INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts. 2018/04/07 02:13:51 fuzzer started 2018/04/07 02:13:52 dialing manager at 10.128.0.26:38639 2018/04/07 02:13:57 kcov=true, comps=false 2018/04/07 02:14:00 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000553000)=[{&(0x7f0000c0c000)="580000001400190000bb4b01040d8c56020600000000e076489643d818fe58a2bc4a0381001dffffffff0000000006007ffff51000174100005bffff001ce1ed900000000000000006b736231be86efd121f00ec6b0f536e", 0x58}], 0x1) 2018/04/07 02:14:00 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f000000a000)={0x0, 0x0, &(0x7f0000003ff0)={&(0x7f0000009000)={0x2, 0x6, 0x3, 0x0, 0x2, 0x0, 0x6}, 0x10}, 0x1}, 0x0) 2018/04/07 02:14:00 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) r1 = memfd_create(&(0x7f0000000100)='\x00', 0x0) ftruncate(r1, 0x40001) sendfile(r0, r1, &(0x7f000000a000), 0x7ffff) 2018/04/07 02:14:00 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg(r0, &(0x7f000000c780)=[{{&(0x7f0000002800)=@in={0x2, 0x4e22, @multicast1=0xe0000001}, 0x80, &(0x7f0000003cc0), 0x0, &(0x7f0000000100)}}], 0x1, 0x0) 2018/04/07 02:14:00 executing program 5: 2018/04/07 02:14:00 executing program 4: 2018/04/07 02:14:00 executing program 6: 2018/04/07 02:14:00 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) fstat(r0, &(0x7f0000000080)) syzkaller login: [ 43.709903] ip (3751) used greatest stack depth: 54672 bytes left [ 44.865982] ip (3859) used greatest stack depth: 53960 bytes left [ 47.521197] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.577625] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.598537] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.646483] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.746239] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.765229] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.806321] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.841675] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.356377] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.506079] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.616755] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.636716] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.648260] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.707643] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.749296] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.757774] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.093977] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.100294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.116440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.227146] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.233385] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.246178] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.349915] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.356274] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.367603] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.396447] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.412792] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.419833] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.430539] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.449234] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.482601] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.521660] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.533938] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.559890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.584777] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.592887] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.608810] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.710920] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.717270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.736607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/07 02:14:17 executing program 4: 2018/04/07 02:14:17 executing program 3: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000040)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) ptrace(0x4207, r1) ptrace(0x420b, r1) 2018/04/07 02:14:17 executing program 4: syz_mount_image$jfs(&(0x7f00000002c0)='jfs\x00', &(0x7f0000000300)='./bus\x00', 0x0, 0x0, &(0x7f0000000580), 0x0, &(0x7f0000000600)={[{@iocharset={'iocharset', 0x3d, 'euc-jp'}, 0x2c}, {@iocharset={'iocharset', 0x3d, 'default'}, 0x2c}]}) 2018/04/07 02:14:17 executing program 1: 2018/04/07 02:14:17 executing program 7: 2018/04/07 02:14:17 executing program 3: 2018/04/07 02:14:17 executing program 5: 2018/04/07 02:14:18 executing program 4: 2018/04/07 02:14:18 executing program 7: r0 = socket(0xa, 0x2400000001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000034000)={0x0, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}, 0x84) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}}, 0x19b) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000100)={0x2, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}, 0x84) 2018/04/07 02:14:18 executing program 0: perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r1, &(0x7f0000000100)=ANY=[], 0x1023c) write(0xffffffffffffffff, &(0x7f0000000180), 0x0) r2 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = open(&(0x7f0000000140)='./file0\x00', 0x4001, 0x0) sendfile(r3, r2, &(0x7f0000002b80), 0x7fffffff) 2018/04/07 02:14:18 executing program 6: 2018/04/07 02:14:18 executing program 5: r0 = socket(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={"6c6f0000ecffffff00", 0x0}) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f00000000c0)={@ipv4={[], [0xff, 0xff], @local={0xac, 0x14, 0x14, 0xaa}}, r1}, 0xffffffffffffff43) 2018/04/07 