INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   22.487096] sshd (4427) used greatest stack depth: 16712 bytes left
Warning: Permanently added '10.128.0.44' (ECDSA) to the list of known hosts.
2018/04/06 10:22:12 fuzzer started
2018/04/06 10:22:13 dialing manager at 10.128.0.26:34681
[   34.001268] can: request_module (can-proto-0) failed.
[   34.010076] can: request_module (can-proto-0) failed.
2018/04/06 10:22:19 kcov=true, comps=false
2018/04/06 10:22:23 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000b3dfc8)={&(0x7f0000001580)={0x10}, 0xc, &(0x7f00000015c0)={&(0x7f0000abf000)={0x18, 0x22, 0x109, 0x0, 0x0, {0x4}, [@nested={0x4, 0x12}]}, 0x18}, 0x1}, 0x0)

2018/04/06 10:22:23 executing program 2:
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000480)='/dev/sequencer2\x00', 0x0, 0x0)
r0 = memfd_create(&(0x7f000003e000)='\'', 0x0)
perf_event_open(&(0x7f0000348f88)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$sndseq(&(0x7f0000d82000)='/dev/snd/seq\x00', 0x0, 0x8000000040102)
r2 = dup2(r1, r1)
write$sndseq(r0, &(0x7f0000e6ffd0)=[{0x0, 0x0, 0x0, 0x3fd}], 0x30)
sendfile(r2, r0, &(0x7f0000000040), 0x80000000)

2018/04/06 10:22:23 executing program 7:
prctl$intptr(0x1d, 0x0)

2018/04/06 10:22:23 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000808fc8)={&(0x7f0000e87000)={0x10}, 0xc, &(0x7f0000a3bff8)={&(0x7f0000000080)=ANY=[@ANYBLOB="380000001800210c00000000000000008020000000040005000000001c0009000900000045423d912f59fed65ffea16eb70900000064bd632638d7c4ffdc2e0160cd9a90cf94edc38874917f8f14403a7e889dca586dc3028d9195e5d2a84d95a54a916c931707b80298ab9524df391894199177029f9094f1972d752cb2c4d51ece45a6f95441ee83dbd765a3d9137897cafda16105636f5ab03d15a3327df5498d8541a24e54afea18a0ad3c8707c9c9b5c4fe8df6969319f0b7e4cc089301bdafccf8563177e8a23d07f7bfd669cde6d6a10537ee305d2633d51e350a91a90f009ae641c851ca95dd8d91ba425cfa7f559bc4dc68595930cb16df491a74cb0252d3cba8a1d3c1c699eebf2f4ed0664419656f4b260fb5c41b253012568d17a69989597c3c275244e7f46c6cb8ee800130f0a955a68f968b132b308d2021a06f40a6e002cc45b52f4c637e49783958df9c6b14178cab90ee821384630d1f4f3c8e5cc3ed408d08b4a28a25a85e4e44c93a971fffb05d5c00e4ed7185de504939760b5bcf230ee7bd70cc2c0c335059405eb0ed962a2f75670055194dfbdc6221d9bbd9ab5e433ec65f897a3586452031e42d5b9e17617eedfd2cb4189243d73460aa62d11cb24a68146e3cdf174e6b191a321040bae12b5b92233b4acfff91394a9e00354f0000000000000000000000000000", @ANYBLOB='\x00\x00\x00\x00', @ANYBLOB='\x00\x00\x00\x00'], 0x3}, 0x1}, 0x0)

2018/04/06 10:22:23 executing program 4:
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000009fe8)={0xaa, 0xe})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000909000/0x4000)=nil, 0x4000}, 0x1})
perf_event_open(&(0x7f0000000000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
madvise(&(0x7f000090b000/0x3000)=nil, 0x3000, 0x4)
mlock(&(0x7f000090b000/0x4000)=nil, 0x4000)
read(r0, &(0x7f0000000300)=""/100, 0x64)

2018/04/06 10:22:23 executing program 1:
r0 = syz_open_dev$mouse(&(0x7f0000000140)='/dev/input/mouse#\x00', 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0)
write$rdma_cm(r0, &(0x7f0000005040)=@create_id={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000005000), 0x111, 0x5}}, 0x20)
write$rdma_cm(r0, &(0x7f0000005080)=ANY=[@ANYBLOB="05008000100000fa"], 0x8)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x3)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
getsockopt$ARPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x63, &(0x7f0000000140)={'NETMAP\x00'}, &(0x7f00000001c0)=0x1e)
socketpair$inet_udp(0x2, 0x2, 0x0, &(0x7f0000000280))
modify_ldt$write(0x1, &(0x7f0000002c80)={0xa1, 0x0, 0xffffffff, 0xcfee, 0x8, 0x2, 0x8000, 0x7, 0x81, 0x8}, 0x10)
r4 = socket$inet6(0xa, 0x0, 0x0)
timer_create(0x7, &(0x7f0000000400)={0x0, 0x35, 0x6, @thr={&(0x7f00000002c0)="3ac5c486460164999320ce70af95be1251ddb77c1bb431d42102d780ac1e17c6b905ef320b3cf6f5606471afd2a72733e117126375d9bcea8d9d7ebcd6d7c8f20c163369ff3410110dc14a6ab7b3aafabbc382d2a85b1935acd5ff0509d960778206a93ef781cf59c4aa9f92dbc5525c406795ef2b4283dbc2692a557dad828448f16ff674dbf134d7143bd38b40", &(0x7f0000000380)}}, &(0x7f0000000440)=<r5=>0x0)
clock_gettime(0x0, &(0x7f00000004c0)={<r6=>0x0, <r7=>0x0})
syz_open_dev$vcsn(&(0x7f0000000680)='/dev/vcs#\x00', 0x2, 0x3fc)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f00000005c0)={<r8=>0x0, 0x8001}, &(0x7f0000000600)=0x8)
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000640)={r8, 0x7f, 0x4}, 0x10)
ioctl$KDMKTONE(r0, 0x4b30, 0xffff)
setsockopt$sock_linger(r4, 0x1, 0xd, &(0x7f00000006c0)={0x0, 0x58}, 0x8)
timer_settime(r5, 0x0, &(0x7f0000000500)={{0x0, 0x989680}, {r6, r7+10000000}}, &(0x7f0000000540))
perf_event_open(&(0x7f0000348f88)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r9 = socket(0x1e, 0x4, 0x0)
getsockopt(r9, 0x10f, 0x84, &(0x7f0000003fb3), &(0x7f0000000000)=0xff5f)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x3)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r2, 0x4010ae68, &(0x7f0000000480))
mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x2000001, 0x18071, 0xffffffffffffffff, 0x0)
mlock(&(0x7f0000000000/0x2000)=nil, 0x2000)
mprotect(&(0x7f0000001000/0x5000)=nil, 0x5000, 0x2)
recvmmsg(0xffffffffffffffff, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000040)=""/36, 0x24}, {&(0x7f0000000080)=""/78, 0x4e}, {&(0x7f0000000700)=""/232, 0xe8}, {&(0x7f0000000800)=""/137, 0x89}, {&(0x7f0000000200)=""/66, 0x42}], 0x5, &(0x7f0000000a40)=""/223, 0xdf, 0x4}, 0x9}, {{&(0x7f0000000b40)=@in6, 0x80, &(0x7f0000001180)=[{&(0x7f0000000bc0)=""/179, 0xb3}, {&(0x7f0000000c80)=""/213, 0xd5}, {&(0x7f0000000d80)=""/126, 0x7e}, {&(0x7f0000000e00)=""/121, 0x79}, {&(0x7f0000000e80)=""/219, 0xdb}, {&(0x7f0000001080)=""/233, 0xe9}], 0x6, &(0x7f0000000580)=""/15, 0xf, 0x3}, 0x9}, {{&(0x7f0000001200)=@ipx, 0x80, &(0x7f00000014c0)=[{&(0x7f00000012c0)=""/83, 0x53}, {&(0x7f0000001340)=""/28, 0x1c}, {&(0x7f0000001380)=""/192, 0xc0}, {&(0x7f0000001440)=""/90, 0x5a}], 0x4, 0x0, 0x0, 0xebcf}, 0x4}, {{0x0, 0x0, &(0x7f0000002880)=[{&(0x7f0000001500)=""/26, 0x1a}, {&(0x7f0000001540)=""/53, 0x35}, {&(0x7f0000001580)=""/93, 0x5d}, {&(0x7f0000001600)=""/4096, 0x1000}, {&(0x7f0000002600)=""/235, 0xeb}, {&(0x7f0000002700)=""/86, 0x56}, {&(0x7f0000002780)=""/96, 0x60}, {&(0x7f0000002800)=""/114, 0x72}], 0x8, &(0x7f0000002900)=""/157, 0x9d, 0x100}, 0x4e}, {{&(0x7f00000029c0)=@pptp={0x0, 0x0, {0x0, @local}}, 0x80, &(0x7f0000002b80)=[{&(0x7f0000002a40)=""/36, 0x24}, {&(0x7f0000002a80)=""/202, 0xca}], 0x2, &(0x7f0000002bc0)=""/22, 0x16}, 0x84a3}, {{&(0x7f0000002c00)=@nl, 0x80, &(0x7f0000002f00)=[{&(0x7f00000031c0)=""/68, 0x44}, {&(0x7f0000002d00)}, {&(0x7f0000002d40)=""/111, 0x6f}, {&(0x7f0000002dc0)=""/131, 0x83}, {&(0x7f0000002e80)=""/90, 0x5a}], 0x5, &(0x7f0000002f80)=""/147, 0x93, 0x7fffffff}, 0xd315}], 0x6, 0x0, &(0x7f0000001280)={0x0, 0x1c9c380})
munlockall()

