INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.901925] sshd (4528) used greatest stack depth: 16456 bytes left Warning: Permanently added '10.128.0.8' (ECDSA) to the list of known hosts. 2018/04/21 02:40:12 fuzzer started 2018/04/21 02:40:13 dialing manager at 10.128.0.26:39431 [ 56.388112] can: request_module (can-proto-0) failed. [ 56.397335] can: request_module (can-proto-0) failed. 2018/04/21 02:40:41 kcov=true, comps=true 2018/04/21 02:40:47 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) socket$kcm(0x29, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f0000000240)={0x73, 0x79, 0x7a, 0x0}, &(0x7f0000000280)="26b6d8116e3f55d216aceef532d082caa3470b7d2c56d48fb13661c0deaed7baebf466bb1160ff2ac4c25e9ff17f4e77dc07ecd56aa81c81af58242e7629970b6d06996c8adda6ccf0797151f283bd386f84adb9f8a107de0fefc73cfd7bb250d7dec1efe47ea211eb6e776c592852457d3f060fdc07b89c0b8c89d9dda141b5228515c6822668b313a59ef1bdb92209d830aba977531c590c4fbc3a2a4d126ce041a99874d03d0d9e08d10f12d7f5dafb3e4730ae0c132b1467d2ced9ccb7b24665", 0xc2, 0xffffffffffffffff) r3 = add_key(&(0x7f0000000380)='pkcs7_test\x00', &(0x7f00000003c0)={0x73, 0x79, 0x7a}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000400)={0x0, r2, r3}, &(0x7f0000000440)=""/245, 0xf5, &(0x7f0000000600)={&(0x7f0000000540)={'sha3-256\x00'}, &(0x7f0000000580)="b728141d113b110b27058e2aab08b1e8e7202e2b836c3ae64ec659d070e7cb5f9037147c36033e522186e0104c32a5ca809f636549db6bcfab279a1781f1cbcc9c8be92c6b11de8eca4c4031bd09be8d738155faa07c7f9ff5a45eb1a87dc5a88992548a696798e3fb37", 0x6a}) prctl$intptr(0x8, 0x401) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x1, 0x0, 0x1000}) syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f00000000c0)="660f38829ce00000000081660080cc00000f01d13edce00f07660f3881521ec4c1f56b821aea000066baf80cb8e2dd6488ef66bafc0c66b8680066ef8fc96801d12e660f388246e4", 0x48}], 0xaaaaaaaaaaaabe9, 0x0, &(0x7f0000000900), 0x0) 2018/04/21 02:40:47 executing program 2: r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@broute={'broute\x00', 0x20, 0x1, 0x1f0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000c00], 0x0, &(0x7f0000000040), &(0x7f0000000c00)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x19, 0x0, 0x800, 'lo\x00', 'teql0\x00', 'ip6_vti0\x00', 'bcsf0\x00', @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, [], 0x100, 0x130, 0x160, [@ip={'ip\x00', 0x20, {{@remote={0xac, 0x14, 0x14, 0xbb}, @broadcast=0xffffffff}}}, @ip={'ip\x00', 0x20, {{@loopback=0x7f000001, @empty, 0x0, 0x0, 0x0, 0x0, 0x35}}}]}, [@common=@AUDIT={'AUDIT\x00', 0x8}]}, @common=@AUDIT={'AUDIT\x00', 0x8}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x268) 2018/04/21 02:40:47 executing program 7: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xb, 0x40, 0xa9, 0xa37, 0x1, 0x1}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000002800000850000000000000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0xce, &(0x7f0000000180)=""/206}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0x4, &(0x7f0000000040)=@raw=[@map={0x18, 0x0, 0x1, 0x0, r0}, @call={0x85, 0x0, 0x0, 0x7}], &(0x7f0000000100)='GPL\x00', 0x9, 0x132, &(0x7f0000000340)=""/167}, 0x48) 2018/04/21 02:40:47 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000001040)=@leave_mcast={0x11, 0x10, 0xfa00, {&(0x7f0000000a00)}}, 0x18) 2018/04/21 02:40:47 executing program 4: r0 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_START(r0, 0xc0505405) 2018/04/21 02:40:47 executing program 5: r0 = socket(0x10, 0x802, 0x0) write(r0, &(0x7f0000000240)="2400000020002553075f0165ffd6fc0280000000001000220ee1000c08000a0000001700", 0x24) 2018/04/21 02:40:47 executing program 6: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000fa8fe4)={0xa, 0x4e23}, 0x1c) connect$inet6(r0, &(0x7f000098cfe4)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f0000000640)=0x1, 0x4) r1 = dup(r0) write$eventfd(r1, &(0x7f0000605ff8), 0x101bc) 2018/04/21 02:40:47 executing program 1: perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='syscall\x00') bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha1\x00'}, 0x58) r2 = accept4$alg(r0, 0x0, 0x0, 0x0) sendfile(r2, r1, &(0x7f0000000200), 0x3f) [ 64.161135] IPVS: ftp: loaded support on port[0] = 21 [ 64.412077] IPVS: ftp: loaded support on port[0] = 21 [ 64.441644] IPVS: ftp: loaded support on port[0] = 21 [ 64.445292] IPVS: ftp: loaded support on port[0] = 21 [ 64.472409] IPVS: ftp: loaded support on port[0] = 21 [ 64.487744] IPVS: ftp: loaded support on port[0] = 21 [ 64.503409] IPVS: ftp: loaded support on port[0] = 21 [ 64.528418] IPVS: ftp: loaded support on port[0] = 21 [ 66.462314] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.469128] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.504193] device bridge_slave_0 entered promiscuous mode [ 66.623680] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.630137] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.653228] device bridge_slave_1 entered promiscuous mode [ 66.670808] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.677226] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.687898] device bridge_slave_0 entered promiscuous mode [ 66.696928] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.703354] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.711305] device bridge_slave_0 entered promiscuous mode [ 66.746407] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.752857] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.773062] device bridge_slave_0 entered promiscuous mode [ 66.801925] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 66.810450] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.816877] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.841344] device bridge_slave_1 entered promiscuous mode [ 66.859441] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.865938] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.877420] device bridge_slave_1 entered promiscuous mode [ 66.888229] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.894609] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.903647] device bridge_slave_0 entered promiscuous mode [ 66.916609] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.923062] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.936985] device bridge_slave_0 entered promiscuous mode [ 66.946321] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.952727] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.960598] device bridge_slave_1 entered promiscuous mode [ 66.970490] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 66.977812] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.984219] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.994305] device bridge_slave_0 entered promiscuous mode [ 67.003428] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.009820] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.019208] device bridge_slave_0 entered promiscuous mode [ 67.036987] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 67.045988] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.052385] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.063218] device bridge_slave_1 entered promiscuous mode [ 67.076276] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.082669] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.111671] device bridge_slave_1 entered promiscuous mode [ 67.118757] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 67.127501] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 67.134854] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 67.151276] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.157718] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.180107] device bridge_slave_1 entered promiscuous mode [ 67.202371] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 67.211555] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.217991] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.248363] device bridge_slave_1 entered promiscuous mode [ 67.264949] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 67.273687] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 67.290802] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 67.298587] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 67.332422] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 67.403392] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 67.442964] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 67.455171] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 67.498896] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 67.510383] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 67.554089] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 67.635277] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 67.645543] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 67.665501] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 67.728144] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 67.792150] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 67.850541] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 67.863700] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 67.876046] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 67.886195] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 67.896358] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 67.903320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 67.947759] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 67.954714] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 67.971548] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 67.980132] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 67.987862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 68.020596] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 68.039821] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 68.058345] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 68.068555] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 68.075523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 68.095968] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 68.112695] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 68.134451] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 68.198327] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 68.205301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 68.217152] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 68.224188] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 68.253005] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 68.262082] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 68.269632] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 68.282578] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 68.322626] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 68.336695] team0: Port device team_slave_0 added [ 68.348878] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 68.356068] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 68.363837] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 68.384645] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 68.411622] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 68.419288] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 68.443525] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 68.458705] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 68.489484] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 68.505932] team0: Port device team_slave_0 added [ 68.520616] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 68.528711] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 68.555330] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 68.563080] team0: Port device team_slave_1 added [ 68.594674] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 68.629625] team0: Port device team_slave_0 added [ 68.647768] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 68.656921] team0: Port device team_slave_1 added [ 68.685710] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 68.706866] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 68.724874] team0: Port device team_slave_0 added [ 68.776906] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 68.797253] team0: Port device team_slave_0 added [ 68.812607] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 68.827759] team0: Port device team_slave_1 added [ 68.842593] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 68.860701] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 68.885130] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 68.898284] team0: Port device team_slave_1 added [ 68.910771] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 68.922885] team0: Port device team_slave_0 added [ 68.930472] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 68.940183] team0: Port device team_slave_0 added [ 68.951066] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 68.964188] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 68.971873] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 68.981522] team0: Port device team_slave_0 added [ 69.000365] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 69.011750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 69.029579] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 69.042104] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 69.051311] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 69.058410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 69.070140] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 69.078115] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 69.085726] team0: Port device team_slave_1 added [ 69.093186] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 69.102350] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 69.118642] team0: Port device team_slave_1 added [ 69.125980] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 69.137519] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 69.149832] team0: Port device team_slave_1 added [ 69.160593] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 69.174504] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 69.186213] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 69.194349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 69.202765] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 69.210230] team0: Port device team_slave_1 added [ 69.218551] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 69.225706] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 69.236475] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 69.248169] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 69.258166] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 69.265058] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 69.290899] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 69.325006] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 69.340635] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 69.358163] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 69.365963] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 69.373704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 69.381593] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 