[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 21.325627] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 24.659465] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available) [ 25.163506] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available) [ 26.310912] random: sshd: uninitialized urandom read (32 bytes read, 124 bits of entropy available) [ 30.332882] random: nonblocking pool is initialized Warning: Permanently added '10.128.0.36' (ECDSA) to the list of known hosts. 2018/02/26 09:38:10 fuzzer started 2018/02/26 09:38:11 dialing manager at 10.128.0.26:33791 2018/02/26 09:38:15 kcov=true, comps=false 2018/02/26 09:38:16 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000ff7000)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000552000)={{0x80}, 'port0\x00'}) 2018/02/26 09:38:16 executing program 1: r0 = socket$inet(0x2, 0x4000000000000002, 0x0) shutdown(r0, 0x0) recvmsg(r0, &(0x7f000011c000)={&(0x7f0000730000)=@pppol2tpv3in6={0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, @local}}}, 0x3a, &(0x7f0000d76000)=[], 0x0, &(0x7f0000bac000)=""/72, 0x48}, 0x0) 2018/02/26 09:38:16 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000004ffb)='task\x00') getdents64(r0, &(0x7f0000003000)=""/48, 0x30) getdents(r0, &(0x7f0000002000)=""/34, 0x22) getdents64(r0, &(0x7f000092bf88)=""/120, 0x78) 2018/02/26 09:38:16 executing program 7: timer_create(0x0, &(0x7f0000cd0000)={0x0, 0x12, 0x0, @thr={&(0x7f0000aadf29), &(0x7f000036dfa1)}}, &(0x7f0000044000)) unshare(0x28060400) exit(0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) r0 = gettid() tkill(r0, 0x16) 2018/02/26 09:38:16 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x237000)=nil, 0x237000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000240)={0x0, 0x0, 0x0, {0x77359400}}) 2018/02/26 09:38:16 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000bc1ff8)={0x0, 0x0}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000023000)={@syzn={0x73, 0x79, 0x7a, 0x0}, 0x0}) sendmsg$nl_route(r1, &(0x7f000001bfc8)={&(0x7f0000016000)={0x10}, 0xc, &(0x7f000001f000)={&(0x7f0000022000)=@delneigh={0x24, 0x1d, 0x513, 0xffffffffffffffff, 0xffffffffffffffff, {0x2, 0x0, 0x0, r2}, [@NDA_DST_IPV4={0x8, 0x1, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}}]}, 0x24}, 0x1}, 0x0) 2018/02/26 09:38:16 executing program 3: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000001000)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001000)={{&(0x7f0000011000/0x1000)=nil, 0x1000}, 0x1}) r1 = creat(&(0x7f0000001ff8)='./file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) rename(&(0x7f000061eff8)='./file0\x00', &(0x7f0000a97ff8)='./file2\x00') rename(&(0x7f00007baff8)='./file2\x00', &(0x7f00001f4ff8)='./file2\x00') ioctl$UFFDIO_ZEROPAGE(r0, 0x8010aa02, &(0x7f0000001ff0)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/02/26 09:38:16 executing program 6: socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000ff0)=[{0x30, 0x0, 0x0, 0x4f42}, {0x80000006}]}, 0x10) sendto(r0, &(0x7f000002af28), 0xfd09, 0x0, 0x0, 0x0) [ 37.580171] IPVS: Creating netns size=2552 id=1 [ 37.640487] IPVS: Creating netns size=2552 id=2 [ 37.692535] IPVS: Creating netns size=2552 id=3 [ 37.768919] IPVS: Creating netns size=2552 id=4 [ 37.834901] IPVS: Creating netns size=2552 id=5 [ 37.937709] IPVS: Creating netns size=2552 id=6 [ 38.058288] IPVS: Creating netns size=2552 id=7 [ 38.193165] IPVS: Creating netns size=2552 id=8 2018/02/26 09:38:21 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000ff7000)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000552000)={{0x80}, 'port0\x00'}) 2018/02/26 09:38:21 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) connect$inet(r0, &(0x7f0000d37ff0)={0x2, 0x0, @loopback=0x7f000001}, 0x10) sendto$inet(r0, &(0x7f0000a83fc7)="03", 0x1, 0x100000004043, &(0x7f0000ee6000)={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}}, 0x10) poll(&(0x7f0000febfe8)=[{r0}], 0x1, 0x0) 2018/02/26 09:38:21 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000bc1ff8)={0x0, 0x0}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000023000)={@syzn={0x73, 0x79, 0x7a, 0x0}, 0x0}) sendmsg$nl_route(r1, &(0x7f000001bfc8)={&(0x7f0000016000)={0x10}, 0xc, &(0x7f000001f000)={&(0x7f0000022000)=@delneigh={0x24, 0x1d, 0x513, 0xffffffffffffffff, 0xffffffffffffffff, {0x2, 0x0, 0x0, r2}, [@NDA_DST_IPV4={0x8, 0x1, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}}]}, 0x24}, 0x1}, 0x0) 2018/02/26 09:38:21 executing program 2: r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000140)="240000002a00070012efffffe54afffffffeffff0100000001000000000014f1000008a4", 0x24) 2018/02/26 09:38:21 executing program 4: r0 = add_key$keyring(&(0x7f00008c4000)='keyring\x00', &(0x7f0000361000)={0x73, 0x79, 0x7a}, 0x0, 0x0, 0x0) add_key$user(&(0x7f0000625ffb)='user\x00', &(0x7f00003f1ffb)={0x73, 0x79, 0x7a}, &(0x7f0000754000)="fa", 0x1, r0) keyctl$clear(0x7, r0) 2018/02/26 09:38:21 executing program 3: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000001000)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001000)={{&(0x7f0000011000/0x1000)=nil, 0x1000}, 0x1}) r1 = creat(&(0x7f0000001ff8)='./file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) rename(&(0x7f000061eff8)='./file0\x00', &(0x7f0000a97ff8)='./file2\x00') rename(&(0x7f00007baff8)='./file2\x00', &(0x7f00001f4ff8)='./file2\x00') ioctl$UFFDIO_ZEROPAGE(r0, 0x8010aa02, &(0x7f0000001ff0)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/02/26 09:38:21 executing program 7: timer_create(0x0, &(0x7f0000cd0000)={0x0, 0x12, 0x0, @thr={&(0x7f0000aadf29), &(0x7f000036dfa1)}}, &(0x7f0000044000)) unshare(0x28060400) exit(0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) r0 = gettid() tkill(r0, 0x16) 2018/02/26 09:38:21 executing program 6: socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000ff0)=[{0x30, 0x0, 0x0, 0x4f42}, {0x80000006}]}, 0x10) sendto(r0, &(0x7f000002af28), 0xfd09, 0x0, 0x0, 0x0) 2018/02/26 09:38:21 executing program 6: socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000ff0)=[{0x30, 0x0, 0x0, 0x4f42}, {0x80000006}]}, 0x10) sendto(r0, &(0x7f000002af28), 0xfd09, 0x0, 0x0, 0x0) 2018/02/26 09:38:21 executing program 2: r0 = syz_open_dev$tun(&(0x7f00006f2ff3)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000bc2000)=0x102) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000533000)={@generic="020000000400000000040080000abd22", @ifru_settings={0x10001, 0x0, @raw_hdlc=&(0x7f00008a6ffc)}}) r1 = syz_open_dev$tun(&(0x7f00003cd000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFINDEX(r1, 0x400454da, &(0x7f000053b000)=0x8000) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000711fd8)={@generic="9438a7c080c5008f3852c862b540c308", @ifru_map={0x294e}}) r2 = socket(0x10, 0x802, 0x0) sendto(r2, &(0x7f0000d0efee)="120000001200e7ff0a001c0000000000809b", 0x12, 0x0, 0x0, 0x0) 2018/02/26 09:38:21 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000ff7000)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000552000)={{0x80}, 'port0\x00'}) 2018/02/26 09:38:21 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000bc1ff8)={0x0, 0x0}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000023000)={@syzn={0x73, 0x79, 0x7a, 0x0}, 0x0}) sendmsg$nl_route(r1, &(0x7f000001bfc8)={&(0x7f0000016000)={0x10}, 0xc, &(0x7f000001f000)={&(0x7f0000022000)=@delneigh={0x24, 0x1d, 0x513, 0xffffffffffffffff, 0xffffffffffffffff, {0x2, 0x0, 0x0, r2}, [@NDA_DST_IPV4={0x8, 0x1, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}}]}, 0x24}, 0x1}, 0x0) 2018/02/26 09:38:21 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000007c0)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000780)={&(0x7f0000000180)=@newsa={0x13c, 0x10, 0x201, 0xffffffffffffffff, 0xffffffffffffffff, {{@in6=@remote={0xfe, 0x80, [], 0xffffffffffffffff, 0xbb}, @in=@multicast2=0xe0000002}, {@in6=@local={0xfe, 0x80, [], 0xffffffffffffffff, 0xaa}, 0xffffffffffffffff, 0x33}, @in6=@loopback={0x0, 0x1}, {}, {}, {}, 0xffffffffffffffff, 0xffffffffffffffff, 0x2}, [@algo_aead={0x4c, 0x12, {{'authencesn(wp384,kw(khazad))\x00'}}}]}, 0x13c}, 0x1}, 0x0) 2018/02/26 09:38:21 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r0, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000), 0x4) 2018/02/26 09:38:21 executing program 6: socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000ff0)=[{0x30, 0x0, 0x0, 0x4f42}, {0x80000006}]}, 0x10) sendto(r0, &(0x7f000002af28), 0xfd09, 0x0, 0x0, 0x0) 2018/02/26 09:38:21 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000ff7000)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000552000)={{0x80}, 'port0\x00'}) 2018/02/26 09:38:21 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000bc1ff8)={0x0, 0x0}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000023000)={@syzn={0x73, 0x79, 0x7a, 0x0}, 0x0}) sendmsg$nl_route(r1, &(0x7f000001bfc8)={&(0x7f0000016000)={0x10}, 0xc, &(0x7f000001f000)={&(0x7f0000022000)=@delneigh={0x24, 0x1d, 0x513, 0xffffffffffffffff, 0xffffffffffffffff, {0x2, 0x0, 0x0, r2}, [@NDA_DST_IPV4={0x8, 0x1, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}}]}, 0x24}, 0x1}, 0x0) 2018/02/26 09:38:21 executing program 7: timer_create(0x0, &(0x7f0000cd0000)={0x0, 0x12, 0x0, @thr={&(0x7f0000aadf29), &(0x7f000036dfa1)}}, &(0x7f0000044000)) unshare(0x28060400) exit(0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) r0 = gettid() tkill(r0, 0x16) 2018/02/26 09:38:21 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000007c0)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000780)={&(0x7f0000000180)=@newsa={0x13c, 0x10, 0x201, 0xffffffffffffffff, 0xffffffffffffffff, {{@in6=@remote={0xfe, 0x80, [], 0xffffffffffffffff, 0xbb}, @in=@multicast2=0xe0000002}, {@in6=@local={0xfe, 0x80, [], 0xffffffffffffffff, 0xaa}, 0xffffffffffffffff, 0x33}, @in6=@loopback={0x0, 0x1}, {}, {}, {}, 0xffffffffffffffff, 0xffffffffffffffff, 0x2}, [@algo_aead={0x4c, 0x12, {{'authencesn(wp384,kw(khazad))\x00'}}}]}, 0x13c}, 0x1}, 0x0) 2018/02/26 09:38:21 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000a5effc)={0x0, 0xfffffffffffffffc}, 0x4) 2018/02/26 09:38:21 executing program 2: mmap(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x3, 0x8972, 0xffffffffffffffff, 0x0) mlock2(&(0x7f0000a93000/0x2000)=nil, 0x2000, 0x1) mremap(&(0x7f0000a93000/0x1000)=nil, 0x1000, 0xe000, 0x3, &(0x7f0000b18000/0xe000)=nil) ioctl$DRM_IOCTL_RM_MAP(0xffffffffffffffff, 0x4028641b, &(0x7f0000b1d000)={&(0x7f0000a93000/0x3000)=nil, 0x0, 0x0, 0x0, &(0x7f0000b24000/0x2000)=nil}) clone(0x0, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000ce4000), &(0x7f0000000000)) mmap(&(0x7f0000000000/0xfea000)=nil, 0xfea000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 2018/02/26 09:38:21 executing program 3: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000001000)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001000)={{&(0x7f0000011000/0x1000)=nil, 0x1000}, 0x1}) r1 = creat(&(0x7f0000001ff8)='./file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) rename(&(0x7f000061eff8)='./file0\x00', &(0x7f0000a97ff8)='./file2\x00') rename(&(0x7f00007baff8)='./file2\x00', &(0x7f00001f4ff8)='./file2\x00') ioctl$UFFDIO_ZEROPAGE(r0, 0x8010aa02, &(0x7f0000001ff0)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/02/26 09:38:21 executing program 5: mq_open(&(0x7f0000000000)='\x00', 0x0, 0x0, &(0x7f0000000040)={0x0, 0x400}) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x1, 0x0) writev(r0, &(0x7f0000000040)=[], 0x100000000000034e) 2018/02/26 09:38:22 executing program 2: setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100}, 0x10) r0 = socket(0x11, 0x4000000000080002, 0x0) setsockopt(r0, 0x107, 0xd, &(0x7f0000001000), 0x47e) 2018/02/26 09:38:22 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000007c0)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000780)={&(0x7f0000000180)=@newsa={0x13c, 0x10, 0x201, 0xffffffffffffffff, 0xffffffffffffffff, {{@in6=@remote={0xfe, 0x80, [], 0xffffffffffffffff, 0xbb}, @in=@multicast2=0xe0000002}, {@in6=@local={0xfe, 0x80, [], 0xffffffffffffffff, 0xaa}, 0xffffffffffffffff, 0x33}, @in6=@loopback={0x0, 0x1}, {}, {}, {}, 0xffffffffffffffff, 0xffffffffffffffff, 0x2}, [@algo_aead={0x4c, 0x12, {{'authencesn(wp384,kw(khazad))\x00'}}}]}, 0x13c}, 0x1}, 0x0) 2018/02/26 09:38:22 executing program 6: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "c04dbbd33cf6755a26ec84467b81d22c49abd191f617b9facadefcb8ac91e08e8da15ecc2bafcc1b6d0e706d166efbc4e649a21cef163c85db76eb501984b982", "f9e77fc60fbb844536ba8961b228996213778f61f6401fb0853d7ee2a51bee6102c1f23cb97159b83e6c0ec86461986d5851abecf701e064a2fc07b094bbec10", "61607b45801278652f138c6cafdb1322f09eeca4bdbe2ecf6e85f1dc223c8877"}) 2018/02/26 09:38:22 executing program 5: pipe(&(0x7f000090cff8)={0xffffffffffffffff, 0xffffffffffffffff}) flock(r1, 0x2) flock(r0, 0x10000000005) 2018/02/26 09:38:22 executing program 0: clock_getres(0xfffffffffffffffa, &(0x7f000029aff8)) 2018/02/26 09:38:22 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000007c0)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000780)={&(0x7f0000000180)=@newsa={0x13c, 0x10, 0x201, 0xffffffffffffffff, 0xffffffffffffffff, {{@in6=@remote={0xfe, 0x80, [], 0xffffffffffffffff, 0xbb}, @in=@multicast2=0xe0000002}, {@in6=@local={0xfe, 0x80, [], 0xffffffffffffffff, 0xaa}, 0xffffffffffffffff, 0x33}, @in6=@loopback={0x0, 0x1}, {}, {}, {}, 0xffffffffffffffff, 0xffffffffffffffff, 0x2}, [@algo_aead={0x4c, 0x12, {{'authencesn(wp384,kw(khazad))\x00'}}}]}, 0x13c}, 0x1}, 0x0) 2018/02/26 09:38:22 executing program 0: r0 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/mls\x00', 0x0, 0x0) pread64(r0, &(0x7f0000002000)=""/183, 0xb7, 0x0) 2018/02/26 09:38:22 executing program 5: r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f000000bfc8)={&(0x7f0000000000)=@nl=@proc={0x10}, 0xc, &(0x7f0000009000)=[{&(0x7f0000008000)="5500000010007ff404000000000040930206000000a843096c2623692500080021000c000000ca8a9848a3c728f1c46b7b31afdc1338d54400009b84136ef75afb83de448daa7227c43ab8220000bf0cec6bab91d4", 0x55}], 0x1, &(0x7f0000004000)=[]}, 0x0) 2018/02/26 09:38:22 executing program 7: timer_create(0x0, &(0x7f0000cd0000)={0x0, 0x12, 0x0, @thr={&(0x7f0000aadf29), &(0x7f000036dfa1)}}, &(0x7f0000044000)) unshare(0x28060400) exit(0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) r0 = gettid() tkill(r0, 0x16) 2018/02/26 09:38:22 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_buf(r0, 0x0, 0x2000000000480, &(0x7f0000059fe8)=""/24, &(0x7f0000c5dffc)=0x1081d) 2018/02/26 09:38:22 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000961000)='/dev/sg#\x00', 0x0, 0x0) ioctl$TCSBRKP(r0, 0x2286, 0xfffffffffffffffe) 2018/02/26 09:38:22 executing program 2: capset(&(0x7f00001e8ff8)={0x19980330}, &(0x7f00003fd000)) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) chroot(&(0x7f0000be2ff8)='./file0\x00') 2018/02/26 09:38:22 executing program 3: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000001000)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001000)={{&(0x7f0000011000/0x1000)=nil, 0x1000}, 0x1}) r1 = creat(&(0x7f0000001ff8)='./file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) rename(&(0x7f000061eff8)='./file0\x00', &(0x7f0000a97ff8)='./file2\x00') rename(&(0x7f00007baff8)='./file2\x00', &(0x7f00001f4ff8)='./file2\x00') ioctl$UFFDIO_ZEROPAGE(r0, 0x8010aa02, &(0x7f0000001ff0)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/02/26 09:38:22 executing program 0: r0 = socket(0xa, 0x802, 0x0) ioctl(r0, 0x8b35, &(0x7f00000e6000)) 2018/02/26 09:38:22 executing program 1: mmap(&(0x7f0000000000/0xd99000)=nil, 0xd99000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_buf(r0, 0x0, 