INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.14' (ECDSA) to the list of known hosts. 2018/04/21 01:46:35 fuzzer started 2018/04/21 01:46:36 dialing manager at 10.128.0.26:39431 syzkaller login: [ 50.588547] can: request_module (can-proto-0) failed. [ 50.597797] can: request_module (can-proto-0) failed. 2018/04/21 01:47:00 kcov=true, comps=true 2018/04/21 01:47:02 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast=0xffffffff}, 0x10) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000005c0)={@in={{0x2, 0x0, @loopback=0x7f000001}}, 0x0, 0x0, 0x0, "568ba1532d9fa4a4a0b2ac7fed1ba5df6183c56aab4b149a87b45ecde423213c30734da7de0daefc4f85152077b0196e06e5a1d95840e8dc7eb18f5f2781abadec7c9d4ef97335343396d95c6c3a63db"}, 0xd8) io_setup(0x0, &(0x7f0000000500)) sendto$inet(r0, &(0x7f0000e9bf14), 0x0, 0x200007ff, &(0x7f0000deaff0)={0x2, 0x1000000000004e23}, 0x10) sendto$inet(r0, &(0x7f0000000380)="a8f1be5355d740ca6791da215ccd133c71adeb2c8c48541886fc7f32f5a881b45c66e024efb19d9c7813c871d7de2918bcac611cda57e57831a5621a5ac287de49deff1e43934b0bd06a6fb63d5120773797ad4cbede5e398e5ff92426e6f668b2723c2a516d6791125695666a9a0f487936c2959fd358f89617", 0x7a, 0x0, &(0x7f0000000040)={0x2, 0x0, @broadcast=0xffffffff}, 0x10) sendto$inet(r0, &(0x7f0000000180)="ea", 0x1, 0x0, &(0x7f0000000340)={0x2, 0x0, @loopback=0x7f000001}, 0x10) 2018/04/21 01:47:02 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x40, r1, 0x601, 0x0, 0x0, {0x1}, [@IPVS_CMD_ATTR_SERVICE={0x2c, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0xc, 0x6, 'lblc\x00'}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5}]}]}, 0x40}, 0x1}, 0x0) 2018/04/21 01:47:02 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000340)) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000003c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) 2018/04/21 01:47:02 executing program 4: r0 = syz_open_dev$usbmon(&(0x7f0000bf5ff3)='/dev/usbmon#\x00', 0x0, 0x0) preadv(r0, &(0x7f0000215fc0)=[{&(0x7f000087ef6a)=""/1, 0x1}], 0x1, 0x0) preadv(r0, &(0x7f00000000c0)=[{&(0x7f00002ac000)=""/106, 0x6a}], 0x100000000000025a, 0x0) timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080)) r1 = getpgid(0x0) tkill(r1, 0x15) 2018/04/21 01:47:02 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000000000/0xff7000)=nil, 0xff7000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000000)) 2018/04/21 01:47:02 executing program 5: r0 = socket(0x18, 0x0, 0x1) sendmmsg(0xffffffffffffffff, &(0x7f0000004fc4)=[{{&(0x7f0000003000)=@in6={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}, 0x80, &(0x7f0000004fa0)=[{&(0x7f0000002000)="4c5614c00401a0dbf8a669ebdedd102c4f7a79e606457dfdf09e2ec2ed253b", 0x1f}], 0x1, &(0x7f0000002d30)}}], 0x1, 0x0) connect(r0, &(0x7f0000002000)=@sco={0x1f, {0x1}}, 0x26) getsockopt$sock_buf(r0, 0x1, 0x1c, &(0x7f00000000c0)=""/20, &(0x7f0000000100)=0x14) 2018/04/21 01:47:02 executing program 6: perf_event_open(&(0x7f0000220000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r0, &(0x7f0000dc0000)=[{&(0x7f000094a000)=""/4096, 0x1224}], 0x1) dup2(r0, r1) 2018/04/21 01:47:02 executing program 3: perf_event_open(&(0x7f0000348f88)={0x2, 0x2c9, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000e23000), &(0x7f0000000000), &(0x7f000057d000), &(0x7f0000a06000)) [ 54.546224] IPVS: ftp: loaded support on port[0] = 21 [ 54.556477] IPVS: ftp: loaded support on port[0] = 21 [ 54.561736] IPVS: ftp: loaded support on port[0] = 21 [ 54.574278] IPVS: ftp: loaded support on port[0] = 21 [ 54.594093] IPVS: ftp: loaded support on port[0] = 21 [ 54.601791] IPVS: ftp: loaded support on port[0] = 21 [ 54.627338] IPVS: ftp: loaded support on port[0] = 21 [ 54.651738] IPVS: ftp: loaded support on port[0] = 21 [ 56.706921] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.713468] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.743274] device bridge_slave_0 entered promiscuous mode [ 56.775286] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.781682] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.793284] device bridge_slave_0 entered promiscuous mode [ 56.815151] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.821558] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.840711] device bridge_slave_0 entered promiscuous mode [ 56.850538] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.856911] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.864910] device bridge_slave_0 entered promiscuous mode [ 56.872704] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.879096] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.891244] device bridge_slave_0 entered promiscuous mode [ 56.901616] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.908093] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.920407] device bridge_slave_0 entered promiscuous mode [ 56.930369] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.936747] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.952182] device bridge_slave_1 entered promiscuous mode [ 56.960874] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.967244] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.974788] device bridge_slave_1 entered promiscuous mode [ 56.994183] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.000552] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.027696] device bridge_slave_0 entered promiscuous mode [ 57.037472] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.043867] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.054695] device bridge_slave_1 entered promiscuous mode [ 57.063166] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.069551] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.076909] device bridge_slave_1 entered promiscuous mode [ 57.084894] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.091281] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.102638] device bridge_slave_1 entered promiscuous mode [ 57.110675] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 57.120782] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.127181] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.136872] device bridge_slave_0 entered promiscuous mode [ 57.147045] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.153462] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.162863] device bridge_slave_1 entered promiscuous mode [ 57.180390] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 57.189937] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 57.200406] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 57.209382] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 57.216604] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.222985] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.255299] device bridge_slave_1 entered promiscuous mode [ 57.275177] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 57.284176] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.290572] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.314890] device bridge_slave_1 entered promiscuous mode [ 57.323129] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 57.339112] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 57.350819] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 57.358250] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 57.386552] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 57.393918] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 57.484975] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 57.493951] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 57.502656] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 57.593170] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 57.626745] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 57.710533] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 57.733994] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 57.787651] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 57.810424] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 57.832789] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 57.900185] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 57.909180] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 57.926995] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 57.941452] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 57.978265] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 57.990320] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 58.034008] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 58.073267] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 58.129783] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 58.211108] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 58.224297] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 58.232202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 58.246427] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 58.270116] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 58.278691] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 58.285556] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 58.293819] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 58.302728] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 58.310367] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 58.317258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 58.331426] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 58.349145] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 58.361546] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 58.377640] team0: Port device team_slave_0 added [ 58.433005] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 58.440093] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 58.494565] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 58.501582] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 58.522148] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 58.539745] team0: Port device team_slave_1 added [ 58.655480] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 58.662458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 58.677616] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 58.693901] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 58.701525] team0: Port device team_slave_0 added [ 58.714589] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 58.722852] team0: Port device team_slave_0 added [ 