69.389145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 69.396819] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 69.404617] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 69.413909] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 69.420785] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 69.431553] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 69.439281] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 69.447761] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 69.459815] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 69.471669] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 69.481378] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 69.488822] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 69.499537] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 69.522956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 69.540699] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 69.552835] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 69.561393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 69.570257] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 69.577811] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 69.591472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 69.600711] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 69.609979] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 69.619116] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 69.628371] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 69.636328] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 69.646689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 69.687674] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 69.709940] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 69.741755] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 69.750644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 69.759289] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 69.767494] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 69.775495] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 69.783458] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 69.791391] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 69.801070] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 69.808421] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 69.816771] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 69.826917] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 69.837046] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 69.845146] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 69.856749] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 69.869377] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 69.878488] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 69.894734] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 69.924718] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 69.950691] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 69.972221] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 69.983725] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 69.991728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 70.001924] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 70.009246] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 70.017660] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 70.028771] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 70.040888] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 70.054219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 70.081954] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 70.089347] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 70.115290] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 70.875200] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.881816] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.888929] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.895333] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.924118] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 71.010050] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 71.214473] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.220902] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.227603] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.233991] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.257699] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 71.281894] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.288321] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.295037] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.301439] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.365006] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 71.394540] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.400982] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.407674] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.414085] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.437674] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 71.446918] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.453335] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.460007] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.466406] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.473985] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 71.481598] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.487972] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.494766] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.501146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.509236] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 71.526230] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.532636] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.539287] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.545672] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.588875] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 71.617440] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.623861] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.630559] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.636952] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.673267] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 72.033273] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 72.042678] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 72.079525] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 72.092789] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 72.100742] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 72.108296] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 72.115590] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 76.161396] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.564994] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.591530] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.627949] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 76.678857] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.732347] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.754655] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.831049] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.015141] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 77.038610] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.058884] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 77.079980] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 77.086247] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.097571] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.238945] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 77.247953] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 77.284422] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 77.331301] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 77.511302] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 77.517606] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.530657] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.559440] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 77.575012] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 77.589340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.601806] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.631581] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.752714] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 77.759876] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.773597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.797757] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 77.807109] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.821076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.837372] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 77.854968] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 77.875955] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.902888] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.925622] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.945368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 78.080872] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.095641] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.131981] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 78.138297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 78.150695] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 78.239962] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.280224] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.323323] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.368442] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.751315] 8021q: adding VLAN 0 to HW filter on device team0 2018/04/21 02:41:04 executing program 1: perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='syscall\x00') bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha1\x00'}, 0x58) r2 = accept4$alg(r0, 0x0, 0x0, 0x0) sendfile(r2, r1, &(0x7f0000000200), 0x3f) 2018/04/21 02:41:04 executing program 1: perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='syscall\x00') bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha1\x00'}, 0x58) r2 = accept4$alg(r0, 0x0, 0x0, 0x0) sendfile(r2, r1, &(0x7f0000000200), 0x3f) 2018/04/21 02:41:04 executing program 4: setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f0000000080)="eaed1e4032bc3f6a824529f4fec96a3a663f9b35514d1b05", 0x18) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_int(r0, 0x0, 0x40, &(0x7f0000000040), 0x4) 2018/04/21 02:41:04 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) tee(r0, r0, 0xfff, 0x8) syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00') r1 = accept$nfc_llcp(0xffffffffffffffff, &(0x7f00000001c0), &(0x7f0000000040)=0x60) getsockopt$nfc_llcp(r1, 0x118, 0x4, &(0x7f00000000c0)=""/11, 0xb) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$sg(&(0x7f0000005000)='/dev/sg#\x00', 0x0, 0x8002) write(r2, &(0x7f0000000000)="b63db85e1e8d020000feff00003ef0011dcc606aed5ed2bc7018cebc9bc2feffffffffffffffe22c9b160096aa1fae1a31", 0x31) readv(r2, &(0x7f000085dff0)=[{&(0x7f0000e94000)=""/62, 0xffbd}], 0x1) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r2, 0x84, 0x1e, &(0x7f0000000240), 0x4) sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10}, 0xfffffc92, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[]}, 0x1}, 0x20000000) 2018/04/21 02:41:04 executing program 1: perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='syscall\x00') bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha1\x00'}, 0x58) r2 = accept4$alg(r0, 0x0, 0x0, 0x0) sendfile(r2, r1, &(0x7f0000000200), 0x3f) 2018/04/21 02:41:04 executing program 5: mkdir(&(0x7f0000109282)='./file0\x00', 0x0) mount(&(0x7f0000018000)='./file0\x00', &(0x7f0000216000)='./file0\x00', &(0x7f0000018ffa)='ramfs\x00', 0x50, &(0x7f0000ffb000)) r0 = creat(&(0x7f00000ec000)='./file0/bus\x00', 0xbc9cc8fbd81cb4b1) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1}) ftruncate(r0, 0x0) r1 = creat(&(0x7f00001d3ff4)='./file0/bus\x00', 0x0) writev(r1, &(0x7f0000000400)=[{&(0x7f0000000000)="9d8db50570fd33fad6f9715e563227958c0e25e8a1047bc82a2dcdfc4f", 0x1d}, {&(0x7f00000000c0)="9a736d74030b09025e532939af27537c5ebce1e003f6d181785fb16370e4c672d924d7bbdaac738a5b2df952eefa68db3f7b0940227b8d8ce0e3fe031e3f692e3d9d715e7258ad703e3a227da5d8d8dfbb11e5b113d8bc364e88b25439593ea3b91ed0d35b5cf83eaf8671041b07d26a193d39735d7a5bd8c53ab39c81120da7cabf6780318a3fe41ea9e9d36c763281bad2e341b4321ec1e178c97836d590f3dd882af5a0b0f6f21e9eabb96a45fe447e03b6a843f3be4d51460d17d07082a3252893b197df1cd3f8f2e1a75c989cf6eeace6137ed27442f8a7f583b689d6e0daf501722f118896157a8ee3e4d5a98b7d2d", 0xf2}, {&(0x7f0000000200)="5d12f5b2e0b37a91c17b67b6a3d310a40b5ac1868ede75b3e500db82a2d4fc4763b5b7bc86abb5960c66cb4f30bc7116630bc12dd8da8e49db9f97c1165fe994df37c8cdd1bb0b22ebcc1fcc2455a975eabcfd5c916d88514a5cd10ffffd1269f624e008d336e9a9a0583b21ad681e1e5bff6e4fcbe9dfbc532e81a055c348ca377b31150d372f642a51c1e9d45b777822f7521cb92f5ed2b989c73eb7", 0x9d}, {&(0x7f00000003c0)="9ac88f6d5c2935cf0f5207b71126f3e305e271feca9578fc27a188620eeac34ea5dbdd154a9f33f024", 0x29}], 0x4) dup2(0xffffffffffffffff, 0xffffffffffffffff) [ 81.330965] sg_write: data in/out 167162/1 bytes for SCSI command 0xff-- guessing data in; [ 81.330965] program syz-executor4 not setting count and/or reply_len properly 2018/04/21 02:41:04 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000340)={0x4c, 0x0, &(0x7f0000000200)=[@transaction_sg={0x40486311, {{0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000080), &(0x7f0000000100)=[0x0, 0x0]}}}], 0x0, 0x0, &(0x7f00000002c0)}) 2018/04/21 02:41:04 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000001040)=@leave_mcast={0x11, 0x10, 0xfa00, {&(0x7f0000000a00)}}, 0x18) [ 81.480652] binder: 6677:6679 got transaction to invalid handle [ 81.487078] binder: 6677:6679 transaction failed 29201/-22, size 0-16 line 2848 [ 81.545905] sg_write: data in/out 167162/1 bytes for SCSI command 0xff-- guessing data in; [ 81.545905] program syz-executor4 not setting count and/or reply_len properly [ 81.571126] binder: 6677:6688 got transaction to invalid handle [ 81.577362] binder: 6677:6688 transaction failed 29201/-22, size 0-16 line 2848 [ 81.641701] binder: undelivered TRANSACTION_ERROR: 29201 [ 81.664072] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/21 02:41:05 executing program 0: mmap(&(0x7f0000000000/0x709000)=nil, 0x709000, 0x0, 0x44031, 0xffffffffffffffff, 0x0) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000040)={{0x77359400}, {0x77359400}}, &(0x7f00000000c0)) 2018/04/21 02:41:05 executing program 7: socket$nl_crypto(0x10, 0x3, 0x15) r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$netlink(0x10, 0x3, 0x4) sendmsg$nl_generic(r1, &(0x7f0000005000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)={0x28, 0x14, 0x7, 0x0, 0x0, {0x1}, [@generic="8738124d896abd6cfab45e529840ffe4b3"]}, 0x28}, 0x1}, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000040)={r2, 0x1, 0x6, @random="f49657a503ca"}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000000c0)={r2, 0x1, 0x6, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff]}, 