2018/04/06 10:22:23 executing program 5:
r0 = socket$inet(0x2, 0x2, 0x6000000088)
recvmsg(r0, &(0x7f0000001200)={&(0x7f0000000700)=@nfc_llcp, 0x80, &(0x7f0000000680)=[{&(0x7f00000005c0)=""/158, 0x9e}], 0x1, &(0x7f00000011c0)}, 0x0)
bind(r0, &(0x7f0000e79ff0)=@in={0x2, 0x4e20}, 0x10)
sendto$inet(r0, &(0x7f0000000000)="a77d90cecea9a1580dd9330747fcc704d7ac140afceaa150f5a3636a36439517bf6f952fe0abfd18822d2c783fbd863827c897e456003cb6bc53889946ba68629bec186af3", 0x45, 0x0, &(0x7f0000e81ff0)={0x2, 0x4e20}, 0x10)

2018/04/06 10:22:23 executing program 6:
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff})
flock(r0, 0x1)
flock(r0, 0x1)

[   38.774495] IPVS: ftp: loaded support on port[0] = 21
[   38.906277] IPVS: ftp: loaded support on port[0] = 21
[   38.975483] IPVS: ftp: loaded support on port[0] = 21
[   39.013642] IPVS: ftp: loaded support on port[0] = 21
[   39.093187] IPVS: ftp: loaded support on port[0] = 21
[   39.171275] IPVS: ftp: loaded support on port[0] = 21
[   39.263689] IPVS: ftp: loaded support on port[0] = 21
[   39.374488] IPVS: ftp: loaded support on port[0] = 21
[   41.121261] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   41.133728] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   41.246605] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   41.384528] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   41.444639] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   41.627568] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   41.752583] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   41.831559] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   45.027366] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   45.033523] 8021q: adding VLAN 0 to HW filter on device bond0
[   45.057967] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   45.064082] 8021q: adding VLAN 0 to HW filter on device bond0
[   45.086512] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   45.092841] 8021q: adding VLAN 0 to HW filter on device bond0
[   45.208177] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   45.214360] 8021q: adding VLAN 0 to HW filter on device bond0
[   45.388574] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   45.417528] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   45.423640] 8021q: adding VLAN 0 to HW filter on device bond0
[   45.433697] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   45.535986] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   45.545468] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   45.551631] 8021q: adding VLAN 0 to HW filter on device bond0
[   45.578741] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   45.584828] 8021q: adding VLAN 0 to HW filter on device bond0
[   45.598560] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   45.613315] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   45.619548] 8021q: adding VLAN 0 to HW filter on device bond0
[   45.771189] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   45.778132] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   45.784451] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   45.797142] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   45.834603] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   45.843386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   45.854941] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
2018/04/06 10:22:30 executing program 3:
mount(&(0x7f000000a000)='.', &(0x7f0000852000)='.', &(0x7f0000000000)='ramfs\x00', 0x0, &(0x7f00008a7000))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
sync()
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
umount2(&(0x7f0000000040)='.', 0x4)
r2 = syz_open_dev$tun(&(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0)
syz_genetlink_get_family_id$fou(&(0x7f00000000c0)='fou\x00')
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000300)={'dummy0\x00', 0x1})
umount2(&(0x7f0000000580)='.', 0x4)

[   45.993788] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   46.000006] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   46.010128] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   46.035269] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   46.045859] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   46.054308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   46.071674] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   46.091515] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   46.100265] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   46.294678] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   46.300887] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   46.313444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   46.436355] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   46.442732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   46.451746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   46.468940] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   46.475164] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   46.486797] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   46.503730] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   46.511110] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   46.528337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
2018/04/06 10:22:32 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000b3dfc8)={&(0x7f0000001580)={0x10}, 0xc, &(0x7f00000015c0)={&(0x7f0000abf000)={0x18, 0x22, 0x109, 0x0, 0x0, {0x4}, [@nested={0x4, 0x12}]}, 0x18}, 0x1}, 0x0)

2018/04/06 10:22:32 executing program 2:
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000480)='/dev/sequencer2\x00', 0x0, 0x0)
r0 = memfd_create(&(0x7f000003e000)='\'', 0x0)
perf_event_open(&(0x7f0000348f88)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$sndseq(&(0x7f0000d82000)='/dev/snd/seq\x00', 0x0, 0x8000000040102)
r2 = dup2(r1, r1)
write$sndseq(r0, &(0x7f0000e6ffd0)=[{0x0, 0x0, 0x0, 0x3fd}], 0x30)
sendfile(r2, r0, &(0x7f0000000040), 0x80000000)

