faff8), 0xfffb) 2018/04/07 03:21:21 executing program 7: setsockopt$inet_tcp_buf(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000003f42)="e9b1102fd162d2883afda6ca384faf121d74cc184624fce45026608dab3c7b831ea74850369babebbb881b4705fb9d5b6904ab9ea2bf03d896bd297cb7b37702c0a3363c7b53618766bfaea1eff261f0b2e23ea64dae4b74e1384260720bb174676f336b965c9cb4b46b75ae551d1a742a5e977acd7cce7ec8f0b0695c6d6012d40ea9373a4dcd9710956cc6e7ed45055df929909a53679bad75b619", 0x9c) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x6, 0x4) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000003f79)=ANY=[@ANYRES32=0x0, @ANYBLOB="5a00000005d48581b12538cd8c5c026f96353eeb04ad21e969918aeca5a158c7d2f8f7eddc8ee86ed360d8a6750e84ba219807af3b1ab227cf6fa4fc92a285590a7091e469b005a9d9b8265a23f1abde34123603f80ce5c69ef4a4490181"], &(0x7f0000009ffc)=0x2) sendto$inet6(r0, &(0x7f0000003fd9), 0xfdc2, 0x0, &(0x7f0000005fe4)={0xa, 0x0, 0x100000002, @mcast2={0xff, 0x2, [], 0x1}}, 0x16) 2018/04/07 03:21:21 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f00004b7000)='/dev/usbmon#\x00', 0x0, 0x0) r1 = gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f000053b000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r2, 0x2000000005452, &(0x7f0000008ff8)=0x3f) fcntl$setown(r2, 0x8, r1) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read$eventfd(r0, &(0x7f0000745000), 0x8) fcntl$setsig(r2, 0xa, 0x12) pread64(r0, &(0x7f0000e95f16)=""/234, 0xea, 0x0) poll(&(0x7f0000027ff8)=[{r3}], 0x1, 0x8000) dup3(r2, r3, 0x0) tkill(r1, 0x16) 2018/04/07 03:21:21 executing program 1: r0 = socket(0x2, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={"6c6f0000000000000000000100", &(0x7f0000000080)=@ethtool_ringparam={0x10}}) 2018/04/07 03:21:21 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f00000002c0)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000000280)={&(0x7f00000000c0)={0x14, 0x10, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0xa}}, 0x14}, 0x1}, 0x0) 2018/04/07 03:21:21 executing program 7: seccomp(0x1, 0x1, &(0x7f0000000040)={0x2, &(0x7f0000022000)=[{0x0, 0x0, 0x0, 0xffffffffffffffe0}, {0x16}]}) seccomp(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xffffffff}]}) rt_sigsuspend(&(0x7f0000000080), 0x8) seccomp(0x1, 0x1, &(0x7f0000947ff0)={0x1, &(0x7f000005eff0)=[{0x6}]}) 2018/04/07 03:21:21 executing program 5: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x2000000000027, &(0x7f0000000080)={@multicast1=0xe0000001, @remote={0xac, 0x14, 0x14, 0xbb}}, 0xc) bind$inet(r0, &(0x7f0000eed000)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) syz_emit_ethernet(0x2a, &(0x7f00003f3fd5)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1=0xe0000001}, @udp={0x0, 0x4e21, 0x8}}}}}, 0x0) 2018/04/07 03:21:21 executing program 4: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f00000001c0), 0xfffffef3) r1 = memfd_create(&(0x7f0000000000)="24004aa36137330b6679374db37718af3f91b00a9235908dee589c597d8f7dec52277a92830ed6390522aaa8662471dca5bc1ae79e22e989a6c1afbb60ef513138ee6f16e5f1c4ac2753aa7a9f0686bddd9caff81015270a50677cddcba54d0f919d68d550479c63e9b64156513c474e0cca868cd6832affb597", 0x0) write(r1, &(0x7f0000002000)='/', 0x1) sendfile(r1, r1, &(0x7f0000001000), 0xfec) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r1, 0x0) utimensat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', &(0x7f0000000480)={{0x0, 0x2710}}, 0x0) 2018/04/07 03:21:21 executing program 1: mmap(&(0x7f0000000000/0x53000)=nil, 0x53000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_ifreq(r0, 0x8992, &(0x7f0000000100)={'sit0\x00', @ifru_settings={0x0, 0x0, @sync=&(0x7f00000000c0)}}) [ 58.691893] audit: type=1326 audit(1523071281.690:3): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=5136 comm="syz-executor7" exe="/root/syz-executor7" sig=31 arch=c000003e syscall=202 compat=0 ip=0x455259 code=0xffff0000 [ 58.716722] syz-executor4 (5124) used greatest stack depth: 53872 bytes