0x10) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = socket$packet(0x11, 0x0, 0x300) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000c40)={{{@in6=@mcast1, @in6=@mcast2}}, {{}, 0x0, @in=@multicast2}}, &(0x7f0000000d40)=0xe8) getuid() getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f00000010c0)={{{@in6=@mcast2, @in=@dev}}, {{@in=@loopback}, 0x0, @in6=@mcast2}}, &(0x7f00000011c0)=0xe8) ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000001200)) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f00000027c0)={{{@in=@multicast2, @in6}}, {{@in=@local}, 0x0, @in6=@local}}, &(0x7f00000028c0)=0xe8) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000002980)) ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f00000029c0)) ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000005f00)=0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000005f40)={{{@in, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in=@multicast1}}, &(0x7f0000006040)=0xe8) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000006080)={0x0, 0x0, 0x0}, &(0x7f00000060c0)=0xc) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000061c0)={0x0, 0x0, &(0x7f0000005e80)=[{&(0x7f0000000280)={0x10, 0x3a, 0x800, 0x70bd26, 0x25dfdbfd}, 0x10}], 0x1, &(0x7f0000006100)=[@cred={0x20, 0x1, 0x2, r5, r6, r7}, @rights={0x20, 0x1, 0x1, [0xffffffffffffffff, r0, r3]}, @rights={0x38, 0x1, 0x1, [r3, 0xffffffffffffffff, r4, r4, r4, r3, r4, r3, r0]}], 0x78, 0x4000000}, 0x800) r8 = accept4(r4, &(0x7f0000000100)=@rc, &(0x7f0000000080)=0x80, 0x80000) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffff9c, 0x84, 0xa, &(0x7f00000001c0)={0x2, 0x7, 0xd, 0xf7, 0x2, 0xb7b5, 0x6, 0x6, 0x0}, &(0x7f0000000200)=0x20) setsockopt$inet_sctp_SCTP_RESET_STREAMS(r8, 0x84, 0x77, &(0x7f0000000240)={r9, 0xb4e3, 0x6, [0x7fffffff, 0x7fffffff, 0x4, 0xfffffffffffffff8, 0x8000000000000, 0xfffffffffffffffa]}, 0x14) getsockopt$IP_VS_SO_GET_SERVICE(r3, 0x0, 0x483, &(0x7f0000000700), &(0x7f0000000340)=0x68) connect$nfc_llcp(r8, &(0x7f00000002c0)={0x27, 0x0, 0x0, 0x4, 0x5, 0x10001, "1d3c10b5df5514c446b58fdc35ecb1fe2cf99dd8d9d38a7c523abfe8313b4a985299d9da924294cff1eacb8f16d190178c3c2f5c1151e51ddb697cc7dee34f", 0x1d}, 0x60) write(r3, &(0x7f0000000180)="2700000014000707030e0000120f0a00110001002945222027bbb57a3e0e49d6a90600d6ec0000", 0x27) 2018/04/21 02:41:05 executing program 5: capset(&(0x7f0000b3e000)={0x19980330}, &(0x7f0000f21fe8)) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000380)={0x2, 0x3, @broadcast=0xffffffff}, 0x10) 2018/04/21 02:41:05 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f000025bfc8)={&(0x7f0000b9343a)={0x10}, 0xc, &(0x7f000033cff0)={&(0x7f000037c000)=@ipv4_delroute={0x34, 0x19, 0x1, 0x0, 0x0, {0x2, 0x20, 0x0, 0x0, 0xff, 0x0, 0xff}, [@RTA_FLOW={0x8, 0xb, 0xbc}, @RTA_PREFSRC={0x8, 0x7, @loopback=0x7f000001}, @RTA_DST={0x8, 0x1, @loopback=0x7f000001}]}, 0x34}, 0x1, 0x0, 0x0, 0x4007}, 0x4000000) 2018/04/21 02:41:05 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) dup3(0xffffffffffffffff, r0, 0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000100), &(0x7f0000000180)=0x8) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000fcdfe8)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) read(r0, &(0x7f0000465f8e)=""/114, 0x72) perf_event_open(&(0x7f0000001180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001140)}}, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000040)='a\x00') ioctl$UFFDIO_UNREGISTER(r1, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 2018/04/21 02:41:05 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x34, &(0x7f0000009000), 0x4) 2018/04/21 02:41:05 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000001040)=@leave_mcast={0x11, 0x10, 0xfa00, {&(0x7f0000000a00)}}, 0x18) 2018/04/21 02:41:05 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000340)={0x4c, 0x0, &(0x7f0000000200)=[@transaction_sg={0x40486311, {{0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000080), &(0x7f0000000100)=[0x0, 0x0]}}}], 0x0, 0x0, &(0x7f00000002c0)}) 2018/04/21 02:41:05 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f00000000c0)={0x11, @broadcast=0xffffffff, 0x0, 0x0, 'wrr\x00'}, 0x2c) [ 81.807014] device bridge0 entered promiscuous mode [ 81.812367] capability: warning: `syz-executor5' uses 32-bit capabilities (legacy support in use) [ 81.831154] binder: 6703:6712 got transaction to invalid handle [ 81.837351] binder: 6703:6712 transaction failed 29201/-22, size 0-16 line 2848 [ 81.887920] binder: undelivered TRANSACTION_ERROR: 29201 [ 81.968382] device bridge0 left promiscuous mode 2018/04/21 02:41:06 executing program 0: r0 = socket$inet6_sctp(0xa, 0x800000003, 0x84) ioctl$sock_ifreq(r0, 0x8995, &(0x7f00000001c0)={'bond0\x00', @ifru_names='ip6gretap0\x00'}) 2018/04/21 02:41:06 executing program 2: syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1f, 0x4000) acct(&(0x7f0000000040)='./file0\x00') add_key(&(0x7f0000000280)='cifs.idmap\x00', &(0x7f00000002c0)={0x73, 0x79, 0x7a}, &(0x7f0000000300), 0x0, 0xfffffffffffffffe) 2018/04/21 02:41:06 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000340)={0x4c, 0x0, &(0x7f0000000200)=[@transaction_sg={0x40486311, {{0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000080), &(0x7f0000000100)=[0x0, 0x0]}}}], 0x0, 0x0, &(0x7f00000002c0)}) 2018/04/21 02:41:06 executing program 5: r0 = socket(0x2000800000010, 0x2, 0x0) write(r0, &(0x7f0000000040)="26000000130047f100007fff590022ff001000e3010000000000000000ebff0006001000d335", 0x26) 2018/04/21 02:41:06 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000001040)=@leave_mcast={0x11, 0x10, 0xfa00, {&(0x7f0000000a00)}}, 0x18) 2018/04/21 02:41:06 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000140)="d8aca6420f00de0f32660f5f77f0260f01cb0f01ef0f23970f224267f265de1402b8870e8ee8", 0x26}], 0x1, 0x1d, &(0x7f0000000280), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2018/04/21 02:41:06 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) dup3(0xffffffffffffffff, r0, 0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000100), &(0x7f0000000180)=0x8) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000fcdfe8)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) read(r0, &(0x7f0000465f8e)=""/114, 0x72) perf_event_open(&(0x7f0000001180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001140)}}, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000040)='a\x00') ioctl$UFFDIO_UNREGISTER(r1, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 2018/04/21 02:41:06 executing program 7: r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) connect$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x82}]}, 0x10) sendmsg(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000001040)="5ddea4fac1387bb94db84bf57d1429e54ca3f72e74fb6a971ff7ae015c6667abaeea4357fe017c1700c6c49739e0f357f15f4e9636006bd9777c2691c40930f52733d140e9d050e03f6f80f668054968532d945150ca6ba1f149757475d30fdc4df712485eff9bd62b41099d60d2e15bad8e8f6cc355948ca0bd04c478910130a80184d73c2122ab85ce5028094f9a9a268b8e82308d7071a5470e", 0x9b}], 0x1, &(0x7f0000001280)=ANY=[], 0x0, 0x1000000000000}, 0x8094) recvmsg(r0, &(0x7f00000007c0)={&(0x7f0000000580)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x80, &(0x7f0000000a80)=[{&(0x7f0000000740)=""/2, 0x2}, {&(0x7f0000000780)=""/1, 0x1}, {&(0x7f00000008c0)=""/124, 0x7c}, {&(0x7f0000000940)=""/142, 0x8e}, {&(0x7f0000000a00)=""/108, 0x6c}], 0x5, &(0x7f0000000b00)=""/207, 0xcf, 0x6}, 0x20) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000040), 0x4) sendmsg(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000600)="d05c082d9eca70a0e43a29610da4e16c1b59cd8c85743eab1fc5223ee5e7b80757343cc18a98438d9f7ba1cce269e8ca21b09978043c7678c453415bb4d6c8cfd692d9cf85bd5342bbd7767df63cf75b9a5d1f02486d364b476a2b1f5a7ba8f8925062b024e379d554c4e5e65f106fa0b4006e36286e1759", 0x78}], 0x1, &(0x7f0000001100), 0x0, 0x80}, 0x40081) recvmsg(r0, &(0x7f0000000f80)={&(0x7f0000000800)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, 0x80, &(0x7f0000000880)=[{&(0x7f0000000e00)=""/211, 0xd3}, {&(0x7f0000000f00)=""/102, 0x66}], 0x2, 0x0, 0x0, 0x1000}, 0x40000000) [ 82.714829] netlink: 'syz-executor5': attribute type 16 has an invalid length. [ 82.726281] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 82.730282] binder: 6738:6741 got transaction to invalid handle [ 82.741703] binder: 6738:6741 transaction failed 29201/-22, size 0-16 line 2848 2018/04/21 02:41:06 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x46, &(0x7f0000000280), 0x4) getsockopt$inet6_mtu(r0, 0x29, 0x46, &(0x7f0000000000), &(0x7f0000000040)=0x4) 2018/04/21 02:41:06 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f000001bff0)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10) connect$inet(r0, &(0x7f0000024ff0)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10) sendmsg(r0, &(0x7f0000001480)={0x0, 0x11, &(0x7f0000000040)=[{&(0x7f0000000000), 0xffbf}], 0x1, &(0x7f0000000180)}, 0x0) recvmsg(r0, &(0x7f0000001a40)={&(0x7f0000000380)=@pppol2tp={0x0, 0x0, {0x0, 0xffffffffffffffff, {0x0, 0x0, @remote}}}, 0x7, &(0x7f0000000340)=[{&(0x7f00000000c0)=""/13}, {&(0x7f0000000100)=""/219}, {&(0x7f0000000200)=""/185}, {&(0x7f00000002c0)=""/105}], 0x18c}, 0x0) 2018/04/21 02:41:06 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net\x00') exit(0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getdents(r0, &(0x7f0000004080)=""/4096, 0x1000) 2018/04/21 02:41:06 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000180)='comm\x00') lseek(r0, 0x0, 0x1) 2018/04/21 02:41:06 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000340)={0x4c, 0x0, &(0x7f0000000200)=[@transaction_sg={0x40486311, {{0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000080), &(0x7f0000000100)=[0x0, 0x0]}}}], 0x0, 0x0, &(0x7f00000002c0)}) 2018/04/21 02:41:06 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000640)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)) 2018/04/21 02:41:06 executing program 4: setfsgid(0x0) [ 82.914778] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/21 02:41:06 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000180)='comm\x00') lseek(r0, 0x0, 0x1) [ 82.972475] binder: 6774:6775 got transaction to invalid handle [ 82.978663] binder: 6774:6775 transaction failed 29201/-22, size 0-16 line 2848 2018/04/21 02:41:06 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x100000, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="800000000002000019000000e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x3a, 0x400}, {&(0x7f0000011500)="ed410000000800006d5ebe5a6d5ebe5a6d5ebe5a00000000000005000400000000000000000000000c", 0x29, 0x2080}], 0x0, &(0x7f0000012d00)) 2018/04/21 02:41:06 executing program 5: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = socket$netlink(0x10, 0x3, 0x4) recvmsg(r0, &(0x7f0000001440)={&(0x7f0000001180)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @mcast1}}}, 0x80, &(0x7f0000001340), 0x0, &(0x7f0000001380)=""/135, 0x87}, 0x0) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="48000000140019ea19ca424a2efa55560affffffffe006ff00000000bc5603ca00000fff890000000709ff5bff87c3e4cb6b716c0123b261a2000000000000000000000000000000", 0x48}], 0x1) 2018/04/21 02:41:06 executing program 3: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000556ff0)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0x40085112, &(0x7f0000000040)={{0x4000001ff, 0x2010000080000a}}) 2018/04/21 02:41:06 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000180)='comm\x00') lseek(r0, 0x0, 0x1) 2018/04/21 02:41:06 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000461000/0x4000)=nil, 0x4000, 0x0, 0x0, 0xfffffffffffffffe) [ 83.106582] binder: undelivered TRANSACTION_ERROR: 29201 [ 83.154397] mmap: syz-executor6 (6799) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt. 2018/04/21 02:41:06 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000180)='comm\x00') lseek(r0, 0x0, 0x1) [ 83.205659] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 83.214788] EXT4-fs (loop4): group descriptors corrupted! [ 83.286817] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 83.296001] EXT4-fs (loop4): group descriptors corrupted! 2018/04/21 02:41:07 executing program 7: r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) connect$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x82}]}, 0x10) sendmsg(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000001040)="5ddea4fac1387bb94db84bf57d1429e54ca3f72e74fb6a971ff7ae015c6667abaeea4357fe017c1700c6c49739e0f357f15f4e9636006bd9777c2691c40930f52733d140e9d050e03f6f80f668054968532d945150ca6ba1f149757475d30fdc4df712485eff9bd62b41099d60d2e15bad8e8f6cc355948ca0bd04c478910130a80184d73c2122ab85ce5028094f9a9a268b8e82308d7071a5470e", 0x9b}], 0x1, &(0x7f0000001280)=ANY=[], 0x0, 0x1000000000000}, 0x8094) recvmsg(r0, &(0x7f00000007c0)={&(0x7f0000000580)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x80, &(0x7f0000000a80)=[{&(0x7f0000000740)=""/2, 0x2}, {&(0x7f0000000780)=""/1, 0x1}, {&(0x7f00000008c0)=""/124, 0x7c}, {&(0x7f0000000940)=""/142, 0x8e}, {&(0x7f0000000a00)=""/108, 0x6c}], 0x5, &(0x7f0000000b00)=""/207, 0xcf, 0x6}, 0x20) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000040), 0x4) sendmsg(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000600)="d05c082d9eca70a0e43a29610da4e16c1b59cd8c85743eab1fc5223ee5e7b80757343cc18a98438d9f7ba1cce269e8ca21b09978043c7678c453415bb4d6c8cfd692d9cf85bd5342bbd7767df63cf75b9a5d1f02486d364b476a2b1f5a7ba8f8925062b024e379d554c4e5e65f106fa0b4006e36286e1759", 0x78}], 0x1, &(0x7f0000001100), 0x0, 0x80}, 0x40081) recvmsg(r0, &(0x7f0000000f80)={&(0x7f0000000800)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, 0x80, &(0x7f0000000880)=[{&(0x7f0000000e00)=""/211, 0xd3}, {&(0x7f0000000f00)=""/102, 0x66}], 0x2, 0x0, 0x0, 0x1000}, 0x40000000) 2018/04/21 02:41:07 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000eb0fb8)={0x1, 0x3, &(0x7f00009ff000)=ANY=[@ANYBLOB="180000000300000000000000000000009500008000000000"], &(0x7f0000000000)='syzkaller\x00', 0x101, 0xb7, &(0x7f00006ab000)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f000031aff8)={r0, r1}) r3 = syz_open_procfs(0x0, &(0x7f000018cff6)='net/kcm\x00\b\x00') write(r2, &(0x7f0000000340)="54b6ef83549fd5af817ef2334d6d5f475be70f3d416c3b4320169c0b537f3e709808bf0aa220af441828c98ec28c8ed605b785b8f4939f20695f7cd6ec9fe5e38ac2f1780c7da80ce4784abb1879a42635f11665efdc92ffc82c0c071fc5d379ef2b9e5228000000000000002032bb6fc11dda7e91c86bb149c0dc538883b7239febbba86a5653625661943987aae2831ae4ae13252e25d91b549f7dcd08aec33b226fd415edc2c9815473eaf9530a73b7b9eb18396f1d26cc68d79150d89be677e6d893a7cec00ead0d0f2d3cee6e0247025e8d567c45e2cc5585acf92e0b7d0347027bf71220a3d5ecef79b0cf5d0d067b4a312a54840a02c2b85cd9bc786a377438cedb5987d242c768182b5adf4653ffca4646618a29de63db7ef746d9198636c377e65a559ae901ff94883eef061f590ed84b30d8ddf2bd1a8d9be39ea286bed2087e879adca1ab9e6a2855d616fe5b673dfe4ecb4b675d2e0f1cee075f75b58ca540391b12aaa6c41223b0bd019d85ae4d9cf83acfdbbbcf01f8ef052c450b8a", 0x183) readv(r3, &(0x7f0000c43f70)=[{&(0x7f0000ea5000)=""/4096, 0x1000}], 0x1) 2018/04/21 02:41:07 executing program 6: mmap(&(0x7f0000000000/0xf50000)=nil, 