2018/04/06 10:22:32 executing program 1:
r0 = syz_open_dev$mouse(&(0x7f0000000140)='/dev/input/mouse#\x00', 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0)
write$rdma_cm(r0, &(0x7f0000005040)=@create_id={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000005000), 0x111, 0x5}}, 0x20)
write$rdma_cm(r0, &(0x7f0000005080)=ANY=[@ANYBLOB="05008000100000fa"], 0x8)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x3)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
getsockopt$ARPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x63, &(0x7f0000000140)={'NETMAP\x00'}, &(0x7f00000001c0)=0x1e)
socketpair$inet_udp(0x2, 0x2, 0x0, &(0x7f0000000280))
modify_ldt$write(0x1, &(0x7f0000002c80)={0xa1, 0x0, 0xffffffff, 0xcfee, 0x8, 0x2, 0x8000, 0x7, 0x81, 0x8}, 0x10)
r4 = socket$inet6(0xa, 0x0, 0x0)
timer_create(0x7, &(0x7f0000000400)={0x0, 0x35, 0x6, @thr={&(0x7f00000002c0)="3ac5c486460164999320ce70af95be1251ddb77c1bb431d42102d780ac1e17c6b905ef320b3cf6f5606471afd2a72733e117126375d9bcea8d9d7ebcd6d7c8f20c163369ff3410110dc14a6ab7b3aafabbc382d2a85b1935acd5ff0509d960778206a93ef781cf59c4aa9f92dbc5525c406795ef2b4283dbc2692a557dad828448f16ff674dbf134d7143bd38b40", &(0x7f0000000380)}}, &(0x7f0000000440)=<r5=>0x0)
clock_gettime(0x0, &(0x7f00000004c0)={<r6=>0x0, <r7=>0x0})
syz_open_dev$vcsn(&(0x7f0000000680)='/dev/vcs#\x00', 0x2, 0x3fc)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f00000005c0)={<r8=>0x0, 0x8001}, &(0x7f0000000600)=0x8)
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000640)={r8, 0x7f, 0x4}, 0x10)
ioctl$KDMKTONE(r0, 0x4b30, 0xffff)
setsockopt$sock_linger(r4, 0x1, 0xd, &(0x7f00000006c0)={0x0, 0x58}, 0x8)
timer_settime(r5, 0x0, &(0x7f0000000500)={{0x0, 0x989680}, {r6, r7+10000000}}, &(0x7f0000000540))
perf_event_open(&(0x7f0000348f88)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r9 = socket(0x1e, 0x4, 0x0)
getsockopt(r9, 0x10f, 0x84, &(0x7f0000003fb3), &(0x7f0000000000)=0xff5f)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x3)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r2, 0x4010ae68, &(0x7f0000000480))
mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x2000001, 0x18071, 0xffffffffffffffff, 0x0)
mlock(&(0x7f0000000000/0x2000)=nil, 0x2000)
mprotect(&(0x7f0000001000/0x5000)=nil, 0x5000, 0x2)
recvmmsg(0xffffffffffffffff, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000040)=""/36, 0x24}, {&(0x7f0000000080)=""/78, 0x4e}, {&(0x7f0000000700)=""/232, 0xe8}, {&(0x7f0000000800)=""/137, 0x89}, {&(0x7f0000000200)=""/66, 0x42}], 0x5, &(0x7f0000000a40)=""/223, 0xdf, 0x4}, 0x9}, {{&(0x7f0000000b40)=@in6, 0x80, &(0x7f0000001180)=[{&(0x7f0000000bc0)=""/179, 0xb3}, {&(0x7f0000000c80)=""/213, 0xd5}, {&(0x7f0000000d80)=""/126, 0x7e}, {&(0x7f0000000e00)=""/121, 0x79}, {&(0x7f0000000e80)=""/219, 0xdb}, {&(0x7f0000001080)=""/233, 0xe9}], 0x6, &(0x7f0000000580)=""/15, 0xf, 0x3}, 0x9}, {{&(0x7f0000001200)=@ipx, 0x80, &(0x7f00000014c0)=[{&(0x7f00000012c0)=""/83, 0x53}, {&(0x7f0000001340)=""/28, 0x1c}, {&(0x7f0000001380)=""/192, 0xc0}, {&(0x7f0000001440)=""/90, 0x5a}], 0x4, 0x0, 0x0, 0xebcf}, 0x4}, {{0x0, 0x0, &(0x7f0000002880)=[{&(0x7f0000001500)=""/26, 0x1a}, {&(0x7f0000001540)=""/53, 0x35}, {&(0x7f0000001580)=""/93, 0x5d}, {&(0x7f0000001600)=""/4096, 0x1000}, {&(0x7f0000002600)=""/235, 0xeb}, {&(0x7f0000002700)=""/86, 0x56}, {&(0x7f0000002780)=""/96, 0x60}, {&(0x7f0000002800)=""/114, 0x72}], 0x8, &(0x7f0000002900)=""/157, 0x9d, 0x100}, 0x4e}, {{&(0x7f00000029c0)=@pptp={0x0, 0x0, {0x0, @local}}, 0x80, &(0x7f0000002b80)=[{&(0x7f0000002a40)=""/36, 0x24}, {&(0x7f0000002a80)=""/202, 0xca}], 0x2, &(0x7f0000002bc0)=""/22, 0x16}, 0x84a3}, {{&(0x7f0000002c00)=@nl, 0x80, &(0x7f0000002f00)=[{&(0x7f00000031c0)=""/68, 0x44}, {&(0x7f0000002d00)}, {&(0x7f0000002d40)=""/111, 0x6f}, {&(0x7f0000002dc0)=""/131, 0x83}, {&(0x7f0000002e80)=""/90, 0x5a}], 0x5, &(0x7f0000002f80)=""/147, 0x93, 0x7fffffff}, 0xd315}], 0x6, 0x0, &(0x7f0000001280)={0x0, 0x1c9c380})
munlockall()

2018/04/06 10:22:32 executing program 3:
mount(&(0x7f000000a000)='.', &(0x7f0000852000)='.', &(0x7f0000000000)='ramfs\x00', 0x0, &(0x7f00008a7000))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
sync()
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
umount2(&(0x7f0000000040)='.', 0x4)
r2 = syz_open_dev$tun(&(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0)
syz_genetlink_get_family_id$fou(&(0x7f00000000c0)='fou\x00')
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000300)={'dummy0\x00', 0x1})
umount2(&(0x7f0000000580)='.', 0x4)

2018/04/06 10:22:32 executing program 6:
mount(&(0x7f000000a000)='.', &(0x7f0000852000)='.', &(0x7f0000000000)='ramfs\x00', 0x0, &(0x7f00008a7000))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
sync()
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
umount2(&(0x7f0000000040)='.', 0x4)
r2 = syz_open_dev$tun(&(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0)
syz_genetlink_get_family_id$fou(&(0x7f00000000c0)='fou\x00')
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000300)={'dummy0\x00', 0x1})
umount2(&(0x7f0000000580)='.', 0x4)