0x30, &(0x7f0000d99f65)=""/155, &(0x7f0000a92ffc)=0x9b) 2018/02/26 09:38:22 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) recvfrom$inet(r1, &(0x7f0000559000)=""/166, 0xa6, 0x0, &(0x7f0000595ff0)={0x2, 0xffffffffffffffff, @empty}, 0x10) sendmsg$key(r0, &(0x7f000010bfc8)={0x0, 0x0, &(0x7f0000a8fff0)={&(0x7f0000e16000)={0x2, 0xb, 0x0, 0x1, 0x2, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, []}, 0x10}, 0x1}, 0x0) 2018/02/26 09:38:22 executing program 5: futex(&(0x7f0000004000), 0x4000000400000085, 0x0, &(0x7f00003a7ff0), &(0x7f0000000ffc), 0x20001fc) 2018/02/26 09:38:22 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000788ffc)=0xfffffffe, 0x4) sendto$inet(r0, &(0x7f0000a6efff), 0x0, 0x20020003, &(0x7f0000385ff0)={0x2, 0xffffffffffffffff, @loopback=0x7f000001}, 0x10) sendmmsg(r0, &(0x7f0000006b80)=[{{&(0x7f0000002f80)=@vsock={0x28, 0x0, 0x0, @my}, 0x10, &(0x7f0000003180)=[], 0x0, &(0x7f00000031c0)=[]}}, {{&(0x7f0000003480)=@vsock={0x28, 0x0, 0x0, @any=0xffffffff}, 0x10, &(0x7f0000005780)=[], 0x8d, &(0x7f0000005800)=[{0x10, 0x18d}], 0x10}}], 0x2, 0x0) 2018/02/26 09:38:22 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet6_MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, &(0x7f0000001000)={{0xa, 0xffffffffffffffff, 0x0, @empty}, {0xa, 0xffffffffffffffff, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff, 0xbb}}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}, 0x5c) setsockopt$inet_int(r0, 0x0, 0x40, &(0x7f0000000ffc), 0x4) 2018/02/26 09:38:22 executing program 2: r0 = syz_open_dev$sndseq(&(0x7f000004f000)='/dev/snd/seq\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x237000)=nil, 0x237000, 0xfffffffffffffffd, 0x32, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000210000)) 2018/02/26 09:38:22 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000c93000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000002000)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f0000008000)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x14, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}, @enter_looper={0x630c}], 0x1, 0x0, &(0x7f0000008f37)="c2"}) [ 43.078602] capability: warning: `syz-executor2' uses 32-bit capabilities (legacy support in use) [ 43.086923] netlink: 17 bytes leftover after parsing attributes in process `syz-executor5'. [ 43.140163] audit: type=1400 audit(1519637902.155:5): avc: denied { set_context_mgr } for pid=5317 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 43.175968] binder: BINDER_SET_CONTEXT_MGR already set [ 43.177287] binder: 5317:5326 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 43.188557] binder: 5317:5318 ioctl 40046207 0 returned -16 2018/02/26 09:38:22 executing program 6: r0 = socket(0x10, 0x802, 0x0) write(r0, &(0x7f0000f52fdb)="240000001a0025f00000000400fffc0e0a00000000040000f000edeb0800030001000000", 0x24) 2018/02/26 09:38:22 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00004c6000)={@common='lo\x00', &(0x7f000093afec)=@ethtool_wolinfo={0x27, 0x0, 0x0, "35661b99c87d"}}) 2018/02/26 09:38:22 executing program 1: r0 = epoll_create1(0x0) r1 = socket$netlink(0x10, 0x3, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000028000)={0x4}) ppoll(&(0x7f0000cc0000)=[{r0}], 0x1, &(0x7f000002f000), &(0x7f000004c000), 0x8) 2018/02/26 09:38:22 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000593ff6)='ns/uts\x00') setns(r0, 0x0) 2018/02/26 09:38:22 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00001fefe4)={0xa, 0x2, 0x0, @empty}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, &(0x7f0000f6f000), 0x1000000c4, 0x20000001, &(0x7f0000faafe4)={0xa, 0x2, 0x0, @empty}, 0x1c) r2 = accept4(r1, &(0x7f0000218fa8)=@alg, &(0x7f0000db4ffc)=0x214, 0x0) shutdown(r0, 0x1) sendmsg$nl_crypto(r2, &(0x7f0000484fc8)={&(0x7f0000816000)={0x10}, 0xc, &(0x7f0000c37000)={&(0x7f0000fa3000)=@get={0xe0, 0x13, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, {{'cbc-aes-aesni\x00'}}, []}, 0xe0}, 0x1}, 0x0) shutdown(r2, 0x1) 2018/02/26 09:38:22 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) recvfrom$inet(r1, &(0x7f0000559000)=""/166, 0xa6, 0x0, &(0x7f0000595ff0)={0x2, 0xffffffffffffffff, @empty}, 0x10) sendmsg$key(r0, &(0x7f000010bfc8)={0x0, 0x0, &(0x7f0000a8fff0)={&(0x7f0000e16000)={0x2, 0xb, 0x0, 0x1, 0x2, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, []}, 0x10}, 0x1}, 0x0) 2018/02/26 09:38:22 executing program 3: r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000eddbf8)={'filter\x00', 0x7, 0x3, 0x3b8, 0x0, 0x0, 0x1e8, 0x2d0, 0x2d0, 0x2d0, 0x4, &(0x7f0000a7dfc0), {[{{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28}}, {{@arp={@loopback=0x7f000001, @empty, 0x0, 0x0, @empty, {}, @mac=@link_local={0x1, 0x80, 0xc2}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @common='gretap0\x00', @common='bond0\x00'}, 0xc0, 0x100}, @unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "c675c6a25caf74de18b9d4844e31bac4128538de0f68722b81abd01c1211"}}, {{@uncond, 0xc0, 0xe8}, @unspec=@CLASSIFY={0x28, 'CLASSIFY\x00'}}], {{[], 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x408) 2018/02/26 09:38:22 executing program 7: socketpair$unix(0x1, 0x1000000000005, 0x0, &(0x7f000021bff8)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000021ff0)={0x2, &(0x7f0000016000)=[{0x28, 0x0, 0x0, 0xfffffffffffff010}, {0x6}]}, 0x10) sendto(r1, &(0x7f0000deb000)="a2f7223d6429bb3d0f6b5c9f0d104efef64d6094bbe7d9761ae6a482ca405176dd81174b6d56d9", 0x27, 0x0, &(0x7f0000deb000)=@nfc={0x27, 0x9}, 0x10) 2018/02/26 09:38:22 executing program 0: setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x6b, &(0x7f0000001000)=[@in={0x2, 0xffffffffffffffff, @empty}, @in6={0xa, 0xffffffffffffffff, 0x4, @mcast2={0xff, 0x2, [], 0x1}}], 0x2c) sigaltstack(&(0x7f0000001000/0x1000)=nil, 0x0) 2018/02/26 09:38:22 executing program 3: futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f0000edfff0)={0x77359400, 0x4}, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x1, 0x0, &(0x7f0000859ff0)={0x77359400}, &(0x7f0000048000), 0x0) 2018/02/26 09:38:22 executing program 6: r0 = syz_open_dev$tun(&(0x7f0000433ff3)='/dev/net/tun\x00', 0x0, 0x9) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000a5afd8)={@common='eql\x00', @ifru_names=@syzn={0x73, 0x79, 0x7a}}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00007e3fb0)={@generic="7d4c3c57838531b124c775847b290b41", @ifru_mtu=0xa533}) write$tun(r0, &(0x7f0000ca6ed4)=@hdr={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @ipv4={{0x5, 0x4, 0x0, 0x0, 0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @empty, @broadcast=0xffffffff, {[]}}, @gre={{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x880b, 0x0, 0x0, []}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, []}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, []}}}}, 0x2e) 2018/02/26 09:38:22 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x1, 0x32, 0xffffffffffffffff, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000157000)) 2018/02/26 09:38:22 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000593ff6)='ns/uts\x00') setns(r0, 0x0) 2018/02/26 09:38:22 executing program 1: r0 = gettid() unshare(0x28060400) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x0, 0x0) exit(0x0) syz_open_procfs(r0, &(0x7f0000004000)="706167656d61700029976c32d862fc7deaae881b11848f87a85be0a0e71c63f75b30984037b714efdf205de3692ae4ce4fd439e97b8e7d4832a8c5bf6cd05bf2f093ea99478ef29022f46baab3a38b9c3403d775025c048910742e85d4cb5226417dea53244635b7d776885d2a4cf8118250e8968dd2c46ce9c51041096371d032a640ce730c678066e48d3bd0a585e99acae3c27db4c8425f16a40a47ede146b98839273f5dd4816def57503bf464b65265fcc758a08d142faefb1bb300000000000080001c1d1035cc49522438d18bd2989b53bf635d2ffa") close(r1) 2018/02/26 09:38:22 executing program 0: prctl$void(0x27) [ 43.261984] TCP: request_sock_TCPv6: Possible SYN flooding on port 20022. Sending cookies. Check SNMP counters. 2018/02/26 09:38:22 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000593ff6)='ns/uts\x00') setns(r0, 0x0) 2018/02/26 09:38:22 executing program 6: r0 = syz_open_dev$tun(&(0x7f0000433ff3)='/dev/net/tun\x00', 0x0, 0x9) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000a5afd8)={@common='eql\x00', @ifru_names=@syzn={0x73, 0x79, 0x7a}}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00007e3fb0)={@generic="7d4c3c57838531b124c775847b290b41", @ifru_mtu=0xa533}) write$tun(r0, &(0x7f0000ca6ed4)=@hdr={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @ipv4={{0x5, 0x4, 0x0, 0x0, 0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @empty, @broadcast=0xffffffff, {[]}}, @gre={{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x880b, 0x0, 0x0, []}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, []}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, []}}}}, 0x2e) 2018/02/26 09:38:22 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00001fefe4)={0xa, 0x2, 0x0, @empty}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, &(0x7f0000f6f000), 0x1000000c4, 0x20000001, &(0x7f0000faafe4)={0xa, 0x2, 0x0, @empty}, 0x1c) r2 = accept4(r1, &(0x7f0000218fa8)=@alg, &(0x7f0000db4ffc)=0x214, 0x0) shutdown(r0, 0x1) sendmsg$nl_crypto(r2, &(0x7f0000484fc8)={&(0x7f0000816000)={0x10}, 0xc, &(0x7f0000c37000)={&(0x7f0000fa3000)=@get={0xe0, 0x13, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, {{'cbc-aes-aesni\x00'}}, []}, 0xe0}, 0x1}, 0x0) shutdown(r2, 0x1) 2018/02/26 09:38:22 executing program 7: r0 = socket(0x10, 0x802, 0x0) write(r0, &(0x7f00000c7fdc)="2400000021002551071c0165ff0ffc0202000000001000000ee1000c0800060000000000", 0x24) 2018/02/26 09:38:22 executing program 0: mkdir(&(0x7f000023a000)='./control\x00', 0x0) r0 = open(&(0x7f0000028000)='./control\x00', 0x0, 0x0) clone(0x0, &(0x7f0000000000), &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)) mkdirat(r0, &(0x7f000002cff6)='./control\x00', 0x0) 2018/02/26 09:38:22 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = epoll_create1(0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000d1d000)) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000939ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000830ff4)) 2018/02/26 09:38:22 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) recvfrom$inet(r1, &(0x7f0000559000)=""/166, 0xa6, 0x0, &(0x7f0000595ff0)={0x2, 0xffffffffffffffff, @empty}, 0x10) sendmsg$key(r0, &(0x7f000010bfc8)={0x0, 0x0, &(0x7f0000a8fff0)={&(0x7f0000e16000)={0x2, 0xb, 0x0, 0x1, 0x2, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, []}, 0x10}, 0x1}, 0x0) 2018/02/26 09:38:22 executing program 1: r0 = gettid() unshare(0x28060400) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x0, 0x0) exit(0x0) syz_open_procfs(r0, &(0x7f0000004000)="706167656d61700029976c32d862fc7deaae881b11848f87a85be0a0e71c63f75b30984037b714efdf205de3692ae4ce4fd439e97b8e7d4832a8c5bf6cd05bf2f093ea99478ef29022f46baab3a38b9c3403d775025c048910742e85d4cb5226417dea53244635b7d776885d2a4cf8118250e8968dd2c46ce9c51041096371d032a640ce730c678066e48d3bd0a585e99acae3c27db4c8425f16a40a47ede146b98839273f5dd4816def57503bf464b65265fcc758a08d142faefb1bb300000000000080001c1d1035cc49522438d18bd2989b53bf635d2ffa") close(r1) 2018/02/26 09:38:22 executing program 7: r0 = socket(0x10, 0x802, 0x0) write(r0, &(0x7f00000c7fdc)="2400000021002551071c0165ff0ffc0202000000001000000ee1000c0800060000000000", 0x24) 2018/02/26 09:38:22 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = epoll_create1(0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000d1d000)) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000939ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000830ff4)) 2018/02/26 09:38:22 executing program 7: r0 = socket(0x10, 0x802, 0x0) write(r0, &(0x7f00000c7fdc)="2400000021002551071c0165ff0ffc0202000000001000000ee1000c0800060000000000", 0x24) 2018/02/26 09:38:22 executing program 0: mkdir(&(0x7f000023a000)='./control\x00', 0x0) r0 = open(&(0x7f0000028000)='./control\x00', 0x0, 0x0) clone(0x0, &(0x7f0000000000), &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)) mkdirat(r0, &(0x7f000002cff6)='./control\x00', 0x0) 2018/02/26 09:38:22 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000593ff6)='ns/uts\x00') setns(r0, 0x0) [ 43.449377] TCP: request_sock_TCPv6: Possible SYN flooding on port 20022. Sending cookies. Check SNMP counters. 2018/02/26 09:38:22 executing program 2: r0 = gettid() unshare(0x28060400) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x0, 0x0) exit(0x0) syz_open_procfs(r0, &(0x7f0000004000)="706167656d61700029976c32d862fc7deaae881b11848f87a85be0a0e71c63f75b30984037b714efdf205de3692ae4ce4fd439e97b8e7d4832a8c5bf6cd05bf2f093ea99478ef29022f46baab3a38b9c3403d775025c048910742e85d4cb5226417dea53244635b7d776885d2a4cf8118250e8968dd2c46ce9c51041096371d032a640ce730c678066e48d3bd0a585e99acae3c27db4c8425f16a40a47ede146b98839273f5dd4816def57503bf464b65265fcc758a08d142faefb1bb300000000000080001c1d1035cc49522438d18bd2989b53bf635d2ffa") close(r1) 2018/02/26 09:38:22 executing program 7: r0 = socket(0x10, 0x802, 0x0) write(r0, &(0x7f00000c7fdc)="2400000021002551071c0165ff0ffc0202000000001000000ee1000c0800060000000000", 0x24) 2018/02/26 09:38:22 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) recvfrom$inet(r1, &(0x7f0000559000)=""/166, 0xa6, 0x0, &(0x7f0000595ff0)={0x2, 0xffffffffffffffff, @empty}, 0x10) sendmsg$key(r0, &(0x7f000010bfc8)={0x0, 0x0, &(0x7f0000a8fff0)={&(0x7f0000e16000)={0x2, 0xb, 0x0, 0x1, 0x2, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, []}, 0x10}, 0x1}, 0x0) 2018/02/26 09:38:22 executing program 1: r0 = gettid() unshare(0x28060400) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x0, 0x0) exit(0x0) syz_open_procfs(r0, &(0x7f0000004000)="706167656d61700029976c32d862fc7deaae881b11848f87a85be0a0e71c63f75b30984037b714efdf205de3692ae4ce4fd439e97b8e7d4832a8c5bf6cd05bf2f093ea99478ef29022f46baab3a38b9c3403d775025c048910742e85d4cb5226417dea53244635b7d776885d2a4cf8118250e8968dd2c46ce9c51041096371d032a640ce730c678066e48d3bd0a585e99acae3c27db4c8425f16a40a47ede146b98839273f5dd4816def57503bf464b65265fcc758a08d142faefb1bb300000000000080001c1d1035cc49522438d18bd2989b53bf635d2ffa") close(r1) 2018/02/26 09:38:22 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00001fefe4)={0xa, 0x2, 0x0, @empty}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, &(0x7f0000f6f000), 0x1000000c4, 0x20000001, &(0x7f0000faafe4)={0xa, 0x2, 0x0, @empty}, 0x1c) r2 = accept4(r1, &(0x7f0000218fa8)=@alg, &(0x7f0000db4ffc)=0x214, 0x0) shutdown(r0, 0x1) sendmsg$nl_crypto(r2, &(0x7f0000484fc8)={&(0x7f0000816000)={0x10}, 0xc, &(0x7f0000c37000)={&(0x7f0000fa3000)=@get={0xe0, 0x13, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, {{'cbc-aes-aesni\x00'}}, []}, 0xe0}, 0x1}, 0x0) shutdown(r2, 0x1) 2018/02/26 09:38:22 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = epoll_create1(0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000d1d000)) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000939ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000830ff4)) 2018/02/26 09:38:22 executing program 0: mkdir(&(0x7f000023a000)='./control\x00', 0x0) r0 = open(&(0x7f0000028000)='./control\x00', 0x0, 0x0) clone(0x0, &(0x7f0000000000), &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)) mkdirat(r0, &(0x7f000002cff6)='./control\x00', 0x0) 2018/02/26 09:38:22 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_buf(r0, 0x0, 0x482, &(0x7f0000000040)=""/24, &(0x7f0000000000)=0x18) 2018/02/26 09:38:22 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = epoll_create1(0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000d1d000)) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000939ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000830ff4)) 2018/02/26 09:38:22 executing program 0: mkdir(&(0x7f000023a000)='./control\x00', 0x0) r0 = open(&(0x7f0000028000)='./control\x00', 0x0, 0x0) clone(0x0, &(0x7f0000000000), &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)) mkdirat(r0, &(0x7f000002cff6)='./control\x00', 0x0) 2018/02/26 09:38:22 executing program 6: r0 = syz_open_dev$tun(&(0x7f0000433ff3)='/dev/net/tun\x00', 0x0, 0x9) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000a5afd8)={@common='eql\x00', @ifru_names=@syzn={0x73, 0x79, 0x7a}}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00007e3fb0)={@generic="7d4c3c57838531b124c775847b290b41", @ifru_mtu=0xa533}) write$tun(r0, &(0x7f0000ca6ed4)=@hdr={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @ipv4={{0x5, 0x4, 0x0, 0x0, 0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @empty, @broadcast=0xffffffff, {[]}}, @gre={{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x880b, 0x0, 0x0, []}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, []}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, []}}}}, 0x2e) 2018/02/26 09:38:22 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_buf(r0, 0x0, 0x482, &(0x7f0000000040)=""/24, &(0x7f0000000000)=0x18) 2018/02/26 09:38:22 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_buf(r0, 0x0, 0x482, &(0x7f0000000040)=""/24, &(0x7f0000000000)=0x18) [ 43.562126] TCP: request_sock_TCPv6: Possible SYN flooding on port 20022. Sending cookies. Check SNMP counters. [ 43.583099] IPVS: length: 24 != 8 2018/02/26 09:38:22 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00001fefe4)={0xa, 0x2, 0x0, @empty}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, &(0x7f0000f6f000), 0x1000000c4, 0x20000001, &(0x7f0000faafe4)={0xa, 0x2, 0x0, @empty}, 0x1c) r2 = accept4(r1, &(0x7f0000218fa8)=@alg, &(0x7f0000db4ffc)=0x214, 0x0) shutdown(r0, 0x1) sendmsg$nl_crypto(r2, &(0x7f0000484fc8)={&(0x7f0000816000)={0x10}, 0xc, &(0x7f0000c37000)={&(0x7f0000fa3000)=@get={0xe0, 0x13, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, {{'cbc-aes-aesni\x00'}}, []}, 0xe0}, 0x1}, 0x0) shutdown(r2, 0x1) [ 43.625729] IPVS: length: 24 != 8 [ 43.646989] IPVS: length: 24 != 8 [ 43.659827] TCP: request_sock_TCPv6: Possible SYN flooding on port 20022. Sending cookies. Check SNMP counters. 