02:14:18 executing program 1: perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000161000)={0x0, 0x1c, &(0x7f0000519fa8)=[@in6={0xa, 0x0, 0x0, @empty, 0x25}]}, &(0x7f00007b7ffc)=0x10) bpf$PROG_LOAD(0x5, &(0x7f0000903000)={0x1, 0x5, &(0x7f0000519fa8)=@framed={{0x18}, [@ldst={0x2, 0x0, 0xb, 0x7a, 0x0, 0xfffffff0}], {0x95}}, &(0x7f0000c43000)='syzkaller\x00', 0x0, 0x126c, &(0x7f000087d000)=""/4096}, 0x19) 2018/04/07 02:14:18 executing program 2: mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000000)) getegid() getegid() getgroups(0x1, &(0x7f0000000000)=[0x0]) getegid() getgid() r0 = syz_open_dev$random(&(0x7f0000a33ff4)='/dev/random\x00', 0x0, 0x0) readv(r0, &(0x7f0000001440)=[{&(0x7f0000001240)=""/129, 0x81}, {&(0x7f0000001380)=""/98, 0x62}, {&(0x7f0000001400)=""/57, 0x39}], 0x3) preadv(r0, &(0x7f00000011c0)=[{&(0x7f000019ff51)=""/175, 0xfffffcc3}], 0x1, 0x0) timer_create(0x0, &(0x7f0000580000)={0x0, 0x12, 0x0, @thr={&(0x7f0000f44000), &(0x7f0000ff5fd2)}}, &(0x7f00000c6000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) r1 = getpgid(0x0) tkill(r1, 0x1000000000016) 2018/04/07 02:14:18 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x88) connect$inet6(r0, &(0x7f0000006f40)={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}, 0x5}, 0x1c) recvmmsg(0xffffffffffffffff, &(0x7f0000006bc0)=[{{&(0x7f0000001840)=@in6={0x0, 0x0, 0x0, @remote}, 0x80, &(0x7f0000001940)=[{&(0x7f0000002040)=""/4096, 0x1000}], 0x1, &(0x7f0000001980)=""/242, 0xf2}}], 0x1, 0x0, &(0x7f0000006d00)={0x0, 0x1c9c380}) sendmmsg(r0, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f00000001c0), 0x0, &(0x7f00000003c0)}}, {{&(0x7f00000004c0)=@in6={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c, &(0x7f0000000680), 0x3ba, &(0x7f0000002000)=[{0x10}], 0x10}}], 0x2, 0x8000) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000040)="eb", 0x1}], 0x1) 2018/04/07 02:14:18 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/ip6_mr_vif\x00') sendfile(r0, r0, &(0x7f0000000080)=0x400, 0x7) 2018/04/07 02:14:18 executing program 6: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'aead\x00', 0x0, 0x0, 'echainiv(ccm(camellia))\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab27191a01002356ba602dff05000b", 0x10) write$binfmt_aout(r1, &(0x7f00000005c0)={{0x107}, "974cbae26805d013dcee7776e178c959d24933ceacca65df4264f039d26e3c88"}, 0x40) recvmsg(r1, &(0x7f0000000480)={&(0x7f0000000040)=@nfc_llcp, 0x1e, &(0x7f0000b9c000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000da2000)}, 0x0) 2018/04/07 02:14:18 executing program 3: perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) r2 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) read(r1, &(0x7f00000027c0)=""/4096, 0xfee3) 2018/04/07 02:14:18 executing program 5: perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x141042, 0x0) ftruncate(r1, 0x8000) read(r1, &(0x7f00000027c0)=""/4096, 0xfee3) 2018/04/07 02:14:19 executing program 7: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00004acffc)={0x0, 0x6}, 0x4) setsockopt$packet_buf(r0, 0x107, 0x16, &(0x7f0000a76000), 0x0) 2018/04/07 02:14:19 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = syz_open_dev$tun(&(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller0\x00', 0x3}) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000600)={{0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, {}, 0x8, {0x2, 0x0, @rand_addr}, 'syzkaller0\x00'}) dup2(r0, r1) 2018/04/07 02:14:19 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x13, &(0x7f0000000000), 0x2) 2018/04/07 02:14:19 executing program 1: perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000161000)={0x0, 0x1c, &(0x7f0000519fa8)=[@in6={0xa, 0x0, 0x0, @empty, 0x25}]}, &(0x7f00007b7ffc)=0x10) bpf$PROG_LOAD(0x5, &(0x7f0000903000)={0x1, 0x5, &(0x7f0000519fa8)=@framed={{0x18}, [@ldst={0x2, 0x0, 0xb, 0x7a, 0x0, 0xfffffff0}], {0x95}}, &(0x7f0000c43000)='syzkaller\x00', 0x0, 0x126c, &(0x7f000087d000)=""/4096}, 0x19) 2018/04/07 02:14:19 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000eed000)={0x2, 0x104e21}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2}, 0x10) syz_emit_ethernet(0x2a, &(0x7f000000a000)={@broadcast=[0xff, 0xe0, 0xff, 0xff, 0xff, 0xff], @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}, @multicast1=0xe0000001}, @udp={0x0, 0x4e21, 0x8}}}}}, 0x0) 2018/04/07 02:14:19 executing program 5: keyctl$instantiate_iov(0x14, 0x0, &(0x7f00000007c0), 0x0, 0x0) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x4a, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f000000cfe4)={0xa}, 0x1c) sendmsg(0xffffffffffffffff, &(0x7f0000021fc8)={0x0, 0x0, &(0x7f0000000ff0), 0x0, &(0x7f0000005000)}, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00002aafe4)={0xa, 0x4e23, 0x0, @ipv4={[], [0xff, 0xff]}}, 0x1c) socket(0x2, 0x0, 0x0) listen(r0, 0x40) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r1, &(0x7f000087dffe)='F', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c) signalfd4(0xffffffffffffffff, &(0x7f00000001c0), 0x8, 0x0) unshare(0x0) dup2(r1, r0) 2018/04/07 02:14:19 executing program 6: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'aead\x00', 0x0, 0x0, 'echainiv(ccm(camellia))\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab27191a01002356ba602dff05000b", 0x10) write$binfmt_aout(r1, &(0x7f00000005c0)={{0x107}, "974cbae26805d013dcee7776e178c959d24933ceacca65df4264f039d26e3c88"}, 0x40) recvmsg(r1, &(0x7f0000000480)={&(0x7f0000000040)=@nfc_llcp, 0x1e, &(0x7f0000b9c000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000da2000)}, 0x0) 2018/04/07 02:14:19 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000265ff7)='/dev/sg#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl(r0, 