Warning: Permanently added '10.128.10.5' (ECDSA) to the list of known hosts. 2018/12/24 09:26:26 fuzzer started 2018/12/24 09:26:28 dialing manager at 10.128.0.26:34681 2018/12/24 09:26:28 syscalls: 1 2018/12/24 09:26:28 code coverage: enabled 2018/12/24 09:26:28 comparison tracing: enabled 2018/12/24 09:26:28 setuid sandbox: enabled 2018/12/24 09:26:28 namespace sandbox: enabled 2018/12/24 09:26:28 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/24 09:26:28 fault injection: enabled 2018/12/24 09:26:28 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/24 09:26:28 net packet injection: enabled 2018/12/24 09:26:28 net device setup: enabled 09:28:46 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000100)={'eql\x00', 0x2}) ioctl$sock_ifreq(r0, 0x8914, &(0x7f00000000c0)={'eql\x00\x00\x00\xa9[\x00', @ifru_addrs=@nfc}) syzkaller login: [ 177.785926] IPVS: ftp: loaded support on port[0] = 21 09:28:47 executing program 1: seccomp(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xfffffffffffffffb}]}) set_tid_address(0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000091fa8)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) fsetxattr$trusted_overlay_nlink(0xffffffffffffffff, 0x0, &(0x7f0000000280)={'L+', 0x9}, 0x37, 0x3) socket$inet_udp(0x2, 0x2, 0x0) ioctl$KVM_ARM_SET_DEVICE_ADDR(0xffffffffffffffff, 0x4010aeab, 0x0) openat$vhci(0xffffffffffffff9c, 0x0, 0x701000, 0x0) r2 = getpid() sched_setattr(r2, &(0x7f00000002c0)={0x0, 0x2}, 0x200000000) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) getitimer(0x2, &(0x7f0000000180)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @perf_bp={0x0}, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) sendmmsg(r1, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000001700)}}], 0x40000e5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-aes-aesni\x00'}, 0x58) r3 = accept$alg(0xffffffffffffffff, 0x0, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x1) ioctl$EVIOCGABS2F(0xffffffffffffffff, 0x8018456f, 0x0) write$binfmt_elf64(r3, &(0x7f0000001580)=ANY=[], 0x0) semget(0x3, 0x0, 0xc1) [ 178.067269] IPVS: ftp: loaded support on port[0] = 21 09:28:47 executing program 2: [ 178.430072] IPVS: ftp: loaded support on port[0] = 21 09:28:47 executing program 3: [ 178.860534] IPVS: ftp: loaded support on port[0] = 21 09:28:48 executing program 4: [ 179.198004] IPVS: ftp: loaded support on port[0] = 21 09:28:48 executing program 5: [ 179.513767] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.530374] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.538298] device bridge_slave_0 entered promiscuous mode [ 179.561511] IPVS: ftp: loaded support on port[0] = 21 [ 179.675686] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.684575] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.692748] device bridge_slave_1 entered promiscuous mode [ 179.821797] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 179.904702] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 180.196896] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.210672] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.223086] device bridge_slave_0 entered promiscuous mode [ 180.315324] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 180.349851] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.367144] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.385701] device bridge_slave_1 entered promiscuous mode [ 180.468183] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 180.538075] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 180.733253] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 180.761104] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.796167] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.806502] device bridge_slave_0 entered promiscuous mode [ 180.936978] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.943478] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.967474] device bridge_slave_1 entered promiscuous mode [ 181.126403] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 181.208843] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.250121] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 181.262371] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 181.274239] team0: Port device team_slave_0 added [ 181.327415] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.423275] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 181.430959] team0: Port device team_slave_1 added [ 181.509109] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.515626] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.537274] device bridge_slave_0 entered promiscuous mode [ 181.601363] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.638560] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 181.683448] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.696432] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.703912] device bridge_slave_1 entered promiscuous mode [ 181.723748] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.765410] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.774774] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.807073] device bridge_slave_0 entered promiscuous mode [ 181.827961] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 181.844835] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 181.880230] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.896275] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.903760] device bridge_slave_0 entered promiscuous mode [ 181.927212] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 181.936253] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 181.944338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 181.955663] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 181.967765] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 181.976879] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 181.997321] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 182.004815] team0: Port device team_slave_0 added [ 182.027502] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.033921] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.060802] device bridge_slave_1 entered promiscuous mode [ 182.080098] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 182.092372] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 182.117801] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 182.125895] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 182.141312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 182.163751] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.176366] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.184221] device bridge_slave_1 entered promiscuous mode [ 182.195493] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 182.207567] team0: Port device team_slave_1 added [ 182.214699] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 182.295949] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 182.303046] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 182.336669] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.360933] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 182.389345] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.418079] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 182.430475] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 182.456119] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 182.492977] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 182.509456] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 182.525375] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 182.538575] team0: Port device team_slave_0 added [ 182.548512] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 182.610629] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 182.628141] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 182.635637] team0: Port device team_slave_1 added [ 182.645773] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 182.657939] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 182.739579] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.779579] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 182.806533] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 182.814637] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 182.856784] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.893434] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 182.969603] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 182.983778] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 182.995378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.019228] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 183.032560] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 183.079456] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 183.106819] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.118012] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.168041] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 183.207766] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 183.231251] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 183.319652] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 183.327321] team0: Port device team_slave_0 added [ 183.341725] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 183.351638] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 183.367524] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 183.375470] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 183.420880] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 183.441027] team0: Port device team_slave_1 added [ 183.465781] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 183.482593] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 183.680032] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.716882] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.778421] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 