2018/02/26 09:38:22 executing program 6: r0 = syz_open_dev$tun(&(0x7f0000433ff3)='/dev/net/tun\x00', 0x0, 0x9) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000a5afd8)={@common='eql\x00', @ifru_names=@syzn={0x73, 0x79, 0x7a}}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00007e3fb0)={@generic="7d4c3c57838531b124c775847b290b41", @ifru_mtu=0xa533}) write$tun(r0, &(0x7f0000ca6ed4)=@hdr={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @ipv4={{0x5, 0x4, 0x0, 0x0, 0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @empty, @broadcast=0xffffffff, {[]}}, @gre={{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x880b, 0x0, 0x0, []}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, []}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, []}}}}, 0x2e) 2018/02/26 09:38:22 executing program 1: r0 = gettid() unshare(0x28060400) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x0, 0x0) exit(0x0) syz_open_procfs(r0, &(0x7f0000004000)="706167656d61700029976c32d862fc7deaae881b11848f87a85be0a0e71c63f75b30984037b714efdf205de3692ae4ce4fd439e97b8e7d4832a8c5bf6cd05bf2f093ea99478ef29022f46baab3a38b9c3403d775025c048910742e85d4cb5226417dea53244635b7d776885d2a4cf8118250e8968dd2c46ce9c51041096371d032a640ce730c678066e48d3bd0a585e99acae3c27db4c8425f16a40a47ede146b98839273f5dd4816def57503bf464b65265fcc758a08d142faefb1bb300000000000080001c1d1035cc49522438d18bd2989b53bf635d2ffa") close(r1) 2018/02/26 09:38:22 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_buf(r0, 0x0, 0x482, &(0x7f0000000040)=""/24, &(0x7f0000000000)=0x18) 2018/02/26 09:38:22 executing program 0: r0 = syz_open_dev$sndtimer(&(0x7f000044d000)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000c9dfec)={0x3, 0x0, 0x0, 0xffffffffffffffff}) 2018/02/26 09:38:22 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_buf(r0, 0x0, 0x482, &(0x7f0000000040)=""/24, &(0x7f0000000000)=0x18) 2018/02/26 09:38:22 executing program 5: r0 = syz_open_dev$tun(&(0x7f0000872000)='/dev/net/tun\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000600)=[{&(0x7f0000000500)=""/208, 0xd0}], 0x1, 0x0) 2018/02/26 09:38:22 executing program 2: r0 = gettid() unshare(0x28060400) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x0, 0x0) exit(0x0) syz_open_procfs(r0, &(0x7f0000004000)="706167656d61700029976c32d862fc7deaae881b11848f87a85be0a0e71c63f75b30984037b714efdf205de3692ae4ce4fd439e97b8e7d4832a8c5bf6cd05bf2f093ea99478ef29022f46baab3a38b9c3403d775025c048910742e85d4cb5226417dea53244635b7d776885d2a4cf8118250e8968dd2c46ce9c51041096371d032a640ce730c678066e48d3bd0a585e99acae3c27db4c8425f16a40a47ede146b98839273f5dd4816def57503bf464b65265fcc758a08d142faefb1bb300000000000080001c1d1035cc49522438d18bd2989b53bf635d2ffa") close(r1) 2018/02/26 09:38:22 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000c2e000/0x2000)=nil, 0x2000, 0x0, 0x0, 0xffffffffffffffff) 2018/02/26 09:38:22 executing program 0: r0 = syz_open_dev$sndtimer(&(0x7f000044d000)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000c9dfec)={0x3, 0x0, 0x0, 0xffffffffffffffff}) 2018/02/26 09:38:22 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_buf(r0, 0x0, 0x482, &(0x7f0000000040)=""/24, &(0x7f0000000000)=0x18) 2018/02/26 09:38:22 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_buf(r0, 0x0, 0x482, &(0x7f0000000040)=""/24, &(0x7f0000000000)=0x18) 2018/02/26 09:38:22 executing program 5: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000e4dff1)='/dev/sequencer\x00', 0x0, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000019ff4)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000c3bff4)) 2018/02/26 09:38:22 executing program 7: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f000028f000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f0000f86000)='./control/file0\x00') rmdir(&(0x7f000015dff6)='./control\x00') creat(&(0x7f000018c000)='./control/file0\x00', 0x0) rmdir(&(0x7f00002ccff0)='./control/file0\x00') close(r0) 2018/02/26 09:38:22 executing program 0: r0 = syz_open_dev$sndtimer(&(0x7f000044d000)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000c9dfec)={0x3, 0x0, 0x0, 0xffffffffffffffff}) 2018/02/26 09:38:22 executing program 3: sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000764fc8)={&(0x7f0000a3b000)=@in6={0xa, 0xffffffffffffffff, 0x0, @loopback={0x0, 0x1}}, 0x1c, &(0x7f00003b8f80)=[{&(0x7f0000007000)="ea306b0073192ed165e0ff2679b65abb1023f81e00dc30d928226b70da7d922af9c36e7e5c3fcab589ecebaeb7", 0x2d}], 0x1, &(0x7f0000c7b000)=[]}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000997ff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 43.733899] IPVS: length: 24 != 8 [ 43.743469] IPVS: length: 24 != 8 [ 43.759543] mmap: syz-executor4 (5454) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt. [ 43.765398] IPVS: length: 24 != 8 [ 43.772394] IPVS: length: 24 != 8 2018/02/26 09:38:22 executing program 2: r0 = gettid() unshare(0x28060400) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x0, 0x0) exit(0x0) syz_open_procfs(r0, &(0x7f0000004000)="706167656d61700029976c32d862fc7deaae881b11848f87a85be0a0e71c63f75b30984037b714efdf205de3692ae4ce4fd439e97b8e7d4832a8c5bf6cd05bf2f093ea99478ef29022f46baab3a38b9c3403d775025c048910742e85d4cb5226417dea53244635b7d776885d2a4cf8118250e8968dd2c46ce9c51041096371d032a640ce730c678066e48d3bd0a585e99acae3c27db4c8425f16a40a47ede146b98839273f5dd4816def57503bf464b65265fcc758a08d142faefb1bb300000000000080001c1d1035cc49522438d18bd2989b53bf635d2ffa") close(r1) 2018/02/26 09:38:22 executing program 6: add_key(&(0x7f00000000c0)="6b657972696e6700a2e20bc37b3bf8242175bbe3a6d95be7bc1bcba2bd5ea4eabe2d714d812ca7a458c9a9300e5d2f3f5f3687c1f3ff3ce3c7d6b0277b1e54e85c26c5a8b9fd8c25ce142e", &(0x7f0000000040)={0x73, 0x79, 0x7a}, &(0x7f0000000040)='p', 0x1, 0xfffffffffffffffe) 2018/02/26 09:38:22 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f000014f000)={&(0x7f00003c7ff4)={0x10}, 0xc, &(0x7f0000bd7000)={&(0x7f0000525000)=@newsa={0x154, 0x10, 0x713, 0xffffffffffffffff, 0xffffffffffffffff, {{@in6=@dev={0xfe, 0x80}, @in6=@ipv4={[], [0xff, 0xff], @broadcast=0xffffffff}}, {@in6=@empty, 0xffffffffffffffff, 0x33}, @in=@broadcast=0xffffffff, {}, {}, {}, 0xffffffffffffffff, 0xffffffffffffffff, 0x2}, [@encap={0x1c, 0x4, {0x0, 0xffffffffffffffff, 0xffffffffffffffff, @in=@dev={0xac, 0x14}}}, @algo_auth={0x48, 0x1, {{'md5\x00'}}}]}, 0x154}, 0x1}, 0x0) 2018/02/26 09:38:22 executing program 4: mkdir(&(0x7f000002bff8)='./file0\x00', 0x0) mount(&(0x7f0000018000)='./file0\x00', &(0x7f000002c000)='./file0\x00', &(0x7f000002cffa)='ramfs\x00', 0x0, &(0x7f000000a000)) creat(&(0x7f000001bff4)='./file0/bus\x00', 0x0) truncate(&(0x7f0000006000)='./file0/bus\x00', 0x2794) r0 = open$dir(&(0x7f000001bff4)='./file0/bus\x00', 0x0, 0x0) mmap(&(0x7f000000a000/0x4000)=nil, 0x4000, 0x1, 0x100000000a012, r0, 0x0) truncate(&(0x7f0000002000)='./file0/bus\x00', 0x0) 2018/02/26 09:38:22 executing program 0: r0 = syz_open_dev$sndtimer(&(0x7f000044d000)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000c9dfec)={0x3, 0x0, 0x0, 0xffffffffffffffff}) 2018/02/26 09:38:22 executing program 3: clone(0x0, &(0x7f0000f39000), &(0x7f0000ea9ffc), &(0x7f0000bf2ffc), &(0x7f0000872fff)) memfd_create(&(0x7f0000000040)='-\x00', 0x0) 2018/02/26 09:38:22 executing program 7: socketpair$unix(0x1, 0x3, 0x0, &(0x7f000036eff8)={0x0, 0x0}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f000002c000)={@syzn={0x73, 0x79, 0x7a, 0x0}, 0x0}) sendmsg$nl_route(r1, &(0x7f000001bfc8)={&(0x7f0000016000)={0x10}, 0xc, &(0x7f000001f000)={&(0x7f0000e5f000)=@bridge_setlink={0x28, 0x13, 0x331, 0xffffffffffffffff, 0xffffffffffffffff, {0x7, 0x0, 0x0, r2}, [@IFLA_AF_SPEC={0x8, 0x1a, [{0x4, 0x2}]}]}, 0x28}, 0x1}, 0x0) 2018/02/26 09:38:22 executing program 1: mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) capget(&(0x7f0000000ffb)={0x20071026}, &(0x7f0000001000)) 2018/02/26 09:38:22 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000b9bff0)={0x2, 0x1, @multicast1=0xe0000001}, 0x10) sendto$inet(r0, &(0x7f0000fa0fff), 0xffffffffffffffbb, 0x20020003, &(0x7f0000385ff0)={0x2, 0x1, @loopback=0x7f000001}, 0x10) setsockopt$sock_int(r0, 0x1, 0x2000000000000009, &(0x7f0000b21000), 0xf0) 2018/02/26 09:38:23 executing program 6: capset(&(0x7f0000f0fffa)={0x19980330}, &(0x7f00008e7000)) getgroups(0x2, &(0x7f0000680ff0)=[0x0, 0xffffffffffffffff]) setresgid(r0, 0x0, 0x0) 2018/02/26 09:38:23 executing program 7: r0 = syz_open_dev$evdev(&(0x7f0000001000)='/dev/input/event#\x00', 0xb6, 0x0) ioctl$EVIOCGKEYCODE(r0, 0x80084504, &(0x7f00008baf4e)=""/178) 2018/02/26 09:38:23 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000a99ff6)='/dev/ptmx\x00', 0x2001, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) read(r1, &(0x7f000007bf91)=""/111, 0x6f) ioctl$TCSETS(r0, 0x5402, &(0x7f0000272fdc)) write(r0, &(0x7f0000b84ec6)="9c", 0x1) 2018/02/26 09:38:23 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000759000)='clear_refs\x00') r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/softnet_stat\x00') sendfile(r0, r1, &(0x7f0000a12000), 0x1) [ 43.955393] capability: warning: `syz-executor1' uses deprecated v2 capabilities in a way that may be insecure 2018/02/26 09:38:23 executing program 5: setpriority(0x0, 0x0, 0xfffffffffffffff8) 2018/02/26 09:38:23 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r0, 0xc0bc5351, &(0x7f0000000f44)={0x800, 0x0, 'client0\x00', 0x0, "1e666836af653556", "9fbb9681ffdf10a24c85c62e8693f0c168b96962eefa1403b1e5c0877cb550f7"}) 2018/02/26 09:38:23 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f000003dff3)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000141000)={{}, {0x12}}) 2018/02/26 09:38:23 executing program 1: r0 = socket(0x10, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000504000)={&(0x7f0000ba2ff4)={0x10}, 0xc, &(0x7f0000434ff0)={&(0x7f0000b17fb4)=@newlink={0x48, 0x10, 0x9, 0xffffffffffffffff, 0xffffffffffffffff, {}, [@IFLA_IFNAME={0x14, 0x3, @syzn={0x73, 0x79, 0x7a, 0x0}}, @IFLA_VFINFO_LIST={0x14, 0x16, [{0x10, 0x1, [@nested={0xc, 0x9, [@generic="633852d053"]}]}]}]}, 0x48}, 0x1}, 0x0) 2018/02/26 09:38:23 executing program 6: r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f0000ec2feb)="130000001000ffdde200f49ff60d050000230a88", 0x14) [ 44.057529] audit: type=1400 audit(1519637903.075:6): avc: denied { create } for pid=5528 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 2018/02/26 09:38:23 executing program 4: mkdir(&(0x7f000002bff8)='./file0\x00', 0x0) mount(&(0x7f0000018000)='./file0\x00', &(0x7f000002c000)='./file0\x00', &(0x7f000002cffa)='ramfs\x00', 0x0, &(0x7f000000a000)) creat(&(0x7f000001bff4)='./file0/bus\x00', 0x0) truncate(&(0x7f0000006000)='./file0/bus\x00', 0x2794) r0 = open$dir(&(0x7f000001bff4)='./file0/bus\x00', 0x0, 0x0) mmap(&(0x7f000000a000/0x4000)=nil, 0x4000, 0x1, 0x100000000a012, r0, 0x0) truncate(&(0x7f0000002000)='./file0/bus\x00', 0x0) 2018/02/26 09:38:23 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_buf(r0, 0x29, 0x44, &(0x7f0000ab2fe2)=""/30, &(0x7f00007db000)=0x1e) 2018/02/26 09:38:23 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000068000)='smaps\x00') r1 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000096000)='/selinux/status\x00', 0x0, 0x0) r2 = memfd_create(&(0x7f0000401ff8)='lo\tlaK1\x00', 0x0) dup3(r1, r2, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0x11, r2, 0x0) sendfile(r0, r0, &(0x7f0000014000)=0x100000, 0x1000000800000008) 2018/02/26 09:38:23 executing program 1: mkdir(&(0x7f0000312ff8)='./file0\x00', 0x0) mount(&(0x7f0000018000)='./file0\x00', &(0x7f000002c000)='./file0\x00', &(0x7f000002cffa)='ramfs\x00', 0x0, &(0x7f000000a000)) creat(&(0x7f0000f66ff4)='./file0/bus\x00', 0x0) truncate(&(0x7f0000308000)='./file0/bus\x00', 0x2794) r0 = open$dir(&(0x7f00004b9ff4)='./file0/bus\x00', 0x0, 0x0) mmap(&(0x7f0000020000/0x1000)=nil, 0x1000, 0x1, 0x100000000a012, r0, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 2018/02/26 09:38:23 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000001000)='net\x00') lseek(r0, 0x0, 0x4) 2018/02/26 09:38:23 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r0, 0x0, 0x2000000000004, &(0x7f0000001fe8)="83170400000200000060f0055f0d10d438b088d169", 0x15) 2018/02/26 09:38:23 executing program 7: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f00005da000)=0x9, 0x4) sendto$inet6(r0, &(0x7f0000adb000), 0x0, 0x0, &(0x7f0000809000)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) 2018/02/26 09:38:23 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f000001bfc8)={&(0x7f00007a9000)={0x10}, 0xc, &(0x7f0000835000)={&(0x7f0000352000)=@ipv6_newroute={0x2c, 0x18, 0x501, 0xffffffffffffffff, 0xffffffffffffffff, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, [@RTA_METRICS={0x10, 0x8, "0600000000000000c3"}]}, 0x2c}, 0x1}, 0x0) 2018/02/26 09:38:23 executing program 0: capset(&(0x7f0000da9ff8)={0x19980330}, &(0x7f0000001fe8)={0x2}) 2018/02/26 09:38:23 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000001000)='net\x00') lseek(r0, 0x0, 0x4) 2018/02/26 09:38:23 executing program 4: mkdir(&(0x7f000002bff8)='./file0\x00', 0x0) mount(&(0x7f0000018000)='./file0\x00', &(0x7f000002c000)='./file0\x00', &(0x7f000002cffa)='ramfs\x00', 0x0, &(0x7f000000a000)) creat(&(0x7f000001bff4)='./file0/bus\x00', 0x0) truncate(&(0x7f0000006000)='./file0/bus\x00', 0x2794) r0 = open$dir(&(0x7f000001bff4)='./file0/bus\x00', 0x0, 0x0) mmap(&(0x7f000000a000/0x4000)=nil, 0x4000, 0x1, 0x100000000a012, r0, 