5b7b7c4be3f7586579873ed16b993130086cf054c12778212850d33a653daf813d90bb9bf9f60476a9a6c23b4675e9e1ed8e96953010b9fcd9c4f2f271fdf0cb340f25bc68ed317eedb9443576aca80df87204ed6f36e278c2bef1974b902138565b9426676d53ac4170d374426880bb9648f7abff64fdc7cea9b427db8072925df0bb6c753a0a4971eb1874525d891377c6ca1540415b3cf327c0070820adfaf979e2995b6755f3cd3758e4b9683e1547cba8dc922c14b284368e4feff8387f2e69e69038ece363165f1da5d546e1ec7e6579dd9f5a1aa59f8a656b159642952f7d56b7445df877690313a5bed11bc5f600c9b57b3ef453aff85c91fb17a9464ee422da27e660b45ed6823d8d24589264e54034b6e412cf9ff1920658f98e81cc4f405fc1077db1ef59c54768095d7d99a69614fa95263576c0a670cb8248a8206d6449c9f26cbc98088eba0ad316ad9b887c687f69a5ecd7e32c36b701acc814db543195d51e32a4ebb426963b4ab0c2d249b7c6061232e59a2921568d18febb011fb45fd671c385b7b08fd1f09a7495e28d3b77d31e76e8c2c5880f628d8b24007e8e017b2059581ffd917771dc9309b889d358043a797a1c6c77f0f5f160e68f6a90b1b95ccfee78f0484b22899122bb706f33b2fa0a3ccee83b6c388e08cbaa05a13480b616caf972923aa219f917c9756d6b78f9dc515b75ab64e473d92f0a030825619a820e1f9303d3846658f446afc43a83d1f6c9b91bc109ed44cc556a46f31bb89c6639d30a2db27a675b8536f2c5e1586aa42288a1c17de1aba1a135433d07bfbdd4b633e269f717d19386ea3346d9356fbd22ddf41d0f0ac5622907c4606fc7df2f7416c487cff831a525052025691e0646837826295445cc88417e7e43adca7", 0xc41, 0x0, 0x0, 0x0)
recvmsg(r0, &(0x7f0000001440)={&(0x7f0000000280)=@sco, 0x80, &(0x7f0000000000)=[{&(0x7f00000003c0)=""/4096, 0x1000}], 0x1, &(0x7f0000001400)=""/6, 0x6}, 0x0)

2018/05/24 23:56:54 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff8000]})

[  676.836324] binder: 11907:11908 ioctl 40046207 0 returned -16
2018/05/24 23:56:54 executing program 3:
r0 = socket$inet6(0xa, 0x202000000802, 0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000005c0)={{{@in6=@dev, @in6=@ipv4={[], [], @dev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{}, 0x0, @in=@multicast1}}, &(0x7f00000006c0)=0xe8)
ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f0000000700)={@remote={0xfe, 0x80, [], 0xbb}, 0x6f, r1})
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000f68000)={@loopback={0x0, 0x1}, 0x0, 0x0, 0xff, 0x1}, 0x23)
close(r0)
r2 = dup3(r0, r0, 0x80000)
getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000000)={<r3=>0x0, 0x7ff}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f0000000080)={r3, @in={{0x2, 0x4e20, @loopback=0x7f000001}}}, &(0x7f0000000140)=0x84)

[  676.899593] binder_alloc: 11907: binder_alloc_buf, no vma
[  676.905282] binder: 11907:11941 transaction failed 29189/-3, size 24-8 line 2971
[  677.034158] binder: undelivered TRANSACTION_ERROR: 29189
[  677.039979] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:56:55 executing program 4:
r0 = socket(0x10000000a, 0x2000000002, 0x0)
ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000040)={0x9, {0x2, 0x4e22, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e21, @loopback=0x7f000001}, {0x2, 0x4e22}, 0x400000000081, 0xfffffffffffffffb, 0x2, 0x4000800000000000, 0xffffffff, &(0x7f0000000000)='veth1_to_team\x00', 0x9, 0x320, 0x1})
connect$bt_l2cap(r0, &(0x7f00000000c0)={0x1f, 0x2, {0x2, 0x0, 0x0, 0x6, 0xfff, 0x40}, 0x2c94, 0x3}, 0xe)
setsockopt(r0, 0x0, 0x2, &(0x7f0000000000), 0x0)

2018/05/24 23:56:55 executing program 5:
r0 = socket(0x10, 0x2, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f000065ffa8)={0x26, 'hash\x00', 0x0, 0x0, 'vmac(aes-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000100)="00000000ffffffe00000000000000000", 0x10)
r2 = accept$alg(r1, 0x0, 0x0)
sendmmsg(r2, &(0x7f000000ab00)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000000)="ac656c4674dc5111ac5e9411ac78e479b19d421795e5a22c73ab16c4245f1900e65145dfe74048f7c8586984bd86265cd2f28e88243467fd094b7f53ab1c51f6539843fa85418acc79e43e76b6a62c7b58aa0254f29c1ed7714cd09ef5d814990c2a4ed10c061e8bd59a9a5de178cd9c3c7e", 0x72}, {&(0x7f0000000080)="d7832a9d548f53039275b935aa2807b60711c143ec2098ba7d6b5cde313093dc67c6f5e98c50b629c8296c06a9cf79e3c88899f00bd6ecd331b3c9aadb02286b8969af", 0x43}, {&(0x7f0000000280)="9229a920c62dcee578fe4c00fe08ee7ab1a1977a5615df0394752e3879db4a1fe8cfcf7b02dd8f5a3e23395e1fa5fe120a140652b630f8fe9e492657a7ad19120dcaf61d9648ebf14ad49b485aab08d2b62b03e5d5bab91e41e195c74ffa50f0237569e5e75347a65fdf6d5253e7dd754ef510e50d826b13bc380b7bac3a44035596bd21de90a9f08387ebad2955995716c984e4da8ff3e8f25a4843e4eeb81a420a26931d7da91baf33abdbdd2bd8c124879334409cf71211e37f605b9d00", 0xbf}, {&(0x7f0000000200)="d3af8d3616b6de98427eab2239c8ad08c8fb270c7ceab5464d33c8ca54616ec2d26076b878839785e04846fb74e1abe69ea28a9013db51bd4d1b10b4372d04", 0x3f}, {&(0x7f0000000600)="e43a03c5155f538f4bc85c4a8f57f83e9f5d3f33a22a9d6c59a081cb5c2009a00aeb38e487ac38d23f4157a636a0c3c44812fce478c30de32b205615e1c9fbe5a1267a5b5f95d9d82f2abf368880615f0c7185a58f74cc5e86e10c39c1a35ace8628ac494c62f0223c7ddfef6ef9f5993ad96d0fd25e7fa6f335391d5a9f5bdb78762015d71b65db33c3208cc81eee43916b2811d89a6cb51bca8155fa35327b896340ad6769f7457ceda75d940036e58a227cab017b963a4502b509b141fc10df740ffebb61e036c702a184f9ca30", 0xcf}], 0x5, &(0x7f0000001dc0)=[{0x60, 0x0, 0x80000000, "20aaf098c93c2ee7c0bbb63e9974356a1880d03ed89f0fb02293b40cff011d6ffb29922b3cd474e6e1fac23ada255f5498544df4dc22b9f419d2cbe2fd50acb5debbc613b2894b75bc87"}, {0xf0, 0x115, 0xc8cc, "789ec497225edab2a8d41bf98e71c15dc63ba160e74f0be83d9dab872d54dcdbeaceef26a880a81117db84f193c98a9a9ab4008392c7104b6bbd76ba50bbd647afffa849a3680506449bc623046c0bbd5789d199955bbf1caa03a6adf424dfdd7672d9a201f13026b0fc33309fd5841772f44408cacc47c300ba9451e0a85f15e40ebd4f7ee26db7356f09e6224e82310b91a29d0d45f17810844af2076ade257fee27fd82979406a91c9003c1fdd6e5c63201ebe47c23c8c7ae05382540c8c1a1edac960da5e4ee157f7675d649b839bcfa6ad612763cdefc3b23"}, {0x20, 0x116, 0x401, "3ed35f8fba0013fa2324"}, {0xb0, 0x0, 0x8, "ec499eba86a9b704fbc4f28bf9babad4145668e4052e1fcd9a5c4c845b5ce3bc2679dbd5afa6179c27b734a1b3a9732296b9be5eb1e0bb09e81e174bb4479c7ed039ae27248171663a77497a5b18dee5d94695216055e99015d19759c83f5091591dc33252acc4fd0aa80da88c7ef8d2a7bdc19ff46f31d8a1b22dd6a50d96edc081f1fc1b3e037756673ce9b6c95b8e1ea0c49c62f78d2a08bb"}, {0x40, 0x0, 0xb4, "47d38039e5b56072a7162223c64bbe56d8521bffb4515f26435f4a2a09b5e5b3b499a2dbf56d0b84ecce1b26d1"}], 0x260, 0x4}, 0x5}, {{&(0x7f0000003480)=@pppol2tpv3in6={0x18, 0x1, {0x0, r2, 0x4, 0x0, 0x4, 0x4, {0xa, 0x5, 0x3, @mcast2={0xff, 0x2, [], 0x1}, 0x8000}}}, 0x80, &(0x7f0000000ac0)=[{&(0x7f0000003500)="3f6ab2320161f2f02cf625104d9abaf46db3efdc1e9b52f30e17c81e4ea1db15cb7737270704a7d11a504c6e341f5768c23a158ca7bdd82f1e4b477734cf4b1505c107dd2ab79bf858e5a403e3f7aa20e2340e416d110c881cd1df9e6f7170b26927c7bde936a1972e4b31d8a8e217619168d14e17af7707f016b53b89c576471077a9109ee69e7b5e10222985a41a0c81bd8e6dd5d3ebb25cb452316160c540f09507eac413218ad769644575b1a11b764520cb6e2a9d6be0aadee0190d", 0xbe}], 0x1, &(0x7f00000035c0)=[{0x30, 0x113, 0x81, "8a9d9f744770a638f41f440e9111d6f42f3c8c1ff7842181afd5"}, {0xd0, 0x115, 0x8, "9a335c0886eaaecf96c3565a3b83095ab2f05c2371072c519e233e8a5432d6d2303482568abd4cce0f7f4032530f8c03332d32f4d3a8a349285fe88b7d5554aa936235f99db6743bfb8944fbec162ecef079b205965ad34076d0095095c1fbf150a3d0b01ab40128cb518ba16449b33f91c0bdece6c7dadc2d5c652e732e257d767226169d963bd4b99afc6737dabe8424709d4acd4052658d74fa88fbb6285b30c677586e061f3193edde8cbc10d15576fb3e992b33b6b993ccd090"}, {0x50, 0x112, 0x401, "acc7f4a2da1f1b1e707ee8a98dedd5725266396ffe7861ab72e7edef3b3d026ef3d838b917215d4ce5208339bce76b539ed1353bed73af51eefa9da2e9"}], 0x150, 0x10}, 0x8}, {{&(0x7f0000004900)=@can={0x1d}, 0x80, &(0x7f0000004ac0)=[{&(0x7f0000004980)="8ce342850e5db57cef84d4d1926f9ed1112063404e685e9cd9354bc158821445a370721de70a236306c952", 0x2b}, {&(0x7f0000004a00)="1866247412dc220542", 0x9}], 0x2, &(0x7f0000004b00)=[{0xf8, 0x13f, 0x7fffffff, "213d5e0003b731c4efe347873e716c73535bf8af24d9a16f50e64417a95a2836945d1b967a67e52a359fcc3b66323920954e1f5fd52085ea06956a2104a1906f3e732e26be2c2945b901aa58440a5827140fc4d53b82c7c098a1030a242ebc5c69c2d3232f5066b2b154955f40481ba4183c8eb162dfdadbdb33ac3cba4de42cb126e9dacb977cab5d98545d134303f8ffbb037c116e41c9b07369756fdb46b8d808c17064dab79d6491f20f0c8bb19eebfde1c0bff48d63f672b4bb80cd5378a3e4e628ad6a925adb1220d8178a3b53f771505995ba4fd13ab70b41bc60d8e554be"}, {0xf8, 0x116, 0x7, "69da69da3b628b850d944fb666b55fc4682d431a3311db8b42e94eaf15a22e4339780de1877ba66740f7c95a4ce87f87cec19f1dafb36dd751f35226392c0a133e33fc42ceebcdb2046228588c5911f6874e5f9de7ccd4acbe64946094e325eca4037ccc21a5426555c5ea285225c6a3a5de601604801d668eeeff08b7ed9e37450afb17dddddfc07be477ef92fb2029f8bd73a1ddf7ffdfb5b0d5ead047ec16ff4ced38063aa25e34235993339a43f7ed9f60250345bb9835fe02b02db9029cbf6482f06f1f9caebe9ddd86a1854e65ed66aa1bb9c1a7f6cbe1dfb4d78217f11902"}, {0x20, 0x13f, 0xb78a, "c34a1dae9fe60370ece94d16"}], 0x210, 0x10}, 0xffffffffffff6887}, {{&(0x7f0000004f40)=@nfc_llcp={0x27, 0x1, 0x2, 0x0, 0x100, 0x0, "c7dfca1174b8a43d800df481a7f14e56bfd79a1af195e235db4021d41b88b44c003b554f72f7057804494fe505802a1348c0080b2d439e2dc4689afd6a257c", 0x23}, 0x80, &(0x7f00000053c0)=[{&(0x7f0000005000)="e415f4505b9fd17a8c010f02f3cf14ae98c334a47a56e08e0b1d3e6358cc0e71a88ab5da95e88d8b20ef755e86e3f8eae03ebe62c9ceb2646dc44b1bcf43e053467cc11c895bc80809e002f969a1d3fae5ac2cba3a285281dfcd18e3c1b79c90fecdc9ad51b32c673187e756bf71b9d68c286cc5b36d3d774561f8605dfb170d1d74e901770cae046f3150dd1c1bf47df68fac38ec9d1da95a38844fe43368141e5bcdc728a28c9d123eb4de9da5498109dc1f63cd78e019febf3ff30049c5e1d90261a62a23c236bfc862da9ef64c72a04a3fd642", 0xd5}, {&(0x7f00000051c0)="9b7b4738b9078386bd0f0592123f1fbb4d3d73f6d94a52321aab4f476735ee9fb8b458115441958d8313630d2db3b0dfdc186b734da7f3fbe43521ecd22eb2e3716bbd49a0f367c3832822000ea750fd66c0ce297dfb359ea74e5d4813e218a1cbfc73b619052527d5f841e0", 0x6c}, {&(0x7f00000052c0)="dd4de269b15cc17f916c5a1ed9f80e53fdb2efbd4f70618eca469ba096951ba9ea12d6c5c0012a4816c9c16c14fc7091e7b5c37c095255f86adc52cb81ad1dc819b4a3dac993e54fa9d91613962f862598b86d6b19c5d69f5c65d1", 0x5b}], 0x3, &(0x7f0000005440)=[{0x1010, 0x103, 0x1, "7e00fb50bba5b8cb3eeb17058f291ed53dd35683a8d96698cfd3f1ae8cccbfa30c92e3395909493731b4b3161bff909588d99adead453f6721aef172a9a667552171c8dc3587feea3a3f03035721d7e513125d38094e3d172a37377c306c5dc156fae7d4f33182080d58e6afa86d17342913233612a310a0cd7a91817a62f53d5da642e9689676cc2c8504a0120492d9a72f6185bf8fe92472ec337d2682691b444126c47fafce59882942f9c300658d49d36a846753fba6a49a3f933980b3cc5fed93a2e02389014a04976da15ea88c1e5f1f607f661ac7f9ada0e99686fa341205be4cdc0cacd3b7059dfa9e9acd43e5539136b0a3f500ddb8bd377987af9389096ac0ec16dd4b8d0a2571da5e308b1496a2c64c2f5bd2d16413edfdd10912448a67e10449bab7d21b31dda14ddec03064db72efea22c09b9ee6f986de5c30278c7fc10f2cdc1153100a8f68d04748eca4b58d7b0206a90e3e866640535d49956b977468e256ae2d3acdb6ca332fb0cf4db565dfa9a7c7036686c09ed78cb959d0bafed5558824605ae6eaa1249f63983bf325531af3374bbef15ebfecfda02ca5e250420e004bb23c33cf1dbc1885c42f54fd8a40b0f8a29ff30366d7fcd51f30882e0071a5519e0f77925fba2ed09479a1377ca9b76f51f3ddae80378e2eb2b6178dcb982cf0675612724dfc308423e23ff9f1fc80002358623ab3cea16541ce3f9dfa9d400cbab4e2385733a87c6bdfac1a5314168eb0e00035d2ff47a10bbc62b0cfbfe773e437e736da04305ff1b34e091a8a59cc5ae884aabd13057f6ef5a8c11e4fd474ba4fef4ba80bc0159e80b8c775debdb1981d9c0a77e001c649e7f4713334cd45952643168f5e299b1cecee404dcf7b25811ee859838ad73b43b3860f6f29e0d97bb77da2bf2f6c1493f3ae674314bda9d251cc90910879c1d4611728ac51042d774fc1498096d110b389deeb9f7f252a82e9b9633c7a7e6e7fac04482e0c48be50894f9b707d0b26e843679bd1111173cc2f90f2f454f88c76d6630acef375e4f45594f0b21210365d133cd71db5bc9fdd9ad439f4b71874c54aa6bfa8bf56092a6551253a185cea39ac52a7f0f643e4a7fa471bb80bff076aff818c3edd166093474da1947a8b65002b1ce217e987e12184217dbcd4384265afff2b15c65d10d2f7e323458b56ebd2ff2b59651350b22c788769d3589f4a1f0840a4de53294bbcbe8f7669a76c165debae40a08e069eaaa81341e799716d2684cef38907864e41b3fb8aa6614b079f1e2676f992ea7c7761b103801c6093a012b4be93202610b9dce13560d951666589ef932bb3fb136cfdb6029cdddf677b4bfd47cef62e536450a084976b2b4ebc3412e4f1d6d34c25d749ed72fd3764f6a3423cf0593572cdb31a311794b791c76afbb625c12ac1a2e6b453dcb0b33cdb3f647fe51d006fdb116af1f60c3cdda41a4730ff59b8f8a81e69b7fc37ed7c1bc1db53199648e2f31e8ca7d6e7db94810c36fe35f54c685371f5ced922a83d1c18b9e87b44daee3834f66f7aec595c25a4a8f12796c78068343296f2e6f098b9119c25f6a5200a660fb1df9c7bd40b29cb2394b9f4e1da2cbcf36176b04877d2c09c7d008702ead691dfed4517f96221758de87de2d4e136c65eb99dabe0b9fd48e044c5cd06a4cc66ad5a0f4132fe1459da2a9c51d1bf2e55e75816629f9a4e5afb22c7f8f89039b0134561c579fc536a8b4a164a1bb0724da9240e6ea76e014243810ed1af4e03a279081cde11cb58a50a8651ad0307c39a43ab3a90558cf2df93a8082aefa111642f34eaaec066c6b92b04ff0b4783599574a66c747bbc89a862763c48180981f7b9d935085ed6bf835dac642a091411841181fbce73526be41604f1abd941bde761a8e0e959065158efd69e38e3b8890c6deb2693611fa7cc6351b17ea0f2e6ba5a6cae4ed129440bb98c1b3a8ac704ad2b69ea9c833f0aaa576171d05475217a5e88dc011648a2efa2b3678769246ff70f9bc27e5a5e1220a0a3afdbf3a7d919e9a344f496b3b928a14558167f331d53cf81b2af8b510654fdb87dc69d8e7ebecc50ff8278fd85fc9b9bb1cd97a3394cf2fadfd2339f80225e15529d985d636dd750855976478c27b93d14f84e27b0b5a6fa257c72b2dd0d639ea678bebce4a5cfa4848bf7bb16e272be5b033d5c9ec766cb12c9153cb1c301fafa2d5eacd4fa190c1297c338f09c8c534d10943de1cbe42cd66c6d547901bf4d06999cd6c72cb62815b35f3abd679a3cc61c6d7c28713b3e5894263445b5d8d5f39fa8bfc9f3fe63f863700539effd63ab697648104f7257a49ccaedeb1f5fd222641c7ee690540151c630044b41a98d57be38a8e6174837ab843f32615bd71df74175a15866678a871bda8003bb12c73a765c5cdc0bafdc8a358c50c4554e98eb7920e542ce326cfc87bbb41d29e9b7ad5fa0c94a7120430047fa4bbd227a9b23b4b86e34183a3812d83554140e0adcf8277ecf23c12775fb6613738f6d6c7e0a1a9d1a8d5e0fb63c577a860bb837fff07737ed12cbfde6062425451511043ab75494770cb20dc7918bc669a73d0e174516ddd0f97d1e287ab905c47b341e9b24fd5f98e05ad4000be837c5f9848711fb09a160700ad7f0b96a40521a500fa266b5bd7ee057a625ec18fbecee71b9d7e03b2301543e9a6ad8741ffaae9b6639abc372f83fca29a75f0273897048ccc3fd2b782e02f81250d0c4189be862469b3831fff69047bf2921048b908b51327655dbf9ffaec5518d1de93b814c660dc345da69421636785e2a5c5fd15c7ee26ad2754025936e381c097fc6c65f758b5a8802d4c243a9fafc4416909c3a5fd6e1238cd8276644b4fcb66d374875b4b1b9b7ebce57e80d656c6a9219cc9c31b3c5958a4eba6d5ddfc165c7a881db0971b5c58d05b5acdf1cfc687f21ab42b0acb6074ff7cec4ffaded9ac42b468b055260b4de73413ed0cda481f10092ec347232937224104d8755f97d7d9a15d25c232d8abac6850540ae5c7bb02656348d0e6aa6a4115c464623b8ef0255adb0f06cb4043ee7f7fc6e4aac029bac10973beeb34a400153c424f60014cd57ed8b3096d25d9a023f5ab82027042fffd503829e0cb7a5ad2868cb8618bd4839d04663262615fd9ac3f2ac284af08eef747049cab82cbc227992898d1cfbf44a4bf1bb5004ceeef327b6e86f89e23a8311070802e218c1aabbd98ce1a5818449f2f8127dce23992e308ecdcf3c1891ed3a03877cec301347aa6298e9efa2f6e3de21ebc99e3eb5709088a0cadc48217cc6aac4c11e1566575027cc221c4462cbdecdbd4cd06ac0bd2ce7fe37c0c6cf183f5496e24a8733ad97036646c90a9465900058b37c4c308db26e5d3d9150f704a6ce0a5c13a5c2a8d9510326b581a1f63b6839c7c6be3a1b1e0e530eb444b56cfceabe07b1cae20fe0741a96c465075f2745b5d613b1a9d9e2ae982501e84c935172124292dbfefa724a32a9d99244821926122504c274248d7f0ef17231b9352842003a066138ffef018c1701be10899d0fd683767c9fb56243bb30ed1f6e7eba93bd7f4e30461cf61fc8393f4efbd56c734ea43a1418b73b0299b502aa0c15d5432b88d2a91d98dcf6e05aec2553133aa1114ac2c699565ee1daf7134c01c83f5c04559b137fda03ffc1bcd35c0fe7db3b361e4921e9289bf922c96733d5ff053ea39f6f5c42e823709bfaee2dfd188df4064f9935568a96a468d2b05b246102c1b31d48079bebfa104e1fa359f979dfaf3fc022a1ab7854b86dff8f35a24c39ec15f0cf15b609df1dbc41a8796ffcf7023c1ebc8f3d244db142bf18b6669a4c5bb7e76986d6b927690491a27f836166ae9540cc4da18300b3f88f248ab89bb7a6357ccba8d4d16ad4a2c7e0758666e518aeb43f454930fb5d4b39199c6a2020d9fe8acdb77ef379873abc44bb765c09eb2a90dce8328677af40ef3d6f4dd1d9ee125b5be0c140200789b2734ae3dd5b3969519ed043e08b891f2a4b7b14c783836bca777fe913e8e76ef7f208964cb9faad08248a07a691eb6e4b9f0de020efe43e18370acca50127dac74bec7dc8f817bb71c3098a7376f03fd7137f1b381b1571f280ad7d01ed2e8e5874a73e0282ed8b515cfe772b749ada2b67c4d5bf23a3705ed588f9fb9f21db8a44f100811af639e55a8fd2e2f0de557c077892af508ee486a6ef3dd427b3f80bc9ad1cf69aa40e34349a13892784a796e29a83292f700aa9e58ef57ad403d9ae10c681f304f06efb3b06c4f3e0bee3570b96e18350a31f607f225429a416f4109e21fb9165d5af123c769061a212ac3ca4914ec7ce1c2dbd6cdae2a5d0a958198182f167f8eb14171dd0044fc02ef8fbe32c7f0b205b7470b3d7d032e217a020e85b05b2d75a06e14716344c57a4185c16618750e0777afb396ba7fdc65924ae999be34c943d88782d50c207a89bdddd715801530b23a08e1ae0a16769564b2cfd669255d92d5f33b91903dce2c825a2a4766f7e5f86432765dbd97a2b3557ad8777acb1fb59c2b97fbfb094f5c2ea42be1af105c0be96a9429d77f6538cd943aa059020a457de7ebcfc7ad3799086a867ee0e1eb84dc2563bcf850e9976a44bf0db1362d96f302c4a90064a33420369e3b313bae019e13d11f10fa3119cff8cd17a92d9858cc1dbf0bd46a1dbe7d50dc605bb48ed1cbd1998132fb8cba6a34fbb28f2b475635cfa0a0e5ee359c9387da4391ea80e2d68e0c0f2a16f2462f6d9716a926423cf10b4b6fc07cb902d50babc537b268bd6e5d499c50aaed391605d178dbd913c0b0856e46cf11ead0648621ee66dbc3ba698e359ee91e20f314d502855365c8c75753e5e5ec12cf1888196a8112d16d845f7d7b3a32cebc451bf18aa3bc329790d8f68b16c816a669980f7bb68979b953972fac44c64b2bcd08a362e3be3e91d7b3059b2cd11eee69364ecc2c53dac35154a5e2b3afe670207e8fa50a6f1910c439f1e54b2fbf9a973a20c10c59b370649ce05b4438ba66b0ecc485ae4342db119ff3ccce4d4008266190705632ae3676a1368cb2d916d55d3f29fbbe3fc56edfb50f1b4ac9c573d723d85ea3e512224800c4188008932e733774843252d22997c29a3e784e5812d08ba017052ede208432f8fd60a26ace2853defdbb8e4e1fc3be8214a2927acc080cd05ee65558cad69c87430c612c2c7051fcae50f4e65a750bdb6b35e3e5111082d307da86056b801e629162f90a44491a86af2aec40570df273eede7f0838fddadd679328ca3a1f309c9d3596a47c38b4819939eb52bd81eb29f4a86540c4d9aaefb8e308eee0dbd094a3a54347a4531bf6152551a17d9954903772e16e02f27a98d71c0245118506b04fa2d2d262e01212a83bc779691c9034ec565d8816856518a634be9f5eb48c341d944da278c5ba9c30c9683ce3a45e8cf6545010bfddb7c598dca01b4a4af528cc139bb35cee1be2d61fea12b9255ac57d18f4abc74ea9c5afc56e00e3c7ab93a95f728f61e2d948b7c022b736fca1f204c1cac0293b79204f59700d2feb95481347ae2f25364d0882de119cbef0963d3828eaa6b8b0083c40403b85c930f307da855cd63b407e29e9b0f0d8425c9b59c251dfa21d1954b64bd6ed44fdb56b3c004f896c315f03ac46337c3c8afaa49ed36c577184d0cee6600015bf0d271020c8edb68633d9bebd651c48c1b6483fc68a9fc802603c6c86873806bf35cd16cfca7a419db31ef4054c834ea9d5e"}, {0x110, 0xa9, 0x3, "ea2ba45644e2f5292ab9c37031781e7ab448873f1d6dd7d3764e6603408f27b56acd2d7a6b6acb687eb21a451c4aac12973aa0c5b7ac31ba163786dcd3830f5ae49728a9b8dec5b98654d88c9168728c76dcc35b2008c98c7c47462f2b82a30f4eee35653000ee1ab0543542c57a66dbc9436578f27a5299c1a3611d4d2e881b412043dc2bbc73478d24d0745e6347c9d56ce36265cb9a708a6a93c77277ae20c674df9e0b1dcc9642282670daeb7d90cbf891840506fb4030727520d7c55297304fe987dc52e0e518e9a5919d20db6c42e8069f0123be4bb868aa9694f7541c7c1ec8367c3a5d451dca4062cc92f7490f2a84f52800fa85541bfb62dfe8"}], 0x1120, 0x50}}, {{&(0x7f0000007cc0)=@pppoe={0x18, 0x0, {0x3, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, 'irlan0\x00'}}, 0x80, &(0x7f0000007d80)=[{&(0x7f0000007d40)="381625cc103bdcc4dadf3befbc2ebe1cf370ab7253e86d0a7ce950f4798bb4c7fe829ac548fbff8a3ae2c94c69", 0x2d}], 0x1, &(0x7f0000000b00)=ANY=[@ANYBLOB="10100000000000003a0000000100000021b2e6def83a60eb652a53635688f3acec3eebace98017f3bc5c9acf84822333aa82ced4fcfcd125f32f95ec9bb316808ff9b6bfaa25ace98e3d7f1defbad187a84ae0ac450b45e54561aed8a9b89cec8b7b85754ba77f893fc711eabf7da5f77f10837624dd167bcef32fc9ea5d8ca1cdcf9ede027be8b272a5cea2710595a634dd166195ef9dfbaf06ec7294b0e2ca90bd86771cea618847e907027e9422b1055dbe623680bf522eae9994d3d5fc96da500abd4b4b23945329efaf3c41a8345ab9878f345f110f2cb2a89de5e59d9ee9eb98352b8f02184d4f5f2d13a4d57accfcb2c9ea6268dd57c2bab414c1216546cc59d2dd9b1f0945b5071ac421b0c5dfb9fa7ad24951061a45be78f0dbbb3d2f4611bd94500dc96d6d0d4a143d0e16c863e695dfc2c6d69de703c7eb92913b598face91d194ce9afbb04708b1d052346b0cadcf6320464eac3f3e4f67c9fae00a36dfb0c51f6e7a8d36dd80dfccffcb476892953308a0e0239e3cf60810b46cda7b5bb339abec9f96bef9ad22878c7cb5ef7926ad8a1c53d98b36a60dc934e4b1585522a34337df49aad02da01f8e71f7acea2438f00ef37826463361ad56024dd501bc7f036e4994b4d4a71639b14f7b27f107d2815cce00d7dbfc8dc99814ccd63eb4a528a36614d4dc5815d33fe00e289530152dfb1ea00cf8fe710ea79075d8f7399f591c3179b7562d847e8ade792cc436e3a6e153337d159b568632b723ba31921bebb7eea4ce1c3b123e5d2a5fda6ab35dc71269edd34eeec7a50273c9d1e591b9b3c136e3826df48a2fe518163b7b653d122779a70c887b5159f9ee78ef6447f84a891be270403859edfc160e68166366c3c5c11fb36c46101a8bc3ba02373aa6b24466a9d09685184b5b5c89c7cb2b705bfb1f98e578a4de8a907c1811ea1b816c13003bcb6a32532633b992cc2ca5e701978dfa37357bb76ed8362a4f01949c21840b7486c23e0dc115470a75374f8de6c04d7c81537a8fe0469e39691818b66da8772aeafeec45e82ce5e622ef8dbe84d3a3c4ebfe1f97b8fca37956ccf766328c4bb8659a53e62da269bf1024d240ac1f0d6c5bfc5f45947c071b0304938d4ddc2fdf14f188e92cec23f23e70d9b5d9cbde5f9cbd77933cde73093e9c6a84fc1cfbd3d32d13a37f4bf76fd0a4793c1f41d24ef6609bc837893d529ed3aa06a08451eda35945273db672da18a8ca865da7e57e209c98dd08ac3d67d9ff4de41dc0e0772a316b74436aaca1e454b017017701f213502367041c12d6e64f4fbe3c00f4575869acb04ee6f6dfdffe2a7530befb88b5e15d4bc7aacf3f7a1ac20c5e063de0728cf1b5557c14c4c7b81538a73a2f9ecce434ad4d01b799b18cda5ec22dffc2663870fb7a8666fc662e76020c5cfc7da28fc5a2d2c1720261910cb57adcee3e3b5592c0e6642d4ea509ae36e4b473e8a299c353e5212a900553867f96ae6cd26e086b62a3de00bbffba1acd3e9d5757c02cd40a45faed0bde2b0ea34dee98a49e5154af75e24357e596b23dc4dc1b14691342319e9dfbf458df2577e3afb7ab36200fe4d46902e4a8bc5828817efd7ea1ea4cfc1890e9ffffb3ff40c914cbafafc2a87484f750fb7405117c413810bae1dd8f3286bd488fe0d32c65298530e3d7b509e7283aff9534dac97f9344172fc2cd96bee7c89df3685b4f847f1f37daecfdd997d4e39d3f7fb264bff86414a606d5f3c57b168bc8211dd82fc47ae421d5f78ae6e1a3bb8820469515ba2eb7b78d81a8cce69a1f5c651b0d00a288751e67ce1131c5d30d4d6c93f422f9346faa6ae13c9468745e547410c11d1f2adeb2fa4735f4e7e0a5a16233614784edb8e209bd965232e15a921f7a39fb13ccd6c07fe8e331a2cd15d80aca70f6d023d4bb941c0fd783ea57df55fd0ce4ca009480aeccf96fe4085d1c193b1fc196e11c139795659460eb8415e94c49a604b14e02702ad379d84c831860d969c91c9764685d2755d55308009f97ee9a0d993d1bf3e805810e8e8e1d29246a0f3bb6fbc42754637d4160558d9e68dee169f3e531ba8917e4d4656a92a69c22d1ad3c548d686775dae244025b773ebd968270e8eb4ee7724a372027b8702ce124e996d66d0771f95e8ef2f47aa1c77ff4c126ae7610113a41f7b3dd69ff4a9f803dcf9e013affb519d8ec851277683ea042393714d2275c9682008d39261c995978473ec9aba72ee473069f8a573e4c92237584a01f1a8aa900d8a9ddc0c0858c3658104a7950358bb5f324cf7769077febc3be62101136ecf63ba128fce8f433f1993df9471a7210ee910e98526fafaab67003b37a1c0308096261a783c0041978335c091e2f44251964c54851437f7ca7b7a54bf2c9bfc79c78466fe6364a2c5ee9a45175172a471fac7a7275f859e1e2eb6e96fa57545851ba733a365ac0f772e8e163d3a4c603fd655f5a826a9b739ab207f42d2b1ffa6fd9a50ddf8c4039e7ba9193dd1c76a4d0f478a7a94359464e6ed7ba44bc8bd086c9f299bf8c90ef98153dde48ddb7e929b041d0d24a9a140f4d0778fe28c229dcee98a64ddd2bb81b2211989c556a33f4b91de33b609f932215d616b227ba9dc3524c423d3c3da0c3478f9af7f642dbcd962ececd2ea24761675198f0723c1b5d3a79102368ccf14dcb456a9a05ad1dba01431c77f0e39e406708df36bffa95c0f73f9428e5cd37b2654afabcf3b6fe0a0f2d450a1c89070285d7d68aad432bb4665cdb8c60d01ed9974b86c025b5e3333ee66f8e350042009a2b2809868ba1181b88c3f7723e9fbce8b93d4e8923829466fc2436f3d40e783fec49e867cb6bc46480322670515470e54d67ea34a5be165dc324c6858bd2ad75235f1191dc135294fd4a230f1eb839cd40dc5791029e6e0ad38d46f85750b28c4e8442f86cf52c375053ca6fe07403bb90f117f0f35fc05f6f81918cb49df2524239511c824b58de4fe45032e298f1b118da9163ef2a829488fac84d5d67e2bb0b6d04e740d26bfb65ccdff81e67613a43e6ab77da6acbaf63a03505802987dfdbd2a3b0223667225871e613981282c37da8599dee3727f46cb444480047d0b33de4d87db44c7a40673d8f836cbe82c8790ca602165aaba02a0b4dac7206fbcfd2fcbfcd1eba1724d82458d54f7262ef2b29b05bf63b5bce9b8c77719e41a7c65b2ae4c259279c0c9a583d4523282381a4a18249bb3ad87c1c357e293a011c1d5d93c7c07affda753777764b9ca619cd21add1879a260535706be12d5663008b87c4169debc395e0e3c4e12a9d2d54bfe19deed5530868c6e96857f78af06e6385460ee77d4389a819f1256ea92b42d346cae0fa5fdb91a74d27aea4ff6e79787b0b6450e0800a2ab9b6d9012b05411c6b4d3dd721daf66b386d35de20e7b45ff6cdab4da1a7596455b18d60bdab4ba96868280de416ff851583d285b6ca2858da3fc0042bb1997446a9f081e8c39f505e25eb1b5981d2990f245c31cade25e451797ed22d739514b05d640a9dcfd2413a6d026cdac8bb5a4150154c639fe96bbe61e9baf1c7228b62c47244a940a6e2b1081e9bb05336c941a474b64c35ae0b682f5ed5656fa13547a8965e38039867942db98da3ae3eb0d4c5ac768dad3044e52b246d38a2418e0977ee2fcd135bb9c8c65d3a10703a82051ab8c529056d3109da05ba31176cf8f91fd8a94c0be5abdb7f8aa4a583914cccd086a14146a06632586cbd0db2608ef16026cd5d293bca54d2ac76ef5e8aeda800af2051ed919fa0be35aadc5e1256cf02dd164234a355510ebeae9d6206b8e5e74e41feb00d9de2c974aa494cf54f7965c6c51eb87b31237b93af2ebe46127f0ee74de9db8e9acd631d2bfdb57d4855ef2c7a993c0869cb0ce1594ce91308c4f562f434259fae23de1d24a331fb03dc3773bd5ee653570417ffc7f229bb9f4fa70c729c7a03e4c78985d2d83aa39df6d127e174defe27081e316520110fdb308545186533d37b6443ead837cad306d53d9aebe8f08c6b6e95872a988470dd1a80f97c6164d9a6d4ad88b661bc8cd4ea426fdbed4c9701e28c23c0e51983892e673912ba6829433fa33ff5a47008d8b4432c23475b13d20403eff6d312e7e0fad29d7d305db4b39e6b60884a753f7ea2892b4c5db69d733d8f9398a345150bbf16fa6806b098389b5ff62bf2171a10aa0b55e77d31835458c3b3d485eaf43267180ab6239830e64c87dc843f38d90fd9480012533ae7e9e7fb3a4f06e420b5b59bbd5d624d8c0f37764a8300964d68ba425620af8fcf08064bec014b92b70097bebd3a77773f3d96c42c2b798bae02393038e5362bda620ab2a4ef64bad3a2c25302f2bf9ac35f9086e05ed8c525c028a49fe2d837851dd866a0b590e3152466fa8a0e8bd25c4add585088e1bb1fd3918cc592cd08479abef34949199875ce796f08bc019b580f3131519930964edb31c4b5712652cfcd60f920e393d330edae50b9b9c0879ff90d386128a924a0e158d8f25a809c178d89eb9570f8750744996b5e4451cae7975d4339d4a0003e0e1b87c04673ec6c73a816049bbf8363e6f120ac973e2da7b5acc580c186e669e5a28de567ef6f6285b8e90ebbd2ba167100887861ffe4da88a81da6169d293aefb882a20f820592dd1de624e7f5075f235ff88454d0ad1da1c18af6354e40d220766e73dbe2e2b862b92a735ad9cfae1d01208e12c0b4c6a7c527de92a4d1f33981feddac2ec8048e6c81d02d37fbcdeac58ba8d40877e5a8fbe59b43f78bf6f15bdab7d8e4df396062cd1042a2ad4a6f8a9dff521cd0ed1f2444d62183bd366caf91408d9b0fb2501d62a681aa30618f6076dd1aa4f9ce24015bc158be76ea161b394ca2aa5cf30e8e9452f9bd19f1bb62425563cf6a32fc3b0292073d8559e186f9474b90f8ccda2371042efe33996c65549a7aae9d2fac16d80ba91bb86c282a1d43f3e241ffbbc99cbc63e47ec764c8400b15c5a412f0e1296149310228c90a2bc4d6188d5808183ba6495ba224ea06b2eab8b02a3e3e3d141216ff0f17f93ea5eff18663f17665855f7c10428339488114977423d8f4fa85aea283b2cf77651132d15db8aeaea30f66e576c587a8c54f4c3fe9bac73c04b714d0c37554783d1bbc4853c77febf4d7e6d6e6be9c9ea019052f50241cc0348ee889ce50af83afb383358df732f7c1c9243adc576ff8cfb29400185e6f52d70db18f46c0008a340069b5523a17969ab211624bc39b4100a537c88506a7c056df1d34b4cced934837e5127c1704f1ff845babafa343c3509fb548d6e8f80e1b851a34b53d1ecb212ac5b0dd7e5a909537cbaf7c4c960a78d3c7148b823b0ce42ab555888560203dcaaa9ba1ed319cdc86aa69ce3846c224587016910024b55b5210565999b04071c7095ea51cadd65431afd1aa62e60929eb3d2e1f3e29ae3bf656e6528a2835c73de903f6d6a991ddf941816caa23cfffed8322b6284156cc4916040eb1b5403b774ede458c87d512299f09d812a8a470b1608cf571694176eb1d3517b8df02fd13f4f8120886c5faa7e9c2497c6da0a42dc643fa449ef82fa06bd91cdf80f1e79d5eb2c81cdccbd4b72af97b04bac615dcd4622d37e3038c260608fe42c4f71bb87e2ca7be670a8d7721cfe1ff3c6821379a01e369363946d5a5df68d60ff364911d405899491570c206b47526cc7f420e457abaaba26bec66907a265662b143c58671617e90c9914724627f7a30d262933e69f5e4e97caf7e8dd7ef1829ddbb6b940e0000000000000001601000008000000d890a57a5aa810ae6d8f10b2a3d7b32db7a6d60b47afa076bf5dd4094364ba8ae37405add2f2646656dfc8a0f4718301103f3fd825ab1bb1bde1e005dd2b0c54a2ccb205df58bf9b6a41155b8f0bada5797966beb44abe4c38baba2d8fc0b66642d830c84d51ba66a1ee69905eaf10f0935c2879ed2351a9523c52dbca9b7afd0c9557d25b23fc58cdb6a9d2ab71798e8f3b04509a54c4dffbf8b1d9a949443e4b3cd701212c505646b0b1203600117840da9425f0aa992ee9ab2f8b814a5968dde890528f9d6c78a794373384a6c8e3"], 0x10f0}, 0xffffffffffffffff}], 0x5, 0x0)

2018/05/24 23:56:55 executing program 2:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0xffffffffffffffff, 0x1, 0x0, 0x3ff, &(0x7f00000001c0)=[0x0], 0x1}, 0x20)
ioctl$KDSIGACCEPT(r1, 0x4b4e, 0x40)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000003fe8)={0xaa})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r3, 0x84, 0x8, &(0x7f0000013e95), 0x4)
ioctl$sock_SIOCETHTOOL(r3, 0x89b0, &(0x7f0000000040)={'veth1_to_bond\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="4700e1ff00000000000000000000000000f055b400000000"]})
close(r3)
io_setup(0x3, &(0x7f0000000080)=<r4=>0x0)
r5 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x8000, 0x0)
io_cancel(r4, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x7, 0x0, r3, &(0x7f00000000c0)="586ed8eab370b09a41169c8cc49e7af7dc8458ebd6b98a2ad005cb5435aaa4649a155ca1d8e5b6fac0ddab4e5c9bfbdf483c0f85fd3d33", 0x37, 0x200, 0x0, 0x0, r5}, &(0x7f0000000180))

2018/05/24 23:56:55 executing program 1:
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs\x00', 0x20000, 0x0)
ioctl$DRM_IOCTL_VERSION(r0, 0xc0406400, &(0x7f0000000340)={0xbd, 0x3f, 0xfffffffffffffffc, 0x85, &(0x7f0000000140)=""/133, 0xdb, &(0x7f0000000200)=""/219, 0x40, &(0x7f0000000300)=""/64})
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000002ff7)='/dev/ppp\x00', 0x0, 0x0)
ioctl$EVIOCGABS2F(r1, 0x8018456f, &(0x7f0000000000)=""/227)
ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000001000)=""/246)
ioctl$EVIOCGREP(r1, 0x4008744b, &(0x7f0000003000)=""/174)

2018/05/24 23:56:55 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
r3 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x3, 0x408000)
setsockopt$bt_BT_RCVMTU(r3, 0x112, 0xd, &(0x7f0000000080)=0x100000001, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000480)=[@text64={0x40, &(0x7f0000000400)="66f3430f7f6dfe66baf80cb8f1438684ef66bafc0cb000ee260fd5143507000000c462fd1d0966ba4100b06bee48b800300000000000000f23c80f21f8350c0010000f23f8c48245a7cb66b86c008ec066baf80cb8a49b4c87ef66bafc0cb800000100ef0f32", 0x66}], 0x1, 0x0, &(0x7f00000004c0), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2018/05/24 23:56:55 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="006340400000007a0000000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:56:55 executing program 0:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rtc0\x00', 0x181000, 0x0)
getsockname$unix(0xffffffffffffff9c, &(0x7f0000000140), &(0x7f00000001c0)=0x6e)
symlinkat(&(0x7f0000000040)='./file1\x00', r1, &(0x7f0000000100)='./file1\x00')
quotactl(0x2080000201, &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000040))
r2 = getpgid(0xffffffffffffffff)
ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f0000000000)=r2)
getsockname$inet(r1, &(0x7f0000000200)={0x0, 0x0, @broadcast}, &(0x7f0000000280)=0x10)

2018/05/24 23:56:55 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff00000000]})

2018/05/24 23:56:55 executing program 5:
r0 = socket(0x20000001, 0x3, 0x0)
ioctl$sock_ifreq(r0, 0x89e7, &(0x7f0000000040)={"7665746831fbc6d71a74446105008000", @ifru_settings={0x10000, 0x100, @cisco=&(0x7f0000000080)={0x5e5, 0x200}}})
syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x0, 0x84803)
r1 = syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x3ff, 0x0)
r2 = add_key$user(&(0x7f0000000140)='user\x00', &(0x7f0000000180)={0x73, 0x79, 0x7a, 0x0}, &(0x7f00000001c0)="2dfbe6f0cbede57cc3f85db23b362fada0d4bd99ee3f78e6845a74dd7c79eb4612d17c7ed389e19b163b57bcbe36bfb39300be16710ade0b1b2956416c6d03afc32811369de494f482196add19a635b72627e6f4563979ee7715cb7f8b96742c073e63ae5a85513e3b66d88aad93520e931ccd41652c7634f56f9fe9cd4d7da32fa7a4ac23fc7564bfcf9574fed45b2605ee6c8ba0a70d7caad18febef2366011a56a2e5ca4189804bb299f9b78fb37edcdfeaca5aa864a11c3a61a3f2757109e6e1057488d0b0ec88be9ac75764b3cba37dc12eecc3234dfb62e1311eeaeaba553c18", 0xe3, 0x0)
keyctl$read(0xb, r2, &(0x7f00000002c0)=""/111, 0x6f)
ioctl$SG_SET_FORCE_PACK_ID(r1, 0x227b, &(0x7f0000000100))

2018/05/24 23:56:55 executing program 4:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000080)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000140)=""/144}, 0x18)
r1 = socket$vsock_dgram(0x28, 0x2, 0x0)
shutdown(r1, 0x0)
close(r0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0)
setsockopt$bt_l2cap_L2CAP_CONNINFO(0xffffffffffffffff, 0x6, 0x2, &(0x7f0000000040), 0x6)

[  677.723828] binder: 11963:11975 got transaction to invalid handle
[  677.730354] binder: 11963:11975 transaction failed 29201/-22, size 24-8 line 2856
2018/05/24 23:56:55 executing program 0:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ifreq(r0, 0x8947, &(0x7f0000000100)={'bond0\x00', @ifru_settings={0x10000, 0x0, @sync=&(0x7f0000000040)}})
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x2000, 0x0)
ioctl$KVM_SET_SREGS(r1, 0x4138ae84, &(0x7f0000000140)={{0x2000, 0x6000, 0x0, 0x5, 0x3f, 0xb3, 0x6, 0x8, 0x4000000, 0x7fff, 0x8000, 0x7}, {0x0, 0xf004, 0x10, 0x73c13f04, 0x6, 0x1ff, 0x1, 0x5, 0x7, 0x0, 0x9, 0x1dee18fc}, {0x0, 0xf000, 0x1d, 0x1, 0xd2b6, 0x5, 0x3, 0x2e, 0x176, 0x0, 0x7, 0x3}, {0xd000, 0x3000, 0xf, 0x7fffffff, 0x1, 0x7ff, 0x1, 0xfffffffffffeffff, 0x10000, 0x10001, 0x1, 0x1}, {0xd000, 0x0, 0x0, 0x0, 0x8, 0xfffffffffffffffa, 0x3ff, 0xbc1c, 0x100000000, 0x4, 0x1, 0xdf3}, {0x6, 0xf000, 0x10, 0x3, 0x4, 0x7, 0x1, 0x1, 0x6, 0x1152, 0x3f, 0x7}, {0x1f001, 0x10f000, 0x3, 0x8, 0xfffffffff3a8b33a, 0xa15c, 0xfff, 0x3, 0x6, 0xfffffffffffffffb, 0x5, 0x100000001}, {0x2001, 0x0, 0x3, 0x100000001, 0x2a5, 0x4, 0x80000001, 0x0, 0x9, 0x101, 0xfffffffffffffffa, 0x5}, {0x2000, 0x1000}, {0x5000, 0xf000}, 0x40000, 0x0, 0x10d000, 0x200, 0x1, 0x100, 0xf000, [0x2, 0x9, 0x1, 0x5]})

[  677.804515] binder_alloc: binder_alloc_mmap_handler: 11963 20001000-20004000 already mapped failed -16
[  677.833879] binder: BINDER_SET_CONTEXT_MGR already set
2018/05/24 23:56:55 executing program 1:
r0 = socket(0xa, 0x200000000001, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r1 = socket(0x1e, 0x805, 0x0)
r2 = socket(0x1e, 0x805, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000}, 0xfeda)
dup2(r1, r2)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000, 0x0, 0x2, 0x3ff}, 0x94)
sendmsg(r1, &(0x7f0000030000)={&(0x7f00004f5000)=@generic={0x10000000001e, "0100090900000000000000000226cc573c080000003724c71e14dd6a739effea1b48006be61ffe0000e103000000f8000004003f010039d8f986ff01000300000004af50d50700000000000000e3ad316a1983000000001d00e0dfcb24281e27800000100076c3979ac40000bd15020078a1dfd300881a8365b1b16d7436"}, 0x80, &(0x7f00000014c0), 0x0, &(0x7f00006e9c68)}, 0x0)

[  677.861543] binder: 11963:11975 ioctl 40046207 0 returned -16
[  677.946589] binder: 11963:12006 got transaction to invalid handle
[  677.953113] binder: 11963:12006 transaction failed 29201/-22, size 24-8 line 2856
[  677.995889] binder: undelivered TRANSACTION_ERROR: 29201
[  678.005534] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:56:56 executing program 4:
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r1, &(0x7f0000012000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f00000003c0)="0f01dfb9ef080000b8861b0000ba000000000f3048b86530d467aefa30370f23d80f21f835400000900f23f8672e470fc7fe3e0f07b909090000b8ceb2dc7bba80284b430f30c401e56910b8010000000f01d94a0fc718f2430f5d51dc", 0x5d}], 0x1, 0x0, &(0x7f0000000140), 0x0)
ioctl$KVM_ASSIGN_PCI_DEVICE(r0, 0x8040ae69, &(0x7f0000000000)={0x100000001, 0x7f1fdd4a, 0x2, 0x2})
ioctl$KVM_RUN(r1, 0xae80, 0x0)

2018/05/24 23:56:56 executing program 5:
r0 = userfaultfd(0x0)
r1 = accept4(0xffffffffffffffff, &(0x7f0000000000)=@nfc, &(0x7f0000000080)=0x80, 0x0)
getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffff9c, 0x84, 0xe, &(0x7f00000000c0)={0x0, 0x67a, 0x5, 0x80000001, 0x8, 0xf84, 0x10001, 0x3ff, {0x0, @in6={{0xa, 0x4e23, 0x1, @empty, 0x5}}, 0x1, 0x81, 0x8, 0xffffffffffff7fff, 0x8}}, &(0x7f0000000180)=0xb0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000009fe8)={0xaa, 0x22})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000911000)={{&(0x7f00003e3000/0x1000)=nil, 0x1000}, 0x1})
clone(0x0, &(0x7f0000001f37), &(0x7f0000001ffc), &(0x7f0000001000), &(0x7f0000001000))
accept4$ax25(r1, &(0x7f0000000340), &(0x7f0000000380)=0x10, 0x800)
read(0xffffffffffffffff, &(0x7f0000000280)=""/100, 0x64)
read(r0, &(0x7f0000000400)=""/100, 0x64)

2018/05/24 23:56:56 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x0, 0x0)
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000180)=0x2)
fcntl$dupfd(r1, 0x406, r0)
fsync(r1)

2018/05/24 23:56:56 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff000000]})

2018/05/24 23:56:56 executing program 1:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fd/4\x00')
writev(r0, &(0x7f0000001480)=[{&(0x7f0000001380)="b7", 0x1}], 0x1)
fcntl$setstatus(r0, 0x4, 0x2000)

2018/05/24 23:56:56 executing program 3:
r0 = socket$inet6(0xa, 0x2, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x400, 0x0)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c)
sendmmsg(r0, &(0x7f0000006b80)=[{{0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f00000001c0)}}, {{&(0x7f0000000480)=@in6={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x80, &(0x7f00000007c0), 0x0, &(0x7f00000028c0)}}], 0x2, 0x0)

2018/05/24 23:56:56 executing program 2:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket(0x2, 0x1, 0x0)
listen(r0, 0x0)
setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000000)={0x77359400}, 0x10)
accept4(r0, &(0x7f00002c0fec)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00003bd000)=0x14, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000ec5000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x8}, {0x0, 0x1c9c380}}, &(0x7f00000001c0))
listen(r0, 0x1000)
tkill(r1, 0x1000000000013)
syz_open_dev$sndctrl(&(0x7f0000006000)='/dev/snd/controlC#\x00', 0x0, 0x0)

2018/05/24 23:56:56 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000000000000000002000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:56:56 executing program 0:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
getsockopt$inet_mreq(r0, 0x0, 0x23, &(0x7f0000000000)={@multicast1, @multicast2}, &(0x7f0000000080)=0x8)
r1 = syz_open_dev$tun(&(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={"79616d300001178b00", 0x4012})
close(r1)

[  678.813127] binder: 12016:12018 got transaction with invalid offsets ptr
[  678.852300] binder: 12016:12018 transaction failed 29201/-14, size 24-8 line 2999
2018/05/24 23:56:56 executing program 3:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x33, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x4)
r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sloppy_sctp\x00', 0x2, 0x0)
ioctl$LOOP_SET_STATUS64(r2, 0x4c04, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x7, 0xfffffffffffffffa, 0x0, 0x0, 0x14, 0x8, "999caf1922209956025fbae933dee83c284b25202f21925af71bcbc2a7a21bb6980b3e6d58b2eb2231bc83befdfd9257ef68a1f0dc9b6b5e75cf5dfb50db4e4c", "fc767bb6112b7d0034e2c995c39d2706bb7fa6f9625d5f716b18c98dc161e8d1c1c09817493f4a2811bc38e17f764db8fddc661d6b97af5c7e3b6b5611a39110", "34246d2a3065abfd489647669651cc622fcaf79eac72d92372bace8a072ccb3a", [0x80000000, 0x6f]})
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000003fe8)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r3, 0x84, 0x8, &(0x7f0000013e95), 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @ipv4={[], [0xff, 0xff]}}], 0x1c)
close(r3)
close(r1)
r4 = memfd_create(&(0x7f0000000180)='/proc/sys/net/ipv4/vs/sloppy_sctp\x00', 0x1)
recvmsg$kcm(r4, &(0x7f0000000840)={&(0x7f00000001c0)=@generic, 0x80, &(0x7f0000000780)=[{&(0x7f0000000280)=""/191, 0xbf}, {&(0x7f0000000340)=""/128, 0x80}, {&(0x7f00000003c0)=""/215, 0xd7}, {&(0x7f00000004c0)=""/142, 0x8e}, {&(0x7f0000000580)=""/78, 0x4e}, {&(0x7f0000000600)=""/80, 0x50}, {&(0x7f0000000680)=""/84, 0x54}, {&(0x7f0000000700)=""/78, 0x4e}], 0x8, &(0x7f0000000800)=""/5, 0x5, 0x5}, 0x40010000)

2018/05/24 23:56:56 executing program 4:
r0 = socket(0xa, 0x2, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c606262c8523bf012cf66f")
r1 = socket(0x10, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x8922, &(0x7f0000000080)={'bridge_slave_0\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="3d00000000003f0177900000010000000000000002000000caee0000fc0000000010002009000000"]})

2018/05/24 23:56:56 executing program 1:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
getsockopt$ARPT_SO_GET_INFO(r0, 0x0, 0x60, &(0x7f0000000000)={'filter\x00'}, &(0x7f0000000080)=0x44)
setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f00000000c0)={0x0, 0x2710}, 0x10)
getsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000280), &(0x7f00000002c0)=0x4)
getsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000100)=@assoc_id=<r1=>0x0, &(0x7f00000001c0)=0x4)
setsockopt$inet_sctp_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000200)={r1, 0x2, 0x6d, "99e79998e8386cb50c98d06c54488a30417c4457cce9876453e6943b2fb4db0f2b756116685d460f2ff39b9db7e1825f074433ba889486b39a0b285a4842cf87d506e63ae75cc905ec9fb785cb165f01f5b1189be9abc249084b0c057d26a13b13216e27c49b84801a1543a87b"}, 0x75)

[  678.893125] binder_alloc: binder_alloc_mmap_handler: 12016 20001000-20004000 already mapped failed -16
[  678.922726] binder: BINDER_SET_CONTEXT_MGR already set
[  678.950337] binder: 12016:12018 ioctl 40046207 0 returned -16
[  678.976810] bridge_slave_0: Invalid MTU 536870912 requested, hw max 65535
[  678.986893] binder_alloc: 12016: binder_alloc_buf, no vma
[  678.992662] binder: 12016:12049 transaction failed 29189/-3, size 24-8 line 2971
2018/05/24 23:56:56 executing program 3:
r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x100)
ioctl$KVM_S390_UCAS_UNMAP(r0, 0x4018ae51, &(0x7f0000001440)={0x1, 0x401, 0x5})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000400)={0x5c, 0x0, &(0x7f0000000340)=[@exit_looper={0x630d}, @dead_binder_done={0x40086310, 0x4}, @reply={0x40406301, {0x4, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000280)=[@ptr={0x70742a85, 0x0, &(0x7f0000000200), 0x1, 0x2, 0x20}, @ptr={0x70742a85, 0x0, &(0x7f0000000240), 0x1, 0x2, 0x15}], &(0x7f0000000300)=[0x0, 0x40, 0x38]}}, @register_looper={0x630b}, @enter_looper={0x630c}], 0xa, 0x0, &(0x7f00000003c0)="a782dc17aaddb89ee802"})
r1 = gettid()
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
sysfs$2(0x2, 0x5, &(0x7f0000000440)=""/4096)
process_vm_writev(r1, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xffffff80}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x40000, 0x0)
r3 = syz_genetlink_get_family_id$fou(&(0x7f00000000c0)='fou\x00')
sendmsg$FOU_CMD_ADD(r2, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, r3, 0x120, 0x70bd2c, 0x25dfdbfd, {0x1}, [@FOU_ATTR_TYPE={0x8, 0x4, 0x1}, @FOU_ATTR_IPPROTO={0x8, 0x3, 0x73}, @FOU_ATTR_AF={0x8, 0x2, 0xa}]}, 0x2c}, 0x1, 0x0, 0x0, 0xc000}, 0x20000010)

2018/05/24 23:56:56 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f00000003c0)='clear_refs\x00')
write$cgroup_pid(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="121b2e35fa8c6778b3b168bb84867caed7b954c13439bbb96c27f687c892862945260209634260cdf2431243f547e5c0669ad2b54742c9f6474e0ceeae26319181f7b120037505e89ed1a7c3e1ec1125075211e0ab900d6aeabe8d51e3f98eb81709e2c21f4265d809e47f077e45119fbb0200000000000000879c1804b1f1899fdadb2dedfd06ef6b92"], 0x5)
ioctl$KVM_NMI(r0, 0xae9a)

2018/05/24 23:56:57 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000004c00000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:56:57 executing program 1:
r0 = socket(0xa, 0x1, 0x7fff)
setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000000)={0x0, 0x2710}, 0x10)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
ioctl$sock_inet_SIOCGIFNETMASK(r0, 0x891b, &(0x7f0000000040)={'veth0_to_bridge\x00', {0x2, 0x4e25, @local={0xac, 0x14, 0x14, 0xaa}}})
getsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f00000000c0), &(0x7f0000000080)=0x10)

2018/05/24 23:56:57 executing program 4:
r0 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/enforce\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$PPPOEIOCDFWD(r0, 0xb101, 0x0)
ioctl$TIOCGSOFTCAR(r0, 0x5419, &(0x7f0000000100))
lseek(r2, 0x0, 0x4)
syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="6766f3ffa4a9001000002e81d30000baf80c66b860fe418666efbafc0c66b80100000066ef0f320f01cbbad004b000ee260f350f21d03e650f01cb66b94d0a00000f32", 0x43}], 0x1, 0x0, &(0x7f0000000140)=[@flags={0x3, 0x200000}], 0xfffff69)

[  679.074330] binder: undelivered TRANSACTION_ERROR: 29189
[  679.080525] binder: undelivered TRANSACTION_ERROR: 29201
[  679.202123] binder: 12063:12070 got transaction with invalid offsets ptr
[  679.226975] binder: 12063:12070 transaction failed 29201/-14, size 24-8 line 2999
[  679.237823] binder_alloc: binder_alloc_mmap_handler: 12063 20001000-20004000 already mapped failed -16
[  679.249446] binder: BINDER_SET_CONTEXT_MGR already set
[  679.263262] binder_alloc: 12063: binder_alloc_buf, no vma
[  679.269010] binder: 12063:12075 transaction failed 29189/-3, size 24-8 line 2971
[  679.272148] binder: 12063:12070 ioctl 40046207 0 returned -16
[  679.310047] binder: undelivered TRANSACTION_ERROR: 29189
[  679.315643] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:56:57 executing program 0:
r0 = socket(0x10, 0x2, 0xfffffffffffffffd)
bind$netlink(r0, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x100a00}, 0xc)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/netlink\x00')
sendfile(r0, r1, &(0x7f00000000c0), 0x80000002)

2018/05/24 23:56:57 executing program 3:
perf_event_open(&(0x7f0000000200)={0x2, 0x54, 0x3e4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
poll(&(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4008ae93, &(0x7f0000000680))
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000600)={0x0, @empty, 0x0, 0x3, 'ovf\x00'}, 0x2c)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x400000, 0x4)
ioctl$KDENABIO(r0, 0x4b36)
semget$private(0x0, 0x3, 0x0)
pkey_alloc(0x0, 0x1)

2018/05/24 23:56:57 executing program 1:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000180)='/dev/full\x00', 0x100, 0x0)
setsockopt$l2tp_PPPOL2TP_SO_REORDERTO(r1, 0x111, 0x5, 0x100000000, 0x4)
write$binfmt_script(r0, &(0x7f0000000080)={'#! ', './file0', [{0x20, 'wlan0['}, {0x20}, {0x20, '-}(em0keyringcpuset!'}, {0x20}, {0x20}, {0x20, '&security$(userproc%vmnet1eth1self(:'}, {0x20, '$procbdev'}, {0x20, "70726f63e85e"}, {0x20, 'md5sum{^'}], 0xa, "465ee4dc16e6a9859302201d5d5c7a60a72432f53c2415fa5aa54c53180b423b81d62cc2f71bb72f61b0b88948be5f75db03b39d1fab40604850868eddb606c9294d35e862a93b70227a980c878c1e4f74d22189776b415bbe20db7d29b4f66438736b6c90a626992bc8e4c3e0dc4ea1e5273f415cc30bcacfde2c5edccb66f8b3baf66f80456862"}, 0xf1)
sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000000)={0x2, 0x3, 0x0, 0x2, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1=0xe0000001}}, @sadb_sa={0x2, 0x1}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1=0xe0000001}}]}, 0x50}, 0x1}, 0x0)

2018/05/24 23:56:57 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x8000000080, 0x0)
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0)
ioctl$KVM_S390_UCAS_UNMAP(r1, 0x4018ae51, &(0x7f0000000040)={0x6, 0x2})
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r3, 0x4048ae9b, &(0x7f0000000100)={0x70003, 0x0, [0x0, 0x0, 0x0, 0x1ff]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, &(0x7f0000000180)="c744240000500000c74424020a000000c7442406000000000f011c240f0134120f20e035020000000f22e0e193ea2c010000e6000f00520ec4e1be5f7cd4a266ba400066b8f4ac66efdeb7eadb7cc866bad10466b8dd0566ef", 0x59}], 0x1, 0x22, &(0x7f0000000040), 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2018/05/24 23:56:57 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000e89e02000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:56:57 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000140)={0x5d5, 0x0, [{0xbff, 0x0, 0x5}]})

2018/05/24 23:56:57 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe800]})

2018/05/24 23:56:57 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x1, &(0x7f0000000240)="c626262c8523bf012cf66f")
bind$alg(r0, &(0x7f0000000140)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="0a0775b0d5e383e5b3b60ced5c54dbb7", 0x10)
r2 = accept$alg(r0, 0x0, 0x0)
ioctl$DRM_IOCTL_FREE_BUFS(r1, 0x4010641a, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[0x5352bff8]})
sendmmsg(r2, &(0x7f0000007b00)=[{{0x0, 0x0, &(0x7f0000001d00)=[{&(0x7f0000001c80)="c4", 0x1}], 0x1, &(0x7f0000001d80)}}, {{&(0x7f0000002d80)=@in={0x2, 0x0, @multicast1=0xe0000001}, 0x80, &(0x7f0000002fc0), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="1001000000000000a9000000ff030000a19184aabcab267f55ed6200d1ede5bba38a4966799cb616f01a830c81d246c12e590f9e234c0f59c487b6c85b70db23563921000f091c2d7067d92840d0e450572ad85089c643d55951a5101879d040b52ee449cba08e435c5e981f19ed1c4f8bc1ef0ecfe3abada127dbd0c3ea230a7e417ef604d2e5ec284da99a94f4700ec7d4304d6231743932f8a974442cde73bfb1b37cfed71e93af4730e73001576aed074f52bee80c417656669af427b5ee59ac8132febbbb87e5b1b3c667fe51b8518b526bf102e01898847750a7f3885ac91c9f10ea840e150363cd3d4c476fa6c468d53d74c733074847ae20e91f69df328a79612f2e52f69a0f000000000000"], 0x110}}, {{&(0x7f00000031c0)=@generic={0x0, "3103c46ba045c3bb5b9aad4aabe1b3598ccddbf701fee1e2855dda69c26835d22c30cc5da820ee782448eb8231db0d633bd7788e247d96f5bc3c372753422299a3557903d0df2ba8f595072837302a60bcd6a7a201d8682bd2e8e8e05bec44c6c69d4aaf25b5f5a790b694da49f622e0aeb99af35836b6c1c1a367bc8eb6"}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000080)="e603c9efa3424a4121c13f7c", 0xc}, {&(0x7f0000000380)="9c0a8fa580afc540b58dc3a073dc0164ed6e8233289704a0d7751fe77e0b2ce2eded9a61ebe250d2cbc240490eacda69394d231a5f8f35bf87da07db73a410418c138eb155bfabddf0940d0ff8b455d50ac93cde05d4ca998601b52ae1354bc1d14bcc85a289eb62aae7ef55085b54c9c5c578d1a3513cf86156d7352388d662c7489ba959ea58039b54eb5bb4346cf8f6d4e2ab5b8811ad74398740defc519a827c29870517f4e34a96081f1e2164aa", 0xb0}], 0x2, &(0x7f0000003380)=ANY=[@ANYBLOB="00050100009100f4bd3a7298817ec91e3aad44c7896a000000000000000000000000000000000000"], 0x28, 0x40004000}, 0x100000000}], 0x3, 0x400c001)

[  679.798866] binder: 12083:12086 got transaction to invalid handle
[  679.805261] binder: 12083:12086 transaction failed 29201/-22, size 24-8 line 2856
2018/05/24 23:56:57 executing program 2:
r0 = socket(0x1e, 0x1, 0x0)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000000c0)={<r1=>0x0, @in={{0x2, 0x4e23, @multicast1=0xe0000001}}, 0x8, 0x3fb, 0x2, 0xff, 0xff}, &(0x7f0000000000)=0x98)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000180)={r1, 0x9}, 0x8)
getsockopt(r0, 0x10f, 0x81, &(0x7f0000000040)=""/4, &(0x7f0000000080)=0x4)

2018/05/24 23:56:57 executing program 3:
prctl$setname(0xf, &(0x7f0000000040)='ns/cgroup\x00')
r0 = accept(0xffffffffffffff9c, &(0x7f0000000200)=@can, &(0x7f0000000140)=0x80)
bind$netrom(r0, &(0x7f0000000280)=@ax25={0x3, {"571b66e0fcb0d0"}, 0x1}, 0x10)
r1 = gettid()
fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, <r2=>0x0})
r3 = dup3(r0, r0, 0x80000)
kcmp$KCMP_EPOLL_TFD(r1, r2, 0x7, r0, &(0x7f0000000300)={r3, r0, 0x7fff})
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
unshare(0x2000400)
r4 = syz_open_procfs$namespace(0x0, &(0x7f0000000940)='ns/cgroup\x00')
r5 = socket$inet_sctp(0x2, 0xa08a3b6bbcc42d05, 0x84)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffff9c, 0x84, 0x71, &(0x7f0000000080)={<r6=>0x0, 0xdf}, &(0x7f00000000c0)=0x8)
setsockopt$inet_sctp_SCTP_DELAYED_SACK(r5, 0x84, 0x10, &(0x7f0000000100)=@assoc_value={r6, 0x4}, 0x8)
setns(r4, 0x1ffffffd)

2018/05/24 23:56:57 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = socket(0x2, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
getsockopt$inet6_int(r0, 0x29, 0x43, &(0x7f0000000280), &(0x7f0000000000)=0x4)

[  679.856922] binder_alloc: binder_alloc_mmap_handler: 12083 20001000-20004000 already mapped failed -16
[  679.885187] binder: BINDER_SET_CONTEXT_MGR already set
[  679.912067] binder: 12083:12086 ioctl 40046207 0 returned -16
2018/05/24 23:56:57 executing program 2:
r0 = fcntl$dupfd(0xffffffffffffff9c, 0x406, 0xffffffffffffff9c)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r0, 0x40bc5311, &(0x7f0000000540)={0x3, 0x0, 'client1\x00', 0xffffffff80000000, "f99898b4023312bb", "de851924052d2c186c98d1f2d397c3b361c193491f84e49818608bf7f2ca6378", 0x2, 0x1})
ioctl$BLKTRACESTOP(r0, 0x1275, 0x0)
r1 = socket(0xfffffffffffffffe, 0x1, 0x20000000)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x0, 0x1, &(0x7f0000001fe8)=ANY=[@ANYBLOB="00000000000004000d"], &(0x7f0000003ff6)='syzkaller\x00', 0x0, 0xc3, &(0x7f0000009f3d)=""/195}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="b4000000002000009f00000000000000070100000000000000000000000000009500da00000000004fe3f38b5f93a2940ac7396438e1bbf3167d9e23c46ae766c222cf537c9624c38f53b5acfbd0af3e2bf57cd50c7c6994d78b6c7d162b7f58d90e33299d30328639e6fea7ece59e528d6cfa4cb8a87e9169aedc90505746d9dd1d0be16a2ea558eb553be99af5b092e23ae03bacc96cd91c0e8b15c27aad7dc2130ec12640bef938a6fc5590dd9e959463"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0x437, &(0x7f000000cf3d)=""/195}, 0x48)
write$binfmt_script(r0, &(0x7f0000000600)={'#! ', './file0', [{0x20}, {0x20, 'GPL\x00'}, {0x20, 'client1\x00'}, {0x20, 'GPL\x00'}], 0xa, "bcd6ef9214918937bd17c9cc3ae5fdc0e685ac19cc454aea71c7467ce1458b03be95ddcb2d875b7ae363c136dbc89411df954e46451df3570c04795a0de92d880fc5fb1b0eb7deed616e8309bc24dfef4197e1602c27732420440bda03ae5177d001cf625347d905220627"}, 0x8a)
readv(r1, &(0x7f0000000140)=[{&(0x7f0000000100)=""/15, 0xf}, {&(0x7f0000000280)=""/117, 0x75}, {&(0x7f0000000300)=""/155, 0x9b}, {&(0x7f00000003c0)=""/71, 0x47}], 0x4)
accept4$packet(r1, &(0x7f00000004c0)={0x0, 0x0, <r2=>0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000000500)=0x8, 0x80000)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0xd048}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=@getqdisc={0x30, 0x26, 0x201, 0x70bd2c, 0x25dfdbff, {0x0, r2, {0x0, 0xffff}, {0xffe8, 0xd}, {0x9, 0x2}}, [{0x4, 0xa}, {0x4, 0xa}, {0x4, 0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x40040c1}, 0x40)

2018/05/24 23:56:57 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp\x00')
preadv(r0, &(0x7f0000001180)=[{&(0x7f0000723f20)=""/127, 0x7f}], 0x1, 0x100)
ioctl$DRM_IOCTL_ADD_MAP(r0, 0xc0286415, &(0x7f0000000080)={&(0x7f0000ffd000/0x2000)=nil, 0xbf0c, 0x4, 0x10, &(0x7f0000ffa000/0x4000)=nil, 0x9})

2018/05/24 23:56:57 executing program 4:
r0 = perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = gettid()
rt_sigqueueinfo(r1, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x2})
wait4(r1, &(0x7f0000000040), 0x40000000, &(0x7f0000000280))
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f00000000c0), &(0x7f0000000100)=0x18)

2018/05/24 23:56:57 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000]})

2018/05/24 23:56:57 executing program 3:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
prctl$setmm(0x23, 0x7, &(0x7f0000237000/0x11000)=nil)
sendto$inet(r0, &(0x7f0000000000), 0x0, 0x0, &(0x7f00000000c0)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10)
ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000000)={r1})
r2 = getpid()
ptrace$poke(0xffffffffffffffff, r2, &(0x7f0000000040), 0x4)

[  680.018377] binder: 12083:12124 got transaction to invalid handle
[  680.024784] binder: 12083:12124 transaction failed 29201/-22, size 24-8 line 2856
2018/05/24 23:56:57 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000b4508a)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f00006ff000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x10000, 0x0)
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={<r2=>0x0, 0x8}, &(0x7f0000000300)=0x8)
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000340)={r2}, &(0x7f0000000380)=0x8)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f00000011c0)="000000800000800000")
r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x22040, 0x0)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffff9c, 0x84, 0x6c, &(0x7f0000000500)=ANY=[@ANYRES32=<r4=>0x0, @ANYBLOB="c2000000fed6320bbb3cd12b33074e6e76bdcc778b922ec7aa9a29b6ede5d1e4d848a856a95d933485ba2e88ab2e86321e99250999eca056e7b8f2d9870d2b005194619ff1383433f2fac778074491ce1af676225532b25dea2c26cc730c85dfa4b856a2992fdf014f5f43c34f8283af2fb5747178cbdec0b96d35c7f896b8b4a2697424e467c12e704a691d5dedfba09331083d78079f9d8e785930e86da46c14b5225d5aafb572b32be4027dd48e9160781dbdc78bc17a7c2980a57873598d0237f5a4c48f384ffc405071351c18e486f70210171d7fa6a7d91e0ca824add42ce14a14ffdca913d1c0d8cd42b9526d985ea3ee511c9acf3228d9110bf33aff9e896de492195e36f3cb968d96689d27afd1992142739c0a7acb3bd85848e581276f3637f33efa485f6313f7d3801e2815c1c9d67621deb7907dd303447270cfb2662282bf93b9ec56e592ae54e4de2119f889c63051afe5d7ea4a541e555061d0a188fffb08356e855f538281418432fb16e33cf3f423c771ea39c08880644df5496f5626c705c405027df6cc90a69a60a36d35467a1a994e922bb985eb899bb21b7e7c40b755feafb07225bdbe44e325e9fd4758455bdab535dd0948e8138b9cf1fe3a36b162a642cee94d13a44cae92f022bbe9a40af72fd0ff21a1c58327550c04540c185962b1bd6a00f877c1e109d01d81"], &(0x7f00000001c0)=0xca)
getpeername$inet(r3, &(0x7f0000000280)={0x0, 0x0, @dev}, &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f0000000200)={<r5=>r4, 0xfffffffffffffffe}, &(0x7f0000000240)=0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f0000000040)={0x1, 0x9, 0x1921c9a1, 0x5, r5}, &(0x7f0000000080)=0x10)

2018/05/24 23:56:58 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$inet(0x2, 0x801, 0x4, &(0x7f0000000240)={<r0=>0xffffffffffffffff})
setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000280)={0xb41f}, 0x4)
pipe2(&(0x7f0000000000)={<r1=>0xffffffffffffffff}, 0x800)
setsockopt$inet_sctp_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000040)=0x9, 0x4)
ioctl$sock_bt_cmtp_CMTPCONNDEL(0xffffffffffffffff, 0x400443c9, &(0x7f00000001c0)={{0x8}})
ioctl$SNDRV_CTL_IOCTL_PVERSION(0xffffffffffffffff, 0xc1105517, &(0x7f0000001000)=""/250)
ustat(0x400, &(0x7f0000000100))
clock_gettime(0x0, &(0x7f0000000080)={<r2=>0x0, <r3=>0x0})
timerfd_settime(r1, 0x1, &(0x7f00000000c0)={{r2, r3+30000000}, {0x0, 0x1c9c380}}, &(0x7f0000000200))

2018/05/24 23:56:58 executing program 2:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0xfffffffffffffffc)
ftruncate(r0, 0x8200)
r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-generic\x00'}, 0x58)
setsockopt$IP_VS_SO_SET_EDITDEST(r0, 0x0, 0x489, &(0x7f0000000040)={{0x67, @dev={0xac, 0x14, 0x14, 0x20}, 0x4e22, 0x1, 'wlc\x00', 0x1, 0x0, 0x5c}, {@dev={0xac, 0x14, 0x14, 0xb}, 0x4e24, 0x3, 0xffffffffffffffe0, 0x266}}, 0x44)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f00000001c0)=ANY=[@ANYRES32=r0, @ANYPTR64=&(0x7f0000000140)=ANY=[@ANYRES16=r0, @ANYBLOB="625ce4977bb4c8bf49726d7cbfbe10661180c4c5ada91dbf401eb8f37bf8303d60a00ca1113445ddb954239658adef1cad576b09fac5e50bc2992570b2b4c5e2b146302dca1104c51293c30d94efb0ca38dfa8e06aa24ae30a6fa0d6468dc2cc27ed5db6c23acb57f68372e3b515072c7282b2c035c740"], @ANYRES64=r0], &(0x7f0000000480)=0x3)
socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000300))
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={0x0, @in={{0x2, 0x4e21}}, 0x4b, 0x4, 0x2, 0x75, 0x80}, 0x98)
r3 = accept$alg(r2, 0x0, 0x0)
sendfile(r3, r1, &(0x7f0000002ec0)=0x50, 0x7fff)

2018/05/24 23:56:58 executing program 4:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = add_key$keyring(&(0x7f00000001c0)='keyring\x00', &(0x7f0000000300)={0x73, 0x79, 0x7a}, 0x0, 0x0, 0xfffffffffffffffe)
request_key(&(0x7f00000003c0)='ceph\x00', &(0x7f0000000400)={0x73, 0x79, 0x7a, 0x3}, &(0x7f0000000440)='em0nodevproc\x00', 0xfffffffffffffffa)
keyctl$search(0xa, r1, &(0x7f0000000340)='cifs.spnego\x00', &(0x7f0000000380)={0x73, 0x79, 0x7a}, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000000)={0x0, <r2=>0x0})
sched_setattr(r2, &(0x7f0000000040)={0x30, 0x7, 0x1, 0x77ca, 0x10001, 0x9b0, 0x101, 0x80000001}, 0x0)
getsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000140)={@loopback, @remote, @multicast1}, &(0x7f0000000180)=0xc)

2018/05/24 23:56:58 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000030000000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:56:58 executing program 3:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
write$rdma_cm(r0, &(0x7f0000000f80)=@bind={0x14, 0x88, 0xfa00, {0xffffffff, 0x0, 0x0, @ib={0x1b, 0x0, 0x0, {"a6c87395e68162820688158919f73c42"}}}}, 0xfffffffffffffee3)

[  680.226541] binder: undelivered TRANSACTION_ERROR: 29201
[  680.232590] binder: undelivered TRANSACTION_ERROR: 29201
[  680.309602] binder: 12168:12169 got transaction to invalid handle
[  680.316021] binder: 12168:12169 transaction failed 29201/-22, size 24-8 line 2856
[  680.393190] binder_alloc: binder_alloc_mmap_handler: 12168 20001000-20004000 already mapped failed -16
[  680.416715] binder: BINDER_SET_CONTEXT_MGR already set
[  680.418393] binder: 12168:12179 got transaction to invalid handle
[  680.422200] binder: 12168:12169 ioctl 40046207 0 returned -16
[  680.428452] binder: 12168:12179 transaction failed 29201/-22, size 24-8 line 2856
2018/05/24 23:56:58 executing program 1:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'syz_tun\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000240)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000000200)={&(0x7f0000000080)=@ipv6_newaddr={0x40, 0x14, 0x109, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r2}, [@IFA_CACHEINFO={0x14, 0x6, {0x0, 0xfffffffffffff1bb}}, @IFA_ADDRESS={0x14, 0x1, @local={0xfe, 0x80, [], 0xaa}}]}, 0x40}, 0x1}, 0x0)
prctl$void(0x3f)
setsockopt$IP_VS_SO_SET_DELDEST(r0, 0x0, 0x488, &(0x7f00000000c0)={{0x3d, @multicast1=0xe0000001, 0x4e20, 0x1, 'none\x00', 0x15, 0x6, 0x4e}, {@dev={0xac, 0x14, 0x14, 0x1f}, 0x4e21, 0x2000, 0x0, 0x7, 0x3}}, 0x44)

2018/05/24 23:56:58 executing program 2:
r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x38de, 0x40400)
getsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000180)=""/138, &(0x7f0000000080)=0x8a)
r1 = socket$l2tp(0x18, 0x1, 0x1)
setrlimit(0x7, &(0x7f0000000000))
ioctl$sock_SIOCGSKNS(r1, 0x894c, &(0x7f0000000180))
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
r2 = socket$kcm(0x29, 0x2, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000100)={&(0x7f00000000c0)='./file0\x00', 0x0, 0x10}, 0x10)
r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vga_arbiter\x00', 0x400082, 0x0)
getxattr(&(0x7f0000000140)='./file0/file0\x00', &(0x7f0000000240)=@known='security.selinux\x00', &(0x7f00000002c0)=""/24, 0x18)
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000040)={r2, r3})
getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r3, 0x84, 0x20, &(0x7f0000000300), &(0x7f0000000340)=0x4)

2018/05/24 23:56:58 executing program 0:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f000001f000)={0x26, 'aead\x00', 0x0, 0x0, 'authencesn(sha3-224-generic,cbc-camellia-asm)\x00'}, 0x58)
r1 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0xfffffffffffffffe)
ioctl$KDADDIO(r1, 0x4b34, 0x8)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f0000000080)={<r2=>0x0, @in6={{0xa, 0x4e22, 0x80000001, @empty, 0x7ff}}, [0x6, 0x60000, 0x7, 0x2c, 0x0, 0x7, 0x17, 0x6, 0x1, 0x1, 0x635, 0x2000000000010001, 0x80000001, 0x8, 0x2]}, &(0x7f0000000180)=0x100)
setsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f00000001c0)={r2, 0x8, 0x3, [0x0, 0x7ed, 0x0]}, 0xe)
pipe(&(0x7f0000000000))
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000), 0x19)

2018/05/24 23:56:58 executing program 4:
clock_gettime(0x0, &(0x7f0000000000)={<r0=>0x0, <r1=>0x0})
clock_nanosleep(0x7, 0x0, &(0x7f0000000040)={r0, r1+10000000}, &(0x7f0000000080))
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0)
rt_sigaction(0x33, &(0x7f00000000c0)={0x4, {0x7}, 0xf5802527ece2756c, 0x2}, &(0x7f0000000100), 0x8, &(0x7f0000000200))
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000015000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000140)="b91b0000000f32420f01c866b881000f00d8440f01c9b9c20a0000b80000c0feba000000000f300f3066b88f008ed00f01dfb93d1001c00f32c4e3995ec62b", 0x3f}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

2018/05/24 23:56:58 executing program 5:
r0 = socket$inet6(0xa, 0x2, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x0, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f00000000c0)={0x0, <r2=>0x0})
sendmsg$nl_netfilter(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8801180}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0xbc, 0x12, 0x0, 0x401, 0x70bd29, 0x25dfdbfe, {0xc, 0x0, 0x4}, [@typed={0x8, 0x54, @pid=r2}, @typed={0x8, 0x54, @str='-((\x00'}, @generic="e700bdef500d8c2206e4298d70f5c8ed507e1d3e73f7263a8a210e211e66b4db0e57b130e6bb68717921b849cd1fe28e90db39c337c5e0c148dcd5220b13adc208bad74d1a5fa992b9fe5e00e06eb8056cf551863c08b41787e0ee4b90e1403bba3b7cfcaec32a3fbb4366b90a210b96053971a1a3ee98f4730eb4e6edf561725bcc19c6f56d85cea1a48f0efbad08302439c115f4"]}, 0xbc}, 0x1, 0x0, 0x0, 0x80c0}, 0x4040840)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCGPTPEER(r3, 0x541b, 0x6f3000)

2018/05/24 23:56:58 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000060000000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:56:58 executing program 3:
r0 = socket(0x2, 0x1, 0x0)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x200, 0x0)
r2 = inotify_add_watch(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x400)
inotify_rm_watch(r1, r2)
ioctl(r0, 0x8912, &(0x7f0000000280)="c626262c8523bf012cf66f")
syz_mount_image$xfs(&(0x7f0000000000)='xfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x0, &(0x7f00000002c0)={'nouuid,'})
getsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f0000000300)=""/147, &(0x7f00000003c0)=0x93)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000000100)=""/241, 0xf1}, {&(0x7f0000000200)=""/10, 0xa}], 0x2, 0x0)

2018/05/24 23:56:58 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]})

[  680.451107] binder: undelivered TRANSACTION_ERROR: 29201
[  680.483742] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:56:58 executing program 2:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00')
exit(0x0)
fstatfs(r0, &(0x7f0000000300)=""/103)
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = getpgrp(0x0)
prctl$setptracer(0x59616d61, r2)
ioctl$ASHMEM_PURGE_ALL_CACHES(r0, 0x770a, 0x0)
ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f0000000540)={{0x2, 0x4e23, @multicast1=0xe0000001}, {0x1, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x1a}}, 0x2a, {0x2, 0x4e22, @broadcast=0xffffffff}, 'lo\x00'})
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000480)={<r3=>0x0, @in6={{0xa, 0x4e23, 0xfffffffffffffffe, @ipv4={[], [0xff, 0xff], @multicast1=0xe0000001}, 0x7}}, 0x4, 0x3}, &(0x7f0000000100)=0x90)
setsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f00000002c0)=@int=0x9, 0x4)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000200)={r3, 0x800}, &(0x7f0000000280)=0x8)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000800)={0x0, 0x1, &(0x7f00000005c0)=""/179, &(0x7f0000000680)=""/219, &(0x7f0000000780)=""/105, 0x2})
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000080)=0x40, 0x4)
lsetxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000840)=ANY=[@ANYBLOB="73795d74656d8877ff3a09bae59e003016dbe9deaea51ddef575747a11adffb689af87"], &(0x7f0000000380)="6f6f6f5e027173e4d51d6030bda43fba5f421640b997efd83ce965d1c9704bfe69ace2b5829a918a43ff4bb705864bbd6eef65bc197f32e530bba88028fd0975fd65ec62ac53325dd3fb12e09d8ae1332cc494e6b8b24a106c9aded169c21033571e5232b139589d60ee42d640c864a336088a4d76d43b30df7912903a2122ece29c478c5e0813a7ca1cbc4a2973c569828fbfd553bda1e94353cdeeaf6e5b514a2c82d2a0724a535768f1f7f2aba136156497fe9ac071e85b0456d69b32fe8ca189ce61ec4eb7694b5a50b247a5e4bb15922dd2309662", 0xd7, 0x2)
sendfile(r1, r0, &(0x7f00000000c0), 0x1)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r0, 0x28, 0x6, &(0x7f0000000240), 0x10)
setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f00000001c0)=0x8d, 0x4)

2018/05/24 23:56:58 executing program 5:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
fremovexattr(r0, &(0x7f00000000c0)=@random={'system.', 'md5sum.\x00'})
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000003fe8)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @ipv4={[], [0xff, 0xff]}}], 0x1c)
close(r2)
getsockopt$packet_int(r0, 0x107, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x4)
close(r1)

[  680.515627] binder: 12200:12201 got transaction to invalid handle
[  680.522088] binder: 12200:12201 transaction failed 29201/-22, size 24-8 line 2856
[  680.530911] IPVS: set_ctl: invalid protocol: 61 224.0.0.1:20000 none
2018/05/24 23:56:58 executing program 0:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000080)=0x2, 0x4)
getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r0, 0x84, 0x1c, &(0x7f0000000000), &(0x7f0000000040)=0x4)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hwrng\x00', 0x2, 0x0)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000100)={<r2=>0x0, 0xfffffffffffffc00, 0x30}, &(0x7f0000000140)=0xc)
setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000180)={0x6, 0x8, 0x2, 0x5, r2}, 0x10)

[  680.609356] binder_alloc: binder_alloc_mmap_handler: 12200 20001000-20004000 already mapped failed -16
[  680.644907] binder: BINDER_SET_CONTEXT_MGR already set
[  680.666797] binder: 12200:12201 ioctl 40046207 0 returned -16
[  680.675702] binder: 12200:12219 got transaction to invalid handle
[  680.682152] binder: 12200:12219 transaction failed 29201/-22, size 24-8 line 2856
[  680.714739] binder: undelivered TRANSACTION_ERROR: 29201
[  680.720736] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:56:59 executing program 0:
r0 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000140)={0x73, 0x79, 0x7a, 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={0x73, 0x79, 0x7a}, &(0x7f0000000100)="11", 0x232, r0)
keyctl$dh_compute(0x17, &(0x7f0000000200)={r1, r1, r1}, &(0x7f00000003c0)=""/248, 0xf8, &(0x7f0000000000)={&(0x7f0000000340)={'ghash\x00'}})

2018/05/24 23:56:59 executing program 1:
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x0, 0x0)
syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x1, 0x402)
unshare(0x2000400)
socket$inet_dccp(0x2, 0x6, 0x0)
pselect6(0x40, &(0x7f0000f33fc0)={0x3ffffd}, &(0x7f0000768000), &(0x7f0000086000), &(0x7f0000349000)={0x0, 0x989680}, &(0x7f0000f14000)={&(0x7f0000a65ff8), 0x8})
ioctl$SNDRV_CTL_IOCTL_POWER_STATE(r0, 0x800455d1, &(0x7f0000000040)=""/31)

2018/05/24 23:56:59 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000]})

2018/05/24 23:56:59 executing program 4:
r0 = socket(0x10, 0x3, 0x0)
syz_emit_ethernet(0x0, &(0x7f00000008c0)=ANY=[], 0x0)
ioctl$sock_ifreq(r0, 0x89f0, &(0x7f0000000040)={'ip6tnl0\x00', @ifru_data=&(0x7f0000000000)="ac8be4abd0f79d6325ae476aab5970a3131f2fb4bbfb3c75500e33d0612f430d"})

2018/05/24 23:56:59 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000000500000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:56:59 executing program 2:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000003fe8)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000280)=@filter={'filter\x00', 0xe, 0x4, 0x5c8, 0xffffffff, 0x150, 0x3e0, 0x3e0, 0xffffffff, 0xffffffff, 0x4f8, 0x4f8, 0x4f8, 0xffffffff, 0x4, &(0x7f0000000080), {[{{@uncond, 0x0, 0x128, 0x150, 0x0, {}, [@common=@srh={0x30, 'srh\x00', 0x0, {0x1, 0x2, 0xce, 0x7fff, 0xa9, 0x20, 0xa2}}, @common=@srh={0x30, 'srh\x00', 0x0, {0x88, 0xad6, 0x401, 0x4b, 0x8000, 0x200, 0x26}}]}, @common=@unspec=@NFQUEUE0={0x28, 'NFQUEUE\x00', 0x0, {0x2}}}, {{@ipv6={@mcast2={0xff, 0x2, [], 0x1}, @local={0xfe, 0x80, [], 0xaa}, [0xff0000ff, 0xffffffff, 0xffffffff, 0xffffff00], [0xffffffff, 0xff, 0xff000000, 0xffffff00], 'bridge0\x00', 'dummy0\x00', {0xff}, {0xff}, 0x36, 0x9, 0x4}, 0x0, 0x248, 0x290, 0x0, {}, [@common=@dst={0x48, 'dst\x00', 0x0, {0x8000, 0x7, 0x1, [0x6, 0xf00, 0x180c00000000, 0x6, 0x8, 0x3, 0x100000000, 0x800, 0x8, 0x5d, 0x7, 0x5, 0x0, 0x8, 0xfffe00000, 0x100], 0xb}}, @common=@rt={0x138, 'rt\x00', 0x0, {0x400, 0xfff, 0x81, 0x100000000, 0x8, 0x5, [@mcast1={0xff, 0x1, [], 0x1}, @mcast1={0xff, 0x1, [], 0x1}, @mcast1={0xff, 0x1, [], 0x1}, @loopback={0x0, 0x1}, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x14, 0x1a}}, @mcast2={0xff, 0x2, [], 0x1}, @empty, @empty, @mcast2={0xff, 0x2, [], 0x1}, @dev={0xfe, 0x80, [], 0x1e}, @mcast1={0xff, 0x1, [], 0x1}, @empty, @ipv4={[], [0xff, 0xff], @broadcast=0xffffffff}, @remote={0xfe, 0x80, [], 0xbb}, @empty, @dev={0xfe, 0x80, [], 0x10}], 0x9}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00', 0x7fffffff, 0x0, 0x7fffffff}}}, {{@ipv6={@dev={0xfe, 0x80, [], 0x1a}, @dev={0xfe, 0x80, [], 0xe}, [0xff, 0x0, 0xffffffff, 0xff], [0xffffffff, 0xffffffff, 0xffffffff], 'vlan0\x00', 'nr0\x00', {}, {}, 0x3b, 0x3, 0x1, 0x2}, 0x0, 0xf0, 0x118, 0x0, {}, [@common=@eui64={0x28, 'eui64\x00'}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x7}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x628)
ioctl$sock_SIOCETHTOOL(r2, 0x8913, &(0x7f0000000040)={'veth1_to_bond\x00', &(0x7f0000000000)=@ethtool_rxfh={0x0, 0x0, 0x0, 0x0, 0x0, "f055b4"}})
close(r2)
close(r1)

2018/05/24 23:56:59 executing program 3:
r0 = socket$inet6(0xa, 0x2, 0x0)
ioctl(r0, 0x7, &(0x7f00000000c0)="c626262c9b23bf012cf66f")
socket(0x0, 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCGPTPEER(r1, 0x540f, 0x6f3000)

2018/05/24 23:56:59 executing program 5:
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x24001)
ioctl$BLKROSET(r0, 0x125d, &(0x7f0000000040)=0x3)
sendmsg$nl_generic(r0, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000280)={&(0x7f00000000c0)={0x184, 0x23, 0x110, 0x70bd2b, 0x25dfdbfd, {0x9}, [@nested={0x170, 0x59, [@generic="3c94afa090ae7a3227b4bc1d1c7f647abf5b51fe42dfff8e6c7e3f11d48fb176e02a5fce3fd39f7f81f74ed4a0576408220ea8c0eeac5d204b260c366a2c8b5943", @generic="7de3c0f9427c80fabcd3de9a1924844308dcbdeed2f6bba37d4b386a17a2991b506164629f234d270034fb38ad09116fdc298e26eca181717819fb894c202469d6ffa03384779ab1ce117c113b58157938cbb33127a2e099e710e756cfd3aceaa8cbc57af6749dd6713bf889971a90c605ac8d444a148ff858e71524385861d3ce6753a8fa47", @generic="2aca629607251f964e5b926c6d00b75acd912e72781bafcc917e61a0a9e907c04106f5ec350abc913d13cb263b972c0b033ba12890642e7056bdc7c849402f2b2503d64202c298c6cfd38f0e4bd91e898706069576035f694af3f47fc1bc228af6674ba8fe72b1f8353e53e39db67249cc88caf0271b43c543f7d1c1adbcf336281cdc67d0eb406aa77030ee0a6ad178d9", @typed={0x14, 0x20, @ipv6=@ipv4={[], [0xff, 0xff], @multicast2=0xe0000002}}]}]}, 0x184}, 0x1, 0x0, 0x0, 0x20048000}, 0x80)
ioctl$KVM_X86_SETUP_MCE(r0, 0x4008ae9c, &(0x7f0000000300)={0x1a, 0x1, 0x6fa})
getsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000340), &(0x7f0000000380)=0x8)
socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000400)={<r3=>0x0, 0x6f, "9c5a2616431368dd9bd5630c9619f913682d0f84d09c020aa20fe3dc9c78300e04d5b9927a39ac86ebc471ad0a91bd2702785d754f56037726fd5240bf6f0b318f0c41de2659e8137594dfe89629009b34dfad4c0ce5c5671d23b2a5dfdd4804918bcdead94d4edd9a7ee1a0af1cac"}, &(0x7f0000000480)=0x77)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f00000004c0)={<r4=>0x0, 0x1ff, 0x30, 0x0, 0x101}, &(0x7f0000000500)=0x18)
getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000540)={<r5=>r3, 0x7, 0x5, 0x100, 0x0, 0x3ff, 0x1, 0x7, {r4, @in={{0x2, 0x4e21, @loopback=0x7f000001}}, 0x7, 0x9, 0x1, 0x0, 0x9}}, &(0x7f0000000600)=0xb0)
r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000640)='/dev/rtc0\x00', 0x200000, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000680)={{{@in=@multicast2, @in6=@mcast1}}, {{@in6=@mcast1}}}, &(0x7f0000000780)=0xe8)
getsockopt$IPT_SO_GET_REVISION_TARGET(r6, 0x0, 0x43, &(0x7f00000007c0)={'icmp\x00'}, &(0x7f0000000800)=0x1e)
flock(r1, 0x1)
ioctl$sock_ipx_SIOCSIFADDR(r6, 0x8916, &(0x7f0000000840)={'yam0\x00', {0x4, 0x7, 0x81, "ce0c5be60ece", 0x15}})
ioctl$TIOCGWINSZ(r6, 0x5413, &(0x7f0000000880))
setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r6, 0x84, 0x1e, &(0x7f00000008c0)=0x6, 0x4)
mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x140010, r6, 0x0)
ioctl$BLKPBSZGET(r6, 0x127b, &(0x7f0000000900))
getsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000940)=""/130, &(0x7f0000000a00)=0x82)
ioctl$PPPIOCGL2TPSTATS(r0, 0x80487436, &(0x7f0000000a40)="191135eddc4635829405d8087d80da3d7049dfef050e67ef3838744aaa0ef7345c866eec208902183eb6e3d33de4074905d611b41e1da10a513ce456b86a")
getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000a80)={0x238f, 0x200, 0x0, 0xd2ab, r5}, &(0x7f0000000ac0)=0x10)
ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000b00)={[0x0, 0x1, 0x4, 0x2, 0x10000, 0x0, 0x4, 0x8, 0x0, 0x80000000, 0x0, 0x200, 0x1a1, 0x8, 0x81], 0x4, 0x400})
ioctl$SNDRV_CTL_IOCTL_PVERSION(r6, 0x80045500, &(0x7f0000000bc0)=""/24)
ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x200)
setsockopt$inet6_dccp_buf(r0, 0x21, 0xf, &(0x7f0000000c00)="6b8621df907004866ea6d5575e921250b17d3e18538475c4448b25acbc35b7b46c0972e4c2d0934be274c80ba7309f9795307ff938b3bfa0e2672b0cb930f8a7807c3a1b381383e05600961de200d5dfe36f72c3b59611bcd71b3c4054af30192c5a49f51edfde14d333b918bc3e5d38aeeb5270a29df62aee41f6d3b470f4", 0x7f)
r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/cuse\x00', 0x20340, 0x0)
ioctl$RNDZAPENTCNT(r7, 0x5204, &(0x7f0000000cc0)=0x7fff)
getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000d00)={0x4, [0x5, 0x9, 0x3, 0x2]}, &(0x7f0000000d40)=0xc)
nanosleep(&(0x7f0000000d80)={0x77359400}, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r7, 0x6, 0xe, &(0x7f0000000dc0)={@in={{0x2, 0x4e24, @loopback=0x7f000001}}, 0x80000000, 0x8, 0x7f, "b32ebe787af2a2ac30f5a0ecc5fcfafd928ae97ec3662ae8956f12bf61ea4efb00fa16b6066d0e54b7634398556d7ad2e0207f0f1f9efe9af8a55a3d557b01bb652db64b03c7e008abc5a869ae6e97fc"}, 0xd8)

[  681.746198] binder: 12246:12247 got transaction with invalid offsets ptr
2018/05/24 23:56:59 executing program 4:
socket$alg(0x26, 0x5, 0x0)
r0 = timerfd_create(0x8, 0x0)
r1 = dup2(r0, r0)
setsockopt$bt_rfcomm_RFCOMM_LM(r1, 0x12, 0x3, &(0x7f0000000000)=0x2, 0x4)

2018/05/24 23:56:59 executing program 3:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000003fe8)={0xaa})
r1 = socket$pptp(0x18, 0x1, 0x2)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000000c0)={{{@in=@loopback, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f00000001c0)=0xe8)
ioctl$sock_inet6_SIOCDIFADDR(r2, 0x8936, &(0x7f0000000200)={@loopback={0x0, 0x1}, 0x2f, r3})
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4)
getsockopt$ARPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x63, &(0x7f0000000000)={'IDLETIMER\x00'}, &(0x7f0000000040))
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x2, 0x32, 0xffffffffffffffff, 0x0)
r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x802, 0x0)
close(r4)

2018/05/24 23:56:59 executing program 1:
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
getsockopt$inet_opts(r0, 0x0, 0x0, &(0x7f0000000040)=""/145, &(0x7f00000001c0)=0x91)
rename(&(0x7f0000000100)='./file0/', &(0x7f0000000140)="131377c5fc35d41454d5d41d29ad1a6029598146e6be166e41ad0dbd4054033c9f33bbda8224a2f3d772e7636e48b33cbf708372e8f1b9933ec5127743be2206209ef02df9cbf2f6e880d3382f00")

[  681.794316] binder: 12246:12247 transaction failed 29201/-14, size 24-8 line 2999
[  681.830136] binder_alloc: binder_alloc_mmap_handler: 12246 20001000-20004000 already mapped failed -16
2018/05/24 23:56:59 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]})

[  681.891166] binder: BINDER_SET_CONTEXT_MGR already set
[  681.906962] binder: 12246:12247 ioctl 40046207 0 returned -16
2018/05/24 23:56:59 executing program 4:
unshare(0x40000000)
r0 = socket(0x11, 0x100000803, 0x0)
r1 = syz_open_dev$tun(&(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x4001)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={"6966623000faffffffffffffff00", 0x5001})
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'ifb0\x00', 0xa201})
write$tun(r1, &(0x7f0000000480)={@void, @val, @ipv4={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x6c, 0x0, @empty, @multicast1=0xe0000001}, @igmp={0x0, 0x0, 0x0, @multicast1=0xe0000001}}}, 0x26)

[  681.933119] binder_alloc: 12246: binder_alloc_buf, no vma
[  681.938976] binder: 12246:12260 transaction failed 29189/-3, size 24-8 line 2971
2018/05/24 23:56:59 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="006340400000009c9e02000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:56:59 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x80001, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000200)={0x79})
ioctl$KVM_SET_BOOT_CPU_ID(r1, 0xae78, &(0x7f0000000000))
perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f00000000c0))

[  681.998547] IPVS: ftp: loaded support on port[0] = 21
[  682.007492] binder: undelivered TRANSACTION_ERROR: 29189
[  682.016476] binder: undelivered TRANSACTION_ERROR: 29201
[  682.055727] binder: 12280:12281 got transaction to invalid handle
[  682.062139] binder: 12280:12281 transaction failed 29201/-22, size 24-8 line 2856
[  682.121523] binder_alloc: binder_alloc_mmap_handler: 12280 20001000-20004000 already mapped failed -16
[  682.144801] binder: BINDER_SET_CONTEXT_MGR already set
[  682.152671] binder: 12280:12286 got transaction to invalid handle
[  682.159114] binder: 12280:12286 transaction failed 29201/-22, size 24-8 line 2856
[  682.178207] IPVS: ftp: loaded support on port[0] = 21
[  682.183786] binder: 12280:12281 ioctl 40046207 0 returned -16
[  682.219777] binder: undelivered TRANSACTION_ERROR: 29201
[  682.225744] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:01 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000]})

2018/05/24 23:57:01 executing program 4:
r0 = socket$inet6(0xa, 0x2, 0xffffffffffffffff)
socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000140))
recvmmsg(0xffffffffffffffff, &(0x7f0000004e00)=[{{&(0x7f0000000880)=@ipx, 0x80, &(0x7f0000000b80)=[{&(0x7f0000003040)=""/4096, 0x1000}], 0x1, &(0x7f0000000c40)=""/99, 0x63}}], 0x1, 0x0, &(0x7f0000004fc0))
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80}, 0x5}, 0x1c)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e21, 0x0, @ipv4={[], [0xff, 0xff], @multicast2=0xe0000002}}, 0x1c)
recvmmsg(0xffffffffffffffff, &(0x7f0000000c00)=[{{&(0x7f0000000400)=@l2, 0x80, &(0x7f0000000480), 0x0, &(0x7f0000000000)=""/117, 0x75}, 0x7}], 0x1, 0x0, &(0x7f0000000cc0))
sendmmsg(r0, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f00000001c0), 0x0, &(0x7f00000003c0)}}, {{&(0x7f00000004c0)=@in6={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c, &(0x7f0000000680), 0x3ba, &(0x7f0000002000)=[{0x10}], 0x10}}], 0x2, 0x8000)
r1 = accept4(0xffffffffffffffff, &(0x7f0000000540)=@llc={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f00000000c0)=0x7c, 0x7fc)
sendmsg$nl_route(r1, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80001}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c0000001a0020022dbd7000fd024f57587ba4601289115f77101400fd02c80000180000"], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

2018/05/24 23:57:01 executing program 1:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000003000)='-.[vmnet0^\x00', 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000001fe8)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4)
r3 = dup2(r2, r0)
sendmsg$nl_netfilter(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="f93e7798510675cd00f581a958cf446d0bb6492e92c2c09797b67477ff94126c89f1ae7eb2486e917539f35885a2"], 0x14}, 0x1}, 0x0)
connect$bt_rfcomm(r3, &(0x7f00000000c0)={0x1f}, 0xa)
close(r1)

2018/05/24 23:57:01 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000007070000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:01 executing program 5:
r0 = socket(0xa, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r1 = memfd_create(&(0x7f000088f000)='b\n\x00\x00\x00', 0x4)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x45011, r1, 0x0)
io_setup(0x81, &(0x7f0000000040)=<r2=>0x0)
io_cancel(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x7, r1, &(0x7f0000000140)="9919b83f35ceb49f000000923e73f4955b8fec2b873b648a00000000ea52a6d7cd1ff891d10000006c692e096d97d67473196436faebc5add579c99a7b8d9b2ed67b9b440b8536d7609213419baefc9226fd9d6f4f043675d7c77e57580c66b62d4db3ab7c1935b1392cd161626acc089b1abbc3bf2bdaae7b27e60f03573c9bf245ce930b91826854e68610809001491d8dbeb76dd74acd378d11ed10ca49ed828a1d932159996382adfce3c789f31331b89e17964ee47605e03187f1ef2f5aaeab696abcf4e708f6dda31e1d631fb1cb13435934fa", 0xd6, 0x4, 0x0, 0x1, r1}, &(0x7f0000000100))
ioctl$DRM_IOCTL_INFO_BUFS(r1, 0xc0106418, &(0x7f00000004c0)={0x1ff, 0x3, 0x80, 0x8, 0x4, 0x3})
ioctl$KVM_GET_MSRS(r1, 0xc008ae88, &(0x7f0000000400)=ANY=[@ANYBLOB="0a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000097e095517835a9da00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"])
write$evdev(r0, &(0x7f0000000080)=[{{0x0, 0x2710}, 0x2, 0x6, 0x2}, {{0x0, 0x7530}, 0x0, 0x7fffffff, 0x100000001}], 0x30)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x10000, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@mcast1, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in=@multicast1}, 0x0, @in=@remote}}, &(0x7f0000000380)=0xe8)
setsockopt$inet_mreqn(r1, 0x0, 0x24, &(0x7f00000003c0)={@dev={0xac, 0x14, 0x14, 0xc}, @loopback=0x7f000001, r4}, 0xc)

2018/05/24 23:57:01 executing program 2:
creat(&(0x7f0000000140)='./file0\x00', 0x0)
pipe2(&(0x7f0000000000), 0x0)
mount(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='tracefs\x00', 0x0, &(0x7f0000000200))

2018/05/24 23:57:01 executing program 3:
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af300200f5abfb9845f9e19859c9693206f2c60b0000000719e1d66e970123d893d974e5b9c3285677b2139823e5500c92ab5b94da3a7de19f063bb765b02bd5b660fb7fa898c6f5c6369c3f363068d10af833f6475bbe8b7967255b177607ba100f6c4654718232dbda64aa1f69cf9ab5b3ea3ed63452b7ebd37c9dae664e322e08ad8f6029fe8fd0b34c7117480471aeca0a3fc9eceb28509ca8a83e4f8b85131808bc5cfb4cc24e1901769c084c082712b470666b6dddf74ced693973ba1ded8b")
r1 = socket(0xa, 0x1, 0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f00000002c0)=<r2=>0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000500)={{{@in=@loopback, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in6=@local}, 0x0, @in6=@loopback}}, &(0x7f0000000300)=0xe8)
r4 = getegid()
r5 = gettid()
getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000600)={{{@in6=@mcast2, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in6=@mcast2}, 0x0, @in6}}, &(0x7f0000000700)=0xe8)
getgroups(0x4, &(0x7f0000000740)=[0xffffffffffffffff, 0xffffffffffffffff, 0x0, <r7=>0x0])
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000780)=<r8=>0x0)
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f00000007c0)={{{@in=@remote, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0}}, {{}, 0x0, @in=@remote}}, &(0x7f00000008c0)=0xe8)
getgroups(0x9, &(0x7f0000000900)=[0xffffffffffffffff, 0x0, 0x0, 0x0, <r10=>0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0])
r11 = getpgid(0x0)
getresgid(&(0x7f0000000a00), &(0x7f0000000a40), &(0x7f0000000a80)=<r12=>0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000980)={r0, 0x28, &(0x7f0000000940)={0x0, <r13=>0x0}}, 0x10)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000009c0)={r13, 0x2, 0x8}, 0xc)
r14 = getpid()
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f0000000ac0)={{{@in6=@loopback, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r15=>0x0}}, {{@in=@local}, 0x0, @in6=@mcast2}}, &(0x7f0000000bc0)=0xe8)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000c00)={0x0, 0x0, <r16=>0x0}, &(0x7f0000000c40)=0xc)
sendmsg$unix(r1, &(0x7f0000000d40)={&(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000280)=[{&(0x7f00000001c0)="98b06837f5248fed798c52354099ef4ed750a5852e654ee76dc62f60a594139b6f1c368e8bbba4664e8d271464bf066af84c980e03434ba72191f5d6afbc608bdf16bc3a8599917614e45afb9abfbafcb6c0456288a8014902aad96c0d64009785", 0x61}, {&(0x7f0000000400)="e02d864bcbc4366fdedf2bfb0b818e6ee1f0edbbcb039ea5f5b0c84ce12e2046a4178e63cc91788e261b065bc4ae6280801b557794a0eb5ad8592ffb7c9e18344971dcdd70718cdd3a7e361987c191fe64084238a62f18a2759eb491939ce261ee27254e3bfd5d300aef4a4c1ec3297842daffac626d5015e3b0b9daf2391075ef8d5647bc6b8b41fa6d861e69869fd5064d701d9ed6e4feac6b7bbf5207f2789f9d34e926c67ed39708d9d9dd4ff95a44923aa55d454e2c2170b166ceb1b4522184a66b6203e0ec2683be2f6cf4f063fdd09a10bffe97937b8f44129f3c9496eced5bca46e9656762ffdbf2437dd832", 0xf0}], 0x2, &(0x7f0000000c80)=[@cred={0x20, 0x1, 0x2, r2, r3, r4}, @cred={0x20, 0x1, 0x2, r5, r6, r7}, @rights={0x18, 0x1, 0x1, [r1, r1]}, @cred={0x20, 0x1, 0x2, r8, r9, r10}, @cred={0x20, 0x1, 0x2, r11, 0x0, r12}, @cred={0x20, 0x1, 0x2, r14, r15, r16}], 0xb8, 0x20000000}, 0x4000000)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
clone(0x0, &(0x7f0000000400), &(0x7f0000000180), &(0x7f0000000000), &(0x7f0000000280))
fstatfs(r0, &(0x7f0000000340)=""/174)

2018/05/24 23:57:01 executing program 0:
r0 = socket(0x11, 0x2, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r1 = socket$netlink(0x10, 0x3, 0xf)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r1, 0x10e, 0x8, &(0x7f0000000240)=0x9, 0x4)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r2 = syz_open_dev$tun(&(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0xdfa722427307b9a6, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={"79616d300001178b00", 0x4012})

[  683.137694] binder: 12307:12308 got transaction with invalid offsets ptr
2018/05/24 23:57:01 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x400, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="0100000000000000860400000000ee0021000080000000003b204056d6748b79bebdd71750e45070180a67a5fcaffba56993a4f733bcffb43b295b0f9bcfa5cfb5c726a384b7a9f1b268531e0c59216f70eec8000000000000000000"])

2018/05/24 23:57:01 executing program 4:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
getsockopt$inet_mtu(r0, 0x0, 0x12, &(0x7f0000000000), &(0x7f0000000040)=0x4)
fcntl$setstatus(r0, 0x4, 0x400)

2018/05/24 23:57:01 executing program 5:
r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0)
ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000500)={0x10000009, 0xffffffffffffffff, 0x0, <r1=>0xffffffffffffffff})
r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x400000, 0x0)
setsockopt$inet_dccp_buf(r2, 0x21, 0xf, &(0x7f0000000040)="f8078d012c061e547e4749bf4e5a8c89b73603c6c5455150425bd433b1c7bdb594e9dc1c5f1e8602f3aa958764f66d329dfd92cd9e47518cb560d68a8b70", 0x3e)
mmap(&(0x7f0000bfe000/0x400000)=nil, 0x400000, 0x0, 0x811, r1, 0x0)
ioctl$SIOCGIFHWADDR(r2, 0x8927, &(0x7f0000000080))

[  683.184459] binder: 12307:12308 transaction failed 29201/-14, size 24-8 line 2999
[  683.232897] binder_alloc: binder_alloc_mmap_handler: 12307 20001000-20004000 already mapped failed -16
[  683.279076] binder: BINDER_SET_CONTEXT_MGR already set
2018/05/24 23:57:01 executing program 0:
r0 = eventfd2(0x200000007, 0x200000001)
r1 = syz_open_dev$amidi(&(0x7f0000000100)='/dev/amidi#\x00', 0x7ff, 0xa000)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffff9c, 0x84, 0x73, &(0x7f0000000140)={<r2=>0x0, 0x2, 0x10, 0x3f, 0x5}, &(0x7f0000000180)=0x18)
socket$inet(0x2, 0x4, 0x1f)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f00000001c0)=ANY=[@ANYRES32=r2, @ANYBLOB="8300a000d52ad3a7a62ec17bb3ed87fc2c9034900300a71cb70e42b6805872954ebdaad470d2185db6bf5da05193361b4332d12322b0fd77a282169908a72088ddf9e687d1adad328f87393c18f067babc0c7c7fc424464e40c724aae7c605537ca3d38c29cffdbab11c309a2a7535dc56bc92c8fab67b146b6c740b4ddb4a3b0416a67695dcd8c8231ab6eb053fc52633667487c1de16a94a6f294bfa5dff1c7e213458"], 0xa8)
readv(r0, &(0x7f0000001600)=[{&(0x7f0000001500)=""/231, 0xe7}], 0x1)
r3 = syz_open_dev$sndpcmc(&(0x7f0000000280)='/dev/snd/pcmC#D#c\x00', 0x1, 0x2000)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffff9c, 0x84, 0x66, &(0x7f0000000040)={<r4=>0x0, 0x5}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f00000000c0)={0x4f78, 0xc, 0x5, 0x80, r4}, 0x10)

2018/05/24 23:57:01 executing program 4:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-blowfish-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000028c0)="b7f2288a", 0x4)
r1 = accept$alg(r0, 0x0, 0x0)
write$binfmt_script(r1, &(0x7f0000000c40)=ANY=[], 0x30c)

[  683.304153] binder: 12307:12308 ioctl 40046207 0 returned -16
[  683.331191] binder_alloc: 12307: binder_alloc_buf, no vma
[  683.336912] binder: 12307:12326 transaction failed 29189/-3, size 24-8 line 2971
2018/05/24 23:57:01 executing program 2:
r0 = socket$inet6(0xa, 0x2, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/enforce\x00', 0x0, 0x0)
ioctl$fiemap(r1, 0xc020660b, &(0x7f0000000000)={0x0, 0x1, 0xfffffffffffffffb, 0x1})

2018/05/24 23:57:01 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000004000000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:01 executing program 5:
r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x0, 0x800)
ioctl$KDSKBMODE(r0, 0x4b45, &(0x7f0000000040)=0x9)
ioctl$KVM_IRQ_LINE(r0, 0x4008ae61, &(0x7f0000000100)={0x5, 0xfffffffffffffff9})
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000140)={{0x2, 0x0, 0x1210, 0x1, 0x5}, 0x100, 0x2, 0x6})
mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x10000000008031, 0xffffffffffffffff, 0x0)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000080)=""/52, &(0x7f00000000c0)=0x34)
setsockopt(r1, 0x65, 0x1, &(0x7f0000000600)="4cf0417e27e5d5bf300ba983d3b576c2323ad790a1f8e9f44c89fa27d780cbe091e9e710293f044c", 0x28)

2018/05/24 23:57:01 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]})

[  683.419660] binder: undelivered TRANSACTION_ERROR: 29189
[  683.428531] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:01 executing program 3:
r0 = syz_open_dev$sndctrl(&(0x7f0000000180)='/dev/snd/controlC#\x00', 0x8, 0x60002)
socket$unix(0x1, 0x5, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r0, 0xc4c85512, &(0x7f0000000580)={{0x4, 0x0, 0x0, 0x0, "1a0ab9b1f94c716787e88fae5552770ad6a9b54e0679918e0a88af8aacaea63fd56d1dd99812e16bc06df8b8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "0b690d49b85ec254b15b023d1e67900f8f55709195aa7d999552981434f68e364a3238b17109db386e35830a143c5755ae184895c461436bad45232f258c32a1", &(0x7f0000000000)='cpusetposix_acl_access)posix_acl_accessprocsystem$\x00', 0x33})

[  683.571217] binder: 12362:12370 got transaction with invalid offsets ptr
[  683.605236] binder: 12362:12370 transaction failed 29201/-14, size 24-8 line 2999
[  683.643312] binder_alloc: binder_alloc_mmap_handler: 12362 20001000-20004000 already mapped failed -16
[  683.724418] binder: BINDER_SET_CONTEXT_MGR already set
[  683.729937] binder_alloc: 12362: binder_alloc_buf, no vma
[  683.735630] binder: 12362:12377 transaction failed 29189/-3, size 24-8 line 2971
[  683.749999] binder: 12362:12370 ioctl 40046207 0 returned -16
[  683.830677] binder: undelivered TRANSACTION_ERROR: 29189
[  683.836525] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:02 executing program 4:
r0 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000000c0)={@remote={0xfe, 0x80, [], 0xbb}, @empty, @loopback={0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3})
sendto$inet6(r0, &(0x7f0000000000)="a853f77f6ae90b260630b28faddee065610ce88ac72ff720cec8b34f5f86242bf35ed9b2a30960ab153799d41eb83b267889f29d771ac0cdfed3438b38821cdca2bf1d5806bc3a2f0399cdcb", 0x4c, 0x4000000, &(0x7f0000000080)={0xa, 0x4e22, 0x3, @mcast1={0xff, 0x1, [], 0x1}, 0x200000}, 0x1c)

2018/05/24 23:57:02 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="006340400000000000006c0000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:02 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8]})

2018/05/24 23:57:02 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc))
r1 = syz_open_pts(r0, 0x0)
write(r0, &(0x7f0000000140)="6748ada6872788e52430f027e14d65b920ed9c048443ba47c415fad7f4c9f5de9dbd134655469bc802ce9a1a8317a6f4458779fdb31d0c6dcf1a8ca020118aed22faca2c2a6774857dc828a9be900700eb7a0187ec57c826932c", 0x5a)
r2 = dup(r1)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x7f})
ioctl$TCSETAW(r2, 0x5407, &(0x7f0000000000)={0x66d})
ioctl$TCSETAW(r2, 0x5407, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0xffff, 0xffffffffffffffff})

2018/05/24 23:57:02 executing program 3:
r0 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x105005, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setsockopt$inet6_dccp_buf(r0, 0x21, 0xc0, &(0x7f0000000200), 0x0)
pwrite64(r0, &(0x7f0000000000), 0x20000, 0x57e2200)
ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f00000001c0)={0x1, 0xf8, &(0x7f0000000000)="e75eb3f3f4c965e3598ee2273f48c8683e4ed3b056f2fe1d1081f3466c5c5f365f3bc2170a468cfb703b4935b4e9e8f834acfe3a29a869ecd1a43dd8fc20bc22bd5142f9b5b6df99a969124a74ecf3ceeec403f0b2ee558f2912900817ddbdcb547d1dfcf5acce9824dd3bfe7aebd2e1bcd99a6ce0110be6320b9cccb45e84a6dda47368019f110e99d829fd5daf2a5c3f69176e94545747c049426654719dc2235023d924b88c854e2ba162c197aa8372da0ab6ca5a96ab93057c6ee2796f5500d56b31dd0b7405229f62ac196e0de4cc66751d7b7c2542ad0fff79e50767c36dfd8592851b71fb4a2849c00d4500b62c427dc15074a708"})

2018/05/24 23:57:02 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x204000, 0x0)
ioctl$EVIOCSKEYCODE(r3, 0x40084504, &(0x7f0000000200)=[0x1a7f9553, 0x8])
ioctl$TIOCPKT(r3, 0x5420, &(0x7f00000001c0)=0xad)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000040)="c06300000f20c06635100000000f22c03e3e8035f90f09c007000fc71cda23650f01c3bad004b035ee0f0f64c6b0", 0x2e}], 0x1, 0x5d, &(0x7f0000000580), 0x0)
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x8000, 0x0)
ioctl$sock_bt_cmtp_CMTPGETCONNLIST(r4, 0x800443d2, &(0x7f0000000140)={0x7, &(0x7f0000000080)=[{}, {}, {}, {}, {}, {}, {}]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2018/05/24 23:57:02 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000140)={0xa}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000200)={0x303, 0x33}, 0xfffffffffffffea5)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000000)={0x303, 0x33}, 0x4)
socketpair$inet_sctp(0x2, 0x1, 0x84, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f0000000180), &(0x7f00000001c0)=0x4)

2018/05/24 23:57:02 executing program 2:
r0 = socket(0x20000000000000a, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
ioctl(r0, 0xff, &(0x7f0000000240)="c626262c8523bf012cf66f")
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000000c0)={0x2, &(0x7f0000000080)=[{0xb1}, {0x6}]}, 0x10)

[  684.587709] binder: 12396:12401 got transaction with invalid offsets ptr
2018/05/24 23:57:02 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f00004c6f8b)='mounts\x00')
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
clock_gettime(0x0, &(0x7f0000000140)={<r1=>0x0})
ppoll(&(0x7f00000000c0)=[{r0}], 0x1, &(0x7f00000001c0)={r1}, &(0x7f0000000240), 0x8)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f00000007c0))

2018/05/24 23:57:02 executing program 0:
r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
setsockopt$inet6_opts(r0, 0x29, 0x0, &(0x7f00000004c0)=@routing={0x3c, 0x8, 0x0, 0x100, 0x0, [@remote={0xfe, 0x80, [], 0xbb}, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}, @mcast1={0xff, 0x1, [], 0x1}]}, 0x48)
ioctl$KVM_SET_IRQCHIP(r0, 0x8208ae63, &(0x7f0000000540)=@pic={0x100000001, 0xfffffffffffffffb, 0x1a15, 0x1000, 0x7, 0x7fffffff, 0x4, 0x2, 0x2, 0x2, 0x80, 0x400, 0xfffffffffffffffa, 0x6, 0x80000000, 0x6})
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0xce20}, 0x1c)
syz_emit_ethernet(0x43f, &(0x7f0000000080)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [{[{0x9100, 0x9, 0x6, 0x3}], {0x8100, 0x7fffffff, 0x0, 0x4}}], {@ipv6={0x86dd, {0x0, 0x6, "c22df7", 0x401, 0x11, 0x0, @dev={0xfe, 0x80}, @local={0xfe, 0x80, [], 0xaa}, {[], @dccp={{0x0, 0x4e20, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}, "2b00b32def4f1142b6793bb530f9b20e90aa25d5c2b9431efd840a07c1922833b2c789aefbbaee9f63cbab38a8acfb8dba0595ecb683e74ea2bc44a7aee9c52e18ca01c06a5c354712b8b1ff75f45ba55a3487c83849023d37e037d2d3e3e842e9ba099e9ed8775d1173d8e78335aa65d58f54c1d78d4fce897cfefa24b7f268f90be76c7f4e1bfe4d84a869353e931c3732afea55697618a1318ecb657b34172b93fd59d7988d43630cf81e976a0ea01fd8b2547ab593bc605c985f56664b84ed3c9f90ffb666e030c794e2d2d5070af38d83dc275da88cfe6910b2ded59f6c418af5d247237eceb14857c1d7c3ee32e729d9793040f8f4e432eb875a89fe31cbed117f0e76643797169fba3dac3f377d145ce97980ba626da7a279e698a9e040a22d63c535f0ee06adb59e9e06ad7295e6601f3a5fe9b581975993c6c775734212bccb26288d42a672c965d40e80d0e1908f04425a60a08241378ec7ff88315de073b64c5f9647e51732be34988e0948f12e6c560bedbece811bca501d4389dbfe20e4df5160cd7324c0670c7b3e8980b061e31b1c8461d6f7a63f9e9fd24326924c076e01631a0b9703a6106accfaa064075fa1f16e16c5171b6a324e8642b2ab76618b824110c312ab12d9f65d6a980634a6a7cba8bf89e01a91259f446232476a1c490982636b78d1300befab1a2f6e8261e07336c5692db37bb7d3cebf4a942b62f2fa6cceb7e488aa02b2e52c6f82bd3792845fff41cce52e0469d14821ce11491864860c11421a92dae3152eb23106a0c679d2b1f0a9809b56abdcf893f9531508f24e64ec911fd8e8b3c8fd2291f1a7b910222c38533d4caadac9acd194be7e53549c1719bdf668887a0e19db83b5356f8f7d93cbef1ef3505dcc40d0d2a02a2745ab518979b9c3774babfe8e70ead767c7a00289b8cc6e51d1a957548270cb3f5064961a88f61b34f9442d78ae5a8551713f9afb4269d689f9adb6b4a902a637184f7f899efe9fa0ddb45cd1076c4eeeda51ca8dc20dcfc9cc5f56768073b3f4c2c9f543324a4fd0b8bc7b95e232bf85bf222394fa4336ab4007d7ad2dc85afa6eb79ad2624c4be6c674ee98fce9a51786b7cc2b5044de114d36d2690e13bcedf96590c7d5aeb8040b74c4d6a5aa38a7c1f0857522f4f968795056b9a7034dc3444784f9486b575e44dec3216d72845500e63297d7197961e7e593ea3411001d1d47ba42d70e7af8e91246c02d7e37ff0eb60abebc37dd00315b4fbb09e77a6b5f7e8441818ebcfafecf622731f1db8a11fa2de8e30d808bedbfee104b3b1100f5094675521da07dd2a28be7e486b325a0f0e6d75116be1bbc2aa20deb64a6e4e7b824b12d009e6f1802f5a8e31559b125d71d00a5684fbde4668f5af1eb4ca04fa7c4ef4d2a194b0856e007"}}}}}}, &(0x7f0000000040)={0x0, 0x0, [0x0, 0x1]})

[  684.627891] binder: 12396:12401 transaction failed 29201/-14, size 24-8 line 2999
2018/05/24 23:57:02 executing program 4:
r0 = socket$inet(0x10, 0x3, 0xc)
bind(r0, &(0x7f00000000c0)=@nl=@kern={0x10, 0x0, 0x0, 0x400040}, 0x80)
sendto(r0, &(0x7f0000000000)="4b13f18434e95254b15c648bff0430dc68be4c013c2a13b6d53512f0e6b008a0fdeca0b38f0a4d9e473a9c1bf09d08c1b14cd74e354d6695b19f2f9e46c0ffa5a61a15a7bd459f42a5877dfa5b24c86655fc726cadfbbaa0a88ca36713b4f2df4dd907a95014b288c09f824c9559e09280ac40997d1f5f26deb6c5f29e286337f21efbb954def38e980d0efc1f57b91e17db9a0cf308f0df74522b72e9d6140788fcae785aed5e72bfcbe80c", 0xac, 0x4, &(0x7f00000001c0)=@pptp={0x18, 0x2, {0x1, @loopback=0x7f000001}}, 0x80)
r1 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r1, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000140)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e280000001100ffffba16a0aa1c0009b356da5a80d18bec4c8546c8243929db2406b20cd37ed01cc0", 0x4c}], 0x1}, 0x0)

[  684.683172] binder_alloc: binder_alloc_mmap_handler: 12396 20001000-20004000 already mapped failed -16
[  684.709728] binder: BINDER_SET_CONTEXT_MGR already set
2018/05/24 23:57:02 executing program 3:
r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x200000, 0x0)
write$binfmt_elf32(r0, &(0x7f00000001c0)={{0x7f, 0x45, 0x4c, 0x46, 0x8, 0x1, 0x7, 0xd10, 0x2000000000000000, 0x2, 0x3f, 0x3, 0x1cb, 0x38, 0x34, 0x6, 0x1, 0x20, 0x1, 0xfffffffeffffffff, 0x2, 0x7}, [{0x3, 0x4, 0x6, 0xff, 0x7e8, 0xffff, 0x4fa, 0xc32}, {0x7, 0x100000001, 0x4d, 0x98e, 0x6, 0x330, 0x4, 0x3490}], "766dd0c3cfe7de7a4a4f2a5721dd6d4860cf110f570a72448325438cb95031a709a747b58b01853a6a62c4610ca080c830ea2ade5e63826a53ea", [[], [], [], [], []]}, 0x5b2)
ioctl$PERF_EVENT_IOC_RESET(r0, 0x2403, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/snmp\x00')
ioctl$sock_SIOCINQ(r1, 0x541b, &(0x7f00000007c0))
dup2(r1, r1)
fcntl$getownex(r1, 0x10, &(0x7f0000000080)={0x0, <r2=>0x0})
ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000780)={&(0x7f00000000c0)=""/82, 0x52})
ioctl$PERF_EVENT_IOC_DISABLE(r1, 0x2401, 0x3)

2018/05/24 23:57:02 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000001c0)={'bond0\x00', &(0x7f0000000000)=@ethtool_link_settings={0x4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}})
r1 = dup3(r0, r0, 0x80000)
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f00000002c0)={<r2=>0x0, @multicast1, @multicast1}, &(0x7f0000000300)=0xc)
setsockopt$inet_mreqn(r1, 0x0, 0x23, &(0x7f0000000340)={@remote={0xac, 0x14, 0x14, 0xbb}, @multicast2=0xe0000002, r2}, 0xc)
ioctl$KVM_SET_MP_STATE(r1, 0x4004ae99, &(0x7f0000000200)=0x4)
r3 = getpgrp(0xffffffffffffffff)
r4 = getpgid(r3)
ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r1, 0xc1105518, &(0x7f0000000080)={{0x1000, 0x7, 0x5, 0x0, "4ce562a8fcb18eb04658bf1d93ec3a243a8a3951e48b6b7d8fb10814546b125472ab18eb7d98292732af2bea", 0x4}, 0x0, 0x0, 0x3, r4, 0x9c6a, 0x1, "a5b0ff360d628f5b372a17c396c93fbf37f422e3ed073bfe6254bb37a434450acbaf992f975d0736623d53fce23d36a135a8ebbbe1b6a668011489380defc73c", &(0x7f0000000040)='bond0\x00', 0x6, [], [0x4, 0x5, 0x5, 0x8001]})

[  684.733675] binder: 12396:12401 ioctl 40046207 0 returned -16
[  684.857256] binder_alloc: 12396: binder_alloc_buf, no vma
[  684.862997] binder: 12396:12429 transaction failed 29189/-3, size 24-8 line 2971
[  684.966975] binder: undelivered TRANSACTION_ERROR: 29189
[  684.972875] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:03 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x100, 0x0)
syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x0, 0x61, &(0x7f0000000100), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000000)=ANY=[@ANYBLOB="4ae30000000000000200000000000000020000004000000000b1ee0000000052000000000000000000000000000000000000000000000000000000000000000000000008ac00000000000000000000000000000000000000000000800000000100000000000000000000000101000000000000010001000000000009000000000000000000000000000000000000000000000004010000000000000000000000000000000000000000000000000000000000000000000000000000000088df5e0f2b68"])
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2018/05/24 23:57:03 executing program 3:
r0 = socket(0xa, 0x1, 0x0)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000000))
ioctl(r0, 0x8912, &(0x7f00000000c0)="c626262c8523bf012cf66fc9b25f28877c350c0e0e337c36e567890dc4103acd793080f9528402326ea1a2810bf006266cd46dfbedac9af6")
r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000001640)={0x53, 0x0, 0x21, 0x0, @scatter={0x0, 0x0, &(0x7f00000004c0)}, &(0x7f0000000500)="abc0b501df7e354ee21a0e461d4074b3fe6860227fcd663b2149358c2a2c9bfb41", &(0x7f0000000600)=""/4096, 0x0, 0x0, 0x0, &(0x7f0000001600)})