2018/04/06 10:22:32 executing program 4:
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000009fe8)={0xaa, 0xe})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000909000/0x4000)=nil, 0x4000}, 0x1})
perf_event_open(&(0x7f0000000000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
madvise(&(0x7f000090b000/0x3000)=nil, 0x3000, 0x4)
mlock(&(0x7f000090b000/0x4000)=nil, 0x4000)
read(r0, &(0x7f0000000300)=""/100, 0x64)

2018/04/06 10:22:32 executing program 5:
r0 = syz_open_dev$mouse(&(0x7f0000000140)='/dev/input/mouse#\x00', 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0)
write$rdma_cm(r0, &(0x7f0000005040)=@create_id={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000005000), 0x111, 0x5}}, 0x20)
write$rdma_cm(r0, &(0x7f0000005080)=ANY=[@ANYBLOB="05008000100000fa"], 0x8)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x3)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
getsockopt$ARPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x63, &(0x7f0000000140)={'NETMAP\x00'}, &(0x7f00000001c0)=0x1e)
socketpair$inet_udp(0x2, 0x2, 0x0, &(0x7f0000000280))
modify_ldt$write(0x1, &(0x7f0000002c80)={0xa1, 0x0, 0xffffffff, 0xcfee, 0x8, 0x2, 0x8000, 0x7, 0x81, 0x8}, 0x10)
r4 = socket$inet6(0xa, 0x0, 0x0)
timer_create(0x7, &(0x7f0000000400)={0x0, 0x35, 0x6, @thr={&(0x7f00000002c0)="3ac5c486460164999320ce70af95be1251ddb77c1bb431d42102d780ac1e17c6b905ef320b3cf6f5606471afd2a72733e117126375d9bcea8d9d7ebcd6d7c8f20c163369ff3410110dc14a6ab7b3aafabbc382d2a85b1935acd5ff0509d960778206a93ef781cf59c4aa9f92dbc5525c406795ef2b4283dbc2692a557dad828448f16ff674dbf134d7143bd38b40", &(0x7f0000000380)}}, &(0x7f0000000440)=<r5=>0x0)
clock_gettime(0x0, &(0x7f00000004c0)={<r6=>0x0, <r7=>0x0})
syz_open_dev$vcsn(&(0x7f0000000680)='/dev/vcs#\x00', 0x2, 0x3fc)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f00000005c0)={<r8=>0x0, 0x8001}, &(0x7f0000000600)=0x8)
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000640)={r8, 0x7f, 0x4}, 0x10)
ioctl$KDMKTONE(r0, 0x4b30, 0xffff)
setsockopt$sock_linger(r4, 0x1, 0xd, &(0x7f00000006c0)={0x0, 0x58}, 0x8)
timer_settime(r5, 0x0, &(0x7f0000000500)={{0x0, 0x989680}, {r6, r7+10000000}}, &(0x7f0000000540))
perf_event_open(&(0x7f0000348f88)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r9 = socket(0x1e, 0x4, 0x0)
getsockopt(r9, 0x10f, 0x84, &(0x7f0000003fb3), &(0x7f0000000000)=0xff5f)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x3)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r2, 0x4010ae68, &(0x7f0000000480))
mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x2000001, 0x18071, 0xffffffffffffffff, 0x0)
mlock(&(0x7f0000000000/0x2000)=nil, 0x2000)
mprotect(&(0x7f0000001000/0x5000)=nil, 0x5000, 0x2)
recvmmsg(0xffffffffffffffff, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000040)=""/36, 0x24}, {&(0x7f0000000080)=""/78, 0x4e}, {&(0x7f0000000700)=""/232, 0xe8}, {&(0x7f0000000800)=""/137, 0x89}, {&(0x7f0000000200)=""/66, 0x42}], 0x5, &(0x7f0000000a40)=""/223, 0xdf, 0x4}, 0x9}, {{&(0x7f0000000b40)=@in6, 0x80, &(0x7f0000001180)=[{&(0x7f0000000bc0)=""/179, 0xb3}, {&(0x7f0000000c80)=""/213, 0xd5}, {&(0x7f0000000d80)=""/126, 0x7e}, {&(0x7f0000000e00)=""/121, 0x79}, {&(0x7f0000000e80)=""/219, 0xdb}, {&(0x7f0000001080)=""/233, 0xe9}], 0x6, &(0x7f0000000580)=""/15, 0xf, 0x3}, 0x9}, {{&(0x7f0000001200)=@ipx, 0x80, &(0x7f00000014c0)=[{&(0x7f00000012c0)=""/83, 0x53}, {&(0x7f0000001340)=""/28, 0x1c}, {&(0x7f0000001380)=""/192, 0xc0}, {&(0x7f0000001440)=""/90, 0x5a}], 0x4, 0x0, 0x0, 0xebcf}, 0x4}, {{0x0, 0x0, &(0x7f0000002880)=[{&(0x7f0000001500)=""/26, 0x1a}, {&(0x7f0000001540)=""/53, 0x35}, {&(0x7f0000001580)=""/93, 0x5d}, {&(0x7f0000001600)=""/4096, 0x1000}, {&(0x7f0000002600)=""/235, 0xeb}, {&(0x7f0000002700)=""/86, 0x56}, {&(0x7f0000002780)=""/96, 0x60}, {&(0x7f0000002800)=""/114, 0x72}], 0x8, &(0x7f0000002900)=""/157, 0x9d, 0x100}, 0x4e}, {{&(0x7f00000029c0)=@pptp={0x0, 0x0, {0x0, @local}}, 0x80, &(0x7f0000002b80)=[{&(0x7f0000002a40)=""/36, 0x24}, {&(0x7f0000002a80)=""/202, 0xca}], 0x2, &(0x7f0000002bc0)=""/22, 0x16}, 0x84a3}, {{&(0x7f0000002c00)=@nl, 0x80, &(0x7f0000002f00)=[{&(0x7f00000031c0)=""/68, 0x44}, {&(0x7f0000002d00)}, {&(0x7f0000002d40)=""/111, 0x6f}, {&(0x7f0000002dc0)=""/131, 0x83}, {&(0x7f0000002e80)=""/90, 0x5a}], 0x5, &(0x7f0000002f80)=""/147, 0x93, 0x7fffffff}, 0xd315}], 0x6, 0x0, &(0x7f0000001280)={0x0, 0x1c9c380})
munlockall()

2018/04/06 10:22:32 executing program 7:
mount(&(0x7f000000a000)='.', &(0x7f0000852000)='.', &(0x7f0000000000)='ramfs\x00', 0x0, &(0x7f00008a7000))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
sync()
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
umount2(&(0x7f0000000040)='.', 0x4)
r2 = syz_open_dev$tun(&(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0)
syz_genetlink_get_family_id$fou(&(0x7f00000000c0)='fou\x00')
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000300)={'dummy0\x00', 0x1})
umount2(&(0x7f0000000580)='.', 0x4)