left 2018/04/07 03:21:21 executing program 7: r0 = socket$inet6(0xa, 0x80002, 0x88) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000feb000), 0x4) recvfrom$inet6(r0, &(0x7f0000fbef6d)=""/185, 0xb9, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00008a8000)={0xa, 0x4e23}, 0x1c) r1 = socket$inet6(0xa, 0x8000000000000802, 0x88) sendmsg$inet_sctp(r1, &(0x7f0000a29000)={&(0x7f00005dafe4)=@in6={0xa, 0x4e23, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c, &(0x7f0000fc8000)}, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000b0cf6e), 0xffed, 0x0, &(0x7f000001b000)={0xa}, 0x1c) [ 58.771482] audit: type=1326 audit(1523071281.727:4): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=5136 comm="syz-executor7" exe="/root/syz-executor7" sig=31 arch=c000003e syscall=202 compat=0 ip=0x455259 code=0xffff0000 2018/04/07 03:21:21 executing program 3: r0 = syz_open_dev$tun(&(0x7f00000004c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={"2f64080000020000070400", 0x9513}) 2018/04/07 03:21:22 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f00004b7000)='/dev/usbmon#\x00', 0x0, 0x0) r1 = gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f000053b000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r2, 0x2000000005452, &(0x7f0000008ff8)=0x3f) fcntl$setown(r2, 0x8, r1) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read$eventfd(r0, &(0x7f0000745000), 0x8) fcntl$setsig(r2, 0xa, 0x12) pread64(r0, &(0x7f0000e95f16)=""/234, 0xea, 0x0) poll(&(0x7f0000027ff8)=[{r3}], 0x1, 0x8000) dup3(r2, r3, 0x0) tkill(r1, 0x16) 2018/04/07 03:21:22 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f00004b7000)='/dev/usbmon#\x00', 0x0, 0x0) r1 = gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f000053b000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r2, 0x2000000005452, &(0x7f0000008ff8)=0x3f) fcntl$setown(r2, 0x8, r1) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read$eventfd(r0, &(0x7f0000745000), 0x8) fcntl$setsig(r2, 0xa, 0x12) pread64(r0, &(0x7f0000e95f16)=""/234, 0xea, 0x0) poll(&(0x7f0000027ff8)=[{r3}], 0x1, 0x8000) dup3(r2, r3, 0x0) tkill(r1, 0x16) 2018/04/07 03:21:22 executing program 6: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000080)={{{@in=@remote={0xac, 0x14, 0x14, 0xbb}, @in6=@mcast1={0xff, 0x1, [], 0x1}, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@mcast1={0xff, 0x1, [], 0x1}, 0x0, 0x2b}, 0x0, @in=@multicast1=0xe0000001}}, 0xe8) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [0xff, 0xff], @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x1c) 2018/04/07 03:21:22 executing program 4: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f00000001c0), 0xfffffef3) r1 = memfd_create(&(0x7f0000000000)="24004aa36137330b6679374db37718af3f91b00a9235908dee589c597d8f7dec52277a92830ed6390522aaa8662471dca5bc1ae79e22e989a6c1afbb60ef513138ee6f16e5f1c4ac2753aa7a9f0686bddd9caff81015270a50677cddcba54d0f919d68d550479c63e9b64156513c474e0cca868cd6832affb597", 0x0) write(r1, &(0x7f0000002000)='/', 0x1) sendfile(r1, r1, &(0x7f0000001000), 0xfec) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r1, 0x0) utimensat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', &(0x7f0000000480)={{0x0, 0x2710}}, 0x0) 2018/04/07 03:21:22 executing program 7: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00009b4fa8)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000933000)="9147ad46390d00c80040546908000000", 0x10) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000378000)=[{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000002c0)="88280479a3c88d53b6cf1a1138b2da8a", 0x10}], 0x1, &(0x7f0000453000)}], 0x1, 0x0) recvmmsg(r1, &(0x7f0000202000)=[{{0x0, 0x0, &(0x7f00005deff8)=[{&(0x7f000040d000)=""/30, 0x1e}], 0x1, &(0x7f0000971000)=""/251, 0xfb}}], 0x1, 0x0, &(0x7f0000d0fff8)) 2018/04/07 03:21:22 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000232ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSCTTY(r1, 