2018/05/24 23:57:03 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}, 0x4}, 0x1c)
read(r0, &(0x7f0000000000)=""/1, 0x1)
setsockopt$inet_buf(r0, 0x0, 0xd, &(0x7f0000000080), 0x0)

2018/05/24 23:57:03 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc00]})

2018/05/24 23:57:03 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000004800000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:03 executing program 5:
fcntl$getownex(0xffffffffffffff9c, 0x10, &(0x7f0000000240)={0x0, <r0=>0x0})
r1 = getpgid(r0)
r2 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000100)={0x73, 0x79, 0x7a, 0x3}, &(0x7f0000000140)="173d533625dcaf", 0x7, 0xfffffffffffffff8)
keyctl$get_security(0x11, r2, &(0x7f0000000180)=""/171, 0xab)
r3 = syz_open_procfs(r1, &(0x7f0000000540)='numa_maps\x00')
setsockopt$inet6_MRT6_DEL_MFC_PROXY(r3, 0x29, 0xd3, &(0x7f0000000040)={{0xa, 0x4e20, 0x2, @mcast2={0xff, 0x2, [], 0x1}, 0xe8}, {0xa, 0x4e21, 0x1, @ipv4={[], [0xff, 0xff], @remote={0xac, 0x14, 0x14, 0xbb}}, 0x20}, 0xff, [0x0, 0x6, 0x8, 0x1ff, 0x5, 0x8001, 0x1ff, 0x7]}, 0x5c)
preadv(r3, &(0x7f0000000700)=[{&(0x7f0000000600)=""/246, 0xf6}], 0x1, 0x80000000)
setsockopt$bt_BT_CHANNEL_POLICY(r3, 0x112, 0xa, &(0x7f0000000000)=0x1, 0x4)

2018/05/24 23:57:03 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0xfffffffffffffffa, 0x0)
r1 = socket(0x2000000011, 0x2, 0x0)
getsockopt$inet_dccp_int(r1, 0x21, 0x10, &(0x7f0000000100), &(0x7f0000001480)=0x4)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000001340)=0xc)
syz_open_dev$sndpcmc(&(0x7f0000001380)='/dev/snd/pcmC#D#c\x00', 0x800, 0x202)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f00000014c0)=0x4)
ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(0xffffffffffffffff, 0xc4c85512, &(0x7f0000001540)=ANY=[@ANYBLOB="09000000d3f187139c00000000dea2fb1721b9009750d0006d196a2d913842a034ac05ac9800847530a5fce135de0a508780b55fbde2cc6c000000fa000000bb38ecd97f4be766fd203ca7df45f541b768e73d7e9bb8e1adaf11360fcd5e30c05268037e3ac26580dbb7da0269aecef9aa1e3dddab46f4c9faad996c7b9badb80b083349f793ce739a6ca4d806b8217b0497f4abee628890b472ebf77830f83c9627d51698625f7a3423318296d9cb000000000000"])
clone(0xfffffffffffffffd, &(0x7f00000018c0)="00421b401bad1ee20585667e12f9c08f47ea32241c863669ba1f05a976c141d6199956c7987380a458181dbc0beb35bd4feb1f685fe96c211ba02773600fdc0be53cebba2db2ec2d3a3fd312f26ba6c431eddaec51", &(0x7f0000001440), &(0x7f00000001c0), &(0x7f0000001780)="eb89f3fd40fbfc05f573f73c2ad8f379c8979fe178eeec0cf61af30007635063b8d3a25261cdff6a2a916cd234a1787171ac90d7b17b0b2af19e23b0462ad2ccbb3242f94252e3493cb860df33ab278a5a9b37cc005bd8ab4f71521160b8a61fd0c949bdd48e8663ed66f602cb29833028e8074e769388e7ba07f74c00c338d3f2ecd821e8d5f19f11bf16a6ef2bcfdf35ff9819809a528b3e1c9f74e6048a1ab47b85b4fef290a623fbaedc5b484511fc")
pipe2(&(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x4000)
syz_open_dev$evdev(&(0x7f0000001500)='/dev/input/event#\x00', 0xfffffffffffffff9, 0xb0302)
ioctl$EVIOCGMASK(r3, 0x80104592, &(0x7f0000000200)={0x3, 0x1000, &(0x7f0000000340)="50426f9bef53dd14746cb37cfd158097a5ce14bdc371f3c3065645e24120b895b5da74c66d04b593d3785923323e2fb20bab14ed0c8eaea663bb62cb2bdc6276952fc24372c4a80ad11af77be26349abe535666cf588de3274c1d238fa73c004e723f5eb3fc9eb5d9439fdcd4a66b3e94013af62e62e50fa02eb12b103b79ef703e60666ef897a91b70c5025c3ed0273a02203e072fee006657bba131d05c4fb1ac1a6fc5416a32b52d16f0ca0c44b9d596803b21daa5f92ef8af94067d33703df880d8ee94884267ba63b65b342f36192db8b863fc01b31ea5c1ec68312c8a4d81b7f4cbb04f360382ad099c27fcb3ebdf560d2fda90411f9a0cf8426e3763c2e1aec933a157e86dfef4e59300f02ae830c4223d719aeecb043118381e10352a5c4e095b2783819668a0eeed3f3880cb3e1339636def27ebf9491a37f075ab44ad925851c1c9c40519515ebc4c7170663f2a93e3922a31e3e86c2e53ee3e2f1beb571ba87698696307be7967feb4816a8d88aa270ca6fc6935071a32c47ae8586894a41b268dea3f7d50015de9a00c22fd88509e2647b8e405bc4a08a1e8916ebe3da58404a63503bc0a0c426ee05cd2e494dbb7833c3797081882801963493197dd11117f5d900536f1295fa063e59122a94c5559cfb583512ea951c964f6fb9f9e911f9232147a51c04ec5a4c2adc6b7fc1c4ba875375bed13adc2b73858482f1c7c75028e557385fcffa58d1a48e43af0dcab60749167c5666b01c3fb3e72b89c70cfb07e93ac3ba61ca39c2ea78a91437e3ee85f6dd8cea2c69c83e294cfab4a4bb5af1001ec2cbfcb742a5e491516dfa319cfd00db93055d91497b186849d28e99921637178af103c0fbbf7a87bfd273342c7b2c8cec765e28b63880fdf11c9ff8a6265e433fec74a4e15bf9ba309a7656d0600f425e5aa12cf1411096f1f11cf8cd8b6f4ca938d6a703d4ca6e4c5250d0e11f7dd7120df89b38e7f3ecf124348d85639057b36e4ed28eb48074a7c8dfb73f68f0dceb6520164d98fe413f1991844fcf2db3648638ae821f0af091bcda5c10d92a87c35f3022f21f48449d127c16da5db3a5472ededba07610deed86a4e472b0bad4e2329f37ce90d48317513df7123b2ec4bdb8bb19f310a145c2b60f07cc1638d396e180e5dc0266c3932860f3e8e2e62e085d84efe8937de6425a87a1655f03f9be9150239bb9e213ac3e0135461b83e0cae25e8ea04b299b748bf666b24003e75b9c7584a1ff12204ba06825ac64959316fa64321c3f4434df24b3d6d699a41ed8d090f4ab3c104493562093736ca060d8734566f3094874899b30551a71a9add26c1e158ae6c58823bd0dd83968b5ad53f9a4778680fd9bc47cc6a558f52a23a824127b193c3907fef20a91201e0be7b1ec7bffb04e5b2d1ac52273e9ca5e6d0e2926c2cd0b36f6d36c151ba67329654863235611f7ed768eebcdf5499dd72427cf56df72d50a2a5bbe97bbda4bb00e43f4c79a3d0ce9e6adab1693930e9363d7a84dd8b0427f5b3facc8092aee5eddef9bcedb3206ded24255ed1b7a3b57a4004339af626e18ffd80921d8ca4ab73c598e8ca8f43f4825c3b908b73c9031003631927bce533355243c97f16d9c7bc6a1bc66ae478c77bb34838456aba342227e43632d70458c3fe883e00dc8d7b767e9d488d29990ce61b28e87bd907448346635048fe10b7191471835c26c5189349fd52c19d5056d855b97f1395365f4a223b2225ab0077deeb864746dccb638690f1cc9f4d713f76aa27549daf130616a4152186c40c1e44c1f36bdf0fe581608a6e5d02a97977a8249243cf73a244b3c7340ff5c3d04e3df9ac3795259d9f58a9276a2e493f34ab2f33b76d724ca289c74630a15333b4e29003e306563c0c2f8ea0f56d0f8bb3210181a08d8e25475223d1fbdc1fb7a4b7ce4bf6bc8782ee19ed3de1ed926734d06857cee9388841e996ef9c55b38c9c35f7701b01af26a54efb8f24a858b6f99f60c34436308a66f11a822a143b1ad4f0be494766c3891d24a7f02324cc1ed2cce997024456ccbd176f839f7248c7ba37a9fb3c4ced814541316c4c3a4db0ba7e51c3d7ee8036f39e4d0145acd19e825b925c3bc9e9ee9f90b9c88e43e9af43c5d136b3a4b0771d4113a9f117430e7578bc0c208bd47929039de87b90b7689356de84f8cd861a806e974c4fb5b105c1f9e3f56fc755ff0d19f3617b886dc3b9fa85b6168d14783fd9eafa4f1bc21cdfa49a5fdcc97f530b2da88ef62bb638e6968ef22b2192fc12ed12110d223dc2eb1067d2e35af4c0cbabd866075ceb8e8f1d968b2b4b5665052086e29be90af319da9c41d38c8df3993628d3693036722b0700b8d94442986ce2b9705cbfbc80acbd9a2d43d6d5166835eac77fed34a90809260d1aff1a79036d28db8b194bbdaed04d8bb48ef9024072a0585e2ec64d4a16733a86b005e09148b44a93f91f80e60cc22b42eec847e36dba037c3a15991a35a3ca91a6841e00b774e00b65484263325e0f3790222bfd8bde5c272aa04ff490919487f99318fc6f76ee2179a17e71b7c851d12f92aeadca5bfa1ded1607ee27b35309050db5492f5515872688e5a2a580cd0cf358780ec0cba7898c8cf19389cbeeed8bec7569af42da05ca37c47db889fad13b17246cad4b7f23b69bb56b0fa2ab92570d498482efe85bdb2d29cc78c9ce1050d8f5bdae57f110e5283f9e491e43bf45c9308d507c5984bc73eb54cb0af3bf3f705eb7eb83beed5c3b6fb1be3f3abad20c2c788c07e6a38f94e950c6451cc99281f892f09b1ab92d80708e07281c64fd074afbd7623cae01bb527341868e4c35d6bb2f8cc7e8e2fcb0192046c0065173692f390dffd427a754fa89c88efb31553f9142b8a79804d7842b1f5cd950538e6cef336d1f7dce7ff26a879e9bdde1657ad86a2ddbb3287f2a5becd37b90405166863cfadb91a6ff7b98637073ff2cf2e39d45f2f7e35970d5dcab73dc4471cd7a75c9127accbecc9af27a4f85fc7ac1f515890787ce6acd22cb2b5c4d82c86755978303f98b24d4bc6daf4ef51272e8561a5387e45b60c99ed724423ee05b24d918cf9898a70ce30207d42898fb0d2ea8c46e25df62754ae56a71e3bd3615523b933bda0c90d11b2f267029812295bfa2c7d850f21f438f1e2406f75170681ff7872929d33703c410aa5b1a58fba8f2f0a07114bacb7ce483d65973fa6fc29ece43ade90d24989f7d6cd6ba7413ed3699d16523d56fc16c405cf3afc5a9fa4bde430e6b9432b1508522fb6cd88ddf4c90ad61e3b57d9c84bd4c70fac9128de7461c212e686fbc38001058befebe8f089959f3e6fe47dbcc9885de174b15a5a110f454cae30358a1c3390ef97303e493e96801a77ea1f76f1c8f930bd41df61ddaf174ffe5b9380c4b9472e3ae1eb25b060351eefe07784aec9a8562a20e1770ad9f39b89d7b81f9af318cb51f4be3b3acd7d99b40223389d49581a0178676f9941273b10fe52cad0f63130bde9e612c869830774930477cc08a2622d52379a2f9275ab8394dea60b8daacc0b561c14105b535711af42c2bf3bee3795e084172237df0ed6e4f87e0cfe8a16477b9af42ed863f2197ea80d3ff3f2b05f53ee5e963125d7d0a78ff6655a12348cc8f3c7c44713399865d5041d1033a23793d7ae6878c84c410537f57e7208e0789154854a275a8e9075b5c7c51205728c54031e837d257e3cb25ff20b7224e5d027c7ad53253bd0c52f7dadcccd285d849d69241832cc511154d11f9c9a42e2ed9b57360f6451f50b30e3862683867fe83fe7018e142fe3d7094f6e3d3501b0951cf00fb1df39231abf6ec57c64ab558f991095e2965fa54680efece8c5ed5179c82487c0f2d1a0b7f6ab24f782abf508e96f5b6b4099c3a027e04f3ea7fd92b35481bdfbd5caf3f03aa078947ed1ceba110869a59d54dde1817d72e23d7e77c646b36ea4691a3d04fe38a7d5b41cc5e9a8d0bdad619503bb27905affa7f68bc288aee98b13b635f9c5e080d9a5c9874c924af34036d9b16d09a1170ec3c2d932f22206b86f8913f9f9d38033e40a478675ba416a8405eb60d9ffad9d927dadb3ca286dbb9acf62d539c924f7dbad213f6fcb8592830cf414f1448600fc83f5e66291322fee5007a9eb1c1cf364aaef73157acb98d176387b07f463872c0e756bd03071972d529fc755c518f79b167562ef76011ff72be8544f498bf80d534385cde24e2b63b1d78f65f6e0b5e1f6ab92582a0137d841cffb4b776fdd3eb1e6d7f30e20bba15e89a317ab8f19e7fe27b394cc8b97ef7154caa95a3a6cac4923c2794c4337233609df04ba1bbc3a587fef2eb54dafcba42a3b56c9089d06e5daafcfbb982731690a97c09f5d62a10a23ddfa22de7c00be3ac9d86ceb0d8371d5dd68a75a4e948deb60afcb6153fcfa57bab609453e977d60f7f178e07ebdfa51c22169e819cd771f6909e73fa18f43dc00a129be9ee171a00a642f2e7e0a1039e9333790cca5bda559e9f56296349fbb89be10faabf73b920de0e19b8ffb442280c79bc5f3f36006ad31ceba758d9e9aca6eefb4eebcab8f512747d18b1c81e69c299dc9275ac7f117d2fd1658216bd8e0eef2fb81f7b4c22b6084937bf8c3e447e98f396689cd4d00ded19df364be9926bef59c34ea853692f386e9c41b989343a3a47e6bd0138b13396ed69f1702d9bcd20e2fda97c87c89cef1a3e0aa8cd14814b6753f806b5b21e77bc08b49fcedc31e2b27d9c1f40a31780fde056034bd785eb71eb346f4af756a50006adf522ce6e6d24cf8a3716f6dde21ae9ed174c09e6d25aeae58d5825e30984d959b83e4fa93de174aafd13347fa63e6e6971a0665af8bb4d154166a65eae508d348915ccc342778c6a6572aaefa010425590dd1adacc4c969340a348ce16114809a42cb973b08064af8dec1e0acde6b4cf33a5164f2dbaa4ebe1f81c81a4b3fac383dc15668af2f4d334edbe25c58fe13db17513a712121e9d2fe5dae487d77f725e737fac2b5280adcc14954f54258c901da296a56308cca87894d8b580c7d84da90fa83b9a5c47596b967db5dc567e4f25a87a79f2139928b6e57e27fafa785d6551e2a7216ed4e815067a7985759ff3d30d4e1d23fe6c9384a9821dd0729c60387e75245ea4e0d249bbf58cfa5bcadb40314a5332a0a6f2eac517428f9dee9f65164ee53bbd579538310d9273936547b7532b4b52b0549b4ba68f3e757c688f0bbf701888d07b5908ee042d1d6f38c451d6fc5738e760c5491b8d97a5b54001fb1c787b7f10361e795022504c2dfd17aeb04ec002422d3c11847cac7eb80fa90cf3bf38eb1798bbf5f29e5f748c949bd7127f48df87bd50bd9a8c5d8beef32b296a00f4a6bcc1825650c3e8fe30c733c4768ff9687a81b6ae36f7a22afb8e6679ba497590a1e497616db74d329979a06c12d242083cc1f3d88d139d9741d894fca3a76999aa231474d99b767132a9f49bb9d08baab7c761bce514678364abdbdd75692d76f73d14e6edd8ca8c7cc455e97ca8bf7c3551f20b0aff9c7a644d4b08dbfe6b36304a237ab361f65cbda8875c89a78a4c9fa55e5afa4f854e8c47f50693951dfdd05c63ebeebe003c55c26bdae3356b8a6404da93f044a93d240d3de71045698bf86197ec3fe96fb28fa2675e04f35ad65a05b366af332be51577b545fe697cb186fd2a5f55f422daed218159635ea7e4383cea22ac514cb001c12db1a3e5b1c06bf212c3587a2c7dce3483f83444c"})
connect$vsock_stream(r2, &(0x7f0000000000)={0x28, 0x0, 0xffffffff, @host=0x2}, 0x10)
ioctl$GIO_UNISCRNMAP(r3, 0x4b69, &(0x7f0000000280)=""/176)
ioctl$KVM_GET_EMULATED_CPUID(r2, 0xc008ae09, &(0x7f0000001500))
setsockopt$inet6_opts(r1, 0x29, 0x3f, &(0x7f00000013c0)=@srh={0x36, 0xc, 0x4, 0x6, 0x4, 0x20, 0x4, [@empty, @mcast1={0xff, 0x1, [], 0x1}, @local={0xfe, 0x80, [], 0xaa}, @empty, @empty, @loopback={0x0, 0x1}]}, 0x68)
ioctl$EVIOCGKEYCODE(r3, 0x80084504, &(0x7f0000000140)=""/114)

2018/05/24 23:57:03 executing program 1:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'sm3-generic\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
r2 = open(&(0x7f00004b8ff8)='./file0\x00', 0x28042, 0x0)
fallocate(r2, 0x0, 0x0, 0x73e0)
ioctl$PIO_UNIMAPCLR(r2, 0x4b68, &(0x7f0000000000)={0xffffffff, 0x3, 0x6ae})
sendfile(r1, r2, &(0x7f00007ed000), 0xffa)

[  685.603531] sd 0:0:1:0: [sg0] tag#438 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
[  685.612262] sd 0:0:1:0: [sg0] tag#438 CDB: opcode=0xab, sa=0x0
[  685.618366] sd 0:0:1:0: [sg0] tag#438 CDB[00]: ab c0 b5 01 df 7e 35 4e e2 1a 0e 46 1d 40 74 b3
[  685.627202] sd 0:0:1:0: [sg0] tag#438 CDB[10]: fe 68 60 22 7f cd 66 3b 21 49 35 8c 2a 2c 9b fb
[  685.630249] binder: 12442:12450 got transaction with invalid offsets ptr
[  685.636067] sd 0:0:1:0: [sg0] tag#438 CDB[20]: 41
2018/05/24 23:57:03 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000000a000)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200000400, 0xffffffffffffff7f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x4, 0x400003)
r1 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x4, 0x80080)
renameat2(r0, &(0x7f0000000040)='./file0\x00', r1, &(0x7f00000000c0)='./file0\x00', 0x4)
creat(&(0x7f00000003c0)='./file0\x00', 0x0)
mount(&(0x7f0000144000)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f00007fc000)='nfs\x00', 0x0, &(0x7f000000a000))

[  685.693077] binder: 12442:12450 transaction failed 29201/-14, size 24-8 line 2999
[  685.731559] binder_alloc: binder_alloc_mmap_handler: 12442 20001000-20004000 already mapped failed -16
2018/05/24 23:57:03 executing program 5:
r0 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x400, 0x80040)
setsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, &(0x7f0000000080)=0x8, 0x4)
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00007e5000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000bc000)=@abs, 0x8)
fcntl$setstatus(r2, 0x4, 0x800042c05)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x80, 0x0)

2018/05/24 23:57:03 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000000000]})

[  685.760577] binder: BINDER_SET_CONTEXT_MGR already set
2018/05/24 23:57:03 executing program 1:
r0 = socket$inet6(0xa, 0x80003, 0x4)
r1 = socket(0xa, 0x2, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000000)="c626262c8523bf012cf66f")
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='bcsh0\x00', 0x10)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c)
sendmmsg(r0, &(0x7f0000006840)=[{{0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="28000000000000002900000002000000000000000000000000000000000000010000000000000000"], 0x28}}], 0x1, 0x0)

[  685.805738] binder: 12442:12450 ioctl 40046207 0 returned -16
[  685.823442] sd 0:0:1:0: [sg0] tag#438 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
[  685.832212] sd 0:0:1:0: [sg0] tag#438 CDB: opcode=0xab, sa=0x0
[  685.838292] sd 0:0:1:0: [sg0] tag#438 CDB[00]: ab c0 b5 01 df 7e 35 4e e2 1a 0e 46 1d 40 74 b3
[  685.847132] sd 0:0:1:0: [sg0] tag#438 CDB[10]: fe 68 60 22 7f cd 66 3b 21 49 35 8c 2a 2c 9b fb
[  685.856044] sd 0:0:1:0: [sg0] tag#438 CDB[20]: 41
[  685.871570] binder_alloc: 12442: binder_alloc_buf, no vma
[  685.874108] rpcbind: RPC call returned error 13
[  685.877298] binder: 12442:12476 transaction failed 29189/-3, size 24-8 line 2971
2018/05/24 23:57:03 executing program 4:
r0 = memfd_create(&(0x7f0000034ffe)='\x00 ', 0x0)
r1 = syz_open_dev$sndseq(&(0x7f0000053ff3)='/dev/snd/seq\x00', 0x0, 0x0)
r2 = dup2(r1, r0)
ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(0xffffffffffffffff, 0xc0bc5310, &(0x7f00000003c0))
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000240)={0x0, 0x0, 0x0, "9ede7a8c5ae95ec8672c93340f643a664f13eeab65c0322901dc6bd36cde2c51f01b7f0b014f9f91eeb7c37c7240f476c8d753d000aa8faf8fb574dbcfa6dc4d"})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r2, 0x40605346, &(0x7f0000000480)={0x0, 0x0, {0xffffffffffffffff}})
write$sndseq(r1, &(0x7f0000000000)=[{0x7, 0x3, 0x25, 0x80000000, @tick=0x6, {0x3b, 0xbfd}, {0x7fff, 0x24f1}, @queue={0x9, {0x40, 0x8}}}, {0xffffffffffffff2d, 0x101, 0x200000000, 0x6, @time={0x0, 0x1c9c380}, {0x200, 0x4}, {0x3f, 0xb339}, @queue={0x9f, {0x7fff, 0x1ff}}}], 0x60)

[  685.914992] rpcbind: RPC call returned error 13
2018/05/24 23:57:03 executing program 5:
mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0)
mount(&(0x7f0000000000)='./file0\x00', &(0x7f0000001540)='./file0\x00', &(0x7f0000000280)='tmpfs\x00', 0x801, &(0x7f0000000080))
r0 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x52, 0x4280)
bind$unix(r0, &(0x7f0000000100)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
r1 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
chroot(&(0x7f0000000080)='./file0\x00')
fstatfs(r1, &(0x7f00000002c0)=""/4096)

2018/05/24 23:57:03 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000007400000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:03 executing program 2:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000003080)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x4})
r1 = syz_open_pts(r0, 0x0)
r2 = dup(r1)
setsockopt$bt_BT_RCVMTU(r2, 0x112, 0xd, &(0x7f0000000240)=0x1, 0x2)
ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000000080)=<r3=>0x0)
ioctl$TIOCSPGRP(r2, 0x5410, &(0x7f0000000200)=r3)
ioctl$GIO_SCRNMAP(r0, 0x4b40, &(0x7f0000000100)=""/180)
r4 = syz_open_pts(r0, 0x0)
ioctl$int_in(r1, 0x5452, &(0x7f0000000040)=0xffffffff80000000)
ioctl$int_in(r4, 0x544f, &(0x7f0000000000)=0x400)
socketpair$inet(0x2, 0x0, 0x0, &(0x7f00000001c0))
syz_open_pts(r0, 0x0)
ioctl$KVM_GET_DEVICE_ATTR(r2, 0x4018aee2, &(0x7f00000002c0)={0x0, 0x4, 0x4, &(0x7f0000000280)=0x210})

2018/05/24 23:57:03 executing program 1:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='\r/C\x00\x00', 0x200002, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000000c0)=<r1=>0x0)
syz_open_procfs(r1, &(0x7f0000000100)='net/ip_vs_stats\x00')
r2 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.mems\x00', 0x2, 0x0)
pwritev(r2, &(0x7f00000001c0)=[{&(0x7f0000000040)='0\r,', 0x3}], 0x1, 0x0)

2018/05/24 23:57:04 executing program 3:
creat(&(0x7f0000000080)='./file1\x00', 0x0)
mount(&(0x7f0000000240)='./file1\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)='sockfs\x00', 0x0, 0x0)

[  686.037989] binder: undelivered TRANSACTION_ERROR: 29189
[  686.045872] binder: undelivered TRANSACTION_ERROR: 29201
[  686.070453] tmpfs: No value for mount option './file0'
[  686.133259] binder: 12498:12499 got transaction with invalid offsets ptr
[  686.182597] binder: 12498:12499 transaction failed 29201/-14, size 24-8 line 2999
[  686.210706] binder_alloc: binder_alloc_mmap_handler: 12498 20001000-20004000 already mapped failed -16
[  686.262670] binder: BINDER_SET_CONTEXT_MGR already set
[  686.275488] binder: 12498:12499 ioctl 40046207 0 returned -16
[  686.282517] binder_alloc: 12498: binder_alloc_buf, no vma
[  686.288201] binder: 12498:12509 transaction failed 29189/-3, size 24-8 line 2971
[  686.312341] binder: undelivered TRANSACTION_ERROR: 29189
[  686.318062] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:04 executing program 5:
keyctl$set_reqkey_keyring(0xe, 0xffffffffffffffff)
r0 = accept$ipx(0xffffffffffffff9c, &(0x7f0000000000), &(0x7f0000000040)=0x10)
lseek(r0, 0x0, 0x3)

2018/05/24 23:57:04 executing program 3:
r0 = socket(0xa, 0x2, 0x0)
ioctl(r0, 0x2172, &(0x7f0000000140)="c626260b8522734221f66f")
fcntl$getflags(r0, 0x408)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x4000000000008912, &(0x7f00000000c0)="4626262c8523ec75c1426f")
bind$pptp(r1, &(0x7f0000000080)={0x18, 0x2, {0x0, @local={0xac, 0x14, 0x14, 0xaa}}}, 0xfffffffffffffe85)
setsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@int=0xffff, 0x4)
getsockopt$inet_mreqn(r1, 0x0, 0x24, &(0x7f0000000040)={@multicast1, @empty, <r2=>0x0}, &(0x7f0000000100)=0xc)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000180)={@local={0xfe, 0x80, [], 0xaa}, @mcast1={0xff, 0x1, [], 0x1}, @remote={0xfe, 0x80, [], 0xbb}, 0xda, 0x8, 0xffff, 0x400, 0x5, 0x81090050, r2})

2018/05/24 23:57:04 executing program 1:
mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x8)
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000280)='/dev/uinput\x00', 0x80040, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000180)={'security\x00'}, &(0x7f0000000100)=0x54)
r1 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
creat(&(0x7f0000000080)='./file0\x00', 0x4)
rmdir(&(0x7f0000000000)='./file0\x00')
openat(r1, &(0x7f0000000140)='./file0\x00', 0x0, 0x0)

2018/05/24 23:57:04 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000000000480000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:04 executing program 0:
r0 = socket(0x10, 0x2, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/udp\x00')
ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000000)=<r2=>0x0)
ioctl$EVIOCGUNIQ(r1, 0x80404508, &(0x7f00000000c0)=""/196)
sched_setattr(r2, &(0x7f0000000080)={0x30, 0x7, 0x1, 0xfffffffffffffffa, 0x3, 0x7f, 0xfffffffffffffffc, 0x7e1}, 0x0)
sendfile(r1, r0, &(0x7f0000000040), 0x101)

2018/05/24 23:57:04 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]})

2018/05/24 23:57:04 executing program 4:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x800)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000004fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
getsockopt$inet6_int(r1, 0x6, 0x1d, &(0x7f00000000c0), &(0x7f0000013000)=0xffffffffffffff27)
close(r1)
close(r0)

2018/05/24 23:57:04 executing program 2:
r0 = socket(0xa, 0x1, 0x0)
r1 = open(&(0x7f0000000000)='./file0\x00', 0x10040, 0x0)
ioctl$sock_inet_SIOCRTMSG(r1, 0x890d, &(0x7f00000000c0)={0x2, {0x2, 0x4e20, @broadcast=0xffffffff}, {0x2, 0x4e22, @rand_addr=0x1f}, {0x2, 0x4e24, @broadcast=0xffffffff}, 0x1, 0x8, 0x7f, 0x7, 0x3, &(0x7f0000000080)='veth1_to_team\x00', 0x4, 0x7, 0x4})
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf64(r2, &(0x7f0000000300)=ANY=[], 0x303)
setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f0000000280)={{0xa, 0x4e22, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x80000000}, {0xa, 0x4e24, 0xb8, @ipv4={[], [0xff, 0xff], @multicast2=0xe0000002}, 0xfffffffffffff35a}, 0x366, [0x1ff, 0x9, 0xfffffffffffffff8, 0x3607b09f, 0xfff, 0x9, 0x5, 0x8]}, 0x5c)
setsockopt$inet6_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000140)={0x6}, 0x4)
sendmsg$nl_generic(r0, &(0x7f0000001480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="e0040000340000032cbd7000fbdbdf250300000039561712ee3096d798abbffc033ff3a8477182ed58ac15352eb9174d6181eb0aba026777b9fa7ea9de746e25fd2912cde04aa79670cf5bbcd56ce06fb910b1a746d1a10185f62fe9ccd4595f320a89bbd7fa840691d4b018175452cbab75ce4b9fac60d5de6afd6252bb8e33d3b358f6501ef1b3c11ba8c8c4e7f61787003f7b6dbce3e4dadcbd11b678abcc88e5cb80aa8fccfe890263585288dab2bec21b39ee0daddcc763888e12cae762312659de3876b08882f6de7c2d7752e16569827c1ca94ba1e457f5876112f11e588b7ed67c1df8745aa5dcae11f2df51b6c55cc1557d44cd6ca23f92f418ed6b2febe0cd0da1ceca51f6ac7c00a28e860212778f8da6b8b06e99f7c90022af8b2c63180012000800310000000000b2d662b7501ee08c0f00000091be23872f2eb1a4f93182fe0a48ef614b25e3c5615b7925ce69c9c1096a6a97f25d9d2d9fdf4c2c68d0a4a876d51ab0d9bf754d9a61767647a2b8007900ce42a6a79ad02930611c4abe600f09f059eefbfb5cfb7964c55d931400210000000000000000000000ffff7f0000019f5ab4143340d66db205cbfdd0acf7a92eddc5af4fdbf7b982432bede0166ab50475a583ef4fd3f0b028df50047f1fa12b4fac0eda237034c103fe3811274bb97c878d5548da53cc75bbd80885fbcac517c6210041029cb7e52b749a9a0c92413efb729eb5309cf8bad4e9e30532a6725edccc4e3101e1dfc5677c58b60c3e7d4aef19a0d284028500f48729600829d1d546114b8ba5f3a9b72ed8c5d6e7afb926072bb08ca83c225d4864f69cb872683efb60817c8522f375c54a9f4830a7c44df0e75807098528e2719fa3e606ca8eef19535c31fb917d84b78f3d68a3d1ac9d0a7a09b3ba8dbcccde5c3a5db40b0da3c036675f1976b6737187af6d8c686a418682c13d54594f73cc68850b83ee80516ba93181d6142b40176bdd0fcb6cdb397c0bd2cf7a289e37c12bb713bae6c7b0e09080ecdc85102a88ccecd9e8df8d8be30392b3da867b1190b9a02ddba627799a24bfe9d872fc8d8489d015679e485d9af4793db7921c4508f2c77e687d325e134b9b395365824e4fbeffc02343b863f3d1e4c007d68d8949bf7d80d60ff2d3bb89caafc49be08de59e33191e78f59401c027de592d74befbaddb54c5787636bb397ebb3d3360ec90f73f2df6be68fd94a267b43709b55a01c8b1dd09fb9cbf9f8cb2d61f0cef8e8780de0bc9e2b9569d33bf8dedf01e19acb26833369a26cfb6e6f9dc54d89d521d27588208c77ecd170e2acd59bcb7a35553bdb4183d3111e017a1339afcc9a6ead542dfcdae674dd14526ebc880b0ed460f5a1184a99b960b9a995590308a318f91af27b26fb6602c753d24ff738096254aba6e8d16c81ac61753353b9044d18f0edfe172254a471c6818b638abdc60808998aaca353db75f2e497e984b6db850220e3c2aec3ed385237a9f6a0e9b46b3ec24f7cf1dd111224706e40314919ad04c4bcacbdc40849574e362018e27a1cfd003a4692f9ccdb9209828e65db0dd784d804c5f1ac16b252e9c102d3bc2f8210dbb25e4564bafa63181f8cefad38ecef08b005f2d8dfad071df86eb820eaa3e13d3b48e9caf7f4b32e19ad54885773f1be6534dd7e296868490fbfb9b811df4000000bdc87790a7527bb02c69a0f306e4c0017e01c76fa93c20d174223e4e06b8963d576724a258e65afd34a5d54cc2b5550004231512c21360a74edae2038c981c86b38043ba75ec9cd0517e7b5b14de9fe6ec2dd83802a740418e775464dde35fbbe9f83cbe6b516d6c8ab528c8b70888b54f"], 0x4e0}, 0x1, 0x0, 0x0, 0x14dc12cc239445e1}, 0x0)

[  686.710477] binder: 12523:12528 got transaction with invalid offsets ptr
2018/05/24 23:57:04 executing program 2:
r0 = semget$private(0x0, 0x8, 0x0)
semop(r0, &(0x7f0000000080)=[{0xfffffffffffffffe, 0x40000000e9f}], 0x1)
semop(r0, &(0x7f0000000000), 0x177)
semctl$IPC_RMID(r0, 0x0, 0x0)
semctl$IPC_RMID(r0, 0x0, 0x10)
r1 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.stat\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_FREE_BUFS(r2, 0x4010641a, &(0x7f0000000180)={0x4, &(0x7f0000000100)=[0x1, 0xf2c, 0x3, 0x0]})
ioctl$IOC_PR_RESERVE(r1, 0x401070c9, &(0x7f0000000040)={0x0, 0x40, 0x1})

2018/05/24 23:57:04 executing program 5:
bind$alg(0xffffffffffffffff, &(0x7f0000001000)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic\x00'}, 0x58)
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
socket(0x1, 0xa, 0x9)
r0 = socket(0x11, 0x80002, 0x0)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000788000)=0x2, 0x4)
bind$packet(r0, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}}, 0x14)
setsockopt(r0, 0x107, 0x5, &(0x7f0000001000), 0x48c)
r1 = semget(0x2, 0x0, 0x13)
semctl$GETPID(r1, 0x0, 0xb, &(0x7f0000000040)=""/69)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c)
getsockopt$inet_sctp_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f00000000c0)={0x7, [0xdd, 0x5, 0x8000, 0x5, 0x7, 0x4, 0x7d]}, &(0x7f0000000100)=0x12)
listen(r2, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r3, &(0x7f0000000280), 0xfffffdf7, 0x20000004, &(0x7f0000000000)={0xa, 0x4e22}, 0x1c)
shutdown(r3, 0x1)

2018/05/24 23:57:04 executing program 0:
r0 = socket(0x20000000000000a, 0x5, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6}]}, 0x10)
ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000240)="c6")
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
getsockopt$sock_buf(r0, 0x1, 0x1a, &(0x7f0000000200)=""/46, &(0x7f0000000240)=0x2e)

2018/05/24 23:57:04 executing program 3:
r0 = socket$inet(0x2b, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000600)={0x2, 0x4e23, @multicast2=0xe0000002}, 0x10)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23}, 0x10)
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
shutdown(r1, 0x1)

[  686.760958] binder: 12523:12528 transaction failed 29201/-14, size 24-8 line 2999
[  686.788130] binder_alloc: binder_alloc_mmap_handler: 12523 20001000-20004000 already mapped failed -16
2018/05/24 23:57:04 executing program 1:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000240))
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
readv(r0, &(0x7f0000000500)=[{&(0x7f00000004c0)=""/54, 0x36}], 0x1)
ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc))
sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x2)
r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x0, 0x0)
ioctl$KVM_ASSIGN_SET_INTX_MASK(r1, 0x4040aea4, &(0x7f00000000c0)={0x5, 0x5, 0xc6b4, 0x5, 0x8})
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000001840)=<r2=>0x0)
r3 = syz_open_pts(r0, 0x2)
r4 = dup3(r3, r0, 0x0)
write(r0, &(0x7f0000c34fff), 0xffffff0b)
sched_setattr(r2, &(0x7f00000001c0)={0x30, 0x5, 0x1, 0x29, 0x800, 0x7, 0x1, 0xb509}, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r4, 0xc018643a, &(0x7f0000000040)={0x4000000, 0x6d3, 0x29})

[  686.835118] binder: BINDER_SET_CONTEXT_MGR already set
2018/05/24 23:57:04 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff]})

[  686.862662] binder: 12523:12528 ioctl 40046207 0 returned -16
[  686.868200] binder_alloc: 12523: binder_alloc_buf, no vma
[  686.874337] binder: 12523:12541 transaction failed 29189/-3, size 24-8 line 2971
2018/05/24 23:57:04 executing program 2:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$rdma_cm(r0, &(0x7f0000000000)=@bind_ip={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}}}}, 0x30)

2018/05/24 23:57:04 executing program 0:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote={0xfe, 0x80, [], 0xbb}, 0x800, 0x0, 0xff, 0x1}, 0x20)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x88d9, @loopback={0x0, 0x1}}, 0x1c)
r1 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x4, 0x680000)
ioctl$EVIOCSCLOCKID(r1, 0x400445a0, &(0x7f0000000040)=0x7)

[  686.974296] binder: undelivered TRANSACTION_ERROR: 29189
[  686.987490] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:05 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x6)
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000000)=0x7)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000080))

2018/05/24 23:57:05 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="006340400000000000099c0000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:05 executing program 2:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r1 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x3}, 0x1c)
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000080)={<r2=>0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, [0x10001, 0x7fffffff, 0x8, 0x9, 0x8, 0x8, 0x0, 0x6, 0x1b61, 0x800, 0x100000001, 0x3, 0x2, 0x0, 0x8]}, &(0x7f0000000000)=0x100)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000180)={r2, 0x7}, 0x8)
r3 = fcntl$dupfd(r1, 0x0, r1)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000001640)={'bpq0\x00', <r4=>0x0})
ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f00000001c0))
setsockopt$inet_pktinfo(r3, 0x0, 0x22, &(0x7f0000000440)={r4, @loopback=0x7f000001, @rand_addr}, 0xc)

2018/05/24 23:57:05 executing program 0:
r0 = socket(0xa, 0x1, 0x0)
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x100, 0x0)
ioctl$EVIOCREVOKE(r1, 0x40044591, &(0x7f0000000280)=0x2)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={<r2=>0x0, 0xf860}, &(0x7f00000000c0)=0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000180)={r2, 0x2}, 0x8)
ioctl$sock_SIOCBRDELBR(r0, 0x89a1, &(0x7f0000000040)='veth1\x00')
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast6)\x00'}, 0xfffffffffffffe7e)

2018/05/24 23:57:05 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]})

2018/05/24 23:57:05 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0)
readv(r0, &(0x7f00000004c0)=[{&(0x7f00000003c0)=""/200, 0xc8}], 0x1)
setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0x3, &(0x7f0000000000)=0x10000, 0x4)
fcntl$notify(r0, 0x402, 0x4)

2018/05/24 23:57:05 executing program 1:
timer_create(0x40000001, &(0x7f0000adafa0)={0x0, 0x10000000000001c, 0x0, @thr={&(0x7f00003b6000), &(0x7f00001a2fa8)}}, &(0x7f00000000c0))
r0 = syz_open_procfs(0x0, &(0x7f0000337ff2)='timers\x00')
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000100)={<r1=>0x0, 0xd5, "9939eaee6a75924749771ea8df30064de9347d1b4718233cbad2aac068b5f80cf3fb7fb485bb5d99e1eca70b1e1322361a2b8ec45717c5047b68d80f3bbaadd163484d5cb46a6d8d1d52ce2d9f36a021d8aabc41ca292370b0e1b024ee89c6f75d8d0fba06c3f70babcee776eb3a986688f23a91fbcc55a92d2f950e2988f3b10d364136d17cc078f3ad8d7d24b544f4415d2dd11db8b55c2a104e0d937b00dfbf1f939cfec91f344bc6ffe83bf0bee310d49fd3c485812af0639f5014d19ac3288c6f99b15c6a5fb7843928c51f00d6439d7606e3"}, &(0x7f0000000200)=0xdd)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000240)={r1, 0x10000}, 0x8)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x11}, &(0x7f0000000080))
preadv(r0, &(0x7f0000000040)=[{&(0x7f000036b000)=""/100, 0x64}], 0x1, 0x0)
sysinfo(&(0x7f0000000300)=""/18)
getsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000280), &(0x7f00000002c0)=0x8)

2018/05/24 23:57:05 executing program 5:
r0 = dup(0xffffffffffffffff)
stat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0})
setfsgid(r1)
ioctl$SG_EMULATED_HOST(r0, 0x2203, &(0x7f00000000c0))
r2 = syz_open_dev$dspn(&(0x7f0000000100)='/dev/dsp#\x00', 0x1, 0x2)
r3 = socket(0xa, 0x1, 0x0)
ioctl(r3, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
getsockopt$bt_BT_CHANNEL_POLICY(r3, 0x112, 0xa, &(0x7f0000000040)=0x8000, &(0x7f0000000080)=0x4)
ioctl$int_in(r2, 0x80000080045006, &(0x7f0000000000))

[  687.827048] binder: 12588:12590 got transaction with invalid offsets ptr
[  687.860834] binder: 12588:12590 transaction failed 29201/-14, size 24-8 line 2999
2018/05/24 23:57:05 executing program 4:
r0 = socket(0xa, 0x5, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
socketpair$inet(0x1e, 0x1, 0x1, &(0x7f0000000000)={<r1=>0x0, <r2=>0x0})
write$binfmt_script(r0, &(0x7f0000000080)={'#! ', './file0', [{0x20}], 0xa, "da8f976de68c3bb95b89a2da2d7a9a83b9fe3449019cebac9a8dc28415c7c6752e55ae155c0623a87d4151bee386d5a78618c991f4a3d013f8b76bf09a872929d62759a5153cebaa2e4fe8d20ab765f426fdd2ac8bceeac5d8d008e3dfdef7d058b77f63c101d9bab3bba2cffb50608f0a9a5c35aae0cd37c90b1d4da85645e9c90fc46fbd8922d2c2c65bef71de66930dce7e94c223bac091960cdc7a0d1c69bbe1d9d80315989617a201ebcf19f87bb0682fbd229e926f441a189486938569a56eb27b1960e658596bc530f5197636ca1f2071a7971cfb"}, 0xe4)
recvmsg(r2, &(0x7f0000007900)={&(0x7f0000007640)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, 0x80, &(0x7f00000077c0)=[{&(0x7f00000076c0)=""/231, 0xe7}], 0x1, &(0x7f0000007800)=""/207, 0xcf}, 0x0)
sendmsg(r1, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0), 0x0, &(0x7f0000001d80)}, 0x0)
sendmsg(r2, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000040)="a0", 0x1}], 0x3a3, &(0x7f0000000980)}, 0x2)

2018/05/24 23:57:05 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10)
sendto$inet(r0, &(0x7f0000000080), 0x0, 0x20008005, &(0x7f0000000000)={0x2, 0x4e22, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10)
shutdown(r0, 0x0)
recvfrom(r0, &(0x7f00000001c0)=""/101, 0x2e9, 0x3, 0x0, 0xfffffed6)

2018/05/24 23:57:05 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=<r1=>0x0)
fcntl$setownex(r0, 0xf, &(0x7f00000001c0)={0x1, r1})
connect$inet6(r0, &(0x7f0000000080)={0xa}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x13a)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100)={0x303, 0x33}, 0x28)
sendmmsg(r0, &(0x7f0000005f00)=[{{&(0x7f0000004980)=@in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}, 0x80, &(0x7f0000000000), 0x0, &(0x7f0000000140)=[{0x10, 0x11a}], 0x10}}], 0x1, 0x0)

[  687.894485] binder_alloc: binder_alloc_mmap_handler: 12588 20001000-20004000 already mapped failed -16
2018/05/24 23:57:05 executing program 1:
r0 = socket(0x2, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000000)="c626262c8523bf012cf66f")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f00000000c0)={{0x2, 0x0, @loopback=0x7f000001}, {0x1, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x1e}}, 0xfffffffffffffffe, {0x2, 0x0, @rand_addr}, "00000000000010000000000000000004"})

[  687.938630] binder: BINDER_SET_CONTEXT_MGR already set
[  687.944127] binder_alloc: 12588: binder_alloc_buf, no vma
[  687.949983] binder: 12588:12603 transaction failed 29189/-3, size 24-8 line 2971
2018/05/24 23:57:05 executing program 5:
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f00002aafe4)={0xa, 0x4e23, 0x0, @ipv4={[], [0xff, 0xff]}}, 0x1c)
ioctl$sock_inet_SIOCGIFADDR(r0, 0x8915, &(0x7f00000000c0)={'ipddp0\x00', {0x2, 0x4e20, @multicast2=0xe0000002}})
listen(r0, 0x6d)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r1, &(0x7f000087dffe)='\x00', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000100)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}}, 0x0, 0x0, 0x8000, 0x0, 0x10}, 0x98)
r2 = socket(0xa, 0x1, 0x0)
ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
listen(r2, 0xfff)
dup2(r0, r1)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000000)={<r3=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000000080)=@assoc_id=r3, 0x4)

2018/05/24 23:57:05 executing program 4:
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x4000, 0x0)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffff9c, 0x84, 0x73, &(0x7f0000000040)={<r1=>0x0, 0x9, 0x30, 0x7}, &(0x7f0000000080)=0x18)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000000c0)={r1, 0xffffffff}, 0x8)
lseek(r0, 0x3f, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000100)={r1, @in={{0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x11}}}, 0x7f, 0x8000}, 0x90)
mq_timedsend(r0, &(0x7f00000001c0)="84db88bca4a02cdf6256204dc5e643ab49a4990571e487c1b5db399b9a", 0x1d, 0x7, &(0x7f0000000200)={0x77359400})
fremovexattr(r0, &(0x7f0000000240)=@random={'btrfs.', '/dev/vga_arbiter\x00'})
ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000280)={0x7fff})
getsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000002c0), &(0x7f0000000300)=0x4)
ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r0, 0x408c5333, &(0x7f0000000340)={0x2, 0x7fff, 0x1, 'queue1\x00', 0x80000001})
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000000400)={{0x100000000, 0x1}, 'port1\x00', 0x0, 0x400, 0xffffffffffffffe3, 0x3, 0x100000000, 0x6, 0x2, 0x0, 0x1, 0x3})
setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000500)={'filter\x00', 0x7, 0x4, 0x470, 0x118, 0x118, 0x0, 0x388, 0x388, 0x388, 0x4, &(0x7f00000004c0), {[{{@uncond, 0xf0, 0x118}, @unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x126, 0x7, 0x1}}}, {{@arp={@empty, @multicast2=0xe0000002, 0xff000000, 0xff, @empty, {[0xff, 0x0, 0x0, 0x0, 0x0, 0xff]}, @empty, {[0x0, 0x0, 0x0, 0x0, 0xff]}, 0x6db, 0xa64a, 0xd8, 0x0, 0x1c4, 0x202c, 'bpq0\x00', 'bond_slave_1\x00', {0xff}, {}, 0x0, 0x40}, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @rand_addr=0x5, @empty, 0x1, 0x1}}}, {{@uncond, 0xf0, 0x130}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0xffffffffffffff7f, 0x0, 0x7}}}], {{[], 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x4c0)
setsockopt$inet_tcp_buf(r0, 0x6, 0x1f, &(0x7f00000009c0)="d62eee690683ff8a781abe2fce917359b5052c38d0565c4e25e80501176eb7348d64518773ce2b7ad3afa1e3cd76da3e4584121cf26af07e19a092cc7ee4bd0cb4547c271373e7963ec1d2b8d15fed95cc74f3ffc1cc12118ccf255c970fc21964c367da171de47a9c902b186092d0f590d789109f59f5e95e234aa21909361eeae120dc9dfb5410138281e143bac1e6e8dc6122d8c7399022213cb1707f7f85e0908f1dd2005a287c4c3c7d69d89819e567e32021e8803f546b41e0379846e1f6b4094d1690b098c7a186b5432a875e8031b590a06f", 0xd6)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f0000000ac0)={'raw\x00', 0x3, [{}, {}, {}]}, 0x58)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCDELRT(r0, 0x890c, &(0x7f0000000b40)={0x0, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1b}}, {0x2, 0x4e22, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e24, @rand_addr=0x9}, 0x110, 0x80, 0x6, 0x1000, 0x10001, 0x0, 0x7, 0x1, 0x7a1})
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000bc0)='IPVS\x00')
getsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, &(0x7f0000000c00), 0x4)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000c40)={@empty, @remote={0xac, 0x14, 0x14, 0xbb}, 0x0, 0x6, [@local={0xac, 0x14, 0x14, 0xaa}, @loopback=0x7f000001, @dev={0xac, 0x14, 0x14, 0x1b}, @multicast1=0xe0000001, @multicast2=0xe0000002, @empty]}, 0x28)
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000e00)={&(0x7f0000000c80)={0x10, 0x0, 0x0, 0x62}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000cc0)={0xcc, r3, 0x0, 0x70bd26, 0x25dfdbfd, {0x5}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x10000}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9}, @IPVS_CMD_ATTR_DAEMON={0x50, 0x3, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x661}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bcsh0\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x1}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x9}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e21}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x5}]}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x2}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x10001}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x7}]}, @IPVS_CMD_ATTR_SERVICE={0x34, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x4, 0x20}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_SCHED_NAME={0xc, 0x6, 'none\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}]}, 0xcc}, 0x1}, 0x4004000)
fcntl$getownex(r0, 0x10, &(0x7f0000000f00)={0x0, <r4=>0x0})
r5 = geteuid()
r6 = getegid()
fcntl$getownex(r2, 0x10, &(0x7f0000000f40)={0x0, <r7=>0x0})
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000f80)={0x0, <r8=>0x0}, &(0x7f0000000fc0)=0xc)
stat(&(0x7f0000001000)='./file0\x00', &(0x7f0000001040)={0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0})
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f00000010c0)=<r10=>0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000001100)={{{@in6=@local, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r11=>0x0}}, {{@in=@broadcast}, 0x0, @in=@multicast2}}, &(0x7f0000001200)=0xe8)
getresgid(&(0x7f0000001240)=<r12=>0x0, &(0x7f0000001280), &(0x7f00000012c0))
r13 = gettid()
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000001300)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r14=>0x0}}, {{@in6=@loopback}, 0x0, @in=@multicast2}}, &(0x7f0000001400)=0xe8)
lstat(&(0x7f0000001440)='./file0\x00', &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, 0x0, <r15=>0x0})
r16 = accept$ipx(r0, &(0x7f0000001500), &(0x7f0000001540)=0x10)
sendmsg$unix(r0, &(0x7f00000016c0)={&(0x7f0000000e40)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f0000000ec0), 0x0, &(0x7f0000001580)=[@rights={0x30, 0x1, 0x1, [r0, r0, r2, r2, r0, r0, r2]}, @rights={0x18, 0x1, 0x1, [r0, r0]}, @cred={0x20, 0x1, 0x2, r4, r5, r6}, @cred={0x20, 0x1, 0x2, r7, r8, r9}, @cred={0x20, 0x1, 0x2, r10, r11, r12}, @rights={0x18, 0x1, 0x1, [r2]}, @rights={0x18, 0x1, 0x1, [r2]}, @cred={0x20, 0x1, 0x2, r13, r14, r15}, @rights={0x28, 0x1, 0x1, [r0, r0, r2, r16, r0, r2]}], 0x120, 0x80}, 0x1)

2018/05/24 23:57:05 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8000000]})

[  688.002684] binder: 12588:12590 ioctl 40046207 0 returned -16
2018/05/24 23:57:06 executing program 0:
r0 = socket$inet_dccp(0x2, 0x6, 0x0)
r1 = syz_open_dev$audion(&(0x7f0000000100)='/dev/audio#\x00', 0x5, 0x100)
getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f0000000140), &(0x7f0000000180)=0x4)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x4, 0x20e300)
getsockopt$netrom_NETROM_T1(r2, 0x103, 0x1, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
setsockopt$IP_VS_SO_SET_TIMEOUT(r0, 0x10d, 0xb, &(0x7f0000000040), 0xc)

[  688.129567] binder: undelivered TRANSACTION_ERROR: 29189
[  688.136618] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:06 executing program 1:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet_opts(r0, 0x0, 0x100000006, &(0x7f0000000280)='c', 0x1)
r1 = socket(0x2, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'veth0_to_bridge\x00', 0x3}, 0x18)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x2, 0x4)
sendmsg(r0, &(0x7f0000000900)={&(0x7f00000004c0)=@in6={0x2, 0x4e21, 0x0, @remote={0xfe, 0x80, [], 0xbb}}, 0x1c, &(0x7f00000007c0), 0x0, &(0x7f0000000800)}, 0x0)
recvmsg(r0, &(0x7f0000000480)={&(0x7f0000000140)=@nfc_llcp, 0x60, &(0x7f00000009c0), 0x0, &(0x7f0000000a80)=""/204, 0xcc}, 0x2042)
r2 = dup3(r0, r1, 0x80000)
ioctl$DRM_IOCTL_CONTROL(r2, 0x40086414, &(0x7f0000000000)={0x0, 0x3})
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f00000000c0)={<r3=>0x0, 0x9}, &(0x7f0000000100)=0x8)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x6c, &(0x7f0000000b80)={r3, 0x1000, "e5ef1b1f2caa321f1526ea72915f405fa23161330835072a951d183882c36a62f6411d4fd0844c360ccda226d95593170cc4890864eb05199e686e7566b502f0370413ae0a1b457e786667dc063311118c95b7484b8410de843c7e3cc28fab57efe8f25a55e4398b1fd0584e5d62617324841dfd3ef48f8d5266d2704df262687ad165a4c7177a32c709d861407f1651fee8716406f3bb3c96bbaeb9711214c95d5ab2b1bd99979d43072e7545a51437e323102979a6e97c50222fe6e791e1f5535a8910292872856d6117129c30132ca37862c52215337eae1e6983df56a2dc565dbca0d41bc40a9996019417301efb5373067ca40183e3eb31b317c28f741572cd3f6717fc7008ca860d0a5c3de3181d2d38923ed58a6226620f1ef0aca75883deeb34ddc99dbc22a21014b7374926c0902309f6dca3605943e8ceb49eadabdc1140f1e07427bfc76fcbb6c3c3696c5dc421657c37ba7c1f993f119947fe3b34fc4699f9707299a47c990b4c7d966f4efa94c042cccf742386594a89ee5d2dc8cdb24d924c1d1880037308b284c3de29f3c51231453c3077bc4b358f129dcf065a1281b31387373c767bcd4d0d11dde991a578b0a6d4885b27180215186999b80d1473c8c9bbba16134abb5680433e60b3120e4a52ee928543a4b488a214518bf67732cb9427922fb3c2f2d29427f72d5e4c0e493bb9ea2eac8eef7769cb5640d2738b70022f2f1ea00b66249611cdd8b6103b212b8c31c6e964c0cab3a720b99a1866225ee913e7b9f3329959495b83d5344fffa666853d9dbb8952a0440307b3afb65ce6f669623b5395e4e0b424e1bdd5a685e617d93498e21b2f664e4f5b78e44e10ae57cfa2090cd071daa7a06c96304ecf009b08b6bdb41bcfb6e08cb16c4a65448f03db41c6ac32a01c0569f251d517399766bc80ef79dabeb474fae23ca1cf2d77c3b596de995169a1232a64bea35d05c3f10b73bbb23d5df86400c6dbecfb5cea32f458b4757564768b8d1ed60a526758570d21e98498aeb8e9be0fc657d926c485b59b5ea5e5349ff3123afc5b7d2587d1be4edd6c3404e75d8451df0f0aa7e0d9fcf15c21d3948ba0ae7950fbec32597e80524d87f2f8058b652862c73a6494b0fa93defb01f1dedf4b991c603b7b56dd9831513dd2893b359fb84076096bc3b0ff1c3f32d2b9719c97760e2f54b7e0cae29a1653152559f627f22024eda2f6efe25f42a23f58127f6b7c940b22249a117d31b228fd7c18332a7e58ca0d186cbdbeabc7d16c5319dca01dd4764041e8ef5d1f2a9461d04ec7e27b3243b68b60562d2c4ca53d9d2820d1bf04a21e07e7f4e24fd6f0329967dc5727aa589cce785c96880dc7febbf368b3fb5b9c2fc82c5e567ab1ffff64c2a4545bd1249d9f8570d81094f2361c719712b1d4d8891e62f4fc71e69334f7d16efa6d4c7e0e91acbe0d34c9abb94216c54716f757c0b17c6835230a5f37ecfe2559bb8dc3c4b6ed1495939c09de723b43ec183b70128c5226363d389284a305306b42114e2bcfa3e80c4bf4431066b03362fe054ebf4524aedfabab2ea93b85c8dc69ea9aa056e70fe882a67c77ab3626cede035c46182f27b5cbc4026df20033390695fa2e800dadf93724e5c156c674b600b3a7cab47ef2fb5b6651240c971ce354cc8ad3273751519872bf78428572a99f51d8c99da23a8bc60e68d5a4ec777c4aa352b2cc5eb696ec5ca6620c410748ee57f9279d6a8113533c2996b49c80191f45c0e1becb08a01d27e3a01b6a2c96a631e85d340542f1c78a6fb0ea906c7a4f52a40601e2188bdb0a38fdd51afbd3b910aa84d182b832c9e60709b2a7178b2303f2b3aae470c0e9997fc4ad788c4430c6e02b1d0dfa357e1735b7975cf953b2701596d71107c294e31dc62397186a679d8e74b2a16137eab82848f8c43584410d10f69f1e21a03ccd7fc335db33422d65d7ccf9d56761350a98757d379b4f30a53dc0dac829bb94c6c5f44bd24ccc5566d076845da5de4a74f66efd8b662df676bc128d657e0f3a8d380b96a82e93f2842141b3f119ec68ec87e4d238ac65c9c33e7abf8c859acd694ec0e72358f41056c6764ddddbe8491559237a3f6c86a1b86511935b282cdb25a87caf913d9dee958601c9ad2927cab288b4eee34ca7c8e9e773be8b336f3e6dc80dd80b622c7ef170abeef5c56761cb3dd264b272227d11ad78fd2e19404090e5c3fd1b5a13e7bf32bae0093aeb72e898e48651cde71554637fb18ee50bca704d51282e6fab288bf934f9cc0e79a928171597929285b6e6ab202071af950095726b5fbd0b4b7c98cdc173085444aa9b046cc15a35efd0f12a8db90d6bfbfe3ee80bb1c123b48aa1b8c91301ff66f3264b69fa7b3d8edda492a0196d6af1d28e855d1e30ed6432453602373c442aba683773905e85987d8c247829c3da9c92e563321bf8078a68260956a9e742515ed0d740c11a5d5e890a854784fad6120c2ed6b0e9eff66c3948821990865684932c49b513cc75916a7868ad391affc2998a2bcb39608cebf8a0b38516f816f97ea6426cf94f87acd0d1a33d09a58cb1c3082d4a146bfb607a77384be37f416c7d69279a5f7d347a58a7a0f086e8aa58125688b44eb2e77318feb29885f47fac96392138e195a8befecc92fb161157e984e225ed3093654b96606b7da3d8a4787c089e251276492f4e6e4c78a5e3c93dde2a60b1e44d9f65b6b01d479bb443ea1234f67f67ab14d6249f378fdb1bc4944a11ec6e0112e6a52c6c1845417ba554aafbd77d2153b52f72423cd62058dc81f7392c6c4fc4a0b2fe55591d4d90250fa72a5ae16ab7473730a5e7e41fd3a2d61824c423130ee7b3c55a8109a52ad92187039cd43c501cede3f65b107f0e959011cb38df5d425f67158cba1b9f530767ae206ffd03e6c656af361b73119c92e363cc672a90514398039648f01be58dd5c61d2ba88a80f19c19df89cca60bac1d9126e6d62b9c1b220fdfa9699eaf0f740a9b0a76989a5aaf5d00717023b863be195e46f94344c127af6e7780f0dc79b9b5c1b48aa0a2b6e35c43d968abbc19e50862cb9b406d8930ee80292c81e0ce3b26770ee703b135b4ba1930cfd580c00d5b60851faed6563d611ed4305bea946dbc6126840193979c8bd78c39b7f011a5ea1c66363b2d9f31c83f03afde759d861dfca5eec784b470a429e2132bb98b234e90360ca28d6bd2d9e96ffae61e3a96fc638ebe9f509cc55757fa9a770f1cabb00d61bb042ab44e3319f8924cc43950f9483fc83ee3dbdcf43904e4de79f0994d12538af60a702e7db98dc55a53edf1b43a0d2944edb0cda388ddcdebf2f89a049dce159780ed2be59cf91952fc8f3f4adbdbf9a3a02d869b788ce2849e71a8ff366644d725865350108588693ab2e2645cca4049caf091f852ac81257d8e3dc1e30cc8f59b03315b958ebce7ed28964e2ffc2a1974e7e2d88f71b0152b39e192af2c5c99ea254eb36cb1b5c3552d56467c9867b457945409f31aea42b3d3194fe24f561866df2dfcf7542f125c698eae884179ad845ceda014b8a992a7b37bb07dad8a3b66ea6a21c1707ec76ea39e58450f9db7b763907210784b16aab284a7e9d28fd085f6c831709d3c161c64c6a7888a820eba5926916fef19eb2845308925b58e8dde96da324d575174048897c4a7f3bd423d42a1d4649eac98fd290616785d20372ca07527249282f7c4137f9ea0720a65b46ed02140ac7928e88ca10a82ba393b0208431256942b358c0520c96e33692a9e7c368a6b839724fc1e15aecb865b918d62f3274043c766b253555aec8c9649e7371d11e46134c8930ab9bc340627c63597f7c181f9106024a0437c9c26c4f7f49a824f24ddd56e271347b48d76dcab767e43c381740ac7bc6c89db046cf0f9cf4a3c71d55f00eb2b4171f0792481e636b54b6eca413a8a61e3d9f2bf64b13c711ba584519146fe887bfeffdd64be740ef4c5af4641d435aa176fe6ce6dd323682182a0bea9542d27c24ee20ebfc6b0adeb2166941ecd8e88af622c2f147c13414f3a031561830aff27d727fab4954bae101b8a445f84cad2932669a537fc71d4f1f8cd21bf0a921370c48dff5b77341902a1e91ad3f93d613886ea494af81c17dffc7c163a73a4252653321cf929749bcdf9ef1730deea12edd250bbf5cb48425a067c050e2fb95e4d57f32902231736131cb90afeb43158d25494972ea9c8f4bc33704e637eaed1cda079e2e1feea7d47ea93d5ad460f200977a37fcebfa79c0776967003998855f92e6ce7cd628bfd00a5d1009247ed14c18fa1eca33ef6ce198ddbe07a5665c34275891e1cfe9b62bfce123606559b2cdec27b974518150963feb9c931848709c467523524863a02961d79f5edbbb096b570d723886c4a0c9b8c361e3eb17541035fe0daba4fe3feac71fc739329f1ae9e801c37986c4daf3e822c0290752e7d563b0f3c350781679d23686a5ed526f6d9184c18816a318e409310d833be218392c2ac9fd8d7d7b2f1114ad468af772dbcebfb25da3c67b73ca25e8dc3c8dc1418044baddb2cf7e9b7812a0e8805f3cddeebf8653367d88506355d6584279cbef9ddd64fd16aacd037cf8a047a980ab4f1960ead4c0c9c66b4d155176cd2422e36b8432ada5f4c09902fb7da37694cdbaa541bf87d164ac31a118932345adbf8cd7dc4a7146a738dc5da0ed4f0da7b0607bf12afe313f235e40ef3ef0b747cae739250f174f08e934d27802dd4f840f4929f6cbe261e55843f07f3d9f5d9e6f107a5eafba56fa300580a567758c913591bf61f448cf6c1fea330c28db991b16dac9d5d80f50d7a4275eec86dd7c62046ec3c097d0f5870a2e93de112bf8bfce944bc260bde31181dafa7282fa6c246d0e6bff1c01ceb1927edf426ac5773af9f05e4e5afbb26ea77d2c6e6bd118e9a703b82a982a94d01e9e285a3e9181a1963926cea53dc6881da26f04f305ec188d544e4272148ed818bcdb4e5c5781ebe310724b308d6c0a76a60a3e985f657e43000877439f523a1a7100c35c509f1c899339d7d1d1c944c5ee0d31c88e766b2ae4d6215f351dc5e2fc1352972529eac48a680a1f4aece913a2078e3a0361b95862617121eb01b8d960ae49783c65c4d3922ff863921b11b562910078520e2eda881a9918d399b3dbc8e33ead1cebe8c55cea4153b42275880cdb667c9e254be8f302735a3990b16de412eb7f9f25fcfe4ae3e722e04495b06c06333cfcd7021b25a1be0ae78293eb3a9e5c667e01c034930c69aac10ffeac599e968b9d549214d1f221b7e1b08d529f9ffc97732400bf1ab4abede8a2bb49e0c4aef01be3f10f37cdf846cbe0ef6c16e37c982ee80451b97f183fff920a0739c18884e74f04c7a1c02498e443d77e30cbf31ad4dd26bfd344b345065ed0c59283a1abdcbfdbfa7842b03b084f41a53933d39a1af8424ac8b24b2e75dfdad96fe4b3aa30b5d539edeb52eed004b34450c758f4f727949cc3f6a41ec7efd251dc6c1becfed1238f88d3df8044f6c753568b3433ce0fcdabb264651a6f8ad2902979d07dbac49c59315e154f84e355d3d8fc0a5723e5f0331228118a994289e6305c15c8bf1325362831afd984c59ce9a0eb33c28a8b46129574517851e1b2996beff5d1e30f3751f40500b26a3d1fd8ef65c77214b86b6ceeb7da2118c964a4b17c16da13d5386f82db5c8ce37facd9edced5daf8dbb2955afa2ea629dd62ba5699666704535512bdb89b19feb12478e67c3"}, &(0x7f00000001c0)=0x1008)

2018/05/24 23:57:06 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000099c00000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:06 executing program 4:
r0 = socket(0x10, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000080), 0x4)
getsockopt$packet_buf(r0, 0x107, 0xf, &(0x7f0000000000)=""/100, &(0x7f00000000c0)=0x64)

2018/05/24 23:57:06 executing program 0:
r0 = socket$inet(0x2, 0x3, 0x1)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000140)=0x78, 0x4)
bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000004c0)='dctcp\x00', 0x6)
sendto$inet(r0, &(0x7f0000a88f88), 0x29f, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback=0x7f000001}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x921b527a62bfd8af)
recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1, &(0x7f0000000200)=""/20, 0x14, 0x7000000}, 0x100)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sequencer2\x00', 0x4000, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f00000002c0)={@empty, 0xcb98, 0x0, 0x2, 0x4, 0x5, 0x1, 0x400}, 0x20)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2000, 0x0)
ioctl$KVM_PPC_ALLOCATE_HTAB(r2, 0xc004aea7, &(0x7f00000000c0)=0x4)
setsockopt$inet6_mtu(r2, 0x29, 0x17, &(0x7f0000000180)=0x1, 0x4)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000300)={0x0, 0x3ff, 0x0, 0x0, 0xe31}, &(0x7f0000000480)=0x18)
write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYBLOB="7f454c4600250000050000000000000003003e00060000002c010000000000004000000000000000e1000000000000000500000087003800020002000700ea000200007001000000ea0a000000000000f7ffffffffffffff00000000ffffffff00000000000000000100000001000000010000000000000001000070040000000500000000000000000000000000000005000000000000000100000001000000ff0f00000000000000fcfffffffffffff423273d395b5dfe49a633eb0eb0263328129db30c89d614ca312379424593d1149401363a977a2b10bc8394762bab422771360aa38dc889b26829f721e3098b0f80c2f4ee55bcf0df04911af0a6a16e0ab5b5bb1e2227df0cb7b403be567ea3b9adef738dd4b7efbd9e56dfc0dc488a064d4ad246d477bc8fedb6c1fbcdb1469e544a6ac9afa9987b94c8d1209a41a79416931a8f43bd761418a2c47221a2a4d6bee2592cd6eab8fa3ac582965b48d68fb1dde708c9901874b0f1628c0adb0dc15872d102a327e9f073a52942892de4cc87c25e76cde841dd1e09db3f59955450018b682981af9bf3133a11fbf7915b41105bd663e6f7116777b3cb43f260d25a06d22119ca7674f7d9eeb496cccae5ea73758600072b6f0c2a39d824fa2001cb9377fbc132be60c8b0bf6ac0a892b355685d62cb7077a1e889c359d7bfc544111c6ca232e6c6593a0b8f085567b065536d649fea6d4e202254fc1a0dedba780af208b0457ed33958cfd97c0155f59b06d997423bb3b6f3d5e01c8b74030434cacb0e50dcc661aff03a72021b6011f6ff05f6070f0bcb7d75cbf1668562cd6599dcf1eac792c47370ac83b2730215d9955f6fa81f59d3209fbaf52f41f8c413432d976fe6eb3ae98661de6250e09bcf7b82d0492b349ca022abade27ee2d41aa83ba7d2ed5193dda7e9c78769b1430e5a171e12e0fa1d057e1aef4b856ab0f2dabc8b207f09d78e1f83461ccac0b2558732ea70d369973971d2c6d94081f33308b1e4b27a2ce6f45838809407045aa63b6219d82564c7323f73bfc2260fd95e5e8eeca550ba9adcca477de69469764858d7aa3ab8afd99e883c43dacae12ac88e7fea5a99df90755e5caf59185794ed6419a22fe36d9070ed6558b090cb871914491e2a135047b729107896b784bf87c941f7b993033898b993c83b8bcec93aed20e900921e8c8e716321ad5664665e7f89839258d1477a2e8fceaa9280b9c9dc53b5ed4bd907c3942d8fac1eff961bf3040ae0faed3985bccc35551fdfcd52907750828fc988e60aec5b577af9769cebc8d6e87a826826f8362c84fe7ec9e6d3cc39c1b6b6b9005eaaf0d9037fa576757018d3f60fbab576284cd7343e70a4b8143dc67e94c1090b7376eec330f5995c4b3a119646b4a953cf0669d6e52264827bbbae2c7565529a68f46f5e1a23137059867d0192caf6b22e2d74f8fbe12a139bc90a0d12b6acc0a106ba4fc2baf87c254bb540835206fc5f63dbc82581cec68813c331af00086cae971610587c4683d5f1b0dd68b8a419f581f0387cc9d1a435e329a0595d73a4489b1ea23c331ca752bfd46de13faee26e7e2e9b11dd7151883ac8112c0ba049070bcf00881cc0a37395f1a102cddda4b0b903b0233461e70254e6a75b9c29c02fce51b630d5cd58867e5f8e5b47fdb2fb53e0b9485f1079ddb39d7b3ef5d8d37be9a08714575e454274581a8ad758ba53da32d2c893e8a40de0febf31f84016558a9db7c53dec27895d69fa1a34e4b5b856f4d0974a9dd4031e28632a245b921a576f1a19f47d7ba08e9ca94a7ae46c89b379d90e0dfdcffb790586d920ea79f94af735aa51695dfe0c9c73a44b277e877b473b43f5c3a960d7c5e22678ab3f7cf46bdf23cbbd31df613827f8e23f7b2c71be25eab7dbd56f7b426b784583ec97db1659afc521a84e709cd879f8e5afe72366ffcd05c29b92ad59b3fe569e0b92c7978630ff418af3b81e35a19df805a2b89b9b87a13109c19ea941e9b9f6ee1c47708870abfda2debce7eae0f356bc896a5a207f6bc3ed4186117e1ae9b861d3a9a94520a6df99fd700c6fc3b82467a1257c2040dd34b2fb30c032224e6b864900f93168e387edaeeedaebf8b7b40d4caaa97c85229e63770ced3382013fd11010d0ee46333666aaec98aacc511c92be9e55eee400c74ab4614552624ad88f5d63b6f87e85826ee7cf6f15418f9712c6d07f36a54f097d9bc48b3035ae569af4753e7831dc520fe4726d0c96d0cb7b45e5ca5002884d38ed8e8ead8d4a7da76f9bcfd848fd27345bec7dd4356ef7b11a0cd3113bd9d9bd72597daf8e25b987b6a17329b9c581e7e647eddd060553fd6e6d90bc07ffc5ca9eb6e9ce36aa545ac0f6e242e381282522481668f05909a69db9c8f417ce2406fb727c11fa8ed3ec6f0c7fed51414f3286075c414753979f58a70d97539c1215ad15f4f2bdc9cb27e00245bb2291f767d4c581387a63022c727026043c0180a848edd1c3fffff21c3fe0b11c65caca8941959536882277e3dc9e61da52527a24e2d79a497a80b33b24f1ca184d56ad13194867d7a0a424977b5f1d004643460a03007ccf2abb042c6a8f357e8c67298f4ee68fa10d82aeed9c63884f43927692db04bfa6651a630ff1e945d5c2ceb1552d0cd69830f257e5d2b500e4447f03edc78938d82871b7075be875dee546cd23ae617356f51fe8f1fb11417e63a436d7ca0ecd22fab3719ab5b4a4fa0ac2b6a44002fdddb61f7d6fe2beac291455b144cff1da4cb487c430a42cd6dee2b0752536175bdeb3abf2a393823dddf4567d7a6ac785662eb272ea9ea223e0d63a2d027fc3bfa6da9c1537a5c207c9f2495bd45eee778875ba641ceb20f3fb23d57269a4e40e0baea56d0b4247f12ebb7cf6ee0e64b0d521c8636ca845287f752adfde004e37bee0451540bcabf455b43233e287e4ce36ebbf2cf0aa8325b72b90c40cc5bdf77f66b07bf5423a80409e1e95424e2d63c09e621354d87d29d28758c290f29746e00e72e1f6ee9fc93841a7a4ec7420c1d78c09f9355b41c5b6a2e94d84218428a4e4e40bcab84f0cdc9a230101146a11e1f36367b4b5f21e76b5e58c31aec27a47e7ce6c22d29c553f03d0515199b541750e92718c53542cb8c0e4202c89b5bc2a4e3cd4fd1e33ba846b2d2d1c94d2e73327b1d327fe80ff1113634e2e94769b97a1088c2f00001fd26ffbf3b4b82036e960a01efd1eecb0e4cff79c5943cb7f3390757f2ebaa20ac131cddf19065dad03237cca7406b5c30228494fe25d1be39d26631795f3b0a16ac6c8c27e37a75bce127c582beed29fe6137efe5ac28a2a89597db794c570055e318e92f17f36e3fcbc681ffdd19f73c0974242b5fdca0c4661bbc8233d2f0c433f9e11b2819ade8026682c9c966d13605ba9cfa66d91f8203260ed06d8c53912b2c25be01165ebda24e3b70c4fa4a99c56470ee40080aa92272d6ba4a0906d5b8df7039b82bf83378b78ce124aca8b7944fffdd65bfca51e33614282fb1738dd43c6b95f2bc5e9b24605ff3fb5a06ece40c2c4a86b93acdde534777d47c5196e7ef7d65ff45606324b402aa6b81afa463f63f96bc442cd25a033b7b6feed08de0f00bccb16c439813c6c4b1d1733bb55a6245a9180ec71a7f31631613c60af161f5ef64493b859a6c4baa9e3811250984db538169178a4f4cb4141f74e366a28b4fdeef59bb22f6f525c493912a044bd99a3b4b86b2834a4f837d58d4292a22a730b6a2e5ec7bf358c2016326fff4889d5d5e1beec898a3a88d0f4a450d86548a1a9b1cc1bee45e6a4e2c4e09cd69a51d46190755bd42c1e53d4a1f80010da651d6c500a066afa9c98755acf643ff381af66742c6e091746c77e0f14f2583d6d70339ed50e9da34a0aa8820359872132179f087f16cdaf3636688927e39a857a99f911d08406b6addefa9f895f3b29812234eaf4d5a93b9363fa02a4ee9fe8676811004fabc8121f7639e9f92c0d7f796a6355e984d7a85aadc6220847666f8f52c4571516eb1a9fc487e918956411823e1edef555a61ba7d45931457b221bdcc8aaad58e8007497a8846278e0aed68926d3ea9fd96a89ccc89627c86da315c3eb5445bf799df613befe958390660f6c9f7ac02e3187100f18ea3bfacf9662601fc9868329b3524cb8c07850726355bd748f7c51b32e6c4341676cef6af55351e599d196d38d63bf0cd20b85f4bc79a2895b9c5c4d46090b4e1a10394f8ba7201d45d3878dc9b3e7ec3510073424b92a7448f9d8d9c15fff2a1c0e6dde7e6ad83f6243b21c6c14bd1b36e834b9cdc2b09022c0ddad8b5cdedb4a9e401acd96b77825cf6cb459e0c70b310c4d6f7a192c6766e75b4b50e64680b8bbe41065eac33f24c280ae6d89ef5fad05d8a9b635b052176cc3a9c2c9ffd43c0530deafd29079147dd34b5cd866e7feffe95f76695a40c216729ab52614cb603b6065e88ce689e29e016313ebc63814b33ffc28f8bbe846e6c5aceb44e92af060d2e3407c2ecb95be53e68a2dd5cac2cebc0d202fb01557e017fccda71d8dfab8c686dd8b0aba628417e3e39dbfa08ba07f8faeb2edf59a513dbf07325bf6e2604d1896e7ecaef489fa240d7c962c654c803898147df6ff04c01117033cb7e1d960e0996d5ad4261514c61ea804e2effcaa4478cf3e39cfd79f8649886892bc2ee8459333e01de02cc747a728f4543619037f0e4e461ded523d75cc9fa8461a46ffa6ace8895f062df6f9ef9af0ee03bc156b3197fe6348a4d84e5da4c058e9d4e8722e30cea964e8f1c96070a8f973c6646c0730f5c46309537c87ef3c61eaa3ee8947ded16b4012c13aacd49c4db459676de562f749dfcb22d80c6d998c5b1cfba66cb84a803f5cfcb1c68a08711308f536f5c2ba4daa8b14f90132012efb0749df28fcf75bc3afc818706550a2f07398745d67b1dda4015e816daf6655c8540e23a5719e413a59cbdab51bf05a8c65f1b3270386676f22bb81351d9480675f1c169bf833467c832d736364bcfc2f314cc43656e1ea5077c9433362e96b4fde669f97cab4d70b66ab2dea08953a9d4223a5be36bd3bb93d7a0d51b3770f656f698e272e6c8cf175df0729b38bdd56227a245fd65cd227beced78d2f3816ddc6e458de06b859efc50dfc719a93d60ad660a7fac045631bbff7401d8db635dfc0f16941957d253e4bf297b4e03103bea91a94cfbdac5d4ffb6e6d371369a2744537539b5d1220f2555509996acc58a9a21b0b607a9062fccd469133c5b2db1c0b62ed0205be7bc55e457e44e6a509863ccfca7dd770d2681a002de566c048833cba7135497e3e8430b1dd50d8810143f0947ca665726d33e87a090750371f6059e4270005b61f9f46e0ba5e49313055cf1c25c20945ae0ae7564f246c3c454c0e8a26947ffb1b80f2b7b4f5b82a4f4011446f675bace0f202750ccf6e145285bf4e294825b25f45ff78cf787ba58e28595fe76d023109c363f27b4236b406228cf4e28bf5e27887f912970eff09ebd02258df3b6d1047d53be10c58efab6849353c9287a4376a05eedb5e049363d3882feaa030cd868b912c1d4754248f7a0a0338f0d3b3c5147f3db59ab3300e5781c006499efdb1064908b03c373e42a2204e3f984c8fced1601bf09a0620b567627580477f58e393a25c81a680da7f00000000726722863be650d125c08b9bd28a9d1b69b59e0de9e82acdaf745a831d68f5fb10293d331f921ef5596e72cfeef75d9fb9ae80676c5e52c058ce50712f39"], 0x1007)

2018/05/24 23:57:06 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000]})

2018/05/24 23:57:06 executing program 3:
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000000)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14}}], 0x10)
r1 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000040)='/dev/urandom\x00', 0x2000, 0x0)
ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000080))

2018/05/24 23:57:06 executing program 2:
r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x2, 0x0)
write$evdev(r0, &(0x7f0000000040)=[{{0x0, 0x7530}, 0x3, 0x80, 0x7}, {{}, 0x4, 0xfffffffffffffff8, 0x4}, {{0x0, 0x2710}, 0xff, 0x8, 0x81}, {{}, 0x403, 0xfffffffffffffff9, 0x3}, {{}, 0x1ff, 0x194, 0x6}, {{0x77359400}, 0x8000, 0x6, 0x8000}, {{}, 0x2, 0x100000000, 0xed4}, {{0x0, 0x7530}, 0x401, 0x40, 0x1000}, {{}, 0x40, 0x5, 0x24}], 0xfffffd42)
setsockopt$ax25_int(r0, 0x101, 0xa, &(0x7f0000000140)=0x9, 0x4)

2018/05/24 23:57:06 executing program 5:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x100000000008912, &(0x7f0000000240)="c626262ca523bf012cf66f")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, &(0x7f0000000000)="0f0fad8000a4ba4300b8ad0fef0f350f01d10f01dfc11c0aba420066b80000000066ef0fc79f0c003e0f71d6fe0f32", 0x2f}], 0x1, 0x0, &(0x7f0000000080), 0x0)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00')
sendmsg$IPVS_CMD_ZERO(r0, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000100}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x94, r3, 0x200, 0x70bd2c, 0x25dfdbfd, {0x10}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x400}, @IPVS_CMD_ATTR_DAEMON={0x40, 0x3, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x48b}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3ff}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback={0x0, 0x1}}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x17a8}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xfffffffffffffff9}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x8}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffffffffffb}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9}]}, 0x94}, 0x1, 0x0, 0x0, 0x5}, 0x20000800)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

2018/05/24 23:57:06 executing program 4:
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x200, 0x0)
setsockopt$l2tp_PPPOL2TP_SO_REORDERTO(r1, 0x111, 0x5, 0x13, 0x4)
bind$alg(r0, &(0x7f000016b000)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00003c1000)="0a0775b0d5e383e5b3b60ced5c54dbb7", 0x10)
r2 = accept$alg(r0, 0x0, 0x0)
sendmsg$nl_xfrm(r2, &(0x7f00000000c0)={&(0x7f0000000240)={0x10}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYRES32], 0x1}, 0x1}, 0x0)
recvmmsg(r2, &(0x7f0000003640)=[{{&(0x7f0000000680)=@pppol2tp={0x0, 0x0, {0x0, 0xffffffffffffffff, {0x0, 0x0, @remote}}}, 0x80, &(0x7f00000007c0), 0x0, &(0x7f0000000800)=""/4096, 0x1000}}, {{&(0x7f0000001800)=@pppoe={0x0, 0x0, {0x0, @local}}, 0x80, &(0x7f0000002d80)=[{&(0x7f0000001d80)=""/4096, 0x1000}], 0x1, &(0x7f0000002e00)=""/90, 0x5a}}], 0x2, 0x0, &(0x7f00000037c0)={0x0, 0x1c9c380})

[  688.825157] binder: 12655:12657 got transaction to invalid handle
[  688.831734] binder: 12655:12657 transaction failed 29201/-22, size 24-8 line 2856
2018/05/24 23:57:06 executing program 3:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00002c5fe8)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000e4cfe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r1 = syz_open_dev$sndtimer(&(0x7f0000f85ff1)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r1, 0x40045402, &(0x7f0000013000))
ioctl$SNDRV_TIMER_IOCTL_INFO(r1, 0xc0145401, &(0x7f0000000000))
dup3(r1, r0, 0x0)

[  688.879718] binder_alloc: binder_alloc_mmap_handler: 12655 20001000-20004000 already mapped failed -16
[  688.890680] IPVS: stopping backup sync thread 7571 ...
[  688.916219] binder: BINDER_SET_CONTEXT_MGR already set
2018/05/24 23:57:06 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="102000002e000100000000000000000015fee2e54d828cd62b40a515a874a0f995888dfb854541373f351742dac8"], 0x10}], 0x1}, 0x0)
r1 = add_key(&(0x7f0000000040)='blacklist\x00', &(0x7f0000000080)={0x73, 0x79, 0x7a, 0x0}, &(0x7f00000000c0)="65ded2e11d6577c1356dc710dca6e04f0bd226391f126ab9a8d0855db8157325c61a6e9a3c58a37c1ef2f857d087f262ed22d51a1ed2f64e08f42ae75709f15e7431a0048a280edc238003af45b12387ca933eb7c6569eb9ebccfd3516c9b4528389cb02307076a33124ce1d07234356810f034921f42637152dcb4c4d9ad54f8a77a4ed098d9d5cdb93d4164e90a3053e8a3ee0e6514fbd36aabd63e75ebdad538c9e1f43d459e9728fb735436fcdfb1d544a93210050cf585598e2b292fca327e4091039be1675ab31ae8f19acdddc7f4763089984e9a31c5cb56970ead2401e30ea0db20314e34768da93b3cd536878b1", 0xf2, 0x0)
keyctl$describe(0x6, r1, &(0x7f0000000e40)=""/4096, 0x1000)

2018/05/24 23:57:06 executing program 4:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="c626262c8523bf012cf66f")
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000040)=0x17, 0x4)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x100000201, 0x0)
write$sndseq(r1, &(0x7f0000000000)=[{0x5, 0x0, 0x0, 0xfffffffffffffffe, @time={0x0, 0x989680}, {}, {0x0, 0x10001}, @addr={0x400}}], 0x30)
write$binfmt_aout(r0, &(0x7f00000002c0)={{0x10b, 0x100000001, 0x100000001, 0x247, 0x34a, 0x0, 0x304, 0x81}, "a51191d95700dbf6553fc14005ebe6dba70b51cabd451eaf1b32c708e6384761c7be693abdf9ef81f18b1454c4494af14976fea097bc7361799ff8d39ca5b62274f19162d8db8a6842fd1c86d64089a69b76950296ae5a6a14dd0ef92889687ca9f954c21789018b5ad2a665e5cfd93eb78c029b2393a5e6038e0e7858fe05d496c648", [[], [], [], [], [], [], []]}, 0x7a3)
write$sndseq(r1, &(0x7f0000000280)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @result}], 0x30)

[  688.943489] binder: 12655:12657 ioctl 40046207 0 returned -16
[  688.976454] binder: 12655:12668 got transaction to invalid handle
[  688.982959] binder: 12655:12668 transaction failed 29201/-22, size 24-8 line 2856
2018/05/24 23:57:06 executing program 1:
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}}, 0x90)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$SG_SET_DEBUG(r0, 0x227e, &(0x7f0000000000))
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000005200)=[{0x0, 0x0, &(0x7f00000036c0), 0x0, &(0x7f0000003780)=[@iv={0x28, 0x117, 0x2, 0xf, "764f58e7bba31bd1676b6596b13d26"}], 0x28}], 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000140)=ANY=[@ANYBLOB="73656375726974790000000000000000000000e9ffffff0000000000000000000e00000004000000c0080200efebffffffff09673fa644cc9d57e89b86d523c34714ffffff28918900280300002803f936ffffffff04000000478d4534c280b684a54c92bea45cb994070a7444a23ef22e78979bc2af6edd5e14f63cb7a7b5511d6b410978e5d8fde231adafa28dc1b4f76c4325740d87f915074093c416765bcb5683010009d757070000000000000000000000000010000036d998"], 0x1)

2018/05/24 23:57:06 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000050000000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:06 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000000]})

2018/05/24 23:57:07 executing program 5:
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x88440, 0x0)

[  689.061073] binder: undelivered TRANSACTION_ERROR: 29201
[  689.066979] binder: undelivered TRANSACTION_ERROR: 29201
[  689.141451] binder: 12691:12694 got transaction to invalid handle
[  689.147921] binder: 12691:12694 transaction failed 29201/-22, size 24-8 line 2856
[  689.184771] binder_alloc: binder_alloc_mmap_handler: 12691 20001000-20004000 already mapped failed -16
[  689.202182] binder: BINDER_SET_CONTEXT_MGR already set
[  689.208398] binder: 12691:12702 got transaction to invalid handle
[  689.214840] binder: 12691:12702 transaction failed 29201/-22, size 24-8 line 2856
[  689.229262] binder: 12691:12694 ioctl 40046207 0 returned -16
[  689.300923] binder: undelivered TRANSACTION_ERROR: 29201
[  689.307147] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:08 executing program 4:
add_key(&(0x7f0000000080)='dns_resolver\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a}, &(0x7f0000000200)="157f", 0x2, 0xfffffffffffffffe)
r0 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x3, 0x402)
ioctl$KVM_GET_DEVICE_ATTR(r0, 0x4018aee2, &(0x7f00000000c0)={0x0, 0x2ea73afa, 0x1f, &(0x7f0000000040)=0x80d})

2018/05/24 23:57:08 executing program 5:
r0 = socket$inet(0x2, 0x6, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=<r1=>0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={<r2=>0x0}, &(0x7f0000000080)=0xc)
r3 = epoll_create1(0x80000)
kcmp$KCMP_EPOLL_TFD(r1, r2, 0x7, r0, &(0x7f0000000100)={r3, r0, 0x9})
shutdown(r0, 0x10000000002)

2018/05/24 23:57:08 executing program 1:
timerfd_create(0x3, 0x3)

2018/05/24 23:57:08 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000009300000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:08 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]})

2018/05/24 23:57:08 executing program 2:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-net\x00', 0x2, 0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse\x00', 0x8100, 0x0)
getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000080), &(0x7f0000000100)=0x4)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af13, &(0x7f00000000c0))
ioctl$ASHMEM_GET_PROT_MASK(r1, 0x7706, &(0x7f0000000140))

2018/05/24 23:57:08 executing program 0:
clock_gettime(0x0, &(0x7f0000000880))
r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000080)='/dev/urandom\x00', 0x0, 0x0)
readv(r0, &(0x7f00000007c0)=[{&(0x7f00000001c0)=""/227, 0xe3}, {&(0x7f00000002c0)=""/151, 0x97}, {&(0x7f0000000380)=""/124, 0x7c}, {&(0x7f00000010c0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/193, 0xc1}, {&(0x7f0000002300)=""/4096, 0x1000}, {&(0x7f0000000500)=""/61, 0x3d}, {&(0x7f0000000540)=""/98, 0x62}, {&(0x7f00000005c0)=""/211, 0xd3}, {&(0x7f00000006c0)=""/227, 0xe3}], 0x59)
ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000000)={0x798b})
clock_gettime(0x0, &(0x7f00000000c0))
setsockopt$IP_VS_SO_SET_TIMEOUT(r0, 0x0, 0x48a, &(0x7f0000000040)={0x8, 0x8, 0x8}, 0xc)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000100)={<r1=>0x0, @in6={{0xa, 0x4e24, 0xfff, @remote={0xfe, 0x80, [], 0xbb}, 0x7}}, 0x5, 0xb1c}, &(0x7f00000008c0)=0x90)
getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000900)={0xfffffffffffffffe, 0x0, 0x7fff, 0x0, r1}, &(0x7f0000000940)=0x10)

2018/05/24 23:57:08 executing program 3:
r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x80000, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffff9c, 0x84, 0x22, &(0x7f0000000040)={0x5, 0x200, 0x3f, 0x2, <r1=>0x0}, &(0x7f0000000080)=0x10)
setsockopt$inet_sctp_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f00000000c0)={r1, 0x1a, 0xb5, "ff50baaeac7cf83df38d1eb193fcdb40bbc382cdc977eafa3a76e8a2ee72bca60d94fe72cfc38ce4740b327a71501ea3b069bd195511e640c8272a0d6b9052fdde4f6ab12c007d837cab7cd79c585a71342374846f127af1ad53039d7a19faeb75449bad6ff20ca511b2dd382f1670c1d7a13498d0455210806101c6e35c22c16295cfe5883ec8f81c2c05cd1069da6ddeb5dbad5b9bb2cb97d262fdae6aea26f11af34c4af2a42287b2abb9ecf9a27b746c09e3f7"}, 0xbd)
setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000180)={0xfffffffffffffffa, 0x2, 0x4, 0xfffffffffffffff9}, 0x8)
getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000001c0), &(0x7f0000000200)=0x4)
ioctl$sock_inet_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000000240))
setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000280)={0x7, [0xfffffffffffff000, 0x10000, 0x1f, 0xc0a, 0x20, 0x6, 0x18]}, 0x12)
ioctl$SIOCGIFMTU(r0, 0x8921, &(0x7f00000002c0))
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000300)={r1, 0x200}, &(0x7f0000000340)=0x8)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000380)={r1, 0x0, 0xa, [0x585900000000, 0x0, 0x9, 0x5, 0xffffffffab186a8a, 0x1, 0x2, 0x2, 0xa7b8, 0x4]}, 0x1c)
ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, &(0x7f00000003c0)={0x2, 0x0, [0x0, 0x0]})
r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000400)='/dev/rfkill\x00', 0x80100, 0x0)
link(&(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='./file0\x00')
ioctl$VHOST_SET_VRING_BASE(r2, 0x4008af12, &(0x7f00000004c0)={0x1, 0xfffffffffffffffd})
ioctl$PERF_EVENT_IOC_RESET(r2, 0x2403, 0x5)
mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2, 0x10110, r0, 0x0)
truncate(&(0x7f0000000500)='./file0\x00', 0x6)
setsockopt$inet6_udp_int(r0, 0x11, 0x1, &(0x7f0000000540)=0x200, 0x4)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
syz_open_dev$sg(&(0x7f0000000580)='/dev/sg#\x00', 0xfa5, 0xc00)
openat$kvm(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/kvm\x00', 0xa01, 0x0)
io_setup(0xb2a8, &(0x7f0000000600)=<r4=>0x0)
io_cancel(r4, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x2, r2, &(0x7f0000000640)="bcfad672dac4947ce919749566d91f28c5547a57268379fd9bc2ae4f0b69748e15fca8d230df5ed79641962b30742301f26904b6776c0e0d7c4bbb7531ad5199748ef613d34438cb68a6f6c625955ad158f482b62b06c9ec4e03e7917e1f52796a535241041d8d469bcdd5061f1f94a64f8becc87647196e097facaafed33a98a6189dd82cca83a7b85f187a22c282f697d26b7afeb5c6b19725144ad626fd54b71260d4ce27ed9d14093b7c6851d1f7a09d63425264fd74bc0c608b8b3c4f5fb24098db6cfa91a4aa3b8b954f3459fd851045eba41824a92fa0c4c44990b71f6b7d06d0c11857a5ba7de77ecb", 0xed, 0x2, 0x0, 0x1, r0}, &(0x7f0000000780))
setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000007c0)={0xfff, 0x101, 0x8000, 0x74}, 0x8)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000840)={r2, 0x28, &(0x7f0000000800)}, 0x10)
r5 = accept(r3, &(0x7f0000000880)=@ipx, &(0x7f0000000900)=0x80)
setsockopt$RDS_GET_MR_FOR_DEST(r5, 0x114, 0x7, &(0x7f0000000a40)={@un=@abs={0x0, 0x0, 0x4e22}, {&(0x7f0000000940)=""/184, 0xb8}, &(0x7f0000000a00), 0x2}, 0xa0)
ioctl$sock_SIOCBRDELBR(r3, 0x89a1, &(0x7f0000000b00)='veth0_to_bridge\x00')
ioctl$KVM_SET_MSRS(r0, 0x4008ae89, &(0x7f0000000b40)={0x1, 0x0, [{0x9c5, 0x0, 0x6a3a}]})
getsockname$llc(r5, &(0x7f0000000b80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000000bc0)=0x10)

[  690.857741] QAT: Invalid ioctl
[  690.875097] QAT: Invalid ioctl
[  690.883472] binder: 12727:12732 got transaction with invalid offsets ptr
[  690.891342] QAT: Invalid ioctl
2018/05/24 23:57:08 executing program 0:
r0 = userfaultfd(0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x101100, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffff9c, 0x84, 0xa, &(0x7f0000000080)={0x7, 0x1, 0x1, 0xffffffffffffc068, 0xfffffffffffffff8, 0xa902, 0x80000000, 0xfffffffffffeffff, <r2=>0x0}, &(0x7f00000000c0)=0x20)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000200)={r2, 0x2}, 0x8)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = socket(0x4, 0x1, 0x0)
ioctl(r4, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
set_tid_address(&(0x7f0000000000))
syz_kvm_setup_cpu$x86(r0, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text32={0x20, &(0x7f0000000100)="9af5cf446d44000fc5dab032889a77f04966baf80cb8f842488fef66bafc0cb079ee0f20c035200000000f22c0b9aa0a0000b848000000ba000000000f3066ba2100ecb805000000b9000000000f01c1b918020000b806a7c364bac7a653380f3066b808018ec0", 0x67}], 0x1, 0x0, &(0x7f0000000200), 0x0)
setsockopt$IP_VS_SO_SET_FLUSH(r5, 0x0, 0x485, 0x0, 0x0)

2018/05/24 23:57:08 executing program 5:
r0 = socket(0xe, 0x2, 0xfffffffffffeffff)
r1 = syz_open_procfs(0x0, &(0x7f0000000080)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f02acc7edbcd7a071fb35331ce39c5a")
fcntl$setstatus(r1, 0x4, 0x4000)
sendfile(r0, r1, &(0x7f00000000c0)=0x100400, 0x80000002)

2018/05/24 23:57:08 executing program 4:
accept(0xffffffffffffffff, &(0x7f00000003c0)=@pppol2tpin6={0x0, 0x0, {0x0, <r0=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @loopback}}}, &(0x7f0000000440)=0x80)
connect$bt_l2cap(r0, &(0x7f0000000480)={0x1f, 0x80000000, {0x5, 0x5, 0x81, 0xc4e1, 0x7b7, 0x80000001}, 0x101, 0x3}, 0xe)
bind$unix(0xffffffffffffffff, &(0x7f0000000000)=@abs={0x1, 0x0, 0x4e22}, 0x57)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer2\x00', 0x2, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rtc0\x00', 0x2080, 0x0)
getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f0000000280)=""/222, &(0x7f0000000380)=0xde)
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vsock\x00', 0x20080, 0x0)
connect$unix(r2, &(0x7f0000665ff4)=@abs={0x1, 0x0, 0x4e24}, 0xffffffffffffff5b)
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$sock_inet_SIOCSARP(r3, 0x8955, &(0x7f00000000c0)={{0x2, 0x4e24}, {0x306, @random="ab13c3500b6b"}, 0x40, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1a}}, 'team0\x00'})
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x1, "e91f7189591e9233614b00"}, 0x6e)

2018/05/24 23:57:08 executing program 1:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x210000, 0x0)
ioctl$KDADDIO(r1, 0x4b34, 0x7)
ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000040))

2018/05/24 23:57:08 executing program 2:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
unshare(0x2000400)
r1 = syz_open_dev$urandom(&(0x7f0000000000)='/dev/urandom\x00', 0x0, 0x0)
ioctl$RNDADDENTROPY(r1, 0x40085203, &(0x7f0000000080)={0x0, 0x30, "c598c2cc96490382223003dd585ce29acdea89383749224dc0b350542119010000000243441f00ffffffeb000006c313"})
getsockname$inet(r0, &(0x7f0000000040)={0x0, 0x0, @remote}, &(0x7f00000000c0)=0x10)

[  690.927553] binder: 12727:12732 transaction failed 29201/-14, size 24-8 line 2999
[  690.956132] binder_alloc: binder_alloc_mmap_handler: 12727 20001000-20004000 already mapped failed -16
[  690.964769] QAT: Invalid ioctl
[  691.003353] QAT: Invalid ioctl
2018/05/24 23:57:08 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff8000]})

[  691.024724] QAT: Invalid ioctl
[  691.033370] binder: BINDER_SET_CONTEXT_MGR already set
[  691.043356] QAT: Invalid ioctl
2018/05/24 23:57:09 executing program 2:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10)
sendto$inet(r0, &(0x7f0000000280), 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23}, 0x10)
sendmsg$nl_crypto(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=@delrng={0x10, 0x14}, 0x10}, 0x1}, 0x1)
shutdown(r0, 0x1)
r1 = syz_open_dev$sndmidi(&(0x7f0000000000)='/dev/snd/midiC#D#\x00', 0x6, 0x2)
ioctl$GIO_FONT(r1, 0x4b60, &(0x7f0000000140)=""/7)
recvmsg(r0, &(0x7f00000002c0)={&(0x7f00000001c0)=@pppol2tp={0x0, 0x0, {0x0, 0xffffffffffffffff, {0x0, 0x0, @multicast2}}}, 0x80, &(0x7f0000000280), 0x0, &(0x7f0000002500)=""/153, 0x99}, 0x101)

[  691.078759] binder: 12727:12732 ioctl 40046207 0 returned -16
[  691.084962] QAT: Invalid ioctl
[  691.117711] binder_alloc: 12727: binder_alloc_buf, no vma
2018/05/24 23:57:09 executing program 4:
r0 = syz_open_dev$loop(&(0x7f0000000280)='/dev/loop#\x00', 0x0, 0x105082)
r1 = memfd_create(&(0x7f0000000140)="000000008c00000000000000000000", 0x0)
ioctl$sock_inet_sctp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000080))
memfd_create(&(0x7f000003affa)='posix_acl_access{Y\x00', 0x0)
pwritev(r1, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendto$llc(r1, &(0x7f0000000180)="004a1b2047c0553632b99171b0dc6391386c54273f026ea8f3138a405d101f3128ea7921ab5479db4534675757032b0fe8155f58fa3baaac3986ddbb215f72209ae3c536b406c89bfdad46045e0781", 0x4f, 0x4080, 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000200)={0x64, 0x3, 0x1, "c9437f460074459db8fa0532cb6f91e656d98eed57beb56f456e3a2c6a895c0ee6a7dd0cc97222b2eac98f57c83ff972d5fa1e0f9f738b7d1d7003cfc08da17e8320bc009dbe730a3096b13e8b41fa817b6e15ab82dfa8276d53ca45bfa7f33527d4eaac"})
socket(0xa, 0x1, 0x0)
sendfile(r0, r0, &(0x7f0000000040), 0x1b7889b6)

[  691.123412] binder: 12727:12744 transaction failed 29189/-3, size 24-8 line 2971
2018/05/24 23:57:09 executing program 5:
r0 = socket(0xa, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000080)={0x11, @dev={0xac, 0x14, 0x14}, 0x0, 0x0, 'lblc\x00', 0x800000000000000}, 0x2c)
setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0)

2018/05/24 23:57:09 executing program 3:
recvmmsg(0xffffffffffffffff, &(0x7f0000000280)=[{{&(0x7f00000000c0)=@pppol2tpv3in6={0x0, 0x0, {0x0, <r0=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @loopback}}}, 0x80, &(0x7f0000000140), 0x0, &(0x7f0000000180)=""/181, 0xb5, 0xf3}, 0x100000000}], 0x1, 0x2000, &(0x7f00000002c0)={0x0, 0x989680})
getpeername$llc(r0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f0000000340)=0x10)
r1 = socket(0xa, 0x1, 0x0)
setsockopt$sock_timeval(r1, 0x1, 0x15, &(0x7f0000000000)={0x0, 0x2710}, 0x10)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
getsockopt$sock_timeval(r1, 0x1, 0x15, &(0x7f0000000040), &(0x7f0000000080)=0x10)

2018/05/24 23:57:09 executing program 2:
socket(0x4000000000000a, 0x0, 0x0)
r0 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/enforce\x00', 0x400000, 0x0)
sendfile(r0, r0, &(0x7f0000000000), 0x40c007)

2018/05/24 23:57:09 executing program 0:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000eccfa8)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes-aesni)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f000048f000)="ad56b6c5824c8eb995298992ea54c7beef9f5d56530f90c2", 0x18)
r1 = accept$alg(r0, 0x0, 0x0)
io_setup(0x7, &(0x7f0000000200)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f0000bd9fe0)=[&(0x7f0000c2bfc0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f000007d000)="b3", 0x1}])
ioctl$sock_SIOCBRADDBR(r1, 0x89a0, &(0x7f0000000000)='gretap0\x00')

2018/05/24 23:57:09 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="006340400000000000007a0000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:09 executing program 5:
r0 = socket(0x400000000a, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f00000002c0)="c626262c8523bf012cf66f")
fsetxattr(0xffffffffffffffff, &(0x7f0000000000)=@known='trusted.syz\x00', &(0x7f0000000280)="39f820938117d3dc73797a00", 0xc, 0x0)
recvfrom$inet(r0, &(0x7f0000000040)=""/95, 0x5f, 0x10101, &(0x7f00000000c0)={0x2, 0x4e21, @multicast2=0xe0000002}, 0x10)
r1 = syz_open_dev$evdev(&(0x7f00000009c0)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCSKEYCODE(r1, 0x40104593, &(0x7f0000000000)=[0x15, 0x8])

[  691.291155] binder: undelivered TRANSACTION_ERROR: 29189
[  691.299102] binder: undelivered TRANSACTION_ERROR: 29201
[  691.391204] binder: 12805:12806 got transaction with invalid offsets ptr
[  691.417744] binder: 12805:12806 transaction failed 29201/-14, size 24-8 line 2999
[  691.434007] binder_alloc: binder_alloc_mmap_handler: 12805 20001000-20004000 already mapped failed -16
[  691.464369] binder: BINDER_SET_CONTEXT_MGR already set
[  691.477345] binder_alloc: 12805: binder_alloc_buf, no vma
[  691.483231] binder: 12805:12817 transaction failed 29189/-3, size 24-8 line 2971
[  691.501350] binder: 12805:12806 ioctl 40046207 0 returned -16
2018/05/24 23:57:09 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = fcntl$dupfd(r0, 0x406, r0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r1, 0xc02c5341, &(0x7f0000000140))
r2 = socket(0xa, 0x1, 0x0)
ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000001e0008034d564b00000000013529fb87c8c0b6ac6b960b5a15999cca5509853c2aa292aa271e3c3aa28257dcea38c00f"])
ioctl$KVM_SET_GUEST_DEBUG(r4, 0x4048ae9b, &(0x7f00000001c0)={0x10001})

2018/05/24 23:57:09 executing program 3:
r0 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
listen(r0, 0x6)
setsockopt(r1, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1)
connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs\x00', 0x2, 0x0)
r2 = accept(r0, 0x0, &(0x7f0000000040))
sendmsg$FOU_CMD_DEL(r2, &(0x7f0000000240)={&(0x7f0000000140)={0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB], 0x1}, 0x1}, 0x0)
connect$unix(r2, &(0x7f0000000080)=@abs={0x0, 0x0, 0x4e24}, 0x6e)

2018/05/24 23:57:09 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00000000000000]})

2018/05/24 23:57:09 executing program 5:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80}, 0x7}, 0x1c)
bind$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c)
socket$inet6(0xa, 0x3, 0x757)

2018/05/24 23:57:09 executing program 2:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x31, 0xffffffffffffffff, 0x0)
r1 = socket$inet(0x2, 0x3, 0x20000000084)
getsockopt$EBT_SO_GET_ENTRIES(r1, 0x0, 0x81, &(0x7f0000001200)={'nat\x00', 0x0, 0x0, 0x90, [], 0x0, &(0x7f00000001c0), &(0x7f0000000200)=""/4096}, &(0x7f0000001280)=0x108)

2018/05/24 23:57:09 executing program 0:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x7}, 0x2c)
syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x8, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x201a7f1b, 0x85ffffff, 0x201a7fd7, 0xa, 0xab01, 0xffffffc0}], {0x95}}, &(0x7f0000000000)="47504cc000", 0x8, 0x1ac, &(0x7f00001a7f05)=""/251}, 0x48)

2018/05/24 23:57:09 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000000083010000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:09 executing program 4:
r0 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x6, 0x4000)
ioctl$SNDRV_TIMER_IOCTL_GINFO(r0, 0xc0f85403, &(0x7f00000001c0)={{0xffffffffffffffff, 0x0, 0xff, 0x3, 0x9}, 0x2, 0xeb6, 'id1\x00', 'timer1\x00', 0x0, 0x6, 0x2, 0x100000, 0x1})
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x915, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10200003}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

[  691.530320] binder: undelivered TRANSACTION_ERROR: 29189
[  691.536290] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:09 executing program 2:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r1 = shmget$private(0x0, 0x1000, 0x1, &(0x7f0000ffe000/0x1000)=nil)
lstat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
fstat(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0})
r4 = getuid()
getgroups(0x5, &(0x7f0000000140)=[0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, <r5=>0xffffffffffffffff])
r6 = getpid()
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000001c0)=<r7=>0x0)
shmctl$IPC_SET(r1, 0x1, &(0x7f0000000280)={{0x10001, r2, r3, r4, r5, 0x40, 0x4}, 0x7, 0x2a88, 0x1, 0x5, r6, r7, 0x8})
clock_getres(0x5, &(0x7f0000000180))

2018/05/24 23:57:09 executing program 5:
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="2400000005061f001cfffd946fa2830020200a000900010001e700000000a3a20404ff7e", 0x24}], 0x1}, 0x0)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x3c3141, 0x0)
ioctl$BLKROTATIONAL(r1, 0x127e, &(0x7f0000000080))

[  691.607288] binder: 12840:12841 got transaction with invalid offsets ptr
2018/05/24 23:57:09 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
open_by_handle_at(r0, &(0x7f0000000000)={0x2e, 0xb2, "1bb46a56ea10049171cddb6b6b9d373388d26c78cf83af9b077d4bcad8bd17f3a18894e85fa6"}, 0x0)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp\x00', 0x400, 0x0)
setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000580)={0x4, {{0xa, 0x4e24, 0x6, @loopback={0x0, 0x1}, 0x9}}, 0x0, 0xa, [{{0xa, 0x4e21, 0x2c, @local={0xfe, 0x80, [], 0xaa}, 0x7b097426}}, {{0xa, 0x4e24, 0x18, @loopback={0x0, 0x1}}}, {{0xa, 0x4e23, 0x10001, @ipv4={[], [0xff, 0xff]}, 0x20}}, {{0xa, 0x4e24, 0x6, @ipv4={[], [0xff, 0xff], @multicast1=0xe0000001}, 0x9}}, {{0xa, 0x4e23, 0x4, @ipv4={[], [0xff, 0xff], @multicast1=0xe0000001}, 0xfffffffffffffffb}}, {{0xa, 0x4e20, 0x2, @remote={0xfe, 0x80, [], 0xbb}, 0x81}}, {{0xa, 0x4e24, 0x800, @local={0xfe, 0x80, [], 0xaa}, 0x2}}, {{0xa, 0x4e24, 0x0, @loopback={0x0, 0x1}, 0xc000000000000}}, {{0xa, 0x4e22, 0x0, @ipv4={[], [0xff, 0xff], @multicast2=0xe0000002}, 0x3}}, {{0xa, 0x4e24, 0x6, @loopback={0x0, 0x1}, 0x8}}]}, 0x590)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x0, 0x5d, &(0x7f0000000580), 0x0)
ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000000040)=ANY=[@ANYBLOB="0900000078b0ff62"])
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  691.660611] binder: 12840:12841 transaction failed 29201/-14, size 24-8 line 2999
[  691.704982] netlink: 'syz-executor5': attribute type 1 has an invalid length.
[  691.712389] netlink: 4 bytes leftover after parsing attributes in process `syz-executor5'.
[  691.733989] binder_alloc: binder_alloc_mmap_handler: 12840 20001000-20004000 already mapped failed -16
[  691.761518] binder: BINDER_SET_CONTEXT_MGR already set
[  691.779008] binder: 12840:12841 ioctl 40046207 0 returned -16
[  691.801776] binder_alloc: 12840: binder_alloc_buf, no vma
[  691.807509] binder: 12840:12862 transaction failed 29189/-3, size 24-8 line 2971
[  691.816675] netlink: 'syz-executor5': attribute type 1 has an invalid length.
[  691.824087] netlink: 4 bytes leftover after parsing attributes in process `syz-executor5'.
[  691.856782] binder: undelivered TRANSACTION_ERROR: 29189
[  691.868583] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:10 executing program 0:
r0 = memfd_create(&(0x7f000003e000)='\'', 0x0)
r1 = syz_open_dev$sndseq(&(0x7f0000000140)='/dev/snd/seq\x00', 0x0, 0x0)
openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x81, 0x0)
r2 = dup2(r1, r0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000001000)={0x0, 0x0, 0x0, "9ede7a8c5ae95ec8672c93340f643a664f13eeab65c0322901dc6bd36cde2c51f01b7f0b014f9f91eeb7c37c7240f476c8d753d000aa8faf8fb574dbcfa6dc4d"})
socket$inet(0x2, 0x840000000003, 0x2)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write$rdma_cm(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x0)
r3 = syz_open_dev$sndseq(&(0x7f000011c000)='/dev/snd/seq\x00', 0x0, 0x8000000000102)
write$sndseq(r3, &(0x7f00000001c0)=[{0x1e, 0x0, 0x0, 0x3fd, @time, {}, {}, @connect}], 0x30)
ioctl$KVM_SET_DEBUGREGS(0xffffffffffffffff, 0x4080aea2, &(0x7f0000000000)={[0x0, 0x1000, 0x100002], 0xfffffffffffffff9})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000080)={0x0, 0xa7e, 0x26})

2018/05/24 23:57:10 executing program 2:
r0 = syz_open_dev$binder(&(0x7f0000001000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r0, 0x0)
r1 = dup3(r0, r0, 0x80000)
bind$pptp(r1, &(0x7f00000000c0)={0x18, 0x2, {0x3, @multicast1=0xe0000001}}, 0x1e)
madvise(&(0x7f0000001000/0x1000)=nil, 0x1000, 0xc)
madvise(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9)
clone(0x0, &(0x7f00006cc000), &(0x7f0000a25ffc), &(0x7f0000dbb000), &(0x7f000076f000))
r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x80000, 0x0)
setsockopt$inet6_MRT6_DEL_MFC_PROXY(r2, 0x29, 0xd3, &(0x7f0000000040)={{0xa, 0x4e24, 0x3f, @mcast1={0xff, 0x1, [], 0x1}, 0x1}, {0xa, 0x4e20, 0xffffffff, @loopback={0x0, 0x1}, 0x3}, 0x6, [0x1, 0x9, 0x8, 0x3ff, 0x7, 0x2, 0xa0000000000, 0x8]}, 0x5c)

2018/05/24 23:57:10 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000]})

2018/05/24 23:57:10 executing program 1:
mkdir(&(0x7f0000001000)='./file0\x00', 0x0)
socketpair$inet6_tcp(0xa, 0x1, 0x0, &(0x7f0000000500)={<r0=>0xffffffffffffffff})
getsockopt$inet6_mreq(r0, 0x29, 0x1f, &(0x7f0000000540)={@ipv4={[], [], @multicast1}}, &(0x7f0000000580)=0x14)
mount(&(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='hfsplus\x00', 0x0, &(0x7f0000000100))

2018/05/24 23:57:10 executing program 5:
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10)
connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20}, 0x10)
ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000180)={{0x2, 0x4e21, @multicast2=0xe0000002}, {0x7, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}}, 0x2, {0x2, 0x4e22, @rand_addr=0x1000}, 'bridge_slave_1\x00'})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000eb0fb8)={0x1, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000f100000100008000000000dbcfc17a4102e76d4f48b2a24d56230000"], &(0x7f0000000000)='syzkaller\x00', 0x4, 0xb7, &(0x7f00006ab000)=""/183}, 0x23c)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp\x00', 0x953ef6179be55244, 0x0)
ioctl$TUNGETSNDBUF(r2, 0x800454d3, &(0x7f0000000140))
ioctl$TIOCEXCL(r2, 0x540c)
r3 = socket$kcm(0x29, 0x1000000000000005, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000100)={r0, r1})
sendto$inet(r0, &(0x7f0000000040)="14", 0x1, 0x0, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e1, &(0x7f0000000080)={r0})

2018/05/24 23:57:10 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000004f40000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:10 executing program 3:
syz_emit_ethernet(0xfed1, &(0x7f000000a000)={@broadcast=[0xff, 0xe0, 0xff, 0xff, 0xff, 0xff], @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@ipv4={0x800, {{0x5, 0x4, 0xfeaf, 0x0, 0xfec3, 0x0, 0x0, 0x0, 0x29, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}, @multicast1=0xe0000001}, @udp={0xc3fe, 0x0, 0x8}}}}}, 0x0)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$KVM_SET_GUEST_DEBUG(r0, 0x4048ae9b, &(0x7f0000000040)={0x20000, 0x0, [0xe45, 0x81, 0x80000000, 0x6, 0x80000000, 0x4, 0x6, 0x2]})

2018/05/24 23:57:10 executing program 4:
r0 = socket$inet6(0xa, 0x3, 0x3a)
setsockopt(r0, 0x3a, 0x1, &(0x7f0000000080)="16", 0x1)
r1 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x401, 0x80)
ioctl$EVIOCSABS2F(r1, 0x401845ef, &(0x7f00000000c0)={0x1ff, 0x1, 0xd5ce, 0x100, 0x9, 0x9})
ioctl$TIOCLINUX4(r1, 0x541c, &(0x7f0000000040)=0x4)
syz_emit_ethernet(0x66, &(0x7f0000101000)=ANY=[@ANYBLOB="cd390b081bf2ffffffffff6ec6ffffffffffff303a0000000000000000000000ffff00000000ff0200000000000000000000000000010200907800000000609433df0000000000000000000000000000000000000001fe800000000000000b00000000000000"], 0x0)

[  692.540694] binder: 12871:12881 got transaction with invalid offsets ptr
2018/05/24 23:57:10 executing program 4:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000500)='/dev/vhost-net\x00', 0x2, 0x0)
ioctl$int_in(r0, 0xaf01, &(0x7f0000000180))
r1 = eventfd(0x0)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000040)=r1)
r2 = dup3(r1, r0, 0x80000)
ioctl$RNDADDTOENTCNT(r2, 0x40045201, &(0x7f0000000080)=0x3)
ioctl$VHOST_SET_LOG_FD(r0, 0xaf02, &(0x7f0000000000))
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000000c0)=<r3=>0x0)
ioctl$sock_FIOSETOWN(r2, 0x8901, &(0x7f0000000100)=r3)

2018/05/24 23:57:10 executing program 3:
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f0000000080)={0x8, 0x1, 0xd00, 0x3, 0x7f}, 0xc)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x200000000400})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {0x0, 0xfffffffffffffffd}, {}, @time=@time={0x77359400}}], 0x30)
uselib(&(0x7f0000000100)='./control/file0\x00')
chmod(&(0x7f0000000040)='./control/file0\x00', 0x0)
unlink(&(0x7f00000000c0)='./control/file0\x00')
close(r0)

2018/05/24 23:57:10 executing program 5:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x4000, 0x0)
fstat(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r1=>0x0})
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000580)={{{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in=@dev}, 0x0, @in=@dev}}, &(0x7f0000000680)=0xe8)
getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000006c0)={{{@in=@rand_addr, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in=@dev}, 0x0, @in=@multicast2}}, &(0x7f00000007c0)=0xe8)
setresuid(r1, r2, r3)
ioctl$TIOCGLCKTRMIOS(r0, 0x5456, &(0x7f0000000800)={0x1, 0x7, 0x6, 0x5, 0x1, 0x3, 0x2, 0x10000, 0x401, 0xffffffff, 0x8, 0x9})
r4 = socket(0xa, 0x2, 0x0)
getsockopt$bt_BT_POWER(r0, 0x112, 0x9, &(0x7f0000000000)=0x84f, &(0x7f00000002c0)=0x1)
ioctl(r4, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r5 = syz_open_dev$sndseq(&(0x7f0000ff0ff3)='/dev/snd/seq\x00', 0x0, 0x0)
read(r5, &(0x7f0000000040)=""/28, 0x1c)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r4, 0x84, 0x1f, &(0x7f0000000340)={<r6=>0x0, @in={{0x2, 0x4e22, @local={0xac, 0x14, 0x14, 0xaa}}}, 0x9, 0x3c}, &(0x7f0000000280)=0x90)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000400)={r6, @in={{0x2, 0x4e20, @multicast1=0xe0000001}}, 0x9, 0x3c80, 0x80000000, 0x6, 0x12}, 0x98)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r5, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4", 0xa9824f69d1376637, 0x10800a})
fcntl$F_GET_RW_HINT(r4, 0x40b, &(0x7f0000000540))
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r5, 0xc0a85352, &(0x7f0000000100)={{}, 'port0\x00', 0x48, 0x20818, 0x0, 0xc6, 0x700000000, 0x1, 0x6, 0x0, 0x4, 0x9})
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r5, 0x4040534e, &(0x7f000019ffe9)={0xc1})
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r5, 0xc0a85352, &(0x7f00000001c0)={{}, 'port1\x00'})
close(r5)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000300)='/dev/sequencer2\x00', 0x0, 0x0)

[  692.591855] binder: 12871:12881 transaction failed 29201/-14, size 24-8 line 2999
2018/05/24 23:57:10 executing program 0:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000590fa8)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00001ec000)="0a0775b0d5e383e5b3b60ced5c54dbb7", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
io_setup(0x1, &(0x7f0000479000)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f0000738000)=[&(0x7f0000f73fc0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f000079a000)="16", 0x1}])
r3 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x400, 0x400)
ioctl$ASHMEM_SET_PROT_MASK(r3, 0x40087705, &(0x7f0000000040)={0xfffffffffffffffc, 0x8})

[  692.648524] binder_alloc: binder_alloc_mmap_handler: 12871 20001000-20004000 already mapped failed -16
2018/05/24 23:57:10 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]})

[  692.713175] binder: BINDER_SET_CONTEXT_MGR already set
2018/05/24 23:57:10 executing program 1:
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x80000, 0x0)
ioctl$BLKIOMIN(r0, 0x1278, &(0x7f00000000c0))
setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f0000000080)={0x2, 0x400, @multicast2=0xe0000002}, 0x10)
r1 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x4, 0x8400)
close(r1)

2018/05/24 23:57:10 executing program 3:
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000000)='/dev/snd/midiC#D#\x00', 0x200, 0x4000)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
mq_timedreceive(0xffffffffffffffff, &(0x7f0000000080)=""/1, 0x1, 0x0, &(0x7f0000000100))

[  692.750554] binder_alloc: 12871: binder_alloc_buf, no vma
[  692.756404] binder: 12871:12896 transaction failed 29189/-3, size 24-8 line 2971
[  692.760166] binder: 12871:12881 ioctl 40046207 0 returned -16
2018/05/24 23:57:10 executing program 2:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x80000001, 0x8001)
setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f0000000140)=0x1, 0x96fb)
sendmsg$nl_route(r0, &(0x7f0000004fc8)={&(0x7f0000016000)={0x10}, 0xc, &(0x7f000000b000)={&(0x7f0000028fdc)=ANY=[@ANYBLOB="240000001800210000000000000000001c140000000008000400000000000000", @ANYRES32=0x0], 0x24}, 0x1}, 0x0)
r2 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0xffffffffffffffff, 0x400)
ioctl$TUNSETVNETHDRSZ(r2, 0x400454d8, &(0x7f0000000040)=0xa6000000000)

2018/05/24 23:57:10 executing program 4:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
flock(r0, 0x6)
bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast=0xffffffff}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f00006dc000)=[{0x6, 0x0, 0x0, 0xa1}]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000300)='dctcp\x00', 0x6)
sendto$inet(r0, &(0x7f0000000140), 0x0, 0x200007ff, &(0x7f0000deaff0)={0x2, 0x4e23}, 0x10)
sendto$inet(r0, &(0x7f00006fd000)="c3401c344654f3c7d9b41ba48c8e399aa4eedc3d6bd8ebd65c856a27d61154adc2b2a9763ae0201c0d32e11f38e9dd18c58f6bd779650fc30f93653bdaecf323c9f6502ceab47e58114347b289546465a5eb278de12b1989f64cc99412e36880d20c34d91051b22f6c8acc9d082b7bcdec844f667da0867d08d4154004997e317b79", 0x82, 0x51, &(0x7f0000e66000)={0x2, 0x0, @rand_addr}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='illinois\x00', 0x9)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)="17", 0x1}], 0x1)

2018/05/24 23:57:10 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000000000020000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:10 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000280)=ANY=[@ANYBLOB="010000000000000001005900800400000000000000dd"])
ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f0000000140)={0x2, 0x0, [0xc0010141]})

2018/05/24 23:57:10 executing program 0:
r0 = socket$inet(0x10, 0x3, 0xc)
setsockopt$sock_void(r0, 0x1, 0x24, 0x0, 0x0)
r1 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x40, 0x20000)
ioctl$EVIOCGUNIQ(r1, 0x80404508, &(0x7f0000000180)=""/100)
sendmsg(r0, &(0x7f0000000080)={0x0, 0xfffc, &(0x7f0000000140)=[{&(0x7f00000000c0)="240000000207720a1cfffd946ff1f18e52c99a40a2830020200a000900010001e700000000a3a20404ff7e", 0xfffffffffffffd1a}], 0x1, 0x0, 0x1eb}, 0x80004)

[  692.895997] binder: undelivered TRANSACTION_ERROR: 29189
[  692.902463] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:10 executing program 4:
socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000280)={{{@in=@broadcast, @in=@loopback}}, {{@in=@remote}, 0x0, @in=@dev}}, &(0x7f0000000380)=0xe8)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket(0xa, 0x1, 0x0)
ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cb66f")
getsockopt$inet_tcp_int(r2, 0x6, 0x1f, &(0x7f0000000180), &(0x7f00000001c0)=0x4)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000040)={<r3=>0x0}, &(0x7f0000000080)=0xc)
rt_sigqueueinfo(r3, 0x29, &(0x7f00000000c0)={0xd, 0x81, 0x1f, 0xffffffffffff0001})
setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000140)={@loopback=0x7f000001, @rand_addr=0x5}, 0x8)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x2, &(0x7f0000000000)=[{0x4, 0x0, 0xffffffffffffffff}, {0x6, 0x0, 0x9}]}, 0x10)

2018/05/24 23:57:10 executing program 1:
getpgrp(0xffffffffffffffff)
getpid()
r0 = syz_open_dev$sndmidi(&(0x7f0000000000)='/dev/snd/midiC#D#\x00', 0x2, 0x505100)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffff9c, 0x84, 0x1d, &(0x7f00000001c0)=ANY=[@ANYBLOB="0010003d924226ebaec73e364bd02397a030eddb3673641ab8cdf7702042a3d54dfb257bf345c2d455d8a125948b211ec6ea3e856a066c33352038f9b35b0ea38bbf9e18abee531959e551832a238fcbfd495e7054d1847d76a2505e26184eda83ac39e18b", @ANYRES32=0x0, @ANYRES32=<r1=>0x0], &(0x7f00000000c0)=0xc)
setsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000100)={r1, 0x8}, 0x8)
getpgid(0xffffffffffffffff)
r2 = gettid()
r3 = syz_open_procfs(r2, &(0x7f0000000040)='net/dev_mcast\x00')
exit(0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fsetxattr(r3, &(0x7f00000002c0)=@known='user.syz\x00', &(0x7f0000000300)='comm\x00', 0x5, 0x0)

[  692.949717] netlink: 8 bytes leftover after parsing attributes in process `syz-executor2'.
2018/05/24 23:57:10 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000]})

[  692.990544] binder: 12935:12938 got transaction with invalid offsets ptr
[  693.030255] binder: 12935:12938 transaction failed 29201/-14, size 24-8 line 2999
2018/05/24 23:57:11 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhost-vsock\x00', 0x2, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
fstat(r3, &(0x7f0000000240))
r4 = fcntl$dupfd(r2, 0x0, r1)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'veth0_to_bridge\x00', <r5=>0x0})
getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r4, 0x84, 0x21, &(0x7f00000002c0), &(0x7f0000000300)=0x4)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f00000003c0)={0x1, 0x0, [{0x63b, 0x0, 0x5}]})
bind$can_raw(r4, &(0x7f0000000180)={0x1d, r5}, 0x10)
r6 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x2, 0x410000)
ioctl$KVM_GET_PIT(r4, 0xc048ae65, &(0x7f0000000340))
ioctl$PPPIOCSFLAGS(r6, 0x40047459, &(0x7f00000000c0)=0x20030)
ioctl$KVM_TPR_ACCESS_REPORTING(r3, 0xc028ae92, &(0x7f0000000040)={0x1f})
ioctl$KVM_ENABLE_CAP_CPU(r3, 0xc008ae88, &(0x7f00000001c0)={0x2, 0x0, [0x40000072]})
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r4, 0x84, 0x1e, &(0x7f0000000400), &(0x7f0000000440)=0x4)

2018/05/24 23:57:11 executing program 4:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
setsockopt$IP_VS_SO_SET_EDIT(r0, 0x0, 0x483, &(0x7f0000000000)={0x87, @multicast2=0xe0000002, 0x4e23, 0x3, 'fo\x00', 0x9, 0x4, 0xb}, 0x2c)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
getsockopt$bt_BT_POWER(r0, 0x112, 0x9, &(0x7f0000000040)=0xff, &(0x7f0000000080)=0x1)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000003fe8)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x89b0, &(0x7f0000001000)={'team0\x00'})
fcntl$setlease(r2, 0x400, 0x1)
close(r2)
close(r1)

[  693.051122] netlink: 8 bytes leftover after parsing attributes in process `syz-executor2'.
[  693.075349] binder_alloc: binder_alloc_mmap_handler: 12935 20001000-20004000 already mapped failed -16
2018/05/24 23:57:11 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
fcntl$getflags(r0, 0x40f)

[  693.154795] binder_alloc: 12935: binder_alloc_buf, no vma
[  693.154849] binder: BINDER_SET_CONTEXT_MGR already set
[  693.160529] binder: 12935:12955 transaction failed 29189/-3, size 24-8 line 2971
[  693.166353] IPVS: set_ctl: invalid protocol: 135 224.0.0.2:20003 fo
[  693.192140] binder: 12935:12938 ioctl 40046207 0 returned -16
[  693.300277] binder: undelivered TRANSACTION_ERROR: 29189
[  693.306187] binder: undelivered TRANSACTION_ERROR: 29201
[  693.976153] IPVS: set_ctl: invalid protocol: 135 224.0.0.2:20003 fo
2018/05/24 23:57:12 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
close(r0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000040)={0x81, 0x0, [0x3]})
r2 = syz_open_dev$amidi(&(0x7f00000000c0)='/dev/amidi#\x00', 0x200000000000, 0x119200)
ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f0000000100)={0x2, r2})
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000a40)='/dev/rtc0\x00', 0x1, 0x0)
ioctl$PPPOEIOCDFWD(r3, 0xb101, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000002c0)=@ioapic={0x2, 0x0, 0x0, 0x0, 0x0, [{0x5}, {0x0, 0x0, 0x0, [], 0x80ffff}]})

2018/05/24 23:57:12 executing program 5:
clone(0x200, &(0x7f0000b6b000), &(0x7f0000744000), &(0x7f0000fef000), &(0x7f0000000000))
mknod(&(0x7f00000001c0)='./file0\x00', 0x1040, 0x0)
execve(&(0x7f0000ee6ff8)='./file0\x00', &(0x7f00000000c0), &(0x7f0000775000))
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='io\x00')
pread64(r0, &(0x7f00009f3000), 0x352, 0x0)
lseek(r0, 0x0, 0x4)
open$dir(&(0x7f0000296ff8)='./file0\x00', 0x27e, 0x0)
listxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000200)=""/4096, 0x1000)

2018/05/24 23:57:12 executing program 4:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000003fe8)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000040)={'veth1_to_bond\x00', &(0x7f0000000080)=ANY=[@ANYBLOB="0700000000000000000000000000000000f055b40000000097fc6a07f6d89b98796e3a339644cbaaa195a641bec39373135dcc09"]})
close(r2)
close(r1)

2018/05/24 23:57:12 executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x400000, 0x0)
write$binfmt_elf64(r0, &(0x7f0000000080)={{0x7f, 0x45, 0x4c, 0x46, 0xfffffffffffffffe, 0x4, 0x80000001, 0xfffffffffffffbff, 0x7, 0x3, 0x6, 0x9, 0x2e4, 0x40, 0xf6, 0xe1, 0x7, 0x38, 0x2, 0x1000, 0x1ff, 0x7}, [{0x6, 0x2e1, 0xb32, 0x401, 0x1f, 0x9, 0x80, 0x1}, {0x6, 0x8, 0x5, 0xfff, 0xfffffffffffffffb, 0x5, 0xfffffffffffffffa, 0x400}], "3ec611d2342494f082d9f68e225c012feeb5e81ab7aad9e5ed2d9e2881a6ff3ab41b1fac165821be98b03e0bc811430bc840675b65b85718a67af93f8c9b93baa98552722cd7d044e4596e84238ac5be0af83dc995b58595e1473353816dc033be584773916f8c325a0c743fbc0a8fd37af53a4b5000437bc9e6042a5563c9", [[], [], []]}, 0x42f)
r1 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x5, 0x0)
fcntl$setstatus(r1, 0x4, 0x2800)

2018/05/24 23:57:12 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000]})

2018/05/24 23:57:12 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000001200000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:12 executing program 3:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x200402, 0x0)
accept4$vsock_stream(r1, &(0x7f0000000100)={0x28, 0x0, 0xffffffff, @any=0xffffffff}, 0x10, 0x800)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10)
sendto$inet(r0, &(0x7f0000000280), 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000040)=0x3, 0x4)
setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000000)=0x9ceb, 0xfe12)

2018/05/24 23:57:12 executing program 2:
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
r1 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000040)='/dev/urandom\x00', 0x0, 0x0)
setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r1, 0x114, 0xa, &(0x7f0000000080), 0x1)
sendto$inet6(r0, &(0x7f0000000000)='%', 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x4e24, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x1}, 0x1c)
sendto$inet6(r0, &(0x7f0000b31000)="f9", 0x1, 0x0, &(0x7f00009e1000)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c)
r2 = socket(0xa, 0x1, 0x0)
ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
listen(r0, 0x87)
accept(r0, &(0x7f00005a4000)=@rc, &(0x7f0000918000)=0x9)