0x5, &(0x7f0000000100)) 2018/04/07 02:14:19 executing program 0: r0 = socket(0xa, 0x2400000001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000034000)={0x0, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}, 0xfffffffffffffeae) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}}, 0x19b) getsockopt$inet6_buf(r0, 0x29, 0x10000000000030, &(0x7f0000034000)=""/144, &(0x7f0000000ffc)=0x90) [ 60.631230] program syz-executor2 is using a deprecated SCSI ioctl, please convert it to SG_IO 2018/04/07 02:14:19 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(twofish)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab27191a01002356ba602dff05000b", 0x10) sendmmsg$alg(r1, &(0x7f0000002c80)=[{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000300)="15c1842803596b710fc14822cd40d73863904cd8823111cf4f2ba24100969c9913ee741058017be8fb3a09f439537224882a063510fc2b22cb23d3edcddd6de7766b8d05e70521a5c93fee11d582ed4e3346518615eec9333800f5a0aed5069ec708e7a7b488df2197b4782bc3ad260d603816318e578a9f010363ae1b05ffdefbc0fbd57b72fd47eeb2ad797708b49fe29a01a735ff50ed7645e8c8eed91afc6adfdba89fa52944cddd12e7c15f7731", 0xb0}], 0x1, &(0x7f0000000200)}], 0x1, 0x0) recvmsg(r1, &(0x7f0000158000)={&(0x7f00002fffa0)=@nfc_llcp, 0x5c, &(0x7f0000000000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000da2000)}, 0x0) 2018/04/07 02:14:19 executing program 7: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0xb80, 0x396) sendto$inet6(r0, &(0x7f0000e13f4e), 0x0, 0x0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c) recvmmsg(r0, &(0x7f0000000680)=[{{&(0x7f00000006c0)=@rc, 0x80, &(0x7f0000000540), 0x0, &(0x7f0000000580)=""/206, 0xce}}], 0x1, 0x203f, 0x0) 2018/04/07 02:14:19 executing program 6: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'aead\x00', 0x0, 0x0, 'echainiv(ccm(camellia))\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab27191a01002356ba602dff05000b", 0x10) write$binfmt_aout(r1, &(0x7f00000005c0)={{0x107}, "974cbae26805d013dcee7776e178c959d24933ceacca65df4264f039d26e3c88"}, 0x40) recvmsg(r1, &(0x7f0000000480)={&(0x7f0000000040)=@nfc_llcp, 0x1e, &(0x7f0000b9c000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000da2000)}, 0x0) [ 60.701899] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 2018/04/07 02:14:19 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f00008c2ef5)="290000002000190001063524e02200ff020000168000e718f20000040d000f00000000f20d00088f1f", 0x29}], 0x1) 2018/04/07 02:14:19 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r0, 0x0) mincore(&(0x7f0000007000/0x4000)=nil, 0x4000, &(0x7f0000000000)=""/4096) [ 60.774564] program syz-executor2 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 60.849366] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 2018/04/07 02:14:19 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000002280)='cpuset.mems\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000140), 0x0) [ 60.891283] netlink: 'syz-executor3': attribute type 15 has an invalid length. 2018/04/07 02:14:20 executing program 7: syz_mount_image$xfs(&(0x7f0000000180)='xfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x2, &(0x7f0000002540)=[{&(0x7f0000001480)="a9d7911e3bf423dd9f9218825bb402b46f41f9e2949580790285d8bbe218fe1376832ad54887052b58349ef3b1bb45fb31b407600925a79f1a4114b59247f88e01e384d6689b9bfa53d3d0f9ee36a1962cdf78ffff4f827e62b6e65d1fb5ebc07b82eb667a726aba89fa8d4339096a1d83deab61768328074611ee44ff2fc5a528c32ccff970d82ebeb4856d092e703a68d89513bccd10fdfa1a74bb24", 0x9d, 0x3f}, {&(0x7f0000002480), 0x0, 0x1ff}], 0x0, &(0x7f0000001440)={'nouuid,'}) 2018/04/07 02:14:20 executing program 4: perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x8}, &(0x7f0000000480)=0xfffffffffffffe46) r0 = socket$packet(0x11, 0x10000000002, 0x300) bind$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6}, 0x14) sendmmsg(r0, &(0x7f0000003080)=[{{&(0x7f00000000c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}}, 0x80, &(0x7f0000000480)=[{&(0x7f0000000200)}], 0x1, &(0x7f0000000500), 0x25e}}], 0x7, 0x0) 2018/04/07 02:14:20 executing program 2: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x4a, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) unshare(0x20000) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='ns/mnt\x00') setns(r0, 0x0) 2018/04/07 02:14:20 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f00008c2ef5)="290000002000190001063524e02200ff020000168000e718f20000040d000f00000000f20d00088f1f", 0x29}], 0x1) 2018/04/07 02:14:20 executing program 6: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'aead\x00', 0x0, 0x0, 'echainiv(ccm(camellia))\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab27191a01002356ba602dff05000b", 0x10) write$binfmt_aout(r1, &(0x7f00000005c0)={{0x107}, "974cbae26805d013dcee7776e178c959d24933ceacca65df4264f039d26e3c88"}, 0x40) recvmsg(r1, &(0x7f0000000480)={&(0x7f0000000040)=@nfc_llcp, 0x1e, &(0x7f0000b9c000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000da2000)}, 0x0) 2018/04/07 02:14:20 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(twofish)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab27191a01002356ba602dff05000b", 0x10) sendmmsg$alg(r1, &(0x7f0000002c80)=[{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000300)="15c1842803596b710fc14822cd40d73863904cd8823111cf4f2ba24100969c9913ee741058017be8fb3a09f439537224882a063510fc2b22cb23d3edcddd6de7766b8d05e70521a5c93fee11d582ed4e3346518615eec9333800f5a0aed5069ec708e7a7b488df2197b4782bc3ad260d603816318e578a9f010363ae1b05ffdefbc0fbd57b72fd47eeb2ad797708b49fe29a01a735ff50ed7645e8c8eed91afc6adfdba89fa52944cddd12e7c15f7731", 0xb0}], 0x1, &(0x7f0000000200)}], 0x1, 0x0) recvmsg(r1, &(0x7f0000158000)={&(0x7f00002fffa0)=@nfc_llcp, 0x5c, &(0x7f0000000000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000da2000)}, 0x0) [ 61.249697] netlink: 'syz-executor3': attribute type 15 has an invalid length. 