0x0) truncate(&(0x7f0000002000)='./file0/bus\x00', 0x0) 2018/02/26 09:38:23 executing program 7: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f00005da000)=0x9, 0x4) sendto$inet6(r0, &(0x7f0000adb000), 0x0, 0x0, &(0x7f0000809000)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) 2018/02/26 09:38:23 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000068000)='smaps\x00') r1 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000096000)='/selinux/status\x00', 0x0, 0x0) r2 = memfd_create(&(0x7f0000401ff8)='lo\tlaK1\x00', 0x0) dup3(r1, r2, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0x11, r2, 0x0) sendfile(r0, r0, &(0x7f0000014000)=0x100000, 0x1000000800000008) 2018/02/26 09:38:23 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000001000)='net\x00') lseek(r0, 0x0, 0x4) 2018/02/26 09:38:23 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$tun(&(0x7f0000526000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00006affd8)={@common='gre0\x00', @ifru_addrs=@ethernet={0x306, @random="3e7596f732f4"}}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000768fe0)={@common='gre0\x00', @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}}}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = syz_open_dev$tun(&(0x7f0000c7eff3)='/dev/net/tun\x00', 0x0, 0x0) r4 = socket$inet(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x8914, &(0x7f000062ffe0)={@common='gre0\x00', @ifru_flags=0x301}) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00006affd8)={@common='gre0\x00', @ifru_addrs=@ethernet={0x306, @random="3e7596f732f4"}}) connect$inet(r2, &(0x7f0000561000)={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}}, 0x10) sendto$inet(r2, &(0x7f0000762fff), 0x0, 0x0, &(0x7f000057bff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/02/26 09:38:23 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_buf(r0, 0x29, 0x44, &(0x7f0000ab2fe2)=""/30, &(0x7f00007db000)=0x1e) 2018/02/26 09:38:23 executing program 7: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f00005da000)=0x9, 0x4) sendto$inet6(r0, &(0x7f0000adb000), 0x0, 0x0, &(0x7f0000809000)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) 2018/02/26 09:38:23 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f000012a000)=[{&(0x7f0000e73d64)="290000002000190700003fffffffda060200000622e80002040000140d0004000000000000d200019c", 0x29}], 0x1) 2018/02/26 09:38:23 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000001000)='net\x00') lseek(r0, 0x0, 0x4) 2018/02/26 09:38:23 executing program 6: r0 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x49, &(0x7f0000f6e000), 0x0) 2018/02/26 09:38:23 executing program 4: mkdir(&(0x7f000002bff8)='./file0\x00', 0x0) mount(&(0x7f0000018000)='./file0\x00', &(0x7f000002c000)='./file0\x00', &(0x7f000002cffa)='ramfs\x00', 0x0, &(0x7f000000a000)) creat(&(0x7f000001bff4)='./file0/bus\x00', 0x0) truncate(&(0x7f0000006000)='./file0/bus\x00', 0x2794) r0 = open$dir(&(0x7f000001bff4)='./file0/bus\x00', 0x0, 0x0) mmap(&(0x7f000000a000/0x4000)=nil, 0x4000, 0x1, 0x100000000a012, r0, 0x0) truncate(&(0x7f0000002000)='./file0/bus\x00', 0x0) 2018/02/26 09:38:23 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000068000)='smaps\x00') r1 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000096000)='/selinux/status\x00', 0x0, 0x0) r2 = memfd_create(&(0x7f0000401ff8)='lo\tlaK1\x00', 0x0) dup3(r1, r2, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0x11, r2, 0x0) sendfile(r0, r0, &(0x7f0000014000)=0x100000, 0x1000000800000008) 2018/02/26 09:38:23 executing program 6: r0 = syz_open_procfs(0x0, &(0x7f0000302ff0)='projid_map\x00') sendfile(r0, r0, &(0x7f0000af5ff8), 0xffff) 2018/02/26 09:38:23 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_buf(r0, 0x29, 0x44, &(0x7f0000ab2fe2)=""/30, &(0x7f00007db000)=0x1e) [ 44.314361] device gre0 entered promiscuous mode 2018/02/26 09:38:23 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000001000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r0, 0x0) prctl$seccomp(0x16, 0x2, &(0x7f0000000040)={0x0, &(0x7f0000000000)=[]}) 2018/02/26 09:38:23 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x8931, &(0x7f0000362fce)={@syzn={0x73, 0x79, 0x7a, 0x0}, @ifru_data=&(0x7f0000ef4000)="90560aeb624a373464f84c1b9bfc42f014c462383b63ff6f0353088b61579da8"}) 2018/02/26 09:38:23 executing program 7: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f00005da000)=0x9, 0x4) sendto$inet6(r0, &(0x7f0000adb000), 0x0, 0x0, &(0x7f0000809000)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) 2018/02/26 09:38:23 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000068000)='smaps\x00') r1 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000096000)='/selinux/status\x00', 0x0, 0x0) r2 = memfd_create(&(0x7f0000401ff8)='lo\tlaK1\x00', 0x0) dup3(r1, r2, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0x11, r2, 0x0) sendfile(r0, r0, &(0x7f0000014000)=0x100000, 0x1000000800000008) 2018/02/26 09:38:23 executing program 6: pipe2(&(0x7f0000864ff8)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000bc8000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000d62fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f000078dff8)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) link(&(0x7f0000f3bff8)='./file0\x00', &(0x7f00006b3ff0)='./control/file0\x00') rmdir(&(0x7f0000af0000)='./control\x00') symlink(&(0x7f00007e6000)='./file0\x00', &(0x7f0000642000)='./control/file0\x00') dup2(r0, r1) 2018/02/26 09:38:23 executing program 4: pipe(&(0x7f00001c5ff8)={0xffffffffffffffff, 0xffffffffffffffff}) mmap(&(0x7f00005e2000/0x1000)=nil, 0x1000, 0x2, 0x2032, 0xffffffffffffffff, 0x0) vmsplice(r1, &(0x7f00005e48eb)=[{&(0x7f00005e2f97)="f8", 0x1}], 0x1, 0x0) mmap(&(0x7f00005e2000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) vmsplice(r0, &(0x7f000017f000)=[{&(0x7f00003d5000)='=', 0x1}], 0x1, 0x0) 2018/02/26 09:38:23 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_buf(r0, 0x29, 0x44, &(0x7f0000ab2fe2)=""/30, &(0x7f00007db000)=0x1e) 2018/02/26 09:38:23 executing program 1: r0 = socket(0x10, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000504000)={&(0x7f0000ba2ff4)={0x10}, 0xc, &(0x7f0000434ff0)={&(0x7f0000ff8000)=@newlink={0x3c, 0x10, 0x9, 0xffffffffffffffff, 0xffffffffffffffff, {}, [@IFLA_IFNAME={0x14, 0x3, @syzn={0x73, 0x79, 0x7a, 0x0}}, @IFLA_AF_SPEC={0x8, 0x1a, [{0x4, 0xa}]}]}, 0x3c}, 0x1}, 0x0) 2018/02/26 09:38:23 executing program 7: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETAW(r0, 0x5402, &(0x7f00000b8fec)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0xc1f5}) 2018/02/26 09:38:23 executing program 5: r0 = memfd_create(&(0x7f0000bee000)='mime_typemime_type/bdev\x00', 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000b18ff6)='ns/uts\x00') sendfile(r0, r1, &(0x7f00003c8ff8), 0x7ff) 2018/02/26 09:38:23 executing program 3: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000002000)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) rt_tgsigqueueinfo(0x0, 0x0, 0x0, &(0x7f0000013ff0)) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x2, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000b26000), &(0x7f0000ea9ffc), &(0x7f0000bf2ffc), &(0x7f00003b8f33)) ioctl$UFFDIO_ZEROPAGE(r0, 0x8010aa02, &(0x7f00000c0ff0)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/02/26 09:38:23 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x19, &(0x7f0000a56000)=0x1, 0x4) listen(r0, 0x0) shutdown(r0, 0x0) setsockopt$sock_int(r1, 0x1, 0x7, &(0x7f00006bfffc), 0x4) 2018/02/26 09:38:23 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x2000000000006, &(0x7f0000425000), 0x4) 2018/02/26 09:38:23 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f00000a9ff0)=[{&(0x7f000006b000)="580000001400192300a14b80040d8c560a0600000000e076489643d818fe5800000004ca8164643e8900050028635a0004fbf50e0000d9ffffffff03001c04ed5e000000000005000d000100000400000300046b0f536e7e", 0x58}], 0x1) 2018/02/26 09:38:23 executing program 1: r0 = socket(0x10, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000504000)={&(0x7f0000ba2ff4)={0x10}, 0xc, &(0x7f0000434ff0)={&(0x7f0000ff8000)=@newlink={0x3c, 0x10, 0x9, 0xffffffffffffffff, 0xffffffffffffffff, {}, [@IFLA_IFNAME={0x14, 0x3, @syzn={0x73, 0x79, 0x7a, 0x0}}, @IFLA_AF_SPEC={0x8, 0x1a, [{0x4, 0xa}]}]}, 0x3c}, 0x1}, 0x0) 2018/02/26 09:38:23 executing program 2: r0 = socket(0x10, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000504000)={&(0x7f0000ba2ff4)={0x10}, 0xc, &(0x7f0000434ff0)={&(0x7f0000ff8000)=@newlink={0x3c, 0x10, 0x9, 0xffffffffffffffff, 0xffffffffffffffff, {}, [@IFLA_IFNAME={0x14, 0x3, @syzn={0x73, 0x79, 0x7a, 0x0}}, @IFLA_AF_SPEC={0x8, 0x1a, [{0x4, 0xa}]}]}, 0x3c}, 0x1}, 0x0) 2018/02/26 09:38:23 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000002000)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000011000)={{&(0x7f0000797000/0x4000)=nil, 0x4000}}) pwrite64(0xffffffffffffffff, &(0x7f000082f000), 0x0, 0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0x8010aa02, &(0x7f0000001ff0)={&(0x7f0000011000/0x3000)=nil, 0x3000}) munmap(&(0x7f0000160000/0x3000)=nil, 0x3000) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x10, 0xffffffffffffffff, 0x0) 2018/02/26 09:38:23 executing program 4: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f0000529ff8)='./file0\x00', &(0x7f000079eff8)='./file0\x00', &(0x7f0000d06ffa)='tmpfs\x00', 0x0, &(0x7f0000232f28)="8f7b8083f07ee079c4e62c34") 2018/02/26 09:38:23 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f00009c8000), &(0x7f0000c7b000)=0xfffffffffffffee6) 2018/02/26 09:38:23 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet6_MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, &(0x7f0000001000)={{0xa, 0xffffffffffffffff, 0x0, @empty}, {0xa, 0xffffffffffffffff, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff, 0xbb}}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}, 0x5c) mprotect(&(0x7f0000008000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet_int(r0, 0x0, 0x40, &(0x7f0000000ffc), 0x4) 2018/02/26 09:38:23 executing program 7: r0 = socket$inet6(0xa, 0x802, 0x0) connect$inet6(r0, &(0x7f00003adfe4)={0xa, 0xffffffffffffffff, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000595fe4)={0xa, 0xffffffffffffffff, 0x0, @mcast1={0xff, 0x1, [], 0x1}, 0x80001}, 0x1c) sendmsg(r0, &(0x7f0000cdbfc8)={0x0, 0x0, &(0x7f00003c8000)=[], 0x0, &(0x7f0000e31000)=[]}, 0x0) 2018/02/26 09:38:23 executing program 6: r0 = inotify_init1(0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000fa1000)={0x0}, &(0x7f0000fa1000)=0xc) fcntl$setown(r0, 0x8, r1) fcntl$getownex(r0, 0x10, &(0x7f0000761ff8)={0x0, 0x0}) ptrace$setopts(0x4206, r2, 0x0, 0x0) ptrace(0x4207, r2) chown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) ptrace$getenv(0x4201, r2, 0x0, &(0x7f0000000140)) 2018/02/26 09:38:23 executing program 1: r0 = socket(0x10, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000504000)={&(0x7f0000ba2ff4)={0x10}, 0xc, &(0x7f0000434ff0)={&(0x7f0000ff8000)=@newlink={0x3c, 0x10, 0x9, 0xffffffffffffffff, 0xffffffffffffffff, {}, [@IFLA_IFNAME={0x14, 0x3, @syzn={0x73, 0x79, 0x7a, 0x0}}, @IFLA_AF_SPEC={0x8, 0x1a, [{0x4, 0xa}]}]}, 0x3c}, 0x1}, 0x0) 2018/02/26 09:38:23 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f000014f000)={&(0x7f00003c7ff4)={0x10}, 0xc, &(0x7f0000bd7000)={&(0x7f0000648eac)=@newsa={0x140, 0x10, 0x717, 0xffffffffffffffff, 0xffffffffffffffff, {{@in6=@mcast2={0xff, 0x2, [], 0x1}, @in6=@ipv4={[], [0xff, 0xff], @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}}}, {@in6=@empty, 0xffffffffffffffff, 0x33}, @in=@empty, {}, {}, {}, 0xffffffffffffffff, 0xffffffffffffffff, 0xa}, [@extra_flags={0x8, 0x18, 0x9}, @algo_auth={0x48, 0x1, {{'md5\x00'}}}]}, 0x140}, 0x1}, 0x0) 2018/02/26 09:38:23 executing program 2: r0 = socket(0x10, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000504000)={&(0x7f0000ba2ff4)={0x10}, 0xc, &(0x7f0000434ff0)={&(0x7f0000ff8000)=@newlink={0x3c, 0x10, 0x9, 0xffffffffffffffff, 0xffffffffffffffff, {}, [@IFLA_IFNAME={0x14, 0x3, @syzn={0x73, 0x79, 0x7a, 0x0}}, @IFLA_AF_SPEC={0x8, 0x1a, [{0x4, 0xa}]}]}, 0x3c}, 0x1}, 0x0) 2018/02/26 09:38:23 executing program 4: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f0000529ff8)='./file0\x00', &(0x7f000079eff8)='./file0\x00', &(0x7f0000d06ffa)='tmpfs\x00', 0x0, &(0x7f0000232f28)="8f7b8083f07ee079c4e62c34") [ 44.575094] tmpfs: No value for mount option '{~y,4' [ 44.595692] FAULT_FLAG_ALLOW_RETRY missing 30 [ 44.600244] CPU: 0 PID: 5636 Comm: syz-executor0 Not tainted 4.4.118-g5f7f76a #24 [ 44.607849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.617187] 0000000000000000 0bf5d44ccda93280 ffff8800b384f6d0 ffffffff81d0402d 2018/02/26 09:38:23 executing program 6: r0 = inotify_init1(0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000fa1000)={0x0}, &(0x7f0000fa1000)=0xc) fcntl$setown(r0, 0x8, r1) fcntl$getownex(r0, 0x10, &(0x7f0000761ff8)={0x0, 0x0}) ptrace$setopts(0x4206, r2, 0x0, 0x0) ptrace(0x4207, r2) chown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) ptrace$getenv(0x4201, r2, 0x0, &(0x7f0000000140)) 2018/02/26 09:38:23 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f000014f000)={&(0x7f00003c7ff4)={0x10}, 0xc, &(0x7f0000bd7000)={&(0x7f0000648eac)=@newsa={0x140, 0x10, 0x717, 0xffffffffffffffff, 0xffffffffffffffff, {{@in6=@mcast2={0xff, 0x2, [], 0x1}, @in6=@ipv4={[], [0xff, 0xff], @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}}}, {@in6=@empty, 0xffffffffffffffff, 0x33}, @in=@empty, {}, {}, {}, 0xffffffffffffffff, 0xffffffffffffffff, 0xa}, [@extra_flags={0x8, 0x18, 0x9}, @algo_auth={0x48, 0x1, {{'md5\x00'}}}]}, 0x140}, 0x1}, 0x0) 2018/02/26 09:38:23 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f00000a9ff0)=[{&(0x7f000006b000)="580000001400192300a14b80040d8c560a0600000000e076489643d818fe5800000004ca8164643e8900050028635a0004fbf50e0000d9ffffffff03001c04ed5e000000000005000d000100000400000300046b0f536e7e", 0x58}], 0x1) 2018/02/26 09:38:23 executing program 1: r0 = socket(0x10, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000504000)={&(0x7f0000ba2ff4)={0x10}, 0xc, &(0x7f0000434ff0)={&(0x7f0000ff8000)=@newlink={0x3c, 0x10, 0x9, 0xffffffffffffffff, 0xffffffffffffffff, {}, [@IFLA_IFNAME={0x14, 0x3, @syzn={0x73, 0x79, 0x7a, 0x0}}, @IFLA_AF_SPEC={0x8, 0x1a, [{0x4, 0xa}]}]}, 0x3c}, 0x1}, 0x0) [ 44.625245] ffff8801d1fee780 1ffff10016709ee7 ffff8800b384f858 0000000000000000 [ 44.633271] 0000000000000000 ffff8800b384f880 ffffffff816072a5 ffffffff81237410 [ 44.641304] Call Trace: [ 44.643883] [] dump_stack+0xc1/0x124 [ 44.649234] [] handle_userfault+0x715/0xf50 [ 44.655204] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 44.655643] tmpfs: No value for mount option '{~y,4' [ 44.667904] [] ? userfaultfd_ioctl+0x2040/0x2040 2018/02/26 09:38:23 executing program 7: r0 = syz_open_dev$mice(&(0x7f00006a6ff0)='/dev/input/mice\x00', 0x0, 0x8000000000000001) writev(r0, &(0x7f0000fb9f70)=[{&(0x7f0000ab7000)="ccaeeba9955da50466355a3d89a3371d04e35dfb62132f3ca8532c8216003cddd5a4f764ee78c136a6ebb9e998257912da3cceae58d6341bd5442c899a0bb09ed5578347ace091136c5ff32bd4ff", 0x4e}], 0x1) [ 44.674297] [] ? __lock_is_held+0xa1/0xf0 [ 44.680089] [] ? handle_mm_fault+0xb5d/0x3190 [ 44.686223] [] ? handle_mm_fault+0x291e/0x3190 [ 44.692443] [] handle_mm_fault+0x2938/0x3190 [ 44.699304] [] ? copy_page_range+0x1480/0x1480 [ 44.705529] [] ? __do_page_fault+0x780/0xa00 [ 44.711573] [] ? vmacache_find+0x57/0x290 [ 44.717364] [] __do_page_fault+0x35b/0xa00 [ 44.723236] [] do_page_fault+0x27/0x30 [ 44.728762] [] page_fault+0x28/0x30 [ 44.734032] [] ? copy_user_generic_unrolled+0x86/0xc0 [ 44.740860] [] ? userfaultfd_ioctl+0x11a8/0x2040 [ 44.747248] [] ? hash_futex+0x210/0x210 [ 