2018/05/24 23:57:12 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x800000001}, &(0x7f0000000080)=0x10)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  694.172651] binder: 12993:12999 got transaction with invalid offsets ptr
[  694.196097] binder: 12993:12999 transaction failed 29201/-14, size 24-8 line 2999
2018/05/24 23:57:12 executing program 3:
r0 = socket(0x2, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
rt_sigprocmask(0x1, &(0x7f0000039ff8)={0xfffffffffffffffa}, 0x0, 0x8)
r1 = gettid()
timer_create(0xb, &(0x7f0000044000)={0x0, 0x8, 0x4, @tid=r1}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000004a000)={{0x0, 0x1}, {0x0, 0xe4c}}, &(0x7f0000040000))

[  694.217556] binder_alloc: binder_alloc_mmap_handler: 12993 20001000-20004000 already mapped failed -16
[  694.249681] binder: BINDER_SET_CONTEXT_MGR already set
[  694.262673] binder: 12993:12999 ioctl 40046207 0 returned -16
[  694.287576] binder_alloc: 12993: binder_alloc_buf, no vma
2018/05/24 23:57:12 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe800]})

2018/05/24 23:57:12 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = open(&(0x7f00000002c0)='./file0\x00', 0x1, 0x19)
sendmsg$netrom(r2, &(0x7f00000005c0)={&(0x7f0000000300)=@ax25={0x3, {"91903d1d36cb0e"}, 0x6}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)="d135c2e5b1a58dfa9d95", 0xa}, {&(0x7f0000000380)="5aa0a9ac048a982160e1c288fd8c4b559a7a0e304d210c15a0e296633153689ff64789e6542d24073289306bba17f0cbdf2caa6d83d2cd05f34a54d8069fd6670738a64ca43ed7b22554a4f8a423f14ccda3305fc98acb5b1ddafca1569f70641d1afaea6733cac10a2967d6244f07321220cad30be1601178dd98829e88c75cb36741847d27a746c64f614ad4db1e7e71e833602f13f9ccceb87906ea4796c2a438267def445ee9a78e351753d26ccae12c58882cecfadadebea7352ba9742bbaa53df453bf92cfee1c1d3c13cd437c9b6ea436b3a5fe5b7d14900d22fd08bd578821de4829acf74010b855b27a696f78d1cfd378", 0xf5}], 0x2, &(0x7f00000004c0)=[{0x38, 0xff, 0x0, "b7482efa4972e86d61c1a0dd35dd0f4ec321f572c344ab91b9d9bace9c5047633605c457c9"}, {0xa0, 0x11f, 0xfffffffffffffffa, "4498f7dad06105c09546d5b144edcbea9798e3baab77120663ab9b3d49b9de3447429e401b632ddf5e1dd84675ad276f59d82dc2af8ae82c377b99ea8a17b11d4255d068b4e86c73aa22aaf8b959f97d32b395a92000d81c47b6e4d019d17a57159128a08bbe555e9270da357900ce35e2628c8d2a4f4282438039e044402aa8e7289950b58032b5268740ff"}], 0xd8, 0x24040080}, 0x1)
r3 = accept$netrom(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)=0x10)
setsockopt$netrom_NETROM_N2(r3, 0x103, 0x3, &(0x7f0000000200)=0x6, 0x4)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r4, 0x117, 0x5, 0x0, 0x81)
getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x180000000}, &(0x7f0000000280)=0x14)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000040)=ANY=[@ANYBLOB="b5000000ee0cd74c4f3d0aedef73a3991a56623dd3943db5a7e72c946911404ddc2bb351d3295791157b015680cbeb8b1c4dd4f5c460e14a60d944c84694c4de1f3c392c6b4d1b050338f11cc40000000081ff34c7634d9bb9358ed3d67b8024882a1567a764b6bc87ced81043d123be95788afb5c127d6d54a7c9d50e278e9d90b2b5871c94d565f74d708e8bc24661f78342e0215993e5396a4d10d05064283685240c4dd0dd5f294020e9dda771d2954f"], &(0x7f0000000140)=0x1)
ioctl$KVM_GET_VCPU_EVENTS(r4, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r4, 0xae80, 0x0)

[  694.293331] binder: 12993:13005 transaction failed 29189/-3, size 24-8 line 2971
[  694.382327] binder: undelivered TRANSACTION_ERROR: 29189
[  694.388838] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:12 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]})

2018/05/24 23:57:12 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000000000000000099c00000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:12 executing program 3:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia-asm)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="71e67a11cdf8311cfc093a52a7d86bd1", 0x10)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
socket$alg(0x26, 0x5, 0x0)
sendmsg$alg(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000002480)="9cf1e077b41e31a35d5dd73b3548bbe26c6ee6cfc8f5ffdd30987447d0f97d1d", 0x20}], 0x1, &(0x7f0000000200)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
r2 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x8, 0x0)
getsockopt$inet6_mreq(r2, 0x29, 0x1f, &(0x7f0000000380)={@ipv4={[], [], @dev}, <r3=>0x0}, &(0x7f0000000480)=0x14)
r4 = semget(0x3, 0x4, 0x400)
semop(r4, &(0x7f0000000540)=[{0x3, 0x7f, 0x800}], 0x1)
connect$can_bcm(r2, &(0x7f00000004c0)={0x1d, r3}, 0x10)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)="6d656d6f9e1f1c63757272656e7400", 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_MAXSEG(r5, 0x84, 0xd, &(0x7f0000000300), &(0x7f0000000340)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500))
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r5, 0x84, 0x77, &(0x7f0000000580)=ANY=[@ANYRES32=<r6=>0x0, @ANYBLOB="00ba6e802caa9678eb3b48b18a0c0ff30c6cc2"], &(0x7f0000000400)=0xc)
getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r5, 0x84, 0x75, &(0x7f0000000440)={<r7=>r6}, &(0x7f0000000180)=0xffffffffffffff6c)
getsockopt$inet_sctp6_SCTP_CONTEXT(r5, 0x84, 0x11, &(0x7f0000000240)={r7, 0xb2f}, &(0x7f00000002c0)=0x8)
recvmmsg(r1, &(0x7f000000bb40)=[{{&(0x7f0000007a00)=@hci, 0x80, &(0x7f0000007bc0)=[{&(0x7f0000007ac0)=""/222, 0xde}], 0x1, &(0x7f0000007c00)=""/214, 0xd6}}], 0x1, 0x0, &(0x7f0000000040))

2018/05/24 23:57:12 executing program 2:
r0 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0xfffffffffffffffe, 0x0)
lseek(r0, 0x0, 0x3)

2018/05/24 23:57:12 executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x8d4}, 0x2c)
keyctl$set_reqkey_keyring(0xe, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x6c}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0xfffffffffffffffc, 0x418, &(0x7f00001a7f05)=""/251}, 0x48)
r0 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x7000000000, 0x101082)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000001c0)=@mangle={'mangle\x00', 0x1f, 0x6, 0x700, 0x528, 0x118, 0x528, 0x0, 0x528, 0x668, 0x668, 0x668, 0x668, 0x668, 0x6, &(0x7f0000000140), {[{{@uncond, 0x0, 0xf0, 0x118, 0x0, {}, [@inet=@rpfilter={0x28, 'rpfilter\x00', 0x0, {0x2}}, @common=@addrtype={0x30, 'addrtype\x00', 0x0, {0x2, 0x840}}]}, @inet=@TOS={0x28, 'TOS\x00', 0x0, {0x7, 0x80000000}}}, {{@ip={@dev={0xac, 0x14, 0x14, 0x1f}, @empty, 0xffffff00, 0xff, 'bond_slave_1\x00', 'veth1_to_bridge\x00', {}, {0xff}, 0xc, 0x2, 0x10}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={0x28, 'rpfilter\x00', 0x0, {0x2}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00', 0x0, {0x1}}}, {{@ip={@local={0xac, 0x14, 0x14, 0xaa}, @dev={0xac, 0x14, 0x14, 0x1a}, 0xffffffff, 0xff0000ff, 'ipddp0\x00', 'veth1_to_team\x00', {0xff}, {}, 0x7f, 0x2, 0x14}, 0x0, 0x1f0, 0x218, 0x0, {}, [@common=@inet=@hashlimit3={0x158, 'hashlimit\x00', 0x3, {'bond_slave_1\x00', {0x2, 0xc2db, 0x8, 0x4, 0x3f, 0x5, 0x1, 0xc, 0x78, 0x80}, 0x910}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00', 0x0, {0x1}}}, {{@ip={@loopback=0x7f000001, @remote={0xac, 0x14, 0x14, 0xbb}, 0xffffffff, 0xffffffff, 'ip6gre0\x00', 'dummy0\x00', {0xff}, {0xff}, 0x89, 0x3, 0x1}, 0x0, 0xe8, 0x110, 0x0, {}, [@common=@unspec=@state={0x28, 'state\x00', 0x0, {0x4}}, @inet=@rpfilter={0x28, 'rpfilter\x00', 0x0, {0x4}}]}, @ECN={0x28, 'ECN\x00', 0x0, {0x10, 0x40, 0x1}}}, {{@uncond, 0x0, 0x118, 0x140, 0x0, {}, [@common=@ah={0x30, 'ah\x00', 0x0, {0x6, 0xfff, 0x1}}, @common=@osf={0x50, 'osf\x00', 0x0, {'syz1\x00', 0x1f, 0x4}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x6000000000000000, 0x7, 0xfc8}, {0x80000000, 0xf1, 0x8}}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x760)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000040)={r0})
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x2, 0x14, 0x0, 0x0, 0x2}, 0x10}, 0x1}, 0x0)

2018/05/24 23:57:12 executing program 1:
r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/cuse\x00', 0x82, 0x0)
bind$ipx(r0, &(0x7f0000000040)={0x4, 0x2000008, 0x401, "0a74a2f2ca0d", 0xb4}, 0x10)
read(r0, &(0x7f0000000300)=""/182, 0xb6)
r1 = geteuid()
setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000480)={{{@in6, @in6=@loopback={0x0, 0x1}, 0x4e24, 0x6, 0x4e24, 0x0, 0xa, 0x20, 0x80, 0x800000000000, 0x0, r1}, {0x0, 0x1000, 0x0, 0x5, 0xd541, 0x7ff, 0x7ff, 0x5}, {0x4}, 0x7fff, 0x6e6bb8, 0x2, 0x1, 0x2, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0xe}, 0x4d4, 0x3c}, 0x2, @in6=@mcast1={0xff, 0x1, [], 0x1}, 0x34ff, 0x3, 0x0, 0x81, 0xd40e, 0x20, 0x1}}, 0xe8)
io_setup(0x9, &(0x7f0000000240)=<r2=>0x0)
ppoll(&(0x7f0000000080)=[{r0, 0x2}, {r0, 0x22}, {r0, 0x8044}, {r0, 0x1}, {r0}], 0x5, &(0x7f00000000c0)={0x77359400}, &(0x7f0000000100)={0xf470}, 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f00000003c0)='@')
io_submit(r2, 0x1, &(0x7f0000000440)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000140)="10000000f0ffffffff00000000855da0", 0x10}])

2018/05/24 23:57:12 executing program 5:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc\x00', 0x0, 0x0)
ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x4008700c, &(0x7f0000000040))
openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x680101, 0x0)

2018/05/24 23:57:12 executing program 4:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000080)={0x0, 0x10000000000000, 0x0, 'queue0\x00'})
fcntl$dupfd(r1, 0x406, r0)
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r1, 0x408c5333, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x1, 'queue1\x00'})
r2 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x100000001, 0x40000)
ioctl$EVIOCGBITSND(r2, 0x80404532, &(0x7f00000001c0)=""/72)

2018/05/24 23:57:13 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000040)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="b7859cb8eec705f2288a933d66593ae164c990a0028e6640c522b60bdfedb810", 0x20)
r1 = accept$alg(r0, 0x0, 0x0)
r2 = socket(0xa, 0x1, 0x0)
ioctl(r2, 0x8912, &(0x7f0000000000)="c626262c8523bf012cf66f")
recvmmsg(r1, &(0x7f0000003f80)=[{{0x0, 0x0, &(0x7f0000003d80)=[{&(0x7f0000003d00)=""/121, 0x79}], 0x1, &(0x7f0000003dc0)=""/16, 0x10}}, {{&(0x7f0000003e00)=@pptp={0x0, 0x0, {0x0, @loopback}}, 0x80, &(0x7f0000003f40)=[{&(0x7f0000003e80)=""/190, 0xbe}], 0x1}}], 0x2, 0x0, &(0x7f00000040c0)={0x0, 0x989680})

[  695.093683] binder: 13046:13053 got transaction with invalid offsets ptr
2018/05/24 23:57:13 executing program 4:
r0 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x80000001, 0xc000)
ioctl$EVIOCGLED(r0, 0x80404519, &(0x7f0000000080)=""/226)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000001440)={&(0x7f0000000000)={0x10, 0x4170000}, 0x349, &(0x7f0000001400)={&(0x7f0000000180)=ANY=[@ANYBLOB="b8000000956f3c290000000000000000e00000010000000000000000000041385de077b379120000ff02000000000800000000000000000100000000000000000a00f0ff0000000001d625cd5667b79b9cbf9e37f1a10d7bd03f13fd75f28031b6966e874d763f9d023ef149eb08cafaab36167e61e82eced12fbb22d4c427a245711ee0c9c60692266d422d4e72a44b9ea91ebedb57079a38165cc0a29fa9a0adfa5c0c987e000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], 0xb8}, 0x1}, 0x0)

2018/05/24 23:57:13 executing program 5:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f000000cfe4)={0xa}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0x3e, &(0x7f00000001c0)=0x2, 0xd7)
setsockopt$inet6_int(r0, 0x29, 0x3c, &(0x7f0000000000)=0x9, 0x4)
sendmmsg(r0, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000000380), 0x0, &(0x7f00000003c0)}}, {{&(0x7f0000000140)=@in6={0xa, 0x4e22, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000500)}], 0x1, &(0x7f0000000000)}, 0x80}], 0x2, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x800, 0x0)

[  695.146791] binder: 13046:13053 transaction failed 29201/-14, size 24-8 line 2999
[  695.188990] binder_alloc: binder_alloc_mmap_handler: 13046 20001000-20004000 already mapped failed -16
[  695.213364] binder: BINDER_SET_CONTEXT_MGR already set
2018/05/24 23:57:13 executing program 1:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
socket$vsock_dgram(0x28, 0x2, 0x0)
io_setup(0x8, &(0x7f0000000100)=<r2=>0x0)
close(r0)
io_submit(r2, 0x1, &(0x7f0000000600)=[&(0x7f0000000540)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r0}])

2018/05/24 23:57:13 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0xc0010000}]})
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)

[  695.236486] binder_alloc: 13046: binder_alloc_buf, no vma
[  695.242253] binder: 13046:13071 transaction failed 29189/-3, size 24-8 line 2971
[  695.318570] binder: 13046:13053 ioctl 40046207 0 returned -16
2018/05/24 23:57:13 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
socketpair$inet(0x2, 0x800, 0xfffffffffffff000, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f00000000c0)={0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000100)=0x18)
ioctl$TIOCSWINSZ(r0, 0x5423, &(0x7f0000000080)={0x1b})
ppoll(&(0x7f0000000140)=[{r0}], 0x1, &(0x7f0000000180)={0x0, 0x989680}, &(0x7f00000001c0), 0x8)

2018/05/24 23:57:13 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]})

2018/05/24 23:57:13 executing program 5:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
accept$inet6(r0, 0x0, &(0x7f00000005c0)=0xfffffec2)
getsockopt$inet6_mreq(0xffffffffffffff9c, 0x29, 0x0, &(0x7f0000000480)={@ipv4={[], [], @loopback}}, &(0x7f00000004c0)=0x14)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500)='/dev/vcs\x00', 0x0, 0x0)
ioctl$SG_GET_NUM_WAITING(r1, 0x227d, &(0x7f0000000540))
syz_open_dev$admmidi(&(0x7f00000003c0)='/dev/admmidi#\x00', 0xffffffff00000001, 0x1)
r2 = socket(0x40000000015, 0x5, 0x0)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
bind$inet(r2, &(0x7f00008a5ff0)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10)
ioctl$int_in(r2, 0x5421, &(0x7f0000000900)=0x6)
sendto$inet(r2, &(0x7f0000000000)="ba671368d1010000004900000001000000018be49e9301442865319997d0efdb2f54b6a10c7327757482bfce945c2a91fb8dfafc1d3f56bc543ab87321e12cca08a744a2d128b00634bc882151d36809229a96bc3437ef159489384ade077ba295eac2882dbfd3781dd4d4e609c42628dbb709b3eb1fa030009045dd98b9e6d77b6cec9ceb685595d43995e0f04c32260943add79831e661c6a351dedc8b9d220fbf9fb6e44fb6a629ce9a82025124fec9f3ee751f7da0cd7e799be88ddbdac20b48e890ff81d7fa28c2d017d7932f2569038740461accd4582f576e4fdb6150a3399f8266bc19eb943648ad1ad81420ed6c382436e474390c8995e829e4f9df43eed85a60b9ee254e31eb62900857fa134e76cc64880334adbff069a2e5e647d2ed36a96b23834b6f6ca6b8113baf4cf30347fbb7ffc30aea99872cc0dba03b07d3347b2d257edbe2733c26b7337a79962d8ce85469e3bcbe0e4a48a6ae69d13f2d4b5155b390ef67aa714b82b6313ee277cb8986eca5db2e97cb1ae2243bba80274f614ece521baef443394b4c161cb9ae926e21892578b49cfd6efe1cb1572148c10d92218ed73ec116a18de80ac42d2726a4523a764fc6dc356c5fbbf9d2c947ae3bc9a3dc76099f3257c8d5952876151b0326d8cb1d5683ee4ad5ded9a34c00ac1b03f34627ec18a7c2e92c87b7896549cfab5eb55fa85a970994bd4b22b5f0d045e241256d06f485a47b4a55ed389bc1734541232cd41908b5cfa4b8fcfcafce500a0c7ae99767713a98e7927aa69f6ccd7daea62f19ceb82559f41899c9a9aee99113e7e64b5f8b9824be9fdbfa4dd4995673d882bb4daeb64413b334e114965d2ba3cea8051e692508701b9400cb12eae457f8b8549944091b729160939918d8fcae611a5ded665f770db637487a236da1a58ba7566668651a77171fc4fe506496d19059343dbe4f426625d3f2b705f54581372361770bf5a9098a9fafefaf546426b294239ac33e3186e4d58ad2fa995a6ad4dc074e7cca11aead109563b2076c7c6e9f57ec63df960804e2e7f9d8444de9550cca3df7834d864e9777291c2e1f6205de2e43dc995ab8bb1515a365efc2830fa3e7a1dd137f550d6035212bc1f51c3b4ceea430df49ffc9210084ef156ad7e0d219efd6c116693735b44521d389969a3a65617cd2fd6e14060601cee4cd054cf36fe048b57d1d9ee3cad2a73552449926b4a6b03fbe9c0ec68357e1fbe52ed77b67f5870c0aefb7ee8236747e0d67a26725fb515544cbbe8464da94cfd8c0b94bb4e51a263b1749bd0a7cf651931f806d1b928d1f9994f1ad4d50e6a5cd7a8e4e687f8564fdacc864013d095ba9d5709eced3c28eabda476d177a7836400a01e02beeb5a6636d4064fdda344967ad8682d14b87c71727cb66be27d1d39191f4223c545b62fb4860262ba8076a65dbc194cee1df846c584b7bbe9dce6e6895b2cbbb64b03b55548b845cc3de2f939ef918421af9a5e9157e837651245299c03992d0ddee06bd22a31522aca0f309b1feccebc0b1c0ed9d21c19bfd15cd313ff64394fd6a10904890c9f6d646b026f27253e8f584c3ffd20ad67e8b62ed7676706d40bc5c80e376980b81", 0x481, 0x0, &(0x7f000069affb)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f00000004c0)=0x1, 0x4)
recvmmsg(r2, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f0000000880), 0x0, &(0x7f0000002a40)=""/250, 0xfa}}], 0x1, 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f0000000800)=ANY=[], 0x0)
socket(0x0, 0x0, 0x0)
semop(0x0, &(0x7f0000000000), 0x0)

2018/05/24 23:57:13 executing program 2:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rfkill\x00', 0x12080, 0x0)
ioctl$TIOCNXCL(r1, 0x540d)
setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f0000000000)=0x1, 0x4)
syz_emit_ethernet(0x36, &(0x7f0000000280)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, [], {@ipv4={0x800, {{0x6, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x21, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}, @remote={0xac, 0x14, 0x14, 0xbb}}, @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, &(0x7f0000000100))
r2 = dup(r0)
ioctl$RNDZAPENTCNT(r2, 0x5204, &(0x7f0000000040)=0xb3)

2018/05/24 23:57:13 executing program 4:
r0 = socket(0xa, 0x1, 0x0)
getsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000040), 0x2)
ioctl(r0, 0x8912, &(0x7f0000000240)="af26262c8523bf012cf66f")
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='oom_adj\x00')
getpeername$netlink(r1, &(0x7f0000000080), &(0x7f0000000100)=0xc)
socketpair$inet_sctp(0x2, 0x5, 0x84, &(0x7f0000000000))
setsockopt$IP_VS_SO_SET_ZERO(r0, 0x0, 0x48f, &(0x7f0000000140)={0x7f, @empty, 0x4e20, 0x2, 'lblc\x00', 0x8, 0x5, 0x62}, 0x2c)

2018/05/24 23:57:13 executing program 3:
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000)=0x1, 0x0)
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x1)
ioctl$EVIOCGKEY(r0, 0x80404518, &(0x7f0000000140)=""/201)
r1 = syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x34, 0x1)
getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000240)={{{@in=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in=@remote}, 0x0, @in6=@dev}}, &(0x7f00000000c0)=0xe8)
ioprio_get$uid(0x3, r2)
ioctl$int_out(r1, 0xc0305710, &(0x7f0000000100))

2018/05/24 23:57:13 executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
connect$netlink(r0, &(0x7f0000667ff4)=@proc={0x10, 0x0, 0x25dfdbfe}, 0x22)
sendmsg$nl_netfilter(r0, &(0x7f0000d65000)={&(0x7f0000de2ff4)={0x10}, 0xc, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000501ffff000000000000000000000000ba8b7610eca93a407535f81772c1c683ed64112f65226f0e46e357b2f1a5c41386b898841e05f3678198ddec4abe51f05f05a673959638234771833897bce875fd97ca9e1f0d2b5e47567e25e292d7f81282e83f79b7871069c0b6579b1ce37db1e55913d22225ca7dbc7fbab138e195d2554e65f4a8c54df7d0ecba22eb0adb7390ee4776b231bc622cf3877c0e81ed1a5acf9c70d3c1670a987d29c024b1b010eef2fb8c9e7a863457df8d71e16f42f736bc80f4955189b1b4c0f8273b75f893dba1f7686077f2c2c0fe1de1585b00a08691dd388ed5d8dcc7046cc31ed9c4a534f7b931fe645384e8908a22c96defdd"], 0x14}, 0x1}, 0x0)

2018/05/24 23:57:13 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="006340400000007fffffff0000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

[  695.386538] binder: undelivered TRANSACTION_ERROR: 29189
[  695.392756] binder: undelivered TRANSACTION_ERROR: 29201
[  695.456519] IPVS: set_ctl: invalid protocol: 127 0.0.0.0:20000 lblc
[  695.458045] dccp_invalid_packet: P.Data Offset(68) too large
[  695.471689] binder: 13098:13104 got transaction to invalid handle
[  695.478092] binder: 13098:13104 transaction failed 29201/-22, size 24-8 line 2856
2018/05/24 23:57:13 executing program 0:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r1 = syz_open_dev$sg(&(0x7f0000000080)='/dev/sg#\x00', 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000000)={0xd00})
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f00000000c0)={{{@in6=@mcast1, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in=@broadcast}, 0x0, @in=@multicast2}}, &(0x7f0000000040)=0xe8)
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f00000001c0)={@mcast2={0xff, 0x2, [], 0x1}, 0x67, r2})

2018/05/24 23:57:13 executing program 1:
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
mprotect(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0xa)
chdir(&(0x7f00000003c0)='./bus/file0\x00')
setsockopt$inet6_tcp_int(r0, 0x6, 0x19, &(0x7f000074fffc)=0x3, 0xa9)
r1 = dup(r0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x20000400000002, &(0x7f00007b1000)=0x7fff, 0x4)
ioctl$int_in(r0, 0x5452, &(0x7f0000000440)=0xfc)
bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e20, 0x200000000000, @loopback={0x0, 0x1}, 0x4}, 0x1c)
ioctl$sock_SIOCGSKNS(r1, 0x894c, &(0x7f0000000480)=0xffffffffffffffff)
sendto$inet6(r0, &(0x7f0000000000), 0x0, 0x2000000c, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c)
setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000400)=0x3, 0x4)
rt_sigaction(0x20, &(0x7f0000000040)={0xfffffffffffff001, {0x4}, 0xc0000000}, &(0x7f00000001c0), 0x8, &(0x7f0000000200))
ioctl$DRM_IOCTL_AGP_ENABLE(0xffffffffffffffff, 0x40086432, &(0x7f0000000140))
getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000500)=ANY=[], &(0x7f0000000080))
renameat(0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0xffffffffffffffff, &(0x7f0000000280)='./bus\x00')
setsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f00000000c0), 0x14)
ftruncate(0xffffffffffffffff, 0x0)
ioctl$EVIOCSFF(r1, 0x40304580, &(0x7f0000000000)={0x51, 0xce7, 0x2, {0x0, 0x7f}, {0x1f, 0x1}, @cond=[{0x5, 0x6, 0x7, 0xfffffffffffeffff, 0x80000001, 0x3f}, {0x5, 0x100, 0x3f, 0x4ed3, 0x0, 0x81}]})
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000100), 0x4)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
fcntl$setsig(r2, 0xa, 0x27)
renameat(r2, &(0x7f00000002c0)='./bus\x00', r2, &(0x7f00000004c0)='./bus/file0\x00')
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r2, 0x84, 0x13, &(0x7f0000000300)={<r3=>0x0, 0x3}, &(0x7f0000000340)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000380)={r3, 0x3, 0x20}, 0xc)
ftruncate(r2, 0x7fff)
sendfile(r1, r2, &(0x7f0000d83ff8), 0x800100000001)

[  695.517786] IPVS: set_ctl: invalid protocol: 127 0.0.0.0:20000 lblc
[  695.524688] dccp_invalid_packet: P.Data Offset(68) too large
[  695.534666] binder_alloc: binder_alloc_mmap_handler: 13098 20001000-20004000 already mapped failed -16
[  695.552468] binder: BINDER_SET_CONTEXT_MGR already set
2018/05/24 23:57:13 executing program 5:
migrate_pages(0x0, 0x7, &(0x7f0000000200)=0x2, &(0x7f0000000240)=0x1)
ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000000000)=<r0=>0x0)
ioprio_get$pid(0x1, r0)

2018/05/24 23:57:13 executing program 4:
r0 = perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0xaca, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = fcntl$dupfd(r0, 0x406, r0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000040)=@ioapic={0x17001, 0x4, 0x4000000000000, 0x1, 0x0, [{0x4, 0x81, 0x8, [], 0xffffffff}, {0x20, 0x0, 0xfb1d, [], 0x13}, {0x7, 0x8, 0x3, [], 0x14}, {0x5, 0x8, 0x55, [], 0x7fffffff}, {0x0, 0x2, 0x1, [], 0x8}, {0x8080000000, 0x800, 0x10000, [], 0x9}, {0xc000000, 0x8, 0x8, [], 0x7}, {0x5, 0x401, 0x6, [], 0x22c9}, {0x8, 0xe0, 0x1f, [], 0x5}, {0x3, 0x7ff, 0x3, [], 0xe353}, {0x80000000, 0x4ceb2723, 0x4, [], 0x9}, {0x3f, 0x3f, 0x81, [], 0x80000000}, {0x962, 0x0, 0x3, [], 0x1}, {0x10a, 0x5, 0x7, [], 0x100000000}, {0x4, 0x4, 0x5842, [], 0x1}, {0x6a, 0x2, 0x7ff, [], 0x6}, {0x10000, 0x2, 0x240, [], 0x6}, {0xcf05, 0x6d4, 0x3, [], 0x9}, {0x9, 0x9, 0x7, [], 0x1}, {0x2, 0x7, 0x8, [], 0x7}, {0x8, 0x1, 0x4}, {0x3, 0x3, 0x31c6, [], 0x5d}, {0x0, 0x40, 0x5, [], 0xb5}, {0x0, 0x3f}]})
r2 = socket$inet6(0xa, 0x2, 0x0)
ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
sync()

2018/05/24 23:57:13 executing program 2:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-net\x00', 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0)
ioctl$VHOST_SET_LOG_FD(r0, 0x4008af03, &(0x7f0000000100)=r1)
inotify_init()

[  695.577448] binder: 13098:13104 ioctl 40046207 0 returned -16
[  695.599817] binder: 13098:13116 got transaction to invalid handle
[  695.606234] binder: 13098:13116 transaction failed 29201/-22, size 24-8 line 2856
2018/05/24 23:57:13 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]})

2018/05/24 23:57:13 executing program 5:
r0 = socket(0xa, 0x1, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="98001ae68cdde6754b4260c8eea01d1407422e3eaa3ca2b02a19de5db9715b703186b211af5159172deb865266b7b0f4144c34f1d9a20ddb09a3d45c5fab32ff1ec948b8b9f35aa44a49fd75467d3e117e298b70aff84b12f81779cbd0d4bd28a503773090393104602d9e52be83010e1b5db21d2dcb7e82a45abb9e8eb0bae6227e8351401768658f4bbada6268549f87f7f22c7a8a43ec41e854f16ed741b014ba3edcd0393a49d20fb8391423c65eaa4b57c37b92da13c3080c27d071def896662564e0e8fed349def558540608ee324d7150f42386235af2819643e44b0cde21fe2bc8bd73affd07d385e351", 0xee)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cast5)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000028c0)="b7f2288a93", 0x5)
r2 = accept$alg(r1, 0x0, 0x0)
write$binfmt_script(r2, &(0x7f00000012c0)=ANY=[@ANYRES32, @ANYRES16, @ANYBLOB="a19b9fd99b5da226725835e3ba22ef5050226e05d3308f2614a85caa0b1bc32c9e026cd2d582ab79a009198d4afb6d6a1a7e895ba65f9bc7ce6bff2c0ce20387724cecb011c9e66648dfb7e659bf9da56e191e56c92793d4406895ad4e24b40d8c90fc4ffd663e2a966d991a9814f4d03bd76a83432449933739ae6e77f21f9c280116783c0bdc010adddd6cc8f2f7b677394688130c558b5c9dd26cd79c2c4b49eb07b3db5a110b99bc277b6edbee14cf7cc7c6ed43fca0da838716259e60d31563e55cc48e82c2664f"], 0xd0)
recvmsg(r2, &(0x7f0000001480)={0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f00000002c0)=""/4096, 0x87c}], 0x34, &(0x7f0000001400)=""/123, 0x2000147b}, 0x0)

2018/05/24 23:57:13 executing program 0:
mknod(&(0x7f0000000100)='./file0\x00', 0x1040, 0x0)
r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x27e, 0x0)
r1 = fcntl$getown(r0, 0x9)
r2 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0xdbe, 0x20000)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x1ff, 0x3, 0x8001, 0xfffffffffffffff9, 0x0, 0xa27, 0x1000, 0x2, 0x101, 0x607b, 0x8, 0x7fff, 0xba5, 0x7, 0x5, 0x2873, 0x8, 0x3ff, 0x0, 0x10000, 0xd5, 0x100, 0x3, 0xfffffffffffffff9, 0x3141, 0x8, 0x2, 0x7, 0xfff, 0x3ff, 0x100000000, 0x2, 0x9, 0x17, 0x9, 0x8, 0x0, 0xfffffffffffffff7, 0x5, @perf_bp={&(0x7f0000000080), 0x1}, 0x200, 0x6, 0x101, 0x0, 0x5, 0x3, 0x3}, r1, 0x5, r2, 0x3)
ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0x95)
r3 = socket(0xa, 0x1, 0x0)
ioctl(r3, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
close(r0)

[  695.737388] binder: undelivered TRANSACTION_ERROR: 29201
[  695.752117] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:14 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000000600000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:14 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = open(&(0x7f0000011000)='./bus\x00', 0x8000400141042, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000000)={0x0, r2})
truncate(&(0x7f0000bec000)='./bus\x00', 0xda)
mmap(&(0x7f0000000000/0x11000)=nil, 0x11000, 0x3, 0x11, r2, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2018/05/24 23:57:14 executing program 1:
r0 = userfaultfd(0x0)
mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x1})
r1 = syz_open_dev$usbmon(&(0x7f0000000180)='/dev/usbmon#\x00', 0x9, 0x82000)
r2 = openat$cuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/cuse\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000c00000/0x400000)=nil, 0x400000}, 0x1})
ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000540)={&(0x7f0000d46000/0x4000)=nil, 0x4000})
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x1, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000200)=@assoc_value={<r4=>0x0}, &(0x7f0000000240)=0x8)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000280)={r4, 0x20}, 0x8)
clock_gettime(0x0, &(0x7f0000000140)={<r5=>0x0, <r6=>0x0})
write$sndseq(r2, &(0x7f0000000380)=[{0x7, 0x8, 0xffffffffffff7fff, 0x100000000, @tick=0x1, {0x4, 0x4df}, {0xdf5185d, 0x100000001}, @raw8={"7a478e85e699537e787bdfff"}}, {0xa6, 0xfff, 0xfffffffffffffffe, 0x1, @time={r5, r6+30000000}, {0x7, 0x3}, {0x3, 0xb91}, @queue={0x2, {0x7, 0x3f}}}, {0x80, 0xda52, 0x1, 0x5, @tick=0x9, {0x1be, 0x21cf}, {0x6, 0x985}, @queue={0xfffffffffffffffc, {0x1, 0x200}}}, {0x4a4, 0x5, 0x7, 0x200, @time={0x77359400}, {0x7, 0x9}, {0x1, 0x4}, @time=@time={0x0, 0x989680}}, {0x9, 0x4c93, 0x7fffffff, 0x5, @time={0x77359400}, {0x9, 0x100000000}, {0xe367, 0x5}, @result={0x1000, 0x2800000000000}}, {0x0, 0x80000001, 0x8, 0x6b0598e, @tick=0x10000, {0x80000001, 0x7}, {0x800}, @raw32={[0x7ff, 0x20, 0x1]}}, {0x3ff, 0x1, 0x101, 0x8c, @tick=0x7, {0x21c, 0x8}, {0x3, 0x7}, @ext={0x44, &(0x7f0000000300)="8f861038f489a26db1314750f73d946bad9c2a08b33ee268b2d7072c5bb5008700f67ae2303ee87b0e96105b3901327f3d3553b9dedbb5fafe355429e39f28e55df382f8"}}, {0x100, 0x700000, 0x0, 0x81, @time={0x0, 0x989680}, {0x7fff, 0x7}, {0x5, 0x7fff}, @result={0x53f5, 0x40}}, {0x0, 0x8, 0x3ff, 0x2, @time={0x77359400}, {0x80000001, 0xa908}, {0x2, 0x7}, @quote={{0x6, 0xf36}, 0x86}}], 0x1b0)
ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r3, 0x40505330, &(0x7f0000000080)={{0x2, 0x2}, {0x4, 0x200007ff}, 0x4, 0x2, 0xffffffffffffffff})

2018/05/24 23:57:14 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8000000]})

2018/05/24 23:57:14 executing program 2:
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0x22, &(0x7f000018effc)=0x1c, 0x4)
bind$unix(r1, &(0x7f0000003000)=@file={0x1, "e91f7189591e9233614b00"}, 0xc)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0xffffffffffffff9c, 0x7, 0x0, 0x47, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x9}, 0x20)
setsockopt$inet_mreqsrc(r2, 0x0, 0x25, &(0x7f0000000080)={@empty, @loopback=0x7f000001}, 0xc)
listen(r1, 0x0)
connect$unix(r0, &(0x7f000066fff4)=@file={0x1, "e91f7189591e9233614b00"}, 0xc)
accept4$unix(r1, &(0x7f000046f000)=@abs, &(0x7f0000937000)=0x8, 0x0)

2018/05/24 23:57:14 executing program 0:
r0 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x8, 0x400000)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffff9c, 0x84, 0x73, &(0x7f0000000080)={<r1=>0x0, 0x80000000, 0x30, 0x400}, &(0x7f00000000c0)=0x18)
setsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000180)=@assoc_value={r1, 0x4}, 0x8)
mprotect(&(0x7f00005ab000/0x4000)=nil, 0x4000, 0x400000000000a)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f00000002c0), 0x4)
pipe2(&(0x7f0000000000), 0x4800)

2018/05/24 23:57:14 executing program 4:
socketpair$inet(0x1e, 0x1, 0x0, &(0x7f0000000000)={0x0, <r0=>0x0})
r1 = syz_open_dev$sndctrl(&(0x7f0000000140)='/dev/snd/controlC#\x00', 0x4, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0x80045530, &(0x7f0000000180)=""/58)
getsockopt$inet_tcp_buf(r0, 0x6, 0x0, &(0x7f0000000080)=""/192, &(0x7f0000000040)=0xc0)

2018/05/24 23:57:14 executing program 5:
r0 = socket(0xa, 0x2, 0x0)
socketpair(0x8, 0x80005, 0x80000001, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
clock_gettime(0x0, &(0x7f0000000080)={<r2=>0x0, <r3=>0x0})
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000140)={0x20, @time={r2, r3+10000000}, 0x0, {0x8e0a, 0x91e}, 0x2, 0x2, 0x5})
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}, 0x6}, 0x1c)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c)

2018/05/24 23:57:14 executing program 5:
r0 = open(&(0x7f0000000200)='./file0\x00', 0x200000, 0x4)
socket(0x10, 0x2, 0x0)
ioctl(r0, 0xffffffffffffffc0, &(0x7f0000000340)="c6265a9ce88d2313972ad1")
r1 = syz_open_dev$tun(&(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFINDEX(r1, 0x400454da, &(0x7f0000000240)=0x20000005)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000180)={"6430713000000000000000200500", 0x1001})
r2 = socket$nl_route(0x10, 0x3, 0x0)
recvmsg(r2, &(0x7f0000001680)={0x0, 0x0, &(0x7f0000001540), 0x0, &(0x7f00000015c0)=""/184, 0xb8}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000001400)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f00000013c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001200050100000000000000000a28000043878894cf14dbf5017be7e2f612e20cec61a878cb66af9ee88b3904d05b6cfbd5a4b992fa09beafa821456120030e5d1140f6efbadbc8430a76c14c07dee94fb6487f9f53726217b7da4425a572d8c8c99794ed8376966dec2f68e24db5f24dfe4b6f49cd65c6c5248a2f0f98d3615a70909d61248d5ac7ef0984ad3f90f811ac35d3bc93a6c5dccfd384841c22c1cc367c6bb12b555a0b57136e97a43d553a85cb3d3e1b063e16af8a48505692a333be9022861269ae5bcc0d89307493f08c8e60573683eaaf744ba55811aaa6020c8201fbf9ef5ef11e48baab30ea958680000000000a7d74aa9023e11987c5a38fb0685aec7fbdc616110a42981f75a50586d18e13fdf3793f8fee17a8"], 0x14}, 0x1}, 0x0)

[  696.672900] binder: 13173:13179 got transaction with invalid offsets ptr
[  696.710303] binder: 13173:13179 transaction failed 29201/-14, size 24-8 line 2999
2018/05/24 23:57:14 executing program 4:
r0 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0)
pwritev(r0, &(0x7f0000000340), 0x0, 0x881806)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x7, 0x4)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, r0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000080), 0x102000004)
sync()

2018/05/24 23:57:14 executing program 0:
llistxattr(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)=""/72, 0x48)
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="c626262c8523bf012cf66f")
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer2\x00', 0x101003, 0x0)
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000180))
ioctl$KVM_X86_SET_MCE(r1, 0x4040ae9e, &(0x7f0000000200)={0x2000000000000000, 0x0, 0xffffffff80000001, 0x4, 0x6})
r2 = socket$l2tp(0x18, 0x1, 0x1)
ppoll(&(0x7f0000000240)=[{r2}], 0x1, &(0x7f0000000280)={0x0, 0x989680}, &(0x7f00000002c0), 0x8)
socketpair(0x14, 0x800, 0x7f, &(0x7f00000001c0))
syz_open_dev$sndmidi(&(0x7f0000000000)='/dev/snd/midiC#D#\x00', 0x7, 0x0)

2018/05/24 23:57:14 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'echainiv(ccm(serpent))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x5, &(0x7f0000000000), 0x11a)
bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000000)=0x2, 0x4)

[  696.740260] binder_alloc: binder_alloc_mmap_handler: 13173 20001000-20004000 already mapped failed -16
2018/05/24 23:57:14 executing program 1:
getpgid(0x0)
socket$bt_rfcomm(0x1f, 0x0, 0x3)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00')
getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000040)=@assoc_value={<r1=>0x0}, &(0x7f0000000080)=0xfffffffffffffe1d)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f00000000c0)={r1, 0x2}, &(0x7f0000000100)=0x8)
readv(r0, &(0x7f0000001280)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1)

[  696.798202] binder: BINDER_SET_CONTEXT_MGR already set
[  696.824213] binder: 13173:13179 ioctl 40046207 0 returned -16
[  696.858838] binder_alloc: 13173: binder_alloc_buf, no vma
[  696.864615] binder: 13173:13187 transaction failed 29189/-3, size 24-8 line 2971
[  696.964535] binder: undelivered TRANSACTION_ERROR: 29189
[  696.970560] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:15 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff000000]})

2018/05/24 23:57:15 executing program 2:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhost-vsock\x00', 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, &(0x7f0000000000))
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)=""/193, &(0x7f0000000280)=""/97, &(0x7f0000000300)=""/127})
r1 = socket(0xa, 0x1, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
getsockopt$inet_buf(r1, 0x0, 0x9, &(0x7f0000000040)=""/100, &(0x7f00000000c0)=0x64)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000700)=ANY=[])
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000780)={0x1, 0x0, &(0x7f0000000380)=""/115, &(0x7f0000000580)=""/156, &(0x7f0000000940)=""/185})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000006c0)=0x1)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af04, &(0x7f0000000e80))

2018/05/24 23:57:15 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0xaaaaaaaaaaaab1a, 0xfffffffffffffffd, &(0x7f0000000080), 0x63)
setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000040)={0x3, &(0x7f0000000000)=[{0x1, 0x0, 0x48e}, {0x6, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x81}]}, 0x10)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2018/05/24 23:57:15 executing program 0:
r0 = socket(0x10, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00008cbfd8)={'vcan0\x00'})
getpid()
sendmsg$nl_route(r0, &(0x7f0000000000)={&(0x7f00000004c0)={0x10}, 0xc, &(0x7f0000883000)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000001a00010026bd7000fddbdf2580002020fd03ff08000100004baef1fbfc19518e1772cc9057dc39ac7727df31f615aeb5746174140926cf85e6aecdcb1216c4f6d0f1b674795f14b8aa23a99c716d43bfe98a3127dac106878528ce022d6ee3ea622cbc0cc513aeb0b708c49b2437f9fb86ac2fea2258f3f9370796d250ff8208a0580c00005916a6dbe90de0f1d9584b0dcf07e06cc386fb64620131d2d0579a95f69c76f5dc6e1f2c7ec2e12aa326371d4d2f15b9912adafcab0599c49931"], 0x1c}, 0x1}, 0xfffffffffffffffc)

2018/05/24 23:57:15 executing program 3:
r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cuse\x00', 0x82, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pread64(r0, &(0x7f0000a4c000)=""/56, 0x38, 0x0)
ioctl$EVIOCGREP(r0, 0x80084503, &(0x7f00000005c0)=""/234)
write$fuse(r0, &(0x7f000007c000)={0x20, 0x0, 0x1, @fuse_notify_inval_entry_out}, 0x20)

2018/05/24 23:57:15 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000140)={'vcan0\x00', <r1=>0x0})
setsockopt$IP_VS_SO_SET_EDIT(r0, 0x0, 0x483, &(0x7f0000000040)={0x2, @broadcast=0xffffffff, 0x4e22, 0x0, 'wrr\x00', 0x4, 0x0, 0x32}, 0x2c)
r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x381000, 0x0)
ioctl$KVM_GET_SREGS(r2, 0x8138ae83, &(0x7f0000000180))
sendmsg$nl_route_sched(r0, &(0x7f0000001700)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000016c0)={&(0x7f0000000540)=@deltclass={0x7c, 0x29, 0x402, 0x70bd2d, 0x25dfdbff, {0x0, r1, {0xffef, 0xf}, {0xf}, {0x0, 0xfff3}}, [@TCA_RATE={0x8, 0x5, {0x2, 0x2}}, @TCA_RATE={0x8, 0x5, {0x0, 0x7d80952a}}, @tclass_kind_options=@c_atm={{0x8, 0x1, 'atm\x00'}, {0xc, 0x2, @TCA_ATM_FD={0x8, 0x1, r0}}}, @TCA_RATE={0x8, 0x5, {0xfffffffffffffffe, 0x6af}}, @tclass_kind_options=@c_cbq={{0x8, 0x1, 'cbq\x00'}, {0x1c, 0x2, @TCA_CBQ_LSSOPT={0x18, 0x1, {0x40, 0x3, 0x3, 0x7, 0x180000, 0x10000000, 0x3, 0x5}}}}, @TCA_RATE={0x8, 0x5, {0x20, 0x232}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x80}, 0x800)

2018/05/24 23:57:15 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000099e00000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:15 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
socket$vsock_stream(0x28, 0x1, 0x0)
io_setup(0xfc00000000000, &(0x7f0000000080)=<r2=>0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180)='/dev/hwrng\x00', 0x4000, 0x0)
r4 = syz_open_dev$audion(&(0x7f0000000300)='/dev/audio#\x00', 0x80000000, 0x80040)
io_submit(r2, 0x2, &(0x7f0000000380)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x2, 0xd42, r1, &(0x7f0000000100), 0x0, 0x1, 0x0, 0x0, r3}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x6, 0x100000000, r0, &(0x7f0000000200)="a326f070d7db5d1ade3fbe9b426506bcf53f009f2b73376202d068321c12c49edf02bd0752895a9e065f5837b12ca0b996b3b782118f6912e48aba38f8c24498ece906fe1664cc979667c4c11e0eff84e4336e77de8f9ffa8a21e4354f4d42d395d7782d21014e48221764140eecb39fd860400111a2e9c62442be82735f858d47b830569dc60d379a8bf0e2c33497f6487257dbdf5079cdd9e5ffb4689d2eafe02c07ffaea89fc6bac9779f6a3f8b6d04fe7d4d6505a45836dd2ebbcfbb88cb98", 0xc1, 0x40, 0x0, 0x1, r4}])
r5 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x1, 0x40002)
connect$vsock_dgram(r5, &(0x7f0000000040)={0x28, 0x0, 0x2710, @any=0xffffffff}, 0x10)
io_setup(0xffff, &(0x7f00000000c0)=<r6=>0x0)
ioctl$ION_IOC_ALLOC(r5, 0xc0184900, &(0x7f0000000100)={0x7, 0x4, 0x1, r0})
io_submit(r6, 0x0, &(0x7f0000000600))

2018/05/24 23:57:15 executing program 0:
mknod(&(0x7f0000000100)='./file0\x00', 0xe000, 0x31)
r0 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12}, &(0x7f00009b1ffc))
clock_gettime(0x0, &(0x7f00000000c0)={<r1=>0x0, <r2=>0x0})
timer_settime(0x0, 0x1, &(0x7f000006b000)={{}, {r1, r2+30000000}}, &(0x7f0000040000))
umount2(&(0x7f0000000080)='./file0\x00', 0x7)
r3 = syz_open_dev$adsp(&(0x7f0000000140)='/dev/adsp#\x00', 0x11c000000, 0x0)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000180)={0xaa, 0x16})
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r3, 0x40042409, 0x0)
open$dir(&(0x7f0000000040)='./file0\x00', 0x4, 0x4)
tkill(r0, 0x1000000000016)
open$dir(&(0x7f0000296ff8)='./file0\x00', 0x0, 0x0)

[  697.666150] binder: 13237:13245 got transaction to invalid handle
[  697.672654] binder: 13237:13245 transaction failed 29201/-22, size 24-8 line 2856
2018/05/24 23:57:15 executing program 2:
r0 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0xd87, 0x8000)
ioctl$KVM_GET_MP_STATE(r0, 0x8004ae98, &(0x7f00000001c0))
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0xfffffe0f)
r2 = socket(0xa, 0x1, 0x0)
ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r3 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r4, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000008fd0)={0x4, 0x0, &(0x7f00004c4fe4)=[@enter_looper={0x630c}], 0x1, 0x0, &(0x7f0000fedffe)="05"})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000007000)={0x44, 0x0, &(0x7f0000000140)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000000040)}}], 0x0, 0x0, &(0x7f0000002000)})
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x2, &(0x7f0000000040), &(0x7f0000000080)=0x14)

[  697.717642] binder_alloc: binder_alloc_mmap_handler: 13237 20001000-20004000 already mapped failed -16
2018/05/24 23:57:15 executing program 3:
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = socket(0x40000000a, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
connect$inet6(r0, &(0x7f00000005c0)={0xa}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x2c, &(0x7f0000000140)=0x800000000000004, 0x4)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f0000000b80)={0x0, &(0x7f0000000b40)}, 0x10)
getsockname$packet(r1, &(0x7f0000000000)={0x0, 0x0, <r2=>0x0, 0x0, 0x0, 0x0, @link_local}, &(0x7f0000000040)=0x14)
clock_gettime(0x0, &(0x7f00000000c0)={<r3=>0x0, <r4=>0x0})
setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000280)={{0x89, @local={0xac, 0x14, 0x14, 0xaa}, 0x4e22, 0x4, 'rr\x00', 0x8, 0x800, 0xf}, {@loopback=0x7f000001, 0x4e21, 0x2005, 0x10000, 0xeec, 0x5}}, 0x44)
sendmsg$can_bcm(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x1d, r2}, 0x10, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="0200000020040000ff03000000000000", @ANYRES64=r3, @ANYRES64=r4/1000+10000, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB="000000800100000002000040260100006c916494d5db5277c83a8da590a2b1fd2d24e442d7b24a548abdb4706300fa984596baf12056712f29039c53d4f175ac748044e6a94ba252eafe73b37073689305b5a2f26fdafeb6721290c5b68e11bdbb732824d7720741c1b4173d5e46500493153dc47a8c8db2c02ae2406355f3efb4b071e1d3a0cc0b763e4504238afefd6cc94471c7ffd07d8f4a5a8addeb2326978914e6efb96c046ab1e7aa31082b5affe9699389b3df4814a891e84f4d3a04c9d502f2abfd35570c8a667b02a58b698614678065cb1519d16d1091028afbc1a2c093cd790d7477de0d4372a157e72349579486ea04740b82a67cdf2bc22da8ef897bfb9712b0263554c8c6374d668a6f07aad627cad93c57329ca28603d47937de8d3b01e7f60740ff5968c6f48b5b473524c435a70254913d9b028422"], 0x80}, 0x1, 0x0, 0x0, 0x20040000}, 0x20004004)
socket(0x4, 0x805, 0x101)

[  697.781434] binder: BINDER_SET_CONTEXT_MGR already set
[  697.810888] binder: 13237:13255 got transaction to invalid handle
[  697.817425] binder: 13237:13255 transaction failed 29201/-22, size 24-8 line 2856
2018/05/24 23:57:15 executing program 1:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$rdma_cm(r0, &(0x7f00000012c0)=ANY=[@ANYBLOB="16000000100000fa", @ANYPTR=&(0x7f0000000340)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d555f7450000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002adb9450560f1211a147974912ee4bffebd92228d7b42dd82aea351faf006ace97"], @ANYRES32=0xffffffff, @ANYBLOB='\x00\x00\x00\x00'], 0x18)

2018/05/24 23:57:15 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000]})

2018/05/24 23:57:15 executing program 5:
r0 = socket$inet6(0xa, 0x3, 0x2)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x7}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000040)=0x7f, 0x4)
sendmmsg(r0, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000000380), 0x0, &(0x7f00000003c0)}}, {{&(0x7f00000004c0)=@in6={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000240)=[{0x28, 0x29, 0x2, "2b07df2fd0846bc0964f4ffde3d917e308"}], 0x28}}], 0x2, 0x0)

[  697.852054] binder: BINDER_SET_CONTEXT_MGR already set
[  697.860768] IPVS: set_ctl: invalid protocol: 137 172.20.20.170:20002 rr
[  697.879275] binder: 13265:13266 ioctl 40046207 0 returned -16
2018/05/24 23:57:15 executing program 4:
keyctl$join(0x1, &(0x7f0000000000)={0x73, 0x79, 0x7a, 0x1})
r0 = socket(0xa, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000380)={"6c6f000000000000000000000000ed1f", <r1=>0x0})
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000080)={@loopback={0x0, 0x1}, @dev={0xfe, 0x80}, @loopback={0x0, 0x1}, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, r1})
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f00000002c0)={@local={0xfe, 0x80, [], 0xaa}, @loopback={0x0, 0x1}, @remote={0xfe, 0x80, [], 0xbb}, 0x0, 0x0, 0x4000})

[  697.903408] binder: 13266 RLIMIT_NICE not set
[  697.908174] binder: 13237:13245 ioctl 40046207 0 returned -16
2018/05/24 23:57:15 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000040)="2347427637ee2810ca2085db085b48fec1b040dbd51695ee7606975334a5815baff73242c6826283ee213d88d8799f3bef02af476b94fb1c84639f1e047b67f5944842e22017de4ea0f7a5fcb69bf8094dbb5abf83fc50e55ae4fff2f7a49f2c285f9593ba39c15eae20c1bdc6e5cf63", 0x70}, {&(0x7f0000000240)="af5086f1a4465f7715e6c8c614aaf27b01661387212637a3200ba8a1a58cca3ceb856170b033c5a2b630e3ac49ab6c493625bf84cb45b7d5b1183743bf45770edd0a889543033bb3dc0f78cfda1ad365ead8ee39aab259dfa30fd497ff54ecae9b8fd7a9f2a8c2e696b3b9ae243956bf01c1d2bb0b659d068e43309d969e3936de850929297f1c31d013edcf7cd5", 0x8e}, {&(0x7f0000000300)="5f7da08071201c0c8915d133e1171c3a513637da141881a1fce2f6e69b069903164697cb55968ea17aceb63676e98dcc09f6e0a584208b41ab9726ded9f872a02f4f010147b29e96f30831e806212e8c0b877a0d00e54cb75b71944c02bcca6cc95a43682fbf5c38749fed81c5846277add7674f10398bcf211006e9fd3377eb7a62f0", 0x83}, {&(0x7f0000000140)="e5487019feadec09d32c66db87f35a40527dd4692d42422d966e8d71837caae2070fa5f230febd92485fd5e764d49fb0d244667d50def20d36e5e14e69788d93c151a1b88168afad08d6a32073a386e010", 0x51}], 0x4, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000100)={0x1d})
ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f00000001c0)={0x3, 0x0, [0x47f]})
sysfs$3(0x3)

2018/05/24 23:57:15 executing program 1:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x511000, 0x0)
ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f00000000c0)=0x6)
shmat(0x0, &(0x7f0000000000/0x2000)=nil, 0x4000)
pipe(&(0x7f0000000000))

2018/05/24 23:57:15 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000070000000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:15 executing program 4:
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000469ffc), 0x4)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x111081, 0x0)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f00000000c0)={<r1=>0x0, @in={{0x2, 0x4e22, @loopback=0x7f000001}}}, &(0x7f00000001c0)=0x84)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000280)={r1, @in={{0x2, 0x4e22, @multicast2=0xe0000002}}, 0x80000000, 0x3584, 0x7, 0xb7, 0xa4}, &(0x7f0000000340)=0x98)
pipe(&(0x7f0000000680))
r2 = socket(0x1e, 0x805, 0x0)
gettid()
r3 = fcntl$getown(0xffffffffffffffff, 0x9)
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000600)={'ip6gre0\x00', &(0x7f00000005c0)=@ethtool_eee={0x0, 0x0, 0x0, 0x0, 0x0, 0x2}})
r4 = socket(0x1e, 0x805, 0x0)
r5 = dup2(r4, r2)
openat$zero(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/zero\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000400))
rt_sigqueueinfo(r3, 0x38, &(0x7f0000000040)={0x33, 0x80000001, 0x100, 0x9})
mq_timedsend(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0, &(0x7f0000000180))
getsockopt$ARPT_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x0, 0x63, &(0x7f0000000540)={'TPROXY\x00'}, &(0x7f0000000580)=0x1e)
getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000006c0)=""/188, &(0x7f0000000440)=0xbc)
recvmsg(0xffffffffffffffff, &(0x7f0000001900)={&(0x7f0000000200)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x80, &(0x7f0000000380), 0x0, &(0x7f0000000900)=""/4096, 0x1000}, 0x0)
getsockname$ipx(r5, &(0x7f0000000480), &(0x7f0000000640)=0x10)

[  697.976751] IPVS: set_ctl: invalid protocol: 137 172.20.20.170:20002 rr
[  698.008962] binder: undelivered TRANSACTION_ERROR: 29201
[  698.016518] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:16 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]})

[  698.076293] binder: 13298:13300 got transaction to invalid handle
[  698.082687] binder: 13298:13300 transaction failed 29201/-22, size 24-8 line 2856
[  698.163848] binder_alloc: binder_alloc_mmap_handler: 13298 20001000-20004000 already mapped failed -16
[  698.208268] binder: BINDER_SET_CONTEXT_MGR already set
[  698.223368] binder: 13298:13300 ioctl 40046207 0 returned -16
[  698.241152] binder: 13298:13311 got transaction to invalid handle
[  698.247606] binder: 13298:13311 transaction failed 29201/-22, size 24-8 line 2856
[  698.273232] binder: undelivered TRANSACTION_ERROR: 29201
[  698.283689] binder: undelivered TRANSACTION_ERROR: 29201
[  698.596413] binder: 13265:13316 transaction failed 29189/-22, size 0-0 line 2856
[  698.723181] binder_alloc: binder_alloc_mmap_handler: 13265 20001000-20004000 already mapped failed -16
[  698.736148] binder: 13317 RLIMIT_NICE not set
[  698.744150] binder_alloc: 13265: binder_alloc_buf, no vma
[  698.749783] binder: 13265:13316 transaction failed 29189/-3, size 0-0 line 2971
2018/05/24 23:57:16 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_buf(r0, 0x107, 0xf, &(0x7f00000000c0)="f8f550e6", 0x4)
r1 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x8001, 0x2000)
ioctl$KVM_RUN(r1, 0xae80, 0x0)
sendto$inet6(r0, &(0x7f0000000000)="0081000006000000d1a7", 0xa, 0x0, &(0x7f0000000080)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x1c)

2018/05/24 23:57:16 executing program 5:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000000040)={0x2, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x88)
r2 = socket$inet(0x2, 0x2, 0x7)
setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000000300)={0x7b86, {{0x2, 0x4e20}}}, 0x88)
setsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f00000002c0)={@rand_addr}, 0xc)

2018/05/24 23:57:16 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x800, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000040)={0x4, <r2=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000000c0)={0x0, 0x2000000001, 0xffffffffffffffff, &(0x7f0000000000)=0xffffffffffffffff})

2018/05/24 23:57:16 executing program 1:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast6-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005e381e5b3b60ced5c54dbb7", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f00000028c0)=[{0x0, 0x0, &(0x7f0000002400)=[{&(0x7f0000002200)="adb87b128dac38988494393fa7bdc250", 0x10}], 0x1}], 0x1, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
recvmsg(r1, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x80, &(0x7f0000001600)=[{&(0x7f0000003b40)=""/4096, 0x1000}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0)

2018/05/24 23:57:16 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe800000000000000]})

2018/05/24 23:57:16 executing program 2:
r0 = socket$netlink(0x10, 0x3, 0x3)
r1 = fcntl$getown(r0, 0x9)
r2 = getpgrp(0x0)
fstat(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
r4 = getegid()
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f00000001c0)=<r5=>0x0)
getresuid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)=<r6=>0x0)
fstat(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0})
sendmsg$netlink(r0, &(0x7f0000000380)={&(0x7f0000000000)=@kern={0x10, 0x0, 0x0, 0xc00}, 0xc, &(0x7f0000000100)=[{&(0x7f0000000040)={0xa4, 0x35, 0x602, 0x70bd26, 0x25dfdbff, "", [@typed={0x8, 0x60, @ipv4=@broadcast=0xffffffff}, @generic="0c0abc890cf528af06a7a2578c42b7b41764918fc230bf50ae8bff08d8a7f058383096a8a56ff3f4cc78728eb0464ba15e0e2565a58e94a018632857de25b04638f842fcf8066a40cb8e1b554939c47cb9eb5aabcba67efc41f3966290bf8923abf179ba9e913a79b7cbb8abda1b6e108c5c3e4d7f2a1ed7fd73a1eed67405f8dc59cb96", @typed={0x8, 0x93, @pid=r1}]}, 0xa4}], 0x1, &(0x7f0000000340)=[@cred={0x20, 0x1, 0x2, r2, r3, r4}, @cred={0x20, 0x1, 0x2, r5, r6, r7}], 0x40, 0x44}, 0x811)
sendmsg$nl_crypto(r0, &(0x7f0000000580)={&(0x7f00000003c0)={0x10}, 0xc, &(0x7f0000000540)={&(0x7f0000000400)=@get={0xe0, 0x13, 0x1, 0x0, 0x0, {{'cbc(des3_ede)\x00'}}}, 0xe0}, 0x1}, 0x0)

2018/05/24 23:57:16 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000000000000185200000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:16 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x2, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_IRQ_LINE(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x5})
r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x1, 0x0)
ioctl$TTUNGETFILTER(r3, 0x801054db, &(0x7f0000000100)=""/161)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000080)={0x0, 0xfffefffffffffffd})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r2, 0x4010ae68, &(0x7f00000000c0))

[  698.859947] binder: undelivered TRANSACTION_ERROR: 29189
[  698.865543] binder: undelivered TRANSACTION_ERROR: 29189
[  698.908409] binder: 13320:13333 got transaction with invalid offsets ptr
[  698.938635] binder: 13320:13333 transaction failed 29201/-14, size 24-8 line 2999
2018/05/24 23:57:16 executing program 3:
r0 = socket$l2tp(0x18, 0x1, 0x1)
r1 = socket$l2tp(0x18, 0x1, 0x1)
connect$l2tp(r1, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x4, 0x0, 0x0, 0x3}}, 0x26)
r2 = dup3(r0, r1, 0x80000)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000080))
setsockopt$netlink_NETLINK_PKTINFO(r2, 0x10e, 0x3, &(0x7f0000000000)=0xbf, 0x4)
ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000200)=0xfffffffffffffffe)

2018/05/24 23:57:16 executing program 2:
clock_gettime(0x0, &(0x7f0000000000))
futex(&(0x7f000000cffc), 0x810000000006, 0x0, &(0x7f0000000040)={0x0, 0x1c9c380}, &(0x7f00000000c0), 0xfffffffffffffffd)
r0 = syz_open_dev$amidi(&(0x7f0000000100)='/dev/amidi#\x00', 0x13b600000000000, 0x40000)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000180)={0x8, 0x7, 0x8, 0x400, 0x78, 0x1, 0x5be, 0x1, 0x8b8, 0x71f, 0x3, 0x8})
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)=0x8000000)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f00000001c0)={0x9, 0x2}, 0x8)
futex(&(0x7f000000cffc), 0x5, 0x0, &(0x7f0000000080), &(0x7f0000f44ffc), 0x1)

[  698.971871] binder_alloc: binder_alloc_mmap_handler: 13320 20001000-20004000 already mapped failed -16
[  699.000374] binder: BINDER_SET_CONTEXT_MGR already set
2018/05/24 23:57:16 executing program 4:
r0 = socket$inet(0x2, 0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @loopback=0x7f000001}, 0x10)
sendmmsg(r0, &(0x7f0000001e80)=[{{&(0x7f0000000000)=@in={0x2}, 0x10, &(0x7f0000000080), 0x0, &(0x7f0000000080)}}, {{&(0x7f00000002c0)=@in={0x2, 0x0, @broadcast=0xffffffff}, 0x10, &(0x7f0000000600), 0x0, &(0x7f0000002040)}}], 0x2, 0x0)
r1 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x200000, 0x0)
getsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f0000000280)=0xffffffffffffffb0, &(0x7f0000000340)=0x2)
setsockopt$RDS_RECVERR(r1, 0x114, 0x5, &(0x7f0000000100)=0x1, 0x4)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
connect$netlink(r2, &(0x7f0000000080)=@unspec, 0xc)
ioctl$BLKREPORTZONE(r1, 0xc0101282, &(0x7f0000000140)={0x53d3, 0x4, 0x0, [{0x4, 0x3f, 0x8, 0x7, 0x6, 0x6, 0x2}, {0x9, 0x9, 0x100000001, 0x6, 0x8, 0x401}, {0xc673, 0x2, 0x20, 0x7, 0x9, 0x8001, 0x7}, {0x6, 0x7, 0xf09, 0x0, 0x3, 0x697a}]})

2018/05/24 23:57:16 executing program 5:
r0 = memfd_create(&(0x7f0000000580)='dev ', 0x3)
write(r0, &(0x7f0000000040)="16", 0x1)
sendfile(r0, r0, &(0x7f0000001000), 0xffff)
fcntl$addseals(r0, 0x409, 0x8)
socket$kcm(0x29, 0x5, 0x0)
r1 = socket(0x2, 0x1, 0xfffffffffffffffc)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000080)={0x3, 0x9, 0x5, 0x6, 0x200, 0x0, 0xba5, 0x100, 0x8, 0x0, 0x9}, 0xb)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
pwrite64(r0, &(0x7f00000001c0), 0x0, 0x0)
clone(0x0, &(0x7f0000000080), &(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000180))
setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2d, &(0x7f0000000180)={0x8000, {{0x2, 0x4e24}}}, 0x88)

2018/05/24 23:57:16 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00]})

2018/05/24 23:57:17 executing program 1:
r0 = socket(0x5, 0x1, 0x1f80)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
bind$alg(r0, &(0x7f00000012c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(aes-aesni)\x00'}, 0x58)
open(&(0x7f0000000080)='./file0\x00', 0x4000, 0xa)
sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000000)=@nfc={0x27, 0x0, 0x2, 0x5}, 0x80, &(0x7f0000000180)=[{&(0x7f00000000c0)="0f02b53b8291752d5b655ce85117aedb79bac73334b25e7912f18428f019935799337150c5ec1e684f4bbdc977501628984e9685907cf8d923abb38363c0d845f9100b88f4f3a31402d4c1451cbcfea7f8af45289d5a686c3ed10bf33acac9bab7ec85bbadd90e55920cf844596434dd3bd92ef89de066961d60bcf226c395d91833db", 0x83}, {&(0x7f0000000300)="3c1a245f42a07424424afa60bdbdb4fe72b6d123e25150291a9062715061c11ca4f4c253a2f8e2bbaf1348aa172bd74d72b8250e2f4ca362b71a17eaac0f55a367502b45d3470428afd9e94549b7df201220615d7a471c53030e7c1af74fb9f7ad2491c82202d95e4b7dccc7a25ac0d0c419fb80bc666aca67eda5c596b74f860b33e427d0568ff2311b781aa1d37e63c2d4cf0559f99d6387d17e00f136a5e19da0ffb6221546f90613789e3cae7d93d665909bbf2e04b3db694f3c34d3d60038ba0d704f09", 0xc6}, {&(0x7f0000000400)="522243a50708279c68586840e78ab51ae8538d5603da8db0998563efe04aad0e78ebeb9c70f544047aa4efdcabf3adc84aaec6dc239ae3754ac53574fcf4549e5d247aa9b1cf4c541f71ea3173833bfbe5cb0fbbaf14154b9e3ca9f108eb28f76f067d92ac14446fe56db2ea05d4d6986584ca460181abc442e4ba20d268f47d32f0c9a3cce55503924c90899a303b73fad9b57e95a0c6f232b468f8a68c366752efe89e42cf03e6cfd80ec7e8d202442ce2a381b0188b8e2fb81722b3d84bdcc5c141cede5c70bfccfc80bb87f2b76a099fbd6a065b88e7b3e6751d5f4f7e83eec04110caa4258cd9701cb563", 0xed}], 0x3, &(0x7f0000000500)=[{0xb0, 0x104, 0x2, "5d9fe742d278b7abc59996881ca86cfa425322e000dfc9ffa9d632465a428bb81295b3cd9dd0dcccc9c4cd471d370f3f0e12985574083bc7a2cf841f0dc0ba3022e2f43a9a756afede73461572a82b5f6d24e9e1287f581477a21d8ab539c43ff73373bff2b99ff8f98dc3bf01d8b170b30a7a7afdfb26f2c129be6a1767c21e7d3a00bee2492d3acc43bfa475f91e8c2ad8021adcc58eb713"}, {0x20, 0x117, 0x40, "547dbef43a733c4a9e38a903d84a4a"}, {0xf0, 0x1, 0x5ee, "922bb1bfcb8db258758dbbad8866fd4655c7466f573b03f6dcabeede3400d710f74254028c1a6743f2e40621e57c9a081543f0657ba282916bda385f849bd3b06a393fb83cf27cceb4b31057077fcbb25920a3a93d431f986a5f2c406b2f782d277af2368fd1fb1a22f1d319d9a54d8de29b0cc63a33639e47c5be7ec318ace00ec8ba6bba0142db1a6ec1cd8a549196b37eb3689e2846672eaf7be949a963197a9438ebaf6dab37ba472493dcd62c985f745b4aa8d4884b86e4c79a8e884af617fa5bc5aa0a9eddacc52e5f5c6c3cc26d17acb2901178e9931fe3"}, {0x78, 0x103, 0x101, "ebdc8eb6bacdcb54ca0408e81f56650a3a48cdb0e98751953c7452f5e03672ee265675470d4d4473d0158e7c31859663f23723bc8e3c594da8e2007599ae64d46ef3c08078d334379223a080dd843d001541f97179a6e7d8ae4f700eea7d9be3f5717a"}], 0x238, 0x40000}, 0x3}, {{&(0x7f00000001c0)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x4e21}, 0x4, 0x2, 0x4, 0x3}}, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000740)="2fa2c159340300fa5c45bd2223df589062a450f11dfcc32b4e9c0be92e4817b56fd324b1307df6502c2049eee0fdb7cc245643ecb63c5b9518b4ae17816901a2671f95e8c14b2d112b26759d4c18ce02fea9cd965d8e6c6e640071ac6e62ccd2ee1a8d8f1fb6a8b2211c8ef0eb2fa8928c6ab7dc8d3a41757d6744da8ef9186bf4910b4cfd78c7dbd9f65d04c70c8db1c139c14846efcdf2db5c65af4f14df5f750f62f00b154c5e7bb3d13035f7c731885ae57881e51b515e3d1be87afcbeff797ec75449cf73aaecd8bbbe0a7b6cadc3451f81b227bb58e234ecdbaad2b30a21f30b46fdd771f1ed9f6dd995ed2ce3ed8fe0dc044b10", 0xf7}, {&(0x7f0000000280)="b8f811e58cc817728a873bf2b602e68e00553dce7edeadddac3dc96f78f46576fec74f8dfe18b714fe77", 0x2a}, {&(0x7f0000000840)="573b7b684119d99ee2596ebdee9fd60b50219f8e6f3fe2593f2af73753ce7113312f9125eaafc839723d1b7c0d6d23cb5d58f44b5f8913e511d64cc51656aea42548d82965434dc7dc23995d42ab23439d6a11514a62f51f9bab91db", 0x5c}], 0x3, &(0x7f0000000900), 0x0, 0x20000000}, 0x5}, {{&(0x7f0000000940)=@rc={0x1f, {0x2, 0x4, 0x0, 0x100000001, 0x1, 0x6}, 0x37d}, 0x80, &(0x7f0000000b40)=[{&(0x7f00000009c0)="bbe24c245e23c1feef8c2bbac355db078af6c437d8cee32b82c229f87630b78bcbce49cb5d31efca10f612048cba65f4fe588194d4a707f1cbd05a4250f2e0", 0x3f}, {&(0x7f0000000a00)="94c321d47908f6885192a5fc517b683c3a38c3dd79e5bf4fff26ecd265059b4ba91dabdc739486238e1596363ff78594b55b8c3a7d63710159f439ca981b201a7f6a23bf8d794d37e960794ad446", 0x4e}, {&(0x7f0000000a80)="539d23a086249e95a8771fbc927db4a7634f421ff633147f1ec54aa0c5696dbd3d67a127cb58b4390982adf33da139f1150874aa68519775354f7196de92936d81f4dba13aee96319a3842f3d668cfe8", 0x50}, {&(0x7f0000000b00)="840db2b78ce1d20294e5967886cbdeb37fefd983ff38f94bcbc159add1d10de0e1", 0x21}], 0x4, &(0x7f0000000b80)=[{0xf8, 0x0, 0x8, "315948726bdb06d5e31b7d7d17ea6ce7677141d252721a436192c69db7f18f9cab1dd71a4643240dc8c06efbda10196c272dc0a1c884a29ae34d3080a95730525610b085cf3721d883aa5981c89cc38304c321b2baa8f9cb44fc6be8a1e990657e1a12fe667a4f1d805fdf4d1f12a3ecbbcab4370db3f5d645a5ed359f0c7da23c1326c667fa307f67eda4c2f56677b734133130a16fb1724f568dba5dac84a9ef3e2f9e42f921ddc214d55c94c87e72471afa06d6191b30ceb3015910ab0bf5b638681664cbe6e4bad88e0eee53ef4c4f810c58ff2cc2d97c05707d91821dcd9f22b69035b63d"}, {0xa8, 0x1, 0x200, "38027fdc48cdcf5fc20c30dc98a673e828bc85078fa5d914d75b5a45c8c24573046cb5084517262d7d739db395fec39c3f132974e547684ca442338d103be576db7ac6b9163691763f178686e440ac71b2780109cf3637ca4873ddbe9a6f0d395cd5e3f3f920c810d613451d78cb0dfa88588b898b244e0726635ed1a01c304c63dd5b98691a2d7771e3d9da7897eb144b490c"}], 0x1a0, 0x8010}, 0x4}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000d40)="d7479be1032707b87f4abe47e2e0f36e4bf40e1b5470c14f7d7a8cc2b120f4995bda7bb58da801502a6c93d3c00307fd758640547c8c3128a83b23a8c72c1036a28cd5f245341ba3390859c29a729da21e30f98650616f257d90392300d1750372f8af2cea51c3fb3cdb3b0070906f31fbda294a34fd07d9e16fff6e7ed19789f19c66ed58261a0e6448f138d75b30c768e00deff7db48c165c066731b64e6e2bec421db2c72283a4e3927c9059707c42a5a6aa03c166e8ac10ad8df34b512ba5293bfceb97eca455db11806a6cbc856ab", 0xd1}], 0x1, &(0x7f0000000e80)=[{0xc8, 0xff, 0x3, "05df3c4fcddacba6cdedb615a4dd55ed6e4c390866aa207fa632da9b724cf3f2479fc5acb514cdaf4f9f35d396a887b6e4438da157a77ebdba87d2603a48e782cae6a41421069c07e7996c2c371e631d272f3a0797c254cad30e07e09d497f36c07ccdbc35833a362bc1311f5d4847a04a034036fd0a860672ac21c0662f6fd179cf85ced3c09faaf8a0b7fddfda3cbecdef0fa4a1b4f2d109ac669958d1a4b973b7ab6937d2f3447b03b00932f11b0b6335"}, {0xf8, 0x3a, 0xffffffffffffff07, "8526dc3c20670dcfc974e1b93ef7438441bb879c72f37a5e1f09e9b9d6893f4b7bf92b40c6a937b26e0c753197f1e77086a79e3a76d79a4e739392a1a1b7f6e0c9eb3fcdc260d0f501ef09b9b92ba192b1c87c7c62f64eb1ed35395b57d86a662954c214832d6337b637a91ab2f9d2d733f3117824b61d9de586697d4674672226f27cea763a9a77dd8297a87480665f4dd8e12c6dac90282c35a0939095f00439587b9de5f25bbee5008679c37724f7ceab9019054139f61dcdd7314fe3da341e3bd5177d98ec8a2e7965a10a247752b16c3dd1c2e1dbf41ab9ef34776c9dedde"}, {0x20, 0x0, 0x3, "fd9005eba464bd7bb420"}, {0x58, 0x0, 0x4, "559ae237736bac8c7549ad81ecb638b17615375322c9fb6d19ee5e3138995e49781b4355b7bef995222064afe3052594118ab0dbea2b261af0f46caf75e557a097606542"}], 0x238, 0x10}, 0xced}], 0x4, 0x40011)
syz_emit_ethernet(0xac, &(0x7f0000001200)=ANY=[@ANYBLOB="aaaaaaaaaabb0180c2000000810044000004feff19c971326b3e8a27ae0639535e15e34a4570e5835e507360e247057201f1c09cf9c5b76a6b979458452dd3f1889652a16edad69abe78acdc2cbffc56a61100da9fe9f1a7423855815fd85ee8c38d87e62653db89c41d18c9202dd4e73d2bae513103cc8aa18cf6e5e677a968b7137cbb59a2ac1c6820478e06d9f09cbc0cc3e6fee83579398636e833655c00000000000000000000000000"], &(0x7f0000000900)={0x0, 0x1, [0x10000, 0x800, 0xffffffffffffffff]})

[  699.031758] binder: 13320:13333 ioctl 40046207 0 returned -16
2018/05/24 23:57:17 executing program 0:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0)
syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x80200)
r2 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x12, r2, 0x0)
syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x1, 0x92101)
write$binfmt_script(r0, &(0x7f0000000740)=ANY=[], 0x1bf)
ioctl(r1, 0xc0184908, &(0x7f0000001000))

2018/05/24 23:57:17 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0xa, 0x802, 0x3)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
ioctl$sock_SIOCBRADDBR(r0, 0x89a0, &(0x7f0000000040)='sit0\x00')
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)=@bridge_delneigh={0x28, 0x1c, 0xf07, 0x0, 0x0, {0x7, 0x0, 0x0, r2}, [@NDA_LLADDR={0xa, 0x2, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}}]}, 0x28}, 0x1}, 0x0)

2018/05/24 23:57:17 executing program 2:
r0 = syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0xffffffffffffffff, 0xd00)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000100)={[], 0x1000000000000, 0x969, 0x401})
syz_open_dev$adsp(&(0x7f00000000c0)='/dev/adsp#\x00', 0x400, 0x40000)

2018/05/24 23:57:17 executing program 4:
unshare(0x400)
r0 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x0, 0x101800)
ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r0, 0x408c5333, &(0x7f0000000040)={0x7ff, 0x5, 0x200, 'queue0\x00', 0x1ff})
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000002ff7)='/dev/ppp\x00', 0x0, 0x0)
ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000280)=""/246)
ioctl$EVIOCGREP(r1, 0x4004743c, &(0x7f00000007c0)=""/174)

[  699.146724] binder_alloc: 13320: binder_alloc_buf, no vma
[  699.152428] binder: 13320:13375 transaction failed 29189/-3, size 24-8 line 2971
2018/05/24 23:57:17 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000300)=<r1=>0x0)
capset(&(0x7f0000000340)={0x20080522, r1}, &(0x7f0000000380)={0x7ff, 0x1ff, 0x4, 0x0, 0x7ff, 0x3})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f000001bfc8)={&(0x7f0000db4000)={0x10}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001300290affffffff0000000007000000", @ANYRES32=r2, @ANYBLOB="000000000000000008001a0004000300"], 0x28}, 0x1}, 0x0)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00')
sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000080)={&(0x7f00000001c0)={0x134, r3, 0x2, 0x70bd25, 0x25dfdbfd, {0x9}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x400}, @IPVS_CMD_ATTR_SERVICE={0x50, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x1e}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x19}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x14, 0x2}}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local={0xfe, 0x80, [], 0xaa}}, @IPVS_SVC_ATTR_SCHED_NAME={0xc, 0x6, 'lblc\x00'}]}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x77}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x28, 0x10}}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_DAEMON={0x58, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x5}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback={0x0, 0x1}}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'lo\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x400}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_bond\x00'}]}, @IPVS_CMD_ATTR_DAEMON={0x34, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'team0\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bond_slave_1\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x85}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x4}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x6b}]}]}, 0x134}, 0x1, 0x0, 0x0, 0x4000004}, 0x800)

2018/05/24 23:57:17 executing program 1:
r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40, 0x28)
name_to_handle_at(r0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="1a00000020000000fe7cf01171a43d2bdd21cb1f09341b6d7bc073f9fb44abb37d9800dea0ed1dade6d67414aabcd0db7d18086d330da783499b9d89791da844db1f7d061c9cbac36de39fda3606f9aa462fedac82bcade8365fbec897bd13a4ecfe19d052d5104d678100fa983778cb404e1f92d68a3264589d85a608954f8bcf8c1350b2911af7f0bc713f7ddfbc5802ff99a70d5604d7d421bf4b850da53b016ff37a3facd66adaf849ed7103cc4da3f1f4"], &(0x7f0000000180), 0x1400)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000000)=0x8000000)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x121800, 0x0)
ioctl$ASHMEM_SET_NAME(r1, 0x41007701, &(0x7f0000000080)='\x00')
sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x3)
ioctl$SG_NEXT_CMD_LEN(r0, 0x2283, &(0x7f0000000140)=0x3d)

[  699.292732] bridge: RTM_NEWNEIGH with invalid state 0x0
[  699.332447] binder: undelivered TRANSACTION_ERROR: 29189
2018/05/24 23:57:17 executing program 2:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r1 = getuid()
r2 = getuid()
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000000c0)={{{@in6=@dev, @in6=@ipv4={[], [], @dev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in=@dev}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000000)=0xe8)
setresuid(r1, r2, r3)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f000039a000)=[{0x20, 0x0, 0x0, 0xffffffffffeff004}, {0x6, 0x0, 0x1}]}, 0x10)
exit(0x9)
sendmmsg(r4, &(0x7f0000006e00)=[{{&(0x7f0000000540)=@in6={0xa, 0x0, 0x0, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x80, &(0x7f00000006c0)}}, {{&(0x7f00000058c0)=@can={0x1d}, 0x80, &(0x7f0000005a40), 0x0, &(0x7f0000005a80)}}], 0x2, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00')
sendfile(r6, r7, &(0x7f0000000280), 0x4)
ioctl$KVM_SMI(r7, 0xaeb7)
ioprio_set$uid(0x3, r3, 0x80000000)

[  699.338400] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:18 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000000000120000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:18 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000]})

2018/05/24 23:57:18 executing program 4:
unshare(0x400)
r0 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x0, 0x101800)
ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r0, 0x408c5333, &(0x7f0000000040)={0x7ff, 0x5, 0x200, 'queue0\x00', 0x1ff})
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000002ff7)='/dev/ppp\x00', 0x0, 0x0)
ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000280)=""/246)
ioctl$EVIOCGREP(r1, 0x4004743c, &(0x7f00000007c0)=""/174)

2018/05/24 23:57:18 executing program 1:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x20000, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000380)=[@textreal={0x8, &(0x7f0000000280)="fc0f0096000081d70a0064360f77ba420066ed1d0000650f060f080f21c60fc79f5074", 0x23}], 0xe3e7c7a019c0acfa, 0x0, &(0x7f00000002c0), 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000040)=ANY=[@ANYBLOB="b5000000ee0cd74c4f3d0aedef73a3991a56623dd3943db5a7e72c946911404ddc2bb351d3295791157b015680cbeb8b1c4dd4f5c460e14a60d944c84694c4de1f3c392c6b4d1b050338f11cc40000000081ff34c7634d9bb9358ed3d67b8024882a1567a764b6bc87ced81043d123be95788afb5c127d6d54a7c9d50e278e9d90b2b5871c94d565f74d708e8bc24661f78342e0215993e5396a4d10d05064283685240c4dd0dd5f0f4020e9dda771d2954f"], &(0x7f0000000140)=0x1)
name_to_handle_at(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0)={0x62, 0x0, "27a81bc10c3166349939175cff1bbd89f2b03cea6f470e7984308606f3a6c8afed12beb07731b2df0e74b5845834d21038458b90a9b6a7b98d5b5519ede564f489f1b0fcc3c0765a845dfaddd1c7c32bc213d98f0f310127155b"}, &(0x7f0000000200), 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2018/05/24 23:57:18 executing program 0:
perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpu.stat\x00', 0x0, 0x0)
ioctl$sock_ipx_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000040)={'ip6gre0\x00', {0x4, 0x10000, 0x0, "9ca7334d214a", 0x1}})
madvise(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa000000000008)

2018/05/24 23:57:18 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x9, 0x80)
ioctl$PERF_EVENT_IOC_REFRESH(r1, 0x2402, 0x1)
sendmsg$nl_xfrm(r0, &(0x7f0000001440)={&(0x7f0000000000)={0x10, 0x4170000}, 0x349, &(0x7f0000001400)={&(0x7f0000000080)=ANY=[@ANYBLOB="b8000000190001010000000000000000e0000001000000000000000000000000ff02000000000000000000000000000100000000000000000a0000ff00000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000a0572d35e71cbec5998e50bd650584000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0xb8}, 0x1}, 0x0)

2018/05/24 23:57:18 executing program 2:
r0 = syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x3ff, 0x40001)
syncfs(r0)
ioctl$sock_SIOCDELDLCI(r0, 0x8981, &(0x7f00000000c0)={'ifb0\x00', 0x5})
r1 = socket(0x2, 0x1, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000300)={0x0, r0, 0x8, 0x3}, 0x14)
r2 = request_key(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={0x73, 0x79, 0x7a, 0x0}, &(0x7f00000002c0)='\\keyringvmnet1vmnet1trusted\x00', 0xfffffffffffffffe)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000040)=0x785)
ioctl$TUNSETNOCSUM(r0, 0x400454c8, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000340)=0xfffffffffffffffe)
add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f0000000200)={0x73, 0x79, 0x7a, 0x3}, 0x0, 0x0, r2)
ioctl(r1, 0x64, &(0x7f00000001c0)="0788b7f4e9a270cd2cf66f9d74b39036c29445cfe08bc22a0f919a5f99e5dac76136c109125049e17f96897ba7ff9aab10456e508f0403f6")
add_key(&(0x7f00000005c0)='dns_resolver\x00', &(0x7f0000000000)={0x73, 0x79, 0x7a}, &(0x7f0000000540)="f1adeb1af858baacf3badb1d79cae63160297c5622f1bd4355db6251ba98a1e2907b45d18f94a48704000000222a0027dec36a9f5f10be85cdfbb42864d37ef802ac13632e6787578d000000d38f350b8b4800", 0x53, 0xfffffffffffffffb)
getsockopt$ARPT_SO_GET_ENTRIES(r1, 0x0, 0x61, &(0x7f0000000100)=ANY=[@ANYBLOB="66696c740000000000000000000000000000000000000000000000000000000026000000f08fa0945d39b241f8b7a20173ac1031e6d0f7aef309c58d4550aee75f95f550751f3625fb645f9071bbec16c2d9e0855b36"], &(0x7f00000003c0)=0x4a)
symlinkat(&(0x7f0000000440)='./file0\x00', r0, &(0x7f0000000480)='./file0\x00')
setsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000400)={0x10000, 0x3, 0x8, 0x5, 0x4, 0x9, 0x5, 0x3, 0x3, 0x7, 0x400}, 0xb)

2018/05/24 23:57:18 executing program 5:
r0 = dup(0xffffffffffffff9c)
faccessat(r0, &(0x7f0000000000)='./file0\x00', 0x20, 0x1000)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@broute={'%route\x00', 0x20, 0x1, 0x270, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000380], 0x0, &(0x7f0000000080), &(0x7f0000000380)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x11, 0x0, 0x0, 'nr0\x00', 'yam0\x00', 'yam0\x00', 'v\nth1_to_t\tam\x00', @link_local={0x1, 0x80, 0xc2}, [], @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, [], 0xb0, 0xb0, 0x1e0, [@mark_m={'mark_m\x00', 0x18, {{0x0, 0x0, 0x0, 0x4c49502e23c2d534}}}]}}, @common=@SECMARK={'SECMARK\x00', 0x108, {{0x0, 0x0, 'system_u:object_r:udev_tbl_t:s0\x00'}}}}]}]}, 0x2e8)
getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x41, &(0x7f0000000140)={'filter\x00', 0x55, "eac59432d45b1cd3f238668880487c59a084d70934fac5ad18b4bb490e07e84d73ba554deae882b20c2e1cf5272ddef3907d90a93716202416e7f1d152e0379e99093ccd73727211f07de1e13701e2340d52e7fa52"}, &(0x7f0000000040)=0x79)

2018/05/24 23:57:18 executing program 3:
r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2)
ioctl$int_in(r0, 0x5421, &(0x7f00000000c0)=0x7)
r1 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x7, 0x480300)
inotify_add_watch(r1, &(0x7f0000000080)='./file0\x00', 0x0)
write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="7f454c46000000000000000000000000000000000000000000000000000000004dffffffffffffff00000000000000000000000000003800000000000000000000000000000000000000000000000000000000000000000000000000000000f893f842fc4370dda9600ce328000000000000000000000000000000"], 0x78)

[  700.539586] binder: 13430:13434 got transaction with invalid offsets ptr
[  700.577570] binder: 13430:13434 transaction failed 29201/-14, size 24-8 line 2999
2018/05/24 23:57:18 executing program 2:
r0 = perf_event_open(&(0x7f0000000100)={0x2000000005, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
io_setup(0x9, &(0x7f0000000000))
fcntl$getown(r0, 0x9)
openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x1, 0x0)
sched_setparam(0x0, &(0x7f0000000200))

2018/05/24 23:57:18 executing program 5:
r0 = socket(0xa, 0x2, 0x0)
ioctl(r0, 0x8916, &(0x7f0000000000)="17549c475f748ab247ee3ed25c93d7f8612d3459305d3c343586268fb77830f23e675fd0997564baa73a1e8abb9f6c01b5894968e3e4c78351df6ac66fe54640c343dfba586a41858b9a19dfeb5f4006607ed8629e978d657634e83e9e1a6d3cf0bf0680360f2a27f6c30a9fb7f698a495656dcbf717e71b23905dae8dec7660ad856c9a224c3255ccd0f0afcf8a2f14162a2d33e2cdd53ff62333ac011c635164356c514f85fd8e3b172bec1ee98c51357fbc012bd8ca95cb8ac1b1214df3e4c027536564f47dd7c7f3697c6441b044ed6e837b57a6450005336292356349e6afeb0bb0725b9ed93b8d4f5f7064ba1aed75f38548b1ba")
r1 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={0x73, 0x79, 0x7a}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$link(0x1d, r1, 0x0)

[  700.623261] binder_alloc: binder_alloc_mmap_handler: 13430 20001000-20004000 already mapped failed -16
[  700.651905] binder: BINDER_SET_CONTEXT_MGR already set
2018/05/24 23:57:18 executing program 0:
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000200)=ANY=[@ANYBLOB="0206008eba6c53a4a4ceb0fffffff80003000500000000e201000000e00000010000000000000000ec823b6af0fc942f17f16e1dd0151d585fb73f3ae2675884f00d8421a4b4526c6617db50c4bbf465db62d3d983865c6981865eb85badd7a10706aa7a42024737c615e8319ba2da114f34389a88670d813783cd30e6ae304ea4f8f7eb4af3dcef87e6cde1f2c1c08b1ae668767ba81c326c4c6949f7f6febb41363024ff2b1ef2914f95dbd4065297d82453e9980c4250184bfa8eb8469216908c4afce04ece41b6b792025a88b1ae1312bb4598147f412e83ace7a848c8cd539c537869c74bf9d4e7360b9068b9b3916fb514236a157a291a8ea05bd745de3b8a11013aa96d1041d889c3c8b79a6bcb0b2d3b73f8d2eff032d4a26240777d69c4ab4603431ed75ccc828d04a903d26562f76a42ac287216ac88a7054e873cca22501fff7e3f504b3f7f41bfa39ced785d453e49e894afb3a1ae32618c2fadd96b16fc41dac5b253805f66d6573f97b355e7fea2c46cc579563748a6494e5b91cb6e6d999847ae4709653d0bdd8a8dea629c3d74c28ee32155d46c727fd5488100c8241f5bf04b775a2975657a03469bd8ee0cffca1a4e90bdf015f61ec82943ba5d63"], 0x28}, 0x1}, 0x0)

2018/05/24 23:57:18 executing program 4:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop-control\x00', 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x4100, 0x0)
syz_open_pts(0xffffffffffffffff, 0xc100)
openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x10000, 0x0)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x2, 0x0)
ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000680))
getuid()
getgroups(0x0, &(0x7f00000038c0))
openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x80000, 0x0)
ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0)

[  700.675308] binder: 13430:13434 ioctl 40046207 0 returned -16
2018/05/24 23:57:18 executing program 3:
r0 = socket$inet6(0xa, 0x2, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000000)={{{@in6=@mcast2, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in=@loopback}, 0x0, @in=@multicast1}}, &(0x7f0000000100)=0xe8)
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000180)={@dev={0xfe, 0x80, [], 0x14}, @loopback={0x0, 0x1}, @dev={0xfe, 0x80, [], 0x20}, 0x24, 0x6, 0x6, 0x100, 0x4, 0x2020000, r1})
setsockopt$inet6_int(r0, 0x29, 0x16, &(0x7f0000000140), 0x3)

[  700.775904] binder_alloc: 13430: binder_alloc_buf, no vma
[  700.781689] binder: 13430:13468 transaction failed 29189/-3, size 24-8 line 2971
2018/05/24 23:57:18 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vga_arbiter\x00', 0x80, 0x0)
setsockopt$inet_sctp_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f0000000280)=ANY=[@ANYBLOB="02000000080025f500000001b3506b3acfd9b98ee7903bab90e6dad332dd52440d3837c3000000000000979ade431441da45b157e7efcf7d33061db04846785aaee76eaca2cc203f3744c2d21e46e493"], 0xc)
r2 = socket(0xa, 0x1, 0x0)
fallocate(r1, 0x2, 0xffffffffffffff00, 0x7fffffff)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000000)={<r3=>0x0}, &(0x7f00000000c0)=0x8)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000100)={<r4=>r3, 0x80000001}, &(0x7f0000000140)=0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000180)={r4, 0x2}, 0x8)
ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}, 0x4}, 0x1c)
r5 = add_key$keyring(&(0x7f0000000200)='keyring\x00', &(0x7f0000000300)={0x73, 0x79, 0x7a, 0x1}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$invalidate(0x15, r5)
setsockopt$inet6_mtu(r0, 0x29, 0x42, &(0x7f0000000080), 0xb6e7d10d529ef8d7)
ioctl$KVM_GET_CPUID2(r1, 0xc008ae91, &(0x7f0000000340)={0x9, 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}]})

2018/05/24 23:57:18 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f00000000c0)="f20f94ff0f01cf0fc72f6436f0f79b450066b9800000c00f326635000100000f3066b91a09000066b8fdafa70566ba000000000f30650fc7a900700f01cf642e3e0f005a0fb800098ee0", 0x4a}], 0x104, 0x5e, &(0x7f0000000100), 0x0)
r3 = socket(0x80000002, 0xfffffffffffffffe, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e24}], 0x1c)
setsockopt$EBT_SO_SET_COUNTERS(r3, 0x0, 0x81, &(0x7f0000000040)={'filter\x00', 0x3, [{}, {}, {}]}, 0x58)
ioctl(r3, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2018/05/24 23:57:18 executing program 5:
r0 = syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x1)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x402c5342, &(0x7f0000000100))

2018/05/24 23:57:18 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="006340400000009d0900000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:18 executing program 3:
syz_emit_ethernet(0x6e, &(0x7f0000101000)={@random="cd390b081bf2", @link_local={0x1, 0x80, 0xc2}, [], {@ipv6={0x86dd, {0x0, 0x6, "02290f", 0x38, 0x3a, 0x0, @ipv4={[], [0xff, 0xff], @rand_addr}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "9433df", 0x0, 0x21, 0x0, @mcast2={0xff, 0x2, [], 0x1}, @dev={0xfe, 0x80}, [], "802a08000000006b"}}}}}}}, 0x0)
r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x7, 0x80)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000140)={0x0, 0x6}, &(0x7f0000000180)=0x8)

2018/05/24 23:57:18 executing program 1:
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0)
getsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000040)={0x5, 0x0, 0x200000006, 0x3ff})
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc\x00', 0x0, 0x0)
ioctl$sock_inet_tcp_SIOCATMARK(r1, 0x4028700f, &(0x7f0000000040))

[  700.879062] binder: undelivered TRANSACTION_ERROR: 29189
[  700.885869] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:18 executing program 4:
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = socket(0xa, 0x1, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)={&(0x7f0000000000)='./file0\x00', 0x0, 0x18}, 0x10)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}, 0x4}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x22, &(0x7f0000000140)=0x800000000000004, 0x4)

2018/05/24 23:57:18 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff]})

2018/05/24 23:57:18 executing program 5:
mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000000980)='./file0\x00', &(0x7f00000003c0)='\x00\x00\x00\x00\x00', 0x100000, &(0x7f00000009c0))
mount(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='msdos\x00', 0x1081, &(0x7f0000000140))
mount(&(0x7f0000000a80)='./file0\x00', &(0x7f0000000ac0)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000240)="eeba12e1b59e379c30e037cdd89ce49d4a21919f6a6d0a6a2dffd0377b6536211e68df41dbcf52b86b402c269a35788f8512ad806b3ed9431c734f0000000000")
mount(&(0x7f0000000380)='./file0\x00', &(0x7f0000000400)='.', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000340)='./file1\x00', &(0x7f0000000440)='openpromfs\x00', 0x2000, &(0x7f0000000580)="f26fde")
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5010, &(0x7f00000e7000))
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x18}, 0x10)
umount2(&(0x7f00000000c0)='./file0\x00', 0x0)
umount2(&(0x7f0000000180)='./file0\x00', 0x2)
open$dir(&(0x7f0000000280)='./file0\x00', 0x0, 0x80)

[  700.965512] binder: 13489:13499 got transaction to invalid handle
[  700.971861] binder: 13489:13499 transaction failed 29201/-22, size 24-8 line 2856
2018/05/24 23:57:18 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000001000)={0x0, @in6={{0xa, 0x0, 0x0, @loopback={0x0, 0x1}}}}, 0x98)
getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000001000)=""/144, &(0x7f0000001ffc)=0x90)
socket$inet6_udp(0xa, 0x2, 0x0)

2018/05/24 23:57:18 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="0114000000e7f9d065b076cad97c625620a5175dc56a81c8e188f9000401"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000140)={0x6, 0x0, [0x12, 0x1]})
ioctl$KVM_KVMCLOCK_CTRL(r3, 0xaead)

[  701.023845] kvm [13490]: vcpu0, guest rIP: 0x9133 disabled perfctr wrmsr: 0xc2 data 0x5a7affd
[  701.038059] binder_alloc: binder_alloc_mmap_handler: 13489 20001000-20004000 already mapped failed -16
[  701.054902] rtc_cmos 00:00: Alarms can be up to one day in the future
2018/05/24 23:57:18 executing program 0:
r0 = syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x0)
memfd_create(&(0x7f0000000040)='client1\x00', 0x1)
pipe2(&(0x7f0000000200)={<r1=>0xffffffffffffffff}, 0x800)
syz_open_pts(r1, 0x10000)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r0, 0xc0bc5351, &(0x7f0000000080)={0x80, 0x0, 'client1\x00', 0x0, "4756e704c859a668", "d0cf545456988051a7ea08af3c93f6b01af636f43fef1b8d0f4274986be74ac4"})

2018/05/24 23:57:19 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000000000]})

[  701.081119] binder: BINDER_SET_CONTEXT_MGR already set
[  701.096983] kvm [13490]: vcpu0, guest rIP: 0x9133 disabled perfctr wrmsr: 0xc2 data 0x5a7affd
[  701.116614] binder: 13489:13499 ioctl 40046207 0 returned -16
[  701.148154] binder: 13489:13505 got transaction to invalid handle
[  701.154601] binder: 13489:13505 transaction failed 29201/-22, size 24-8 line 2856
[  701.172805] kvm [13490]: vcpu0, guest rIP: 0x9133 disabled perfctr wrmsr: 0xc2 data 0x5a7affd
[  701.176550] rtc_cmos 00:00: Alarms can be up to one day in the future
2018/05/24 23:57:19 executing program 4:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000000)=<r1=>0x0)
rt_sigqueueinfo(r1, 0xd, &(0x7f0000000040)={0x18, 0x4, 0x5, 0x6371159d})
r2 = syz_genetlink_get_family_id$fou(&(0x7f0000000100)='fou\x00')
sendmsg$FOU_CMD_GET(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r2, 0x421, 0x0, 0x0, {0x3}, [@FOU_ATTR_TYPE={0x8, 0x4}, @FOU_ATTR_IPPROTO={0x8, 0x3}]}, 0x24}, 0x1}, 0x0)

2018/05/24 23:57:19 executing program 0:
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x208000, 0x0)
connect$vsock_dgram(r0, &(0x7f0000000040)={0x28, 0x0, 0xffffffff, @any=0xffffffff}, 0x10)
mount(&(0x7f0000000400)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f00000003c0)='bdev\x00', 0x0, &(0x7f0000444000))
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
madvise(&(0x7f0000471000/0x2000)=nil, 0x2000, 0xa)
madvise(&(0x7f00000d4000/0x2000)=nil, 0x2000, 0x12)

[  701.212533] kvm [13490]: vcpu0, guest rIP: 0x9133 disabled perfctr wrmsr: 0xc2 data 0x5a7affd
[  701.283582] binder: undelivered TRANSACTION_ERROR: 29201
[  701.289567] binder: undelivered TRANSACTION_ERROR: 29201
[  701.330197] kvm [13490]: vcpu0, guest rIP: 0x9133 disabled perfctr wrmsr: 0xc2 data 0x5a7affd
2018/05/24 23:57:19 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0063404000000000000000fffffdfd00000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:19 executing program 1:
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
futex(&(0x7f000000cffc), 0x800000000005, 0x0, &(0x7f0000000080)={0x77359400}, &(0x7f00000000c0), 0x0)
inotify_init()

2018/05/24 23:57:19 executing program 4:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000003fe8)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x15, &(0x7f0000000300)=@raw={'raw\x00', 0x9, 0x3, 0x2d8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x258, 0xffffffff, 0xffffffff, 0x258, 0xffffffff, 0x3, &(0x7f0000000000), {[{{@ipv6={@local={0xfe, 0x80, [], 0xaa}, @mcast1={0xff, 0x1, [], 0x1}, [], [], 'ifb0\x00', 'rose0\x00'}, 0x0, 0xc8, 0x110}, @unspec=@CT0={0x48, 'CT\x00'}}, {{@uncond, 0x0, 0xc8, 0xf8}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2}}], {{[], 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x338)
close(r2)

2018/05/24 23:57:19 executing program 5:
r0 = socket$inet(0x2, 0x200000001, 0x20)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21}, 0x10)
sendto$inet(r0, &(0x7f00000001c0), 0x0, 0x0, &(0x7f0000000080)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
syz_emit_ethernet(0xfdef, &(0x7f00003f3fd5)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1=0xe0000001}, @udp={0x0, 0x4e21, 0x8}}}}}, 0x0)

2018/05/24 23:57:19 executing program 0:
socketpair$inet_icmp(0x2, 0x2, 0x1, &(0x7f0000000480)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$IP_VS_SO_SET_ZERO(r0, 0x0, 0x48f, &(0x7f00000004c0)={0x11, @dev={0xac, 0x14, 0x14, 0xc}, 0x4e20, 0x2, 'rr\x00', 0x10, 0x6, 0x4}, 0x2c)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = socket$inet6(0xa, 0x80803, 0x3)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0xffffffffffffff9c, 0x2, 0x1, 0x10001, &(0x7f0000000080)=[0x0, 0x0, 0x0], 0x3}, 0x20)
ioctl$KVM_KVMCLOCK_CTRL(r3, 0xaead)
getsockopt$inet6_int(r2, 0x29, 0x7, &(0x7f0000000000), &(0x7f0000000040)=0x4)

2018/05/24 23:57:19 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff]})

2018/05/24 23:57:19 executing program 2:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'vcan0\x00'})
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0xffffffffffffffff, 0x7, 0x1, 0x3ff, &(0x7f0000000000)=[0x0, 0x0, 0x0], 0x3}, 0x20)
ioctl$SG_GET_NUM_WAITING(r1, 0x227d, &(0x7f0000000100))
ioctl$ASHMEM_SET_NAME(r1, 0x41007701, &(0x7f00000000c0)='\x00')

2018/05/24 23:57:19 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000100)='/dev/dsp#\x00', 0x1, 0x2)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000040)="c626262c8523bf012cf66f")
ioctl$int_in(r0, 0x800000c0045002, &(0x7f0000000000))
dup3(r1, r0, 0x0)

[  701.389869] kvm [13490]: vcpu0, guest rIP: 0x9133 disabled perfctr wrmsr: 0xc2 data 0x5a7affd
[  701.415863] kvm [13490]: vcpu0, guest rIP: 0x9133 disabled perfctr wrmsr: 0xc2 data 0x5a7affd
[  701.427322] kvm [13490]: vcpu0, guest rIP: 0x9133 disabled perfctr wrmsr: 0xc2 data 0x5a7affd
[  701.491977] binder: 13555:13556 got transaction with invalid offsets ptr
[  701.512148] binder: 13555:13556 transaction failed 29201/-14, size 24-8 line 2999
[  701.557661] binder_alloc: binder_alloc_mmap_handler: 13555 20001000-20004000 already mapped failed -16
[  701.577188] binder: BINDER_SET_CONTEXT_MGR already set
[  701.585232] binder_alloc: 13555: binder_alloc_buf, no vma
[  701.590919] binder: 13555:13570 transaction failed 29189/-3, size 24-8 line 2971
[  701.597363] binder: 13555:13556 ioctl 40046207 0 returned -16
[  701.628470] binder: undelivered TRANSACTION_ERROR: 29189
[  701.641599] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:20 executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={"79616d01000117000000000200000300"})
setsockopt$packet_buf(r0, 0x107, 0xf, &(0x7f00000000c0)="f8f550e6", 0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffff9c, 0x84, 0x70, &(0x7f0000000100)={0x0, @in={{0x2}}, [0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}, &(0x7f0000000040)=0x100)
r2 = dup2(r0, r1)
sendto$inet6(r1, &(0x7f0000000040), 0x0, 0x0, &(0x7f0000000080)={0xa, 0x8953, 0x3, @dev={0xfe, 0x80}}, 0x1c)
r3 = gettid()
ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000000000)=<r4=>0x0)
kcmp$KCMP_EPOLL_TFD(r3, r4, 0x7, r0, &(0x7f0000000200)={r2, r1, 0x4})

2018/05/24 23:57:20 executing program 2:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c6263e2c8523bf012cf66f")
ioprio_set$pid(0x1, 0x0, 0x4001)

2018/05/24 23:57:20 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000580)={'bond0\x00', <r1=>0x0})
r2 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x40, 0x0)
bind$packet(r2, &(0x7f0000000100)={0x11, 0x17, r1, 0x1, 0x795, 0x6, @random="14b1074c6f8a"}, 0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=@ipv6_newaddr={0x54, 0x14, 0x509, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r1}, [@IFA_CACHEINFO={0x14, 0x6}, @IFA_ADDRESS={0x14, 0x1, @mcast1={0xff, 0x1, [], 0x1}}, @IFA_LOCAL={0x14, 0x2, @local={0xfe, 0x80, [], 0xaa}}]}, 0x54}, 0x1}, 0x0)
r3 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x8001, 0x40)
ioctl$KVM_TRANSLATE(r3, 0xc018ae85, &(0x7f0000000080)={0x10000, 0x2, 0x20, 0x8, 0x4})

2018/05/24 23:57:20 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff00000000]})

2018/05/24 23:57:20 executing program 3:
r0 = inotify_init()
r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0)
inotify_add_watch(r0, &(0x7f0000000080)='.\x00', 0x80000002)
write$binfmt_elf64(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="7f454c46000300000000feffffffffff88a58f2808000000000000000000000040000000000000000000000000000000000000000000380000000000000000000000000000000000000000000000000000000000000000000000000000008c0dbe2b9021000000000000000000"], 0x78)
ioctl$sock_inet_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000000000))

2018/05/24 23:57:20 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0063404000000000000000006f300000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:20 executing program 4:
r0 = socket(0x40000000012, 0x3, 0x4)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x280000, 0x0)
setsockopt(r0, 0x114, 0x6, &(0x7f0000000040), 0x0)
setsockopt$inet_mtu(r1, 0x0, 0xa, &(0x7f0000000040)=0x7, 0x4)

2018/05/24 23:57:20 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000100)={{{@in6=@local, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in6=@mcast2}, 0x0, @in6}}, &(0x7f0000000200)=0xe8)
sendmsg$nl_netfilter(r0, &(0x7f0000d65000)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000000000)={&(0x7f0000000240)={0xfffffffffffffdba, 0x5, 0x1, 0xffffffffffffffff, 0x0, 0x0, {}, [@nested={0x0, 0x4e, [@typed={0x0, 0x6, @uid=r1}, @generic="ddea8da9e91a26f66c8ac739d6fecc74e2d3d4997deec64c574dfa04e702e70de4194345cd2c4b7c7b98157bf2b0833d10c410580ee22f26eea06fb5232713a939a0fc5228c1430b0bf78cd2d7a4fdc2e9dfc4cfc0dcbc628f98e07314d808d4235c0b0eada09709a058a884f9332482bd93fa816cc8afdbd40f5927"]}]}, 0x1c}, 0x1}, 0x0)

2018/05/24 23:57:20 executing program 5:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000600)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000028c0)="b7f2288a933d559166593ae164c990a0", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f00000022c0)=[{0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000340)=[@assoc={0x18, 0x117, 0x4, 0x9}], 0x18}], 0x1, 0x0)
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x40000)
write$binfmt_elf64(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="86454c00000000000000000000000000000000001f00000000"], 0x19)
readv(r1, &(0x7f0000000680)=[{&(0x7f0000000280)=""/129, 0x81}], 0x1)

[  702.488876] binder: 13590:13592 got transaction with invalid offsets ptr
2018/05/24 23:57:20 executing program 3:
r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x3ff, 0x800000000000)
r1 = creat(&(0x7f0000000200)='./bus\x00', 0x0)
syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x2, 0x94200)
ftruncate(r1, 0x8200)
r2 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x1012, r2, 0x0)
ioctl(r0, 0x40084149, &(0x7f0000001f64))

2018/05/24 23:57:20 executing program 2:
r0 = accept$inet(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, @local}, &(0x7f0000000040)=0x10)
pwritev(r0, &(0x7f0000000380)=[{&(0x7f0000000080)="3fdec1fe5d26ddc9312542d5ac7d968288b1f3bf0b175a3989a7887de3b203ba5f985e7c05d3563ca13d3bbd9fbcdd2be252a1057f3e000298a6165f468be69fd00048dfd675662509fdc8c4685f0fef9bf12b99bfab5c358737dd7986d923f1e8229f417cdc12232eb214eec136bc4de17d9761ab0c3a190c1a675c3ea64b5969716762c8172d5e71aacc7a930d7a7615f0574487bfd8bbd81b3e65b632155c34af807a87ff9ba5242abb45a8", 0xad}, {&(0x7f0000000140)="30a53aa5e4d467f5b948c01281d2e8216422bcdf62962bdaaa480f1c0561e94c4fb5e00a4b9ba0768b183429e201fc2e69ef97e816ef041ebfc950a2645a9c4540bd6a36b06e388c874494bc4c3269520eb04ff5dd55acbbf29c7c8f6be1a9f7d7949e73b64fd34614ef2d89c18d9c707a187b0e42dd619901924d7cc10c22d66fe60cb2b1abe259055094b869888789f7f4", 0x92}, {&(0x7f0000000200)="85e6713ff7b2c144e9c8d5e4dc3213e393644221700b7eaca27a26cf2c3ed7c490bb8fb02890ff0edfc684cda6593a1f9573809024e4dd088bdb53da3c5d3947fef679b6663aff7af7cdfa92611c4252edbdfe24ce6997d70734b115cecb74f4652c08b6d9d7bd5c48a91c580dece491fdf3c5538659db2be8f0a5262f49715c3678eed964105e91693c274d9b783293ea15d74c712df30aff464dcf39ac79a53aaaf77ff4398ece4074c6ad043dc694ae3d931b0a4e9ea4f0e3b8dc502710b6d2ee1537", 0xc4}, {&(0x7f0000000340)="e9cff74877", 0x5}], 0x4, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0)
r2 = open(&(0x7f0000000780)='./file0\x00', 0x400000, 0x100)
getpeername$netlink(r2, &(0x7f00000007c0), &(0x7f0000000800)=0xc)
ioctl$TCSBRK(r1, 0x5409, 0x0)
getsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f00000003c0), &(0x7f0000000400)=0x4)

[  702.546615] binder: 13590:13592 transaction failed 29201/-14, size 24-8 line 2999
2018/05/24 23:57:20 executing program 0:
r0 = socket(0x10, 0x2, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x5, 0x4)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f000065ffa8)={0x26, 'hash\x00', 0x0, 0x0, 'vmac(aes-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000100)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x10)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000140)={{{@in=@rand_addr, @in=@local}}, {{@in=@multicast1}, 0x0, @in6=@dev}}, &(0x7f0000000040)=0xe8)
r2 = accept$alg(r1, 0x0, 0x0)
sendmmsg(r2, &(0x7f000000a940)=[{{&(0x7f00000026c0)=@l2={0x1f}, 0x80, &(0x7f0000000840)=[{&(0x7f0000002740)="ca20f25cfcb0319018fa45ed31caf253bc46290e20459a77fff2087c78e2a1f18d3a329cb14449a8a993a59868c2f863c580f0f426f199fabcbf8df07efb1881642eb1e28d408965abcad63381c9eb004998f0fdbf", 0x55}], 0x1, &(0x7f00000028c0)=ANY=[@ANYBLOB="58000000005a242031b5e67b72d5b0b4bf735fff02ed0061dd53d79fd16bd71a69ca5b427ad27f4f1660968aab27211d3ec3dd09cddda000000000000000c022910ed1b4c45e331a56f9fab850"], 0x58, 0xc7c4da4e2ca32cc1}, 0xfffffffffffffff8}, {{&(0x7f0000006200)=@pppol2tpv3in6={0x18, 0x1, {0x0, r0, 0x3, 0x2, 0x1, 0x3, {0xa, 0x4e21, 0x2800, @mcast2={0xff, 0x2, [], 0x1}, 0x4}}}, 0x80, &(0x7f0000007600)=[{&(0x7f0000006280)="028cd0b6ae668a337e58c20029f7b2c2dc47e9061551a96ef277e1b1996c6ef4e37b4f9b4cfb2fe25b3d18e5b153319b3d9b7ed348688c74955af0cce9eedf96eb9a7ccd40afa40769643bb498539e48bfc3d631dcbbe41003df17469bbf0c4f4c45b47f681a92b7e0ef7575b6212309ac72954f7b7314a28bf13485fbc9b6ea1d34413273ad07ed8ef0a070f7e094281ebefa8e30a6dc1d58891fd0726dcb2f100058696c523241186fed0dabeff8332f9ef14986aaf12a8b11223f77bd4d6b07", 0xc1}, {&(0x7f00000063c0)="1e990f818f9ed087337753e1f828b288aee947e2da4de770d17d1df15a8c30aea4f544b8148810dc9923c712e25a00886e5481554fd0af6f97cbd851", 0x3c}, {&(0x7f00000064c0)="ba1bd0c77196243b5ca32a4fea937837fe18a31ad9c00af82b43bd1b044079199e7598ea5f72d9da21caa3277a2bf3c7894620bc83716501da0520ad951b6edfa2ca26abf9e8174d8376cd905aa9f9f7fec99effd5440d712f353ab1395da41911eec6764e6f3029", 0x68}, {&(0x7f0000007540)="abe1f155917f6c1c4f380617fce9105cca312fd2f5f343029bc979f7e7c29b9dc8cab3ce6880b61194be7199d9dda68cac1654f225015bbbd1b41a77578bf8d1207fd73e4b2e7bf437ebbdfe075613d8e6254a2d1989489d8abc6dde4349d2de915957a954baf861edb21a7f4ac22828c88029f60d1d9452a2f9c87d2c5824e59d4415562682df9adaa6b098fc52be985ea1b8a086fe3d08b6df34bb5a9b5e14aaece70915edc0ba1875dd", 0xab}], 0x4}, 0x4}, {{&(0x7f00000078c0)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(xts-camellia-aesni-avx2,rmd320-generic)\x00'}, 0x80, &(0x7f0000008c40)=[{&(0x7f0000007940)="3c7a9876efe247d01eaeef621c986a0c353ab5cd44b8f91c3037c39fba8735c6903bb337113bfb", 0x27}, {&(0x7f0000007a00)="992ce1644c37ef73ef6236b2682d505dbfcee833f051c4bf0a49b4b60c09483c5dbff11acbc69962ae03d7c4b25bb82e6a08e99b83b888c9d3aa9339d2808c8d1a808dc7ae85b2e3b6a66620adf1b8c621fa6eca76e5", 0x56}, {&(0x7f0000007b00)="4ab0d6e006ef4a4f1e768a6478d29997f69a900f6282c3362d0fab7ef49b2fe7746d8e3e8b578702bb2c3bf099a70537bdc1588f0796882e760ee82a5e89c335541b030aee6693cc46a7d879eba6f9567e33c310540304c24f9abc1cbcc263a7cb66f507248f3a219c85915ff4f77c836c38d325688701d640cdf14a5b567f4b31f9a9421c707f28b9b41602dcf5715526bfbc085383d9edb1907d33561740d6e39d926b1e80213dd25981fc3f9024a8f63822ec428621a479bb517b31ff208b37f3fb7a86d191ac01919ba9461c3ac20aa8a92bd5c844952b239f355f660d3e0f7a53144df944ece9fe27", 0xeb}, {&(0x7f0000007c40)="719ae9937737bd31e72e15696d207f0c82bd2b1e90e83574386a34b13aa725eb9608ba54e81587711dd70ba7d971a67dfe2e596d57b7c75281a2c9f3589b3ffbd75d73b439628d6d835194423ea7c32a48787bf61db0e9dd37e22ebca5a943a0b19729bf473d2220c388d6a754f3b43077051959c6d6b25047490a30e8ffeb4041d70ad7c9102d78875486ed906391ea9d74aaf9c2aef76fb84b566fb3d5f21ccb886fa547c0a85d486889550a98ba67108dee717d2f43e1b90bce89741a4d1e37a6b9ecb38086dea9a1503c9f45f08cacaba340f1096940eeff04c3c22e519d1c5c6243a8ca3d9acf5a05e303324d7fc7a658bd2839b7d1494dd3a0da14c579b1acac39eea09fab8e137c67b1d92f8d5ee77f2be3c9607e34f82ad348972c3d2674272ada3d78e0df27879ea7a726ffe3b38b3ec324fd11a226bdeaa29cea71d6571c8896c8e76556b3fc8e0f1908ea88aa7cec394b5d769af00702a551c9a43bb4f6446e09fa99b318e81d06f5c8ba2a150ffb59df33bdb0d2eb596b8b21c4dcf5fab488ae4b1fde85d562b8ebba187b3271b2dd00ceefd1165b1c75bfda9fd2c8d233bcf7021273c339bd03801b99f54574159f9e3edb2158bc8c5acde754232c49b0d524faa9d6c02f5dc496b7d3b0969bb16836edbfb2ce0ad73d7686bd7df706f9bf3d3b63e9311c7542eae705b31f3957b5fef0fd57d7ae88bcf1e4ddfcfbfc6ffeff1d5563b46b54c118e61ffbaeec3d5d9696d8ce7a5602885653eadfda197f4c6f00547aaf7efc65f499bdd9d0bb43649c4820890bfd4fe23dd34a9f1813f24b01347864b674b72f8e86e8985d620681db354eef059eb3c32ead7984713ef424f77c45a4af597423255d4c6166d3872ca47e3204e7ca23c52ce05ec2e56af811e0515094bc7ac4cb11081ff33663526b5001ccc2a7792efef8e69275efe6aa146a6e5141665999c439e922174ebef0e3a6d43af5a17fdf664620cd311e05bb52c2be0263f80011800efd5f5a3d851087887541f3e1f1185db0d6f9aaba6d64c195af741339bb9a3bcf60243128f0c8a7b7acf3ae3fa0cf4a3507b38e22c581185e5c3965e12db8217758f46aea6d799e41e0d660323ee06e0f371dc6b49aa0bee4743f791eb6f64878e3ff95821a0b88b5afef547f72412ab692b61a3b14640ea237177b8eee01822fbc9bf0f7d63c2b02d27dc538574ecbf4083795449650a72087c3626b6c4f8df3bb0c60049d21bd8575b13dcf83a10c506384c08890adc5a5855e5a8b8671cbec2cc4114e232d1d0ef2f37752a61c61b582df7710bef91a53b5577fbe36884706e26f3cf2db1ff671e008424869feeb8edd25d60e922dfade408853debf86d42e014be2401a5e9b857f6fd44f516b9ca1d3d95554f10ebfd2a853c7c943a90318c9522b1b6c4a658f84818b6e563159156e33ec045badc0aac91fb6e8fda44f66cffcf80238651f56397e92216e878509cc7c21b49b439e99ebb7979090037626e2e7b4616502d6aba4270e84f6f46cce3660f79c7cda48c418992070f4b52b12bc46d55493c963fe9f8eef2917abf3660cb997ed66d53b49583632318c1867b21304e68282f4e63ef8553eb86ef4a6e0dd9ae77a83e991bed9f060bbcbe896a50d3c557cccf54a0dc60e6958db68ae9f36cbdd25406e2e518757aaeb09d6abe89e1b3dd9173fd550a2a55c1d72f9b7f57f66e07ae7001672b685b79bbd8c2449da3f8baa96bfd1781145701d0284b3b58dc3304d392b3eecd6142b4f141c7ca5c1c60fb9a65c5ec09e6afb40f741a1eaaa3e4212c680b5d3e1c6e7e4081a6a43378681aaf43f5495e4bfc136c763eb6f33001bfdbe8a27dd589d769233ee96836926b9a7c423cb13dadf9889a8edb34d1f8da221c627988620b760ca1e31c3ccf26889e7642391f4b7c7d9c13f3fea33c54a689bd5ab27c03804701de238224c5b76a4046705171c1fb8697011fb289ed0d9b8802240d95b7e7274f4afb66d89e0731d02850c9f40ad2d70d3fcf69e285b287869e0da988124419d585a5d986a3a27c2b4616b7101cf4d8f023ad4cab4203360d42abe5f5c140410c86dffec7302e06b7e9ca5858c23f3553a3dc9dc87cd9bc71c575b6457d66cd1f68ecd70df799e12547a563a30e04d66d26b75d2ff8538d6ceb3c1b013181d2931c93f478359e7311e32bcf295dc230f51e3f3a948680d9514d7ee1d951d379d80bd9c92ecbb1641355c590fa74c2decc7fdd0906a5dbe7babb584f67367a2a9db32ab057ca04ba90e6c2bb71d08ab26b7fc784632ffdf6ce49525cd5b146dafd6658fa6ba30be4da000f501613eca26dea56842efc87c2b4047059e03d4b748fa7388210b86843b1e83f9eb7d838cf66ae91b85a4e9d71099dccdd0b8dace9e658828095a6e317d0b3343d93810146ab5034dc4a424d11429899db4c938017f1b1aa287deb806b6e2c811fc58b252bd7fbd13dfca0ee95aee672d635e7d84af2022d36feac423179412a1692a6640c5ac5f3c6ca6aa56c452c3a9a8c2888b396fa8175d701ac211ed0d881252b8743b9b2b8134c6ea3962181e492fa91b94bfccdd073d8387f4b72cd4a9672fda8d559f0470511fb0ec637a619a46e5bc787c01e47a7551306d772108144495de62e3a11dd495b0bbe25d708f21ff99e3f0902fd266bb7db881896124eabab21ad5a4773a51ffdaba4bbc0b2b28d25afeb45c5acd3becab158224ef63131979e26d40f1e727d6409829a601461b7f0c34e456159bace8780c73be75bd6dc2877fb38fdea4735bcfa5d7cc53b75a03113c80314dee26991f1bc8d67c2ea0b9d482a1729116424157b87186d823a16c7aca26476c362b9cbf3e2becdffa076e118ced57ab17c1fcca133c8cf76eaa238d6c03981f0af7a7a7ce6d0a25bd35aa780f178d744472cb7da47b963cac6ce52657c93da89a17f436a656b7ffbda3d5539d70cefc96ba8f0b1e4f100f8738013d9bac84e36d7550cabec241ded19bcb2633234ae876b679fb8a073c2be3b8275db30794ade06458ef98ed008f2c82b7dbbdf24173237baf248b4e966150427fd7eab8566113cc3dbaf0fb8118653ad01f88eb7c5a2a5ea64a69902dda735a87801b8c49739deda4768b4238132dfd3988b85b9b528de1dee8577957549a8bc9d7f52f89f56e4b2d8c8df278cd48b9bc42dc635fd6b53016629b46091e82cca38e8bcb9be619384ec8dbf38f09d10e1ef007c1903088bbcf86964ec4c8adcbbf48df2b52dfd3201c6afb9048bf3a47e233a2d7b99c6dce9ccb79e39694c272ffe27a8e33a716cb5183835a5e5f4da8c497791449fbbb7ae1022000441f2c210253d74c91f1d006a4532e35e323b0f063677e6059e31fda1cfb21821404877a5e53b16d92f2ffd42794be9cf549b3f50be0d1eea3c02e152b4328fa061ed85c2cd3707cbf1f7b60fe3618427a6a0bb7715a653f575bd264eceea75476e2b3ac208c9805ec61d4a0afd6b8e1b236eeb8ef65e3ff2d6647339e6059e9b2c7352c971c78488b6db9495e9769e1da7c3e543de3ad9aa6c3466d25e7d74afea3f51a13bbf738bd2d12a1db2be5c0366c319b4586fbccbc830df078e6f182f5d625511b53d45dd62bdc7034dcf955c382366f533ffb6f09f7522fefc141c8e3ff1a3e591fb4d324a7c307edb794505fc4347c478184ec204aea582309f40a338100ba238fbdc0817f265839202d0ce03f279b338e402ef8a8b3ccd1b890ba2d51ced47ecf6b168063dac781ea682ca8d23a31f36d6b3fe2d765ca52cc1055d8a1b5981c62a90f973dd7224bd299e0f9c4c1aeafca433f7956d90b6b1d85295201a30cf50c06e922c4d0232fabb0e832477e7ed354afe2ed63184e9b3adef40c95ee1615a26d78ac0dcba022364d5978df4aec08540fb9bcaee8686de9e5ff422abebe2c289b03fbb990842816e3586264dec53a9ba77393e78bb8eb45bc139aaac7b81c6112443f5971b2670429299522d45ed9d3af6fb0630dbb588b5551aa5d0dff47486e8565774380bb7db4b9952bb8d680358314a9d9d8d96a89fe9d6ee190d80ad34c20d239823920fefd841405901faa2a504ef1093bf6ded06ef2d58d0ae7e313ba930ecbc9cf36cc48d8796899b10820a624b3ed317793fbceffc06a4539146dfc9fe7f9a3b74ed6276eb4254a7a309577f20a53b8b9256cd3de0026e5c4028717d5304a5c7e5f9a53684c03f20673736d60cd429fed1e502dc5ecb9c2dcd284c142d5ed383fe359d6d43dc08bf9f6e7901038db22f6e34b305478513b77c078d1ced9380fe79f862c5f694ee12f199267f35fce1e7d72cf6a593a1610fe52d2a094d567883b8fa3276e498863b61eff6040aa878c1013c0eddbf1ca4e6b7b521b3adc6aad6b52c16c30cde9b24ae3f4e31549ace5686793c7b25d8a46cc92776e4041bc7bb4044f49350aa07dd65e069f08a4e02afb1f1181f25a3a56ab727e88267acd796fd3d82631740cfd5e26df82c38b61fbb89078952cd894a7f3d0bcf4cbcc76f41f2e274b2dc3f5e78cba98591cead151c6c042e15aefb5df6e09ee56f87231abf1d95278b31d27c1185242b60f7ee3162d36ef5481ba1ad771d6de89edc3a80a20d8877dd69827ebb5493ec3a31a3bb88a0cf3afae75f359a75ca0f7274d10fd6ec97d2b2a183a00eb4103b74a25b2437a0524af7e610d5bd63b207c8ab830f14d2823b79da1b994e35202b58ef7edb623756d973404389e79588b780d4e7627af46611a66bb3bb757bf8b0cd8e8c5d31a5537c1af5a8ba8de727ff8deceda300d7f4aeb2a173b50816739eb0128cc7466fac063e4dfd1589937714ade62159291ff493a16142f99307e22ee398a8788d1fa2829d08f820c44a79564e83bcee1b63544322a58906a272853d09ea4a4505ea92dc5b90f54cdf16006b92c566c0b71c5bdc7f55f80d48a985a3c4702ad288ac247454e41280ea42b0cd6c4db47b34dfa7fc8cee954cbdf917d033ddbf51f9d1ca6863d40dd60ff2246ddaa9cbdf20661336163d3c06d893dd393027a05c923da9c5b2c50fefe027258d9e8948130a214588dfc815413cf4aa98049cc571d0f9e56e8a4566395676814448b7b302d997d4b41d5f58f329561e99bb0e8716c0bfa77b592b8f6b377d09059e510f7ac72a181962bfe3cbac171da7257aded57a3dce9a426402739a35408cdc169b007040a222fad6c4387779997b1f565ef26a551ed252be1639a14839a5ccba337f2da936759f6b941cdef388aaaae9521374949fdf78fb59e5cfc9f9794125a1f5955aef262cf598d2b2cf8ff0f5d0c80682a8346af222fb62b47082181b6147b1cfb62e879ba5a3e863584aed06226d60043c68faba16290479c9c8648cfb3cf144ec467d34a33276a1b987c63c77cee84b349428d5119b32e777793cc053326f7a3765350785411175145286757ccabaf679269d9481659c5eaaed49643f2d678f5971b2c81cb4119dfa62cb85fc633bb398c2cf9b7c84e378e355811e9c0e6df368826a2cdcdb8e2f47b88db7f985372b1975100f7385913f6e1ed642a879e3a80c6948645dfd50b8ca50996c5ae1fd47c71a25633e50bbce00212a4ff6c8d9e6c066b53e06798ba5a9f8f734490775247125417b3826120406e31687988c62eb69435270ecb0620c4368b98bcdecf86531612d742a1b227629d42de72739e126774bd5dc451c8e7aa69f75a0b3d9d4d17248bb8083d66832dcae9970c30088d3688f9ba0331cdb870f06c24ed74042ebd7b8a21e3", 0x1000}], 0x4, &(0x7f0000008cc0)=ANY=[@ANYBLOB="08010000000000000701000003000000dbb851c8b3774bc317a01eca9dc38d70d89898e4bcfe0bd71a108beaf975833c3deaf4c9a88016ef3d23911ae0c3f4e98d039bfbd75c673604a974cd034c026de6d3907545bf4385292ac1fa4f3844619944635599e93e27ecdd6a45c6c2fe433078e07f7d8272490a56bcb875972c2d6751d73380886fa28eca5808847f7e0dcd59ddb0de5a7a70ca2c11c931afb43a9cb2e290213367a4fd3546e9536aef49cf5812a26476fcd028983af12e7e14199fc3bf3991fc9a54e47ed4ddb081c5414d5f39fb6f688c95c947d9b9894b5443a16d835efa40a980a6ae4f082dce8eb2e62d7f0e235ba704e21d007db5ac3d1baf3089f1e4000a00d0000000000000001d010000020000006d3b94b7d102cf3ed2074765211934bb6f134852e25569387b6a1675fc18377e11b48f7f1c0cc9379b737e6ff86f48ab1d5975755e001334c4e9d1d6fc5484347c2a2058abf4db16043993e1e1cedf503c42a91957dc804ce998630e0eff09c2f63b11fab23cec2b9d5a24ba85cdb126d715210b54ff83c0c9f2aa4f87ac9e197c5a3521ffd32d1493f0ac7a52143fdcff5c1b66038c268558fd381e820bec9ab56f75849d58856e49500379e1bfdc4332af597da765738b7fc4000000000000e000000000000000ff000000310b0000500d873f96c268be459453895c46f6508962097fc9383a02d14a0c63af85212f81693046e54f57f598381f3dcbc1e81dc760a09aab73de405c745f7ae2367fa6e2433a3778f03a3a2b94327cca5ac18c1a968590b73a668a438d1e5fd71e237af7117b856a4b93222c3a5f5d6ed5d901dfcfc4592eec9d36715b94364701c6864da8902f02a2bc64f55799f791803ac6f3e055b85230fc95984980796a5e6ac35c4bb451b64bf488e2b40d463a707a4001f6250a6dbc8fa6d17c4e19958ab8895347a0969ca832203e61699000000000"], 0x2b8}, 0x8e6d}, {{&(0x7f000000a5c0)=@ll={0x11, 0xfb, 0x0, 0x1, 0x0, 0x6, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff]}, 0x80, &(0x7f000000a8c0)=[{&(0x7f000000a640)="b72ad7734cb0e3f724fa0982b0f3f9b5fb83736d0b47a5284a04a3c763dc88c6601efbe521dbc07ae31a07f5c003b48a3e4674878c2a386f8f967cbde22821e52f52e9699c7fc74847252c73bae031a0cff83ee835050a082efddf", 0x5b}, {&(0x7f000000a740)="fcaf9c370b9c5ea58598b81dc92cc00a1ea08684f66453a995a94176c40a3586bcf91b2d7662e1d304fc9b805cc199aeee3b33a64b4c04adac0e52ccfefbe852754d27a299bae4c9a07eec2a108af16ff40c8b681d82f03dbad352fa1de1fad515bc06ba3bdc0dd00ca4a2cef959d809977ad83124dbcb1da9c601b9c2662d6ae0eb9f5d5e9e1064841e9f92e78653061f77b12eaaf588886e038c97be8b33b8a6744fae4fac4be96768c6c33eb6ce7ba947cb063736", 0xb6}, {&(0x7f000000a840)="f24f5fe1e0c277ba934c792abffbf737efe0de1d8707f69cf0598e41bd434ea6f9a2f9c30fb84fa6a59e58729e6e473e23c1ee164efbc6e179a486154c67b0b37fc11a37e24dd62515937cd36018f4c6bf937a47491ba82a24c55751b2cabec0", 0x60}], 0x3, 0x0, 0x0, 0x4004044}, 0x3ff}], 0x4, 0x15)

2018/05/24 23:57:20 executing program 4:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup\x00', 0x200002, 0x0)
r1 = openat$cgroup_type(r0, &(0x7f00000003c0)='cgroup.type\x00', 0x2, 0x0)
write$cgroup_type(r1, &(0x7f0000000000)='threaded\x00', 0x108)

2018/05/24 23:57:20 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]})

2018/05/24 23:57:20 executing program 1:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
capget(&(0x7f0000000080)={0x20071026, r0}, &(0x7f00000000c0))
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x8000, 0x0)
ioctl$sock_netrom_SIOCGSTAMP(r1, 0x8906, &(0x7f00000002c0))
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x40, 0x0)
sendmsg$nl_crypto(r2, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=@delrng={0x10, 0x14, 0x1, 0x70bd27, 0x25dfdbfd, "", ["", "", ""]}, 0x10}, 0x1}, 0x40000)