183.793021] team0: Port device team_slave_0 added [ 183.805679] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.821470] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.842928] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.904318] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 183.917610] team0: Port device team_slave_0 added [ 183.924396] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.930972] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.938135] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.944516] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.963742] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 183.972175] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 183.997736] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 184.006653] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 184.037138] team0: Port device team_slave_1 added [ 184.043120] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 184.070947] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 184.110839] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 184.128183] team0: Port device team_slave_1 added [ 184.147994] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 184.156133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 184.164088] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.243923] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 184.260421] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 184.276475] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.315286] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 184.332286] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 184.347054] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 184.382620] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 184.393728] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 184.411095] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 184.423534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 184.463758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 184.484397] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 184.512967] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 184.531144] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.537653] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.544361] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.550793] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.568133] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 184.574828] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 184.587280] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 184.596835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 184.604770] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 184.646852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 184.659649] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.666098] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.672792] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.679269] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.688218] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 184.708367] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 184.732341] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 184.766803] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 184.976434] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 184.986573] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 185.548918] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.555449] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.562257] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.568703] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.584692] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 185.988837] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.060451] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.066978] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.073682] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.080166] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.096957] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 186.124782] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.131293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.138048] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.144455] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.199192] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 187.036131] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.076880] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 189.590998] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.916616] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.016999] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.080676] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 190.495768] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 190.545621] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 190.607252] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 190.613697] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 190.628999] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 190.665096] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.015824] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 191.035364] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.052503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 191.067076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.086794] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 191.094047] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 191.126769] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.158370] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.189534] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 191.405281] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.590323] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.601876] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.636413] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 191.746965] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 191.753234] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 191.766790] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.876645] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 192.155764] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 192.180316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.197862] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.244664] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.310873] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 192.321012] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.330287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.685760] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.723679] 8021q: adding VLAN 0 to HW filter on device team0 09:29:03 executing program 0: 09:29:03 executing program 0: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r1, &(0x7f0000000200)={&(0x7f0000000180)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000400)="c10100000000000000e5f7007f", 0xd}], 0x1}, 0x0) 09:29:03 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x2c, 0x32, 0x829, 0x0, 0x0, {0x3, 0x1000000}, [@nested={0x18, 0x0, [@typed={0x14, 0x1, @ipv6=@loopback={0xfeffffff00000000}}]}]}, 0x2c}}, 0x0) [ 194.540149] kauditd_printk_skb: 9 callbacks suppressed [ 194.540164] audit: type=1326 audit(1545643743.762:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7541 comm="syz-executor1" exe="/root/syz-executor1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a4ca code=0xffff0000 [ 194.599304] hrtimer: interrupt took 29793 ns 09:29:03 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000091fa8)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r1, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000001700)}}], 0x40000e5, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) semctl$GETPID(0x0, 0x2, 0xb, 0x0) [ 194.649610] netlink: zone id is out of range [ 194.654279] netlink: get zone limit has 4 unknown bytes [ 194.717036] netlink: zone id is out of range [ 194.752295] netlink: get zone limit has 4 unknown bytes 09:29:04 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(des3_ede)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="de75e1fe7d087634b214a3765ba0017995103a08917fc2a1", 0x18) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="d481ca64e675f38ce89d8622a79aa303f02c054ae77dacb2474be5f25e5016109d204ac6df7866911e6fd92a04d21c8511b3aad9575151c867232ccb1d2f54cdc8c63787e359165cc358e7f333a558461cba5f3251ff7b5171d6c58aeea1ad913560f0014e1b1a3c7d21bf74c9f09492ce37adb6116785573d000000", 0x7c}], 0x1}, 0x4000000) 09:29:04 executing program 2: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 09:29:04 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x2000000004e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x7f, 0x400200007fe, &(0x7f0000000080)={0x2, 0x10084e23, @local}, 0x10) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0x120001644) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='nv\x00', 0x3) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x20013a5a}], 0x1, &(0x7f0000000200)=""/20, 0x8034, 0x3400000000000000}, 0x100) [ 195.025653] FAT-fs (loop2): bogus number of reserved sectors [ 195.031962] FAT-fs (loop2): Can't find a valid FAT filesystem [ 195.128047] FAT-fs (loop2): bogus number of reserved sectors [ 195.138708] FAT-fs (loop2): Can't find a valid FAT filesystem [ 195.325645] audit: type=1326 audit(1545643744.542:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7541 comm="syz-executor1" exe="/root/syz-executor1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a4ca code=0xffff0000 09:29:04 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0xffffffffffffffff) getgroups(0x2, &(0x7f00000003c0)=[0xee00, 0xee01]) mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='fuse\x00', 0x0, 0x0) 09:29:04 