0x540e, 0x0) 2018/04/07 03:21:22 executing program 5: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x2000000000027, &(0x7f0000000080)={@multicast1=0xe0000001, @remote={0xac, 0x14, 0x14, 0xbb}}, 0xc) syz_emit_ethernet(0x2a, &(0x7f00003f3fd5)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1=0xe0000001}, @udp={0x0, 0x4e21, 0x8}}}}}, 0x0) 2018/04/07 03:21:22 executing program 3: r0 = socket(0x11, 0x100000802, 0x0) r1 = syz_open_dev$tun(&(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={"6966623000faffffffffffffff00", 0x2691d0877f1cca9b}) ioctl$TUNSETLINK(r1, 0x400454cd, 0x20) dup3(r0, r1, 0x0) 2018/04/07 03:21:23 executing program 6: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f00000001c0), 0xfffffef3) r1 = memfd_create(&(0x7f0000000000)="24004aa36137330b6679374db37718af3f91b00a9235908dee589c597d8f7dec52277a92830ed6390522aaa8662471dca5bc1ae79e22e989a6c1afbb60ef513138ee6f16e5f1c4ac2753aa7a9f0686bddd9caff81015270a50677cddcba54d0f919d68d550479c63e9b64156513c474e0cca868cd6832affb597", 0x0) write(r1, &(0x7f0000002000)='/', 0x1) sendfile(r1, r1, &(0x7f0000001000), 0xfec) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r1, 0x0) utimensat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', &(0x7f0000000480)={{0x0, 0x2710}}, 0x0) 2018/04/07 03:21:23 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000004fc8)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000012ff0)={&(0x7f0000011000)={0x18, 0x20000058, 0x443, 0x0, 0x0, {}, [@typed={0x4, 0x3}]}, 0x18}, 0x1}, 0x0) 2018/04/07 03:21:23 executing program 5: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x2000000000027, &(0x7f0000000080)={@multicast1=0xe0000001, @remote={0xac, 0x14, 0x14, 0xbb}}, 0xc) syz_emit_ethernet(0x2a, &(0x7f00003f3fd5)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1=0xe0000001}, @udp={0x0, 0x4e21, 0x8}}}}}, 0x0) 2018/04/07 03:21:23 executing program 3: r0 = socket(0x11, 0x100000802, 0x0) r1 = syz_open_dev$tun(&(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={"6966623000faffffffffffffff00", 0x2691d0877f1cca9b}) ioctl$TUNSETLINK(r1, 0x400454cd, 0x20) dup3(r0, r1, 0x0) [ 60.130636] netlink: 'syz-executor1': attribute type 3 has an invalid length. 2018/04/07 03:21:23 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000004fc8)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000012ff0)={&(0x7f0000011000)={0x18, 0x20000058, 0x443, 0x0, 0x0, {}, [@typed={0x4, 0x3}]}, 0x18}, 0x1}, 0x0) 2018/04/07 03:21:23 executing program 7: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00009b4fa8)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000933000)="9147ad46390d00c80040546908000000", 0x10) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000378000)=[{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000002c0)="88280479a3c88d53b6cf1a1138b2da8a", 0x10}], 0x1, &(0x7f0000453000)}], 0x1, 0x0) recvmmsg(r1, &(0x7f0000202000)=[{{0x0, 0x0, &(0x7f00005deff8)=[{&(0x7f000040d000)=""/30, 0x1e}], 0x1, &(0x7f0000971000)=""/251, 0xfb}}], 0x1, 0x0, &(0x7f0000d0fff8)) 2018/04/07 03:21:23 executing program 5: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x2000000000027, &(0x7f0000000080)={@multicast1=0xe0000001, @remote={0xac, 0x14, 0x14, 0xbb}}, 0xc) syz_emit_ethernet(0x2a, &(0x7f00003f3fd5)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1=0xe0000001}, @udp={0x0, 0x4e21, 0x8}}}}}, 0x0) 2018/04/07 03:21:23 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'aead\x00', 0x0, 0x0, 'echainiv(ccm(camellia))\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab27191a01002356ba602dff05000b", 0x10) sendmmsg$alg(r1, &(0x7f0000002c80)=[{0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000200)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) sendmmsg$alg(r1, &(0x7f0000004140)=[{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000300)="92ece15b427367844c97570439eb0253", 0x10}], 0x1}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000480)={&(0x7f0000000040)=@nfc_llcp, 0x80, &(0x7f0000b9c000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000004280)}, 0x0) [ 60.321662] netlink: 'syz-executor1': attribute type 3 has an invalid length. 