[  702.593174] binder_alloc: binder_alloc_mmap_handler: 13590 20001000-20004000 already mapped failed -16
2018/05/24 23:57:20 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x202000000802, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000f68000)={@loopback={0x0, 0x1}, 0x800, 0x0, 0xff, 0x1}, 0x20)
recvmmsg(r0, &(0x7f0000002fc0)=[{{&(0x7f0000000440)=@pppol2tpin6={0x0, 0x0, {0x0, <r1=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @remote}}}, 0x80, &(0x7f00000018c0)=[{&(0x7f00000004c0)=""/225, 0xe1}, {&(0x7f00000005c0)=""/143, 0x8f}, {&(0x7f0000000680)=""/213, 0xd5}, {&(0x7f0000000780)=""/4096, 0x1000}, {&(0x7f0000001780)=""/187, 0xbb}, {&(0x7f0000001840)=""/106, 0x6a}], 0x6, &(0x7f0000001940)=""/168, 0xa8, 0x9}, 0x9}, {{&(0x7f0000001a00)=@generic, 0x80, &(0x7f0000002f40)=[{&(0x7f0000001a80)=""/122, 0x7a}, {&(0x7f0000001b00)=""/136, 0x88}, {&(0x7f0000001bc0)=""/37, 0x25}, {&(0x7f0000001c00)=""/242, 0xf2}, {&(0x7f0000001d00)=""/27, 0x1b}, {&(0x7f0000001d40)=""/244, 0xf4}, {&(0x7f0000001e40)=""/208, 0xd0}, {&(0x7f0000001f40)=""/4096, 0x1000}], 0x8, 0x0, 0x0, 0x7fff}, 0x9}], 0x2, 0x0, 0x0)
connect$ax25(r1, &(0x7f0000003040)={0x3, {"567be72fe73182"}, 0x9}, 0x10)
r2 = socket$inet6(0xa, 0x802, 0x0)
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x8c082, 0x0)
sendmsg$unix(r3, &(0x7f0000000400)={&(0x7f00000000c0)=@abs={0x1, 0x0, 0x4e22}, 0x6e, &(0x7f00000003c0)=[{&(0x7f00000001c0)="f4b2755f805e1893ea11669d862eb404e323ab7ebfb698eda9df7d0725127ed77ecf77bdb41bae26149ef742e35f57fa86cad7ac4066ae720ed060ae64f05bbd2d5023fd15c556d042b735917bb1405ff435d1a12323635b219dc865c63e8f0bdb9dceda4e4ad2efbcb6adc5bfde5f381649c2dc34cfd2a5a14ae8071a70764fa68fb3db3787", 0x86}, {&(0x7f0000000280)="7019ccec118d6f347513", 0xa}, {&(0x7f00000002c0)="a51a73e9216fedf8cf1aed62e9992c9d51429b96737e2771eaa5b00bd25f6e9aff20c60c70e810cca43688f23678f50edd3720f9fe8c8122de949e4898b808f89012a1e7f50b04d317b36744c8e8e2519b5d18bd20962c012a2d5107d4184a03bb7ae077bda2ff728b98d1709df2e0291fe33a218aff09528eb60bf4efd3f3d40a1fdf45fe56778e0743f7e00c4666640e24d9c7a83e4a315b78f381e070c3c0cc52fd9bf03b39bbf10eb2de08279b29cd595bb798fbe00e31aef44d2c0c9a72ec81baa42c40866eaddc00fd9ea7fc6f", 0xd0}], 0x3, 0x0, 0x0, 0x4000}, 0x4000000)
dup2(r0, r2)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f000088c000)={@mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x0, 0x0, 0x80000000000041}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000040)={@loopback={0x0, 0x1}, 0x800, 0x2}, 0x20)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x400240240, 0x0)

[  702.705309] binder: BINDER_SET_CONTEXT_MGR already set
2018/05/24 23:57:20 executing program 2:
r0 = socket$inet6(0xa, 0x2, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r1 = socket$inet6(0xa, 0x802, 0x100000000000088)
sendmsg$inet_sctp(r1, &(0x7f0000959fc8)={&(0x7f0000000140)=@in6={0xa, 0x4e21, 0x0, @dev={0xfe, 0x80}, 0x9}, 0x1c, &(0x7f0000002580)=[{&(0x7f0000000380)="e7ccee3c0c5d2a5e24d83b46be7d2853a1aa8f16675eba1691f282b45a22ab55b858f1cc5745416fa7a39b9cf0ee8557f142c8d2ac25319e36d49303fb0f542afd1f1400fcf25c559727eecbb0f2959fe07e5f301fff382fb8e53780f9550e90a3cba5a0160d1d39eb6a2f7d5d72a12268aae49b73dd2627d7579e3b96daf686ff2482bdb290cc73e0f585f0e93f49c9f5978e51c042912da8c343d3917c7a4561aca0623a931f4f31c682fa7aa6d6663781106c6d52c622c9b4b87bc6c7c5281ad727d7116dafeef3a3bc1647526fd4499918da0d9f1fcced82e6e05585f91b078cab82405bc8a41afe8e43c7717111b673a5f7cba7a60bce88554f15255e527144ad1e10a3e527c8cc9d96db5b0404c684f58992c271ba7226d776e179673891c407f5108e2d25b6288eda73de784f5ebe342c9ae2fc8d94010091008d8e93b4a23eb553a18eba93f9ddf2559089b32a8036f37ac2fe251412e3d3200ded5791f23bbca67dc8264b7724480280a99c5f4cbb078871f7c3854e492940bb4bff16691f98281527e4eb622d6a7f97da64a0fc0425c0482ba82c83698f82fbcc3a1bb8f1309e314707a3ac2d3251110175723552f3fdcf5619f086a41621a09b96bcaf62353a53bf8ff44f7e1a1b43beca001f4f8880cdabcecd691c4d4758baf294eaab941e4ac07a84e1048db0d654e07dc999c149d161aff7911a968235c38fb7843db0be37e7e383c7c1bea8c0c1442e69c6ab282fd9527d7729446851229305edbdb6151ea4193c998b7bbbfb17796ba2dbb4596432e74ef1103f4f3e6d766a79d058d48986177ac0b5d4672fd13688e28324b12c575ba2237f50344cbf717f18bc4350a52023fd5058a15149608e012109a31a61945a19cd2b7f6aaed562f45018124dcae09e6720eb3a18c5123c41df3ccbbd59b35db97f662879d4c2d883b5fc01171c9dc2cf1b4f1982189badb87be8112fd761ffecda2c278760a1a54017d668011b08418320030189c3c20440a14ad613607a97e7928b14f411c9beee83dc01184c408cc3535a058d9122b08a233b6cd6af78683ec8b4950a2a1cb58c1e2bd35569209276798b953d599bfa11c8f1aa02845ab0983b4288856de8db1b5541d719d71dccf6398d7097d7256b2c1dc7cb5635eb919b2379e000b5161e0616241b0f22094ce6dc35d8b0c04f23e90f719cff7b94559fcf0fcbfac582427b350094c897541f283fb95bab395085f675a24e06c25f9349d4c63a1bb881f1530917193147864b82a7a79f5ee3fd3321297cb2f4495775a067b2ecc8a658c6df80948f6c4b1446569771bbb80387ec58baa876c41642b2d4b3ee70266f6f2da0f438", 0x3c3}, {&(0x7f0000001480)="d89a70424a91de8e487600f6ae124bc6f9921353d6d31314daaf0a3bac22a493f17e743c51a5270f1e5f97024774512f7e6568fd9184204b694352306e5f9fffe5a7cf77ffca65190a018cfa3247effa6218390f4fb04b8f800490af811bb3f5be6b2ae9552628a710f3726e0b2d35f64d5b3484833056eef00150e0d55a7aacde49b674e350b5b941897cd78586016e67fd531312b04e71f71db779a7fe625f3f5f4cad7d2cdec9f3e611c33602187da7867f29311d411067c7087a6a95f2c5e29d71ea72862a9a94afe645d7dbbce7c05e1991a3ae1ab1ecf291e35a33b4e88a06356566683928faa80e488929182b23b3d694d3f3f8e88f70fa896401b9a6f1ae851bc9becf4d7d40c5d4ca6b73ae69556400df7273689104e09afb510bac3c3790c388c8f0c002d03d0456af50a1f39cc0c1ab894585b4b9034e82bd5dff78b72ad781e03481d8464e35ca97f51b0273c6720111ac3f867a5e04fd8f0c8d126517ac40affa124c079c0fafc25aa75427671059bb854dad171a000e905c087e1a364a88a450aa088b3982aea6ecfcf2b5fcb89d78a4d25f9c7ba78f0eca76002169376d44868218324964b63c822b04f4e33cdb5b20a4e1873157f675ed1f6b70312f4b2b11f11807711148488a43c5c751a87a5cf5ea9f5ff5b5a1b58615cc10de2f11240ca3112458110ae29855b3504eec6ed42e51ec2d4487c8c196f8acd9855edc332b8af77e528c73a23ce6136a5b8823e41fd02c8e1436b42cf4920c072d760cf46d6e11284d81369dffd5cb39fbac36ab64539307334f7131de8b5d4cdc714beb99efb7388958169f33f16044c98a3cd14f5fc49f70acbe07ffcdb673b61104df9ff5b686710d174856051f26b9ee7f54c3d5c15742493153564b25c864b8b681cba4ac451a617460c0da6de617c8cea8efbaee5abba8e24ea5d2a3c12dfc820391afd3ec96adef7f092d8e3930b9e7b9d30687a9e1cb80693241962fdd39630402319853f53c842c6b3a7aa0f4b460a21a01f368e8476bc3f4688c7b3c34f9301536731c367b3ba324ed122024f0e0609504c1c89e000f6d42d8b400fecb194c9e2237fef07b8ae13f3d7e2b03b77c1d439251fff8bc2265681f848555ce0e4e7eb37f12d4eb127014b5f12598d12526a65a61a20ca7b5ea8689dc009e61146fd45efca14fbd788a5c023e34e0b06544d42960b1c2ee59cf4625a0e56093490c1ecda08a743a1832b668231a739584774831fa96216c5e22f5923db0e941b77014c5a5ff5c99f982f449e8e68a1042fb077f5db0939d1fd260389197bd99a8032ac8003c908540d869a7456a342e0d2f42182a31f1943dfc0c1c92a6e57168e2cc200e24b8908dda118668fe3f37f5e851b048b35304cde134ea55b1ea7d58b04d228c2deb97ed58bfe61d8934d9ad9e0275d2eec3c68a061a250f7c57913466e3ad360b2d543d919847cc983dda263af17fa96855e7f07700abaeaf5b4fe28d0f5c9ac3104105ada92de7d62ed02a04381e1374c876a19885e0c5cf55aaf531cab77fb9b3168a4e403ada2aed0c3643c0c18c4129187f0e8208dbc392bce390cecba7b33e359196b65a8ffb6e847868dc4b5cb4c028670cc4c26f50917f8af2e559594718570a5ef8c0cb385d20ed1bc4a8cdd84ececad70d5295c458d6fbdbeabeb8e708aa3c53c3c07d5b22fa6bf863ee6870e84e8d3fa61f1afc7c380ead24f89f9b3f08dd93012c424b9465c52cb88d78506deae3e326374fccb6f5b9c18dfef66215c8648dbca1d16d79b925486a3b7c47d6cee5922a63a84b85b6dc3e4ed561699cb3469333a95f40353f4b086d6a5617d6adbe6fd32e76aad2a0df296b8ad39ea5da145cb27a4ba364bbf2fc8e03c4820a7c05fa1536a9230a2700403bac3a4af00319c6869800e9bf350b8a358b801dbac383cd26f53ad9f60658d565f8c07dbcb3f9be4c0134df7b0eda272220caa070619bfab53bdfe5ca7cd2f61c5c5e30a0d2987cc1b6e80821b6a6304c47fb65efce4291e8d4c1699a718fc279c1491c96c65826d94b867674bd1acf044b6f7ad66279837864a5deef6c078ac50378dcab018043a8c93a8e9100af56de1e8fc0089d2ad2253fdc2c8d4bd5daf25e8cd4ea666dd82d0e1ddadcf8f0c041eaae8aff349bc4c64d398f0621bd4f116b770ccd16a64e3a70cddc7993e51f57780752fed9af52afc54f44b29e2217287b8f0fa76487cff63b2cb5e1c88930d9b33d27a272bb4846072b3620bd6c3f1e1b31b01af7d5c4e033bfddfcb7c602b50d9bfe117a0a34eb9514587bf49cee386b96ad72f7551b14f38e77b31c404a540e611565ad2bf969fab18f2e5d9ce983bde3dbe1750e44289d110eb6f4810a152fd126a6426b1e5c86853db317e870e8cc01af7c7a1c82cbc3ffae75d0b550840602733415d5db2fb40f1932584de89babfeadaf67f92fdd0860146267d4e3d522b83904120d4505181acb0e1bf295b03866a81812fc2293f077394c7a669a82bf37dba2b53e7a2bc3d276b0d8d4db7ef9d1b7343c875f8444a95c89721a203e79db605b5a554c6e556c491588400a18f614465adb6cb17ef211e4aa78cadba5a1ccfdfa8b48ad074608e3aa9a8a162fd01652ef07ff77ea1775a5ef4606d77b9b63077eff8aff28897e4594d9f614d8167737b1570e3ddd4ad64a98c6fc09598f836d5a3167284a8a9d60189246abd527ad06f07909dd74b59d154b205a2bed483fed58e76f237ad1c01b36b734bcb74f79c12ac008f1b65d704573bea11dfc69e9bb72ff474378069cf5b4cea61b494483bf272dd321dc63938a280c7f7008664c6e0f4b62af6abded2a90345ef03f3352580c9d8fcffbee203c82b44c3fdcac9e56765ba3e4f6545a12abdc3de05bccdbcda2fbdc17c6b1394733cba7d826ed73a81aadbfffc32a2298c891fcdf24b7558761db9efe16a8e3fd4ac5df1f28a7b71ce384ae92f15b1e9e2f8053bd393275b664676475bc2420e5dc9b5acb01de5a15878acbc6c523a67cc6ac961842f3a8301d254ec56ff566f8d879f84d8ddf68751161a9bd032d8f89e8bade2585e89f2bd1e2005d6477407f29a1c3205f124e5078acc150e5a0ebbed3b86078461ef85ae52dab50573aafbdd2fcb9e9ca524d8a3b34f4f487cbb6eb3a0facda8993175cb3c81b5c36067d4f12f519fa2aab59e86d52273d1c8ef3c2e8c4f6032dec412ee31d8f8a4c7bcba41f123f73201059f99b77bceb56812bd3536a25350bde5b1ad093de6fa7f602d0e3612dc1e65d3f10e277d70bcbd6cb6ca081b44284259b230f13dd9c07233e84009c74d202dcf05a9a6f21a4163074f1193c5a8f578f4fd02fdfa7418368956b19961ad57c700d186ba2e28f398e9bd1bdb177d8c5d2958e520fe9500a6f7f30eee1cdd4911e53038b7371bc1adc3f7b8119831044a125c2507d1328af14113a01b39684c651e599b7199007a36c5beb19b3b7f2f075653e577824ab685a45db04d98fdc14a9257659702dd3d9d67f4396c91192ff418affe14a71d23f5d154eb2361905690d00728d1af065e6d46795e158a1ee22d7b14a6177309cf3baa33ee342efe44b6dda9a1552410a5b0d97015b54cef6c299d283baa3687249c6c79e92f588219ef599ce1a18d6567543ebb79f897c7605691d673eb699b46e5f60f4791ff1bca8d093aa6e72c24859f54ecfb85f8db4055535fcf8293f1c92366cf7a6667c373cf6e5c52bd3c49e95dd7b4148577675a2583db01348b9a94172d6ce9c64899ec6397aaf3c110fad7b2c0847c1eac1f18be7a5b5df29718865fdda8a406038acb7fbbe0946ff0f0484ceb341ba5470cfb63c0849011b8f4c2cc4523887747fb8d14a8bedc9233eeacf0fd60c889af1d2cfbcda439ca8369dc93fcf57bc8f169e7168b79b618b0774ffcfe6fe09915c9eed0938d1548e7755dd27539037a578000170272af723c7153cde7877f644ba360243c7bfc8c1a398440bca6afe153d984810240eb7af98ef3dffb201ad3ed012b4b5514c9635740d5cf393fdacb983a6225f528aba66f4b542622249b96f231fa9eafe76c7fefc0fc425996de1f8d2aec55e4ed073b414959ebd0ac062cb9b87159710b65909426b9498ae5ea275185dd3e2692027eb53857f0cde764f50a70dc3625d8ac319ae16d1bab008e436bdc3ce7c423f2500ce87b8daeff3c69bf0903b07cbede9ee40926d1939cdd7d52aed3fc45474ebe4aac8dbc7960fe9fe4d458b67d9ddfcb37348594e3fc5ed556e83f023c066b60e64507909bb5071409f5a3f972a081874b3b7891009e8b29f1523f0d2a2efebe5961bc138126d44ef98697567ae7fa21bcf2f7082ba7c508620cfdf27ba2130f5957c6ec34e61330fa73dd9d20f06582981d74d534e6438c7443a1fb528de66879b5be1c48975564da7a57ed3aab301ea02e770e6a0058ba9546e8d838513c90908581c5b27f4c1b0ee954797e20974dc275e5c655b9cb6eaec3a7daf662acf2f60b8af7f4f4de71fec1dc6f149a7d7c09fc2e4e0015796410d50de560dcbfd8562070c1f89696772ebc21803783a68641d60be25d2955a43d22c8621cdf6c0ad8cd670e85a81244e4bcc467d7468bca48dec3ab2963274729c147e061716ef0c60ef75619601b0ae47fa6b96d89f902896ca4e5393fcb1aaec5756fea07107287938853c51c43c236ecc5ff91ca40a7a31c2e0137099e1c4a869b4015578a2e0059e3e478f42174258ef8bba6b56c966925fbc3d1b0af04aae18a6906d70915f9d80a6345157f59466324357877c6ddedc78823454c01acf4da916a6fda1d7c9003fc6e85d974946df56b254434dd46ca14c63e6c6250aff4837a56ca69ab80ccc645e0e6609db86fca1f0cffcfd60433dbdab427dfc066bc60e7d197c030ecb76e1240729bac7b961b63bdccdd4c9f994262da68d6b613a20b02167d4ecee7dfabc1dc9e63460f6cbe8c497d826000319206e1e47fdf73dab1faeaf9d9c5310290df81928e6831c806076db91da309d2331a9256a7b376d721576add6fda05eb04fa53e475a97a23a285f21eb8a5f47bbe651bf0a29996610ae90b36e0788b5420d8a76235a972f0933d08ede522b16295eed7e0c7c9786c649124c2021642eb70b68788e8c4b8fa5eeafd09986e545172691b01c04f70ab75704e647726203fa9eb194a199afb238c311c525a0bca6f971c18165ae1d6915bf7e6d7673426ae91010b147fa35b13d2109b572fec33ae319b8ac739ed11fc01b5618ad6384fb9e1f8134b7d349ae1144e227cc7eee10b3e7c7c50cb5631b28ee3ac0f097ded252b182549b4f1b50cf6848037048c816dc562179659c1e4d3048982bc2a75661bbc99fbe6c2f1ce35b7210f857745df2d20eedfa71bf28916c5fb683a78e6092a52f51338fd2ed222f8a19efe73e62bebe6f7477d3a19e6acfc14a2c18ac37eb1d2bcfac402e78e433572b051c2bab16a17dbf21a997cc3443883ae7a4cd5e8b059ec0837fbc2bdf8131dfebecb04afbf8055efc743f3638e7fbec5042a0af5e7d9c63e374592765d61750208a52ec94c6dab2222e835d571becc4663dc881c14438b850c37df07659a179e9c33fdad4c9a54e2bbc3844e3cae3b27726035e60bb8a4d0a03683337510373dd951a4261742153d6f4d2a2975828ebe0c8a447ef4f7acf245d56fb4372da427d0dc5047f1eb5974879a54e648775d4ee9e2854957a3a65888340221bef2117942822ea941e660b1dba739be3f2d88b8dfb6540d3d3f61517", 0x1000}, {&(0x7f00000001c0)="9a97e8082cb34d94ba64ccc2d46b81bdaec42affb7299df5f7deb5e88c0efa4a9e43a6", 0x23}, {&(0x7f0000002480)="0c0dbf381467cabe2813082fa15050d57cc6b3678bec7aa3b868dfab2032b6c5cd5b03b6bf6bed9a0b286d91e0321ddcb707c8e9d179b44bfe0b4975874c3a6a0efa73ea8e56e9bb4ff71d3c0025b6f56fa384db5b69ed1180844a406011fb35d27bc01103f048b9f1502fed8f", 0x6d}], 0x4}, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x4d, &(0x7f0000000000)=0xe05, 0x4)

2018/05/24 23:57:20 executing program 3:
r0 = socket(0x10, 0x2, 0x6)
sendmsg$nl_generic(r0, &(0x7f0000000900)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="144c93bd00090017020000000000000000000000"], 0x14}, 0x1}, 0x0)

[  702.734293] binder: 13590:13592 ioctl 40046207 0 returned -16
[  702.785491] binder_alloc: 13590: binder_alloc_buf, no vma
[  702.791247] binder: 13590:13619 transaction failed 29189/-3, size 24-8 line 2971
2018/05/24 23:57:20 executing program 4:
r0 = socket(0x9, 0x80001, 0x2)
ioctl(r0, 0x8912, &(0x7f0000000240)="c606262c8523bf012cf66f")
r1 = epoll_create1(0x80000)
r2 = epoll_create1(0x7ffff)
r3 = epoll_create1(0x0)
r4 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000ab4000))
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={<r5=>0x0, @in6={{0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}, 0x3}}, 0x55, 0x7fff, 0x20, 0xf1, 0x58}, &(0x7f0000000200)=0x98)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000000)={<r6=>r5, 0x64}, &(0x7f0000000100)=0xffffffffffffff9d)
getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000080)={r6, 0x3f, 0x8, 0x9}, &(0x7f00000000c0)=0x10)
timerfd_settime(r4, 0x3, &(0x7f0000005000)={{}, {0x0, 0x989680}}, &(0x7f0000000fe0))
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f000001aff4)={0xffffffff80000009})
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r4, &(0x7f0000021ff4)={0x2001})
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f0000000280)=[@in6={0xa, 0x4e22, 0x7, @ipv4={[], [0xff, 0xff]}, 0x5}, @in={0x2, 0x4e21, @broadcast=0xffffffff}, @in={0x2, 0x4e20, @multicast2=0xe0000002}, @in={0x2, 0x4e20, @rand_addr=0x4}, @in6={0xa, 0x4e20, 0xf61, @empty, 0x7}, @in={0x2, 0x4e24}, @in={0x2, 0x4e22, @multicast1=0xe0000001}, @in={0x2, 0x4e20, @broadcast=0xffffffff}], 0x98)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000019000))

2018/05/24 23:57:20 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x0, &(0x7f0000000000)=0x1ff, 0x4)
pread64(r0, &(0x7f00000001c0)=""/55, 0x37, 0x5)
r1 = syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x3ff, 0xa100)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r1, 0xc02c5341, &(0x7f0000000100))
setsockopt$inet_tcp_int(r0, 0x6, 0x12, &(0x7f0000000180)=0x20, 0x4)
ioctl$EVIOCSKEYCODE_V2(r1, 0x40284504, &(0x7f00000000c0)={0x3, 0x12, 0x635a, 0x7fffffff, "7086f9a7811b4d1893e249d7cfec4e27ba3306cc0963a9b2ec94d2ff9bae0442"})
setsockopt$inet_tcp_int(r0, 0x6, 0xc, &(0x7f0000000040), 0x4)

2018/05/24 23:57:20 executing program 1:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='dctcp\x00', 0x6)
bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10)
sendto$inet(r0, &(0x7f0000000280), 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23}, 0x10)
r1 = socket$inet(0x10, 0x3, 0x4)
sendmsg(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f000000d000)}, 0x0)

2018/05/24 23:57:20 executing program 5:
r0 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_IP_IPSEC_POLICY(r0, 0x6, 0x2, &(0x7f0000000000)={{{@in6=@mcast1={0xff, 0x1, [], 0x1}, @in=@multicast2=0xe0000002}}, {{@in6=@loopback={0x0, 0x1}}, 0x0, @in6}}, 0xe8)
bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10)
sendto$inet(r0, &(0x7f0000000400)="ea94c594eeea0af121c7b1d4ac92535b538b96aad396e7a4e01e3d8ae9ca788bbf1abd248b1022b08d60b782cfa91a7807ac874c9957de0174955e118c01650d4dd5cf9824c9f70d97c7c81e10741d746a22d241bedfe14067e5ee2a0b147bd7c6f5a5278ed82135e8ffa26b1bd10414a4b692dd0d9c61e1e3214a25bb25eae25391f8805a00ec148ca78ebae3b90446a640ed92aee2449fd4c9b93be9c362daf651315010ac5b4366e12a4f6ab88178ad9ce757f9047fb28d4e8582dab3943084e3e52073a865c583331ade0f6cdcccc68b19370b7ab3f791934b9d5a8ac4f1bc15dd7aeb8e260e215d", 0xea, 0x20000000, &(0x7f0000000180)={0x2, 0x4e21, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10)
setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000240), 0x4)
setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0)
connect$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000340)='vcan0\x00', 0x10)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000002c0)={0x7, 0x8, 0x4, 0x4, 0x1ff, 0x0, 0xfffffffffffffff8, 0x1ff, <r1=>0x0}, &(0x7f0000000300)=0x20)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000500)=ANY=[@ANYRES32=r1, @ANYBLOB="09007de074a5484970f7841ae40fff"], &(0x7f0000000540)=0x8)
sendmsg(r0, &(0x7f00000003c0)={&(0x7f00000001c0)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'gcm(xeta-generic)\x00'}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000600)="d7e62013253ef57ce1b0c5ecd2123b9d7512b5185dfa855a4f3cee28e8dcdccd155339242c30b904fb1fed206d7bb694d870e16c31d849c377d4edbcbc529c064680f2e97a27e87c20c3877c18bb7e60ea35877e5888aa53d52e9c8cd231f81258139074f537a75e04a57bfa32763130f2948f2f502bdf34619a4037910ae9c85fe42e67e16f1ef2a37d939a4ba7d3b205bf748beb637f7f407dc12e1aeef27535c83359623acc80d96fd9ad5c97edf3f2ce9a1b593da982c302c5b17c4ff5918e350eaef8646a9f5d457d10c34bbc9fa4ec952992d506cc9e48fd522250d82944950899a07ce9e6485820d02c3d9a06c76232000fbf1e183984ac9e014aaa98437d3b1305e5b74247459c94f0575d8c64c073c08556be9854ac8f6fd3f846befe6ce3f2f31aa1cd83ea828eca1bde845a218436b70c82ae305c675e65fe4f77360d5e3754109d8359ea85dd5b7e09ee7945e25a51541a456192bc9d736b05c7d1ce615e390df665118a3e26bd34c98fa104b87523ea35fbb7c95dbf08ae45500d8d1f6d024b8d2f20384a46d7d6d661d657ee1bbed3b499e444a196b32921c766868cf67449708e81797179b397484f2564ca173decfa3222aa43debeeec9bea695ad810bcf6a6cbe9d6c344c9ad59a422e87c3a01c0f320f506fab015c6ebe1537c68076618add217c7985c2755ec3742fdde6", 0x1f4}], 0x1}, 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000280)='/dev/loop#\x00', 0x3, 0x0)
ioctl$BLKREPORTZONE(r2, 0xc0101282, &(0x7f0000000800)=ANY=[@ANYBLOB="d70000000000000007000000000000000600000000000000b67d00000000000000000000000000003f01520000000000000000000000000000000000000000000000000000000000000000000a00000008000000000000008e0e0000000000000300000020000000051c05ff000000000000000000000000000000000000000000000000000000000000000000000000010000800000000000020000000000000500000000000000000107010000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000064a400000000000003032707000000000000000000000000000000000000000000000000000000000000000000000000000000000033020000000000000205c50000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000400000000000000050000008800000081dcfbff000000000000000000000000000000000000000000000000000000000000000000000000ff0300000000000008000000000000009f0000000000000000200001000000000000000000000000000000000000000000000000000000000000000000000000000000"])

2018/05/24 23:57:20 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]})

2018/05/24 23:57:20 executing program 3:
r0 = syz_open_dev$tun(&(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"79616d300001178b00", 0x4012})
ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f00000000c0))
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vcs\x00', 0x49b5e2d88dd7920d, 0x0)
ioctl$EVIOCGLED(r1, 0x80404519, &(0x7f0000000400)=""/150)
r2 = accept(0xffffffffffffff9c, &(0x7f0000000100)=@ipx, &(0x7f0000000000)=0x80)
r3 = accept4$packet(r2, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, &(0x7f00000001c0)=0x14, 0x80800)
getsockopt$ax25_int(r2, 0x101, 0x3, &(0x7f0000000200), &(0x7f0000000240)=0x4)
fcntl$getown(r0, 0x9)
readv(r3, &(0x7f00000003c0)=[{&(0x7f0000000380)=""/36, 0x24}], 0x1)

2018/05/24 23:57:20 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000000000000000006800000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:20 executing program 2:
ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000040)=<r0=>0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0xffffffffffffffff, 0xa28e, 0x0, 0x3, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x623, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfffffffffffffffe, 0x400000000001, 0x0, 0x5, 0x1, @perf_bp, 0x20000, 0x0, 0x6, 0xfffffffffffffffe}, r0, 0x4, 0xffffffffffffffff, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000000)="bf24563e9b96d159aed973a0032fabd168feedb54e89810c740b80fee0987f7a11b541b69ba0d61ba271", 0x2a)

[  702.889325] binder: undelivered TRANSACTION_ERROR: 29189
[  702.895884] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:20 executing program 5:
socketpair$inet_icmp(0x2, 0x2, 0x1, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cuse\x00', 0x40000, 0x0)
ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000140)=0x8)
r2 = socket$inet6(0xa, 0x100000003, 0x1)
r3 = gettid()
read(r2, &(0x7f00000000c0)=""/15, 0xf)
sched_rr_get_interval(r3, &(0x7f0000000080))
setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0x8, 0x4)
sendto$inet6(r2, &(0x7f0000000040), 0x0, 0x0, &(0x7f0000000180)={0xa, 0x0, 0x0, @dev={0xfe, 0x80}}, 0x1c)
sync_file_range(r0, 0x2, 0x3, 0x5)

[  702.991061] binder: 13677:13678 got transaction with invalid offsets ptr
2018/05/24 23:57:20 executing program 0:
r0 = socket(0xfffffffffffffffd, 0x800, 0x3)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'veth0\x00', &(0x7f0000000000)=@ethtool_gfeatures={0x3a, 0x2, [{0x2c, 0x7ff, 0x10000, 0x1}, {0xffffffffffff6001, 0x9, 0x8000}]}})
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000080)={0xf743, 0x5, 0x2, 0x2, 0x10000}, 0x14)
setsockopt(r0, 0x111, 0x1fffffffc, &(0x7f0000000100)="1cb9f51f006cc36724601ed9c3d0d40dc396d0ee339567494d617db2894d165fd4957059a4de5b8e592c890ae6f113947ed11c5a56472bbdbc16b0b7cffb7637eac7e5c6007067f7fa55f2137197039f93d9340f8b194ae1c390bf173b560f07c4a47a82a0dbf7c2f40069070b56c597633ff23413ef3bfc174814b92366a832b252607923e7", 0xfffffffffffffdfa)
socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f00000000c0))

2018/05/24 23:57:20 executing program 3:
r0 = socket$inet6(0xa, 0x80003, 0x1a6)
r1 = dup(r0)
setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000000), 0x4)

2018/05/24 23:57:21 executing program 4:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x4)
r0 = epoll_create1(0x0)
clock_gettime(0x0, &(0x7f0000000040))
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000480)='/dev/sequencer\x00', 0x40, 0x0)
pselect6(0x40, &(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000280)={0xfffffffffffffff7, 0x5, 0x936, 0x0, 0x0, 0x10001}, &(0x7f0000000300), &(0x7f0000000380)={&(0x7f0000000340)={0x6}, 0x8})
r1 = timerfd_create(0x2, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000080)={0x0, 0x0, <r2=>0xffffffffffffffff})
ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f00000000c0)={0x800, <r3=>0x0, 0x10001, 0x4})
ioctl$DRM_IOCTL_AGP_FREE(r2, 0x40206435, &(0x7f0000000100)={0x480000000, r3, 0x10000, 0x1000})
timerfd_settime(r1, 0x0, &(0x7f0000005000)={{}, {0x0, 0x989680}}, &(0x7f0000000fe0))
epoll_pwait(r0, &(0x7f0000000140)=[{}], 0x1, 0xfffffffffffffff7, &(0x7f00009d2000), 0x8)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000021ff4)={0x2001})
r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/vs/cache_bypass\x00', 0x2, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000440)={r4, 0x50, &(0x7f00000003c0)}, 0x10)

[  703.044115] binder: 13677:13678 transaction failed 29201/-14, size 24-8 line 2999
2018/05/24 23:57:21 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f000000bfd4)={0x1, 0x1f, 0x2, 0x20000000000001}, 0x2c)
socket$kcm(0x29, 0x2, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00003c5ff0)={r0, 0x50, &(0x7f0000d0e000)}, 0x10)
r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x301000)
sendto$ipx(r1, &(0x7f0000000040)="288f9f7058544a21b1fccb8a6fb41ba4abd79b19c07eb8f4c47ab0ceb8f39fed702eca02a4a9f780a9c16a5cb99ea53c99b9bb5b017ef65d7f2d16ae48bae3f9fe267bff476002dba6b5cc7b636394ef9fdc8e0df36a71a42b78730ca8937918b00e3e782b8394a42fbccb8d5e62e405d5e297058efbd066de12caaae071dd51ebac53e373771128a5069462174b3ae3acb62c0a627ba031cd09baa1e34d4ecb5a2d65984529d5b93e5a9110e7f0528383caab6d32d92bd2ba733fba170643ea09998278dd41bafdea542d9484b267ac681abb4460c0fb004df56543e1b79588529ab2d7e9511d97b646f0f004a60b9a8787c03e8cfd32535c3ee5a4521f389f50b26eae3d726cd7e5213ccf0357b68f5d727f23f9859e865d2a90d45a4c62062b865c0c5f893502e23606d88ad6e0fc60129fca39f2aaf6fe613d07f11b0b601f60bc9d5994235219be28ec1e9bf6d6c4b3dc6b0ee29fa237936f5dc014bf996dd5c0d1afbc4896ff4ae30df5d519a457ec9992bd0a798593c4db6c68fd400b613c9fe5ee6874b5ebd7c0985ff368f177fc8e56e372b8cb67e983a8094734dc30337a3c725a4b1e635327d75ad86d4f371e948af964039989136855a7b8de8618ea13f8cfaf8bb420d1d214508760e8c96428dca5664ca1effee9ac65a10cbdf493d7775a1178cafcc42d4f0bc77d96f9ba91ac2ddc658e2fb9e683ca39b596b4d26983ce4c156ea96b93e848cca1d87a48746251a77a772daab9a00ef58cca7e986e966c0d3fc1ec055d4327bbc585edee0d81e0852bddd8de833638699fb1c143f37ef2841fa508d88ad843298c690f1356515b50bfb45736ab3b804aec1f65642434bf5904519e031ede12dbb96a7009ee815067b10c10b0199b0094c28ad221ee3e3bb48a2246fe20940b0d39dac41c97a164e5c6f3e20186095242ec6617f3fbd5b6e54d5f803364e70c9d36d4b8bf406ea7e3fe7796d760cf6bd3f01e5e7596bf0d8e09335655a0c6b78bbeb368b0f0a1f39f156ac7ea7bb2852ed94c941c489b53b68ff2a7836000f7a084b974219d3af3fa4245d4b665119d5a92d7c35f52d6d60396a3e9c0cacd741dbd39605f3f9b5dfa1ecfe1e826abee8cb7aa72fdc152a40ca464cc5a3e3e5275a2f4e43adccf57670e8cb751493ffabc43181f9fc5f7d2fd1de224c8cf88dc430427398181807c25d87be4ee7cdcf77bc8dd1b7dc294c3c727a4d59405af9236da4991e4871dba5ddf617c2fd7792a74e1e4f1cd154e0a856a93421789a371e190239d71ec2730e5aa8983830512b0176e593a81baf1358738dfb10beda4a44919b119f45e09b8568784f2f09125fbcc36a4a97990ef2aef7afec17ae455a58477480af70753c986139cf731c208c4f8961ff00896de0a685400418782daa5ed1f514823722b0d0c81f7db2b2c6a482c7cb5ecee5d0f943f18a599fb8ebfea0aa9caf657e94c3bd99c20b65116728652a3d62474580f4ae8af3ea0b4fd77324f74810f9ad966b9f1ad9363b506a4df5f339788bbb237e0cf320a50e5a0550677523cd2b14cf2d3378c4c9c0a4c99c192dab8f9a2054fcd919381e777d6c5a9985443258fe0143b3d3f554f8f3414a51f0059e1ff7bf42bf91ecb67d973fe34f0facfd2fe4ef6d436634271c64dc10d1192526690f0deac4f8bb3610d5b493c3c807d6d91d31542f43b8f165d466def90687f163e281d62bca7268711cfa301b436a6ad98fae157dcfc8bafda15e5e9680e4a69f836420854a9599a18c6cd16fed25b3c88a9fac3d05b3702c890d41d9254374443f829115b6b022a401239077f0034742d5d05f393b6af7cf9cbf993db28073f8c17f6db440cf2755618cdfd44060c8614164cae605276281b6682a50b9b089e58352d1c49e35417c4b6fd446318a7b825f6a632231506c1b6f63daf994f169c258822f669db750d66d8c0b77ecc3a18383d624aec60756a0d23c5516143c641e6e18520e0a20baf8dcd878a4714e593becfd25c3a86d61cb0196dbb78091a6f98f520f4f118870a404f2a041138ccd4e7116c0384cb6fa1deea52c505199bfb302596dd6a9910241c0cd9a4c9d9f9649e5be27b421e23565f8afa18e3992874c3e60567c16f3fa2387e87c67a8babbb55206628b3dd2ddd9f2b76e484580cddf679df81fbb00c42ef6d351e37446e2ba34db17f99e05ef3bc650e053e24aaad051c87f56e91782a614e707d0b2333ff47e0e07deee00424375fdcc69463f6141df320b4036194feabf60c70c55de32b118343399e40be80432eff2ac118049616358be54bc9ae014f76e0485864466d8572c3fc928991c723d95e125a55f0af7048884bf92b012a67845514c5e253601b4d9a76cd7406c1b631ace6bddf9ca146f5afa28e45d7bbbd0520e50eb5dbccbb8bc958803db49257da11bddec9316ed937dffd9705b2e777a393eb19483f2adc4461d41cbfe8a05930b1f8a522baf8df9287dc9a0d85fdc95dbeeb12b26c27c2b9ba3bca03e106f0fa8b9859ccf13cac34ccb6b3663f3a38e967b26502c59db00bbbd4bd8bc66a885d5cc586b65aac54c1b06e27bf676fc35f66c23ce5d142a8e67464f1fa41533f4637d98c558d2c3589e83527487b1cea0575db98f09f7ebe17b6f10f3b635c8f80149fc4fca127243a959fa4a06bfe927d367e2af58c31f31c291e9cfb46a8cc4909bb7160a3d2847c4d080985ffe8e0f1d6a21866db05c5bdf6e89d6f531d90ea2961b0ce80ab964869e359228bca77b47610fe6598c297ec27d2b794068db1fbb5ba3524510154de813334f64b1b6a1792908919e26aac3c81cb5e0d70c00a3df4f42fdf8a260c61644277286f766de0baf90d8bb678c8b1eec162702a3616361836f42d21051de3aeac53520e22561afe9cd025a1d94e1837508122071d258bae6ccc00fdf6c347e8256dceb0e3776102259e7f1af808373cf28d4b15c7f9bd78495c64599529ad4d36d3319c79d2c70cb2643811e34c9cb19c1254251b4760eafa33a4ce95f79d99b2a21c7d53c9c49e4be333284574d6ba2e7f02932764a08274a3d5a3914e7b1197b01525a7f63dc615dfa460eab365fa3be90daa3648bdb76b050f7bf8f8e571fa49326eff139d5aefbe94f9922fda81082318a2cff876de372903fbaff722d2739c6696560392430e1e7b91d67318db14bdc6be6ff5c92aece57ac953b234877af65f37d8446051bad78240a573a6d832b67de925a81ac678d9a92cfc6e77537c06392be73c371c27ebd0f9dd90e73b2eea08e566fd67d7dd6601937b102d15cf5634097fc1b877c7b50c2bda3b251b05e5566e0913295aa8475978fa8b8f13d6ff1349df24b8a98afcc88c1b4fe4e8173ab5378d735d5f667f5675be1718526502528f5e04af134ffcf9427ea1b371563e698706b1258924023edf7c062544e2ede7725687cb63be5974184c78c3df0391f16865ed2e16536b6cd095749c9a2183642a943bbd98505ca58d3a10afd78135ac8efd7f283c1feb60bb1eccc47926a88f17354c2ef5092db535eecb20406e6ee20e639f0d4eb46ec14e1653c020e49abcae9e60cc6b4353c17f8e10a91c25ea4a7cc8c26ec10288572ed6eddd8a3255414861da1e2bc5dd716bc3e8964a0b110dc6dde2f1f1514b3dd14dbb121a6f253524507d8ff860f7486b40b792f973dcc6f414bcb6ada6a73f32373ca067932d54cddce9ce236733fdd240ab7a5175462a4960153def9eb81ecea9fefd913c6a48d78da772fa2f8b202fc4d64f68d487096fb4e9b21be050faef05c68ad9df24ee4cfe68b44b28a31c37e8b34217d22d03ae6b14ff15c023b20a41f9c5f9b3342e6b3b2cfae07b8b7c501c312638ad75a97f72f425b7cbf42a3b85d7a962799eb30058c11d74205213a530f487f2f8293cb67bd6cea398dfd147836adcb8f184938904a066222e58ceac017b4dfc09f244f3f75b18377152cfba777482a3655758498f651c5d809682ea5db06fe6ad4bf81041d8b95654c9d82062e6ba09e671a764ca7025ff0fccdd1344669726d836e3a51919a87bdedac19b1d743f0cefd2149e39740e708429e7e5a6de14d21d10177a75f6b046fc1160fa40b8fff657af721186973264db6fb1fb5e903a2c7b454faed4f57e5060311f9b40f2ec1fbe089189316d617ad0ec7bd42b2ae18fbf3693f75f27c35c92821b17c277c61917e576e2d324be891189afce5926e2dd33686cbbdf988c615fd2013b6734848b3aff040784210875b4c437a9dc394900a0e225bab17e4b42765e3290ab553969e0df9b933d473a8dfc0df71dc0464ae049e2edf87732b7b98d9a2964219d166e7f6d1dd82fb4f3689317e009ca274b04d912e655c9b8a13c49e052a0b6212a968e3d622d5c70cdc3830afec7ec83272977c8800a03d7bfda6ed11af36605867bc195e48205e585ebcf9f5a4facc79164f73a4fdc60a73510f9dc58bed2846847285e587954942276236e7c24e2d7020b07657650f4778883b01840ffb771abaa51b16a9f2c63eddf48a99d5f53d2eb60fc85fda545e71a0821101fb311cb9274bd13036fe12d4a2a9090545cc23cc93c60412ed6f811135d422f5759cc57b71e487b3ffa635192bcec8001c511b79d5813446fb8f1363ce8c5afb43d6f671329258f2e232365c974e593951a43ee6d0b97e48e07a83c5cfab1af1739168540fd14784e2825721333450aea459647d5c3e329ed8fcd556cbf5dbe5265e17489c5a28d123e17e72cc18e5d8683953e1423bfcbf3de042b1366a254528232c83b18ad0a5285ab6af9ed333d7d1c6fb401906e0588dbdd1e1df63e9e59d1c42e6af7bc4f84df417d05b6a77bc6b56f426a1692206f99510eea763ffc8fdf0a9de0e97cafc940c01a7797508d2c85654e9883e0345684b8d4dfcbba0944bbd392dfdb331024371a54589f3109f5c691269eaf85d58e79669273463cf08a9514c23320ebd253b46e2a75eeccf32bb5e906833364972a14efe2a2f3ed0c1b42b7fdd65c61a5cda02652b00dd44084df6851f7d25fb8868e4be6c25bf601aa5792090785f00dc7612c66c66e83617d715ff863736681342dc0b1d373054745527a1ad20fc3e83071b1d5ca218394672f9e2b742aa7c847c4bc6329a220c0ed32d9cea8f4035b5e31253eb90f73997112c97ca985fb9b03c9b7632486885ca19eb9852281fe8cdeb890d187b10e1ea823f910334409a2a54d97e3ba4e97fa1c7dd799d8f953f44ecc091fd16d813ec47b6332c757b2fdbacd187ff4e5696b80938aecca5919c5b65c693ec0ae6b1459f08265f7d61682ed84de5064517b89c7c84bf96dc60ede4ee20d880897b5b8146d6c17cd3b866122472cf6ae26070cf2e22795b1d4e4ce375778ddc1eb9c8a6b6e15a35ed3e15f4b1288405bd21ef4f495aafac6b4e6632768bb951152ec4b5d6d945b4567c61fe4bf723fc4089edaba4ac91717abefa67b987e536dc0f3070c560a1873e65433a122a8eebe8fd038d1d696b25499b9d6ec6a2985d70e36b5da302046da3fd99163066d81396abf8bd287970979bdfe49c3293bcb966a9173a238e68f4906aaeb1cac0dfd90e46f6083899882d5d5d11ce0bc34c3a548ac1d7db2bbebbd98c446d352f81c8573c2d3c1f7449e4a756204826537116c2722e687ef478b7c395fa1a1947a8734fe4cc4e61e1fec5cb3269a612e02e4060ccd423f360bb60f00e67e779ff1f8ff489444981e0b4d004aea4fa2e362a38efeb333925830bf1891093a52f02b57a97cf5e1453f", 0x1000, 0x4, &(0x7f0000001040)={0x4, 0xf3, 0x3, "48a94b8a74dc", 0x3}, 0x10)
ioctl$TIOCSLCKTRMIOS(r1, 0x5457, &(0x7f0000001080))

[  703.119088] binder_alloc: binder_alloc_mmap_handler: 13677 20001000-20004000 already mapped failed -16
[  703.128758] binder: BINDER_SET_CONTEXT_MGR already set
2018/05/24 23:57:21 executing program 1:
r0 = memfd_create(&(0x7f00000000c0)='#em1#+\x00', 0x0)
write(r0, &(0x7f0000000100)="b278d18aa7dbc626192ab39ee9d3debc698e9251f8f417e635c86e773c98ecbcdf1000cfa2394f610d45d964981946ca421ff6652def5fd7cc8cbc1c9052cb14bc10205ef9ee45601176276c73d19c2bd2e1c33df894ffe473803975f90f46d62f3dd34afdf491bb9c6a255af4e19e6fe13755744d4074c791782454c69084fd76fb111d4b20820e3a3d9bc4", 0x8c)
mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x811, r0, 0x0)
semtimedop(0x0, &(0x7f0000000040)=[{}], 0x1, &(0x7f0000000080))

[  703.159737] binder: 13677:13678 ioctl 40046207 0 returned -16
[  703.200467] binder_alloc: 13677: binder_alloc_buf, no vma
[  703.206218] binder: 13677:13711 transaction failed 29189/-3, size 24-8 line 2971
[  703.285825] binder: undelivered TRANSACTION_ERROR: 29189
[  703.291759] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:21 executing program 3:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10)
connect$inet(r0, &(0x7f0000593000)={0x2, 0x0, @broadcast=0xffffffff}, 0x10)
sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x4, 0x0, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000000)={0x0, <r1=>0x0})
syz_open_procfs$namespace(r1, &(0x7f00000000c0)='ns/cgroup\x00')

2018/05/24 23:57:21 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8]})

2018/05/24 23:57:21 executing program 2:
r0 = memfd_create(&(0x7f0000000000)='[^]bdev\x00', 0x2)
getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffff9c, 0x84, 0xe, &(0x7f0000000040)={<r1=>0x0, 0x1, 0x8, 0x9, 0xffffffff, 0x6, 0x1000, 0x3, {<r2=>0x0, @in6={{0xa, 0x4e24, 0x7eb8, @ipv4={[], [0xff, 0xff], @broadcast=0xffffffff}, 0x8}}, 0x5, 0x8001, 0x101, 0x1, 0x101}}, &(0x7f0000000100)=0xb0)
getsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000140)=@assoc_value={<r3=>r2}, &(0x7f0000000180)=0x8)
timerfd_gettime(r0, &(0x7f00000001c0))
getsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000200)={r1, 0x8, 0x6, 0x7ff}, &(0x7f0000000240)=0x10)
write$cgroup_pid(r0, &(0x7f0000000280)={[0x32, 0x36, 0x39, 0x30, 0x38, 0x32, 0x38, 0x31]}, 0x8)
getsockopt$inet6_dccp_int(r0, 0x21, 0x1e, &(0x7f00000002c0), &(0x7f0000000300)=0x4)
io_setup(0x8, &(0x7f0000000340)=<r4=>0x0)
io_cancel(r4, &(0x7f0000000480)={0x0, 0x0, 0x0, 0xdb734a156737ece4, 0x1, r0, &(0x7f0000000380)="015e921b60f2d4f2a3a532f3e8036d791248dfdeca81a7c92d0554155452aaa432df87f05a190904cb0f9052198af7c9e277b87de557ce8d3da8bd2365c005a3aae0083a48c8426f2e9de1fc272412d86ab41fc0f43a7f2e545c8c19eaf03276ec6dd0ba9a1e4c8c751c0d19f8f2b855ebe2447246b285f763c8b572f4772c6d04954d56e401e103436e55998eec17f4995356f94c458e176535f0357ddef70699446b8726facc18188b4bc18986b1c777d7297c00d2f3e70f8f4e121e542fe00dfb80e8ba1226c9a61cb21d32738b624c9d8ceef9e9405dbeb6795080bc1cbffe", 0xe1, 0x5, 0x0, 0x1, r0}, &(0x7f00000004c0))
setsockopt$nfc_llcp_NFC_LLCP_MIUX(0xffffffffffffff9c, 0x118, 0x1, &(0x7f0000000500)=0x8, 0x4)
setsockopt$inet_opts(r0, 0x0, 0xd, &(0x7f0000000540)="4fe169ae0bc79aec52953aca829700e54d1181e5ab5214c6f0452081f8c756989a91304be41235aaaf54eddaf0fc825ef826cac9b139940f46847b7c3a8730726bca58b01e5c7a64806ddeddea", 0x4d)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000005c0)={r3, 0x9}, 0x8)
socketpair$ipx(0x4, 0x2, 0x0, &(0x7f0000000600)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$ASHMEM_GET_PROT_MASK(r0, 0x7706, &(0x7f0000000640))
r6 = getpgrp(0x0)
sched_getaffinity(r6, 0x8, &(0x7f0000000680))
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f00000006c0)={r2, @in={{0x2, 0x4e21, @rand_addr=0x8}}, [0x1, 0xc, 0x7, 0xbcb2, 0x10001, 0x80000000, 0x4, 0x7, 0x4, 0x5, 0x9, 0x1, 0x0, 0x3b15, 0x80000]}, &(0x7f00000007c0)=0x100)
fremovexattr(r5, &(0x7f0000000800)=@known='system.posix_acl_default\x00')
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$KDSKBMETA(r0, 0x4b63, &(0x7f0000000840)=0x8)
ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r0, 0xc008551b, &(0x7f0000000880)={0x6, 0x20, [0x200, 0x1, 0x3, 0x81, 0x6, 0x5, 0x3, 0x0]})
ioctl$TIOCMBIC(r0, 0x5417, &(0x7f00000008c0)=0x1f)
r7 = semget(0x2, 0x0, 0x81)
semctl$SETVAL(r7, 0x7, 0x10, &(0x7f0000000900)=0x3f)
r8 = socket$pptp(0x18, 0x1, 0x2)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x61, &(0x7f0000000940)={'filter\x00', 0x4}, 0x68)
ioctl$PIO_FONTX(r0, 0x4b6c, &(0x7f00000009c0)="863fa8b1e32eda81eef80c81cb9e2c07ccd12989072e306dd5af322d42a764d41607bc0392a950239697aac072ee49466c2440869462e59efb11d92b4c284458b3b2ff8b0645bf67cea4486afe5865e4929f8913a18853b0ec06337d47fd673fabccab8dde18b480739b8568e517f20717ab676b8d34290227996faa30a4e378283c112535a32ae5a0f9145ded8f32b98b47e82d9cf186dac13ae74cc1e4866c03104d70876058237bb85cc93b65eaf7fa347387d0db4af723eee6391ba9de722c766cef2147459c43d379bba1b85ad1f3cbd32cf1d470ecc315766b95b19f6a02f780ac6907dc61514a03ab2cff95f8219b4635f87cda390f2b501f966c")
fcntl$setflags(r8, 0x2, 0x1)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x0)
ioctl$EVIOCGID(r0, 0x80084502, &(0x7f0000000ac0)=""/151)

2018/05/24 23:57:21 executing program 0:
socketpair(0xb, 0x1, 0x3f, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$kcm(r1, &(0x7f00000005c0)={&(0x7f0000000040)=@ethernet={0x306}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="84b3523f643751ebe1ce10e00d6c3a27cbca4da0f28f6d34efbccb3cfd3280fb7ce03f327684da0f3e9bb1d6c51c53b89f0ceedb5dcd82d71e1479d79022b40cac7d9e19e09c205d66c5099950568163e0c0f42377f891b12cf90c33e58a73ed24461066ce3ac85c98f584c48541756a0d7ac53d5931650239431cf4e8df2e52316555cbe8f812bc339d06eabf", 0x8d}, {&(0x7f0000000180)="e4af62f5344a81bec266808759bffb51d3a5b348a41cba625689f76a34c61c44fb183156c096bc2eeb0515904ed2c7a4f8cb9413d08a75b5cb325b17a3dd067e290fb829d857e91703c7910656e44e88fd0202935d610149990e359defacb73902212f4a7a7032493c0ce3e5387d5f67b2b45533d6345c07d02b1a87c4e9c233ee426a167aa81fcd623dcd1a6d4ea1c8808f92ea316064cf313d8d978586c64997a66b86bacaf5d748cf31a2be2dd034c69ff33f90fd05bb4066ee4c4bae26d408a665538a840a22f86c9d7ae4ca709c", 0xd0}], 0x2, &(0x7f00000002c0)=[{0x90, 0x10f, 0x5, "93edab2290d38f09055fc6296826fc6bd0be70b765e1e9672ef6e6a8a39f7e80610428038235881cbcb705dfbb839c7b028d7c74a9c887429e433528544850039a9c4808b7ca0a54cccf7eabdef1240da8c03477d3f755114463e952d9766df1b400abf12f75ff8d59bbd8ff9d56dae8bc8e29f536a17848e2164c5bd5"}, {0xd8, 0x117, 0x8, "692f47dc7752932b699c6a9c89f2b801c52b777f54e644985aca3b9b3ce75d072f4249a50add3accdef208a24fa9af8044fbdf7e6944b1caacbe844b4cfdc239572829d7139413e985402545171fa39b40ec8282b1a89a2a151357735eb8d336426384d6b459bcf9a5b7c2d5f603c67c7d885104986826f05a43e6971a6a87e82882113c7810cdea5407586a1944fb78002e434f2470ca5f93c2ae6b3e4d0a608033c2338d0e81c71c63d2a87a237c0f790bd91ddfe34d709721c118f4cb3d425c"}, {0x78, 0x109, 0xd1, "c4026f63339977b53af9b52d29ba137da60647c2569c44e66601bd176d12498c59dee95d6dabcc6cf01e2a8023360a4897d3b5949ac6c3403c90926ef1a31a2ed002f52f4c8bd88f83eaeb005999888f07495097f31c771f7a5768e53ff0676e4374ab0c48"}, {0x30, 0x101, 0x7, "a6163ab6d72849687c6b4645270ec0cee45b335f2803e063da34c35d63f6736e"}, {0x48, 0x118, 0x8, "65fece0149705f438ad25bfb2c25b8c5f6c3d2734dd78f3734d0e1eacc29198428fa1022baa8b5c957f81f6daf485bd31f7c53a5"}, {0x88, 0x29, 0x401, "15c3630aef91c86aaca43b56ab2f5a963b3474d451a06ef4a0e7c0f7f3437b7679829d9fc8c1073be310b6c12117b766b19be0732dfe8f0a32778f2c286cce0457e86da0da9f9458b1fa264aa6c642b7a06de9e93745342ac94f6c146286d9703849e09ae7b1c3c17a4070eb1c059734620c49f45a9cc3bd"}], 0x2e0, 0x40000}, 0x4084)
ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r0, 0x80dc5521, &(0x7f0000000600)=""/157)
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r1, 0xc1205531, &(0x7f00000006c0)={0x545b, 0x7fff, 0x9, 0x3ff, [], [], [], 0x6, 0x10001, 0x1, 0x8, "e057b56d602df9ce93fd613a25c7b44b"})
ioctl$KDADDIO(r1, 0x4b34, 0x5)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000800)='/dev/vhost-net\x00', 0x2, 0x0)
r3 = syz_open_dev$sndctrl(&(0x7f0000000840)='/dev/snd/controlC#\x00', 0x100000000, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000880)='/dev/snd/controlC#\x00', 0x7fffffff, 0x100)
io_setup(0x4, &(0x7f00000008c0)=<r4=>0x0)
io_cancel(r4, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x1, 0x9, r3, &(0x7f0000000900)="b8afaf21b0ee781e470426227fdb7eba30050eeff82d198c147664f867643d80454714df9f72f7e2af5921a56af8df43325330777e86347a8569a84e2df08f5a6bbbf37422470063890bd3a5bb5aa67e68f9d0c62234064c09edae4d465ee51f3ba4b85386ba78bba8cab88cb782cc25eec988f24565b87a5f6f7422389b491227b3b4aa8605bc850bfb", 0x8a, 0xffffffff00000001, 0x0, 0x1, r1}, &(0x7f0000000a00))
ioctl$sock_ipx_SIOCIPXCFGDATA(r1, 0x89e2, &(0x7f0000000a40))
r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/full\x00', 0x400, 0x0)
getpeername$packet(r1, &(0x7f0000000ac0)={0x0, 0x0, <r6=>0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000b00)=0x14)
setsockopt$packet_add_memb(r5, 0x107, 0x1, &(0x7f0000000b40)={r6, 0x1, 0x6, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x1f}}, 0x10)
ioctl$KVM_SET_IDENTITY_MAP_ADDR(r1, 0x4008ae48, &(0x7f0000000b80))
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000bc0))
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r5, 0x84, 0x1a, &(0x7f0000000c00)={<r7=>0x0, 0x29, "fb6190b3436cf70739e53951df5776d5a3e4151f7fefc28ea648b1f5dad6aae0e9ca05b3cba16763a3"}, &(0x7f0000000c40)=0x31)
getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r2, 0x84, 0x13, &(0x7f0000000c80)={<r8=>r7, 0x6}, &(0x7f0000000cc0)=0x8)
r9 = semget(0x0, 0x0, 0x23)
semctl$IPC_INFO(r9, 0x3, 0x3, &(0x7f0000000d00)=""/203)
ioctl$TIOCSBRK(r0, 0x5427)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000e40)={'irlan0\x00', &(0x7f0000000e00)=@ethtool_test={0x1a, 0x2, 0x67ce7655, 0x6, [0x0, 0x3, 0x0, 0x103a, 0x1d, 0x7ec]}})
ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000e80))
socket$nl_generic(0x10, 0x3, 0x10)
remap_file_pages(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x1, 0x4000)
set_robust_list(&(0x7f0000000fc0)={&(0x7f0000000f00)={&(0x7f0000000ec0)}, 0x2, &(0x7f0000000f80)={&(0x7f0000000f40)}}, 0x18)
ioctl$LOOP_SET_DIRECT_IO(r1, 0x4c08, 0x1)
ioctl$KVM_GET_TSC_KHZ(r3, 0xaea3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000001040)={r8, 0x3c, &(0x7f0000001000)=[@in6={0xa, 0x4e22, 0xffffffffffff06cb, @dev={0xfe, 0x80, [], 0xa}, 0x7ff}, @in={0x2, 0x4e21}, @in={0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}]}, &(0x7f0000001080)=0x10)
prctl$setendian(0x14, 0x3)

2018/05/24 23:57:22 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000000000060000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:22 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x4, 0x2)
write(r0, &(0x7f0000000280)="b72beb6c1e21c4558692d9bfe46d943de5a5319b678562bf007c0dc26bb5efcc0b5b37a10b74636679b8a3d2e9987cd05a03607688d721f6161e955ec4d38f1d94ceba974c2e92609f5e0b9efa781e159d553abf42512225eeade235bc5c9bd402fe8c719f1aa4675a503b4106b6862852d54f3286309b04a1d3592e2e136b29d3bde3ffde6ff4de9f8b60878df38f934964e54c4bdfd3cc2bf98929e22a02bc785e82266e79b424dcc30402d79f0b298ed73a24e46a9b0ce759a5377b237eae3db582d7db90fd796890789b043199b9ad4247f6f3997919b310b0a7009a583062b84db0605c3541b460d893c784968c3f53079415d7689d411328a38354c3348be900dc7c41c5314e486d20b1432f9eafa8cb730eba4664d466b8c335bfa26dd9cce717335be36e574cc30a76907d4de2ba963b4273bcae86d62f454d12904b53bd809bcf466165de1481b703d0874856492581fa6e482c8543e7b18d5c9b46ceaeebb21d6b5c5819ff9fe79c7f5ae3ad5d8a9e42ecbdfa7ab150b03bb8ad65e75ce11c41f691d921f43221f3fe041c53a6abaa85b78aeaf1ec7f5c81ee8bfd4dfddec39f5c7ce3e27f34364867dfa31588aaf928ee803a13643ef3f4b5bce6d27edfa2dfec97db581054721c6c60ec86e8fc01131b51015f3f97a8f93cef2956643136d63c0601663e574644f19379e8dddda6626047d5e8088555056a3399e855ae62781783bb5bcd718739ab9459cd4fbf3be57e020ccd319e21e8bc502e7c8bcc28590826b165e027125531a9e295c09806b633b7e732c5f03d0835bcbb09afaf98a94e18dfd2cd7d230195ce9554f39ed7d9a643151e1d4468c11e213e7341b643a3bec3cfbf5e03cc1e229a81ebff4a5237802a5cd426c10b9d8b4b653fe5ff9613a65236b21e843a48b888086948d36af362eda7f7b652f7f4821b99ea0d3df7d918172949fc8b7ad49f04285288bd2115c2826a90c4b4f092e33ce1a2a1fa4a14cc55db8b4fa544a97bde0ebc21b166d27bf139afb23f8286889633a969e8da7107faf08cbfc7259c89d0388d3bb07d16aa0832faf068397046ae0bd86a044b2016842398ec0a5df51093c170237a93cd13236a140105edaab85ad10f50269acce3f86b9c46cda2538275fe70c382bfc1d321d9c2168827acad620b9be270f863ec746c480b58b8c29fc1fb0f1143c47012ec5af2fa700177c4c95a7e54d01b189fd8925e8c3df5abf0bdd1e73fb5c4feea2398367721388bc08f734dd2177dad1bef81a89830379b1ad92d20d6214109cf54d80ce263d14cd804dcc6e9e3a2b055c8cbbb796e56c77cca72e20f8f376622449d6d31ad18d670e6d2d73d3adb8c711a9b6a30ac506fedc7e93f2d403c36d1c7d08ddbffe1fd56e0c56b9d3df25c6355122ee1d332808ba4e9d954146e92fbf2ebdd0c1b491327861e366cff50da938deab12e26b0a04feac39482642c3aa0509887d7dfff13b1f6664050c5598065ef7c7b6874225a0ba4e0ba0b5239b51ee457ab34efc6de42accb63a2fa58fbc8d58718195ccc193f274ae97889d259aac15c74ce605d23f539aa51be73bbdcf4cd48276482a9ac0b1e97a93d90b5991baba5c3fcad26b1fc1f3a5db3680ecc249b88785e89776a34a32433e6d8cdb16503224799d6396d58d6e2dccf6ecb8f22ae27a5890565661b6d59cf64c0bd49f46ae6e900e22f75e9bb3eb3985332f629f203fc70fdcc3a70f2d1d22190725bb7cdefc12b3c49dcba5206cf3ec353e389077aee1115479a865f490d3e073155490b4dc981d8c8b59c248ff7164cee86aa253be76886f0e8184fd9a6f48d14135cfd1eaf661fb994dd318c658fcc78f98f7cdbe82d1c897af1c0b287f1b698d5719f9e2ebaebfaabf03e4e4aa3e6c341b00e7116725a8b50ae7b39071320110304fbcf788052cd12c74bffb5edc4a9e9ddcd5a487f2b556eb7b7a9cdcb5141cf005ee1492d512d6107dd2de7cfd75d98918648ec909e01a927fb90fddf732ae2eefd5d9e00863624cc3f3f07a4df3bba25d14b2d9f5198d92e54e5f42094dfdd7b7ca022158a7d292f76ecad9f7fd95d2186c97327f68d2032baa27e685d511d19c1297b1ea8888dcae340a4e99f3e8e4b397688f263d764b5e873dcf080cd223861135c52e262209f622533f1e1b8861d15c7c637d7a0447f0e079f864eb210cb47926c95815d61cfea2716e1cf1a852df8674f5cb68fa65bc670b9a5cb0349c05f09b7e70f1adf5bb72b50c4e312fc2b84cd8001ec6b8550da17a25f1178bf339bec7d32bb6eb2d6ccb2a60664faa490eeacfe9e31f31cfc8be0811a19fe4a39765531287e3f07651df7f99325d2a6bf7cda4abe4fab3806e7983839098d7b7de8317ddb577d4355f35e33f8386ff3b7751577fbcc9f754b1729b7907738e57b82461a8efd748e12d8a6a468dc70d3aac3a404a4bf378948c61f293e5518f409c74ac6214da78a3f6c1756e6772a76b8a23a87049512bc30ee17267db751a3916d80105e2cd02f3b98c5434bbc0fefd15f079d62b7487e8ef83289f3af2aadf104ffc7a8674c8900bec1a0f3b945dc02ce44026961bccd53a1bc49a7532ad2531db9938ba6934af96296af7cf8af8c513a4e1acd2faaa03fa4c56a58f6395b08784d4e58caa108aadfd12eef4d9723e56e83550422a48602af73a6341b7756a1ae9e121e57c5d04e89f06f4e92128dc6155e834eb1f931c718a4e8af2cfb43455eaa9435b8fa9c7654323b1ffd4a3e8aeeffa4d866a72cbf8ffa7253093b73ee87ee95c9c8df67c14acd167b3a6015b3d5cac646e36c2b45bca572f5a9ac70328c0dd156d1213e6775adef019beea97a51b3db6522f6cf86cf6af6c9105a187316413a0d3bb9dffc6ff5bc05b8717675dd9b2062f706ff84218ce6d72a998b6c71811d27dfe178f47aa6d208cc0c4b33ba7826bd36877f44a33c2afd45d65e9e2b4a62abf2ee86b19445a6e9e5e1760ccaa5acf7620b49326c3f8730491be7ee6496a0fd30504a0364d7b64b117c5771d03f8526f90f2116b27f577ca25d636b78db18d7618474712ac654754ea1a54f09fefbc9adfe2197bf43953b51dcd3edcfcd4693689154e8f36869ccc22826c813deac80a13e4a768ef7914c97bd7dda766b326046197ef9713500d74dadcb629b868cc6bde5dcf2a1cce72f79859a8c0907f24585ebd1483cb63897c7506bec0cd7cb2001092726ffaee7f88f166b92accf8e33e2654bc2e403632e3804118e888d3d07adb004f6252786333d9eecf9bcf7291ed68619d72ac5f4c247fe444f107625dc5f69293e14a4e52721c115127e80997365c1c7ec5cf922a228bb8f01d8b24ef7beae1e75c9bac25d3a8873e38ddb04d8c89246e1f8af8a433f39ec46f501f85846aede4236edcb6575be6d5c7097e7ec73820fdfd8527311c27e5f31af7a4579932ed7152e736da8a021f4c2089d89a25df7f7842d6fc08eeadd2d0d3bea9a763d09d0f9ad5ec15f061e319e1562377722a9e92a47bce6dee4bba3ec5dcc6f5405cc1c2e6c17691c4fa44f7a01aea4e48c8d3466e2111a7942074bafeb8c55a33fb7b3e9ed256664930b96ca97a00d841b9d807b583acde543cda0599250a7f5db0f24dbbd56566c6aacf2997c1e5705e614724fc33ba2c1935352c2c3823d0d8a02cbd57d9cbb9e6eb830d15ce2cdf6fe9ed09eec03a58016cb3b67c55ae5bb6a3547965753c333fc402fa54312c089b09dab8e6b85c07bceb1fe507ead3dfcdfc716676ede87b5ddcba55ec71329d839bea359e908f69872c1f127d496551e73f3c7b21b0350b8e8211c8b7b112637671ae06b5ad45c538a162dbf68b594ecada62a64c3b59f09aad1cb91a4dce8cac6870d34d164a9d2db5d8f01dd9b89308644c09baa9f39893c47261bc776a3d0d9793e46f4c18db8bdf4f35978fc7751e2ae25f3a9784c6c5515f41b7d311fbe3493a0a75256f2298db9d3aaa84421aec266130e72ea8665a2c0a717c5c4b0ed0e59089610be2da41a350e8d1f08e514ebc306141baa6b1c462de05bc9b6c8c2f85c4b088cb63482eedaa53da92803cf0025c4cf4dd4fc3597815ee837548dc821b6f72b9aba82fb370ecfb733801a6d3ab594d0b5f1b8fe19baaaba47a8cc1482f89f402d62a1ceb3211ab6d5edf0894162fdb7fece30175a87d470a86d0abbdf3adf23ac3ea678747722f53eca08e4e6868fa9261d3197dbfdfaba9a6c8e5c7ef38722144df8de439617c1939d342e79a5ca43229dc91f9048b90099c587fcb3952399ee1db0fb079c79d5960cef36ffb18e6cb9626a2dd9b2b7fcf6029ed449d93253626906364a8223300517a85dc7058d4d0513b6f847bf58e90ce0bb4458ac905bcb59c96b2046ad04e33519b5ba2a8775ad79da7c4969b00f3bc3ec72a21f29e9253624ae2391ddcbe71f5a0779ac46392df31bc78e85a43cddb6ac1e6c80a11d091ab93f0238dbf038de4969d74591b482f026eca72aa74bd68a860082ad04580c58b34b526b7d6e3d84b557174dcd1cdde8000f87e4f37798a2e4ee271201e9bba44f46e296ef9acb8e2875f026d136766f72a2b9a31d6608fe54b9829115fa2ee798ff48da4d7968d8686d24955bf5019b02d6aae9f5dfd4bd766dec1cffb34c18353ce182708d96efe3fbef7a483f9c3ed5981c2427f5e6bc435751e01ce84116b5f44307711fb18bee4b7a733df5080173b0081614c80cede26fe4d4395eb2afe59155d7c036849511428819473afa04e205b24661747a8606f22ef9717c373a3197713cc2290cb315cf20c813d26171a279c318ad5afd07de8f9b19539890201ca880612f4d81ff656f84808f140790805c00a94fa1b5e8cc58c2e0dca172b0954121b6b7c654bc9e72c389c11f027874f97932c747240547aeb363555ad2116befe92c229c9f9b71e414ebe14ebdb7d9e7c8417e26ee5957492be8526cf1f86baab1895b50e7226c8f6e1662caece6e5b1baf294942135eceb65c3d68858a36ab6f7c59fcbcdc546b8cfe9d4fd827c3090c3b5f219fba1abc236cf9df57d42b74a103f1a65c0efa02adee089430572ad91f23dc20c8c40e76d3f0296514201e0b64720d7a766401c5b15ae185bfb7cce76da0fd75afc0b92c4d8abb23557ab00eaa12b1bf7816abd06a3bd652adfa1680b492939b92baa885fa8521b753c68a7edfce748b272a564a694286758ac46186368d94b3b2d3d43be1b15dc5a6ed1fba0a2adad32d7ce9e87824a55891b4c2ddeaad2c5f38a412e4192ed72e6562726988b57feae677f0dc05afa9c834dedd8f9758e68ff534cbade65b509eb6977f6db1fa431b60537c22e8fbd9dd55c18e413d458d432da6e22ef3c726e6e22a032381d3861d219d68c033833dfb37159b2f19beb3c386db1b36dcad1d38fa2d2c31326b24fbea823169be908051464f0e571ee2da5226415a822bbf3dbb82a9e72f66b40b62ae4f5ad0b029bf898ec45d78aa03dffac65dcad08781462647431b8b0f84b9c6e49df07823f21eb4e742d441d0fc82102b3c5c20ee6c0a6a6419596ab12bb48ea4419f602d2e6482477af19b00311af54a05415487ace87190791d86e3a290fcfd13e7fccd76350d75f50d6aee6032228b9ddc1cd80f3c78dc44ce49f1a6dfbd1a6a0104f09a5bfd457f8a1eab138b2fbb6450ea8daad922ca36996585ba4dbeaffb8bc3f5ff4c9117ce9d3f6846e46e69fd290850f6c5f1085f25906c98b1f29ee79e0e678fd9271e79799ac6be47f85d7608440668e8db2c4dc", 0x1000)
ioctl$int_in(r0, 0x800000c0045003, &(0x7f0000000000)=0x1000000)

2018/05/24 23:57:22 executing program 1:
r0 = syz_open_dev$sndtimer(&(0x7f0000000140)='/dev/snd/timer\x00', 0x0, 0x0)
r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x80000)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000780)={<r2=>0x0, @remote, @multicast1}, &(0x7f00000007c0)=0xc)
setsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000800)={r2, @local={0xac, 0x14, 0x14, 0xaa}, @loopback=0x7f000001}, 0xc)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000000080)={0x3, 0x0, 0x0, 0x0, 0xfffffffffffff4e3})

2018/05/24 23:57:22 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_RMID(0x0, 0xd)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040)='/dev/snd/midiC#D#\x00', 0xffff, 0x400)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f0000000080)={'filter\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78)
ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000000000)=<r1=>0x0)
ioprio_get$pid(0x3, r1)

[  704.126771] binder: 13728:13729 got transaction with invalid offsets ptr
[  704.138075] binder: 13728:13729 transaction failed 29201/-14, size 24-8 line 2999
2018/05/24 23:57:22 executing program 3:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='children\x00')
exit(0x0)
ioctl$TUNSETVNETLE(r0, 0x400454dc, &(0x7f0000000040)=0x1)
readv(r0, &(0x7f0000001440)=[{&(0x7f0000001380)=""/140, 0x8c}], 0x1)

2018/05/24 23:57:22 executing program 4:
r0 = socket(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@broute={'broute\x00', 0x20, 0x2, 0xe78, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200007c0], 0x0, &(0x7f0000000080), &(0x7f00000007c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff010000001100000000000000000076657468305f746f5f7465616d000000697064647030000000000000000000006272696467655f736c6176655f3000007465616d5f73ff5e76655f3000400000aaaaaaaaaaaa0000000000000180c2000000000000000000000038090000b00a0000e00a0000616d6f6e6700000000000000000000000000000000000000000000000000000050080000000000000000085000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000ac141400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007245ad00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000ac1414000000000000000000ac1414aa0000000000000000ffffffff0000000068656c7065720000000000000000000000000000000000000000000000000000280000000000000000000000482e323435000000000000000000000000000000000000000000000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a30000000000000000000000000000000000000000000000000000000005345434d41524b000000000000000000000000000000000000000000000000000801000000000000000000000000000073797374656d5f753a6f626a6563745f723a7573625f6465766963655f743a7330000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004e465155455545000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000feffffff0100000011000000000000000000626f6e645f736c6176655f300000000076657468315f746f5f6272696467650073797a5f74756e00000000000000000065716c00000000000000000000000000ffffffffffff000000000000ffffffffffff0000000000000000a8000000d8010000080300006d616300000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000005345434d41524b000000000000000000000000000000000000000000000000000801000000000000000000000000000073797374656d5f753a6f626a6563745f723a7661725f73706f6f6c5f743a733000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005345434d41524b000000000000000000000000000000000000000000000000000801000000000000000000000000000073797374656d5f753a6f626a6563745f723a6273647074795f6465766963655f743a73300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000fcffffff00"]}, 0xef0)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x61, &(0x7f00000000c0)={'filter\x00', 0x4}, 0x68)

[  704.208739] binder_alloc: binder_alloc_mmap_handler: 13728 20001000-20004000 already mapped failed -16
[  704.237279] binder: BINDER_SET_CONTEXT_MGR already set
2018/05/24 23:57:22 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$packet(0x11, 0x800000000002, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f000095bffc)={0x0, 0x0, 0xfffffffffffffffc}, 0x4)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21}, 0x10)
connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10)
sendto$inet(r2, &(0x7f0000762fff), 0xfdc7, 0x0, &(0x7f000057bff0)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10)
sendto$inet(r0, &(0x7f0000762fff), 0xfdc7, 0x0, &(0x7f000057bff0)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10)
r3 = socket(0x11, 0x2, 0x0)
r4 = socket(0xa, 0x1, 0x0)
prctl$setfpexc(0xc, 0x2)
r5 = open(&(0x7f0000000080)='./file0\x00', 0x8000, 0x101)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000380)={r5, &(0x7f00000000c0)="6cb0ec997b53bc81fecfb46733b829e323ef87423293ace8ccba80855c11f0b8ef332a915591b93e0494d71078e841e10771545c6d200693e51af57c78e80a4d3bd868b08f8505d735352148b315f030d0153e5ba2ab3e4fd632c43bad150bd6a0d367170b18216bf51747526db6128546f6d385d9165cc9a4044f813e7ca5a61a6be43f4b445ab0c35bb50b436ba5f17d3e71218240e14c8ba4872e93e54ac2db7b24b2c1cd88689c431f7b16a82b05be3446583aff9bdf144cb61701e3f3ecd7df7d12822513f26e19136bbfb4cf3fcd", &(0x7f0000000280)="b021f65fc30b0751b3f2cb2142b63268f27bfebc256605cdf510ffd6c9aa47353f0e7b5380edf0ba9fd377e34a9ec8dc655ed96527921ed138895e7e8e5a950fb2357496300d5b0f56966a36a4e1d77511c7bf6dbba73037ea99e27aa78a0050914a7452314df69c114938e52a302ac99e0b183065c18d031728c765aed04d3fc33ef50c1847bda6bcdae08acc2e7f7a94f290c9e6d1de9dc5bac1c61222105dd9c7150248c7457b0fd8c097823605b9becc294535dfae833d47e0050077cb1cc95704cba9fa98f92040a3603d18d072e9522a93ca7529c9221cc141420b7480203772fe32", 0x2}, 0x20)
ioctl(r4, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'bridge0\x00', <r6=>0x0})
sendto$packet(r3, &(0x7f0000000100), 0x0, 0x0, &(0x7f00000001c0)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff]}, 0x14)

2018/05/24 23:57:22 executing program 5:
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sys/net/ipv4/vs/backup_only\x00', 0x2, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x20000, 0x0)
ioctl$PIO_SCRNMAP(r0, 0x4b41, &(0x7f0000000040)="8c51a56a9220caa8f5ac1537e51d6550fde8fdc8bd1c30892aed520fd1c33b4789f507173adc2ee34eef8f39b7da56ceae705f46207caa0d10d003fcba18449c8955d01d8b12120c58b08186a9a51226488fe718713d42b4cd5b47c6eaba4151b9c27b28daaa8737582cc0138cf898e275656988cf0e5ac7343290e77e24a114dcff089112c0ff5c70e00314d876a85405536c1e583e2f9dee0e96c29148752938b252288de716af4b2b729bf10cc1b69072c3ef47d406fbcc32690ff13319fc75e6bbe22990ad7120aeef8f6f0bdb734f8c1c90939566da698dc896f69c34e2e5")
ioctl$TIOCGPTPEER(r0, 0x5437, 0x1)
r1 = syz_open_dev$dmmidi(&(0x7f0000000140)='/dev/dmmidi#\x00', 0x7ff, 0x0)
openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/qat_adf_ctl\x00', 0x800, 0x0)
getsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f0000000280), &(0x7f00000002c0)=0x4)
ioctl$SG_GET_SG_TABLESIZE(r1, 0x227f, &(0x7f0000000180))
r2 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000200)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$clear(0x7, r2)

2018/05/24 23:57:22 executing program 0:
r0 = socket(0xa, 0x2, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pread64(r0, &(0x7f0000000000)=""/21, 0x15, 0x0)
symlink(&(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='./file0/file0\x00')
mount(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f0000000140)='vfat\x00', 0x0, &(0x7f0000000080))

[  704.250505] kernel msg: ebtables bug: please report to author: EBT_ENTRY_OR_ENTRIES shouldn't be set in distinguisher
[  704.278345] binder: 13728:13729 ioctl 40046207 0 returned -16
[  704.293351] binder_alloc: 13728: binder_alloc_buf, no vma
[  704.299089] binder: 13728:13766 transaction failed 29189/-3, size 24-8 line 2971
2018/05/24 23:57:22 executing program 2:
r0 = socket$netlink(0x10, 0x3, 0x4000000000000000)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'bridge_slave_0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f000001bfc8)={&(0x7f0000db4000)={0x10}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)=@bridge_setlink={0x28, 0x13, 0xa29, 0x0, 0x0, {0x7, 0x0, 0x0, r1}, [@IFLA_AF_SPEC={0x8, 0x1a, [{0x4}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x0)

2018/05/24 23:57:22 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000]})

[  704.321309] kernel msg: ebtables bug: please report to author: EBT_ENTRY_OR_ENTRIES shouldn't be set in distinguisher
[  704.457110] binder: undelivered TRANSACTION_ERROR: 29189
[  704.473517] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:23 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo\x00')
fchdir(r0)
syz_fuseblk_mount(&(0x7f00000003c0)='4/file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000100)={'team0\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000140)={@local={0xfe, 0x80, [], 0xaa}, r1}, 0x14)
ioctl$GIO_UNIMAP(r0, 0x4b66, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{}]})

2018/05/24 23:57:23 executing program 5:
socketpair(0x10, 0x800, 0x800000, &(0x7f0000000100))
socket$alg(0x26, 0x5, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000140)='/dev/snd/pcmC#D#p\x00', 0x7fe00000, 0x8800)
socket$inet_icmp(0x2, 0x2, 0x1)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ppp\x00', 0x100, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0xa, 0x200, 0x7, 0x0, 0x10, 0xffffffffffffffff, 0x1}, 0x2c)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000000, 0x4000000000003d, r0, 0x0)
mmap(&(0x7f0000ed5000/0x4000)=nil, 0x4000, 0x3, 0x400000000032, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$sock_int(r2, 0x1, 0x21, &(0x7f0000000040), &(0x7f0000000080)=0x4)
r3 = socket(0xa, 0x1, 0x0)
ioctl(r3, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0)
mmap(&(0x7f0000fc1000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000a20000)={0x8, 0x0, &(0x7f0000fc1ffc)=ANY=[@ANYBLOB="0563044000000004"], 0x0, 0x0, &(0x7f00000000c0)})

2018/05/24 23:57:23 executing program 4:
ioctl$KVM_CREATE_DEVICE(0xffffffffffffff9c, 0xc00caee0, &(0x7f0000000000)={0x7, <r0=>0xffffffffffffff9c})
fsetxattr(r0, &(0x7f0000000040)=@known='system.sockprotoname\x00', &(0x7f0000000080)='numa_maps\x00', 0xa, 0x1)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='numa_maps\x00')
readv(r1, &(0x7f0000000300)=[{&(0x7f0000001400)=""/4096, 0x1000}], 0x1)

2018/05/24 23:57:23 executing program 2:
r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x0, 0x0)
setsockopt$netrom_NETROM_T2(r0, 0x103, 0x2, &(0x7f00000000c0)=0x8, 0x4)
syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x2, 0x57732e8f4b9a3fb6)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
syz_open_dev$loop(&(0x7f0000000100)='/dev/loop#\x00', 0x81, 0x101000)
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, r1, 0x0)
syz_open_dev$amidi(&(0x7f0000000180)='/dev/amidi#\x00', 0x800000000ffd, 0x48d41)

2018/05/24 23:57:23 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000006800000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:23 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = socket(0xc, 0x1, 0x0)
ioctl(r3, 0x8912, &(0x7f0000000000)="4626262c8523bf012cf66f")
pipe2(&(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x800)
ioctl$EVIOCGRAB(r4, 0x40044590, &(0x7f00000000c0)=0xffffffffffffff97)
ioctl$EVIOCGRAB(r4, 0x40044590, &(0x7f00000001c0)=0xffffffffffffd710)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000100)="3e440f9874f40d48b8f6ffffff000000000f23d80f21f835400000f00f23f8c4c3557c530f4c0f1f00c4019575603db974010000b8d42d843bba000000000f3066baf80cb83c4e3985ef66bafc0cb800000000ef0f01f8b805000000b9000000000f01d96466437cac", 0x69}], 0x1, 0x8, &(0x7f0000000200), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2018/05/24 23:57:23 executing program 1:
r0 = socket(0xa, 0x200000000001, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000300)="c626262c8523bf012cf66f")
keyctl$session_to_parent(0x12)
openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x8200, 0x0)

2018/05/24 23:57:23 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000000]})

[  705.168125] binder: 13798:13799 got transaction with invalid offsets ptr
[  705.193006] binder: 13801:13802 Acquire 1 refcount change on invalid ref 67108864 ret -22
2018/05/24 23:57:23 executing program 2:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f0000d65000)={&(0x7f0000de2ff4)={0x10}, 0xc, &(0x7f00007a8000)={&(0x7f0000d7efec)=ANY=[@ANYBLOB="140000000701ffff0000000000000000fe0000"], 0x14}, 0x1}, 0x0)
socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000000))

[  705.215990] binder: 13798:13799 transaction failed 29201/-14, size 24-8 line 2999
2018/05/24 23:57:23 executing program 0:
r0 = syz_open_dev$sndpcmc(&(0x7f0000004fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
sendto(r0, &(0x7f0000000280)="c02f72d4a02de4198a6967ed08687ae76a87e9b6941d707db96602a4b28a6a7639bb83d1fcf0c5c99ca6b5c876874a44e0d1f7c416bc4d279d0ff83f4db720b7389ae0be7bcecbaa154488640a060699ef598eb6dd08fea0b6d84a6d96e0a8e3aa19f3c45caaad934591dbde68a251d828e2ed313353df4343648e738894e57f505626eb68e9263c0e90a2a69105a2d5783b0a6934be2e79b7f05af25777fe81055e281b5bac2d322e33baefc74f33d91b4c4c1b3c607e483610b1a1cf009ac240fbf977793152c4ec6e309dc656526bf22b82511d24019413da25de030b122a0aad1fa6eca3f8d2bbe73ecbb7c03e4a5568f53dec6b6d439a9397b55b27a228b149645f5dc0ccd65cabce3c437e9c03fe1913438b785a1cabb55d1e65ea7b80bd43861ebace14f6247465903abfc9bc9fd56ea10ced1548035e896391b901ee29bd2772e9ea75e0dea6799a2cff1de46d19c5ea5b94f6ab062fa735834bf32589d52788f154755ab4ab3d8e7827fa27c2c2c25dcfae8bab7f557baaa6e05c330564066419a2768fcc0e8e0df9f5ba57ac5a266eb0567960c94d8106340150e609618b8e4205b4cc496761357de1e2df44094a8bb2b5a496b884958e7a77d225b2715871a6949c76cabd05ce073c8414ec737ca9466a128fff7773ccbd2570e70ea6a0f5af309d19c1ba1512c747038a4586be9f70b5f989f014711a60059e6363aaa5b1401aecee7f5112b06464147527c731e26eb5b533cc1439d3af58fbf2e36b2218c530c9a69b41087455b84a48b6982a764ceb23989141945c86350a88530f85ff5ebad61e7a9642137c53dcbec561cbf46c93f1a9f9fe59326b0a40dd14dfee651840ad80156d1db09dfd325ead728cbba661d12fc0b650ef19e39e34e34693be4d95782751351df232f1253d05fd291d2167ca139ec44edbc519acf2f28c18a23d7b018fa551b18c0d3b9a403f9717689741a56aa593d5f81525c58cf938cda7356049e9289362fe30cb4ffa08a0a38bc586d8e0da58318d62ecbbd56b125fe4936ca62020a21e05d160fae9231810d4b4ddaa540a1cac6c89c6c809e96da11a4b9de827bdaa04386993debab0b0c5e112bf6323fe31f2e2b0fe275570213eaa14c079a2a1fcb2ff2a02c3ee1d65bd403dc7c5dd80c01f0c8067e255f5d53e171945bedf7fd00d4b1cc47f60f1494c716bccfe70b1114b9d3a1f7c8d0829c129b4396a4e55c83b9db0070d3ff628237ade735c5836738c829b187eefa13491468aba58f6a425478aafe29f3d0951e7a0ac63dd7c86db99afab33e04efa2d6f12079748a9ba175e7bdae2fe1a0cb7777336332708bf4d8735d700612415662008bc0d9c5916e3214e1f0f4d874ebb959d55c10cc93fa33e09de8dff555f0e05bd2e3c15a4ef68662a821c44682f9180103a0ccd706ea1a952062246034aaea753d968aaf3bc6b512a4e6ba50c1233f954d0ef34a0ab52397eaf3cb9912c08216c76af352ee00300fa1e351314c9edcb84142650791915c86f249aead294bd5b6c70dae0879795d3e65383f228dbb474afcd12cfaef3f0ea6d51bb28e30a96fb8d8c58ba7dc2c3c1af024f94a355390b2fde6a6c36628e9cebf5acf9f0ab1841e8aaa719f8993ee7e23ae5603488cbaadd32ad52ea383882cec0b96bf34c8e51455b82815812c8ee150287f1a5afc621dca6f94041a7144aca851bc012f9fb1d8fb4e4b33d75dcfd24330a5e0e96a222c66a8e3d5c1066d23a31be4330cde27ae333cee85efe5c9670fb04ca0552882b2624f94fb4683d442c442f0f36f44834be8c3c9c72c21f2db68ea162869b61163e947fd34f869163674f13f89e44e0da2fb519d95c340e516a49ff37c132cf94e6f24e901087129062e6da0a7e2628d15ef1bb47701b381a9ad01f840deaa492104a1b2feaa344025dac1c8ddb967dcec04cb53a8c59f72854012f75d893d0780d4cef7bb9afb5a571ae2aa405c493e41fef580c0e33148ec6eeb99a175669587eaf70849ab9b94a67491d3a560ac7e3c423f18cd2ba45849e933f195c3c9900bc1259f332695e6629347e15f9ce70efd6151047960ae3b1fbd2925bb73a1d75fc03103de9b0025e993db1fa004228e8ad80c285e18258f1821dd1fb4d81b4822747104a6f39970b41a3db52c532c29b33be6da20accc7b81f0f42491bee6cbc6bf1b4445cbf495505b7efc578edbb6ad34c30d9e932a8df83769d9a465ada7e30f0c1e3180073182ff7495596d0378dc22308f27f79ed3d137f2a423a10a7390c6bbe2cb512c58a21bc1723cebb91f86c79f50feb56f56e50c852289f0f8fd19eaf8156e5df9375d891bac1a1e1b43cefbd821e5cbcafafc4a6c13e6ef28f18f9463fd12624fb84b261d88b2ed4b2d6c95990f71c2f8ca09eea3b46160a7e76b0d6f29f80c2a4b3d55abb2224f337278c15ccd7b5f62b0e6979c8226a33daa0cd418247a924a6cea6a7cb8307cf7b0620a31c09d72897e4997e9ee583cced061b5ad3acbd1a0426b13b88c448dbd2fadda9c8685d3828ac0ec99581028c549f422cffaf4a1e16913e3bcf5543160cfc704fa4f1ba39bd6e881016fd5c1a0f82d461898dea5005e31141bacd6829d4beb1ffd91fe17596e31434c24ea81ffb5eb2bb73bc5bbcbd1a81428f6137824465c6490731eed53f7b18c21f9dbe30d1d08ceb4c44957dba5cbe64c1f16d80eabe86b889dd8af430fdbfd8c87cf471769b2f3d4d92a56e4d12959fb13f6497c4ee09b58eb0ed5e3e9655d2e5e575d367c321e5887b9b6032e94dba7817dc93d93ec365107ef977ebf9b405cf94b5f46c45737c9085866a9c9dbc931dcde7fe18fa8f254d907abeb26cbd5f41e2da7128fab69028b7c29072fe2eb7b9f5ef4aafb1290ce7a566039ea3b9f055e501e2db8f0c379dfbd2bb9e52e18dde8f50727b2ab4537395b92dd01163d197868f608c08ff818c8ea1bc9756ab390a16408403bc0396e66a1042418701e23d074f1cabfb05c24a48597981d887f08688806abb2e1d1f5e7d882275dd29c48cab4fa33eb0567a8d64f1372b45330887988a7a9aa41dbdc536773e5d3ed35bff084c48fe1aae489ca2defd0d60f5082d5f4c2bff38be3730cc0c93ab6191c0e2eb4f0cd0d159c8e144c2b2e95f536cf5b3a007ccd33c16f474d290cf83b29fe317266c6578ee44bbf65e8cedc48a6ec771766a305b02f69aed42351a61437dd18cc077161241cff774b4764365cd95eb70b78d47f254468844e64f3011e96afdcf006ec05f871bac67680bb673fd751379d8380968a4d80e53f2fdc908cba9af49c22a13496c379a1db95ffc76b82f559e560b66acab1c8a64b738a131d54a1f8de22d8b1e17d643a4841469f2c38aa685e3211789a5cd2ba780822690a11d718814d40afd5b1ccea89c9fb4b318f919d0c25b9faffffb6b489daea5b3554906e4b29afc6e06a64baf867d216e808d2967312106af1a88687d1775e12194b756d57f488ab1f431f38b89c9ad2da42021196e9371961a60fad01a022d0222720ab4e372d859bf895b8af28ded8de774915198102aeb31782246eb8f89ac9c52eabbe3ec065f984f893f5b9047af00f5bc362385651fc8cf80e4d3f30c9837b27b61441f5068d7ddc223a519397dcb6181d963d9ad83c5989aa5df54046a79cd0ac96d447e7de4355e94be8e9a869be9779747db25a26fb9c814db6cccb9d6fa122f0f7f061d3cd4d34df42937cfe88f3f0fd891dfb42bff7ca9a723b822e3186fa767bfb123c043c9fd631fd4071d80acc1fb90ffbe50ceb188d56cb01784af80a9304e639f308c8a0d05340551ed5f5f4668b557ff05ec115bf1c8052250bd957884dd1c0b7264d0c1f7984d69121b40d6403a76a7d153af7caefea6d7f130cb70bdad43c811a8c5eb074547600aaa0a942e7e16f61684bfd3c84fcbc0e9e67cdd99962bd934cd1a0044f8f07fb5c9b237e7e225c497c91b95d207f2d96fe2e10b42f456bee8a9134296bd535f042d661b6910f28c7fcc5194b4749cec1dae79a846c8529cc7808ef932cc188ed9403e80339e9f80747f22a1cad8efde036d75380e5ded6672662e7d8a1ed19a4fc16bcabc57715a63c419ba9d243b2139e55f3f7e98f166d0d867e5b45d97b598f69247e0712855fcce96bbfb2d279fb1cdca6fec0ed96bf6ebec6be7d2e36947d94ed7b497fa0fbbbaf04145a666db9b0ded4274f3d46fd6489196705bbac8acf743799a9b66c2d99d0c51431d28ee8784a354ab4a38d2c3a0fb4c1b62b2bfd00a008ecc5d5c43c47cf0629aacf99caa118ebd2f2aec1c9c61334650eabe4b4e124eadfe9f4645619c4b3275261a85360b9f317f72941af68a55a45f803496fa91fc4f9fb48a711fe2792d44c4bf76d20ee14a8d4169b215da564421a1028360afff12b971b48415eac77a88bc79b4e1c4fc226d39fd38d0fdbf7e321287f0d4bfa498bd737db536f24b027097b7094cca22afe90dbf493725e8bed3d7a20682babfc2192b1bb6ff6a7e4739b9c81082a3bfff8b5eee0d8b5b63544a96b3c3882864114b11b14925beffc7d7b48cb96459095e56bab437e48e08e56b7d754e6ada1cc5d453a8006f52f238b9287d9de11b9fab394bbf2705a29a6f701824466f34459fe4aa0989a07528d1b8cc7a376f51b331dc30fc8cd04f89f5969ffee6fc0a57f773862af209aebd250e550d0e09e48bd28a1babb8aa325d42cbc28f2ca076e2e06cf619666da60703a3065725c7c601bafce37d9c19e4cd81728c25ca20dda30fc8a4378037d4ad1f94ed61eb6adc8c99a8e44ae8522fea0b72793b2e7e93fbe30592fe9401eb92928524ebf7d2b5cbe78c1432655f4935e1bfc4f6bb36b3e68cc0dc993f1589ba9c326fc3bfb5fc63058a6cc8e3378e64b0145148a151c123f39e2bdf628cadfd2e2c3975b631fd61726f397823b0543b8ae6a94edc7bcf23c6b5c71518fbfd48a50aa69eae34ca1a9b5ec5ba78d8d638a79651de169473637f1c61a1bbf69c5e969c98b7d51339a332adbe16ff748ce010a39c36c111be2868c9d63fb847c191cf9bfd7b99f4e94cccea48f6003a9a442d80c81eb9064c5d256ef1de8455b683a15ff4b117b144cb8e2aa4c8dd0668f2236656c52830c854ce17582742180946672e6c28cfdbae9ad23ab5c1d4e16a1bfe0a5239affeb88a8b39ef2aac849d6160318dfe723a1ec57a559aadf41f5790f212babbe688ce046a9c17855148d9777aa67e3ac9ca17fd74ce298eae196ccddc3e35f3246eb40e1c763ef0ddcdfe08ec6c8d062a664ee4912c9b63af604b2c2f40b4294976d5961ee6edefae16fb56ab229db39ba69e7e0dd375114c3ee4bc1c7cacad2169f38c34c6797cb9e2571e71605f6260b95373eede0b6e2c1759f0a82d505c40fe784bef445e083bbd7354b7c430569a1b1b1c7e237e0d24464fa7fd4d114be67411af211f934865532cd3fe55fe66ffd5a5f797712d18e427f026f4ba843a214bf6e3af39342d69522e3aabf0e08e3579e4f930fe14e4f792a2ffdd072c5224d933a50e5964a7ca829e90295417614294898b15a7e4a8d5dfe2e02c23c1ba9ee91dfe31706f001a9b275a34f86ae082ac8a88004e19b39e36155aea06cb495ba66e27c51805aac583c78c61c99f205e01fb4db701c126420db8097b65a8bc84bd6132e9242b30659bf3deb2542cacfcfe41bc233318534ef84cdd15701959e94e8d2a3fe96db426d5f881ef8c406c621ecdf916a18f5db347470732c2a801b422dd461119", 0x1000, 0x0, &(0x7f0000000000)=@rc={0x1f, {0x9, 0x71d, 0xffffffff, 0xff37, 0x0, 0x452be3e3}, 0x1}, 0x80)
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r2 = gettid()
ptrace$pokeuser(0x6, r2, 0xb5, 0x7fff)
close(r1)
ioctl(r0, 0x40084149, &(0x7f0000001f64))

2018/05/24 23:57:23 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080)={0xa}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x13a)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000100)={0x303, 0x33}, 0x28)
unshare(0x2000400)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x290100, 0x0)
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f0000000180)=0x7, 0x4)
r2 = socket(0x2, 0x1, 0x0)
ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r3 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r3, 0x8912, &(0x7f0000000040)="8100756994094bd7f1586f")
getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r3, 0x707000, 0x6f3000, &(0x7f0000000100), &(0x7f0000000140)=0x4)

2018/05/24 23:57:23 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0xc)
clone(0x200, &(0x7f0000000200)="6a1f9d940710f754037c90d880abf96ef3693f7838c489800ecbf55b8510600ec38039afe7c544ec3cff392dbe4afaa607463646f310413511fdf613b4ae591cbb69e3c9fb83b5eb992df4a253618bf8bc5546ba4edf37f60b659e1e42bde6d98f1ae5dfa3e0743dd44bad589b91b737b678943bed8e055f5eec3c37f461ae2fab5396b65d921198c4b47b0d1b11e8b24912c86d0cfd68725d9cc55353", &(0x7f0000744000), &(0x7f0000001880), &(0x7f0000000000))
mknod(&(0x7f0000000100)='./file0\x00', 0x1040, 0x0)
execve(&(0x7f0000ee6ff8)='./file0\x00', &(0x7f00000000c0), &(0x7f0000775000))
bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000080)=0x401, 0x4)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='io\x00')
lseek(r1, 0x207fffffe, 0x0)
ioctl$KVM_GET_ONE_REG(r1, 0x4010aeab, &(0x7f0000000000)={0x80})
ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f00000001c0)=<r2=>0x0)
timer_create(0x5, &(0x7f00000002c0)={0x0, 0x26, 0x1, @tid=r2}, &(0x7f0000000300))
write$sndseq(r1, &(0x7f0000000140), 0x0)
sendfile(r1, r1, &(0x7f00000000c0), 0x95f)
open$dir(&(0x7f0000296ff8)='./file0\x00', 0x27e, 0x0)
sendmsg$netlink(r0, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000800)=ANY=[@ANYBLOB="0f000000000000000000ddffffff0000"], 0x10}], 0x1}, 0x0)
bind(r1, &(0x7f0000000140)=@generic={0x11, "fd663541f5a1ecafa2295455605fb587473f1a87ed2198e9fe24f5543f7c6ed7e10b4882795a0236fa424d0c9e142dc68e274e092483ac0d07366cdb32510c74e92c6891328f5054f6cbfa3c3d2604928ca03099b93524c294a90444e7e8453678b141cdf90cd7baf2fbe9c90f45be3eb0bf195c81bbd68de751b8055917"}, 0x80)

[  705.266491] binder_alloc: binder_alloc_mmap_handler: 13798 20001000-20004000 already mapped failed -16
[  705.306007] binder: BINDER_SET_CONTEXT_MGR already set
2018/05/24 23:57:23 executing program 5:
r0 = syz_open_dev$vcsa(&(0x7f0000000300)='/dev/vcsa#\x00', 0x1, 0x400)
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000340))
r1 = socket(0xe, 0x1, 0x2)
r2 = dup2(r1, r1)
setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000080)=@broute={'broute\x00', 0x20, 0x3, 0x2b0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200004c0], 0x0, &(0x7f0000000040), &(0x7f00000004c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff010000001100000000000000000065716c0000000000000000000000000000000000000000000000000000000000626373683000000000000000000000007465716c300000000000000000000000aaaaaaaaaabb000000000000aaaaaaaaaa000000000000000000f0000000f00000003801000064657667726f757000000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000000006d61726b5f6d000000000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000bfa263cb39b6695ddf50f9975098f78928bda6d6245df0f88b7ecb4ab026000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff01000000050000000000000000007665746830000000000000000000000067726530000000000000000000000000626f6e645f736c6176655f300000000064756d6d793000000000000000000000ffffffffffff00ff00000000aaaaaaaaaa000000000000000000700000007000f3ffe70000006e666c6f670000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000c08e36751842cab380434dc086c938639570fbfa40dce636424fa87c9ad03f9063959cccf655bd32af6f9623f131fb264cb97297cd6b8dc712f5baf56e808e9c00000000"]}, 0x328)
ioctl$DRM_IOCTL_GEM_OPEN(r2, 0xc010640b, &(0x7f0000000000)={0x0, <r3=>0x0, 0x538})
socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f00000002c0)=0x4, 0x4)
clock_gettime(0x0, &(0x7f0000000240)={<r4=>0x0, <r5=>0x0})
mq_timedsend(r2, &(0x7f0000000140)="bfd77c67cb1abbfc507b0fe8f15f0e9d59924338845b12e6b0095889731648c86c73ebd1c6725583f0ea74dd21bbd05014844582f66eb2a4fde95df98541e09e4edc2125e497f2be1b6aa244e18baacd22ad7d2ff7edf1b59ff35738707e00e554635936496de7ddf833573ae573f76cf81e285a675f2112e2da52cf6a66442cac75da68f5181603cabe1fe8341e2882969ebaeea889784e10d9e5c3b89bde60849b541ce58e045fb5efd394791c266d835492087d9590958f0e025c0a5a73bbb39c", 0xc2, 0x5, &(0x7f0000000280)={r4, r5+30000000})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000100)={r3, 0x80000, r2})
ioctl$DRM_IOCTL_AGP_ALLOC(r2, 0xc0206434, &(0x7f0000000380)={0x203cf40680, <r6=>0x0, 0x10001, 0x3})
ioctl$DRM_IOCTL_AGP_ALLOC(r2, 0xc0206434, &(0x7f0000000400)={0xffffffffffff8001, r6, 0x10003, 0x5})

2018/05/24 23:57:23 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]})

[  705.333900] binder: 13798:13799 ioctl 40046207 0 returned -16
[  705.363062] binder_alloc: 13798: binder_alloc_buf, no vma
[  705.368892] binder: 13798:13820 transaction failed 29189/-3, size 24-8 line 2971
2018/05/24 23:57:23 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000000)="66b8009000000f23c00f21f86635020006000f23f80f01c80f6ae3b800008ee00f01cbbaf80c66b85470078366efbafc0cb066ee0f01c8263ef2afbaf80c66b8ebb6dd8366efbafc0cb0deee0f2120", 0x4f}], 0x1, 0x0, &(0x7f0000000100), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2018/05/24 23:57:23 executing program 0:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng\x00', 0x410400, 0x0)
openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000080)='/dev/snd/controlC#\x00', 0x1ff, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r1, 0xc1105511, &(0x7f0000000580)={{0x4, 0x0, 0x0, 0x0, "1a0ab9b1f94c716787e88fae5552770ad6a9b54e0679918e0a88af8aacaea63fd56d1dd99812e16bc06df8b8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "0b690d49b85ec254b15b023d1e67900f8f55709195aa7d999552981434f68e364a3238b17109db386e35830a143c5755ae184895c461436bad45232f258c32a1", &(0x7f0000000000)='cpusetposix_acl_access)posix_acl_accessprocsystem$\x00', 0x33})

2018/05/24 23:57:23 executing program 3:
r0 = socket$inet(0x2, 0x805, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e23}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x9}]}, 0x10)
sendto$inet(r0, &(0x7f0000000200)="f1", 0x1, 0x0, &(0x7f0000000100)={0x2, 0x4e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10)
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x400, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syzkaller1\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=@deltfilter={0x34, 0x2d, 0x200, 0x70bd26, 0x25dfdbfe, {0x0, r2, {0xffff, 0xaa5eb4ae33fc5964}, {0x0, 0xffe2}, {0x2, 0x1f}}, [@TCA_CHAIN={0x8, 0xb, 0x3}, @TCA_CHAIN={0x8, 0xb, 0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x20000000)

2018/05/24 23:57:23 executing program 1:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)="2e2f6367726f75702e63707500eac5bea7af575a45fddd5af3a7709295a69e7bc5fd0592bf2a4dc8ace908be8842141ca2a714ed0163d4afd8ac48123d4869e05556a93347d6a7430e03a5f2beb186f16bacf2e4dcdcf3b9ff1d99165ce38d996e7798fe471d9a0d81acd08788fcc9892a2487efcde7a649614b14ba1c18", 0x200002, 0x0)
r1 = socket(0xa, 0x2, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="c626262c8523bf012cf66f")
r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x100, 0x0)
ioctl$ASHMEM_GET_NAME(r2, 0x81007702, &(0x7f0000000380)=""/116)
r3 = openat$cgroup_int(r0, &(0x7f0000000140)='cpuset.cpu_exclusive\x00', 0x2, 0x0)
r4 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x5, 0x400)
ioctl$EVIOCGKEYCODE_V2(r4, 0x80284504, &(0x7f0000000180)=""/252)
write$cgroup_int(r3, &(0x7f0000000040)={[0x30]}, 0x1)

2018/05/24 23:57:23 executing program 0:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vhost-net\x00', 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000380)=0x200000000)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x0, 0x0)
close(r1)
syz_open_dev$tun(&(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0)
readv(r0, &(0x7f0000000040)=[{&(0x7f00000001c0)=""/172, 0xac}], 0x1)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000007c0)=ANY=[])
ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000f1dff8)={0x0, r1})

2018/05/24 23:57:23 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000020000000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:23 executing program 5:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
bind$ax25(r0, &(0x7f0000000000)={0x3, {"5d41589cad2941"}, 0x3}, 0x10)
r1 = socket(0x1e, 0x1, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000001c0)=@req={0x80000001}, 0x10)
r2 = socket(0x1e, 0x1, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000b89fe4)=@req3={0x10001}, 0x1c)

[  705.538086] binder: undelivered TRANSACTION_ERROR: 29189
[  705.544113] binder: undelivered TRANSACTION_ERROR: 29201
[  705.617402] binder: 13866:13867 got transaction to invalid handle
[  705.623916] binder: 13866:13867 transaction failed 29201/-22, size 24-8 line 2856
[  705.728022] binder_alloc: binder_alloc_mmap_handler: 13866 20001000-20004000 already mapped failed -16
[  705.746926] binder: BINDER_SET_CONTEXT_MGR already set
[  705.752539] binder: 13866:13867 ioctl 40046207 0 returned -16
[  705.754041] binder: 13866:13880 got transaction to invalid handle
[  705.764935] binder: 13866:13880 transaction failed 29201/-22, size 24-8 line 2856
[  705.783555] binder: undelivered TRANSACTION_ERROR: 29201
[  705.789830] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:24 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc00]})

2018/05/24 23:57:24 executing program 3:
r0 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0)
write$cgroup_pid(r0, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00'], 0x1)
execveat(r0, &(0x7f0000000000)='\x00', &(0x7f00000001c0), &(0x7f0000000240), 0x1000)

2018/05/24 23:57:24 executing program 2:
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000540)={{{@in6=@loopback, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in=@rand_addr}, 0x0, @in=@multicast2}}, &(0x7f0000000640)=0xe8)
connect$can_bcm(r0, &(0x7f0000000080)={0x1d, r1}, 0x24)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x80000, 0x0)
setsockopt$inet6_udp_int(r2, 0x11, 0x67, &(0x7f0000000040)=0x468, 0x4)
sendmsg$can_bcm(r0, &(0x7f00000003c0)={&(0x7f0000000280)={0x1d}, 0x10, &(0x7f0000000380)={&(0x7f0000000300)=ANY=[@ANYBLOB="050000000000b5000000000000201a00", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x7530, @ANYBLOB="00000000010000000000000000000000388dbba2b150d176"], 0x38}, 0x1}, 0x0)

2018/05/24 23:57:24 executing program 5:
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB="7f"], 0x1)
close(0xffffffffffffffff)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200)='/dev/zero\x00', 0x208000, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f00000002c0)={{{@in6=@ipv4={[], [], @multicast1}, @in=@broadcast}}, {{@in6=@remote}, 0x0, @in6=@remote}}, &(0x7f0000000000)=0xe8)
fstat(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, <r1=>0x0, <r2=>0x0})
fchown(0xffffffffffffffff, r1, r2)
close(0xffffffffffffffff)

2018/05/24 23:57:24 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000480000000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:24 executing program 1:
ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ENABLE_CAP(r1, 0x4040ae79, &(0x7f0000000080)={0x0, 0x0, [0x0, 0x5]})

2018/05/24 23:57:24 executing program 0:
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000002640)='/dev/sequencer2\x00', 0x2003, 0x0)
vmsplice(r0, &(0x7f0000002440)=[{&(0x7f0000002400)}], 0x1, 0x0)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00')
sendmsg$IPVS_CMD_GET_CONFIG(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100001}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x80, r1, 0x400, 0x70bd2b, 0x25dfdbfe, {0xd}, [@IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x3ff}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}]}, @IPVS_CMD_ATTR_DAEMON={0x44, 0x3, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast1=0xe0000001}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x1}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x8}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x2}]}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x80}, 0x1)

2018/05/24 23:57:24 executing program 4:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r1 = socket(0x11, 0x100000803, 0x0)
r2 = syz_open_dev$tun(&(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000000)={<r3=>0x0, 0x6}, &(0x7f00000000c0)=0x8)
setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000100)={r3, 0xfffffffffffffff9}, 0x8)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={"6966623000faffffffffffffff00", 0x6202})
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000080)={'ifb0\x00', {0x2, 0x0, @loopback=0x7f000001}})

[  706.589818] binder: 13895:13900 got transaction to invalid handle
[  706.596405] binder: 13895:13900 transaction failed 29201/-22, size 24-8 line 2856
2018/05/24 23:57:24 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000280)='/dev/rfkill\x00', 0x40, 0x0)
setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x7, &(0x7f0000000580)={0x20}, 0x4)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000080)='/dev/snd/pcmC#D#p\x00', 0x1, 0x4080)
sendmsg$kcm(r2, &(0x7f0000000380)={&(0x7f00000000c0)=@nfc_llcp={0x27, 0x1, 0x0, 0x7, 0x0, 0x8, "5d28bd85871452614cc21433f73fedc00e8fff5a78b25cd55889ef68c0e1eeeea626b669e6335c307612fc5891e602e15b5e400267294bad6ea45f9de2c627", 0xc}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000200)="de80bb837f016ccd69b2e71ff934904c219190545514f109155cc2fb5c5f72825311b49d6655c1b0b50d542f668f335b6408b3c2904109f5ff91050f329dfe6a3111648531acf37eb31beca6be0274c3a3eb2c59b35ea0a3e7b36d", 0x5b}, {&(0x7f0000000300)="84b5ef3e945c393518626add8c089296ffd78d1e74d691f0e59ef6bd2eaeef2d0e8ce8ca24588e91409027eccdb4d2c14100d651648e66a0918ac1e3479a7fa7742fb7020d074efa3f4a4ed22f65f4bac322626378cd656fb35c794b6f9d52c75e", 0x61}], 0x2, &(0x7f0000000480)=[{0x30, 0x10b, 0x5, "41a9efa451ff0bb27acc2ad14bb2c0ed86385d2f12b948a6d2"}, {0xb8, 0x6, 0x1000000, "495a3e9b1482d41bbc2f61f45b8a69c14aa448f0541c66778300f34d42839ff4effa106d067b757963995bb8e8e5ba50e9b44ddb5e9c06d240b835baa58e0dd175476d27aae1dc6d7dac967beed227dbcf07857c46aa35ba243a7e2bba024cd8d51fb5e94ea56ef7caa31e95f7c92a121d3dcc374e63ce1f46080d449aca307e115e0c0323a0e0071afa43ce3882ab02dbee74ac2f65ad98ee648292c584eb9c4c3df121"}], 0xe8, 0x4}, 0x40000)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000028c0)="b7f2288a93", 0x5)
r3 = accept$alg(r0, 0x0, 0x0)
writev(r0, &(0x7f0000000e80)=[{&(0x7f0000005a80)="532656866550f058d2b159f9ccc4978554b9f2d61456de1636fa743f424a88b12c9c1bfa00644d59013ba62a0b7868d27c2d971036c7423c15d7a9b0901c46bae5af272434c41f4da908c2da7bcf1a5b266d9b07c3cd5ab49b9c5e7cd58423103f9995ffbef48f5ad1ddecc631cb1e9ad136325381abe9e036b009f559e09650688e224fb21b5874be53dd6fc0d541c1868c9a399a2ebcaab0ce632101b4c38116fa30957b105f2aa9cf6f70ede1074e8a0d8cf3cbb051d3539d1c294ea806e3cd196ab12018065252595c8124386810e41a02df51aee9d06906f44ee9296cc0f5516becbfc606a0c1eab957edadba79f58ab8cbb27729f840c74e86d11b6e1cee5a2c970c3e13cadba395f7e21a13d57b96c3027ca2d8d5d75075e77171339d9d308cb6d1ace7fde5413b28c28a7c62d8758652db2acbebef079011721d4d295465c993013470c369fe7fba8bf62ba3c97c14855912085ab61a4b2f298d8a70d8df2c469779dcc07ceb9f80cc0dc618cd1b1be4805c27cf491d9d57b62a771665e4003f8eef25bc8b21a031611a5b0af1aa61e7844c12c3ec6d893755d49b7f3a3240cbb2bde33966c666aa96c6793748e605bfacdb26c568914582d38bdbe4746a9da19c9b59991fa4e06ca9b8ea5996f7c56071fa031b61bd052d9f9205ac73231095886aa5a3372be4370f21b0a05ed2f0ef49166d51c2ee54dcedd811cd20f4a46c8579f64f9e6c66ccbf3b69622cce5b19127f0abf7157ddbdd49c2641784a5fc98b4445cf3ac18d662f458c8296a435760c4330a526d0a1cd1f0bcf949c0b29ab3a9e0c0a8128642c9c10634528d12334f79fb5726a8351a86a0f5d7eca1f0279d5496ada0b0f1318f4c112de29cbb6409c769013bbf02be2cb55bef2b5e9161b49cdb6280af047a9d01ffcf443fcf53606d12b3a9335d1304da8d440b918cf96aba499bcccae4805076f30c1edd63903990c727fd6c5433c2ebad7b9d1dde5c3b43b35f7a25458774ef126ac1aa7bd1f4d857b904a2899394d3f0852e8b847787bc96fc16f3f2dc503e1548b390e5daac4441556719a4ce6ebd2a2c69a8e676b00a8411620315f41bef4279bdbade7701cd64c49ecbb96b475c61e377c967f7b3118d25c19ced901f53dac0b5b7b29b1777414afd62e10778f9b0682d40191f53c12e4f290e0288e7ad984c41f55d7db2264974cd1cfaf35480a2d519f546830730b699015ff7a33c27ee4d8158d227e1bae1e422b81f6848a275eaf0fb58187ed83737655f618ee6c47b797683b3cf24614b8a52f9b01bac61d4951590d90f76b7794953812ef5c27794c9ebccd9e28a9b3fe4fd617de729291df08a1191cd17d76ccee6b75461049f4d2a5d4edc26520db0b7f1540ac0fa1c5078b911be74c0e724207b2ea5afb53a949fafd4a9fccc48d8d5b2ff877829a9f618fbd79d90f67a87e7b1dd844e3ac650aeaaca04e1347276da9a866b332cd99d99c06784e840b766f6ceecc28406c5f1fb52f42f6f176353434191efc7994fbe91f2f6b11b11b1d174bdbba661f98403c6554c4f1da0caa63a6e0e4bd15678ca7a5b8c4c15c5519b336b9379b6e71b26d5920fb6d7bb07dcadbe8f3bd4fd0e9bf5d237457adc2617e5803b9e826ca16aaf554452c8dcb1e299a46f6c438f93bdc54a391e67790531e39ce94c89dcb296271227d41889620e9fe188abb5a6c85f716bdbe467372138e0a5fe930d233a57009d3585ab8470d8a88de9657116507e7878eea090b33d603166f5ce97c2f9eba4b878651ee1d3aadd53c831ba7a428ea0313cde04a705d4a590a78fd7ef1cb604e65f77d731bda2754416014739d841edcc89263024f7d1e10fe01dd0123f345f343c3989b098607b9948806758075b2086e76ba71bae5f7a37346e4ff5ae887232d8c16d5f6307389e627a152f23b07d6f4bb30f1824ec184d840267b098e288352a034de33a263a0f14feb11358fe9e9f0a0769f9382d9e3a9c2f5b38c7df41bd94c25cf21d7115487143077c2d0987ef7e53b68a0b010b97a6e843f127dfffba97b6d09dc289ff0097dca10a7f87b01c58badb59300b1fffe93be7dd8505e0da3e03d62229055b98c566ebafa925580bf54e0483cbb83df7ef784c3581c9f4fc2cbdc5020eb7c33b27017af9978ef1359187dbd65b1cfe6e82ce04220f0c7a6d0b1f68afe6fad2071e9ea9010d1d4026781c8fbe9e8c892c987705d677029f2ca8af783dd5afc3350aa107ec72b7ed60e2b10a60e4c8eb9a4ef835a1fca6fb0520d427fff4841269cebc87f9fbb78459d079c7e7d74ac90612b0b4db7fd26b47642cf7818eff869ea8c72f314e32a2efca1254054a20e516c199058715544182ce691edd4c8b7f302a63b89ae769d2487eafe41ec3923ec0fee33c8b8fe35ed43e8c047130457f19d3784ebcbb922b8bf6ad7c223905e5927a5eb3bc215519bfc33065d325ddb9af2bbe28e6798ae8182fa8d00c3a0e95973747c38d0a587a9c5ebe2ab666556c9d5432f7dff347042e1a9426da33f254a", 0xfffffffffffffcae}], 0x1)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f0000000940)={<r4=>0x0, @in6={{0xa, 0x4e22, 0x1b, @local={0xfe, 0x80, [], 0xaa}, 0x2}}, [0xbf8d, 0xfffffffffffffffd, 0x33c, 0x400, 0x7ba, 0x7fffffff, 0x7, 0x3ff, 0x0, 0x1, 0x0, 0x9, 0x3, 0x7, 0x4]}, &(0x7f0000000a40)=0x100)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000d40)={<r5=>0x0, 0xffffffffffffff98, 0x54, 0x1, 0x1, 0x400}, &(0x7f0000000d80)=0x14)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000e40)=@sack_info={<r6=>0x0, 0x0, 0x80000000}, &(0x7f0000002200)=0xc)
sendmmsg$inet_sctp(r1, &(0x7f0000002300)=[{&(0x7f00000005c0)=@in6={0xa, 0x4e24, 0x5, @loopback={0x0, 0x1}, 0x5}, 0x1c, &(0x7f00000008c0)=[{&(0x7f0000000600)="46bee4dbce71238411fce315077b2c", 0xf}, {&(0x7f0000000640)="1b454fcea084470129d4acbe79d456d60041b20f446546683687f299b5309a4290a873a4b59c408bf578676e9fa0d8ea3e488844c6b890e4bec8dcec99e3181dd54a7466225f0cd124b6c78164e9d5cab71d31fd36a5d1247063980cd07d17c25fa36a5f5d", 0x65}, {&(0x7f00000006c0)="b9e2104f1d6a07952690f194b21eb7c00635c9cbb0512367e93a3536527d60f1f6eea1e3631397d5b6889ab66e0285d4f3b953f25f9207bc7180ac1c37b99899359cb67986e229474bd7a109fe0bd148c8f095dbdbddc2fd1b6b8ea24ea7dc930d79e83266e86336636067a85b7395af008d5b7951569b6f305f7ba23aac197c6f3f2e91b12c935e176f105fdc836b5ed8e38ba44932f47cca09e1463e463f88f3c5", 0xa2}, {&(0x7f0000000780)="6176197fc5c4828f4048c1495f2372f4c50023c4fb28004c658a108f17b4e848df1fee8eca5449f0197699f002e4eecd3c2e973f7d3499872358488daca1ee2ad047234cd967799364bb3ec5835525aa15c3e889cabab22d9e03b21a", 0x5c}, {&(0x7f0000000800)="0abe50f5b63768ac13f045bdf9ce75fa9b4609c2f915679bd85ebb5cff942d84e260479e234a42b941bab3982795ab1a29200f1d15e4ae8ca750a0bca8f4cbbd5c7187575c31cf8ebe7853861c67b87ba4c4bd21ac5ac65d36ad0c22acb250e3ebd9a913606dfff659024e7d0c8a2bfcde6ac42c6d4ed2af9d58c9aa34a10f743ad294670918a789", 0x88}], 0x5, &(0x7f00000023c0)=ANY=[@ANYBLOB="3000007f00000000840200000100000001000400020000000000008005000000513007000000000000000000855f4f682cbfdca550eb845b4466e5b502423d02273e595e255be4054f55073778b17b242c5da3f76ebaddad04a020fb30f7eef7069bacc37f0f8f1dd77cbee2aa1cf0bb93ea11f876e51ab677ae9f67fc770502473a59906398d0a0007ddc31c3d68eb411bcdada6456dba827606dbc90a3ed65dbb46b6063d617b42ba039ce6e677963150b6410a91eb0dedc468e8e65c4f51c65e367edefae7bb47c969b22ca2f9003fa6c8b", @ANYRES32=r4, @ANYBLOB="18000000000000008400000006000000897d00000000000018000000000000008400000000000000060001000600090018000000000000008400000007000000e000000100000000180000000000000084000000050000002000000003000000"], 0x90, 0x20000054}, {&(0x7f0000000b40)=@in={0x2, 0x4e21, @multicast2=0xe0000002}, 0x10, &(0x7f0000000d00)=[{&(0x7f0000000b80)="f1e8cbc4e2b3e71aae9c2acc7a49a8352dac7fae6f0278cddf427e5c0223d76d660b5b4f7f285b62679a659c237a9953a52c01a71363f449be643f76f161beeb3a2e93a634df332624bdba21b2d2cbc18188bb29d2704dbb61d4fc74dd10cbc12db1446010b79c702ada5175d2a0a0ba694cf6f1f8c8fe627835f9d41ca65980d20b43c0882d21befda522524108e7dfa84eae38cfd01fe1eb186cbf7c0c4eeaaef890f4316264614cc7e346ae14e78a58d24b819461cf39", 0xb8}, {&(0x7f0000000c40)="c462105a4d1101392e40d2006ab2bb9e387de91818ed3647756d019885422031171d7790a8992091631cd8284edf0cf76d6d82bd9b4ef85ca93860d95570eea65ef83dd7cba4633edbcfea9ed0e410d48527da1e6ec217ad44cb", 0x5a}, {&(0x7f0000000cc0)="37ca7af53a4e17bd02eaf0e044a744", 0xf}], 0x3, &(0x7f0000000dc0)=[@sndrcv={0x30, 0x84, 0x1, {0x3, 0x7, 0x200, 0x7, 0x5, 0x6c56, 0x6, 0xffffffffffffe8ca, r5}}], 0x30, 0x45}, {&(0x7f0000000e00)=@in={0x2, 0x4e24, @loopback=0x7f000001}, 0x10, &(0x7f0000002180)=[{&(0x7f0000000ec0)="07a7f75b031977039a5c5adab274e721f3f58e110ba1008df5fdc01a2ad691a4ba7a5947034613ec5c272a5387eddbf8d4304da440c74852075c19534c80cd7cd15663837e0459c5a21862765be77a28542f8e52c78a283d38c62e5ea7dfb05fe15479665dc88050c22fe1862c0cc9080f6960f354b0acd0156228eef105e8eb5c0920d954ae8b33ee", 0x89}, {&(0x7f0000000f80)="200b2dce92df3c2131afac0598997420f18e374b3092cef3e9a0fe7dff4c72e85375dc7b6d24444d56d1aa793c2116f462e05f650275a115dbf45896a95b3b413dbebb70b0dd640c32f3409f71bb2b9a4c6436e7f6d0437e75ca2ccb4c6da482038d9b1d27747546dba15d839371a85b66d528cdcfc10420da873dd3cb41", 0x7e}, {&(0x7f0000001000)="d0717a5111b89b4e2b3a37409bc1557d0cac7d3568aaae1f6182585d6161f1729e2bf598bf55ffda6affa0b63dc7ae9dfdf328a74544ca22456c3e2ac188003135f9a600a0871516ebb09fc2566ac56ba37f42c7237603685d23e76b1355a585ab6af5c95f587149abc8c129cd17a676909b139722db5bebf45423e9c82ad9c538493f16ea248a4af3d9be6047d126736839241b05da54aa22ca35ee25c9b092988237d16bc1f6eacc12eedd89f6b9e06a10102a73cacd7dad2f271a67e3800f3139ac04c84150700079c53da67de0631b5c2d7d875d222f65422b0a1967f679b20a6720d8d715ebc290e7cfb93ccd39c2b33d1ada2e3c7a8a2687165782636a2959df8099c973222fa766d6e147c7e90d88306fea5909dba6b0fd56416a93700bbf76a2f938b176d35fee848387635a364eec5eb2b6b278dd8b2b77f9fc09092b771dbdaabd0bee6cd07a1be9866610ed9cd02f08487f701a0527a25db3c59f1d186663bb19051473ff2374601116bfaf82fc9984d9b1b84cf1dbae86f442f9fe7d770c6b5229ff2bbc9d76f024432c12b817bbe841880dc8f832840360349dce50b44c6f3569a772acf27227ebf80e39773397b2c03b5d4894933fa0b9d8400c77d9193add2bc0d15edcf730ca0b6e0136229760d26229c5af05f82b9dfc016f492ac05cc37f53df1247c3a38e88e808ea5597b3a6cbff8bc10ee71b2c2420ae9f2fab3f1e7c934c34a0c4376e76c54b89bee1f63adf4e17873d0f321d8805a8c9f9e04d4e653ccfe64f6f116c05dfd442a66d733db62641002b3bf2270a66e8d16b13d228fc8d193a0ebfe8a2576fdf5444ed7eaedde676aaa4455ce7c3378267eee2e8a396aaab5146c364b331d24c9b4dce0e6a386696cc5c85d65283b5eaa51abbef83b31cb8eda8197535913fec2624bc5136756e6c6ae75efef1567926b8b8b842fd5873be67bb89eec9cbd71c1117d8c3729dc6ca591806c8cc71a3792e4192ef2409e72509bd6156462f68db200efbf495c82014f548a422099043b8404d0dbbeb1c550383104cc95211643b93642f9bb16da11e15006d8d5420206a40bbc159a99197127a9e97ddd40c8f31becaa3760c9c2ac3734f07a7b87ea7fff78d872247abe0c7ddc4e48d1380a461d647803e6f7eca7efbf169d708e6b7e93c627e44892879b729cfe477c060cc1a25eb46420fa287b3a15165424c0c81c9bed5ddb6f2d10c8ddc80858d24d1d1c0b2d7d83bf17f3d5ba9a7872ef7233c91c33e4706bfe10bc58551df0d39adb903d603cd72a1fb90a7e364a1157f3fbdb709e4ce795d25e23fe785d0e565024316f6e8c000c16e7279e60a193db469e9f08375d2f1c88710c6eecd7917df8c202675c8c66ba1dd56d901b74455993f2de5522d794e1e95f3dcb16b39c96635a2fccffb354f43f9e44d360714acfef0dfb4f0dfd4640459df4e10882859856359989dd76e819406d92ba5b93f51b51419060ad80480a1cd6d889f6a7fd2b2267fde228eee598470708fcdd5f0828915efed8b97a444bdc35edcc6be94f85ff0eea13fd315251088b33ac510ea119ce00e6c49d12b65bea3eebc536588d4b912570b87a0cb179640e894cbecb3a216297a9ab9922426a02e4f24ab18b9f433d6f77f3730b285bde6220cf1c0430717a0958a6fead6f56f2f15cbb5a34c436def1f11fbf7637c57439b8ce42de1b8a89d84ab04d9d164976c19c3bfa96ecc6e86b5853e51833d292e1edd2373a4cb9b9477c54131b7491ebe9543811b2d79e7d92b54090f7fafc48d025dc3106a2a20df5c5bb4873e33a7b7b74c09bff6dd78d60cf1ccc8a24701cb2339661751f4ca29dc88d92fc7928a7c2ce2e9061085811ef03a1406cd9a48c1e262d0448d8962f6dfc02b304ad976da74f3a0199f4393ee518351bb3255b25fe173dd334ce918805a2f5c002dbfb6a79b2ed95deebf1e2b11cd36ec473701e866620c5b0d405260124e980fc212c27608c559b07ac623ba8a50e139d194a56bac4a1515f0c1daebc033e1b6753bad369d4cdbd6380368e4babb76b62ce598f6e3b71c1be59950efb8dde6d9ae554e64d1780d69ba0689795d3682dc14c2e3d4c8c26b47d866efab1778c38558421e35f4a32e0380dd7854974ec80ea35945af6579a72331adb9a5903539d888dcd4a6cce9e394f5d02d63f65243758800a119319e5722fcaa4661c690669fb96bce12911206e02e3081ea4f52509f9b686fe0552e9a2d5ca9c4af0343688e55eb303c9e94ce090ef3be05f2afbb617f8ed25b27aafab4c69d3373a24162251f36ae91adf2fc058dd14c7219f806cb81c1c58fd340e718afa4d337321ca53b6ce8056f7106cc8b2ebf67d13e35dd866946833206d59b4a3203db13a716e8857e8e5703487309aa0d50b2c98cff07f7dc85c46171635dc6e7d4e47750048ca11beb8887b3371da5ef9eaba7fa407db2f1449636f89d65c00cd12f041416c9a703b5f132f873db253b0b3de72a4fa9750a15284042e564710b987d0ddf07389e0412895b7b1b1cf4679e9cd8b68c2d9c55e0207033b016c54c9e6db10efa2b14da1f6dbaddf048c6ef6a30fce704e1e9dce399ecefb585ababc9c4f8b0918308e9ba260524d749c8a74482f0030d52e73e1a78329a62a439342ed31b60a737fa9426468aa83169f1913f7340646e09056c2101d2cb14094dfa57fb29faf228ce5d0b3ef172bc47f89e30c2c472472372d6b5aae7d1414b5a1490b547916a65275fe020f726a6ef3b8dc6f12c96f8d11adb30ee397725a7559326d10df8e9ff34b6922d5f8f4bc14b850500f54487f1d4d91dd4efe9bf932ae641ffbef6924f40c4b4bb9efc524edf87308cba55f6509b3ba9219d7d0d88cbe716f6fd1b0c061eb1b84cc68d1dbb9d75747c38c856bd65849c096c129837028eb78e54b59d65dbf2a344f1e9401ad1cbd618cbe891d740d7bef3357d4938202cde154875aa893a2bfa188d901eb90688241e5c46799f27612f698c7eccfb7a7560e913263de5dbc313c1441c7df699096191c96da41dbffb36407728ff53669cd8a139d0ca0ec3703b3493e4d2f4387e7b424b7b4a92c337cdec94200deaa4a162dfc507dad5795d06f1487ba04b594dd395a8f64dcbe4b6323b48a1215bb6d8c039946ef91ef1508ac29c2b742b3427df98ea05ffb480f67c22019f776470ef593d3212eac35ebdde8c45f5b64bc1e94e133ef3d319b98748e7c274989c80e3624334d13d7bce2a92ad691186b7961c99e083fd2303e2a37519be2aeae4a27159ebcd3c55f7d9510d23bda32f3d27a1395f88943350561f88d93d8f4e0026a2fbda2ce1b238dbf5c8f0eba9586f732b69c640971e20944f543b5a73f58fc49e0631fe647f18a43aea8be5a89bc062191238a09f53da3abbe383f4f5324243377713a0c499b9f7df68f11d6870c643d1ccd4883eb2b4eaa60a2723486a7da0014374f2dcfe527c7e5ed2116b69d692e82452e3d359c11493d5398baa1fd97f8720eef64f2d48600bfcbce37a0b12edf54c019e0378ff8a13525d8db034c2268b220993dd2ece128c346e95bee76f02a1b11daf7a365d9a1367c55e8740105f519f95a5a958fb7999a83f0d6864d32a47d48fda2ca35757fe18cb248fb8db4abceda6d86cfd57ba74d1d4a909eb3569a8724f30552e29d1f625fc0d7c36592368a1f8551be474140adb27d690dd2d87572fb62f22324d748417666ef93224568a2267e14c9d3cd14c9c1ac8782e9205381b3efa5422e49d4044579d7ddf9e4e1aa766ee3e042eccddffd56c340f040d194f42fc329bda90b5d29e6e67a090f221e7154932c8ecdfe5bf98b841027005c420a0ba6b7b25b4ace7ea51dd66e44cf2d1387920b8358427551a5509a1b9e2e119ea5c9a6cec43964b73e5e3ce72afc59686d168113b70c547e5415fa56c40a2cd6d84dd6ff205df79c88ea3a88b11648077248a50afbba005b041fed29a5d33e7478bf2743db2abd4f1e12ec41baceb8069fed34b95a8e1c0b4f798bbed032a55d7acd8217d4e3697d274216d5c25c3e5a4621a188ce6af836bf2c3c7f843717ce0eb29349dfb5cf19d9c6e2d5e10ea9a63876c9e007806318078f4b0c840f06aa564045080e047665a45b35dd1045f24e87b504cfb36aa6401fbcdba0740887930fb228e5b4e55b73d64bb3536a709f47c24af6a76d059a6be48c7d614bc5ce727ac67535c3c34201a0baed1c60f0cf61e043984205f9f37cd93ed9ec9fe5e2b71d7ccfaf3f068ab490f884be5f15af5baaef65363cbac8869db55a911447c991fc4831cfce27aed6b2eabdc456e8316c0498330ec7063b28a34f8793a7335b7644a7e4b644391da915b61d852217e22dd97b83ad449ae68b86bed41b110f8ec1e6c76d2d5a8fa3e4d652b5ae1782533e8b4dba6330a83a42c905b916ffdd6e0951f9878b3a04e75e2f333d32749e30721894425ae36a39cff06004157a5e57a74902bc4f6fe90d2560f30d0fb852d974312615c0af5b11b106330e8c67976ae543ea9791df25ca7717e3227de6fe181cf4bdf96a365297c8ecd41e8bd8dd6bf239f56fddefae7c014b77aeb2d9edec4c9744aa425a9d84fe9933a40d7ff2a4af172261e2160a3f6d54a738bede3a6c419afdcfac7d1f03d187d1f8d59fe419cf1ec49d0e4199e4bf7d17ce69c322b91e2518c70fce1a112a6ac301ce20a8e24d02bc5a8e498584d04689bddc52d456e308403b3d08c98ab309afc1abb333b687e7803a57e6b95224d9c395ff076a77fbe877eb2429bf0df80ad0b979b834693b8c624cdac13844c33cf39e7a2d47d4e05206f483353a5feb6e1c5cd315b312b9214fd82d75a0b947d2eca1bed42264e7848dbc06cd8bf45c9eecb1dd326da05441c33dfab418c848f32d18c0d8a5f1b116f573660cd75c89a35452a6b50ecc16cf9807d910057c718fcfa9ff9a7283947903d5775e52c67380868432c1e098329cec4ca846c1032949cf00b45362313c641be2255cbc5a5f1a2057acb765cd6bf3b3d37491c882da1d3b3563463f2bdc1a057c0a03dbf5d93bea790a3f91a533d4aa5e9ac3002bc1e547ef72bee01ad290ab0e50883d025e1f10664db2358b645fd7ff6a43937e2bbb9e6e10c1529f51775cb67712bf3fefea3464ba36c10c64442a47a94bd895b0e2c8951061f9906dd3bf7103e0fc60e802b49745bd88ce198846cd38cc42e365917b918efaf7d0fc24b4fd2cb86c2c4006a6f7c2ce62f44bbef1ab16966160dabf549ac96f85ac2b91fc367ea2ee5b914ebc34189e46af53aaae70ad6ae4257bbce086d744e570d4ab01e2eb4359c56cd193e5144df229cc97354335606b8827769d864c85ab54c968a2bcfc036872096c585b785bce5775170bbdc14b173372323c9e4eaadf72c219fd2e19d739816fbe2bc70e40b22165c189d36bb87fed3150eaad52f81bde4c788eeca938480eb4f589555f65638f2205029d146ac7aa570547df34781e8716622f846c895764f60db463fe04db21ae16045af801076eacf7a89e37ecffef318d0b2a05c36d02f083e486b5b95436a32a2e4dba9965dca771b080ea1a046bd669c383d5f25705ed15632744c2a18fc87c6f1cd3e60a80f603aca60f3d465edcc3aa15d4c594697bab68de530dd8b1289deed6f7b6e7a19894ed3661507337016a9f21b5e7bacf938819b39c8a579ea214832f688bfca1a8498352c946a2e9be4a533c10b154b82714287ab8aa25ffa68c96ad6104cba175367519341e5d7f6e7a8a6", 0x1000}, {&(0x7f0000002000)="8a790d6c694d3434d66e6325a21d63e1f53ab113f581b6180c446aa69a6f131be7ee36dc7d51d6f33805e6b28c537336a3b614874063da8c1a69ff34de727e9d0c526b4775ce4969a458a8ada45a416350c3172313327ba3d30b73bb3921e5ed406d0aa9770b2cdc98223c3dbeba5ed15ef2ee83863574595c426c75e288ed5f7abc3ebc7d80e432f9578cbae693dc7696082c18b7373f89751f2f71532e62f8315fa7b3a7856ecd03", 0xa9}, {&(0x7f00000020c0)="2f70b5351bd6b554c443079304cae4694d80ef2b7e417dfb44d2c22f3ea2e9ccf4827d7fdf8cb20511f2998be946b53b36701afe7c4b83cb85f4146212c3afe98aff569d272222f677bbef1da4e56519192c315504f606ce0316a8db77acda12a0cfb27ccaebe134db75d6c1838ce3b91443d0d1997e4b08cb5147c6953aa90eddfbcec519d46966a0b4e21930a9849b71de5b13a9bec44cd90df7e9967191ba6fefba86301044758f", 0xa9}], 0x5, &(0x7f0000002240)=[@prinfo={0x18, 0x84, 0x5, {0x10, 0x3}}, @sndinfo={0x20, 0x84, 0x2, {0x6, 0x204, 0x2, 0x20, r6}}, @init={0x18, 0x84, 0x0, {0x80, 0x0, 0xde2}}, @prinfo={0x18, 0x84, 0x5, {0x0, 0x7f}}, @dstaddrv6={0x20, 0x84, 0x8, @mcast2={0xff, 0x2, [], 0x1}}], 0x88, 0x4c010}], 0x3, 0x4)
recvmsg(r3, &(0x7f00000002c0)={&(0x7f0000000180)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @broadcast}}}}, 0x80, &(0x7f0000000280), 0x0, &(0x7f00000003c0)=""/164, 0xa4}, 0x0)
accept$alg(r1, 0x0, 0x0)