58.730349] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 58.744427] team0: Port device team_slave_0 added [ 58.765282] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 58.774669] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 58.787829] team0: Port device team_slave_1 added [ 58.802642] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 58.810247] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 58.824073] team0: Port device team_slave_0 added [ 58.842843] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 58.859642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 58.874836] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 58.883491] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 58.891231] team0: Port device team_slave_0 added [ 58.911092] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 58.924666] team0: Port device team_slave_1 added [ 58.934197] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 58.948429] team0: Port device team_slave_1 added [ 58.960948] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 58.971677] team0: Port device team_slave_0 added [ 58.982589] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 58.991382] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.010481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.028612] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 59.044907] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 59.052182] team0: Port device team_slave_1 added [ 59.058734] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 59.065897] team0: Port device team_slave_1 added [ 59.079291] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 59.092899] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 59.118764] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.153480] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.165939] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 59.180385] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 59.189770] team0: Port device team_slave_1 added [ 59.198860] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 59.218471] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.231656] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.254765] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.270365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 59.279310] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.291995] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 59.299410] team0: Port device team_slave_0 added [ 59.310603] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 59.321771] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 59.328635] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 59.340785] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 59.365576] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 59.379587] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 59.389169] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 59.397489] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 59.405298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 59.415762] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.423403] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 59.431667] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 59.442699] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 59.453235] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 59.464440] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 59.471374] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.491453] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 59.516342] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.531663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 59.539440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 59.547251] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 59.554995] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 59.562112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.570293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 59.580609] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 59.594670] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 59.604758] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 59.612607] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.640812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 59.661515] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 59.681597] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 59.694789] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.702637] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 59.710996] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 59.718586] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.726531] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 59.734957] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 59.742382] team0: Port device team_slave_1 added [ 59.750389] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 59.759216] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 59.766276] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.781226] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 59.794246] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.809602] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 59.822718] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 59.829818] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.839566] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 59.857737] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 59.870705] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 59.880639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 59.891286] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.908457] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.922882] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 59.977170] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 59.984345] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.000953] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 60.030324] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 60.037251] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 60.046466] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 60.164940] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 60.172288] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.185592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 60.328913] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 60.343730] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.358662] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 60.937176] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.943728] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.950774] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.957149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.985272] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 61.151062] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.157480] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.164163] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.170546] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.209468] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 61.216512] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.222876] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.229518] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.235889] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.247857] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 61.268507] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.274898] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.281548] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.287933] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.333007] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 61.339578] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 61.347858] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 61.356507] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 61.364496] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 61.373852] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.380633] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.387235] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.393574] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.401707] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 61.419127] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.425512] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.432193] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.438573] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.493627] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 61.586152] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.592581] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.599210] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.605578] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.629490] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 61.750109] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.756528] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.763195] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.769579] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.777869] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 62.371106] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 62.386611] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 62.404869] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 62.422322] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 66.065253] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.256971] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.331700] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.379054] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.468053] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.497970] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.531782] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 66.668468] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.737431] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 66.814065] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 66.888887] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 66.895833] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 66.958506] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 