2018/04/07 02:14:20 executing program 5: keyctl$instantiate_iov(0x14, 0x0, &(0x7f00000007c0), 0x0, 0x0) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x4a, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f000000cfe4)={0xa}, 0x1c) sendmsg(0xffffffffffffffff, &(0x7f0000021fc8)={0x0, 0x0, &(0x7f0000000ff0), 0x0, &(0x7f0000005000)}, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00002aafe4)={0xa, 0x4e23, 0x0, @ipv4={[], [0xff, 0xff]}}, 0x1c) socket(0x2, 0x0, 0x0) listen(r0, 0x40) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r1, &(0x7f000087dffe)='F', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c) signalfd4(0xffffffffffffffff, &(0x7f00000001c0), 0x8, 0x0) unshare(0x0) dup2(r1, r0) 2018/04/07 02:14:20 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r0, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x11}}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000eb0fb8)={0x1, 0x3, &(0x7f00009ff000)=@framed={{0x18}, [], {0x95}}, &(0x7f00002bf000)='syzkaller\x00', 0x4, 0xb7, &(0x7f00006ab000)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f000031aff8)={r0, r1}) setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000040), 0x4) 2018/04/07 02:14:20 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000ed4000)=0x78, 0x4) bind$inet(r0, &(0x7f0000000300)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0x29f, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000500)="72656e6f00c0c63bab0000000000ffff0000006f8fa374f65e4898cf6ebdffed61c43cfeb222ca4a5e8cde8edd1cbe9edf7fcaa7d36dd3528219213874b89a6410c927c548b9f38f000000000000000000000000000000000000", 0x5a) sendmmsg(r0, &(0x7f0000005ec0)=[{{0x0, 0x0, &(0x7f00000021c0)=[{&(0x7f00000011c0)="1fce4748fdb0615b118ab7acfc3a554c39593a505dfb58553d5d2dcf71610b1133e43ee3efd92237cfd6b45e0e2be01f11a2dc7ae7ec031dfe066ec206b572c05079f59d09ea16702fa04f834506d0bd9b46b57882edc074204c88f0e8ad691ebb33c8f3249f5b25a90ca8b02c775c258f4442b27839185d1fe85ac1dc65fb632925139d5eaddb89a2c7110e67269006db6d9bf5fdd61479bb2cad114821a295903c96d9c4723e215af8dbc1eaa8d674908ead21da3d33510a50901072a2267b8520770e28d778d163dddbbb8bf99286acd9b11fd14ca40db0933fdacce8c1431cab7afbf9a907838577c25c32c57dab97e9e552de37e153fc2af5500a5d831c4a205913773573deea93f944e565404c7bebeb95ae4669799352647ffa7a55394bf068b46a080acba829262111646069124722aff54106528ee785ed2769c5f697dba81718fd470cf81e4d6bae7748885e6b0c97730346e93585c6160b73af8c2dcac5d89a165691aa82f4978de8354123e2bdab95b5803c7bb6bc0a4091458ff1f2ff52e3a65cf6d5ad602fa26829351086d2ac14a4706e9afeb0104c2eef291e066cb167705cb060b285cf7a44556924debb3c3617a7e8f2631bf691eeb0c0a96b7faa1ddca523ba9b6f3f8f45a33a911d44edb37b4ce955e3c5dcf6d9f0a91a075ba155cd6d69caac426c0fcc0defbae9193cfaabda92c9aff1a5b4afa27427b0ce317edd93149672f2a1cd5a26fcf7181efae2f8f5dd6db4dc8ada07231817717b93ab31de283aab4900b5ce123375381a90b5edb6dc6807b6f0e7d17fd8d4daed0d9b575bf09029fda033e6e45078c7a43be75f47ed5eec04aab041346856a5b30948d55f5873ed31c35160bfe8e5671b22d4f36b93eed75165f999fa682561c6ad84b8ec50132f14ca3620b15631ce6ce73ee6c35bfc447067e5152979ae0524dc972a159f0ee981f6171ceb8b70d47eef9e27e57dfde9a36d7ce462109decd2e0dc913d50f49b14476dee143f05eb1ef8e33539c50b145d4ba48aa9cc5fa5bba29a8e05eeb167f22c0286e0cc17b5fd59776a46289577bd8a8eb1629e2c50c3ddaf38cc348aa470dc4d8b243202d4d1a96fb22f9e6527826443f4d5ac1c6e2647d25aca58ba496f67836d8dd0f2c8904cdf503e8ebc798615e876122fdfef34143abc713b542b64e9b6657c16c1b92ccc457daa571a867a07feb7022e71d2da1c715b3d32805731e90ff18eaf54423a6150b24ff2abd86d2c3da79a0bd94e1c852adebf14bd15f963c95a030db04810bcee8a0b7b38991d3c34fc174832dae585e485f3bc7a4aaf1edf2d9d87e4ba9d97e0de134b24d5ff8d69c6a9195536ad1905f4b88ffff1813155b22586f35b9768955dcdb806b1a654d9b37d0632043e019e402c0f726c43ffb4cdbfba533252cf470afca0ec61773e5af2b0fed2846664c9d41aa7db1a4638cee41b867ce78df9f55621bf98a59a02cafe4ccd9d827fef8514d5e939d46711aae72f66ca615cd9c31e44203c802566417416a7d84d6ae6194cb9083bfee595e1f666cc18f82c2fbf144e3aea46d1199858d9a3c690eaabaad89141ca0d27476125b3fa4690cdbc156638abe65ce20cf03209a521cfd5e6922eda899ef4d822fa4fda0f43f4ded173e0ba281c7405e1344933d7e89d56ac134a7b9ba4363a5122194d8f0fd715cde52c7351a97ef45f5f1396f42c98c4e56d3f368739559851ed28af8e817058810c7188a76751577bca501b4be7ba081b2181aee1e81b7cdd75", 0x4ed}], 0x1, &(0x7f0000002240)}}], 0x1, 0x0) 2018/04/07 02:14:20 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000080)={0x0, {0x2, 0x0, @dev={0xac, 0x14, 0x14}}, {0x2, 0x0, @loopback=0x7f000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x200000000000184, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)="677265746170303a091e00"}) 2018/04/07 02:14:20 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f00008c2ef5)="290000002000190001063524e02200ff020000168000e718f20000040d000f00000000f20d00088f1f", 0x29}], 0x1) 2018/04/07 02:14:20 executing program 6: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'aead\x00', 0x0, 0x0, 'echainiv(ccm(camellia))\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab27191a01002356ba602dff05000b", 0x10) recvmsg(r1, &(0x7f0000000480)={&(0x7f0000000040)=@nfc_llcp, 0x1e, &(0x7f0000b9c000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000da2000)}, 0x0) 2018/04/07 02:14:20 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(twofish)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab27191a01002356ba602dff05000b", 0x10) sendmmsg$alg(r1, &(0x7f0000002c80)=[{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000300)="15c1842803596b710fc14822cd40d73863904cd8823111cf4f2ba24100969c9913ee741058017be8fb3a09f439537224882a063510fc2b22cb23d3edcddd6de7766b8d05e70521a5c93fee11d582ed4e3346518615eec9333800f5a0aed5069ec708e7a7b488df2197b4782bc3ad260d603816318e578a9f010363ae1b05ffdefbc0fbd57b72fd47eeb2ad797708b49fe29a01a735ff50ed7645e8c8eed91afc6adfdba89fa52944cddd12e7c15f7731", 0xb0}], 0x1, &(0x7f0000000200)}], 0x1, 0x0) recvmsg(r1, &(0x7f0000158000)={&(0x7f00002fffa0)=@nfc_llcp, 0x5c, &(0x7f0000000000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000da2000)}, 0x0) 2018/04/07 02:14:20 executing program 0: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) sigaltstack(&(0x7f0000fff000/0x1000)=nil, 0x0) ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000000)={&(0x7f0000ffc000/0x2000)=nil, 0x2000}) [ 61.487221] netlink: 'syz-executor3': attribute type 15 has an invalid length. 