2018/05/24 23:57:24 executing program 5:
socket$inet(0x2, 0x0, 0x1fcf)
r0 = socket$inet(0x15, 0x5, 0x0)
bind$inet(r0, &(0x7f000001bff0)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10)
connect$inet(r0, &(0x7f0000024ff0)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180)='/dev/hwrng\x00', 0x4040, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r1, 0xc0045540, &(0x7f00000001c0)=0x401)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000000)={<r2=>0x0, @in={{0x2, 0x4e22, @multicast1=0xe0000001}}, 0x0, 0x1}, &(0x7f0000000140)=0x90)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000100)={0x1f, 0x800, 0x4, 0x82e, 0x8, 0x0, 0x1, 0x5, r2}, 0x20)
openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs\x00', 0x80340, 0x0)
sendmsg(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000000380), 0x0, &(0x7f0000000440)=[{0x10, 0x114, 0x3}], 0x10}, 0x0)

[  706.668262] binder_alloc: binder_alloc_mmap_handler: 13895 20001000-20004000 already mapped failed -16
2018/05/24 23:57:24 executing program 4:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
prctl$void(0x1b)

2018/05/24 23:57:24 executing program 0:
r0 = syz_fuse_mount(&(0x7f0000000000)='./file0\x00', 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x80, 0x800000)
lseek(r0, 0x0, 0x4)
r1 = gettid()
setpgid(r1, 0x0)
getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000040)={<r2=>0x0, 0x0, <r3=>0x0}, &(0x7f0000000080)=0xc)
r4 = syz_open_dev$sndpcmp(&(0x7f0000000200)='/dev/snd/pcmC#D#p\x00', 0xffff, 0x40000)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffff9c, 0x84, 0xa, &(0x7f0000000240)={0x9, 0xffffffffffffff53, 0x209, 0x7, 0x6, 0x3, 0x3fc, 0xfff, <r5=>0x0}, &(0x7f0000000280)=0x20)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000300)={r5, 0x2c, &(0x7f00000002c0)=[@in6={0xa, 0x4e22, 0x20, @remote={0xfe, 0x80, [], 0xbb}, 0x4}, @in={0x2, 0x4e22, @loopback=0x7f000001}]}, &(0x7f0000000340)=0x10)
fstat(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0})
socketpair(0x11, 0x5, 0x4, &(0x7f0000000140)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r8, 0x84, 0x6b, &(0x7f0000000180)=[@in={0x2, 0x4e22, @remote={0xac, 0x14, 0x14, 0xbb}}], 0x10)
setregid(r3, r6)
ioctl$sock_FIOSETOWN(r7, 0x8901, &(0x7f00000001c0)=r2)
ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f0000000380)={0x1, 0x0, [{0x228, 0x0, 0x2}]})

[  706.744700] binder: BINDER_SET_CONTEXT_MGR already set
2018/05/24 23:57:24 executing program 1:
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r0 = socket(0x11, 0x2, 0x0)
bind$packet(r0, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}}, 0x14)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10)
sendto$inet(r1, &(0x7f0000fa0fff), 0xffffffffffffffbb, 0x20020003, &(0x7f0000385ff0)={0x2, 0x4e21, @loopback=0x7f000001}, 0x10)
r2 = socket(0xb, 0x1, 0x8)
ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x4000, 0x0)
setsockopt(r0, 0x107, 0x5, &(0x7f0000001000), 0xc5)
r3 = socket$inet6(0xa, 0x100000000000006, 0x9)
connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}, 0x4}, 0x1c)
sendmmsg(r3, &(0x7f0000007e00), 0x136a88c8311572c, 0x0)

2018/05/24 23:57:24 executing program 5:
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)=<r0=>0x0)
ptrace$poke(0x5, r0, &(0x7f0000000040), 0x9)
r1 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0xfffffffffffffffb, 0x400000)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40042409, 0x1)
gettid()
exit(0xfffffffffffffffe)

2018/05/24 23:57:24 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000]})

[  706.788715] binder: 13895:13900 ioctl 40046207 0 returned -16
[  706.807265] binder: 13895:13915 got transaction to invalid handle
[  706.813817] binder: 13895:13915 transaction failed 29201/-22, size 24-8 line 2856
2018/05/24 23:57:24 executing program 4:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x80957791cddaca, 0xff, 0x10000, 0x2, 0x32, 0xffffffffffffffff, 0x81}, 0x2c)
r1 = msgget(0x0, 0x80)
r2 = getuid()
fstat(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0})
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000200)={<r4=>0x0, <r5=>0x0}, &(0x7f0000000600)=0xc)
r6 = getegid()
r7 = syz_open_dev$adsp(&(0x7f00000006c0)='/dev/adsp#\x00', 0x100, 0x400)
connect$ax25(r7, &(0x7f0000000700)={0x3, {"85a17f6de9ffc1"}, 0x7fffffff}, 0x10)
r8 = gettid()
r9 = getpgid(r4)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000000640)={{0x3, r2, r3, r5, r6, 0x8, 0xce}, 0x5, 0x7, 0x4, 0x8, 0x914, 0x7fff, r8, r9})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@broute={'broute\x00', 0x20, 0x2, 0x268, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200006c0], 0x2, &(0x7f0000000240), &(0x7f0000000280)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff02000000110000000000000000006970646470300000000000000000000076657468305f746f5f626f6e6400000079616d300000000000000000000000007465616d5f736c6176655f30000000000180c2000000000000000000aaaaaaaaaa000000000000000000e9000000d0000000200100004155444954000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000434c4153534946590000000000000000000000000000000000000000000000000800000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000001500000000000000000076657468305f746f5f627269646765006970646470300000000000000000000073797a5f74756e000000000000000000726f736530000000000000000000000060f9a9d474aa000000000000ffffffffffff00000000000000007000000070000000b80000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000feffffff00000000b021fce644e5f87c4d42c9912f2c5cb81ad048b5346e369279496876628f8f0d2ded8def0ade3bf34829c4e3931116c17880821f74f1864824ad861056c54859769f18bcd3e144bd74b3d038d3628b600bd198d29377e8ed884fc2931fd4ac16359c67c2e6b7027ac85514f7eaa2198e7acc9b25551b2641c4bf932be08c3ee22bcd35953cea986c74956fe9b876fdd8eb3a3839e94f1e4c6af2fb98af4f15d706c3d7241329497f2e335a1c5e09f97110a16b4312f7335ac55e9edb597bf3a689b56f8b6fae6b981295d6a4e98b828d6151bb7a015f6047089ad59ac6da2717"]}, 0x3c0)
r10 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x8002, 0x0)
connect$unix(r10, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e24}, 0x6e)

2018/05/24 23:57:24 executing program 3:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f00000005c0)={0x0, {0x2, 0x0, @multicast2=0xe0000002}, {0x2}, {0x2, 0x0, @dev={0xac, 0x14, 0x14}}, 0x4, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)='veth0_to_team\x00'})
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000000)={<r1=>0x0, 0x3}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000080)={0x5, 0x8200, 0x100, 0xe2b6, r1}, &(0x7f00000000c0)=0x10)

[  706.965201] kernel msg: ebtables bug: please report to author: Wrong len argument
[  706.985148] binder: undelivered TRANSACTION_ERROR: 29201
[  706.991387] binder: undelivered TRANSACTION_ERROR: 29201
[  707.027975] kernel msg: ebtables bug: please report to author: Wrong len argument
2018/05/24 23:57:25 executing program 2:
getresgid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080))
getgroups(0x0, &(0x7f00000000c0))
setregid(0x0, 0x0)
r0 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0x4, 0x4c000)
ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f00000001c0)={[{0xfffffffffffffff9, 0x7fffffff, 0xffffffffffffffff, 0x9, 0x3, 0x1f, 0x1, 0x5, 0x1, 0x1, 0xfffffffffffffff7, 0x2, 0x7}, {0xd8b5, 0x1, 0x1000, 0x66fd, 0x3, 0x4, 0x1, 0x6, 0x800, 0x3, 0xb01, 0xffffffff, 0x4}, {0x7, 0x2, 0x9, 0x6, 0x9, 0x4, 0x8, 0xffffffffffffffff, 0x10001, 0x147c000000000, 0x2, 0x6, 0x9}], 0x9})
ioctl$VHOST_GET_FEATURES(r0, 0x8008af00, &(0x7f0000000180))
ioctl$KVM_GET_DEBUGREGS(0xffffffffffffffff, 0x8080aea1, &(0x7f0000000100))

2018/05/24 23:57:25 executing program 0:
r0 = socket$inet6(0x10, 0x0, 0x200)
r1 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x5, 0x80)
times(&(0x7f0000000080))
sendmsg(r0, &(0x7f0000002fc8)={&(0x7f00000001c0)=@vsock={0x28, 0x0, 0x0, @my=0x1}, 0x80, &(0x7f0000002000), 0x0, &(0x7f0000000080)}, 0x0)
ioctl$TIOCSLCKTRMIOS(r1, 0x5457, &(0x7f0000000100))
getsockopt$inet_mreqn(r1, 0x0, 0x27, &(0x7f0000000140)={@multicast1, @remote}, &(0x7f0000000180)=0xc)

2018/05/24 23:57:25 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000]})

2018/05/24 23:57:25 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000600000000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:25 executing program 3:
r0 = socket(0x8, 0x1, 0x5)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vga_arbiter\x00', 0x40400, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r1, 0xc05c5340, &(0x7f0000000280)={0x1, 0x0, 0x5, {}, 0xa42, 0x401})
syz_open_dev$vcsa(&(0x7f00000001c0)='/dev/vcsa#\x00', 0x8, 0x0)
r2 = add_key$user(&(0x7f0000000300)='user\x00', &(0x7f0000000340)={0x73, 0x79, 0x7a, 0x3}, &(0x7f0000000380)="5748b8c2037b2000fba6583cf300002144c19b68088be66dca87a649567cc7085fb8a1a32ac93552dd4b6d116a049edf68ae40e31b237cfa91fb8c993acbf4b97604e01b0a2ae701dd1a5d5e360d468a500aa5eb6d5f9aa1c98b4a9bd7ab76faaf4f949453d0d117304cb9b135a1f9c425f5841ef8c47442519f6e6d589651228a649ae2953e86ce0e473cf039734ea359d1fb1e56afc8014ff87178c2e8e78cfd71d94741cc78ddb03d02cb3d1b7885bc6532539560df6519a84304c6d7b296c057aa9d44f02e2a018d5b8ee96e8ff6bd0a163246f973a3ae686e60bc68145b81a334716e134d1d8e868095ec", 0xed, 0xffffffffffffffff)
r3 = add_key$keyring(&(0x7f0000000580)='keyring\x00', &(0x7f00000005c0)={0x73, 0x79, 0x7a, 0x0}, 0x0, 0x0, 0xfffffffffffffff9)
keyctl$instantiate(0xc, r2, &(0x7f0000000480)="7975383379555abfc047174cd01934c0b64e789838e1929f3adae8d5a54172f92f8dcf9f0ec47b5dd20da779cdcdf5f20ac834a3fb108f7faafe0aa008ce596483cd44df5f4e9276652157cf490d8b79d37585fef4368718550a6d3554474d65605bdb4da535b4bc96bc1f0c91aee01713aca087bd40a292ffebc8ac6711fe1371ec24529d1c72bf5f429cd8c3e018838573f25a5db72496764b679fc8985b8f081f288cd9959baff9329e3dd97ceb1498b1fcbdbe8059ff61011ace716cf849e62a0da1cd6b42bf4ce36749677dabfe", 0xd0, r3)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r4 = syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r4, 0xc08c5334, &(0x7f0000000040)={0x4, 0x1, 0x1, 'queue1\x00', 0x8003})
r5 = socket$netlink(0x10, 0x3, 0x14)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
close(r5)
ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000000100)=""/93)
ioctl$IOC_PR_RESERVE(r4, 0x401070c9, &(0x7f0000000180)={0x5, 0x5})

2018/05/24 23:57:25 executing program 1:
r0 = socket(0xa, 0x2, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c606262c8523bf012cf66f")
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000000c0)={<r1=>0x0, @in6={{0xa, 0x4e23, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x6}}, 0x7, 0x105f3, 0xbb5, 0xd7, 0x2b}, &(0x7f0000000000)=0x98)
r2 = socket$bt_rfcomm(0x1f, 0x3, 0x3)
setsockopt$inet_sctp_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f00000001c0)=@assoc_id=r1, 0x4)
setsockopt$inet_sctp_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000180)=r1, 0x4)
read(r2, &(0x7f0000000280)=""/225, 0xe1)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x64, 0x0, 0x0, 0x1}, {0x6}]}, 0x10)

2018/05/24 23:57:25 executing program 4:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x200, &(0x7f0000000280), &(0x7f0000000040), &(0x7f0000fef000), &(0x7f0000000000))
mknod(&(0x7f0000000100)='./file0\x00', 0x1040, 0x0)
execve(&(0x7f0000000440)='./file1\x00', &(0x7f0000000600), &(0x7f0000000280))
r1 = dup(r0)
getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000300)={<r2=>0x0, 0xefcf, 0x835, 0x7df3bf3b, 0x100000001, 0x9, 0x3202, 0x80000001, {0x0, @in={{0x2, 0x4e24}}, 0xa074, 0x7, 0x40, 0x3, 0x7fff}}, &(0x7f0000000280)=0xb0)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f00000003c0)={0x10001, 0x9, 0x8208, 0x2, 0x1, 0x1000, 0x0, 0x3d45f5ff, r2}, &(0x7f0000000400)=0x20)
io_setup(0x80c8, &(0x7f0000000080)=<r3=>0x0)
r4 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
io_cancel(r3, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x7, 0x3, r0, &(0x7f00000000c0)="eedf0ad95039e1fdfcbfc67b1390", 0xe, 0x2, 0x0, 0x0, r4}, &(0x7f0000000240))
socket(0x0, 0x0, 0x0)
open$dir(&(0x7f00000002c0)='./file0\x00', 0x800, 0x9)
open$dir(&(0x7f0000000000)='./file0\x00', 0x27e, 0x0)

2018/05/24 23:57:25 executing program 5:
r0 = socket(0x2, 0x1, 0x0)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0)
clock_gettime(0x0, &(0x7f00000000c0)={<r2=>0x0, <r3=>0x0})
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
r5 = openat$cgroup_int(r4, &(0x7f0000000000)='io.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="393a340dacef7989a3e5d9d9ef963f5d43ef9190dc571c49e6a7a8fa6373c4"], 0x1f)
mq_timedsend(r1, &(0x7f0000000280)="2ceff07c1228fc2cb1905ecf6193b1ccf90a07bef48da5864d8c5bca5d55cf86d6bae4c88216ebe7487151d1efe366b876349d4ef377a969edb8e419374ecb3aee189fff0e70fe5df0425ed0aeb66a79722ed17bbbf13b55d97bd23655f4fa591fe13d5c68b4441f59384a161257919ff5c53c350c9fa102273ede160fabcc47fa8516c3eb90abf1e2a0c6855a2f4787ff52eb7ab85a0bc70c378da021d046a8085865128d8b1470821f5913294fddc01a903501d80b625cbba280005c42a49ff0aed55d26423d3bcf1bfe11cb00b00a42e0cd364c7a80f60ab7011bc0d6e5703684fc21a61f8782f5402c", 0xeb, 0x8, &(0x7f0000000180)={r2, r3+30000000})
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
add_key(&(0x7f0000000040)='dns_resolver\x00', &(0x7f0000000000)={0x73, 0x79, 0x7a}, &(0x7f0000000100)="f1adeb1af858baacf3badb1d79cae63160297c5622f1bd4355db6251ba98a1e2907b45d18f94a48704000000222a0027dec36a9f5f10be85cdfbb42864d37ef802ac13632e6787578d000000d38f350b8b4800", 0x53, 0xfffffffffffffffb)

[  708.062812] binder: 13984:13985 got transaction to invalid handle
[  708.069397] binder: 13984:13985 transaction failed 29201/-22, size 24-8 line 2856
2018/05/24 23:57:26 executing program 1:
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
listen(r0, 0x0)
shutdown(r0, 0x4000000005)
socketpair(0x3, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
accept4$llc(r1, 0x0, &(0x7f0000000040), 0x0)

2018/05/24 23:57:26 executing program 0:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000000)="c626262c8523bf012cf66f")
sendmsg$key(r0, &(0x7f0000cd0000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000f85000)=ANY=[@ANYBLOB="020100020c000000000000000000000005000600000000000a0000000000000000000000000000000000ffffe0000002000000000000000a0000000000000000000000000000000000ffffffffffff0000000000000000"], 0x60}, 0x1}, 0x0)
syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x1, 0x101000)
sendmsg$key(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x9, 0x0, 0x0, 0x2}, 0x10}, 0x1}, 0x0)
fcntl$getownex(r1, 0x10, &(0x7f0000000080)={0x0, <r2=>0x0})
ptrace(0x421f, r2)
capset(&(0x7f00000000c0)={0x20071026, r2}, &(0x7f0000000140)={0x6, 0x3, 0x400, 0x8, 0x8000, 0x1})

2018/05/24 23:57:26 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x1, &(0x7f000039a000)=[{0x6, 0x0, 0x0, 0x400}]}, 0x10)
write(r0, &(0x7f00000001c0), 0xfdf5)
r2 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x7fffffff, 0x2000)
accept$packet(r2, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000000080)=0x14)

[  708.111724] binder: BINDER_SET_CONTEXT_MGR already set
2018/05/24 23:57:26 executing program 3:
clone(0x200, &(0x7f0000001900), &(0x7f0000744000), &(0x7f0000001880), &(0x7f0000001900))
mknod(&(0x7f0000000000)='./file0\x00', 0x1040, 0x0)
execve(&(0x7f0000ee6ff8)='./file0\x00', &(0x7f00000000c0), &(0x7f0000775000))
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='io\x00')
lseek(r0, 0x207fffffe, 0x0)
write$sndseq(r0, &(0x7f0000000140), 0x0)
sendfile(r0, r0, &(0x7f00000000c0), 0x95f)
open$dir(&(0x7f0000296ff8)='./file0\x00', 0x27e, 0x0)

[  708.187166] binder: 13984:13985 ioctl 40046207 0 returned -16
[  708.232690] binder: 13984:14002 got transaction to invalid handle
[  708.239122] binder: 13984:14002 transaction failed 29201/-22, size 24-8 line 2856
[  708.279809] binder_alloc: binder_alloc_mmap_handler: 13984 20001000-20004000 already mapped failed -16
[  708.319840] binder: undelivered TRANSACTION_ERROR: 29201
[  708.325841] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:27 executing program 5:
r0 = socket(0xa, 0x1, 0xfffffffffffffffd)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mlock(&(0x7f0000001000/0x1000)=nil, 0x1000)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000005fd4)=ANY=[@ANYBLOB="11634840", @ANYRES64=0x0, @ANYBLOB="e2ffffff00ffffff"], 0x0, 0x0, &(0x7f0000002000)})
getsockopt$bt_hci(r0, 0x0, 0x3, &(0x7f0000000080)=""/183, &(0x7f0000000000)=0xb7)

2018/05/24 23:57:27 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff8000]})

2018/05/24 23:57:27 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000040)={0x0, 0x7530}, 0x10)
setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000180)=ANY=[@ANYBLOB="0004000000000000fe800000000000000000000000000000ff027a01000000000000000000000001"], 0x28)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}, 0x2}, 0xcf)

2018/05/24 23:57:27 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000000000000183000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:27 executing program 1:
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4e23, 0x7ff, @mcast2={0xff, 0x2, [], 0x1}, 0x1ff0000000000}, 0x1c)
bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c)
listen(r0, 0xffffffffffffff7f)
r1 = open(&(0x7f00000000c0)='./file0\x00', 0x4000, 0x4)
ioctl$DRM_IOCTL_GET_MAP(r1, 0xc0286404, &(0x7f0000000100)={&(0x7f0000ffb000/0x3000)=nil, 0x0, 0x6, 0x13, &(0x7f0000ffa000/0x4000)=nil, 0xffff})
ioctl$BLKALIGNOFF(r1, 0x127a, &(0x7f00000001c0))
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r2, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x1}, 0x8)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000000), &(0x7f0000000040)=0x8)

2018/05/24 23:57:27 executing program 0:
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snapshot\x00', 0x40, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0)
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'team_slave_0\x00', <r5=>0x0})
connect$can_bcm(r4, &(0x7f0000000100)={0x1d, r5}, 0x10)
bind$packet(r4, &(0x7f0000000140)={0x11, 0xf7, r5, 0x1, 0x7, 0x6, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}}, 0x14)
recvmmsg(0xffffffffffffff9c, &(0x7f0000005d80)=[{{&(0x7f0000000040)=@pppoe={0x0, 0x0, {0x0, @broadcast}}, 0x80, &(0x7f0000000480), 0x0, &(0x7f0000000580)}}, {{&(0x7f00000005c0)=@pppol2tpv3={0x0, 0x0, {0x0, 0xffffffffffffffff, {0x0, 0x0, @remote}}}, 0x80, &(0x7f0000000740), 0x0, &(0x7f0000000780)=""/4096, 0x1000}}, {{&(0x7f0000001780)=@nfc, 0x80, &(0x7f0000002a40), 0x0, &(0x7f0000002a80)=""/183, 0xb7}}, {{&(0x7f0000002b40)=@nfc, 0x80, &(0x7f0000002f40), 0x0, &(0x7f0000002fc0)=""/70, 0x46}}, {{&(0x7f0000003040)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, 0x80, &(0x7f0000004380), 0x0, &(0x7f00000043c0)=""/189, 0xbd}}, {{&(0x7f0000004480)=@alg, 0x80, &(0x7f0000005640)}}, {{&(0x7f0000005680)=@ax25, 0x80, &(0x7f0000005c00), 0x0, &(0x7f0000005cc0)=""/153, 0x99}}], 0x7, 0x0, &(0x7f0000005f40)={0x0, 0x1c9c380})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2018/05/24 23:57:27 executing program 3:
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = dup2(r0, r0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000000)=r1, 0x4)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80}, 0x4}, 0x1c)
getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x0, 0xe, &(0x7f0000000300), &(0x7f00000002c0)=0x2)

2018/05/24 23:57:27 executing program 4:
r0 = socket(0x10, 0x3, 0x0)
r1 = shmget$private(0x0, 0x4000, 0x80, &(0x7f0000ff9000/0x4000)=nil)
shmctl$SHM_STAT(r1, 0xd, &(0x7f0000000200)=""/59)
sendmsg$nl_generic(r0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x11, 0x201, 0x0, 0x0, {0x7}}, 0x14}, 0x1}, 0x0)
setsockopt$RDS_GET_MR(r0, 0x114, 0x2, &(0x7f0000000380)={{&(0x7f0000000240)=""/212, 0xd4}, &(0x7f0000000340), 0x2}, 0x20)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpu.stat\x00', 0x0, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(r2, 0x4004ae8b, &(0x7f0000000140)={0xb7, "9873dbd97f9c12c0fa6c97aaf60e9572dd670570a329df9f1a695ae09544cd5237b5f52de1ac695a2d7b201d269b0f66b3057447864c7a1340beeeab221d3cac2696f07eca4d020e2d1fae052ed1602f8e7f984d826119e2a9755571c94c486461da293fe6c4585da4a62caee744b785eaa9ef4a51f3e7ac432972bd76ab08b15d264c58d8f7c419835fa7a0d65ca0349f6e81d57139bf766226655b9578e2e5d95ebc28fe82bbfbb8a0b0b1e242498f31adb01b0ea12e"})

[  709.162183] binder: BINDER_SET_CONTEXT_MGR already set
[  709.176730] binder_alloc: binder_alloc_mmap_handler: 14049 20001000-20004000 already mapped failed -16
[  709.187280] binder: 14043:14046 ioctl 40046207 0 returned -16
2018/05/24 23:57:27 executing program 2:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r1, 0x84, 0x65, &(0x7f0000000140)=[@in6={0xa, 0x4e23, 0x6, @loopback={0x0, 0x1}, 0x9}, @in={0x2, 0x4e24, @remote={0xac, 0x14, 0x14, 0xbb}}, @in6={0xa, 0x4e22, 0x7f, @ipv4={[], [0xff, 0xff], @multicast2=0xe0000002}, 0x1}, @in6={0xa, 0x4e22, 0x8, @mcast2={0xff, 0x2, [], 0x1}, 0x7}, @in={0x2, 0x4e22}, @in6={0xa, 0x4e21, 0x20, @remote={0xfe, 0x80, [], 0xbb}, 0x5}, @in={0x2, 0x4e21}, @in6={0xa, 0x4e24, 0x0, @loopback={0x0, 0x1}, 0x1}, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1d}}, @in6={0xa, 0x4e21, 0x5, @empty, 0xd85}], 0xe8)
socket(0xa, 0xfffffffffffffffd, 0x7b0)
r2 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
writev(r2, &(0x7f0000000000)=[{&(0x7f00000000c0)='0', 0x1}], 0x1)

2018/05/24 23:57:27 executing program 4:
socket$alg(0x26, 0x5, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_triestat\x00')
select(0x40, &(0x7f0000000080), &(0x7f00000000c0)={0x3ff}, &(0x7f0000000100)={0x200081}, &(0x7f0000000140)={0x77359400})
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x1, 0x0)

[  709.208997] binder_alloc: 14049: binder_alloc_buf, no vma
[  709.214759] binder: 14043:14046 transaction failed 29189/-3, size 24-8 line 2971
[  709.229953] binder: BINDER_SET_CONTEXT_MGR already set
[  709.249459] binder: 14049:14052 ioctl 40046207 0 returned -16
2018/05/24 23:57:27 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0), 0x10)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@broute={'broute\x00', 0x20, 0x3, 0x300, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20001040], 0x0, &(0x7f0000000000), &(0x7f0000001040)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0x0, 0x1, [{{{0x9, 0x0, 0x0, '\x00', 'veth1\x00', 'irlan0\x00', 'ip6gre0\x00', @link_local={0x1, 0x80, 0xc2}, [], @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [], 0x70, 0xf8, 0x140}, [@common=@IDLETIMER={'IDLETIMER\x00', 0x28, {{0x0, 'syz0\x00'}}}, @common=@mark={'mark\x00', 0x10}]}, @common=@ERROR={'ERROR\x00', 0x20, {"a4fe7b540d06f94b8d7cbf8f929c5fa7abb115cbc80d69e597ade726a144"}}}]}, {0x0, '\x00', 0x1, 0x0, 0x1, [{{{0xb, 0x0, 0x10, 'sit0\x00', 'lo\x00', 'tunl0\x00', 'yam0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, [0xff, 0x0, 0x0, 0xff, 0xff], @empty, [0xff, 0xff, 0x0, 0x0, 0x7e739eed6291e3fd], 0x70, 0xe8, 0x130}, [@common=@NFLOG={'NFLOG\x00', 0x50, {{0x7, 0x6c59, 0x6, 0x0, 0x0, "21a72a87f877a481c01da7f96aa3e40306fe97ffbacf401051f7b629154b36844302c5339e25e25b0048757cfbca3eee404bc297051c743b0f52a969daa93b29"}}}]}, @common=@RATEEST={'RATEEST\x00', 0x20, {{'syz1\x00', 0xdd9, 0x0, 0x5}}}}]}]}, 0x378)

[  709.287179] binder: BINDER_SET_CONTEXT_MGR already set
[  709.295225] binder_alloc: 14049: binder_alloc_buf, no vma
[  709.300935] binder: 14049:14052 transaction failed 29189/-3, size 0-0 line 2971
[  709.321106] binder_alloc: 14049: binder_alloc_buf, no vma
[  709.326404] kernel msg: ebtables bug: please report to author: bad policy
2018/05/24 23:57:27 executing program 4:
r0 = syz_open_dev$sndseq(&(0x7f0000dcc000)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4", 0xa9824f69d1376637, 0x10800a})
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer2\x00', 0x20000501040, 0x0)
close(r0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f00000000c0)={0x80, 0x0, 0x4})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}, 0x2})

2018/05/24 23:57:27 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]})

2018/05/24 23:57:27 executing program 2:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000040)="af26262c8523a4012cf66f")
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
getpeername$netlink(r0, &(0x7f0000000080), &(0x7f0000000180)=0xc)
symlink(&(0x7f0000000280)='./file0\x00', &(0x7f0000000240)='./file0\x00')
r1 = socket(0x15, 0x80005, 0x0)
syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x10000)
getsockopt(r1, 0x200000000114, 0x2716, &(0x7f0000000100)=""/1, &(0x7f0000000140)=0x1)

[  709.326816] binder: 14043:14072 transaction failed 29189/-3, size 24-8 line 2971
[  709.341701] kernel msg: ebtables bug: please report to author: bad policy
[  709.349735] binder_alloc: binder_alloc_mmap_handler: 14043 20001000-20004000 already mapped failed -16
2018/05/24 23:57:27 executing program 5:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'cryptd(cbc-blowfish-asm)\x00'}, 0x58)
recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000000)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @remote}}}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000080)=""/253, 0xfd}], 0x1, &(0x7f0000000c40)=""/4096, 0x1000, 0x7}, 0x41)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000028c0)="b7f2288a", 0x4)
r1 = accept$alg(r0, 0x0, 0x0)
read(r1, &(0x7f0000000bc0)=""/93, 0xfffffdef)

[  709.383402] binder: 14043:14046 ioctl 40046207 0 returned -16
[  709.397353] binder: undelivered TRANSACTION_ERROR: 29189
[  709.404708] binder: release 14049:14052 transaction 1703 out, still active
[  709.411853] binder: undelivered TRANSACTION_COMPLETE
2018/05/24 23:57:27 executing program 2:
r0 = socket(0x40000000002, 0x3, 0x2)
ioctl$sock_netrom_SIOCGSTAMPNS(r0, 0x8907, &(0x7f0000000040))
recvmmsg(r0, &(0x7f00000039c0)=[{{0x0, 0x0, &(0x7f0000003840), 0x0, &(0x7f00000038c0)=""/239, 0xef}}], 0x1, 0x0, &(0x7f0000003b80))
sendto$unix(r0, &(0x7f0000000cc0), 0x0, 0x0, &(0x7f0000000d00)=@abs, 0x6e)

2018/05/24 23:57:27 executing program 3:
syz_emit_ethernet(0xfdef, &(0x7f0000000140)={@empty=[0x2b], @random="1b207f5c5eeb", [], {@ipv4={0x800, {{0x5, 0x2, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x0, 0x0, @local={0xac, 0x14, 0x14, 0xaa}, @local={0xac, 0x14, 0x14, 0xaa}}, @gre={{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x880b}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd}, {0x8, 0x88be, 0x0, {{0x0, 0x1}, 0x1}}, {0x8, 0x22eb, 0x0, {{0x0, 0x2}, 0x2}}, {0x8, 0x6558}}}}}}, &(0x7f0000000000))
r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x120c0, 0x0)
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000000c0)=<r1=>0x0)
sched_rr_get_interval(r1, &(0x7f0000000100))
ioctl$DRM_IOCTL_AUTH_MAGIC(r0, 0x40046411, &(0x7f0000000080)=0x8)

2018/05/24 23:57:27 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000018520000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

[  709.476843] binder: send failed reply for transaction 1703, target dead
[  709.504135] binder: undelivered TRANSACTION_ERROR: 29189
[  709.527627] binder: undelivered TRANSACTION_ERROR: 29189
[  709.550705] binder: 14102:14103 got transaction to invalid handle
[  709.557156] binder: 14102:14103 transaction failed 29201/-22, size 24-8 line 2856
[  709.633315] binder_alloc: binder_alloc_mmap_handler: 14102 20001000-20004000 already mapped failed -16
[  709.646841] binder: BINDER_SET_CONTEXT_MGR already set
[  709.656795] binder: 14102:14103 ioctl 40046207 0 returned -16
[  709.662983] binder: 14102:14112 got transaction to invalid handle
[  709.669435] binder: 14102:14112 transaction failed 29201/-22, size 24-8 line 2856
[  709.700956] binder: undelivered TRANSACTION_ERROR: 29201
[  709.706837] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:28 executing program 4:
creat(&(0x7f0000000100)='./file1\x00', 0x0)
unlink(&(0x7f0000000000)='./file1\x00')

2018/05/24 23:57:28 executing program 2:
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x10400, 0x0)
ioctl$EVIOCGSW(r0, 0x8040451b, &(0x7f0000000180)=""/132)
syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0)

2018/05/24 23:57:28 executing program 3:
r0 = syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x5, 0x42400)
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket(0x1, 0x8000a, 0x101)
ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r0, 0x4008af23, &(0x7f00000001c0)={0x1, 0x5})
ioctl$TCGETS(r1, 0x5401, &(0x7f0000000200))
ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f00000003c0)={r2, r3, 0x1000, 0x9, &(0x7f0000000140)="e937cca8f58383a8e3c4ea4aaf3a7a8808595704755bb06a6305c0c91bfe5b595b7ea0e4b811085dce86766f729a9464d0f87ec7aaebc62b19e1f4e25d70d6f6102fc1", 0x1000, 0x6, 0x4, 0x81, 0x3, 0x9, 0x1, "4ffffbedbbaafac1631f9094061a75e2e0ecfda6b42670285ef106a533335e47ffd42358b7cb01ec66c79acd61e68923ffbae6f4eb334b6f582db838c1c253ffed2d830093faf308f04c3e9daa1c7b1f822fef42a6220be15c0b12bd0656fdd1221807f75f107a5555016446223efbbf4331ceae9dedc11633247238bd87411d64a9524fa76fbf958da22abe5225ec98b50ef458a420ce"})
r4 = socket$inet6(0xa, 0x2, 0x0)
getsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000000), &(0x7f0000000080)=0x4)
r5 = socket(0xa, 0x1, 0x0)
ioctl(r5, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
connect$inet6(r4, &(0x7f0000000040)={0xa}, 0x1c)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000480)={0x0, 'bond_slave_1\x00'}, 0x18)
setsockopt$inet6_group_source_req(r4, 0x29, 0x49, &(0x7f0000000280)={0x0, {{0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}}}, {{0xa, 0x0, 0x0, @ipv4={[], [0xff, 0xff], @multicast1=0xe0000001}}}}, 0x108)

2018/05/24 23:57:28 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00]})

2018/05/24 23:57:28 executing program 5:
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000b4e000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
pipe2(&(0x7f0000001ff8)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
ioctl$DRM_IOCTL_RM_MAP(0xffffffffffffffff, 0x4028641b, &(0x7f0000b1d000)={&(0x7f00003ba000/0x3000)=nil, 0x20000002, 0x0, 0x0, &(0x7f0000fff000/0x1000)=nil})
mprotect(&(0x7f0000b1d000/0x2000)=nil, 0x2000, 0x5)
vmsplice(r2, &(0x7f0000b1d000)=[{&(0x7f0000005fe3)}], 0x1, 0x0)
munmap(&(0x7f00003c1000/0x2000)=nil, 0x2000)
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000000)={0x2000})
close(r0)

2018/05/24 23:57:28 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="006340400000000000004c0000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:28 executing program 1:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0x11, &(0x7f00000000c0), &(0x7f0000000040)=0x160)
r1 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x5, 0x0)
setns(r1, 0x4000000)

2018/05/24 23:57:28 executing program 0:
syz_open_dev$midi(&(0x7f0000000100)='/dev/midi#\x00', 0x4, 0x101000)
r0 = open(&(0x7f0000000000)='./file0\x00', 0x41, 0x0)
fcntl$setlease(r0, 0x400, 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)
ioctl$DRM_IOCTL_INFO_BUFS(r0, 0xc0106418, &(0x7f0000000080)={0x3, 0x400, 0x6, 0x800, 0x17, 0x3})

[  710.389974] binder: 14123:14124 got transaction with invalid offsets ptr
[  710.420215] binder: 14123:14124 transaction failed 29201/-14, size 24-8 line 2999
2018/05/24 23:57:28 executing program 2:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r1=>0x0})
fcntl$notify(r0, 0x402, 0x80000002)
sendmsg$nl_route(r0, &(0x7f0000000000)={&(0x7f00000002c0)={0x10}, 0xc, &(0x7f0000001880)={&(0x7f00000004c0)=ANY=[@ANYBLOB="30000000130005010000000000000000b1000000", @ANYRES32=r1, @ANYBLOB="000000000000000010002b000c00010008000000", @ANYRES32], 0x30}, 0x1}, 0x0)
r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ashmem\x00', 0x881, 0x0)
r3 = fcntl$dupfd(r2, 0x406, r2)
getdents(r3, &(0x7f00000000c0)=""/185, 0xb9)

2018/05/24 23:57:28 executing program 1:
sigaltstack(&(0x7f00009f6000/0x2000)=nil, &(0x7f0000000280))
mremap(&(0x7f00003fb000/0x400000)=nil, 0x400000, 0x800000, 0x3, &(0x7f00007fb000/0x800000)=nil)

2018/05/24 23:57:28 executing program 4:
socketpair(0x1000000001e, 0x5, 0x0, &(0x7f0000000140)={<r0=>0x0, <r1=>0x0})
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000000)=0x7)
fchmod(r0, 0x10)
close(r0)
setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x4)
recvmsg$kcm(r1, &(0x7f00000017c0)={&(0x7f0000000240)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, 0x80, &(0x7f0000001680)=[{&(0x7f0000001640)=""/47, 0x2f}], 0x10000000000002fb, &(0x7f0000001740)=""/108, 0x6c}, 0x0)
setsockopt$inet6_MRT6_DEL_MFC_PROXY(r0, 0x29, 0xd3, &(0x7f0000000040)={{0xa, 0x4e21, 0x7, @remote={0xfe, 0x80, [], 0xbb}, 0x40}, {0xa, 0x4e24, 0x5de, @empty, 0x1ff}, 0x0, [0x10000, 0x7, 0x6, 0x0, 0x80000000, 0x8000, 0x7f, 0x7]}, 0x5c)

2018/05/24 23:57:28 executing program 0:
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
syz_emit_ethernet(0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaa1faaaa000800460000280000000000009078ac1414bb9a1414aa440407c8d741fb00000000000401907800e5704400cd98e8"], &(0x7f0000000100))
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x200, 0x0)

[  710.453803] binder_alloc: binder_alloc_mmap_handler: 14123 20001000-20004000 already mapped failed -16
[  710.482273] binder: BINDER_SET_CONTEXT_MGR already set
[  710.494355] netlink: 'syz-executor2': attribute type 1 has an invalid length.
2018/05/24 23:57:28 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000100)='/dev/dsp#\x00', 0x1, 0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000040)=<r1=>0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000200)='/dev/nullb0\x00', 0x200, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000080)=0x1)
ioctl$int_in(r0, 0x800000c0045002, &(0x7f0000000000)=0xb00)
syz_open_dev$tun(&(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0)
getsockopt$inet_dccp_int(r0, 0x21, 0xb, &(0x7f0000000140), &(0x7f0000000180)=0x4)
ioctl$TUNGETIFF(r0, 0x800454d2, &(0x7f00000001c0))

[  710.500371] binder: 14123:14124 ioctl 40046207 0 returned -16
[  710.530748] binder_alloc: 14123: binder_alloc_buf, no vma
[  710.536452] binder: 14123:14151 transaction failed 29189/-3, size 24-8 line 2971
[  710.555569] netlink: 'syz-executor2': attribute type 1 has an invalid length.
[  710.629798] binder: undelivered TRANSACTION_ERROR: 29189
[  710.653316] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:29 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000340)={0x3, 0x0, 0xd000, 0x2000, &(0x7f0000019000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f000000a000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000000)="9a0028a800dfd8f22e260f01c9f36d66b9800000c00f326635000800000f30f3ab0f01df66b98f0b00000f32d18d9808262636c19d5e0d00", 0x38}], 0x1, 0x0, &(0x7f0000000040), 0x0)

2018/05/24 23:57:29 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]})

2018/05/24 23:57:29 executing program 2:
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ppp\x00', 0x101002, 0x0)
ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000b94000)=""/246)
ioctl$PPPIOCSFLAGS(r0, 0x40047459, &(0x7f0000e9f000)=0x600210)
write$binfmt_script(r0, &(0x7f0000000000)=ANY=[], 0x0)
ppoll(&(0x7f0000000000)=[{r0}], 0x1, &(0x7f0000000040)={0x0, 0x1c9c380}, &(0x7f0000000080), 0x8)

2018/05/24 23:57:29 executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x180, 0x0)
getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000040), &(0x7f0000000100)=0x4)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=r2, @ANYBLOB="4c009e000a000200aaaaaaaaaaaa0000"], 0x28}, 0x1}, 0x0)
setsockopt$inet_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f00000000c0)={0x2}, 0x4)

2018/05/24 23:57:29 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000740000000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:29 executing program 4:
r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0xffffffffffffff52, 0x100)
ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x1f, 0x4, 0x1})
shmget(0x3, 0x3000, 0x10, &(0x7f0000ffc000/0x3000)=nil)
ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0106426, &(0x7f00000000c0)={0x8, &(0x7f0000000080)=[{}, {<r1=>0x0}, {}, {}, {}, {}, {}, {}]})
ioctl$DRM_IOCTL_NEW_CTX(r0, 0x40086425, &(0x7f0000000100)={r1, 0x1})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x5c831, 0xffffffffffffffff, 0x0)
madvise(&(0x7f00004a0000/0x2000)=nil, 0x2000, 0x40000000004001b)

2018/05/24 23:57:29 executing program 5:
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040)=<r0=>0x0)
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x10c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x4000000000000}, r0, 0x0, 0xffffffffffffffff, 0x0)

2018/05/24 23:57:29 executing program 3:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2661, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
exit(0x6)

2018/05/24 23:57:29 executing program 0:
r0 = socket(0x2, 0x2, 0x0)
r1 = memfd_create(&(0x7f0000000580)='dev ', 0x3)
write(r1, &(0x7f0000000040)="16", 0x1)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000000180)=""/178)
sendfile(r1, r1, &(0x7f0000001000), 0xffff)
fcntl$addseals(r1, 0x409, 0x8)
getsockopt(r1, 0x3, 0x3ff, &(0x7f0000000080)=""/103, &(0x7f0000000100)=0x67)
fchmod(r1, 0x0)
clone(0x0, &(0x7f0000000080), &(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000180))
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")

[  711.263910] binder: 14181:14182 got transaction to invalid handle
[  711.271325] binder: 14181:14182 transaction failed 29201/-22, size 24-8 line 2856
2018/05/24 23:57:29 executing program 4:
mkdir(&(0x7f00000000c0)='./file0\x00', 0x0)
perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0x2000003fe, 0x8000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mount(&(0x7f0000000000)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f00000001c0)="eb0d2fe71179fe9d06d92b3d6f60f1e4451ea2d28970f35c4dc5cd1a63340c87ecbad9aee37af994b8a7cbdd331cccf55fd582c8d4cdc943681ea3178489249df8e5abcda2089134cdd3e3b3afe7e0ae4d72677ac4c2ac8a935dc97c6d4c39b22ea69fcca846523505a16ab82982343aba99ed0aa7f8143687763b4fb4c9b554e300a6059ad795eb2143ac68e1da5a0af00e8f6559c8f374c62e9d46585402c8e0f98530ca75634a752dd36bbf")

2018/05/24 23:57:29 executing program 5:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
syz_emit_ethernet(0xd0, &(0x7f0000000200)={@random="b843bdc35e60", @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, [{[{0x9100, 0x56, 0x4198, 0x1}], {0x8100, 0x4, 0x5, 0x3}}], {@mpls_mc={0x8848, {[{0x5, 0x6, 0x2, 0x7}], @llc={@snap={0x1, 0x1, 'a', "c4705c", 0xffde, "4bcaf1b332aa58a49cd1e3d7664f58202c9afc4659155853c04b3007bd4de44eb1f3eb600ae1d89a1b2ad12461ea1e947543f740dc13fe1fe0fe9bd8e3aa4b5db976de94573d03bf9250df1fe92dd6bceb14de05cf29a628e4b37a73528e375839904277008ca071de17aef416770a5a875837ba88f80113c4c222c6f1e36cb3cc0857892d799308e00955ded9ecb97b5d8f56dfaa15108a4b98268a2cf4f79d9fb8c4fe5b9291eabbe5ec649ce1"}}}}}}, &(0x7f0000000000)={0x1, 0x2, [0x2d2, 0xeb3, 0x3bd, 0x618]})
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0)
ioctl$LOOP_SET_CAPACITY(r1, 0x4c07)
ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000080)={{0x2, 0x0, @dev={0xac, 0x14, 0x14}}, {0x1, @link_local={0x1, 0x80, 0xc2}}, 0x4, {0x2, 0x0, @rand_addr}, "00000080000001000000007000"})

[  711.332653] binder_alloc: binder_alloc_mmap_handler: 14181 20001000-20004000 already mapped failed -16
[  711.392745] binder: BINDER_SET_CONTEXT_MGR already set
2018/05/24 23:57:29 executing program 2:
r0 = socket(0x11, 0x100000802, 0x0)
r1 = syz_open_dev$tun(&(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x2)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'ifb0\x00', 0x1})
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000280)={"69fe6230000000ba2048dcfffff600", 0x1008000000100})
write$tun(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="000000000000000000000000000045000028000000000000907800000000ac1414000d009df3d6f698948127c198467f9f1dd01b907800000000000000000000000000000000"], 0x36)

2018/05/24 23:57:29 executing program 5:
mkdir(&(0x7f0000000300)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
unlink(&(0x7f00000000c0)='./control/file0\x00')
rmdir(&(0x7f0000000040)='./control\x00')
pivot_root(&(0x7f0000000080)='./control\x00', &(0x7f0000000100)='./control\x00')
close(r0)

2018/05/24 23:57:29 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff]})

2018/05/24 23:57:29 executing program 4:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(khazad-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00004f7000)="649c47ad46390d006dc80000009d4d54", 0x10)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000b37000)={0x0, 0x0, &(0x7f0000001380)=[{&(0x7f0000000140)="cf2dc3a1c46717cb", 0x8}], 0x1, &(0x7f0000000000)}, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4543(echainiv(authenc(sha512-generic,ctr-twofish-avx)))\x00'}, 0x58)
recvmsg$kcm(r1, &(0x7f0000e63000)={0x0, 0xfffffecd, &(0x7f0000000100)=[{&(0x7f0000000080)=""/87, 0x9}], 0x1, &(0x7f0000142000)=""/60, 0x3c}, 0x0)

[  711.419524] binder: 14181:14182 ioctl 40046207 0 returned -16
[  711.450699] binder: 14181:14193 got transaction to invalid handle
[  711.457167] binder: 14181:14193 transaction failed 29201/-22, size 24-8 line 2856
2018/05/24 23:57:29 executing program 1:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000001fe8)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000340)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))
ioctl$EVIOCSKEYCODE(r2, 0x40044581, &(0x7f0000000080))
r3 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x61725db7a679a3da, 0x0)
ioctl$KVM_SIGNAL_MSI(r3, 0x4020aea5, &(0x7f00000000c0)={0x10d000, 0x5000, 0x9, 0xd03a, 0x6e})
ioctl$EVIOCSREP(r2, 0x40084503, &(0x7f0000000180))
close(r1)

2018/05/24 23:57:29 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000000000007fffffff00000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:29 executing program 2:
r0 = socket(0x15, 0x80005, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10)

[  711.585097] binder: undelivered TRANSACTION_ERROR: 29201
[  711.595562] binder: undelivered TRANSACTION_ERROR: 29201
[  711.653568] binder: 14232:14233 got transaction with invalid offsets ptr
[  711.676202] binder: 14232:14233 transaction failed 29201/-14, size 24-8 line 2999
[  711.715486] binder_alloc: binder_alloc_mmap_handler: 14232 20001000-20004000 already mapped failed -16
[  711.755507] binder: BINDER_SET_CONTEXT_MGR already set
[  711.762161] binder_alloc: 14232: binder_alloc_buf, no vma
[  711.767836] binder: 14232:14241 transaction failed 29189/-3, size 24-8 line 2971
[  711.771989] binder: 14232:14233 ioctl 40046207 0 returned -16
[  711.815298] binder: undelivered TRANSACTION_ERROR: 29189
[  711.821825] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:30 executing program 5:
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f00000000c0)=0x7fffffff, 0x4)
sendmmsg(r0, &(0x7f0000005900)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x14, 0x15}}}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000380)="f7", 0x1}], 0x1}}], 0x1, 0x0)

2018/05/24 23:57:30 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0xffffffffffffffff, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd(0x0)
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000000))
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000015c0)={r2})
write$eventfd(r2, &(0x7f0000000040), 0x8)
socketpair$inet_udp(0x2, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
getsockopt$EBT_SO_GET_INIT_INFO(r4, 0x0, 0x82, &(0x7f00000000c0)={'broute\x00'}, &(0x7f0000000140)=0x78)

2018/05/24 23:57:30 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]})

2018/05/24 23:57:30 executing program 4:
r0 = syz_open_pts(0xffffffffffffffff, 0x4000)
ioctl$fiemap(r0, 0xc020660b, &(0x7f0000000300)={0x88, 0x1e, 0x1, 0x7, 0x4, [{0x0, 0x989, 0x7}, {0x2e2, 0x1e, 0x3, 0x0, 0x0, 0x80}, {0x0, 0x0, 0x1ff, 0x0, 0x0, 0x2000}, {0xed, 0xfffffffffffffffd, 0xffff, 0x0, 0x0, 0x4}]})
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000240), 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xa00, 0x29)
r2 = getpid()
ioctl$KVM_DEASSIGN_DEV_IRQ(r1, 0x4040ae75, &(0x7f0000000200)={0x0, 0x3f, 0x4, 0x402})
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000100)={[], 0x200, 0x2, 0x2, 0x9c13, 0x8, r2})
getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
getsockopt$inet6_dccp_int(r1, 0x21, 0x1f, &(0x7f0000000400), &(0x7f0000000440)=0x4)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000002ff7)='/dev/ppp\x00', 0x0, 0x0)
connect$pptp(r3, &(0x7f0000000000)={0x18, 0x2, {0x3}}, 0x1e)
ioctl$EVIOCGREP(r3, 0x40107447, &(0x7f0000000240)=""/174)
getsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0xb)

2018/05/24 23:57:30 executing program 3:
r0 = socket$l2tp(0x18, 0x1, 0x1)
r1 = socket$l2tp(0x18, 0x1, 0x1)
connect$l2tp(r1, &(0x7f0000003000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}}, 0x1}}, 0x2e)
r2 = dup3(r1, r0, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000, 0x0, 0x0, 0x0, 0x20000000000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'bond_slave_1\x00'})
mmap(&(0x7f0000000000/0xe77000)=nil, 0xe77000, 0x3, 0x34, 0xffffffffffffffff, 0x0)
syz_mount_image$xfs(&(0x7f0000000000)='xfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000280)=[{&(0x7f0000000080)="a7110148bc5749d50b9a133afc9546770bb716d92028491d7a35428d90cf7ee3ac10a0e298e417d779ce44f16c44c495f78d06df9cd015f7ec81a8de8338b686e9d1879e693935209ab8202d1483c158dd61b8060b1079f9c9ac211eec28849069b627942d3f80044eb8c26587f9e8fd335ac4f07e3679c0cfb12fa55639f5526a32aa7a4faf546410999087ab", 0x8d, 0xa08}], 0x100008, &(0x7f00000002c0)={'nouuid,'})
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
r5 = socket$l2tp(0x18, 0x1, 0x1)
connect$l2tp(r5, &(0x7f0000000140)=@pppol2tpin6={0x18, 0x1, {0x0, r4, 0x3, 0x200000, 0x2, 0x0, {0xa, 0x4e21, 0x3, @mcast1={0xff, 0x1, [], 0x1}, 0x4}}}, 0x32)
r6 = socket$l2tp(0x18, 0x1, 0x1)
close(r4)
syz_mount_image$gfs2(&(0x7f0000000300)='gfs2\x00', &(0x7f0000000340)='./file0\x00', 0x32, 0x1, &(0x7f0000000600)=[{&(0x7f0000000380)="d2b47c6b8cf5a1f7fd94c66cc45b54aea538c41c2d80277ed8fc55f7e3e756716668fc77e8454902d8c428525b671cb02867bd9fdfe10d1046f506a07c3728814d41f6bd80f12411a8276e85daa64b48da8fa640c04ddc652c82871ebe2ef69544d553b4c012ab57d848913b4e65", 0x6e, 0x2}], 0x20, &(0x7f00000006c0)={[{@commit={'commit', 0x3d, [0x7d, 0x7e, 0x3b, 0x0, 0x31, 0x37, 0x32]}, 0x2c}]})
dup2(r6, r5)
ioctl$TIOCSCTTY(r2, 0x80047437, 0x4)

2018/05/24 23:57:30 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000006f30000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:30 executing program 1:
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000009000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000002c0)="0fc729660f01dec4c15b580d4400000065260f01cf360f01cfea090000000100f40f015cd331c4c215ac63100fc729", 0x2f}], 0x1, 0x0, &(0x7f0000000040)=[@dstype3={0x7}], 0x1)
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x40, 0x0)
ioctl$KVM_GET_EMULATED_CPUID(r0, 0xc008ae05, &(0x7f0000000080))

2018/05/24 23:57:30 executing program 0:
r0 = memfd_create(&(0x7f0000000140)="2d42d54e49c56aba707070f00884a26d003a2900bb8dacac76617d6b6e6823cb290fc8c03a9c631064eea98b4363ad899c6bdec5e936dd55a93dcd4a78aa8f7eb93061a9b2044b98933f8851f7d61da1ce8b19eaefe3abb6a52434d6fe370fe7d924ce20ab4eaec9bdd36740e127730e90f2cd72b828", 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
getsockopt$inet_sctp_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r2=>0x0, 0x6}, &(0x7f0000000040)=0x8)
ioctl$ASHMEM_GET_SIZE(r0, 0x7704, 0x0)
setsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000080)={r2, 0x9, 0x2, 0x97}, 0x10)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r3 = syz_open_procfs(0x0, &(0x7f00000003c0)='clear_refs\x00')
write$cgroup_pid(r3, &(0x7f0000000340)=ANY=[@ANYBLOB="02"], 0x1)

[  712.535716] binder: 14261:14262 got transaction with invalid offsets ptr
[  712.546451] binder: 14261:14262 transaction failed 29201/-14, size 24-8 line 2999
[  712.557722] binder_alloc: binder_alloc_mmap_handler: 14261 20001000-20004000 already mapped failed -16
2018/05/24 23:57:30 executing program 4:
r0 = memfd_create(&(0x7f00005f8ffe)='#}\x00', 0x0)
ftruncate(r0, 0x40001)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x10, &(0x7f0000e4effc)=0x4, 0x4)
sendfile(0xffffffffffffffff, r0, &(0x7f0000000240), 0x2)

2018/05/24 23:57:30 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000b9bff0)={0x2, 0x1, @multicast1=0xe0000001}, 0x10)
sendto$inet(r0, &(0x7f0000fa0fff), 0xffffffffffffffbb, 0x20020003, &(0x7f0000385ff0)={0x2, 0x1, @loopback=0x7f000001}, 0x10)
recvfrom$inet(r0, &(0x7f0000769f0f)=""/241, 0xf1, 0x1, &(0x7f0000497ff0)={0x2, 0x0, @broadcast=0xffffffff}, 0x930000)
recvfrom$inet(r0, &(0x7f0000000000)=""/130, 0x82, 0x10000, &(0x7f00000000c0)={0x2, 0x4e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10)

2018/05/24 23:57:30 executing program 5:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0/file0\x00', 0x10)
r0 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x5, 0x101101)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @local={0xac, 0x14, 0x14, 0xaa}}, @in6={0xa, 0x4e23, 0x6, @ipv4={[], [0xff, 0xff], @multicast1=0xe0000001}, 0x6}, @in={0x2, 0x4e21}, @in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0xf}}, @in6={0xa, 0x4e23, 0x81, @mcast1={0xff, 0x1, [], 0x1}, 0x1}, @in6={0xa, 0x4e22, 0x80000000, @dev={0xfe, 0x80, [], 0x1a}, 0x8}, @in6={0xa, 0x4e23, 0x6, @loopback={0x0, 0x1}, 0x3}, @in={0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}, @in={0x2, 0x4e23, @multicast1=0xe0000001}, @in={0x2, 0x4e22, @local={0xac, 0x14, 0x14, 0xaa}}], 0xd0)
ioctl$EVIOCSFF(r0, 0x40304580, &(0x7f0000000080)={0x57, 0x6, 0x6, {0x0, 0x6}, {0x1, 0x8}, @const={0x2bea, {0x100, 0x2, 0x7, 0xfffffffffffffffd}}})
rename(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000180)='./file1/file0\x00')

2018/05/24 23:57:30 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = syz_open_dev$mouse(&(0x7f0000000280)='/dev/input/mouse#\x00', 0x4, 0x101000)
ioctl$KVM_DEASSIGN_DEV_IRQ(r1, 0x4040ae75, &(0x7f00000016c0)={0x5, 0x1, 0x0, 0x100})
bind$alg(r0, &(0x7f0000001b80)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(camellia)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000028c0)="b7f2288a933d66593ae164c990a0028e", 0x10)
r2 = accept$alg(r0, 0x0, 0x0)
readv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/204, 0xcc}, {&(0x7f0000000000)=""/52, 0x34}, {&(0x7f0000000180)=""/229, 0xe5}, {&(0x7f00000012c0)=""/107, 0x6b}, {&(0x7f00000014c0)=""/202, 0xca}, {&(0x7f0000001340)=""/86, 0x56}], 0x6)
write$binfmt_script(r2, &(0x7f0000000300)=ANY=[], 0xffffffaa)
recvmsg(r2, &(0x7f0000001480)={0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f00000002c0)=""/4096, 0x1000}], 0x34, &(0x7f0000001400)=""/123, 0x7b}, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000001640)={0x2, 0x0, [{0xc0000003, 0xfffffffffffffffe, 0x1, 0x6, 0x68f, 0x3, 0x9}, {0x8000000f, 0x7, 0x6, 0x7, 0x7fffffff, 0x7, 0x6f46}]})
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(0xffffffffffffffff, 0x800442d4, &(0x7f0000000040)=0x7fff)

[  712.600104] binder: BINDER_SET_CONTEXT_MGR already set
[  712.609514] binder: 14261:14262 ioctl 40046207 0 returned -16
[  712.616847] binder_alloc: 14261: binder_alloc_buf, no vma
[  712.622560] binder: 14261:14277 transaction failed 29189/-3, size 24-8 line 2971
2018/05/24 23:57:30 executing program 4:
ioctl$KVM_CREATE_DEVICE(0xffffffffffffff9c, 0xc00caee0, &(0x7f0000000000)={0x0, <r0=>0xffffffffffffff9c})
lseek(r0, 0x0, 0x3)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="c626262c8523bf012cf66f")
r2 = syz_open_dev$dspn(&(0x7f0000000100)='/dev/dsp#\x00', 0x6, 0x0)
ppoll(&(0x7f0000013000)=[{r2}], 0x1, &(0x7f0000001000)={0x77359400}, &(0x7f000000d000), 0x8)
read$eventfd(r2, &(0x7f0000000040), 0x8)

2018/05/24 23:57:30 executing program 0:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x400)
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000140), &(0x7f0000000180)=0x4)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)={0x18, 0x14, 0x201, 0x0, 0x0, {0x2}, [@generic='f']}, 0x18}, 0x1}, 0x0)

2018/05/24 23:57:30 executing program 3:
r0 = socket(0xc, 0x2, 0x3)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000600)='/dev/kvm\x00', 0x0, 0x0)
ftruncate(r0, 0x9)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syncfs(r0)
r2 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x0, 0x4000)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x80000000000000)
r4 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2)
fchdir(r1)
syz_kvm_setup_cpu$x86(r4, r3, &(0x7f000000c000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000080)="f20f2d7e00c4e3bd40ce630f07f7cd0c000000660f01c90ff8cd0fc7588ab8ad6e00000f23d80f21f835000000c00f23f8c4e3cd6971f500f20f08", 0x3b}], 0x1, 0x0, &(0x7f0000000100), 0x0)

2018/05/24 23:57:30 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000000000000000000200000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:30 executing program 1:
r0 = socket(0xa, 0x5, 0x0)
ioctl(r0, 0x8916, &(0x7f0000000000)="c626262c8523bf012cf66f")
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000140)=@assoc_value, 0x8)
mq_unlink(&(0x7f0000000040)='\x00')
write$binfmt_aout(r0, &(0x7f0000000bc0)=ANY=[@ANYBLOB="cf010341150000005d010000a8d600004f0100000000000000000000000000009527b6d3f5417c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008daf3737909028df370da5f6555897b643ef11346f9f0ebe6f1c8456d9240f8ccc3e1797ad30ce46112c5ef5c58e03d4aff27766fc95cb0708cf4b753bc0d88c6d69c74ffd564482d8e1f63dd56cd94007f23ceb6e25a3eddbcd8948cbedd5e87ce2c88cd9e7ff737b8e1d103c9b3c1b9048327b317c98f7d8425a14d8c4ea2392ac012060bccbaf4d1071ac947b297c23cba414207e7a746e5a3d94cb9b4173daa3847d95ba8ddae81114e9ac3fb25ba849d235507413be4dc5cd2b910367e09dcdec7ffce8a7193ebcf2dba970271cb96b17e6824e7284963ef5f431e3fadc7956cd135df027b4a01a2cbf8caf10f20eeb963476472b66a93effc19397f1f21e93db85ff37b34c3e57c88f63992a81f149f693385b7eb435b0758d2b1dffa7bf9a8adb3075378e4d74f85227de896f0d9ea1a74f722b4547864abd4d0abab2e38b8a3f821f5045ac3ab543aa157dadbb7e3f981d845f050aedf6556bbb030459edfabb8ee1b6e5834c1a34aff8213fecccb7729f75c80da05d6e5c318b04dd8802b6fe2244b0bb9f64a683808d12a342c910"], 0xf1)
getsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000340), &(0x7f0000000380)=0xc)

2018/05/24 23:57:30 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff00000000]})

[  712.800546] binder: undelivered TRANSACTION_ERROR: 29189
[  712.806873] binder: undelivered TRANSACTION_ERROR: 29201
[  712.901261] binder: 14315:14320 got transaction with invalid offsets ptr
[  712.940407] sctp: [Deprecated]: syz-executor1 (pid 14324) Use of struct sctp_assoc_value in delayed_ack socket option.
[  712.940407] Use struct sctp_sack_info instead
[  712.941314] binder: 14315:14320 transaction failed 29201/-14, size 24-8 line 2999
[  713.022848] binder_alloc: binder_alloc_mmap_handler: 14315 20001000-20004000 already mapped failed -16
[  713.046991] binder: BINDER_SET_CONTEXT_MGR already set
[  713.052569] binder_alloc: 14315: binder_alloc_buf, no vma
[  713.052683] binder: 14315:14320 ioctl 40046207 0 returned -16
[  713.058241] binder: 14315:14333 transaction failed 29189/-3, size 24-8 line 2971
[  713.089598] binder: undelivered TRANSACTION_ERROR: 29189
[  713.095480] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:31 executing program 5:
r0 = socket(0xa, 0x2400000001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000034000)={0x2, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}, 0x88)
r1 = memfd_create(&(0x7f0000000ffe)='$\x00', 0x0)
write(r1, &(0x7f0000002000)='/', 0x1)
sendfile(r1, r1, &(0x7f0000000040), 0x8000)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r1, 0x0)
getsockopt$inet6_buf(r0, 0x29, 0x10000000000030, &(0x7f0000000100)=""/144, &(0x7f00000000c0)=0xd126a861502a2cf5)

2018/05/24 23:57:31 executing program 0:
r0 = socket(0xa, 0x1, 0x3f)
ioctl(r0, 0x840000002, &(0x7f0000000600)="c626226c0015885248b3fd9a96977c47c706dd4f9120d4ce00fe2acd")
clock_settime(0x594fa4ad91436123, &(0x7f0000000080)={0x77359400})
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x4000, 0x0)
sendmsg$netrom(r1, &(0x7f00000005c0)={&(0x7f00000000c0)=@full={{0x3, {"65b04070c5e6fd"}, 0x7f}, [{"12cd9d8c8b638b"}, {"4f10ca2db2f34e"}, {"213eaee2923b70"}, {"e9486f92bbae25"}, {"975ebc3f640729"}, {"7d3e4f70c6371e"}, {"6315bbc75bdcfa"}, {"55906e5e476105"}]}, 0x48, &(0x7f00000003c0)=[{&(0x7f0000000140)="7bdd853c090c04f619e00bc43da0fcb03fdf690d50c957fd09ab0df1aeca22e48969c1e03abb6258314ffc154d37983aefa575b0731f81bf306f76466f7cf9c0ec8902abdd072cf291d2d92a6404fa5dc8e345dae5d7030ad213c7def400639268e1a919395a52c154950dea83e3a4dd46f044690a87b25923347bf9c6ecb17805688a29e035c4adcb95892c009ae7a20d8925384c87c7d1a621ff6b71a4f99e04f5572d6d5f0282c15a1e950d1965df57f7064a576fcf7d071e10255d1014b7e524fa16f1f82931d48568aaa36e19", 0xcf}, {&(0x7f0000000240)="7f84613b57d42b61c1783b7079b4d23ef288bfc0ed62e563340c6be7e6a864c0c6866eec3094f58c17d34d0f6999b5bad1d89e745cca179dea98c7d52d2f0d4bf80c0cd345d5e8859e8bfe3e75476403f9b86b0187", 0x55}, {&(0x7f00000002c0)="9e406c56eaf416b0090f561663dbffb48651a7f33a09b073a6be0e7f4036adcdbe404aac9f90ea74f74522f9f73b08b670dfbde89bf70b8c85bfc84649ee3fe6108d08a88cc7f46f0e1c94961a1c1caacd709afcc33b1766947dba45c9c8442901b75ba8fbf1f2b447105437e41d7e76a57f9549857a4f88fdcf8ce83d30d1813a0a5339af9dce9c3ecd6b9a783623ea7408b67310059d28a2c287896cb740e306923b60fa18ecd4ca5b43d68b4169ffa1923652fa0fb174ad15673e4379f15e993edc401d20c735a5316d51c009282a3b058e2e7f4c96e8d485ac8405a2c48b124c8ac39fd106ac82585e6402ff472824ecfb63f587207d", 0xf8}], 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="10000000000000010600000002000000b8000000000000001100000081000000ef90575a80d05d14970c5e874ea58729131dcbebf40a08f5d10c4fa1c3d8eb95c61c2c06a1509f265f65517d822c05fc3221977ca4fb8898a84a6befcc1910a0eb48921e7fb672aeab7ed8d0fdcf527d744df9c986e8335c75070b0a2e2d654a88759978fdca25f5b2df3e49bb323f100f10487eaafa4e99d7186c43aa71c0413aa49402e847391230367ee8e7a5f4caf8787f82f23a57b4e3e318e62b91111e106317818b000000d0000000000000001f01000000ffffff36ece1b2bffed34db4c50b4b977f99a94ee416becc2bfd5edbb0c28bea85599b9b48e52ceee0dbcf04f4d420ccaa2272e7d4b388ecd07d6a4f5d2c301cad8c979ed20f1776fd15cce0851ead892a9c3170589cfafcaa7e7e68cb598b53c564c567b6057857d3e51ea0359f380474a2aa8bdd283f3735b5ad6407c5cd767ecf33ab5e5e895671dae4b7bf227ae270d0fcab44235acda008998988fe75a1bcc0f1e3cf1cc5198a6f63131846b50000ed0151738f98f1e409ced37e4395bc3dddd56d89be6ffde693acc5b6c3ef1fbd89f275052a30454d5735c4c4bb75bb27a78d48b09f685ffc9301efdd9aa4784ca34d9a944b47b96ab1531c22bbab5a0f50e2d17e365d6e8e6f02b212ec7526829000913fe2cbe27a4f9a0e125d25c2c48853d6f33afc7ccc1f3b21888a1a0c6b1ce932e6813c8ca10a4c2c82e576246185c926b4ddf9765acb97d0a8eae7d01890b1c6a7cc375f497ffac2fc6d1acb735f438198d91a191ca40efce07155c265"], 0x198, 0x2000c8c4}, 0x1)

2018/05/24 23:57:31 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x8000, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="f2446eb960000000b800000100ba000000000f30c74424000f000000c7442402eeae5562c7442406000000000f011c248f4848ed0b6dc4e1fa109df8ffffff400fc79ef000000066b82e010f00d8260f412dfc8700000f01cac442fd21de", 0x5e}], 0x1, 0x0, &(0x7f0000000000), 0x0)
mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3000, 0x3, &(0x7f0000fea000/0x3000)=nil)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f00000003c0)="2e11d5c4e125e021f2ae660ff155a2c1ad000000005bc4c1c8595d160fc71a3e0f01c80f0d67e065660fee1e"}], 0x0, 0x8, &(0x7f0000000100)=[@efer={0x2, 0x1}], 0x1000000000000316)
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/rfkill\x00', 0x200001, 0x0)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f0000000240)={0x0, 0x20f, 0x1, 0x973, <r4=>0x0}, &(0x7f0000000280)=0x10)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r3, 0x84, 0x17, &(0x7f00000002c0)=ANY=[@ANYRES32=r4, @ANYBLOB="0010620079b338a28aededa063e583ac5697a8473ba19fd8c3a9a3545d811377985f2779da969195514295365c8780d754adb1bc4793c325fbf832c9b5ed614be48f0d065ee90cbd545901c43a5a22826375af54e2efe9f797c5312e818d0223120bf2d6f2e4"], 0x6a)
ioctl$SG_EMULATED_HOST(r3, 0x2203, &(0x7f0000000200))
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r5 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ff4000/0x2000)=nil)
lstat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
r7 = getgid()
getresuid(&(0x7f0000000340)=<r8=>0x0, &(0x7f0000000480), &(0x7f00000004c0))
lstat(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0})
r10 = fcntl$getown(r3, 0x9)
r11 = gettid()
shmctl$IPC_SET(r5, 0x1, &(0x7f00000005c0)={{0xeef, r6, r7, r8, r9, 0xa435b879dff15470, 0x1}, 0x1, 0x7, 0x8, 0x20, r10, r11, 0x1})

2018/05/24 23:57:31 executing program 1:
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f0000a1cffc))
madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008)
clone(0x0, &(0x7f0000b53000), &(0x7f000084effc), &(0x7f0000c35ffc), &(0x7f0000b3bfff))
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x2080, 0x0)
r1 = perf_event_open$cgroup(&(0x7f0000000040)={0x5, 0x70, 0x80000000, 0xc, 0xff, 0x5, 0x0, 0x0, 0x60404, 0x0, 0x80, 0x2, 0x1, 0x7ff, 0xffffffffffffffff, 0x4, 0xc0, 0x401, 0x7, 0xf0b, 0x8000, 0x81, 0x100000000, 0x2, 0x4, 0xa89, 0x7, 0xfffffffffffffff9, 0xb18, 0xc9, 0x5, 0x5, 0x3, 0x200, 0x8, 0x8, 0x2e3, 0x38a, 0x0, 0x4, 0x1, @perf_config_ext={0x0, 0x1}, 0x1000, 0x3, 0xa61a, 0x7, 0x20, 0x2db1, 0xfe5b}, 0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x3)
r2 = socket$inet_dccp(0x2, 0x6, 0x0)
r3 = inotify_init()
socketpair(0x5, 0x3, 0x4, &(0x7f00000000c0)={<r4=>0xffffffffffffffff})
ppoll(&(0x7f0000000100)=[{r0, 0x2000}, {r1, 0x20}, {r2, 0x2200}, {r3, 0x20}, {r4}], 0x5, &(0x7f0000000140)={0x77359400}, &(0x7f0000000180)={0xff}, 0x8)
mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0)

2018/05/24 23:57:31 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]})

2018/05/24 23:57:31 executing program 4:
r0 = socket(0xa, 0x0, 0x0)
syz_open_procfs$namespace(0x0, &(0x7f00000000c0)="0000d91ca7947d6df56048ac61")
ioctl(r0, 0x8912, &(0x7f0000000480)="b4aa0bc553b7df579045876a202d2f5de66bbedb2064fd948cb1556980a9fad74025329dbe3df0d58d258c38223b25d092016fa681140dff10e68a1b5a3957e996492e1e261cf1811e9a25844e0dc69d6906d60ee0766c4328989c9012c6ffb21e3fd2b2d5889c236d85587f11c17174632cd9cb08bf44d69990072a8288943a911d86df72844aeb2a017f418b1bf9b63a237530f61901a8b054bf7989ce8037d4cfce8e95503a9f15fff52921d1f16ea6665396cd1bd0da0b5c06dc10511af6450fd8b1853a3a2832f3f2a77dd6b99cd63ba9438ace92")
syz_open_procfs$namespace(0x0, &(0x7f0000000080)="6e732f6e6577e61deb6c8a54dec18d")
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)={@local={0xac, 0x14, 0x14, 0xaa}, @multicast1=0xe0000001, 0x0, 0x3, [@broadcast=0xffffffff, @multicast1=0xe0000001, @multicast2=0xe0000002]}, 0x1c)
ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x7, {0x2, 0x4e21}, {0x2, 0x4e24, @rand_addr=0x1}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1d}}, 0xffffffffffffffff, 0x19, 0x401, 0x7, 0x2, &(0x7f0000000040)='team_slave_1\x00', 0x2, 0x5, 0x80000000})
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snapshot\x00', 0x100, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r1, 0xc04c5349, &(0x7f00000001c0)={0x3, 0x5, 0x9})

2018/05/24 23:57:31 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000007a00000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:31 executing program 2:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="c626262c8523bf012cf66f")
clone(0x8010200, &(0x7f0000000440), &(0x7f0000000140), &(0x7f0000000580), &(0x7f0000000480)="596a8c838d0a92905fbd5f46d183190c06ad9dd29d5bd5ef13703af0128cf81924f396a815cdaedbcf0c24f1aabad44168a2728eb66cb0f858023726d5e510fbfa188b376ec494966e0cc4b15d8f0d7cf0c10684c12966d5405b970d8e1392adb275e7c954696a11e04f623787794a75805d61087347e850fe7a0c83f386362d812a88692b29c9d02a95dba8391f20f6b51b4097718fd0bef233bb7febd090f1fe27f0db1fd8825e273eb45874e8d8d5a12510efb7dc996e03f061")
wait4(0x0, 0x0, 0x80000008, &(0x7f0000781f70))
lgetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)=@random={'os2.', '\x00'}, &(0x7f0000000180)=""/238, 0xee)
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x10000, 0x0)
ioctl$KDGETLED(r1, 0x4b31, &(0x7f0000000280))
bind$pptp(r0, &(0x7f0000000000)={0x18, 0x2, {0x0, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x1e)

2018/05/24 23:57:31 executing program 2:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crct10dif-generic\x00'}, 0x58)
r2 = accept$alg(r1, 0x0, 0x0)
r3 = open(&(0x7f00004b8ff8)='./file0\x00', 0x28042, 0x0)
fallocate(r3, 0x0, 0x0, 0x73e0)
sendfile(r2, r3, &(0x7f00007ed000), 0x73df)
getsockname$unix(r3, &(0x7f0000000080)=@abs, &(0x7f0000000100)=0x6e)

[  713.911675] binder: 14344:14354 got transaction with invalid offsets ptr
[  713.943790] binder: 14344:14354 transaction failed 29201/-14, size 24-8 line 2999
2018/05/24 23:57:31 executing program 4:
recvmmsg(0xffffffffffffffff, &(0x7f0000000c80)=[{{&(0x7f0000000780)=@pppol2tpv3={0x0, 0x0, {0x0, 0xffffffffffffffff, {0x0, 0x0, @local}}}, 0x80, &(0x7f0000000b40)=[{&(0x7f00000009c0)=""/149, 0x95}, {&(0x7f0000000a80)=""/187, 0xbb}], 0x2, &(0x7f0000000b80)=""/227, 0xe3}, 0x1}], 0x1, 0x0, 0x0)
r0 = socket$kcm(0x29, 0x2, 0x0)
sendto(r0, &(0x7f0000000000)="06", 0x1, 0x0, &(0x7f00000000c0)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local={0x1, 0x80, 0xc2}}, 0x80)
sendmmsg(r0, &(0x7f0000000840), 0x3d0, 0x0)
r1 = msgget$private(0x0, 0x200)
msgrcv(r1, &(0x7f0000000cc0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], 0x1008, 0x0, 0x0)

[  714.000616] binder_alloc: binder_alloc_mmap_handler: 14344 20001000-20004000 already mapped failed -16
[  714.013477] binder: BINDER_SET_CONTEXT_MGR already set
[  714.038957] binder: 14344:14354 ioctl 40046207 0 returned -16
2018/05/24 23:57:31 executing program 0:
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000300)='/dev/sequencer2\x00', 0x2c80, 0x0)
getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x41, &(0x7f0000000340)={'mangle\x00', 0xe9, "9ca771eea32ed4d0b7df1bffa581703a89f6b08e23b031fc104b2ff496e2083b400dff64a5582981c7aeb6985fe74f43ff6571321241d0891479a3171bd1e52b0b7e2e5c7bf36b6dbf32ff2a39ed5b3c456582fd9c16cf3546019cec937cfd2af9e0d253cba3ddb243d371da107869b359333577e90f12aeed70b2cb07dd0fd30c5565ffb0a92ab1cfb3ca4275194d869335620456aefed145eda091c037afee368de93f938825c637d7cca8f714b0af33fe4c1cb09a3a476f3e7a4e7f55dba1b02cf33d886fcdea73832dc179d0a6594a4227c8c12fc43cb0e8ef24d3c74477e80b2ef74630d94c65"}, &(0x7f0000000480)=0x10d)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x66, &(0x7f00000004c0)={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xb}, @link_local={0x1, 0x80, 0xc2}, [], {@ipv6={0x86dd, {0x0, 0x5, 'v`?', 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0x2, 0x4], {0x0, 0x6, "c10200", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3], 0x1}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, 0x0)
r1 = memfd_create(&(0x7f0000000080)='\x00', 0x0)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00')
ioctl$KVM_ASSIGN_PCI_DEVICE(r0, 0x8040ae69, &(0x7f0000000000)={0x80000001, 0x401, 0x7, 0x2, 0x2})
r3 = msgget(0x3, 0x19)
msgrcv(r3, &(0x7f0000000280)={0x0, ""/96}, 0x68, 0x3, 0x1000)
sendmsg$IPVS_CMD_ZERO(r1, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, r2, 0xfe, 0x70bd2c, 0x25dfdbfc, {0x10}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)

2018/05/24 23:57:32 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000]})

[  714.187350] binder_alloc: 14344: binder_alloc_buf, no vma
[  714.193108] binder: 14344:14393 transaction failed 29189/-3, size 24-8 line 2971
[  714.300745] binder: undelivered TRANSACTION_ERROR: 29189
[  714.313909] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:32 executing program 2:
r0 = syz_open_dev$tun(&(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'bpq0\x00', 0x1000000000000103})
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2)
ioctl$TUNGETIFF(r0, 0x800454d7, &(0x7f0000000280))
setsockopt$inet6_MRT6_ADD_MFC(r1, 0x29, 0xcc, &(0x7f0000000080)={{0xa, 0x4e20, 0x80000000, @mcast2={0xff, 0x2, [], 0x1}}, {0xa, 0x4e22, 0x0, @empty, 0x6}, 0x1400000, [0x10, 0xbc6, 0x7062, 0x101, 0x800, 0x1, 0x4000000000, 0x932]}, 0x5c)
getsockopt$bt_hci(r1, 0x0, 0x1, &(0x7f0000000140)=""/241, &(0x7f0000000000)=0xf1)

2018/05/24 23:57:32 executing program 1:
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f0000a1cffc))
madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008)
clone(0x0, &(0x7f0000b53000), &(0x7f000084effc), &(0x7f0000c35ffc), &(0x7f0000b3bfff))
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x2080, 0x0)
r1 = perf_event_open$cgroup(&(0x7f0000000040)={0x5, 0x70, 0x80000000, 0xc, 0xff, 0x5, 0x0, 0x0, 0x60404, 0x0, 0x80, 0x2, 0x1, 0x7ff, 0xffffffffffffffff, 0x4, 0xc0, 0x401, 0x7, 0xf0b, 0x8000, 0x81, 0x100000000, 0x2, 0x4, 0xa89, 0x7, 0xfffffffffffffff9, 0xb18, 0xc9, 0x5, 0x5, 0x3, 0x200, 0x8, 0x8, 0x2e3, 0x38a, 0x0, 0x4, 0x1, @perf_config_ext={0x0, 0x1}, 0x1000, 0x3, 0xa61a, 0x7, 0x20, 0x2db1, 0xfe5b}, 0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x3)
r2 = socket$inet_dccp(0x2, 0x6, 0x0)
r3 = inotify_init()
socketpair(0x5, 0x3, 0x4, &(0x7f00000000c0)={<r4=>0xffffffffffffffff})
ppoll(&(0x7f0000000100)=[{r0, 0x2000}, {r1, 0x20}, {r2, 0x2200}, {r3, 0x20}, {r4}], 0x5, &(0x7f0000000140)={0x77359400}, &(0x7f0000000180)={0xff}, 0x8)
mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0)

2018/05/24 23:57:32 executing program 3:
r0 = socket(0x40000000002, 0x3, 0x2)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x10000, 0x0)
ioctl$IOC_PR_CLEAR(r1, 0x401070cd, &(0x7f00000000c0)={0x1e})
setsockopt$inet_int(r0, 0x0, 0x3, &(0x7f0000000100)=0x80, 0x4)
sendto$unix(r0, &(0x7f0000000280)="1d9b000000007675d706d94e590291c9900d3be5299d0a4d3d1891a1fe3d8edd715c9f981c39daefbae33fbd06698cc347008df8", 0x34, 0x0, &(0x7f0000000000)=@abs, 0x6e)

2018/05/24 23:57:32 executing program 0:
bind$inet6(0xffffffffffffffff, &(0x7f0000f61fe4)={0xa, 0x4e20, 0x0, @ipv4={[], [0xff, 0xff], @broadcast=0xffffffff}}, 0x1c)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000f59ffc)=0x4, 0x4)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000d1c000)=0x2c, 0x4)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @ipv4={[], [0xff, 0xff]}}, 0x1c)
syz_emit_ethernet(0x2a, &(0x7f000070aef1)=ANY=[@ANYBLOB="aaaaaaaaaaaa0000140000000800450000119078ac14ffbbffffffff00004e2000089078000000000000"], 0x0)

2018/05/24 23:57:32 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8000000]})

2018/05/24 23:57:32 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000009d09000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:32 executing program 4:
r0 = add_key$keyring(&(0x7f00000001c0)='keyring\x00', &(0x7f0000000200)={0x73, 0x79, 0x7a}, 0x0, 0x0, 0xfffffffffffffffe)
r1 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={0x73, 0x79, 0x7a}, 0x0, 0x0, r0)
r2 = add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f00000000c0)={0x73, 0x79, 0x7a}, 0x0, 0x0, r1)
add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a, 0x3}, 0x0, 0x0, r2)
keyctl$setperm(0x5, r2, 0x0)
keyctl$unlink(0x9, r2, r1)

2018/05/24 23:57:32 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
connect$l2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2}, 0x4}}, 0x2e)
ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000000100))
recvmsg(r0, &(0x7f00000008c0)={&(0x7f0000000780)=@hci, 0x80, &(0x7f0000000880)}, 0x0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp\x00', 0x10000, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r1, 0x4048ae9b, &(0x7f0000000140)={0xa0000, 0x0, [0xce, 0xffffffffffff0000, 0x80000000, 0x3f, 0x7ff, 0x0, 0xd4, 0x4]})
socketpair$inet6_sctp(0xa, 0x5, 0x84, &(0x7f0000000040)={<r2=>0xffffffffffffffff})
getsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f00000000c0)={<r3=>0x0, 0x100000000, 0x4, 0x2, 0xf9}, &(0x7f00000001c0)=0x14)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000000200)={0xfffffffffffffe00, 0x8, 0x4, 0xfff, r3}, 0x10)

2018/05/24 23:57:32 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$mixer(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/mixer\x00', 0x42, 0x0)
setsockopt$packet_int(r2, 0x107, 0x12, &(0x7f0000000200)=0xe4a2, 0x4)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000000180)=ANY=[@ANYRES64=r3])
ioctl$KVM_SET_CLOCK(r1, 0x4030ae7b, &(0x7f0000000000)={0x5, 0x1})
ioctl$KVM_CHECK_EXTENSION_VM(r2, 0xae03, 0x6)
r4 = socket$vsock_dgram(0x28, 0x2, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r4, 0x4058534c, &(0x7f00000002c0)={0x6, 0x0, 0x6, 0x9, 0x80})
getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f00000000c0)={<r5=>0x0}, &(0x7f0000000100)=0xc)
ioctl$sock_SIOCSPGRP(r4, 0x8902, &(0x7f0000000140)=r5)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2018/05/24 23:57:33 executing program 0:
r0 = getpid()
ioprio_get$pid(0x3, r0)
r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4c0c00)
setsockopt$netlink_NETLINK_PKTINFO(r1, 0x10e, 0x3, &(0x7f0000000040)=0x800, 0x4)

[  715.038800] binder: 14412:14422 got transaction with invalid offsets ptr
[  715.077879] binder: 14412:14422 transaction failed 29201/-14, size 24-8 line 2999
2018/05/24 23:57:33 executing program 3:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000000)='/dev/snd/midiC#D#\x00', 0x1000000000006, 0x125201)
getdents64(r1, &(0x7f0000000100)=""/204, 0xcc)
write$rdma_cm(r0, &(0x7f0000002c00)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000002bc0)}}, 0x20)

2018/05/24 23:57:33 executing program 4:
r0 = socket(0xa, 0x1, 0x40)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$inet6(0xa, 0x2, 0x0)
dup2(r1, r2)
sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0)

2018/05/24 23:57:33 executing program 5:
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/autofs\x00', 0x80000, 0x0)
sync_file_range(r0, 0x0, 0x0, 0x0)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@known='system.sockprotoname\x00', &(0x7f0000000080)=""/120, 0x78)

[  715.125683] binder_alloc: binder_alloc_mmap_handler: 14412 20001000-20004000 already mapped failed -16
[  715.158992] binder: BINDER_SET_CONTEXT_MGR already set
2018/05/24 23:57:33 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x80082, 0x8c)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000180)={r2, &(0x7f0000000080)="39a9db577b6a5e959cab5c37b5890aedaec3d7747bca450fe2966bad5bc945931166cc44e53dc429c5a038e430a0c3190510966c246c6afef6ad822dac0d3782cb03d5398495bdad613c92e2c9db2eb0e2682c955fbab7775bbcd344e318ddd887cd7c3e992c6ba4e361997562490c8b91dda3dfe13009ede2ac394b3629dd7946065448c18659adb61e0da891a6b00672b9a8bc27e88cd1b729a323449388295bf7a9e6d84147bcf17b9464b43a12f5a3561fd2613db65ab264f795aad43d4a90e044e28dba5d186a60184c15821a82d6ce7216f0e25111f1970d329eb02b4f483887bf"}, 0x10)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r2, 0x84, 0x73, &(0x7f00000001c0)={<r3=>0x0, 0x8d3, 0x30, 0x4, 0x8000}, &(0x7f0000000200)=0x18)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socket$vsock_dgram(0x28, 0x2, 0x0)
setsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000240)=@assoc_value={r3, 0x4c}, 0x8)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000400)=0x1)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
getsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000340), &(0x7f00000003c0)=0xb)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0)
r5 = getpgrp(0xffffffffffffffff)
ptrace$getsig(0x4202, r5, 0x9, &(0x7f0000000300))
ioctl$KVM_SET_TSC_KHZ(r2, 0xaea2, 0x5684)
bind$inet(r2, &(0x7f00000002c0)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x10}}, 0x10)
ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="0100400400000000000001c0ffffffffffffffff00000000"])

[  715.199635] binder: 14412:14422 ioctl 40046207 0 returned -16
2018/05/24 23:57:33 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000]})

[  715.249802] binder_alloc: 14412: binder_alloc_buf, no vma
[  715.255642] binder: 14412:14459 transaction failed 29189/-3, size 24-8 line 2971
[  715.385808] binder: undelivered TRANSACTION_ERROR: 29189
[  715.392187] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:33 executing program 5:
r0 = socket(0xa, 0xfffffffffffffffd, 0x0)
fcntl$setsig(r0, 0xa, 0x39)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = eventfd(0xa4)
getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000040)={<r4=>0x0, 0x4, 0x7ff, 0x9ac, 0xff, 0x8, 0x4, 0x5d, {<r5=>0x0, @in6={{0xa, 0x4e21, 0x8, @ipv4={[], [0xff, 0xff], @local={0xac, 0x14, 0x14, 0xaa}}, 0xfffffffffffffffe}}, 0x2, 0x1b000000, 0x0, 0x80000001, 0x9}}, &(0x7f0000000100)=0xb0)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000140)={r5, 0x3}, 0x8)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f00000015c0)={r3})
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000280)={r4, @in6={{0xa, 0x4e23, 0x7fff, @empty, 0x3ff}}, 0x9, 0x2, 0x9, 0x387, 0x90}, 0x98)
r6 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
getpeername$inet(r0, &(0x7f00000001c0)={0x0, 0x0, @local}, &(0x7f0000000200)=0x10)
ioctl$sock_SIOCOUTQ(r0, 0x5411, &(0x7f00000003c0))
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000180))
setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000340)=0x5, 0x4)
ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000000)={r3})

2018/05/24 23:57:33 executing program 2:
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$inet_udp_int(r0, 0x11, 0x0, &(0x7f0000000000), &(0x7f0000000040)=0x4)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.effective_cpus\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r1, 0xc058534b, &(0x7f0000000100)={0x3ff, 0xfffffffffffffff7, 0x2, 0x3, 0x1, 0x9})
ioctl$sock_inet_udp_SIOCINQ(r0, 0x541b, &(0x7f0000000080))

2018/05/24 23:57:33 executing program 3:
r0 = socket(0x10, 0x2, 0x0)
getcwd(&(0x7f0000000100)=""/109, 0x6d)
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x973ec676d24bd4dc, 0x2)
r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/softnet_stat\x00')
sendfile(r0, r1, &(0x7f00000000c0), 0x80000002)

2018/05/24 23:57:33 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000000000000000000002000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:33 executing program 1:
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f0000a1cffc))
madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008)
clone(0x0, &(0x7f0000b53000), &(0x7f000084effc), &(0x7f0000c35ffc), &(0x7f0000b3bfff))
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x2080, 0x0)
r1 = perf_event_open$cgroup(&(0x7f0000000040)={0x5, 0x70, 0x80000000, 0xc, 0xff, 0x5, 0x0, 0x0, 0x60404, 0x0, 0x80, 0x2, 0x1, 0x7ff, 0xffffffffffffffff, 0x4, 0xc0, 0x401, 0x7, 0xf0b, 0x8000, 0x81, 0x100000000, 0x2, 0x4, 0xa89, 0x7, 0xfffffffffffffff9, 0xb18, 0xc9, 0x5, 0x5, 0x3, 0x200, 0x8, 0x8, 0x2e3, 0x38a, 0x0, 0x4, 0x1, @perf_config_ext={0x0, 0x1}, 0x1000, 0x3, 0xa61a, 0x7, 0x20, 0x2db1, 0xfe5b}, 0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x3)
r2 = socket$inet_dccp(0x2, 0x6, 0x0)
r3 = inotify_init()
socketpair(0x5, 0x3, 0x4, &(0x7f00000000c0)={<r4=>0xffffffffffffffff})
ppoll(&(0x7f0000000100)=[{r0, 0x2000}, {r1, 0x20}, {r2, 0x2200}, {r3, 0x20}, {r4}], 0x5, &(0x7f0000000140)={0x77359400}, &(0x7f0000000180)={0xff}, 0x8)
mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0)

2018/05/24 23:57:33 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff000000]})

2018/05/24 23:57:33 executing program 4:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="c626262c8523bf012cf66f")
r1 = socket$inet(0x2, 0x6, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000580)=@broute={'broute\x00', 0x20, 0x2, 0x2a8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000280)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff020000001100000000000000000062637366300000000000000000000000626f6e645f736c6176655f310000000079616d300000000000000000000000007465616d5f736c6176655f30000000000180c2000000000000000000aaaaaaaaaa000000000000000000a823e1c00601000078010000636c75737465720000000000000000000000000000000000000000000000000010000000000000002c0000000000000000000000000000004155444954000000000000000000000000000000000000000000000000000000080000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000001500000000000000000076657468305f746f5f627269646765006970646470300000000000000000000073797a5f74756e000000000000000000726f736530000000000000000000000060f9a9d474aa000000000000ffffffffffff00000000000000007000000070000000a00000004e465155455545000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000feffffff00000000"]}, 0x320)

2018/05/24 23:57:33 executing program 0:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x100008912, &(0x7f0000000000)="c626262c8523bf012cf66f")
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f00000000c0)=0x3f, 0x4)
r1 = socket$inet(0x10, 0x80002, 0x0)
sendmsg(r1, &(0x7f0000004fc8)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="2f0000001800030007fffd946fa283bc8020000000040005031d856813000300083c14cc16ccbb24e0710b42fa3ccc", 0x2f}], 0x1}, 0x0)

[  715.520086] binder: 14483:14485 got transaction with invalid offsets ptr
[  715.529793] netlink: 'syz-executor0': attribute type 3 has an invalid length.
[  715.548652] kernel msg: ebtables bug: please report to author: entry offsets not in right order
[  715.569707] irq bypass consumer (token 00000000b9b35618) registration fails: -16
[  715.582931] binder: 14483:14485 transaction failed 29201/-14, size 24-8 line 2999
[  715.599225] netlink: 'syz-executor0': attribute type 3 has an invalid length.
2018/05/24 23:57:33 executing program 2:
r0 = socket(0x10, 0x3, 0x8)
sendmsg$nl_route(r0, &(0x7f00000003c0)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB="280000001200010a000000000000000007000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001d00020000a92f5e1a4be8dc88a16d33ff00"], 0x28}, 0x1}, 0x0)

2018/05/24 23:57:33 executing program 4:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast=0xffffffff}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f00006dc000)=[{0x6, 0x0, 0x0, 0xa1}]}, 0x10)
sendto$inet(r0, &(0x7f0000000140), 0x0, 0x200007ff, &(0x7f0000deaff0)={0x2, 0x4e23}, 0x10)
sendto$inet(r0, &(0x7f00006fd000)="c3401c344654f3c7d9b41ba48c8e399aa4eedc3d6bd8ebd65c856a27d61154adc2b2a9763ae0201c0d32e11f38e9dd18c58f6bd779650fc30f93653bdaecf323c9f6502ceab47e58114347b289546465a5eb278de12b1989f64cc99412e36880d20c34d91051b22f6c8acc9d082b7bcdec844f667da0867d08d4154004997e317b79", 0x82, 0x51, &(0x7f0000e66000)={0x2, 0x0, @rand_addr}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='scalable\x00', 0xff21)
bind$inet(r0, &(0x7f0000000300)={0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10)
r1 = openat(0xffffffffffffffff, &(0x7f0000000040)='/\x00', 0x444000, 0x10)
setsockopt$RDS_CANCEL_SENT_TO(r1, 0x114, 0x1, &(0x7f0000000080)={0x2, 0x4e21, @loopback=0x7f000001}, 0x10)
ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r1, 0xc0045520, &(0x7f0000000380)=0x800)
readv(r0, &(0x7f00000005c0)=[{&(0x7f00000004c0)=""/101, 0x65}, {&(0x7f0000000540)=""/101, 0x65}], 0x2)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000340)={0x10000000})
recvmsg(r0, &(0x7f00000002c0)={&(0x7f0000000100)=@l2, 0x80, &(0x7f0000000280)=[{&(0x7f00000001c0)=""/169, 0xa9}], 0x1}, 0x0)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)="17", 0x1}], 0x1)

[  715.618269] binder_alloc: binder_alloc_mmap_handler: 14483 20001000-20004000 already mapped failed -16
[  715.648940] binder: BINDER_SET_CONTEXT_MGR already set
[  715.683307] binder_alloc: 14483: binder_alloc_buf, no vma
[  715.689081] binder: 14483:14513 transaction failed 29189/-3, size 24-8 line 2971
[  715.692091] binder: 14483:14485 ioctl 40046207 0 returned -16
2018/05/24 23:57:33 executing program 0:
mprotect(&(0x7f0000293000/0x2000)=nil, 0x2000, 0x1000009)
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x100)
setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000040)=0x5, 0x4)
setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000140)={0x0, @in6={{0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}}}}, 0x5c)

2018/05/24 23:57:33 executing program 3:
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x3, &(0x7f0000000000), 0xfffffffffffffe8e)

2018/05/24 23:57:33 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]})

2018/05/24 23:57:33 executing program 5:
r0 = socket(0xa, 0xfffffffffffffffd, 0x0)
fcntl$setsig(r0, 0xa, 0x39)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = eventfd(0xa4)
getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000040)={<r4=>0x0, 0x4, 0x7ff, 0x9ac, 0xff, 0x8, 0x4, 0x5d, {<r5=>0x0, @in6={{0xa, 0x4e21, 0x8, @ipv4={[], [0xff, 0xff], @local={0xac, 0x14, 0x14, 0xaa}}, 0xfffffffffffffffe}}, 0x2, 0x1b000000, 0x0, 0x80000001, 0x9}}, &(0x7f0000000100)=0xb0)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000140)={r5, 0x3}, 0x8)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f00000015c0)={r3})
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000280)={r4, @in6={{0xa, 0x4e23, 0x7fff, @empty, 0x3ff}}, 0x9, 0x2, 0x9, 0x387, 0x90}, 0x98)
r6 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
getpeername$inet(r0, &(0x7f00000001c0)={0x0, 0x0, @local}, &(0x7f0000000200)=0x10)
ioctl$sock_SIOCOUTQ(r0, 0x5411, &(0x7f00000003c0))
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000180))
setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000340)=0x5, 0x4)
ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000000)={r3})

2018/05/24 23:57:33 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x1ff, 0x90000)
ioctl$LOOP_CLR_FD(r0, 0x4c01)
perf_event_open(&(0x7f0000000f88)={0x0, 0x78}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc))
r2 = syz_open_pts(r1, 0x2)
dup3(r2, r1, 0x0)
write(r1, &(0x7f0000000080), 0xd2)

2018/05/24 23:57:33 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup2(r0, r0)
getsockopt$inet_sctp_SCTP_MAXSEG(r1, 0x84, 0x7d, &(0x7f0000000000), &(0x7f0000000080)=0x4)

2018/05/24 23:57:33 executing program 4:
r0 = getpgid(0x0)
sched_setaffinity(r0, 0x8, &(0x7f00009ad000)=0x1)
pipe2(&(0x7f0000f61000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x0)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000080)={0xaa})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000d62fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x1c)
r4 = socket(0xa, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r4, 0x0, 0x80, &(0x7f00000000c0)=@filter={'filter\x00', 0xe, 0x2, 0x240, [0x0, 0x20000280, 0x200002b0, 0x20000490], 0x0, &(0x7f0000000080), &(0x7f0000000280)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x15, 0x0, 0x0, 'sit0\x00', 'team0\x00', 'erspan0\x00', 'syzkaller1\x00', @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, [], @link_local={0x1, 0x80, 0xc2}, [], 0xb0, 0xb0, 0xe0, [@quota={'quota\x00', 0x18}]}}, @common=@AUDIT={'AUDIT\x00', 0x8}}, {{{0x9, 0x0, 0x0, 'veth0\x00', 'veth1\x00', 'veth0\x00', 'bond0\x00', @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [], 0xa0, 0xa0, 0xd0, [@cgroup0={'cgroup\x00', 0x8}]}}, @common=@CLASSIFY={'CLASSIFY\x00', 0x8}}]}, {0x0, '\x00', 0x2, 0xfffffffffffffffe}]}, 0x2b8)
getsockopt$bt_hci(r2, 0x0, 0x3, &(0x7f0000000000)=""/11, &(0x7f0000000040)=0xb)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000140)=@assoc_value={<r5=>0x0}, &(0x7f0000000180)=0x8)
getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f00000001c0)={r5, 0x9f}, &(0x7f0000000200)=0x8)
dup2(r2, r1)
ioctl$FIONREAD(r2, 0x541b, &(0x7f0000604ffc))
dup2(r1, r3)

2018/05/24 23:57:33 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'})
accept4$packet(0xffffffffffffff9c, &(0x7f0000000280)={0x0, 0x0, <r1=>0x0, 0x0, 0x0, 0x0, @random}, &(0x7f00000002c0)=0x14, 0x80000)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'yam0\x00', <r2=>r1})
sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x500}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=@setlink={0x28, 0x13, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_CARRIER={0x8, 0x21}]}, 0x28}, 0x1}, 0x0)

2018/05/24 23:57:33 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0063404000000000004c000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:33 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0xc)
r1 = socket$netlink(0x10, 0x3, 0xc)
writev(r0, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f00000002031900000007000000068100ed853b09000100010100ff3ffe58", 0x1f}], 0x1)
writev(r1, &(0x7f0000fb5ff0)=[{&(0x7f0000fb6000)="1f00000002031900000007000000e3800802bb0509000100010100493ffe58", 0x1f}], 0x1)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f00000000c0)={'lo\x00@\x00', 0x101})
set_thread_area(&(0x7f0000000000)={0x100000001, 0x20001000, 0x0, 0x1, 0xffffffff, 0xbe, 0x6, 0x122, 0x4, 0x9})
r3 = syz_open_dev$sndmidi(&(0x7f0000000040)='/dev/snd/midiC#D#\x00', 0xffffffff, 0x200)
r4 = gettid()
sched_rr_get_interval(r4, &(0x7f0000000280))
getsockopt$inet_sctp_SCTP_NODELAY(r3, 0x84, 0x3, &(0x7f0000000080), &(0x7f0000000100)=0x4)
ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000180)={'lo\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r3, 0x84, 0x7c, &(0x7f0000000140)={<r5=>0x0, 0x4f5, 0x7}, &(0x7f00000001c0)=0x8)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f0000000200)={r5, 0x6c1989a5}, &(0x7f0000000240)=0x8)

[  715.954797] irq bypass consumer (token 00000000067d63d1) registration fails: -16
[  715.955257] binder: undelivered TRANSACTION_ERROR: 29189
[  715.998114] binder: undelivered TRANSACTION_ERROR: 29201
[  716.007711] netlink: 'syz-executor3': attribute type 33 has an invalid length.
[  716.024428] device lo entered promiscuous mode
[  716.035446] binder: BINDER_SET_CONTEXT_MGR already set
2018/05/24 23:57:33 executing program 2:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000040)=0x1d2d, 0x4)
sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffea0, 0x20000800, &(0x7f0000e68000)={0x2, 0x4e23}, 0x10)
setsockopt$inet6_tcp_int(r0, 0x6, 0xa, &(0x7f0000000000)=0x29a, 0x4)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
readv(r0, &(0x7f00000000c0)=[{&(0x7f00000022c0)=""/4096, 0x1000}], 0x1)
r2 = syz_open_dev$sndmidi(&(0x7f0000000100)='/dev/snd/midiC#D#\x00', 0x1, 0x10000)
ioctl$TCXONC(r2, 0x540a, 0xfff)

2018/05/24 23:57:33 executing program 1:
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f0000a1cffc))
madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008)
clone(0x0, &(0x7f0000b53000), &(0x7f000084effc), &(0x7f0000c35ffc), &(0x7f0000b3bfff))
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x2080, 0x0)
r1 = perf_event_open$cgroup(&(0x7f0000000040)={0x5, 0x70, 0x80000000, 0xc, 0xff, 0x5, 0x0, 0x0, 0x60404, 0x0, 0x80, 0x2, 0x1, 0x7ff, 0xffffffffffffffff, 0x4, 0xc0, 0x401, 0x7, 0xf0b, 0x8000, 0x81, 0x100000000, 0x2, 0x4, 0xa89, 0x7, 0xfffffffffffffff9, 0xb18, 0xc9, 0x5, 0x5, 0x3, 0x200, 0x8, 0x8, 0x2e3, 0x38a, 0x0, 0x4, 0x1, @perf_config_ext={0x0, 0x1}, 0x1000, 0x3, 0xa61a, 0x7, 0x20, 0x2db1, 0xfe5b}, 0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x3)
r2 = socket$inet_dccp(0x2, 0x6, 0x0)
r3 = inotify_init()
socketpair(0x5, 0x3, 0x4, &(0x7f00000000c0)={<r4=>0xffffffffffffffff})
ppoll(&(0x7f0000000100)=[{r0, 0x2000}, {r1, 0x20}, {r2, 0x2200}, {r3, 0x20}, {r4}], 0x5, &(0x7f0000000140)={0x77359400}, &(0x7f0000000180)={0xff}, 0x8)
mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0)

[  716.051334] binder: 14547:14548 ioctl 40046207 0 returned -16
[  716.077685] device lo left promiscuous mode
[  716.096216] binder: 14547:14548 transaction failed 29189/-22, size 24-8 line 2856
[  716.111137] netlink: 'syz-executor3': attribute type 33 has an invalid length.
[  716.122850] device lo entered promiscuous mode
[  716.146443] binder_alloc: binder_alloc_mmap_handler: 14547 20001000-20004000 already mapped failed -16
[  716.157311] device lo left promiscuous mode
[  716.219662] binder_alloc: 14547: binder_alloc_buf, no vma
[  716.225365] binder: 14547:14564 transaction failed 29189/-3, size 24-8 line 2971
[  716.275972] binder: undelivered TRANSACTION_ERROR: 29189
[  716.281891] binder: undelivered TRANSACTION_ERROR: 29189
[  716.718951] x_tables: eb_tables: cgroup match: used from hooks FORWARD, but only valid from INPUT/OUTPUT/POSTROUTING
[  716.818146] x_tables: eb_tables: cgroup match: used from hooks FORWARD, but only valid from INPUT/OUTPUT/POSTROUTING
2018/05/24 23:57:34 executing program 2:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = semget(0x3, 0x6, 0x0)
semctl$SETVAL(r1, 0x0, 0x10, &(0x7f0000000040)=0xeb7)
setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000000)={0x0, 0x1}, 0xc)
setsockopt$inet6_int(r0, 0x29, 0xcb, &(0x7f0000000080)=0x4, 0x4)

2018/05/24 23:57:34 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x8000080000001, 0x84)
socketpair(0xa, 0x1, 0x7fff, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$bt_l2cap_L2CAP_OPTIONS(r2, 0x6, 0x1, &(0x7f00000000c0)={0x6, 0x9, 0x200, 0xffff, 0x1, 0x1, 0x1}, 0xc)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000100)=[@in={0xa, 0x0, @rand_addr}], 0x10)
setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000080)=0x4, 0x4)

2018/05/24 23:57:34 executing program 5:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x80000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
getsockopt$inet6_int(r1, 0x29, 0x30, &(0x7f0000000ffc), &(0x7f0000013000)=0xf9)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000001800)={{{@in6=@ipv4={[], [], @dev}, @in6=@ipv4={[], [], @dev}}}, {{@in6=@loopback}, 0x0, @in6}}, &(0x7f0000001900)=0xe8)
clone(0x0, &(0x7f00000003c0), &(0x7f0000000380), &(0x7f0000000340), &(0x7f00000001c0))
close(r0)

2018/05/24 23:57:34 executing program 1:
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f0000a1cffc))
madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008)
clone(0x0, &(0x7f0000b53000), &(0x7f000084effc), &(0x7f0000c35ffc), &(0x7f0000b3bfff))
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x2080, 0x0)
r1 = perf_event_open$cgroup(&(0x7f0000000040)={0x5, 0x70, 0x80000000, 0xc, 0xff, 0x5, 0x0, 0x0, 0x60404, 0x0, 0x80, 0x2, 0x1, 0x7ff, 0xffffffffffffffff, 0x4, 0xc0, 0x401, 0x7, 0xf0b, 0x8000, 0x81, 0x100000000, 0x2, 0x4, 0xa89, 0x7, 0xfffffffffffffff9, 0xb18, 0xc9, 0x5, 0x5, 0x3, 0x200, 0x8, 0x8, 0x2e3, 0x38a, 0x0, 0x4, 0x1, @perf_config_ext={0x0, 0x1}, 0x1000, 0x3, 0xa61a, 0x7, 0x20, 0x2db1, 0xfe5b}, 0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x3)
r2 = socket$inet_dccp(0x2, 0x6, 0x0)
r3 = inotify_init()
socketpair(0x5, 0x3, 0x4, &(0x7f00000000c0)={<r4=>0xffffffffffffffff})
ppoll(&(0x7f0000000100)=[{r0, 0x2000}, {r1, 0x20}, {r2, 0x2200}, {r3, 0x20}, {r4}], 0x5, &(0x7f0000000140)={0x77359400}, &(0x7f0000000180)={0xff}, 0x8)

2018/05/24 23:57:34 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]})

2018/05/24 23:57:34 executing program 4:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
listen(r0, 0x25d)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='highspeed\x00', 0xa)
sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10)
shutdown(r0, 0x0)

2018/05/24 23:57:34 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000000000000001852000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:34 executing program 3:
fcntl$getownex(0xffffffffffffff9c, 0x10, &(0x7f0000000000)={0x0, <r0=>0x0})
r1 = syz_open_procfs(r0, &(0x7f00000002c0)='net/kcm\x00\b\x00')
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
readv(r1, &(0x7f0000c43f70)=[{&(0x7f0000ea5000)=""/4096, 0x1000}], 0x1)

[  717.076669] binder: 14582:14591 got transaction with invalid offsets ptr
[  717.109505] binder: 14582:14591 transaction failed 29201/-14, size 24-8 line 2999
2018/05/24 23:57:35 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000fa8fe4)={0xa, 0x4e23}, 0x1c)
connect$inet6(r0, &(0x7f0000966fe4)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c)
setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000740)={0x0, @in={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}}}, 0x84)
getsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@ipv4, <r1=>0x0}, &(0x7f00000000c0)=0x14)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'eql\x00', r1})
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000140)={<r2=>0x0, 0xdb, "e5e826d6463d8660acf58e8bd115a8c6f7df48a864d63482f7680f6c73b00a438bd80bfd779e5e7f98190455a8107bba5dc7d4faa3b47d38fe14bd255004bb13217b87045ae453356e4bdb72189fe2d787a30d9d512507fe1632e79abe22f27102ee29a69d608bb82ebcb3c828e5a6033e79476639ba4b4a57e0e35cf909d1b1acda1e34f8ea49dd42fb0cfef3046d133ffe7d633970ef315517163a34a6efaf9d4d574a4d2ebf01fbe94100a8ced2da4d568089aa7d59acae95795ade9fa6a2b3578486e24adba006299e981c74c466c5437163b46b43b8b23bda"}, &(0x7f0000000240)=0xe3)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000280)={r2, 0x5}, &(0x7f00000002c0)=0x8)
getsockopt$inet6_int(r0, 0x29, 0x16, &(0x7f0000000000), &(0x7f0000000040)=0x4)
r3 = accept$inet(0xffffffffffffff9c, &(0x7f0000000300)={0x0, 0x0, @rand_addr}, &(0x7f0000000340)=0x10)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r3, 0x84, 0x1b, &(0x7f0000000380)={r2, 0xb, "2f5c198b646ec76799143e"}, &(0x7f00000003c0)=0x13)

2018/05/24 23:57:35 executing program 4:
mkdir(&(0x7f00000000c0)='./file0\x00', 0x62)
perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, @perf_bp={&(0x7f0000a7dfff)}, 0xa000003fe, 0x0, 0xfffffffffffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000))

2018/05/24 23:57:35 executing program 2:
r0 = gettid()
rt_sigprocmask(0x0, &(0x7f0000037ff8)={0xfffffffffffffffe}, 0x0, 0x8)
clock_gettime(0x3, &(0x7f0000000200)={<r1=>0x0})
inotify_init1(0x80800)
rt_sigtimedwait(&(0x7f0000000100)={0x7fff}, 0x0, &(0x7f0000000180)={r1}, 0x8)
clock_nanosleep(0xb, 0x0, &(0x7f0000000040)={0x0, 0x1c9c380}, &(0x7f0000000000))
rt_sigqueueinfo(r0, 0xe, &(0x7f00000000c0)={0x0, 0x0, 0xfffffffffffffffe})

[  717.144836] binder_alloc: binder_alloc_mmap_handler: 14582 20001000-20004000 already mapped failed -16
[  717.172521] binder: BINDER_SET_CONTEXT_MGR already set
[  717.194799] binder: 14582:14591 ioctl 40046207 0 returned -16
[  717.224974] rpcbind: RPC call returned error 22
[  717.239575] rpcbind: RPC call returned error 22
[  717.281257] binder_alloc: 14582: binder_alloc_buf, no vma
[  717.286977] binder: 14582:14615 transaction failed 29189/-3, size 24-8 line 2971
[  717.327614] binder: undelivered TRANSACTION_ERROR: 29189
[  717.333217] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:36 executing program 3:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000003fe8)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x11, &(0x7f0000000280), 0x8)
close(r2)
close(r1)
getpeername$inet6(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, @mcast1}, &(0x7f0000000040)=0x1c)

2018/05/24 23:57:36 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000]})

2018/05/24 23:57:36 executing program 2:
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
setsockopt$inet_tcp_buf(r0, 0x6, 0x3f, &(0x7f0000000440)="eb1abac874c7811f54cc1a0c09c9e18e289b5f30ba2f027bb186ba465d770547b92f", 0x22)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
r2 = dup(r1)
connect$nfc_llcp(r2, &(0x7f0000000140)={0x27, 0x0, 0x1, 0x7, 0x4, 0x5, "dedae7919c463c3db9f853d4e36247eadad510049ea355812fbcb332cf9fe757451d04924f9a0ab9af064ab33501966696a2f2ec92a10d8f2d64842623c096", 0x16}, 0x60)
ioctl$sock_SIOCGIFCONF(r2, 0x8910, &(0x7f00000002c0)=@req={0x28, &(0x7f0000000100)={'ip6gre0\x00', @ifru_mtu=0x3a}})
ioctl$sock_ifreq(r1, 0x8948, &(0x7f00000001c0)={"626f6e6430001a000000000100", @ifru_names='bcsh0\x00'})
ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000300)={'eql\x00', 0x1000})
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r2, 0x84, 0x6b, &(0x7f0000000200)=[@in={0x2, 0x4e23, @loopback=0x7f000001}, @in6={0xa, 0x4e20, 0x8bc0, @mcast2={0xff, 0x2, [], 0x1}, 0x2}, @in={0x2, 0x4e20, @local={0xac, 0x14, 0x14, 0xaa}}, @in={0x2, 0x4e24, @local={0xac, 0x14, 0x14, 0xaa}}, @in6={0xa, 0x4e20, 0x1, @dev={0xfe, 0x80, [], 0x13}, 0xffffffffffffffff}, @in6={0xa, 0x4e23, 0x1000, @mcast1={0xff, 0x1, [], 0x1}, 0x6}], 0x84)
r3 = dup2(r1, r1)
ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000000)=@pic={0x5, 0x4, 0x9, 0x400000000000000, 0xc31d, 0x5, 0xffffffff, 0x2, 0xe6f1, 0x7ff, 0x4, 0x0, 0x0, 0x21, 0x9, 0x1})
setsockopt$inet_sctp_SCTP_NODELAY(r3, 0x84, 0x3, &(0x7f0000000400)=0x2, 0x4)
stat(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
setgid(r4)

2018/05/24 23:57:36 executing program 4:
r0 = socket(0x10, 0x1, 0xfffffffffffffffe)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000003fe8)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4)
ioctl$sock_SIOCETHTOOL(r2, 0x8932, &(0x7f0000000080)={'veth1_to_bond\x00', &(0x7f0000000000)=@ethtool_channels})
close(r2)
r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/ipc\x00')
close(r3)

2018/05/24 23:57:36 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0063404000000000fffffdfd00000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:36 executing program 1:
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f0000a1cffc))
madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008)
clone(0x0, &(0x7f0000b53000), &(0x7f000084effc), &(0x7f0000c35ffc), &(0x7f0000b3bfff))
openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x2080, 0x0)
perf_event_open$cgroup(&(0x7f0000000040)={0x5, 0x70, 0x80000000, 0xc, 0xff, 0x5, 0x0, 0x0, 0x60404, 0x0, 0x80, 0x2, 0x1, 0x7ff, 0xffffffffffffffff, 0x4, 0xc0, 0x401, 0x7, 0xf0b, 0x8000, 0x81, 0x100000000, 0x2, 0x4, 0xa89, 0x7, 0xfffffffffffffff9, 0xb18, 0xc9, 0x5, 0x5, 0x3, 0x200, 0x8, 0x8, 0x2e3, 0x38a, 0x0, 0x4, 0x1, @perf_config_ext={0x0, 0x1}, 0x1000, 0x3, 0xa61a, 0x7, 0x20, 0x2db1, 0xfe5b}, 0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x3)
socket$inet_dccp(0x2, 0x6, 0x0)
inotify_init()
socketpair(0x5, 0x3, 0x4, &(0x7f00000000c0))

2018/05/24 23:57:36 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}, 0x4}, 0x1c)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000080)={<r2=>0x0, 0x1, 0x3, 0x5, 0x5d, 0xffff}, &(0x7f00000000c0)=0x14)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000100)={r2, 0x9}, &(0x7f0000000140)=0x8)
setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000000)=0x5, 0x4)

2018/05/24 23:57:36 executing program 5:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, 0x0], 0x2})
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000002, 0x10010, r0, 0x0)
ioctl$sock_proto_private(r0, 0x40096100, &(0x7f0000000280))

2018/05/24 23:57:36 executing program 2:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00')
sendmsg$IPVS_CMD_NEW_DEST(r1, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000380)={0x88, r2, 0x8, 0x70bd28, 0x25dfdbfe, {0x5}, [@IPVS_CMD_ATTR_SERVICE={0xc, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3f}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x20}, @IPVS_CMD_ATTR_DAEMON={0x28, 0x3, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @ipv4={[], [0xff, 0xff]}}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x1}]}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3d}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local={0xac, 0x14, 0x14, 0xaa}}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3f}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x40}, 0x800)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000040)=""/84, 0x54}], 0x1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000200), &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)})

[  718.330968] binder: 14631:14633 got transaction with invalid offsets ptr
[  718.338335] QAT: Invalid ioctl
[  718.348835] binder: 14631:14633 transaction failed 29201/-14, size 24-8 line 2999
[  718.365744] QAT: Invalid ioctl
2018/05/24 23:57:36 executing program 0:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x0, 0x0, 0xffffffffffffffff, 0xb)
seccomp(0x1, 0x1, &(0x7f0000000240)={0x2, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0x200}, {0x6}]})
r1 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x1ff, 0x20000)
ioctl$VT_OPENQRY(r1, 0x5600, &(0x7f0000000040))
getsockopt$inet_buf(r1, 0x0, 0x2a, &(0x7f0000000080)=""/57, &(0x7f00000000c0)=0x39)
r2 = gettid()
perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x7, 0x0, 0x2, 0xffffffffffff0000, 0x0, 0x2, 0x164, 0x8, 0xffffffff, 0x7, 0x4, 0x400, 0xdca, 0x8, 0x7, 0x3, 0x1, 0xffffffffffffff80, 0xffff, 0x10000, 0x1000, 0x9ff7, 0x3, 0x80, 0x0, 0x3f, 0x200, 0x80000001, 0x8, 0x6, 0x10001, 0x0, 0x7, 0x4, 0x0, 0x8, 0x0, 0x41d, 0x1, @perf_bp={&(0x7f0000000280), 0x4}, 0x10205, 0x1f, 0xfe, 0x2, 0x1, 0x8900000000000000, 0xfffffffffffffff8}, r2, 0xf, r0, 0x2)
getsockname$ipx(r1, &(0x7f0000000100), &(0x7f00000001c0)=0x10)

[  718.382160] binder_alloc: binder_alloc_mmap_handler: 14631 20001000-20004000 already mapped failed -16
[  718.410891] binder: BINDER_SET_CONTEXT_MGR already set
2018/05/24 23:57:36 executing program 5:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet_opts(r0, 0x0, 0xb, &(0x7f00000001c0)="e3", 0x1)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000040)={<r1=>0x0, 0x7b, "2b565200db9a13db716d66f72f4b7c3668cd38881f610a920211a79e309f6cf70aa7c57d7e113f9ea06f18cdd08339fde99b268cad2e2526bf1612f31ff4bdb2040879550f234f0339c0173f8f52aaf99e538020de68450f6aeb3098ccfb8956efce06b0a1e6367aaec9621730ed4cb28532c4528d6c416ad05deb"}, &(0x7f0000000100)=0x83)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000200)={r1, 0xda, "4a532509ad1745c6af117439b2a1a0aae8026c9a56ac923f45a3d8758a80eee82c888248bb2e78cdb1c00a24b44e42173c2e09ff1e2a17c6053c3261b7ecc675954394591ffc4813d1285ab48bdad3be33cf4959fe06f8a6685a6ee207ce54f7771bb9bef8314078b696a04b4802b7d5c195a2c1823466438792bac0de49705ee4059a0b7ca244c16d1ec62437743e45a8f095080c9e0e44505624144b89c2869f5f2ad2a7c94d40f50743b647d2fcb04b2cb34ccd5a9bfa110d4d12b96911cac3e1b202e9a3bb3b506e34c6b3390c413e9803969678c0ce66c0"}, &(0x7f0000000300)=0xe2)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x2, 0x4)
sendmsg(r0, &(0x7f0000000900)={&(0x7f00000004c0)=@in6={0x2, 0x4e21, 0x0, @remote={0xfe, 0x80, [], 0xbb}}, 0x1c, &(0x7f00000007c0), 0x0, &(0x7f0000000800)}, 0x0)
recvmsg(r0, &(0x7f0000000480)={&(0x7f0000000140)=@nfc_llcp, 0x60, &(0x7f00000009c0), 0x0, &(0x7f0000000a80)=""/204, 0xcc}, 0x2042)

[  718.434203] binder: 14631:14633 ioctl 40046207 0 returned -16
[  718.435573] binder: BINDER_SET_CONTEXT_MGR already set
[  718.454784] audit: type=1326 audit(1527206256.366:3105): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=14656 comm="syz-executor0" exe="/root/syz-executor0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x455a09 code=0x0
[  718.456346] binder: 14655:14657 ioctl 40046207 0 returned -16
2018/05/24 23:57:36 executing program 0:
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10004e20}, 0x1c)
read(r0, &(0x7f0000000080)=""/4096, 0x1000)
dup3(r0, r0, 0x80000)

[  718.503197] binder_alloc: 14631: binder_alloc_buf, no vma
[  718.508922] binder: 14631:14660 transaction failed 29189/-3, size 24-8 line 2971
[  718.524917] audit: type=1326 audit(1527206256.394:3106): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=14656 comm="syz-executor0" exe="/root/syz-executor0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x455a09 code=0x0
2018/05/24 23:57:36 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00000000000000]})

2018/05/24 23:57:36 executing program 0:
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(&(0x7f0000000280)='./file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f000000c000)='ramfs\x00', 0x0, &(0x7f000000a000))
mkdir(&(0x7f0000000080)='./file0/file0\x00', 0x0)
r0 = accept4$nfc_llcp(0xffffffffffffffff, &(0x7f00000000c0), &(0x7f0000000180)=0x60, 0x80000)
sendto(r0, &(0x7f00000002c0)="bd5dfb7ed664cdc4b1d72019404fba16da73d3dd64680398ef9ea7380719638ce5f0551b9aaa239e8ca7e0a245627c066e99f96258ce1009920386e728b2903db1f70b71117da5bb5cdc7421db721fb7dc147424f53aa5794c6a79784158717a380432afe0f22bb7a08377908bb6e6acbce65332d8bd41481878bb047c84a5cbbe6ec9ec8e9720da8365f42a7563809a20d5e05020ec88291f70dbd406f9e0a4770f21", 0xa3, 0x4000000, 0x0, 0x0)
mkdir(&(0x7f00000001c0)='./file0/file1\x00', 0x0)
rename(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='./file0/file1\x00')

2018/05/24 23:57:36 executing program 5:
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
ioctl$int_in(r0, 0x5421, &(0x7f0000000000)=0x4)
accept4$inet6(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, @loopback}, &(0x7f0000000100)=0x1c, 0x80800)
getsockopt$inet6_int(r0, 0x29, 0x5f, &(0x7f0000000040), &(0x7f0000000080)=0x4)
listen(r0, 0xffffffffffffff7f)
accept4(r0, &(0x7f00000003c0)=@in={0x0, 0x0, @multicast1}, &(0x7f0000000440)=0x80, 0x0)

[  718.572912] binder_alloc: 14631: binder_alloc_buf, no vma
[  718.578819] binder: 14655:14657 transaction failed 29189/-3, size 0-8 line 2971
[  718.624698] binder_alloc: binder_alloc_mmap_handler: 14655 20001000-20004000 already mapped failed -16
2018/05/24 23:57:36 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0063404000000000099c000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