2018/04/07 03:21:24 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f00004b7000)='/dev/usbmon#\x00', 0x0, 0x0) r1 = gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f000053b000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r2, 0x2000000005452, &(0x7f0000008ff8)=0x3f) fcntl$setown(r2, 0x8, r1) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read$eventfd(r0, &(0x7f0000745000), 0x8) fcntl$setsig(r2, 0xa, 0x12) pread64(r0, &(0x7f0000e95f16)=""/234, 0xea, 0x0) poll(&(0x7f0000027ff8)=[{r3}], 0x1, 0x8000) dup3(r2, r3, 0x0) tkill(r1, 0x16) 2018/04/07 03:21:24 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f00004b7000)='/dev/usbmon#\x00', 0x0, 0x0) r1 = gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f000053b000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r2, 0x2000000005452, &(0x7f0000008ff8)=0x3f) fcntl$setown(r2, 0x8, r1) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read$eventfd(r0, &(0x7f0000745000), 0x8) fcntl$setsig(r2, 0xa, 0x12) pread64(r0, &(0x7f0000e95f16)=""/234, 0xea, 0x0) poll(&(0x7f0000027ff8)=[{r3}], 0x1, 0x8000) dup3(r2, r3, 0x0) tkill(r1, 0x16) 2018/04/07 03:21:24 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes-asm)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab27191a01002356ba602dff05000b", 0x10) sendmmsg$alg(r1, &(0x7f0000002c80)=[{0x0, 0x0, &(0x7f00000001c0), 0x0, &(0x7f0000000200)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) write(r1, &(0x7f0000000240)='y', 0x1) recvmsg(r1, &(0x7f0000158000)={&(0x7f00002fffa0)=@nfc_llcp, 0x60, &(0x7f0000b9c000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000da2000)}, 0x0) 2018/04/07 03:21:24 executing program 5: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000eed000)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) syz_emit_ethernet(0x2a, &(0x7f00003f3fd5)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1=0xe0000001}, @udp={0x0, 0x4e21, 0x8}}}}}, 0x0) 2018/04/07 03:21:24 executing program 6: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) name_to_handle_at(r1, &(0x7f0000000140)='..', &(0x7f0000000380)={0x8}, &(0x7f0000000200), 0x0) 2018/04/07 03:21:24 executing program 7: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00009b4fa8)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000933000)="9147ad46390d00c80040546908000000", 0x10) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000378000)=[{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000002c0)="88280479a3c88d53b6cf1a1138b2da8a", 0x10}], 0x1, &(0x7f0000453000)}], 0x1, 0x0) recvmmsg(r1, &(0x7f0000202000)=[{{0x0, 0x0, &(0x7f00005deff8)=[{&(0x7f000040d000)=""/30, 0x1e}], 0x1, &(0x7f0000971000)=""/251, 0xfb}}], 0x1, 0x0, &(0x7f0000d0fff8)) 2018/04/07 03:21:24 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000004fc8)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000012ff0)={&(0x7f0000011000)={0x18, 0x20000058, 0x443, 0x0, 0x0, {}, [@typed={0x4, 0x3}]}, 0x18}, 0x1}, 0x0) 2018/04/07 03:21:24 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'aead\x00', 0x0, 0x0, 'echainiv(ccm(camellia))\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab27191a01002356ba602dff05000b", 0x10) sendmmsg$alg(r1, &(0x7f0000002c80)=[{0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000200)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) sendmmsg$alg(r1, &(0x7f0000004140)=[{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000300)="92ece15b427367844c97570439eb0253", 0x10}], 0x1}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000480)={&(0x7f0000000040)=@nfc_llcp, 0x80, &(0x7f0000b9c000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000004280)}, 0x0) [ 61.096669] netlink: 'syz-executor1': attribute type 3 has an invalid length. 