0xf50000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000080), &(0x7f00000000c0)=0x18) 2018/04/21 02:41:07 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000360000)={0x0, 0x0, &(0x7f000035d000)={&(0x7f000033c000)=ANY=[@ANYBLOB="020d000010000000000000000000000003000600000000000200000031ebf8c70000000000000000030005000000000002000000bc8a90d88fa2cecb0000000008001200020001000000000000000000100000de020300000012000000dbea001d00000121000000000000000000ffffe0000001000000000000000000000000"], 0x80}, 0x1}, 0x0) 2018/04/21 02:41:07 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000100)='/dev/sg#\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000300)={{}, 'port0\x00', 0x0, 0x0, 0x0, 0x0, 0xe2b, 0x0, 0x10000000000ffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x2874b894) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(ecb-twofish-3way)\x00'}, 0x58) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r1, 0x4010ae74, &(0x7f0000001640)={0x0, 0x0, 0x200}) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005e381e5b3b60ced5c54dbb7295df0df8217ad4000000000000000e6", 0x20) r4 = accept$alg(r3, 0x0, 0x0) sendmmsg$alg(r4, &(0x7f0000000180)=[{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000002780)="a7118230eef5e420406dc6a099da077d64d054e0293b261fd23e223ac994e771d39076c63413ac4c3797871c905a3788788903cb54e0b814d561537a2e51405ff0b5bbcb5fe7f41a21b44db2d47be29e7e805a6d3d2a98cea5945db9b758fad872a60d0c8531afe1dbf4d5962f155c685eb8975a7feafedf838264a64caf9ed61617b79b77d069e76fd54e623a555cba8ba8ca09edd10a35df95900f9d33c0a1432915befb630f3817870dd103772719fa860c424444da74127123d602411922ba69da4be74592a2633006173e3032637897f2b2c854f198ba142ec086f77c7e30554da81ed8e909212eb2741f5ead4e7826952da178501059ce35b6a7dad2492d6c300d7e3a79db4dbbcb077f7bd5155698c60f0f67aadd05b74021e51bb42bc76aff6b00934ccd3fd43c68f93fb297a3fc9dc07f703f71b3341914bcf9fa416488e25137c1fcd0ab2eeba0daba608a7d4b7fcefe1795bf172103383dc8244b07bd111b8c02971f3b5d39b75f0469b8b1f5c9752a82588556630412895521c47e4380fa879878b030df6a5c0d1c90c644ee38cef883b494bb804386bab3a4c4d8eddbf004c229c835b76841aec0169f7b84bc1d5e9b350673591e30c2764e389f20b0517201e5229dfe74f85c337fe98fecce8094f44057ade7cfb2242abd5f3e6cda843b91b129cd22d35614135637c0ace0ab6597b7b17e457b0a9e033d7ddaffb3e0bc990a17971e8d32003e08b0e5c25b17b69853325c912d0a1c1a53332c428db887922385e08a4cc0bc37215582f19ab59849188e7ddefbc3a7277beb7ec2ea3fa77b1de525d88b54757af0948c95cf2c6feea18071e479a0de1902089bff7c6ec3e338d52ddec29c124545881b5b9e3a56b221695e5d97024c47763c4927bbfd88d6ce901dde80956cc0dd9a4d820ed5da40ac4d12835999ad4d7b817cffba97b5ec9ed549083217029d522245335b181a9d90ce5c9271209aa89988458891424f0d7d11fa48f04e461fdeacf1367b2f3b71e168a501a5c0a8fa0a950047874651fedcaf2dfb490a0881e449070976c75546c691be5d32718ad4b49961d66adb0e75d0cf398c167f81c51d3804e741f825960e1c89bbf590731a61c21ac00e435d493ab66263a96b3b4f7ecccb1ef5550c782bde990e4bd3b738b652abcf99b88e81523abd30531a225575f31213f08cb8f88b77b35a8e332e47c41d01bda34d67e9caee3b3decf81bb42f58a0610f8cd56ec13d8d6effa7b8c7710cf31bc69ecea380613e9ac69142fedf1a39e6e83b6dc84882c537f23c8e6601412330d44696d711587cfd2433530ed7f9cdfbceb9af4babb5f74c4070df26e859e0564ee71ab1bdcb2b954ad12504614a7d0efebbc5a793d475ff5a7aa368e35def723102c7b4221248105db2dc39c14e8338167fc906939730708203bdac46bd37e3f97b8a7e0efb49279ee031a0732f1d1ef3c877447b432958bcd9f5d0febc59b439b4fa0bb9ab1bfeb451c3f203f1aee841a2379da0e89d3216cd96f9aebc38a5a330e7bea1f8016d655fe60d7077fe8b7aff504533d17f393af11e5fd350f3c5f4ac26c2102396408d8f7136f8a9e05cd45ae6ba1b277f684708136fe75c9a2d19961ff9f3a1c8d92ebcded91cf3fd8dd15ee8e736fe3f395e6eb8bde95ddd24258fb68bad6d5a508b68b77ffa8ed7f25c43343757833df59e024d551772f94a69929ce720d993b9e853b625af04b47e91a59a3c1b1b29c39796199b41aa72390c87919338b0b2f595c73a810231dffe470b4374023487a1a90bff58ba3e4e3ed0cc6b67dbdca0628885a010cf8cf092fb13181a4d6a8eba473989ca29b8b8ae6042d6f455768c19a602f9d47df0f3d4e37526db745facc0bf5c4ccd880438352e92a1144dcde4e63c1e4f7b42b6c5ae6df876ad4f5f5533deef339ba7d14d6867897421146d5d96b8bcb63b97d73835be1a4334df9ade8bd100a9d2f9126aefa031a320707e8b29d48257913bb37b8f83260e4ad88db013ade6f4952cc8c397465fe03b21ef2e935480c32eb1fb71cdb0dd87420360c8e984b9b07c9dfb4b7b40c42dff2693c029eeb9b77cadb8d408d73f005d25ad479360a01a2731a2207a1d60481b9d59b5ef54d995f8b67a905a747a4fda15fde7a432232e3cc32561b344dee355cc7e32bbd5fc1ad75288391df78017171dd228e1d368ab8969b0e23f7a16c5d6e67800d98b6c3dea15a6c7b76a25ea69c9cb75e7934a6adc326d6224d7ab2948eebc6f0a729c960e1c0c3c4eb5f89934ab7d3e67eafacb96387999be29f77685a99886f4131090a7cbc4ef0900dfcef0653ec51970ae8cb5f8f08c71e9b825fddffa9893dd95f3acc3a7fbab91d8ce44080eb0a2f66b7b064d74591ec06be4b043d9fb157294f4650c2a543e9696a5140ca128688472df977fa4c1667ad7a0986699a15578f5efa8267d581fd5267e4927a6fc073202289fd948e5ed9ff638f3ffed87764f3f7a371b2f30f1d906477a19dd93145e0d977f55939eb6ea2b05fc47704e720deaa229ca9b18bef779163ad80974d0be2251314a4bd2a3af946738f0b18c1134898d5b8e1d2e74e51552e0f1103c9870a5087e9487e0d33efcb922197bc10aafcecc6d0e116baa301b1f2b7c845d181572f4514c6b4a0d1b206074104ce0c7ec8b0a9b22290c94d14212c3f03752ce2e9cdab9608373508407d42366f1576b1c698209a5ebc570e60f94995c8cba57f02a637bb0fbdd2a3e33ec1c11ecf4ecc146e6bebc1222c6173718340f990cd905a62f9b375a93bcc80bb7b9816937e0243bae776fb7d98080bd0b7f324425725521c8e8bb906cf9517947eec7b2cfd18a8a93645254d86914ae411080b001355c44d5a6ffdec77651b941696a4770e794213b487bc7604f94726e095d105ad22cbd663f251516262225793ccd9833628a759fffe91e54aae2aff28de63844edb24fb0bffeaf984cd52d30ef3aa7ff9072059dbef925e2554e8ed6cf200120f32edd0a90936fc5b0881370ecaaaf3f3314304947d98688428e33387d47392eb32f9715734b056987ab9618f83cf010de3a6b87ef60273add766e719defdbd9ebb68746b476080f9c1b10578255cb962df386387f87ed4a9322d76798995053dfe68cdd1e3855d14cbe8dbcc1cc968d20e9954dfa5f279bc49b96fb1df74683a78eb1f0a668fb29c339a5baeb79c3d8030749ce8b90b73bfed120bd50fc7754c63c0690e1d8ab7299d4f95e84e97bc674c950a9e1d1541d5e0df6ce4e0a92b0f55a74b9bbed3d2dda26340ad4a2fe65d2c71c658cbd7e35ec7f006ea0e2caa06565b2147848cf0cf4a01ba2f17b6eae932c2d86cbef2fa071521da849cdcdbb5d9e0984f35198dbcc80538b1e406e742dded107d52bab2dbd2a9e4d48f51e7ffd5566619392ac2938d6f56b292ed34b633cbdf3a3907a7a4e9cfd770a097889818342ea1b7740fb79da30918b18b0e688ba82f454c6e2b23fb73a3bd407b3e4ac9fe8d785ebd2fb66b4834b78e47a545ec30da7f644368c17406af028ff4844eaa28fd051acf91f65bbbcc44fad7ed3781fcc6fba610e4fb29f1011ba96912d6b0fd3cd3e17773422c82d6ac47f876ee17932bd3ccf3df163150c22c54df4fb7289d0ed2d6e1df655cb1bf8ebe13b6410e56ac4b04fb84273d43008eb2872c7bdad9832b43c19c870bbf48f04211c2a778665c7ef3553b19b2beff91766cd203920a3e12b23a17ca30bd801d486aab6a5f12b938612913eb5507fd952ffbab2e76f3eee5de82e9a40a0ea45112ceb4204b0e2a3da1be128810973f5664bb2e7560be7c8835261b1b20909fb862101e34059964907b000b18c39a41566c51287c38c933a532726e58347e6f9dce930b10b74148999ec0093b2132d47d77f647304b2cb9539a8c98e9d0afe9f2743b4afd5b9b1ef8e3e0ca93de83b682657c6319ea1c9871f2b5094e30d61164e66ea4b6dd20104509955d61f91d14aa2e941fda2c64830178daff905ab163f6168f34b08d729ab7b65e2a8953be9028521ae53239b8af653521d2e07f1cb7704c31b95d8582849a72217ecaca777d73280daef123fba0e1a0166159f67f16d5c82e3a5dbc715b2e8f9e291a541330fc438943f3ce88d0ea448c200e6946d08bc50d1ceab202e84b05044bde6828ee6bc876eae1bbfdbf7268ab9fec11007ed2b39b86c20f39a186c2516bb7e6e67a7050b14537c1c26179d93ce411f016682e66e9a3e33f149bdd8a1701c0403453c5f3e7dc25e34acea7f05152f67fd766a04cb23f4ee7e006893b0b3d207268b82e2125f2bf0d1328b1f20c925592471f5eb1bab8c1450e181c15bff5847c7ba00ff26ebd61d6838b5879c123a5037d13b3bcbe989428d68d700693aa8196a67d304b116711f81f6f61a36c7f0f748dbfa1340b740818fab5dc4916a95622ab9f8e2c942a204bad25b06e3f255de10bd84f9f7cdcfea84c98afb4770840bf5330c6548631f0aebad9625415885dcc857506298c172eef922a7934ba086976e81ae7edfd3ee3bcf54e07fd952ae5b7b641bdfefffc06323c6e5c6acf338a7f934bee681570bce05638c6405fa7bfddc60a151c7f89b858037a12c61b3bd5245850db831c68a2faab54094b2025777a328fb285781bd761eb4ce7d34816265db102212a3e4f6a085871b3a3c20d2565efd39d8bafea36f18a78b34a9e841839f2ec096ea2fd7f74a32f2d2a18830c54d7e7fa9bb9f3eed3c0e23a27fcaf8d7b2170a8f1700000000d070853427df05d933b00151da7256e14a16cb8814264da2c341075fcc15b07505be23f45cba12e6af5a606e3bf4709532b5e118aa41762f2234957559936cf6339629e55940ded5bc1b9c85c60384a391f0e9785f878dcd94cf5526b3574b47226b4eb6638c333fe658e0feb9c3007b8963fa8040684ec26cd17761d3a59b2b3879cdc08e84dde92c43831f169748b7927231adc8fa62914a685da299c746a5aebc527da570a3d5d36bca3f9f74a5ee86ac671e6b001887aa16266210eede6ab8cc3aa34b3ce1d442b8271db73772bdac9eb8cd0a61f257c5802046553cd660629d76114d054687e56a20d567f2362cf71c72d7b7b898c2c3e88474df942d6c3c76b753339cfffe3e99eda176e451bd5d5b90a5fe4d39294a299c1dfc6686a7c2ccd827886d6d145cc4412e4aa23319aeba46bf07960a49b7eb962b57c536fdfe0ab64b52535ae1978bcab3eded29b15fac4a3826b0b62fdc3d0784144eefb57be2f4e9b8868db11e69565b05197d7232a8b96b43fc6a52d7cc89ae8545145f41f1c47343f67837bfc4f2af87d8b8f066092858f6ff905b32801d9e424db8b48933a5c3b9e1ac001f1487c0694d4108f2033ddf2483514a9e2ddb43face0586bacdc77c7da3890626237311a4507f782edbf235159329397f29863cd64910a4b348083d52f9174718e1dabc0e028ec617926c4acb949d9ce65f969deb6c8bce742f2e5bc0beec3f063156b2e13abaaa38b599781020503cd198176ad9d99798b07754ab366322e39ac06b7f2d32f675c1680c0c9bd5f3ae7005426a45014421a18980442a0671ec260cf1a778f5835e725ed93eb2236bd7b208094e93e8cf2b1a78c9a13096adf98eec7e3319cb60c43c72ceecba9f1a9e5dd98dcc3c1fe03a39483b6d2e2c780968c510b853d8d1e2e3f5d6a2f2", 0xfd0}], 0x1, &(0x7f0000001500)}], 0x1, 0x0) recvmsg(r4, &(0x7f0000001440)={&(0x7f0000000280)=@sco, 0x80, &(0x7f00000013c0)=[{&(0x7f00000003c0)=""/4096, 0x1000}], 0x1, &(0x7f0000001400)=""/6, 0x6}, 0x0) r5 = memfd_create(&(0x7f0000000140)=']mime_typeposix_acl_accesskeyring\x00', 0x3) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, &(0x7f0000001700)={0x7f, 0xa0f, 0x7, 0x504}) socket$inet_smc(0x2b, 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r2, 0xc008551a, &(0x7f0000001480)=ANY=[@ANYBLOB]) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r5) getsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f00000015c0), &(0x7f0000001600)=0x4) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_int(r6, 0x29, 0x42, &(0x7f0000000000), &(0x7f0000000100)=0x4) connect$nfc_raw(r2, &(0x7f0000000040)={0x27}, 0x10) 2018/04/21 02:41:07 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) dup3(0xffffffffffffffff, r0, 0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000100), &(0x7f0000000180)=0x8) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000fcdfe8)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) read(r0, &(0x7f0000465f8e)=""/114, 0x72) perf_event_open(&(0x7f0000001180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001140)}}, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000040)='a\x00') ioctl$UFFDIO_UNREGISTER(r1, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 2018/04/21 02:41:07 executing program 5: r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f00000000c0)={0x18, 0x0, {0x1, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], 'ip6_vti0\x00'}}, 0x1e) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f00000001c0)) 2018/04/21 02:41:07 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net\x00') exit(0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getdents(r0, &(0x7f0000004080)=""/4096, 0x1000) 2018/04/21 02:41:07 executing program 6: r0 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(r0, 0x40045402, &(0x7f0000000b80)=0xffffffffefffffdb) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000001000)={{0x100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f000001cfb0)={0x0, 0x6, 0x0, 0x0, 0xf}) poll(&(0x7f0000000000)=[{r0}], 0x1, 0x7ff) ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0) 2018/04/21 02:41:07 executing program 0: prctl$seccomp(0x16, 0x0, &(0x7f0000000b40)) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000a40), 0x0, 0x0) ioctl$KVM_GET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee2, &(0x7f0000000100)={0x0, 0x0, 0x0, &(0x7f00000000c0)}) r0 = syz_open_dev$sg(&(0x7f0000001000)='/dev/sg#\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x52, r0, 0x0) 2018/04/21 02:41:07 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000100)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @random="7d73cf61100f", [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @broadcast=0xffffffff}, @igmp={0x16, 0x0, 0x0, @multicast2=0xe0000002}}}}}, &(0x7f0000000200)) 2018/04/21 02:41:08 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000eb0fb8)={0x1, 0x3, &(0x7f00009ff000)=ANY=[@ANYBLOB="180000000300000000000000000000009500008000000000"], &(0x7f0000000000)='syzkaller\x00', 0x101, 0xb7, &(0x7f00006ab000)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f000031aff8)={r0, r1}) r3 = syz_open_procfs(0x0, &(0x7f000018cff6)='net/kcm\x00\b\x00') write(r2, &(0x7f0000000340)="54b6ef83549fd5af817ef2334d6d5f475be70f3d416c3b4320169c0b537f3e709808bf0aa220af441828c98ec28c8ed605b785b8f4939f20695f7cd6ec9fe5e38ac2f1780c7da80ce4784abb1879a42635f11665efdc92ffc82c0c071fc5d379ef2b9e5228000000000000002032bb6fc11dda7e91c86bb149c0dc538883b7239febbba86a5653625661943987aae2831ae4ae13252e25d91b549f7dcd08aec33b226fd415edc2c9815473eaf9530a73b7b9eb18396f1d26cc68d79150d89be677e6d893a7cec00ead0d0f2d3cee6e0247025e8d567c45e2cc5585acf92e0b7d0347027bf71220a3d5ecef79b0cf5d0d067b4a312a54840a02c2b85cd9bc786a377438cedb5987d242c768182b5adf4653ffca4646618a29de63db7ef746d9198636c377e65a559ae901ff94883eef061f590ed84b30d8ddf2bd1a8d9be39ea286bed2087e879adca1ab9e6a2855d616fe5b673dfe4ecb4b675d2e0f1cee075f75b58ca540391b12aaa6c41223b0bd019d85ae4d9cf83acfdbbbcf01f8ef052c450b8a", 0x183) readv(r3, &(0x7f0000c43f70)=[{&(0x7f0000ea5000)=""/4096, 0x1000}], 0x1) 2018/04/21 02:41:08 executing program 0: r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$join(0x1, &(0x7f0000000080)={0x73, 0x79, 0x7a}) keyctl$describe(0x7, r0, &(0x7f0000000200)=""/4096, 0x1000) 2018/04/21 02:41:08 executing program 5: r0 = gettid() socketpair(0x1, 0x1, 0x0, &(0x7f000000dff8)={0xffffffffffffffff, 0xffffffffffffffff}) write$sndseq(r1, &(0x7f0000bce000), 0xffffff36) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) tkill(r0, 0x1000000000016) 2018/04/21 02:41:08 executing program 7: r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) connect$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x82}]}, 0x10) sendmsg(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000001040)="5ddea4fac1387bb94db84bf57d1429e54ca3f72e74fb6a971ff7ae015c6667abaeea4357fe017c1700c6c49739e0f357f15f4e9636006bd9777c2691c40930f52733d140e9d050e03f6f80f668054968532d945150ca6ba1f149757475d30fdc4df712485eff9bd62b41099d60d2e15bad8e8f6cc355948ca0bd04c478910130a80184d73c2122ab85ce5028094f9a9a268b8e82308d7071a5470e", 0x9b}], 0x1, &(0x7f0000001280)=ANY=[], 0x0, 0x1000000000000}, 0x8094) recvmsg(r0, &(0x7f00000007c0)={&(0x7f0000000580)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x80, &(0x7f0000000a80)=[{&(0x7f0000000740)=""/2, 0x2}, {&(0x7f0000000780)=""/1, 0x1}, {&(0x7f00000008c0)=""/124, 0x7c}, {&(0x7f0000000940)=""/142, 0x8e}, {&(0x7f0000000a00)=""/108, 0x6c}], 0x5, &(0x7f0000000b00)=""/207, 0xcf, 0x6}, 0x20) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000040), 