[  718.678679] binder: undelivered TRANSACTION_ERROR: 29189
[  718.684599] binder: undelivered TRANSACTION_ERROR: 29201
[  718.702299] binder: BINDER_SET_CONTEXT_MGR already set
[  718.719542] binder: 14655:14657 ioctl 40046207 0 returned -16
[  718.746567] binder: 14655:14687 transaction failed 29189/-22, size 0-8 line 2856
[  718.749345] binder: 14684:14685 got transaction with invalid offsets ptr
[  718.777338] binder: 14684:14685 transaction failed 29201/-14, size 24-8 line 2999
[  718.798530] binder_alloc: binder_alloc_mmap_handler: 14684 20001000-20004000 already mapped failed -16
[  718.808294] binder: undelivered TRANSACTION_ERROR: 29189
[  718.816507] binder: BINDER_SET_CONTEXT_MGR already set
[  718.824779] binder_alloc: 14684: binder_alloc_buf, no vma
[  718.830503] binder: 14684:14688 transaction failed 29189/-3, size 24-8 line 2971
[  718.836739] binder: 14684:14685 ioctl 40046207 0 returned -16
[  718.838412] binder: undelivered TRANSACTION_ERROR: 29189
[  718.861405] binder: undelivered TRANSACTION_ERROR: 29189
[  718.867421] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:37 executing program 4:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f000000cfe4)={0xa}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0x3e, &(0x7f00000001c0)=0x2, 0xd7)
setsockopt$inet6_int(r0, 0x29, 0x3c, &(0x7f0000000000)=0x9, 0x4)
sendmsg(r0, &(0x7f00000017c0)={&(0x7f0000000080)=@pptp={0x18, 0x2, {0x2, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x80, &(0x7f0000001580)=[{&(0x7f0000000200)="a4d990e922c9a81d136b4bbc32fd228451ec479f483af44c127709085f33db47b7f0b72ea9aa4c0f32d0bec17d6642b853b0a7f7886e53062fd358a78f2e403caa45aae3d7e3c011ece44dc165f7aff3e29d182d08fe25103713f0ef8d72fe6d70bc43080a378c8227bdadaace04a4afb41ab88e632a7a42dcbb6324b14d72c31a1d616eb106b99150aad9850677861ef144d9638723b4d8f0bec6d7d6e1dbf1b39c54d2ace1295a94bdefa008976beee0cb3a5538619e2fd9d162bdbc66f304bbce70d3e1364d9b494a8021ed8c25b0f00f16fe70bcadb6e678b73418077459632d4b66f4af9fcda7793e4ae34b14b92e32dd75f7172dcd275e8c2081b55c6def9b5c610f4279fbfe46a28a52fe02ddf2655547ed2ee6e2edb7417a87699471b99d02914f411737caf17e8f205846e16e6c3dc9332ea914dd169820b22350a3d89d94101a0bd5bd60fe9ea530440287cb25c0f377e7f71c761efbf1aa926005f052c82c05638f7e801aeed5bd0e8c851ec8580cdead2634a84caa012788a53618d9f05159cd36e1152bcb80a47c84544024293c707f1c034e0ae44eab641f9219986c65034d6f9ec7600aadba499a5d10467695452e6037b37e136a763613b1d7a0a0d07f409e449209598e5e8e126bffd6e9a971a2abec18c774e656f187247a7be5b5780e843a88cba71b49501e3a738c97a1c2bc4bf8af43dfa2e04bf5a4f6d52ea699828521d78ce2f8d5584db6136219990738f332d8d732525c620a7a3a76db7e601133fc0afd6e2a2948ea0c749af3dc2eb6194c0a8d57ef376780b6cf02df64fc9bb03e695d51ca034cc412441c1a15377b7e12b5e059a114f41ea6615c0ee3bc20040b87c2da2eefcc16b2f238f11166faafa1f689224e0898554376d6f701b72abc5805670d27686a40f9e6c0d079bfadd466b46ed25bafe5b82f99eb08001f319008e89ccb4a465b57012f31c57464285ea6b2b7509720b9b60b1a534f80cdd2b088f56029e26f1be6c8cc902f04fafa837b00f52e0bdcd0512c8861459baf2a33fb97f24c7a5edd0f796954de6cd82ce775f94ea37dfc2541d2d6c85e4483ec16dfb59fe3e8394c3ad56f302b660738b15ff239499f5ec95c09848436fbcf54d33d7d58f820df8212fb8a51754c3a0ec81974c13187329da14e3abf00e88bce84c0c649d83b3b4b21afe9ac77d77c2969d79df67ed2805fbab4ada07e2a58b0777c58586aaba016d2100bb6a3fc11a303f1c3c93c6297833dd04ff4c940527e317992751943a74f7ac4afb39f2b30613f9a6f9e87bf4bb90d19967bd0eb84956a35645313039fb16d83545ade80e7174d0726e38d75dca7604853f85ecbd7f3a7dec1a18c0da5ac3fd5d472602d2ef40758d59f61506a1552fea1bde189d131db99a6cc76d28760259251b29eb61acc2e82057c41f8de7d6f2812d5bae1ba48cbaed503fc5ec6978252194d5ea472e423c95ec90a5a1e4dfe12751000aaa7a57d44684cc8a82d70345ce06d2da79d7b41ec04f13f4f1167a78d766f06ed5bbf4850e41cdd7bd751d815dbd161c3a4d7c63404a6ecb98630f0178417531159014b406380ee542bce15cd16c73985624be350538aaac60eab910c87e734040e459f0def32f465aa8290b16a42d0f8f66cca3c07ea6550aa270649c68f189cc7e09fa8f8c0688a0c0fcb5136b191076602a71f15bef427f8bd57cedf623d9ba1eb22d5ca01127d42f25953804409c4c587959d68e4ef95a5faefb5accc741758ea4c0dc0e2c7cabaab0e39be7236a136a6988f07792725b73f8fbe7d5ab2bde7aad4161fd1c68753367e9f5ad84a1e0a19ef7d66269a1c177da39da568cd2c77226d182987ab7a750516caa2a514fba42a207d3a9657a4797f9dbdbe2508ddd2d177d8de516b9d2c21e010e254dcdf1a4234419f8899daa01823aedd3a15e4b0bab67cd3e78e2505c1056047af7e5a490b603e7aad1f4c1e87d799524cc209da368860a94cab8a4921a61b5efc336f13d65e14cf21b927034cd0ca716b2b5cc67b2d9185e025a09ccbd6eff63e6694c530b83c9f7693e9eac6c379f2b4dbe9b8de7fff77806a953dcace6384835f4f3ea4dde69f0764a9007fc2a8474a845b43f7002812822796e51fbf9e694cf7a4799785bbab48a21383c7c4a5b48f5dbb36a0dbfde21a7cc6d724c3e3185cdb99d435b2fbfaac46a22eb47ed197b8a32212b1f8b11ef23340c85653770f0696fc207e7b42b88bd7158fc703b788842ee62d7fc3c74ab069df049e12ef6f5cdc22a901547d54204a4a1b9b4af3e69c369628e5f00a459be66072236a3cfb3bdf87c9d3831545dd42ad7303d37b70485a25ffc64fc98a42564dbd52e4b7077ff460851b228d51e89bbcf1f0af1c8b64ea8e2e5b264330ac9c9178dc61ac9bd22ecf338caf31377199acd18ce25b07494fbf9511711cbc8dcbbeb7ff94da402c3a3d359b2ed38a22477840cfd7554ab9886d94deb2cd19946d0e2c90312deb18427bc80e33081278d2d2beeb69852d82e8be8418407d7b14d3af224f19fa564596c3beddc0f1bbd74175842ff3a34556f87c85f70a7cfc0c2a88958807ff16a07d69aaa74f60950e88d93bb80cff43831eeee76c8c3b25805692c19e00c229bf26648cc50fca4171d6201e935c904a2119c3cd7e18734e1aa89e80993ba4cb31ba40b017635630dfb7fede15c010a4c96756a936ecad9cf057b8b289cd76208444ff4f2044895fe2e6cfcd5b10a2dd105dc731fdf401dfbd86c7ded2009170674404d0629dc5cbca873da99b8a3fe6b1b7de8aea088219c5979e6ed6ec2a0b85a399cbf64febcadcdae9468e99e62702361573befcd71f35ac909ae6ea35527e289b44f3f381eed2bb715bfd5ba398167408f7f59fb8e838186e9e94da5fc49316aeee3d55dff40efdbd76e6c80baf322e4fa23ddd3871256c7f3f52937827a5a6362163deaa8460b62a0858314f499bfcc160aacf62e3bca56df9fa57764b3a2897856c273783c793d9598544b551877a5c0568c2f2e5be38ad45e27775ec25bbeef88079122095bdd753ff6bd35d6e53ccf2a8c9814964208054318cd0173bc587d52579a5387406e780b64155fa4f6a717f13e88e3ac9c1eb6ddf4b7ffeb93307c8867a48212a07a26328c5e62da7fe6ceac16ce261b22af96014d8867ac53880b20dff4e605b730ba141525c7366aaa35f1bbfda2e202a983c2a46a1661b62bb31964c4dc0baf19d804902769a3c0c57f76a36242e8a63334dbca9f675c7e6a895a627d72a81e5e9fb80f0e2a81353abbf6059126dc0ccb5bd0bc00937e96f63ead010675bb89eac4e16a7dd31af123b15d330f73ef16fe2bb3a851c678c17c5cf93b2e2dab58f6358628084f833f9acb0c6eaa24c5677b62972809afae84b383ac6597eca2633bcdd3985bdcce4a141e603fd761f4a1d525f5bff8173dbd7fd7342095e90d23d5b396131d0533529acf361609e258e06c88681796b1420b3f7378ede290010eae07eca7095a1187d0185e0f9c863c9c9873b9ecd9017e8e7af844d189dc219b0080f21247d50e21ce2b79fbb9c3fb81325956fb773e1b865fac3a4a51fbc15eff7f34ccc24b2c4e294b825972b0b4782cf7081da73ddde40ddb9943002eeb5c70dcfd8fc90a72da570929e29409cc11f53c0e8abfb674cac1fa20f4b23ee47a9124457f2e70b6dfee322e6a8309c07483893394cf95b5a4b562e09541fcaf962cadf16dd1d33dc950ebb6f4c9a1bf3242df833c144180ee1e7ea05a5dfb14914ee9cf27e2fcd2937ed7618fecba336a6730e70b1ad62721bc2a5c5ad81d7d67526aa90aa491c709d38a843a4ec1a353f375590d87c0b7bcdaf191b99e366b968604dca36cbf28f7db95ffa81c3e738be2fc2f53f5cbb5c077682fff3195d20a01c87a7712bff6bb4da574dcf6201e29a053a9cf13bb81669f1073044f310459f94dcd6c5b2c24c29e40eac32dfe87e005cd73fcbcbdde6cbab1a336db95612e9e5f83567081adc4b2a9e267792b518af2821a75e7656e0ae587e92ec8a9c0fcdc09512451f6112ef0c3a61ea7a4319dfe53d8af958036e282f796e3469ea8ea5c98195afe63568b142c1652d83aa2e2daf87890d53e41a842ab5e246771c01dc1faee8156a576cbaa1484318129f7effd1f95dfbb5193c8d22bd877f598442e3f48ab64de25c74ae3195d6bdec7347b8306030ad11d533366ccc5b257fa2aa989899d515d0b004287d7503bee53add6f92d2cd6530b43dc8b87fb9784bea1af49b6948b20b415c9eee7a7f7613647b7200778628e507d769281c61ab5f343f3ed3676b6c4571e1c35d5367cf6a82160e26155542dad276436173ecd533f0d25f7e2747d46ce35be7518c14fcd0821f9a2584c5c67ff0028bd078b7c339ab6621be494624af5972c265f7392e2b42b03562304d8626d7c70db3b0df80a68f3310d33109aeab1de602e155119a3fb06d5e154a5c098dc576456bd6f2681c38723cfc878319b5808a8a17c8df23e3383b549c0859e47db6048b5cb19367075948914328eb4507221720af0866b71b61cc7b762ed6afa93da7cbdc3beaf587e5d51298473e4de1ee6a42f1db18f64172c6d791cc5b1a2ddf92ec12831ae26f2e4ecb0b8451fd3259eb2b3fd07e851b81908e030b1af6147e5d1f43b427014ee9d9a11d9022cf4556a40f126cc14ec694747694643fe777c03e91dd79ec4b3523eb775bf04b2135694f2fa35bf4b0bc6bae02217466a48fc9ebd16950802d59f1233c21ccf5f0c5eba5dde31d4719c41c456b5b5a3a81dcc6c364ca963c2d3e71e2441239f5ff497300ab1c5fe3bf69258f90e812fdd48c91e8921d14c2caf0519a52564bb264236910a0e4914e841d35e79a5da3e6fa6f952ee309a9b469c0f206fceaaf4d784690a610c6be9b0eaa20392dcecd224448754b479a1d3dcfa2aa0796fc0cddbde512eee98d42696d9fb612859921549132fb7295f7d4228f12424ee68579e2c6719a993434569b2d82ee2e20c5697f06166fe60ee8c64fd7095e658518b959fd52892c8fb51971137495a20a024d3e33a5798c10db6d9140f0702d0c106a7910987ce9bc07e137d18613937d4a29557cd5733207af5dd33f9ad7604a6b6a2772e6ec68da4be9c69392d56423b4a8f5dbf79c54cdf945c9a64d035b19d3c6c67ff2be8a21b73265a7af557f085a677bcfd1bfb7621e083416af3b840eb72fe76ab8e779391e3110934d10ecbfd61c11315426f5e0189b5487308356a5e3a3c79653e15894db42d8e0ab7128682c3736734f0d9d59c1a63f429dde310c5fd87ccd612f782d9cabb77c7f0f081ce059156b825b5759c07faa85a611f20f0d1d3a0911bd868a5ed6f805c84d96ebeedf5e5f7d7626f6e5c8bda387ca7f7149b0ae87292e8f95174f7e6b39d6d9dbb3ee68033afa5509caa00ff9f94aa73a51409b1f210fbc7eecf463d2b2b748bed86b84a7ef2a68fc3f21c4a700d4de9e019b2788d6c19e71d72de2efc12a65635586603cf1440cab8e73ea147d6b7781b4d7783b319bac663abb93903bc17aef7d12ae3e403150679aa47e9bcb9bccdbf9a588b03921ef5abd13b9f1815e3ea6821ed37733a4b9e38a9e5f6a85714d0e8ccc0dd61cf903d9fe60b419a476efb2ff1e25a45d1746222b177016518eb53aa121367fe650b9bab9a465a8672c6e191f5cad085f4ac195425f76a7ce1a625f6792bd39d593fc3beb0e04c7ba8dab50b2f418a99e40a08f341240b8f8ce49819b3b58a4ef", 0x1000}, {&(0x7f0000001200)="ecb580d668c3c0f84e3f6bf5f7fc757629b3541e2115406cd6e891ab4e1529e4e24b340daeaf0cd0415ba5d2ce1b94a5b3530e837614019ecd37ba32f641895e9c52db4f46952ef4a30881a13df7bccf87382704eb4d27af7d1daf83b3c61ed3c1c5ff875eaa1f7579cff30a1db4beac87d4cbfb840168ce8a59f62246ba2aed5748d17604ae5e", 0x87}, {&(0x7f0000000100)="044e215e246b299eb8915353c8e2a8a911aa90ba649c", 0x16}, {&(0x7f00000012c0)="cc5132f1", 0x4}, {&(0x7f0000001300)="9502b682a7047371c7fd1ec807021dff8fc278c69e1862e738fd5491bf206cd09710a21cf0083f9db3d7c2eeba15e4ec3b254806c665f0d883dfc653f3c3b8bada397b79c41160ca7415d73f96354a11338ff47a8a6c8bf7d47bd20cf3ec29203676b8d2afa7b28d7d4893f4c27346f4cd5726bb39562675a213d56ad09e311e5d4d2ffdfc2da96c82a562f5b9b4c0a21bdd5f96aee48ba11f038a4b134cc4abed8dad961aaf6c678043650f7ed610159f3e54b609cb6b8652e6d6b6923ec22603636c86b2bdae1b279e62d4f881a95159c6ba6b122c2d703d997c389eae3c4a26a7f6de9d12702326", 0xe9}, {&(0x7f0000001400)="0c7876d98dfd1ab22bd6f71fc2dc01cb9a80147d2e46fe2f72e682fe70470c78b666af5cb76b4ad92fbdd8a01fd801b9b25942c397ee0cd52605de49b24ed2a2d22c8abb39ab90b52bcd2a292ef870ea7bdf3c732292bd441c7efa09a9bc0e7e26be783405c86705884fe10b63a372758c593bab3ac333ae1a", 0x79}, {&(0x7f0000001480)="83d119ff934223447adf5bd897ee5196f86b4737ecf99d2aa0b50decb4d4c498a1e70ae5734b129fb8937dc5e0ec37d1c1a6a86db467bd74426cf3ced2773f4d242c305316ca040b1b0e2c88c8053b0ad3f35435c43b7842970864dfa949ad0540e2b0053af5d8a87e2efcebf417d4c7e693fe73d27083a88d7993b56c8d392dc1d22490a800aeb3b0da185e6128d4df9bcfbf7908c8520ea5ce30059c5369cdb4ee491428d086cd3c2dab63adb325aca0d1320d0b001510ced2313a3de44c72974da7accdb4365baa92224803f86dbf08360997a318d7dae8d450b0dfd789f29553ccb0013dcfa8", 0xe8}], 0x7, &(0x7f0000001600)=[{0x70, 0x105, 0x9d, "b017fe61ca087fe9ac8dc253d361c23b7d8e763b3afc3cfa4c3281cfbbcf6e9153628f1411f0fdf488f69034ab430a25a70e8116dbdb56f37b39b47125c7d138660eca5993ccf83ea5fe979c35bb80ad4b9c088575fbe7485de4ca44f9a803"}, {0x70, 0x115, 0x7, "78aded98503be82a86afbe3665608b9ae2a0d47be3f585700b9309c6db7c2ce8f1457e34693860688c24434ba957f24b1b71c5cee1d6afdcbc4c725f9d67c5f47cd740471b132588869f6323450c85bba51fd55407d520cbbb0e"}, {0xa8, 0x117, 0x5, "e10481be622798eca54f117ae3d4e723e46c6373a5d1391826a00adee22f6382a31c8fb068e5ef02dcb5cfa8b47254984b82524cd6651bfc154e57d452de94273fc65f73b6cd14e1aea6852ee22bd51a7495bf520e2a47d163ff2a7b341d8e7140bddd1dc8c0a1a529c2b220bf2c1c2e8604e382a3a8991f727175435e2d3346f7f6df43d022fad2818d860afb40a8310c078647"}], 0x188}, 0x24000000)
sendmmsg(r0, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000000380), 0x24d, &(0x7f00000003c0)}}, {{&(0x7f0000000140)=@in6={0xa, 0x4e22, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000000500), 0xfffffeb6}], 0x1, &(0x7f0000000000)}}], 0x40000000000001c, 0x0)

2018/05/24 23:57:37 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000b5dfa8)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-generic\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00')
sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1040000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x48, r2, 0x200, 0x70bd2a, 0x25dfdbfb, {0xc}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x57e}, @IPVS_CMD_ATTR_DAEMON={0x2c, 0x3, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x978}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0xffffffff}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x467}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x81}, 0x20000004)
r3 = open(&(0x7f00004b8ff8)='./file0\x00', 0x28042, 0x0)
fallocate(r3, 0x0, 0x0, 0x73e0)
r4 = socket(0xa, 0x1, 0x0)
ioctl(r4, 0x8912, &(0x7f0000000000)="c626262c8523bf012cf66f")
sendfile(r1, r1, &(0x7f0000000000), 0x401)

2018/05/24 23:57:37 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0063404000000000ffefffffff7f0000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:37 executing program 0:
r0 = memfd_create(&(0x7f0000000000)='/dev/binder#\x00', 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000000c0)={{{@in6=@loopback, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in6=@dev}, 0x0, @in6=@dev}}, &(0x7f00000001c0)=0xe8)
getgroups(0x4, &(0x7f0000000200)=[0x0, 0x0, <r2=>0xffffffffffffffff, 0xffffffffffffffff])
fchownat(r0, &(0x7f0000000040)='./file0\x00', r1, r2, 0x1800)
lseek(r0, 0x0, 0x7)
r3 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000004c0)={0x4c, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240), &(0x7f00000002c0)}}, @release={0x40046306}], 0x48, 0x0, &(0x7f00000003c0)="88c85f241f52303d1554fc207a80921f646e99e2f751268861ec786b488a82266f6f3365b49640756e5acf12b165e8de22f8d88b2fe8f7cd40dd464ea70cb3a69a604a2cfc8d3e76"})

2018/05/24 23:57:37 executing program 3:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000080)=0x9000000, 0x100000001)
r0 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x8, 0x200)
ioctl$KVM_SET_FPU(r0, 0x41a0ae8d, &(0x7f0000000280)={[], 0x101, 0xffffffff, 0x5bb, 0x0, 0x8, 0x4, 0x100001, [], 0x4})
r1 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r1, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2400000002031f001cfffd946fa2830020200a000900010001e700000000a3a20404ff7e", 0x24}], 0x1}, 0x0)
sendmsg(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f0000000640)="2400000002031f001cfffd946fa283005b580a000900020009000000000015000404ff7e", 0x24}], 0x1}, 0x0)

2018/05/24 23:57:37 executing program 1:
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f0000a1cffc))
madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008)
clone(0x0, &(0x7f0000b53000), &(0x7f000084effc), &(0x7f0000c35ffc), &(0x7f0000b3bfff))
openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x2080, 0x0)
perf_event_open$cgroup(&(0x7f0000000040)={0x5, 0x70, 0x80000000, 0xc, 0xff, 0x5, 0x0, 0x0, 0x60404, 0x0, 0x80, 0x2, 0x1, 0x7ff, 0xffffffffffffffff, 0x4, 0xc0, 0x401, 0x7, 0xf0b, 0x8000, 0x81, 0x100000000, 0x2, 0x4, 0xa89, 0x7, 0xfffffffffffffff9, 0xb18, 0xc9, 0x5, 0x5, 0x3, 0x200, 0x8, 0x8, 0x2e3, 0x38a, 0x0, 0x4, 0x1, @perf_config_ext={0x0, 0x1}, 0x1000, 0x3, 0xa61a, 0x7, 0x20, 0x2db1, 0xfe5b}, 0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x3)
socket$inet_dccp(0x2, 0x6, 0x0)
inotify_init()

2018/05/24 23:57:37 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000000]})

2018/05/24 23:57:37 executing program 5:
r0 = shmget(0x0, 0x1000, 0x407, &(0x7f0000ffe000/0x1000)=nil)
shmctl$IPC_INFO(r0, 0x3, &(0x7f0000000080)=""/41)
syz_emit_ethernet(0x15, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [{[], {0x8100}}], {@llc_tr={0x11, {@llc={0xff, 0xff, 'K'}}}}}, &(0x7f0000000300))
r1 = accept4$bt_l2cap(0xffffffffffffff9c, &(0x7f0000000000), &(0x7f0000000040)=0xe, 0x80000)
fcntl$notify(r1, 0x402, 0x80000000)

[  719.293311] binder: 14699:14701 got transaction with invalid offsets ptr
[  719.303797] binder: 14703:14708 got transaction to invalid handle
[  719.310165] binder: 14703:14708 transaction failed 29201/-22, size 0-0 line 2856
[  719.315376] binder: 14699:14701 transaction failed 29201/-14, size 24-8 line 2999
2018/05/24 23:57:37 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x80, 0x0)
ioctl$KVM_GET_REGS(r2, 0x8090ae81, &(0x7f00000002c0))
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0xc0010140}]})
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000240)='/proc/self/net/pfkey\x00', 0x220440, 0x0)
write(r1, &(0x7f00000000c0)="3c1219f75736a52eb27a27ddbebfad07926a2e9bec02bc69ee56967213d3aad72d161faa4db2f9cbad32cf58ef73e883ac68660ba746cd7acde515f629d39319149f42b48228b04b8ec623b9f932adec069c28152208f504cefdbed5eb55f6480adceb0c7686a5baf72c9387b5a5b51a58f3d410a368f7104b3801ca8e4ed913a1ce05eb4057d4a47001a1612287bac485dca54e731a103cb254de50c3a3a2cbc25b61fa84d71294b2ed26deaff773a0882c29ed9334511f0332c59108ba44b18b1f09e3e453ded5b957878af701836d18078d671632520e8558b7", 0xdb)
r5 = dup2(r3, r0)
ioctl$VHOST_SET_VRING_ERR(r4, 0x4008af22, &(0x7f0000000080)={0x2, r5})

[  719.341908] netlink: 4 bytes leftover after parsing attributes in process `syz-executor3'.
[  719.380380] binder_alloc: binder_alloc_mmap_handler: 14699 20001000-20004000 already mapped failed -16
2018/05/24 23:57:37 executing program 2:
mkdir(&(0x7f0000000300)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x521880, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc02c5341, &(0x7f0000000180))
r1 = userfaultfd(0x0)
bind$pptp(r0, &(0x7f0000000280)={0x18, 0x2, {0x2, @dev={0xac, 0x14, 0x14, 0x18}}}, 0x1e)
r2 = getpgrp(0x0)
fcntl$lock(r0, 0x5, &(0x7f00000002c0)={0x3, 0x3, 0x69, 0x2e, r2})
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000480)={0xaa})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x2})
r3 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r3, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
ioctl$BLKIOOPT(r3, 0x1279, &(0x7f0000000240))
unlink(&(0x7f0000000140)='./control/file0\x00')
rmdir(&(0x7f0000000040)='./control\x00')
link(&(0x7f0000000080)='./control/file0\x00', &(0x7f0000000100)='./control\x00')
close(r1)
pkey_alloc(0x0, 0x3)

2018/05/24 23:57:37 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000001580)={&(0x7f0000000280)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e22, @multicast2=0xe0000002}, 0x1, 0x0, 0x4}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000000)='f', 0x1}, {&(0x7f0000000080)="77296a8a6896f1ff35ec7ae1c867808c2630ca3086aa339c51d76000c8366c8724b5cf69ab5fb7050d1015a3638d77f12a852fbe275767c63b430464ad0f", 0x3e}, {&(0x7f0000000300)="dc0579de7dd34c08658f23921f134dbd309b40fa80a5ada2a86b4bf62a347e98eb8b5545838497fe877d69d1508e7982c9c8af3bfbf8a684eba02754d62d46e70751c5fb191c7b8ad7a2cfabf06ae430724ac9d0be33b23eb4318a1798c6f11871807db2b448738cdd1e6c55ac039f704c01f449530ccb0cb593f60ff4410dd8a2e37e0e50d9dd5d02e3ae9b7dc1823f85a3f634e914236bcc8a8fa7136243fe851fa4c93d42519ceaadcff048c62c4e9b46909813ec66845700cedf4c05df693ddf0117b75f3be05d8538642e87dcab26c0864f55ad90990295f63110f4ba047181a9771d1efb6f847b5d10bfff9ccc12bf986f3e26", 0xf6}, {&(0x7f0000000400)="8a7d1ca9ac2a69f31d1376753c5cc1a026a4cf28a8f9b88fe82720eba44cb423b7424b70057fb0b5822417173bc7c0c0c731f1ea594e7a8b1ea731751ad88b6c1e5238771a45ce0a9ab3282010c3c01618cda4a8133955dfd4ada0d775fcf163adbc0f331e953c1e4899ead3aea16215c1584e19c800ace11a4d364d5b69bac82428a1bea28368ba6c62504b1da6eb5f33f4595682ab0e22b9518a043d3304b27776786eed8cebc911e8a220", 0xac}, {&(0x7f0000000100)="32b2dd0d486cc5db23e5a4aee156eafc6f6eca71b1b373ec6fc56e0eb706", 0x1e}, {&(0x7f0000000200)}], 0x6, &(0x7f0000000540)=[{0x28, 0x11f, 0xff, "6a8cbeab71d085552828cbb7f10c8ad54819"}, {0x1010, 0x11, 0x9, "1d76fe839766420e603344eee2721e13b1faac0b145bffc7f54a6e0a4f36333a7c6139988deecad08f57372fb853b28981954be910312313d8860bd7e64c559ec26f6311972832ba21c5d59e40ed10ddd4d2dd997c33f69c059136f88fca715078778afb5a1d3252b74b2f32e44d8c1eaac20457f2d14e2f466b526cb988946b795b430a800d4e784e4799976d7093bad2f26741458dfaf14d1c0532831b9e4b43c42ad6ff5b493084c99215737f4ca321b9bddc55472169d9d2bc5e13dab96154635de7e36724e033b7f494662261969e5d884c8d36c75eb6125cbbc762570b13a87ecf2dc05eecef31f4cabdbacdbd61ff0fa2c7c10509802eb056294b5d11dfda5dd81464ef2ca7a51d0103c40e6afb6f13e93067568ad48c82df34730b31ff187e040be33b4bccd5b4abe9514deb99b842961dc552f9586b025eef3fa20837122f4e7f06633308928a7c5890c472bcbedee88df538f1babd92e85dd85c4f04177e681698dca3c66e84540c0640aeac3917b09f2a46da4b70db185a0439306a5ee5bc993e4154aef721d491d0a0cf323a1c0b3c72f7a7c6c8d2b73e9ee5ae925e5e86947e0514361c27a0e5ab3cae0f04db43a4a4045c69d9a867c21456c1a0121c6b98647a3ffe15f005f7feae6703b6781f3f3280ede1e0980fe29c6fbc005925ad752ef569e11fcdc81e17ae75b2fe07b2c48616e197fd53ae1b48bf0af066b28719402ff3966cf7c13fcb6c0d30128d3ae55dd1b507ca8bc2b0e51bf8676adddd5ae21bc9774452f0edec79e7a319b2485403925f68f4aff06956d96f9d3a9c5501a984fe6a28f05787170a59f9439c0496984bc5528476abc18548e1e9bb42764ecf039925feac745a7beb0e4ab12293c4155fd2ed3578d48a4040bc0fe5d2a49f6afbd531839f946c0d8dbbc5b648f5edbd521adab9ce0821e66e633e964cb3346e2d196d9c6712a44f7cba8070f7dbba8a1a0aa56d15b66b56fbb42599ff3561d6f6bba8990c8cb54f320084a56a0f3ce794c1ab5081a98e8b6928c347c1f92c8eaacf347a770580755741af679a6a3a6f1f4386e75150e4bc63f139dcd5070d0eb69aaa2a13c72d67ece0c3ae4207cf3baa08c552ca0a9cf82dc0708df970a10a3d056cfc5ff1e4127cba56efb76b142140d1dcd3001a5245f88c8f22e9df09b2ef81905dbe6dab37133a6eaddd641606b3052c1b7f19a3e429ea34571bb16986c4f26b70867a6fcff04351fda473dea55ad826a7dee1e766adeb26c8b52d77ff612ca8a1e06125d82bda75527cf06af264534034e18fd30e15c4cdf404c7fc50f15aac65362698e6592b221d7fd9a96d5fe7d7ff85c4eb019e81d1ffd90d74972ee1782ac121bcab04a7ee3d4a9f5fa7b1422b84b16690ee7f9c5f6961044e7e3b42b9cd25127a2f5b9c62df52fd6c243671970632b6a46623ea9f0eee2fe94084565fad8837fb206b73f5152079ab116b20745291d6db84298df2e019da6c4a7ba81eb658c2084b603077e9ac39a222f71fe5040c418d54cf7c137b9c2d99098b22f1a99b1e3200baaa8b97d4ae662094867fe40bd9b66a4204a12035f6a546f9497123ddbee50ff159fdc191010e3b3bccbdf632375f8bc858ad2fdaff55f96fd11c7997cbcd614d5104d9110931095ec92058914ab7fe47c91411a77d99eef0ce7b318c69a7de680f0869f99b5f481644df2310f7ace0c843e66494cea8ac0685e68374e040d710e832f3929d22d3691c16f0fe4c62fd68148dc1e2ea0a5a7ce3c5cb181e741ea94452a75f4fc2a09916fc87d547f8e8929a32ae93866b993da30dfe19d7062120a45a97e9a8ba034a2ac37464f38df7d5900df54a8150a2cd14b980df46250d85ad325def56c1000b27f99f60e64e7273247739e2d9c74df22c995d0a8cb7e5957ee4aee6d79db94d120943f980db96f2f487609ee2bc1dba3fb193ab3941a34a06b3e32804324f4fbf9c3c2e79b713cf62e7f632330c4c40a8c81de71649db451e48659aef2095cb4ba41d93ea11c5eedd73eeb91bbc208bef26dec53c81cb39b576f175be844df41deafb4b2f4dd1c99d66241a6322233a82b4669d80c79d2319408bd7737302852d2cc4655b46eec236b1e8210a9c84ff12bdf65224248dd7dd6709b14cdc6eaebd17a75bec2c89e37639576e5c9fb3fb457b33ae6d2d5114b4b8b1873df3cb8115a292c305d8a5a2f2a333a45e3fe8e5c3548596219f929fc4ce5795aa2801e5f9986be77035a4aae41793613dd5fd43c5f41eb1da15aa0ed603ca364ffdfebe8932cb14aef3dbcf358dd2ddd0172110adbf927af5a04609e809a7da4af4283d2f91426987bd6b303de6ccbe944eaef76d76f5fe37c51744464c9430d556046b26acd55f756a1957589ae59233f9acb8bcf4403cc6eacb6f7974489d1f3b50a70ad431b87ca7c3d0dad6ace81b047e976540c7b9313e3f2bc65ff825289e5eeff879e69efc0b90f6d1481b8a2c6ce2d4a2a6c49032bd943fc70fc3f25214fb4d1f6a4f410a236c56ecef0e874b3bcc3d29efa41002ca9598ebdf33f3cda4b6f8db688b2a5b4ef594fa194d7f30e9fa506899167204dce98ed4e636d0c731a904fbb453d2f81e07a72d85b0429f05a5e5abc5b1895b8fdee9fd8c76e223de6e133f4dca66a9c3a84440859751a2e93aa1cb884ca21acf137f2acd777b98d3624bd422238508ed76d717dd54292aedc13cf7b071898f954318629ad52380955ad5f00cd6db4da9393bbb7f2f6df82248300483b761165a00983c0781bc2fed46bec200eec0175cddbff6da132a593df68f589d806bf91ff1c983befeb01b6a543e34a16f4171440ea112bd912b3275df06b81560fde8d850af3e37e20aabc2372e78bf3aaea2f8ac71b2b6c8deae739feb73fe308cc3d55d22cddd64cd0b982fe927253bd35ed49432ff10fa9615f0de38ad41050bf2f9720ed585f0c0f3326f277d2dfe72b9f29f1f40bd08416d4b31bbc2f20678f786f6e50e3636fd1e0db363fd52209db6e572552354fad282d7d9b48f72fc3893fbd75dfdf20cd4456e6b50435e4c517bc07206235d71d5ba81b9259f59b845259b8c3aa56e73fe522cd2bbd46298e1be333f282ff5fc13f87dd91fca0fbeb1f1f7b70f3f86b67e6af6e1d263d0986554f12936250ee551d450fdf37e547ae3615e66c5c99eb45e1e827a26219a070729644f2eb0507c93ffc962c1b429a0a606888854eea7ed678236e005b38d74d6670130a94a23c91603577bf423b9fb00996d6825e6fa53e81aff1aaabfa5b6ac3386a637f87ac680d28a30952aeede6c129dff5a92f735233573e0d7b193df021782ef4357f0101d2cd60611ce41be30304d32672f03af5a55699951251233109b63dde2d41dbe8139ea4bdd53a16323684b7e5e355647c87638cfb51c1a9d57868990d2764a723cbe3fbfd3e95ad1512d644e46ec592e39076485b4d9f32bb1632d42b9bf56b11204f7117d8086ebf3709d1d3db4a6d71ff16691186d94756874993cf794d7d75967a597ad5baf73b235687053039c897d25379cd115a2d983d0d8357da31dc7df4be0be71d69224969c6c7db1c98674fc295a9e52ce8a05ee4f3fc444d41d14e68aca67e5896aee8b3168996cb1cbe0f9034a163df4117a135c762d5e00fa25ad25108f72483f11b0cb25502af6f72be1ea26c865379a304fb1203f121823226798147a98ed1291c7da68312e7a39fbbbe063047fd008ef6028dcbee51df8e25ecef5540d4f569ef7e6f986abc039eaca1a69d472028e75c1f7fd7e7d6e2fec5db955717cf722269051f9976558670a656f2d673d01e7cd8a44cd848e04f49a9c85382048a7e06b2338591251f0f554cf20b85b0ed0a123a1d9e3f24091af7959f7cb1a208b69cd09634cf639eaa1ac1cc8d2f5db0ba700ee72a76e93b1757244fede5d3c2bcee7ff1e5d12dbec161c190b1d9b93d46e74e2cadc94ada6c5996c7a027a69628d3cf7e5064e04ca8b9b7fdc6b9dcab622d0437c5b9ebf7a961db54a013e95916ef5dc71c33cf6fdb458442fa036b10d50463a141b53007b728a2aab4ce87c8fd84036d83a752db9058aa49e791a2e2562e9f9c90a117b51444fff135b572839cc0988ce9002a5e071e1fc5de8a013b30602d27d8c307e2586b9bc544affff61e1fb875ff7571074a45222d1992c2310d6253e13413cef566884373b763e357ebf18fdd77634b392b34ff0051e8a465adbf00786153ce76eaf768eba6b95aeb033c48ced57412797d977f092c780373b29c15492f41f6c835cde6a5c87a6df36dcf82e53c1ee5bede0ae79a98493362f57804b2c6017d2329d2920111d9b1c19bf62e57fe81a48537ee58bd30b1be7fdd8f5b09022fee3dca2e403247418f87a29d405acedafa25b041343ece6d253376bf2c6b4a740e014c493a324ee120d4431e7e3a691cc1d87ef6eb385499fb70794c68f759d7e494aceec156f055ea49814ed1a616277c247313e534929984c39b3e066fffbef029f051e070ded5ae852c4b6cef7ceb727765068a4e31caf36999131aca89e096f34970ceb364b311a36a19e00a6446fb7285124659b40f60f3e6e1f41da965c51ac74111de5592bd99cf9d2d7000cc0fc20597991f88fdd983d25f5bc896cd4b056843730450344785a61ba124d2a5977d48ec14e98c3c4a7c604673cfbd74ff24f887d33b1c9cd3a179a7ab8a53eb108c7876c49d86c2b6bbd3d613bc87229acf7cdd8dc57ee2ba650cbe159fd875be88488bfacd51a5024a07b1847ac1b816017cd4912224922fe221f6a1023c7832cf730de9fc1c081e77bb813b1c03a3f73e2205be8b5ffb30244438bac96c4a249d4e54dc8800dcf15c6685869760021f25965e6895487be29ba2f9052293cf2edb7f74a4ea7449e673999fecbe94bcf3299007b13f0cb993e0edac709e71dcbc375bf3caa64517a567c1f9b680ab8c0c0fc785037c0f36830dc47f6eed1dc3b3cc28d716f05856cdee09ecb5063318be682da15cddbf78e3f7938ad55b3e17c4954a9a608ca7227554e809fcd548a19b0e058c5fdc5d6f94367df013eb32f8be1a69e7882523c0f271607a201cee12620b73e1526b46e1bdc9f81c94e930a99c0856fbd6aa4d82666d0121f744d1cf4de4563f31b347cf9860199a96b089a766e41c647f296b5805255a36a96713a99b5c92051f0bc5cdc9aa6de9d939ada8393f2c7ac2ff4d0e7b0da39f41cce94a87eecb9e8723d99064a3e9b6e045725a27df66ca9d36f27dbf694acf545f9691c06b14b9b6e3cba52e298207ca45cb668562108b4005d9082a1d3d5693da76667169262d4acafc3f5126b693afccb827a08f23bcc9a60593fa2e4bcaef6e9c1dfda42e1947f5c606ebfa3966dc31f1b580136ea7ef8ea8b2d28d0aae555f3bd51b1e06094dc54fb8c5df7ed804612c342420104be603ebbe637b18720dcd40f813856b7bc5edb7e16ac21e8dea20e8fdd477930cf0db592065801953e53ba68baf044bca0026ee85080c88a246c9ea794c86d06b18bdff924c08b68d6a543588dc6f7befaf9bc64f097edd05c10d52342613c35692a5de8c89ad708196505c3867b60cba4031d2077387bbc92f1a32a7d2d06ab66be8c8dbea7c556e21a1fd886ba4b407fcb1c9225fe15ffbd180c7c96133790ea5c2fbda1cd9aacd23cdf9c2a4a777df16a001092c6e55f82000249b03cfcdf2a55b97fd8bc7bc3d3b0fced74d46ed9c421221f83fad1740ed732dcae96d18c2f3cc4fac8a858a161570eee4df102"}], 0x1038, 0x4040}, 0x40000)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)=@setlink={0x4c, 0x13, 0x311, 0x0, 0x0, {}, [@IFLA_IFALIAS={0x14, 0x14, 'veth0_to_team\x00'}, @IFLA_AF_SPEC={0x4, 0x1a}, @IFLA_IFNAME={0x14, 0x3, 'team_slave_1\x00'}]}, 0x4c}, 0x1}, 0x0)

[  719.402070] binder: 14703:14722 got transaction to invalid handle
[  719.408522] binder: 14703:14722 transaction failed 29201/-22, size 0-0 line 2856
[  719.416442] netlink: 4 bytes leftover after parsing attributes in process `syz-executor3'.
[  719.433177] binder: BINDER_SET_CONTEXT_MGR already set
[  719.445226] Unknown ioctl -2138001791
[  719.461137] binder: 14699:14701 ioctl 40046207 0 returned -16
2018/05/24 23:57:37 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000]})

2018/05/24 23:57:37 executing program 2:
futex(&(0x7f0000000140), 0xc, 0x1, &(0x7f00000000c0), &(0x7f0000000080), 0x0)
r0 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x77c9, 0x181000)
clock_gettime(0x0, &(0x7f0000000100)={<r1=>0x0, <r2=>0x0})
futex(&(0x7f0000000000), 0xd, 0x2, &(0x7f00000002c0)={r1, r2+10000000}, &(0x7f0000000300)=0x2, 0x1)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000340)={0x2, 'syzkaller0\x00', 0x3}, 0x18)
ioctl$KVM_GET_SREGS(r0, 0x8138ae83, &(0x7f0000000180))
getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f0000000380), &(0x7f00000003c0)=0x4)

[  719.505214] Unknown ioctl -2138001791
[  719.517332] netlink: 4 bytes leftover after parsing attributes in process `syz-executor3'.
[  719.530475] binder_alloc: 14699: binder_alloc_buf, no vma
[  719.536226] binder: 14699:14740 transaction failed 29189/-3, size 24-8 line 2971
2018/05/24 23:57:37 executing program 0:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r1 = syz_open_procfs(0x0, &(0x7f0000000000)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a")
getsockopt$netrom_NETROM_T1(r0, 0x103, 0x1, &(0x7f0000000140), &(0x7f0000000180)=0x4)
getsockopt$nfc_llcp(r1, 0x118, 0x4, &(0x7f0000000280)=""/4096, 0x1000)
ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f0000000100)={0x63a1, 0x488e, 0x3, 0x0, 0x4, 0x8})
unshare(0x400)
fstat(r1, &(0x7f00000001c0))
ioctl$SG_GET_SG_TABLESIZE(r1, 0x227f, &(0x7f0000000040))
setsockopt$inet_sctp_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000080)=0x8, 0x4)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080))
r2 = msgget$private(0x0, 0x0)
msgsnd(r2, &(0x7f0000000140)={0x1}, 0x8, 0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f00000000c0))

2018/05/24 23:57:37 executing program 4:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2)
clock_gettime(0xfffffffffffffff2, &(0x7f0000000040))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hwrng\x00', 0x80, 0x0)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000100)={&(0x7f0000000080)='./file0\x00', r1}, 0x10)
ioctl$KVM_SET_GSI_ROUTING(r0, 0x4008ae6a, &(0x7f0000000280)={0x8, 0x0, [{0x6, 0x7, 0x0, 0x0, @sint={0x4, 0xded1}}, {0x7, 0x6, 0x0, 0x0, @irqchip={0x1}}, {0x1, 0x6, 0x0, 0x0, @sint={0x3ff, 0x8}}, {0x4, 0x4, 0x0, 0x0, @adapter={0x0, 0x7, 0x8, 0x0, 0x6}}, {0x2, 0x4, 0x0, 0x0, @irqchip={0x1ff, 0x800}}, {0x9, 0x7, 0x0, 0x0, @adapter={0x68, 0xde24, 0x4, 0xfffffffffffffffa, 0xb7}}, {0x5, 0x4, 0x0, 0x0, @msi={0x2f3, 0xfffffffffffffffd, 0x5}}, {0x2, 0x3, 0x0, 0x0, @irqchip={0x3, 0x6}}]})
openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0)

2018/05/24 23:57:37 executing program 1:
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f0000a1cffc))
madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008)
clone(0x0, &(0x7f0000b53000), &(0x7f000084effc), &(0x7f0000c35ffc), &(0x7f0000b3bfff))
openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x2080, 0x0)
perf_event_open$cgroup(&(0x7f0000000040)={0x5, 0x70, 0x80000000, 0xc, 0xff, 0x5, 0x0, 0x0, 0x60404, 0x0, 0x80, 0x2, 0x1, 0x7ff, 0xffffffffffffffff, 0x4, 0xc0, 0x401, 0x7, 0xf0b, 0x8000, 0x81, 0x100000000, 0x2, 0x4, 0xa89, 0x7, 0xfffffffffffffff9, 0xb18, 0xc9, 0x5, 0x5, 0x3, 0x200, 0x8, 0x8, 0x2e3, 0x38a, 0x0, 0x4, 0x1, @perf_config_ext={0x0, 0x1}, 0x1000, 0x3, 0xa61a, 0x7, 0x20, 0x2db1, 0xfe5b}, 0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x3)
socket$inet_dccp(0x2, 0x6, 0x0)
inotify_init()

[  719.567539] netlink: 4 bytes leftover after parsing attributes in process `syz-executor3'.
2018/05/24 23:57:37 executing program 5:
r0 = socket$packet(0x11, 0x3, 0x300)
fsync(r0)
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sloppy_sctp\x00', 0x2, 0x0)
syz_fuse_mount(&(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x100000000000024)

[  719.739261] binder: undelivered TRANSACTION_ERROR: 29189
[  719.745462] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:37 executing program 2:
setrlimit(0x7, &(0x7f0000a9cff8))
r0 = msgget$private(0x0, 0x421)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/vs/sync_retries\x00', 0x2, 0x0)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffff9c, 0x84, 0x6c, &(0x7f00000001c0)={<r2=>0x0, 0xf5, "1674d353af55e04c954d6bdd4024921e8b83314beb8ce671d80cedb36f6b4780b7bdf26a40c435362b3523b9a112dd613577b2f88201a4f1e50a05c5aec49c120c97b3fa5e2f788c7dc88220ac14c96dca26429660ee7bae75d282c114673a58e0c7d3f7d8a4dec546758c54c76230d8584b71547722ddc53b5bf0ec85dd03e6acb44d756e72d83809a89274e97eae33f867a2ce9ef822c621aaf6a8116dc115da5d2a4c14ea3b4961ac29c8e961ba1c6f17803c2fd000305f0c396d8d6ee2e285be892ed7799fa192416ae08700f8ff9d1df5574c0201157f892d828ea36b06ed8e5e019a8b6d739d98595a2e52fd05e6e98ff6e4"}, &(0x7f00000002c0)=0xfd)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000300)={r2, 0xcd7, 0x6, 0x7c00000, 0x13cb, 0x2}, 0x14)
msgctl$IPC_STAT(r0, 0x2, &(0x7f0000000080)=""/208)
mq_open(&(0x7f0000000000)='eth0vmnet0\x00', 0x0, 0x0, &(0x7f0000000040))
prctl$setfpexc(0xc, 0x3)

2018/05/24 23:57:37 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0063404000000000000000000000007a000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:37 executing program 1:
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f0000a1cffc))
madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008)
clone(0x0, &(0x7f0000b53000), &(0x7f000084effc), &(0x7f0000c35ffc), &(0x7f0000b3bfff))
openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x2080, 0x0)
perf_event_open$cgroup(&(0x7f0000000040)={0x5, 0x70, 0x80000000, 0xc, 0xff, 0x5, 0x0, 0x0, 0x60404, 0x0, 0x80, 0x2, 0x1, 0x7ff, 0xffffffffffffffff, 0x4, 0xc0, 0x401, 0x7, 0xf0b, 0x8000, 0x81, 0x100000000, 0x2, 0x4, 0xa89, 0x7, 0xfffffffffffffff9, 0xb18, 0xc9, 0x5, 0x5, 0x3, 0x200, 0x8, 0x8, 0x2e3, 0x38a, 0x0, 0x4, 0x1, @perf_config_ext={0x0, 0x1}, 0x1000, 0x3, 0xa61a, 0x7, 0x20, 0x2db1, 0xfe5b}, 0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x3)
socket$inet_dccp(0x2, 0x6, 0x0)

2018/05/24 23:57:37 executing program 3:
r0 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}, 0x0, 0x1, [{{0xa, 0x0, 0x0, @loopback={0x0, 0x1}}}]}, 0x110)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f0000a83000)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}, {{0xa, 0x0, 0x0, @loopback={0x0, 0x1}}}}, 0x108)

2018/05/24 23:57:37 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r1 = dup(r0)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000140)={<r2=>0x0, 0x92, 0x1, [0x636df43c]}, &(0x7f0000000180)=0xa)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000340)={r2, @in={{0x2, 0x4e22, @local={0xac, 0x14, 0x14, 0xaa}}}}, &(0x7f00000001c0)=0xfffffffffffffd85)
r3 = socket(0xa, 0x1, 0x0)
ioctl(r3, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000fe3000/0x18000)=nil, &(0x7f0000000400)=[@textreal={0x8, &(0x7f0000000300)="66b98a0000000f32ba4100b0f4eef2803b000f30660f3a63a641cf6766b9800000c00f326635004000000f3066b9a40200000f320f08bad104ec65f3f20f0118", 0x40}], 0x1, 0x6882142a97055dd0, &(0x7f00000003c0), 0x0)
r6 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00')
syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000fd2000/0x18000)=nil, &(0x7f0000001740)=[@textreal={0x8, &(0x7f00000016c0)="9c0f01c966b9800000c00f326635001000000f30660f01c80f22549866b9800000c00f326635010000000f30b812018ee866b9800000c00f326635002000000f300f01c8", 0x44}], 0x1, 0x10, &(0x7f0000001780), 0x0)
sendmsg$IPVS_CMD_GET_DAEMON(r1, &(0x7f0000001680)={&(0x7f0000001540)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000001640)={&(0x7f0000001580)={0x88, r6, 0x300, 0x70bd2c, 0x25dfdbff, {0xb}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x8c7}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x80}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x9}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x1}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0xe0}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x81}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e23}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x8}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x6}]}, 0x88}, 0x1, 0x0, 0x0, 0x44000}, 0x4000000)
sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000001500)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000014c0)={&(0x7f0000001480)={0x2c, r6, 0x400, 0x70bd29, 0x25dfdbff, {0xf}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x3ff}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4582}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x80}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x8800)
ioctl$KVM_SET_VAPIC_ADDR(r5, 0x4008ae93, &(0x7f0000000080)=0x2001)
write$binfmt_script(r0, &(0x7f0000000440)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}], 0xa, "47e943fd82fbbfeb9881ac8f34cf4a9a3143082aa839942b03df3729d52e6e688706511bfc40f474e79e0f82775175d60f66ec3e2d1358ff97acf25e84d74358b7d579eb632861fb9c520f180f4edb1ab59531d7cae96ba74021e0c95ce51a1589a67f8caeded5eb6663ad1403849ef7dca69d5e2d00476749b90c157b8311e6bf120257051ad3652d8c016a95c6dbeb5b2362d88a31dbcec949cf4b0b0ad2af812aa7264e9632f5d0269823f6b7ce59b596b084b363c33a3f2f3e8099b0a45dd680af2c4f4b6ca42b3dc90506a60fd46a19ae7957c91e82658d80762e7238f2caf57e824bfbcfa16b8258a5b43573aa881d55da6765a63c76dcc94a12ba6b76976c44891203ad9c619db659045b85f5b267a02011f620b5253dfaf8f9ae488bf3a2be402fdbe8751e2e96d8ad4cbefa1f6eb30d024f72cc3128e627fb3256f25bb431abadf600e696b88775c47901b9bc387099c1447882e7247c2e88eb23e214963aa9e7eb17d2cfac86d347d5b6f5ab16519055eff62830e49889b87b57201622dcda183b34e6aaaadfb043da45af328e4818b64ce1a7e333a238b0a72ee96407baa8a355e8230fe144537ac1347356e1426add15bfab5cc968234f67c23f2ae83a6e887d062aff2f497d8d033e1842cd9d2f9b4dcb7ebd12d0d2a8b447cf7f599161e3ca1badb3e63e65c8bb8a75a57b2d12883f14ee03c8ef831403e3d7ae620afe6833671b90c5e37fba1d428783065f9478e0ca1da1b5cd3c4f9876e48e524b956130f3aa9dadcdc5f9e45fd97d90fd65f5359b462f373ceaa913725f488b3c1e51e6f63e8cea371aac491732fa33d02ae738daf8e293e06ddadfb849a2ff35f2958130110394b3b0fed38554261cc0e3e37b171ab107d65c01b63e3efcfc314dd04963ddc63f660fdb2e516686036109ee703bcc939d0964878633fc85ab7aab4017477dfaf24bb1878cc1e37f96de84910ffd2845f0aba03995d7be1ad66df149b301250e09de6ca8ee5e9ee5c847686fd0e44fe40c44c5019eeafd2b4424a2496fb2f80bbe7c669983a0a2f3e2311b93be99e5f783314a6f9a6b0ca04ca27ba8ba35e4159bebe63ae35d986d5fe7bd622c6ea64bce467c305e7b18083333afdfe485f65b6bbad4e35e6ce0fe3ccca35e7fb359371e23fb3731d729cffb134960c5d606c987ddf11f1dbefa7c9e65a383f7226c1a55354ad517c0af9e3ebde32e95d53c9699ece5c95fd56bb0422046e8b636554efe8dad5f465e78f7e55df0becbf1354947df84a8c0b05dadaf09339d43169506ad6761423121ad1ab8ae0e00ee57d2851a13cddd8940ef34f5453cf0b9992ea17620d49daa6fd67ab940c66fa8e1cdd5ccc3f276f08a83d46b66c2e03fdb3109a79397e7ff0e75c1c2a25fa4a4b68ffac3bd889f464d1c8c735cdaee2b17952cadf72d0dc76c05aaad8ad4717be2a8c63cd6ac0ca40ec2ede2b78091676691ae7ebe3a4efd238781a8ce703a69566ed6944cd3806e77bde6a562cffcaa6342092b3d62882b2eec398f9eaf6d792d67407683ecb6c1a77ca5fd0d9b8875b3dacfb80bf2f403f46d5d869dcdd7eb13b332fdd5ef67179f43b5fed335c3f8b276f164d63c7d3f4463bdfbd88277dc60d4021bc38692bf20db09f54a52255a12206d863289981a1ff9e9e9ce5a199481a2803ec713ab59641be0ebe29546dbe739656588edad96d2e2ef69e8dabd20ca9dc255271ea723ff95f23b9c234187c392d4ac28c5a9b52e877f05b9370c431da27070b76ec63965957822cb90d0df704a2c0328450fd242d2c8061f9df136a81188775f7eb9cfabeb9c89321be46ea4279971dc0f41e46228985bd30033938d759b8dea6628ad9c0950c8103e401fb93b7a1b594d726a6ba2010a48ac3eafa36e008591d7e629cd21cf6bab316d075f24ea71c1f28722cd47c84879b556be5ac875ba9f46d6519b61cc444400f946925e81797a064de330a876e9adb21949ef0de1ac38b99aea2043a0899f36022a3598f22617fab86ae8efd61c3eab17fc61dba84b7752a656159c974e8c52523c019bf8b5889c2b6b09025a9dce102a1b177ed2524a514d820182250fb0d091f476199b50038764069cf77a502b5aef33bc0ddab430d1855912db368939567a22d9244fd8d2f9a0e7e6804d2631cc7f27b1f5643fd105ce4fc176c80d420f568b644a87a84cfc2928a526a5dc4fa1c4c53b79f45c6453ffcc673693ff1eb33f0fc4971c2e24d16637225ecbf328b5e2f6aeb3ff37a3f993c087f7165ee437d75645cf1cf7b39f9f532e77cf59401cad50af2560c11ecd9795e4bb2980c80b1dbc4f094734f5ed44fad91d0a9ab47e6950b468f3cd4dfa74c5a0164dd9b8a95d7c8bf8391f0fc1e4c8d75ad23e380db02f91750e7513cebb5fe68eede4b8c720cbd73094b33e6b559ac37223351c643e65f03499cea4f0b4cbafbf002dd29209dd9208e2a88ec89191e6bf7efd9127acf2c879345ed6954685e2a5ecc4a251b502532a930d3dc8eca553fbc505e453eafbc5596217eb7d530403c66b30bc77a76761175bed2d7e9ca132b0e0b0e800302128279fafc7f32029be986141009129875810251c210d082e53e73c4c362af75db23507d49ceb0acbcc9a819784f8945241dbb6277cb2cbd6934ffe35fbd66d8067cd477c766d6e4b3fca000175248b517748973dd15fb2f9be7d16fd80fb9eab31eb96319b1e9ae00329e61bd8f49e228b2f834c1ac065e067a2219586f75800eb8c7ecbf7f6eab2eaa6c57e6fa6140f547be7d0689af089a6afd6669a0e857b934deb33fa15bdf1fc90b7673516aad0c371ae14d5f2d4e57326a8aedfecdbf9ea74b51a6229b2b1d586481e349352e28abaa04b588eff2e74b9c22b6fba4e16ddfb760a5fe41f0141ea4a5258368fec97be0eebb416e95d075d643941e793bee5346aa53f7a009e2458c091817af4a63ac477a3362cfabc2038e88c9cefc4e69532c456eda7671b0a8a7075a3b04dd081010ddace3dd2f04b1ac1b26303204648a51b872d4b028d4c5b5d41455261d2caef769378a0951471e4a750a339e9c7cb6ba5fb91d02b1930527c34b0c00b63424e19bb030155bd3fce1d0ed0bbeb4dd68a672646ae80ecd87e0005cd5e4d9dd00783326a9649192ab900059b1df6c435b53d069dff30d545d02f9e72b7cad584da81e0213e0f960f072b6be69e665f39b63ffb0f49b774fcc00061573c6966f22494c5db47f28a0ba7c4812be5c3e3589930b31914eee6bd629d7af29085254772afb476b57ee373642067b6969b7f20318db3dc69e2991c088a36cb4bc426c7c7ddf86ed00ce65da25552b82e6cbc1f6f224e397cb1dc610dfd8bde52f117102840021fd94cba17cf9054c88eac122ae419f9572241d6b7b64b7d2a0a6a825ea3924805c9ec343e2d0c454175738afa6a9f3d8799ca54acd226a7e1ccc141d8f188c70999ff7f016d9fb25ea81dbd984922b6a60ecd2257c065a107650e2c288cb2e3d91184133bd7b3fbdb3adeb56b1783fa9fd9e189e42bbb7529266e6e0dccf20e6550f9ef525bcdb09a1062fcc11b0c1dffbb1f12c0f522046084c1f28ebc035abb742a1f171d568658b03d54f271ef8bbbc6f9dc30d02634283ff5175f4069984e0a9e949693c83789780b197232a5aac933a77b742acc557d61675ff1ce4562a5b04e55bfc5b66a23a644af9b7de13f222181e16ca5c18ae60b10f777c0ba7bdc38ab269524386c462c68cf138732a0e63fda8da56121e88a587a43d138d0cd10417f48331bef8c64bdc94fb6c849d2c30667108cffbe8dbf351bad4f720dd56a8155eb8c955fc397a5b257749d47756e71b40a0971e24263ac799fbfa623f1f379ff183c1972c8a428ab56d24314e02fdb9fd16f9818f84d3d0da8a5e1abfc9b34ed526e8b7b5eaf13ee3adab2c884df91692a41ce907e70a573a44adad60f1f55785ee0dd04f2bf4cd1977df5e349083c61029d172324e4a64e0e5c76a3592105df239631d6c1511f042acc9c4607977fdfe364c6323aee534e90f4f413c6e8d9cab6829f96b2f4e3c0a01530ca54ac5c254b16c0260da78c0d37d32f42bd8614ab8d893127ec70aaef6991a774d490ca1f6888329f2bfdcc52af41c33ba95665224ef2c5c8d87f26d89b755eecac37f2da9c50be52bbd829e4901793c1b7a2cfedc5b3e25177bb2cf23b1c71c046511c5eb7f889203e1589bdc37fb59f674fba2bcbd999c5aad00fbea384d89f7b13344fb6cf87969cd30faa0af9658c1aa91b10ddff7bde5a6ec1c80712441f329565889a2595335c2a7155c62b6279d21dde106b97e081ef268d620cee6d917d1dec77d01e467e0b57cd78fa242fd9bd5b8d4f9cd95013ff5fc25bb926e0714232028ec34e51a7ffe8c08d11f7bfaaac57916e313f3176cc4b51500fab0112128208eb8aaba4a3f737b6d64e5c198a86c9d67c3c696c467fbee4e1ffa8c2bbfd8380f1dc5eb0654f2c65c14eaafb3fc2de2e5fb6fb516a28a409e5c4e2e76d05dcfde19679bf1b4539e685c96abac1915c86479a61062875611dd87f0ef8d3e3d924b15a6a746d3882cc2369fcd7ed9d7ffd43f3db31f6676a7e58d14ab25586a62a48d12dfb8250024b5390dc54a6afbd937d83d2be14fb5a9c5f60d242374f21112c9ddcbd099e908a6f17791f1989b4ea51152f8558cb01ddc9c96473d8e843d2e81adc7922e59b9f2d22b2125e84f71c04b4e9910f233303234b3e390f0899fa5ebf35f249603c6c6b019ad1dd0c772055fd4fc9b05713d7fa67c3bf43893ec1bbaf00cfb0e672bff69aea82103167fb66cc68af976243084d5344406393c22ad819538c902b250cf33d764c1bdd0263a3870d3471b76e30908eebf103d742be11c47c2e8c587cf399dab9f5ad56dfa6b4643610710f29f9869bfa340f6dee81d15d5a8714cf026e54acaf50b659f884b13b8b9261dde27136b51070ac7d689f65cb267b5df433bc2d9a94865babecc8783b96f6d30176dbe6c9efc800dda1982fcd412479ec253e2d76f394fad91f0ed6df802e35c4ca82c68b893a666ba612a2499f50c36e54bfa0487f03da27a26f9ec2b3a224f3f55a43b1fa528d72b946d3d33c802de332de0d1db0ca54b924aad75d3a144cb72205747d45b904727200ba7a928326dbc9689d26ca3d9161684e2c529082bfd674d5cbe4087bff2e1ddfcc8513e7bbef30bc0372831efdbe2012c7b16a668bf0ee81c5191de78e4ee09127f2d9b5345977fc41874e969d5a68b0f051f6f2fbd8aacc0344dbcb07305eca316009d907a8c50048e3b485bbd9446abd3acaa107d2b4e36efd6e6a4e39dae9610febf0e18e42a4c0e0b050338aabc755611d90a301fd18811081028b38a9cd5ff2fab23c0de7fba45083b1595d63e83290d4699adb09fdbe3b6fc677d3fed1684154ed66b891eeecc26376d7e568e9067d7b96b72eecad90eafbd48a8051eb40cbbe35f2273e49ea1f05a0014b0536caa592507c8880923ee060e81a75cb5147b41b43b3dc42911dee9d5f43b85dc315e900eb4f28b892320299a225d533516909ccb2685a76a1f77df66700f64b2293b616220aeff2530741ab932697b97fd1fda4b4c7c85c598260eafbf4056e358f77bc890c4730716405469220db1c2460f020a6d96e97a067edc6ecfd6f2bc5979a10a03c4ab113538d2318187d031c8411c75bcc2cdfa721e4498a47519c7e716f445da850bed232acd1b3277549bd8bd18faae920f596f33a052f586ade5d3196036b"}, 0x1015)
pipe2(&(0x7f0000000200), 0x4800)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r7 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x2000, 0x0)
futimesat(r7, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)={{}, {0x77359400}})

2018/05/24 23:57:37 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x8000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket(0xa, 0x1, 0x0)
r1 = syz_open_dev$evdev(&(0x7f00000009c0)='/dev/input/event#\x00', 0x0, 0x0)
r2 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0xe81, 0x2000)
pipe(&(0x7f0000000040))
ioctl$ASHMEM_GET_PROT_MASK(r2, 0x7706, &(0x7f0000000100))
write$binfmt_elf64(r0, &(0x7f0000000400)=ANY=[@ANYBLOB="7f454c466f070501050000000000000003003e0000000000050300000000000040000000000000002e030000000000000900000007003800ff849a00000600006004000000ffffff7f0000000081000000000000000000000000000000ffffffff0000000000000000010000000200000000000000cddaeb2974f67da05d242cdbf9000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a280652297ace383e6f577eb8b984ca477604c12185600a0c368b8ad259fc73af91c63dbaf899cf67187cec3065e4ee0d02eaf0736adf1e5f67e644d182d1a6d4a0739c1dacbe369395a35dff279242ba8697325ccccb494992a9158fb0605c161cf344c5608a2474bbdd7555289ea250344ce255c23813ca8f4f31d888524e2843bd8f2f2cd3c9a314d3d288a96fc5b9edde493fa4f5b38e5cfcbdbb7968532008ffca3a4f1c4fedd83b5e35c6e2953b7fe122902cfa"], 0x185)
ioctl$EVIOCSKEYCODE(r1, 0x40104593, &(0x7f0000000140))
dup2(r0, r1)

2018/05/24 23:57:37 executing program 4:
r0 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80}, 0x9}, 0x1c)
r1 = accept4(r0, &(0x7f0000000040)=@sco, &(0x7f0000000100)=0x80, 0x800)
accept4$packet(r1, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000001c0)=0x14, 0x80000)
bind$llc(r1, &(0x7f0000000140)={0x1a, 0x32f, 0x5, 0x8, 0x9, 0x3, @random="db767a87ec9c"}, 0x10)
sendmsg(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000000c0)="571d7d91290d61beff7145763f7a95674c9b61c6e58ba229941a083257dfdd9d4037ad6480bbf0fd", 0x28}], 0x1}, 0x0)

2018/05/24 23:57:37 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]})

[  719.897178] binder: 14773:14775 got transaction with invalid offsets ptr
[  719.931389] binder: 14773:14775 transaction failed 29201/-14, size 24-8 line 2999
2018/05/24 23:57:37 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
pipe2(&(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x800)
ioctl$TUNSETTXFILTER(r2, 0x400454d1, &(0x7f00000002c0)=ANY=[@ANYBLOB="0100f2549a833a94e05c0300ffffffffffff1f7a12d8ce48000000000000"])
getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000040)={0x0, 0x80, 0x10000, 0x800, 0xff, 0x6, 0x9, 0x80000000, {<r3=>0x0, @in6={{0xa, 0x4e21, 0x40, @mcast1={0xff, 0x1, [], 0x1}, 0x3}}, 0x8, 0x3, 0x5, 0xff, 0x89}}, &(0x7f0000000100)=0xb0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000140)={r3, 0xfffffffffffffffd, 0x30}, &(0x7f0000000180)=0xc)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f00000001c0)={0x81, 0x4})
r4 = inotify_add_watch(r1, &(0x7f0000000240)='./file0\x00', 0x289)
inotify_rm_watch(r2, r4)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x880, 0x0)
setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2d, &(0x7f0000000500)={0x0, {{0x2, 0x0, @loopback=0x7f000001}}}, 0x88)

2018/05/24 23:57:37 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x800, 0x0)
accept$nfc_llcp(r2, &(0x7f0000000280), &(0x7f0000000140)=0x60)
connect(r0, &(0x7f00000000c0)=@nl=@kern={0x10, 0x0, 0x0, 0x41a0}, 0x80)
sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x14, 0x22, 0x1, 0x0, 0x0, {0x4}}, 0x14}, 0x1}, 0x0)
madvise(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0)
mq_timedsend(r2, &(0x7f00000004c0)="3c51719db8632af66576783ce2c919ae636fc3befeba5815e75e4f469450e6be6f2a4e005af1ef900ef0d1f764f1b20d284cf8eb6b0688b03b5b65d4b6c1672cf34f192142bed8bc5d3a9c6891bd3547717de99707cb86bb1b6aa2628be7ba463df214e2061193e3dd094aa26cf96b15956def779c3948f753f5029f08f9373bbc523f2ad389849ac6df7e512ed2e0924197fcec3ebcbf523c89f80475d5d46e744c0a52efb3cb0986ffde485bc7eba5c031bbae3bd05a71379ceb9299fde048183754bbe25ce9754ff23f82f8983e4abac450ccd348bb56249df05b09cd0d8260132867feb7de88d0ea51bd571da0cec1581e792da481599a00e9c473083ee6589b21e19ef4259b497564abb3d9cf4406b3036a20b9071bdb707c3eeaa7652bbbfa23be1c2e32e593afe06ff2a9195489956de461486d9d06e173930ccc2c0aedef20f0c310e54ef6b1e8ba9b18f13f853fc06d99649c9ef8b92a89ee6ec01cf326ca5f0579a3bfc4c3fc174b0a95ee3ea494e280ff3359058800f2b3d9bb81f0f3983b8c87749258001ecb8969b454aad4d27b59a38ab5f9d319ecdf9db5c318ff202bc4b75c61e47ef3d88c75ced30c9242629ef2b5e1880f2d60d7fe32f1934f90bc49c63ece0fd0f546c1ecfbe52f01c64aa04aee07290bee66ecf21391b0519e8dead8e0ee73f9256126035a3226300a08364afb689139ba05b103fc350bc65a87cb9eadffaaaca4a38b2cede65418f05afa22c667aa9cdb04c76571ef0e9aa7c3c8807b00242ed2b73377f20480cf4985bc586ad0cb74c6d97da2deee41b6d88580490a619917e5108a716d0a3a644d50e0282f258fe9c3aeab7fe92e91f6dd78d1c45b021570f50d53071d238cb7e5c9195e8f8b1d1409916732c805188da5eed46f8f414ad68065e466e6e3cee9de04421537afeebed4d58cf196a8a3c4f6153a325fe7ef963baaa915e42740019727f64a7377cb87e07ebf46bb0bc52174487331d693ead3b2995a4314c85f82c62cf592bd92c3116ffe3ff828b8386e2c9ad424e5b5e7a85d1d38cd845428ac3ddc4aaa2a1d776bfe9a37fb72cf7e3083fabc025481676f8115cc9da9bd67c6759558260fe59c953e3ea06b74051da8d4d3b7e497155ae91fd39c05af2bb35e667b0c83d6a09e1589db8540fa5318a836473c9ae13abb1c311ef71d70a0476030062901a2a46183db5918c858c5a65c46ec4405c3799bf39477887bc4f0e19460fe32d8e0367291afe0b5b933d91eaf7502f74c43233bfe83fb3b8186519b86710637410d9622bd6a8c311071d4d3efdaa21528632e61d67970ee7e311be76431907ad7d158a01a1f2a196a32d84d0b619ca19a09373ac89f2c885534fab05a03f447a78adb1bebc5667315c404bbf7be53b469241692e2dcf968f44cd38c0be9853d5ed9de8901943dbaed909c5448d80193a60b0f9b6a448a0f05ce7f61c09321ed71e3dd9194d05914fe8e3c0cf783be5c97f51fb592dcff2a9c51a307e4f3741ea6ecc121484f0bc5af97607c51ec5153ec72499ac376b0dfdf72208423b06c92380272747521e321f4537b66a2e7fca4d6014d500626668505aeacde97b6410f0b6d6e1576f75cdcf96ad28b8957287eaed905654449e258a7beb3a96734315b611c0e9701d7009e1a70c808730bf14f42a2a6ad08cdf4fe9e1aab38203fbacb444df218248525f0d8acc212c5dd0355d5d9e6c896277332378ebe8f33d47bfb3125264c445a075e515b4d875649d764d7e9d5b29c50a9cc5af993ee9afc0068ec1913d567b869eaff9df097832024b79d46c975c4ab3e529e14d19eeb70cf4c061ed7967ce904d1cb1194a0d5090653c305ceb0432d2b9d28c7eebfd3247951192ab93025911cf852548911337ec899035bd3697f6688d84a04bf0dba2d36fc7d09eab5985daeab52aff151071d6d6ee7ba6ae2f68bee80cbb1ba42dc384022b4bb9de38f44c7d1f90bcc54b26b6d25a620c858354994628c241d31f10463ac554e771aee20ce2252fad65cdfaf71cb3c9cd82bc91fcf1e0ebab728387934f3f2e604298961e6bd5663c0077f0d84c08fbde9e5ac9b0da0b4c98e5672c310db350c4c787776dc2c6510ac6d0436ccc83f546024cf409688e5a2f6d4f95d8019716e0c921c2881b93d2ecc82c83c1128cb1a7be94ed8a7e71b1b8454c9139afb88f5e7e394efc5a8857762dc00881269553e59a035a8715905c5c1eea4ca50aede9f21b976aaa141622c82e67d26d8e37630bc9b0d1ef9104526e194fbb9bc2773e2e4d5febc207669e75908e5bcc1dd088da555f9236db37ad110b1e4280bdf52c44bfeb34f9fed0f08beb1c59b94d818d37130bf8f6f63239c13b048268a1312684211a7400f43f9eca16f1e4358501f9fe83a909fffae94727ef90d4c41aaceaf104d4cad41c3718a215a10341d0bf43f370a50efe6eb6c034158bdc01c8f2dfdd35fdd0978070a875418ae9b42beb53a7190c259ce84ea18b913a235912ee54eec62fcd0deb0f9aeab6adfeaadc2bb171b1460112720d4e966edc282085576be329f6f73c87f94dd2d4a31cc6870d56fbe7d0a0821fc36430696b07b84438f7c8a9dfa3d07c3b5534d18377c2e2797b351bd092076fb3af51b1ce27d8ec4fd890523547609f9ad35bd64b51f71596d3c57a9803c0fbf8a3a854579b508c7fcdf24213efdf538c40e72e6bbeb7ccee420758f2cdfecc7b4fec791d53eecad02d10497c1db87c2b8acae472f10c08d6fe6d2c17730195948b9fa5b9d553fd559095481983e4a515d86c485177abb2864389206d93b2e0d752bccfe925157d2c79223c64e17c1dff73858f4c32be6c3b0f65508a8716b052c28b9461c1248970d2d545fb1907c217ec07599c21401cecbbd79b682cceeed6bb1d7e3e414de9fa9c041a57547ce7e8395f0e6fa474297135fa4df3b7d137d492234a00d41a89e7c21e836f4e734860de2b10acc7c43c398f0a15ade90c5ed65ab274675b895a096a3466ee68bdab4290778e359f3a65adf787354fcfb5e2414328a8678501bfa4f541fec9946e59436ed1686cd8c1e5d0655805ac9b057fbfe86fc17b00b995a6e05daeb39cd204ef436e444b7ae2162ddbe6c11b5bbeccde89941aa00eb37337054bbd07e97a68241a2c2df175e324763ff5e4ea505f2c4236e38a8ae22590dedb036455678283d1533dd919926296fa539c2e256be7be57c0ae9a01b4d3ff82bf207fd48b8b565f2cd98d78974626737f668e5ffb03f1193fdba82e604becf7ddb0ac663c48f5f778d0be7180220d2dfe1ca92955c323b81c5edaea617d77095e6bf81e8b4841e049d3be23b4f005dd8edb2aa90c26c1e9fc7f6543f5daa281185539d2abd41be9b10160731227b51b8b1b7a7800dabae9d90f53b6661491d191218e2c7c47af202427cbc53e0c0f16a0dd22af4ba421cd83c84c70152cfaed991f37a97d0730d4e4b9e3493df33300ebfc2e30cb0c85b440f52c6c246721fece3e2c188bfb49a02a5fdf6ca7144a56fc7fe3b0d8d5731bdc6e73c941f262e2787209d4c9a3eb7d39554f3932af13d2e623f6324433fdc3bdcc4b3d086d32b40a9d083bdde8033912b5118b1dbdbaedefdb47e2d6211fd1fec29352cc84abc708c77002449029c975882d1fca12c22070fe2e30192d1058b438b9d386fd4e76502a719aa573c2973dabab0d98dda8767ebee67f254b9b147bee457f483e70d8b2c4d633b0ce3eadf1461b868412c75e68b3bd56a19aaad7072f4fa1c0fc12411f9572dee4f8c2f438e76ef83a8f95c7dbdf1535fdb41c41536e28afefb7f3c125243c61228414fff894750434515689f7aebd10b5cbdd9b8769114ec297fc9d3542ea86fe664f163bcf2abba68a152976037debce6e3c9cc8d2c7646e56c93f98fb49782f2228d1ed34db4c8b37d2c84a7e1ea4da4963c3ecfad05fe2c855f43084d79314591341220207c61f2e9b1eaadbb853ea9ab68cdd3d55103e80e4b0299ce3216d4e5539fe2cb41935f10adbbcfda1d06160e260acf0031f456af19d23e55395c29cfe63868d524c361de792027e4fed7253cb8345c7bd5fd1885057a6ee83720a8baab7fdf956dcc56eb1e04f3124c147a1d77e89a9647bc2610a951f1519f99fa79213a7b5a0cfc3ce2a105dc8cec89218a0ef4303c1c065a198e423c3fda08e4fa466150181ed9fe59572ac4fcd3887e47e117f5dd87aeee6e27edf218168e4d1b59e9ce7dc236677b377b8bfcaeb61a95028258f8580d0386ba64af42ffa337d9e50b49497f5707d6d6a1ccb9a852c40ffacaa39a4e07986257bd772278bbc0b1e487dd0341e4325d931f06ec5929f9a1d64364e7e3c3d311d595cc6e4345f344ad0ecbc99fc3488d7e1301d5dbbf6d05a219871e6060b98e3835db6c26b844cee1bc5fc2945ce694de7c12a27a7c9c050bc3fd1ba5ab978d1f22f1aba2dc5759cee485742cb0d8c764032eed169a32a6d997a814c23617125caa7cf336951717b5cf6b6c93e9e94818b934d553316bff0464c518937cd02447a3adf53643c54afde8aee116aae0e2807931a4322fc196410445a80da2c00ce484772838e06c6927f578ae46c8da6454b228c7832f39fa8bccdec999d1f88c8d31d2b8eafd4249d990f8477b01066003785603a2dbe4fbee1ceed4477ad644e928e592cbd193140e8411f3de931c0001d2a9492ed578996a5a18f1f06a64fb31e84daf5b408deb04923610a14c6525a835ccab2a2928bc103a3a4110852fdc870dc79857cee2fb2476663be714dee612df16c5bacb4e800cb16964c1c0e245d7e6c98bd3bf0ed0182be3797d97944977ccde77e94c87c026a1b9d77815bf24cafed26003ea7f8546bc63e9a82147c5ce2b8499fa4da43d2284d09c60e998031b560e6e317d0152376d3aeadcf55b49456f88abcc5b7f7e7f5a6384df2e30e65cef6269c4dae96d152099b375648ddf10d796c33cb2fee451c28cbf6b6cd884b64504c8617da95a350726eac5d6b4999169bdbf420b88503e0acd154ed51b94a340b8300b87d52a5c3f350cae46d32d6eae25b91b4a19752b036299a2cd0244edf3eabfd87bf0d28339d8da2857e69c77bce4fc6575d5906d5c8a8e1da5d21f8a5878cc4e61020ec75a84b998185b067d53c66fea1cdedcc6c711b5427f7635a48a028e817a7c3207e9b5aa49f31e7564ddd323b4cc60e5147c12c73d50a969de443a21bcdc9035cef16b599ac0a33d37cbd4ad2071ef219ecddac44a62af7ffaaa98ab513e1b85f9814764f9477d767f2df888ebcd820d153589df9574827a6c361a2b8724b54d6204cf8f35b7f694ea8bdc7903f680c305be355ce98d77e9898ccbcd5954cab3b3bc2e20a954b5f03deb1a58facd7daebffb20b96795fafc3d3f5ef30207568638edebe3bf2fb79c0ed4e4ea60cd1d172fa2e842af6e53b8b1e5d65d9987b3416aa3b2a8617d3156f716bb6def11767c9e610272ac20e373cd4975cffaa8bfae2066a406902305d698e05b1ba7335df12ab62ecc346e5c452e62e692417e30ec61d8baef495f8078074ed33063f914e68d1fdba515adef4f5eb28d2f6442b865774a8db413a276519faaef654ae499a17008327cdeca9d2a4bfe642b7c036d14970509c2d82949c25e106f5277a0be283762e60825db8c555d49b8cb48f99e9b39f9ae06772abdf9464aad04770fe4dbef1cdb48a5f5dcc093bcece064827bc67f68a7dd7d315245150e26c51bfd91ec3884598f0a4258d0474c594cd5fb1fb41bf9e5fd", 0x1000, 0x4, 0x0)

2018/05/24 23:57:37 executing program 3:
r0 = perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = dup3(0xffffffffffffffff, r0, 0x0)
fcntl$F_GET_FILE_RW_HINT(r1, 0x40d, &(0x7f0000000100))
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vhost-net\x00', 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_NUM(r2, 0x4008af10, &(0x7f0000000000))
prctl$setendian(0x14, 0x2)

2018/05/24 23:57:37 executing program 5:
r0 = perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2403, 0xffffffffffffffff)
keyctl$session_to_parent(0x12)

[  719.962994] binder_alloc: binder_alloc_mmap_handler: 14773 20001000-20004000 already mapped failed -16
[  719.991493] binder: BINDER_SET_CONTEXT_MGR already set
[  720.026171] binder: 14773:14775 ioctl 40046207 0 returned -16
2018/05/24 23:57:38 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffff9c, 0x84, 0x1a, &(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], &(0x7f0000000340)=0x1)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x0, 0x0, &(0x7f0000000040), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x0, 0x0)
recvfrom$unix(0xffffffffffffffff, &(0x7f0000000580)=""/4096, 0x1000, 0x0, &(0x7f0000000080)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  720.143198] binder_alloc: 14773: binder_alloc_buf, no vma
[  720.148972] binder: 14773:14814 transaction failed 29189/-3, size 24-8 line 2971
[  720.280159] binder: undelivered TRANSACTION_ERROR: 29189
[  720.286692] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:38 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)=@newlink={0x28, 0x10, 0x101, 0x0, 0x0, {}, [@IFLA_AF_SPEC={0x8, 0x1a, [{0x4, 0xa}]}]}, 0x28}, 0x1}, 0x0)
setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000040)=0x4, 0x4)

2018/05/24 23:57:38 executing program 3:
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000032ff4)={0x2003})
mprotect(&(0x7f0000032000/0x1000)=nil, 0x1000, 0x5)
setitimer(0x0, &(0x7f0000032fe0)={{0x0, 0x2710}, {0x77359400}}, 0x0)
r0 = accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000080)=0x60)
r1 = fcntl$dupfd(0xffffffffffffff9c, 0x406, 0xffffffffffffff9c)
r2 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x2, 0x40000)
r3 = socket$bt_hidp(0x1f, 0x3, 0x6)
r4 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0)
ppoll(&(0x7f0000000140)=[{r0, 0xd404}, {r1, 0x10}, {r2, 0x200}, {r3, 0x58}, {r4, 0x2000}], 0x5, &(0x7f0000000180), &(0x7f00000001c0)={0x7}, 0x8)

2018/05/24 23:57:38 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000000000]})

2018/05/24 23:57:38 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="006340400000000000029e9c00000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:38 executing program 1:
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f0000a1cffc))
madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008)
clone(0x0, &(0x7f0000b53000), &(0x7f000084effc), &(0x7f0000c35ffc), &(0x7f0000b3bfff))
openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x2080, 0x0)
perf_event_open$cgroup(&(0x7f0000000040)={0x5, 0x70, 0x80000000, 0xc, 0xff, 0x5, 0x0, 0x0, 0x60404, 0x0, 0x80, 0x2, 0x1, 0x7ff, 0xffffffffffffffff, 0x4, 0xc0, 0x401, 0x7, 0xf0b, 0x8000, 0x81, 0x100000000, 0x2, 0x4, 0xa89, 0x7, 0xfffffffffffffff9, 0xb18, 0xc9, 0x5, 0x5, 0x3, 0x200, 0x8, 0x8, 0x2e3, 0x38a, 0x0, 0x4, 0x1, @perf_config_ext={0x0, 0x1}, 0x1000, 0x3, 0xa61a, 0x7, 0x20, 0x2db1, 0xfe5b}, 0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x3)

2018/05/24 23:57:38 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
writev(r0, &(0x7f0000fdbff8)=[{&(0x7f0000000000)="290000002000190000003fffffffda060200000000e80001040000040d001400ea1100000005000000", 0x29}], 0x1)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000280)={<r1=>0x0, 0x55, "0419251937f23c9852377933ee89bd34e765ba7673bf27a09607056d28ce7c49811f3016dd7904d3125398c3264cda7bc5fcaf3259a85778a75b982ea2574566952437803891603b10ea2e90bdfea5964b3a3edc0e"}, &(0x7f0000000300)=0x5d)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000340)={0xfffffffffffffff8, 0xa, 0x100000001, 0x20, r1}, 0x10)
r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sys/net/ipv4/vs/expire_quiescent_template\x00', 0x2, 0x0)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x200800, 0x0)
clone(0x8000000, &(0x7f0000000100)="12e4b2652841c39929c1057a302e644b291b655683206375e74c2949c63928b18ef4963a6ecac5b82be8fe86df1781a8cdb8e67fd0ebe62ccfa0e8d47e76c1aec7c7c1bc0578d3611d2881669590a7c2f1bc4c5654e9c1d1", &(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000200)="0ee4b3a9c9ad1eff020e8cfb6bd85973d9b883d468c80ff6df640a6ca7fd2f26ba7e4a23da49dfd66465ace99eabac93336cb73697a37172823681e190b04d0729898a57d3e19ad15c9c2cfd0ee479e502836c7f0db744bc884303ab374649703e2b79ec8e61fc72f00cd17433e1fe9546201d")
socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f00000000c0)={0x0, r3})

2018/05/24 23:57:38 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000080)={0x1, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, {0x2, 0x0, @multicast2=0xe0000002}, 0x134, 0x1e1260, 0x0, 0x0, 0x0, &(0x7f0000000040)='team_slave_1\x00'})
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x7, 0xffff, 0x4}]}, 0x10)

2018/05/24 23:57:38 executing program 0:
r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0)
fcntl$setlease(r0, 0x400, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0x40405515, &(0x7f0000000000)={0x7, 0x0, 0x101, 0x5, "8845f950c5cdae7aeabe74265da7cb2a1b12b00d4a0b1d67e1d031d168ad27da935243a3db3af3ef3be07bd6", 0x9})
fcntl$setsig(r0, 0xa, 0x1d)
rt_sigprocmask(0x0, &(0x7f0000032ff8)={0xfffffffffffffffe}, 0x0, 0x8)
rt_sigtimedwait(&(0x7f00005a1000)={0xfffffffffffffffd}, &(0x7f0000d31ff0), &(0x7f00007adff0)={0x77359400}, 0x8)
open(&(0x7f0000000040)='./file0\x00', 0x8803, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000080)={0x2, 0x99})

[  720.400216] binder: 14835:14842 got transaction with invalid offsets ptr
[  720.438203] binder: 14835:14842 transaction failed 29201/-14, size 24-8 line 2999
2018/05/24 23:57:38 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x5, 0x0)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x800, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f0000000040)='\x00')
getsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
madvise(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4)

2018/05/24 23:57:38 executing program 3:
r0 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r0, &(0x7f0000000200)="739da6ef90e8cf7c67c297f9adf228c63380336bc1c344e91ec59d786d17972e3af4cdd693f1a690e1f824ebcc0a2a8a2af9148fc8e2e2facdcac559b5f818a1f24aaa30e9dce79de177e804fab733c06614680094fbe19d033c077dbe930c1862afd18e9fdaadd09054f3161b1a0b6d73eb0434daf273c5d900a8d21078ddb11c640cb2e83052bf916c061b5a1627bfdb27a684484dba67e3498b22b86ff3afc63bd47312f75e73f1461ada18818f8656e8c5a8b35b84c76eb6a7ff199a395838c46b0b00f043e716a8957862f14799e447f8ace3", 0xd5, 0xbdc04e5b8fa7a1d, &(0x7f0000000100)={0xa, 0x4e24, 0xa9, @mcast1={0xff, 0x1, [], 0x1}, 0x7fff}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000000)={{{@in6=@loopback={0x0, 0x1}, @in6=@dev={0xfe, 0x80}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x1c}, {}, {}, 0x0, 0x0, 0x1}, {{@in, 0x0, 0xff}, 0x0, @in=@multicast2=0xe0000002, 0x0, 0x0, 0x0, 0x7}}, 0xe8)
syz_open_dev$urandom(&(0x7f0000000140)='/dev/urandom\x00', 0x0, 0x2000)
sendto$inet6(r0, &(0x7f0000000140), 0x0, 0x0, &(0x7f00000001c0)={0xa, 0x4e21}, 0x1c)

2018/05/24 23:57:38 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket(0xa, 0x1, 0x0)
r2 = memfd_create(&(0x7f0000000000)='{/,ppp0-,\x00', 0x2)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000080)={0x0, 0x10001})
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r3 = socket$kcm(0x29, 0x1000000000000005, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x4020940d, &(0x7f0000000040)={r0})

[  720.463356] binder_alloc: binder_alloc_mmap_handler: 14835 20001000-20004000 already mapped failed -16
[  720.540774] binder: BINDER_SET_CONTEXT_MGR already set
[  720.546315] binder_alloc: 14835: binder_alloc_buf, no vma
[  720.552061] binder: 14835:14850 transaction failed 29189/-3, size 24-8 line 2971
2018/05/24 23:57:38 executing program 4:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0xb9f6, 0x902)
ioctl$PIO_UNIMAPCLR(r1, 0x4b68, &(0x7f0000000040)={0x10001, 0x7ff, 0xc})
r2 = userfaultfd(0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000003fe8)={0xaa})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r3, 0x84, 0x8, &(0x7f0000013e95), 0x4)
sendmmsg$inet_sctp(r3, &(0x7f00000006c0)=[{&(0x7f0000000080)=@in={0x2, 0x0, @multicast2=0xe0000002}, 0x10, &(0x7f0000000480), 0x0, &(0x7f0000000600)=[@authinfo={0x12, 0x84, 0x6}], 0x18}], 0x1, 0x0)
close(r3)
r4 = syz_open_procfs(0x0, &(0x7f0000000100)='numa_maps\x00')
ioctl$sock_SIOCGIFBR(r4, 0x8940, &(0x7f0000000180)=@add_del={0x2, &(0x7f0000000140)='gre0\x00', 0x1})
close(r2)

2018/05/24 23:57:38 executing program 1:
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f0000a1cffc))
madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008)
clone(0x0, &(0x7f0000b53000), &(0x7f000084effc), &(0x7f0000c35ffc), &(0x7f0000b3bfff))
openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x2080, 0x0)
perf_event_open$cgroup(&(0x7f0000000040)={0x5, 0x70, 0x80000000, 0xc, 0xff, 0x5, 0x0, 0x0, 0x60404, 0x0, 0x80, 0x2, 0x1, 0x7ff, 0xffffffffffffffff, 0x4, 0xc0, 0x401, 0x7, 0xf0b, 0x8000, 0x81, 0x100000000, 0x2, 0x4, 0xa89, 0x7, 0xfffffffffffffff9, 0xb18, 0xc9, 0x5, 0x5, 0x3, 0x200, 0x8, 0x8, 0x2e3, 0x38a, 0x0, 0x4, 0x1, @perf_config_ext={0x0, 0x1}, 0x1000, 0x3, 0xa61a, 0x7, 0x20, 0x2db1, 0xfe5b}, 0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x3)

2018/05/24 23:57:38 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]})

2018/05/24 23:57:38 executing program 3:
setsockopt$netlink_NETLINK_RX_RING(0xffffffffffffffff, 0x10e, 0x6, &(0x7f0000000080)={0x7}, 0x10)
r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cuse\x00', 0x40, 0x0)
r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffff9c, 0x4c82)
ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/autofs\x00', 0x1000, 0x0)
ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000140)={0x0, 0x7fff, 0x5})
getsockopt$ARPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x63, &(0x7f0000000000)={'NETMAP\x00'}, &(0x7f0000000040)=0x1e)
ioctl(r2, 0x800000000000937e, &(0x7f0000017000)="010000000000000018")

2018/05/24 23:57:38 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text16={0x10, &(0x7f0000000140)="6766c7442400090000006766c7442402003800006766c744240600000000670f011c240f01c8f32eddb23d970f2227650fc76d000f0d910000f4f4baf80c66b8b2b59a8c66efbafc0cedbaf80c66b8580ab28266efbafc0c66b84600000066ef", 0x60}], 0x1, 0x80000000000005d, &(0x7f0000000100)=[@cstype0={0x4, 0xd}, @cr4={0x1, 0x50100}], 0x2)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x3, [{0x0, 0xeeb1}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, {}]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = syz_open_dev$audion(&(0x7f00000001c0)='/dev/audio#\x00', 0x2, 0x2000)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ptmx\x00', 0x80000, 0x0)
ioctl$TIOCMBIS(r3, 0x5416, &(0x7f0000000200)=0x1)

[  720.590908] binder: 14835:14842 ioctl 40046207 0 returned -16
2018/05/24 23:57:38 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000000000007a00000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

[  720.667549] binder: undelivered TRANSACTION_ERROR: 29189
[  720.677996] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:38 executing program 2:
prctl$intptr(0x1c, 0x64)
capset(&(0x7f00002d0ff8)={0x19980330}, &(0x7f0000cc0000)={0x0, 0x1, 0x5})
r0 = perf_event_open$cgroup(&(0x7f0000000040)={0x0, 0x70, 0x8, 0x3e, 0xb0d, 0x81, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x5c, 0xd1a0, 0x1000, 0x8, 0x5, 0x7, 0x3, 0x7, 0x5, 0x4, 0x400, 0x1f, 0x3, 0x4, 0x6, 0xfffffffffffffffa, 0x7ff, 0x1, 0x401, 0x7, 0xb5d3, 0x1, 0x9, 0x25, 0x2, 0x40, 0x0, 0x101, 0x0, @perf_bp={&(0x7f0000000000), 0x5}, 0x8000, 0x6, 0x9, 0x2, 0x6, 0x7, 0x7fffffff}, 0xffffffffffffff9c, 0xc, 0xffffffffffffffff, 0xa)
r1 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ppoll(&(0x7f00000000c0)=[{r0, 0x80}, {r1, 0x42c}, {r2, 0x4000}], 0x3, &(0x7f0000000100)={0x0, 0x989680}, &(0x7f0000000140)={0x2}, 0x8)
prctl$intptr(0x200000002f, 0x2)

[  720.761976] binder: 14884:14885 got transaction with invalid offsets ptr
[  720.805110] binder: 14884:14885 transaction failed 29201/-14, size 24-8 line 2999
[  720.829613] binder_alloc: binder_alloc_mmap_handler: 14884 20001000-20004000 already mapped failed -16
[  720.857522] binder: BINDER_SET_CONTEXT_MGR already set
[  720.888443] binder_alloc: 14884: binder_alloc_buf, no vma
[  720.894653] binder: 14884:14901 transaction failed 29189/-3, size 24-8 line 2971
[  720.905158] binder: 14884:14885 ioctl 40046207 0 returned -16
[  720.924363] binder: undelivered TRANSACTION_ERROR: 29189
[  720.924619] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:39 executing program 3:
r0 = socket$inet6(0xa, 0x3, 0x4)
sendmmsg(r0, &(0x7f0000006b40)=[{{&(0x7f0000000280)=@in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}, 0x80, &(0x7f0000000240), 0x0, &(0x7f0000001280)}}], 0x1, 0x0)
r1 = socket(0xa, 0x2, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
ioctl$sock_inet6_udp_SIOCINQ(r0, 0x541b, &(0x7f0000000080))
recvfrom(r0, &(0x7f0000000000)=""/68, 0x44, 0x40010160, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x6f3000)

2018/05/24 23:57:39 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe800000000000000]})

2018/05/24 23:57:39 executing program 2:
creat(&(0x7f0000000000)='./file0\x00', 0x1)
pipe2(&(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
poll(&(0x7f0000000080)=[{}, {}], 0x2, 0x0)
vmsplice(r0, &(0x7f0000000080), 0x17f, 0x0)

2018/05/24 23:57:39 executing program 1:
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f0000a1cffc))
madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008)
clone(0x0, &(0x7f0000b53000), &(0x7f000084effc), &(0x7f0000c35ffc), &(0x7f0000b3bfff))
openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x2080, 0x0)

2018/05/24 23:57:39 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000000012000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:39 executing program 5:
mmap(&(0x7f0000ee5000/0x2000)=nil, 0x2000, 0x5, 0x2aeb4800bb21a972, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x8000000000c000, 0x0)
setsockopt$IP_VS_SO_SET_ZERO(r1, 0x0, 0x48f, &(0x7f0000000040)={0x8, @local={0xac, 0x14, 0x14, 0xaa}, 0x4e21, 0x1, 'none\x00', 0x10, 0x8, 0x21}, 0x2c)
setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000ee5000)={{0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}, {0xa}}, 0x5c)
setsockopt$inet6_MRT6_DEL_MFC_PROXY(r0, 0x29, 0xd3, &(0x7f0000ee5000)={{0xa}, {0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}, 0x5c)

2018/05/24 23:57:39 executing program 4:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x141600)
ioctl$sock_inet_SIOCGIFADDR(r1, 0x8915, &(0x7f0000000040)={'bridge_slave_0\x00', {0x2, 0x4e22, @remote={0xac, 0x14, 0x14, 0xbb}}})
fallocate(r1, 0x2, 0x4, 0x8)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000001c0)={<r2=>0x0}, &(0x7f0000000200)=0xc)
fcntl$setown(r0, 0x8, r2)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000080)={0x37, 0xfe, 0x1ead3598, "ca38fb7079f926f8c391e0139a72638731e4a60e93054d3316c20622c8e8318e14bfac15f200cdc9bc8c07c9cb4eb43cc2132080540833"})
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000002c0)="6f6f040000004abb4ef84c9112976a00")
write$eventfd(r3, &(0x7f0000000180), 0x8)

2018/05/24 23:57:39 executing program 0:
r0 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2)
r1 = inotify_init1(0x7ff)
fallocate(r1, 0x0, 0x0, 0x6)

2018/05/24 23:57:39 executing program 3:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x1810c0, 0x0)
getsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x7d, &(0x7f00000000c0), &(0x7f0000000100)=0x10)

[  721.609921] binder: 14912:14915 got transaction with invalid offsets ptr
[  721.644840] binder: 14912:14915 transaction failed 29201/-14, size 24-8 line 2999
2018/05/24 23:57:39 executing program 2:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000500)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$sock_inet_SIOCSARP(r0, 0x40046104, &(0x7f00008da000)={{0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0xfe]}, {}, 0x6c, {0x2, 0x4e24, @loopback=0x7f000001}})

2018/05/24 23:57:39 executing program 5:
socket$packet(0x11, 0x3, 0x300)
r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x8240, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r0, 0x7709, 0x0)

2018/05/24 23:57:39 executing program 0:
unshare(0x2000400)
r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x600800, 0x0)
fcntl$setflags(r0, 0x2, 0x1)
r1 = socket(0xa, 0x1, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x0, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
fgetxattr(0xffffffffffffffff, &(0x7f0000000140)=@random={'trusted.', 'cpuset\x00'}, &(0x7f0000000280)=""/214, 0xd6)

[  721.681248] binder_alloc: binder_alloc_mmap_handler: 14912 20001000-20004000 already mapped failed -16
[  721.726564] binder: BINDER_SET_CONTEXT_MGR already set
2018/05/24 23:57:39 executing program 4:
r0 = socket$rds(0x15, 0x5, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x80800, 0x0)
getsockopt$inet_mtu(r1, 0x0, 0xa, &(0x7f0000000040), &(0x7f0000000080)=0x4)
bind$rds(r0, &(0x7f000001cff0)={0x2, 0x0, @loopback=0x7f000001}, 0x10)

[  721.762019] binder: 14912:14915 ioctl 40046207 0 returned -16
2018/05/24 23:57:39 executing program 5:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffff9c, 0x8933, &(0x7f0000000040)={'vcan0\x00', <r1=>0x0})
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000000c0)={0x0, <r2=>0x0}, &(0x7f0000000100)=0xc)
setsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000140)={{{@in6=@loopback={0x0, 0x1}, @in=@loopback=0x7f000001, 0x4e20, 0x8e, 0x4e20, 0x4, 0xa, 0x20, 0x80, 0xc, r1, r2}, {0x0, 0x6, 0x5, 0x80000000, 0x8, 0x0, 0x27d, 0xfffffffffffffffa}, {0x4, 0x401, 0x8, 0x2}, 0x7, 0x6e6bbd, 0x0, 0x0, 0x1}, {{@in=@local={0xac, 0x14, 0x14, 0xaa}, 0x4d2}, 0xa, @in=@loopback=0x7f000001, 0x3507, 0x3, 0x3, 0x7, 0x7, 0x61ed, 0x6}}, 0xe8)
bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10)
sendto$inet(r0, &(0x7f0000a88f88), 0xffffff2b, 0x20000800, &(0x7f0000e68000)={0x2, 0x4e23}, 0x10)
setsockopt$inet_tcp_TLS_TX(r0, 0x6, 0xc, &(0x7f0000000080)={0x303, 0x33}, 0x4)

2018/05/24 23:57:39 executing program 3:
mknod(&(0x7f0000000ffa)='./bus\x00', 0x1000, 0x0)
r0 = open(&(0x7f00000001c0)='./bus\x00', 0x800, 0x0)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000000)={<r1=>0x0, 0x9, 0x5, [0xfffffffffffffffe, 0x3, 0x0, 0x3f, 0x102000000]}, &(0x7f0000000040)=0x12)
ioctl$IOC_PR_PREEMPT(r0, 0x401870cb, &(0x7f0000000240)={0x1, 0xe0000000000, 0x7, 0x3})
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={r1, 0x2}, &(0x7f0000000200)=0x8)
ppoll(&(0x7f00000000c0)=[{r0}], 0x1, &(0x7f0000000100)={0x77359400}, &(0x7f0000000140), 0x8)
creat(&(0x7f0000000180)='./bus\x00', 0x0)

[  721.811487] binder_alloc: 14912: binder_alloc_buf, no vma
[  721.817211] binder: 14912:14930 transaction failed 29189/-3, size 24-8 line 2971
2018/05/24 23:57:39 executing program 0:
r0 = socket$kcm(0x29, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f00000015c0)={&(0x7f0000000040)=@pppoe={0x18, 0x0, {0x0, @link_local={0x1, 0x80, 0xc2}}}, 0x80, &(0x7f0000001380)=[{&(0x7f00000012c0)="97", 0x1}], 0x1, &(0x7f0000001400)}, 0x0)
sendmsg$kcm(r0, &(0x7f0000001240)={&(0x7f0000000100)=@sco={0x1f}, 0x80, &(0x7f0000001200)=[{&(0x7f0000000200)="d8", 0x1}], 0x1, &(0x7f0000001600)}, 0x0)
close(r0)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x20000, 0x0)

2018/05/24 23:57:39 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc00]})

[  721.956670] binder: undelivered TRANSACTION_ERROR: 29189
[  721.975587] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:40 executing program 4:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000028c0)="b7f2288a", 0x4)
bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sm4-generic\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
write$binfmt_script(r1, &(0x7f00000000c0)=ANY=[], 0xfffffd8a)
poll(&(0x7f0000000280)=[{r1}], 0x1, 0x0)

2018/05/24 23:57:40 executing program 1:
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f0000a1cffc))
madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008)
clone(0x0, &(0x7f0000b53000), &(0x7f000084effc), &(0x7f0000c35ffc), &(0x7f0000b3bfff))
openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x2080, 0x0)

2018/05/24 23:57:40 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000000600000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:40 executing program 2:
r0 = socket$inet(0x2, 0x3, 0x2)
r1 = open(&(0x7f0000000100)='./file0\x00', 0x20003, 0xa0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)="6260696467653000001000", 0x10)
getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r1, 0x84, 0x20, &(0x7f0000000000), &(0x7f00000000c0)=0x4)
sendmsg(r0, &(0x7f0000000480)={&(0x7f0000000200)=@in={0x2, 0x0, @multicast1=0xe0000001}, 0x80, &(0x7f0000000400)}, 0x0)
socket(0x11, 0x0, 0x200)

2018/05/24 23:57:40 executing program 0:
clone(0x0, &(0x7f0000000000), &(0x7f00000001c0), &(0x7f0000000200), &(0x7f0000000240))
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000000)={<r1=>0x0, 0xb, "b97ac15e1274b313f31390"}, &(0x7f0000000040)=0x13)
restart_syscall()
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000080)={r1, 0xfffffffffffffff8}, 0x8)
ioprio_get$pid(0x2, 0x0)
sync()

2018/05/24 23:57:40 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe800]})

2018/05/24 23:57:40 executing program 3:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(aes)\x00'}, 0x58)
bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-avx2\x00'}, 0x58)
r1 = memfd_create(&(0x7f0000000000)='sha384-avx2\x00', 0x2)
ioctl$SNDRV_CTL_IOCTL_TLV_READ(r1, 0xc008551a, &(0x7f00000001c0)=ANY=[@ANYBLOB="7a97d27a1c00000001000000530d00007f000000ff010000018000006a180000ff0f0000e8ece3b9d3cca701e78eeebf0f7e7fa0248425921760386aa9fc4a24ff6762e3ff1e5dc39fd098a0a9742f16f05568e38d1e93367da33e511a83204d50250acae8"])
r2 = syz_genetlink_get_family_id$team(&(0x7f0000000100)='team\x00')
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000001840)={'team0\x00', <r3=>0x0})
getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000001880)={{{@in=@loopback, @in6=@ipv4={[], [], @dev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in=@broadcast}, 0x0, @in=@dev}}, &(0x7f0000001980)=0xe8)
sendmsg$TEAM_CMD_NOOP(r1, &(0x7f0000001b40)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000001b00)={&(0x7f00000019c0)={0x140, r2, 0x700, 0x70bd28, 0x25dfdbff, {}, [{{0x8, 0x1, r3}, {0x124, 0x2, [{0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, r4}}, {0x8, 0x7}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x3}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x9}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x4}}}]}}]}, 0x140}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r5 = getpgid(0x0)
ptrace$getregset(0x4204, r5, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=""/6, 0x6})

2018/05/24 23:57:40 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0x0, 0xfffefffffffffff5)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000200)='/dev/binder#\x00', 0x0, 0x803)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x8, 0x0, &(0x7f0000005fd4)=ANY=[@ANYBLOB="0563040100000000"], 0x0, 0x0, &(0x7f0000002000)})
r2 = dup2(r0, r0)
recvmsg$kcm(r2, &(0x7f00000013c0)={&(0x7f0000000180)=@l2, 0x80, &(0x7f0000000380)=[{&(0x7f0000000240)=""/244, 0xf4}, {&(0x7f0000000340)=""/20, 0x14}], 0x2, &(0x7f00000003c0)=""/4096, 0x1000}, 0x20)
getsockopt$IP_VS_SO_GET_VERSION(r2, 0x0, 0x480, &(0x7f0000000080), &(0x7f0000000100)=0x40)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000140)='bpq0\x00', 0x10)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, &(0x7f0000000300)})

[  722.971006] binder: 14982:14984 unknown command 17064709
[  722.977918] binder: 14985:14992 got transaction with invalid offsets ptr
[  723.008870] binder: 14985:14992 transaction failed 29201/-14, size 24-8 line 2999
2018/05/24 23:57:40 executing program 2:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000280)='cpuset.effective_mems\x00', 0x0, 0x0)
r2 = socket(0x2, 0x1, 0x0)
ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
pread64(r1, &(0x7f0000000040)=""/34, 0xfffffffffffffff1, 0x0)

2018/05/24 23:57:40 executing program 3:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x29, 0x2, 0x0)
r1 = open(&(0x7f0000000000)='./file0\x00', 0x1, 0x8)
ioctl$SNDRV_CTL_IOCTL_PVERSION(r1, 0x80045500, &(0x7f0000000040)=""/184)
close(r0)

[  723.020715] binder: 14982:14984 ioctl c0306201 20007000 returned -22
[  723.056958] binder_alloc: binder_alloc_mmap_handler: 14985 20001000-20004000 already mapped failed -16
[  723.074205] binder: 14982:14984 unknown command 17064709
2018/05/24 23:57:41 executing program 2:
mq_open(&(0x7f0000076000)='.\x00', 0x0, 0x19c, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000})
r0 = open(&(0x7f0000000040)='/\x00', 0x80000, 0x30)
connect$ipx(r0, &(0x7f0000000080)={0x4, 0x9, 0xfffffffffffffe00, "c9509658ddc2", 0x6}, 0x10)

[  723.118657] binder: 14982:14984 ioctl c0306201 20007000 returned -22
[  723.121998] binder_alloc: 14985: binder_alloc_buf, no vma
[  723.125690] binder: BINDER_SET_CONTEXT_MGR already set
[  723.130892] binder: 14985:15004 transaction failed 29189/-3, size 24-8 line 2971
2018/05/24 23:57:41 executing program 3:
epoll_create1(0x0)
r0 = epoll_create1(0x0)
syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x2, 0x0)
r1 = signalfd(0xffffffffffffffff, &(0x7f0000000080), 0x8)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r0, &(0x7f00000001c0)={0x2})
r2 = socket(0xa, 0x1, 0x0)
prctl$setfpexc(0xc, 0x40000)
ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x0, 0x44031, 0xffffffffffffffff, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000000c0)={{{@in6=@ipv4, @in6=@local}}, {{@in6=@dev}, 0x0, @in6=@dev}}, &(0x7f0000000040)=0xe8)
syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0)

2018/05/24 23:57:41 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8]})

[  723.177484] binder: 14985:14992 ioctl 40046207 0 returned -16
2018/05/24 23:57:41 executing program 0:
rt_sigprocmask(0x0, &(0x7f0000037ff8)={0xfffffffffffffffe}, 0x0, 0x8)
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='comm\x00')
ftruncate(r0, 0x100000000)
ioctl$KVM_GET_PIT2(r0, 0x8070ae9f, &(0x7f0000000000))

2018/05/24 23:57:41 executing program 5:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10)
r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0)
ioctl$DRM_IOCTL_INFO_BUFS(r2, 0xc0106418, &(0x7f0000000100)={0xd0, 0x1, 0x7, 0xe51, 0x14, 0x3})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10)
setsockopt$ipx_IPX_TYPE(r0, 0x100, 0x1, &(0x7f0000000040)=0x2, 0x4)
sendmsg$inet_sctp(r1, &(0x7f0000000680)={&(0x7f0000000000)=@in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10, &(0x7f0000000280)=[{&(0x7f0000000140)="539944d454887bd6e789c16a688355cd71a7eae76c5f04e6cac8b002e128ab17bc82a5127f9c9a23919b193d97554dae3713cd2aa12b4452a42ee0c4febac52ae79ee859abe24f54da2230104345f3b7a035ead5376e266d9aeb7f94a1ef87c8232a850f9c4b7f59b5d7b527cdaed07b20b461e0ef412dd8839c2ac1fa5e82d062979a3585538205b0c515c4509b23bed42862c399a1f17df64a8282b26eb703ab6368170d89444eb8773f3ecbe41d579a435769f425af44fca8877f1249c2a8ff00f3e9b5e35b5e15fc", 0xca}], 0x1}, 0x20004001)
recvmmsg(r1, &(0x7f0000004040)=[{{&(0x7f0000003cc0)=@ethernet={0x0, @broadcast}, 0x80, &(0x7f0000003f40)=[{&(0x7f0000003e40)=""/185, 0xb9}, {&(0x7f0000003f00)=""/19, 0x13}], 0x2, &(0x7f0000003f80)=""/134, 0x86}}], 0x1, 0x100, &(0x7f0000004180)={0x0, 0x1c9c380})
connect$ax25(r0, &(0x7f0000000080)={0x3, {"ee8dfcedd46674"}, 0x9}, 0x10)

2018/05/24 23:57:41 executing program 2:
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x1, 0x0)
ioctl$KDSETKEYCODE(r0, 0x4b4d, &(0x7f0000000140)={0x6, 0x7fffffff})
r1 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_int(r1, 0x0, 0xd1, &(0x7f0000000000)=0x2, 0x4)
r2 = semget$private(0x0, 0x4, 0x23)
semctl$SEM_INFO(r2, 0x7, 0x13, &(0x7f0000000040)=""/135)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")

[  723.286009] binder: undelivered TRANSACTION_ERROR: 29189
[  723.312412] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:41 executing program 4:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
readahead(r0, 0x2, 0x7)

2018/05/24 23:57:41 executing program 0:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'vmac(aes-aesni)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="0022f8ff010000800000000000422eb0", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000480)=[{{0x0, 0x0, &(0x7f0000000400), 0x0, &(0x7f00000000c0)=""/18, 0x12, 0x20}}], 0x1, 0x0, &(0x7f0000000500))

2018/05/24 23:57:41 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff]})

2018/05/24 23:57:41 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000000000000000000020000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:41 executing program 5:
mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x9)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x40100, 0x0)
r1 = openat(r0, &(0x7f0000000080)='./file0\x00', 0x800, 0x80)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000000)='securityfs\x00', 0x0, &(0x7f000000a000))
linkat(r0, &(0x7f00000000c0)='./file0\x00', r1, &(0x7f0000000100)='./file0\x00', 0x1400)

2018/05/24 23:57:41 executing program 1:
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f0000a1cffc))
madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008)
clone(0x0, &(0x7f0000b53000), &(0x7f000084effc), &(0x7f0000c35ffc), &(0x7f0000b3bfff))

2018/05/24 23:57:41 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback=0x7f000001}, 0x10)
setsockopt$RDS_RECVERR(r0, 0x114, 0x5, &(0x7f0000000000)=0x1, 0x4)
ioctl$sock_inet_SIOCGIFNETMASK(r0, 0x891b, &(0x7f00000019c0)={'veth1_to_bond\x00', {0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}})
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x80, 0x0)
recvmsg$kcm(r1, &(0x7f0000001800)={&(0x7f0000000200)=@can, 0x80, &(0x7f0000001880)=[{&(0x7f0000000380)=""/56, 0x38}, {&(0x7f00000003c0)=""/186, 0xba}, {&(0x7f0000000480)=""/162, 0xa2}, {&(0x7f0000000540)=""/45, 0x2d}, {&(0x7f0000000580)=""/115, 0x73}, {&(0x7f0000000600)=""/26, 0x1a}, {&(0x7f0000000640)=""/162, 0xa2}, {&(0x7f0000000700)=""/4096, 0x1000}, {&(0x7f0000001700)=""/228, 0xe4}], 0x9, &(0x7f0000001940)=""/99, 0x63, 0x4}, 0x10003)
sendmsg$rds(r0, &(0x7f0000000300)={&(0x7f0000000340)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000080)=""/233, 0xffffffffffffff78}], 0x1, &(0x7f0000000280)=ANY=[@ANYBLOB="480000000000000014010000010000000000000000000000", @ANYPTR=&(0x7f0000001840)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB="1200000000000000e9b4d2e4af100e3d30eba8d00592bf3c", @ANYPTR=&(0x7f0000003b00)=ANY=[@ANYPTR=&(0x7f0000003ac0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB=')\x00\x00\x00\x00\x00\x00\x00'], @ANYRES32=r0], 0x4}, 0x0)

2018/05/24 23:57:41 executing program 2:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'bridge_slave_1\x00', &(0x7f0000000140)=@ethtool_rx_ntuple={0x35, {0x1b, @ah_ip4_spec={@rand_addr, @multicast1=0xe0000001, 0x5, 0xf3}, @usr_ip4_spec={@remote={0xac, 0x14, 0x14, 0xbb}, @multicast1=0xe0000001, 0x4, 0x8000, 0x1, 0xff}, 0xffffffffffffffc1, 0xeb, 0x5, 0x5b39, 0xffffffffffffffff}}})

2018/05/24 23:57:41 executing program 3:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10)
r1 = socket(0xa, 0x1, 0x0)
dup3(r0, r1, 0x0)
connect(r0, &(0x7f0000000280)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x4e20, @loopback=0x7f000001}, 0x0, 0x2, 0x0, 0x2}}, 0x80)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000000040)={0x2, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x88)
setsockopt$inet_group_source_req(r0, 0x0, 0x2b, &(0x7f0000000140)={0x2, {{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x13}}}, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x108)

2018/05/24 23:57:41 executing program 2:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000640)={{{@in6=@loopback, @in=@multicast2}}, {{@in6=@local}, 0x0, @in6=@mcast1}}, &(0x7f0000000740)=0xe8)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000180)=0x80000000000001, 0x4)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000880)=0xe00, 0x4)
connect$inet(r0, &(0x7f0000000100)={0x2, 0x4e24, @multicast1=0xe0000001}, 0x10)
r1 = socket(0x4, 0x3, 0x2)
setsockopt$bt_BT_VOICE(r1, 0x112, 0xb, &(0x7f0000000040)=0xea, 0x2)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000080)='/dev/snd/pcmC#D#p\x00', 0x1, 0x0)
bind$inet(r2, &(0x7f00000000c0)={0x2, 0x4e21, @loopback=0x7f000001}, 0x10)
sendto$inet(r0, &(0x7f0000000000)="d6", 0x1, 0x4000004, &(0x7f0000000140)={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10)

[  724.021935] binder: 15060:15065 got transaction with invalid offsets ptr
[  724.071269] binder: 15060:15065 transaction failed 29201/-14, size 24-8 line 2999
2018/05/24 23:57:42 executing program 5:
symlink(&(0x7f00000003c0)='./file1\x00', &(0x7f0000000480)='./file0\x00')
r0 = dup3(0xffffffffffffff9c, 0xffffffffffffff9c, 0x80000)
getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffff9c, 0x84, 0x10, &(0x7f0000000040)=@sack_info={<r1=>0x0, 0x0, 0x9}, &(0x7f0000000140)=0xc)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000180)={r1, 0xc1, "dbe5a9867325a31422600f1d615942cd234493b27e583d9441cd68aa065b841744bec4579ad7ff32a8f2a41e6d431d5647f8bcf5405a1d0b43d393ed64411a4a045e105fa0006bd383c876999ffe8627e9bb662ae24422fc2765bb6abe7a183db9024375027387767035111f456487bd8923843eb0c0ec0dd0df8a4629f7ef87413af266044e5fc07a3a7a6f2971faa3340937ad70b929b7bb48a22e299c3d42c480456184dac383a80dd91b59f3e07850347fc048184e7e323fc12c3844fa88f1"}, &(0x7f0000000280)=0xc9)
symlink(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000100)='./file1\x00')
syz_fuseblk_mount(&(0x7f0000000000)='./file1\x00', &(0x7f0000000080)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

[  724.121266] binder_alloc: binder_alloc_mmap_handler: 15060 20001000-20004000 already mapped failed -16
[  724.152657] binder: BINDER_SET_CONTEXT_MGR already set
2018/05/24 23:57:42 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000400)=0xffffffff, 0x3)
sendto$inet6(r0, &(0x7f00000000c0)="6a725a5f62d02a6be55afd02d999", 0xe, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x4, @local={0xfe, 0x80, [], 0xaa}}, 0x1c)

2018/05/24 23:57:42 executing program 0:
r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
write$binfmt_misc(r0, &(0x7f00000000c0)={'syz1', "4f67d71ecb83c6762c996b195b7a219187963a764f3b4f26258ab6b6fa4055e0697c7d480ebfea154e7c0dac53033aa1dae71605011d6b13704afe3ba9c8f9c5ad3d58359d7e45b1afcaa1d3caf5dd466a3d950d3dde88e2d3fe7c9b83ea0162cb50fb15b6403012c56d7e8e7e1f076595622bb04547305bbe133c5cdf488b63c3b1ba304ae7a2fbe65d03a86bc0814f0503c1f400c9d9cb88f67ea5f2191e5037435a226de69f52066f53f2b0788019aee660241b4549c11b3d66ad406ab9181966"}, 0xc6)
ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f0000000080)={0x17, 0x1, &(0x7f0000000040)="ea"})

[  724.182123] binder: 15060:15065 ioctl 40046207 0 returned -16
2018/05/24 23:57:42 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000]})

2018/05/24 23:57:42 executing program 4:
r0 = socket$inet(0x2b, 0x801, 0x0)
bind$inet(r0, &(0x7f0000000600)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1a}}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000280)={{{@in6=@loopback={0x0, 0x1}, @in6=@mcast1={0xff, 0x1, [], 0x1}, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in, 0x0, 0x3c}, 0x0, @in6=@ipv4={[], [0xff, 0xff], @broadcast=0xffffffff}, 0x0, 0x0, 0x0, 0x0, 0x2}}, 0xe8)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10)
getsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000640)=ANY=[@ANYRES32=<r1=>0x0, @ANYBLOB="8ee8152f1425fadd7c4d63c51728376daf9937e7f6d47fb356b0a3c009b6be7250a70e26cd15330bc25f8fed71876f518dea7a32673710a07e02028a4767b64f45757ec3647e43e24f10bda6f8205032755179521b3aecd2399c37feabee543307ace21fa5c45231af5b60cb88a3e2589f39f7e9063ea3b773a76992bd1e4f0a48dd35bcdb92d2f0f6c626ab773fd44ce4bd74d644982249bf700232a0ef6a811476c255b191a15a5f48f1b31ca93e627dc9dd7f7e83e6589f5305ac4fa5d35723a789a07b2ad9a18e8f855b7f21ac903486add8009ddbfc17422cba249278db2a51798584fff6919dc3b03e731238b8a1cbab8b2f0e61cec565f86bb9ff77579ce66bae8e2586b910905e4746e2a06bf1b85547d009c7bb8d336bfa66941c509c5001a2223999a0078591e4cef91f5a30ded5d2c7ff56ed9a0380f3d285c244a5c33f9b709989ea75277fd8d4e5d1cbcd3043d108a0cd8b17c1e2df41d51ba767f09e15b630b087a830724ddf3e7b10ed48e74468bb013f4a908c7a429326f7993b96873bbd226627f2369473b373c37e6482cafde428977ac6536623c15a287d6dc84087b95502b1fccc923f5577b2600532a89ca6cf96cc2c1a26c524bc3e2dd68690daaa5c85aab5cf1154d9c580de838ffff8885e42abd932e37d4d7b2147458bcfb562eded1a47cd0410ed3298d7999143c3926acb9b484deb68d77505b099a54e5fc4f31c4c97d34ca81516584e0e2deb5a02d255ab8644def2ecb53a67f5be0d3586d9d1482279368d72f64c9d81bcd061af158502bffd5d7020e8885ccdfaac4a0ad170"], &(0x7f00000000c0)=0xe)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffff9c, 0x84, 0x7c, &(0x7f0000000100)={<r2=>0x0, 0x6, 0x8}, &(0x7f0000000140)=0x8)
getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000180)={r1, 0x20b, 0x0, 0xd7df, 0x63, 0x3ff, 0x0, 0x100000000, {r2, @in={{0x2, 0x4e23}}, 0x800, 0x9, 0x200, 0x1000, 0x2}}, &(0x7f0000000240)=0xb0)
connect$inet(r0, &(0x7f0000000080)={0x2}, 0x10)