2018/04/07 03:21:24 executing program 5: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000eed000)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) syz_emit_ethernet(0x2a, &(0x7f00003f3fd5)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1=0xe0000001}, @udp={0x0, 0x4e21, 0x8}}}}}, 0x0) 2018/04/07 03:21:24 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000004fc8)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000012ff0)={&(0x7f0000011000)={0x18, 0x20000058, 0x443, 0x0, 0x0, {}, [@typed={0x4, 0x3}]}, 0x18}, 0x1}, 0x0) 2018/04/07 03:21:24 executing program 7: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00009b4fa8)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000933000)="9147ad46390d00c80040546908000000", 0x10) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000378000)=[{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000002c0)="88280479a3c88d53b6cf1a1138b2da8a", 0x10}], 0x1, &(0x7f0000453000)}], 0x1, 0x0) recvmmsg(r1, &(0x7f0000202000)=[{{0x0, 0x0, &(0x7f00005deff8)=[{&(0x7f000040d000)=""/30, 0x1e}], 0x1, &(0x7f0000971000)=""/251, 0xfb}}], 0x1, 0x0, &(0x7f0000d0fff8)) 2018/04/07 03:21:24 executing program 6: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) name_to_handle_at(r1, &(0x7f0000000140)='..', &(0x7f0000000380)={0x8}, &(0x7f0000000200), 0x0) 2018/04/07 03:21:24 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'aead\x00', 0x0, 0x0, 'echainiv(ccm(camellia))\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab27191a01002356ba602dff05000b", 0x10) sendmmsg$alg(r1, &(0x7f0000002c80)=[{0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000200)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) sendmmsg$alg(r1, &(0x7f0000004140)=[{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000300)="92ece15b427367844c97570439eb0253", 0x10}], 0x1}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000480)={&(0x7f0000000040)=@nfc_llcp, 0x80, &(0x7f0000b9c000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000004280)}, 0x0) [ 61.344906] netlink: 'syz-executor1': attribute type 3 has an invalid length. 2018/04/07 03:21:24 executing program 6: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) name_to_handle_at(r1, &(0x7f0000000140)='..', &(0x7f0000000380)={0x8}, &(0x7f0000000200), 0x0) 2018/04/07 03:21:24 executing program 1: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000004fc8)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000012ff0)={&(0x7f0000011000)={0x18, 0x20000058, 0x443, 0x0, 0x0, {}, [@typed={0x4, 0x3}]}, 0x18}, 0x1}, 0x0) 2018/04/07 03:21:24 executing program 5: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000eed000)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) syz_emit_ethernet(0x2a, &(0x7f00003f3fd5)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1=0xe0000001}, @udp={0x0, 0x4e21, 0x8}}}}}, 0x0) [ 61.526202] ================================================================== [ 61.533633] BUG: KMSAN: uninit-value in ghash_setkey+0x209/0x270 [ 61.539795] CPU: 0 PID: 5276 Comm: syz-executor4 Not tainted 4.16.0+ #81 [ 61.546636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.555994] Call Trace: [ 61.558596] dump_stack+0x185/0x1d0 [ 61.562241] ? ghash_setkey+0x209/0x270 [ 61.566230] kmsan_report+0x142/0x240 [ 61.570050] __msan_warning_32+0x6c/0xb0 [ 61.574125] ghash_setkey+0x209/0x270 [ 61.577943] ? ghash_final+0x1d0/0x1d0 [ 61.582449] crypto_shash_setkey+0x317/0x490 [ 61.586874] cryptd_hash_setkey+0x1a5/0x330 [ 61.591214] ? cryptd_hash_import+0x2a0/0x2a0 [ 61.595726] crypto_ahash_setkey+0x31a/0x470 [ 61.600153] ghash_async_setkey+0x1a5/0x330 [ 61.604499] ? ghash_async_import+0x3a0/0x3a0 [ 61.609004] crypto_ahash_setkey+0x31a/0x470 [ 61.613424] ? skcipher_encrypt_blkcipher+0x222/0x320 [ 61.618632] crypto_gcm_setkey+0xa3c/0xc10 [ 61.622889] ? crypto_gcm_exit_tfm+0xd0/0xd0 [ 61.627314] crypto_aead_setkey+0x373/0x4c0 [ 