2018/04/06 10:22:32 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000b3dfc8)={&(0x7f0000001580)={0x10}, 0xc, &(0x7f00000015c0)={&(0x7f0000abf000)={0x18, 0x22, 0x109, 0x0, 0x0, {0x4}, [@nested={0x4, 0x12}]}, 0x18}, 0x1}, 0x0)

2018/04/06 10:22:32 executing program 2:
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000480)='/dev/sequencer2\x00', 0x0, 0x0)
r0 = memfd_create(&(0x7f000003e000)='\'', 0x0)
perf_event_open(&(0x7f0000348f88)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$sndseq(&(0x7f0000d82000)='/dev/snd/seq\x00', 0x0, 0x8000000040102)
r2 = dup2(r1, r1)
write$sndseq(r0, &(0x7f0000e6ffd0)=[{0x0, 0x0, 0x0, 0x3fd}], 0x30)
sendfile(r2, r0, &(0x7f0000000040), 0x80000000)

2018/04/06 10:22:32 executing program 6:
mount(&(0x7f000000a000)='.', &(0x7f0000852000)='.', &(0x7f0000000000)='ramfs\x00', 0x0, &(0x7f00008a7000))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
sync()
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
umount2(&(0x7f0000000040)='.', 0x4)
r2 = syz_open_dev$tun(&(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0)
syz_genetlink_get_family_id$fou(&(0x7f00000000c0)='fou\x00')
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000300)={'dummy0\x00', 0x1})
umount2(&(0x7f0000000580)='.', 0x4)

2018/04/06 10:22:32 executing program 3:
mount(&(0x7f000000a000)='.', &(0x7f0000852000)='.', &(0x7f0000000000)='ramfs\x00', 0x0, &(0x7f00008a7000))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
sync()
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
umount2(&(0x7f0000000040)='.', 0x4)
r2 = syz_open_dev$tun(&(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0)
syz_genetlink_get_family_id$fou(&(0x7f00000000c0)='fou\x00')
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000300)={'dummy0\x00', 0x1})
umount2(&(0x7f0000000580)='.', 0x4)

2018/04/06 10:22:32 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000b3dfc8)={&(0x7f0000001580)={0x10}, 0xc, &(0x7f00000015c0)={&(0x7f0000abf000)={0x18, 0x22, 0x109, 0x0, 0x0, {0x4}, [@nested={0x4, 0x12}]}, 0x18}, 0x1}, 0x0)

2018/04/06 10:22:33 executing program 4:
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000009fe8)={0xaa, 0xe})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000909000/0x4000)=nil, 0x4000}, 0x1})
perf_event_open(&(0x7f0000000000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
madvise(&(0x7f000090b000/0x3000)=nil, 0x3000, 0x4)
mlock(&(0x7f000090b000/0x4000)=nil, 0x4000)
read(r0, &(0x7f0000000300)=""/100, 0x64)

2018/04/06 10:22:33 executing program 7:
mount(&(0x7f000000a000)='.', &(0x7f0000852000)='.', &(0x7f0000000000)='ramfs\x00', 0x0, &(0x7f00008a7000))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
sync()
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
umount2(&(0x7f0000000040)='.', 0x4)
r2 = syz_open_dev$tun(&(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0)
syz_genetlink_get_family_id$fou(&(0x7f00000000c0)='fou\x00')
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000300)={'dummy0\x00', 0x1})
umount2(&(0x7f0000000580)='.', 0x4)

2018/04/06 10:22:33 executing program 5:
r0 = syz_open_dev$mouse(&(0x7f0000000140)='/dev/input/mouse#\x00', 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0)
write$rdma_cm(r0, &(0x7f0000005040)=@create_id={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000005000), 0x111, 0x5}}, 0x20)
write$rdma_cm(r0, &(0x7f0000005080)=ANY=[@ANYBLOB="05008000100000fa"], 0x8)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x3)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
getsockopt$ARPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x63, &(0x7f0000000140)={'NETMAP\x00'}, &(0x7f00000001c0)=0x1e)
socketpair$inet_udp(0x2, 0x2, 0x0, &(0x7f0000000280))
modify_ldt$write(0x1, &(0x7f0000002c80)={0xa1, 0x0, 0xffffffff, 0xcfee, 0x8, 0x2, 0x8000, 0x7, 0x81, 0x8}, 0x10)
r4 = socket$inet6(0xa, 0x0, 0x0)
timer_create(0x7, &(0x7f0000000400)={0x0, 0x35, 0x6, @thr={&(0x7f00000002c0)="3ac5c486460164999320ce70af95be1251ddb77c1bb431d42102d780ac1e17c6b905ef320b3cf6f5606471afd2a72733e117126375d9bcea8d9d7ebcd6d7c8f20c163369ff3410110dc14a6ab7b3aafabbc382d2a85b1935acd5ff0509d960778206a93ef781cf59c4aa9f92dbc5525c406795ef2b4283dbc2692a557dad828448f16ff674dbf134d7143bd38b40", &(0x7f0000000380)}}, &(0x7f0000000440)=<r5=>0x0)
clock_gettime(0x0, &(0x7f00000004c0)={<r6=>0x0, <r7=>0x0})
syz_open_dev$vcsn(&(0x7f0000000680)='/dev/vcs#\x00', 0x2, 0x3fc)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f00000005c0)={<r8=>0x0, 0x8001}, &(0x7f0000000600)=0x8)
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000640)={r8, 0x7f, 0x4}, 0x10)
ioctl$KDMKTONE(r0, 0x4b30, 0xffff)
setsockopt$sock_linger(r4, 0x1, 0xd, &(0x7f00000006c0)={0x0, 0x58}, 0x8)
timer_settime(r5, 0x0, &(0x7f0000000500)={{0x0, 0x989680}, {r6, r7+10000000}}, &(0x7f0000000540))
perf_event_open(&(0x7f0000348f88)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r9 = socket(0x1e, 0x4, 0x0)
getsockopt(r9, 0x10f, 0x84, &(0x7f0000003fb3), &(0x7f0000000000)=0xff5f)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x3)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r2, 0x4010ae68, &(0x7f0000000480))
mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x2000001, 0x18071, 0xffffffffffffffff, 0x0)
mlock(&(0x7f0000000000/0x2000)=nil, 0x2000)
mprotect(&(0x7f0000001000/0x5000)=nil, 0x5000, 0x2)
recvmmsg(0xffffffffffffffff, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000040)=""/36, 0x24}, {&(0x7f0000000080)=""/78, 0x4e}, {&(0x7f0000000700)=""/232, 0xe8}, {&(0x7f0000000800)=""/137, 0x89}, {&(0x7f0000000200)=""/66, 0x42}], 0x5, &(0x7f0000000a40)=""/223, 0xdf, 0x4}, 0x9}, {{&(0x7f0000000b40)=@in6, 0x80, &(0x7f0000001180)=[{&(0x7f0000000bc0)=""/179, 0xb3}, {&(0x7f0000000c80)=""/213, 0xd5}, {&(0x7f0000000d80)=""/126, 0x7e}, {&(0x7f0000000e00)=""/121, 0x79}, {&(0x7f0000000e80)=""/219, 0xdb}, {&(0x7f0000001080)=""/233, 0xe9}], 0x6, &(0x7f0000000580)=""/15, 0xf, 0x3}, 0x9}, {{&(0x7f0000001200)=@ipx, 0x80, &(0x7f00000014c0)=[{&(0x7f00000012c0)=""/83, 0x53}, {&(0x7f0000001340)=""/28, 0x1c}, {&(0x7f0000001380)=""/192, 0xc0}, {&(0x7f0000001440)=""/90, 0x5a}], 0x4, 0x0, 0x0, 0xebcf}, 0x4}, {{0x0, 0x0, &(0x7f0000002880)=[{&(0x7f0000001500)=""/26, 0x1a}, {&(0x7f0000001540)=""/53, 0x35}, {&(0x7f0000001580)=""/93, 0x5d}, {&(0x7f0000001600)=""/4096, 0x1000}, {&(0x7f0000002600)=""/235, 0xeb}, {&(0x7f0000002700)=""/86, 0x56}, {&(0x7f0000002780)=""/96, 0x60}, {&(0x7f0000002800)=""/114, 0x72}], 0x8, &(0x7f0000002900)=""/157, 0x9d, 0x100}, 0x4e}, {{&(0x7f00000029c0)=@pptp={0x0, 0x0, {0x0, @local}}, 0x80, &(0x7f0000002b80)=[{&(0x7f0000002a40)=""/36, 0x24}, {&(0x7f0000002a80)=""/202, 0xca}], 0x2, &(0x7f0000002bc0)=""/22, 0x16}, 0x84a3}, {{&(0x7f0000002c00)=@nl, 0x80, &(0x7f0000002f00)=[{&(0x7f00000031c0)=""/68, 0x44}, {&(0x7f0000002d00)}, {&(0x7f0000002d40)=""/111, 0x6f}, {&(0x7f0000002dc0)=""/131, 0x83}, {&(0x7f0000002e80)=""/90, 0x5a}], 0x5, &(0x7f0000002f80)=""/147, 0x93, 0x7fffffff}, 0xd315}], 0x6, 0x0, &(0x7f0000001280)={0x0, 0x1c9c380})
munlockall()