0x4) sendmsg(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000600)="d05c082d9eca70a0e43a29610da4e16c1b59cd8c85743eab1fc5223ee5e7b80757343cc18a98438d9f7ba1cce269e8ca21b09978043c7678c453415bb4d6c8cfd692d9cf85bd5342bbd7767df63cf75b9a5d1f02486d364b476a2b1f5a7ba8f8925062b024e379d554c4e5e65f106fa0b4006e36286e1759", 0x78}], 0x1, &(0x7f0000001100), 0x0, 0x80}, 0x40081) recvmsg(r0, &(0x7f0000000f80)={&(0x7f0000000800)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, 0x80, &(0x7f0000000880)=[{&(0x7f0000000e00)=""/211, 0xd3}, {&(0x7f0000000f00)=""/102, 0x66}], 0x2, 0x0, 0x0, 0x1000}, 0x40000000) 2018/04/21 02:41:08 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net\x00') exit(0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getdents(r0, &(0x7f0000004080)=""/4096, 0x1000) 2018/04/21 02:41:08 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) dup3(0xffffffffffffffff, r0, 0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000100), &(0x7f0000000180)=0x8) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000fcdfe8)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) read(r0, &(0x7f0000465f8e)=""/114, 0x72) perf_event_open(&(0x7f0000001180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001140)}}, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000040)='a\x00') ioctl$UFFDIO_UNREGISTER(r1, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 2018/04/21 02:41:08 executing program 6: r0 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(r0, 0x40045402, &(0x7f0000000b80)=0xffffffffefffffdb) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000001000)={{0x100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f000001cfb0)={0x0, 0x6, 0x0, 0x0, 0xf}) poll(&(0x7f0000000000)=[{r0}], 0x1, 0x7ff) ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0) 2018/04/21 02:41:08 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/snmp\x00') sendfile(r0, r0, &(0x7f0000000080)=0x2003, 0x1) 2018/04/21 02:41:08 executing program 0: r0 = syz_open_dev$audion(&(0x7f0000000280)='/dev/audio#\x00', 0x6, 0x20401) r1 = accept4$netrom(r0, &(0x7f0000000300), &(0x7f0000000380)=0xfffffef7, 0x80000) r2 = fcntl$dupfd(r1, 0x406, 0xffffffffffffffff) getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffff9c, 0x84, 0xe, &(0x7f0000000000)={0x0, 0x7fffffff, 0x862, 0x7fff, 0x5, 0x4, 0x69f, 0xfffffffffffffffc, {0x0, @in={{0x2, 0x4e24}}, 0x7, 0x81, 0x0, 0x5, 0x1}}, &(0x7f00000000c0)=0xb0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000100)=@sack_info={r3, 0x8, 0x100000000000}, 0xc) fallocate(r2, 0x2, 0x6, 0x800) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(&(0x7f000000a000)='./file0\x00', &(0x7f0000ee6000)='./file0\x00', &(0x7f000092e000)='mqueue\x00', 0x800, &(0x7f0000cde000)) r4 = open(&(0x7f000041d000)='./file0\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r2, 0xc058534b, &(0x7f0000000200)={0x3, 0x8, 0x1, 0x401, 0xfffffffffffffffb, 0x80000000}) getdents64(r4, &(0x7f00003cdf66)=""/120, 0x78) ioctl$SIOCGIFHWADDR(r0, 0x8927, &(0x7f0000000180)) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) fcntl$addseals(r5, 0x409, 0x2) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f00000002c0), &(0x7f0000000340)=0x14) rmdir(&(0x7f00000001c0)='./file0\x00') 2018/04/21 02:41:08 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000eb0fb8)={0x1, 0x3, &(0x7f00009ff000)=ANY=[@ANYBLOB="180000000300000000000000000000009500008000000000"], &(0x7f0000000000)='syzkaller\x00', 0x101, 0xb7, &(0x7f00006ab000)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f000031aff8)={r0, r1}) r3 = syz_open_procfs(0x0, &(0x7f000018cff6)='net/kcm\x00\b\x00') write(r2, &(0x7f0000000340)="54b6ef83549fd5af817ef2334d6d5f475be70f3d416c3b4320169c0b537f3e709808bf0aa220af441828c98ec28c8ed605b785b8f4939f20695f7cd6ec9fe5e38ac2f1780c7da80ce4784abb1879a42635f11665efdc92ffc82c0c071fc5d379ef2b9e5228000000000000002032bb6fc11dda7e91c86bb149c0dc538883b7239febbba86a5653625661943987aae2831ae4ae13252e25d91b549f7dcd08aec33b226fd415edc2c9815473eaf9530a73b7b9eb18396f1d26cc68d79150d89be677e6d893a7cec00ead0d0f2d3cee6e0247025e8d567c45e2cc5585acf92e0b7d0347027bf71220a3d5ecef79b0cf5d0d067b4a312a54840a02c2b85cd9bc786a377438cedb5987d242c768182b5adf4653ffca4646618a29de63db7ef746d9198636c377e65a559ae901ff94883eef061f590ed84b30d8ddf2bd1a8d9be39ea286bed2087e879adca1ab9e6a2855d616fe5b673dfe4ecb4b675d2e0f1cee075f75b58ca540391b12aaa6c41223b0bd019d85ae4d9cf83acfdbbbcf01f8ef052c450b8a", 0x183) readv(r3, &(0x7f0000c43f70)=[{&(0x7f0000ea5000)=""/4096, 0x1000}], 0x1) 2018/04/21 02:41:08 executing program 4: r0 = syz_open_dev$tun(&(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'nr0\x00', 0x601}) mmap(&(0x7f0000000000/0x53000)=nil, 0x53000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000000)) 2018/04/21 02:41:08 executing program 0: syz_mount_image$ext4(&(0x7f0000000500)='ext3~', &(0x7f0000000140)='/\x00', 0x0, 0x0, &(0x7f0000000300), 0x28020, &(0x7f0000000180)={[{@errors_continue='errors=continue', 0x2c}]}) 2018/04/21 02:41:08 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000eb0fb8)={0x1, 0x3, &(0x7f00009ff000)=ANY=[@ANYBLOB="180000000300000000000000000000009500008000000000"], &(0x7f0000000000)='syzkaller\x00', 0x101, 0xb7, &(0x7f00006ab000)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f000031aff8)={r0, r1}) r3 = syz_open_procfs(0x0, &(0x7f000018cff6)='net/kcm\x00\b\x00') write(r2, &(0x7f0000000340)="54b6ef83549fd5af817ef2334d6d5f475be70f3d416c3b4320169c0b537f3e709808bf0aa220af441828c98ec28c8ed605b785b8f4939f20695f7cd6ec9fe5e38ac2f1780c7da80ce4784abb1879a42635f11665efdc92ffc82c0c071fc5d379ef2b9e5228000000000000002032bb6fc11dda7e91c86bb149c0dc538883b7239febbba86a5653625661943987aae2831ae4ae13252e25d91b549f7dcd08aec33b226fd415edc2c9815473eaf9530a73b7b9eb18396f1d26cc68d79150d89be677e6d893a7cec00ead0d0f2d3cee6e0247025e8d567c45e2cc5585acf92e0b7d0347027bf71220a3d5ecef79b0cf5d0d067b4a312a54840a02c2b85cd9bc786a377438cedb5987d242c768182b5adf4653ffca4646618a29de63db7ef746d9198636c377e65a559ae901ff94883eef061f590ed84b30d8ddf2bd1a8d9be39ea286bed2087e879adca1ab9e6a2855d616fe5b673dfe4ecb4b675d2e0f1cee075f75b58ca540391b12aaa6c41223b0bd019d85ae4d9cf83acfdbbbcf01f8ef052c450b8a", 0x183) readv(r3, &(0x7f0000c43f70)=[{&(0x7f0000ea5000)=""/4096, 0x1000}], 0x1) 2018/04/21 02:41:08 executing program 4: r0 = syz_open_dev$tun(&(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'nr0\x00', 0x601}) mmap(&(0x7f0000000000/0x53000)=nil, 0x53000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000000)) [ 85.195221] EXT4-fs (sda1): re-mounted. Opts: errors=continue, [ 85.241121] EXT4-fs (sda1): re-mounted. Opts: errors=continue, 2018/04/21 02:41:08 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(ecb-camellia-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005e381e5b3b60ced5c54dbb7295df0df8217ad4000000000000000e6", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f00000028c0)=[{0x0, 0x0, &(0x7f0000002840)=[{&(0x7f0000002740)="c1", 0x1}], 0x1}], 0x1, 0x48001) sendmmsg$alg(r1, &(0x7f0000002540)=[{0x0, 0x0, &(0x7f00000024c0), 0x0, &(0x7f0000002500)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000001440)={&(0x7f0000000000)=@sco, 0x80, &(0x7f00000013c0)=[{&(0x7f00000003c0)=""/4096, 0x1000}], 0x1, &(0x7f0000001400)=""/6, 0x6}, 0x0) 2018/04/21 02:41:08 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000232ff6)='/dev/ptmx\x00', 0x2, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) syz_open_dev$usbmon(&(0x7f0000000100)='/dev/usbmon#\x00', 0x4, 0x0) r1 = syz_open_pts(r0, 0x0) write(r0, &(0x7f0000000080)="a2f5d65772deea303e0200000000002d89360ac2017c926d5ec1a2420de2395f6427e3efbb00000f0450fd5ff01abd56add84589e00ca08ed60c49e69c0c0800000000000000f827edc69c58b7246984668e0300000000000000025476e272be0f000004", 0x64) read(r1, &(0x7f0000de2000)=""/181, 0x2a5) 2018/04/21 02:41:08 executing program 4: r0 = syz_open_dev$tun(&(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'nr0\x00', 0x601}) mmap(&(0x7f0000000000/0x53000)=nil, 0x53000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000000)) 2018/04/21 02:41:08 executing program 4: r0 = syz_open_dev$tun(&(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'nr0\x00', 0x601}) mmap(&(0x7f0000000000/0x53000)=nil, 0x53000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000000)) 2018/04/21 02:41:09 executing program 5: pipe2(&(0x7f0000989000)={0xffffffffffffffff}, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000d62fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f000009aff8)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2), 0xf3) pwrite64(r2, &(0x7f0000000000), 0x0, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0x0) dup2(r0, r1) 2018/04/21 02:41:09 executing program 0: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000180)='./file0\x00', 0xfffffffffffffeff, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401000200077008f8", 0x16}], 0x0, &(0x7f00000000c0)=ANY=[]) r0 = open(&(0x7f0000000080)='./file0/file0\x00', 0x3fffa, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x0, 0x20000000001, 0x0, 0x0, 0x3e}, 0x0) pwritev(r0, &(0x7f0000002640)=[{&(0x7f0000000400)="218b44b6525d63c5f5", 0x9}], 0x1, 0x0) ftruncate(r0, 0x9) [ 85.960309] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17) [ 85.967791] FAT-fs (loop0): Filesystem has been set read-only [ 85.990784] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17) 2018/04/21 02:41:10 executing program 6: r0 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(r0, 0x40045402, &(0x7f0000000b80)=0xffffffffefffffdb) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000001000)={{0x100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f000001cfb0)={0x0, 0x6, 0x0, 0x0, 0xf}) poll(&(0x7f0000000000)=[{r0}], 0x1, 0x7ff) ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0) 2018/04/21 02:41:10 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000fb6000)=""/28, 0x1c) r1 = getpid() sched_setaffinity(r1, 0x8, &(0x7f0000d4b000)=0x2) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4", 0xa9824f69d1376637, 0x10800a}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f000019ffe9)={0xc1}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0x404c534a, &(0x7f0000000240)) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f00000001c0)) 2018/04/21 02:41:10 executing program 3: r0 = socket$inet(0x10, 0x3, 0xc) sendmsg(r0, &(0x7f000001d000)={0x0, 0x0, &(0x7f0000024000)=[{&(0x7f0000020f88)="24000000100007031dfffd946fa2830020200a0009000300001d85687f0000000400ff7e28000000080a43ba16a0aa1ca10bb356da5d8060000000060000000029ec2400020cd37ed01cc073", 0x4c}], 0x1}, 0x0) 2018/04/21 02:41:10 executing program 5: pipe2(&(0x7f0000989000)={0xffffffffffffffff}, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000d62fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f000009aff8)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2), 0xf3) pwrite64(r2, &(0x7f0000000000), 0x0, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0x0) dup2(r0, r1) 2018/04/21 02:41:10 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) sendto$inet6(r0, &(0x7f0000003fd9), 0x5e0, 0x0, &(0x7f0000008000)={0xa, 0x0, 0x12, @ipv4={[], [0xff, 0xff], @multicast2=0xe0000002}}, 0x1c) 2018/04/21 02:41:10 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net\x00') exit(0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getdents(r0, &(0x7f0000004080)=""/4096, 0x1000) 2018/04/21 02:41:10 executing program 0: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000180)='./file0\x00', 0xfffffffffffffeff, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401000200077008f8", 0x16}], 0x0, &(0x7f00000000c0)=ANY=[]) r0 = open(&(0x7f0000000080)='./file0/file0\x00', 0x3fffa, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x0, 0x20000000001, 0x0, 0x0, 0x3e}, 0x0) pwritev(r0, &(0x7f0000002640)=[{&(0x7f0000000400)="218b44b6525d63c5f5", 0x9}], 0x1, 0x0) ftruncate(r0, 0x9) 2018/04/21 02:41:10 executing program 7: r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) connect$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x82}]}, 0x10) sendmsg(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000001040)="5ddea4fac1387bb94db84bf57d1429e54ca3f72e74fb6a971ff7ae015c6667abaeea4357fe017c1700c6c49739e0f357f15f4e9636006bd9777c2691c40930f52733d140e9d050e03f6f80f668054968532d945150ca6ba1f149757475d30fdc4df712485eff9bd62b41099d60d2e15bad8e8f6cc355948ca0bd04c478910130a80184d73c2122ab85ce5028094f9a9a268b8e82308d7071a5470e", 0x9b}], 0x1, &(0x7f0000001280)=ANY=[], 0x0, 0x1000000000000}, 0x8094) recvmsg(r0, &(0x7f00000007c0)={&(0x7f0000000580)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x80, &(0x7f0000000a80)=[{&(0x7f0000000740)=""/2, 0x2}, {&(0x7f0000000780)=""/1, 0x1}, {&(0x7f00000008c0)=""/124, 0x7c}, {&(0x7f0000000940)=""/142, 0x8e}, {&(0x7f0000000a00)=""/108, 0x6c}], 0x5, &(0x7f0000000b00)=""/207, 0xcf, 0x6}, 0x20) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000040), 0x4) sendmsg(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000600)="d05c082d9eca70a0e43a29610da4e16c1b59cd8c85743eab1fc5223ee5e7b80757343cc18a98438d9f7ba1cce269e8ca21b09978043c7678c453415bb4d6c8cfd692d9cf85bd5342bbd7767df63cf75b9a5d1f02486d364b476a2b1f5a7ba8f8925062b024e379d554c4e5e65f106fa0b4006e36286e1759", 0x78}], 0x1, &(0x7f0000001100), 0x0, 0x80}, 0x40081) recvmsg(r0, &(0x7f0000000f80)={&(0x7f0000000800)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, 0x80, &(0x7f0000000880)=[{&(0x7f0000000e00)=""/211, 0xd3}, {&(0x7f0000000f00)=""/102, 0x66}], 0x2, 0x0, 0x0, 0x1000}, 0x40000000) 2018/04/21 02:41:10 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000017000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0) r3 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000358fe0)={r3, 0x0, 0x2, r2}) [ 86.800903] netlink: 20 bytes leftover after parsing attributes in process `syz-executor3'. [ 86.915343] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17) [ 86.922775] FAT-fs (loop0): Filesystem has been set read-only 2018/04/21 02:41:11 executing program 3: perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000c93000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000002000)}) close(r0) ioctl$KVM_GET_EMULATED_CPUID(0xffffffffffffffff, 0xc008ae09, &(0x7f00000003c0)=""/35) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f0000008000)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x14, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}, @enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000008f37)}) 2018/04/21 02:41:11 executing program 4: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401008200027000f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mkdir(&(0x7f0000000080)="2e2f66696c65302f66696c6530fe", 0x0) 2018/04/21 02:41:11 executing program 0: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000180)='./file0\x00', 0xfffffffffffffeff, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401000200077008f8", 0x16}], 0x0, &(0x7f00000000c0)=ANY=[]) r0 = open(&(0x7f0000000080)='./file0/file0\x00', 0x3fffa, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x0, 0x20000000001, 0x0, 0x0, 0x3e}, 0x0) pwritev(r0, &(0x7f0000002640)=[{&(0x7f0000000400)="218b44b6525d63c5f5", 0x9}], 0x1, 0x0) ftruncate(r0, 0x9) 2018/04/21 02:41:11 executing program 6: r0 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(r0, 