61.631654] aead_setkey+0xa0/0xc0 [ 61.635216] alg_setsockopt+0x6c5/0x740 [ 61.639202] ? aead_release+0x90/0x90 [ 61.643007] ? alg_accept+0xd0/0xd0 [ 61.646644] SYSC_setsockopt+0x4b8/0x570 [ 61.650890] SyS_setsockopt+0x76/0xa0 [ 61.654717] do_syscall_64+0x309/0x430 [ 61.658612] ? SYSC_recv+0xe0/0xe0 [ 61.662161] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 61.667349] RIP: 0033:0x455259 [ 61.670544] RSP: 002b:00007f586ba77c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 61.678258] RAX: ffffffffffffffda RBX: 00007f586ba786d4 RCX: 0000000000455259 [ 61.685534] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000013 [ 61.692815] RBP: 000000000072bea0 R08: 0000000000000010 R09: 0000000000000000 [ 61.700092] R10: 00000000203bcfd0 R11: 0000000000000246 R12: 00000000ffffffff [ 61.707368] R13: 0000000000000510 R14: 00000000006faa20 R15: 0000000000000000 [ 61.714646] [ 61.716273] Uninit was stored to memory at: [ 61.720610] kmsan_internal_chain_origin+0x12b/0x210 [ 61.725721] __msan_chain_origin+0x69/0xc0 [ 61.729977] __crypto_xor+0x23c/0x16b0 [ 61.733879] crypto_ctr_crypt_inplace+0x29a/0x3a0 [ 61.738738] crypto_ctr_crypt+0x54c/0x7d0 [ 61.742907] skcipher_encrypt_blkcipher+0x222/0x320 [ 61.747926] crypto_gcm_setkey+0x6a3/0xc10 [ 61.752160] crypto_aead_setkey+0x373/0x4c0 [ 61.756470] aead_setkey+0xa0/0xc0 [ 61.760002] alg_setsockopt+0x6c5/0x740 [ 61.763985] SYSC_setsockopt+0x4b8/0x570 [ 61.768052] SyS_setsockopt+0x76/0xa0 [ 61.771851] do_syscall_64+0x309/0x430 [ 61.775737] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 61.780924] Local variable description: ----vla@crypto_ctr_crypt_inplace [ 61.787754] Variable was created at: [ 61.791457] crypto_ctr_crypt_inplace+0x19a/0x3a0 [ 61.796287] crypto_ctr_crypt+0x54c/0x7d0 [ 61.800412] ================================================================== [ 61.807750] Disabling lock debugging due to kernel taint [ 61.813182] Kernel panic - not syncing: panic_on_warn set ... [ 61.813182] [ 61.820617] CPU: 0 PID: 5276 Comm: syz-executor4 Tainted: G B 4.16.0+ #81 [ 61.828751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.838098] Call Trace: [ 61.840696] dump_stack+0x185/0x1d0 [ 61.844371] panic+0x39d/0x940 [ 61.847595] ? ghash_setkey+0x209/0x270 [ 61.851563] kmsan_report+0x238/0x240 [ 61.855347] __msan_warning_32+0x6c/0xb0 [ 61.859394] ghash_setkey+0x209/0x270 [ 61.863182] ? ghash_final+0x1d0/0x1d0 [ 61.867066] crypto_shash_setkey+0x317/0x490 [ 61.871470] cryptd_hash_setkey+0x1a5/0x330 [ 61.875798] ? cryptd_hash_import+0x2a0/0x2a0 [ 61.880305] crypto_ahash_setkey+0x31a/0x470 [ 61.884713] ghash_async_setkey+0x1a5/0x330 [ 61.889033] ? ghash_async_import+0x3a0/0x3a0 [ 61.893532] crypto_ahash_setkey+0x31a/0x470 [ 61.897937] ? skcipher_encrypt_blkcipher+0x222/0x320 [ 61.903137] crypto_gcm_setkey+0xa3c/0xc10 [ 61.907410] ? crypto_gcm_exit_tfm+0xd0/0xd0 [ 61.911820] crypto_aead_setkey+0x373/0x4c0 [ 61.916144] aead_setkey+0xa0/0xc0 [ 61.919687] alg_setsockopt+0x6c5/0x740 [ 61.923659] ? aead_release+0x90/0x90 [ 61.927446] ? alg_accept+0xd0/0xd0 [ 61.931061] SYSC_setsockopt+0x4b8/0x570 [ 61.935112] SyS_setsockopt+0x76/0xa0 [ 61.938908] do_syscall_64+0x309/0x430 [ 61.942787] ? SYSC_recv+0xe0/0xe0 [ 61.946318] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 61.951493] RIP: 0033:0x455259 [ 61.954666] RSP: 002b:00007f586ba77c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 61.962360] RAX: ffffffffffffffda RBX: 00007f586ba786d4 RCX: 0000000000455259 [ 61.969614] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000013 [ 61.976870] RBP: 000000000072bea0 R08: 0000000000000010 R09: 0000000000000000 [ 61.984133] R10: 00000000203bcfd0 R11: 0000000000000246 R12: 00000000ffffffff [ 61.991395] R13: 0000000000000510 R14: 00000000006faa20 R15: 0000000000000000 [ 61.999211] Dumping ftrace buffer: [ 62.002737] (ftrace buffer empty) [ 62.006426] Kernel Offset: disabled [ 62.010032] Rebooting in 86400 seconds..