2018/04/06 10:22:33 executing program 1:
r0 = syz_open_dev$mouse(&(0x7f0000000140)='/dev/input/mouse#\x00', 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0)
write$rdma_cm(r0, &(0x7f0000005040)=@create_id={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000005000), 0x111, 0x5}}, 0x20)
write$rdma_cm(r0, &(0x7f0000005080)=ANY=[@ANYBLOB="05008000100000fa"], 0x8)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x3)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
getsockopt$ARPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x63, &(0x7f0000000140)={'NETMAP\x00'}, &(0x7f00000001c0)=0x1e)
socketpair$inet_udp(0x2, 0x2, 0x0, &(0x7f0000000280))
modify_ldt$write(0x1, &(0x7f0000002c80)={0xa1, 0x0, 0xffffffff, 0xcfee, 0x8, 0x2, 0x8000, 0x7, 0x81, 0x8}, 0x10)
r4 = socket$inet6(0xa, 0x0, 0x0)
timer_create(0x7, &(0x7f0000000400)={0x0, 0x35, 0x6, @thr={&(0x7f00000002c0)="3ac5c486460164999320ce70af95be1251ddb77c1bb431d42102d780ac1e17c6b905ef320b3cf6f5606471afd2a72733e117126375d9bcea8d9d7ebcd6d7c8f20c163369ff3410110dc14a6ab7b3aafabbc382d2a85b1935acd5ff0509d960778206a93ef781cf59c4aa9f92dbc5525c406795ef2b4283dbc2692a557dad828448f16ff674dbf134d7143bd38b40", &(0x7f0000000380)}}, &(0x7f0000000440)=<r5=>0x0)
clock_gettime(0x0, &(0x7f00000004c0)={<r6=>0x0, <r7=>0x0})
syz_open_dev$vcsn(&(0x7f0000000680)='/dev/vcs#\x00', 0x2, 0x3fc)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f00000005c0)={<r8=>0x0, 0x8001}, &(0x7f0000000600)=0x8)
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000640)={r8, 0x7f, 0x4}, 0x10)
ioctl$KDMKTONE(r0, 0x4b30, 0xffff)
setsockopt$sock_linger(r4, 0x1, 0xd, &(0x7f00000006c0)={0x0, 0x58}, 0x8)
timer_settime(r5, 0x0, &(0x7f0000000500)={{0x0, 0x989680}, {r6, r7+10000000}}, &(0x7f0000000540))
perf_event_open(&(0x7f0000348f88)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r9 = socket(0x1e, 0x4, 0x0)
getsockopt(r9, 0x10f, 0x84, &(0x7f0000003fb3), &(0x7f0000000000)=0xff5f)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x3)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r2, 0x4010ae68, &(0x7f0000000480))
mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x2000001, 0x18071, 0xffffffffffffffff, 0x0)
mlock(&(0x7f0000000000/0x2000)=nil, 0x2000)
mprotect(&(0x7f0000001000/0x5000)=nil, 0x5000, 0x2)
recvmmsg(0xffffffffffffffff, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000040)=""/36, 0x24}, {&(0x7f0000000080)=""/78, 0x4e}, {&(0x7f0000000700)=""/232, 0xe8}, {&(0x7f0000000800)=""/137, 0x89}, {&(0x7f0000000200)=""/66, 0x42}], 0x5, &(0x7f0000000a40)=""/223, 0xdf, 0x4}, 0x9}, {{&(0x7f0000000b40)=@in6, 0x80, &(0x7f0000001180)=[{&(0x7f0000000bc0)=""/179, 0xb3}, {&(0x7f0000000c80)=""/213, 0xd5}, {&(0x7f0000000d80)=""/126, 0x7e}, {&(0x7f0000000e00)=""/121, 0x79}, {&(0x7f0000000e80)=""/219, 0xdb}, {&(0x7f0000001080)=""/233, 0xe9}], 0x6, &(0x7f0000000580)=""/15, 0xf, 0x3}, 0x9}, {{&(0x7f0000001200)=@ipx, 0x80, &(0x7f00000014c0)=[{&(0x7f00000012c0)=""/83, 0x53}, {&(0x7f0000001340)=""/28, 0x1c}, {&(0x7f0000001380)=""/192, 0xc0}, {&(0x7f0000001440)=""/90, 0x5a}], 0x4, 0x0, 0x0, 0xebcf}, 0x4}, {{0x0, 0x0, &(0x7f0000002880)=[{&(0x7f0000001500)=""/26, 0x1a}, {&(0x7f0000001540)=""/53, 0x35}, {&(0x7f0000001580)=""/93, 0x5d}, {&(0x7f0000001600)=""/4096, 0x1000}, {&(0x7f0000002600)=""/235, 0xeb}, {&(0x7f0000002700)=""/86, 0x56}, {&(0x7f0000002780)=""/96, 0x60}, {&(0x7f0000002800)=""/114, 0x72}], 0x8, &(0x7f0000002900)=""/157, 0x9d, 0x100}, 0x4e}, {{&(0x7f00000029c0)=@pptp={0x0, 0x0, {0x0, @local}}, 0x80, &(0x7f0000002b80)=[{&(0x7f0000002a40)=""/36, 0x24}, {&(0x7f0000002a80)=""/202, 0xca}], 0x2, &(0x7f0000002bc0)=""/22, 0x16}, 0x84a3}, {{&(0x7f0000002c00)=@nl, 0x80, &(0x7f0000002f00)=[{&(0x7f00000031c0)=""/68, 0x44}, {&(0x7f0000002d00)}, {&(0x7f0000002d40)=""/111, 0x6f}, {&(0x7f0000002dc0)=""/131, 0x83}, {&(0x7f0000002e80)=""/90, 0x5a}], 0x5, &(0x7f0000002f80)=""/147, 0x93, 0x7fffffff}, 0xd315}], 0x6, 0x0, &(0x7f0000001280)={0x0, 0x1c9c380})
munlockall()