2018/04/07 02:14:20 executing program 4: msync(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x1) fcntl$getown(0xffffffffffffffff, 0x9) r0 = socket$inet(0x2, 0x2, 0x2000000088) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000240)={{{@in6=@dev={0xfe, 0x80}, @in=@multicast1=0xe0000001, 0x0, 0x0, 0x0, 0x0, 0xa, 0xa0}, {0x0, 0x0, 0x0, 0x9}}, {{@in=@multicast1=0xe0000001, 0x0, 0x6c}, 0x0, @in6=@remote={0xfe, 0x80, [], 0xbb}}}, 0xe8) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs\x00', 0x121000, 0x0) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r1, 0x84, 0x20, &(0x7f0000000080)=0x290c7c1b, 0x4) rmdir(&(0x7f0000e59000)='..') sendto$inet(r0, &(0x7f0000000180), 0x2d6, 0x807f, &(0x7f0000319ff0)={0x2, 0x4e20}, 0xfffffffffffffedd) ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000000)) sendto$inet(r0, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000df9ff0)={0x2, 0x0, @multicast2=0xe0000002}, 0x10) r2 = open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) perf_event_open(&(0x7f0000271000)={0x0, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, r2, 0x0) ioctl$TTUNGETFILTER(r2, 0x800854db, &(0x7f0000000740)=""/96) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x1000, {0x100000000, 0x0, 0x9, 0x7, 0x8}, 0x4084, 0x7f}, 0xe) unshare(0x20000) ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000000380)=0x0) r4 = syz_open_procfs(r3, &(0x7f00000003c0)="6e732f6d6e740077089d5475570ba400e5756418d9bae5b4d0b7e13f38b65692230260de869e31e55400709b225bebe4434f8060ab131dfc2d76e661d84f17c4de706501f8821fbcec24859915779583cda2c3") getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r2, 0x84, 0xf, &(0x7f0000000640)={0x0, @in={{0x2, 0x4e24, @multicast1=0xe0000001}}, 0x0, 0x0, 0x0, 0x800, 0x3}, &(0x7f0000000700)=0x98) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000440)={0x0, 0x0, 0x7}, &(0x7f00000001c0)=0x8) setns(r2, 0x4000000) setsockopt$inet_sctp6_SCTP_MAXSEG(r4, 0x84, 0xd, &(0x7f00000002c0), 0xfffffce8) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, &(0x7f00000005c0)) ioctl$VT_GETMODE(0xffffffffffffffff, 0x5601, &(0x7f0000000040)) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000580), 0x10) mlock2(&(0x7f0000a92000/0x1000)=nil, 0x1000, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000100)=""/128, &(0x7f0000000180)=0x80) getrusage(0x0, &(0x7f0000000840)) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(0xffffffffffffffff, 0xc0bc5310, &(0x7f00000004c0)) 2018/04/07 02:14:20 executing program 2: perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x20000000000002}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x2000000005, 0x0) getsockopt(r0, 0x0, 0x400000050, &(0x7f000000d000)=""/8, &(0x7f0000fedffc)=0x2db) 2018/04/07 02:14:20 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(twofish)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab27191a01002356ba602dff05000b", 0x10) sendmmsg$alg(r1, &(0x7f0000002c80)=[{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000300)="15c1842803596b710fc14822cd40d73863904cd8823111cf4f2ba24100969c9913ee741058017be8fb3a09f439537224882a063510fc2b22cb23d3edcddd6de7766b8d05e70521a5c93fee11d582ed4e3346518615eec9333800f5a0aed5069ec708e7a7b488df2197b4782bc3ad260d603816318e578a9f010363ae1b05ffdefbc0fbd57b72fd47eeb2ad797708b49fe29a01a735ff50ed7645e8c8eed91afc6adfdba89fa52944cddd12e7c15f7731", 0xb0}], 0x1, &(0x7f0000000200)}], 0x1, 0x0) recvmsg(r1, &(0x7f0000158000)={&(0x7f00002fffa0)=@nfc_llcp, 0x5c, &(0x7f0000000000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000da2000)}, 0x0) 2018/04/07 02:14:20 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f00008c2ef5)="290000002000190001063524e02200ff020000168000e718f20000040d000f00000000f20d00088f1f", 0x29}], 0x1) 2018/04/07 02:14:20 executing program 6: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'aead\x00', 0x0, 0x0, 'echainiv(ccm(camellia))\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab27191a01002356ba602dff05000b", 0x10) recvmsg(r1, &(0x7f0000000480)={&(0x7f0000000040)=@nfc_llcp, 0x1e, &(0x7f0000b9c000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000da2000)}, 0x0) 2018/04/07 02:14:20 executing program 7: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2501deff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 61.756172] netlink: 'syz-executor3': attribute type 15 has an invalid length. 