44.752847] [] ? entry_SYSCALL_64_fastpath+0x1c/0x98 [ 44.759585] [] ? userfaultfd_release+0x5a0/0x5a0 [ 44.765971] [] ? __lock_acquire+0xb5f/0x4b50 [ 44.772001] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 44.778984] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 44.785969] [] ? lockdep_init_map+0xeb/0x1690 [ 44.792086] [] ? userfaultfd_release+0x5a0/0x5a0 [ 44.798464] [] do_vfs_ioctl+0x7aa/0xee0 [ 44.804057] [] ? ioctl_preallocate+0x1f0/0x1f0 [ 44.810265] [] ? do_close_on_exec+0x210/0x300 [ 44.816387] [] ? __fget+0x23a/0x3b0 [ 44.821635] [] ? __fget+0x47/0x3b0 [ 44.826795] [] ? security_file_ioctl+0x89/0xb0 [ 44.832996] [] SyS_ioctl+0x8f/0xc0 [ 44.838157] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 44.862077] FAULT_FLAG_ALLOW_RETRY missing 30 [ 44.866675] CPU: 1 PID: 5644 Comm: syz-executor0 Not tainted 4.4.118-g5f7f76a #24 [ 44.874281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.883614] 0000000000000000 263d6ab579a50b47 ffff8800ab20f6d0 ffffffff81d0402d [ 44.891583] ffff8800acf72900 1ffff10015641ee7 ffff8800ab20f858 0000000000000000 [ 44.899575] 0000000000000000 ffff8800ab20f880 ffffffff816072a5 ffffffff81237410 [ 44.907548] Call Trace: [ 44.910106] [] dump_stack+0xc1/0x124 [ 44.915442] [] handle_userfault+0x715/0xf50 [ 44.921385] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 44.928367] [] ? userfaultfd_ioctl+0x2040/0x2040 [ 44.934754] [] ? handle_mm_fault+0xb5d/0x3190 [ 44.940867] [] ? handle_mm_fault+0x291e/0x3190 [ 44.947071] [] handle_mm_fault+0x2938/0x3190 [ 44.953098] [] ? copy_page_range+0x1480/0x1480 [ 44.959393] [] ? __do_page_fault+0x780/0xa00 [ 44.965419] [] ? vmacache_find+0x57/0x290 [ 44.971188] [] __do_page_fault+0x35b/0xa00 [ 44.977041] [] do_page_fault+0x27/0x30 [ 44.982552] [] page_fault+0x28/0x30 [ 44.987809] [] ? copy_user_generic_unrolled+0x86/0xc0 [ 44.994620] [] ? userfaultfd_ioctl+0x11a8/0x2040 [ 45.001012] [] ? hash_futex+0x210/0x210 [ 45.006607] [] ? perf_event_comm+0x1a0/0x1a0 [ 45.012648] [] ? __rb_insert_augmented+0x247/0xe90 [ 45.019197] [] ? userfaultfd_release+0x5a0/0x5a0 [ 45.025575] [] ? __lock_acquire+0xb5f/0x4b50 [ 45.031603] [] ? vma_wants_writenotify+0x49/0x370 [ 45.038066] [] ? vma_set_page_prot+0x10b/0x150 [ 45.044267] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 45.051251] [] ? vm_mmap_pgoff+0x180/0x1c0 [ 45.057110] [] ? userfaultfd_release+0x5a0/0x5a0 [ 45.063488] [] do_vfs_ioctl+0x7aa/0xee0 [ 45.069084] [] ? ioctl_preallocate+0x1f0/0x1f0 2018/02/26 09:38:24 executing program 4: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f0000529ff8)='./file0\x00', &(0x7f000079eff8)='./file0\x00', &(0x7f0000d06ffa)='tmpfs\x00', 0x0, &(0x7f0000232f28)="8f7b8083f07ee079c4e62c34") 2018/02/26 09:38:24 executing program 6: r0 = inotify_init1(0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000fa1000)={0x0}, &(0x7f0000fa1000)=0xc) fcntl$setown(r0, 0x8, r1) fcntl$getownex(r0, 0x10, &(0x7f0000761ff8)={0x0, 0x0}) ptrace$setopts(0x4206, r2, 0x0, 0x0) ptrace(0x4207, r2) chown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) ptrace$getenv(0x4201, r2, 0x0, &(0x7f0000000140)) 2018/02/26 09:38:24 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f000014f000)={&(0x7f00003c7ff4)={0x10}, 0xc, &(0x7f0000bd7000)={&(0x7f0000648eac)=@newsa={0x140, 0x10, 0x717, 0xffffffffffffffff, 0xffffffffffffffff, {{@in6=@mcast2={0xff, 0x2, [], 0x1}, @in6=@ipv4={[], [0xff, 0xff], @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}}}, {@in6=@empty, 0xffffffffffffffff, 0x33}, @in=@empty, {}, {}, {}, 0xffffffffffffffff, 0xffffffffffffffff, 0xa}, [@extra_flags={0x8, 0x18, 0x9}, @algo_auth={0x48, 0x1, {{'md5\x00'}}}]}, 0x140}, 0x1}, 0x0) 2018/02/26 09:38:24 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f00000a9ff0)=[{&(0x7f000006b000)="580000001400192300a14b80040d8c560a0600000000e076489643d818fe5800000004ca8164643e8900050028635a0004fbf50e0000d9ffffffff03001c04ed5e000000000005000d000100000400000300046b0f536e7e", 0x58}], 0x1) 2018/02/26 09:38:24 executing program 2: r0 = socket(0x10, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000504000)={&(0x7f0000ba2ff4)={0x10}, 0xc, &(0x7f0000434ff0)={&(0x7f0000ff8000)=@newlink={0x3c, 0x10, 0x9, 0xffffffffffffffff, 0xffffffffffffffff, {}, [@IFLA_IFNAME={0x14, 0x3, @syzn={0x73, 0x79, 0x7a, 0x0}}, @IFLA_AF_SPEC={0x8, 0x1a, [{0x4, 0xa}]}]}, 0x3c}, 0x1}, 0x0) 2018/02/26 09:38:24 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x10, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f000001bfc8)={&(0x7f0000019000)={0x10}, 0xc, &(0x7f000000b000)={&(0x7f0000024f48)=@ipv6_delroute={0x28, 0x19, 0x60d, 0xffffffffffffffff, 0xffffffffffffffff, {0xa}, [@RTA_MULTIPATH={0xc, 0x9, [{}]}]}, 0x28}, 0x1}, 0x0) 2018/02/26 09:38:24 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000002000)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000011000)={{&(0x7f0000797000/0x4000)=nil, 0x4000}}) pwrite64(0xffffffffffffffff, &(0x7f000082f000), 0x0, 0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0x8010aa02, &(0x7f0000001ff0)={&(0x7f0000011000/0x3000)=nil, 0x3000}) munmap(&(0x7f0000160000/0x3000)=nil, 0x3000) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x10, 0xffffffffffffffff, 0x0) 2018/02/26 09:38:24 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000002000)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000011000)={{&(0x7f0000797000/0x4000)=nil, 0x4000}}) pwrite64(0xffffffffffffffff, &(0x7f000082f000), 0x0, 0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0x8010aa02, &(0x7f0000001ff0)={&(0x7f0000011000/0x3000)=nil, 0x3000}) munmap(&(0x7f0000160000/0x3000)=nil, 0x3000) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x10, 0xffffffffffffffff, 0x0) 2018/02/26 09:38:24 executing program 6: r0 = inotify_init1(0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000fa1000)={0x0}, &(0x7f0000fa1000)=0xc) fcntl$setown(r0, 0x8, r1) fcntl$getownex(r0, 0x10, &(0x7f0000761ff8)={0x0, 0x0}) ptrace$setopts(0x4206, r2, 0x0, 0x0) ptrace(0x4207, r2) chown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) ptrace$getenv(0x4201, r2, 0x0, &(0x7f0000000140)) [ 45.075284] [] ? do_close_on_exec+0x210/0x300 [ 45.081398] [] ? __fget+0x23a/0x3b0 [ 45.086644] [] ? __fget+0x47/0x3b0 [ 45.091816] [] ? security_file_ioctl+0x89/0xb0 [ 45.098016] [] SyS_ioctl+0x8f/0xc0 [ 45.103194] [] entry_SYSCALL_64_fastpath+0x1c/0x98 2018/02/26 09:38:24 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f00000a9ff0)=[{&(0x7f000006b000)="580000001400192300a14b80040d8c560a0600000000e076489643d818fe5800000004ca8164643e8900050028635a0004fbf50e0000d9ffffffff03001c04ed5e000000000005000d000100000400000300046b0f536e7e", 0x58}], 0x1) 2018/02/26 09:38:24 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt(r0, 0x0, 0x16, &(0x7f0000446000), 0x0) 2018/02/26 09:38:24 executing program 5: creat(&(0x7f0000000000)='./file0\x00', 0x0) lgetxattr(&(0x7f0000001000)='./file0\x00', &(0x7f0000002000)=@known="73797374656d2e706f7369785f61636c5f61636365737301", &(0x7f0000000fc7)=""/57, 0x39) [ 45.164465] tmpfs: No value for mount option '{~y,4' [ 45.180371] FAULT_FLAG_ALLOW_RETRY missing 30 [ 45.184004] FAULT_FLAG_ALLOW_RETRY missing 30 [ 45.184015] CPU: 0 PID: 5683 Comm: syz-executor0 Not tainted 4.4.118-g5f7f76a #24 [ 45.184020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.184032] 0000000000000000 ffe1c13848fd40df ffff8801c52ef6d0 ffffffff81d0402d [ 45.184042] ffff8801d1fee900 1ffff10038a5dee7 ffff8801c52ef858 0000000000000000 [ 45.184052] 0000000000000000 ffff8801c52ef880 ffffffff816072a5 ffffffff81237410 [ 45.184054] Call Trace: [ 45.184068] [] dump_stack+0xc1/0x124 [ 45.184078] [] handle_userfault+0x715/0xf50 [ 45.184088] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 45.184099] [] ? userfaultfd_ioctl+0x2040/0x2040 [ 45.184107] [] ? __lock_is_held+0xa1/0xf0 [ 45.184116] [] ? handle_mm_fault+0xb5d/0x3190 [ 45.184124] [] ? handle_mm_fault+0x291e/0x3190 [ 45.184132] [] handle_mm_fault+0x2938/0x3190 [ 45.184140] [] ? copy_page_range+0x1480/0x1480 [ 45.184148] [] ? __do_page_fault+0x780/0xa00 [ 45.184155] [] ? vmacache_find+0x57/0x290 [ 45.184163] [] __do_page_fault+0x35b/0xa00 [ 45.184170] [] do_page_fault+0x27/0x30 [ 45.184178] [] page_fault+0x28/0x30 [ 45.184187] [] ? copy_user_generic_unrolled+0x86/0xc0 [ 45.184195] [] ? userfaultfd_ioctl+0x11a8/0x2040 [ 45.184202] [] ? hash_futex+0x210/0x210 [ 45.184210] [] ? entry_SYSCALL_64_fastpath+0x1c/0x98 [ 45.184218] [] ? userfaultfd_release+0x5a0/0x5a0 [ 45.184226] [] ? __lock_acquire+0xb5f/0x4b50 [ 45.184234] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 45.184241] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 45.184248] [] ? lockdep_init_map+0xeb/0x1690 [ 45.184257] [] ? userfaultfd_release+0x5a0/0x5a0 [ 45.184265] [] do_vfs_ioctl+0x7aa/0xee0 [ 45.184272] [] ? ioctl_preallocate+0x1f0/0x1f0 [ 45.184279] [] ? do_close_on_exec+0x210/0x300 [ 45.184286] [] ? __fget+0x23a/0x3b0 [ 45.184292] [] ? __fget+0x47/0x3b0 [ 45.184301] [] ? security_file_ioctl+0x89/0xb0 [ 45.184308] [] SyS_ioctl+0x8f/0xc0 [ 45.184315] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 45.427441] CPU: 0 PID: 5677 Comm: syz-executor7 Not tainted 4.4.118-g5f7f76a #24 [ 45.435073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.444415] 0000000000000000 56cf908a1af8d40e ffff8800aac5f6d0 ffffffff81d0402d [ 45.452406] ffff8800acf72a80 1ffff1001558bee7 ffff8800aac5f858 0000000000000000 [ 45.460396] 0000000000000000 ffff8800aac5f880 ffffffff816072a5 ffffffff81237410 [ 45.468405] Call Trace: [ 45.470969] [] dump_stack+0xc1/0x124 [ 45.476306] [] handle_userfault+0x715/0xf50 [ 45.482249] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 45.489233] [] ? userfaultfd_ioctl+0x2040/0x2040 [ 45.495616] [] ? handle_mm_fault+0xb5d/0x3190 [ 45.501732] [] ? handle_mm_fault+0x291e/0x3190 [ 45.507945] [] handle_mm_fault+0x2938/0x3190 [ 45.513984] [] ? copy_page_range+0x1480/0x1480 [ 45.520199] [] ? __do_page_fault+0x780/0xa00 [ 45.526230] [] ? vmacache_find+0x57/0x290 [ 45.532004] [] __do_page_fault+0x35b/0xa00 [ 45.537859] [] do_page_fault+0x27/0x30 [ 45.543373] [] page_fault+0x28/0x30 [ 45.548627] [] ? copy_user_generic_unrolled+0x86/0xc0 [ 45.555440] [] ? userfaultfd_ioctl+0x11a8/0x2040 [ 45.561818] [] ? hash_futex+0x210/0x210 [ 45.567414] [] ? entry_SYSCALL_64_fastpath+0x1c/0x98 [ 45.574139] [] ? userfaultfd_release+0x5a0/0x5a0 [ 45.580530] [] ? __lock_acquire+0xb5f/0x4b50 [ 45.586565] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 45.593552] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 45.600537] [] ? lockdep_init_map+0xeb/0x1690 [ 45.606656] [] ? userfaultfd_release+0x5a0/0x5a0 2018/02/26 09:38:24 executing program 2: clone(0x0, &(0x7f0000b82ffd), &(0x7f0000768000), &(0x7f0000197000), &(0x7f00007e7f96)) seccomp(0x0, 0x0, &(0x7f0000044ff0)={0x0, &(0x7f0000000000)=[]}) 2018/02/26 09:38:24 executing program 6: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000b4508a)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x2) mmap(&(0x7f00006ff000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) mmap(&(0x7f00003f5000/0x2000)=nil, 0x2000, 0x0, 0x1011, r0, 0x0) 2018/02/26 09:38:24 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f000014f000)={&(0x7f00003c7ff4)={0x10}, 0xc, &(0x7f0000bd7000)={&(0x7f0000648eac)=@newsa={0x140, 0x10, 0x717, 0xffffffffffffffff, 0xffffffffffffffff, {{@in6=@mcast2={0xff, 0x2, [], 0x1}, @in6=@ipv4={[], [0xff, 0xff], @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}}}, {@in6=@empty, 0xffffffffffffffff, 0x33}, @in=@empty, {}, {}, {}, 0xffffffffffffffff, 0xffffffffffffffff, 0xa}, [@extra_flags={0x8, 0x18, 0x9}, @algo_auth={0x48, 0x1, {{'md5\x00'}}}]}, 0x140}, 0x1}, 0x0) 2018/02/26 09:38:24 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000002000)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000011000)={{&(0x7f0000797000/0x4000)=nil, 0x4000}}) pwrite64(0xffffffffffffffff, &(0x7f000082f000), 0x0, 0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0x8010aa02, &(0x7f0000001ff0)={&(0x7f0000011000/0x3000)=nil, 0x3000}) munmap(&(0x7f0000160000/0x3000)=nil, 0x3000) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x10, 0xffffffffffffffff, 0x0) 2018/02/26 09:38:24 executing program 1: r0 = socket(0xa, 0x1, 0x0) ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x100000003, 0x0, []}) ioctl(r0, 0x8918, &(0x7f0000000000)) 2018/02/26 09:38:24 executing program 5: creat(&(0x7f0000000000)='./file0\x00', 0x0) lgetxattr(&(0x7f0000001000)='./file0\x00', &(0x7f0000002000)=@known="73797374656d2e706f7369785f61636c5f61636365737301", &(0x7f0000000fc7)=""/57, 0x39) 2018/02/26 09:38:24 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000002000)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000011000)={{&(0x7f0000797000/0x4000)=nil, 0x4000}}) pwrite64(0xffffffffffffffff, &(0x7f000082f000), 0x0, 0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0x8010aa02, &(0x7f0000001ff0)={&(0x7f0000011000/0x3000)=nil, 0x3000}) munmap(&(0x7f0000160000/0x3000)=nil, 0x3000) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x10, 0xffffffffffffffff, 0x0) 2018/02/26 09:38:24 executing program 4: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f0000529ff8)='./file0\x00', &(0x7f000079eff8)='./file0\x00', &(0x7f0000d06ffa)='tmpfs\x00', 0x0, &(0x7f0000232f28)="8f7b8083f07ee079c4e62c34") [ 45.613033] [] do_vfs_ioctl+0x7aa/0xee0 [ 45.618629] [] ? ioctl_preallocate+0x1f0/0x1f0 [ 45.624838] [] ? do_close_on_exec+0x210/0x300 [ 45.630955] [] ? __fget+0x23a/0x3b0 [ 45.636204] [] ? __fget+0x47/0x3b0 [ 45.641368] [] ? security_file_ioctl+0x89/0xb0 [ 45.647573] [] SyS_ioctl+0x8f/0xc0 [ 45.652735] [] entry_SYSCALL_64_fastpath+0x1c/0x98 2018/02/26 09:38:24 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000000), 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/enforce\x00', 0x0, 0x0) dup2(r1, r0) 2018/02/26 09:38:24 executing program 5: creat(&(0x7f0000000000)='./file0\x00', 0x0) lgetxattr(&(0x7f0000001000)='./file0\x00', &(0x7f0000002000)=@known="73797374656d2e706f7369785f61636c5f61636365737301", &(0x7f0000000fc7)=""/57, 0x39) 2018/02/26 09:38:24 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00001b4ff6)='/dev/ptmx\x00', 0x0, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000372ff4)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000c24000)) 2018/02/26 09:38:24 executing program 2: clone(0x0, &(0x7f0000b82ffd), &(0x7f0000768000), &(0x7f0000197000), &(0x7f00007e7f96)) seccomp(0x0, 0x0, &(0x7f0000044ff0)={0x0, &(0x7f0000000000)=[]}) 2018/02/26 09:38:24 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000013fc8)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f000000d379)={&(0x7f0000007000)={0x14, 0x16, 0x401, 0xffffffffffffffff, 0xffffffffffffffff, {0x4000a}, []}, 0x14}, 0x1}, 0x0) [ 45.704616] tmpfs: No value for mount option '{~y,4' [ 45.715782] FAULT_FLAG_ALLOW_RETRY missing 30 [ 45.720623] CPU: 1 PID: 5699 Comm: syz-executor7 Not tainted 4.4.118-g5f7f76a #24 [ 45.722933] FAULT_FLAG_ALLOW_RETRY missing 30 [ 45.732704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 2018/02/26 09:38:24 executing program 2: clone(0x0, &(0x7f0000b82ffd), &(0x7f0000768000), &(0x7f0000197000), &(0x7f00007e7f96)) seccomp(0x0, 0x0, &(0x7f0000044ff0)={0x0, &(0x7f0000000000)=[]}) 2018/02/26 09:38:24 executing program 6: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000fb9fc8)={&(0x7f0000397ff4)={0x10}, 0xc, &(0x7f0000fe8000)={&(0x7f0000c06d10)=@updsa={0x120, 0x1a, 0xa09, 0xffffffffffffffff, 0xffffffffffffffff, {{@in=@dev={0xac, 0x14}, @in=@local={0xac, 0x14, 0xffffffffffffffff, 0xaa}}, {@in6=@ipv4={[], [0xff, 0xff], @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}}, 0xffffffffffffffff, 0x3c}, @in=@empty, {}, {}, {}, 