67.018672] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 67.024961] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 67.036949] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 67.069653] 8021q: adding VLAN 0 to HW filter on device bond0 [ 67.195849] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 67.204548] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 67.210770] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 67.218220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 67.273447] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 67.279818] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 67.290519] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 67.430358] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 67.439109] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 67.449898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 67.464803] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 67.478607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 67.492496] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 67.509587] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 67.517579] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 67.540497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 67.557369] 8021q: adding VLAN 0 to HW filter on device team0 [ 67.673665] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 67.704479] 8021q: adding VLAN 0 to HW filter on device team0 [ 67.747964] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 67.754190] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 67.764377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 67.809903] 8021q: adding VLAN 0 to HW filter on device team0 [ 67.930406] 8021q: adding VLAN 0 to HW filter on device team0 [ 67.964059] 8021q: adding VLAN 0 to HW filter on device team0 [ 67.981345] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.154913] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 68.161192] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 68.170765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.311456] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.709492] 8021q: adding VLAN 0 to HW filter on device team0 2018/04/21 01:47:18 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000340)) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000003c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) 2018/04/21 01:47:18 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000340)) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000003c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) 2018/04/21 01:47:18 executing program 3: perf_event_open(&(0x7f0000348f88)={0x2, 0x2c9, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000e23000), &(0x7f0000000000), &(0x7f000057d000), &(0x7f0000a06000)) [ 71.251644] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 71.259899] netlink: 'syz-executor1': attribute type 1 has an invalid length. 2018/04/21 01:47:19 executing program 4: r0 = syz_open_dev$usbmon(&(0x7f0000bf5ff3)='/dev/usbmon#\x00', 0x0, 0x0) preadv(r0, &(0x7f0000215fc0)=[{&(0x7f000087ef6a)=""/1, 0x1}], 0x1, 0x0) preadv(r0, &(0x7f00000000c0)=[{&(0x7f00002ac000)=""/106, 0x6a}], 0x100000000000025a, 0x0) timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080)) r1 = getpgid(0x0) tkill(r1, 0x15) 2018/04/21 01:47:19 executing program 3: perf_event_open(&(0x7f0000348f88)={0x2, 0x2c9, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000e23000), &(0x7f0000000000), &(0x7f000057d000), &(0x7f0000a06000)) 2018/04/21 01:47:19 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000000000/0xff7000)=nil, 0xff7000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000000)) 2018/04/21 01:47:19 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x40, r1, 0x601, 0x0, 0x0, {0x1}, [@IPVS_CMD_ATTR_SERVICE={0x2c, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0xc, 0x6, 'lblc\x00'}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5}]}]}, 0x40}, 0x1}, 0x0) 2018/04/21 01:47:19 executing program 6: perf_event_open(&(0x7f0000220000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r0, &(0x7f0000dc0000)=[{&(0x7f000094a000)=""/4096, 0x1224}], 0x1) dup2(r0, r1) 2018/04/21 01:47:19 executing program 5: r0 = socket(0x18, 0x0, 0x1) sendmmsg(0xffffffffffffffff, &(0x7f0000004fc4)=[{{&(0x7f0000003000)=@in6={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}, 0x80, &(0x7f0000004fa0)=[{&(0x7f0000002000)="4c5614c00401a0dbf8a669ebdedd102c4f7a79e606457dfdf09e2ec2ed253b", 0x1f}], 0x1, &(0x7f0000002d30)}}], 0x1, 0x0) connect(r0, &(0x7f0000002000)=@sco={0x1f, {0x1}}, 0x26) getsockopt$sock_buf(r0, 0x1, 0x1c, &(0x7f00000000c0)=""/20, &(0x7f0000000100)=0x14) 2018/04/21 01:47:19 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f0000bf5ff3)='/dev/usbmon#\x00', 0x0, 0x0) preadv(r0, &(0x7f0000215fc0)=[{&(0x7f000087ef6a)=""/1, 0x1}], 0x1, 0x0) preadv(r0, &(0x7f00000000c0)=[{&(0x7f00002ac000)=""/106, 0x6a}], 0x100000000000025a, 0x0) timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080)) r1 = getpgid(0x0) tkill(r1, 0x15) 2018/04/21 01:47:19 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000340)) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000003c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) [ 71.489763] netlink: 'syz-executor1': attribute type 1 has an invalid length. 2018/04/21 01:47:20 executing program 5: r0 = socket(0x18, 0x0, 0x1) sendmmsg(0xffffffffffffffff, &(0x7f0000004fc4)=[{{&(0x7f0000003000)=@in6={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}, 0x80, &(0x7f0000004fa0)=[{&(0x7f0000002000)="4c5614c00401a0dbf8a669ebdedd102c4f7a79e606457dfdf09e2ec2ed253b", 0x1f}], 0x1, &(0x7f0000002d30)}}], 0x1, 0x0) connect(r0, &(0x7f0000002000)=@sco={0x1f, {0x1}}, 0x26) getsockopt$sock_buf(r0, 0x1, 0x1c, &(0x7f00000000c0)=""/20, &(0x7f0000000100)=0x14) 2018/04/21 01:47:20 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000000000/0xff7000)=nil, 0xff7000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000000)) 2018/04/21 01:47:20 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x40, r1, 0x601, 0x0, 0x0, {0x1}, [@IPVS_CMD_ATTR_SERVICE={0x2c, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0xc, 0x6, 'lblc\x00'}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5}]}]}, 0x40}, 0x1}, 0x0) 2018/04/21 01:47:20 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000bf5ff3)='/dev/usbmon#\x00', 0x0, 0x0) preadv(r0, &(0x7f0000215fc0)=[{&(0x7f000087ef6a)=""/1, 0x1}], 0x1, 0x0) preadv(r0, &(0x7f00000000c0)=[{&(0x7f00002ac000)=""/106, 0x6a}], 0x100000000000025a, 0x0) timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080)) r1 = getpgid(0x0) tkill(r1, 0x15) 2018/04/21 01:47:20 executing program 3: perf_event_open(&(0x7f0000348f88)={0x2, 0x2c9, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000e23000), &(0x7f0000000000), &(0x7f000057d000), &(0x7f0000a06000)) 2018/04/21 01:47:20 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f0000bf5ff3)='/dev/usbmon#\x00', 0x0, 0x0) preadv(r0, &(0x7f0000215fc0)=[{&(0x7f000087ef6a)=""/1, 0x1}], 0x1, 0x0) preadv(r0, &(0x7f00000000c0)=[{&(0x7f00002ac000)=""/106, 0x6a}], 0x100000000000025a, 0x0) timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080)) r1 = getpgid(0x0) tkill(r1, 0x15) 2018/04/21 01:47:20 executing program 4: r0 = syz_open_dev$usbmon(&(0x7f0000bf5ff3)='/dev/usbmon#\x00', 0x0, 0x0) preadv(r0, &(0x7f0000215fc0)=[{&(0x7f000087ef6a)=""/1, 0x1}], 0x1, 0x0) preadv(r0, &(0x7f00000000c0)=[{&(0x7f00002ac000)=""/106, 0x6a}], 0x100000000000025a, 0x0) timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080)) r1 = getpgid(0x0) tkill(r1, 0x15) 2018/04/21 01:47:20 executing program 6: perf_event_open(&(0x7f0000220000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r0, &(0x7f0000dc0000)=[{&(0x7f000094a000)=""/4096, 0x1224}], 0x1) dup2(r0, r1) 2018/04/21 01:47:20 executing program 5: r0 = socket(0x18, 0x0, 0x1) sendmmsg(0xffffffffffffffff, &(0x7f0000004fc4)=[{{&(0x7f0000003000)=@in6={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}, 0x80, &(0x7f0000004fa0)=[{&(0x7f0000002000)="4c5614c00401a0dbf8a669ebdedd102c4f7a79e606457dfdf09e2ec2ed253b", 0x1f}], 0x1, &(0x7f0000002d30)}}], 0x1, 0x0) connect(r0, &(0x7f0000002000)=@sco={0x1f, {0x1}}, 0x26) getsockopt$sock_buf(r0, 0x1, 0x1c, &(0x7f00000000c0)=""/20, &(0x7f0000000100)=0x14) [ 72.394171] netlink: 'syz-executor1': attribute type 1 has an invalid length. 2018/04/21 01:47:20 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x40, r1, 0x601, 0x0, 0x0, {0x1}, [@IPVS_CMD_ATTR_SERVICE={0x2c, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0xc, 0x6, 'lblc\x00'}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5}]}]}, 0x40}, 0x1}, 0x0) 2018/04/21 01:47:20 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000000000/0xff7000)=nil, 0xff7000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000000)) 2018/04/21 01:47:20 executing program 3: perf_event_open(&(0x7f0000348f88)={0x2, 0x2c9, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000e23000), &(0x7f0000000000), &(0x7f000057d000), &(0x7f0000a06000)) 2018/04/21 01:47:20 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000340)) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000003c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) [ 72.528496] netlink: 'syz-executor1': attribute type 1 has an invalid length. 