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000300)='/dev/rtc0\x00', 0x10000, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6(0xa, 0x801, 0x0) r2 = dup(r1) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) ioctl$RNDCLEARPOOL(r2, 0x5206, &(0x7f0000000280)=0x6) r3 = request_key(&(0x7f0000000000)='asymmetric\x00', &(0x7f0000000080)={'syz', 0x0}, &(0x7f00000000c0)='%@%\x00', 0xfffffffffffffff8) keyctl$get_security(0x11, r3, &(0x7f0000000380)=""/186, 0xfe0a) r4 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ioctl$TIOCGLCKTRMIOS(r4, 0x5456, &(0x7f0000000140)={0xe0, 0x1ba2c04c, 0x3, 0x9086, 0x2, 0x20000000, 0x3, 0xfffffffffffffffa, 0x5, 0x5e40, 0x81}) faccessat(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$packet(0x11, 0xa, 0x300) ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, 0x0) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0) ftruncate(r4, 0x2007fff) sendfile(r2, r4, 0x0, 0x8000fffffffe) 09:29:04 executing program 3: openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x8000000000000001) r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x60100, 0x0) ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f0000000380)=@add_del={0x2, &(0x7f0000000300)='nr0\x00'}) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) prctl$PR_GET_PDEATHSIG(0x2, &(0x7f0000000340)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='clear_refs\x00') r2 = syz_open_procfs(0x0, &(0x7f0000000180)='stat\x00') sendfile(r1, r2, &(0x7f0000000040), 0x1) [ 195.459490] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 09:29:05 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, 0x0, 0x0) 09:29:05 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 09:29:05 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x40, 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) close(r0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)) write$P9_RMKNOD(0xffffffffffffffff, 0x0, 0x0) arch_prctl$ARCH_GET_GS(0x1004, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) setsockopt$IP_VS_SO_SET_TIMEOUT(0xffffffffffffffff, 0x0, 0x48a, 0x0, 0x0) setsockopt$inet_tcp_buf(r0, 0x6, 0x0, 0x0, 0x0) ioctl$TIOCCBRK(0xffffffffffffffff, 0x5428) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) 09:29:05 executing program 1: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x10, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {0x0}}, 0x18) 09:29:05 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, 0x0, 0x0) 09:29:05 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg(r1, &(0x7f0000001700)=[{{&(0x7f0000000000)=@in={0x2, 0x0, @remote}, 0x80, 0x0, 0x0, &(0x7f0000000480)=[{0x48, 0x117, 0xfffffffffffff34f, "10402522cdb6dfe1e939537c6b37fe2537eab2d98a23c90e1cddf0035ec98daaba5e9e03232c9c4f307ef5ba801567ae73bb0693abdac2"}], 0x48}, 0x938c}], 0x1, 0x20000010) 09:29:05 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, 0x0, 0x0) 09:29:05 executing program 1: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x6, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000200)={0x3, 0x100000000098f907}) 09:29:05 executing program 2: mknod(&(0x7f0000000000)='./file0\x00', 0x80000000064, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x19) execve(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) 09:29:05 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000200)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000140), 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='pagemap\x00') sendfile(r0, r1, &(0x7f0000000000)=0x100000, 0x10000) 09:29:05 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, 0x0, 0x0) 09:29:06 executing program 3: openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x8000000000000001) r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x60100, 0x0) ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f0000000380)=@add_del={0x2, &(0x7f0000000300)='nr0\x00'}) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) prctl$PR_GET_PDEATHSIG(0x2, &(0x7f0000000340)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='clear_refs\x00') r2 = syz_open_procfs(0x0, &(0x7f0000000180)='stat\x00') sendfile(r1, r2, &(0x7f0000000040), 0x1) 09:29:06 executing program 5: seccomp(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xfffffffffffffffb}]}) syncfs(0xffffffffffffffff) 09:29:06 executing program 1: 09:29:06 executing program 4: getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, 0x0, 0x0) 09:29:06 executing program 2: mknod(&(0x7f0000000000)='./file0\x00', 0x80000000064, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x19) execve(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) 09:29:06 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0) ioctl$int_out(r0, 0x40080814536, 0x0) 09:29:06 executing program 1: openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x8000000000000001) r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x60100, 0x0) ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f0000000380)=@add_del={0x2, &(0x7f0000000300)='nr0\x00'}) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) prctl$PR_GET_PDEATHSIG(0x2, &(0x7f0000000340)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='clear_refs\x00') r2 = syz_open_procfs(0x0, &(0x7f0000000180)='stat\x00') sendfile(r1, r2, &(0x7f0000000040), 0x1) 09:29:06 executing program 4: getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, 0x0, 0x0) [ 197.565086] audit: type=1326 audit(1545643746.782:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7701 comm="syz-executor5" exe="/root/syz-executor5" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a4ca code=0xffff0000 09:29:06 executing program 0: seccomp(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xfffffffffffffffb}]}) io_setup(0xb, &(0x7f0000000240)=0x0) io_submit(r0, 0x0, 0x0) 09:29:07 executing program 2: mknod(&(0x7f0000000000)='./file0\x00', 0x80000000064, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x19) execve(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) 09:29:07 executing program 4: getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, 0x0, 0x0) [ 197.827896] audit: type=1326 audit(1545643747.042:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7725 comm="syz-executor0" exe="/root/syz-executor0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a4ca code=0xffff0000 09:29:07 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, 0x0, 0x0) [ 198.362212] audit: type=1326 audit(1545643747.582:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7701 comm="syz-executor5" exe="/root/syz-executor5" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a4ca code=0xffff0000 [ 198.621774] audit: type=1326 audit(1545643747.842:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7725 comm="syz-executor0" exe="/root/syz-executor0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a4ca code=0xffff0000 09:29:08 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000200)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000140), 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='pagemap\x00') sendfile(r1, r2, &(0x7f0000000000)=0x100000, 0x10000) 09:29:08 executing program 2: mknod(&(0x7f0000000000)='./file0\x00', 0x80000000064, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x19) execve(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) 09:29:08 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, 0x0, 0x0) 09:29:08 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='setgroups\x00') 09:29:08 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r0, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) 09:29:08 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000100)={'eql\x00', 0x2fd}) ioctl$TUNSETLINK(r1, 0x400454cd, 0x1030a) ioctl$sock_ifreq(r0, 0x8914, &(0x7f00000000c0)={'eql\x00\x00\x00\xa9[\x00', @ifru_addrs=@nfc}) 09:29:09 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) sysinfo(&(0x7f0000000300)=""/4096) 09:29:09 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, 0x0, 0x0) 09:29:09 executing program 5: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) r1 = dup2(r0, r0) sendmsg$alg(r1, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x81) 09:29:09 executing program 2: mknod(&(0x7f0000000000)='./file0\x00', 0x80000000064, 0x0) execve(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) 09:29:09 executing program 0: shmget(0xffffffffffffffff, 0x1000, 0x0, &(0x7f0000fff000/0x1000)=nil) socket$inet6(0xa, 0x0, 0x0) r0 = gettid() getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) getsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) prctl$PR_GET_ENDIAN(0x13, 0x0) setxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) getsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, 0x0, 0x0) getsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) write$P9_RAUTH(0xffffffffffffffff, 0x0, 0x0) timerfd_create(0x0, 0x0) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) syz_open_procfs$namespace(0x0, 0x0) tkill(r0, 0x1000000000016) 09:29:09 executing program 4: syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, 0x0, 0x0) 09:29:09 executing program 3: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) sendmmsg(r0, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x841) 09:29:09 executing program 5: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_POWER(r0, 0x112, 0x9, 0x0, &(0x7f00000000c0)) 09:29:09 executing program 1: r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0x0, 0x0) close(r0) 09:29:09 executing program 2: mknod(&(0x7f0000000000)='./file0\x00', 0x80000000064, 0x0) execve(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) 09:29:09 executing program 4: syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, 0x0, 0x0) 09:29:09 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x10, 0x3, 0xc) sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="24000000130a070a1dfffd946fa2830020200a0009000200001d85680c1baba20400ff7e28000000110aff", 