0xffffffffffffffff, 0xffffffffffffffff, 0x2, 0x0, 0x0, 0x256e268dd0e382cf}, [@replay_esn_val={0x1c, 0x17, {0x40000000000001cb, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, []}}, @coaddr={0x14, 0xe, @in=@loopback=0x7f000001}]}, 0x120}, 0x1}, 0x0) 2018/02/26 09:38:24 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000000), 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/enforce\x00', 0x0, 0x0) dup2(r1, r0) [ 45.740702] audit: type=1400 audit(1519637904.735:7): avc: denied { create } for pid=5717 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 45.765984] 0000000000000000 b98f14139b69b44d ffff8801d97976d0 ffffffff81d0402d [ 45.774014] ffff8800acf72c00 1ffff1003b2f2ee7 ffff8801d9797858 0000000000000000 [ 45.782035] 0000000000000000 ffff8801d9797880 ffffffff816072a5 ffffffff81237410 [ 45.790059] Call Trace: [ 45.792638] [] dump_stack+0xc1/0x124 [ 45.798010] [] handle_userfault+0x715/0xf50 [ 45.803992] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 45.811009] [] ? userfaultfd_ioctl+0x2040/0x2040 [ 45.817406] [] ? __lock_is_held+0xa1/0xf0 [ 45.823200] [] ? handle_mm_fault+0xb5d/0x3190 [ 45.829335] [] ? handle_mm_fault+0x291e/0x3190 [ 45.835562] [] handle_mm_fault+0x2938/0x3190 [ 45.841609] [] ? copy_page_range+0x1480/0x1480 [ 45.847826] [] ? __do_page_fault+0x780/0xa00 [ 45.853860] [] ? vmacache_find+0x57/0x290 [ 45.859637] [] __do_page_fault+0x35b/0xa00 [ 45.865502] [] do_page_fault+0x27/0x30 [ 45.871020] [] page_fault+0x28/0x30 [ 45.876278] [] ? copy_user_generic_unrolled+0x86/0xc0 [ 45.883100] [] ? userfaultfd_ioctl+0x11a8/0x2040 [ 45.889486] [] ? hash_futex+0x210/0x210 [ 45.895094] [] ? entry_SYSCALL_64_fastpath+0x1c/0x98 [ 45.901826] [] ? userfaultfd_release+0x5a0/0x5a0 [ 45.908211] [] ? __lock_acquire+0xb5f/0x4b50 [ 45.914248] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 45.921242] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 45.928233] [] ? lockdep_init_map+0xeb/0x1690 [ 45.934357] [] ? userfaultfd_release+0x5a0/0x5a0 [ 45.940742] [] do_vfs_ioctl+0x7aa/0xee0 [ 45.946429] [] ? ioctl_preallocate+0x1f0/0x1f0 [ 45.952643] [] ? do_close_on_exec+0x210/0x300 [ 45.958769] [] ? __fget+0x23a/0x3b0 [ 45.964021] [] ? __fget+0x47/0x3b0 [ 45.969196] [] ? security_file_ioctl+0x89/0xb0 [ 45.975408] [] SyS_ioctl+0x8f/0xc0 [ 45.980577] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 45.987135] CPU: 0 PID: 5703 Comm: syz-executor0 Not tainted 4.4.118-g5f7f76a #24 [ 45.994772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.004119] 0000000000000000 4700421cec8ee0d7 ffff8801d92a76d0 ffffffff81d0402d [ 46.012146] ffff8800acf72d80 1ffff1003b254ee7 ffff8801d92a7858 0000000000000000 [ 46.020140] 0000000000000000 ffff8801d92a7880 ffffffff816072a5 ffffffff81237410 [ 46.028109] Call Trace: [ 46.030671] [] dump_stack+0xc1/0x124 [ 46.036008] [] handle_userfault+0x715/0xf50 [ 46.041949] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 46.048930] [] ? userfaultfd_ioctl+0x2040/0x2040 [ 46.055304] [] ? __lock_is_held+0xa1/0xf0 [ 46.061074] [] ? handle_mm_fault+0xb5d/0x3190 [ 46.067186] [] ? handle_mm_fault+0x291e/0x3190 [ 46.073388] [] handle_mm_fault+0x2938/0x3190 [ 46.079415] [] ? copy_page_range+0x1480/0x1480 [ 46.085619] [] ? __do_page_fault+0x780/0xa00 [ 46.091647] [] ? vmacache_find+0x57/0x290 [ 46.097415] [] __do_page_fault+0x35b/0xa00 [ 46.103273] [] do_page_fault+0x27/0x30 [ 46.108780] [] page_fault+0x28/0x30 [ 46.114040] [] ? copy_user_generic_unrolled+0x86/0xc0 [ 46.120853] [] ? userfaultfd_ioctl+0x11a8/0x2040 [ 46.127228] [] ? hash_futex+0x210/0x210 [ 46.132843] [] ? entry_SYSCALL_64_fastpath+0x1c/0x98 [ 46.139575] [] ? userfaultfd_release+0x5a0/0x5a0 [ 46.145953] [] ? __lock_acquire+0xb5f/0x4b50 [ 46.151991] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 46.158979] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 46.165964] [] ? lockdep_init_map+0xeb/0x1690 [ 46.172081] [] ? userfaultfd_release+0x5a0/0x5a0 [ 46.178459] [] do_vfs_ioctl+0x7aa/0xee0 [ 46.184054] [] ? ioctl_preallocate+0x1f0/0x1f0 [ 46.190257] [] ? do_close_on_exec+0x210/0x300 [ 46.196371] [] ? __fget+0x23a/0x3b0 [ 46.201620] [] ? __fget+0x47/0x3b0 2018/02/26 09:38:25 executing program 6: r0 = syz_open_procfs(0x0, &(0x7f0000aeb000)='oom_score_adj\x00') r1 = syz_open_procfs(0x0, &(0x7f0000256ff8)='syscall\x00') sendfile(r0, r1, &(0x7f0000b55000)=0x4, 0x3) 2018/02/26 09:38:25 executing program 2: clone(0x0, &(0x7f0000b82ffd), &(0x7f0000768000), &(0x7f0000197000), &(0x7f00007e7f96)) seccomp(0x0, 0x0, &(0x7f0000044ff0)={0x0, &(0x7f0000000000)=[]}) 2018/02/26 09:38:25 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000002000)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000011000)={{&(0x7f0000797000/0x4000)=nil, 0x4000}}) pwrite64(0xffffffffffffffff, &(0x7f000082f000), 0x0, 0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0x8010aa02, &(0x7f0000001ff0)={&(0x7f0000011000/0x3000)=nil, 0x3000}) munmap(&(0x7f0000160000/0x3000)=nil, 0x3000) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x10, 0xffffffffffffffff, 0x0) 2018/02/26 09:38:25 executing program 5: creat(&(0x7f0000000000)='./file0\x00', 0x0) lgetxattr(&(0x7f0000001000)='./file0\x00', &(0x7f0000002000)=@known="73797374656d2e706f7369785f61636c5f61636365737301", &(0x7f0000000fc7)=""/57, 0x39) 2018/02/26 09:38:25 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000000), 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/enforce\x00', 0x0, 0x0) dup2(r1, r0) 2018/02/26 09:38:25 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000000), 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/enforce\x00', 0x0, 0x0) dup2(r1, r0) 2018/02/26 09:38:25 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000002000)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000011000)={{&(0x7f0000797000/0x4000)=nil, 0x4000}}) pwrite64(0xffffffffffffffff, &(0x7f000082f000), 0x0, 0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0x8010aa02, &(0x7f0000001ff0)={&(0x7f0000011000/0x3000)=nil, 0x3000}) munmap(&(0x7f0000160000/0x3000)=nil, 0x3000) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x10, 0xffffffffffffffff, 0x0) 2018/02/26 09:38:25 executing program 1: r0 = memfd_create(&(0x7f0000485000)="402670726f626b7379721a6e6700", 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000f36000)='/dev/snd/seq\x00', 0x0, 0x8000000000102) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f000030c000)={0x0, 0x0, 0x0, "98de7a8c5ae95ec8792c92150fc33a664f13eeab65c0322901ca6bd31bde2c51f06c5f0b014f9f91eeb7647c7240f476c8d75dd000aa8faf8fb5740200a6dc4d"}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f0000044000)) write$sndseq(r0, &(0x7f0000e6ffd0)=[{0x1e, 0x0, 0x0, 0x3fd, @tick, {}, {}, @note}], 0x30) 2018/02/26 09:38:25 executing program 2: r0 = socket(0x18, 0x0, 0x1) sendmmsg(0xffffffffffffffff, &(0x7f0000004fc4)=[{{&(0x7f0000003000)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @empty}, 0x10, &(0x7f0000004fa0)=[{&(0x7f0000002000)="4c5614c00401a0dbf8a669ebdedd102c4f7a79e606457dfdf09e2ec2ed253b", 0x1f}], 0x1, &(0x7f0000002d30)=[]}}], 0x1, 0x0) connect(r0, &(0x7f0000002000)=@sco={0x1f, {0x1}}, 0x26) ioctl$sock_SIOCOUTQ(r0, 0x80487436, &(0x7f0000005ffc)) [ 46.206781] [] ? security_file_ioctl+0x89/0xb0 [ 46.212983] [] SyS_ioctl+0x8f/0xc0 [ 46.218143] [] entry_SYSCALL_64_fastpath+0x1c/0x98 2018/02/26 09:38:25 executing program 6: capset(&(0x7f00001b4ff8)={0x19980330}, &(0x7f000077ffe8)) r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_buf(r0, 0x0, 0x63, &(0x7f0000001fe2)=""/30, &(0x7f0000000000)=0x1e) 2018/02/26 09:38:25 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000000), 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/enforce\x00', 0x0, 0x0) dup2(r1, r0) 2018/02/26 09:38:25 executing program 2: seccomp(0x1, 0x0, &(0x7f0000158000)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xffffffff}]}) r0 = memfd_create(&(0x7f0000000100)='posix_acl_access)wlan1}@wlan0.em1-\x00', 0x0) fsync(r0) 2018/02/26 09:38:25 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000000), 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/enforce\x00', 0x0, 0x0) dup2(r1, r0) 2018/02/26 09:38:25 executing program 5: unshare(0x40600) r0 = socket$unix(0x1, 0x805, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, "e91f7189591e9233614b"}, 0xc) listen(r0, 0x0) accept4(r0, &(0x7f0000b28000)=@un=@abs, &(0x7f0000b28ffc)=0x8, 0x0) 2018/02/26 09:38:25 executing program 7: r0 = socket$inet6(0xa, 0x80002, 0x0) getsockopt$inet6_int(r0, 0x29, 0x5, &(0x7f0000f61ffc), &(0x7f00009dfffc)=0x4) 2018/02/26 09:38:25 executing program 1: r0 = memfd_create(&(0x7f0000485000)="402670726f626b7379721a6e6700", 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000f36000)='/dev/snd/seq\x00', 0x0, 0x8000000000102) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f000030c000)={0x0, 0x0, 0x0, "98de7a8c5ae95ec8792c92150fc33a664f13eeab65c0322901ca6bd31bde2c51f06c5f0b014f9f91eeb7647c7240f476c8d75dd000aa8faf8fb5740200a6dc4d"}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f0000044000)) write$sndseq(r0, &(0x7f0000e6ffd0)=[{0x1e, 0x0, 0x0, 0x3fd, @tick, {}, {}, @note}], 0x30) 2018/02/26 09:38:25 executing program 6: vmsplice(0xffffffffffffffff, &(0x7f0000415000)=[], 0x200001e7, 0x0) 2018/02/26 09:38:25 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000000), 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/enforce\x00', 0x0, 0x0) dup2(r1, r0) 2018/02/26 09:38:25 executing program 3: ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000f89ffc)=0x0) r1 = syz_open_procfs(r0, &(0x7f0000ea8000)='smaps\x00') readv(r1, &(0x7f00009a5f80)=[{&(0x7f0000214000)=""/4096, 0x1000}], 0x1) r2 = memfd_create(&(0x7f0000a83fe5)="3afe39591b194fa808f1d14a28c0f7c26a995d1f73081d1af00a24", 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0x11, r2, 0x0) readv(r1, &(0x7f0000dc8ff8)=[{&(0x7f0000208000)=""/4096, 0x1000}], 0x1d3) 2018/02/26 09:38:25 executing program 7: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000f8b000)={{{@in=@remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}, @in6=@mcast1={0xff, 0x1, [], 0x1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xa, 0x20}, {}, {}, 0x0, 0xffffffffffffffff, 0x1}, {{@in=@dev={0xac, 0x14}}, 0x0, @in=@empty}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [0xff, 0xff], @loopback=0x7f000001}}, 0x1c) 2018/02/26 09:38:25 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f000082d000)={&(0x7f0000d55000)={0x10}, 0xc, &(0x7f00008b7ff0)={&(0x7f00003c0fdc)={0x18, 0x0, 0x2, 0x800000001, 0xffffffffffffffff, 0xffffffffffffffff, {}, [@nested={0x4, 0x2, []}]}, 0x18}, 0x1}, 0x0) 2018/02/26 09:38:25 executing program 4: r0 = socket(0x10, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000504000)={&(0x7f0000699000)={0x10}, 0xc, &(0x7f000009b000)={&(0x7f0000883fc4)=@newlink={0x34, 0x10, 0x8c00a512e0e9060f, 0xffffffffffffffff, 0xffffffffffffffff, {}, [@IFLA_IFNAME={0x14, 0x3, @syzn={0x73, 0x79, 0x7a, 0x0}}]}, 0x34}, 0x1}, 0x0) 2018/02/26 09:38:25 executing program 6: vmsplice(0xffffffffffffffff, &(0x7f0000415000)=[], 0x200001e7, 0x0) 2018/02/26 09:38:25 executing program 5: add_key$user(&(0x7f0000001ffb)='user\x00', &(0x7f0000000000)={0x73, 0x79, 0x7a}, &(0x7f0000000000)="5604797d237a03f284c20209b646e55e7e33a21a6850324e06e7e08e58e8f2b170f2bf5dd6bb8f1e61c1235ab3b78098f535c61c3e1dbab40655710b2416e4ef9a28e1e25b6ad3d2599960c9ca028d302d727f7f134cbed379fd72d3a2a81154d3a2389e5aaa5143b6f1cb62218f8ff5841f10a1246954f242cedfd02e90090ec9b0918aeaea72181798ec8e01e86f33244fe836a027ddcf3aad4102ecf5bf27bd9d18c5268c", 0xa6, 0xfffffffffffffffb) 2018/02/26 09:38:25 executing program 3: ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000f89ffc)=0x0) r1 = syz_open_procfs(r0, &(0x7f0000ea8000)='smaps\x00') readv(r1, &(0x7f00009a5f80)=[{&(0x7f0000214000)=""/4096, 0x1000}], 0x1) r2 = memfd_create(&(0x7f0000a83fe5)="3afe39591b194fa808f1d14a28c0f7c26a995d1f73081d1af00a24", 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0x11, r2, 0x0) readv(r1, &(0x7f0000dc8ff8)=[{&(0x7f0000208000)=""/4096, 0x1000}], 0x1d3) 2018/02/26 09:38:25 executing program 1: r0 = memfd_create(&(0x7f0000485000)="402670726f626b7379721a6e6700", 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000f36000)='/dev/snd/seq\x00', 0x0, 0x8000000000102) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f000030c000)={0x0, 0x0, 0x0, "98de7a8c5ae95ec8792c92150fc33a664f13eeab65c0322901ca6bd31bde2c51f06c5f0b014f9f91eeb7647c7240f476c8d75dd000aa8faf8fb5740200a6dc4d"}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f0000044000)) write$sndseq(r0, &(0x7f0000e6ffd0)=[{0x1e, 0x0, 0x0, 0x3fd, @tick, {}, {}, @note}], 0x30) 2018/02/26 09:38:25 executing program 2: ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000f89ffc)=0x0) r1 = syz_open_procfs(r0, &(0x7f0000ea8000)='smaps\x00') readv(r1, &(0x7f00009a5f80)=[{&(0x7f0000214000)=""/4096, 0x1000}], 0x1) r2 = memfd_create(&(0x7f0000a83fe5)="3afe39591b194fa808f1d14a28c0f7c26a995d1f73081d1af00a24", 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0x11, r2, 0x0) readv(r1, &(0x7f0000dc8ff8)=[{&(0x7f0000208000)=""/4096, 0x1000}], 0x1d3) 2018/02/26 09:38:25 executing program 6: vmsplice(0xffffffffffffffff, &(0x7f0000415000)=[], 0x200001e7, 0x0) 2018/02/26 09:38:25 executing program 0: creat(&(0x7f0000000000)='./file0\x00', 0x0) lgetxattr(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=@known='system.sockprotoname\x00', &(0x7f0000000100)=""/247, 0xf7) 2018/02/26 09:38:25 executing program 5: add_key$user(&(0x7f0000001ffb)='user\x00', &(0x7f0000000000)={0x73, 0x79, 0x7a}, &(0x7f0000000000)="5604797d237a03f284c20209b646e55e7e33a21a6850324e06e7e08e58e8f2b170f2bf5dd6bb8f1e61c1235ab3b78098f535c61c3e1dbab40655710b2416e4ef9a28e1e25b6ad3d2599960c9ca028d302d727f7f134cbed379fd72d3a2a81154d3a2389e5aaa5143b6f1cb62218f8ff5841f10a1246954f242cedfd02e90090ec9b0918aeaea72181798ec8e01e86f33244fe836a027ddcf3aad4102ecf5bf27bd9d18c5268c", 0xa6, 0xfffffffffffffffb) 2018/02/26 09:38:25 executing program 3: ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000f89ffc)=0x0) r1 = syz_open_procfs(r0, &(0x7f0000ea8000)='smaps\x00') readv(r1, &(0x7f00009a5f80)=[{&(0x7f0000214000)=""/4096, 0x1000}], 0x1) r2 = memfd_create(&(0x7f0000a83fe5)="3afe39591b194fa808f1d14a28c0f7c26a995d1f73081d1af00a24", 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0x11, r2, 0x0) readv(r1, &(0x7f0000dc8ff8)=[{&(0x7f0000208000)=""/4096, 0x1000}], 0x1d3) 2018/02/26 09:38:25 executing program 5: add_key$user(&(0x7f0000001ffb)='user\x00', &(0x7f0000000000)={0x73, 0x79, 0x7a}, &(0x7f0000000000)="5604797d237a03f284c20209b646e55e7e33a21a6850324e06e7e08e58e8f2b170f2bf5dd6bb8f1e61c1235ab3b78098f535c61c3e1dbab40655710b2416e4ef9a28e1e25b6ad3d2599960c9ca028d302d727f7f134cbed379fd72d3a2a81154d3a2389e5aaa5143b6f1cb62218f8ff5841f10a1246954f242cedfd02e90090ec9b0918aeaea72181798ec8e01e86f33244fe836a027ddcf3aad4102ecf5bf27bd9d18c5268c", 0xa6, 0xfffffffffffffffb) 2018/02/26 09:38:25 executing program 6: vmsplice(0xffffffffffffffff, &(0x7f0000415000)=[], 0x200001e7, 0x0) 2018/02/26 09:38:25 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000f8b000)={{{@in6=@local={0xfe, 0x80, [], 0xffffffffffffffff, 0xaa}, @in6=@empty, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xa}, {}, {}, 0x0, 0xffffffffffffffff, 0x80000001}, {{@in=@broadcast=0xffffffff, 0x0}, 0x2, @in6=@local={0xfe, 0x80, [], 0xffffffffffffffff, 0xaa}}}, 0xe8) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000219fe4)={0x0, 0x0, &(0x7f0000415ff8)={&(0x7f0000cacff0)={0x2, 0x7, 0x0, 0x3, 0x2, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, []}, 0x10}, 0x1}, 0x0) connect$inet6(r0, &(0x7f0000415fe4)={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [0xff, 0xff], @empty}}, 