2018/05/24 23:57:42 executing program 5:
socketpair$unix(0x1, 0x1000003, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$sock_int(r1, 0x1, 0x100000007, &(0x7f0000ac5000), 0x4)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0)
connect$unix(r1, &(0x7f00002ffff6)=@file={0x0, './file0\x00'}, 0xa)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000a8cff0)={0x1f4, &(0x7f0000528000)=[{0x6}]}, 0x0)
r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x14000, 0x0)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffff9c, 0x84, 0xf, &(0x7f00000000c0)={<r3=>0x0, @in6={{0xa, 0x4e22, 0x8, @loopback={0x0, 0x1}, 0xfffffffffffffff7}}, 0x0, 0x6, 0x9, 0x4, 0x800}, &(0x7f0000000180)=0x98)
setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f00000001c0)={0x1ff, 0x4, 0x3, 0xffff, r3}, 0x10)
write$binfmt_elf32(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c46000000000000000000000000000000000000000000000000380000000000000000000000000020000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000"], 0x58)
close(r0)
sendmsg(r0, &(0x7f0000002a00)={&(0x7f0000000240)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x2, 0x3, 0x1, 0x4}}, 0x80, &(0x7f0000002580)=[{&(0x7f00000002c0)="4d70be3e595689f52d73ed7680657651795e270e6fe1cf651e9e98871d293abd4e164742066f7276adf9c1da57801a89ea54cc59d543a1e6758be174de1e024b7dd20325cdd72c0a0040a4136f720453351c68fab0b6d95395451f950620417545a116c1bb7ca8ba", 0x68}, {&(0x7f0000000340)="ec260f689abf40a433b94345519c87c2a048ab8b035196092f84e96c122759d7bf82bfe1cc52a00dd1f58cedc31d1db08eff4a9b9bdcbd720001ff416b856e45e0e809e23c6f36ebf1bc291db9242f507ecdd7f6bab6c9eb21c0566167c42c6e68c3715685990ced12cab08b5182d6736eaed78d02be3caaaee1a885452de0f42cc2d09592893b9bd16fd8ceddb5c698e46b760f91b0d9c5ce51eb0390a482d34c2bb95a9fa8749143512cbd97a43f31d2fdd52165e224fc269ea70edf558d", 0xbf}, {&(0x7f0000000400)="feb2006e5cb9757b02adc4ea8ab466fb055059f3a2ff5a89dd791aa828a4feaf66b28edeee584db28e6bf6ce1b91427b977a73c16313b056e369da27d3f6ca4e564377d96a2d01e9b8efe419e6fdde40318793425e43e8b20dd4", 0x5a}, {&(0x7f0000000480)="3215d8f72008f3a451cfc949f0b021b10cb04a7b94f14fa394f3a9b675ca360ac5e4a48571497322ecf844c1af180f1b2b37ac17cf3036e9fa154ba151103aa55bd654af7cc6508683280ca5aa9d3023cff83190d0300df2232749ad76fa3488ab2df8071829ee7bb95da8f6dd34b276d6b031ac1171306342aa421d5f08af223ebebf3531d5ff76be2727c95a2086f544cd6a446fbca435b0e7c163a025cfd22f2c4482eddaf049ed30f688498a9221b03dbc257138ffa7c85fc0a34384dd723eb05b8671c00100107ead271f2aff46337c13c2c8ab3df62c5f178b0ce4f4ebfc8f7fb8fcfcf1c53ac13bbec6c4393f45728e516c7f7d3427817544ef28625bc6dfbfb997b1a21c2db20f4287507682aebef64cd53e0b3f2124d2ee16c8dc2bb24d545dea06f5a2d8b05ca3672ba489a00a03398c918be9678e0f067d2cc1c935eb24d22738cbf52a9f4904e49761d72d1e779c5b07caa11d8c58918e17af577ca6b7b44fb2fd5f9330f93e3964bd52a65bbcf752b3c5cb382c5eaaf61f9f38e51c9019b5f4aea09a2d9bfe467cc1d4528e3c8c0d288fb63faa48e720bc884b22b3352db5c6423e429ef98c142c7751a8a39bf35a7bddae8597dfd831cfd0c001a56a7ff506cb89e264312f7b11619339d694c6fc8151b2d9d64dfe1322baa4c907c83f7c224be66bbda369b8c97b982b2d617d8d1d62d4e936e7d966d4a48ecd4dcc8d046deedaed9dfc77f1b313ec0f2ddbc509f1a5441c873cecbba2f89e27ad6d5cff641cf9986ed7615a0c97f7bdf5c9ebd75ec758b68907400d415378806a59597d036bf6166977c8f56245a7c7142c555aba7b2938135156d980cf94ec051597a54fac1c70e6d54841b0c8bc07c6214ba59e5591533ce66e096f6f82364ae12d41c5d6b2c47ded0dc2053acb7091346049ebdda9b6e5ceed0e81221daaa63eb8535dae12de4c4ff28550e057435443065ec2b965658b4b6f8749b4227fa0aab41c48f6960b2e8ebd0ce446a67032517cf1266a0e34258190372b349f51f90cc69cfcf710d901a0a71f9a18fe71334b38fc2058fbcd2d21438e879cabc570b04f577e665004e0bf3164f9f555cc8a723dc60314b63aad4140fcce26519d6ab34c850bf2b6c3c9af5c16bbe92c1b3a7035083c5b4859affae3454ef793863dadc5e8c823011af147cd04468198ea0ebcc6d9fa3793778bad66f158bd0b8687cec307fcd7a8dc4855d9a64f037e52e351ebd6b08ecd4143d4ec111ddb7b0a5c240c529b402d41afdf4d99aef90f8d3a846dbeccae3e40d3836a3983cf6fb794645b9814e10848ffeab38470594f3b214399c01dfecc9e37dddd0934a85dfefb0992b85b224c965eca84d3449b5a7d3b98fc68e1142fc269d884dcab1c2bc3014b0770a0c6043bcf23c80df8ff862e8e8519ee2bb336ba22e9c064a7e63bb2a66100fe3e5e9a99c7ba366f05d9444e61630bca352cece7e4b8f00034b9f7fa370a6743918df71b6bddbd515d6160283231b0cdd7bdcb8c10c8c27fd15fb333e47aec585323c606fc19b3acc0e723c1e8ba3be24a9c0d3802cbaea1a9d44ee5b69cc133c7d5253074039e1a0444cd39614cd7b5ac41f3301835107b9fee2a2cc03f504ff3aa273c18a42ef8a9159970d348fb6b1af4f6b748efec8fed26797ae793017029c3c4a7b79c79cd7e2a9684e3e9be15143d1a1b9a55c3345405465551b9e9e86c3a6fb2747f1e8ed2f1b0241f47ae300dec75887dcdd4f443c7d2a55e68d9c23e93d8acb0769b8a17778cbdf76195f24e497ce90abd324a2f15a92c6c46d9779d3d92820a156e1144fe2990f5acbfc2b8a4c426e537417f242758e5f9158053c1cb371b75a1c4d546db2a2a4cb4fb8eaea0c11c9dfb14e886fdb35934f8cdadc4e896cd2cb8e75d98cfd0e77f1c760cb04ff1f3283fa73a496cad93723811b9499aa1edf8332fa797fea1d958f462c5487e0fd372b4ff6d4156e238ecadd2e3a76205bcdf754ccb65cc09659cf6488daa3c03d737fcea7df03c9cd61e9831c48e1b0ee8ff15f4321085118837ad6dfca8bc3b50551e8dd18a8ab11e52a7f0bbecbd1a627173fc1337d25729a73c8f9a773a7bb38760913c6a4efb0d482c994a713b2e2568cb6783ed52550c29cc27a6707cd3ac301bb01e59862e202152faa9d456927cd4be41a3a37f51cb700607f77669dcc960e71fa3baa1fc259988641be5043b22f1690b851b7fa5937ef67e6168f08ea0f4fa7e70f1729e2b7653249b54b2db914065090de80c2c41de4de7f960fba2b8b6ed1c8e43d48176487f1bb56b4be9b8ad5eafad148dbb0ef67d0346e5368285a6e93464618ff9d9e3c038f4523f997ab030065dcfa17e14699d7baaa073ee1585a1f41d2a1800eedf884e9cb1714300f0eaa9ab6513fe85905a7b7b609c5410b3adb79e075f6bc824f8e134d1ceedaf54f439921658c3126b2a5c9dfde0ed329782ef9c0162fe1769f88c83459e779458b6593a5103bece554497b33e68f27614555a54aa66cd3ca02b3d506a35248b48aae82f49f00a120ae0670ee7ee712dd197f295a8e9d5a28459ef7431e51b51497e75f1946ac61c6c48b972075a8cb8efc65d4e4cee2404fc57b8bcf5409d3f178f8495e77e2f958d0b4572e5d19ce64e72af392391399888b8c58536f27eaccd24fe618d6d6477230842d35a2f72ceefeeded3d56c73b42477d1c4121d52f8276bbe7a408bb9458dde4ee694135b3676c5188c5b82fab30d374a409236401bce6cfe8cedfaff7f0a5695ffeba2646b3f9725f21712a670bda214c516028a4c43e3544f9da938c4bc86be29b3e0a2606454617ae9f890b0c03d0d04ff029dcca8e34d54680bc89b0eb18536bf4875ae9042334977eedadd67860825cf4c50f18c09886bd9bbee05ea0e27e60da58679a9d67b73b9fa0e5dbafa9c54cb0151e3a0ceab2a6800127cdf14f466aead99a3b2dabae0408f780e4905922aad367ff583574a4ba1a1fb4ed123fe2939c9ecce5ac7adde1c169e51e787b51ac9774d70a58f1653b8745da99f90af3bee13bcde94ecc7b9038a92feff882327d795526438fb74fa527a00f1aba2d939b4a1be46f2a6dbafeddfb72f98b27aa29870a49b9c80d2009988c4d901f530ab3c35eff708ebfa42606e7147fe260b014ad45a12caef453980d2209deec0e9fafb998830357847b5de96831b84f47a10694c5b52906ab1301c680df94d3ce8ad77ee18226e9c01786d68f9a8245c4d36a80249669939ed985d76736b37e20268c2245c039f44a790ca458413fecc42f8b4fa55da6ee26892cb7c0c798717989934b834e865906aad8d67187b746b9739052541f1590b150ce3fe5ecd52e0b9d0939fac944adeabf4b16fde9c790e74685f5e54357843f6f6ce2729a8314f959c083ba51f089725be3c8e17e1038e04e0200a65055d0ade5b24c9a7fe46b8fa2b82644d422b9649c0e9777ffd49645fce7a52e0d5d5773bc32d1c74453ade2560743557f30e4bb9f592d2204d91c67a679ebae2bd1b074c88afc5e6945041f96530bda34a01a9c31aa5f3874414bf84fb174e91af9cf3f3884197dc10fad2db0e24c483d218a8f70db3171b1b30977c7ae4b809e68e6d29ee736ce804feb95b38d90c6d88fdbe2b04ab03e6310d4ba8196b4c70a0e6f393443903094099bcf5f6d8565ab92ecf5d518b5b2ccdb7941b989cd285dcccb2e5d3b85503262cfaa257827bd4d2338d558cfabddcc5545a06891de391399dd34985b0a074c8aaa0f4820ee5d8fe0bf4b6b0f0dd84e3a3cda4619e591e45eeb3c28ebf4f0af6f6f7f4b28db9ae17e018ea1eeb9cd8f004d9e3a861015ad19975e1eb62e4c55021488e989866203b9d835557dacc6d5cccf0f8eed8c2a5fc83249e726aef7bbfdd4001697b5a9977a9e3c0501342c3e51d7468d1fa8221db4575a41695a6e532e6edf8399dd594845578a3e067f9c775c27475747fc9601f52eaa9909577f01c106142b8b0d4af12d189af8a5de5b4e62a09baa60d331f387842f7abd7cba1d4f1f646a4b2f37da6192ea971dabc1e8e3514cc5e4234a9eb24e00079b9995479099f429386b4f4f379cd2b523cb2fd27827a314a59cbe16d0b2026b2036e2914a857c3c8ad7ae7307d446314ca34b37294ed98a97d63c046e17387812dfd560cfa3c67d91ad34283d658604ff6d7cb7e628d31fad8cfaa0722f524ce1d4a692ad0beaa76480e96a5af446a925a40813e5f95b1edf6ec9b997e947a247f03759fac628d01297de1ad93a8e3db0081d17f4ee1212173e05ff682883fe41aba400a9e179feb3648c44c718f368d8d14a32f9746bc728c7dab6afc913bd1fddc3f0253e7d5e9a9d6bc6e6b0be03c62b6c482e28ac8e0739291cb191e125f50437a0427246feb63b17e20e13b5d9d9f5e10b59476f25df244a2199a0cb6eb09b7cd18601023f023c606c1931bedb390d5b48511851a274b909b8360a3bb9fbf24b6fce0deb30a57c754df2b3725d1b6ea9f366050702e151e1bce2411889c17d4744d2e8ae37100d81cee153ec512dd5aca0ea115d403ab9faf0f36bc2b19a5f9fdf87804e5b375ada1de9477821f8cf910be85d647c75ad9483378f8c91a33ce092bdf5417bfd3ceeba78e34446b0103e7196c50c42b5b48c3cf615637a22a0a78c8774294afdb21f7400e6da62a80f2aa45e381bf01ec91195ec1527a98725365c47725de54d9adb848ee52e8169e6a390bf24cd6adab4ed23f930a7d4a2cde76a1c3e3f3433a0d093baed96e25a11329977890f66a6d848dc4968551f2448591f7a28cb08f3287c9f8913eec1ee5d02c908dd584a2b984e659ac3dac832b81f1c4e7533ecafbfaa36d0c0f2d1984730ae1069b84c13d7600cc2223e3fc9c57bf912da6f5232192c534fdce8263593662aa62fbe926a5a9c340ce15b87fab32d4d3ade3a95bb8a09229dc620f67cca2208072aa4e3e7f571aadfeba2a868db50eb815499ff442420ac677db0c944ee7409e1877fd94239314cc1a15b67168580fe155d32adefe9dcb9a28c2a52e7af589da55a83d6c7e86291a36333bc474ea1c7b038df807108236c8a22be5d4d9f392c45a2813d541754637dc6876671a1409e56e7f4dff2a8dfc66e877e57dccfe5ec483e50567239a038cc3edbe89dfe21dc7ae187b2db232d1fe53cc13de07e8b4293d5eff3d0ddef1c589cd10e9fa24d2807763be2d7876f351658c7a0f3af004d44fb034b15d8cc5bc8b1f6e7d5cff7732067586e872bc97e1077fc1825bac0c53072003e767c4ab5f40b4b98c1b264fc3ba85eb0decac6b575cbcc9495460b8e559c80bf4ec5323f2cc9801ce8b829f015f25b4a506d33646e4248be0702dec6e098677b4125d112ed700782469c3346f28fce9fd6c3f822a0ae02794cc3366b0f729d6d57daeac015654dc4a2877ed02de3b5cb21a2064bd92b952c8bd85a8a2524a5553e158b6aec16c4618a3e21e711972e8e6a42c1cd56c21d3786b012d763632aba847ee5d5ebc2019108844c6d5071794e1891bdb12f96a183e7b8a2700496e1968becb909351ce6585316cad2c4f1bb3d8eac626df1772e4ae543330c4cc4e106a7c4ab5865be2d7a6eeb192c7b742f36fbe67c77496fa4410918596f0c3fcdff46cff802d6758710508eda4afdfb8b0366e30bd3d9e2dd29f5c47b6dd983f27a591d20617940940f5ca45249f39979206ef8fc03002fab186419664a59de3e6f21c069f586ac72028372fbe1914ffa99947d7910efc5a64d15acc6e", 0x1000}, {&(0x7f0000001480)="12228fa730805140c35fd3c6a0071494a0858f7510d7896465bca8ed48f860ac2d79db0934cd6378bc3fe07dcc3ebeebf13f9795eb1e2e89ce0095ffe38037e916070b7ab8f837ea23933cd07be383496111a94613888520614e9406111e1c7e44841368b2351145342e8d2898052b8e417529ebf49332bf37a23e78c431075562f1f44d31fd03488edafec25e199e431a4e3bf779b09dfd4160a3a44c7515adbdaa170ac2f38b61548323f2af4d45083f2991273efed4fa7a3779eebc16e10edff5bd145ff6460aae16ccc32ec72e40576da01b84246ba30e187ae5cf19744f6e49ef93b54b4c4f71780e85b8c96a1a24cb59aeb3e8a7d82b4a7cd54482c63a18e6115ef337d2c2b6e67ff8a98f291c56200f3b1287dd0d0a0cb3337e8560dc9f9571e29802a4226533482a8c4a578560d380ae407bb187049daf0d693a474463a651f4a71af52e02f269583453a933d214744bfce3031712b75f70362cdbad20368e58f315ded9fcac760bf414fd57daf79e33cd70c7ca98fcec12d13a5775e3955782a1a3549e0550452097354a7a3d4995206a066a251c064600f0d450d1eec3962954d76cbd1751e9e86a217d2c419f3333e5d4ecf57993fead1ab096b321a7e75db7d150a25fff69e59be865fdc1b7df843b3f0eb9ee5d6bfff4f3947c51c1eaead10b804d7ab5062c7797d1b643dd08565b29e146938109931ca88d66fa1938592fe150ff4a31526979f4627eea4e54421b30d6ff945642c7af86276843fcb1e2412a1be64effd7f9581dbff76ea68400a3c9059ed4ec74df8f31e83b6c52ef864e98e579a82dd4decc834e47eefced2986b5164f93d34c35c6cbbdbc5662bca4cc4d24c676e67dff774bc07c32afac9e307c794396a499bf0454c02ad0b601d20030e9840a787ab850902549b47b2b42a0cf2d239f9a5029a1ce1e618149c44e18a1f08db858d6c1e4731db1e29809a9b1d9f8ce0bab57fb0786a0c2b15407e568f71a212306bc96b3453ed8294b93dcf0ea9088459e782d17a23dc8eeb50510823e879c93ed20c9199237aecb8cb8639b6e08c1ae1e5952a18d448f605ae7ca49e68a36cab774b8e061b1cc908c40765804dcca37c31f0f805b024174a863b439613b8416601a718edec67fd6e4183606adcd2affc9e4a613cc6d2d415e39394bef187616e2722da8f94c0c07c601a36ff57111c42502196092bd662d005ae0615978cd3612ccf6c5f0e714dc659ecf2baa5b2ed22a19fb85d7276011a39245a1d49fdf77decf250a5cda21fd5165414eb2b8ed21b986e4f298d589f00670d25c96fe2f1509f3857d4b02f176f695c0311bb8024418c90dedbf203ee870f1fdbe90b3f47a82b74c0f04dd7aba4f88d45630c2b21e10188ed10abb226d80cd357f458996d88bbf0f63621d7b1183d57017ec64a3a2d9ed119d6963267261b60d3b082c20139806c4741fba852e948dcd9f36dc04c9c8648e697714d37477e9f748a8a63bcaa0a9baf8e558c4f8532c9ef4471b2ae282600e64235b1740c0cee94186fb48df05f55c3ee583b00a49b494632d36abf820768ed635604626401f3085bff5bb42168e7c0ec211a7b58242751137580c2378da7b7cec582b108d48e0f94790aa2daa24721944cf960696a3360ea77273cbecbd5e57f2984773edd8b3da332c611af698536741dfc385dd30f68873e69102623fba503a075853329a610e55e22fe8c1174059ae3c53ed940f217937d44a991442bca0d02fae30bb2289053fb5cc2b98c8691ef754709d98c36e04ac69293029b560de82c39fc5d5d1ee1107791cfc799bd284bb1b45bf7c0a68e733d738cb6a930d4a14e16bda367af6c4b957000a865f18d4a74f3d1e0754dae2d831ecd943cec05d36ae477afe64aedd7ce3ae17034b7aa09cd226a4f9246a574a48a967395897e98275e40bf214fe7bed6400636dd957ef8702f0d266b77734618a2c7e62260fd71004854f19377bd74dbc6f6d3dea6959436c2f0f28c44e8dc77190741151383f867210f43fd0ef25261e88553e196658a3ffa00d759147a94b44f0861d10f9e624a80cc4e0be914f00411ca4cf5804aa384fe3bef201c60b6a83b55a02bd9d17800e4df680d9b1f518174b2869394c187af12dff96fd703bbd2dd686b27dba01f38044770d6b200403db7e3224ae32abe17339955a96030aca0abd35c6878891a5f903b6b079c9f99a2851ba83b6a212288f9cbb620ad027866c76102314312390cabcbeec3cd3206b6e0978995231227bb1c0ca506e7b9b422086880514e8e304c244875b066072846a5b416dfdcdb6a408a37899c0b33457f12ec9c8fb42ce045a7668bb5eff20db9c54cd271d1ef530d5fdd97cb82bc3f2779ef1ce4b4f8cb45bacf0de1105d5880f5196696e8f1dc2377d59a9d4331d5cd216a8ccccf09cb9e925e02da516069f068707159a1ebcf7cc5e8f0756d0c8a80c65957e4ad5f103635f7006d2fa0d9c14b15f7f75d6e2e71714e49ab6e758678ce238e6c8903fb0c1641ad749d7a4681f48cd1e05e4fce0b70522a704f393eb94dee171defe6db239c76c30bca559ecfaf37f4d06e037cdf8e797c6d1f301cde5c265fc3f577241d6c057ddeb0f10dc53970fd88c322877006755815a417f89949f322ef931b3e61a77959c3e8083145e1cff23d799a4ff4a81c191c3ee944abc36c6d57b47e1980fe2daf28f846d8c57fcb429e0d0ea1d41797ebc9640d851c876979be87b54a3784ffb3e2b95a8a6a18fa23d48eceb5edaffa6154969501d31778aef01581192a742706da74f20815d35838123bc789ea9bc8c97a5da7790cb85ea2e24712fc07d1c77c6832e1d85187aa380e7a4195d32738835555fc17f2c89c2b0b7b45d54f70b54b48adc0e76f0e221514c20343e50cfd9ab1ff323e859a565dd18eb09a4ed7be6e03954f3d50739ad3a768936bd95f8b96df6c70fdca254f63cea1e61451bef677177c60c18190d2b9f4957d2646ed656554e27cd3db3d94a8c938e25a8bc7775c0a15f445a07c7c4e060a5122720afd12ca0494a8dd293e387ac693f9d0201313a5abc88bd9b77b97d788d6f7134ca45e4c3b70bd9026720c85a0360b4da0065ba8fb6ac465b4110eacd0bf60663429f6abac6d7c82d2a94b6262cf1aea3615aad75bcedbb7973e487bcb7fc19361fdb3021dca612b027fe7fc4f1c0d3141278ea97c5b614e599ad074c19a204bd56982ff2462194230a48efcf7458740a22529a3b2be7d1d1c3f23140d57794d250b528e7a739e18d99aeed42e8da1d6431fc7fc225922a7061bafffcd4e3d5027d823cb102fdff3a9db8f70f678c9a1c06ff8c680464248d02d46b13cd05785a008a1e58d02d98fb51f4f330880893c889aea02cf290ec8580f84f708f6fddaede1f79b3354ad939e939a2dfce584cef8ddf8dd2f935448152e0e967e337388499c7022d5b8a6e7f0173f8d4eacf46318ca831f4d3945e711140adfb837b601c2f81c0fc0f3f41e68d6f091b80f2107df9dfdeea3ddb36e52c4e6c50ca2b3b3064f31e9b0a06aaf23f4960cf9e500bfc10126bb48e68fe0f6450de4fae0f024c92cf0e2b6f177e8b7d359683a0bc1a53b994c4c59aecc223c54791dbbbd33373b1379b038b4819485bb2f38951681fd742be5c7808299617111bd1aaba8784daf0c9a15a39b65eb05a8fdf712b9460f17943056bce87157add1d9f9b28c5be0ea53c54eb2a8391ad50b28b207121fd84afb414fa67471d7a1ca3411464c65963a235cd9350dbe992eb5e103b79345d5895bf58cea60a5212e623af2b168bee44a9fbd655e2d6d899778fcb08c8295327ec0b3fc93973a37baaa1bd50a64f3d1d87e1f659c2114738bb9dd43b212c37d891f02320406a4708aa6ed0af2da713c04f267f2735cbadcac8b4fad58f672e3c619f4dda24c7a121abbcc1ee3f0f85d642f5d623c0686a662f2dabe1b062ea02b24d5fc4d7b673bf9b6702a27aa6205df3234e8a9d6319edb87c6dbecd697695ce5ead57f146c28d2de36eab856b9f3fb372e0381f1bd9bd1590dfc36a8e9b9652db6067104e9bf85d62dbf8142f52b78aa9364b8c62ab20c3cced13f49cd0e1603f777fd3fc5454a082f2619806f44d39d89cbc3348d4b7280ae52aee822b8a6022f7f3267a4b4a4ceb5ae51f4f37dadbd2705acba644f0cade3217b8b0a8f5433563daba0763da6de2a3980d418453b20a630ff7d26ef4709ed145583a18c7cb270ee8e9ae97c8300b0e63aafedb15f70ba3586b1aa330414d4e9e077a97a09fddf8795d794c00abb21bde0cc7ecc80464cda9649246a395a491acbd8640127e73eaa9b71eda7ca6dc282f5d117f198473496e04199d012fa58382948a24193dd10e8c65d348463b24cc37e9099adb88ecf9b75d9b3801d68db20cfc9168b0511f276fa11d2a3e0ef3e08dd36ddb2e666006cf7f8fd9182df4e67cb52e830b4c4e6ed1384f86716754a8a8e628108119fb4202c8ec44b006940b44cab7de360c9550a5e6ca5fe5d2fab4a0b1735c1c53017c31aa842aa6da2c5c85797f40b11ee03d3ee1e121220d6a7a5bdc76bf4d3197208e5e4bb4b48df90314ba0ac53308c704ca56154c8b98b1b3360cb29ebafc99bb5fc3d340822741478798075770d44fda4a62bd2c8953f179642af5be409b7533da4f3512c48f77bae40860efd8d3432d071d080ef14452f537fbfba3c8f475ccacbbfe5695197a17495b94e9100aa7938ad84b22476fff54b12aa74b733fbdf84357139e10fb35f95b9f1846fb7bd6c71e7fffbce4be977cf21c8268aaa52742e7d70b84596bbad591f0bd6f8d7cc525de85f24f75802f966023d58c762f9ad80b34523c3eedd51375125dbddfdfc75234498a797293754091b069f691a9ecce70c0c0877476b1be1f2e4c09aff7b3698d7f457c8809b52471b5cc36cb5a552ccaa18c01e4eefb7e6ef8ac581f8ca817f38ab2a05536805a9b1aae58fe0ca48338132bcc75957edba2b9373cfeddf38de1d90f1e8d6d812666d7cfe2324244a9a5f1a7adf76886083115d3eb0275ff50ede1b30f80a6320fc8268cb3a1e3365325d98cfd7e9016974e7213c26ff0025eb65a52c787a127dec24736a9e01caefffea47c7c6395bd9d5c2bc247eb50373655bda4134ac3171406238be04a60487f2cb0c5a251894f4339785d94e71d8fd1fa06b1882b3693e932a26fd7f301c53329f722f37e1a04b22aeb47efc9473d273edf7d997762ba0cfd7eac3945cbd97fafcf828c500046823c22181948b1d05b6f8eebfe9668573f918c0a7b6f0ffe83e91c595eaa7cef32daa039d78219c826641927fd693997a46597082d721acfabdfe0ce63a7ea42c42452f9e565945c4a6a0272119e6f491e8c15165390005a25376604b6f8b9ca07a0e51780001280828a8712c9bb62e2e1e5a8d4201c9a968dae3996679d79aa46cad2ecc0bb69e801aa3a2517952f434da30010cebe09ab6121899bd4eec8e8af77ca9ea77e30f6f862bcd105cf550e22c851e902e3618411858ad068a3c17dfc1c661264b38d8e4f9d34beb7e7a47e873f341c25885cea3b8cf95d47a1a64edc45c68b80e19b95500c74196a637d6fb5ddd236bb2f873f817e527e8e94ad5c16ab15c4a8b41b93f7feae8c674ae87c399fbf8bc2bf70f4b8337b124569513de82f4ffb97f73534dd09db6ccedfd9135055b02caf061df2d45bb75665ea3e4c0cb6c254e70d396d04f46a5a41f61d2ad3758e498a8e5263cd0b2a8ae7874f2e684dd91fc54b44", 0x1000}, {&(0x7f0000002480)="a47de38dbfadde3bbd6c1ce3da553f4a231689f6b8b7e051da9101f3adc4b18a1761d9eb9e1dd44561782bebcc60ed2015d5069bac130ae606da3c0fabb2968d3b31a7284270ef4e8646acd1eac2d99cea0a6ac96d565d40379b3cec78e2b171f3389a500fd5d04522a819b447eae0b32829323d47fd3bccfa52f78b158bbaa196dec0e4e8c98410247c706c9d8f9b93f588f07d00201bcbe09f19210c66bd953e2365c851abc1623936f50f09fc9bbfa8c451def0992bb5b1fc5372e04f41eebfe5033d7bfc3a708a9f26ef99bd685ed52ccfebe9e38c3d3b9c9ff6f7444430b3d950cdc8a54a", 0xe7}], 0x6, &(0x7f0000002600)=[{0x50, 0x11d, 0x1ff, "9f67f68da7913c5faed35bf628214fde8ebff457558fd44ac75204fddb8d0aafe0b8dcf6449ffca37ca3644b14f2304f5b45e8e2bf730e7d6f916ae6c4"}, {0xa8, 0x0, 0x5, "8029aa572388e6a40af63297fb1c2ecd0f06d7cdf440e7a0e10d788f349ec7ade36a456423fcd4262b503842e90bbc59860e6f5faa89a037c9b91c9b180e68d51d2fec8bed4e41c76c8b4bdecc0a20b594c1eddc2a31b3afadd179fcdbc323ef9c9388fd50c68ec0d20f42e41dcaa2fc829078431f0e8b0989cea7ddc94c9ba89c974b39f4677c38826f216aeacd22dcce"}, {0x90, 0x100, 0x6e, "37151f088b2e0d75d2ef9632685898690f7258cf7d37c5c3833267e57a24bbf65e500cb0b546deb7cc60de4092bd763e26815067013018e24f6d3b91728dc7be0ff0ef4cc40927d02e71ccbb671dff356908a64bbdee78d75bbab0ff307c5c12083ccacdac7c8164fbc427bb9e00b45786e1e5ece3e3f6b681ad6f6ef3395e80"}, {0xe0, 0x29, 0x20, "a74ec04936fb5181a20222b5697bacf38cdd0ba112d4eaff6a1d379887c084753f559dff7d1344f934360a4f0160f3e9eddb777152b90919cc682b4e280dd25af6209c1f004287940db275307207ba8ffc16304f7a7f5ab61ade34016c7cba5f9ade5a14c986e201e2927d4a746226a4c436bd3b1bbde1593767886c22ada801166e68dafdfca882bc9726c203fec36d965384237909299364353bcc04e6e9fab9903c87f42d535f15ac5106867b1d3fcfdabe73283b79f330b7431fd7c753abb78eacfd515d35e088092c67fc"}, {0xe8, 0x114, 0x0, "09ff9d8f021f2cb1ab8779a47bc5e77504d67eb4659956dcf16f69f83d67abe42e72214b92b751acaacebf4d82f853d8c6a9b7c4d8cbf27a2666d7562e78252c40f17e457ec619b58f9f23dc385189f5945d0ee88dc9036d84054b20379697d871d5795ee16273894797f4e40d0f6d6fe8d629d240f84368f5733c03982b549e09347878f7da536fdce0ba4c4e7338863cb33c284e94acf51df22954faf52cd8efb81e117e0838c2a4ed114f829c0826dd97eef9546597536058afe7e864b5c11f971e50202312c98c833fa696684143ab26"}, {0x98, 0x10c, 0x3, "87381a5041c8fcfcacf88afaeef756c23efb295ef65d55c1fc421107f4f5f88f81682d35677d3d6bb717a23aec9330c40e375d6aac2ad87dd455c6a35e1890029d5f72243882b58cc5921c65b6ba3202276f7c8d2c34967352647406bfe83c404c14400744c8126dc1eca9fa6347e2cdf45563e22ed38bae6dbd5621d4668ecfa0394a59"}], 0x3e8, 0x4004}, 0x20000000)

2018/05/24 23:57:42 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000100)='/dev/dsp#\x00', 0x1, 0x0)
ppoll(&(0x7f0000013000)=[{r0}], 0x1, &(0x7f0000000080)={0x77359400}, &(0x7f0000000040), 0x8)
ioctl$int_in(r0, 0x800000c004d006, &(0x7f0000000000)=0xc)

[  724.306808] binder_alloc: 15060: binder_alloc_buf, no vma
[  724.312553] binder: 15060:15105 transaction failed 29189/-3, size 24-8 line 2971
2018/05/24 23:57:42 executing program 0:
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000009fe8)={0xaa, 0x22})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000911000)={{&(0x7f00003e3000/0x1000)=nil, 0x1000}, 0x1})
r1 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x68, 0x0, &(0x7f0000000140)=[@acquire={0x40046305, 0x3}, @acquire={0x40046305, 0x4}, @reply_sg={0x40486312, {{0x4, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x48, 0x28, &(0x7f0000000080)=[@fda={0x66646185, 0x4, 0x3, 0x3b}, @ptr={0x70742a85, 0x1, &(0x7f0000000040), 0x1, 0x3, 0x2c}], &(0x7f0000000100)=[0x40, 0x0, 0x38, 0x78, 0x20]}, 0x1ff}}, @exit_looper={0x630d}, @acquire={0x40046305, 0x2}], 0xe4, 0x0, &(0x7f00000001c0)="b16a29138c5b1f676f84d152a9a7fb058d758cc04ecf4a17302487a605eb7cf78f806a34695274816f9eb6806e0a3e0f0dd7f2f0d765d00c7ad6f0bb5c421828b7c027628832c1a93566067e78af8d030cd26db78c36f8b04b3c0d94ec519fe19387c7588d87018752c1c17da9bf24ce25a345c023f119430eda066d441f6dd89bbfd2f7258ea2643b990948f9d3f683a30615dc5330eb078d73d2bb2fc88aa08d87d38ed917e25d723c651ed70fc5b53f8bcfd034096e0fccb0e35e004ce31728b5b9c5a266b238471da70c3549db1fc58f6017cd1783dc710c2f7184b57749ecc620de"})
r2 = userfaultfd(0x0)
close(r2)
clone(0x0, &(0x7f0000001f37), &(0x7f0000001ffc), &(0x7f0000001000), &(0x7f0000001000))
read(r0, &(0x7f0000000400)=""/100, 0x64)
fcntl$getown(r1, 0x9)
dup3(r0, r2, 0x0)

[  724.449897] binder: undelivered TRANSACTION_ERROR: 29189
[  724.455846] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:43 executing program 3:
io_setup(0x800, &(0x7f0000000040)=<r0=>0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14}}, 0x10)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x1c200, 0x0)
ioctl$KVM_GET_NR_MMU_PAGES(r2, 0xae45, 0x8)
io_submit(r0, 0x1, &(0x7f0000000400)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000080), 0x171}])

2018/05/24 23:57:43 executing program 1:
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f0000a1cffc))
clone(0x0, &(0x7f0000b53000), &(0x7f000084effc), &(0x7f0000c35ffc), &(0x7f0000b3bfff))

2018/05/24 23:57:43 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0063404000000000006f300000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:43 executing program 4:
syz_emit_ethernet(0xe, &(0x7f0000000040)={@link_local={0x1, 0x80, 0xc2}, @random="4884dd76e0a1", [], {@generic={0x88a2}}}, &(0x7f00000004c0)={0x0, 0x0, [0x200000000]})

2018/05/24 23:57:43 executing program 5:
r0 = socket(0x10, 0x7, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)=@ipv4_newroute={0x1c, 0x18, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8205}}, 0x1c}, 0x1}, 0x0)

2018/05/24 23:57:43 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000]})

2018/05/24 23:57:43 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffff9c, 0x84, 0x1a, &(0x7f0000000080)=ANY=[@ANYBLOB="4000a70486b6e5016877e155adf8757be1901559e9e41d4b"], &(0x7f0000000340)=0x1)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = socket(0xa, 0x1, 0x0)
socket$bt_cmtp(0x1f, 0x3, 0x5)
ioctl(r3, 0x8912, &(0x7f0000000040)="4626262c8523bf012cf66f")
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x0, 0x0, &(0x7f0000000040), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
fcntl$setstatus(r4, 0x4, 0x40000)

2018/05/24 23:57:43 executing program 2:
r0 = socket(0xa, 0x1, 0x1000000000000)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r1 = memfd_create(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x2)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r3 = getpgid(0xffffffffffffffff)
r4 = geteuid()
getgroups(0x1, &(0x7f0000000180)=[<r5=>0x0])
r6 = getpgrp(0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000001400)={{{@in6=@loopback, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in6}, 0x0, @in6=@mcast1}}, &(0x7f0000001500)=0xe8)
fstat(r0, &(0x7f0000001540)={0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0})
r9 = getpgid(0x0)
getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000003080)={{{@in=@multicast2, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r10=>0x0}}, {{@in6=@mcast1}, 0x0, @in=@multicast2}}, &(0x7f0000003180)=0xe8)
fstat(r1, &(0x7f00000031c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r11=>0x0})
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000003240)=<r12=>0x0)
getresuid(&(0x7f0000003280), &(0x7f00000032c0), &(0x7f0000003300)=<r13=>0x0)
getresgid(&(0x7f0000003340), &(0x7f0000003380), &(0x7f00000033c0)=<r14=>0x0)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000037c0)=<r15=>0x0)
fstat(r0, &(0x7f0000003800)={0x0, 0x0, 0x0, 0x0, <r16=>0x0})
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000003880)={0x0, 0x0, <r17=>0x0}, &(0x7f00000038c0)=0xc)
ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000003900)=<r18=>0x0)
lstat(&(0x7f0000003940)='./file0\x00', &(0x7f0000003980)={0x0, 0x0, 0x0, 0x0, <r19=>0x0})
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000003a00)={0x0, 0x0, <r20=>0x0}, &(0x7f0000003a40)=0xc)
r21 = gettid()
getresuid(&(0x7f0000003a80), &(0x7f0000003ac0), &(0x7f0000003b00)=<r22=>0x0)
getresgid(&(0x7f0000003b40)=<r23=>0x0, &(0x7f0000003b80), &(0x7f0000003bc0))
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000003c00)={<r24=>0x0}, &(0x7f0000005740)=0xc)
getresuid(&(0x7f0000003c80), &(0x7f0000003cc0), &(0x7f0000003d00)=<r25=>0x0)
r26 = getegid()
r27 = getpgrp(0x0)
lstat(&(0x7f00000051c0)='./file0\x00', &(0x7f0000005200)={0x0, 0x0, 0x0, 0x0, <r28=>0x0})
lstat(&(0x7f0000005280)='./file0\x00', &(0x7f00000052c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r29=>0x0})
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000005340)={<r30=>0x0}, &(0x7f0000005380)=0xc)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000053c0)={{{@in=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r31=>0x0}}, {{@in=@broadcast}, 0x0, @in6=@local}}, &(0x7f00000054c0)=0xe8)
r32 = getgid()
sendmmsg$unix(r0, &(0x7f00000055c0)=[{&(0x7f00000000c0)=@abs={0x1, 0x0, 0x4e22}, 0x6e, &(0x7f0000000140)=[{&(0x7f0000000280)="cc1257d0cddd5b3e641cb8749090c0fce5a9a7d8f8161239d14078019bdb7085e52f94a9eeee523b261e93a9b3946cb51f2f884172e6200f8bfdb5ee016afbee0210b9c41ac89de4a94376399af05daa1c308218a105deb12d7d51ba07bf91f3c4d9e1ba57f229e1cb95550c8f4652a7c34756a38f5678b0b2b3decdd93c75d9178266d9bdb639cd2ac2367dcdd330e44f5339fd283f56f22bf9145150c73d", 0x9f}, {&(0x7f0000000340)="81214d83ad6a566ea6ce3c02ea7964a0ffb9d0049bbd1ec4c12322785b617f697fdc0484ec519b4b4e8830266132208cfda1e403bbf5947139e56f100fea1c4f976750756346cf4083af5a25b5bee80df33a23a9498a5ad35e38aec494e66ec109431f701c152892f13d2c0813ee86291ffdf660f246dec39a1f44e3283ac89e7e5b084b159af078d8477509ae39230edd7f44bba6c0b16908b88eaca47f1aef686aab3eb52be9bd703830e163d3d25fbcbc651f5f6536f90213e4aacc3b94c5", 0xc0}, {&(0x7f0000000400)="6e55d1b9bc05a277ffb44e22f8c9cf60027f4e105ea718da064e0cbeaef649153d0830eda90fee3eff192d7535fc82bf6c29adc9ddedff9ca6cd9b1823d004aff245b19e7e149e16b3da6536cac9c29f264ad1175ecb73dc307b21a5ee0f512138ade46e007eb7938d987cb77091a8d611339141dbcd4a280611bb8150003f5aa3e43e6cf4e1e1981e8e737fcd4b496710b04a5a1c43a8343e1b3886a155208a27dc8532a6d5770b2880313c73bb454e542e1b7520cce72e4108af28afb711d2eac708da0d1d3725abdd8022c1e860cf1a87fceb1111e479fac2b7f0c3582ef95b5d509171cf9ca04b5b4cf333dfe73eed1eff137c3f14edbf4f46039fe4b68d89437a9dca52b176a3746bc9203d6ca01d85670b8bfc7da313db25d407285e784ff0d289377d3bc18e9bbbc1dede7e8b8723284078a6c5dc3f6a151c7845b546d934c6927221633937972a463453521c51f82363ccfb66581d736c58faa3ab7df61873b2e3f4207f6c77cdc9683666f5b18e269520b45c846cca0d56cef3f78293c76d5e6b9d03c7f6d941a0d1a33a3d83e23a3197eef533e9e5cbfd404e6c96eabe1ba0c9c211e53629959c26a00ef18fc29aa3f668f9998484e1b1a5f29849d2417fb7c06f551854a33acfb5ad58f6d6a6bc9c4c4703a635bbc89c725850b1457ecdcb2b94c03e9eb0819ffeb69351a3a5e8ab65d0074b64e041bbb53d2207ae0a3328a56d7d40f6d33ecc2dbfe2aded7b8959616572f55accae34679f9974eb332058836444f2acc11448e2e4a8a334f5b183f33f35ca6e331ad5b147482aca3d4e11fee9dff5bea33de77b34021b65389afc8b753447e404d2bf0bfb79c17122b1df686e73660d6c956422ca04adfc4429d25afcce27ce78367cc0b24ba4fde17bcfa40ff25c9e9a3f425351b363ab41914b4c6b3aaa9592f16470d5532d823580b9463604a90d4e1b95c702ee92e1bbd57a6b3c9f426058ce83ac77c2479e73309b22aefb8631003c52424ec9aa7d64825b850b975b2910258ad0f508fcdb1412b17d2ee02134a83a96e7bbbf60618fd9e90fd4c8ff59d63622f51e41ba2e29d78f81dcdc30cb951cb477fa8b7635ca8054f48d9cbe48a5fbed843f92cd74f5569676988b1dd3daee6f1cc86fb4fbe81e316967dd3fb564b2d8a111de0300848723528fdf8125bb264eb499853649c950cb5112d69f4405a7ddcc32c18b5ee0d6654f3debd8bc4fcdf2fd779c9647d92d3ddce612864132409d8c8042549ecece604f95be5dc2893a155a3e3ed3c72522f47669eb32c7b3b6b78808988d9871d3046cb0a47241c0d826b8c3f2a425a5984db5ac8e211c79a716397380e5ab556eb96e8bbc0bba2d2137b9136c73d5c508514f7f3368503f570b463ad05c72eac2eef889d38e346bb0f72e0a328bde1546aa9f7361c90600a67be55452aa1e7d2fa2ab21b9ff28ee735dc3040fd17cc8cdcef77a7560b5ac47c2a70f445eb8b58240c349a5f1628375b19bdd3668733191a3de793fc0d89c7761c76c7ab432c9b44ac52aa67bef3604b08f356382a9e930ecf35ada43626676db8cd6a034417df2f639ce53cd7282d2d49cafdfaf07e73938cac13346a46a83359197ec88c96731b1a120d8be48567a2381352377494f52c2a0855f2c90dd5eec5ca3690910153720dd565faad6049b32ec8a23fdc6336e5f79a0f88876137fe422318463c6d78500bc28139c8eb2dec9e03d207c2ad427c8b53db38a84f0aae2ea05b76a555194ad6042dbd2029081aa5cf99d7c9e03350f593333692126d020cd8138b4c05fce8ce1a31c6f1821956e7dd3e63366f4f79ade4a641958f67220d5864bae45ad63ef7df201a761f1fe891170b9c2c23b10074c5ba5cf01870e45a7a3d9117c86e20fd1be9a746913325e1c87cddb440bb2c31e8e2900522659f9cfd1ef91ab8078b1c9d08aa6d97e1bedd6174dd5ffc1d1e683d58d9c736e7056142e7c54a45e7eafd055df072093da9ffd004be870e8999a197e5f8e23fa2e1c34603924fcd173a451800784e7b72c1285e2d9b2d360e18833b4f6a4b07ee26864ae1581dd9d98bd9c6579b4d844067d5bbec8cc3cf41461e7ceaf54cece4f6b492391bf4bf935765e739a7614be05042028d87f9077460b174c75a285b9480ab3f48736ee7207a2c0fea57529f94d88e3bf255e5a59ac833970c538e9bf38cee1feb99288d4ae65269b561e477a2d2c3442fa20734effb36eb05b52e6b8fd44c4e2cd2cad8529099120ead93ab17f3c50da2fb727c33081823388a174108e17b26f31ec5873ae5ee5d88e51efc6831cfedfa26c5a784f702b3f303f522041c2fd1a76058b8202953029c6f01fe8200c334a97f08536015c291016b8a398f4a20c77b57eb124325fc4bffa4fc527abbe5197e2e20d2cbe66fe2cc369eb5e92b8e926171b2fc5561a578682682782537f17445d1d6817d5637fcfab1e1f5b7a9814484692346ea6b582c08df7aa49f1d1a06d9adb0f9dbbd6fbbea02a5373ab62a88a31e895c798246176f74ca721eb3494d7f24d695cd18043b8871b89a9dd6fba6823ec35e05a69ac4c0c53ebc888180c027ae367af9d64a2d926db0ff25c1832ecac4f7208fb60f649825de268635a3e625e6b2fe395823cc5890b000ad24cbe898ef016f54f12249ea2a0c30a7e0ceb99a298e0500e8da949f2e64862e759a2498de81abd67cc632de6923151aa5233b7dd39409b8a4ef1d5f8c7782d2ec7af0c5c13766746d31bc48480cbd6f61129da53f98964e850edeec04c751e217a8f40298e6386dd873789d29de7064b69d036fb17dc01acdaefe423f5d798d867ae9498017be7c6a6b85ed6ccb1fafb78995f30b77acd08bf34e24eb0f1d9652531d99196ad82420c56024288e180853044823c04497650cbd8571ba7ca898950e2aa58d0ea021a6ee6bc6d5f608f26392d833560e14a4241375ba1da223a33d23b9ec1c6dd9c26fcd83c4f3a9a15f77c400a6b3cc7b81313ac6cec08172b73164fc5984cde37855581e13ab2054d93b60be3e7e949c3798982ead78c60fbd8600aa42b2b6d8fb5352800683960768e1b9b9c6a01361971d67cbe7fcd4b2e966f3501e38abf6aa41b6fdbaf3279f76a7fa1dfc383d7a7e8c807a365f9915aeda9805bc6ac6d38c3ce297c3faf13f93b1f5932ad8306b2f709c668c824be29c94984473c8799de96dd03b6d542def7a40bb245841d387d43f0b6cf167a64a69c08f04edde2dbac2ccd7f2f3113d89d98b6bd14bc9fc36be94138196b2de674396f565c9d6bca9f90a7525bc042291d09a1943fc7c1e7c065993d91da8dbbda273b82741569ce87ffc401c5524b24130bd440d57ad164987222ba7867a3ad45779f0772f300045fdc758aa4b8932a026007ed421302a9afb8c80e08fcc35ce3bc4e1e2ed01cc9a42c25d58e3dc354e913e562858892da0af3580f4edb772cbd8ec10748ecdc093279671fff1c6236ae88d4d1936d126d54ede0e0f8e7b03d4b43280830cfda7827b90d67a94429030f66d94223f3a7fc7bc56c171b638811fa52dd69e71bc7416e7e5a36adfafa76697cfc0061807d22232d87b2fb7d4d700dbf54170e59fa857e505eb43a50e2505bb7c5e243476747c4fd1abb3f7ba632f91727f7e6a21f26a1f320cb0bb7533432dd09a65273796c7679808c755197da0185b7352d4143a8ae661ef8145e8c87b652c09ab32b9036d64634a64f75442589393daed26c2754a6a5c825fd0148243375bc2143773c76542bb5cda54c831db35342b14612fe05c31d9e857c675d52831dead1538eb2660be5648076695ffd88bc4f84244b652f0106cb955f89758c233acfcb7285b4951d4526d30c08338da9c5d89a69e04b4af2aa6ec11babecfed1014e0bef19199df2b03bf73f36a424dc70717d6e4e6036b2b1ed6c8055c4fea016ee7ad3e851e0b244fb18b67b45280cd8b1fde3eb3fe7c73f9c62622ef644da8c6133db9230a26e4757011a33e13c3e043821a9f0b5a00a932796fbee8fa06d19715aa46aa8d11daaba88932f767dfd7b6151e2d90c5803537d3661b8308f7f0d38fcb94b7ac0ec9f1cee0e8fc23223bf420f7895073d62a4c663d8634de1bd3ff7516a7230923de8dee2902be8bd5da2cc18beaf41dc07fb7d118ee875a12654e7827908fabe6b5d5b30600923377abe9f5ee6bd5c3966d0e629d3c28d73095cfc25fef5affea223c144fc0236ba03c24142bf7389137193cfca8b9f3236edb1b31aad6c89fa02bbb876bede07cfba1f207ddc0ce3bdca1786c935028a8d38c1d2f60601296b290ac03c48f781818d611d3667b0f2845a1964fb3518b2f4b1e0a9456af65994d5a8209449136c428702959103b50a575b7bae01454337f1a217475b1550ed306576ab42fa83ff89f24b8258756cab175077e167838ea5dff9fa7bc3d160fc30858a0678b4ae283d4ed3244656b4d0f9104a53573ef0df1eeae9a28657e0dccc3a7c5f05df7f9647f8e537def38a98d1855eb3e99ae45f1a9b67481f8b381cb8568787f36225c27726de8914c4bcb1a9248955708eec90da8a3b59528977f333809b77369f17e816ad460bce91254a56a46a48be4545276a30c0e484bafce9dd3e276075160fbde5893062f92cab714d18a14034de1c318beca5f0740b8e73efa32e98fd3395ff124a8845f6426c312a72f5a01fc5bd83a4bb5c2c90bc1b450fca80ed700368a65cb9897b1325b6404b3e436a3b3f36113d43d50e84ab1d53fd079773ed37ea6813611495b6a97686a0e153e32b97be829f9fe0c65640c74c5d5b4c9098e3c8b6b2b8abf85fae1148c36f22ed69a7abf203caaf0700d886563e40684c6e8b1f2d1d22220a4b770c80e65f62135af36f1f03616940db489c5cb67c3fe7471910625d96fcb82bf898901f0bd3bde9ab92b542845edb435f3f7c9d48407764ff511fb499cd4ad2e791b456d746ff4f9aecf9a556a4987541c1b7873f824dd9e92d02840dfdd8a334fbd8f0d9bc38ef5d8cb0e43a71b3dc022769ddaa73d1a03e0154ac498b04d73168c8d9bf89576cbfc009096f46ad43ecf16ad34d34399c22fc788767fc9fec03452fb6a39a4b7910359f940d6ca32880afb04307f7b929194706cc5c6352ea918fdb1d158d61a9efc278a1d4330a9bb8d2e1b0aba2902b22193f0f00bd172d06324ca777bf48c5b196bc689262f0635508a61d6b8fb7377c13ed79055f410bb5e3ddb1baef6992b1c210cf356a7d1f9b653de55d0aa40ddef3f8124fe3c2b647f3b3ac2e5ea76ad5bff05b5711c08a8bf5c816aa114c7297d4d00416a9a531f730388de89c98b554de6f099e3b54a2b2c45defd3374bdece3034f28b8d838cffd9933de5f26ce7be49489dec551c64db51b42e7761af9a142004d6c2c4857899b3d08e66ffe35f8dcfdbdee7a3de8d4e249b487536c0f684a7d6b64f7a153f6936480f3d96f27ee14967a9484b8159e8ed236dde030f6288cd1b28c57066d0d4f2fcc8e4482c98454bd2f2714dd75e79047e7e4bad8a943eefd4c2291a2a4d07e9fc54a54bc156e9a6bdfb6c2d4ed4494b42162864304b2e57f276f20d7615199653e460d5caf76d8d50304f14e4ed2809e0e5482edca17c1ad571e4ca21269522051f3940353ccb619398f21539027d94510ff9bff68b328c71a9064f716f9bd4b93839987af31d8ad89bb41da97eb74d6e79f6340a23d582fc922ba886cbae32abbc51e6923f4dee34955ccb68cb285b900f7dcd3a85f820a6de9aa48115fc6c71", 0x1000}, {&(0x7f0000000040)='5J', 0x2}], 0x4, &(0x7f00000015c0)=[@rights={0x20, 0x1, 0x1, [r2, r2, r0, r1]}, @cred={0x20, 0x1, 0x2, r3, r4, r5}, @rights={0x30, 0x1, 0x1, [r0, r0, r2, r0, r0, r2, r2]}, @cred={0x20, 0x1, 0x2, r6, r7, r8}], 0x90, 0x4000}, {&(0x7f0000001680)=@file={0x66ae2fde9441e527, './file0\x00'}, 0x6e, &(0x7f0000001880)=[{&(0x7f0000001700)="f70b1a51197802e5b073dd4081cdecffe39636f6c5c9da5bdc1affe43e7359ad94a2ff76", 0x24}, {&(0x7f0000001740)="26f673", 0x3}, {&(0x7f0000001780)="cc63f4bcaaa5ee65d9f977d2b0c1c96c58550b7094560a424035c93cc8ce4184a721eff5040bf7b2c77741f124c7f0cff7060a04ddfaf5295f6195ff29685fc6bce6e55131fda9c82230eb1808c6f5f47032460083791e81b0bfdc08be6d25370f45e97bfdef5a2e0d0bc5831bd14ea7e230fece7832dacfff15f1a339b56794b8c120b621b000d4278a7cf24eaada53558c186fd8bade74f030945ea47afe732d25f482bacac385ca0709f0555ed9b1078cf30f741b1ff1e51bc9cc36a51f1576397578dfbf5d03742d628a5374c8999ef22bfe48be1e", 0xd7}], 0x3, &(0x7f00000018c0)=ANY=[@ANYBLOB="28000000000000e7dceb4dcec39a8ae4", @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r2], 0x28, 0x44000}, {&(0x7f0000001900)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001bc0)=[{&(0x7f0000001980)="6f49660ae8c192bea308b2442f1166cbfa6b00787afa8172a3fe3d16bb38b7e6c5cf3b6dc2f6cc77fb831f55ff1206ddc2a4df8b8b77e0642cff8db3ff1366e712810dcb5dcb2651fa92e73d84573b53f2dfe25269427b4757450143d6bb5636fb1ecf5e44360b5249fc31c0d1c6dff398b320ff4510eb027d63b06a9cb692824d61cacae1c4fdbcb44c41c46c08998296dc59864c846a996dbf8b693abdb2e2ca37cc835a363843353d1aa043c0aecba4", 0xb1}, {&(0x7f0000001a40)="9d4cc0a3dc71b4846b4dcbd21c5e4bd9823778c8f28ba834dfd2ef7b44122204a9fb6ce29b140902c623bdeb251134232277a8d619c7fa237d1b40585a30ae7417e90c0f1485505709aefc2eb1985f2fb9c41d3a0ff7dc2bc59dc0f3902abcb15f48b867ce758c724dde272de5412074c7ba58378915bd49925eb47cbfbd23e77ae07f405456e36772b72e37fee9dcf6f9048d5c90d7093f0e80eb13497d4878d2953826026cf97626b1", 0xaa}, {&(0x7f0000001b00)="cff5f155", 0x4}, {&(0x7f0000001b40)="8f39eff12f1265389366fc2461f7c9d616e6cc1bb55586cc425a35fedbf356c981d9ba44020bd15a91ba9e7a0028410bd2e8c4ad834347cf71e69478c03cbb1c4baed3f9347c714f8cefaf8b9359fd6f733fff3929ad", 0x56}], 0x4, 0x0, 0x0, 0x4}, {&(0x7f0000001c00)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f0000003000)=[{&(0x7f0000001c80)="c9c2778d58e447ba949940338b64dda067ae1fe1221a9a9fa69802a9c1c4e6dadf9c25e65cad9f69f681f41a4faf958b181239a59ea5ab48b18913f97d7cfe30b6f8751d2937c3b57398e9a8e4b8b8ac340eaf1ca2cd2814ee0dee8a03acc35706ed434594a22a44abab52af5b3bbd5dfc3aded3eb3502627921cfb3ac942cc2a5a8784ee03536ea6e454fae6f4dac779c8392e453619327f7c90b1f3ea63718aaff3bf669d059d801dced2e45ce9def792bcb60cfbabfa28ee14f3b0b5599d2201ddadd677ecdaae5", 0xc9}, {&(0x7f0000001d80)="d1b50ae5c079cc2087cc860c3224e35794c1c89f0ac4d8735b12a5fd97930619fb77532da6c2ebcd5bf19e337ac588fc6aea7f13c737dddb0b26197a6557fd74b1136080e74c1723425739a8457748e682f8f86d7623fe8a78686f9f053913588d13fc8299bcaad3f269b6e3d7ac2cbe0ebb93704457bd36e343ea664e24223d9865cb48d04d15434ea060af8ba7fe411d88b6a734f14731b4c59e3a0aaf0316f151266aae7c172166680b4a005d73a6762c777b15b82de952", 0xb9}, {&(0x7f0000001e40)="421177fe7127bd5a915a743e07a708a45271fa65227b730d0d9f07c73f44439b19faf66c567e6c1ccd65feec1fb0be23289162179a37c1a4821aae374fb3dbaf3900f7e4c4b6adc284d1d109f9d0d66b0c2a3abd10f9e036f5f809f615985961be333590ddcdba72a6a3dabac9c9ba6835368684352b60afe693a2e74cc524c8b51a47e03e51f1b6c26efc35b8ce61f09b53209bff7f836df13a85c6174b83630c910924cc29cac769530b9bbec73384bb4dd93347d4fe62887148483d2defd82922d6e5566c5ba3d7b56b41e40a4dbd3fe55f25", 0xd4}, {&(0x7f0000001f40)="61ba951193c5a29c32e81b4425e832cd8265570fe2102853ce603de0a3b2acd8b538014a4aa2fe7d1407744181518ef626c2029428f1d387f8961cf39a8af8efa3bb8b4753e95c30dfcb59c509e30d06342bba42aeb6e3e2126bb00808e5f7592a2f73d3524131b352e868d43db4c6f6727e027f548d0b3ae8de12b221c798714bda8529794958d9050c567a6f8a6c7f468cad927c9cdb68faed89b5fd40b01c73f28b51a316b1339a1341371374b37bf9fe9e60bf6e481b80e46a43fb961b4aa78b89e38bd712204d2e9a805ada6db589692d6a06a54de3d19095317460b98df169d22e2b7ff6d16c311c4e53f22ebf272b094b5c16a32fcc2353efabd25040eb6f6a0e92474c0a23c82297e3d3d7de62e2a1e129b607fad6db2d938c0b6a2ac5efdc7a0e6d8991c36d6676f4fb40bfd437d1bef41e946734f8df216d3f604989960659525ed516725ee44116d8225dbaeb8cd85d9638fc918f5601c34b0195bcdb60ab89df6aa9804c76600b1ed6488095def0eb73a79abe9ce8c548e32af36eee94baac3ee0f60f2aef89b193ee55ccdc35f96780f1607e577e50df9205df8c542cb559bbe01e0313e77f2153be1c384057893dc2c66f56c3a4a34eaeab74207b184d970e2124cbb9e46228c04dc90c2b5c5aed85a7e98b5a58d43e6ad34eec7f6137611b3ea74590c3cbc2522e7400970cade8f449b139a268a3d3881d8e6e0dbfab32a9dcc8f7813d9acfea2442f7aedd67444a16aefabe1c4332e2535b4b531c27a840028a5de26c37b7583434f22f43e716cc34bc157eba3faa3bcf3e225da81a06314c84405e1bb507c4abbbec604b729b366823d3b2434467e2d984174ffd1f9dff336be4acd37ce9f61984fb14eb42bcb233390abe2d1912b8f68b8081df2892e9f1bba133de6a17d6d950b67083bcac80c6d88c2c1e8a14a9829111572488e3c4b1d02cd81c8833ed98390b4696da6b3c9ef28ab41bef6418ace94cac14a9ca6e761857bf98e15715a51ef322fa6ddaa2490902de6c0629c03299a49255d6a3455facf6e2d5c85eaae91adb9a11ddd33d843894ce45c00b726ea2668be9afc39a28e3c47ad97c178704178d0d6e7e197bc55cac62c43931eb34ccce8091693e576b64dc943f761da098ddc479be23cdf624d41bf313e19871e5269dc45d6e670d9ea1ee32cd0e31d8fbf66a2ba80530a96118a7934dc6885704972b576fddbae7408cebf64926183fc03c66b93126d6a4fa0946113f5f875420de74d88ff9b04643f7a7703521145277cac2523fd347275025b380544caa772063e7bdcad51b81963836716d346237063c7d9d2f811f1bc0435f83d9e0d3358355156bf220bad6e51e3f0114270e3b612c7e2a9dff1d720834b44084e0c58209130d87dca7abba995834f1671e991716fe76d98bbd5795a6de047432b45a648a756e074f6a99b45b884c7c4e6714c98fa7e3bd14267289097ea6691e282ac3fb2493a55a058c3a9f901691c4edfa7eb541f72adb7fefe540f7be35697ee0f1ee845c26b0203f0b9d6964debed533c6e5e5beaa724563b0bed84356d5a0974f6769042ad6daae0d725999e52e1db1ad9afc4609beb328d0953b4a07397c096b9a0c8f83e0da67d82f58ecb248f7b8bc88120db7c0a5c6e402597561afdf5de4919a276b6c450593ab9184cf365b1056330dc43330650c84a469eb7ab5d5163cbc1e8c7bbdcd815287a5f033ffc3d7ecb97e6900adaed2ee10efdd6c1a27df05c6e2ae5e532fe80e2eaa6793ab9cb79ed2bf849044892772922585537b7cc81ba928569a616f810965d2b621fc65a2f39e95bc05e2bba638a7e63c686cb380c0b3db54f767df94e8a1613e3e4a753dd0e1ee468e1235a8d544a16e8398edad2c1859d34c017ec44e9236d993fec828c90bc91f6d04845dc3443237aa9fca48a1694b70a75a35e08b9383531dd3ed279b66f47672a8f05674691fbb5e1e5f09e579687cd872fc0a933472d08a7d571ca2495f854ea7aed08bac4a4cff93e1689ee225d76b2627b36486f18b4270e1b758dbfcc5d0719def67ab5325d195bfb315ee5e643310ea4d4c10905f34a1cd14d77823d7bea193727b5bcdb730928717f7cb2d56f8f95ef415e5b75f128e2f7a57cf8934ed319a573934e22bbcdf5513d701ba7d4f665f0bbeaac996f287deb3cf5826c5861c818a414cc5559002cf9a2548b300ae259d928c57e6e7518f7beee1ed3106f1f684529d1d56a2c21e0ff746e4ef762335beef412e7993d6a13105c42a8e325f0958136b2d96aa0b48592db23f7ad16ed89e38b94b90af8611b393d7494c0985cdccbee90a39ec7145feb023bffa99d178352bf50480b1804b18ddbe277193575762e24b8af3a839085d480b27a686366fe6ba6ef410290ad5c6a74d84a1d049b18ad7723cca4860e307311fc2df269cab20aa62c0453853ee466d4d11346723e739bae3875b9799b0ab39aee408a6b798096ba1d4477f00274b44a00ad9e4169ec042f76f5b190ff1eb140cf1f7f5a133372d02cab8b16217efab47e4c5edaeb572e3af2796434cc79e1a70ede5a282539ed311e73cf85554d9bc54a4b2b4ae5df88ba27b345302796e80b5c39b905921de92804885e94d5fd6aeca06697fbaad5d308267b3cc0f536a4daeec802994ce8a62793de3b8a671ea4ccb48fb7fb32a7fd6dfa088f81c39927447b39d43706562b4604b487837e683ce92120688ac06210b70967303496ef944f517fabd94d61cb174816386a702312754d546148abacdaafea12cbbc8d51d681099f4482a7f91156af58fe71b4d0ba298133952cf8d019414817ca357b2f72ce6b58d0dda20f2cdef5558e514f0cc4d830e69574d66699418ec204713e190e927c5e1440a3e5224c9e9fa9d89f1a943ef09b7c8663f239ed956f08a4721ca0599a549f9fe9802bff44087cae51adc769393c4a44416c51a2fdf9e6c8bdc6bd08881fbabae0c510e7159db46e132f4c6503ef889c1f47818c7637341c9a272adb08484b8e51ab81bdb4bfea654ed0739a6d5b206461559ccae3e9374ba760c0f957f49aaa550bc0b2dc688d9889728736178b98e3af4b7ffd1b6ed0b9647dec9b281882abe6af66239e92a4aa57a73be6f844a5ac7edea87de0b2b6fcf002fe366cea6b5ec29f287f68e50b2cc7c69f5b25ca27a15f63e7b20a4e1002d19fe2e6292ad0acb05b9f6999432fcee6f90b6535849e5653c023d58e2fe91ed7239d87529949fc73420d88928152b1dda89de6dc8962bf59415c46093315b819022c905cf30547386e9865e1e8f43798e8e1816ce0d6ce03753e5474fd7217a90548a5a9b397c3d4d8167ee775f9e94d6200bdb616511496e4f497dcd73eb38cd4601b7473399bdf9217ae28015d659b94eb9927671326d58fd6843718f4a6ef30877278c77355ae4e96bb3ea37e8c8943360b44733f7079ddc5f86621a8a53f617dd37fd0813af1887384856a03b6a6df5a9d01b0143d71c9a79caedb5399e0fc821aaf0addf28525064c5c2c4d2e0b94dfa2c624e59e06bffd2277e876cec5ef0b0a84fa012df77ab9ec6691c19e7b0e79141691a5911ec10298d0d977c6ae8b486ce4e15debc81ee77bebb69a5941f998dadbc3d1e5a94de1e79b5e3dd003b4399776210c0ab86aa7fbaf07b4ca98c33bbdc3e2200e1741bfe07dbc1e6f671bb75cea4dbe88cd305423b9f34ec1147ded799c4f287e2a7e299530ebf728024c047d1bda670509c921932776afcdce210350a6f109ad9e197fbd1d20b5cf723bee85fdc6f70ca7017f2a8cb3b75644a699b0aeb31bb4b20fe184a5257c2c53465bbe1aff2e20459ab4eb962a8fbbc47bd671b3087ca0827314f9cbc9869dedd1aa62e54d4e75d8f3776c4c8940a26a5496ff75df7f3f4821ffea258367f48ecc9e37a750cf3aa9d762d98af580f0414d2522862deda0797777d54b475b360c67a9a12c994d9c4074f4a12b7583cf6dda6240b18a8ddcca608cc83ea2a38a6c303005b537129484c1bd5adca68b0596930f5f61add25b7e901cb239cf0a865a7ba954d8a49ed059a6ab4923ad7b05586280ecd178941258f105d243931225e4a2054012d63b9bc027f6bc26839dc4d09032d1068e89c056561f3ac63d3eb8cffab16053ac38320c367f619601684ea863cd4b66c4850a71e565e417fecb606b9d5c33744686e09cd87ec90a9f1eb99e640401d47c13c5054a3291b2c4de1c8034875af4fca44c42aa213cfb192f1222c97ac1ca087423f5bf87be7541202fd2f1c70fb6e9252d8ddedd2e9da40ff137c4c7e2bad6d149187fcfd8fb33aac061bf1094f31758df38ed0bfd4f5efdf20566f4ab6130d6bf55f801938c8f0f64cbfff5114b8f7d12f1c0ace8e47bc0bf2f4be2f62a9ad5195481f43533436540f4a19d844972cbd9d6287c8343fb5d8584d38fbff68e45ad915c4f7c22ab641980a0df65de3f646c21306cf188edfc542f8d7cd103e4cbd4e9a21f820a6463a1790a27a9020289322afe41be328b07c77c0ba8755273aa5f73cc16ed1da460cf6a5fc0b799254d524ac6092fd766cfefee5906e872acc4b15eb66dbfb4f1c7110592e12fdc4b711d9e36dd5a1862929c3d93853e4bfe9a3255c2573e6da0d8a15e014f6888c1052b2564da04623ca774d66ca275c2c2add72d6f63825409d063478382d2d1e8f716d3dd5b65f38aef6f3c3820c3ad6fc7eb524dd6c7c6c5ecebd3afc9e9f8afa6afb2dd545e1ccd3179b952ef6ae0cacec544e1aad26c4c605f7bcd738a46f9d58ef0b75b7f3ac433a68e19c423a2271335414e0dc7ca9f2159ed2e74bc59341a8622860d7af1a67ad1f3f2e180f06c1c2eccbdf8aba43c6858845f833218168940a6a70cec28957a0a3488599946d45df7d247b08b8d4d01523325507129e14404062f054a9a98b9c931eb4c92203d37a65350a85cb2e99ca491e39919cebe4884e94562944352c697a13873e7ae660bc763ad71a397472b5296ef03e8da84209668c533ed4fd5ff81051b5cb63d1ddb87009b58e2033d9d030232a026bc59b34aafac386e2162b36ec74b95575ee5ae0c61066f1e3ac1977fa3c38325b041bc0a85838ad1d0e5d80fa54e7183e27cc3ac5f3a8bd9af4cfd047b8062a65405e84ca4221038767c4da82443a02e611832fe0eb08056a2d58495659ebec74b0b065c224d4b4d16c89136c0e1d9d5fd2ff3608e342989fa010b46d1e9043d107d7f1def7996dd1774eb97946745bddcfd3fddc29aec302f9dd66eabd20ca30c12ae34204edaf486ead29625c2e5570f6f9ed55045ab37f60eb24a6a11412ad1849968d6c042313abf3dbc321ec49d0e8a932236f8d77d08a6f44fa1d8d175ea27a836c5b56ba42eaf0e975e3f64565c84d3a4627fb24191a09569e0c5c2e5eb8a70164d19bb2058c31d8b5c192b22c3810b01f11d5bed6ff883b901a86b61a2cff34c333e607770cd6dc51328f1cf144a7401ccdcc1f882a9972610f4b70a54e797f911294efe0646b1c3711e06256901ed05bc07a4744256df853ba7267207683f16db5a2673e19244c0cd86625c2702e668aa09150202f3a464d68adbd275a3dfa63dd29236473b7ac4a9b153f4f7ef32c3ff8a4c032987d4675517f19ca7b28c20952e1a1704634464886ff5beda2f57ef722e069593b844bfc49a8f4e8b19f5c16b6db09cde60d0a63d4b924186fdb35616cf6bf66da307c20bb540dcb387cb49d933e4f00272a138c7fb72284a482f7a7e7630e8f12ff141ccbeb08e47908", 0x1000}, {&(0x7f0000002f40)="367ba4cea4b69d7453d67f3132320c366f5667e19e577af6ee532e9d10c05e45763b19f40268024e1758019d7ae9766e9a4d207be9c1ff4b41711dc5344e0dcd6f0ba01ce723a9c416dbae428206e98846a1b423ba359c4061134c28f2c4c8cb1e475d5d6f5b5a6c0c10e7567b564901d4a7851458911e88450bc229dd31d6bec24dae5f7eb0359b3581ebe4f49403ee0c9bc4183443fe6550c57b7f", 0x9c}], 0x5, &(0x7f0000003400)=[@rights={0x28, 0x1, 0x1, [r1, r0, r2, r0, r1]}, @cred={0x20, 0x1, 0x2, r9, r10, r11}, @cred={0x20, 0x1, 0x2, r12, r13, r14}, @rights={0x30, 0x1, 0x1, [r2, r2, r2, r0, r1, r0, r2]}], 0x98}, {&(0x7f00000034c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f0000003740)=[{&(0x7f0000003540)="5bfede675e93f6e9fb04b9c85c3e896584987ac8bf793b926a12d5791a9ce238", 0x20}, {&(0x7f0000003580)="4742e3ced2ee0ba46346621fdc2eb6a417fd55d1c55590", 0x17}, {&(0x7f00000035c0)="d337e34186d6e6136e9434c89424ba253dc1b621453966ea836bba23f9a6415492ea5dd213408438a2e4daa0dd1d5ce5abec74f3c32a1356b01a7de8dc1e91ea35e2511862fc07d01e4ea48be1d5d9f8f01245e6a526395e73251683fc7b2983507a1046b31c0b9e7f5e7fe8", 0x6c}, {&(0x7f0000003640)="5295efc6b9fc1875dbae3f18be50799666f4149d63065935e43b049258341df7e2112a9c5807d70f6104e24b85697cb4ee618be5163f3368091f1ca0b1d2bb0c", 0x40}, {&(0x7f0000003680)="fc09fb42aee2ad05623fabbfedc7877d24d69bcf08378ad92d7fe8dcfef1e6008838ac193e090d9e3b7e156effb7e212c32c31f8ad7df373b02a2c6ffaf84542519ad6f0f0035c94fbe0760c22ef33ce77d2e2d7ffb35b270fa53c34d4e5a30a80ef03cf496b50eea10acbb06d63c871c3b2148da1766b99f6bada118ada4498cf89d9b101b1504496e85b15bad120c5e8fa03ccf460a5fccc1fb5cb09580853ea8023c235273055ddebbeaf2bfdbdfca2b52820", 0xb4}], 0x5, &(0x7f0000003d40)=[@cred={0x20, 0x1, 0x2, r15, r16, r17}, @cred={0x20, 0x1, 0x2, r18, r19, r20}, @cred={0x20, 0x1, 0x2, r21, r22, r23}, @rights={0x20, 0x1, 0x1, [r2, r0, r1]}, @cred={0x20, 0x1, 0x2, r24, r25, r26}, @rights={0x20, 0x1, 0x1, [r0, r1, r2, r1]}, @rights={0x30, 0x1, 0x1, [r2, r1, r1, r1, r2, r2, r1]}], 0xf0, 0x40804}, {&(0x7f0000003e40)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f0000005180)=[{&(0x7f0000003ec0)="4d6bcdc1e3477f2dbfe361e2ec0b39d4e05121df6cf13a242b484ab74d3400b5ab711c91ce013b7a1239f033596ff56c7b9cafbeb26b6c11d418f8922865bb49205e35672808d732839978a2529de40b5b13c4db8acdc1aa991c3a9eea12b353d4e623fabe59d66d5afbd22dac021e655e7974c8497e63ef641614b1b541eb5ae4a2ec5c9a644f95f4f7c4a14c7629c883677823da64b5446ad0533265b64d367bbc7666a58cac77002d1b771b1d54559c571839ad7137e9f8c651956b5c73aaee5179f29a6d83d3c483876f70cc", 0xce}, {&(0x7f0000003fc0)="9a72b0a4b46bcb64442851d925ea0669b771e6ffd149ea29a2810ad341cbe45318d90b2162a32c54b28df889f4deafe11399e5abe3e858dccfd0d305d199981995d5e8f2987f1788644abd8f62d5e838c5c752aa17180a792e38e6853662a3006d8d84e0bdfffae9f706ada15e85dff065c0df0158895c5d1531acf3739f71dd38532dac390bdfd6e5dec088478ed1b9f0ff1e44cb8e9d0a16e90adba9b6c320b69d57e6add2e778e4c594c9e78613a93fa3124452222f64a0b55bab9a1156a62c0567d4569d3044f699f4", 0xcb}, {&(0x7f00000040c0)="024232208bba63a4fe27eb6c9b25311d2366793438b8181ccead415fa96d637287d58c75d2b539ca8996c9c50796b8e0e823b9b09efe684e6c376741b5b580b05c3137598969c34197d994e7573e649c7a8fe9e62d042ec5a222dde6a67711a49aeb12e8000c6b11987fe607c89ad513f58daec4176d99329d38ffb50028e116239da4d525edf0b7a38d5a9e39dd4e60ae95770d9afc438d69ac2a7f1f2e2c000dc68ea9020a11cddd4a7dc2645ada7e838c1722149acc1687777f2bb8c399cd", 0xc0}, {&(0x7f0000004180)="bf49061510f3b9389eb947c1ad938163b20a12de8a3605b2c95360a15810a96c6e92d32e25e8e84cf9b2d5f9ed39ddf38f45ef61c5b0bf34047c99488410555a7704616c90dd2ed0b4dd6f3c462ea50d9e46e467453165a8c007a63a1044d1773a5f58337672f33c073c32d6196591ec3306ea9bfeb72d79fbe0d9b94cfacb43085b9cfb98cc9e022b5f065602f6d925b59fd2ad4327f7db44643b89a31aeab00ba55c93a9bb7119230b011d932ff8ef87690139b9dd498278ac595e0532869f7bff3d0a0706b570fd833d6f99ae78ee371786c9a25b8307d182ef13023967174ce9f499cd8c78934fac89f270f7e561de67b4236db4fa31fc0bbaee4eb92e64a0b008bf7db56f644650ffbe953265b7029431f9ad8f0b429ce877d723827cba28795cbcf5a3407ee00139e5d7bab3aad9fc16b3ec25e2d144ff5f76577318ce585025f0ba4e0d1c4a35288cbb23823393cb320ea69bbc04b6939ef883d5005efe9d642932d3ce70bfaa1282e3c707f22ed7b63fe049596b20cdd1fbbea0793b2cd6182eed21e69219b03b84535d51716f0dc3715136fde3f9c553971704380c4541593551414fe348e08a6da7c78163e5435e75af7868b279cc7865901a0485655a1f3b03427312477f43113eee5540501afea659743d1db2b238be20f6dfb047c1804a0b393518ef29c154af7dc950fe79ed235e6faf567af5239b960ae2f84ade7320350634e039c4a58f024346dd29b71da1f11aed6f1a4778e1d4b8d00a8d288222b1501d65e0d6c6c638d218f3c7c2759f495e4f6bfeff3065e5e5804153dc072881c96f6094a9593af5db0030f06deaf20741c58d4803f8c2595990417c9ae043025fd35bbefd544b8b0538b268107bef5f388697c31f4b6a938d3376850106dc27c996531df5c6bf349b9309811b37dddfad55eb0fb2f8bf94a8b8c876d079544e7f06b1c0690199c6bc12d6522aa89e66b7ea0feaee1a9bb1783fbbc33d77d4e8a2b470efaba392ca2207378b4ff51df231bb6ef22038900c0a315d9ced159773f777697cb9093ab5f91b944f196ec4720315797d2bb3656e992ed4f65b0d97ded089d2617c13b6ca8ffa6a614b182dfe7e88ac8d9223abc288e3c2dd66c225a8a78beaf258b6128f4da6072114f2247d3458efe8d0eac9ff9fea64dcbc5c422cc1f29e1787f2a05cca465fa908ff75dc7bfb6b6c4e97a7f4243fa0e0f82c67a776a60cdd47c18df5bf1193d6ad938ed20da2704435d578ce07bf602bc5cd7092a0b76799fd05232547370c729cb5f2010a9bda527d6c1e324d69ec5aa60bf22cecc9a020383fb3e316db4c94a9df1fef0b84bc455e61856ec61a1073b754da713427aab9fd71fe62b96b6d937a7c571e420dd43dc0a76233445d330da47ee33fd9c3d51f2ea58ced5d7ca06b5f5f67ce70da702ecf51203fed0661d6a84fbf06c1e65d5907985a2df0fd131854d1bc0f4683039fd9e1a3d1ce155fc581871b707191cf2cd1a4619917c833dddc0d1b99e6c53e9d2b16d6086ffdeec9a25efd5eb24d4818aa249946c8f0e8decadfbab2dc176c943b2289aa3fc2903e1d29357b115c353011de99eb3b026858fe9a1e8295e5c05355289645c5ca9fbc58d044dff07383470afb0d4ae6fb8723a16416cfe20bb567ca62eb09a5898be879c436bc706b2f84acb861f9327d5a5944981333f17911a319fa990d745858e675ece17fc36642ba99aaed8aa6788221efa7b312f8ccebca0567048b952ff06f9a56a321b4952bca0480dbfdc74ede4e45825d9095c4d38817ee3935a626f371e4b4ade7d5229bda2f6817dd51c4598b7e47b577f1d0d04c74a34ad36cacc0508f29ba5fc3b772ae436cacc5d805a1aeba9f794c2ce083f06561b06bca756421f2748013105041f8a765cbd023044d083767d000732cca73cc109333749ce644eb62bd8b3cae78e8a7f2ec19a5aa24dc564a27b403bde9c753bda022cefedfcf1a2343c50e7fd8180a68b8e3eccdecb4ae7d4e7937df5b5431d3faad344bd8447fe491d8c181223c596abfb64f053294e8eea1b2b8dcd77d1b53ac8639d35e5286ac4089d9fe575964a7f0591f082e067a03bfee2133aa78901278f54a07a347ef5f3954ca5f65e9cf298c4bc3a2a18c248c58aebc8fe7a83622b22967b3a8845a37ae4a5a35e50bc8cad15010f2ba9c5004a3b96b9267fa3bb4d7ddf7623811e059b9ea9f9b8acdbd7205033eda3f3acce747fc6d98f43356a59ff0220b13452c9dde531001ffb295f14f0de86be0c4805a42f1ed817e1149c7a5b9d785daf557f76d92e7d186d20b263d843087b43a15a871040e3f4e52c94bc3bb2e046fa66371bb9945d3e9ba6cb456b8eb02dbbcdc36bd2a8b4c1d032ee17027e1da968e12abdb00c680f80678cb19c39d1d29a2233a966df02d165e5fe215ff79e04350bd1e6ab20eed0ce95cb53ee888a22b5ceda42fd56f9a51ad82fbedb524bfc487d6bfe3af61a47bb4749d5c5ef0d22a45ac062e1c5f7fc62f4cba3232d44e8a1b505b48c91aec139360981ce5a6c10ded1d6d6ba0c46bd8fe0562d845a868d830883183661fae4d01a4283f7d567a8427b8946cb1b68a659035c2fe9b322f49d9917008fc919862f8b331a3663e015a59c78a2e7318e38a17a0cf26f534dbdcc4782e411813895bae7a61a5f77e3010583d0c6e5f62b71dfa7556faaa30f1d74463cf0835bb80ee92bf75119cc0cfb22945ddbee779c9c34e1c1c20212d4f24ce305c49cd7acc44c468f9b1942b2ee2cdf6e3ac4f2d91f3c4160cfe8d5f83611504e1c5d21c6915bd504bfbbaa99ebc999be5d36e6ff8b460a6fcd70de667714680316a3d5547b25b153adfd9831073720424391b8ebdf8ac876f4a91aac916aa293edeef9e82bb209a0b70823807e2730af20e00a5f16a2fe70d1e55b8051494995df7459e1bc53da5f5bbf74dd76f53344720a59aca27dd131d1e8985fac27387f1e836101c7435bac20ec13dd4bb6d66e91fc58b7941991b665a0b1ae786b49076d588a8fdee53e2711f37e7ee772dc91ce7adaa7b839762513e9c5ab741f0b2f6f70dfbed85db6d7a5939846f2ba42baacc75ceb0b444385e6634a8d415dfc72330cfe9797b59406b2a088d0d14a428734d364ff8de8e8c0eb38819052439c564759320b363feeb53902e1514bd77be76e6d4126bbbdf0914072abe1944200b567e184159b32015fdb5c210c1234d7c3d5bf58a724ae13c8562c0b4199f861ee025ff9b86c37177a132e8afd46c39e4bfabcf1db4e01b02af0be9627b57a09174a41dedb2dac6e426f5a6f8e4620238c83266dfefc8473892abe0b6115e451217f78149157e9b7b707c0f5caf3f6e79b50e47b5d74cc0efecf4e30fc7f00cc9afb239b19f0da132374c01cd27d4a321fc169af481fbf4b5bab6c8a0c01f005f4c83075cf87d28c0a2cf9517dfdef9851fa7ad98607ebb9e6c158c68cd49bd1534a65d0e31a86776dbc5a535022ddd6af59748b373901b2867605ee46ad28dd36a8b61bfaaa658ef310531b92a5e614634c3d84b3daed854e5fdc11fed582147c6aca25400fd7a551ab0c8f9714389fdca3df8e205a8cf3d361fe212349054aac50bd5c2cf37b3dbee1a8def96e79569ca2f52918e4ad97e752f926b11e9711baa92c83833713167fe6ab4871f15f28564e31415a21281c3bb34dc0e692ae233a30688ae914bde82186c2ef0298363694b32853e42c2060ac60126d8725a68ac58a5acca71f7e6cc606f2ceaf23afbfed7af582a1bcef4af508d0506e2bc6d011941b4b5b9bea1ea71b2049f0f1353487ff11dd183d59145de2c548fd95266eb6d55b8ca0c95387dac2d5261243bb0a634f932d74fcac3cdd0e7df8cbbb6be533f7d3f46a2c6728d479e484d5b979ca9ba1836dd434109aa2ece60e8fb1b11583d41bec6d1191c52ae1f81314b9183cc143c7a52084535d9bb4e589c0e510aad2e9a26725e5ee93b673eacf027d9b9c7f8fc5bcda05dc3c18e77339314d0adf9df5e4f06f48d352d0fa444a62989a7e8027ea533f4127b456e2929cecc3f2149047d246dc9c3287f787e449e32b7a6208f9990fbf9738864e5d9204790b0a1438e4bce0b02b43aa73daeb1fa44ac3f285827c360ab8dfa96d74ad1a84292cc70a3f49d0a05e2b21ba4f785e968e4f436348020a47e01f73495516915fe54266a3f013b334f1f5001c1ed8804ce47cc1cf9b50b8f16cd852571903d1a5131045f586dabd1e4f1fcfb1ad2b407605fd8ba69d972c042977c2d440f3f096c5cf7e82dc2742e5a6b02ab79c3e53fc7f4a030ffebda1f448cb788683b884f7a08a6b872714aacfb70bb119f61845acaebbb0044774e9a027a86509cc52317c3b4ac23535abb0574f94df5c7bf315ef27517e1bcb8aa8db5cce21b2ad0c431fe4ad06e94a4d3a5306f6895f536239b11553dec86fc60291699005e9f5a90792e86626b2c645c5f32ac4e777e72c8b62f25196c73e1dc5c56db33b0d7cf19c2e4b5c7e9ba2060f6d2ddf4f9018cd2f1be35173053b70a401d87a56e4f8005ef144b18983dbc2eb2f05c840fa0c442939961be729dc5407ef656291603e7c5fa5e36f425c2a6807d87fd99e6949e7a30554c30dc0eb098c79fd9a04d891fd896c3ce60f1fc1e8f2b7fe381eedf48af4e1dbfa576da4a93f704ecb0e0d7cd52be912de00d86b8b6e7b57d0964b6bb9cad8a2aaedbb1a5489977bf3e8cf87eed3f11883ffa7e84bdf0607507ceeee4137eae5f5e673c8a37ff477ea37bc427a82c7903cd54237b7f7ba6d11f913aac010fc38216e5aa0ff7dceb664824e44ed231ec1c036b86ac6ebe88ffd4689d4c4bb852e74d5a678732fdbdf66edceeb206dc87dc1ff9cbc2e7d1e98c0843551b75424b8b9dca685f5354094d2262222a5a9e31df7e1cae7725d40345071dec941f37a6ba6ba732ceb7282578c069e8c00cd2433ba54cbe6bd0423330fe67c5b4e20aa69d5e4d4d85062b0a819470306647bdc221bcd4d1acbb9ea952f445440e09417bb80594721cc30d2c7617173f485eada3432ae477167ee31655ed71cd5fd121065e49dac39248cdb53aa27bf4f3d5edde8f8907485d762d8b74bb585eac864e9fea43a9d4f045ff87dda34bde2ded7fdba6488b29b0b9926a49291d3fa9666f211a34cd40fd9ac3075e5a88ccc3fb7c186a3a8956f4bbf34ca677e78569a89d1da71d47e3d44671390e4f702ec0630f6cff0ba1b4238da7f60aeb369c1f10f8529ebddcb275509d9dcca73313194c748d1cfa326f3c0584c371e3189945c56bf46ecb04180ea13c6d04a4a6787d0d4dbe0826980c8e2ee9d473ef3fdcb1773bf85ca8182d9bc7271e66e1d536de76c6c06e87196dad7bd908ff7a96fc025705f2da520f8bdbedd8254ec144c64afd1d8c93514251a0cfb36ab086b8db81dbf70e61b6c7a9b8957439406cf059935a3057fb840c804310cfca4e20371a6f232a3a0f6c98b8e12416062bc1447737434a1dffdc3fc8631cc4e309cb82948d7c0a3f801c23d6bca8bd7e1b2a01eb9268f89d0128ba85f6e54f4111c21043687086a7c745ec2e9f8e32b28b33706672a8ba265da29bcba0c5a7e741dd3e55413f126ecb67472beb22d5259a86af5e444c8afc20f3e05731f1f66fbc5de2e0152810f7a301a4416618f1eb0b95c8666c77b287f7da52b187cd293b426c41f2c43660350c638d1f3e8bebe04350def1e28efe18175673db156cb1b326a936f0ac21c2525e38f079c10184272b629cc056a189e471", 0x1000}], 0x4, &(0x7f0000005500)=[@cred={0x20, 0x1, 0x2, r27, r28, r29}, @rights={0x28, 0x1, 0x1, [r0, r0, r0, r1, r0, r1]}, @rights={0x20, 0x1, 0x1, [r0, r0, r1, r2]}, @cred={0x20, 0x1, 0x2, r30, r31, r32}], 0x88, 0x20008010}], 0x6, 0x0)
r33 = timerfd_create(0x0, 0x0)
r34 = dup(r33)
syz_kvm_setup_cpu$x86(r34, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, &(0x7f00000001c0)="ded6f6ea0f0014260f23e50f3a0fd8003e66660febe9f30f5dd90fc75c8266b9800000c00f326635000800000f300fc76900", 0x32}], 0x1, 0x0, &(0x7f0000000280), 0x0)
ioctl$LOOP_SET_FD(r34, 0x4c00, r34)
syz_open_dev$mouse(&(0x7f0000000080)='/dev/input/mouse#\x00', 0x800000001, 0x100)

[  725.410927] binder: 15136:15138 got transaction with invalid offsets ptr
2018/05/24 23:57:43 executing program 4:
r0 = dup3(0xffffffffffffff9c, 0xffffffffffffffff, 0x80000)
ioctl$TUNSETVNETLE(r0, 0x400454dc, &(0x7f0000000000)=0x1)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup(r1)
setsockopt$inet6_tcp_int(r2, 0x6, 0x10, &(0x7f0000000040)=0xffc, 0x4)
dup(r1)

2018/05/24 23:57:43 executing program 2:
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f000000d000)={0xa, 0x4e20}, 0x1c)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0xb}, 0x1c)
syz_emit_ethernet(0x3e, &(0x7f00000001c0)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, [], {@ipv6={0x86dd, {0x0, 0x6, "50a09c", 0x8, 0xffffff11, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @local={0xfe, 0x80, [], 0xaa}, {[], @udp={0x0, 0x4e20, 0x8}}}}}}, &(0x7f0000000040))
syz_emit_ethernet(0x78, &(0x7f0000000200)={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x18}, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, [{[{0x9100, 0x3f, 0x2, 0x4}], {0x8100, 0x7fff, 0x7fff}}], {@llc_tr={0x11, {@snap={0xaa, 0xaa, "cb", "02dbe0", 0x88ff, "bd4f3d21aede4c90a72c7e45c4f60a43fbe286c295f7b0760f0f28ed1df5c2d3e52ce63240adfd9147123ef29d681c6af520ef234c7bdccddc0ffaa2182f860dde101c015e6f55cfb57e0c60771acbf5bb53f6671fc19e076f19"}}}}}, &(0x7f0000000180)={0x0, 0x0, [0x0, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffe]})
r1 = syz_open_dev$sndmidi(&(0x7f0000000000)='/dev/snd/midiC#D#\x00', 0x9fe1, 0x8000)
ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f00000000c0)={0x0, 0x4, 0x2, 0x70f, 0x8, 0x7})

2018/05/24 23:57:43 executing program 5:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000013000)={<r0=>0xffffffffffffffff})
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000000)="4626262c8523bf012cf66f")
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000004ff0)={0x3, &(0x7f0000002fe8)=[{0x3d, 0x0, 0x4000000000401}, {}, {0x6}]}, 0x10)
r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x10000, 0x0)
statx(r2, &(0x7f0000000080)='./file0\x00', 0x0, 0x209, &(0x7f00000000c0))

[  725.455754] binder: 15136:15138 transaction failed 29201/-14, size 24-8 line 2999
2018/05/24 23:57:43 executing program 3:
r0 = socket(0xa, 0x1, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x43, &(0x7f0000000040)={'ipvs\x00'}, &(0x7f0000000100)=0x1e)
ioctl(r0, 0x8912, &(0x7f0000000000)="4626262c8523bf012cf66f")
r1 = socket$inet6(0xa, 0x100000002, 0x0)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @dev={0xfe, 0x80}, 0xa}, 0x52)
sendto$inet6(r0, &(0x7f0000000040), 0x0, 0x4008070, &(0x7f00000000c0)={0xa, 0x4e27, 0x0, @ipv4={[], [0xff, 0xff], @multicast2=0xe0000002}}, 0x1c)
syslog(0x9, &(0x7f0000000040), 0x0)
sendto$inet6(r1, &(0x7f0000000140), 0xe, 0x0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c)

[  725.521860] binder_alloc: binder_alloc_mmap_handler: 15136 20001000-20004000 already mapped failed -16
2018/05/24 23:57:43 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x1, 0x2d, 0x8, 0x1}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000000)={r0, &(0x7f0000000080), &(0x7f0000000240)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000140)={r0, &(0x7f0000000000), &(0x7f0000000080)=""/154}, 0x18)

2018/05/24 23:57:43 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000]})

[  725.582253] binder: BINDER_SET_CONTEXT_MGR already set
[  725.595477] binder: 15136:15138 ioctl 40046207 0 returned -16
[  725.611693] binder_alloc: 15136: binder_alloc_buf, no vma
[  725.617413] binder: 15136:15159 transaction failed 29189/-3, size 24-8 line 2971
2018/05/24 23:57:43 executing program 5:
capset(&(0x7f00001e8ff8)={0x19980330}, &(0x7f0000032fe8)={0x0, 0x0, 0x20})
msgctl$IPC_STAT(0x0, 0x2, &(0x7f00000007c0)=""/14)

2018/05/24 23:57:43 executing program 1:
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f0000a1cffc))
clone(0x0, &(0x7f0000b53000), &(0x7f000084effc), &(0x7f0000c35ffc), &(0x7f0000b3bfff))

[  725.724673] binder: undelivered TRANSACTION_ERROR: 29189
[  725.731864] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:43 executing program 2:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
prctl$setmm(0x23, 0xf, &(0x7f0000ffd000/0x2000)=nil)

2018/05/24 23:57:43 executing program 3:
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ppp\x00', 0x200001, 0x0)
ioctl$KVM_GET_XCRS(r0, 0x8188aea6, &(0x7f0000000300)={0x3, 0x2, [{0xfffffffffffffff9, 0x0, 0x400}, {0x2}, {0x6, 0x0, 0x1}]})
r1 = socket(0xa, 0x1, 0x0)
getsockopt$ax25_buf(r1, 0x101, 0x19, &(0x7f0000000180)=""/14, &(0x7f00000001c0)=0xe)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
clock_nanosleep(0x2, 0x0, &(0x7f0000000080)={0x0, 0x1c9c380}, &(0x7f0000000100))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x400000008031, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000200)=@assoc_value={<r2=>0x0, 0xffffffffffffffff}, &(0x7f0000000280)=0x8)
getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000000)={<r3=>r2, 0x89}, &(0x7f0000000040)=0x10045)
getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f00000000c0)={r3, 0x100000001}, &(0x7f0000000140)=0x8)
prctl$intptr(0x2000000000029, 0x0)
ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000240))

2018/05/24 23:57:43 executing program 0:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000399ffc)=0x7, 0x5a)
bind$inet6(r1, &(0x7f0000fa8fe4)={0xa, 0x4e23}, 0x1c)
connect$inet6(r1, &(0x7f000098cfe4)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000da2ffc)=0xa069, 0xff56)
r2 = dup(r1)
write$eventfd(r2, &(0x7f0000605ff8), 0xffbe)
ioctl$TIOCCONS(r2, 0x541d)
write$binfmt_script(r2, &(0x7f00000001c0)=ANY=[@ANYBLOB='"'], 0x1)
sendmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="a7", 0x1}], 0x1, &(0x7f0000001180)}, 0x0)

2018/05/24 23:57:43 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000000000099e00000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:43 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6(0xa, 0x2, 0x0)
ioctl(r1, 0x8912, &(0x7f00000003c0)="c626262c8523bf012cf66f")
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_ZERO(r0, &(0x7f0000000400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000380)={&(0x7f0000000240)={0x108, r2, 0x200, 0x70bd2b, 0x25dfdbfe, {0x10}, [@IPVS_CMD_ATTR_SERVICE={0x48, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'sed\x00'}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x5c}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x23}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x2e}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'dh\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@multicast1=0xe0000001}]}, @IPVS_CMD_ATTR_DAEMON={0x14, 0x3, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x100000001}, @IPVS_CMD_ATTR_DAEMON={0x14, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x3}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0xfff}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}, @IPVS_CMD_ATTR_DAEMON={0x4c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0x8000}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth0\x00'}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x5600000000}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'sit0\x00'}]}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@mcast1={0xff, 0x1, [], 0x1}}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}]}, 0x108}, 0x1, 0x0, 0x0, 0x80}, 0x20000010)
sendmsg$nl_generic(r0, &(0x7f0000000600)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[]}, 0x1}, 0x0)
ioctl$int_in(r0, 0x5452, &(0x7f00000005c0)=0x100)
r3 = syz_genetlink_get_family_id$team(&(0x7f0000000140)='team\x00')
sendmsg$TEAM_CMD_NOOP(r0, &(0x7f00000007c0)={&(0x7f0000000100)={0x10}, 0xc, &(0x7f0000000640)={&(0x7f0000000180)=ANY=[@ANYBLOB="47c753780970d224ee29618014000000", @ANYRES16=r3, @ANYBLOB="0505000000000000000000000000561240aa0019487d726aad57784b07e8a73d552d499480132bcd59899a70f510e89bf9c5054bf61afaa6720cd0df9c02a03342aa8f79f76ded2093bb8d807a17e73f4f95bd4a6964bfaff60b67f75b6629dde939d592791aa0fd592a834932b06694408e0db8a159ad8c58d121"], 0x14}, 0x1}, 0x0)

2018/05/24 23:57:43 executing program 4:
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0)
ioctl$SG_SET_KEEP_ORPHAN(r1, 0x2287, &(0x7f0000000080)=0x200)
ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000000)={'bridge_slave_0\x00', {0x2, 0x4e23, @multicast2=0xe0000002}})
tee(r1, r0, 0x4, 0xc)
getsockopt$packet_int(r1, 0x107, 0x13, &(0x7f0000000100), &(0x7f00000003c0)=0x4)

2018/05/24 23:57:43 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]})

2018/05/24 23:57:43 executing program 1:
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f0000a1cffc))
clone(0x0, &(0x7f0000b53000), &(0x7f000084effc), &(0x7f0000c35ffc), &(0x7f0000b3bfff))

[  725.882692] binder: 15201:15209 got transaction with invalid offsets ptr
[  725.909604] binder: 15201:15209 transaction failed 29201/-14, size 24-8 line 2999
2018/05/24 23:57:43 executing program 5:
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x8000, 0x0)
connect$bt_rfcomm(r0, &(0x7f0000000080)={0x1f, {0x6, 0xffffffffffffffff, 0x9f4b, 0x7, 0xbde0}, 0x25}, 0xa)
r1 = socket$inet6(0xa, 0x2, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = syz_open_dev$sg(&(0x7f0000001000)='/dev/sg#\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000002, 0x52, r2, 0x0)
mmap(&(0x7f00002e4000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
name_to_handle_at(r2, &(0x7f00002e4000)='./file0\x00', &(0x7f0000000000)={0xc, 0x0, "bee36b0c"}, &(0x7f0000001ffc), 0x1400)

2018/05/24 23:57:43 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'lo\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="0354fdc64a5bfe0ae900000000000000"]})
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x280200, 0x0)
getsockname$llc(r1, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f00000001c0)=0x10)

2018/05/24 23:57:43 executing program 4:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r1 = syz_open_dev$tun(&(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/zero\x00', 0x101000, 0x0)
ioctl$KDDELIO(r2, 0x4b35, 0x40)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000180)=<r3=>0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r4=>0x0}, &(0x7f0000000200)=0xc)
r5 = getgid()
fcntl$getownex(r0, 0x10, &(0x7f0000000280)={0x0, <r6=>0x0})
setfsuid(r4)
lstat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, <r7=>0x0})
r8 = getegid()
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000380)=<r9=>0x0)
r10 = getuid()
r11 = getgid()
sendmsg$unix(r0, &(0x7f0000000480)={&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f00000000c0)=[{&(0x7f0000000080)="a0f49c913b2f98ac393a2179386581abd2f3526d54f31a70d54adefce72e", 0x1e}], 0x1, &(0x7f00000003c0)=[@cred={0x20, 0x1, 0x2, r3, r4, r5}, @cred={0x20, 0x1, 0x2, r6, r7, r8}, @cred={0x20, 0x1, 0x2, r9, r10, r11}, @rights={0x38, 0x1, 0x1, [r0, r0, r1, r1, r0, r1, r0, r1, r0, r1]}, @rights={0x28, 0x1, 0x1, [r0, r1, r0, r0, r1]}], 0xc0, 0x4}, 0x4001)
ioctl$TUNATTACHFILTER(r1, 0x894c, &(0x7f0000000100))

[  725.948524] binder_alloc: binder_alloc_mmap_handler: 15201 20001000-20004000 already mapped failed -16
[  725.977431] binder: BINDER_SET_CONTEXT_MGR already set
2018/05/24 23:57:43 executing program 4:
r0 = socket$inet6(0xa, 0x2, 0x0)
getsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000000000), &(0x7f0000000040)=0x4)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x490001, 0x0)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r1, 0x0, 0x41, &(0x7f00000000c0)={'raw\x00', 0x2, [{}, {}]}, 0x48)

2018/05/24 23:57:43 executing program 1:
madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008)
clone(0x0, &(0x7f0000b53000), &(0x7f000084effc), &(0x7f0000c35ffc), &(0x7f0000b3bfff))

2018/05/24 23:57:43 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2)
r1 = accept(0xffffffffffffff9c, 0x0, &(0x7f0000000000))
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000080)={<r2=>0x0, 0x74, "96687493445a68c50890d9b8c809ebf88d155de26290c978303152fa21331a7fcd1b7b9008343d63d53a28840bb81eba3d60c3aa4570773047205e5f7d92bd8a5942142903a98c8a7789e93a25a75e41ada8e25f310dc01b652cca2f04174e2eda2e599fc9146a68167e4c4e02495357a0cff345"}, &(0x7f0000000100)=0x7c)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000140)={r2, 0x4}, 0x8)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000001640)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x0, &(0x7f00000004c0)}, &(0x7f0000000500)="abc0b501df7e", &(0x7f00000016c0)=""/4096, 0x0, 0x0, 0x0, &(0x7f0000000280)})

[  726.015119] binder: 15201:15209 ioctl 40046207 0 returned -16
[  726.050244] binder_alloc: 15201: binder_alloc_buf, no vma
[  726.056004] binder: 15201:15233 transaction failed 29189/-3, size 24-8 line 2971
[  726.191416] binder: undelivered TRANSACTION_ERROR: 29189
[  726.197341] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:44 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x20, &(0x7f0000000140)={@loopback={0x0, 0x1}}, 0x84)
socketpair(0x4, 0x800, 0x1, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000040)={<r2=>0x0, @in={{0x2, 0x4e21, @broadcast=0xffffffff}}, 0x9, 0x1, 0xd69, 0xfff, 0x5}, &(0x7f0000000100)=0x98)
setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000180)={r2, 0x3}, 0x8)

2018/05/24 23:57:44 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]})

2018/05/24 23:57:44 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x5, 0x41)
write$binfmt_elf32(r0, &(0x7f0000000340)={{0x7f, 0x45, 0x4c, 0x46, 0x1, 0x3f, 0x82cadc9, 0xffff, 0x0, 0x3, 0x6, 0x7f, 0x1be, 0x38, 0x14c, 0x200, 0xf051, 0x20, 0x1, 0x4000, 0x3, 0x3ff}, [{0x70000000, 0x716, 0x7, 0x1, 0x119b705, 0x91, 0x9b, 0x4005e450}], "16c26aa31a4837f95af6ff271452fb15f0f099b5fef6f6db92285cf6fbc41ec76a1b6cfb34f24c53cd80154ab6c7a100087e7b609601f53d89835520f060", [[], [], [], [], [], [], [], [], [], []]}, 0xa96)
ioctl$EVIOCGMTSLOTS(r0, 0x8040450a, &(0x7f00000002c0)=""/69)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x200000, 0x0)
timerfd_settime(r1, 0x1, &(0x7f0000000080)={{0x77359400}, {0x0, 0x989680}}, &(0x7f0000000100))
close(0xffffffffffffffff)

2018/05/24 23:57:44 executing program 1:
madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008)
clone(0x0, &(0x7f0000b53000), &(0x7f000084effc), &(0x7f0000c35ffc), &(0x7f0000b3bfff))

2018/05/24 23:57:44 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
sendto$inet(r0, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}}, 0x10)
sendto$inet(r0, &(0x7f000026cfff)="c6", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}}, 0x10)
shutdown(r0, 0x1)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f000062fff8)={0x0, 0x2000000001}, 0x8)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000b94ff8)={0x0, 0x0, 0x1}, 0x8)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x101000, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2f, &(0x7f00000001c0)={0x1, {{0xa, 0x4e22, 0x10001, @mcast1={0xff, 0x1, [], 0x1}, 0x401}}, {{0xa, 0xffffffffffffff7f, 0x2, @remote={0xfe, 0x80, [], 0xbb}, 0x1}}}, 0x108)

2018/05/24 23:57:44 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000000020000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:44 executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x1, 0x1f5)
sendto$inet6(r0, &(0x7f0000000300)="040300000309c14609005375c52cf7c21975e697b02f5c566b2b2ff0dac8897c6b11876d886b6621d8d207ccf73f257e55e86eb29406136fcfffffffffbe62159403c7a6", 0x44, 0x10, &(0x7f0000000040)={0xa, 0x800, 0x5, @mcast1={0xff, 0x1, [], 0x1}}, 0x1c)
setsockopt$packet_buf(r0, 0x107, 0x17, &(0x7f0000000080)="4c9ed8e5e8675522c39a8dc50c167fa65a2656e0d5706a1556fe03d35f4ef88c993dca1fff4fb7c03ebbb95528360d25bce90e4bbbc7f74d7cd29dd2d1d6de21abc309fe8aebf7872ddadafe2d0a93d6f35513053833e0fb884ceb0d9bb7af7986c8fcc59a02c98ec076bd61ed9693c7ceb8688e06d8ee22114d32af40701e70d610959a2b8632cc5356df7e569432610e1540e3dd35a53cba73b7", 0x9b)

2018/05/24 23:57:44 executing program 3:
r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vsock\x00', 0x401, 0x0)
r1 = syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00')
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@remote, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in6=@mcast2}, 0x0, @in=@remote}}, &(0x7f00000003c0)=0xe8)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000600)={{{@in6, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in=@broadcast}, 0x0, @in=@remote}}, &(0x7f0000000700)=0xe8)
accept$packet(0xffffffffffffff9c, &(0x7f0000000a80)={0x0, 0x0, <r4=>0x0, 0x0, 0x0, 0x0, @link_local}, &(0x7f0000000ac0)=0x14)
accept4$packet(0xffffffffffffff9c, &(0x7f0000000b40)={0x0, 0x0, <r5=>0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000000b80)=0x14, 0x0)
accept$packet(0xffffffffffffffff, &(0x7f0000000bc0)={0x0, 0x0, <r6=>0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000000c00)=0x14)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000c40)={{{@in6=@loopback, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in=@rand_addr}, 0x0, @in=@multicast2}}, &(0x7f0000000d40)=0xe8)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000d80)={0x0, 0x0, <r8=>0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000dc0)=0x14)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000000ec0)={{{@in6=@dev, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0}}, {{@in=@broadcast}, 0x0, @in6=@mcast1}}, &(0x7f0000000fc0)=0xe8)
accept$packet(r0, &(0x7f0000000200)={0x0, 0x0, <r10=>0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000000240)=0x1d3)
accept4(0xffffffffffffffff, &(0x7f0000001080)=@ll={0x0, 0x0, <r11=>0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000001100)=0x80, 0x800)
accept$packet(0xffffffffffffff9c, &(0x7f0000001140)={0x0, 0x0, <r12=>0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000001180)=0x14)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000004780)={'team_slave_1\x00', <r13=>0x0})
accept4$packet(0xffffffffffffffff, &(0x7f00000048c0)={0x0, 0x0, <r14=>0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000004900)=0x14, 0x80000)
getsockopt$inet_mreqn(0xffffffffffffff9c, 0x0, 0x24, &(0x7f0000004940)={@rand_addr, @multicast2, <r15=>0x0}, &(0x7f0000004980)=0xc)
getsockname$packet(0xffffffffffffff9c, &(0x7f00000049c0)={0x0, 0x0, <r16=>0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000004a00)=0x14)
getsockopt$inet6_mreq(0xffffffffffffff9c, 0x29, 0x14, &(0x7f0000004a40)={@mcast2, <r17=>0x0}, &(0x7f0000004a80)=0x14)
accept$packet(0xffffffffffffffff, &(0x7f0000004ac0)={0x0, 0x0, <r18=>0x0, 0x0, 0x0, 0x0, @local}, &(0x7f0000004b00)=0x14)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000004b40)={{{@in6=@loopback, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r19=>0x0}}, {{@in=@multicast1}, 0x0, @in6=@local}}, &(0x7f0000004c40)=0xe8)
accept$packet(0xffffffffffffff9c, &(0x7f0000004c80)={0x0, 0x0, <r20=>0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000004cc0)=0x14)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000005040)={'vcan0\x00', <r21=>0x0})
recvmmsg(0xffffffffffffff9c, &(0x7f0000005b00)=[{{&(0x7f0000005300)=@hci, 0x80, &(0x7f00000057c0)=[{&(0x7f0000005380)=""/169, 0xa9}, {&(0x7f0000005440)=""/245, 0xf5}, {&(0x7f0000005540)=""/223, 0xdf}, {&(0x7f0000005640)=""/107, 0x6b}, {&(0x7f00000056c0)}, {&(0x7f0000005700)=""/130, 0x82}], 0x6, &(0x7f0000005840)=""/170, 0xaa}, 0x7}, {{&(0x7f0000005900)=@ll={0x0, 0x0, <r22=>0x0, 0x0, 0x0, 0x0, @broadcast}, 0x80, &(0x7f0000005ac0)=[{&(0x7f0000005980)=""/150, 0x96}, {&(0x7f0000005a40)=""/71, 0x47}], 0x2, 0x0, 0x0, 0xffffffffffff00a9}, 0x9}], 0x2, 0x40000000, &(0x7f0000005b80)={0x77359400})
accept4$packet(0xffffffffffffff9c, &(0x7f0000005bc0)={0x0, 0x0, <r23=>0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000005c00)=0x14, 0x800)
getsockname$packet(0xffffffffffffff9c, &(0x7f0000005c40)={0x0, 0x0, <r24=>0x0, 0x0, 0x0, 0x0, @local}, &(0x7f0000005c80)=0x14)
sendmsg$TEAM_CMD_OPTIONS_GET(r0, &(0x7f0000006480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000006440)={&(0x7f0000005cc0)={0x75c, r1, 0x4, 0x100000001, 0x25dfdbff, {0x2}, [{{0x8, 0x1, r2}, {0x13c, 0x2, [{0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, r3}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8, 0x3, 0xe}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r4}}}, {0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8, 0x3, 0x5}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r5}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x1ff}}}]}}, {{0x8, 0x1, r6}, {0x3c, 0x2, [{0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0xfffffffffffffffb}}}]}}, {{0x8, 0x1, r7}, {0x3c, 0x2, [{0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x1}}}]}}, {{0x8, 0x1, r8}, {0x168, 0x2, [{0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8, 0x3, 0xe}, {0x8, 0x4, 0xfffffffffffff800}}, {0x8, 0x6, r9}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x1}}}, {0x3c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8, 0x3, 0x5}, {0xc, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r10}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r11}}}]}}, {{0x8, 0x1, r12}, {0x84, 0x2, [{0x44, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8, 0x3, 0x5}, {0x14, 0x4, 'activebackup\x00'}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r13}}}]}}, {{0x8, 0x1, r14}, {0xf8, 0x2, [{0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x7}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x2}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x949}}}, {0x4c, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8, 0x3, 0xb}, {0x1c, 0x4, [{0x3, 0x3, 0x3, 0x12e1}, {0x4, 0x8, 0x100000000, 0x100}, {0x100000000000, 0x80000000, 0x2, 0x4}]}}}]}}, {{0x8, 0x1, r15}, {0x50, 0x2, [{0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8, 0x3, 0x5}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}]}}, {{0x8, 0x1, r16}, {0xec, 0x2, [{0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4}}, {0x8, 0x6, r17}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0xff}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x4}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, r18}}}]}}, {{0x8, 0x1, r19}, {0x12c, 0x2, [{0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8, 0x3, 0xe}, {0x8, 0x4, 0x6}}, {0x8, 0x6, r20}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, r21}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, r22}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r23}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r24}}}]}}]}, 0x75c}, 0x1, 0x0, 0x0, 0x8080}, 0x4000)
r25 = openat$vnet(0xffffffffffffff9c, &(0x7f00002ac000)='/dev/vhost-net\x00', 0x2, 0x0)
ioctl$int_in(r25, 0x40000000af01, &(0x7f0000c97ff8))
ioctl$VHOST_SET_FEATURES(r25, 0x4008af00, &(0x7f0000000040)=0x20c000000)
pipe(&(0x7f0000000000)={<r26=>0xffffffffffffffff, <r27=>0xffffffffffffffff})
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r26, 0x84, 0x66, &(0x7f0000000080)={<r28=>0x0, 0x4}, &(0x7f00000000c0)=0x8)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r27, 0x84, 0x75, &(0x7f0000000100)={r28, 0x6}, 0x8)
ioctl$VHOST_SET_MEM_TABLE(r25, 0x4008af03, &(0x7f0000000000)=ANY=[])
ioctl$VHOST_NET_SET_BACKEND(r25, 0x4008af30, &(0x7f0000d7c000))

2018/05/24 23:57:44 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x0, 0x1, &(0x7f0000001fe8)=ANY=[@ANYBLOB="00000000000004000c"], &(0x7f0000003ff6)='syzkaller\x00', 0x0, 0xc3, &(0x7f0000009f3d)=""/195}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x5, &(0x7f0000001fd8)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0xffffff9f}, [@ldst={0x2000d045, 0x3, 0xa}], {0x95}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0x437, &(0x7f000000cf3d)=""/195}, 0x48)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0)
ioctl$KDGETMODE(r1, 0x4b3b, &(0x7f0000000080))
recvmmsg(r0, &(0x7f0000003780)=[{{&(0x7f00000000c0)=@ethernet={0x0, @link_local}, 0x80, &(0x7f0000001240)=[{&(0x7f0000000140)=""/218, 0xda}, {&(0x7f0000000240)=""/4096, 0x1000}], 0x2, &(0x7f0000001280)=""/54, 0x36, 0x9}, 0x1}, {{&(0x7f00000012c0)=@ax25, 0x80, &(0x7f0000001500)=[{&(0x7f0000002000)=""/4096, 0x1000}, {&(0x7f0000001340)=""/153, 0x99}, {&(0x7f0000001400)=""/68, 0x44}, {&(0x7f0000001480)=""/93, 0x5d}], 0x4, &(0x7f0000001540)=""/222, 0xde, 0x5}, 0xffffffffffffff87}, {{&(0x7f0000001640)=@pppol2tpv3in6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast1}}}}, 0x80, &(0x7f0000001700)=[{&(0x7f00000016c0)=""/16, 0x10}], 0x1, &(0x7f0000001740)=""/59, 0x3b, 0x2}, 0xfffffffffffffffd}, {{0x0, 0x0, &(0x7f00000018c0)=[{&(0x7f0000001780)=""/33, 0x21}, {&(0x7f00000017c0)=""/242, 0xf2}], 0x2, &(0x7f0000004000)=""/4096, 0x1000, 0x1}, 0x3}, {{&(0x7f0000001900)=@llc={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001980)=""/149, 0x95}, {&(0x7f0000005000)=""/4096, 0x1000}, {&(0x7f0000001a40)=""/135, 0x87}, {&(0x7f0000001b00)=""/131, 0x83}, {&(0x7f0000001bc0)=""/71, 0x47}, {&(0x7f0000001c40)=""/104, 0x68}, {&(0x7f0000006000)=""/4096, 0x1000}, {&(0x7f0000007000)=""/4096, 0x1000}, {&(0x7f0000001cc0)=""/179, 0xb3}], 0x9, 0x0, 0x0, 0xffffffffffff0000}, 0x8}, {{&(0x7f0000001e40)=@in={0x0, 0x0, @multicast1}, 0x80, &(0x7f0000003000)=[{&(0x7f0000001ec0)=""/236, 0xec}], 0x1, &(0x7f0000003040)=""/95, 0x5f, 0x800}, 0x2}, {{&(0x7f00000030c0)=@nfc_llcp, 0x80, &(0x7f0000003140), 0x0, 0x0, 0x0, 0x2}, 0x6}, {{&(0x7f0000003180)=@pptp={0x0, 0x0, {0x0, @multicast1}}, 0x80, &(0x7f0000003680)=[{&(0x7f0000003200)=""/244, 0xf4}, {&(0x7f0000003300)=""/221, 0xdd}, {&(0x7f0000003400)=""/176, 0xb0}, {&(0x7f00000034c0)=""/199, 0xc7}, {&(0x7f0000008080)=""/4096, 0x1000}, {&(0x7f00000035c0)=""/131, 0x83}], 0x6, &(0x7f0000003700)=""/80, 0x50, 0x9}, 0xcf9d}], 0x8, 0x60, &(0x7f0000003980)={0x0, 0x989680})
ioctl$TIOCLINUX5(r1, 0x541c, &(0x7f0000000040)={0x5, 0x1, 0x4, 0x7f, 0x4})

2018/05/24 23:57:44 executing program 0:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mkdir(&(0x7f0000001500)='./file0/file0\x00', 0x0)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0xb0000, 0x0)
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vsock\x00', 0x242200, 0x0)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x10000, &(0x7f0000000040), 0x0, r2, 0x1})
mount(&(0x7f0000000f00)='./file0/file0\x00', &(0x7f0000000f40)='./file0/file0\x00', &(0x7f0000000140)='vxfs\x00', 0x3080, &(0x7f00000003c0))
chroot(&(0x7f00000001c0)='./file0\x00')
umount2(&(0x7f0000000380)='./file0\x00', 0x2)

[  726.898579] binder: 15266:15271 got transaction with invalid offsets ptr
[  726.932776] binder: 15266:15271 transaction failed 29201/-14, size 24-8 line 2999
2018/05/24 23:57:44 executing program 2:
mprotect(&(0x7f000005c000/0x4000)=nil, 0x4000, 0x2)
utimensat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000140)={{0x0, 0x2710}}, 0x0)
r0 = dup2(0xffffffffffffff9c, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffff9c, 0x84, 0x6c, &(0x7f00000006c0)={<r1=>0x0, 0x47, "976f12a7b1022229bcbac1b2ad84e49d78eeeea8fcb909520f908842bf0ffaef3b25d0b66e04dc431f3b01dcd0055a4bf1107f765cd81382079c6901691483ed5fb5693640b25f"}, &(0x7f0000000740)=0x4f)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x20880, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'erspan0\x00', <r3=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000280)={@ipv4={[], [0xff, 0xff], @multicast1=0xe0000001}, r3}, 0x14)
getpeername$unix(r0, &(0x7f0000000080), &(0x7f0000000100)=0x6e)
setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000780)=@assoc_value={r1, 0x4}, 0x8)

[  726.972458] binder_alloc: binder_alloc_mmap_handler: 15266 20001000-20004000 already mapped failed -16
2018/05/24 23:57:44 executing program 3:

2018/05/24 23:57:44 executing program 1:
madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008)
clone(0x0, &(0x7f0000b53000), &(0x7f000084effc), &(0x7f0000c35ffc), &(0x7f0000b3bfff))

[  727.033112] binder: BINDER_SET_CONTEXT_MGR already set
[  727.053079] binder: 15266:15271 ioctl 40046207 0 returned -16
2018/05/24 23:57:45 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8000000]})

2018/05/24 23:57:45 executing program 0:
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
timer_create(0x0, &(0x7f0000ec5000)={0x0, 0x12}, &(0x7f0000000000))
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rtc0\x00', 0x400100, 0x0)
getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
r1 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x3, 0x101043)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'ip6gretap0\x00', <r2=>0x0})
ioctl$TUNSETIFINDEX(r1, 0x400454da, &(0x7f00000001c0)=r2)

2018/05/24 23:57:45 executing program 4:
socketpair$inet_icmp(0x2, 0x2, 0x1, &(0x7f0000000000))
getresuid(&(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0))
keyctl$join(0x20000001, 0x0)

[  727.087260] binder_alloc: 15266: binder_alloc_buf, no vma
[  727.093079] binder: 15266:15284 transaction failed 29189/-3, size 24-8 line 2971
[  727.208750] binder: undelivered TRANSACTION_ERROR: 29189
[  727.215724] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:45 executing program 0:
r0 = syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x0)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x8000, 0x0)
r2 = shmget$private(0x0, 0x1000, 0x10, &(0x7f0000ffa000/0x1000)=nil)
shmctl$IPC_INFO(r2, 0x3, &(0x7f0000000140)=""/78)
getsockname$ax25(r1, &(0x7f0000000100), &(0x7f00000000c0)=0xffffff91)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4", 0xa9824f69d1376637, 0x10800a})
r3 = socket(0xa, 0x1, 0x0)
ioctl(r3, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000840)='/dev/sequencer2\x00', 0x4001, 0x0)

2018/05/24 23:57:45 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0xaea3, &(0x7f0000000180)={"c00cd19c26a73310e02d9c4097b800ad801f709bc843d8ee8fec7aba88129afb5b0a4fae1a83e98c5921769e7f09eff795b56364483a36edded34a3811eb1180069fa2743af0985b77fe6a427cd33dfad9eb709d712e5c1cbfac5759319705f0bd8fa9b03bde324ea79dbb0bb7f0c64100fba5f0562a4dcab0cf46f94bec96435e7550825219b08bf5f04ccbcde7b6a92227a84adbf7219719bf8e48eca65b029a8d0b8e09641ea4834c9f2b7ff13f0a987b38190def43e71fcc329575bdc35d09c18ab922b75f7858dd9f4e95b189601940c4e8c068e1e64b85f8e8de4dff536fb54b73ff9d284a46192d8b3f5c2bed49b26a2b1ebeba90d1a0aea73a40204f52f31c1c154bf32a040c6dc55513cb4c711b7ccf8517cb82c230ff0bf6206d7191da63931fca617e482ee54fdc6c9e0cc342dcdd570bf058cb20fb544bc8df0b3f9582549504bd0bba93a6fa7f934102d84dc7f421097c9b1fe058dc08d98b063652e2dc08a551d2a8439b1ade94b7aa96aa659171b1fa48dcb15ef76b9c4c93457092af1280dee66454ac73b477e2ffb6aa671fa50c9cf4870fd1a8b4cb952071c0ac520454dfee704912f1bdb15d1c65f7d5d1a10385fa4f62e7b42f1c1e177d8fdd0380890e4cd37d3ba0e4b17061025e194621785598b328f0e89be20508254878d222a95e9877eaac7088a7e3344ddfcee5aca0590c90c1c8a92417d94bd34f3cf1780a12d27389f79b38a693ea5cd6c49dc81ceaadf6d45aebdef804cdb90eb6827ea4279db9111c484cc783ca396ebcb697c903170d0256e8d62d6d044a61d0fc450f3a28b13eea41b0626ea314def36a9f2db0a7729656223a5261020ea9eaee9c541a5cc8bc20f09508860c25a6edaa20e094e1bf22fe232d799012b5e55880145a3e5469524fde005a94e249a9d4dae9496ebdbaae8dbd5ec6f7e99f581fa2103d6713f2f2514e7cf2c56f0ce25e1e8161709f9bc7a34489c3a21bab0fa710afd3512c980a6e9fa5f65e1e12237f342ece53be1b1976878c7af4cfd752e16b5fd1044b88fff3bed0528c2730ce9253c94340775805339817e3a97ec2596dd749ca45dd592fed479a632171c60b684ae1bbf1329fa51e6c59fc039dabe790e7542795438a9622ef9c67581d0d7df676ea5f8b7222b2f9fa964b1af28085e2bb54c0134a303b8d9645021ab6b6b58ceebaffa00cc860e62481d0b2c09630fb09b69358b4b4df5cab36069ed31d8a796f0568d6dd8dc8c71710037917e6883a0c75815fdd0fa471da90cc85545591c2b08b05b3097464a79aa6e066d377ccfd6adfa755285060a80c51a0c8d036664d40ab8cd887f34bcf592707f8fcc1efbf66c4d23319e236e282d9416d38c511a019c2aa1b2edef602d93cf289a48fa5d292b50db4b712c78c2bfe6f7aab793e728678fcc58b5a5aa8a8896572fd"})
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x80100, 0x0)
getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r3, 0x12, 0x2, &(0x7f0000000040)=""/151, &(0x7f0000000100)=0x97)

2018/05/24 23:57:45 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000000400000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:45 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00]})

2018/05/24 23:57:45 executing program 4:
r0 = socket$inet(0x2, 0x2000000080002, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000540)=@broute={'broute\x00', 0x20, 0x2, 0xbf8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000c40], 0x0, &(0x7f0000000300), &(0x7f0000000c40)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000110000000000000000006263736630000000000800000000000073697430000002000000ffff00000000626f6e64300000000000000000000000766c616e300000000000000000000010ffffffffffff00000000000000000000000000000000000000008809000088090000d809000074696d65000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000616d6f6e67000000000000000000000000000000000000000000000000000000b0080000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000ac1414000000000000000000ffffffff0000000000000000ffffffff00000000000000007f0000010000000000000000ffffffff0000000000000000ffffffff0000000000000000e00000010000000000000000ac1414aa00000000000000000000000000000000000000000000000000000000000000000000000000000000000000e2ffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000ac1414000000000000000000e00000010000000000000000ac141400000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff0100000005000000000000000000696662300000000000000000000000007465616d30000000000000000000000074756e6c30000000000000000000000076657468310000000000000000000000000000000000000000000000ffffffffffff0000000000000000b800000018010000900100006c696d69740000000000000000000000000000dd00000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000434f4e4e5345434d41524b000000000000000000000000000000000000000000080000000000000000000000000000004155444954000000000000000000000000000000000000000000000000000000080000000000000000000000000000006e666c6f67000000000000000000000000000000000000000000000000000000500000000000000000000000000000000000000061e19777a71da7ddde7d15fe67812c8db69e22a6398bdec215d99211d29d4f51f7fa87f4a0b5bb939c482f49ed263d863666d202c288e1c1487abefccf8ffbfb00000000"]}, 0xc70)

2018/05/24 23:57:45 executing program 5:
socketpair(0xa, 0x7, 0x5, &(0x7f00000000c0)={<r0=>0x0, <r1=>0x0})
ioctl$TUNSETVNETHDRSZ(r1, 0x400454d8, &(0x7f0000000340)=0x8)
ioctl$sock_SIOCADDDLCI(r0, 0x8980, &(0x7f0000000000)={'irlan0\x00', 0x5})
sendfile(r0, r0, &(0x7f0000000300), 0x8)
setsockopt$RDS_GET_MR_FOR_DEST(r1, 0x114, 0x7, &(0x7f0000000240)={@in6={0xa, 0x4e24, 0x5, @mcast1={0xff, 0x1, [], 0x1}, 0x9}, {&(0x7f0000000180)=""/118, 0x76}, &(0x7f0000000200), 0x3d}, 0xa0)
connect$rds(r1, &(0x7f0000000040)={0x1e, 0x0, @multicast2=0xe0000002}, 0x10)
getsockname(r1, &(0x7f0000000100)=@in6, &(0x7f0000000080)=0x80)
getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000380)={<r2=>0x0, 0x80, 0x6, 0x7, 0x8, 0xfffffffffffffffc, 0x8, 0x2, {0x0, @in6={{0xa, 0x4e24, 0x2, @loopback={0x0, 0x1}, 0x101}}, 0x101, 0x1000, 0xd0d, 0xa5a, 0xffffffff}}, &(0x7f0000000440)=0xb0)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x73, &(0x7f0000000480)={r2, 0x9, 0x20, 0xfff, 0x2}, &(0x7f00000004c0)=0x18)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000540)={0x1, &(0x7f0000000500), 0x8, r0, 0xa})

2018/05/24 23:57:45 executing program 1:
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f0000a1cffc))
madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0)
clone(0x0, &(0x7f0000b53000), &(0x7f000084effc), &(0x7f0000c35ffc), &(0x7f0000b3bfff))

2018/05/24 23:57:45 executing program 3:
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000040)={<r0=>0xffffffffffffff9c})
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffff9c, 0x84, 0x6c, &(0x7f00000001c0)={<r1=>0x0, 0x52, "2ed4d8f15eba310cb5e27ac67cdc97e8f6b17bde8c79bdb67d4cd388c9192e565d682a9cec141500625511bba2d916d29e5fd30dd9a5336b8d0231534cfe260b68f15335146c0a65b4aaa9627f703ae30ce4"}, &(0x7f0000000080)=0x5a)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000100)={<r2=>r1, 0x2d, "c00e513aca67882bf2cf6916745dca536a159e1ab163b384b0362be2ba006fa3c1ab6f47f937410c7b511b370f"}, &(0x7f0000000240)=0x35)
setsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000280)={r2, 0xf07, 0x9, [0x4, 0x1, 0x1, 0x1, 0x7f, 0x7, 0x0, 0xac1f, 0x1]}, 0x1a)
rt_sigaction(0x400000000000007, &(0x7f0000000000)={0x4024b2, {0x3f7c6bbd}}, &(0x7f0000000140), 0x8, &(0x7f00000000c0))
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x4, 0x44031, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00')

[  727.994487] binder: 15323:15325 got transaction with invalid offsets ptr
2018/05/24 23:57:45 executing program 0:
perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket(0xffffffffffffffff, 0x4, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.current\x00', 0x0, 0x0)
statx(r1, &(0x7f0000000080)='./file0\x00', 0x7800, 0x7ff, &(0x7f00000000c0))
prctl$void(0x1f)

[  728.042712] binder: 15323:15325 transaction failed 29201/-14, size 24-8 line 2999
2018/05/24 23:57:46 executing program 3:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='limits\x00')
getsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000000), &(0x7f0000000040)=0x10)
read(r0, &(0x7f00000000c0)=""/240, 0xf0)

2018/05/24 23:57:46 executing program 4:
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffff9c, 0x84, 0x6f, &(0x7f0000000100)={<r0=>0x0, 0x2c, &(0x7f00000000c0)=[@in={0x2, 0x4e23, @multicast2=0xe0000002}, @in6={0xa, 0x4e20, 0x2, @dev={0xfe, 0x80, [], 0x11}, 0x9}]}, &(0x7f0000000140)=0x10)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000180)={r0, 0x7}, 0x8)
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x84000, 0x0)
setsockopt$RDS_RECVERR(r1, 0x114, 0x5, &(0x7f0000000080), 0x4)
r2 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0xfffffffffffffffc, 0x5)
r3 = msgget$private(0x0, 0x2)
msgctl$IPC_INFO(r3, 0x3, &(0x7f0000001380)=""/42)
write$vnet(r1, &(0x7f0000000300)={0x1, {&(0x7f00000001c0)=""/44, 0x2c, &(0x7f0000000200)=""/74, 0x3, 0x3}}, 0x68)
r4 = msgget(0x1, 0x2)
msgctl$MSG_INFO(r4, 0xc, &(0x7f0000000380)=""/4096)
write$binfmt_elf32(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="7f454c4600000000000000000000000000995c000000000000000000380000000000000000000000010064000200000000000000000000000000000000000000000000000000000000000000fdffffff0000000000000000"], 0x58)

[  728.083532] binder_alloc: binder_alloc_mmap_handler: 15323 20001000-20004000 already mapped failed -16
[  728.113881] binder: BINDER_SET_CONTEXT_MGR already set
2018/05/24 23:57:46 executing program 2:
r0 = memfd_create(&(0x7f0000000280)="2d42d54e49c56aba707070f00884a26d003a2900bb8dacac76617d6b6e6823cb290fc8c03a9c631064eea98b4363ad899c6bdec5e936dd55a93dcd4a78aa8f7eb93061a9b2044b98933f8851f7d61da1ce8b19eaefe3abb6a52434d6fe370fe7d924ce20ab4eaec9bdd36740e127730e90f2cd72b828", 0x0)
write(r0, &(0x7f0000000080)="a85883156f794c05e0b02a03983b5addde9e46e1145c5c3fcb185a36d20d52d097399fd15648c664", 0x28)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0)
sendfile(r0, r0, &(0x7f0000317000), 0xff8)
rmdir(&(0x7f0000000040)='./control\x00')
setsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f00000000c0)=0x3, 0x4)
signalfd4(r0, &(0x7f0000000000), 0x8, 0x80800)

[  728.149830] binder: 15323:15325 ioctl 40046207 0 returned -16
2018/05/24 23:57:46 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff8000]})

2018/05/24 23:57:46 executing program 5:
r0 = socket(0x19, 0x100000003, 0xfffffffffffffffd)
r1 = syz_open_dev$tun(&(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x20000000002)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={"6966623000faffffffffffffff00", 0x5001})
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'ifb0\x00', 0xa201})
io_setup(0x469, &(0x7f0000000180)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f00000016c0)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000100), 0xa}])
ioctl$PPPOEIOCSFWD(r0, 0x4008b100, &(0x7f0000000100)={0x18, 0x0, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, 'rose0\x00'}})

2018/05/24 23:57:46 executing program 3:
r0 = socket$inet(0x2, 0x6, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x2, &(0x7f0000000340)=0x1c, 0x4)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@broute={'broute\x00', 0x20, 0x1, 0x230, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000040], 0x0, &(0x7f0000000000), &(0x7f0000000040)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x15, 0x0, 0x8100, 'yam0\x00', 'bcsf0\x00', 'ipddp0\x00', 'sit0\x00', @link_local={0x1, 0x80, 0xc2}, [], @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [], 0xe0, 0x168, 0x1a0, [@time={'time\x00', 0x18}, @vlan={'vlan\x00', 0x8, {{0x0, 0x0, 0x0, 0x1ffffa}}}]}, [@common=@mark={'mark\x00', 0x10}, @common=@LED={'LED\x00', 0x28, {{'syz0\x00'}}}]}, @common=@mark={'mark\x00', 0x10}}]}]}, 0x2a8)

2018/05/24 23:57:46 executing program 0:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0)
r1 = syz_open_dev$mouse(&(0x7f0000000080)='/dev/input/mouse#\x00', 0x10000, 0x2480)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f00000000c0)={<r2=>0x0, 0x7f}, &(0x7f0000000100)=0x8)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f0000000140)={r2, 0x19, "a4b3e1d9aff9417daeca58bf076a00823a358210761e3900a2"}, &(0x7f0000000180)=0x21)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000040)=0x208000000)

2018/05/24 23:57:46 executing program 1:
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f0000a1cffc))
madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0)
clone(0x0, &(0x7f0000b53000), &(0x7f000084effc), &(0x7f0000c35ffc), &(0x7f0000b3bfff))

2018/05/24 23:57:46 executing program 4:
socket$vsock_stream(0x28, 0x1, 0x0)
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x0, 0x0)
recvfrom$inet6(r0, &(0x7f0000000040)=""/4, 0x4, 0x40, &(0x7f0000000080)={0xa, 0x4e20, 0xad, @dev={0xfe, 0x80, [], 0x17}, 0x100}, 0x1c)
io_setup(0xffff, &(0x7f00000000c0)=<r1=>0x0)
r2 = semget(0x1, 0x5, 0x8)
semctl$SETALL(r2, 0x0, 0x11, &(0x7f0000000140)=[0x3, 0x93a9, 0xff, 0x8, 0x4, 0x4, 0x8001, 0x80000001, 0x1, 0x2])
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000100)=0xfffffffffffffffa, 0x4)
io_submit(r1, 0x0, &(0x7f0000000600))

[  728.232819] binder_alloc: 15323: binder_alloc_buf, no vma
[  728.238539] binder: 15323:15367 transaction failed 29189/-3, size 24-8 line 2971
[  728.467965] binder: undelivered TRANSACTION_ERROR: 29189
[  728.474166] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:46 executing program 2:
r0 = socket$unix(0x1, 0x801, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0xfffffffffffffcdb)
listen(r1, 0x0)
pipe2(&(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x84800)
ioctl$EVIOCSKEYCODE(r2, 0x40084504, &(0x7f00000000c0)=[0x2, 0x9])
connect(r0, &(0x7f0000985ff8)=@un=@abs={0x1}, 0x8)
close(r1)

2018/05/24 23:57:46 executing program 3:
munlock(&(0x7f0000ff5000/0xa000)=nil, 0xa000)
mount(&(0x7f0000000080)='./file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f000000c000)='ramfs\x00', 0x0, &(0x7f0000000000))
madvise(&(0x7f0000ff5000/0x1000)=nil, 0x1000, 0xf)
mkdir(&(0x7f00000001c0)='./file0/file1\x00', 0x0)
rmdir(&(0x7f00000000c0)='./file0/file1\x00')
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0xa2202, 0x0)
ioctl$ASHMEM_PURGE_ALL_CACHES(r0, 0x770a, 0x0)

2018/05/24 23:57:46 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="006340400000000000404f0000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:46 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000280)='/dev/loop#\x00', 0x0, 0x105082)
r1 = memfd_create(&(0x7f0000000140)="000000008c00000000000000000000", 0x0)
pwritev(r1, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
r2 = socket(0x0, 0x3, 0x4000000020)
ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
syz_open_dev$loop(&(0x7f0000000300)='/dev/loop#\x00', 0x7, 0x0)
setsockopt$inet_tcp_buf(r1, 0x6, 0x1f, &(0x7f0000000180)="a97855d24b895a87862f0c17e90579857f6dcae135afd7d9397917f945e40557fd89cd32aaa1fefcf91bf78229aaad218e0bd8e2d6c814be82ac2129fab88866ddfce105b40c762c41e2b3baabfbdd54fe6d4d38361de41335a5647cb6455fd056d2e9014427e634456c3b01a4317ea10d1186e8990470495313e0b2bb5251f32816c009928fe8", 0x87)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000000)=@sack_info={<r3=>0x0, 0x6, 0x3ff}, &(0x7f0000000080)=0xc)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000000c0)={r3, 0x2}, &(0x7f00000002c0)=0x8)
write$rdma_cm(r1, &(0x7f0000000640)=@create_id={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000600)={<r4=>0xffffffff}, 0x106, 0xf}}, 0x20)
write$rdma_cm(r1, &(0x7f0000000680)=@resolve_ip={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x7ff, @empty, 0x7ff}, {0xa, 0x4e20, 0x3, @ipv4={[], [0xff, 0xff], @remote={0xac, 0x14, 0x14, 0xbb}}, 0xffffffffffffd397}, r4, 0x7}}, 0x48)
sendfile(r0, r1, &(0x7f00000ddff8)=0xa00, 0x102002f01)
sendfile(r0, r0, &(0x7f0000000040), 0x1b7889b2)

2018/05/24 23:57:46 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00000000000000]})

2018/05/24 23:57:46 executing program 4:
r0 = getpgrp(0x0)
r1 = gettid()
rt_sigprocmask(0x0, &(0x7f0000000000)={0xfffffffffffffffe}, 0x0, 0x8)
rt_tgsigqueueinfo(r0, r1, 0x11, &(0x7f0000055000)={0x0, 0x0, 0x6})
rt_sigtimedwait(&(0x7f0000001ff8)={0x3ffff}, &(0x7f0000f0aff0), &(0x7f0000fbcff0)={0xffffd, 0x989680}, 0x8)

2018/05/24 23:57:46 executing program 1:
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f0000a1cffc))
madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0)
clone(0x0, &(0x7f0000b53000), &(0x7f000084effc), &(0x7f0000c35ffc), &(0x7f0000b3bfff))

2018/05/24 23:57:46 executing program 0:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f000000b000)={&(0x7f000000f000)={0x10}, 0xc, &(0x7f00005a6ff0)={&(0x7f0000451ccc)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in6}, {@in=@loopback=0x7f000001, 0x0, 0x6c}, @in6=@loopback={0x0, 0x1}, {}, {}, {}, 0x0, 0x0, 0x2, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000040)={'team0\x00', <r2=>0x0})
r3 = geteuid()
r4 = syz_open_dev$adsp(&(0x7f0000000200)='/dev/adsp#\x00', 0x2, 0x440)
getsockopt$inet_sctp_SCTP_INITMSG(r4, 0x84, 0x2, &(0x7f0000000400), &(0x7f0000000440)=0x8)
getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r4, 0x84, 0x7, &(0x7f0000000240), &(0x7f0000000280)=0x4)
add_key(&(0x7f00000002c0)='rxrpc_s\x00', &(0x7f0000000300)={0x73, 0x79, 0x7a, 0x2}, &(0x7f0000000340)="aa098c9a7b81686d08c761adacb14f2e6cab5e944e5d4eef6afda11acfd6e0471dd0e8001615f83901d793011bb1924d664be7549aeaf1fc02e7b6b2813ffa73988e3a370d4a6e9a412634bfddf7adc6ea387d86eb83ff9ac74035926be6b31711c331926fd2f84801eb7c93e61bcfa1b550bedee03b26850d53dc009c1c92c64b886900e6b00e9d15e9ef190166b3", 0x8f, 0xfffffffffffffff9)
sendmsg$nl_xfrm(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)=@migrate={0x58, 0x21, 0x1, 0x70bd28, 0x25dfdbff, {{@in=@broadcast=0xffffffff, @in=@multicast2=0xe0000002, 0x4e24, 0x60000000000, 0x4e23, 0x9, 0xa, 0x20, 0x20, 0x6e, r2, r3}, 0x6e6bb8, 0xfa04810bf8166bb0}, [@proto={0x8, 0x19, 0x33}]}, 0x58}, 0x1, 0x0, 0x0, 0x8001}, 0x4000000)

[  728.577760] netlink: 'syz-executor0': attribute type 25 has an invalid length.
[  728.578373] binder: 15417:15421 got transaction with invalid offsets ptr
2018/05/24 23:57:46 executing program 2:
r0 = socket$inet6(0xa, 0x8000a, 0x0)
vmsplice(r0, &(0x7f0000000400)=[{&(0x7f0000000000)="a7e696df7d4877363ff507e579c5fb345dbdd5bc9a87402b3027527f2e6af042c84d76f1838e7678f7191d", 0x2b}, {&(0x7f0000000040)="f7f4d4f4a6215f7f0be9aa769d975a3827fdf563ef598065de90c59397fb799ec18868d931b200749cd3671e34df829fe19030d6ee15c0712ca07f1bda4782c0736e31d22b11df763c9e1a34d844eb8c8f1bc7a31414f8c74b05efd46a858ac5319e91205eb737ed1414668fdea4761f1749ff2f5e8b0938477b326a196647b65fb3ff405a88dfb3384183cee2fe0a4192134a74fd030a829fa0b31e12f3", 0x9e}, {&(0x7f0000000180)="44d455dadfab23ccb80e219b76452fbc0287ce1ed3a265b267e1282a09924bf048fe68ddb07751052eff015e56ca441cc9b819fd9afd7abdd907e7c83ff52a07da4d9eb08c840ecd6cf074f0484816750208bb4358ac10e26a3daf300d6a71ba2f46c048229868010205d2500a9c253508f95ee877938114", 0x78}, {&(0x7f0000000280)="2a5dd6aac86f7073b52fa5deb84c7f755fa4357f61f10998d6d0daf6f3d8ee713158658302f038da03fdf2ed4de5dd0171b56778a3a1ba3ac6b28fad7480d110e2", 0x41}, {&(0x7f0000000300)="bffd1c957edf5ce143e770b2570ad3ebcf3e530fb0d61bf0c6623f81d8bb6b474e930a0fe3d9284fef6f94ee5a793885976cef5f58db3c9ec5a9015294e87c2d968d9553eaee8449a28834333937c05bbed3bb189124c6a29cf0ab5f9e856bd94bcfa6b80a4f7dd5e2897de00c502d2a58a5ee64d8d2539291ced98da009527a5df9861694c3a15ac65d41b4f98da9e7637d56176bb5c941d09aa1875053c4a0b9bbe6a491ba94859f4168327b2b6e8688b3e34a96088079bcbf54d33478bbcf0868aed6a20914ccc55be04aae5ef7cb22", 0xd1}], 0x5, 0x8)
bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23}, 0x1c)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x14)
listen(r0, 0xffffffffffffffe0)
r1 = socket(0xa, 0x200000000001, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000140)=[@in6={0xa, 0x4e23, 0x0, @loopback={0x0, 0xac14140b}}], 0x1c)

2018/05/24 23:57:46 executing program 3:
io_setup(0x6, &(0x7f00000012c0)=<r0=>0x0)
sysinfo(&(0x7f0000000000)=""/140)
io_getevents(r0, 0x2, 0x8f, &(0x7f0000d83f60)=[{}, {}], &(0x7f00005cfff0)={0x4000000000001, 0x7})
io_destroy(r0)

2018/05/24 23:57:46 executing program 0:
r0 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x800)
setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000100)=0x100000001, 0x4)
r1 = fcntl$dupfd(0xffffffffffffffff, 0xfffffffffffffffd, 0xffffffffffffffff)
setsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000080)=0x100000009, 0x283)
setsockopt$bt_BT_POWER(r1, 0x112, 0x9, &(0x7f00000000c0)=0x8, 0x1)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000140)={<r2=>0x0, 0x5}, &(0x7f0000000180)=0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000001c0)={r2, 0x6}, 0x8)
sendmsg$key(0xffffffffffffffff, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000580)=ANY=[@ANYBLOB="020f0000392f00000000000000000000030006000000000002000006e000000100000000000000000305800000000002000000e00000010000000000000000319b702c31cd7d6905034cae62c79e3554c3895200a80887971cbe8b32a4a04dede260ddaaa61507f080f883828fffb7205eeaf1dfcc5a46001f57c88c9f2e01328c557484c4750e28365fe0969a8731590201aedd3901774dd74af8f6c7086da73fc0e81ae1cc42c68c168e4fd212c94d9e109e6923c308b47e1171525e6f15c210bc96f2f0488d901362bd00df8c9e1f9ad38664750262819b997cf6baaf7ae7a409cb498efbf03d761b1b65755d5398df5175539eb5a3aa67b2f8f6f688c4fd5cea1282252dc34e388616830682ae82e5dd856cd2d1dca5fdc7ad4ee6d70dcaae5b0e79ee64c06ee8e74e055676021a5fa64bb0f1eb0b130334bbb6462761f0bfbea8ebbc4d26ce69e399a2115bedd8947fdb86fb92f05783930bd2a7829336f892be8f903b57122ab79f6bb075b60261f3f786e218444f8707f3976e572a21dc737db657b7e24966b409fdf350c7556c7aa3d66f447de16c01958d489f8c37c764fa5d7bea5021f26e6de1c7d9034a960017f9ba53df0aa0be13e54053445f4346f822d48c1c641fa70fc109f53e9e8680aa1a3a5869a743910c553e7b3cca31025c8028efcfb2d21c0b51db74ee3d47c3569cbf870e66f68d15713d967839ea0eeba5c58632b6f6aa50b8bc80256c786a49b000000000000000"], 0x40}, 0x1}, 0x0)
getsockopt$IP_VS_SO_GET_SERVICES(0xffffffffffffffff, 0x0, 0x482, &(0x7f00000002c0)=""/116, &(0x7f0000000040)=0x74)