0x2b}], 0x1}, 0x0) 09:29:09 executing program 4: syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, 0x0, 0x0) 09:29:09 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000000100)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) read(r0, &(0x7f0000000200)=""/13, 0xfffffcf0) write$FUSE_INTERRUPT(r0, &(0x7f0000000140)={0x10}, 0xfffffd2a) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) 09:29:09 executing program 5: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_POWER(r0, 0x112, 0x9, 0x0, &(0x7f00000000c0)) 09:29:09 executing program 0: openat$userio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/userio\x00', 0x4000, 0x0) 09:29:09 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x6, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000200)={0x3, 0x100000000098f909, 0xffffffffffffffff}) 09:29:09 executing program 2: mknod(&(0x7f0000000000)='./file0\x00', 0x80000000064, 0x0) execve(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) 09:29:09 executing program 4: r0 = accept$inet(0xffffffffffffff9c, &(0x7f0000000180)={0x2, 0x0, @broadcast}, &(0x7f00000001c0)=0x10) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000200)=0x8, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000900)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x80000000000201, 0x0) write$binfmt_aout(r2, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r2, 0x40045431, &(0x7f00003b9fdc)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x800000000000}) syz_open_pts(r2, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) fchdir(r3) r4 = creat(&(0x7f0000000000)='./file1\x00', 0x0) fallocate(r4, 0x0, 0xc478, 0x5) write$FUSE_INTERRUPT(r4, &(0x7f0000000080)={0x10}, 0x10) fallocate(r4, 0x1, 0x0, 0x4005eec) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000040)) 09:29:09 executing program 0: 09:29:09 executing program 5: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_POWER(r0, 0x112, 0x9, 0x0, &(0x7f00000000c0)) 09:29:09 executing program 3: 09:29:10 executing program 0: 09:29:10 executing program 3: 09:29:10 executing program 2: prctl$PR_SET_SECUREBITS(0x1c, 0x19) execve(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) 09:29:10 executing program 1: 09:29:10 executing program 5: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_POWER(r0, 0x112, 0x9, 0x0, &(0x7f00000000c0)) 09:29:10 executing program 3: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) openat$smack_thread_current(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/thread-self/attr/current\x00', 0x2, 0x0) write$binfmt_misc(r1, &(0x7f0000000100)=ANY=[], 0xbf3db538) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 09:29:10 executing program 0: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$bt_hci(r0, 0x0, 0x2, 0x0, &(0x7f0000000a80)) 09:29:10 executing program 2: prctl$PR_SET_SECUREBITS(0x1c, 0x19) execve(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) 09:29:10 executing program 4: 09:29:10 executing program 2: prctl$PR_SET_SECUREBITS(0x1c, 0x19) execve(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) 09:29:10 executing program 5: getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, 0x0, &(0x7f00000000c0)) 09:29:10 executing program 0: 09:29:10 executing program 1: 09:29:10 executing program 0: 09:29:10 executing program 5: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) getsockopt$bt_BT_POWER(r0, 0x112, 0x9, 0x0, &(0x7f00000000c0)) 09:29:10 executing program 2: mknod(0x0, 0x80000000064, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x19) execve(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) 09:29:10 executing program 4: 09:29:11 executing program 3: 09:29:11 executing program 5: syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, 0x0, &(0x7f00000000c0)) 09:29:11 executing program 2: mknod(0x0, 0x80000000064, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x19) execve(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) 09:29:11 executing program 0: 09:29:11 executing program 1: 09:29:11 executing program 4: 09:29:11 executing program 1: 09:29:11 executing program 4: 09:29:11 executing program 2: mknod(0x0, 0x80000000064, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x19) execve(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) 09:29:11 executing program 0: 09:29:11 executing program 5: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_POWER(r0, 0x112, 0x9, 0x0, 0x0) 09:29:11 executing program 3: 09:29:11 executing program 4: 09:29:11 executing program 1: 09:29:11 executing program 5: 09:29:11 executing program 0: 09:29:11 executing program 3: 09:29:11 executing program 2: mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x19) execve(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) 09:29:11 executing program 4: 09:29:11 executing program 1: 09:29:11 executing program 3: 09:29:11 executing program 5: 09:29:11 executing program 0: 09:29:11 executing program 4: 09:29:11 executing program 2: mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x19) execve(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) 09:29:11 executing program 0: 09:29:11 executing program 5: 09:29:12 executing program 3: 09:29:12 executing program 1: 09:29:12 executing program 4: 09:29:12 executing program 0: 09:29:12 executing program 5: 09:29:12 executing program 1: 09:29:12 executing program 2: mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x19) execve(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) 09:29:12 executing program 4: 09:29:12 executing program 3: 09:29:12 executing program 5: 09:29:12 executing program 1: 09:29:12 executing program 0: 09:29:12 executing program 2: mknod(&(0x7f0000000000)='./file0\x00', 0x80000000064, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x0) execve(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) 09:29:12 executing program 4: 09:29:12 executing program 3: 09:29:12 executing program 1: 09:29:12 executing program 0: 09:29:12 executing program 5: 09:29:12 executing program 4: 09:29:12 executing program 3: 09:29:12 executing program 5: 09:29:12 executing program 1: 09:29:12 executing program 0: 09:29:12 executing program 2: mknod(&(0x7f0000000000)='./file0\x00', 0x80000000064, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x0) execve(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) 09:29:12 executing program 3: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x0, 0x0, @remote, 0x1}}}, 0x98) 09:29:12 executing program 4: 09:29:12 executing program 5: 09:29:12 executing program 0: 09:29:12 executing program 1: 09:29:12 executing program 4: 09:29:12 executing program 3: r0 = inotify_init1(0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000280)={r1, 0x10, &(0x7f0000000200)={&(0x7f00000004c0)=""/226, 0xe2, 0x0}}, 0x10) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000300)=r3, 0x4) read(r1, &(0x7f0000000000)=""/250, 0x128b9372) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000002c0)={r2, 0x10, &(0x7f00000001c0)={&(0x7f0000000400)=""/129, 0x81, 0xffffffffffffffff}}, 0x10) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000340), 0x4) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000080)={0x0, 0x0}) ptrace$setopts(0x4206, r5, 0x0, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r2, 0x10e, 0x3, &(0x7f0000000600), 0x4) dup3(r2, r4, 0x80000) clone(0x20000000, &(0x7f0000000400), 0x0, 0x0, 0x0) inotify_init1(0x80000) r6 = socket$netlink(0x10, 0x3, 0x14) sendmsg$nl_route(r6, 0x0, 0x0) socket(0x2, 0x80801, 0xea) alarm(0x9) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x1, @dev={0xfe, 0x80, [], 0x1b}}, 0x1c) ptrace(0x4207, r5) write$P9_RXATTRCREATE(r1, &(0x7f00000005c0)={0x7, 0x21, 0x1}, 0x7) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'yam0\x00\x01\x17\x8b\x00', 0x4013}) ptrace$setregset(0x4209, r5, 0x20000004, &(0x7f0000000100)={&(0x7f0000000040)}) 09:29:12 executing program 5: mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) umount2(&(0x7f0000000200)='./file0\x00', 0x4) syz_genetlink_get_family_id$tipc2(0x0) umount2(&(0x7f00000000c0)='./file0\x00', 0x100000000004) 09:29:12 executing program 2: mknod(&(0x7f0000000000)='./file0\x00', 0x80000000064, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x0) execve(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) 09:29:12 executing program 1: 09:29:12 executing program 4: 09:29:13 executing program 0: 09:29:13 executing program 4: 09:29:13 executing program 1: r0 = socket(0x10, 0x2, 0x0) syslog(0x3, &(0x7f00000000c0)=""/147, 0x37a8ec531be3c41f) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='mounts\x00') mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='ramfs\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x800000080000002) 09:29:13 executing program 0: seccomp(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xfffffffffffffffb}]}) r0 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) dup3(r0, r1, 0x0) 09:29:13 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000001000)=""/246) ioctl$EVIOCGREP(r0, 0xc008744c, &(0x7f0000003000)=""/174) 09:29:13 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg(r0, &(0x7f0000002700)={&(0x7f00000001c0)=@in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000000000000]}, 0x3}, 0x80, &(0x7f0000001640)=[{&(0x7f00000003c0)='\x00', 0x1}], 0x1}, 0x45) 09:29:13 executing program 2: mknod(&(0x7f0000000000)='./file0\x00', 0x80000000064, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x19) execve(0x0, 0x0, 0x0) [ 204.084091] audit: type=1326 audit(1545643753.302:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8068 comm="syz-executor0" exe="/root/syz-executor0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a4ca code=0xffff0000 09:29:13 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f00000001c0)='fou\x00') sendmsg$FOU_CMD_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x14, r1, 0x301}, 0x14}}, 0x0) 09:29:13 executing program 2: mknod(&(0x7f0000000000)='./file0\x00', 0x80000000064, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x19) execve(0x0, 0x0, 0x0) 09:29:13 executing program 4: mkdir(&(0x7f0000000380)='./file0\x00', 0x0) mount(0x0, &(0x7f000000aff8)='./file0\x00', &(0x7f0000000000)='ramfs\x00', 0x0, 0x0) 09:29:13 executing program 3: r0 = inotify_init1(0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000280)={r1, 0x10, &(0x7f0000000200)={&(0x7f00000004c0)=""/226, 0xe2, 0x0}}, 0x10) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000300)=r3, 0x4) read(r1, &(0x7f0000000000)=""/250, 0x128b9372) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000002c0)={r2, 0x10, &(0x7f00000001c0)={&(0x7f0000000400)=""/129, 0x81, 0xffffffffffffffff}}, 0x10) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000340), 0x4) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000080)={0x0, 0x0}) ptrace$setopts(0x4206, r5, 0x0, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r2, 0x10e, 0x3, &(0x7f0000000600), 0x4) dup3(r2, r4, 0x80000) clone(0x20000000, &(0x7f0000000400), 0x0, 0x0, 0x0) inotify_init1(0x80000) r6 = socket$netlink(0x10, 0x3, 0x14) sendmsg$nl_route(r6, 0x0, 0x0) socket(0x2, 0x80801, 0xea) alarm(0x9) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x1, @dev={0xfe, 0x80, [], 0x1b}}, 0x1c) ptrace(0x4207, r5) write$P9_RXATTRCREATE(r1, &(0x7f00000005c0)={0x7, 0x21, 0x1}, 0x7) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'yam0\x00\x01\x17\x8b\x00', 0x4013}) ptrace$setregset(0x4209, r5, 0x20000004, &(0x7f0000000100)={&(0x7f0000000040)}) 09:29:13 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="de75e1fe7d087634b214a3765ba0017995103a08917fc2a1", 0x18) 09:29:13 executing program 2: mknod(&(0x7f0000000000)='./file0\x00', 0x80000000064, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x19) execve(0x0, 0x0, 0x0) 09:29:13 executing program 5: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_VOICE(r0, 0x112, 0xb, 0x0, &(0x7f0000000080)) 09:29:13 executing program 4: r0 = socket$unix(0x1, 0x1, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) close(0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) bind$unix(r1, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) getgid() listen(r1, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, 0x0) r2 = accept(r1, 0x0, 0x0) connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) setxattr$security_smack_entry(0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r1, 0x6611) setsockopt$inet_mreq(r2, 0x0, 0x24, &(0x7f0000000140)={@multicast2, @local}, 0x8) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, &(0x7f00000001c0)) write$cgroup_int(r0, 0x0, 0x0) [ 204.773855] audit: type=1326 audit(1545643753.992:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8068 comm="syz-executor0" exe="/root/syz-executor0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a4ca code=0xffff0000 09:29:14 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x180000000000000a) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0xd}, 0x1c) 09:29:14 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f00000001c0)='fou\x00') sendmsg$FOU_CMD_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x14, r1, 0x301}, 0x14}}, 0x0) 09:29:14 executing program 4: r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x202, 0x800000002009) ioctl$TIOCSTI(r0, 0x5412, 0x0) 09:29:14 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000001000)=""/246) 09:29:14 executing program 2: r0 = inotify_init1(0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000280)={r1, 0x10, &(0x7f0000000200)={0x0, 0x0, 0x0}}, 0x10) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000300)=r3, 0x4) read(r1, &(0x7f0000000000)=""/250, 0x128b9372) socketpair$unix(0x1, 0x0, 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000002c0)={r2, 0x0, 0x0}, 0x10) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000340), 0x4) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000080)={0x0, 0x0}) ptrace$setopts(0x4206, r4, 0x0, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r2, 0x10e, 0x3, &(0x7f0000000600)=0xffffffffffffffe8, 0x4) dup3(r2, 0xffffffffffffffff, 0x80000) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r1, 0x400c6615, &(0x7f0000000380)) clone(0x20000000, &(0x7f0000000400), 0x0, 0x0, 0x0) inotify_init1(0x80000) r5 = socket$netlink(0x10, 0x3, 0x14) sendmsg$nl_route(r5, 0x0, 0x0) socket(0x2, 0x80801, 0xea) alarm(0x9) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @dev={0xfe, 0x80, [], 0x1b}}, 0x1c) ptrace(0x4207, r4) write$P9_RXATTRCREATE(r1, &(0x7f00000005c0)={0x7, 0x21, 0x1}, 0x7) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'yam0\x00\x01\x17\x8b\x00', 0x4013}) ptrace$setregset(0x4209, r4, 0x20000004, &(0x7f0000000100)={&(0x7f0000000040)}) 09:29:14 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000200)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000140), 0x1c) 09:29:14 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='clear_refs\x00') perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0xee6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000400)='attr/exec\x00') sendfile(r0, r1, 0x0, 0x1) ioctl$sock_inet_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, 0x0) 09:29:14 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x910, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) faccessat(0xffffffffffffffff, 0x0, 0x21, 0x0) 09:29:14 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r0, &(0x7f0000002ec0)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="05060040000000000000110000000c0009000800010000000001"], 0x1}}, 0x0) 09:29:14 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$inet(0x2, 0x0, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) 09:29:14 executing program 4: syz_open_procfs$namespace(0x0, 0x0) fsetxattr$trusted_overlay_origin(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r0 = socket(0x1, 0x1, 0x0) clock_nanosleep(0x0, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x2, &(0x7f00000000c0), 0x4) 09:29:14 executing program 0: seccomp(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xfffffffffffffffb}]}) r0 = socket$inet(0x2, 0x4000008000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007ff, &(0x7f0000001040)={0x2, 0x4e23, @loopback}, 0x10) recvmsg(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) write$binfmt_elf64(r0, &(0x7f0000004e80)=ANY=[@ANYBLOB="7f"], 0x1) 09:29:14 executing program 1: openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)='\x00', 0xfffffffffffffffd) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x11) wait4(0x0, 0x0, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) 09:29:14 executing program 5: seccomp(0x1, 0x0, 0x0) set_tid_address(0x0) socket$alg(0x26, 0x5, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) semget(0x3, 0x0, 0x0) 09:29:14 executing program 3: ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000340)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x44000) io_setup(0x40000100000003, &(0x7f0000000200)=0x0) r2 = creat(&(0x7f0000000700)='./bus\x00', 0x0) write$P9_RSTATu(r2, &(0x7f0000000c40)=ANY=[@ANYRES32], 0x4) io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 205.243546] audit: type=1326 audit(1545643754.462:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8178 comm="syz-executor0" exe="/root/syz-executor0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a4ca code=0xffff0000 09:29:14 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$kcm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{0x0}], 0x1}, 0x0) recvmsg$kcm(r0, &(0x7f0000001580)={0x0, 0x0, 0x0}, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000280)="2300000052008134dfcab07e108c4b301c9f41321a7b045acf75e58b423c2792ee7306", 0x23}], 0x1}, 0x0) 09:29:14 executing program 4: seccomp(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xfffffffffffffffb}]}) r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mknodat(r0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) 09:29:14 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000240)={0x7bb3, 0x1, 0x2000000000000000}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x8000000000000001) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ppp\x00', 0x60100, 0x0) ioctl$sock_SIOCGIFBR(r1, 0x8940, &(0x7f0000000380)=@add_del={0x2, &(0x7f0000000300)='nr0\x00'}) mkdir(&(0x7f0000000140)='./file0\x00', 0x80) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, &(0x7f00000000c0)={0x0, @aes128, 0x0, "3d3e5bdda61807f0"}) geteuid() prctl$PR_GET_PDEATHSIG(0x2, &(0x7f0000000340)) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='clear_refs\x00') r3 = syz_open_procfs(0x0, &(0x7f0000000180)='stat\x00') sendfile(r2, r3, &(0x7f0000000040), 0x1) 09:29:14 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) lstat(&(0x7f0000000080)='./file0\x00', 0x0) [ 205.583460] audit: type=1326 audit(1545643754.802:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8205 comm="syz-executor4" exe="/root/syz-executor4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a4ca code=0xffff0000 [ 205.690742] netlink: 15 bytes leftover after parsing attributes in process `syz-executor2'. 09:29:15 executing program 2: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = socket$inet(0x10, 0x4000000003, 0x0) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) creat(0x0, 0x0) sendmsg(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)="240000001a0007031dfffd946f610500000000000000fd21fe044095421ba3a20400ff7e280000001100ffffba16a0aa1ce208b3ef090000000000008e3141eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) [ 205.771586] syz-executor3 (8190) used greatest stack depth: 13456 bytes left 09:29:15 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) readlinkat(0xffffffffffffffff, &(0x7f0000000080)='\x00', &(0x7f0000000140)=""/128, 0x80) [ 205.846580] netlink: 8 bytes leftover after parsing attributes in process `syz-executor2'. 