2018/04/21 01:47:20 executing program 1: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r0, 0x89b0, &(0x7f0000000000)={'sit0\x00', @ifru_hwaddr=@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}}) 2018/04/21 01:47:20 executing program 7: open(&(0x7f0000000000)='./bus\x00', 0x100000141842, 0x0) syz_mount_image$ntfs(&(0x7f0000000440)='ntfs\x00', &(0x7f0000000480)='./bus\x00', 0x0, 0x0, &(0x7f00000006c0), 0x1000, &(0x7f0000000740)=ANY=[]) r0 = open(&(0x7f0000002000)='./bus\x00', 0x0, 0x0) syz_mount_image$hfs(&(0x7f0000000080)='hfs\x00', &(0x7f0000000100)='./bus\x00', 0x0, 0x0, &(0x7f0000000340), 0x0, &(0x7f0000000780)=ANY=[]) ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x6a) 2018/04/21 01:47:20 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000340)) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000003c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) 2018/04/21 01:47:20 executing program 3: perf_event_open(&(0x7f0000348f88)={0x2, 0x2c9, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000e23000), &(0x7f0000000000), &(0x7f000057d000), &(0x7f0000a06000)) [ 72.759817] hfs: can't find a HFS filesystem on dev loop7 2018/04/21 01:47:21 executing program 1: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r0, 0x89b0, &(0x7f0000000000)={'sit0\x00', @ifru_hwaddr=@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}}) 2018/04/21 01:47:21 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000340)) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000003c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) 2018/04/21 01:47:21 executing program 7: open(&(0x7f0000000000)='./bus\x00', 0x100000141842, 0x0) syz_mount_image$ntfs(&(0x7f0000000440)='ntfs\x00', &(0x7f0000000480)='./bus\x00', 0x0, 0x0, &(0x7f00000006c0), 0x1000, &(0x7f0000000740)=ANY=[]) r0 = open(&(0x7f0000002000)='./bus\x00', 0x0, 0x0) syz_mount_image$hfs(&(0x7f0000000080)='hfs\x00', &(0x7f0000000100)='./bus\x00', 0x0, 0x0, &(0x7f0000000340), 0x0, &(0x7f0000000780)=ANY=[]) ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x6a) 2018/04/21 01:47:21 executing program 3: perf_event_open(&(0x7f0000348f88)={0x2, 0x2c9, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000e23000), &(0x7f0000000000), &(0x7f000057d000), &(0x7f0000a06000)) 2018/04/21 01:47:21 executing program 6: perf_event_open(&(0x7f0000220000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r0, &(0x7f0000dc0000)=[{&(0x7f000094a000)=""/4096, 0x1224}], 0x1) dup2(r0, r1) 2018/04/21 01:47:21 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f0000bf5ff3)='/dev/usbmon#\x00', 0x0, 0x0) preadv(r0, &(0x7f0000215fc0)=[{&(0x7f000087ef6a)=""/1, 0x1}], 0x1, 0x0) preadv(r0, &(0x7f00000000c0)=[{&(0x7f00002ac000)=""/106, 0x6a}], 0x100000000000025a, 0x0) timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080)) r1 = getpgid(0x0) tkill(r1, 0x15) 2018/04/21 01:47:21 executing program 4: r0 = syz_open_dev$usbmon(&(0x7f0000bf5ff3)='/dev/usbmon#\x00', 0x0, 0x0) preadv(r0, &(0x7f0000215fc0)=[{&(0x7f000087ef6a)=""/1, 0x1}], 0x1, 0x0) preadv(r0, &(0x7f00000000c0)=[{&(0x7f00002ac000)=""/106, 0x6a}], 0x100000000000025a, 0x0) timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080)) r1 = getpgid(0x0) tkill(r1, 0x15) 2018/04/21 01:47:21 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000bf5ff3)='/dev/usbmon#\x00', 0x0, 0x0) preadv(r0, &(0x7f0000215fc0)=[{&(0x7f000087ef6a)=""/1, 0x1}], 0x1, 0x0) preadv(r0, &(0x7f00000000c0)=[{&(0x7f00002ac000)=""/106, 0x6a}], 0x100000000000025a, 0x0) timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080)) r1 = getpgid(0x0) tkill(r1, 0x15) 2018/04/21 01:47:21 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)="2e2f6367726f7570000478d081", 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000001c0)='pids.max\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x1e4) 2018/04/21 01:47:21 executing program 1: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r0, 0x89b0, &(0x7f0000000000)={'sit0\x00', @ifru_hwaddr=@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}}) [ 73.328700] hfs: can't find a HFS filesystem on dev loop7 2018/04/21 01:47:21 executing program 7: open(&(0x7f0000000000)='./bus\x00', 0x100000141842, 0x0) syz_mount_image$ntfs(&(0x7f0000000440)='ntfs\x00', &(0x7f0000000480)='./bus\x00', 0x0, 0x0, &(0x7f00000006c0), 0x1000, &(0x7f0000000740)=ANY=[]) r0 = open(&(0x7f0000002000)='./bus\x00', 0x0, 0x0) syz_mount_image$hfs(&(0x7f0000000080)='hfs\x00', &(0x7f0000000100)='./bus\x00', 0x0, 0x0, &(0x7f0000000340), 0x0, &(0x7f0000000780)=ANY=[]) ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x6a) 2018/04/21 01:47:21 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)="2e2f6367726f7570000478d081", 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000001c0)='pids.max\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x1e4) 2018/04/21 01:47:21 executing program 1: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r0, 0x89b0, &(0x7f0000000000)={'sit0\x00', @ifru_hwaddr=@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}}) 2018/04/21 01:47:21 executing program 3: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f0000000100)='./control/file0\x00') rmdir(&(0x7f000015dff6)='./control\x00') mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(r0) [ 73.481425] hfs: can't find a HFS filesystem on dev loop7 2018/04/21 01:47:22 executing program 4: r0 = memfd_create(&(0x7f0000000000)=',cpuset\x00', 0x0) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000040)=0x4) read$eventfd(r0, &(0x7f00000002c0), 0x8) 2018/04/21 01:47:22 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)="2e2f6367726f7570000478d081", 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000001c0)='pids.max\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x1e4) 2018/04/21 01:47:22 executing program 7: open(&(0x7f0000000000)='./bus\x00', 0x100000141842, 0x0) syz_mount_image$ntfs(&(0x7f0000000440)='ntfs\x00', &(0x7f0000000480)='./bus\x00', 0x0, 0x0, &(0x7f00000006c0), 0x1000, &(0x7f0000000740)=ANY=[]) r0 = open(&(0x7f0000002000)='./bus\x00', 0x0, 0x0) syz_mount_image$hfs(&(0x7f0000000080)='hfs\x00', &(0x7f0000000100)='./bus\x00', 0x0, 0x0, &(0x7f0000000340), 0x0, &(0x7f0000000780)=ANY=[]) ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x6a) 2018/04/21 01:47:22 executing program 1: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f0000000100)='./control/file0\x00') rmdir(&(0x7f000015dff6)='./control\x00') mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(r0) 2018/04/21 01:47:22 executing program 0: perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = timerfd_create(0x8, 0x0) timerfd_settime(r0, 0x3, &(0x7f0000005000)={{0x0, 0x4}}, &(0x7f00002df000)) 2018/04/21 01:47:22 executing program 6: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) bind$bt_l2cap(r0, &(0x7f00000000c0)={0x1f}, 0xe) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x0, 0x31, 0xffffffffffffffff, 0x0) setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000040), 0x4) 2018/04/21 01:47:22 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000bf5ff3)='/dev/usbmon#\x00', 0x0, 0x0) preadv(r0, &(0x7f0000215fc0)=[{&(0x7f000087ef6a)=""/1, 0x1}], 0x1, 0x0) preadv(r0, &(0x7f00000000c0)=[{&(0x7f00002ac000)=""/106, 0x6a}], 0x100000000000025a, 0x0) timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080)) r1 = getpgid(0x0) tkill(r1, 0x15) 2018/04/21 01:47:22 executing program 3: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f0000000100)='./control/file0\x00') rmdir(&(0x7f000015dff6)='./control\x00') mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(r0) 2018/04/21 01:47:22 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)="2e2f6367726f7570000478d081", 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000001c0)='pids.max\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x1e4) 2018/04/21 01:47:22 executing program 4: r0 = memfd_create(&(0x7f0000000000)=',cpuset\x00', 0x0) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000040)=0x4) read$eventfd(r0, &(0x7f00000002c0), 0x8) 2018/04/21 01:47:22 executing program 6: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) bind$bt_l2cap(r0, &(0x7f00000000c0)={0x1f}, 0xe) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x0, 0x31, 0xffffffffffffffff, 0x0) setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000040), 0x4) [ 74.591438] hfs: can't find a HFS filesystem on dev loop7 2018/04/21 01:47:22 executing program 0: perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = timerfd_create(0x8, 0x0) timerfd_settime(r0, 0x3, &(0x7f0000005000)={{0x0, 0x4}}, &(0x7f00002df000)) 2018/04/21 01:47:22 executing program 7: perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = timerfd_create(0x8, 0x0) timerfd_settime(r0, 0x3, &(0x7f0000005000)={{0x0, 0x4}}, &(0x7f00002df000)) 2018/04/21 01:47:22 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f0000000100)='./control/file0\x00') rmdir(&(0x7f000015dff6)='./control\x00') mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(r0) 2018/04/21 01:47:22 executing program 4: r0 = memfd_create(&(0x7f0000000000)=',cpuset\x00', 0x0) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000040)=0x4) read$eventfd(r0, &(0x7f00000002c0), 0x8) 2018/04/21 01:47:22 executing program 6: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) bind$bt_l2cap(r0, &(0x7f00000000c0)={0x1f}, 0xe) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x0, 0x31, 0xffffffffffffffff, 0x0) setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000040), 0x4) 2018/04/21 01:47:22 executing program 0: perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = timerfd_create(0x8, 0x0) timerfd_settime(r0, 0x3, &(0x7f0000005000)={{0x0, 0x4}}, &(0x7f00002df000)) 2018/04/21 01:47:23 executing program 4: r0 = memfd_create(&(0x7f0000000000)=',cpuset\x00', 0x0) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000040)=0x4) read$eventfd(r0, &(0x7f00000002c0), 0x8) 2018/04/21 01:47:23 executing program 7: perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = timerfd_create(0x8, 0x0) timerfd_settime(r0, 0x3, &(0x7f0000005000)={{0x0, 0x4}}, &(0x7f00002df000)) 2018/04/21 01:47:23 executing program 6: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) bind$bt_l2cap(r0, &(0x7f00000000c0)={0x1f}, 0xe) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x0, 0x31, 0xffffffffffffffff, 0x0) setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000040), 0x4) 2018/04/21 01:47:23 executing program 0: perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = timerfd_create(0x8, 0x0) timerfd_settime(r0, 0x3, &(0x7f0000005000)={{0x0, 0x4}}, &(0x7f00002df000)) 2018/04/21 01:47:23 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x400452c9, &(0x7f00000001c0)={"736fff6b5ff4edac5b4dcccd00004000"}) 2018/04/21 01:47:23 executing program 1: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f0000000100)='./control/file0\x00') rmdir(&(0x7f000015dff6)='./control\x00') mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(r0) 2018/04/21 01:47:23 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f0000000100)='./control/file0\x00') rmdir(&(0x7f000015dff6)='./control\x00') mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(r0) 2018/04/21 01:47:23 executing program 3: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f0000000100)='./control/file0\x00') rmdir(&(0x7f000015dff6)='./control\x00') mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(r0) 