[  728.677272] binder: 15417:15421 transaction failed 29201/-14, size 24-8 line 2999
2018/05/24 23:57:46 executing program 4:
r0 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c)
listen(r0, 0x9)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10)
r2 = accept4(r0, &(0x7f0000975000)=@can, &(0x7f0000752ffc)=0x10, 0x0)
getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x3, &(0x7f0000003080)=""/108, &(0x7f0000000100)=0x6c)
sendmmsg(r2, &(0x7f0000000400)=[{{0x0, 0x0, &(0x7f0000002140), 0x0, &(0x7f0000002180)}}], 0x1, 0x0)
clock_gettime(0x0, &(0x7f0000000140)={<r3=>0x0})
clock_nanosleep(0x0, 0x0, &(0x7f0000000180)={r3}, &(0x7f00000003c0))
sendmmsg(r2, &(0x7f0000002fc0)=[{{&(0x7f0000000040)=@generic={0x13, "c9084d19440625c26f201c8bf239f71921a39d9a239d77fc5b02b6aff0303779b39cade3609dae72fbf6c54f664a5f1585a284b7cec0cbfd7ce9fa9e95fffd9d1f62386beb7e13cc88f8bd38ec3a3c0cef3ef79298a983ab37c9ed9e65489ce257ad9cdff05a472bca26a932c407d05a343e1e4d69510998e920258898ed"}, 0x80, &(0x7f00000000c0), 0x0, 0x0, 0x0, 0x4884}, 0x6}, {{&(0x7f0000000280)=@pptp={0x18, 0x2, {0x1, @dev={0xac, 0x14, 0x14, 0x10}}}, 0x80, &(0x7f0000000300), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="10100000000000000d0100000400000074899aaeec7fd0e9cda2b6a5e05ae5717bff73a8bcd5902185ebac701bb124babdb6ee1e0c613b73205d4c00a88d58a73a5914739595f42dec0da0c5bc4041ca0fe747d0f24518801461cde747d6f28b652211997ea01cc31040be333ea94912810f74f804c1967230909df7f3f259f377f057c145cf0a73cb057c3e79c77cb204421144f62ed1fb51259c6ebeaff1c99c722f08ddb6d703fb6ad6a0bc3572aa0cae00f93067292984debc8ba1d4434d933dd768214765fbab7630fb1b7d18756aead9278170b6f46f6f499c3287a88cd4a38a0857b1ad9f1a20e444d76699af853b3d85ab515542c2b7f01e941842bbbfb98141514dc21856ac3f05d051e99f89696af4477a6e7e3c50d405c855d57ebaaad29887a26a887deb8886780e3408f87281b90f22f1889ac1ccf8694ec26a0882daee97ee1c43d6a14e5d02f3ce7f18d488b6a527b0e216261de64389c89028b1e489a9497a11b20e0a5edf19eca9612b88398dc135ad28559049aec6a3f83045e797152a78a2b4984f092a1294c58f3def9a522838d0b567930b5337d8a33938c1b754160de13df4532b93ed0fa4f7d9fba37b5654453b00d50332ecaef79dd183c4a85ac689b97acedc93e59afb067b3ca5b7be6a27a20cf7a408a539c2191357083af36268a7a67c6e29972f848aea74b07528093a350a9be7a2b363d65194453f815895b32b1e0f68a6c1441fcef47025b7dba8c09358e6e515748bd4b3ee1a7983a4c01b99a15cad2ea79e5ffb67f93e38fdf279de8904c85902ecfe5cb7e3b69c246a6e1ec370a83a28d039fab55b83909388a40b041ebb59fedca5a5870cd5bb0f24b74e122eb6257e8f3d19c35fd0087a3248b469b3ebb9c48a68a9d4d3450f1de2bb98d5c6acfbd38161af1e64f3f9509d99000199f79782bacf1fa3b1852f475524dd562d4f4c9501e88a8108b4fc6c9721430adc9a01857874c609737a44971a6585fa3414ad7cff2f0712c987863fccf7195672c2cfecd911eb5e3c8174c131352c1e4b716c84583e042b574e370befb38e43153a1e1a60cbf7baf351674c2c04a50cab571d145e6f84518d76a7ab821a91e8aab03de90fd85ca55d926d1cd78c169ce93a99308ae23e8f34d6337202856f51efe59c0c9ac3cddc2ff2b1723a9a3c8f08f2662c260fe204c17de38ff37cf6add152acdf514b09ef0c429e660e0f7b5450298e61082218f70cfafd4ae7ec5be6727302b0333cef2cf9eecc83db2a8ee36701a67d7c65cd30fabd3d89e3890cfbe21593733a4f5f9bea6502d3a3a75956ace0296b4bfb3c71d914252a996f0ab2fd777e4a2f4e69bbb4ee2fd99f4e42003b7a4542ba1644e2da51742f75eea9deb2ffe1809068609cd564b2684fdbf88fa9ad92e79dc02a9ea845289176c5e2ab6544ed2da8e16fa8282dbf58a4f25e6fa8bc9268057a0fdd44cc0cfb40081636d06d343b9560c43d96d7e51653984b1451d74379602e675ba69df00309169550904ba240d706516826635abe5d7636e579f920d21735aa708f92c902067fdabee79ea5924b357788c6069cb28463a2ae897913403737311f63981751552988fff91045280264cf469eaa5af8b1e02a94e465ede0393805482ee5ed283bbee12a07d16fc540ed0d0858cbf7383e3f0c9d8f6bba9f78590ab89ac70ba75ab07d1466d098777e79b262f068523fedf83f132c30bf32b3e339227f3f56d8ae7294521e1e35dd1881c23fb65bb2234ed9e2a32f4f98e2822960f71f9033d10c006028d6fed16f3dca107633a92db3127e7adf17fc663038847c702da0a18561186ca206c2211862398ebd5943fb130d0a8f9d759c654d920723942a70e9d0749019c0d6830d7098ab9fd4e0fedbf52e6064cc5c80ff3084ec416f82862f517950c89d32a6fec5dec28cc885ee014d5494f681696ab8377af5e6b472d6def957e1f60fca60cd49038b38944d4d8ed6dd6bc671399241d00b41f3041cd21c5c7e21311a79807187a30714343be05827c3774de91c6efe96d422f2cf863b5aeab435ecdeef3b4b0beb814817fb382d1ab6d604cd3ef432a09a9670be5dedb2392c49deb2862ee0f36fa20f33114cc331033d56fb54c49bb242e6b1bdfdf4e596ad5bd4c5b8c3c3d231e1c54a5d2163d77866560d08ff6a1c6b7a3ce98b59d4c6221c3077569547967fa140315e5d7a40d4a418a81c4b04dc2ea61c690fce737002b7e9429c571df5b6f3a3f8f8dcd838ab6c1fc36d696aaa30c24a4819099051ba110cca114aada812f394699c41dfd444d7bf7059c40e0340ee9fd09491ea42556bcbc6ef9da64e983f337c8c57ec3292a3f647e60dda2d776be7df313e5098ec73bc56bddbd318d75ca9196877907ad3b407ab139a5388bc4e77a4c704e25ea69d353588c10149cb4babb8d523eede4d56e47557037b82431ca0abb0128a83443fd5fddd831d35046adc0f69b7e6641a57ddc217730f1a2b74eb3e19fe75fef0e4675ecdc389dc9f50ee0988f42c24d5baf8643173633b2b3c9a601169c8be87f57abddea177e8961ddc2c51dd99c1bf622f5ca816c8fa79b8c4bf70b53529b368f736c652291d5df1e6d3c5c1f2c14ae55a1891343a9f1e16eac3882bade5390c94f5c23ed8a87540397ef146bca2cf35f023c7787be52c8f64c20a3dc740ecb17ac6327bdc703dcfacf91490a5f74ce508416354eb3855bbd35dec762860c2ac63cccbf47e72d9173fc8de0d337ff8513f19d7bd0c570418cb2ca097c90acb9c5139521160314b4817fc92c95237f39d1e9fa041f97b3fb1001e8eb41c45c04465aed5244c7f0e7cb1eef93ee868ee0ab10e901f532876f86ff9e1861465864b71574389fbb32140a9271e712538763ece84cccb5a5eff91207545e3dee05ac198e89f7c7f4ebd745395993f837f958cc2b9b21041127f07dc391a0416c60b9d15b68b8809379d89ecd50c33e6396609644bfb62046c030fafe4c7ab579f1d1fab13dc55076c81e46148e4ec02264b901a9df52c5b4423b129c4d7c50ddfbe00ac47b90e0efa876dc0c31f847e9ce50459961237570b175a39bbc78801a8af3527a4998149a22bf9b4cb39c5afd4cde16fd036359fae35245f58d16e5eee90041b516384651f4b9882686e7f6b0ee28a0cabfd6015a01fea19ac8e7d0ba8a2be630e3c468f91bb722e8d767be6afe9b68c4cbcaf52c4eaf65be32d4ad7d5dbab616fea63372a851f12d7717200e7198df785f29612b70199e5712b01cfccd5ac745646ce1525aaab4af59833c22c363e36efeb1bffc26b5e2003a823c3c7bf6b8aa03ccf45467d5c1645f10068301de9602d2a9aa235ac89c705d48132d71dce67310f853fa4bdf11938d8f3cf2c591583dc873f9133a81b4473b1acab8a1cc64df83f6d15f261ffdd7ba27187cc41ee5d555e820888b34c2d317855ad3105dc3b1fe83b54b5fdfd2dff7cb94a4b8d0a4eb9d9d32168b816bc3cf7e7aae8e162d6310f0ede14ef6ea2519f8d102e238128e2c9de6a92afaf5a8ca636c058bf5c513f27dad15370cbe32e3c3375588dabffc762287fe54c8ecf1b039fdca85b4c8357403a222cdb2abe39f061c9cf271bc4382cf7ba3c43504cb26e3b7ccb846bc6499752c85d001996783a7e38c269f44b14983f4a54d7aacad9a9b57982709cec0b14389b0d3f1c4d1942918bb2d2707a1ac090f7bb3eec55f7cc0565ef7c8f41a4b7254dc47656b0e576f9b9a815ec5234fd69e33e35dd675f1bb7d429edf2fd2358068e4fa7fbb1ddb3342c4017de7fff08807f94f93e39f77fb837936a57a5e8dd68baa6119f2139655f8e143a69273782eda857c5ade1f4aad459676a391e2b0fe03fa24c1a5ea129fa0df578fb00cc5e6b5301c618337a17ac6dcf2ed0c8e2f1d8d9f2ff6f727a1124d2a55d18f364777fe6e8ada986abb63edc248eb54f9848accaabdf005a09e1b273a989ca1db98ddfe957503a828fa84f4f5ad4426c27bd911605d4c5b9ba32da495e569017c4aaacf2e7481ac524f54526db81cd02885a27d005c70638405490646238fde8a9bb66fc85039b007a631966665d33e0657ef7ba7cdb50c3c769cded7f7c7414333bc9dd4f5d5bc7dce646c68e5489439802128e8dea80d2ff93dee40b6724e1e93e57c9f9adc7ff5a0176fcebaca17fbbce4ec6fdf10f842af8e8e9557ccb84cf83809d672fd8a4f6ba9736abe2a19b36bcc1916549dee5bae87900b37ced15a56ba013e7be918d0f4dd48429bbc5f33f39735db401a394d5eb9e78aebe8c252765f9608c3e2ca1eacfbf55d8829838dc9fcb35e4e6daa803650189692fdd6f296b691583c19b3d51f08c9a540b60fc2dc86bf4d8c6f28b211db87d73dbfd2535062823c6b52f525ff0f23208bba8d03e9f7b0062b32c4902586a9eb486809465b0d90d1d9496213bdf3038bfafbc5429e4dd93d7afc2d5f0db2de98d82226c0c5c3833fdcd27033202e69871ea43beab850327dd68f4d3025a1f092f829f9edbd84c676638b4597cb40c6055a7542ff621da650816fae141eb8d28cf5c26bc3f4bc60905e9460750305ed866e4bd6f3bf5d14414bddfbe1bef73404c9834d6989fa000c742b03e0172bca3eea57a106dacf9efbbe3706f40447a159b083bc5fcbfb90857f33b9b148e2332e2066374038f1fa0712c606507495dd39042a9d0bac94823fa91c8cf52d7be68f3a24d087e09ab0b619d203c664bfe81134f0b2c5a991b6dbaf1f96da2ce8a87ac43a4e0160edf1a233527aa6484c3988f20ae0c47bd8563ad0c39d80040348e2c6ad618dd117b84ec1deea003ed53dac28acd75e109cd34e31232517d3f2b87bdd0ee4a299e733e08c387e1350d4b44ef020108685878eb70f82e19c84881fa8afd8528f802a8522e6c71f5ae0c196f995290feeb5d1d5f69a31775445a52f485023c8c3a370642e556ad0e711d1ddd54dbf8f0ab05d220a26f85bba561b50294d6dbcdd8ab2e2eea4715b0d1df56c80b1287634fc575f39d82e2ca70b74165c13d88f7934a86b6f966776594fd7878aeae8a33f8832d86cf4ad0561f9f8009b532dde08d7b5bad6dd97683b7ccd872e5e1b8f3741f1d92caf32b308a3bd0283dd9434a66cef7d06e5e85ce59414639453869cb45106e6c5850d7127923da9b1a28588bac13f26a4a88b43d3d01ca9ebd09d9ff844626fe46875b3f918f88a7e52386fa3d4dfda5fad69e546f35bd9e62bbf6245051c239f33816e6d2283f53ff98d240a7e358db9e9d41307232e635800a91ead9d20fc6e6c58eacd5df45d81f55a6b9e2c8f0f50f2b7808507144e076a76e49e8726a04100d59e01057b68fc89899a476af2db08997428716c46ae5843474b6a6251394679fa19264dd40ab6f5f427d84292a7e0a986423b5fddf10c2e8f9c8425a548ca0406ec896f2d5de5d6c1ec528c9c84144af08ec4693dfcda1ea0875802d7b22f01e1777f5746fc7175ff2269f6d0ed8753a626c7405506c30789e400a1fd64ec3a9fa9a5c7c73293fa9ad6c5a64b0e098b9b5de5cd6f76addc4f91255f436edfb12570714fc69be410b1257082f52889c66c4c28b8f119bf7f150e19459bab897f4434122f9bd69e2069b0d32306be56f1be27a6b95c0cf74aea419fe2d4705e7d8754171a7c1129f56236efb5457fce4d465919928b90863eccb88c2affdd307427df6477cf802b064f198e75cb173c797ef8fed5b9ba691caa001fcef9a9da9b7b00bd097bef5e2095c6db94f774101d8944f9f7d4dd9fd10000000000000000000000030360000"], 0x1020}}], 0x2, 0x0)

[  728.718213] binder_alloc: binder_alloc_mmap_handler: 15417 20001000-20004000 already mapped failed -16
2018/05/24 23:57:46 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000000]})

[  728.786667] binder: BINDER_SET_CONTEXT_MGR already set
[  728.793598] binder_alloc: 15417: binder_alloc_buf, no vma
[  728.799284] binder: 15417:15438 transaction failed 29189/-3, size 24-8 line 2971
[  728.806162] binder: 15417:15421 ioctl 40046207 0 returned -16
2018/05/24 23:57:46 executing program 5:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000005c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc-camellia-asm)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="0a0775b0d5e383e5b3b60ced5c54dbb7", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000540)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
recvmsg(r1, &(0x7f0000000380)={&(0x7f00000003c0)=@ethernet, 0xfffffffffffffefd, &(0x7f0000000080), 0x1, &(0x7f0000000240)=""/148, 0x94}, 0x0)
sigaltstack(&(0x7f0000ff4000/0xa000)=nil, &(0x7f0000000080))
r2 = memfd_create(&(0x7f0000000000)='\x00', 0x3)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f0000000440)={{{@in=@dev, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in6=@mcast1}, 0x0, @in6=@local}}, &(0x7f0000000640)=0xe8)
connect$packet(r2, &(0x7f0000000680)={0x11, 0xc, r3, 0x1, 0x896, 0x6, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x1e}}, 0x14)

2018/05/24 23:57:46 executing program 2:
clone(0x200, &(0x7f0000b6b000), &(0x7f0000744000), &(0x7f0000fef000), &(0x7f00000001c0))
mknod(&(0x7f0000000080)='./file0\x00', 0x1040, 0x0)
execve(&(0x7f0000ee6ff8)='./file0\x00', &(0x7f0000000000), &(0x7f00000088c0))
r0 = getpid()
add_key$keyring(&(0x7f00000006c0)='keyring\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, 0x0, 0x0, 0xfffffffffffffff8)
keyctl$link(0x8, 0x0, 0x0)
r1 = syz_open_dev$adsp(&(0x7f0000000500)='/dev/adsp#\x00', 0x1, 0x200)
ptrace$setregs(0xf, 0x0, 0x0, &(0x7f00000008c0))
r2 = syz_open_dev$sndpcmp(&(0x7f0000000780)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ioctl$RNDADDTOENTCNT(0xffffffffffffffff, 0x40045201, &(0x7f0000000580))
ioctl$EVIOCSKEYCODE(r1, 0x40084504, &(0x7f00000005c0))
lstat(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
ioprio_get$uid(0x0, r3)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000540))
openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x0, 0x0)
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(0xffffffffffffffff, 0x800442d4, &(0x7f00000004c0))
process_vm_readv(r0, &(0x7f0000000240)=[{&(0x7f0000000140)=""/108, 0x6c}, {&(0x7f00000001c0)=""/123, 0x7b}], 0x2, &(0x7f0000000b80)=[{&(0x7f0000000280)=""/115, 0x73}, {&(0x7f0000000300)=""/112, 0x70}, {&(0x7f0000000600)=""/91, 0x5b}, {&(0x7f0000000880)=""/248, 0xf8}, {&(0x7f0000000980)=""/210, 0xd2}, {&(0x7f0000000380)=""/23, 0x17}, {&(0x7f0000000a80)=""/150, 0x96}, {&(0x7f0000000680)=""/46, 0x2e}, {&(0x7f0000000b40)}], 0x9, 0x0)
fcntl$notify(0xffffffffffffffff, 0x402, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, &(0x7f0000000740), 0x4)
process_vm_readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/61, 0x3d}], 0x1, &(0x7f0000000480)=[{&(0x7f00000003c0)=""/187, 0xbb}], 0x1, 0x0)
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x2, 0xffffffffffffffff, &(0x7f0000000100))
r4 = open$dir(&(0x7f0000296ff8)='./file0\x00', 0x27e, 0x0)
getsockopt$inet_sctp_SCTP_RECVNXTINFO(r2, 0x84, 0x21, &(0x7f0000000b40), &(0x7f0000000c40)=0x4)
fchdir(r4)

2018/05/24 23:57:46 executing program 0:
r0 = socket(0x1e, 0x805, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000}, 0xfeda)
sendmsg(r0, &(0x7f0000000140)={&(0x7f00004f5000)=@generic={0x10000000001e, "0500000900000000000000000226cc573c080000003724c71e14dd6a739effea1b48006be61ffe0000e103000000f8000004003f010039d8f986ff01000300000004af50d50700000000000000e3ad316a1983000000001d00e0dfcb24281e27800000100076c3979ac40000bd15020078a1dfd300881a8365b1b16d7436"}, 0x80, &(0x7f0000000000), 0x0, &(0x7f0000000080), 0x35, 0x40000000000}, 0x0)

2018/05/24 23:57:46 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000000000000000029e9c000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

[  728.911343] binder: undelivered TRANSACTION_ERROR: 29189
[  728.927273] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:46 executing program 1 (fault-call:2 fault-nth:0):
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f0000a1cffc))
madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008)
clone(0x0, &(0x7f0000b53000), &(0x7f000084effc), &(0x7f0000c35ffc), &(0x7f0000b3bfff))

2018/05/24 23:57:46 executing program 5:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x1d1b40, 0x0)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffff9c, 0x84, 0x77, &(0x7f0000000040)={<r1=>0x0, 0x800, 0x1, [0x8]}, &(0x7f0000000080)=0xa)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f00000000c0)={<r2=>r1, 0xfc, 0x2, [0x5bf, 0x8]}, &(0x7f0000000100)=0xc)
setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000140)={0xc2d}, 0x4)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000200)={<r3=>r2, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x4e24, 0x8, @mcast1={0xff, 0x1, [], 0x1}, 0x9}, @in6={0xa, 0x4e20, 0x400, @empty, 0x81}, @in6={0xa, 0x4e21, 0x4, @remote={0xfe, 0x80, [], 0xbb}, 0x1f}, @in={0x2, 0x4e24, @local={0xac, 0x14, 0x14, 0xaa}}]}, &(0x7f0000000240)=0x10)
getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x41, &(0x7f0000000280)={'security\x00', 0xec, "4f87c07918dc851f35a91120f113ebf55327e516d4ed91f832652e68e3c53bd7e415a1f1f9bb68f8245aad921d26b963b2ffd6744ec442b10a6686b31065dc312aabbedc0ce5e595248d27d59f6f566d92e7132431621dad81a2e12eff023fcc1680d4b72189afa72d11bb133045f5551d4a9cf593c575f84285300d20f4016d2c33d9307864b778b465ba4aa19cf5222149e71592da45bfdc2267514dcc6872e62f1a83f0aaeaee63739e57d59a985308ed0dde41135a012a45f004b6abe1a2861e9a1e6056f3a898c2d3daa23aeb697343939aebb51b965d3f1f46f2a9ee07103929f423fdf2ff78effc06"}, &(0x7f00000003c0)=0x110)
setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000400)=0x1, 0x4)
fgetxattr(r0, &(0x7f0000000440)=@known='system.advise\x00', &(0x7f0000000480)=""/191, 0xbf)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000540)={r1, 0x7fce, 0x2, [0x5, 0x9]}, &(0x7f0000000580)=0xc)
ioctl$DRM_IOCTL_SET_UNIQUE(r0, 0x40106410, &(0x7f0000000600)={0x3d, &(0x7f00000005c0)="b35fad55ff20c582455d2eeac5e4f3151936da549ee2ab7274b5819059c64aec14d3c01596bc579262867623da4495ac7d892edfec931479783176367e"})
setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xcd, &(0x7f0000000640)={{0xa, 0x4e22, 0x8, @loopback={0x0, 0x1}, 0x2}, {0xa, 0x4e22, 0x1, @mcast2={0xff, 0x2, [], 0x1}, 0x101}, 0x40, [0xad47, 0xb0b3, 0x1, 0x4, 0x3, 0x0, 0xfffffffffffffffa, 0xffffffff]}, 0x5c)
poll(&(0x7f00000006c0), 0x0, 0x9)
ioctl$SNDRV_TIMER_IOCTL_STOP(r0, 0x54a1)
r4 = syz_open_dev$mice(&(0x7f0000000700)='/dev/input/mice\x00', 0x0, 0x20000)
ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r4, 0x800443d3, &(0x7f0000000740)={{0x8001, 0x8, 0x2, 0x0, 0x4, 0x3}, 0x5, 0x4, 0x6})
ioctl$KDSETLED(r0, 0x4b32, 0x10001)
ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000780)={'gre0\x00', {0x2, 0x4e23}})
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r4, 0x84, 0x19, &(0x7f00000007c0)={r3, 0x88e}, 0x8)
ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0)
r5 = getpgid(0x0)
r6 = getpid()
fstat(r0, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x0, <r7=>0x0})
lstat(&(0x7f0000000ac0)='./file0\x00', &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0})
r9 = fcntl$getown(r4, 0x9)
r10 = getuid()
getgroups(0x6, &(0x7f0000000b80)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, <r11=>0x0])
sendmsg$netlink(r0, &(0x7f0000000c00)={&(0x7f0000000800)=@kern={0x10, 0x0, 0x0, 0x8000080}, 0xc, &(0x7f0000000a00)=[{&(0x7f0000000840)={0xdc, 0x13, 0x400, 0x70bd28, 0x25dfdbfc, "", [@generic="1ca422482a9fef4f1475bd6335f98735b898cc11ef59056f9a99addb88566fb420619c777568b5e10447960f83d44f00b026df603b0bdcc8ea613ea062b1765f519e9e59a7f1d732d731bec862bf8b0fc234b6a62186c2e877d85962f92200b9b7e16aa965fd955fd0bc210209a78d1dc0f54a064ed964d1691626fb8e694539226445468d3c2bee043505b356a6a7e73f1b28d23c0b2e2d72697016a1f8e48c4c09b88b38c1f6169be90a6e22d956b70d38ef2cae", @typed={0x14, 0x7a, @ipv6=@local={0xfe, 0x80, [], 0xaa}}]}, 0xdc}, {&(0x7f0000000940)={0x9c, 0x3a, 0x53f, 0x70bd29, 0x25dfdbfe, "", [@typed={0x8, 0x4, @pid=r5}, @generic="11efc460ef68a8b6f0ef384281c96fe810e4d248941fb3d9d6463983c086c43552b16e81343773ab0355ad687f0ef177952d3827627580d568c86519", @generic="ff1eb74f3d9fe3cef928fc6274255fb4f0634869955ea7e1a3a655378c4c639693b49a3b60a84e8fe09a566c020771bb8b5970e3", @generic="8d6e441bdc180c8f63e85c5acdecaeca45"]}, 0x9c}], 0x2, &(0x7f0000000bc0)=[@cred={0x20, 0x1, 0x2, r6, r7, r8}, @cred={0x20, 0x1, 0x2, r9, r10, r11}], 0x40, 0x44}, 0x8000)
ioctl$TCSETSW(r4, 0x5403, &(0x7f0000000c40)={0x3, 0x2, 0x4, 0x0, 0x2, 0xd7, 0x4, 0x6, 0x0, 0x5, 0x5, 0x1})
getsockopt$IP_VS_SO_GET_INFO(r4, 0x0, 0x481, &(0x7f0000000c80), &(0x7f0000000cc0)=0xc)
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000d00)={<r12=>0x0})
ioctl$DRM_IOCTL_UNLOCK(r0, 0x4008642b, &(0x7f0000000d40)={r12, 0x1})

2018/05/24 23:57:46 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]})

2018/05/24 23:57:46 executing program 0:
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer2\x00', 0x10000, 0x0)
getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffff9c, 0x84, 0x11, &(0x7f0000000180)={<r1=>0x0, 0x8}, &(0x7f00000001c0)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000200)={r1, 0xe7, "e42e94afb37bc22d388dd9dff43b7cdf58625f175e466fca559782d5da1e48d1890564d6362f192c46a99d2e2e0f254a253d2167d41e8a7df4d17efb21f81a6fc7fcfef17bff78262777542fcf58bb4f25f42a0396861b52e89204485d27c4659b1832f36f7a218a56934f3cf0a46d23eed77b1896f07b6b018bf86123f2a50db9033170d3fc97f0fa0ec1c4ac3858ff4022a8e3ec47c4ec253b8105349ce69503fc4dd15b1fae0c556077e2cc09fe54c7acfa960559cff3fd1c0646d7afe7cfc04847f49bf53937047d66d614bdd0cae1f080c4cac82fef933b00e4369ff84ce5757c9da7381f"}, &(0x7f0000000300)=0xef)
r2 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_int(r2, 0x0, 0x14, &(0x7f00003b9ffc)=0x40000000000800, 0x4)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000469ffc)=0x7fe, 0x4)
sendto$inet(r2, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000100)={0x2, 0x4e24, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10)
setsockopt$inet_int(r2, 0x0, 0x19, &(0x7f0000000880)=0x27, 0x191)
recvfrom$inet(r2, &(0x7f0000000000)=""/248, 0xf8, 0x40012000, 0x0, 0x0)

[  729.008660] binder: 15477:15478 got transaction with invalid offsets ptr
[  729.040148] binder: 15477:15478 transaction failed 29201/-14, size 24-8 line 2999
[  729.114511] binder_alloc: binder_alloc_mmap_handler: 15477 20001000-20004000 already mapped failed -16
[  729.124189] FAULT_INJECTION: forcing a failure.
[  729.124189] name failslab, interval 1, probability 0, space 0, times 0
[  729.135675] CPU: 1 PID: 15492 Comm: syz-executor1 Not tainted 4.17.0-rc6+ #65
[  729.142976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  729.152349] Call Trace:
[  729.154963]  dump_stack+0x1b9/0x294
[  729.158620]  ? dump_stack_print_info.cold.2+0x52/0x52
[  729.163835]  ? retint_kernel+0x10/0x10
[  729.167749]  ? print_usage_bug+0xc0/0xc0
[  729.171834]  should_fail.cold.4+0xa/0x1a
[  729.175901]  ? __lock_acquire+0x7f5/0x5140
[  729.180274]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  729.185384]  ? lock_acquire+0x1dc/0x520
[  729.189378]  ? __lock_acquire+0x7f5/0x5140
[  729.193609]  ? find_held_lock+0x36/0x1c0
[  729.197676]  ? irq_affinity_online_cpu+0x140/0x293
[  729.202605]  ? check_same_owner+0x320/0x320
[  729.206920]  ? rcu_note_context_switch+0x710/0x710
[  729.211844]  __should_failslab+0x124/0x180
[  729.216081]  should_failslab+0x9/0x14
[  729.219880]  kmem_cache_alloc_node+0x272/0x780
[  729.224456]  ? update_load_avg+0x2d9/0x2570
[  729.228769]  ? print_usage_bug+0xc0/0xc0
[  729.232835]  copy_process.part.38+0x16c4/0x6e90
[  729.237515]  ? update_load_avg+0x2d9/0x2570
[  729.241839]  ? alloc_set_pte+0x1013/0x1600
[  729.246099]  ? print_usage_bug+0xc0/0xc0
[  729.250171]  ? __cleanup_sighand+0x70/0x70
[  729.254422]  ? rb_erase+0x3530/0x3530
[  729.258229]  ? print_usage_bug+0xc0/0xc0
[  729.262282]  ? find_held_lock+0x36/0x1c0
[  729.266337]  ? print_usage_bug+0xc0/0xc0
[  729.270395]  ? debug_check_no_locks_freed+0x310/0x310
[  729.275575]  ? find_held_lock+0x36/0x1c0
[  729.279630]  ? print_usage_bug+0xc0/0xc0
[  729.283708]  ? debug_check_no_locks_freed+0x310/0x310
[  729.288894]  ? __lock_acquire+0x7f5/0x5140
[  729.293119]  ? debug_check_no_locks_freed+0x310/0x310
[  729.298310]  ? debug_check_no_locks_freed+0x310/0x310
[  729.303497]  ? set_next_entity+0x2ae/0xaf0
[  729.307720]  ? print_usage_bug+0xc0/0xc0
[  729.311784]  ? update_load_avg+0x2570/0x2570
[  729.316184]  ? graph_lock+0x170/0x170
[  729.319972]  ? lock_acquire+0x1dc/0x520
[  729.323936]  ? __fdget_pos+0x1a9/0x1e0
[  729.327816]  ? graph_lock+0x170/0x170
[  729.331608]  ? __lock_acquire+0x7f5/0x5140
[  729.335836]  ? find_held_lock+0x36/0x1c0
[  729.339888]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  729.345416]  ? _parse_integer+0x13b/0x190
[  729.349556]  ? graph_lock+0x170/0x170
[  729.353350]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  729.358879]  ? _kstrtoull+0x180/0x230
[  729.362671]  ? _parse_integer+0x190/0x190
[  729.366823]  ? graph_lock+0x170/0x170
[  729.370623]  ? lock_release+0xa10/0xa10
[  729.374604]  ? check_same_owner+0x320/0x320
[  729.378919]  ? find_held_lock+0x36/0x1c0
[  729.382974]  ? graph_lock+0x170/0x170
[  729.386772]  ? lock_downgrade+0x8e0/0x8e0
[  729.390928]  ? find_held_lock+0x36/0x1c0
[  729.394989]  ? lock_downgrade+0x8e0/0x8e0
[  729.399135]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  729.404663]  ? proc_fail_nth_write+0x96/0x1f0
[  729.409147]  ? proc_cwd_link+0x1d0/0x1d0
[  729.413226]  ? __schedule+0x809/0x1e30
[  729.417110]  ? find_held_lock+0x36/0x1c0
[  729.421165]  _do_fork+0x291/0x12a0
[  729.424698]  ? fork_idle+0x1a0/0x1a0
[  729.428399]  ? __lock_is_held+0xb5/0x140
[  729.432460]  ? __sb_end_write+0xac/0xe0
[  729.436430]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  729.441953]  ? fput+0x130/0x1a0
[  729.445220]  ? ksys_write+0x1a6/0x250
[  729.449025]  ? __ia32_sys_read+0xb0/0xb0
[  729.453094]  __x64_sys_clone+0xbf/0x150
[  729.457056]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  729.462064]  do_syscall_64+0x1b1/0x800
[  729.465940]  ? syscall_slow_exit_work+0x4f0/0x4f0
[  729.470775]  ? syscall_return_slowpath+0x5c0/0x5c0
[  729.475694]  ? syscall_return_slowpath+0x30f/0x5c0
[  729.480619]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  729.485980]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  729.490820]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  729.495999] RIP: 0033:0x455a09
[  729.499179] RSP: 002b:00007f5ef905dc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  729.506889] RAX: ffffffffffffffda RBX: 00007f5ef905e6d4 RCX: 0000000000455a09
[  729.514161] RDX: 000000002084effc RSI: 0000000020b53000 RDI: 0000000000000000
[  729.521422] RBP: 000000000072bea0 R08: 0000000020b3bfff R09: 0000000000000000
[  729.528683] R10: 0000000020c35ffc R11: 0000000000000246 R12: 0000000000000013
[  729.535959] R13: 0000000000000052 R14: 00000000006f4850 R15: 0000000000000000
[  729.551449] binder: BINDER_SET_CONTEXT_MGR already set
[  729.557698] binder_alloc: 15477: binder_alloc_buf, no vma
2018/05/24 23:57:47 executing program 0:
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mixer\x00', 0x400000, 0x0)
r1 = dup3(0xffffffffffffffff, 0xffffffffffffff9c, 0x80000)
ioctl$ION_IOC_HEAP_QUERY(r0, 0xc0184908, &(0x7f0000000140)={0x9, 0x26, 0x1, <r2=>r1})
clock_nanosleep(0x2, 0x0, &(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f0000000080))
prctl$setmm(0x23, 0x5, &(0x7f0000ffc000/0x1000)=nil)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
pwrite64(r2, &(0x7f0000000180)="eb23b1d7b81292a4c5546ac8ca0c437a01e07d841075de4bc367f6d2871730857ec7fd567173b2671cf5e11d29a34af3e6f88de74357bd6ef08ca25b974a2fc74e08a357d7d79f731a6300edd1ae2642c4292cb17d57d848e60ed93b06c667cd260ecfdc647e7e9c6c27ee5ff5a07f103b18db12f55ce5a4f5f65eece190e7966dcd73f6dbe6f36401b5ba614289f8eda6dd1f2af4545ebb012071a9f00d573a18617f609e8ecdb6271a24cad12a6fcc7b93fa9c4a9bf2c90aa25d68313766e88a59fa02bd04ff5cf530336301507bd28656086d", 0xd4, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[])
r5 = fcntl$dupfd(r4, 0x406, r3)
ioctl$EVIOCSABS20(r5, 0x401845e0, &(0x7f0000000040)={0x7f, 0x0, 0xf2ec, 0xb45, 0x1, 0x101})
openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x20002, 0x0)

2018/05/24 23:57:47 executing program 5:
r0 = getpid()
r1 = getpgid(r0)
migrate_pages(r1, 0x2, &(0x7f0000000000), &(0x7f0000000040)=0x1)

[  729.563463] binder: 15477:15497 transaction failed 29189/-3, size 24-8 line 2971
2018/05/24 23:57:47 executing program 1 (fault-call:2 fault-nth:1):
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f0000a1cffc))
madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008)
clone(0x0, &(0x7f0000b53000), &(0x7f000084effc), &(0x7f0000c35ffc), &(0x7f0000b3bfff))

[  729.602143] binder: 15477:15478 ioctl 40046207 0 returned -16
[  729.645980] FAULT_INJECTION: forcing a failure.
[  729.645980] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  729.658060] CPU: 0 PID: 15509 Comm: syz-executor1 Not tainted 4.17.0-rc6+ #65
[  729.665359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  729.674732] Call Trace:
[  729.677326]  dump_stack+0x1b9/0x294
[  729.680959]  ? dump_stack_print_info.cold.2+0x52/0x52
[  729.686146]  ? kasan_check_read+0x11/0x20
[  729.690288]  ? rcu_is_watching+0x85/0x140
[  729.694431]  should_fail.cold.4+0xa/0x1a
[  729.698484]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  729.703583]  ? kernel_text_address+0x79/0xf0
[  729.707988]  ? __unwind_start+0x166/0x330
[  729.712137]  ? unwind_get_return_address+0x61/0xa0
[  729.717065]  ? find_held_lock+0x36/0x1c0
[  729.721147]  ? check_same_owner+0x320/0x320
[  729.725463]  ? rcu_note_context_switch+0x710/0x710
[  729.730390]  ? __might_sleep+0x95/0x190
[  729.734377]  __alloc_pages_nodemask+0x34e/0xd70
[  729.739045]  ? rcu_is_watching+0x85/0x140
[  729.743200]  ? __alloc_pages_slowpath+0x2db0/0x2db0
[  729.748231]  ? rcu_is_watching+0x85/0x140
[  729.752380]  ? rcu_pm_notify+0xc0/0xc0
[  729.756267]  ? copy_process.part.38+0x16c4/0x6e90
[  729.761130]  ? rcu_read_lock_sched_held+0x108/0x120
[  729.766151]  copy_process.part.38+0x509/0x6e90
[  729.770730]  ? attach_entity_load_avg+0x850/0x850
[  729.775575]  ? lock_acquire+0x1dc/0x520
[  729.779543]  ? alloc_set_pte+0x1013/0x1600
[  729.783769]  ? graph_lock+0x170/0x170
[  729.787559]  ? graph_lock+0x170/0x170
[  729.791354]  ? print_usage_bug+0xc0/0xc0
[  729.795415]  ? __cleanup_sighand+0x70/0x70
[  729.799642]  ? find_held_lock+0x36/0x1c0
[  729.803700]  ? print_usage_bug+0xc0/0xc0
[  729.807757]  ? find_held_lock+0x36/0x1c0
[  729.811816]  ? graph_lock+0x170/0x170
[  729.815611]  ? __lock_acquire+0x7f5/0x5140
[  729.819852]  ? graph_lock+0x170/0x170
[  729.823643]  ? __lock_is_held+0xb5/0x140
[  729.827702]  ? debug_check_no_locks_freed+0x310/0x310
[  729.832898]  ? __lock_is_held+0xb5/0x140
[  729.836966]  ? __account_cfs_rq_runtime+0x600/0x600
[  729.841980]  ? set_next_entity+0x2ae/0xaf0
[  729.846204]  ? debug_check_no_locks_freed+0x310/0x310
[  729.851388]  ? update_load_avg+0x2570/0x2570
[  729.855796]  ? __enqueue_entity+0x10d/0x1f0
[  729.860117]  ? graph_lock+0x170/0x170
[  729.863917]  ? pick_next_task_fair+0x97c/0x1780
[  729.868584]  ? graph_lock+0x170/0x170
[  729.872380]  ? find_held_lock+0x36/0x1c0
[  729.876441]  ? lock_downgrade+0x8e0/0x8e0
[  729.880585]  ? finish_task_switch+0x182/0x840
[  729.885079]  ? kasan_check_read+0x11/0x20
[  729.889219]  ? do_raw_spin_unlock+0x9e/0x2e0
[  729.893619]  ? do_raw_spin_trylock+0x1b0/0x1b0
[  729.898195]  ? compat_start_thread+0x80/0x80
[  729.902597]  ? _raw_spin_unlock_irq+0x27/0x70
[  729.907089]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  729.912099]  ? trace_hardirqs_on+0xd/0x10
[  729.916240]  ? _raw_spin_unlock_irq+0x27/0x70
[  729.920728]  ? finish_task_switch+0x1ca/0x840
[  729.925225]  ? finish_task_switch+0x182/0x840
[  729.931164]  ? preempt_notifier_register+0x1e0/0x1e0
[  729.936266]  ? lock_repin_lock+0x410/0x410
[  729.940499]  ? __schedule+0x809/0x1e30
[  729.944383]  ? __sched_text_start+0x8/0x8
[  729.948524]  ? proc_fail_nth_write+0x96/0x1f0
[  729.953010]  ? proc_cwd_link+0x1d0/0x1d0
[  729.957069]  ? find_held_lock+0x36/0x1c0
[  729.961123]  _do_fork+0x291/0x12a0
[  729.964672]  ? fork_idle+0x1a0/0x1a0
[  729.968383]  ? schedule+0xef/0x430
[  729.971913]  ? __schedule+0x1e30/0x1e30
[  729.975885]  ? __sb_end_write+0xac/0xe0
[  729.979855]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  729.985386]  ? exit_to_usermode_loop+0x87/0x310
[  729.990050]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  729.995580]  ? exit_to_usermode_loop+0x1ef/0x310
[  730.000339]  ? syscall_slow_exit_work+0x4f0/0x4f0
[  730.005176]  __x64_sys_clone+0xbf/0x150
[  730.009146]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  730.014167]  do_syscall_64+0x1b1/0x800
[  730.018048]  ? syscall_slow_exit_work+0x4f0/0x4f0
[  730.022885]  ? syscall_return_slowpath+0x5c0/0x5c0
[  730.027810]  ? syscall_return_slowpath+0x30f/0x5c0
[  730.032742]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  730.038098]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  730.042934]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  730.048111] RIP: 0033:0x455a09
[  730.051285] RSP: 002b:00007f5ef905dc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  730.058993] RAX: ffffffffffffffda RBX: 00007f5ef905e6d4 RCX: 0000000000455a09
[  730.066251] RDX: 000000002084effc RSI: 0000000020b53000 RDI: 0000000000000000
[  730.073513] RBP: 000000000072bea0 R08: 0000000020b3bfff R09: 0000000000000000
[  730.080781] R10: 0000000020c35ffc R11: 0000000000000246 R12: 0000000000000013
[  730.088041] R13: 0000000000000052 R14: 00000000006f4850 R15: 0000000000000001
[  730.105366] binder: undelivered TRANSACTION_ERROR: 29189
[  730.113381] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:48 executing program 3:
r0 = syz_open_dev$sndseq(&(0x7f0000dcc000)='/dev/snd/seq\x00', 0x0, 0x0)
read(r0, &(0x7f0000000300)=""/28, 0x1c)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4", 0xa9824f69d1376637, 0x10800a})
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f000019ffe9)={0xc1})
ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000080)={0x0, 0x0, 0x5})
syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x6, 0x20001)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r0, 0xc08c5335, &(0x7f0000000140)={0x0, 0x0, 0x81, 'queue0\x00', 0x7f})
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x0, 0x0)

2018/05/24 23:57:48 executing program 5:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x5}, 0x1c)
r1 = gettid()
r2 = fcntl$dupfd(r0, 0x0, r0)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)=<r3=>0x0)
readv(r2, &(0x7f0000000040)=[{&(0x7f0000000280)=""/176, 0xb0}], 0x1)
syz_emit_ethernet(0x3e, &(0x7f00000001c0)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, [], {@ipv6={0x86dd, {0x0, 0x6, "50a09c", 0x8, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @local={0xfe, 0x80, [], 0xaa}, {[], @udp={0x0, 0x0, 0x8}}}}}}, &(0x7f0000000040))
timer_settime(r3, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r1, 0x1004000000016)

2018/05/24 23:57:48 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]})

2018/05/24 23:57:48 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0063404000000000000000000000099c000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:48 executing program 2:
r0 = socket$inet6(0xa, 0x2, 0x200000088)
setsockopt$inet6_int(r0, 0x29, 0x42, &(0x7f0000000040)=0x1bb9, 0x4)
recvfrom$inet6(r0, &(0x7f0000fbef6d)=""/185, 0xfffffffffffffeba, 0x0, 0x0, 0x1fe)
r1 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x2, 0xc002)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000540)={<r2=>0x0, 0xffffffff, 0x4, [0x100000000, 0x6, 0x2, 0x8]}, &(0x7f0000000580)=0x10)
getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffff9c, 0x84, 0x22, &(0x7f0000000840)={0x5, 0x200, 0x80000000, 0x10000, <r3=>0x0}, &(0x7f0000000880)=0x10)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f00000008c0)={<r4=>0x0, 0x9, 0x10}, &(0x7f0000000900)=0xc)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000dc0)={<r5=>0x0, 0x6, 0x10}, &(0x7f0000000e00)=0xc)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffff9c, 0x84, 0x18, &(0x7f0000000e40)={<r6=>0x0, 0x21}, &(0x7f0000000e80)=0x8)
sendmmsg$inet_sctp(r1, &(0x7f0000000f40)=[{&(0x7f0000000080)=@in6={0xa, 0x4e22, 0x7f, @local={0xfe, 0x80, [], 0xaa}, 0x2}, 0x1c, &(0x7f00000004c0)=[{&(0x7f00000000c0)="416ad43a230ea145e6840559aab1827dda8a04bfc52e64104f6be7efb739ad09df1bd0f912776a94720f04a263192cdc7245061b106feb50849f8b996008c1a56449fce16818a09de5dbc12a6c469575659d52afa8ecca09d075bd6e72af8d37ea51a84a5ba53501d179fce1b273b8f8cbc1ee53d593cf8614243166ef9fa411468335e731779decf52a9cb1fe4ca721d452c8f139a6fe9e", 0x98}, {&(0x7f0000000180)="fb2fa8814e40b679fbb8c74aafc31c9fe1b3a1c3c5e9dce573e22ea60327f8361f95f477a600540315c194d95d29509c6898cfba87ad6fae283b601c202130567799b24864ffc1c9297044415b734dbb274f9d3dacb58bf53e9ea622ddcc24a9111a2442bbb4c2fe0ef6825d9a80be34b89b90776e4680b21c2b45f7f971843993b530c6a249e01a0cdd7b3175b3a3", 0x8f}, {&(0x7f0000000280)="cac9e0889d7973092a724bfc0100616e5d7da0b7f28573979a038d9d82dd1af27588e451632d997c361928745e71a1f4534e33e8326510fdf13514c516d9762ec8bdf08570c06831b59a89d08ea6c0ddd4b4060549c6a44e8f5d270e2c7f9a3bc62a91fa6b6e88372f75db5f006a4c410866c88e78bb76d91944fd", 0x7b}, {&(0x7f0000000300)="59a8338dea3d06ed811eac76e336d03877ffe977bb213d81a930b8a85be9760c8fa70cc19e09436c5c354dc31f8ca47fecb3fd04b36c800c097073def1b6c83a1b5743b58f45edfc903ce143129dec4025ba9ca2f2eeb190266851949731f5dee3c03fa0489115aae141688a7d02e5c778e34e437d5f2ed0ee46b39516e7c65de084150b3f38949384df2df5d36a7c40a118f4ba85911d98ff15a976a0c6cb0358e0bfff8984ee352f6b120563c44eb5a4facb0d038b7d", 0xb7}, {&(0x7f00000003c0)="01d3a044ba6e5ae376fb9e05d1b1c2bc6ad0c21f99241581c066e6016bf9648b9161442c051e439dab6241ede1e2788ecdc05fff497793cb0b349cceeb365fb46b6aa048157845db2c76ae4efc3ef3150d2582050f07172d1716a63c7774f13f2a68071c1837a2b173e19ceb741a084297848d3b2a6f8b31c10efb60421a8aef921d7f3bbd7899aa8864fb515a8d555ed161ac84ef5489c91687ec36de86a3758bf4a88dc26009df076d3e65b7d88d75994a7f3b9b58ee1402553417ef926aadf602fd63da2b3563e07b1efd05", 0xcd}], 0x5, &(0x7f00000005c0)=[@sndrcv={0x30, 0x84, 0x1, {0x20, 0x8, 0x8000, 0x200000000000000, 0x0, 0x4, 0x8000, 0x2, r2}}, @dstaddrv6={0x20, 0x84, 0x8, @loopback={0x0, 0x1}}, @dstaddrv4={0x18, 0x84, 0x7}], 0x68, 0x48000}, {&(0x7f0000000640)=@in6={0xa, 0x1, 0x8, @empty, 0x2}, 0x1c, &(0x7f0000000800)=[{&(0x7f0000000680)="0c08e0e1a5d468eb2667c3ec9ccb55adbe80bc81204f64f831a183c9bc74e9e6d080c5e1362ea40412ff5b96ca25e08d5cdfd396c1e8355970df0391eca6dd638f4795a2f1bde0ad9126e1b44a57ef256c87388d5bae891227c2925a9bbde2e6ec90cbc4e0d248cb38eaa6aacba7ae31fda371293dcb08c22202d8de5dfad808c97e2960a33981bd2d42a569b1a7e89520c4f33d5a5befa0fbba2289085a18e960e52f8a", 0xa4}, {&(0x7f0000000740)="160ef2f573cb7971244ef70dad0d41a0c7", 0x11}, {&(0x7f0000000780)="f0610f23700483976b5b81a9c26e11e0d24a818f5c76afec0a437657ee1af29bc8df9748c5bdf039a014bbb342c043f98043005d9b0c77a9826c64f83b9e", 0x3e}, {&(0x7f00000007c0)="bd1ab670d5eee064b710", 0xa}], 0x4, &(0x7f0000000940)=[@dstaddrv4={0x18, 0x84, 0x7, @multicast2=0xe0000002}, @prinfo={0x18, 0x84, 0x5, {0x30, 0x8001}}, @sndinfo={0x20, 0x84, 0x2, {0x2, 0x0, 0x1ff, 0x2, r3}}, @init={0x18, 0x84, 0x0, {0x40, 0x400, 0x101, 0x8}}, @dstaddrv4={0x18, 0x84, 0x7, @local={0xac, 0x14, 0x14, 0xaa}}, @sndinfo={0x20, 0x84, 0x2, {0x7f, 0x8000, 0x7fff, 0x1, r4}}], 0xa0, 0x44801}, {&(0x7f0000000a00)=@in={0x2, 0x4e24, @loopback=0x7f000001}, 0x10, &(0x7f0000000a40), 0x0, 0x0, 0x0, 0x8895}, {&(0x7f0000000a80)=@in={0x2, 0x4e23, @rand_addr=0x7}, 0x10, &(0x7f0000000c00)=[{&(0x7f0000000ac0)="9f7a6220033b3ad5e3448b93e5165386e67e24702c500bf1d5d113593738085c600ee5da7d70790420213308c29c11f5982bb9c37e289e6c579e19c950c1d7c50e317909544f649571d7109c4e984cc07cf44a953ad0b749f6b043088eb1463bd1a4db2d4ad9c9fb484dd69e800d41", 0x6f}, {&(0x7f0000000b40)="8fc9cc483ccce6d450f519fcfa0893e568236a2aabce8c0dd32eb024d5b45621c9b342834fa42d24096a4802fe07838f44350fced45191a6b1da4aec54731531ddc2f6818ae17b168a767428b39396ff90c71cbcc7698f217c15f6a7d9fb554c52bbda927031a41c39a2d1d2877c112fbb0a97f3633b937e075b5b5a590d3f2370c827c9624630dca980e4e1f771434fd5919d", 0x93}], 0x2, 0x0, 0x0, 0x40000}, {&(0x7f0000000c40)=@in={0x2, 0x4e20, @multicast2=0xe0000002}, 0x10, &(0x7f0000000d80)=[{&(0x7f0000000c80)="ce3538de460c82579c", 0x9}, {&(0x7f0000000cc0)="555ec5db1e4935198a1b35744cdaf5664a02c9bf8dc212913df85e7c8ef86297cc17213414db6889839be21c2adf5fb4cc38d9abea2da247", 0x38}, {&(0x7f0000000d00)="7f19b164e0d63d228c18ba99be6723a4775a06769f911886523438a3f9c5d33fbea5c4b973a90a132ad88f8939756dfa900338d93ff488d6e6c6bf77a25551f872cc69", 0x43}], 0x3, &(0x7f0000000ec0)=[@sndinfo={0x20, 0x84, 0x2, {0xc7, 0x800c, 0x1, 0x24e, r5}}, @sndrcv={0x30, 0x84, 0x1, {0x9, 0x3, 0x4, 0x3, 0x0, 0x401, 0x7fff, 0x6, r6}}, @dstaddrv4={0x18, 0x84, 0x7, @dev={0xac, 0x14, 0x14, 0x10}}], 0x68, 0x80}], 0x5, 0x1)
r7 = socket(0x2000000011, 0x2, 0x0)
ioctl(r7, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
bind$inet6(r0, &(0x7f00008a8000)={0xa, 0x4e23}, 0x1c)
r8 = socket$inet6(0xa, 0x8000000000000802, 0x88)
dup3(r7, r0, 0x0)
sendmsg$inet_sctp(r8, &(0x7f0000a29000)={&(0x7f00005dafe4)=@in6={0xa, 0x4e23, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c, &(0x7f0000fc8000)}, 0x0)

2018/05/24 23:57:48 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffff9c, 0x84, 0x1a, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYBLOB="400000005338e4ab8aace94b21ee05ff1e1c6e5a43d80c7a09c2e35100000000000000000000000000"], &(0x7f0000000340)=0x2)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000580)="d34c630e9afaa310c9d16add02b4c73e3625e6f83d4d1453ccd337fb121b36d3a507bbbbaaad84c43efdcaee806b3ab4d4032820351d4907ad6d7625c9b471537baee582e3c1557eae7bd67077b056bb99e3fe486b7e7e7ac684e1e7b72a81e39e8b477fad180d2e8d25a05a7b8f3581b99b6104b4471116ffae75fa3e3485cfe40d7d1adbb4be987ebe175fb077abe7b5d0f30479d153c2982037654bb4fccc2b6c1c39ec66c1dd9c9f5845e0c95e27e056394c0a9f3aad07c86d4db58d5d5e21fa7ac9b36531b1df636556302403ba01c96b77d7f1cc3e494babf1e046ca454ddd919641a4653a3242e4a54a93e080bd7d327b676ddc3932c3b4ba2f71ac9526d7cf7d3bb85aad0e5a167afd69eb74e81c3e6971368668ac02ba0648cabbf85817ccec0348dcf7af64068a329c7782b535daa747e8806d846e5bac586d7f6d107f3e393639cadb82e30407850e7fc31d3735e07b68dbde92fdcd1141528a20c05fdd229ed7a1337a7986b0bad02f64c8e606e70ea809159256bf902a85d2a04697ee9e4a7e5de0daec079152247c8ff48876dec1455cf9f603d792960abcd2e5965e4af8a5aaddba2a070394a834444a63e4543367a8cc37167a037e332ff84c910b1db0b10f03a84a8f283a278e888605b52cad8b7773a5df4a602afdf1775bde69889ab303a255f3b238f49790cd36a3ec972202a872bd004d919e9fab30a9a70f81e83cbf47c0abcdc919bdbc7332b75058b8e4ae66e1ec889fa6e3df885bd777ce2da1d0ed31caf7960daf0123d142b5eb6571ba89086b17468da389ca5310dc2117fa671298c3d3ac3dcd32790a8765f668fbfa1e7623b8b8eca15952108146cfdb1e79a5affddbcfc50890c146a6571b6fb32b6d06b27598cbf1a4d56b83a2b094926c48135c4440fc643aa6a46eb824bb94860b4d5112d145c477f73dd90a59a017c30b75cd734e42edc555b5e3decac8762070629b11bf2e168bd2d092e3916d409536f2d870f593b3b4e893ad96c065c2c80eb21d45cd5dbff67396041f90e16b24f632bd3efad8d5e5a6474ee3e35aed759cc28d58feecf163bb3a52dcd9fde3e0451215462d5bfcc68b86e3f4192022eac70f2ef88356771bdd6eac8003bee9968ec94742b8c3a99de051c74f4ebffadf1a39dcbbd8dcd8f44e0063d8f68fcaabedccec1161da6d234647868c438ef3349ad54d7d031eea625850d904a1afc3a909788d9db621d815426e4eeab705628625a86a03249a8001e9d812935a634caadad10d3ca7344373590b462ae9991400f0b76f099dad7bd24a26e3a8ee5d866f08ee525898e0c488942e72b985c27bf5560842deb5a0cd0e86b593057da16aaa9aeae84ccc905e7a53b8d77af2397656278cb2689a7b6554fb80814be13ec2a3a3fabaae98f1d94feafb0ce3e1d63d651bfa094fd50594a7ca3ca598dc8804ca2fc6ca90eda62035ae1f1ea61040a6b0175b8c19c4618af4131d9200a5cb302692129e5633aae500a2e224d92e8f365d3c6d14a76cb6b421f8bfbb50e901c29c350dec15af6f6da52af2edfafbf9383c68ee197eaf00859ecdee570875804e3af445a21697c0db5e950fa132bc865d298af5002c439900607119e61c1859d650b8f09f0111d39ca4d32b8dfef8cc1ed5b246e954ca4bbe0dc76ae76742e3012798b48a1c476adff5ddd28cda10ea58a5e62ba70a453939179815754295a43b20a453e412a4bd318f542c0cae7530cdd7b14d608117bd3433e6d75a870e84a6bf6a84d1f264ffb50cf96939a50775c5cef0f40d8cf45c69d08cc3056683f89948dae86e5892c3cbea5dad1a6f6153a9752ccbd889be0332f2064103b01351d6dca2f0cc81ac78167388c0b4536567933ed9af576cb4f3a05997a702b5bb9ab42d90f9ac0f7f419b5b6846a29eaad6775e5fc265ea01a1d328df7ccfc6f8deda7d4f7e3547d9acc71124b1e27029976a164a223e256d0fdbb8cd4190a5f0a61cebf3d138b9f0ed37e1b2386835db1238f08a95ab77dde9c8eba53604848dc3770ca29f574a2e386e04554df72bf636189bfce5328e3b31cc3746b6d62d89d493621d74c95e2c1d4e7b86e6002d47f82a61c80f5709ac25be1b6767bf6712c1dba8a9be8908b65b308e3f2c02432023849777da8d6e9fe0d20032dc1127038ee5cdbd434da56db8e4feffff7d8b29ffeef0511dc723f960d1519ff0b39811cbfd44601517a4191c7d85abddbbf5ea8aa8fe69555867fd11cc11f40a0c9592280b3639935eef5e8e428b54a38ae48bf9ffcf279948821414e865970ddf7f27aea1a6242a52529121d68248fe23df069e8ff1d9db97f9a864a1da2eb7b1873c59befc28e97971d053107e9bf21bbe35270458590879a46fa50e2fa16d8851379eae6efd76aa5be74b8ff2dd9231ff7ec600dffbbb1d074bb4d63cf3ac566cab45710de19ffbc94e16906147e7e993b3e7fd1d571ea10df82d7ec0956c0318861e48e351681068dc49c99246f565b83331978eee921353537469f7f826944427224a1d4c01f6d4d87fd5afd2beb722115c33cbf9654e92dea6d07c137441132f64209243362f6be02aef267dac9f28c8dea2ae91c0972f614e50635c0665c97a914913823b47bd66b21dc57a2db0140b57f6fc2b4620524cc85ece4e5a0a0edc2542dab895f2db45dffe4512b27d41d2d024ce72fcb31156c314ddc34bae3631dc7b31e2a55d4372bed7299be20a17efcf9797ac80562e6470aca7259ea7d659e95494510517f9e60a007776440c3227aefd0e306361abfcba746f6fad5829de58444f5e3003f7b312c5fbeed51d7f03165cbb301fc569d92ace5ea3d78cda3ad0d2f1ef90d791fb2f0e30f8fda1df2abf0ed278fde0ee51a4346ec94b79f37bab3d392d46dc418cc279be45ef518b7b40bd47037e903106a5b61b66a8eb40f6a5be513fc3c37ab02d22566314a1890b5ac6e9a29a40dc909f45568d3c13b2eaa3864c6c1ac84d8a91dc8f905f4a86edfe28c0ed10a9e79d39b350a28c54b3a3f025b43f78ec8d0a30c65ececce6330dcb1594f780b8eb3b17309e36c54a8f0ccf1484e389a1cd2ed448c0bb7e4098c1d9dbe4873a0c5b553ed0cc33a8789d40fa06d12b0a70b4bca6fc014bb08232d058b97b2e9a872b0dcf6f988555c333e1c855223883b6f2cdd33dbc6d928d5fc76e4a1d2bf52aab5b54edf4b29f5d59d8c11284a5aa9195bce9a96a50bf96c2013e292cf969354737095eb09e814fd97ed92d0c482259c739e0971201fa4bf8b97b8a38f54b4d27f662ff6c6b9b5bfdd0ec4d9ee6ff47de479707fd034f3c9f27f4c3166fe0d0bca72eedb8c2672d27a7533d1851b3031c255a318c4bf2f547e3813275de7f6e1bc2f389d5b625a472a8381c75c2e3e5826673e8850e59af660fd6bb1e198d0bca34daaddad210df15982d5d59ca27ec99152a3dad4ad6ee136daf7da6447bb9021b7f38a5c62048bb290aec5e1fcef7730d73044bf9e4bc83f437f631174b5cbc7c1b754a5b55be5f58123372102075cd0b0c14824b029795040596c71fec940cb5e1b100081bc9be3c43a02cc388399c6a337d89d7bdb74c297058bf05fbd8f5066890ce08f796f0ac55d3", &(0x7f0000001580)}, 0x20)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x0, 0x0, &(0x7f0000000040), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
pipe2(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000003000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, &(0x7f0000000080)="650f90f3ba6100b80800ef0f0d79f20f08650f06f466b8330000000f23d00f21f866353000000a0f23f8660f382062dd0f0866b87f0000000f23d80f21f86635c00000900f23f8", 0x47}], 0x1, 0x0, &(0x7f0000000140), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2018/05/24 23:57:48 executing program 1 (fault-call:2 fault-nth:2):
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f0000a1cffc))
madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008)
clone(0x0, &(0x7f0000b53000), &(0x7f000084effc), &(0x7f0000c35ffc), &(0x7f0000b3bfff))

2018/05/24 23:57:48 executing program 4:
set_mempolicy(0x4003, &(0x7f00003ccff8)=0x10003, 0x7742)
mbind(&(0x7f0000008000/0x4000)=nil, 0x4000, 0x1, &(0x7f000000b000), 0x4, 0x0)
mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, &(0x7f00002dfff8)=0xffffffffffffffff, 0x1000000000001, 0x2)

[  730.629710] binder: 15530:15532 got transaction with invalid offsets ptr
[  730.663964] binder: 15530:15532 transaction failed 29201/-14, size 24-8 line 2999
[  730.668352] FAULT_INJECTION: forcing a failure.
[  730.668352] name failslab, interval 1, probability 0, space 0, times 0
[  730.683114] CPU: 1 PID: 15537 Comm: syz-executor1 Not tainted 4.17.0-rc6+ #65
[  730.690415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  730.699780] Call Trace:
[  730.702377]  dump_stack+0x1b9/0x294
[  730.706011]  ? dump_stack_print_info.cold.2+0x52/0x52
[  730.711214]  should_fail.cold.4+0xa/0x1a
[  730.715277]  ? rcu_bh_force_quiescent_state+0x20/0x20
[  730.720470]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  730.725568]  ? memcg_kmem_charge_memcg+0x74/0x110
[  730.730407]  ? percpu_ref_tryget+0x2b0/0x2b0
[  730.734812]  ? find_held_lock+0x36/0x1c0
[  730.738892]  ? check_same_owner+0x320/0x320
[  730.743292]  ? rcu_note_context_switch+0x710/0x710
[  730.748212]  __should_failslab+0x124/0x180
[  730.752440]  should_failslab+0x9/0x14
[  730.756231]  kmem_cache_alloc+0x2af/0x760
[  730.760371]  ? rcu_is_watching+0x85/0x140
[  730.764518]  ? rcu_pm_notify+0xc0/0xc0
[  730.768403]  prepare_creds+0x78/0x3e0
[  730.772196]  ? abort_creds+0x170/0x170
[  730.776072]  ? __raw_spin_lock_init+0x1c/0x100
[  730.780661]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  730.785675]  copy_creds+0x7b/0x470
[  730.789208]  ? lockdep_init_map+0x9/0x10
[  730.793264]  copy_process.part.38+0xcf9/0x6e90
[  730.797841]  ? lock_acquire+0x1dc/0x520
[  730.801809]  ? alloc_set_pte+0x1013/0x1600
[  730.806040]  ? graph_lock+0x170/0x170
[  730.809832]  ? print_usage_bug+0xc0/0xc0
[  730.813898]  ? __cleanup_sighand+0x70/0x70
[  730.818125]  ? find_held_lock+0x13f/0x1c0
[  730.822272]  ? print_usage_bug+0xc0/0xc0
[  730.826321]  ? lock_downgrade+0x8e0/0x8e0
[  730.830458]  ? unlock_page+0x1d0/0x2b0
[  730.834336]  ? debug_check_no_locks_freed+0x310/0x310
[  730.839528]  ? print_usage_bug+0xc0/0xc0
[  730.843581]  ? filemap_map_pages+0xcd4/0x1870
[  730.848072]  ? debug_check_no_locks_freed+0x310/0x310
[  730.853254]  ? find_get_entries_tag+0x10a0/0x10a0
[  730.858090]  ? __lock_acquire+0x7f5/0x5140
[  730.862315]  ? debug_check_no_locks_freed+0x310/0x310
[  730.867500]  ? debug_check_no_locks_freed+0x310/0x310
[  730.872681]  ? print_usage_bug+0xc0/0xc0
[  730.876731]  ? graph_lock+0x170/0x170
[  730.880525]  ? graph_lock+0x170/0x170
[  730.884311]  ? lock_acquire+0x1dc/0x520
[  730.888274]  ? __fdget_pos+0x1a9/0x1e0
[  730.892179]  ? graph_lock+0x170/0x170
[  730.895972]  ? __lock_acquire+0x7f5/0x5140
[  730.900200]  ? find_held_lock+0x36/0x1c0
[  730.904257]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  730.909792]  ? _parse_integer+0x13b/0x190
[  730.913933]  ? graph_lock+0x170/0x170
[  730.917731]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  730.923257]  ? _kstrtoull+0x180/0x230
[  730.927052]  ? _parse_integer+0x190/0x190
[  730.931193]  ? graph_lock+0x170/0x170
[  730.934983]  ? lock_release+0xa10/0xa10
[  730.938973]  ? check_same_owner+0x320/0x320
[  730.943285]  ? find_held_lock+0x36/0x1c0
[  730.947335]  ? graph_lock+0x170/0x170
[  730.951149]  ? lock_downgrade+0x8e0/0x8e0
[  730.955291]  ? find_held_lock+0x36/0x1c0
[  730.959346]  ? lock_downgrade+0x8e0/0x8e0
[  730.963493]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  730.969030]  ? proc_fail_nth_write+0x96/0x1f0
[  730.973522]  ? proc_cwd_link+0x1d0/0x1d0
[  730.977583]  ? find_held_lock+0x36/0x1c0
[  730.981643]  _do_fork+0x291/0x12a0
[  730.985181]  ? fork_idle+0x1a0/0x1a0
[  730.988901]  ? __lock_is_held+0xb5/0x140
[  730.992982]  ? __sb_end_write+0xac/0xe0
[  730.996957]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  731.002486]  ? fput+0x130/0x1a0
[  731.005756]  ? ksys_write+0x1a6/0x250
[  731.009547]  ? __ia32_sys_read+0xb0/0xb0
[  731.013598]  __x64_sys_clone+0xbf/0x150
[  731.017565]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  731.022574]  do_syscall_64+0x1b1/0x800
[  731.026451]  ? syscall_slow_exit_work+0x4f0/0x4f0
[  731.031285]  ? syscall_return_slowpath+0x5c0/0x5c0
[  731.036210]  ? syscall_return_slowpath+0x30f/0x5c0
[  731.041143]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  731.046507]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  731.051353]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  731.056541] RIP: 0033:0x455a09
[  731.059722] RSP: 002b:00007f5ef905dc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  731.067435] RAX: ffffffffffffffda RBX: 00007f5ef905e6d4 RCX: 0000000000455a09
[  731.074700] RDX: 000000002084effc RSI: 0000000020b53000 RDI: 0000000000000000
2018/05/24 23:57:49 executing program 4:
creat(&(0x7f0000000040)='./file0\x00', 0x0)
iopl(0x0)
unshare(0x400)
io_setup(0x2, &(0x7f0000000280)=<r0=>0x0)
eventfd2(0x0, 0x0)
io_submit(r0, 0x0, &(0x7f0000000340))

[  731.081960] RBP: 000000000072bea0 R08: 0000000020b3bfff R09: 0000000000000000
[  731.089219] R10: 0000000020c35ffc R11: 0000000000000246 R12: 0000000000000013
[  731.096477] R13: 0000000000000052 R14: 00000000006f4850 R15: 0000000000000002
[  731.106644] binder_alloc: binder_alloc_mmap_handler: 15530 20001000-20004000 already mapped failed -16
[  731.118117] binder: BINDER_SET_CONTEXT_MGR already set
2018/05/24 23:57:49 executing program 1 (fault-call:2 fault-nth:3):
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f0000a1cffc))
madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008)
clone(0x0, &(0x7f0000b53000), &(0x7f000084effc), &(0x7f0000c35ffc), &(0x7f0000b3bfff))

2018/05/24 23:57:49 executing program 4:
r0 = syz_open_dev$tun(&(0x7f0000000280)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={"d202b999cf85000000000088f301e710", 0x102})
ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000000)={'vhan0\x00', 0x400})
ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f00000002c0)={0x1, &(0x7f0000000100)=[{0x35, 0xfffffffffffffffe}]})
r1 = syz_open_dev$tun(&(0x7f0000000280)='/dev/net/tun\x00', 0x0, 0x0)
personality(0xf)
r2 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x9, 0xc0000)
sendmsg$kcm(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="9614b36bc80c0ee1f65a2751bd07b5f06f750a87585696f575aeb20828ea11d477e2c747768ff4085d27e1b2d611ab153d5a027ad959583099b408c8afa16b21ee39d5edbe35dfbd071e47a0ed9303adfeae8f074069d2f457ac761b3774c9e3d1b7c9dcabd2b26f4242169b611a6ffb09f0e8dc77a94510a3640c51a3783060e54c4d08f1bd4837a0f4a7e889b8d9c0f84cd6d85beeb457639ac7d487ae3a0299a68848ca9fe3099df3d4030205266a9840d0a7141cc4392ce1e0cd8b0203334e5956aab1ea4cae76659855bbc6ec3e0ef3a78749184f94e38bc0c9a4dc87e05bd614c430d82e7d3a", 0xe9}], 0x1, &(0x7f0000002500)=ANY=[@ANYBLOB="10010000000000001d010000070000006a452bbfadabdb3a0e2d60b842a3f066fbf5ff6576383b76f3ed49a36f5258e5fc48f1b4a39b8f66b7394f6c4963ec9faf52f80b378bd3c49b159fbea4278ff31d2c7271cf760aa65a3f574a96892725adec1cf522b4f3009441a16719e40fe33c728665ea65737f0e23da82568ed670d17b22b62911dd1c99d0d132cbc4562a52110267c1f643fae4b3b000dab95792337899891af6c70943ab523bd8fa692abb218d81208eeb1308282a8c7731073c26c2d306f4cfb7c693c50e1a669ebf58673060c70feeac127d2edc999c02153a7b0355da8279eeb27c0d0a6eab29aaa290108efa2a878608c9e457899964ee286d7c143cfc935a32b7a2c47f000000001010000000000000ff0100000800000079325d77caaca3788440d60f864edf89dd53e3a6bbc0d0a3b89330557cb63a575c1610159e1e5753c407eaaee995f241afb02d25c64bfa808556107b7d39180a6abc7567ba4c9724fcd5361f4f3462327c6d68d0fc5ec1dc81c617a170e92a5654d2e2f11ec432ccadb6a76c286f7d99e40aafe56c65462ad5bf52fbeff111b3997a41534b32af39e3199808ef10210eb37bb313b0c2cc2ca152ca97332a32e42829973048e8c23fd5220d22eec107d6b994b79bd9317e6e4a222c4480a9647cd8f6117071c7a972766270081c0d871fc57614ac5b4a1f68622c26f11e12615a58779de6f3d9310536e2b33f5fc9c1302e61f452a380d016db108342943551494dc7baa063e5be666cd2eb9959e7b8a3d92047793b04d8855852cbd813ba9d38e08805cef36a36363b0e4ef741bac42efee45f29643201e3148eabc635caf1c95674e10653448576a8116a5d429ac679b1a11771d1ff7756d2a8b1712d7d941b751f5ecfcbf15d2752b9018e955d33cec5a72bc7ee67b6e77048450d2362bfe9e248f64f94bf5e5262619316970590cf57c00a357177a421085a243f622e676ba53da2d9c19cdfc14f5645ca2c74cb99fe0c397a6cba6e27293a958c30129b892d476b276c555335975bff48de517b97489d4d3bc283c911346da66bedd0be87f97fcda6dfd3e4a98358f42f35c9649d3353e0c7a11466b225c5cdc74887f34da8606831796553d60babc749d55a436bafeb861208934586755a7ffd1687c3523fdc3681f53f59b308d2407d5520c50be40932a75e03f93060c29457c026124ec763d28796e1463ddfa8e8de7ed88f71b957f4bd27c6dc545f3b44e67ea5a33fac0f18e11e7578fb96a8b738bf0d07726f58c6198f9c9516ba830e7d44d0b48fe4d5bdc9e545ba7bee5af62fa316a36f9a106dbd9a8f3fe3a872dc1050b00ffb8ccd27c481089ba1f73f797473c561e4d90d0d9f378279608867f8b6b456cb206ce0fd573f9f871bded1a7befcaeab7f94dc2dd78db38029f5e957ef3aef0414118af1986e72bcad2acc75957b0edf7102ad927d69ab0085fb4eef275967ae8cc7ca8329af64543cd533e7bc884f5eace15ffb4262f8d39ef937ef48f33ad71c61c15cf8d9b205bce9e6639b0b9da689c8538992cc15a8bbdf2ec35e90b77b1e8281ef2580900830131402f320815740afbbb5750766f8224e63ea7d13cf21dc3973f757a2e62c48264ad59ece37487d60f38854e6f6fbd14d6281cbf25c46e8fa7426b984c6d2d024097b503809feb37344ff21fbe629cf099a212cf995e0f9e47b16c1012006e8f512d01fab1729c19ca33ff8c4f95e6e4aa8b0a7f108e0d60437dcd89195a9cc1a89f58d13e72491c897a8ecbef686f86424dfca20bc988ec78a2bc197eb05e38a8800eef4cabf5cd41bc0620f1394c5084e0cd8c4e37a84aea4865419486d50db41181c9b2501ad990045f0e41e8c7e766abf17cf23d98bf44c876898b62e6bf9f980ce996ed21fb9aefc1f7ba3c33a299051506cc925a00895fa6865b0be2c14d35ef928f555ae716349913ae7422df5e1db4b7b13cfffa018ec2fdb5b3d03cd16acc0d7573bd1c8c08600eae86da1a3a647ec259289885a97757e943fa903a38ee0d7ebb8672af12d1b85bc7df63393b8603c774a57c51745cc950342240877f2789f0489069950d8383e88de75652339f94fc44e56d6d0b5855d6e3cf5f51602e070b5f97a4f2fca516c7426ab63502807395dc876096785608e32797174525b5383e1c32b329e3548c651d6cfae566699519f04c64b29fbe0416aabb48b0582c27f9e25c75392bc44bed693a9f5b7d3f8cd7267466d8e9757858f6b396a501d29bcc67ba36d682124151b18df235551e8bbbd9d82e3aaaa476b913751ee079f25cd5f4b3b274d9a1363136635ba7a04fab760d7821c78f58cf9f58f231860dc9d639ad9c0b15f9c5b4e28aefa363bbd5ea0faaf749c9324b860b2f0a456870741528acc1b51dbe32941933cfb883167ec708e66d6eaace1539c15c4ae0a4795ac80bece8b0780cdbbd4fcfb64736b61708c6f2666400d4830db25b4279caff9d7c7860cccb7c9590a6b53690d435897cdd3ccfbe175c45683d53247f7d06ccb7940435b7cea4e66a75b755b487b0f74874d18c1bd0faeb5f749e757bfc4c026854468c9c662ef69f4a43bc919fe33b529b4877efccb8a6e94d553805fc37fac610cb497f80e043683167b15649e8e2fe849795e096af894e3bb0121fb69ab563fdd867dfa56ff6a0d567e25fc593c1378eab0d9cfeaccd4ef2dac81b711fc932096dd62841b1dbee57117810d9a8320f46d877464b4fee704f304561af32fbc8bf80ecccf2e4b8f433304762bcee6d958ad1caf6d23e7d64b8ff15268105c90601565e415474df5738d8358f2a3eb23e128948dcd2c206dfc96303aff328a182248e4aaf72e0093491bc49256ca42f6e5fd5a0f94264e3fd89eabfd6cb0d1386eb88b3425d3a2dfdc3f53297a8a89cd07f08b9b21932f1afbaa9d9963bf6d87148bd61f5b0ee8e7f47f285cbce2feb9764993bf9f961875c663e130bf30001426deae02ce2c96dcdb09fbffe4afec86e6bed42ba15f9464c4b58fec8ab6f9e2b2ca0da491a8a0405a3492d0cf51cf44a8dee24cc82452e0ac770232b101dbff92160f782d61a61092c5c055766ee5f46092fd24cf12b3754375dd51ec5db7acddbae82ae1ccd522fc200be37970441877499590b079d892fbd56b5564326d0ca6b7f957d7bbbefb395ff5270de2145748c1ece7018d3ddaee681da670538089877c01543e2dc97cbb24452a713befe8b81cf758478a53b9f4fc0c68e9ded183496fca7561700a77806cdaa7869e17bea9fd1f611fd2b4f57bf1040233c120364dc5be16a3a260ebeef8a5020dcf21de1483b13c5f695719c219334ff86cdcd581fc565f7669f022e11accef7317c7cee7f3da8f77938219b10d50f2cf517a65c72a1a5115efc53bc03911d767992b802fcb8ccbb43f5e978a428c51948f78548810a8a8afb88d4785e7411c31e4b705b41a950c44b8d03be5e6461f190648b75a152af533d448378bbf8b41ef7b8da0f65619f195da60b9defd41074c24c684f5fec690e7b0e3e5e979fb68aea145e5f65791c942a390ad28e6e0ad390a7634ed252370031e4c234c05ea2a40f37474f60ef066083d14cd6fc07a601da0f8723737d0b72a31651f38994946560672bf43b7e22e78d30ee134a96dc72883ff4af7a51ee4015ee1538c43c30f5d821e32a53497e84326f82ea96b60fda03486ab8a1a3a63c2d3db0beb86c5a8c8c08c18399f455036867327006219725e590536ca7d591e825652c53be44509c1e55ed37497d5213f0c06ebe7d99d275216b29e49349349ee9e1bd0473fc72d54aa6618004c32f9dee4621c6338da94ab44e1e52ace057c0205d540cb55c7390dec1bab16f7e95d406a04fbaa9a361abbed71cd10581c696e63d84a8fb43a90905decacad6a8aa1d8fc06cfbe2be8b42273e83b571c1effd6c7eb4af282b69490982956d788f8a0512fde38d232de6010ee7ba4f4d062b96fc47658993f5f26166d584dd669a5dc5ee12abdf6f3584480b5fc99cd26cb397639bff6e2c2e648b691a0a6bb4a26a76b7d5f3592b90c3fcb81c748a3e02480a1601e517634be19f19c40ef9468ecbeac329e516d5b903c29359b349ed7b703f934a6d547d2170fee505e07698c9e8f6b48156968dd4531f8b98b60e044b9b336c3be434b5031b6e96c4a0197b51168cbeaf57b47b02fea0e6f77558c181400e1d1bef293f6bbf446b995d4b57b496b432c1f2656bb1a02f947fdf213af23698c0bf6cfb0eaf8cda4fe7ac3629fd171f17f0b80f947418215789e08dd91228f55f291131376fb239a09ba08554c376500ecf1e17dc6cbed1f4f246a4652159996a849d0ceac93973e0d2f82f11896e7af6d8b06404a23450f8f68c0fc78af8bd3b572f3ff9a83066d6696a9d3d79c00279c5c2ff9010f0a94bc7bcbe6afbf9b9d7a6ec63ecfcddaaf8bfc276644d89f606849e4d70a4f5506e90f7727642016f01151d6ebb6a2e6439bf4deeb810630d60815db7eb49a4093ed9b55ad88719fed4d9ca1ac2ceca2b317ec3194782dfcda2ff267aeab4ed1eb7017d51bd218d33ca6f6e0010c59f8aa9b87b0f5d1694b8754f9be55ad691a4d4cef60510e9accc296f25b0b9cc4dbe8571a728ae9d1627693f7dea94d114be4569dc3f8f5e9bf100d4f53bfc175962d7c909f55108b0073b80ef54bee0ba7687beee5d75bc93a6ad62dbd3644ffd8da3afb3a622faf56049aa4f36a04c64f85b0db3fdb0d81044b87b81abb7adbb3a2fc3b152a86198787da85311ee84ea67a55a2edc6f1d772c812e64eb1b0959fa2bd135254df4f11ca7bb340f81d2fdec82a2ff0f7c9fd4863d7c0e324373065c25f37e5e1cc417ef71bce48c943fb229c4035c104b7ba7d6995fef89d65fc50d1349356a0d32fdd1d4d832e5bb96cb8247a608f11b9f8ce5df880689c6dc53f6e2b60ac3e0791c405daf8643b9148822e45cf2587add4637f2d2940906dbd586aab5358ecef9d0615d7ff5b3850cdbd9573b7fbb7439c082534d6422fda04fbb72f5834790a5eb4aa05889603efab8405a4d11cb869106cd131aba2eb07e25160fd4fa36120c70d678afd83785047f91fd82d0eea85993c62fb6a54de63d26a4dff743ddfac7f73845607b162fdfcf12c410419a74c156e7a18ee99a81a0ce9af345df83afe56d85fbaf364157c9db5eec62859a56979e6b9134c81ec8cb46eebf8ad20098eb0acb6eede012e487c40f42b1f335d905715346a0ecde24d4a688932ea0899a0b8e119c5c4f7f9ac6f900d4dff7a055f6ecd578b13c2fd29931c4321a2c6d4ea585937a7dd5873ebc3cc297da387115e1e81d557b1e31add788c1e2224bba68eddab6b9508a8f42aad5046050001e05e8f8b53b179ac8825f380d481a44c73e4407737179c85ed7dacef6bcf04740791dd9b5ba0e58aa35de8551f8c54c7ee22b597c0caf0004f55212f9d505da1b1fbed89a359e508203d2c2f503a4bb7f7bbe70fcf59d913a2f0aeb7c1ebc36d33c96c8f81d3aac772d893296dbce15929334d8927880d3987b3c274649e1935530438c1ae8c7729a9155578f0e9008a8954c07d805e07b686b2dc3a1fc638882e8b93fc346f09997b09fc1f3c30414aba7717dff0ba9c2db531f4c4be2c20b0fa711380f4001476a88f4b124e209f535a547039480acb0cdf2d075c4773129a90d233bc30f88a018fa350862b6063845353dd159ca49f7b27160014cc54e42873610b4640698ea60df17b7e84d95ba0d5103badd9d7dfd565f4dd18fb3511b6056cb39d6fb78038f2b3bd1a1bcb7c427c9856e3755304201cebdf169befb2dc74c28535c5ea0a806e0cad8bdbf1a84a904f010260a2b51d59edfbc2a3083502fa94c30d44a59b09eea6eb66e61a1f3c77927d16940a6aadb71d5c99ce3ed999c3399f1ebad32bf9416a052372b4417b551a119f4bab0ff07af00e74511df8ea0f22902278eab2e619581d2a3993041735ad0a3fdadb547a85fd0eebfe17523b206b9778fa28614149e997cfe692f7de534448c21aa4f91c245aae5149723ae76429f345443ad9767a45bdd33a294d958cb899939bf354f4931b28417eeaab0ef9b94a0ce445b14a94c115ab691180ab7281c8717e8a46b65d7ec92b43250c056188537d8189cb8454610044dd9238ed99ddfef9106000000000000000170100006b0000000ff323b57fe698be528da19a192c3a26371ffe9477fe39bfaa596a516df0cace92ffab1c5df391dcf389a820db55b3da4e3d434d6ecf444854a9e73b0bfb24e02a89869a965735eb8f26cd550000000010100000000000001e01000020000000c7bb79d160e9abd47a4f629aa373d055f37643a3b4f930b4302ea7205eae9cd5f0a6f7325f7b51fe55d6c810df15fc0138e1a13c7febfc0393442aa268e4429b731ce4580d1a0518dbf80b367f421351775fe713f7feb2110d3e49be3423da0004997d50bb88554b126a75cdbaba8c7dc1a6bb3db359b5a874c2462c2076f3954e382c8a59cc1cd928b3bd363db6676657efddab3725207c09179e90d0a96bd8afb6707e269d04fa780a065558944b388cb8d51af5e2cf4e9f97743baa47fb43a6e17eb0b5d0daa15f36ffa844521de71dba7598ae5a59749ff0279be2cded7dc89ae4cdb42c93afb43221656a0556fe5a159ad87bb2a5181d3c44b5b122b22e0bbe2339a32cbc9ab0f9ebb60e6bd8fe7a8a41ae974af32c4287fced75951c1ae64277450457af4e0e1d2969c366e49fd0846a047605175aecfbc12ff6f9353979ca5eb7d08955aabab1a0c370a6bedc5fadbc0313e046fe5945fe2ea833848ea79270865ea30ea28bfe4dbd0f521bc510262a9fc9a63b3b656b88a0074ebfa4b36fa5d390ee7a203fedbd6f8d61bfdd2d1e1ebe81381f6121eace612f59dbc215a9384fe61f8a49704f5cd8694624b19683f19accbb29bc930ca6faaa4c286661ce36c0c604db8998ac7bbaedf5dcbc58514a903061425c6ad0b489effab09bb149fe9aa4b3bce1c71d72b06767224e7d0d777705a1c671adad43429f08013ca0b8da841dc7c2983cd2bc2b4d70753fd0a6d84f74ca64db994571e9f0ce163169ccf8317965dcf3d75ee5f07f5289a5c3061ecdf9dea6ec925c8cf9ae0bbb8d870b9065295730a0e187911865e2895c06cff7376f4a1e63b55b241de993ad8598d87e1cecbeb4c14ebbdfa2a179897704ea3625808f583ed0331fab6cac270b6c08598a1b1aa490122e7b67b50450f78554ab24be8df20d646a902554d0fc32fa11772cd98750fb592c204da443aa5321fcbc304e98309888b90e90fc4347284a13d4ac2221073c2709da61b437cae90d1d0be9197bad504bdfd89b30e18b2bf485dba35c4c3a6a0f2707f2405661088b8ef535c0c430c6f866ad425ad33fd204ed8b9e140a9b3f7cb4039bd6ea418df476d3d066ed16622fb10e677348b41b214e568e204e6cc31298eeb53c0eb634ebde64a68cd2da7be3fff9c7be6ccf5240a8d3d2fa8c8d5b1eb3c1f7fe040a16a221e40b18ce6f4ddd263d433b1711941a2a089b642be5ce5ca0113388c192270fd9871666e0eaf7484ba95537bd946fba7c2f3a7d2fdd665cfa9de212504bf790d60dd08f3275918cd45d7261ea3dc9c2e40c7cae1338adbe052e01cc12ac5bdfb6158b0d1f86a940575bc98128d152e592831ad35d3bbc97d5761de31709584f75b39d535d5d6ca8afa9e2b073dc7d59b2f09cd8939ced3d094e65fdf0bfb84a13445ddb7cad5c55dd89364b1b1876b1c3dedb554b0ea016553f16897f84d555f58757593ec72f4c22aeaee7fe51a25b2b369ad44276af0eaa6cfc5c4f050c6d6bdf86ef63aad694c622ddb0ecaa677dea79095a49b4a19855b0602ee1bb4c5fb81fd974c0fd3b0961f56000ff40abcf7da601d3db67ac209a518ab3b057e13af37a7d65c9077e14cd8a02019ff2fbf3070b007b42d3c2562e3b29a7c1635775d94a2919241c6fc2e9f34beeceded203213c3627c0d357191eecc255ea464498ba1c7bc6cc76ee08e3221894799845345ed3014ac2e0d46520fafc430aa0d63c1bb703aa2c9c0cefb681e3ca0a237560a9ffcfb8f7ed709a23175fe6006b62d204d7ae29cba10158ce2fa336f923b9c9c13f1ee52c770789762b2d7af66e3a726df32c7486e4975924e53b5ad1a8cfe929a2a979607bee39268462e6b2e85ebf67154f158292c28ee7469cdee87af992480f3bd329cebafe9bb8623411f435f5731f3ace8a0fac0846980b336eb3c03aeb5633e310ff79ef0cfccc4b418d3521a24d0cefea3d965d2e01c4d367cc783091819bcbd18d19160283c710b8d4deda58ae98d356beb7c24ff5fa957613a30048ab44b5a67f3a2284e0f14ff9e481f4e72c5405960db17e566128da667f616ea05581a6ab9bd38e1a16abda26a1a71fbb743ae235b9291f0f7531b9d77a5b536c5635338793f8068d9994341602b34c6e798f012d897944f896794a24c92d46de8086c26178600787cffbb5e3550370df4d4c3e6bd6b75fe43fac564b4854ccf588c78aaf427b6dd042c8536329f8449dc6f507d7cd239ee20834d6c22f4111af03eee3b270d0ccdd4d438d9da0c40dd6a6ebb78186239788d2047e4d88a6f8d44e7586dd2b2502475c218ab84309b6c243b072aa404b9c9dbbe4cb9ce3e960573d224f65994c41c92b5e14d87439e30f1870fe76a821e038df33b3ba1f52c8546208e187f8570c72b024dc51c3725b1f212004b3e2889c18e5e0f190a5b4fe9ae9002f6c422d4bcfe114d93148ba54e91dba4aad2aafa1191c184bcc2295af2bbbf07cb5f70f585b381cf21d2fef349d956f594ff756e2f9d8876212e905d488a5a04fd585a39730bbeb64916862e763594753394f8143299f63754d28896244e0970e1f3f3bd859e082b7f621847083f932f326bc3232efb30cd377d98aa1446c7eedf4476847b642ef3542240246e95d2cb985b4c89efb80833db1576a864cf58b172f890f99c3b54cfaec87fa14ec00c2fb6a75844ae783b7f233872d32586cbc11ed9979722100a197b3fba25075a753a4e1282833886609468fd20682f34aec9acc31a7bd999b1445a8ef15c5e88e3093f134009da57de4928f11fe5eb2520531042dd195dd0c6e240a8ae2d74ba7d8ea6d03a05c4c94b47ca5a9784bd684e98cd7c740b224e02dd01fabfced5dc38f463b6cba5f4d56cd9306c02f38e0e14b16d88a1adac3eb28814793ddec01ddaa365d8603f9f9599552e4f2d7033ce400f3ee0cde9c5ad5798a16f54845d77ec3ccc7495f4a4d8b9a5a315274f0c7b92dba861fc2bfcb83e823d52b25f81ad36eac776e8b60dd2f8c13fe706be0c76f1f8e32e5bb4f6df6366693b4c749d39833f6ede7e8f4d96f0c98424153f09db48b723de6e2548cb0d61a1c2bcbcaf94e7394de10375c7b55d764c7f50d5254638b0514b2f40580ccf4a6e654dfdd29de026d20efc92f8f9d1961cd4fe8e9145d140ebe163648fac7089cd698c7c0a162c5af7150ca6f507eafce0567251e946df63e84b9456a87aba88df0df8d876346826034f9a779915894e8f07274505066a5163e92792d1072321e57791c4e5900e6fef8602732c0a4dcb826fb9278d6020d17798ad1d3da0d32c69b9e47c020f72fae1d9eadf8b8722046acaba47300c7fb79c4d7a1ba826a7eb8892086118637127cb1dc01bc9853e6fb0cdb00ae9dba2343321a06bc1cc9941d7b6157ce3a0ec258deb428e5eed16c848f1d170c2a6ba7523629bf42d55c2602b9c7b1d7e9d0a8b12e7018d10899844df4a6cc0f37773c67db4757ed9e6b8a1989c93bf6b0801d10b9dd50ef86040aa5fd50da2cd2b4f631f730898ce5dc9806e9c863d5ead6587f8343611ecbb1ba3b2304cb202c5e73b248ebc3eb6ff21563c9a8b89bc6e712d866acedcdd090f1375ff76281d24fe04f91dcb64014a69d3dd706375ddf81fa964a3f301faaf405c13056d7cea15f32ea2ccaf5c117f1c65a7eed52dd1faeed7b1a1ae71e688f8ad77013ea1d450a8307755e50d2d8e64340f2a9990236900e36e67e36ef1050fe8479b85966f3d14dea07ccb7c5a7c0d42e8fe9c8018b48f181c93614ff15b11b7810526494b33b01b165bc5083ba685c8279d762ee8aed376f9b96730cce6fb658542eb87990168a2ed0f030e355f0bc5a78199fe6e3a524b4d667a8351d2a7e8989f4a90266cf0f4ff5752cbee6bd6a9d5ac59aaec406abe418e02462fbf174db473cb80089754996656598edcea2ccd667efcfc46f9ff252c380473e414756dc59d7fa0cff51ed278a5bb26d99c437d88b3fd58b5fd5bd013f5a0b46dd2d086b8cc0ef4bbbf48fb8ac81872ae6b391dc5af8167831660ea43bf639463fc7bfcbc2a40ce74b16ed71345f846ec9101c7bb7fe9b4e64c86bb8001dd7e22b6cce34b266f9e969dba64dc960ab4761436f56fd9506b267d9d0464b2ffe77698379fb2921629e04995f6b0c9b09ee0d4778b6175813848ce2e91f4f13b409f6dbae092d1e4b63b58566fb463d51f6774c273f78db403eb0a2933c0bd2adc8363becc83578c73da107e856cedc23c4feb148faeae1c3e4112828ed041e5a1b905241fabb71d1c4196c59e20dd722f9be22f42ea2f913a2d0312778077e37a08653efc07d33fe063cab07ce991b6de5a9cb60dfa595ceaa8d1c62a704db4a3972a3693529666ba8405606b531c8e6f1227633f133ef96da22147312fc0e9f52dca0efb5e0251843d7a419578ffee1a939552b89747a3fd2ce5eef541e212c55ffbb487b73197f6e9e4517fc94b75dec88c8a9a63aeac4d86a6372f18cfa7f563b67049facd564a7129ac3fc1141f0166930def7e97cff814df2147a85f3b9727d971fe9ca0176588f10e95f7da0e68def391ba1b2c72181f3c4bc4d7a7d2c624676d1a0f7d1423310fe8d9b08c39854880b697bb2fd7a53859388b28de3db38751a2a594d4e76761f13d98eaa54a11484ecd4bbd21d5f5cb251dbf57881e4f069757a495c5b72a4b95b60f86937618c9143ad68d91c1ae2ac6060dd3541508b102855ead44f98347a9c6c571c319a30f6dd41c3fac31430aeec3a1f95562be2e397517b2debf01f506caad97894fb6df4a97756a4afe987e2caf7dcd7d63d22f0903185606e863e24bc867aafd08fc61a3693d3bb48a4df435b465657a0fd3b19913335672a367fccfa1b1f7213256509cd435f97c24d950e213efef34b8830de28fca09bf5634a983a6349d90a6283829913d6e8654fda20fac8ea7d558211fabd6dce07acb08a5d9a1185ad26c48da5b6cccf36fe84a90ce044d8ca073b01d80107939c149c7fece5fe954d97d1e880eed141b260d30258093229a15f5d97f032f502d91d8115e1194d2232ca775c3d91b4f3249c9a22464d986cca16ff98c87d0be2e1a15abce994b72eb959054e3c592240cb9734a95da38a7076764d2a8338d7fc35cc872e9c08cf47f7b750ea04d7c5f374418ec15177e4b157b03482c1e469f589a2b52633ea9890f745bbe6ee5170d71a2f19135b86638b55fa0a0269846bbc3a26f1e5354a10781f3d9220b14d826725fd045993400d172d11660106f9822384b005253a2778cdfdd4f4c18509b1701bdbc832a9878e826b0660613ecb1586f068d4ed2038f75da1da410bdaa464a8b9cb851bedcf8b9e7f2c7c00f5aa5678a49ba69743d0dc561abb1da431b7f9f0109b96e971015f848807094f809fd79b4228b963124269b0c988ec4cd10bd4a8c9fa9f74d99e66c79f5e2cbed20e32acc566d0aa20d4e8a02f626a87a432f8bee05cf4df4f7247441195927b6867b26f8f420d53bd363234c4178bd11757f3a9199428397f78fd48c8dca8ba5f7e20224fe7e5471db26f4de9b83dc6c56e4d4312a485618794c7ced247d0cc0f443b4427b36394b0c7de80bcf02b00dfaa48667f4f57a0d16f69a6cf4a1f75b702c8b053151c54c53d1985ac287f5baa7e4f26d36e38e8ef320450a33af7e551b78e12dfa11aedee2f013e52fbcd7a98d19ed0cf95471749678e4efe9f165b9c0ed9cbd2ef4b521509effdb1a49286cd3809ee3bf231b4b882cecfa1a2ebfbcc2d5794e674e6ecd1759ede69ab4a10dc8a65acb3a86a644389abc595d37cdbe1c54d0794dce37e12693aa864d06344665df060d39422ae7b040d5acdc69aa90a0000000000000000000000"], 0x2190, 0x40015}, 0x20000000)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={"d202b999cf85000000000088f301e710", 0x102})

[  731.133011] binder_alloc: 15530: binder_alloc_buf, no vma
[  731.138768] binder: 15530:15539 transaction failed 29189/-3, size 24-8 line 2971
[  731.140945] binder: 15530:15532 ioctl 40046207 0 returned -16
2018/05/24 23:57:49 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8]})

2018/05/24 23:57:49 executing program 6:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x3c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00634040000000000000400000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000"]], 0x0, 0x0, &(0x7f0000000540)})

2018/05/24 23:57:49 executing program 0:
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f00000001c0)={0x18, 0x0, {0x3, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, 'ip6_vti0\x00'}}, 0x1e)
ioctl$PPPIOCSMRU(r0, 0x40047452, &(0x7f0000000000))
setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000040)=0x4, 0x4)

[  731.245546] binder: undelivered TRANSACTION_ERROR: 29189
[  731.251616] binder: undelivered TRANSACTION_ERROR: 29201
2018/05/24 23:57:49 executing program 4:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000080)='pids.max\x00', 0x2, 0x0)
write$cgroup_int(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="73d9c98995f9b575fe038dd9f70000000000000000000000000000"], 0x2)

2018/05/24 23:57:49 executing program 7:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket(0xa, 0x1, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="6500000000000000070000000000000005000000030000000600000000000000ffffffff"])
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"])
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4400ae8f, &(0x7f00000001c0)={0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]})

[  731.305203] binder: 15556:15558 got transaction with invalid offsets ptr
[  731.342972] binder: 15556:15558 transaction failed 29201/-14, size 24-8 line 2999
[  731.375896] FAULT_INJECTION: forcing a failure.
[  731.375896] name failslab, interval 1, probability 0, space 0, times 0
[  731.387321] CPU: 0 PID: 15554 Comm: syz-executor1 Not tainted 4.17.0-rc6+ #65
[  731.394613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  731.403994] Call Trace:
[  731.406612]  dump_stack+0x1b9/0x294
[  731.410281]  ? dump_stack_print_info.cold.2+0x52/0x52
[  731.415501]  ? save_stack+0x43/0xd0
[  731.419152]  ? kasan_kmalloc+0xc4/0xe0
[  731.423048]  ? kasan_slab_alloc+0x12/0x20
[  731.427195]  ? kmem_cache_alloc+0x12e/0x760
[  731.431520]  ? prepare_creds+0x78/0x3e0
[  731.435496]  ? copy_creds+0x7b/0x470
[  731.439211]  should_fail.cold.4+0xa/0x1a
[  731.443267]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  731.448368]  ? kasan_check_read+0x11/0x20
[  731.452508]  ? rcu_is_watching+0x85/0x140
[  731.456654]  ? rcu_bh_force_quiescent_state+0x20/0x20
[  731.461857]  ? find_held_lock+0x36/0x1c0
[  731.465923]  ? check_same_owner+0x320/0x320
[  731.470235]  ? rcu_is_watching+0x85/0x140
[  731.474376]  ? rcu_note_context_switch+0x710/0x710
[  731.479296]  ? security_prepare_creds+0x94/0xc0
[  731.483959]  __should_failslab+0x124/0x180
[  731.488188]  should_failslab+0x9/0x14
[  731.491990]  kmem_cache_alloc+0x2af/0x760
[  731.496134]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  731.501146]  __delayacct_tsk_init+0x20/0x80
[  731.505460]  copy_process.part.38+0x3043/0x6e90
[  731.510142]  ? lock_acquire+0x1dc/0x520
[  731.514205]  ? alloc_set_pte+0x1013/0x1600
[  731.518443]  ? graph_lock+0x170/0x170
[  731.522242]  ? print_usage_bug+0xc0/0xc0
[  731.526296]  ? __cleanup_sighand+0x70/0x70
[  731.530523]  ? find_held_lock+0x13f/0x1c0
[  731.534679]  ? print_usage_bug+0xc0/0xc0
[  731.538734]  ? lock_downgrade+0x8e0/0x8e0
[  731.542877]  ? unlock_page+0x1d0/0x2b0
[  731.546759]  ? debug_check_no_locks_freed+0x310/0x310
[  731.551960]  ? print_usage_bug+0xc0/0xc0
[  731.556015]  ? filemap_map_pages+0xcd4/0x1870
[  731.560512]  ? debug_check_no_locks_freed+0x310/0x310
[  731.565696]  ? find_get_entries_tag+0x10a0/0x10a0
[  731.570532]  ? __lock_acquire+0x7f5/0x5140
[  731.574763]  ? debug_check_no_locks_freed+0x310/0x310
[  731.579949]  ? debug_check_no_locks_freed+0x310/0x310
[  731.585130]  ? print_usage_bug+0xc0/0xc0
[  731.589181]  ? graph_lock+0x170/0x170
[  731.592972]  ? graph_lock+0x170/0x170
[  731.596761]  ? lock_acquire+0x1dc/0x520
[  731.600724]  ? __fdget_pos+0x1a9/0x1e0
[  731.604603]  ? graph_lock+0x170/0x170
[  731.608397]  ? __lock_acquire+0x7f5/0x5140
[  731.612627]  ? find_held_lock+0x36/0x1c0
[  731.616688]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  731.622232]  ? _parse_integer+0x13b/0x190
[  731.626381]  ? graph_lock+0x170/0x170
[  731.630179]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  731.635726]  ? _kstrtoull+0x180/0x230
[  731.639521]  ? _parse_integer+0x190/0x190
[  731.643666]  ? graph_lock+0x170/0x170
[  731.647462]  ? lock_release+0xa10/0xa10
[  731.651445]  ? check_same_owner+0x320/0x320
[  731.655773]  ? find_held_lock+0x36/0x1c0
[  731.659828]  ? graph_lock+0x170/0x170
[  731.663633]  ? lock_downgrade+0x8e0/0x8e0
[  731.667776]  ? find_held_lock+0x36/0x1c0
[  731.671838]  ? lock_downgrade+0x8e0/0x8e0
[  731.675983]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  731.681529]  ? proc_fail_nth_write+0x96/0x1f0
[  731.686018]  ? proc_cwd_link+0x1d0/0x1d0
[  731.690090]  ? find_held_lock+0x36/0x1c0
[  731.694151]  _do_fork+0x291/0x12a0
[  731.697684]  ? fork_idle+0x1a0/0x1a0
[  731.701389]  ? __lock_is_held+0xb5/0x140
[  731.705446]  ? __sb_end_write+0xac/0xe0
[  731.709415]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  731.714943]  ? fput+0x130/0x1a0
[  731.718225]  ? ksys_write+0x1a6/0x250
[  731.722021]  ? __ia32_sys_read+0xb0/0xb0
[  731.726079]  __x64_sys_clone+0xbf/0x150
[  731.730046]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  731.735059]  do_syscall_64+0x1b1/0x800
[  731.738936]  ? finish_task_switch+0x1ca/0x840
[  731.743423]  ? syscall_return_slowpath+0x5c0/0x5c0
[  731.748342]  ? syscall_return_slowpath+0x30f/0x5c0
[  731.753263]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  731.758621]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  731.763483]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  731.768666] RIP: 0033:0x455a09
[  731.771843] RSP: 002b:00007f5ef905dc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  731.779540] RAX: ffffffffffffffda RBX: 00007f5ef905e6d4 RCX: 0000000000455a09
[  731.786800] RDX: 000000002084effc RSI: 0000000020b53000 RDI: 0000000000000000
[  731.794057] RBP: 000000000072bea0 R08: 0000000020b3bfff R09: 0000000000000000
[  731.801314] R10: 0000000020c35ffc R11: 0000000000000246 R12: 0000000000000013
[  731.808571] R13: 0000000000000052 R14: 00000000006f4850 R15: 0000000000000003
2018/05/24 23:57:49 executing program 3:
r0 = socket(0xa, 0x1, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f")
r1 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x3, 0x402)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x6, 0x22000)
write$binfmt_elf32(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c4600faffffffffffffff0000000200000003110000000000003800007c7fd1760000b498efb95e38548300000000000000000000000000"], 0x38)

[  731.821674] binder_alloc: binder_alloc_mmap_handler: 15556 20001000-20004000 already mapped failed -16
[  731.879362] binder: BINDER_SET_CONTEXT_MGR already set
[  731.891213] binder: 15556:15558 ioctl 40046207 0 returned -16
[  731.911173] binder_alloc: 15556: binder_alloc_buf, no vma
[  731.916901] binder: 15556:15571 transaction failed 29189/-3, size 24-8 line 2971
[  731.924226] kasan: CONFIG_KASAN_INLINE enabled
[  731.929124] kasan: GPF could be caused by NULL-ptr deref or user memory access
[  731.936502] general protection fault: 0000 [#1] SMP KASAN
[  731.942029] Dumping ftrace buffer:
[  731.945548]    (ftrace buffer empty)
[  731.949251] Modules linked in:
[  731.952432] CPU: 0 PID: 15554 Comm: syz-executor1 Not tainted 4.17.0-rc6+ #65
[  731.959688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  731.969042] RIP: 0010:__delayacct_blkio_end+0x4f/0xc0
[  731.974213] RSP: 0018:ffff88017e444da8 EFLAGS: 00010002
[  731.979564] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90004cbf000
[  731.986820] RDX: 0000000000000007 RSI: ffffffff817a4cc1 RDI: 0000000000000038
[  731.994079] RBP: ffff88017e444dc0 R08: ffffed003b5c46d3 R09: 0000000000000000
[  732.001337] R10: ffff88017e444e50 R11: ffff8801dae23693 R12: ffff8801ca564400
[  732.008594] R13: ffff880187fe0380 R14: ffff880187fe03bc R15: 0000000000000002
[  732.015854] FS:  00007f5ef905e700(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
[  732.024075] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  732.029945] CR2: 00007fb1ec56cdb8 CR3: 00000001b2707000 CR4: 00000000001426f0
[  732.037207] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  732.044466] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  732.051731] Call Trace:
[  732.054311]  try_to_wake_up+0xa89/0x1190
[  732.058361]  ? migrate_swap_stop+0x850/0x850
[  732.062776]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  732.068300]  ? anon_vma_interval_tree_iter_next+0xf7/0x240
[  732.073914]  default_wake_function+0x30/0x50
[  732.078310]  ? rmap_walk_anon+0x73a/0xe80
[  732.082446]  autoremove_wake_function+0x7a/0x350
[  732.087193]  ? finish_wait+0x420/0x420
[  732.091071]  ? invalid_page_referenced_vma+0x5e0/0x5e0
[  732.096339]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  732.101865]  ? PageHuge+0x17e/0x2a0
[  732.105481]  wake_page_function+0x15f/0x1c0
[  732.109792]  __wake_up_common+0x189/0x730
[  732.113931]  ? wait_woken+0x2a0/0x2a0
[  732.117718]  ? total_mapcount+0x2c7/0x910
[  732.121855]  ? kasan_check_write+0x14/0x20
[  732.126076]  ? do_raw_spin_lock+0xc1/0x200
[  732.130302]  __wake_up_locked_key_bookmark+0x16/0x20
[  732.135397]  wake_up_page_bit+0x297/0x580
[  732.139535]  ? filemap_fdatawait_keep_errors+0xc0/0xc0
[  732.144800]  ? try_to_munlock+0x670/0x670
[  732.148934]  ? __lock_acquire+0x7f5/0x5140
[  732.153158]  ? mark_held_locks+0xc9/0x160
[  732.157296]  ? putback_movable_pages+0xac0/0xac0
[  732.162045]  ? do_pages_stat+0x420/0x420
[  732.166095]  unlock_page+0x214/0x2b0
[  732.169800]  ? wake_up_page_bit+0x580/0x580
[  732.174109]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  732.179632]  ? unfreeze_page+0x132/0x1b0
[  732.183678]  ? compound_mapcount+0x300/0x300
[  732.188076]  ? _raw_spin_unlock_irqrestore+0xa1/0xc0
[  732.193167]  __split_huge_page+0xfc7/0x17b0
[  732.197480]  ? vmf_insert_pfn_pud+0x5b0/0x5b0
[  732.201975]  ? debug_check_no_locks_freed+0x310/0x310
[  732.207154]  ? vma_adjust_trans_huge+0x310/0x310
[  732.211895]  ? check_pte+0x4b0/0x4b0
[  732.215605]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  732.221135]  ? vma_kernel_pagesize+0xb0/0xb0
[  732.225532]  ? graph_lock+0x170/0x170
[  732.229320]  ? try_to_munlock+0x670/0x670
[  732.233456]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  732.238982]  ? total_mapcount+0x2c7/0x910
[  732.243115]  ? graph_lock+0x170/0x170
[  732.246901]  ? vma_adjust_trans_huge+0x310/0x310
[  732.251650]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  732.257184]  ? try_to_unmap+0x37f/0x850
[  732.261146]  ? rmap_walk_locked+0x340/0x340
[  732.265453]  ? find_held_lock+0x36/0x1c0
[  732.269501]  ? lock_downgrade+0x8e0/0x8e0
[  732.273634]  ? kasan_check_read+0x11/0x20
[  732.277766]  ? do_raw_spin_unlock+0x9e/0x2e0
[  732.282160]  ? do_raw_spin_trylock+0x1b0/0x1b0
[  732.286727]  ? kasan_check_write+0x14/0x20
[  732.290948]  ? do_raw_spin_lock+0xc1/0x200
[  732.295183]  split_huge_page_to_list+0x15a2/0x1bf0
[  732.300105]  ? can_split_huge_page+0x770/0x770
[  732.304683]  ? vma_adjust_trans_huge+0x310/0x310
[  732.309434]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  732.314959]  ? page_mapped+0x34e/0x760
[  732.318834]  ? __page_mapcount+0x530/0x530
[  732.323055]  ? graph_lock+0x170/0x170
[  732.326845]  ? rmap_walk+0x243/0x350
[  732.330545]  ? page_get_anon_vma+0x570/0x570
[  732.334942]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  732.340467]  ? page_rmapping+0xd3/0x150
[  732.344428]  ? vm_mmap+0xc0/0xc0
[  732.347785]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  732.353311]  ? page_referenced+0x2c5/0xaa0
[  732.357531]  ? rmap_walk+0x350/0x350
[  732.361228]  ? lock_downgrade+0x8e0/0x8e0
[  732.365365]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  732.370904]  ? page_mapping+0x447/0x5c0
[  732.374878]  ? shmem_parse_options.cold.49+0x49/0x49
[  732.379971]  ? rcu_is_watching+0x85/0x140
[  732.384111]  ? rcu_bh_force_quiescent_state+0x20/0x20
[  732.389294]  ? page_evictable+0x23b/0x340
[  732.393439]  ? page_mapcount_is_zero+0x30/0x30
[  732.398009]  ? __anon_vma_prepare+0x700/0x700
[  732.402497]  shrink_page_list+0x4a4b/0x5fe0
[  732.406812]  ? page_evictable+0x340/0x340
[  732.410951]  ? rb_erase_cached+0xc6a/0x32a0
[  732.415270]  ? print_usage_bug+0xc0/0xc0
[  732.419314]  ? kernel_poison_pages+0x136/0x220
[  732.423882]  ? kasan_unpoison_shadow+0x35/0x50
[  732.428456]  ? rb_next+0x140/0x140
[  732.431985]  ? __lock_acquire+0x7f5/0x5140
[  732.436213]  ? debug_check_no_locks_freed+0x310/0x310
[  732.441393]  ? print_usage_bug+0xc0/0xc0
[  732.445459]  ? __update_load_avg_se.isra.34+0x61e/0x980
[  732.450810]  ? print_usage_bug+0xc0/0xc0
[  732.454857]  ? print_usage_bug+0xc0/0xc0
[  732.458924]  ? print_usage_bug+0xc0/0xc0
[  732.462975]  ? __lock_acquire+0x7f5/0x5140
[  732.467196]  ? print_usage_bug+0xc0/0xc0
[  732.471249]  ? rb_erase_cached+0xc6a/0x32a0
[  732.475558]  ? rb_next+0x140/0x140
[  732.479087]  ? debug_check_no_locks_freed+0x310/0x310
[  732.484262]  ? __lock_acquire+0x7f5/0x5140
[  732.488490]  ? __update_load_avg_se.isra.34+0x61e/0x980
[  732.493843]  ? __update_load_avg_blocked_se.isra.33+0x460/0x460
[  732.499886]  ? graph_lock+0x170/0x170
[  732.503678]  ? update_load_avg+0x2d9/0x2570
[  732.507987]  ? debug_check_no_locks_freed+0x310/0x310
[  732.513184]  ? attach_entity_load_avg+0x850/0x850
[  732.518033]  ? update_load_avg+0x2d9/0x2570
[  732.522347]  ? mark_held_locks+0xc9/0x160
[  732.526490]  ? attach_entity_load_avg+0x850/0x850
[  732.531320]  ? print_usage_bug+0xc0/0xc0
[  732.535364]  ? try_charge+0xacc/0x1660
[  732.539239]  ? rb_erase+0x3530/0x3530
[  732.543030]  ? print_usage_bug+0xc0/0xc0
[  732.547078]  ? graph_lock+0x170/0x170
[  732.550879]  ? __lock_acquire+0x7f5/0x5140
[  732.555103]  ? print_usage_bug+0xc0/0xc0
[  732.559152]  ? lock_downgrade+0x8e0/0x8e0
[  732.563298]  ? __update_load_avg_blocked_se.isra.33+0x460/0x460
[  732.569342]  ? graph_lock+0x170/0x170
[  732.573133]  ? update_load_avg+0x2d9/0x2570
[  732.577447]  ? attach_entity_load_avg+0x850/0x850
[  732.582281]  ? update_load_avg+0x2d9/0x2570
[  732.586593]  ? debug_check_no_locks_freed+0x310/0x310
[  732.591773]  ? attach_entity_load_avg+0x850/0x850
[  732.596606]  ? __lock_is_held+0xb5/0x140
[  732.600654]  ? __account_cfs_rq_runtime+0x600/0x600
[  732.605659]  ? graph_lock+0x170/0x170
[  732.609446]  ? graph_lock+0x170/0x170
[  732.613231]  ? rb_erase+0x3530/0x3530
[  732.617019]  ? print_usage_bug+0xc0/0xc0
[  732.621067]  ? graph_lock+0x170/0x170
[  732.624856]  ? find_held_lock+0x36/0x1c0
[  732.628909]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  732.634432]  ? __isolate_lru_page+0x751/0x9d0
[  732.638927]  ? putback_lru_page+0x270/0x270
[  732.643234]  ? graph_lock+0x170/0x170
[  732.647021]  ? __lock_acquire+0x7f5/0x5140
[  732.651241]  ? graph_lock+0x170/0x170
[  732.655029]  ? debug_check_no_locks_freed+0x310/0x310
[  732.660209]  ? kasan_check_write+0x14/0x20
[  732.664429]  ? __mod_zone_page_state+0xa0/0xd0
[  732.668997]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  732.674523]  ? isolate_lru_pages.isra.52+0x103c/0x18d0
[  732.679790]  ? __isolate_lru_page+0x9d0/0x9d0
[  732.684272]  ? debug_check_no_locks_freed+0x310/0x310
[  732.689447]  ? graph_lock+0x170/0x170
[  732.693233]  ? debug_check_no_locks_freed+0x310/0x310
[  732.698412]  ? debug_check_no_locks_freed+0x310/0x310
[  732.703590]  ? find_held_lock+0x36/0x1c0
[  732.707639]  ? print_usage_bug+0xc0/0xc0
[  732.711697]  ? flush_plug_callbacks+0x553/0x7f0
[  732.716357]  ? bio_cur_bytes+0x1e0/0x1e0
[  732.720409]  ? graph_lock+0x170/0x170
[  732.724193]  ? do_raw_spin_unlock+0x9e/0x2e0
[  732.728590]  ? print_usage_bug+0xc0/0xc0
[  732.732635]  ? __lock_acquire+0x7f5/0x5140
[  732.736863]  ? find_held_lock+0x36/0x1c0
[  732.740913]  ? lock_downgrade+0x8e0/0x8e0
[  732.745050]  ? kasan_check_read+0x11/0x20
[  732.749183]  ? do_raw_spin_trylock+0x1b0/0x1b0
[  732.753755]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  732.758761]  shrink_inactive_list+0x73a/0x1c60
[  732.763332]  ? putback_inactive_pages+0x1b00/0x1b00
[  732.768334]  ? graph_lock+0x170/0x170
[  732.772125]  ? kasan_check_read+0x11/0x20
[  732.776262]  ? mem_cgroup_get_nr_swap_pages+0x182/0x320
[  732.781613]  ? blk_start_plug+0xc4/0x360
[  732.785664]  ? blk_lld_busy+0x70/0x70
[  732.789452]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  732.794973]  ? lruvec_lru_size+0x2a4/0x430
[  732.799191]  ? graph_lock+0x170/0x170
[  732.802976]  ? throttle_direct_reclaim+0x9d0/0x9d0
[  732.807895]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  732.813074]  shrink_node_memcg+0x78c/0x1910
[  732.817386]  ? shrink_active_list+0x17f0/0x17f0
[  732.822043]  ? kasan_check_read+0x11/0x20
[  732.826177]  ? rcu_is_watching+0x85/0x140
[  732.830315]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  732.835839]  ? mem_cgroup_iter+0x4b0/0x9d0
[  732.840064]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  732.845599]  shrink_node+0x481/0x1740
[  732.849408]  ? shrink_node_memcg+0x1910/0x1910
[  732.853980]  ? kvm_clock_read+0x25/0x30
[  732.857943]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  732.862945]  ? ktime_get+0x2d9/0x430
[  732.866646]  ? do_gettimeofday+0x170/0x170
[  732.870869]  ? lock_downgrade+0x8e0/0x8e0
[  732.875019]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  732.880560]  do_try_to_free_pages+0x3c9/0x1240
[  732.885149]  ? shrink_node+0x1740/0x1740
[  732.889195]  ? rcu_is_watching+0x85/0x140
[  732.893328]  ? rcu_pm_notify+0xc0/0xc0
[  732.897205]  try_to_free_mem_cgroup_pages+0x475/0xc50
[  732.902384]  ? try_to_free_pages+0xb30/0xb30
[  732.906779]  ? lock_downgrade+0x8e0/0x8e0
[  732.910917]  ? kasan_check_read+0x11/0x20
[  732.915054]  ? kasan_check_read+0x11/0x20
[  732.919190]  ? do_raw_spin_unlock+0x9e/0x2e0
[  732.923590]  ? do_raw_spin_trylock+0x1b0/0x1b0
[  732.928162]  ? trace_hardirqs_on+0xd/0x10
[  732.932303]  reclaim_high.constprop.67+0x12f/0x1d0
[  732.937221]  ? memcg_event_wake+0x410/0x410
[  732.941531]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  732.947055]  ? exit_to_usermode_loop+0x87/0x310
[  732.951714]  mem_cgroup_handle_over_high+0x8d/0x130
[  732.956722]  exit_to_usermode_loop+0x274/0x310
[  732.961291]  ? syscall_slow_exit_work+0x4f0/0x4f0
[  732.966126]  do_syscall_64+0x6ac/0x800
[  732.970009]  ? finish_task_switch+0x1ca/0x840
[  732.974497]  ? syscall_return_slowpath+0x5c0/0x5c0
[  732.979421]  ? syscall_return_slowpath+0x30f/0x5c0
[  732.984340]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  732.989695]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  732.994529]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  732.999706] RIP: 0033:0x455a09
[  733.002880] RSP: 002b:00007f5ef905dc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  733.010601] RAX: 0000000000000e39 RBX: 00007f5ef905e6d4 RCX: 0000000000455a09
[  733.017857] RDX: 000000002084effc RSI: 0000000020b53000 RDI: 0000000000000000
[  733.025113] RBP: 000000000072bea0 R08: 0000000020b3bfff R09: 0000000000000000
[  733.032369] R10: 0000000020c35ffc R11: 0000000000000246 R12: 0000000000000013
[  733.039729] R13: 0000000000000052 R14: 00000000006f4850 R15: 0000000000000003
[  733.046985] Code: fa 48 c1 ea 03 80 3c 02 00 0f 85 80 00 00 00 48 8b 9b 30 12 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 38 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 04 3c 03 7e 51 44 8b 63 38 31 ff 41 83 e4 
[  733.066188] RIP: __delayacct_blkio_end+0x4f/0xc0 RSP: ffff88017e444da8
[  733.072838] 
[  733.072842] ======================================================
[  733.072845] WARNING: possible circular locking dependency detected
[  733.072848] 4.17.0-rc6+ #65 Not tainted
[  733.072852] ------------------------------------------------------
[  733.072856] syz-executor1/15554 is trying to acquire lock:
[  733.072858] 000000008e7dabb6 ((console_sem).lock){-.-.}, at: down_trylock+0x13/0x70
[  733.072868] 
[  733.072871] but task is already holding lock:
[  733.072873] 00000000efacf1e4 (&p->pi_lock){-.-.}, at: try_to_wake_up+0xca/0x1190
[  733.072883] 
[  733.072886] which lock already depends on the new lock.
[  733.072887] 
[  733.072889] 
[  733.072893] the existing dependency chain (in reverse order) is:
[  733.072894] 
[  733.072896] -> #1 (&p->pi_lock){-.-.}:
[  733.072905]        _raw_spin_lock_irqsave+0x96/0xc0
[  733.072908]        try_to_wake_up+0xca/0x1190
[  733.072911]        wake_up_process+0x10/0x20
[  733.072914]        __up.isra.1+0x1b8/0x290
[  733.072916]        up+0x12f/0x1b0
[  733.072919]        __up_console_sem+0xbe/0x1b0
[  733.072922]        console_unlock+0x7d6/0x1100
[  733.072925]        do_con_write+0x12b2/0x2280
[  733.072927]        con_write+0x25/0xc0
[  733.072930]        n_tty_write+0x6b9/0x1180
[  733.072933]        tty_write+0x3f1/0x880
[  733.072935]        __vfs_write+0x10b/0x960
[  733.072938]        vfs_write+0x1f8/0x560
[  733.072940]        ksys_write+0xf9/0x250
[  733.072943]        __x64_sys_write+0x73/0xb0
[  733.072946]        do_syscall_64+0x1b1/0x800
[  733.072949]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  733.072951] 
[  733.072952] -> #0 ((console_sem).lock){-.-.}:
[  733.072962]        lock_acquire+0x1dc/0x520
[  733.072965]        _raw_spin_lock_irqsave+0x96/0xc0
[  733.072968]        down_trylock+0x13/0x70
[  733.072971]        __down_trylock_console_sem+0xae/0x200
[  733.072974]        console_trylock+0x15/0xa0
[  733.072977]        vprintk_emit+0x694/0xdd0
[  733.072980]        vprintk_default+0x28/0x30
[  733.072982]        vprintk_func+0x7a/0xe7
[  733.072985]        printk+0x9e/0xba
[  733.072988]        kasan_die_handler.cold.22+0x11/0x30
[  733.072991]        notifier_call_chain+0x178/0x380
[  733.072994]        atomic_notifier_call_chain+0x98/0x190
[  733.072996]        notify_die+0x1a3/0x2b0
[  733.073000]        do_general_protection+0x248/0x2f0
[  733.073003]        general_protection+0x1e/0x30
[  733.073007]        __delayacct_blkio_end+0x4f/0xc0
[  733.073010]        try_to_wake_up+0xa89/0x1190
[  733.073014]        default_wake_function+0x30/0x50
[  733.073019]        autoremove_wake_function+0x7a/0x350
[  733.073022]        wake_page_function+0x15f/0x1c0
[  733.073025]        __wake_up_common+0x189/0x730
[  733.073028]        __wake_up_locked_key_bookmark+0x16/0x20
[  733.073031]        wake_up_page_bit+0x297/0x580
[  733.073034]        unlock_page+0x214/0x2b0
[  733.073037]        __split_huge_page+0xfc7/0x17b0
[  733.073040]        split_huge_page_to_list+0x15a2/0x1bf0
[  733.073043]        shrink_page_list+0x4a4b/0x5fe0
[  733.073046]        shrink_inactive_list+0x73a/0x1c60
[  733.073049]        shrink_node_memcg+0x78c/0x1910
[  733.073052]        shrink_node+0x481/0x1740
[  733.073055]        do_try_to_free_pages+0x3c9/0x1240
[  733.073059]        try_to_free_mem_cgroup_pages+0x475/0xc50
[  733.073062]        reclaim_high.constprop.67+0x12f/0x1d0
[  733.073065]        mem_cgroup_handle_over_high+0x8d/0x130
[  733.073069]        exit_to_usermode_loop+0x274/0x310
[  733.073071]        do_syscall_64+0x6ac/0x800
[  733.073075]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  733.073076] 
[  733.073079] other info that might help us debug this:
[  733.073081] 
[  733.073084]  Possible unsafe locking scenario:
[  733.073085] 
[  733.073088]        CPU0                    CPU1
[  733.073091]        ----                    ----
[  733.073092]   lock(&p->pi_lock);
[  733.073099]                                lock((console_sem).lock);
[  733.073105]                                lock(&p->pi_lock);
[  733.073111]   lock((console_sem).lock);
[  733.073116] 
[  733.073118]  *** DEADLOCK ***
[  733.073120] 
[  733.073123] 4 locks held by syz-executor1/15554:
[  733.073124]  #0: 00000000a4812bb8 (&anon_vma->rwsem){++++}, at: split_huge_page_to_list+0xd54/0x1bf0
[  733.073136]  #1: 00000000e94fa758 (&page_wait_table[i]){-.-.}, at: wake_up_page_bit+0x27d/0x580
[  733.073148]  #2: 00000000efacf1e4 (&p->pi_lock){-.-.}, at: try_to_wake_up+0xca/0x1190
[  733.073160]  #3: 00000000eb1ba549 (rcu_read_lock){....}, at: atomic_notifier_call_chain+0x0/0x190
[  733.073172] 
[  733.073174] stack backtrace:
[  733.073178] CPU: 0 PID: 15554 Comm: syz-executor1 Not tainted 4.17.0-rc6+ #65
[  733.073184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  733.073186] Call Trace:
[  733.073189]  dump_stack+0x1b9/0x294
[  733.073192]  ? dump_stack_print_info.cold.2+0x52/0x52
[  733.073195]  ? print_lock+0xd1/0xd6
[  733.073197]  ? vprintk_func+0xd0/0xe7
[  733.073201]  print_circular_bug.isra.36.cold.54+0x1bd/0x27d
[  733.073204]  ? save_trace+0xe0/0x290
[  733.073207]  __lock_acquire+0x343e/0x5140
[  733.073210]  ? debug_check_no_locks_freed+0x310/0x310
[  733.073214]  ? debug_check_no_locks_freed+0x310/0x310
[  733.073217]  ? update_load_avg+0x2d9/0x2570
[  733.073220]  ? __update_load_avg_se.isra.34+0x61e/0x980
[  733.073223]  ? __lock_acquire+0x7f5/0x5140
[  733.073226]  ? update_load_avg+0x2d9/0x2570
[  733.073229]  ? print_usage_bug+0xc0/0xc0
[  733.073232]  ? attach_entity_load_avg+0x850/0x850
[  733.073234]  ? graph_lock+0x170/0x170
[  733.073237]  ? graph_lock+0x170/0x170
[  733.073240]  lock_acquire+0x1dc/0x520
[  733.073243]  ? down_trylock+0x13/0x70
[  733.073246]  ? lock_release+0xa10/0xa10
[  733.073248]  ? lock_downgrade+0x8e0/0x8e0
[  733.073251]  ? kvm_sched_clock_read+0x9/0x20
[  733.073254]  ? sched_clock+0x31/0x40
[  733.073257]  ? vprintk_emit+0x694/0xdd0
[  733.073260]  _raw_spin_lock_irqsave+0x96/0xc0
[  733.073263]  ? down_trylock+0x13/0x70
[  733.073265]  down_trylock+0x13/0x70
[  733.073269]  __down_trylock_console_sem+0xae/0x200
[  733.073272]  console_trylock+0x15/0xa0
[  733.073274]  vprintk_emit+0x694/0xdd0
[  733.073277]  ? find_held_lock+0x36/0x1c0
[  733.073280]  ? console_unlock+0x1100/0x1100
[  733.073283]  ? lock_downgrade+0x8e0/0x8e0
[  733.073286]  ? __lock_acquire+0x7f5/0x5140
[  733.073289]  ? kasan_check_read+0x11/0x20
[  733.073292]  ? do_raw_spin_unlock+0x9e/0x2e0
[  733.073295]  ? do_raw_spin_trylock+0x1b0/0x1b0
[  733.073298]  ? page_rmapping+0x150/0x150
[  733.073300]  vprintk_default+0x28/0x30
[  733.073303]  vprintk_func+0x7a/0xe7
[  733.073305]  printk+0x9e/0xba
[  733.073308]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[  733.073311]  ? check_pte+0x4b0/0x4b0
[  733.073314]  ? kasan_die_handler.cold.22+0x5/0x30
[  733.073317]  kasan_die_handler.cold.22+0x11/0x30
[  733.073320]  notifier_call_chain+0x178/0x380
[  733.073323]  ? unregister_die_notifier+0x20/0x20
[  733.073326]  ? rcu_is_watching+0x85/0x140
[  733.073330]  ? rcu_bh_force_quiescent_state+0x20/0x20
[  733.073332]  ? cmp_ex_search+0x8c/0xb0
[  733.073336]  ? rcu_bh_force_quiescent_state+0x20/0x20
[  733.073339]  atomic_notifier_call_chain+0x98/0x190
[  733.073341]  notify_die+0x1a3/0x2b0
[  733.073345]  ? __atomic_notifier_call_chain+0x1a0/0x1a0
[  733.073348]  ? search_exception_tables+0x47/0x50
[  733.073351]  do_general_protection+0x248/0x2f0
[  733.073354]  general_protection+0x1e/0x30
[  733.073357] RIP: 0010:__delayacct_blkio_end+0x4f/0xc0
[  733.073360] RSP: 0018:ffff88017e444da8 EFLAGS: 00010002
[  733.073366] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90004cbf000
[  733.073370] RDX: 0000000000000007 RSI: ffffffff817a4cc1 RDI: 0000000000000038
[  733.073375] RBP: ffff88017e444dc0 R08: ffffed003b5c46d3 R09: 0000000000000000
[  733.073379] R10: ffff88017e444e50 R11: ffff8801dae23693 R12: ffff8801ca564400
[  733.073383] R13: ffff880187fe0380 R14: ffff880187fe03bc R15: 0000000000000002
[  733.073387]  ? __delayacct_blkio_end+0x11/0xc0
[  733.073390]  ? __delayacct_blkio_end+0x11/0xc0
[  733.073392]  try_to_wake_up+0xa89/0x1190
[  733.073395]  ? migrate_swap_stop+0x850/0x850
[  733.073399]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  733.073402]  ? anon_vma_interval_tree_iter_next+0xf7/0x240
[  733.073405]  default_wake_function+0x30/0x50
[  733.073408]  ? rmap_walk_anon+0x73a/0xe80
[  733.073411]  autoremove_wake_function+0x7a/0x350
[  733.073414]  ? finish_wait+0x420/0x420
[  733.073417]  ? invalid_page_referenced_vma+0x5e0/0x5e0
[  733.073421]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  733.073423]  ? PageHuge+0x17e/0x2a0
[  733.073426]  wake_page_function+0x15f/0x1c0
[  733.073429]  __wake_up_common+0x189/0x730
[  733.073432]  ? wait_woken+0x2a0/0x2a0
[  733.073435]  ? total_mapcount+0x2c7/0x910
[  733.073438]  ? kasan_check_write+0x14/0x20
[  733.073440]  ? do_raw_spin_lock+0xc1/0x200
[  733.073444]  __wake_up_locked_key_bookmark+0x16/0x20
[  733.073447]  wake_up_page_bit+0x297/0x580
[  733.073450]  ? filemap_fdatawait_keep_errors+0xc0/0xc0
[  733.073453]  ? try_to_munlock+0x670/0x670
[  733.073456]  ? __lock_acquire+0x7f5/0x5140
[  733.073459]  ? mark_held_locks+0xc9/0x160
[  733.073462]  ? putback_movable_pages+0xac0/0xac0
[  733.073464]  ? do_pages_stat+0x420/0x420
[  733.073467]  unlock_page+0x214/0x2b0
[  733.073470]  ? wake_up_page_bit+0x580/0x580
[  733.073473]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  733.073476]  ? unfreeze_page+0x132/0x1b0
[  733.073479]  ? compound_mapcount+0x300/0x300
[  733.073483]  ? _raw_spin_unlock_irqrestore+0xa1/0xc0
[  733.073486]  __split_huge_page+0xfc7/0x17b0
[  733.073489]  ? vmf_insert_pfn_pud+0x5b0/0x5b0
[  733.073492]  ? debug_check_no_locks_freed+0x310/0x310
[  733.073496]  ? vma_adjust_trans_huge+0x310/0x310
[  733.073498]  ? check_pte+0x4b0/0x4b0
[  733.073502]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  733.073505]  ? vma_kernel_pagesize+0xb0/0xb0
[  733.073508]  ? graph_lock+0x170/0x170
[  733.073511]  ? try_to_munlock+0x670/0x670
[  733.073514]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  733.073517]  ? total_mapcount+0x2c7/0x910
[  733.073520]  ? graph_lock+0x170/0x170
[  733.073523]  ? vma_adjust_trans_huge+0x310/0x310
[  733.073526]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  733.073529]  ? try_to_unmap+0x37f/0x850
[  733.073532]  ? rmap_walk_locked+0x340/0x340
[  733.073535]  ? find_held_lock+0x36/0x1c0
[  733.073537]  ? lock_downgrade+0x8e0/0x8e0
[  733.073540]  ? kasan_check_read+0x11/0x20
[  733.073543]  ? do_raw_spin_unlock+0x9e/0x2e0
[  733.073546]  ? do_raw_spin_trylock+0x1b0/0x1b0
[  733.073549]  ? kasan_check_write+0x14/0x20
[  733.073552]  ? do_raw_spin_lock+0xc1/0x200
[  733.073559]  split_huge_page_to_list+0x15a2/0x1bf0
[  733.073562]  ? can_split_huge_page+0x770/0x770
[  733.073565]  ? vma_adjust_trans_huge+0x310/0x310
[  733.073569]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  733.073572]  ? page_mapped+0x34e/0x760
[  733.073574]  ? __page_mapcount+0x530/0x530
[  733.073577]  ? graph_lock+0x170/0x170
[  733.073579]  
[  733.073584] Lost 158 message(s)!
[  734.096470] ---[ end trace 49d7e6dd9dbde126 ]---
[  734.101208] Kernel panic - not syncing: Fatal exception
[  734.107128] Dumping ftrace buffer:
[  734.110665]    (ftrace buffer empty)
[  734.114359] Kernel Offset: disabled
[  734.117970] Rebooting in 86400 seconds..