2018/04/07 02:14:20 executing program 2: setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x10) r0 = socket(0x11, 0x4000000000080003, 0x0) setsockopt(r0, 0x107, 0xd, &(0x7f0000001000), 0x47e) sendmsg$nfc_llcp(r0, &(0x7f0000000600)={&(0x7f00000000c0)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "57fae839cadc593634a4649fa20e6a2157ab7eadc92590a697a15b1b82269a12677f3b622d19acae977f2e6ac607ebd29eeccb9baf117ee61d03c712ebf2c4"}, 0x58, &(0x7f0000000580), 0x0, &(0x7f00000005c0)={0xc}, 0xc}, 0x0) 2018/04/07 02:14:20 executing program 7: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) mkdir(&(0x7f0000000280)="131377c5fc35d41454d5d41d29ad1a6029598146e6be166e41ad0dbd4054033c9f33bbda8224a2f3d772e7636e48b33cbf708372e8f1b9933ec5127743be2206209ef02df9cbf2f6e880d3382f", 0x0) rename(&(0x7f0000000500)="131377c5fc35d41454d5d41d29ad1a6029598146e6be166e41ad0dbd4054033c9f33bbda8224a2f3d772e7636e48b33cbf708372e8f1b9933ec5127743be2206209ef02df9cbf2f6e880d3382f00", &(0x7f0000000240)='./control\x00') 2018/04/07 02:14:21 executing program 5: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000839000)='./control\x00', 0x0) r0 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) mkdirat(r0, &(0x7f00000d4000)='./control\x00', 0x0) openat(r0, &(0x7f0000773ff6)='./control\x00', 0x0, 0x0) perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) rename(&(0x7f0000000200)='./file0\x00', &(0x7f00000001c0)='./control\x00') 2018/04/07 02:14:21 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bond0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000300)=@ipv6_newroute={0x24, 0x18, 0x301, 0x0, 0x0, {0xa}, [@RTA_OIF={0x8, 0x4, r1}]}, 0x24}, 0x1}, 0x0) 2018/04/07 02:14:21 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(twofish)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab27191a01002356ba602dff05000b", 0x10) recvmsg(r1, &(0x7f0000158000)={&(0x7f00002fffa0)=@nfc_llcp, 0x5c, &(0x7f0000000000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000da2000)}, 0x0) 2018/04/07 02:14:21 executing program 3: writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f00008c2ef5)="290000002000190001063524e02200ff020000168000e718f20000040d000f00000000f20d00088f1f", 0x29}], 0x1) 2018/04/07 02:14:21 executing program 6: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'aead\x00', 0x0, 0x0, 'echainiv(ccm(camellia))\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab27191a01002356ba602dff05000b", 0x10) recvmsg(r1, &(0x7f0000000480)={&(0x7f0000000040)=@nfc_llcp, 0x1e, &(0x7f0000b9c000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000da2000)}, 0x0) 2018/04/07 02:14:21 executing program 7: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) mkdir(&(0x7f0000000280)="131377c5fc35d41454d5d41d29ad1a6029598146e6be166e41ad0dbd4054033c9f33bbda8224a2f3d772e7636e48b33cbf708372e8f1b9933ec5127743be2206209ef02df9cbf2f6e880d3382f", 0x0) rename(&(0x7f0000000500)="131377c5fc35d41454d5d41d29ad1a6029598146e6be166e41ad0dbd4054033c9f33bbda8224a2f3d772e7636e48b33cbf708372e8f1b9933ec5127743be2206209ef02df9cbf2f6e880d3382f00", &(0x7f0000000240)='./control\x00') 2018/04/07 02:14:21 executing program 0: mkdir(&(0x7f0000771000)='./file0\x00', 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000faffe7)=@known='security.capability\x00', &(0x7f00002b2fec)="0000000201000000000000010400000000000000", 0x14, 0x0) getxattr(&(0x7f0000fb6000)='./file0\x00', &(0x7f00000003c0)=@known="73656375726974792e6361706162696c69747900c9bd3012983e02155960196a2a84585f19c1c826172982a8de1ccc06000000ffc9715cef22cee4c673d4388d5e56040000000000000040e4c9ee649a371208309ca436bf919fd9636bfa255ff4b30008f88ecc9c2d812171c401624f0c142fc54f65f49239f27686b37d489e925da19bf31e30eccd92237957661ce8a1568418e6d3d428174f89a11cc821fbf64122a36f6b411c", &(0x7f0000ca5000)=""/140, 0x8c) 2018/04/07 02:14:21 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) mkdir(&(0x7f0000000280)="131377c5fc35d41454d5d41d29ad1a6029598146e6be166e41ad0dbd4054033c9f33bbda8224a2f3d772e7636e48b33cbf708372e8f1b9933ec5127743be2206209ef02df9cbf2f6e880d3382f", 0x0) rename(&(0x7f0000000500)="131377c5fc35d41454d5d41d29ad1a6029598146e6be166e41ad0dbd4054033c9f33bbda8224a2f3d772e7636e48b33cbf708372e8f1b9933ec5127743be2206209ef02df9cbf2f6e880d3382f00", &(0x7f0000000240)='./control\x00') 2018/04/07 02:14:21 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f00008c2ef5)="290000002000190001063524e02200ff020000168000e718f20000040d000f00000000f20d00088f1f", 0x29}], 0x1) 2018/04/07 02:14:21 executing program 6: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'aead\x00', 0x0, 0x0, 'echainiv(ccm(camellia))\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_aout(r1, &(0x7f00000005c0)={{0x107}, "974cbae26805d013dcee7776e178c959d24933ceacca65df4264f039d26e3c88"}, 0x40) recvmsg(r1, &(0x7f0000000480)={&(0x7f0000000040)=@nfc_llcp, 0x1e, &(0x7f0000b9c000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000da2000)}, 0x0) 2018/04/07 02:14:21 executing program 4: perf_event_open(&(0x7f0000bba000)={0x0, 0x78, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r0, 0x0, 0x16, &(0x7f0000002000), 0x8a) r1 = socket$inet6(0xa, 0x400000000001, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x17, &(0x7f000074fffc)=0x7, 0x4) r2 = dup(r1) ioctl$int_in(r1, 0x5421, &(0x7f0000000000)=0xfc) bind$inet6(r1, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) setsockopt$sock_int(r2, 0x1, 0x7, &(0x7f0000000040)=0x215, 0x4) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendto(r2, &(0x7f0000000740)="dad2b9ebce8d54bb5424f1876c354cc3456b3e031e52796fb31bfd686a0aff718d1692839800e063eacc271a3b6d709e1d75d81b71dbbd6dcc8611a5606e0750cc94d8b346c10cf43a4d", 0x4a, 0x880, 0x0, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, &(0x7f0000d83ff8), 0x8000fffffffe) 2018/04/07 02:14:21 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x30, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}}, 0x108) 2018/04/07 02:14:21 executing program 7: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) mkdir(&(0x7f0000000280)="131377c5fc35d41454d5d41d29ad1a6029598146e6be166e41ad0dbd4054033c9f33bbda8224a2f3d772e7636e48b33cbf708372e8f1b9933ec5127743be2206209ef02df9cbf2f6e880d3382f", 0x0) rename(&(0x7f0000000500)="131377c5fc35d41454d5d41d29ad1a6029598146e6be166e41ad0dbd4054033c9f33bbda8224a2f3d772e7636e48b33cbf708372e8f1b9933ec5127743be2206209ef02df9cbf2f6e880d3382f00", &(0x7f0000000240)='./control\x00') 