0x40045402, &(0x7f0000000b80)=0xffffffffefffffdb) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000001000)={{0x100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f000001cfb0)={0x0, 0x6, 0x0, 0x0, 0xf}) poll(&(0x7f0000000000)=[{r0}], 0x1, 0x7ff) ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0) 2018/04/21 02:41:11 executing program 1: r0 = socket(0x10, 0x80002, 0x0) fgetxattr(r0, &(0x7f0000000100)=@known='system.sockprotoname\x00', &(0x7f0000000140)=""/5, 0x5) 2018/04/21 02:41:11 executing program 5: pipe2(&(0x7f0000989000)={0xffffffffffffffff}, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000d62fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f000009aff8)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2), 0xf3) pwrite64(r2, &(0x7f0000000000), 0x0, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0x0) dup2(r0, r1) 2018/04/21 02:41:11 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/protocols\x00') sendfile(r0, r0, &(0x7f0000000040)=0x8000003, 0x400000fc) connect$ax25(r0, &(0x7f0000000100)={0x3, {"0fa7e3e1d3e520"}, 0x5}, 0x10) ioctl$EVIOCSABS0(r0, 0x401845c0, &(0x7f0000000000)={0x6, 0x7, 0x1e64de8e, 0x96, 0x3f, 0x9}) [ 87.878190] FAT-fs (loop4): Directory bread(block 131) failed [ 87.884545] binder: 7004:7007 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 87.892524] FAT-fs (loop4): Directory bread(block 132) failed [ 87.897671] binder: 7004:7017 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 87.914641] FAT-fs (loop4): Directory bread(block 133) failed [ 87.945656] FAT-fs (loop4): Directory bread(block 134) failed [ 87.971611] FAT-fs (loop4): Directory bread(block 135) failed [ 87.981528] binder: undelivered death notification, 0000000000000000 [ 87.986217] FAT-fs (loop4): Directory bread(block 136) failed 2018/04/21 02:41:11 executing program 3: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f0000000140)={0x2, 0x0, @loopback=0x7f000001}, 0x10) connect$inet(r0, &(0x7f0000024ff0)={0x2, 0x0, @loopback=0x7f000001}, 0x10) sendmsg(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)='Z', 0x1}], 0x1, &(0x7f0000000440)=[{0x10, 0x10000000114, 0x3}], 0x10}, 0x0) 2018/04/21 02:41:11 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/protocols\x00') sendfile(r0, r0, &(0x7f0000000040)=0x8000003, 0x400000fc) connect$ax25(r0, &(0x7f0000000100)={0x3, {"0fa7e3e1d3e520"}, 0x5}, 0x10) ioctl$EVIOCSABS0(r0, 0x401845c0, &(0x7f0000000000)={0x6, 0x7, 0x1e64de8e, 0x96, 0x3f, 0x9}) [ 87.998154] FAT-fs (loop4): Directory bread(block 137) failed [ 88.006380] FAT-fs (loop4): Directory bread(block 138) failed [ 88.014702] FAT-fs (loop4): Directory bread(block 139) failed [ 88.020846] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17) [ 88.020977] FAT-fs (loop4): Directory bread(block 140) failed [ 88.028259] FAT-fs (loop0): Filesystem has been set read-only 2018/04/21 02:41:11 executing program 3: syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='dmask']) 2018/04/21 02:41:11 executing program 0: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000180)='./file0\x00', 0xfffffffffffffeff, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401000200077008f8", 0x16}], 0x0, &(0x7f00000000c0)=ANY=[]) r0 = open(&(0x7f0000000080)='./file0/file0\x00', 0x3fffa, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x0, 0x20000000001, 0x0, 0x0, 0x3e}, 0x0) pwritev(r0, &(0x7f0000002640)=[{&(0x7f0000000400)="218b44b6525d63c5f5", 0x9}], 0x1, 0x0) ftruncate(r0, 0x9) 2018/04/21 02:41:11 executing program 4: r0 = memfd_create(&(0x7f0000000040)='\x00\x00\x00\x00', 0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lseek(r0, 0xffffffffffffffff, 0x4) 2018/04/21 02:41:11 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/protocols\x00') sendfile(r0, r0, &(0x7f0000000040)=0x8000003, 0x400000fc) connect$ax25(r0, &(0x7f0000000100)={0x3, {"0fa7e3e1d3e520"}, 0x5}, 0x10) ioctl$EVIOCSABS0(r0, 0x401845c0, &(0x7f0000000000)={0x6, 0x7, 0x1e64de8e, 0x96, 0x3f, 0x9}) [ 88.145455] ntfs: (device loop3): parse_options(): The dmask option requires an argument. [ 88.196170] ntfs: (device loop3): parse_options(): The dmask option requires an argument. 2018/04/21 02:41:11 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/protocols\x00') sendfile(r0, r0, &(0x7f0000000040)=0x8000003, 0x400000fc) connect$ax25(r0, &(0x7f0000000100)={0x3, {"0fa7e3e1d3e520"}, 0x5}, 0x10) ioctl$EVIOCSABS0(r0, 0x401845c0, &(0x7f0000000000)={0x6, 0x7, 0x1e64de8e, 0x96, 0x3f, 0x9}) [ 88.300607] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17) [ 88.308043] FAT-fs (loop0): Filesystem has been set read-only 2018/04/21 02:41:12 executing program 3: syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='dmask']) 2018/04/21 02:41:12 executing program 4: r0 = socket$inet6(0xa, 0x20008000000001, 0x8010000000000084) getsockopt(r0, 0x84, 0x8000000006d, &(0x7f0000feeff8)=""/8, &(0x7f00003e4ffc)=0x291) 2018/04/21 02:41:12 executing program 5: pipe2(&(0x7f0000989000)={0xffffffffffffffff}, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000d62fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f000009aff8)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2), 0xf3) pwrite64(r2, &(0x7f0000000000), 0x0, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0x0) dup2(r0, r1) 2018/04/21 02:41:12 executing program 4: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc\x00', 0x0, 0x0) ioctl$KVM_PPC_ALLOCATE_HTAB(r0, 0xc004aea7, &(0x7f0000000000)=0x3) ioctl$int_in(r0, 0x5452, &(0x7f0000000180)=0x2) 2018/04/21 02:41:12 executing program 3: syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='dmask']) [ 88.792838] ntfs: (device loop3): parse_options(): The dmask option requires an argument. 2018/04/21 02:41:12 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_ifreq(r0, 0x0, &(0x7f0000000000)={'syzkaller0\x00', @ifru_flags=0x4000}) 2018/04/21 02:41:12 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0xf) close(r2) bind$unix(r1, &(0x7f0000904000)=@file={0x1, './file0\x00'}, 0xa) r3 = open(&(0x7f00006aa000)='./file0\x00', 0x200000, 0x0) sendmsg$unix(r0, &(0x7f0000163000)={&(0x7f0000000000)=@abs, 0x8, &(0x7f0000026000), 0x0, &(0x7f0000000ff0)=[@rights={0x18, 0x1, 0x1, [r2]}], 0x18}, 0x0) readv(r1, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/25, 0x19}], 0x1) ioctl$SNDRV_CTL_IOCTL_PVERSION(r3, 0x80045500, &(0x7f0000000200)=""/3) ioctl$EVIOCSMASK(r3, 0x40104593, &(0x7f00000001c0)={0x17, 0x79, &(0x7f0000000100)="7ba34f7aa0d388070ade842160c2ef34ce64c6eccaf26fb1f0b16d900d72e51e3ed38b15b32f2ff34587597f58ee9e6d65341ee796e60346aefa5c3aa33978b66a6170a0d08c96957986b3560d0e35559617f26dffb0b23030a90c5cd777c9ccf62c9b822888496e9e6ad7137b001e366d008d5e4ab0755536"}) 2018/04/21 02:41:12 executing program 3: syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='dmask']) [ 88.868337] ntfs: (device loop3): parse_options(): The dmask option requires an argument. [ 88.945267] ntfs: (device loop3): parse_options(): The dmask option requires an argument. 2018/04/21 02:41:12 executing program 7: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x7, 0xa8900) ioctl$KVM_IRQ_LINE(r0, 0x4008ae61, &(0x7f0000000080)={0x7}) syz_emit_ethernet(0x66, &(0x7f0000101000)={@random="cd390b081bf2", @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@ipv6={0x86dd, {0x0, 0x6, "02290f", 0x30, 0x3a, 0x0, @ipv4={[], [0xff, 0xff], @rand_addr}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@pkt_toobig={0xffffff80, 0x0, 0x0, 0x0, {0x0, 0x6, "9433df", 0x0, 0x0, 0x0, @loopback={0x0, 0x1}, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb]}}}}}}}}, 0x0) 2018/04/21 02:41:12 executing program 2: mkdir(&(0x7f0000000280)='./file0\x00', 0x0) perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f00000001c0)='debugfs\x00', 0x4005, &(0x7f000000a000)) 2018/04/21 02:41:12 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_ifreq(r0, 0x89f9, &(0x7f00000005c0)={"73697430000100003f6a3ea4d7e087bc", @ifru_map={0x800000}}) 2018/04/21 02:41:12 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000014000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x804d, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2018/04/21 02:41:12 executing program 1: r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000003fc8)={&(0x7f0000000000)=@nl=@proc={0x10}, 0x80, &(0x7f0000002000)=[{&(0x7f0000001000)="5500000018007fafb72d1cb2a4a280930206000000a843096c26236925000900210000000007ca8a9848a3c728f1c46b7b31afdc1338d54400009b84136ef75afb83de448daa7227c43ab8220400bf0cec6bab91d4", 0x55}], 0x1, &(0x7f0000004000)}, 0x0) 2018/04/21 02:41:12 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000300)=@join_mcast={0x16, 0x98, 0xfa00, {&(0x7f00000002c0), 0x0, 0xffffffff, 0x30, 0x1, @ib={0x1b, 0x0, 0x0, {"5470db10ebcb71b06138d490f1c5c7be"}}}}, 0xa0) 2018/04/21 02:41:12 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000308000)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS(r0, 0x1268, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "3900ea631d00000000020000010000009f00000023f7b7d65f90b0e6330ee739b319d8f6aa6bd58d1443474482e85040fb4947ebb55bd19f335b5bffff0001f3", "cfa430745a540dc1c149b7b81579f6a41c51f7d51933223e82ab867dac761faf"}) 2018/04/21 02:41:12 executing program 6: mknod(&(0x7f0000000840)='./file0\x00', 0x0, 0x0) syz_fuse_mount(&(0x7f0000000080)='./file0\x00', 0x1000, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x2, 0x0) open_by_handle_at(r0, &(0x7f0000000000)={0x8}, 0x0) 2018/04/21 02:41:12 executing program 3: sigaltstack(&(0x7f00006cd000/0x2000)=nil, 0x0) madvise(&(0x7f0000153000/0x800000)=nil, 0x800000, 0xf) modify_ldt$read_default(0x2, &(0x7f0000735000)=""/1, 0x1) 2018/04/21 02:41:12 executing program 7: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = accept(r0, &(0x7f0000000140)=@ipx, &(0x7f00000001c0)=0x80) bind$rds(r1, &(0x7f0000000200)={0x2, 0x4e20, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000440)={0x2, &(0x7f0000000400)=[{0x34, 0x0, 0x0, 0xfffff028}, {0x16}]}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv4_newroute={0x1c, 0x18, 0x300, 0x70bd2d, 0x25dfdbfc, {0x2, 0x10, 0x10, 0x10000, 0xfe, 0x0, 0xfd66b1b169f94f2d, 0x7, 0x1800}}, 0x1c}, 0x1, 0x0, 0x0, 0x4040000}, 0x4048010) sendmsg$nl_route(r0, &(0x7f0000000800)={&(0x7f0000000080)={0x10}, 0xc, &(0x7f00000007c0)={&(0x7f0000000740)=@bridge_delneigh={0x1c, 0x1d, 0x403}, 0x1c}, 0x1}, 0x0) [ 89.453750] device bridge_slave_1 left promiscuous mode [ 89.459808] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.476473] device bridge_slave_0 left promiscuous mode [ 89.481996] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.521726] team0 (unregistering): Port device team_slave_1 removed [ 89.532124] team0 (unregistering): Port device team_slave_0 removed [ 89.544875] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 89.564124] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 89.591667] bond0 (unregistering): Released all slaves 2018/04/21 02:41:13 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000014000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x804d, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2018/04/21 02:41:13 executing program 2: r0 = getpgid(0x0) pipe2(&(0x7f0000989000)={0xffffffffffffffff}, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x4) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000240)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000d62fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f000009aff8)='./file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) utimes(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={{0x0, 0x7530}, {0x0, 0x7530}}) utimes(&(0x7f0000967000)='./file0\x00', &(0x7f00005ee000)={{0x0, 0x2710}}) r4 = msgget(0x2, 0x1) msgrcv(r4, &(0x7f0000000100)={0x0, ""/118}, 0x7e, 0x0, 0x3800) dup2(r1, r2) 2018/04/21 02:41:13 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) close(r0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f0000001000)={0x2, 0x4e20, @multicast2=0xe0000002}, 0x10) setsockopt$sock_int(r2, 0x1, 0x2, &(0x7f0000000ffc)=0x4, 0x4) setsockopt$sock_int(r0, 0x1, 0x2, &(0x7f0000018000)=0x3f, 0x4) bind$inet(r1, &(0x7f0000015000)={0x2, 0x4e20, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) listen(r2, 0x0) listen(r1, 0x0) 2018/04/21 02:41:13 executing program 5: clock_adjtime(0x0, &(0x7f0000000100)={0xf15, 0xffc99a3b00000000, 0x0, 0x0, 0x0, 0x9}) 2018/04/21 02:41:13 executing program 6: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x40000000015, 0x5, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000200)=0x5) setreuid(r1, 0x0) request_key(&(0x7f00000002c0)='user\x00', &(0x7f00000000c0)={0x73, 0x79, 0x7a}, &(0x7f0000000280)='logon\x00', 0x0) 2018/04/21 02:41:13 executing program 7: r0 = syz_open_procfs(0x0, &(0x7f00000003c0)='setgroups\x00') sendfile(r0, r0, &(0x7f000050dff8), 0x86) 2018/04/21 02:41:13 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10, &(0x7f0000000040), 0x4) 2018/04/21 02:41:13 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000c87ff6)='numa_maps\x00') bind$alg(r0, &(0x7f0000466000)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r2 = accept4$alg(r0, 0x0, 0x0, 0x0) sendfile(r2, r1, &(0x7f0000a2effc), 0x400) 2018/04/21 02:41:13 executing program 3: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000239ff6)='/dev/cuse\x00', 0x8010000080802, 0x0) readv(r0, &(0x7f0000c6efe0)=[{&(0x7f00006c8f31)=""/207, 0xcf}], 0x1) write$fuse(r0, &(0x7f0000efff6a)=ANY=[@ANYBLOB="5a000000000000000100000000000000070000000046b23250f0f6065d86a61bf2b3b36e2708546d44a355fededda484f7bf7b3a8d3b874662bb74e794b2e847ed46cd5ed3488203000000000000000000000000000000000200"], 0x5a) 2018/04/21 02:41:13 executing program 7: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000235fe4)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000040)={&(0x7f0000000140)=@dellink={0x28, 0x11, 0x1, 0x0, 0x0, {}, [@IFLA_NET_NS_PID={0x8, 0x13}]}, 0x28}, 0x1}, 0x0) 2018/04/21 02:41:13 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$team(&(0x7f0000000bc0)='team\x00') ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000003e40)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000a80)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000a40)={&(0x7f0000000140)={0x60, r1, 0x921, 0x0, 0x0, {0x1}, [{{0x8, 0x1, r2}, {0x44, 0x2, [{0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8, 0x3, 0xb}, {0x8, 0x4}}, {0x8, 0x7}}}]}}]}, 0x60}, 0x1}, 0x0) 2018/04/21 02:41:13 executing program 1: r0 = open$dir(&(0x7f0000000340)='./file0\x00', 0x1fffd, 0x0) fallocate(r0, 0x0, 0xa3cf, 0x40) r1 = open$dir(&(0x7f0000000500)='./file0\x00', 0x2, 0x0) write(r1, &(0x7f0000000300)="d88a8d38144e5013d473c0ac2ca61ff3b749a4f5c7e6e9c2ce586e5cfca5d60f", 0x20) sendfile(r1, r1, &(0x7f0000000040), 0x7527fb3200000000) fallocate(r0, 0x8, 0x0, 0x8000) 2018/04/21 02:41:13 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast=0xffffffff}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f00006dc000)=[{0x6, 0x0, 0x0, 0xa1}]}, 0x10) sendto$inet(r0, &(0x7f0000000140), 0x396, 0x200007ff, &(0x7f0000003e00)={0x2, 0x4e23}, 