09:29:15 executing program 2: mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000ff8)={0x0}) 09:29:15 executing program 3: ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000340)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x44000) io_setup(0x40000100000003, &(0x7f0000000200)=0x0) r2 = creat(&(0x7f0000000700)='./bus\x00', 0x0) write$P9_RSTATu(r2, &(0x7f0000000c40)=ANY=[@ANYRES32], 0x4) io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 206.043270] audit: type=1326 audit(1545643755.262:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8178 comm="syz-executor0" exe="/root/syz-executor0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a4ca code=0xffff0000 09:29:15 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$TUNGETIFF(r0, 0x800454d2, 0x0) 09:29:15 executing program 0: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) getrlimit(0x12, 0x0) 09:29:15 executing program 5: sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0xffffffffffffff17, &(0x7f0000001340), 0x242, &(0x7f000048a000), 0xe40a918602f8a4ea}, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) shutdown(r0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) recvmmsg(r0, &(0x7f0000001300), 0x40000a2, 0x0, &(0x7f00000013c0)={0x0, 0x1c9c380}) dup3(r2, r0, 0x0) 09:29:15 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000806, &(0x7f0000001180)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='sit0\x00', 0x10) sendto$inet(r0, &(0x7f00000003c0), 0xed5f0dd4, 0x0, 0x0, 0x184) shutdown(r0, 0x400000000000001) ioctl$TIOCLINUX7(0xffffffffffffffff, 0x541c, 0x0) [ 206.382141] audit: type=1326 audit(1545643755.602:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8205 comm="syz-executor4" exe="/root/syz-executor4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a4ca code=0xffff0000 09:29:15 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f0000001300), 0x40000a2, 0x0, &(0x7f00000013c0)={0x0, 0x1c9c380}) 09:29:15 executing program 5: sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0xffffffffffffff17, &(0x7f0000001340), 0x242, &(0x7f000048a000), 0xe40a918602f8a4ea}, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) shutdown(r0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) recvmmsg(r0, &(0x7f0000001300), 0x40000a2, 0x0, &(0x7f00000013c0)={0x0, 0x1c9c380}) dup3(r2, r0, 0x0) [ 206.761955] syz-executor3 (8232) used greatest stack depth: 13304 bytes left 09:29:16 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f0000001300), 0x40000a2, 0x0, &(0x7f00000013c0)={0x0, 0x1c9c380}) 09:29:16 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$IP_VS_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x481, 0x0, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x0, 0x0) write$P9_RWRITE(0xffffffffffffffff, 0x0, 0x1f8) dup3(r0, r1, 0x0) ioctl$TIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) write$P9_RREMOVE(r1, 0x0, 0x0) 09:29:16 executing program 5: sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0xffffffffffffff17, &(0x7f0000001340), 0x242, &(0x7f000048a000), 0xe40a918602f8a4ea}, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) shutdown(r0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) recvmmsg(r0, &(0x7f0000001300), 0x40000a2, 0x0, &(0x7f00000013c0)={0x0, 0x1c9c380}) dup3(r2, r0, 0x0) 09:29:16 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x13, &(0x7f0000000080)={@remote, @remote, [], {@mpls_uc={0x8847, {[{}], @llc={@snap={0x0, 0x0, '\r', "e5de92"}}}}}}, 0x0) 09:29:16 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000240)={0x7bb3, 0x1, 0x2000000000000000}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x8000000000000001) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ppp\x00', 0x60100, 0x0) ioctl$sock_SIOCGIFBR(r1, 0x8940, &(0x7f0000000380)=@add_del={0x2, &(0x7f0000000300)='nr0\x00'}) mkdir(&(0x7f0000000140)='./file0\x00', 0x80) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, &(0x7f00000000c0)={0x0, @aes128, 0x0, "3d3e5bdda61807f0"}) geteuid() prctl$PR_GET_PDEATHSIG(0x2, &(0x7f0000000340)) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='clear_refs\x00') r3 = syz_open_procfs(0x0, &(0x7f0000000180)='stat\x00') sendfile(r2, r3, &(0x7f0000000040), 0x1) 09:29:16 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00004f9fe4)={0x9, 0x4, 0x4, 0x5}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000000)={r0, &(0x7f00000001c0), 0x0}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000040)={r0, &(0x7f00000001c0), 0x0}, 0x18) 09:29:17 executing program 5: sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0xffffffffffffff17, &(0x7f0000001340), 0x242, &(0x7f000048a000), 0xe40a918602f8a4ea}, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) shutdown(r0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) recvmmsg(r0, &(0x7f0000001300), 0x40000a2, 0x0, &(0x7f00000013c0)={0x0, 0x1c9c380}) dup3(r2, r0, 0x0) 09:29:17 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f0000001300), 0x40000a2, 0x0, &(0x7f00000013c0)={0x0, 0x1c9c380}) 09:29:17 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000240)={0x7bb3, 0x1, 0x2000000000000000}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x8000000000000001) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ppp\x00', 0x60100, 0x0) ioctl$sock_SIOCGIFBR(r1, 0x8940, &(0x7f0000000380)=@add_del={0x2, &(0x7f0000000300)='nr0\x00'}) mkdir(&(0x7f0000000140)='./file0\x00', 0x80) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, &(0x7f00000000c0)={0x0, @aes128, 0x0, "3d3e5bdda61807f0"}) geteuid() prctl$PR_GET_PDEATHSIG(0x2, &(0x7f0000000340)) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='clear_refs\x00') r3 = syz_open_procfs(0x0, &(0x7f0000000180)='stat\x00') sendfile(r2, r3, &(0x7f0000000040), 0x1) 09:29:17 executing program 2: fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1000000000002, 0x0) fcntl$addseals(0xffffffffffffffff, 0x409, 0x0) ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f00000002c0)="317a7e9876e66eb0535e659de1a0fe3d48d26e8e7018284f61015ee9ee191091860617dc8f955273489c0f4a199b6ce111263108489dadc56a2a2546b4027f73010328a3f115aa9652874d800c87738c6dc40884c97813c9bdc63122f7c4d192f6ec53cfabd6899bf25924555ceadf027aeb8c66ae3c256b0e1f93bf3b6a7862d96869ec15174937584e48fca1a9d2588d93f297af647033d53aca3ac8fbaeed17d70678fab5a03a4424293fc0c3b00d0b1b1b7c8b7928bc0d2f04a1bea12a2d38d49a462c0a48bf43b3bc854c6bc1fecac5550f9a176900e0d5bbb2545d3d29abb13cf4282e4099972983dd767cc1b2da6c630b03f434e899ce004f2e6e53ee") sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f0000000180), 0x1, 0x0, 0x0, 0x4000000}, 0x800) unshare(0x40000000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x80003, 0x3) sendto$inet(r1, 0x0, 0x0, 0x0, &(0x7f0000000280), 0x10) recvmmsg(r1, &(0x7f00000004c0)=[{{&(0x7f0000000400)=@ethernet={0x0, @dev}, 0x0, &(0x7f0000000480)}}], 0x6fdaec, 0x22, 0x0) 09:29:17 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000100)='clear_refs\x00') lseek(r0, 0x0, 0x0) [ 207.989445] IPVS: ftp: loaded support on port[0] = 21 09:29:17 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f0000001300), 0x40000a2, 0x0, &(0x7f00000013c0)={0x0, 0x1c9c380}) 09:29:17 executing program 5: sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0xffffffffffffff17, &(0x7f0000001340), 0x242, &(0x7f000048a000), 0xe40a918602f8a4ea}, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) shutdown(r0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socket$inet6_udplite(0xa, 0x2, 0x88) recvmmsg(r0, &(0x7f0000001300), 0x40000a2, 0x0, &(0x7f00000013c0)={0x0, 0x1c9c380}) 09:29:17 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'nr0\x01\x00', 0x801}) write$cgroup_type(r0, &(0x7f0000001900)='th\b\x00aded\x00', 0xfdef) 09:29:17 executing program 5: sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0xffffffffffffff17, &(0x7f0000001340), 0x242, &(0x7f000048a000), 0xe40a918602f8a4ea}, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) shutdown(r0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) recvmmsg(r0, &(0x7f0000001300), 0x40000a2, 0x0, &(0x7f00000013c0)={0x0, 0x1c9c380}) 09:29:17 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x10, 0x800000000002, 0x0) socket$kcm(0x29, 0x7, 0x0) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="2e0000001a008100a00f80ecdb4cb904024865160b000000d4126efb12000300ac14141d40d819a9ffe200000000", 0x2e}], 0x1}, 0x0) [ 208.458307] netlink: 'syz-executor4': attribute type 3 has an invalid length. [ 208.536561] netlink: 'syz-executor4': attribute type 3 has an invalid length. [ 208.573249] IPVS: ftp: loaded support on port[0] = 21 09:29:19 executing program 1: 09:29:19 executing program 3: 09:29:19 executing program 5: sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0xffffffffffffff17, &(0x7f0000001340), 0x242, &(0x7f000048a000), 0xe40a918602f8a4ea}, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) shutdown(r0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) recvmmsg(r0, &(0x7f0000001300), 0x40000a2, 0x0, &(0x7f00000013c0)={0x0, 0x1c9c380}) 09:29:19 executing program 4: 09:29:19 executing program 0: 09:29:20 executing program 2: fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1000000000002, 0x0) fcntl$addseals(0xffffffffffffffff, 0x409, 0x0) ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f00000002c0)="317a7e9876e66eb0535e659de1a0fe3d48d26e8e7018284f61015ee9ee191091860617dc8f955273489c0f4a199b6ce111263108489dadc56a2a2546b4027f73010328a3f115aa9652874d800c87738c6dc40884c97813c9bdc63122f7c4d192f6ec53cfabd6899bf25924555ceadf027aeb8c66ae3c256b0e1f93bf3b6a7862d96869ec15174937584e48fca1a9d2588d93f297af647033d53aca3ac8fbaeed17d70678fab5a03a4424293fc0c3b00d0b1b1b7c8b7928bc0d2f04a1bea12a2d38d49a462c0a48bf43b3bc854c6bc1fecac5550f9a176900e0d5bbb2545d3d29abb13cf4282e4099972983dd767cc1b2da6c630b03f434e899ce004f2e6e53ee") sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f0000000180), 0x1, 0x0, 0x0, 0x4000000}, 0x800) unshare(0x40000000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x80003, 