0x1c) 2018/02/26 09:38:25 executing program 1: r0 = memfd_create(&(0x7f0000485000)="402670726f626b7379721a6e6700", 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000f36000)='/dev/snd/seq\x00', 0x0, 0x8000000000102) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f000030c000)={0x0, 0x0, 0x0, "98de7a8c5ae95ec8792c92150fc33a664f13eeab65c0322901ca6bd31bde2c51f06c5f0b014f9f91eeb7647c7240f476c8d75dd000aa8faf8fb5740200a6dc4d"}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f0000044000)) write$sndseq(r0, &(0x7f0000e6ffd0)=[{0x1e, 0x0, 0x0, 0x3fd, @tick, {}, {}, @note}], 0x30) 2018/02/26 09:38:25 executing program 7: r0 = syz_open_dev$loop(&(0x7f0000002ff5)='/dev/loop#\x00', 0x0, 0x0) lseek(r0, 0x0, 0x0) 2018/02/26 09:38:25 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000e80000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r0, &(0x7f0000000fc8)={&(0x7f0000238ff8)=@abs, 0x8, &(0x7f0000008000)=[], 0x0, &(0x7f0000000ff0)=[]}, 0x0) sendmsg$unix(r0, &(0x7f0000c1b000)={&(0x7f0000670ff8)=@abs, 0x8, &(0x7f00003bbf90)=[], 0x0, &(0x7f00000d3000)=[@rights={0x18, 0x1, 0x1, [r0, r1]}], 0x18}, 0x0) 2018/02/26 09:38:25 executing program 2: ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000f89ffc)=0x0) r1 = syz_open_procfs(r0, &(0x7f0000ea8000)='smaps\x00') readv(r1, &(0x7f00009a5f80)=[{&(0x7f0000214000)=""/4096, 0x1000}], 0x1) r2 = memfd_create(&(0x7f0000a83fe5)="3afe39591b194fa808f1d14a28c0f7c26a995d1f73081d1af00a24", 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0x11, r2, 0x0) readv(r1, &(0x7f0000dc8ff8)=[{&(0x7f0000208000)=""/4096, 0x1000}], 0x1d3) 2018/02/26 09:38:25 executing program 5: add_key$user(&(0x7f0000001ffb)='user\x00', &(0x7f0000000000)={0x73, 0x79, 0x7a}, &(0x7f0000000000)="5604797d237a03f284c20209b646e55e7e33a21a6850324e06e7e08e58e8f2b170f2bf5dd6bb8f1e61c1235ab3b78098f535c61c3e1dbab40655710b2416e4ef9a28e1e25b6ad3d2599960c9ca028d302d727f7f134cbed379fd72d3a2a81154d3a2389e5aaa5143b6f1cb62218f8ff5841f10a1246954f242cedfd02e90090ec9b0918aeaea72181798ec8e01e86f33244fe836a027ddcf3aad4102ecf5bf27bd9d18c5268c", 0xa6, 0xfffffffffffffffb) 2018/02/26 09:38:25 executing program 3: ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000f89ffc)=0x0) r1 = syz_open_procfs(r0, &(0x7f0000ea8000)='smaps\x00') readv(r1, &(0x7f00009a5f80)=[{&(0x7f0000214000)=""/4096, 0x1000}], 0x1) r2 = memfd_create(&(0x7f0000a83fe5)="3afe39591b194fa808f1d14a28c0f7c26a995d1f73081d1af00a24", 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0x11, r2, 0x0) readv(r1, &(0x7f0000dc8ff8)=[{&(0x7f0000208000)=""/4096, 0x1000}], 0x1d3) 2018/02/26 09:38:25 executing program 6: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f00005e4000)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(r0, 0x7704, 0x0) 2018/02/26 09:38:25 executing program 7: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f0000ca6000)={&(0x7f0000e05000)={0x2, 0xd, 0x0, 0x0, 0x18, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, [@sadb_lifetime={0x4, 0x4}, @sadb_x_policy={0x8, 0x12, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@rand_addr, @in6=@mcast2={0xff, 0x2, [], 0x1}}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14}}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0xffffffffffffffff, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff, 0xbb}}}]}, 0xc0}, 0x1}, 0x0) 2018/02/26 09:38:25 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000e80000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r0, &(0x7f0000000fc8)={&(0x7f0000238ff8)=@abs, 0x8, &(0x7f0000008000)=[], 0x0, &(0x7f0000000ff0)=[]}, 0x0) sendmsg$unix(r0, &(0x7f0000c1b000)={&(0x7f0000670ff8)=@abs, 0x8, &(0x7f00003bbf90)=[], 0x0, &(0x7f00000d3000)=[@rights={0x18, 0x1, 0x1, [r0, r1]}], 0x18}, 0x0) 2018/02/26 09:38:25 executing program 1: unshare(0x8000400) r0 = mq_open(&(0x7f0000000000)='*GPL[vmnet1@vmnet1{-vmnet@vboxnet0!vboxnet1+M\x00', 0x6e93ebbbcc0884ef, 0x0, &(0x7f0000664fc0)={0x0, 0x7, 0x2}) mq_getsetattr(r0, &(0x7f0000fb2000), &(0x7f0000669fc0)) 2018/02/26 09:38:25 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f000000cff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$int_in(r0, 0x5434, &(0x7f0000011000)) 2018/02/26 09:38:25 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000d0bfc8)={&(0x7f0000e57ff4)={0x10}, 0xc, &(0x7f0000023000)={&(0x7f0000075000)={0x1c, 0x1, 0x800004, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, {}, [@nested={0x8, 0x6, [@generic='b']}]}, 0x1c}, 0x1}, 0x0) 2018/02/26 09:38:25 executing program 2: ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000f89ffc)=0x0) r1 = syz_open_procfs(r0, &(0x7f0000ea8000)='smaps\x00') readv(r1, &(0x7f00009a5f80)=[{&(0x7f0000214000)=""/4096, 0x1000}], 0x1) r2 = memfd_create(&(0x7f0000a83fe5)="3afe39591b194fa808f1d14a28c0f7c26a995d1f73081d1af00a24", 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0x11, r2, 0x0) readv(r1, &(0x7f0000dc8ff8)=[{&(0x7f0000208000)=""/4096, 0x1000}], 0x1d3) 2018/02/26 09:38:25 executing program 6: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000001fe4)={0xa, 0xffffffffffffffff, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff, 0xaa}}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000160000), 0x4) 2018/02/26 09:38:25 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000e80000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r0, &(0x7f0000000fc8)={&(0x7f0000238ff8)=@abs, 0x8, &(0x7f0000008000)=[], 0x0, &(0x7f0000000ff0)=[]}, 0x0) sendmsg$unix(r0, &(0x7f0000c1b000)={&(0x7f0000670ff8)=@abs, 0x8, &(0x7f00003bbf90)=[], 0x0, &(0x7f00000d3000)=[@rights={0x18, 0x1, 0x1, [r0, r1]}], 0x18}, 0x0) 2018/02/26 09:38:25 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f000000cff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$int_in(r0, 0x5434, &(0x7f0000011000)) 2018/02/26 09:38:25 executing program 1: mkdir(&(0x7f0000dea000)='./file0\x00', 0x0) r0 = open(&(0x7f0000b2cff8)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f00007a4ff8)='./file0\x00', 0x0) mount(&(0x7f0000df2000)='./file0/file0\x00', &(0x7f0000a16ff8)='./file0\x00', &(0x7f0000df2ffd)='\x00v\t', 0x1001, &(0x7f0000a06000)) unlinkat(r0, &(0x7f000057d000)='./file0\x00', 0x200) pivot_root(&(0x7f0000b6aff8)='./file0\x00', &(0x7f0000f6dff8)='./file0\x00') 2018/02/26 09:38:25 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f000000cff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$int_in(r0, 0x5434, &(0x7f0000011000)) 2018/02/26 09:38:25 executing program 6: r0 = syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(0xffffffffffffffff, 0xc0a85320, &(0x7f0000418f50)={{}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4"}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r0, 0x408c5333, &(0x7f00000000c0)={0x0, 0x0, 0x0, "7175657565300000000000000000000000002415000000000000000000000000000000000000000000000000000000000000df00"}) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000f68000)='/dev/sequencer2\x00', 0x0, 0x0) 2018/02/26 09:38:25 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$inet(0x2, 0x0, 0xfb01, &(0x7f0000fe0ff8)={0x0, 0x0}) setsockopt$inet_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000f01000)={{{{0x2, 0x1, @loopback=0x7f000001}}, {{0xa, 0x2, 0xffffffffffffff81, @local={0xfe, 0x80, [], 0x0, 0xaa}, 0x81}}}, 0x6, 0x7, 0x0, "5f7de738563b86358cca5a5250a5fc4ac85f50f7859d637608e6db4e4b9b4d1b3e78a9be24bbff70e8670a3dfb0655b4dd4615c641a144cba70f3a76dc31d5b251b914242bd4368ec5fd71718d8250eb"}, 0x160) accept$packet(0xffffffffffffff9c, &(0x7f0000dd1000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000041000)=0x14) sendmsg$nl_route(r0, &(0x7f000025bfc8)={&(0x7f0000b9343a)={0x10}, 0xc, &(0x7f000033cff0)={&(0x7f000085ff00)=@ipv4_delroute={0x50, 0x19, 0x1, 0x2, 0xffffffffffffffff, {0x2, 0x20, 0x0, 0x0, 0xff, 0x0, 0xfe}, [@RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x8, 0x15, 0x7}, @RTA_ENCAP={0x1c, 0x16, @typed={0x18, 0x6e, @ipv6=@mcast2={0xff, 0x2, [], 0x1}}}, @RTA_DST={0x8, 0x1, @local={0xac, 0x14, 0x0, 0xaa}}]}, 0x50}, 0x1, 0x0, 0x0, 0x4005}, 0x5000000) 2018/02/26 09:38:25 executing program 3: setrlimit(0x7, &(0x7f0000becff0)) epoll_create1(0x0) 2018/02/26 09:38:25 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000e80000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r0, &(0x7f0000000fc8)={&(0x7f0000238ff8)=@abs, 0x8, &(0x7f0000008000)=[], 0x0, &(0x7f0000000ff0)=[]}, 0x0) sendmsg$unix(r0, &(0x7f0000c1b000)={&(0x7f0000670ff8)=@abs, 0x8, &(0x7f00003bbf90)=[], 0x0, &(0x7f00000d3000)=[@rights={0x18, 0x1, 0x1, [r0, r1]}], 0x18}, 0x0) 2018/02/26 09:38:25 executing program 7: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f0000ca6000)={&(0x7f0000e05000)={0x2, 0xd, 0x0, 0x0, 0x18, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, [@sadb_lifetime={0x4, 0x4}, @sadb_x_policy={0x8, 0x12, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@rand_addr, @in6=@mcast2={0xff, 0x2, [], 0x1}}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14}}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0xffffffffffffffff, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff, 0xbb}}}]}, 0xc0}, 0x1}, 0x0) 2018/02/26 09:38:25 executing program 2: mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x0, 0x18071, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x4, 0x0) mremap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000002000/0x2000)=nil) 2018/02/26 09:38:25 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f00007cd000)=[{&(0x7f0000fae000)="29000000180031090020000100000007020000000000ff06800000000c00080004001000000ef4ff01", 0x29}], 0x1) 2018/02/26 09:38:25 executing program 6: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000001e00)={&(0x7f00000003c0)={0x10}, 0xc, &(0x7f0000001dc0)={&(0x7f0000000400)=@newsa={0x138, 0x10, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, {{@in6=@remote={0xfe, 0x80, [], 0xffffffffffffffff, 0xbb}, @in=@multicast1=0xe0000001}, {@in6=@empty, 0xffffffffffffffff, 0x33}, @in=@dev={0xac, 0x14}, {}, {}, {}, 0xffffffffffffffff, 0xffffffffffffffff, 0x2}, [@algo_auth={0x48, 0x1, {{'sha224-ssse3\x00'}}}]}, 0x138}, 0x1}, 0x0) 2018/02/26 09:38:25 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000d1d000)={&(0x7f0000d89ff4)={0x10}, 0xc, &(0x7f00006fa000)={&(0x7f0000925fcc)=ANY=[@ANYBLOB="3400000014000b0000000000000000000a000000", @ANYBLOB="05000217790700000000000000000000000000000000010800080000"], 0x2}, 0x1}, 0x0) 2018/02/26 09:38:25 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000ddcff0)={0x1, &(0x7f00007bd000)=[{0x5}]}, 0x10) 2018/02/26 09:38:25 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000003f18)={{{@in=@empty, @in=@broadcast=0xffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xa}}, {{@in=@loopback=0x7f000001}, 0x0, @in6=@local={0xfe, 0x80, [], 0xffffffffffffffff, 0xaa}}}, 0xe8) setsockopt$sock_void(r0, 0x29, 0x23, 0x0, 0x0) 2018/02/26 09:38:25 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f000001bfc8)={&(0x7f000001fff4)={0x10}, 0xc, &(0x7f000000b000)={&(0x7f000001afc4)=@newneigh={0x28, 0x1c, 0x201, 0xffffffffffffffff, 0xffffffffffffffff, {0xa}, [@NDA_DST_MAC={0xc, 0x1, @local={[0xaa, 0xaa, 0xaa, 0xaa], 0xffffffffffffffff, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/02/26 09:38:25 executing program 6: r0 = socket(0x10, 0x3, 0x4) sendmsg$nl_xfrm(r0, &(0x7f00009d3000)={&(0x7f0000c15000)={0x10}, 0xc, &(0x7f0000bd1ff0)={&(0x7f0000abdefc)=@delsa={0x28, 0x12, 0x515485708c54ddb, 0xffffffffffffffff, 0xffffffffffffffff, {@in=@multicast2=0xe0000002}, []}, 0x28}, 0x1}, 0x0) 2018/02/26 09:38:25 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f000000cff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$int_in(r0, 0x5434, &(0x7f0000011000)) 2018/02/26 09:38:25 executing program 4: unshare(0x400) r0 = open(&(0x7f00004b8ff8)='./file0\x00', 0x28042, 0x0) pread64(r0, &(0x7f0000000040)=""/226, 0x11f, 0x0) 2018/02/26 09:38:25 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x3, @broadcast=0xffffffff}, 0x10) sendto$inet(r0, &(0x7f0000fd0000), 0x0, 0x200007ff, &(0x7f0000deaff0)={0x2, 0xffffffffffffffff, @loopback=0x7f000001}, 0x10) 2018/02/26 09:38:25 executing program 5: r0 = syz_fuse_mount(&(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0) r1 = dup(r0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) 2018/02/26 09:38:25 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000eacff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) r1 = dup2(r0, r0) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000dceffc)=0x224, 0xd7fd8f38452ddae3) connect$inet(r0, &(0x7f00002ebff0)={0x2, 0x0, @loopback=0x7f000001}, 0x10) sendto$inet(r0, &(0x7f0000574fc6)='Q', 0x1, 0x0, &(0x7f0000c40ff0)={0x2, 0xffffffffffffffff, @multicast1=0xe0000001}, 0x10) close(r1) 2018/02/26 09:38:25 executing program 1: mkdir(&(0x7f0000dea000)='./file0\x00', 0x0) r0 = open(&(0x7f0000b2cff8)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f00007a4ff8)='./file0\x00', 0x0) mount(&(0x7f0000df2000)='./file0/file0\x00', &(0x7f0000a16ff8)='./file0\x00', &(0x7f0000df2ffd)='\x00v\t', 0x1001, &(0x7f0000a06000)) unlinkat(r0, &(0x7f000057d000)='./file0\x00', 0x200) pivot_root(&(0x7f0000b6aff8)='./file0\x00', &(0x7f0000f6dff8)='./file0\x00') 2018/02/26 09:38:25 executing program 3: mkdir(&(0x7f000082f000)='./control\x00', 0x0) r0 = open(&(0x7f00002cbff6)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000bc8000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000d62fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f000078dff8)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) link(&(0x7f0000f3bff8)='./file0\x00', &(0x7f00006b3ff0)='./control/file0\x00') rename(&(0x7f0000812ff0)='./control/file0\x00', &(0x7f0000d98ff8)='./file0\x00') rename(&(0x7f00005a4000)='./control\x00', &(0x7f0000636000)='./file0\x00') dup2(r0, r1) 2018/02/26 09:38:25 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00003cf000)={&(0x7f0000f4dff4)={0x10}, 0xc, &(0x7f00005ad000)={&(0x7f0000a5e000)=@migrate={0xb8, 0x21, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, {{@in6=@remote={0xfe, 0x80, [], 0xffffffffffffffff, 0xbb}, @in6=@mcast1={0xff, 0x1, [], 0x1}}}, [@policy_type={0xc, 0x10}, @migrate={0x5c, 0x11, [{@in=@rand_addr, @in6=@empty}, {@in=@loopback=0x7f000001, @in=@rand_addr}]}]}, 0xb8}, 0x1}, 0x0) 2018/02/26 09:38:25 executing program 7: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f0000ca6000)={&(0x7f0000e05000)={0x2, 0xd, 0x0, 0x0, 0x18, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, [@sadb_lifetime={0x4, 0x4}, @sadb_x_policy={0x8, 0x12, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@rand_addr, @in6=@mcast2={0xff, 0x2, [], 0x1}}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14}}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0xffffffffffffffff, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff, 0xbb}}}]}, 0xc0}, 0x1}, 0x0) 2018/02/26 09:38:25 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000320ff8)='/dev/sg#\x00', 0x0, 0x0) ioctl$KDMKTONE(r0, 0x2283, 0xffffffffffffffff) 2018/02/26 09:38:25 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f0000000000)={0x0, 0x1, &(0x7f0000000000)="1a"}) 2018/02/26 09:38:25 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000004fc8)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f0000002fdb)="240000002100030f07fffd946fa283bc8000000000000001271d856808001000d188737e", 0x24}], 0x1}, 0x0) 2018/02/26 09:38:25 executing program 7: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f0000ca6000)={&(0x7f0000e05000)={0x2, 0xd, 0x0, 0x0, 0x18, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, [@sadb_lifetime={0x4, 0x4}, @sadb_x_policy={0x8, 0x12, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@rand_addr, @in6=@mcast2={0xff, 