0x10) sendto$inet(r0, &(0x7f00006fd000)="c3401c344654f3c7d9b41ba48c8e399aa4eedc3d6bd8ebd65c856a27d61154adc2b2a9763ae0201c0d32e11f38e9dd18c58f6bd779650fc30f93653bdaecf323c9f6502ceab47e58114347b289546465a5eb278de12b1989f64cc99412e36880d20c34d91051b22f6c8acc9d082b7bcdec844f667da0867d08d4154004997e317b79", 0x82, 0x0, &(0x7f0000e66000)={0x2, 0x0, @rand_addr}, 0x10) read(r0, &(0x7f0000000080)=""/218, 0xda) r1 = dup(r0) sendto$inet(r1, &(0x7f00000002c0)="1bbfd7e670611bd4d152f1d2ebe7b6f1a0ca8dacc5871fb69594829c416b4a81868a1bc46fd43f8a931e88fe7998481604a777e84af787ec1f21e2f658c588393928e234020fb9c0b3da68a65e8ca0e011180dd3ba927fa97530cd6e229a439c8681fa9c6312204be48a6895c0e6bfde570e4485b25f1d07d7cc94a87926be0800a6a6d7bfd2c53e94d21fd2801cd2a71e4a10cfa13378d38e4ad629f6bf56b90f07e705f173ef12b4f1e3cf236ce0638560ae15d937f5cfa48a3926df0f07536e102aa68b486f3ef1cba834244ff5e0bd1cc8b72bc7d84f09ec20cda393001927919abd9d965574c7842c4fbaf9355c7e3642ff52db364745fc6e3da00cb1da193372edface05a902598fc048b9f755b26adf1fe59269e7ab6709d07b21d832450233aa8775a2b5a38ccf2c1881df50d3f2a4156b99e7dc0f5aad04d67fd9df3ec84696cc1f96e38104b6eba8a459b86f4fbfec50064f2352b1f7c2c713f2b8f6eabe74ad644f58a25308f73e8b75f6b05fb89665c2b61d1343ab7ea35f8a7cab0dcf7b582d8eb160d29644c1ee6eb0ad4252a0882f88a06022249b46714ec8dbf4a5df348e324e6187a8bfbe9afb8b1c2e9b36abb04687f7e9a028932590843b4e8cb595454057e1071c134c6ceebb9e06013d2bb1197f1d4370acd51c689a768a81667babd7341bc2e6d78cba84a6d230db9df518291da5de5e311a54f333901e338d1ce39f496d1e80332063c347005de7c07671afb79e195dbf2f41b02d6d9e80e5277682757ef78b01aff9095f4a6bb1dc553d30585de19d2313364880eae583d1cf4742e6ebb9439f7c5672a3c8de795c676d1832aeabde9201e74675774636304e6cdb21754383e2aa7e059382839683fbcc1be5ed24ef4963890cfc80cc23286ba54d4a3c9c422417eb768e2423f61973e01aadd343c9ef094a27a8d98f7754af41f03c7ac9c88227e6525fe0e9c76072b438a77f2ff5cb590137810c16cbfe48cbfb2a115f7e600f5203e8927fd33f14b34c172375b0953a0b74ee6244ddc00ff1f0ad523d16f0c8a8c387e4865a239af37e667ef1ebdc96e37394adba36cc10e42ade0e89ae819efab779943f340dc412b243d4a6445f4327b732582b037208e6afa082474e820f24226e493555abac00c68c629ec42e94af1330f0e5294f73abb2f7dd8a30571d4892c6b62de4d6ac068e87e35af7e4ac2d308bd73bcb742a6d171b8b3d6b264cf83df8e057661bc3b75486887f13ff0483b14a95b62e1ef99d82be71bd5008cb42d9dfef25e28fc153825da4e9a018a3f0cab5566ab9c33909c39bb2892f7193630296f7997cc75bff6542ee728b9096199e484a9f5e75c5c10ddafb87273456cff8e8e1c5ad31c1fee80f6ebddd21c099cfaff562fb2b6ca365adeabab97184a9bc2130b4e565f0989150d077d85d6217719f7b8a668fb2cc42e0ed27b0aa77916e8fc349f0e27c576b22c7afb242a62e7ef3c720f4ca520569934bf0b991cc31e2553859682f242266cce3f3f3239e78bf98f8cb9cd1578434e14f487550e81956e561cb821e679cc858d63bbc4aab107c23e5eaba01ba4c4ffba5638d17476f7431e8befb42e5d924b634e9fd9b68fc26aa97613c8e91462dd27e1480c2f80de2fbb64693845c29f6e09f0fe0643f13c3c4c573f6b2d603396d16e8891c6f15939393d0c72130523b7247901c3059d9d97add2dcaca343620db857154360f9cad21cce1235a41e0a6faffebd18abd63cc78b405ed19d70e4824abb0e1f50c3628f3d3ec7b6e0b875138f0b3a9c3bcab5195b1a70995a7e0d40c1998faff43b476518943ead943ea74c110e3f20aacae137aa68f4838ad78817d814510c194aa16", 0x52f, 0x4001, &(0x7f00000001c0)={0x2, 0x0, @loopback=0x7f000001}, 0x10) writev(r0, &(0x7f0000df9000)=[{&(0x7f0000354ff8)='\'', 0x1}], 0x1) [ 90.161592] CUSE: unknown device info "" [ 90.165893] CUSE: DEVNAME unspecified [ 90.187830] netlink: 'syz-executor5': attribute type 3 has an invalid length. [ 90.213867] CUSE: unknown device info "" [ 90.218116] CUSE: DEVNAME unspecified [ 91.123935] random: crng init done [ 92.121675] IPVS: ftp: loaded support on port[0] = 21 [ 92.472153] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.478550] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.485776] device bridge_slave_0 entered promiscuous mode [ 92.511857] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.518276] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.525647] device bridge_slave_1 entered promiscuous mode [ 92.550813] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 92.576265] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 92.646887] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 92.675420] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 92.784046] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 92.791587] team0: Port device team_slave_0 added [ 92.816013] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 92.823225] team0: Port device team_slave_1 added [ 92.847747] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 92.874661] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 92.900435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 92.927239] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 93.151473] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.157875] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.164532] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.170896] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.984019] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.062733] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 94.140576] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 94.146763] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 94.154396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 94.229799] 8021q: adding VLAN 0 to HW filter on device team0 2018/04/21 02:41:17 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000000)) 2018/04/21 02:41:17 executing program 5: r0 = open(&(0x7f0000000000)='./bus\x00', 0x100000141841, 0x0) syz_mount_image$ntfs(&(0x7f0000000440)='ntfs\x00', &(0x7f00000001c0)='./bus\x00', 0x0, 0x0, &(0x7f00000005c0), 0x1000, &(0x7f00000006c0)=ANY=[]) r1 = open(&(0x7f0000002000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_FD(r1, 0x4c00, r0) r2 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x3c5f, 0x0) ioctl$LOOP_SET_FD(r2, 0x4c00, r1) 2018/04/21 02:41:17 executing program 3: syz_mount_image$ntfs(&(0x7f00000003c0)='ntfs\x00', &(0x7f0000000400)='./file0\x00', 0x0, 0x0, &(0x7f00000008c0), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="757466383dc9"]) 2018/04/21 02:41:17 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000014000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x804d, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2018/04/21 02:41:17 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000bd00000000000000212daab50000000000080007000000000000009500000000000000"], &(0x7f00000003c0)='syzkaller\x00', 0xfffffffffffffffe, 0x1000, &(0x7f00009ab000)=""/4096}, 0x48) r1 = socket(0x10, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000001200)=r0, 0x4) sendmsg$nl_route(r1, &(0x7f0000000200)={&(0x7f0000000380)={0x10}, 0xc, &(0x7f00000001c0)={&(0x7f0000000340)=@ipmr_newroute={0x1c, 0x18, 0x1, 0x0, 0x0, {0x80}}, 0x1c}, 0x1}, 0x0) 2018/04/21 02:41:17 executing program 2: r0 = socket$inet(0x2, 0x802, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000840)=@broute={'broute\x00', 0x20, 0x2, 0x230, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000480], 0x0, &(0x7f0000000000), &(0x7f0000000480)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x11, 0x0, 0x0, 'dummy0\x00', 'vlan0\x00', 'ip6gre0\x00', 'vcan0\x00', @empty, [], @empty, [], 0x70, 0xa0, 0xe8}, [@common=@AUDIT={'AUDIT\x00', 0x8}]}, @common=@RATEEST={'RATEEST\x00', 0x20, {{'syz0\x00'}}}}, {{{0x21, 0x0, 0x0, 'teql0\x00', 'vcan0\x00', 'vlan0\x00', 'ifb0\x00', @random="56190635f233", [], @random="d238742a69de", [], 0x70, 0x70, 0xb8}}, @common=@RATEEST={'RATEEST\x00', 0x20, {{'syz0\x00'}}}}]}, {0x0, '\x00', 0x2, 0xfffffffffffffffc}]}, 0x2a8) 2018/04/21 02:41:17 executing program 1: r0 = open$dir(&(0x7f0000000340)='./file0\x00', 0x1fffd, 0x0) fallocate(r0, 0x0, 0xa3cf, 0x40) r1 = open$dir(&(0x7f0000000500)='./file0\x00', 0x2, 0x0) write(r1, &(0x7f0000000300)="d88a8d38144e5013d473c0ac2ca61ff3b749a4f5c7e6e9c2ce586e5cfca5d60f", 0x20) sendfile(r1, r1, &(0x7f0000000040), 0x7527fb3200000000) fallocate(r0, 0x8, 0x0, 0x8000) 2018/04/21 02:41:17 executing program 6: r0 = syz_open_procfs(0x0, &(0x7f0000287000)='net/softnet_stat\x00') sendfile(r0, r0, &(0x7f0000000040)=0x2000, 0xb) [ 94.746620] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask [ 94.757945] ntfs: (device loop3): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 94.777718] ntfs: (device loop3): parse_options(): The utf8 option requires a boolean argument. 2018/04/21 02:41:18 executing program 2: perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000043000)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000040)=[{&(0x7f0000000000), 0xa3}], 0xd4, 0x0) 2018/04/21 02:41:18 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000184000)={0x2, 0x40000000000010, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, [@sadb_x_nat_t_type={0x0, 0x14}]}, 0x53}, 0x1}, 0x0) 2018/04/21 02:41:18 executing program 6: r0 = socket$inet(0x2, 0x80003, 0x8) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x84, @dev={0xac, 0x14, 0x14}, 0x0, 0x0, 'lblc\x00'}, 0x2c) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0) [ 94.837332] ntfs: (device loop3): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 94.857112] ntfs: (device loop3): parse_options(): The utf8 option requires a boolean argument. 2018/04/21 02:41:18 executing program 4: r0 = socket(0x15, 0x80005, 0x0) getsockopt(r0, 0x200000000114, 0x5, &(0x7f0000001000)=""/4, &(0x7f0000fcb000)=0x4) 2018/04/21 02:41:18 executing program 7: prlimit64(0x0, 0x8, &(0x7f00000000c0)={0xfffffffffffffffd, 0xffffffffffffffff}, 0x0) mlockall(0x1) 2018/04/21 02:41:18 executing program 5: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xb, 0x40, 0xa9, 0xa37, 0x1, 0x1}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000002800000850000000000000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0xce, &(0x7f0000000180)=""/206}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0xe, 0x4, &(0x7f0000000040)=@raw=[@map={0x18, 0x0, 0x1, 0x0, r0}, @call={0x85, 0x0, 0x0, 0x7}], &(0x7f0000000100)='GPL\x00', 0x7, 0x205, &(0x7f0000000340)=""/167}, 0x48) socket$netlink(0x10, 0x3, 0x7) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x4, 0x5, &(0x7f0000000400)=@framed={{0x18, 0x6}, [@jmp={0x10, 0x0, 0x4}], {0x95}}, &(0x7f0000000700)="78e2bc729ea8476e2ced739aa4ea9f74a2bbb28910c02320e27a207ed8e8a5d0a63a4c0fbc5718766d362b5cc753ed19e26c294580fe72e17323d2e6a16fbe87c076349f279af5b879ef4f402b49844da6919c45e9731904a59198f84b33ca50f5bd1a1d0379172a0528053340603a34d74239ccd824aeee66acbabf331b2ece9487e22cb736ced6c725b493b0828701", 0xc, 0xa8, &(0x7f00000007c0)=""/168}, 0x47) 2018/04/21 02:41:18 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) pipe2(&(0x7f0000000280)={0x0, 0x0}, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r4 = dup3(r3, r2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x10005, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SMI(r3, 0xaeb7) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000000)="0f23ea0f01dff30f06650f01c80f06baf80c66b8b0f57a8066efbafc0c66ed2e0f320f01c9b823000f00d03665f30f1229", 0x31}], 0x1, 0x0, &(0x7f0000000080), 0x0) ioctl$KVM_SET_GUEST_DEBUG(r3, 0x4048ae9b, &(0x7f0000000100)={0x3}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 2018/04/21 02:41:18 executing program 4: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f00001b3000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_LOG_BASE(r0, 0xaf01, &(0x7f0000307000)=&(0x7f0000989fff)) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000000)=ANY=[]) r1 = eventfd2(0x0, 0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000000)=r1) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000df5fd8)={0x0, 0x1, &(0x7f0000000200)=""/105, &(0x7f0000bf6000)=""/228, &(0x7f0000000080)=""/199}) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000440)='/dev/mixer\x00', 0x0, 0x0) linkat(0xffffffffffffffff, &(0x7f0000000400)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000480)='./file0\x00', 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000cef000)={0x1, 0x0, &(0x7f000062a000)=""/167, &(0x7f0000aac000)=""/21, &(0x7f00002fdf52)=""/174}) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000540)={0x0, r1}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000f82ffc)) ioctl$VHOST_SET_LOG_BASE(r0, 0x4008af04, &(0x7f0000000380)=&(0x7f0000000340)) 2018/04/21 02:41:18 executing program 6: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0x40044103, &(0x7f0000000000)) 2018/04/21 02:41:18 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ff00ffe90009144a000ae9", 0x12, 0x0, 0x0, 0x0) recvmsg(r0, &(0x7f0000001400)={&(0x7f0000000000)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @broadcast}}}}, 0x80, &(0x7f00000012c0)=[{&(0x7f0000000080)=""/184, 0xb8}, {&(0x7f0000000140)=""/4096, 0x1000}, {&(0x7f0000001140)=""/76, 0x4c}, {&(0x7f00000011c0)=""/250, 0xfffffe89}], 0x4, &(0x7f0000001300)=""/231, 0xe7}, 0x0) recvmsg(r0, &(0x7f00000018c0)={&(0x7f0000001440)=@ax25, 0x80, &(0x7f0000001800), 0x0, &(0x7f0000001880)}, 0x0) 2018/04/21 02:41:18 executing program 6: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000002b80)={'syzkaller1\x00', {0x2, 0x4e20, @multicast1=0xe0000001}}) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast=0xffffffff}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f00006dc000)=[{0x6, 0x0, 0x0, 0xa1}]}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000280)=0x6, 0x4) socketpair(0x1a, 0x6, 0xffff, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket(0x10, 0x803, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f00003b9fdc)) r5 = syz_open_pts(r4, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0x2) dup3(r5, r4, 0x0) sendto(r3, &(0x7f0000000fec)="12000000320009000000000088149b000ae9", 0x12, 0x0, 0x0, 0x0) bind$netlink(r2, &(0x7f0000000240)={0x10, 0x0, 0x25dfdbfb, 0x20000000}, 0xc) ioctl$sock_bt_bnep_BNEPGETCONNINFO(r3, 0x800442d3, &(0x7f0000000680)={0x100000001, 0x5, 0x3, @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, 'syz_tun\x00'}) connect$bt_rfcomm(r2, &(0x7f00000002c0)={0x1f, {0x3c, 0x9d4, 0x8d, 0x8, 0x100000001, 0x40}, 0x101}, 0xa) getsockopt$sock_buf(r2, 0x1, 0x0, &(0x7f0000000380)=""/187, &(0x7f0000000140)=0xffffffffffffffb8) sendto$inet(r0, &(0x7f0000fd0000), 0x0, 0x200007ff, &(0x7f0000deaff0)={0x2, 0x4e23, @loopback=0x7f000001}, 0x10) sendto$inet(r0, &(0x7f0000000040)="be38fc69faea5bd09bf0307006cefbafc01c3062dfedf949ad4e86bda4029155e2d6181bc9f0d25d4a23fed54bd250db05a0fbd78679ca006afa4ee44cb7b522c4a38231a9f99b3001e1d4857321a6a7c9e36ae424cc0d49fdb6c13c422fde782dd0c18a3a4018030b94ba6b7ff3f3192f8c563a1986d839c40052c8d3a78ae29126", 0x82, 0xc1, &(0x7f0000000100)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) sendto$inet(r0, &(0x7f0000000500)="acbb915d6846975d5d248d4c727115f29ae03c05a1540f5303683cc3316fab70b8f72443207b3bc9d2b76a2124327a8dc22115702dfd81d9c5daf3734095c968bb4c931a63cd940101810cf243974b73d5c0d300e011c378c17bde5460ef55a7bcfe93f760a0a1928b8c0954a22b092351d191ed0effdcf4ac142f1fd6395e0e7303", 0x82, 0x4c881, 0x0, 0x0) recvfrom$inet(r1, &(0x7f00000005c0)=""/185, 0xb9, 0x40002040, &(0x7f00000004c0)={0x2, 0x4e23, @broadcast=0xffffffff}, 0x10) sendto$inet(r0, &(0x7f00000001c0)="c3401c344654f3c7d9b41ba48c8e399aa4eedc3d6bd8ebd65c856a27d61154adc2b2a9763ae0201c0d32e11f38e9dd18c58f6bd779650fc30f93653bdaecf323c9f6502ceab47e58114347b289546465a5eb278de12b1989f64cc99412e36880d20c34d91051b22f6c8acc9d082b7acdec844f667da0", 