2018/04/21 01:47:23 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000380)=[@textreal={0x8, &(0x7f0000000300)="f30f6fbe01a9653e0f0766b9690a00000f3226f326260f0f3e5084ae66b9800000c00f326635000800000f30f30f218eb800068ed00f01df640f38f16cffb810058ed0", 0x43}], 0x1, 0x0, &(0x7f00000003c0), 0x0) pipe2(&(0x7f0000e3eff8)={0x0, 0x0}, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000080), 0xfffffffffffffcc2, 0x0, &(0x7f0000000100)={0x2, 0x4e20, @rand_addr}, 0xa) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, &(0x7f0000000140)={'security\x00', 0x2, [{}, {}]}, 0x48) r4 = dup3(r3, r2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000decfe0)={0x10005, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SMI(r3, 0xaeb7) add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a}, &(0x7f0000000400), 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000500)="0f005c0666b8ef0000000f23d00f21f86635300000010f23f866b9770b000066b80000008066ba000000000f30f20f35f30f1bcff4650f01cabaf80c66b8c261a58266efbafc0cb874daef0f236d0f32", 0x50}], 0x0, 0x0, &(0x7f0000000040), 0xffffe1e) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2018/04/21 01:47:23 executing program 6: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f0000004fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0x40084146, &(0x7f000000cff3)) 2018/04/21 01:47:23 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x400452c9, &(0x7f00000001c0)={"736fff6b5ff4edac5b4dcccd00004000"}) 2018/04/21 01:47:23 executing program 0: mmap(&(0x7f0000000000/0xfd4000)=nil, 0xfd4000, 0x0, 0x40000000000031, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f00000001c0)) 2018/04/21 01:47:23 executing program 7: perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = timerfd_create(0x8, 0x0) timerfd_settime(r0, 0x3, &(0x7f0000005000)={{0x0, 0x4}}, &(0x7f00002df000)) 2018/04/21 01:47:23 executing program 6: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f0000004fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0x40084146, &(0x7f000000cff3)) 2018/04/21 01:47:23 executing program 0: mmap(&(0x7f0000000000/0xfd4000)=nil, 0xfd4000, 0x0, 0x40000000000031, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f00000001c0)) 2018/04/21 01:47:23 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x400452c9, &(0x7f00000001c0)={"736fff6b5ff4edac5b4dcccd00004000"}) 2018/04/21 01:47:23 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000024000)={0x10}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x1c, 0x20000032, 0x201, 0x0, 0x0, {}, [@nested={0x8, 0x1, [@typed={0x4, 0x1, @binary}]}]}, 0x1c}, 0x1}, 0x0) 2018/04/21 01:47:23 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000380)=[@textreal={0x8, &(0x7f0000000300)="f30f6fbe01a9653e0f0766b9690a00000f3226f326260f0f3e5084ae66b9800000c00f326635000800000f30f30f218eb800068ed00f01df640f38f16cffb810058ed0", 0x43}], 0x1, 0x0, &(0x7f00000003c0), 0x0) pipe2(&(0x7f0000e3eff8)={0x0, 0x0}, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000080), 0xfffffffffffffcc2, 0x0, &(0x7f0000000100)={0x2, 0x4e20, @rand_addr}, 0xa) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, &(0x7f0000000140)={'security\x00', 0x2, [{}, {}]}, 0x48) r4 = dup3(r3, r2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000decfe0)={0x10005, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SMI(r3, 0xaeb7) add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a}, &(0x7f0000000400), 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000500)="0f005c0666b8ef0000000f23d00f21f86635300000010f23f866b9770b000066b80000008066ba000000000f30f20f35f30f1bcff4650f01cabaf80c66b8c261a58266efbafc0cb874daef0f236d0f32", 0x50}], 0x0, 0x0, &(0x7f0000000040), 0xffffe1e) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 76.066846] tc_dump_action: action bad kind 2018/04/21 01:47:24 executing program 6: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f0000004fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0x40084146, &(0x7f000000cff3)) 2018/04/21 01:47:24 executing program 0: mmap(&(0x7f0000000000/0xfd4000)=nil, 0xfd4000, 0x0, 0x40000000000031, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f00000001c0)) 2018/04/21 01:47:24 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x400452c9, &(0x7f00000001c0)={"736fff6b5ff4edac5b4dcccd00004000"}) 2018/04/21 01:47:24 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000024000)={0x10}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x1c, 0x20000032, 0x201, 0x0, 0x0, {}, [@nested={0x8, 0x1, [@typed={0x4, 0x1, @binary}]}]}, 0x1c}, 0x1}, 0x0) 2018/04/21 01:47:24 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000380)=[@textreal={0x8, &(0x7f0000000300)="f30f6fbe01a9653e0f0766b9690a00000f3226f326260f0f3e5084ae66b9800000c00f326635000800000f30f30f218eb800068ed00f01df640f38f16cffb810058ed0", 0x43}], 0x1, 0x0, &(0x7f00000003c0), 0x0) pipe2(&(0x7f0000e3eff8)={0x0, 0x0}, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000080), 0xfffffffffffffcc2, 0x0, &(0x7f0000000100)={0x2, 0x4e20, @rand_addr}, 0xa) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, &(0x7f0000000140)={'security\x00', 0x2, [{}, {}]}, 0x48) r4 = dup3(r3, r2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000decfe0)={0x10005, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SMI(r3, 0xaeb7) add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a}, &(0x7f0000000400), 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000500)="0f005c0666b8ef0000000f23d00f21f86635300000010f23f866b9770b000066b80000008066ba000000000f30f20f35f30f1bcff4650f01cabaf80c66b8c261a58266efbafc0cb874daef0f236d0f32", 0x50}], 0x0, 0x0, &(0x7f0000000040), 0xffffe1e) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2018/04/21 01:47:24 executing program 1: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f0000000100)='./control/file0\x00') rmdir(&(0x7f000015dff6)='./control\x00') mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(r0) 2018/04/21 01:47:24 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f0000000100)='./control/file0\x00') rmdir(&(0x7f000015dff6)='./control\x00') mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(r0) 2018/04/21 01:47:24 executing program 3: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f0000000100)='./control/file0\x00') rmdir(&(0x7f000015dff6)='./control\x00') mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(r0) [ 76.742373] tc_dump_action: action bad kind 2018/04/21 01:47:24 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000024000)={0x10}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x1c, 0x20000032, 0x201, 0x0, 0x0, {}, [@nested={0x8, 0x1, [@typed={0x4, 0x1, @binary}]}]}, 0x1c}, 0x1}, 0x0) 2018/04/21 01:47:24 executing program 0: mmap(&(0x7f0000000000/0xfd4000)=nil, 0xfd4000, 0x0, 0x40000000000031, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f00000001c0)) 2018/04/21 01:47:24 executing program 6: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f0000004fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0x40084146, &(0x7f000000cff3)) 2018/04/21 01:47:24 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000380)=[@textreal={0x8, &(0x7f0000000300)="f30f6fbe01a9653e0f0766b9690a00000f3226f326260f0f3e5084ae66b9800000c00f326635000800000f30f30f218eb800068ed00f01df640f38f16cffb810058ed0", 0x43}], 0x1, 0x0, &(0x7f00000003c0), 0x0) pipe2(&(0x7f0000e3eff8)={0x0, 0x0}, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000080), 0xfffffffffffffcc2, 0x0, &(0x7f0000000100)={0x2, 0x4e20, @rand_addr}, 0xa) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, &(0x7f0000000140)={'security\x00', 0x2, [{}, {}]}, 0x48) r4 = dup3(r3, r2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000decfe0)={0x10005, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SMI(r3, 0xaeb7) add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a}, &(0x7f0000000400), 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000500)="0f005c0666b8ef0000000f23d00f21f86635300000010f23f866b9770b000066b80000008066ba000000000f30f20f35f30f1bcff4650f01cabaf80c66b8c261a58266efbafc0cb874daef0f236d0f32", 0x50}], 0x0, 0x0, &(0x7f0000000040), 0xffffe1e) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 76.843525] tc_dump_action: action bad kind 2018/04/21 01:47:24 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000380)=[@textreal={0x8, &(0x7f0000000300)="f30f6fbe01a9653e0f0766b9690a00000f3226f326260f0f3e5084ae66b9800000c00f326635000800000f30f30f218eb800068ed00f01df640f38f16cffb810058ed0", 0x43}], 0x1, 0x0, &(0x7f00000003c0), 0x0) pipe2(&(0x7f0000e3eff8)={0x0, 0x0}, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000080), 0xfffffffffffffcc2, 0x0, &(0x7f0000000100)={0x2, 0x4e20, @rand_addr}, 0xa) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, &(0x7f0000000140)={'security\x00', 0x2, [{}, {}]}, 0x48) r4 = dup3(r3, r2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000decfe0)={0x10005, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SMI(r3, 0xaeb7) add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a}, &(0x7f0000000400), 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000500)="0f005c0666b8ef0000000f23d00f21f86635300000010f23f866b9770b000066b80000008066ba000000000f30f20f35f30f1bcff4650f01cabaf80c66b8c261a58266efbafc0cb874daef0f236d0f32", 0x50}], 0x0, 0x0, &(0x7f0000000040), 0xffffe1e) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2018/04/21 01:47:24 executing program 6: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000380)=[@textreal={0x8, &(0x7f0000000300)="f30f6fbe01a9653e0f0766b9690a00000f3226f326260f0f3e5084ae66b9800000c00f326635000800000f30f30f218eb800068ed00f01df640f38f16cffb810058ed0", 0x43}], 0x1, 0x0, &(0x7f00000003c0), 0x0) pipe2(&(0x7f0000e3eff8)={0x0, 0x0}, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000080), 0xfffffffffffffcc2, 0x0, &(0x7f0000000100)={0x2, 0x4e20, @rand_addr}, 0xa) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, &(0x7f0000000140)={'security\x00', 0x2, [{}, {}]}, 0x48) r4 = dup3(r3, r2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000decfe0)={0x10005, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SMI(r3, 0xaeb7) add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a}, &(0x7f0000000400), 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000500)="0f005c0666b8ef0000000f23d00f21f86635300000010f23f866b9770b000066b80000008066ba000000000f30f20f35f30f1bcff4650f01cabaf80c66b8c261a58266efbafc0cb874daef0f236d0f32", 