2018/04/07 02:14:21 executing program 2: perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f00000002c0)={0x0, @in={{0x2, 0x0, @multicast2=0xe0000002}}, [0x0, 0x0, 0x0, 0xff]}, &(0x7f00000001c0)=0x100) bind$inet(0xffffffffffffffff, &(0x7f0000dedff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) r0 = gettid() r1 = syz_open_procfs(r0, &(0x7f00008a1ff7)='loginuid\x00') sendfile(r1, r1, &(0x7f0000000140), 0xc) 2018/04/07 02:14:21 executing program 0: mkdir(&(0x7f0000771000)='./file0\x00', 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000faffe7)=@known='security.capability\x00', &(0x7f00002b2fec)="0000000201000000000000010400000000000000", 0x14, 0x0) getxattr(&(0x7f0000fb6000)='./file0\x00', &(0x7f00000003c0)=@known="73656375726974792e6361706162696c69747900c9bd3012983e02155960196a2a84585f19c1c826172982a8de1ccc06000000ffc9715cef22cee4c673d4388d5e56040000000000000040e4c9ee649a371208309ca436bf919fd9636bfa255ff4b30008f88ecc9c2d812171c401624f0c142fc54f65f49239f27686b37d489e925da19bf31e30eccd92237957661ce8a1568418e6d3d428174f89a11cc821fbf64122a36f6b411c", &(0x7f0000ca5000)=""/140, 0x8c) 2018/04/07 02:14:21 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(twofish)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab27191a01002356ba602dff05000b", 0x10) recvmsg(r1, &(0x7f0000158000)={&(0x7f00002fffa0)=@nfc_llcp, 0x5c, &(0x7f0000000000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000da2000)}, 0x0) 2018/04/07 02:14:21 executing program 6: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'aead\x00', 0x0, 0x0, 'echainiv(ccm(camellia))\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_aout(r1, &(0x7f00000005c0)={{0x107}, "974cbae26805d013dcee7776e178c959d24933ceacca65df4264f039d26e3c88"}, 0x40) recvmsg(r1, &(0x7f0000000480)={&(0x7f0000000040)=@nfc_llcp, 0x1e, &(0x7f0000b9c000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000da2000)}, 0x0) 2018/04/07 02:14:21 executing program 4: perf_event_open(&(0x7f0000bba000)={0x0, 0x78, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r0, 0x0, 0x16, &(0x7f0000002000), 0x8a) r1 = socket$inet6(0xa, 0x400000000001, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x17, &(0x7f000074fffc)=0x7, 0x4) r2 = dup(r1) ioctl$int_in(r1, 0x5421, &(0x7f0000000000)=0xfc) bind$inet6(r1, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) setsockopt$sock_int(r2, 0x1, 0x7, &(0x7f0000000040)=0x215, 0x4) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendto(r2, &(0x7f0000000740)="dad2b9ebce8d54bb5424f1876c354cc3456b3e031e52796fb31bfd686a0aff718d1692839800e063eacc271a3b6d709e1d75d81b71dbbd6dcc8611a5606e0750cc94d8b346c10cf43a4d", 0x4a, 0x880, 0x0, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, &(0x7f0000d83ff8), 0x8000fffffffe) 2018/04/07 02:14:21 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000000), 0x0) [ 62.939584] ================================================================== [ 62.946990] BUG: KMSAN: uninit-value in kernel_text_address+0x248/0x3a0 [ 62.953736] CPU: 1 PID: 5373 Comm: syz-executor2 Not tainted 4.16.0+ #81 [ 62.960565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.969905] Call Trace: [ 62.972492] dump_stack+0x185/0x1d0 [ 62.976122] ? kernel_text_address+0x248/0x3a0 [ 62.980699] kmsan_report+0x142/0x240 [ 62.984494] __msan_warning_32+0x6c/0xb0 [ 62.988559] kernel_text_address+0x248/0x3a0 [ 62.992961] ? kmsan_memcpy_origins+0x11d/0x170 [ 62.997630] ? kmsan_memcpy_origins+0x11d/0x170 [ 63.002301] __kernel_text_address+0x34/0xe0 [ 63.006705] ? kmsan_memcpy_origins+0x11d/0x170 [ 63.011373] unwind_get_return_address+0x8c/0x130 [ 63.016215] __save_stack_trace+0x45c/0xa80 [ 63.020536] ? kmsan_memcpy_origins+0x11d/0x170 [ 63.025207] ? kmsan_internal_chain_origin+0x12b/0x210 [ 63.030489] save_stack_trace+0xa5/0xf0 [ 63.034462] kmsan_internal_chain_origin+0x12b/0x210 2018/04/07 02:14:22 executing program 4: perf_event_open(&(0x7f0000bba000)={0x0, 0x78, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r0, 0x0, 0x16, &(0x7f0000002000), 0x8a) r1 = socket$inet6(0xa, 0x400000000001, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x17, &(0x7f000074fffc)=0x7, 0x4) r2 = dup(r1) ioctl$int_in(r1, 0x5421, &(0x7f0000000000)=0xfc) bind$inet6(r1, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) setsockopt$sock_int(r2, 0x1, 0x7, &(0x7f0000000040)=0x215, 0x4) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendto(r2, &(0x7f0000000740)="dad2b9ebce8d54bb5424f1876c354cc3456b3e031e52796fb31bfd686a0aff718d1692839800e063eacc271a3b6d709e1d75d81b71dbbd6dcc8611a5606e0750cc94d8b346c10cf43a4d", 0x4a, 0x880, 0x0, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, &(0x7f0000d83ff8), 0x8000fffffffe) 2018/04/07 02:14:22 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(twofish)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab27191a01002356ba602dff05000b", 0x10) recvmsg(r1, &(0x7f0000158000)={&(0x7f00002fffa0)=@nfc_llcp, 0x5c, &(0x7f0000000000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000da2000)}, 0x0) 2018/04/07 02:14:22 executing program 7: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) mkdir(&(0x7f0000000280)="131377c5fc35d41454d5d41d29ad1a6029598146e6be166e41ad0dbd4054033c9f33bbda8224a2f3d772e7636e48b33cbf708372e8f1b9933ec5127743be2206209ef02df9cbf2f6e880d3382f", 0x0) rename(&(0x7f0000000500)="131377c5fc35d41454d5d41d29ad1a6029598146e6be166e41ad0dbd4054033c9f33bbda8224a2f3d772e7636e48b33cbf708372e8f1b9933ec5127743be2206209ef02df9cbf2f6e880d3382f00", &(0x7f0000000240)='./control\x00') [ 63.039562] ? kmsan_internal_chain_origin+0x12b/0x210 [ 63.044848] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 