2018/04/06 10:22:33 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = gettid()
r2 = syz_open_procfs(r1, &(0x7f0000000100)='stat\x00')
sendfile(r0, r2, &(0x7f0000000180)=0x400000, 0xfffffffffffffffe)

2018/04/06 10:22:33 executing program 2:
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000480)='/dev/sequencer2\x00', 0x0, 0x0)
r0 = memfd_create(&(0x7f000003e000)='\'', 0x0)
perf_event_open(&(0x7f0000348f88)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$sndseq(&(0x7f0000d82000)='/dev/snd/seq\x00', 0x0, 0x8000000040102)
r2 = dup2(r1, r1)
write$sndseq(r0, &(0x7f0000e6ffd0)=[{0x0, 0x0, 0x0, 0x3fd}], 0x30)
sendfile(r2, r0, &(0x7f0000000040), 0x80000000)

2018/04/06 10:22:33 executing program 6:
mount(&(0x7f000000a000)='.', &(0x7f0000852000)='.', &(0x7f0000000000)='ramfs\x00', 0x0, &(0x7f00008a7000))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
sync()
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
umount2(&(0x7f0000000040)='.', 0x4)
r2 = syz_open_dev$tun(&(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0)
syz_genetlink_get_family_id$fou(&(0x7f00000000c0)='fou\x00')
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000300)={'dummy0\x00', 0x1})
umount2(&(0x7f0000000580)='.', 0x4)

2018/04/06 10:22:33 executing program 3:
mount(&(0x7f000000a000)='.', &(0x7f0000852000)='.', &(0x7f0000000000)='ramfs\x00', 0x0, &(0x7f00008a7000))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
sync()
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
umount2(&(0x7f0000000040)='.', 0x4)
r2 = syz_open_dev$tun(&(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0)
syz_genetlink_get_family_id$fou(&(0x7f00000000c0)='fou\x00')
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000300)={'dummy0\x00', 0x1})
umount2(&(0x7f0000000580)='.', 0x4)

2018/04/06 10:22:33 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000000)={0x1, 0x0, [{0x80000001, 0x0, 0x0, 0x0, 0xfffffffffffff1e1}]})
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0xe0000037, 0x0, 0x0, 0x20, 0x0, 0xd01})

2018/04/06 10:22:33 executing program 0:
perf_event_open(&(0x7f0000348f88)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00005c8000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
flock(r1, 0x2)
flock(r0, 0x1)
r2 = gettid()
readv(r0, &(0x7f0000616fa0)=[{&(0x7f0000e4bfb4)=""/57, 0x39}], 0x1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000a44000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x7)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00002cb000)={0x0, r2})
recvmsg(r4, &(0x7f000070bfc8)={&(0x7f00001d6ff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b30000)}, 0x0)
dup2(r0, r4)
tkill(r2, 0x16)
close(r1)

2018/04/06 10:22:33 executing program 1:
r0 = syz_open_dev$mouse(&(0x7f0000000140)='/dev/input/mouse#\x00', 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0)
write$rdma_cm(r0, &(0x7f0000005040)=@create_id={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000005000), 0x111, 0x5}}, 0x20)
write$rdma_cm(r0, &(0x7f0000005080)=ANY=[@ANYBLOB="05008000100000fa"], 0x8)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x3)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
getsockopt$ARPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x63, &(0x7f0000000140)={'NETMAP\x00'}, &(0x7f00000001c0)=0x1e)
socketpair$inet_udp(0x2, 0x2, 0x0, &(0x7f0000000280))
modify_ldt$write(0x1, &(0x7f0000002c80)={0xa1, 0x0, 0xffffffff, 0xcfee, 0x8, 0x2, 0x8000, 0x7, 0x81, 0x8}, 0x10)
r4 = socket$inet6(0xa, 0x0, 0x0)
timer_create(0x7, &(0x7f0000000400)={0x0, 0x35, 0x6, @thr={&(0x7f00000002c0)="3ac5c486460164999320ce70af95be1251ddb77c1bb431d42102d780ac1e17c6b905ef320b3cf6f5606471afd2a72733e117126375d9bcea8d9d7ebcd6d7c8f20c163369ff3410110dc14a6ab7b3aafabbc382d2a85b1935acd5ff0509d960778206a93ef781cf59c4aa9f92dbc5525c406795ef2b4283dbc2692a557dad828448f16ff674dbf134d7143bd38b40", &(0x7f0000000380)}}, &(0x7f0000000440)=<r5=>0x0)
clock_gettime(0x0, &(0x7f00000004c0)={<r6=>0x0, <r7=>0x0})
syz_open_dev$vcsn(&(0x7f0000000680)='/dev/vcs#\x00', 0x2, 0x3fc)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f00000005c0)={<r8=>0x0, 0x8001}, &(0x7f0000000600)=0x8)
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000640)={r8, 0x7f, 0x4}, 0x10)
ioctl$KDMKTONE(r0, 0x4b30, 0xffff)
setsockopt$sock_linger(r4, 0x1, 0xd, &(0x7f00000006c0)={0x0, 0x58}, 0x8)
timer_settime(r5, 0x0, &(0x7f0000000500)={{0x0, 0x989680}, {r6, r7+10000000}}, &(0x7f0000000540))
perf_event_open(&(0x7f0000348f88)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r9 = socket(0x1e, 0x4, 0x0)
getsockopt(r9, 0x10f, 0x84, &(0x7f0000003fb3), &(0x7f0000000000)=0xff5f)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x3)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r2, 0x4010ae68, &(0x7f0000000480))
mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x2000001, 0x18071, 0xffffffffffffffff, 0x0)
mlock(&(0x7f0000000000/0x2000)=nil, 0x2000)
mprotect(&(0x7f0000001000/0x5000)=nil, 0x5000, 0x2)
recvmmsg(0xffffffffffffffff, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000040)=""/36, 0x24}, {&(0x7f0000000080)=""/78, 0x4e}, {&(0x7f0000000700)=""/232, 0xe8}, {&(0x7f0000000800)=""/137, 0x89}, {&(0x7f0000000200)=""/66, 0x42}], 0x5, &(0x7f0000000a40)=""/223, 0xdf, 0x4}, 0x9}, {{&(0x7f0000000b40)=@in6, 0x80, &(0x7f0000001180)=[{&(0x7f0000000bc0)=""/179, 0xb3}, {&(0x7f0000000c80)=""/213, 0xd5}, {&(0x7f0000000d80)=""/126, 0x7e}, {&(0x7f0000000e00)=""/121, 0x79}, {&(0x7f0000000e80)=""/219, 0xdb}, {&(0x7f0000001080)=""/233, 0xe9}], 0x6, &(0x7f0000000580)=""/15, 0xf, 0x3}, 0x9}, {{&(0x7f0000001200)=@ipx, 0x80, &(0x7f00000014c0)=[{&(0x7f00000012c0)=""/83, 0x53}, {&(0x7f0000001340)=""/28, 0x1c}, {&(0x7f0000001380)=""/192, 0xc0}, {&(0x7f0000001440)=""/90, 0x5a}], 0x4, 0x0, 0x0, 0xebcf}, 0x4}, {{0x0, 0x0, &(0x7f0000002880)=[{&(0x7f0000001500)=""/26, 0x1a}, {&(0x7f0000001540)=""/53, 0x35}, {&(0x7f0000001580)=""/93, 0x5d}, {&(0x7f0000001600)=""/4096, 0x1000}, {&(0x7f0000002600)=""/235, 0xeb}, {&(0x7f0000002700)=""/86, 0x56}, {&(0x7f0000002780)=""/96, 0x60}, {&(0x7f0000002800)=""/114, 0x72}], 0x8, &(0x7f0000002900)=""/157, 0x9d, 0x100}, 0x4e}, {{&(0x7f00000029c0)=@pptp={0x0, 0x0, {0x0, @local}}, 0x80, &(0x7f0000002b80)=[{&(0x7f0000002a40)=""/36, 0x24}, {&(0x7f0000002a80)=""/202, 0xca}], 0x2, &(0x7f0000002bc0)=""/22, 0x16}, 0x84a3}, {{&(0x7f0000002c00)=@nl, 0x80, &(0x7f0000002f00)=[{&(0x7f00000031c0)=""/68, 0x44}, {&(0x7f0000002d00)}, {&(0x7f0000002d40)=""/111, 0x6f}, {&(0x7f0000002dc0)=""/131, 0x83}, {&(0x7f0000002e80)=""/90, 0x5a}], 0x5, &(0x7f0000002f80)=""/147, 0x93, 0x7fffffff}, 0xd315}], 0x6, 0x0, &(0x7f0000001280)={0x0, 0x1c9c380})
munlockall()