0x76, 0x0, &(0x7f0000e66000)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) writev(r0, &(0x7f00002e1fe0)=[{&(0x7f0000c62f65)="db", 0x1}], 0x1) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r3, 0x84, 0x71, &(0x7f0000000300)={0x0, 0x5}, &(0x7f0000000340)=0x8) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f0000000440)={r6, 0x5}, &(0x7f0000000480)=0x8) socketpair(0x0, 0x0, 0x0, &(0x7f0000000000)) shutdown(r0, 0x1) 2018/04/21 02:41:18 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000014000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x804d, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2018/04/21 02:41:18 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x14}}, @in={0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}], 0x20) 2018/04/21 02:41:18 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={"6c6f3a2c000081800000faffdfe700", &(0x7f0000002d80)=@ethtool_gfeatures={0x3a}}) [ 95.431199] ================================================================== [ 95.438835] BUG: KASAN: slab-out-of-bounds in __sctp_v6_cmp_addr+0x4c7/0x530 [ 95.446030] Read of size 8 at addr ffff8801d2f9e1a0 by task syz-executor5/7538 [ 95.453380] [ 95.455001] CPU: 0 PID: 7538 Comm: syz-executor5 Not tainted 4.17.0-rc1+ #10 [ 95.462176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 95.471517] Call Trace: [ 95.474116] dump_stack+0x1b9/0x294 [ 95.477731] ? dump_stack_print_info.cold.2+0x52/0x52 [ 95.482909] ? printk+0x9e/0xba [ 95.486172] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 95.490916] ? kasan_check_write+0x14/0x20 [ 95.495153] print_address_description+0x6c/0x20b [ 95.499981] ? __sctp_v6_cmp_addr+0x4c7/0x530 [ 95.504460] kasan_report.cold.7+0x242/0x2fe [ 95.508854] __asan_report_load8_noabort+0x14/0x20 [ 95.513766] __sctp_v6_cmp_addr+0x4c7/0x530 [ 95.518075] sctp_inet6_cmp_addr+0x169/0x1a0 [ 95.522473] sctp_bind_addr_match+0x20b/0x400 [ 95.526958] ? sctp_bind_addrs_to_raw+0x370/0x370 [ 95.531790] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 95.537312] ? sctp_v4_available+0x1b1/0x200 [ 95.541704] ? sctp_inet6_bind_verify+0xb2/0x500 [ 95.546457] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 95.551981] sctp_do_bind+0x1c0/0x5f0 [ 95.555772] sctp_bindx_add+0x90/0x1a0 [ 95.559648] sctp_setsockopt_bindx+0x2ad/0x320 [ 95.564216] sctp_setsockopt+0x12c4/0x7000 [ 95.568440] ? __lock_acquire+0x7f5/0x5140 [ 95.572659] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 95.578361] ? debug_check_no_locks_freed+0x310/0x310 [ 95.583539] ? set_next_entity+0x2ae/0xaf0 [ 95.587759] ? debug_check_no_locks_freed+0x310/0x310 [ 95.592942] ? update_load_avg+0x2570/0x2570 [ 95.597345] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.602869] ? __perf_event_task_sched_out+0x2cc/0x1470 [ 95.608218] ? graph_lock+0x170/0x170 [ 95.612008] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.617526] ? __perf_event_task_sched_in+0x247/0xb80 [ 95.622700] ? perf_event_sync_stat+0x5f0/0x5f0 [ 95.627360] ? graph_lock+0x170/0x170 [ 95.631150] ? lock_downgrade+0x8e0/0x8e0 [ 95.635281] ? finish_task_switch+0x182/0x810 [ 95.639767] ? find_held_lock+0x36/0x1c0 [ 95.643815] ? lock_downgrade+0x8e0/0x8e0 [ 95.647946] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 95.652951] ? kasan_check_read+0x11/0x20 [ 95.657084] ? rcu_is_watching+0x85/0x140 [ 95.661304] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 95.666482] ? __fget+0x40c/0x650 [ 95.669940] ? expand_files.part.8+0x9a0/0x9a0 [ 95.674513] ? kasan_check_read+0x11/0x20 [ 95.678646] ? __lock_is_held+0xb5/0x140 [ 95.682689] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 95.687868] ? __fget_light+0x2ef/0x430 [ 95.691828] ? fget_raw+0x20/0x20 [ 95.695270] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.700793] ? schedule+0xef/0x430 [ 95.704316] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 95.709838] ? sock_alloc_file+0x2a4/0x4e0 [ 95.714058] sock_common_setsockopt+0x9a/0xe0 [ 95.718537] __sys_setsockopt+0x1bd/0x390 [ 95.722679] ? kernel_accept+0x310/0x310 [ 95.726733] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.732260] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 95.737088] __x64_sys_setsockopt+0xbe/0x150 [ 95.741489] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 95.746492] do_syscall_64+0x1b1/0x800 [ 95.750365] ? finish_task_switch+0x1ca/0x810 [ 95.754853] ? syscall_return_slowpath+0x5c0/0x5c0 [ 95.759766] ? syscall_return_slowpath+0x30f/0x5c0 [ 95.764681] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 95.770031] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 95.774858] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 95.780033] RIP: 0033:0x455389 [ 95.783202] RSP: 002b:00007f5d302bac68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 95.790989] RAX: ffffffffffffffda RBX: 00007f5d302bb6d4 RCX: 0000000000455389 [ 95.798241] RDX: 0000000000000064 RSI: 0000000000000084 RDI: 0000000000000013 [ 95.805495] RBP: 000000000072bea0 R08: 0000000000000020 R09: 0000000000000000 [ 95.812758] R10: 0000000020000000 R11: 0000000000000246 R12: 00000000ffffffff [ 95.820009] R13: 00000000000005a3 R14: 00000000006fb7e8 R15: 0000000000000000 [ 95.827272] [ 95.828883] Allocated by task 7538: [ 95.832498] save_stack+0x43/0xd0 [ 95.835936] kasan_kmalloc+0xc4/0xe0 [ 95.839638] __kmalloc_node+0x47/0x70 [ 95.843425] kvmalloc_node+0x6b/0x100 [ 95.847209] vmemdup_user+0x2d/0xa0 [ 95.850819] sctp_setsockopt_bindx+0x5d/0x320 [ 95.855298] sctp_setsockopt+0x12c4/0x7000 [ 95.859516] sock_common_setsockopt+0x9a/0xe0 [ 95.863995] __sys_setsockopt+0x1bd/0x390 [ 95.868125] __x64_sys_setsockopt+0xbe/0x150 [ 95.872515] do_syscall_64+0x1b1/0x800 [ 95.876391] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 95.881553] [ 95.883159] Freed by task 0: [ 95.886170] save_stack+0x43/0xd0 [ 95.889606] __kasan_slab_free+0x11a/0x170 [ 95.893824] kasan_slab_free+0xe/0x10 [ 95.897605] kfree+0xd9/0x260 [ 95.900697] selinux_cred_free+0x48/0x80 [ 95.904744] security_cred_free+0x4a/0x80 [ 95.908871] put_cred_rcu+0x125/0x460 [ 95.912657] rcu_process_callbacks+0x941/0x15f0 [ 95.917305] __do_softirq+0x2e0/0xaf5 [ 95.921087] [ 95.922697] The buggy address belongs to the object at ffff8801d2f9e180 [ 95.922697] which belongs to the cache kmalloc-32 of size 32 [ 95.935166] The buggy address is located 0 bytes to the right of [ 95.935166] 32-byte region [ffff8801d2f9e180, ffff8801d2f9e1a0) [ 95.947279] The buggy address belongs to the page: [ 95.952194] page:ffffea00074be780 count:1 mapcount:0 mapping:ffff8801d2f9e000 index:0xffff8801d2f9efc1 [ 95.961621] flags: 0x2fffc0000000100(slab) [ 95.965849] raw: 02fffc0000000100 ffff8801d2f9e000 ffff8801d2f9efc1 000000010000003f [ 95.973718] raw: ffffea0007435320 ffffea00074b0560 ffff8801da8001c0 0000000000000000 [ 95.981574] page dumped because: kasan: bad access detected [ 95.987272] [ 95.988880] Memory state around the buggy address: [ 95.993802] ffff8801d2f9e080: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 96.001796] ffff8801d2f9e100: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 96.009140] >ffff8801d2f9e180: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc [ 96.016477] ^ [ 96.020865] ffff8801d2f9e200: fb fb fb fb fc fc fc fc 00 00 04 fc fc fc fc fc 2018/04/21 02:41:19 executing program 1: r0 = open$dir(&(0x7f0000000340)='./file0\x00', 0x1fffd, 0x0) fallocate(r0, 0x0, 0xa3cf, 0x40) r1 = open$dir(&(0x7f0000000500)='./file0\x00', 0x2, 0x0) write(r1, &(0x7f0000000300)="d88a8d38144e5013d473c0ac2ca61ff3b749a4f5c7e6e9c2ce586e5cfca5d60f", 0x20) sendfile(r1, r1, &(0x7f0000000040), 0x7527fb3200000000) fallocate(r0, 0x8, 0x0, 0x8000) 2018/04/21 02:41:19 executing program 2: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}}, 0x10) sendto$inet(r0, &(0x7f000026cfff)="c6", 0x1, 0x0, &(0x7f0000033ff0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}}, 0x10) shutdown(r0, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00008ed000)={0x0, 0x2000000002}, 0x8) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000100), 0x8) 2018/04/21 02:41:19 executing program 4: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer\x00', 0x42, 0x0) ioctl$sock_inet_SIOCRTMSG(0xffffffffffffffff, 0x890d, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev={0xac, 0x14, 0x14}}, {0x2, 0x0, @broadcast=0xffffffff}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)='bridge0\x00', 0x3ff}) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f79805854fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a6621f51a480e2f3aac78a8db2c0be10f25d1fea68bbb27cf59ce6768143c7da0a5277c17be7e03ff2cd97a72d0351a82cb32b931716cad42bf9e3ec64b5fb82d5ab6bbd2d014549e66a84f9c795681f0a1df8b9edf3ce14950237ec78ece828761d8bc9245639704915d7d5d5625e9cd9707fd187d962a37d82094a688f609709697282397e835b7b1e416f488d1e93e9dd87c96a1fdfc37bdb13612dd5aa126c16417a8f366042350e9485d00b192449c56657ad3ea028ff1eb384742822414bbe5218eb51fe1b23ce8ff59358aec9153efa611c57ea26daf7533d6c3a4") r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup\x00', 0x200002, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000000000)='memory.high\x00', 0x2, 0x0) socketpair$inet6_sctp(0xa, 0x1, 0x84, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = openat$cuse(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/cuse\x00', 0x4000000000000400, 0x0) ioctl$EVIOCGVERSION(r6, 0x80044501, &(0x7f0000000400)=""/241) ioctl$sock_inet_SIOCGIFBRDADDR(r5, 0x8919, &(0x7f0000000140)={'rose0\x00', {0x2, 0x0, @multicast2=0xe0000002}}) io_setup(0x400, &(0x7f0000000080)=0x0) ioctl$KVM_GET_VCPU_EVENTS(r3, 0x8040ae9f, &(0x7f0000000580)) io_submit(r7, 0x0, &(0x7f00000004c0)) sendfile(r4, r4, &(0x7f0000000040), 0x1) r8 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x1) r9 = mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x300000a, 0x1010, r8, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r8, 0xc018620b, &(0x7f00000002c0)={r9}) pipe2(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(r10, 0x0, 0x41, &(0x7f0000000240)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x0, 0x40002) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vga_arbiter\x00', 0x200000, 0x0) setsockopt$SO_ATTACH_FILTER(r10, 0x1, 0x1a, &(0x7f0000000380)={0x2, &(0x7f0000000340)=[{0x1, 0x5, 0x2}, {0x3, 0x5a, 0x40, 0x7}]}, 0x8) getsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000600)={0x0, 0xfffffffffffffff8}, &(0x7f0000000640)=0x10) sendfile(r0, r1, &(0x7f0000000040), 0x100000000081) r11 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0) splice(r11, &(0x7f0000000300), 0xffffffffffffffff, &(0x7f00000003c0), 0x812, 0x8) socket$inet_tcp(0x2, 0x1, 0x0) [ 96.028208] ffff8801d2f9e280: 00 00 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 96.035542] ================================================================== [ 96.042877] Disabling lock debugging due to kernel taint [ 96.048957] Kernel panic - not syncing: panic_on_warn set ... [ 96.048957] [ 96.056333] CPU: 0 PID: 7538 Comm: syz-executor5 Tainted: G B 4.17.0-rc1+ #10 [ 96.064898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 96.074243] Call Trace: [ 96.076838] dump_stack+0x1b9/0x294 [ 96.080477] ? dump_stack_print_info.cold.2+0x52/0x52 [ 96.085673] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 96.090432] ? __sctp_v6_cmp_addr+0x4a0/0x530 [ 96.094911] panic+0x22f/0x4de [ 96.098084] ? add_taint.cold.5+0x16/0x16 [ 96.102218] ? do_raw_spin_unlock+0x9e/0x2e0 [ 96.106611] ? do_raw_spin_unlock+0x9e/0x2e0 [ 96.110999] ? __sctp_v6_cmp_addr+0x4c7/0x530 [ 96.115477] kasan_end_report+0x47/0x4f [ 96.119429] kasan_report.cold.7+0x76/0x2fe [ 96.123741] __asan_report_load8_noabort+0x14/0x20 [ 96.128659] __sctp_v6_cmp_addr+0x4c7/0x530 [ 96.132976] sctp_inet6_cmp_addr+0x169/0x1a0 [ 96.137376] sctp_bind_addr_match+0x20b/0x400 [ 96.141859] ? sctp_bind_addrs_to_raw+0x370/0x370 [ 96.146691] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 96.152206] ? sctp_v4_available+0x1b1/0x200 [ 96.156602] ? sctp_inet6_bind_verify+0xb2/0x500 [ 96.161337] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 96.166862] sctp_do_bind+0x1c0/0x5f0 [ 96.170646] sctp_bindx_add+0x90/0x1a0 [ 96.174518] sctp_setsockopt_bindx+0x2ad/0x320 [ 96.179082] sctp_setsockopt+0x12c4/0x7000 [ 96.183298] ? __lock_acquire+0x7f5/0x5140 [ 96.187520] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 96.193218] ? debug_check_no_locks_freed+0x310/0x310 [ 96.198396] ? set_next_entity+0x2ae/0xaf0 [ 96.202610] ? debug_check_no_locks_freed+0x310/0x310 [ 96.207784] ? update_load_avg+0x2570/0x2570 [ 96.212178] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 96.217702] ? __perf_event_task_sched_out+0x2cc/0x1470 [ 96.223048] ? graph_lock+0x170/0x170 [ 96.226831] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 96.232356] ? __perf_event_task_sched_in+0x247/0xb80 [ 96.237528] ? perf_event_sync_stat+0x5f0/0x5f0 [ 96.242179] ? graph_lock+0x170/0x170 [ 96.245964] ? lock_downgrade+0x8e0/0x8e0 [ 96.250092] ? finish_task_switch+0x182/0x810 [ 96.254567] ? find_held_lock+0x36/0x1c0 [ 96.258612] ? lock_downgrade+0x8e0/0x8e0 [ 96.262741] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 96.267743] ? kasan_check_read+0x11/0x20 [ 96.271870] ? rcu_is_watching+0x85/0x140 [ 96.276005] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 96.281182] ? __fget+0x40c/0x650 [ 96.284617] ? expand_files.part.8+0x9a0/0x9a0 [ 96.289188] ? kasan_check_read+0x11/0x20 [ 96.293322] ? __lock_is_held+0xb5/0x140 [ 96.297365] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 96.302536] ? __fget_light+0x2ef/0x430 [ 96.306491] ? fget_raw+0x20/0x20 [ 96.309930] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 96.315449] ? schedule+0xef/0x430 [ 96.318970] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 96.324488] ? sock_alloc_file+0x2a4/0x4e0 [ 96.328716] sock_common_setsockopt+0x9a/0xe0 [ 96.333194] __sys_setsockopt+0x1bd/0x390 [ 96.337330] ? kernel_accept+0x310/0x310 [ 96.341373] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 96.346892] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 96.351719] __x64_sys_setsockopt+0xbe/0x150 [ 96.356111] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 96.361109] do_syscall_64+0x1b1/0x800 [ 96.364982] ? finish_task_switch+0x1ca/0x810 [ 96.369459] ? syscall_return_slowpath+0x5c0/0x5c0 [ 96.374368] ? syscall_return_slowpath+0x30f/0x5c0 [ 96.379279] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 96.384624] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 96.389448] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 96.394617] RIP: 0033:0x455389 [ 96.397786] RSP: 002b:00007f5d302bac68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 96.405566] RAX: ffffffffffffffda RBX: 00007f5d302bb6d4 RCX: 0000000000455389 [ 96.412816] RDX: 0000000000000064 RSI: 0000000000000084 RDI: 0000000000000013 [ 96.420065] RBP: 000000000072bea0 R08: 0000000000000020 R09: 0000000000000000 [ 96.427319] R10: 0000000020000000 R11: 0000000000000246 R12: 00000000ffffffff [ 96.434575] R13: 00000000000005a3 R14: 00000000006fb7e8 R15: 0000000000000000 [ 96.442320] Dumping ftrace buffer: [ 96.445840] (ftrace buffer empty) [ 96.449524] Kernel Offset: disabled [ 96.453130] Rebooting in 86400 seconds..