0x3) sendto$inet(r1, 0x0, 0x0, 0x0, &(0x7f0000000280), 0x10) recvmmsg(r1, &(0x7f00000004c0)=[{{&(0x7f0000000400)=@ethernet={0x0, @dev}, 0x0, &(0x7f0000000480)}}], 0x6fdaec, 0x22, 0x0) 09:29:20 executing program 4: 09:29:20 executing program 3: 09:29:20 executing program 5: sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0xffffffffffffff17, &(0x7f0000001340), 0x242, &(0x7f000048a000), 0xe40a918602f8a4ea}, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) shutdown(r0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) recvmmsg(r0, &(0x7f0000001300), 0x40000a2, 0x0, &(0x7f00000013c0)={0x0, 0x1c9c380}) 09:29:20 executing program 1: 09:29:20 executing program 0: 09:29:21 executing program 3: 09:29:21 executing program 0: 09:29:21 executing program 4: 09:29:21 executing program 1: [ 211.792561] IPVS: ftp: loaded support on port[0] = 21 09:29:21 executing program 0: 09:29:21 executing program 5: sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0xffffffffffffff17, &(0x7f0000001340), 0x242, &(0x7f000048a000), 0xe40a918602f8a4ea}, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) shutdown(r0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) recvmmsg(r0, &(0x7f0000001300), 0x40000a2, 0x0, &(0x7f00000013c0)={0x0, 0x1c9c380}) 09:29:21 executing program 2: 09:29:21 executing program 4: 09:29:21 executing program 5: sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0xffffffffffffff17, &(0x7f0000001340), 0x242, &(0x7f000048a000), 0xe40a918602f8a4ea}, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) shutdown(r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) recvmmsg(r0, &(0x7f0000001300), 0x40000a2, 0x0, &(0x7f00000013c0)={0x0, 0x1c9c380}) 09:29:21 executing program 3: 09:29:21 executing program 1: 09:29:21 executing program 0: 09:29:21 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f0000001300), 0x40000a2, 0x0, &(0x7f00000013c0)={0x0, 0x1c9c380}) 09:29:21 executing program 4: seccomp(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xfffffffffffffffb}]}) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) 09:29:21 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = creat(0x0, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(r1, 0x8905, 0x0) r2 = epoll_create1(0x0) fsetxattr$trusted_overlay_nlink(0xffffffffffffffff, 0x0, 0x0, 0x87b, 0x0) ioctl$KDGETLED(r2, 0x4b31, 0x0) epoll_wait(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = dup3(r0, r2, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) setsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) gettid() write$P9_RGETLOCK(r3, 0x0, 0x0) write$P9_RXATTRWALK(0xffffffffffffffff, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) 09:29:21 executing program 3: prlimit64(0x0, 0xb, &(0x7f0000000000), 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timer_create(0x0, 0x0, 0x0) 09:29:21 executing program 5: sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0xffffffffffffff17, &(0x7f0000001340), 0x242, &(0x7f000048a000), 0xe40a918602f8a4ea}, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) shutdown(r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) recvmmsg(r0, &(0x7f0000001300), 0x40000a2, 0x0, &(0x7f00000013c0)={0x0, 0x1c9c380}) 09:29:21 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) semget$private(0x0, 0x0, 0x0) [ 212.333400] audit: type=1326 audit(1545643761.552:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8377 comm="syz-executor4" exe="/root/syz-executor4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a4ca code=0xffff0000 09:29:21 executing program 5: sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0xffffffffffffff17, &(0x7f0000001340), 0x242, &(0x7f000048a000), 0xe40a918602f8a4ea}, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) shutdown(r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) recvmmsg(r0, &(0x7f0000001300), 0x40000a2, 0x0, &(0x7f00000013c0)={0x0, 0x1c9c380}) 09:29:21 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0xa0003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffc, 0x0, 0x820000, 0x0, 0x0, [0x8000000000000000]}, 0x2c) 09:29:21 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0) 09:29:21 executing program 3: r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, "21ba778639951bd6ea198d703c20a4f27d63e62bf44f75ad34e42dad9bf7773bcdce30253e2fefde90b1fcc3fa1ca998e28ec0507a0b03b5a727d110ccd3a1f2", "43ac665b5b12de13e2dbf5838161bc98fb18bc562226473e3df017fd675556cfe5b0ee5e68233634ca6524e747adf28e8c6a73313f8b6849860852ab9478b563", "7cc569066c10dfd5e15200ab8839425386a6d67794682c13ca2e7d83afca5deb"}) 09:29:21 executing program 1: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000000c0)={@loopback, @local, @ipv4={[], [], @dev}, 0x0, 0x0, 0x0, 0x400000000001a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x21, r0, 0x0, 0x0) 09:29:21 executing program 3: mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='proc\x00', 0x0, 0x0) open(&(0x7f0000000000)='./file0/bus\x00', 0x0, 0x0) 09:29:21 executing program 2: perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x85a, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r1, 0xae44, 0xd42f) [ 212.711871] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 213.104425] audit: type=1326 audit(1545643762.322:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8377 comm="syz-executor4" exe="/root/syz-executor4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a4ca code=0xffff0000 09:29:22 executing program 4: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dsp\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffff9c, 0x84, 0x1a, 0x0, &(0x7f00000001c0)) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r3, 0x84, 0x1a, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r3, 0x84, 0x1a, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r3, 0x84, 0x73, 0x0, 0xfffffffffffffffe) ioctl$KVM_RUN(r2, 0xae80, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r3, 0x29, 0x1, &(0x7f00000002c0), 0x4) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x3, 0x0, @dev, 0x7}, 0x1c) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3) delete_module(&(0x7f0000000340)='\x00', 0x200) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendto$inet(r3, 0x0, 0x0, 0x8000, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, &(0x7f0000000000)=0x200) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r4, 0x0) 09:29:22 executing program 5: sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0xffffffffffffff17, &(0x7f0000001340), 0x242, &(0x7f000048a000), 0xe40a918602f8a4ea}, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) recvmmsg(r0, &(0x7f0000001300), 0x40000a2, 0x0, &(0x7f00000013c0)={0x0, 0x1c9c380}) 09:29:22 executing program 1: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000000c0)={@loopback, @local, @ipv4={[], [], @dev}, 0x0, 0x0, 0x0, 0x400000000001a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x21, r0, 0x0, 0x0) 09:29:22 executing program 0: msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88)) msgsnd(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="03"], 0x1, 0x0) msgrcv(0x0, &(0x7f0000000100)={0x0, ""/237}, 0xf5, 0x0, 0x0) socketpair$unix(0x1, 0x40100000005, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000700)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}) 09:29:22 executing program 3: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0x3f) recvfrom$unix(r2, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = getpgid(0x0) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) fcntl$setown(r1, 0x8, r3) tkill(r0, 0x16) 09:29:22 executing program 2: r0 = socket$nl_xfrm(0x11, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000240)={0x11, 0x0, r1}, 0x14) syz_emit_ethernet(0x1, &(0x7f0000000280)=ANY=[@ANYBLOB="0180c20f4b0207f96350c3000600"], 0x0) 09:29:22 executing program 0: seccomp(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xfffffffffffffffb}]}) timer_create(0x0, 0x0, &(0x7f0000000100)) timer_getoverrun(0x0) [ 213.267295] ================================================================== [ 213.274906] BUG: KASAN: slab-out-of-bounds in fpstate_init+0x50/0x160 [ 213.281518] Write of size 832 at addr ffff8881b68afbc0 by task syz-executor4/8444 [ 213.289151] [ 213.290802] CPU: 1 PID: 8444 Comm: syz-executor4 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 213.299319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 213.308708] Call Trace: [ 213.311318] dump_stack+0x244/0x39d [ 213.314977] ? dump_stack_print_info.cold.1+0x20/0x20 [ 213.320171] ? printk+0xa7/0xcf [ 213.323465] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 213.328250] print_address_description.cold.4+0x9/0x1ff [ 213.333634] ? fpstate_init+0x50/0x160 [ 213.337538] kasan_report.cold.5+0x1b/0x39 [ 213.341788] ? fpstate_init+0x50/0x160 [ 213.345698] ? fpstate_init+0x50/0x160 [ 213.349603] check_memory_region+0x13e/0x1b0 [ 213.354025] memset+0x23/0x40 [ 213.357145] fpstate_init+0x50/0x160 [ 213.360870] kvm_arch_vcpu_init+0x3e9/0x870 [ 213.365263] kvm_vcpu_init+0x2fa/0x420 [ 213.369178] ? vcpu_stat_get+0x300/0x300 [ 213.373262] ? kmem_cache_alloc+0x33f/0x730 [ 213.377604] vmx_create_vcpu+0x1b7/0x2695 [ 213.381774] ? perf_trace_sched_process_exec+0x860/0x860 [ 213.387249] ? do_raw_spin_unlock+0xa7/0x330 [ 213.391681] ? vmx_exec_control+0x210/0x210 [ 213.396023] ? kasan_check_write+0x14/0x20 [ 213.400274] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 213.405225] ? futex_wait_queue_me+0x55d/0x840 [ 213.409839] ? wait_for_completion+0x8a0/0x8a0 [ 213.414442] ? print_usage_bug+0xc0/0xc0 [ 213.418531] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 213.424079] ? get_futex_value_locked+0xcb/0xf0 [ 213.428763] kvm_arch_vcpu_create+0xe5/0x220 [ 213.433212] ? kvm_arch_vcpu_free+0x90/0x90 [ 213.437558] kvm_vm_ioctl+0x526/0x2030 [ 213.441457] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 213.446574] ? futex_wait+0x5ec/0xa50 [ 213.450397] ? kvm_unregister_device_ops+0x70/0x70 [ 213.455359] ? mark_held_locks+0x130/0x130 [ 213.459616] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 213.464821] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 213.469940] ? futex_wake+0x304/0x760 [ 213.473774] ? __lock_acquire+0x62f/0x4c20 [ 213.478044] ? mark_held_locks+0x130/0x130 [ 213.482292] ? graph_lock+0x270/0x270 [ 213.486105] ? do_futex+0x249/0x26d0 [ 213.489832] ? kasan_check_read+0x11/0x20 [ 213.493994] ? do_raw_spin_unlock+0xa7/0x330 [ 213.498414] ? do_raw_spin_trylock+0x270/0x270 [ 213.503023] ? find_held_lock+0x36/0x1c0 [ 213.507111] ? __fget+0x4aa/0x740 [ 213.510577] ? lock_downgrade+0x900/0x900 [ 213.514746] ? check_preemption_disabled+0x48/0x280 [ 213.519783] ? kasan_check_read+0x11/0x20 [ 213.523945] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 213.529245] ? rcu_read_unlock_special+0x370/0x370 [ 213.534210] ? __fget+0x4d1/0x740 [ 213.537691] ? ksys_dup3+0x680/0x680 [ 213.541428] ? __might_fault+0x12b/0x1e0 [ 213.545505] ? lock_downgrade+0x900/0x900 [ 213.549668] ? lock_release+0xa00/0xa00 [ 213.553654] ? perf_trace_sched_process_exec+0x860/0x860 [ 213.559122] ? kvm_unregister_device_ops+0x70/0x70 [ 213.564077] do_vfs_ioctl+0x1de/0x1790 [ 213.567984] ? ioctl_preallocate+0x300/0x300 [ 213.572413] ? __fget_light+0x2e9/0x430 [ 213.576404] ? fget_raw+0x20/0x20 [ 213.579866] ? _copy_to_user+0xc8/0x110 [ 213.583855] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 213.589413] ? put_timespec64+0x10f/0x1b0 [ 213.593593] ? nsecs_to_jiffies+0x30/0x30 [ 213.597766] ? do_syscall_64+0x9a/0x820 [ 213.601757] ? do_syscall_64+0x9a/0x820 [ 213.605745] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 213.610347] ? security_file_ioctl+0x94/0xc0 [ 213.614770] ksys_ioctl+0xa9/0xd0 [ 213.618241] __x64_sys_ioctl+0x73/0xb0 [ 213.622134] do_syscall_64+0x1b9/0x820 [ 213.626040] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 213.631428] ? syscall_return_slowpath+0x5e0/0x5e0 [ 213.636371] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 213.641244] ? trace_hardirqs_on_caller+0x310/0x310 [ 213.646280] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 213.651317] ? prepare_exit_to_usermode+0x291/0x3b0 [ 213.656356] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 213.661244] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 213.666448] RIP: 0033:0x457669 [ 213.669652] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 213.689066] RSP: 002b:00007ff0645d4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 213.696791] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 213.704079] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 213.711367] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 213.718655] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff0645d56d4 [ 213.725937] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 213.733242] [ 213.734884] Allocated by task 8444: [ 213.738522] save_stack+0x43/0xd0 [ 213.741981] kasan_kmalloc+0xcb/0xd0 [ 213.745701] kasan_slab_alloc+0x12/0x20 [ 213.749690] kmem_cache_alloc+0x130/0x730 [ 213.753857] vmx_create_vcpu+0x110/0x2695 [ 213.758016] kvm_arch_vcpu_create+0xe5/0x220 [ 213.762448] kvm_vm_ioctl+0x526/0x2030 [ 213.766348] do_vfs_ioctl+0x1de/0x1790 [ 213.770255] ksys_ioctl+0xa9/0xd0 [ 213.773723] __x64_sys_ioctl+0x73/0xb0 [ 213.777620] do_syscall_64+0x1b9/0x820 [ 213.781521] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 213.786712] [ 213.788351] Freed by task 0: [ 213.791368] (stack is not available) [ 213.795079] [ 213.796712] The buggy address belongs to the object at ffff8881b68afb80 [ 213.796712] which belongs to the cache x86_fpu of size 832 [ 213.809046] The buggy address is located 64 bytes inside of [ 213.809046] 832-byte region [ffff8881b68afb80, ffff8881b68afec0) [ 213.820839] The buggy address belongs to the page: [ 213.825816] page:ffffea0006da2bc0 count:1 mapcount:0 mapping:ffff8881d55a9000 index:0x0 [ 213.833977] flags: 0x2fffc0000000200(slab) [ 213.838253] raw: 02fffc0000000200 ffff8881d4d37a48 ffff8881d4d37a48 ffff8881d55a9000 [ 213.846160] raw: 0000000000000000 ffff8881b68af040 0000000100000004 0000000000000000 [ 213.854058] page dumped because: kasan: bad access detected [ 213.859778] [ 213.861417] Memory state around the buggy address: [ 213.866356] ffff8881b68afd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 213.873736] ffff8881b68afe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 213.881114] >ffff8881b68afe80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 213.888485] ^ [ 213.893955] ffff8881b68aff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 213.901333] ffff8881b68aff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 213.908700] ================================================================== [ 213.916088] Disabling lock debugging due to kernel taint [ 213.949335] audit: type=1326 audit(1545643763.172:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8450 comm="syz-executor0" exe="/root/syz-executor0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a4ca code=0xffff0000 [ 213.971322] Kernel panic - not syncing: panic_on_warn set ... [ 213.977261] CPU: 1 PID: 8444 Comm: syz-executor4 Tainted: G B 4.20.0-rc6-next-20181217+ #172 [ 213.987161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 213.996525] Call Trace: [ 213.999138] dump_stack+0x244/0x39d [ 214.002790] ? dump_stack_print_info.cold.1+0x20/0x20 [ 214.008005] ? fpstate_init+0x30/0x160 [ 214.011917] panic+0x2ad/0x632 [ 214.015128] ? add_taint.cold.5+0x16/0x16 [ 214.019303] ? preempt_schedule+0x4d/0x60 [ 214.023463] ? ___preempt_schedule+0x16/0x18 [ 214.027886] ? trace_hardirqs_on+0xb4/0x310 [ 214.032237] ? fpstate_init+0x50/0x160 [ 214.036143] end_report+0x47/0x4f [ 214.039626] kasan_report.cold.5+0xe/0x39 [ 214.043788] ? fpstate_init+0x50/0x160 [ 214.047701] ? fpstate_init+0x50/0x160 [ 214.051610] check_memory_region+0x13e/0x1b0 [ 214.056126] memset+0x23/0x40 [ 214.059253] fpstate_init+0x50/0x160 [ 214.062982] kvm_arch_vcpu_init+0x3e9/0x870 [ 214.067330] kvm_vcpu_init+0x2fa/0x420 [ 214.071254] ? vcpu_stat_get+0x300/0x300 [ 214.075337] ? kmem_cache_alloc+0x33f/0x730 [ 214.079683] vmx_create_vcpu+0x1b7/0x2695 [ 214.083864] ? perf_trace_sched_process_exec+0x860/0x860 [ 214.089337] ? do_raw_spin_unlock+0xa7/0x330 [ 214.093770] ? vmx_exec_control+0x210/0x210 [ 214.098114] ? kasan_check_write+0x14/0x20 [ 214.102368] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 214.107316] ? futex_wait_queue_me+0x55d/0x840 [ 214.111918] ? wait_for_completion+0x8a0/0x8a0 [ 214.116527] ? print_usage_bug+0xc0/0xc0 [ 214.120620] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 214.126165] ? get_futex_value_locked+0xcb/0xf0 [ 214.130864] kvm_arch_vcpu_create+0xe5/0x220 [ 214.135291] ? kvm_arch_vcpu_free+0x90/0x90 [ 214.139637] kvm_vm_ioctl+0x526/0x2030 [ 214.143539] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 214.148661] ? futex_wait+0x5ec/0xa50 [ 214.152478] ? kvm_unregister_device_ops+0x70/0x70 [ 214.157426] ? mark_held_locks+0x130/0x130 [ 214.161681] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 214.166893] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 214.172012] ? futex_wake+0x304/0x760 [ 214.175841] ? __lock_acquire+0x62f/0x4c20 [ 214.180108] ? mark_held_locks+0x130/0x130 [ 214.184364] ? graph_lock+0x270/0x270 [ 214.188178] ? do_futex+0x249/0x26d0 [ 214.191912] ? kasan_check_read+0x11/0x20 [ 214.196076] ? do_raw_spin_unlock+0xa7/0x330 [ 214.200518] ? do_raw_spin_trylock+0x270/0x270 [ 214.205123] ? find_held_lock+0x36/0x1c0 [ 214.209223] ? __fget+0x4aa/0x740 [ 214.212699] ? lock_downgrade+0x900/0x900 [ 214.216862] ? check_preemption_disabled+0x48/0x280 [ 214.221887] ? kasan_check_read+0x11/0x20 [ 214.226040] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 214.231346] ? rcu_read_unlock_special+0x370/0x370 [ 214.236297] ? __fget+0x4d1/0x740 [ 214.239770] ? ksys_dup3+0x680/0x680 [ 214.243505] ? __might_fault+0x12b/0x1e0 [ 214.247586] ? lock_downgrade+0x900/0x900 [ 214.251750] ? lock_release+0xa00/0xa00 [ 214.255741] ? perf_trace_sched_process_exec+0x860/0x860 [ 214.261216] ? kvm_unregister_device_ops+0x70/0x70 [ 214.266157] do_vfs_ioctl+0x1de/0x1790 [ 214.270065] ? ioctl_preallocate+0x300/0x300 [ 214.274489] ? __fget_light+0x2e9/0x430 [ 214.278471] ? fget_raw+0x20/0x20 [ 214.281933] ? _copy_to_user+0xc8/0x110 [ 214.285920] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 214.291479] ? put_timespec64+0x10f/0x1b0 [ 214.295647] ? nsecs_to_jiffies+0x30/0x30 [ 214.299813] ? do_syscall_64+0x9a/0x820 [ 214.303801] ? do_syscall_64+0x9a/0x820 [ 214.307789] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 214.312386] ? security_file_ioctl+0x94/0xc0 [ 214.316808] ksys_ioctl+0xa9/0xd0 [ 214.320268] __x64_sys_ioctl+0x73/0xb0 [ 214.324163] do_syscall_64+0x1b9/0x820 [ 214.328064] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 214.333447] ? syscall_return_slowpath+0x5e0/0x5e0 [ 214.338394] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 214.343257] ? trace_hardirqs_on_caller+0x310/0x310 [ 214.348291] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 214.353324] ? prepare_exit_to_usermode+0x291/0x3b0 [ 214.358360] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 214.363231] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 214.368429] RIP: 0033:0x457669 [ 214.371631] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 214.390545] RSP: 002b:00007ff0645d4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 214.398267] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 214.405553] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 214.412834] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 214.420130] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff0645d56d4 [ 214.427413] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 214.435733] Kernel Offset: disabled [ 214.439369] Rebooting in 86400 seconds..