63.050292] ? vsnprintf+0x32cf/0x33c0 [ 63.054181] ? scnprintf+0x222/0x2b0 [ 63.057898] kmsan_memcpy_origins+0x11d/0x170 [ 63.062392] kmsan_copy_to_user+0x132/0x160 [ 63.066720] simple_read_from_buffer+0x24d/0x3d0 [ 63.071479] proc_loginuid_read+0x34f/0x410 [ 63.075802] do_iter_read+0x880/0xd70 [ 63.079608] ? oom_score_adj_write+0x440/0x440 [ 63.084188] vfs_readv+0x1ec/0x260 [ 63.087737] default_file_splice_read+0xa9a/0x1120 [ 63.092678] ? security_file_permission+0x473/0x4b0 [ 63.097698] ? rw_verify_area+0x35e/0x580 [ 63.101848] ? SYSC_tee+0x13d0/0x13d0 [ 63.105657] splice_direct_to_actor+0x4c6/0x1040 [ 63.110410] ? do_splice_direct+0x540/0x540 [ 63.114733] ? security_file_permission+0x28f/0x4b0 [ 63.119750] ? rw_verify_area+0x35e/0x580 [ 63.123902] do_splice_direct+0x335/0x540 [ 63.128053] do_sendfile+0x1067/0x1e40 [ 63.131950] SYSC_sendfile64+0x1b3/0x300 [ 63.136016] SyS_sendfile64+0x64/0x90 [ 63.139816] do_syscall_64+0x309/0x430 [ 63.143702] ? SYSC_sendfile+0x320/0x320 [ 63.147762] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 63.152941] RIP: 0033:0x455259 [ 63.156126] RSP: 002b:00007f8dcbee3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 63.163829] RAX: ffffffffffffffda RBX: 00007f8dcbee46d4 RCX: 0000000000455259 [ 63.171095] RDX: 0000000020000140 RSI: 0000000000000014 RDI: 0000000000000014 [ 63.178354] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 63.185613] R10: 000000000000000c R11: 0000000000000246 R12: 00000000ffffffff [ 63.192882] R13: 00000000000004c6 R14: 00000000006fa330 R15: 0000000000000000 [ 63.200146] [ 63.201763] Uninit was stored to memory at: [ 63.206081] kmsan_internal_chain_origin+0x12b/0x210 [ 63.211177] __msan_chain_origin+0x69/0xc0 [ 63.215412] update_stack_state+0x959/0xa40 [ 63.219733] unwind_next_frame+0x618/0xe50 [ 63.223968] __save_stack_trace+0x6d9/0xa80 [ 63.228293] save_stack_trace+0xa5/0xf0 [ 63.232267] kmsan_internal_chain_origin+0x12b/0x210 [ 63.237369] kmsan_memcpy_origins+0x11d/0x170 [ 63.241859] kmsan_copy_to_user+0x132/0x160 [ 63.246185] simple_read_from_buffer+0x24d/0x3d0 [ 63.250941] proc_loginuid_read+0x34f/0x410 [ 63.255260] do_iter_read+0x880/0xd70 [ 63.259060] vfs_readv+0x1ec/0x260 [ 63.262606] default_file_splice_read+0xa9a/0x1120 [ 63.267535] splice_direct_to_actor+0x4c6/0x1040 [ 63.272291] do_splice_direct+0x335/0x540 [ 63.276433] do_sendfile+0x1067/0x1e40 [ 63.280319] SYSC_sendfile64+0x1b3/0x300 [ 63.284375] SyS_sendfile64+0x64/0x90 [ 63.288168] do_syscall_64+0x309/0x430 [ 63.292057] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 63.297237] Local variable description: ----switch_event.i@__perf_event_task_sched_in [ 63.305191] Variable was created at: [ 63.308921] __perf_event_task_sched_in+0x67/0xa40 [ 63.313848] perf_event_task_sched_in+0x257/0x2b0 [ 63.318682] ================================================================== [ 63.326027] Disabling lock debugging due to kernel taint [ 63.331455] Kernel panic - not syncing: panic_on_warn set ... [ 63.331455] [ 63.338790] CPU: 1 PID: 5373 Comm: syz-executor2 Tainted: G B 4.16.0+ #81 [ 63.346899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.356224] Call Trace: [ 63.358788] dump_stack+0x185/0x1d0 [ 63.362389] panic+0x39d/0x940 [ 63.365572] ? kernel_text_address+0x248/0x3a0 [ 63.370124] kmsan_report+0x238/0x240 [ 63.373899] __msan_warning_32+0x6c/0xb0 [ 63.377933] kernel_text_address+0x248/0x3a0 [ 63.382316] ? kmsan_memcpy_origins+0x11d/0x170 [ 63.386959] ? kmsan_memcpy_origins+0x11d/0x170 [ 63.391604] __kernel_text_address+0x34/0xe0 [ 63.395985] ? kmsan_memcpy_origins+0x11d/0x170 [ 63.400631] unwind_get_return_address+0x8c/0x130 [ 63.405449] __save_stack_trace+0x45c/0xa80 [ 63.409746] ? kmsan_memcpy_origins+0x11d/0x170 [ 63.414390] ? kmsan_internal_chain_origin+0x12b/0x210 [ 63.419643] save_stack_trace+0xa5/0xf0 [ 63.423593] kmsan_internal_chain_origin+0x12b/0x210 [ 63.428671] ? kmsan_internal_chain_origin+0x12b/0x210 [ 63.433921] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 63.439350] ? vsnprintf+0x32cf/0x33c0 [ 63.443215] ? scnprintf+0x222/0x2b0 [ 63.446904] kmsan_memcpy_origins+0x11d/0x170 [ 63.451376] kmsan_copy_to_user+0x132/0x160 [ 63.455677] simple_read_from_buffer+0x24d/0x3d0 [ 63.460412] proc_loginuid_read+0x34f/0x410 [ 63.464718] do_iter_read+0x880/0xd70 [ 63.468509] ? oom_score_adj_write+0x440/0x440 [ 63.473070] vfs_readv+0x1ec/0x260 [ 63.476593] default_file_splice_read+0xa9a/0x1120 [ 63.481506] ? security_file_permission+0x473/0x4b0 [ 63.486499] ? rw_verify_area+0x35e/0x580 [ 63.490621] ? SYSC_tee+0x13d0/0x13d0 [ 63.494397] splice_direct_to_actor+0x4c6/0x1040 [ 63.499126] ? do_splice_direct+0x540/0x540 [ 63.503423] ? security_file_permission+0x28f/0x4b0 [ 63.508413] ? rw_verify_area+0x35e/0x580 [ 63.512536] do_splice_direct+0x335/0x540 [ 63.516661] do_sendfile+0x1067/0x1e40 [ 63.520529] SYSC_sendfile64+0x1b3/0x300 [ 63.524568] SyS_sendfile64+0x64/0x90 [ 63.528342] do_syscall_64+0x309/0x430 [ 63.532205] ? SYSC_sendfile+0x320/0x320 [ 63.536245] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 63.541406] RIP: 0033:0x455259 [ 63.544567] RSP: 002b:00007f8dcbee3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 63.552247] RAX: ffffffffffffffda RBX: 00007f8dcbee46d4 RCX: 0000000000455259 [ 63.559489] RDX: 0000000020000140 RSI: 0000000000000014 RDI: 0000000000000014 [ 63.566731] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 63.573974] R10: 000000000000000c R11: 0000000000000246 R12: 00000000ffffffff [ 63.581215] R13: 00000000000004c6 R14: 00000000006fa330 R15: 0000000000000000 [ 63.588914] Dumping ftrace buffer: [ 63.592427] (ftrace buffer empty) [ 63.596106] Kernel Offset: disabled [ 63.599702] Rebooting in 86400 seconds..