0x50}], 0x0, 0x0, &(0x7f0000000040), 0xffffe1e) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2018/04/21 01:47:24 executing program 0: sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="5fb88c750196077aa3214bebc13f7d74ad4d9320611cf5a33f2a3f09e1c926359dcfe20001c781cb67f79cb0c6f5f4bf8ed60dce2176c22a20b22b9b24172b5569ec67906e7df93b05b19ba5360f2eab62812070fc181a2483366595113b240804d882a7dcd7ac4ba53e06d02558968b978122716d1823dcc7d40155c1bc1e8433f5ba15f5ee48c0ca941fce872e497d1377e2a5bde956f003caaf58c7520f82d7346c266e8ea70dab3bb7af6d78602a31ab8d232b07f6e3ef524b552ed88a1b1c02bc89f4f671855d40a2c1c173d4bb121bc86270c32d39c4c0d09a29b8983169914d8df86417a802b772bb638f72ccdcbb46267b5751816c77b6739f484292d5ca5e1bc4efee06f4e07e6a795faee2af27a8f21298055806494ee0e961cd5bd077bd7756f9e39dd3abdbe5c598cc5cbd44c5c319af923fbc4731545ff134749c2f42ee8454bf33ef309a6323dc847676d5be2fcb9abc717fc1e29396943ec0e264a80d64ca66ef2c42a57112a8a146097d9f4256ef6e6fd73be26e9a5f79b21dae42066d9cf4441021d64a2d6fd61c7ea709948d4be380e0fa4b76dff6aeef45", 0x1a1, 0x0, &(0x7f0000001000)={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_ifreq(r0, 0x89f3, &(0x7f0000000200)={'ip_vti0\x00', @ifru_data=&(0x7f0000000180)="d61a072afa6a2e6e9105a65cf0b08be4d57565e1a85eff283ee23d954743a2e3"}) 2018/04/21 01:47:24 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000024000)={0x10}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x1c, 0x20000032, 0x201, 0x0, 0x0, {}, [@nested={0x8, 0x1, [@typed={0x4, 0x1, @binary}]}]}, 0x1c}, 0x1}, 0x0) [ 76.967666] tc_dump_action: action bad kind 2018/04/21 01:47:25 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000380)=[@textreal={0x8, &(0x7f0000000300)="f30f6fbe01a9653e0f0766b9690a00000f3226f326260f0f3e5084ae66b9800000c00f326635000800000f30f30f218eb800068ed00f01df640f38f16cffb810058ed0", 0x43}], 0x1, 0x0, &(0x7f00000003c0), 0x0) pipe2(&(0x7f0000e3eff8)={0x0, 0x0}, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000080), 0xfffffffffffffcc2, 0x0, &(0x7f0000000100)={0x2, 0x4e20, @rand_addr}, 0xa) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, &(0x7f0000000140)={'security\x00', 0x2, [{}, {}]}, 0x48) r4 = dup3(r3, r2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000decfe0)={0x10005, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SMI(r3, 0xaeb7) add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a}, &(0x7f0000000400), 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000500)="0f005c0666b8ef0000000f23d00f21f86635300000010f23f866b9770b000066b80000008066ba000000000f30f20f35f30f1bcff4650f01cabaf80c66b8c261a58266efbafc0cb874daef0f236d0f32", 0x50}], 0x0, 0x0, &(0x7f0000000040), 0xffffe1e) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2018/04/21 01:47:25 executing program 7: r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGSW(r0, 0x8040451b, &(0x7f0000000140)=""/108) 2018/04/21 01:47:25 executing program 0: sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="5fb88c750196077aa3214bebc13f7d74ad4d9320611cf5a33f2a3f09e1c926359dcfe20001c781cb67f79cb0c6f5f4bf8ed60dce2176c22a20b22b9b24172b5569ec67906e7df93b05b19ba5360f2eab62812070fc181a2483366595113b240804d882a7dcd7ac4ba53e06d02558968b978122716d1823dcc7d40155c1bc1e8433f5ba15f5ee48c0ca941fce872e497d1377e2a5bde956f003caaf58c7520f82d7346c266e8ea70dab3bb7af6d78602a31ab8d232b07f6e3ef524b552ed88a1b1c02bc89f4f671855d40a2c1c173d4bb121bc86270c32d39c4c0d09a29b8983169914d8df86417a802b772bb638f72ccdcbb46267b5751816c77b6739f484292d5ca5e1bc4efee06f4e07e6a795faee2af27a8f21298055806494ee0e961cd5bd077bd7756f9e39dd3abdbe5c598cc5cbd44c5c319af923fbc4731545ff134749c2f42ee8454bf33ef309a6323dc847676d5be2fcb9abc717fc1e29396943ec0e264a80d64ca66ef2c42a57112a8a146097d9f4256ef6e6fd73be26e9a5f79b21dae42066d9cf4441021d64a2d6fd61c7ea709948d4be380e0fa4b76dff6aeef45", 0x1a1, 0x0, &(0x7f0000001000)={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_ifreq(r0, 0x89f3, &(0x7f0000000200)={'ip_vti0\x00', @ifru_data=&(0x7f0000000180)="d61a072afa6a2e6e9105a65cf0b08be4d57565e1a85eff283ee23d954743a2e3"}) 2018/04/21 01:47:25 executing program 6: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000380)=[@textreal={0x8, &(0x7f0000000300)="f30f6fbe01a9653e0f0766b9690a00000f3226f326260f0f3e5084ae66b9800000c00f326635000800000f30f30f218eb800068ed00f01df640f38f16cffb810058ed0", 0x43}], 0x1, 0x0, &(0x7f00000003c0), 0x0) pipe2(&(0x7f0000e3eff8)={0x0, 0x0}, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000080), 0xfffffffffffffcc2, 0x0, &(0x7f0000000100)={0x2, 0x4e20, @rand_addr}, 0xa) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, &(0x7f0000000140)={'security\x00', 0x2, [{}, {}]}, 0x48) r4 = dup3(r3, r2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000decfe0)={0x10005, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SMI(r3, 0xaeb7) add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a}, &(0x7f0000000400), 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000500)="0f005c0666b8ef0000000f23d00f21f86635300000010f23f866b9770b000066b80000008066ba000000000f30f20f35f30f1bcff4650f01cabaf80c66b8c261a58266efbafc0cb874daef0f236d0f32", 0x50}], 0x0, 0x0, &(0x7f0000000040), 0xffffe1e) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2018/04/21 01:47:25 executing program 4: r0 = socket$nl_xfrm(0xa, 0x5, 0x84) getsockopt$bt_hci(r0, 0x84, 0x7a, &(0x7f0000000080)=""/4096, &(0x7f0000001080)=0x3) 2018/04/21 01:47:25 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x0, 0x1, &(0x7f0000001fe8)=ANY=[@ANYBLOB="e970b56804b3747cc7"], &(0x7f0000003ff6)='syzkaller\x00', 0x0, 0xc3, &(0x7f0000009f3d)=""/195}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x5, &(0x7f0000001fd8)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x25}, [@ldst={0x7}], {0x95}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0x437, &(0x7f000000cf3d)=""/195}, 0x48) r1 = socket(0x10, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000040)=r0, 0x4) write(r1, &(0x7f00000005c0)="260000005e0009000000eaf83a0000000000000001000000ffffff000008db1ee9ff4435eade", 0x26) 2018/04/21 01:47:25 executing program 3: bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x1000000000000004, 0x203}, 0x2c) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x50, &(0x7f00000000c0)}, 0x10) socketpair$inet(0x2, 0x0, 0x80000001, &(0x7f0000000000)) 2018/04/21 01:47:25 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vsock(0xffffffffffffff9c, &(0x7f00001b3000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_LOG_BASE(r0, 0xaf01, &(0x7f0000307000)=&(0x7f0000989fff)) r1 = eventfd2(0x0, 0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000640)=r1) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000df5fd8)={0x0, 0x1, &(0x7f0000000200)=""/105, &(0x7f0000bf6000)=""/228, &(0x7f0000000080)=""/199}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000cef000)={0x1, 0x0, &(0x7f000062a000)=""/167, &(0x7f0000aac000)=""/21, &(0x7f00002fdf52)=""/174}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000001c0)=0x4081) 2018/04/21 01:47:25 executing program 0: sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="5fb88c750196077aa3214bebc13f7d74ad4d9320611cf5a33f2a3f09e1c926359dcfe20001c781cb67f79cb0c6f5f4bf8ed60dce2176c22a20b22b9b24172b5569ec67906e7df93b05b19ba5360f2eab62812070fc181a2483366595113b240804d882a7dcd7ac4ba53e06d02558968b978122716d1823dcc7d40155c1bc1e8433f5ba15f5ee48c0ca941fce872e497d1377e2a5bde956f003caaf58c7520f82d7346c266e8ea70dab3bb7af6d78602a31ab8d232b07f6e3ef524b552ed88a1b1c02bc89f4f671855d40a2c1c173d4bb121bc86270c32d39c4c0d09a29b8983169914d8df86417a802b772bb638f72ccdcbb46267b5751816c77b6739f484292d5ca5e1bc4efee06f4e07e6a795faee2af27a8f21298055806494ee0e961cd5bd077bd7756f9e39dd3abdbe5c598cc5cbd44c5c319af923fbc4731545ff134749c2f42ee8454bf33ef309a6323dc847676d5be2fcb9abc717fc1e29396943ec0e264a80d64ca66ef2c42a57112a8a146097d9f4256ef6e6fd73be26e9a5f79b21dae42066d9cf4441021d64a2d6fd61c7ea709948d4be380e0fa4b76dff6aeef45", 0x1a1, 0x0, &(0x7f0000001000)={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_ifreq(r0, 0x89f3, &(0x7f0000000200)={'ip_vti0\x00', @ifru_data=&(0x7f0000000180)="d61a072afa6a2e6e9105a65cf0b08be4d57565e1a85eff283ee23d954743a2e3"}) 2018/04/21 01:47:25 executing program 4: r0 = socket$nl_xfrm(0xa, 0x5, 0x84) getsockopt$bt_hci(r0, 0x84, 0x7a, &(0x7f0000000080)=""/4096, &(0x7f0000001080)=0x3) 2018/04/21 01:47:25 executing program 7: r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGSW(r0, 0x8040451b, &(0x7f0000000140)=""/108) 2018/04/21 01:47:25 executing program 6: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000380)=[@textreal={0x8, &(0x7f0000000300)="f30f6fbe01a9653e0f0766b9690a00000f3226f326260f0f3e5084ae66b9800000c00f326635000800000f30f30f218eb800068ed00f01df640f38f16cffb810058ed0", 0x43}], 0x1, 0x0, &(0x7f00000003c0), 0x0) pipe2(&(0x7f0000e3eff8)={0x0, 0x0}, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000080), 0xfffffffffffffcc2, 0x0, &(0x7f0000000100)={0x2, 0x4e20, @rand_addr}, 0xa) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, &(0x7f0000000140)={'security\x00', 0x2, [{}, {}]}, 0x48) r4 = dup3(r3, r2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000decfe0)={0x10005, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SMI(r3, 0xaeb7) add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a}, &(0x7f0000000400), 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000500)="0f005c0666b8ef0000000f23d00f21f86635300000010f23f866b9770b000066b80000008066ba000000000f30f20f35f30f1bcff4650f01cabaf80c66b8c261a58266efbafc0cb874daef0f236d0f32", 0x50}], 0x0, 0x0, &(0x7f0000000040), 0xffffe1e) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2018/04/21 01:47:25 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x0, 0x1, &(0x7f0000001fe8)=ANY=[@ANYBLOB="e970b56804b3747cc7"], &(0x7f0000003ff6)='syzkaller\x00', 0x0, 0xc3, &(0x7f0000009f3d)=""/195}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x5, &(0x7f0000001fd8)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x25}, [@ldst={0x7}], {0x95}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0x437, &(0x7f000000cf3d)=""/195}, 0x48) r1 = socket(0x10, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000040)=r0, 0x4) write(r1, &(0x7f00000005c0)="260000005e0009000000eaf83a0000000000000001000000ffffff000008db1ee9ff4435eade", 0x26) 2018/04/21 01:47:25 executing program 