0x2, [], 0x1}}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14}}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0xffffffffffffffff, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff, 0xbb}}}]}, 0xc0}, 0x1}, 0x0) 2018/02/26 09:38:25 executing program 5: socketpair$unix(0x1, 0x1000000000005, 0x0, &(0x7f000021bff8)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000021ff0)={0x2, &(0x7f0000016000)=[{0x28, 0x0, 0x0, 0xfffffffffffff010}, {0x6}]}, 0x10) write(r1, &(0x7f00001dafa4), 0x0) 2018/02/26 09:38:25 executing program 1: mkdir(&(0x7f0000dea000)='./file0\x00', 0x0) r0 = open(&(0x7f0000b2cff8)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f00007a4ff8)='./file0\x00', 0x0) mount(&(0x7f0000df2000)='./file0/file0\x00', &(0x7f0000a16ff8)='./file0\x00', &(0x7f0000df2ffd)='\x00v\t', 0x1001, &(0x7f0000a06000)) unlinkat(r0, &(0x7f000057d000)='./file0\x00', 0x200) pivot_root(&(0x7f0000b6aff8)='./file0\x00', &(0x7f0000f6dff8)='./file0\x00') 2018/02/26 09:38:25 executing program 4: mmap(&(0x7f0000000000/0xff7000)=nil, 0xff7000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = socket(0x18, 0x0, 0x1) getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x111, 0x11, &(0x7f000087bff8), &(0x7f00000cfffe)=0x8) 2018/02/26 09:38:25 executing program 0: r0 = socket(0x10, 0x8000000803, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f000042b000)={0x2, &(0x7f0000192ff0)=[{}, {0x6}]}, 0x10) getsockopt$sock_buf(r0, 0x1, 0x1a, &(0x7f00007f7000)=""/1, &(0x7f0000da0000)=0x1) 2018/02/26 09:38:25 executing program 4: socketpair$unix(0x1, 0x3, 0x0, &(0x7f000002e000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r0, &(0x7f0000001f4c)=[{{0x0, 0x0, &(0x7f0000000000)=[], 0x0, &(0x7f000002f000)=""/7, 0x7}}, {{&(0x7f0000002fa8)=@alg, 0x58, &(0x7f000001c000)=[], 0x0, &(0x7f000002ffa9)=""/87, 0x57}}], 0x2, 0x10000, 0x0) sendto(r1, &(0x7f0000025ffe), 0x0, 0x0, 0x0, 0x0) 2018/02/26 09:38:25 executing program 6: r0 = socket(0x11, 0x2, 0x81) socket$inet(0x11, 0x2, 0x81) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000d1000), 0x4) 2018/02/26 09:38:25 executing program 7: r0 = socket(0x10, 0x802, 0x4) write(r0, &(0x7f0000aabf04)="fc0000001200070003f608090007000a2278020000220400030021000100034533a49e3500a60000000000036915fa2c1ec2ff12f0009bb94b461219d07f9400020000008ce600036c04000000000000008c22ebc247ad4774540009db6b34d07302ade01720d700bbc9fc3d2e80772c81fb2cc56ce1f15627625ba4fdcf3cdefd5a0000000083ab82f687f70c9d00f9fe0800000003900000000000000405000000b90200f295ed94e0ad91bd07babc7c3f2eeb96d43dd16b17e183df150c3b880f419f4600b567b4d5715505e658a1ad0a4f015b1dff000000000000008f6ff6b6210003deac270e33429fd3000175e63fb8d38a8757f1e8844e9c", 0xfc) 2018/02/26 09:38:26 executing program 5: seccomp(0x200000000000001, 0x0, &(0x7f00008ff000)={0x1, &(0x7f0000002ff8)=[{0x6, 0x0, 0x0, 0xffffffff}]}) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) 2018/02/26 09:38:26 executing program 7: mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x0, 0x44031, 0xffffffffffffffff, 0x0) epoll_pwait(0xffffffffffffffff, &(0x7f0000b53000)=[], 0x0, 0x0, &(0x7f00008bcff8), 0x8) 2018/02/26 09:38:26 executing program 0: add_key(&(0x7f0000000630)='blacklist\x00', &(0x7f000039a000)={0x73, 0x79, 0x7a}, &(0x7f0000f6af11), 0x0, 0xfffffffffffffffb) keyctl$read(0xb, 0xfffffffffffffffd, &(0x7f0000000000)=""/4, 0x4) 2018/02/26 09:38:26 executing program 1: mkdir(&(0x7f0000dea000)='./file0\x00', 0x0) r0 = open(&(0x7f0000b2cff8)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f00007a4ff8)='./file0\x00', 0x0) mount(&(0x7f0000df2000)='./file0/file0\x00', &(0x7f0000a16ff8)='./file0\x00', &(0x7f0000df2ffd)='\x00v\t', 0x1001, &(0x7f0000a06000)) unlinkat(r0, &(0x7f000057d000)='./file0\x00', 0x200) pivot_root(&(0x7f0000b6aff8)='./file0\x00', &(0x7f0000f6dff8)='./file0\x00') 2018/02/26 09:38:26 executing program 4: r0 = getpgrp(0x0) r1 = gettid() rt_sigprocmask(0x0, &(0x7f0000032ff8)={0xfffffffffffffffe}, 0x0, 0x8) rt_tgsigqueueinfo(r0, r1, 0xb, &(0x7f0000a75000)={0x0, 0x0, 0x30003}) rt_sigtimedwait(&(0x7f0000a72000)={0x563}, &(0x7f0000a77ff0), &(0x7f000044a000)={0x0, 0x989680}, 0x8) 2018/02/26 09:38:26 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000631ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) connect$inet(r0, &(0x7f000005f000)={0x2, 0x0, @local={0xac, 0x14, 0x0, 0xaa}}, 0x10) getsockopt$inet_opts(r0, 0x0, 0x20000000050, &(0x7f0000790ff0)=""/16, &(0x7f00004d1000)=0x10) 2018/02/26 09:38:26 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) shutdown(r0, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x19, &(0x7f0000255ffc)=0x1, 0x4) 2018/02/26 09:38:26 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000f85fa0)={0x2, 0x5, 0x0, 0x0, 0xc, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0xffffffffffffffff, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff, 0xaa}}}, @sadb_sa={0x2, 0x1}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0xffffffffffffffff, @loopback=0x7f000001}}]}, 0x60}, 0x1}, 0x0) 2018/02/26 09:38:26 executing program 6: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f000001b000)={@multicast2=0xe0000002, @loopback=0x7f000001, @dev={0xac, 0x14}}, 0xc) setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000008000)={0x1, {{0x2, 0xffffffffffffffff, @multicast2=0xe0000002}}}, 0x90) r1 = socket$inet_udp(0x2, 0x2, 0x0) dup2(r0, r1) setsockopt$inet_mreqsrc(r1, 0x0, 0x27, &(0x7f000001b000)={@multicast1=0xe0000001, @loopback=0x7f000001, @dev={0xac, 0x14}}, 0xc) getsockopt$inet_buf(r1, 0x0, 0x30, &(0x7f0000008000)=""/144, &(0x7f0000004000)=0x90) 2018/02/26 09:38:26 executing program 7: socketpair$unix(0x1, 0x1, 0x0, &(0x7f000002dff8)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r0, &(0x7f0000001f4c)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000016f29)=""/215, 0xd7}], 0x1, &(0x7f000002f000)=""/7, 0x7}}, {{&(0x7f0000002fa8)=@alg, 0x58, &(0x7f000001c000)=[], 0x0, &(0x7f000002ffa9)=""/87, 0x57}}], 0x2, 0x10000, 0x0) sendto(r1, &(0x7f0000018000)="f8", 0x1, 0x0, 0x0, 0x0) 2018/02/26 09:38:26 executing program 5: ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, &(0x7f00000000c0)={@common='syzkaller0\x00', @ifru_flags}) socketpair$unix(0x1, 0x80003, 0x0, &(0x7f0000b4eff8)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000000040)=[], 0x4924924924925be, 0x0) 2018/02/26 09:38:26 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x37, &(0x7f0000000000), 0x0) 2018/02/26 09:38:26 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}}, &(0x7f00000000c0)) 2018/02/26 09:38:26 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet(0x2, 0x2, 0x0) r2 = dup2(r1, r0) bind$inet(r1, &(0x7f000000f000)={0x2, 0xffffffffffffffff, @loopback=0x7f000001}, 0x10) connect$inet(r2, &(0x7f0000f6a000)={0x2, 0xffffffffffffffff, @multicast2=0xe0000002}, 0x10) setsockopt$inet_mreqsrc(r2, 0x0, 0x27, &(0x7f00000000c0)={@multicast2=0xe0000002, @loopback=0x7f000001, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}}, 0xc) setsockopt$inet_mreqsrc(r1, 0x0, 0x27, &(0x7f0000f69ff4)={@multicast2=0xe0000002, @loopback=0x7f000001, @loopback=0x7f000001}, 0xc) 2018/02/26 09:38:26 executing program 6: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fdinfo\x00') getdents64(r0, &(0x7f0000271fb8)=""/72, 0x2f) 2018/02/26 09:38:26 executing program 5: ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, &(0x7f00000000c0)={@common='syzkaller0\x00', @ifru_flags}) socketpair$unix(0x1, 0x80003, 0x0, &(0x7f0000b4eff8)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000000040)=[], 0x4924924924925be, 0x0) 2018/02/26 09:38:26 executing program 4: r0 = socket$inet(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000802000)={{0x2, 0xffffffffffffffff, @loopback=0x7f000001}, {0x304, @local={[0xaa, 0xaa, 0xaa, 0xaa], 0xffffffffffffffff, 0xaa}}, 0x0, {0x2, 0xffffffffffffffff, @broadcast=0xffffffff}, @common="006f73656d230000720000000400"}) 2018/02/26 09:38:26 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f00000aaff0)=[{&(0x7f0000557fa7)="580000001400192304a14b80000d8c560a0600000000e076000543d818fe5800000004ca81646454890005000100010004fbf5100002000004000000001c04ed5dfffff5000022000d000100040808000000ec6b0f536e06", 0x58}], 0x1) INIT: Id "6" respawning too fast: disabled for 5 minutes INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes [ 242.191601] INFO: task syz-executor3:6018 blocked for more than 120 seconds. [ 242.198828] Not tainted 4.4.118-g5f7f76a #24 [ 242.203770] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 242.211718] syz-executor3 D ffff8800bba2fae0 27160 6018 3858 0x00000004 [ 242.219123] ffff8800bba2fae0 ffff880100000006 ffff8801c6e36000 ffffffff8113bd3a [ 242.227268] ffffed0016717d38 ffff8800b38be900 ffff8801db31fdb8 ffff8801db31fde0 [ 242.235319] ffff8801db31f4d8 ffff8801d90ab000 ffff8801c6e36000 0000000000000000 [ 242.243476] Call Trace: [ 242.246038] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 242.252361] [] schedule+0x7a/0x1b0 [ 242.257527] [] __lock_sock+0xf1/0x180 [ 242.262983] [] ? sock_init_data+0xcc0/0xcc0 [ 242.268937] [] ? lock_sock_nested+0x43/0x120 [ 242.275023] [] ? prepare_to_wait_event+0x420/0x420 [ 242.281590] [] ? get_parent_ip+0xd/0x50 [ 242.287186] [] lock_sock_nested+0xf6/0x120 [ 242.293060] [] getorigdst+0xac/0x470 [ 242.298398] [] ? ipv4_print_tuple+0x30/0x30 [ 242.304377] [] ? __ww_mutex_lock_interruptible+0x14d0/0x14d0 [ 242.311808] [] ? mark_held_locks+0xaf/0x100 [ 242.317751] [] ? mutex_unlock+0x9/0x10 [ 242.323290] [] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 242.330357] [] nf_getsockopt+0x6a/0xc0 [ 242.335886] [] ip_getsockopt+0x144/0x1a0 [ 242.341613] [] ? do_ip_getsockopt+0x1530/0x1530 [ 242.347905] [] tcp_getsockopt+0x82/0xd0 [ 242.353528] [] sock_common_getsockopt+0x95/0xd0 [ 242.359816] [] SyS_getsockopt+0x14a/0x230 [ 242.365613] [] ? SyS_setsockopt+0x250/0x250 [ 242.371569] [] ? move_addr_to_kernel+0x50/0x50 [ 242.377773] [] ? lockdep_sys_exit_thunk+0x12/0x14 [ 242.384257] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 242.390932] 1 lock held by syz-executor3/6018: [ 242.395512] #0: (sk_lock-AF_INET){+.+.+.}, at: [] ip_getsockopt+0x12e/0x1a0 [ 242.404929] Sending NMI to all CPUs: [ 242.409749] NMI backtrace for cpu 0 [ 242.413367] CPU: 0 PID: 485 Comm: khungtaskd Not tainted 4.4.118-g5f7f76a #24 [ 242.420608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 242.429951] task: ffff8800bacbb000 task.stack: ffff8800bac60000 [ 242.435988] RIP: 0010:[] [] flat_send_IPI_mask+0xf7/0x1a0 [ 242.444742] RSP: 0018:ffff8800bac67cb8 EFLAGS: 00000046 [ 242.450166] RAX: 0000000003000000 RBX: 0000000000000c00 RCX: 0000000000000000 [ 242.457448] RDX: 0000000000000c00 RSI: 0000000000000000 RDI: ffffffffff5fb300 [ 242.464714] RBP: ffff8800bac67ce0 R08: 0000000000000001 R09: 0000000000000000 [ 242.471998] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000246 [ 242.479246] R13: 0000000000000003 R14: ffffffff8426f420 R15: 0000000000000002 [ 242.486549] FS: 0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000 [ 242.494768] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 242.500624] CR2: 00007f3064c2d330 CR3: 00000001c9bbc000 CR4: 0000000000160670 [ 242.507902] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 242.515184] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 242.522459] Stack: [ 242.524592] ffffffff8426f420 ffffffff847ef9c0 fffffbfff08fd9ec dffffc0000000000 [ 242.532124] ffff8801db31bca0 ffff8800bac67d00 ffffffff810b999b ffffffff839f63c0 [ 242.539631] 0000000000000003 ffff8800bac67d60 ffffffff81d0ef94 ffffffff8141b013 [ 242.547170] Call Trace: [ 242.549723] [] nmi_raise_cpu_backtrace+0x5b/0x70 [ 242.556123] [] nmi_trigger_all_cpu_backtrace+0x4a4/0x550 [ 242.563210] [] ? print_lock+0xab/0xae [ 242.568630] [] ? irq_force_complete_move+0x3b0/0x3b0 [ 242.575372] [] arch_trigger_all_cpu_backtrace+0x14/0x20 [ 242.582375] [] watchdog+0x6fa/0xae0 [ 242.587621] [] ? watchdog+0xc3/0xae0 [ 242.592976] [] kthread+0x268/0x300 [ 242.598135] [] ? reset_hung_task_detector+0x20/0x20 [ 242.604805] [] ? kthread_create_on_node+0x400/0x400 [ 242.611463] [] ? kthread_create_on_node+0x400/0x400 [ 242.618109] [] ret_from_fork+0x55/0x80 [ 242.623647] [] ? kthread_create_on_node+0x400/0x400 [ 242.630283] Code: b3 5f ff f6 c4 10 75 e1 44 89 e8 c1 e0 18 89 04 25 10 b3 5f ff 44 89 fa 09 da 80 cf 04 41 83 ff 02 0f 44 d3 89 14 25 00 b3 5f ff <41> f7 c4 00 02 00 00 74 1a e8 6b 2f 17 00 4c 89 e7 57 9d 0f 1f [ 242.649274] NMI backtrace for cpu 1 [ 242.652888] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.4.118-g5f7f76a #24 [ 242.659869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 242.669226] task: ffff8801d9b49800 task.stack: ffff8801d9b58000 [ 242.675271] RIP: 0010:[] [] native_safe_halt+0x6/0x10 [ 242.683668] RSP: 0018:ffff8801d9b5fd98 EFLAGS: 00000246 [ 242.689088] RAX: 0000000000000007 RBX: ffffffff847ddac8 RCX: 0000000000000000 [ 242.696352] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8801d9b4a0cc [ 242.703606] RBP: ffff8801d9b5fd98 R08: 0000000000000000 R09: 0000000000000000 [ 242.710849] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 242.718133] R13: fffffbfff070889c R14: ffffffff847ebe38 R15: 0000000000000000 [ 242.725402] FS: 0000000000000000(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 [ 242.733621] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 242.739475] CR2: 0000000002293000 CR3: 00000001c7f12000 CR4: 0000000000160670 [ 242.746747] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 242.754007] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 242.761250] Stack: [ 242.763400] ffff8801d9b5fdd0 ffffffff81027e85 ffff8801d9b60000 ffffffff847ddac8 [ 242.770903] fffffbfff070889c ffffffff847ebe38 0000000000000000 ffff8801d9b5fde0 [ 242.778438] ffffffff810293fa ffff8801d9b5fdf8 ffffffff81221468 dffffc0000000000 [ 242.785957] Call Trace: [ 242.788509] [] default_idle+0x55/0x3c0 [ 242.794036] [] arch_cpu_idle+0xa/0x10 [ 242.799456] [] default_idle_call+0x48/0x70 [ 242.805340] [] cpu_startup_entry+0x5fd/0x8f0 [ 242.811367] [] ? call_cpuidle+0xe0/0xe0 [ 242.816990] [] ? clockevents_register_device+0x122/0x230 [ 242.824102] [] start_secondary+0x304/0x3e0 [ 242.829957] [] ? set_cpu_sibling_map+0x1080/0x1080 [ 242.836537] Code: 00 00 00 00 00 55 48 89 e5 fa 5d c3 66 0f 1f 84 00 00 00 00 00 55 48 89 e5 fb 5d c3 66 0f 1f 84 00 00 00 00 00 55 48 89 e5 fb f4 <5d> c3 0f 1f 84 00 00 00 00 00 55 48 89 e5 f4 5d c3 66 0f 1f 84 [ 242.855684] Kernel panic - not syncing: hung_task: blocked tasks [ 242.861864] CPU: 1 PID: 485 Comm: khungtaskd Not tainted 4.4.118-g5f7f76a #24 [ 242.869111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 242.878440] 0000000000000000 57822ad810f8661d ffff8800bac67ca8 ffffffff81d0402d [ 242.886412] ffffffff83883080 ffff8800bac67d80 dffffc0000000000 7fffffffffffffff [ 242.894381] ffff8801c539e448 ffff8800bac67d70 ffffffff8141aaea 0000000041b58ab3 [ 242.902358] Call Trace: [ 242.904923] [] dump_stack+0xc1/0x124 [ 242.910259] [] panic+0x1aa/0x388 [ 242.915249] [] ? percpu_up_read.constprop.45+0xe1/0xe1 [ 242.922145] [] ? nmi_trigger_all_cpu_backtrace+0x3f8/0x550 [ 242.929388] [] ? nmi_trigger_all_cpu_backtrace+0x3f8/0x550 [ 242.936634] [] watchdog+0x70b/0xae0 [ 242.941880] [] ? watchdog+0xc3/0xae0 [ 242.947213] [] kthread+0x268/0x300 [ 242.952375] [] ? reset_hung_task_detector+0x20/0x20 [ 242.959013] [] ? kthread_create_on_node+0x400/0x400 [ 242.965998] [] ? kthread_create_on_node+0x400/0x400 [ 242.972637] [] ret_from_fork+0x55/0x80 [ 242.978145] [] ? kthread_create_on_node+0x400/0x400 [ 242.985239] Dumping ftrace buffer: [ 242.988780] (ftrace buffer empty) [ 242.992472] Kernel Offset: disabled [ 242.996092] Rebooting in 86400 seconds..