3: bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x1000000000000004, 0x203}, 0x2c) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x50, &(0x7f00000000c0)}, 0x10) socketpair$inet(0x2, 0x0, 0x80000001, &(0x7f0000000000)) 2018/04/21 01:47:25 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000380)=[@textreal={0x8, &(0x7f0000000300)="f30f6fbe01a9653e0f0766b9690a00000f3226f326260f0f3e5084ae66b9800000c00f326635000800000f30f30f218eb800068ed00f01df640f38f16cffb810058ed0", 0x43}], 0x1, 0x0, &(0x7f00000003c0), 0x0) pipe2(&(0x7f0000e3eff8)={0x0, 0x0}, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000080), 0xfffffffffffffcc2, 0x0, &(0x7f0000000100)={0x2, 0x4e20, @rand_addr}, 0xa) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, &(0x7f0000000140)={'security\x00', 0x2, [{}, {}]}, 0x48) r4 = dup3(r3, r2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000decfe0)={0x10005, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SMI(r3, 0xaeb7) add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a}, &(0x7f0000000400), 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000500)="0f005c0666b8ef0000000f23d00f21f86635300000010f23f866b9770b000066b80000008066ba000000000f30f20f35f30f1bcff4650f01cabaf80c66b8c261a58266efbafc0cb874daef0f236d0f32", 0x50}], 0x0, 0x0, &(0x7f0000000040), 0xffffe1e) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2018/04/21 01:47:25 executing program 0: sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="5fb88c750196077aa3214bebc13f7d74ad4d9320611cf5a33f2a3f09e1c926359dcfe20001c781cb67f79cb0c6f5f4bf8ed60dce2176c22a20b22b9b24172b5569ec67906e7df93b05b19ba5360f2eab62812070fc181a2483366595113b240804d882a7dcd7ac4ba53e06d02558968b978122716d1823dcc7d40155c1bc1e8433f5ba15f5ee48c0ca941fce872e497d1377e2a5bde956f003caaf58c7520f82d7346c266e8ea70dab3bb7af6d78602a31ab8d232b07f6e3ef524b552ed88a1b1c02bc89f4f671855d40a2c1c173d4bb121bc86270c32d39c4c0d09a29b8983169914d8df86417a802b772bb638f72ccdcbb46267b5751816c77b6739f484292d5ca5e1bc4efee06f4e07e6a795faee2af27a8f21298055806494ee0e961cd5bd077bd7756f9e39dd3abdbe5c598cc5cbd44c5c319af923fbc4731545ff134749c2f42ee8454bf33ef309a6323dc847676d5be2fcb9abc717fc1e29396943ec0e264a80d64ca66ef2c42a57112a8a146097d9f4256ef6e6fd73be26e9a5f79b21dae42066d9cf4441021d64a2d6fd61c7ea709948d4be380e0fa4b76dff6aeef45", 0x1a1, 0x0, &(0x7f0000001000)={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_ifreq(r0, 0x89f3, &(0x7f0000000200)={'ip_vti0\x00', @ifru_data=&(0x7f0000000180)="d61a072afa6a2e6e9105a65cf0b08be4d57565e1a85eff283ee23d954743a2e3"}) 2018/04/21 01:47:25 executing program 7: r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGSW(r0, 0x8040451b, &(0x7f0000000140)=""/108) 2018/04/21 01:47:25 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vsock(0xffffffffffffff9c, &(0x7f00001b3000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_LOG_BASE(r0, 0xaf01, &(0x7f0000307000)=&(0x7f0000989fff)) r1 = eventfd2(0x0, 0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000640)=r1) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000df5fd8)={0x0, 0x1, &(0x7f0000000200)=""/105, &(0x7f0000bf6000)=""/228, &(0x7f0000000080)=""/199}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000cef000)={0x1, 0x0, &(0x7f000062a000)=""/167, &(0x7f0000aac000)=""/21, &(0x7f00002fdf52)=""/174}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000001c0)=0x4081) 2018/04/21 01:47:25 executing program 4: r0 = socket$nl_xfrm(0xa, 0x5, 0x84) getsockopt$bt_hci(r0, 0x84, 0x7a, &(0x7f0000000080)=""/4096, &(0x7f0000001080)=0x3) 2018/04/21 01:47:25 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x0, 0x1, &(0x7f0000001fe8)=ANY=[@ANYBLOB="e970b56804b3747cc7"], &(0x7f0000003ff6)='syzkaller\x00', 0x0, 0xc3, &(0x7f0000009f3d)=""/195}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x5, &(0x7f0000001fd8)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x25}, [@ldst={0x7}], {0x95}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0x437, &(0x7f000000cf3d)=""/195}, 0x48) r1 = socket(0x10, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000040)=r0, 0x4) write(r1, &(0x7f00000005c0)="260000005e0009000000eaf83a0000000000000001000000ffffff000008db1ee9ff4435eade", 0x26) 2018/04/21 01:47:25 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vsock(0xffffffffffffff9c, &(0x7f00001b3000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_LOG_BASE(r0, 0xaf01, &(0x7f0000307000)=&(0x7f0000989fff)) r1 = eventfd2(0x0, 0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000640)=r1) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000df5fd8)={0x0, 0x1, &(0x7f0000000200)=""/105, &(0x7f0000bf6000)=""/228, &(0x7f0000000080)=""/199}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000cef000)={0x1, 0x0, &(0x7f000062a000)=""/167, &(0x7f0000aac000)=""/21, &(0x7f00002fdf52)=""/174}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000001c0)=0x4081) 2018/04/21 01:47:25 executing program 3: bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x1000000000000004, 0x203}, 0x2c) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x50, &(0x7f00000000c0)}, 0x10) socketpair$inet(0x2, 0x0, 0x80000001, &(0x7f0000000000)) 2018/04/21 01:47:25 executing program 7: r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGSW(r0, 0x8040451b, &(0x7f0000000140)=""/108) 2018/04/21 01:47:25 executing program 4: r0 = socket$nl_xfrm(0xa, 0x5, 0x84) getsockopt$bt_hci(r0, 0x84, 0x7a, &(0x7f0000000080)=""/4096, &(0x7f0000001080)=0x3) 2018/04/21 01:47:26 executing program 7: bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x0, 0x1, &(0x7f0000001fe8)=ANY=[@ANYBLOB="e970b56804b3747cc7"], &(0x7f0000003ff6)='syzkaller\x00', 0x0, 0xc3, &(0x7f0000009f3d)=""/195}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x5, &(0x7f0000001fd8)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x25}, [@ldst={0x7}], {0x95}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0x437, &(0x7f000000cf3d)=""/195}, 0x48) r1 = socket(0x10, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000040)=r0, 0x4) write(r1, &(0x7f00000005c0)="260000005e0009000000eaf83a0000000000000001000000ffffff000008db1ee9ff4435eade", 0x26) 2018/04/21 01:47:26 executing program 2: bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x1000000000000004, 0x203}, 0x2c) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x50, &(0x7f00000000c0)}, 0x10) socketpair$inet(0x2, 0x0, 0x80000001, &(0x7f0000000000)) 2018/04/21 01:47:26 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vsock(0xffffffffffffff9c, &(0x7f00001b3000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_LOG_BASE(r0, 0xaf01, &(0x7f0000307000)=&(0x7f0000989fff)) r1 = eventfd2(0x0, 0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000640)=r1) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000df5fd8)={0x0, 0x1, &(0x7f0000000200)=""/105, &(0x7f0000bf6000)=""/228, &(0x7f0000000080)=""/199}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000cef000)={0x1, 0x0, &(0x7f000062a000)=""/167, &(0x7f0000aac000)=""/21, &(0x7f00002fdf52)=""/174}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000001c0)=0x4081) 2018/04/21 01:47:26 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x0, 0x1, &(0x7f0000001fe8)=ANY=[@ANYBLOB="e970b56804b3747cc7"], &(0x7f0000003ff6)='syzkaller\x00', 0x0, 0xc3, &(0x7f0000009f3d)=""/195}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x5, &(0x7f0000001fd8)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x25}, [@ldst={0x7}], {0x95}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0x437, &(0x7f000000cf3d)=""/195}, 0x48) r1 = socket(0x10, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000040)=r0, 0x4) write(r1, &(0x7f00000005c0)="260000005e0009000000eaf83a0000000000000001000000ffffff000008db1ee9ff4435eade", 0x26) 2018/04/21 01:47:26 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x40, &(0x7f0000000080)=0x0) io_submit(r0, 0x1, &(0x7f00000005c0)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)}]) syz_init_net_socket$llc(0x1a, 0x1, 0x0) 2018/04/21 01:47:26 executing program 3: bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x1000000000000004, 0x203}, 0x2c) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x50, &(0x7f00000000c0)}, 0x10) socketpair$inet(0x2, 0x0, 0x80000001, &(0x7f0000000000)) 2018/04/21 01:47:26 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='net/netlink\x00') ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000080)) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f00000000c0)={{0xffffffffffffffff}}) r0 = syz_open_procfs(0x0, &(0x7f0000000280)="2f65786500000000000409004bddd9de91be10eebf000ee9a9d50f1e8600000854fa07424adee93707da75af1f0200f5cd26d7a0d2ef6ae0d178621cffc0a87164000000e39c5a") ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0c0583b, &(0x7f0000000040)={0x0, &(0x7f0000000040)}) 2018/04/21 01:47:26 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vsock(0xffffffffffffff9c, &(0x7f00001b3000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_LOG_BASE(r0, 0xaf01, &(0x7f0000307000)=&(0x7f0000989fff)) r1 = eventfd2(0x0, 0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000640)=r1) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000df5fd8)={0x0, 0x1, &(0x7f0000000200)=""/105, &(0x7f0000bf6000)=""/228, &(0x7f0000000080)=""/199}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000cef000)={0x1, 0x0, &(0x7f000062a000)=""/167, &(0x7f0000aac000)=""/21, &(0x7f00002fdf52)=""/174}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000001c0)=0x4081) 2018/04/21 01:47:26 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vsock(0xffffffffffffff9c, &(0x7f00001b3000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_LOG_BASE(r0, 0xaf01, &(0x7f0000307000)=&(0x7f0000989fff)) r1 = eventfd2(0x0, 0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000640)=r1) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000df5fd8)={0x0, 0x1, &(0x7f0000000200)=""/105, &(0x7f0000bf6000)=""/228, &(0x7f0000000080)=""/199}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000cef000)={0x1, 0x0, &(0x7f000062a000)=""/167, &(0x7f0000aac000)=""/21, &(0x7f00002fdf52)=""/174}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000001c0)=0x4081) 2018/04/21 01:47:26 executing program 7: bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x0, 0x1, &(0x7f0000001fe8)=ANY=[@ANYBLOB="e970b56804b3747cc7"], &(0x7f0000003ff6)='syzkaller\x00', 0x0, 0xc3, &(0x7f0000009f3d)=""/195}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x5, &(0x7f0000001fd8)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x25}, [@ldst={0x7}], {0x95}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0x437, &(0x7f000000cf3d)=""/195}, 0x48) r1 = socket(0x10, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000040)=r0, 0x4) write(r1, &(0x7f00000005c0)="260000005e0009000000eaf83a0000000000000001000000ffffff000008db1ee9ff4435eade", 0x26) 2018/04/21 01:47:26 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x4c, &(0x7f0000000640), 0x4) 2018/04/21 01:47:26 executing program 2: bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x1000000000000004, 0x203}, 0x2c) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x50, &(0x7f00000000c0)}, 0x10) socketpair$inet(0x2, 0x0, 0x80000001, &(0x7f0000000000)) [ 78.571930] ================================================================== [ 78.579539] BUG: KASAN: null-ptr-deref in refcount_inc_not_zero+0x8f/0x2d0 [ 78.586562] Read of size 4 at addr 0000000000000004 by task syz-executor4/7121 [ 78.593920] [ 78.595555] CPU: 1 PID: 7121 Comm: syz-executor4 Not tainted 4.17.0-rc1+ #10 [ 78.602746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 78.612099] Call Trace: [ 78.614698] dump_stack+0x1b9/0x294 [ 78.618339] ? dump_stack_print_info.cold.2+0x52/0x52 [ 78.623536] ? kasan_check_write+0x14/0x20 [ 78.627783] ? do_raw_spin_lock+0xc1/0x200 [ 78.632030] ? vprintk_func+0x81/0xe7 [ 78.635845] ? refcount_inc_not_zero+0x8f/0x2d0 [ 78.640522] kasan_report.cold.7+0x6d/0x2fe [ 78.644860] check_memory_region+0x13e/0x1b0 [ 78.649279] kasan_check_read+0x11/0x20 [ 78.653260] refcount_inc_not_zero+0x8f/0x2d0 [ 78.657769] ? refcount_add_not_zero+0x320/0x320 [ 78.662542] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 78.667567] ? lock_sock_nested+0x9f/0x120 [ 78.671820] refcount_inc+0x15/0x70 [ 78.675454] llc_ui_release+0xba/0x2b0 [ 78.679342] ? fsnotify_first_mark+0x330/0x330 [ 78.683932] sock_release+0x96/0x1b0 [ 78.687652] ? sock_alloc_file+0x4e0/0x4e0 [ 78.691881] sock_close+0x16/0x20 [ 78.695323] __fput+0x34d/0x890 [ 78.698594] ? fput+0x1a0/0x1a0 [ 78.701869] ? _raw_spin_unlock_irq+0x27/0x70 [ 78.706357] ____fput+0x15/0x20 [ 78.709624] task_work_run+0x1e4/0x290 [ 78.713505] ? task_work_cancel+0x240/0x240 [ 78.717818] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 78.723343] ? switch_task_namespaces+0xa2/0xd0 [ 78.728011] do_exit+0x1aee/0x2730 [ 78.731560] ? mm_update_next_owner+0x980/0x980 [ 78.736214] ? print_usage_bug+0xc0/0xc0 [ 78.740264] ? graph_lock+0x170/0x170 [ 78.744052] ? do_raw_spin_unlock+0x9e/0x2e0 [ 78.748454] ? rcu_note_context_switch+0x710/0x710 [ 78.753384] ? lock_acquire+0x1dc/0x520 [ 78.757349] ? __might_sleep+0x95/0x190 [ 78.761317] ? __lock_acquire+0x7f5/0x5140 [ 78.765556] ? debug_check_no_locks_freed+0x310/0x310 [ 78.770743] ? do_raw_spin_unlock+0x9e/0x2e0 [ 78.775140] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 78.779712] ? kasan_check_write+0x14/0x20 [ 78.783935] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 78.789115] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 78.794638] ? drop_futex_key_refs.isra.13+0x6d/0xe0 [ 78.799728] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 78.805251] ? futex_wait+0x5c1/0x9f0 [ 78.809048] ? perf_trace_lock+0xd6/0x900 [ 78.813183] ? perf_trace_lock_acquire+0xe3/0x980 [ 78.818023] ? zap_class+0x720/0x720 [ 78.821728] ? perf_trace_lock+0x900/0x900 [ 78.825951] ? graph_lock+0x170/0x170 [ 78.829745] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 78.835266] ? graph_lock+0x170/0x170 [ 78.839055] ? perf_event_sync_stat+0x5f0/0x5f0 [ 78.843720] ? memset+0x31/0x40 [ 78.846991] ? find_held_lock+0x36/0x1c0 [ 78.851057] ? lock_downgrade+0x8e0/0x8e0 [ 78.855202] do_group_exit+0x16f/0x430 [ 78.859076] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 78.863647] ? __ia32_sys_exit+0x50/0x50 [ 78.867698] ? _raw_spin_unlock_irq+0x27/0x70 [ 78.872189] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 78.877200] get_signal+0x886/0x1960 [ 78.880913] ? ptrace_notify+0x130/0x130 [ 78.884965] ? __schedule+0x809/0x1e30 [ 78.888845] ? __sched_text_start+0x8/0x8 [ 78.892993] do_signal+0x98/0x2040 [ 78.896534] ? setup_sigcontext+0x7d0/0x7d0 [ 78.900842] ? handle_mm_fault+0x8c0/0xc70 [ 78.905068] ? schedule+0xef/0x430 [ 78.908597] ? __schedule+0x1e30/0x1e30 [ 78.912576] ? exit_to_usermode_loop+0x87/0x310 [ 78.917238] exit_to_usermode_loop+0x28a/0x310 [ 78.921808] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 78.926638] ? do_syscall_64+0x92/0x800 [ 78.930603] do_syscall_64+0x6ac/0x800 [ 78.934481] ? finish_task_switch+0x1ca/0x810 [ 78.938967] ? syscall_return_slowpath+0x5c0/0x5c0 [ 78.943882] ? syscall_return_slowpath+0x30f/0x5c0 [ 78.948802] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 78.954157] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 78.958991] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 78.964176] RIP: 0033:0x455389 [ 78.967358] RSP: 002b:00007fb815632ce8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 78.975054] RAX: fffffffffffffe00 RBX: 000000000072bf80 RCX: 0000000000455389 [ 78.982308] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000072bf80 [ 78.989561] RBP: 000000000072bf80 R08: 0000000000000000 R09: 000000000072bf58 [ 78.996815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 79.004076] R13: 00007ffca1637fef R14: 00007fb8156339c0 R15: 0000000000000001 [ 79.011352] ================================================================== [ 79.018691] Disabling lock debugging due to kernel taint [ 79.024548] Kernel panic - not syncing: panic_on_warn set ... [ 79.024548] [ 79.031921] CPU: 1 PID: 7121 Comm: syz-executor4 Tainted: G B 4.17.0-rc1+ #10 [ 79.040483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 79.049810] Call Trace: [ 79.052379] dump_stack+0x1b9/0x294 [ 79.055988] ? dump_stack_print_info.cold.2+0x52/0x52 [ 79.061162] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 79.065905] ? refcount_add_not_zero+0x300/0x320 [ 79.070639] panic+0x22f/0x4de [ 79.073809] ? add_taint.cold.5+0x16/0x16 [ 79.077938] ? do_raw_spin_unlock+0x9e/0x2e0 [ 79.082327] ? do_raw_spin_unlock+0x9e/0x2e0 [ 79.086714] ? refcount_inc_not_zero+0x8f/0x2d0 [ 79.091371] kasan_end_report+0x47/0x4f [ 79.095324] kasan_report.cold.7+0x76/0x2fe [ 79.099624] check_memory_region+0x13e/0x1b0 [ 79.104017] kasan_check_read+0x11/0x20 [ 79.107979] refcount_inc_not_zero+0x8f/0x2d0 [ 79.112454] ? refcount_add_not_zero+0x320/0x320 [ 79.117189] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 79.122185] ? lock_sock_nested+0x9f/0x120 [ 79.126402] refcount_inc+0x15/0x70 [ 79.130011] llc_ui_release+0xba/0x2b0 [ 79.133884] ? fsnotify_first_mark+0x330/0x330 [ 79.138452] sock_release+0x96/0x1b0 [ 79.142151] ? sock_alloc_file+0x4e0/0x4e0 [ 79.146362] sock_close+0x16/0x20 [ 79.149792] __fput+0x34d/0x890 [ 79.153054] ? fput+0x1a0/0x1a0 [ 79.156317] ? _raw_spin_unlock_irq+0x27/0x70 [ 79.160793] ____fput+0x15/0x20 [ 79.164149] task_work_run+0x1e4/0x290 [ 79.168022] ? task_work_cancel+0x240/0x240 [ 79.172333] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 79.177852] ? switch_task_namespaces+0xa2/0xd0 [ 79.182499] do_exit+0x1aee/0x2730 [ 79.186028] ? mm_update_next_owner+0x980/0x980 [ 79.190677] ? print_usage_bug+0xc0/0xc0 [ 79.194731] ? graph_lock+0x170/0x170 [ 79.198509] ? do_raw_spin_unlock+0x9e/0x2e0 [ 79.202899] ? rcu_note_context_switch+0x710/0x710 [ 79.207805] ? lock_acquire+0x1dc/0x520 [ 79.211758] ? __might_sleep+0x95/0x190 [ 79.215715] ? __lock_acquire+0x7f5/0x5140 [ 79.219944] ? debug_check_no_locks_freed+0x310/0x310 [ 79.225121] ? do_raw_spin_unlock+0x9e/0x2e0 [ 79.229507] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 79.234076] ? kasan_check_write+0x14/0x20 [ 79.238293] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 79.243465] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 79.248982] ? drop_futex_key_refs.isra.13+0x6d/0xe0 [ 79.254065] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 79.259583] ? futex_wait+0x5c1/0x9f0 [ 79.263369] ? perf_trace_lock+0xd6/0x900 [ 79.267498] ? perf_trace_lock_acquire+0xe3/0x980 [ 79.272317] ? zap_class+0x720/0x720 [ 79.276011] ? perf_trace_lock+0x900/0x900 [ 79.280230] ? graph_lock+0x170/0x170 [ 79.284018] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 79.289547] ? graph_lock+0x170/0x170 [ 79.293330] ? perf_event_sync_stat+0x5f0/0x5f0 [ 79.297982] ? memset+0x31/0x40 [ 79.301240] ? find_held_lock+0x36/0x1c0 [ 79.305282] ? lock_downgrade+0x8e0/0x8e0 [ 79.309413] do_group_exit+0x16f/0x430 [ 79.313280] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 79.317840] ? __ia32_sys_exit+0x50/0x50 [ 79.321880] ? _raw_spin_unlock_irq+0x27/0x70 [ 79.326355] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 79.331354] get_signal+0x886/0x1960 [ 79.335064] ? ptrace_notify+0x130/0x130 [ 79.339112] ? __schedule+0x809/0x1e30 [ 79.342980] ? __sched_text_start+0x8/0x8 [ 79.347111] do_signal+0x98/0x2040 [ 79.350633] ? setup_sigcontext+0x7d0/0x7d0 [ 79.354931] ? handle_mm_fault+0x8c0/0xc70 [ 79.359146] ? schedule+0xef/0x430 [ 79.362663] ? __schedule+0x1e30/0x1e30 [ 79.366620] ? exit_to_usermode_loop+0x87/0x310 [ 79.371268] exit_to_usermode_loop+0x28a/0x310 [ 79.375832] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 79.380663] ? do_syscall_64+0x92/0x800 [ 79.384630] do_syscall_64+0x6ac/0x800 [ 79.388496] ? finish_task_switch+0x1ca/0x810 [ 79.392969] ? syscall_return_slowpath+0x5c0/0x5c0 [ 79.397875] ? syscall_return_slowpath+0x30f/0x5c0 [ 79.402786] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 79.408129] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 79.412953] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 79.418121] RIP: 0033:0x455389 [ 79.421289] RSP: 002b:00007fb815632ce8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 79.428975] RAX: fffffffffffffe00 RBX: 000000000072bf80 RCX: 0000000000455389 [ 79.436221] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000072bf80 [ 79.443465] RBP: 000000000072bf80 R08: 0000000000000000 R09: 000000000072bf58 [ 79.450713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 79.457958] R13: 00007ffca1637fef R14: 00007fb8156339c0 R15: 0000000000000001 [ 79.465654] Dumping ftrace buffer: [ 79.469181] (ftrace buffer empty) [ 79.472865] Kernel Offset: disabled [ 79.476466] Rebooting in 86400 seconds..