2018/04/06 10:22:33 executing program 6:
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f00000001c0)={0x18, 0x0, {0x3, @empty, 'syz_tun\x00'}}, 0x1e)
r1 = socket$pppoe(0x18, 0x1, 0x0)
r2 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r2, &(0x7f0000000040)={0x18, 0x0, {0x3, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, 'syz_tun\x00'}}, 0x1e)
connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x3, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, 'gretap0\x00'}}, 0x1e)

2018/04/06 10:22:33 executing program 5:
r0 = syz_open_dev$mouse(&(0x7f0000000140)='/dev/input/mouse#\x00', 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0)
write$rdma_cm(r0, &(0x7f0000005040)=@create_id={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000005000), 0x111, 0x5}}, 0x20)
write$rdma_cm(r0, &(0x7f0000005080)=ANY=[@ANYBLOB="05008000100000fa"], 0x8)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x3)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
getsockopt$ARPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x63, &(0x7f0000000140)={'NETMAP\x00'}, &(0x7f00000001c0)=0x1e)
socketpair$inet_udp(0x2, 0x2, 0x0, &(0x7f0000000280))
modify_ldt$write(0x1, &(0x7f0000002c80)={0xa1, 0x0, 0xffffffff, 0xcfee, 0x8, 0x2, 0x8000, 0x7, 0x81, 0x8}, 0x10)
r4 = socket$inet6(0xa, 0x0, 0x0)
timer_create(0x7, &(0x7f0000000400)={0x0, 0x35, 0x6, @thr={&(0x7f00000002c0)="3ac5c486460164999320ce70af95be1251ddb77c1bb431d42102d780ac1e17c6b905ef320b3cf6f5606471afd2a72733e117126375d9bcea8d9d7ebcd6d7c8f20c163369ff3410110dc14a6ab7b3aafabbc382d2a85b1935acd5ff0509d960778206a93ef781cf59c4aa9f92dbc5525c406795ef2b4283dbc2692a557dad828448f16ff674dbf134d7143bd38b40", &(0x7f0000000380)}}, &(0x7f0000000440)=<r5=>0x0)
clock_gettime(0x0, &(0x7f00000004c0)={<r6=>0x0, <r7=>0x0})
syz_open_dev$vcsn(&(0x7f0000000680)='/dev/vcs#\x00', 0x2, 0x3fc)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f00000005c0)={<r8=>0x0, 0x8001}, &(0x7f0000000600)=0x8)
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000640)={r8, 0x7f, 0x4}, 0x10)
ioctl$KDMKTONE(r0, 0x4b30, 0xffff)
setsockopt$sock_linger(r4, 0x1, 0xd, &(0x7f00000006c0)={0x0, 0x58}, 0x8)
timer_settime(r5, 0x0, &(0x7f0000000500)={{0x0, 0x989680}, {r6, r7+10000000}}, &(0x7f0000000540))
perf_event_open(&(0x7f0000348f88)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r9 = socket(0x1e, 0x4, 0x0)
getsockopt(r9, 0x10f, 0x84, &(0x7f0000003fb3), &(0x7f0000000000)=0xff5f)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x3)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r2, 0x4010ae68, &(0x7f0000000480))
mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x2000001, 0x18071, 0xffffffffffffffff, 0x0)
mlock(&(0x7f0000000000/0x2000)=nil, 0x2000)
mprotect(&(0x7f0000001000/0x5000)=nil, 0x5000, 0x2)
recvmmsg(0xffffffffffffffff, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000040)=""/36, 0x24}, {&(0x7f0000000080)=""/78, 0x4e}, {&(0x7f0000000700)=""/232, 0xe8}, {&(0x7f0000000800)=""/137, 0x89}, {&(0x7f0000000200)=""/66, 0x42}], 0x5, &(0x7f0000000a40)=""/223, 0xdf, 0x4}, 0x9}, {{&(0x7f0000000b40)=@in6, 0x80, &(0x7f0000001180)=[{&(0x7f0000000bc0)=""/179, 0xb3}, {&(0x7f0000000c80)=""/213, 0xd5}, {&(0x7f0000000d80)=""/126, 0x7e}, {&(0x7f0000000e00)=""/121, 0x79}, {&(0x7f0000000e80)=""/219, 0xdb}, {&(0x7f0000001080)=""/233, 0xe9}], 0x6, &(0x7f0000000580)=""/15, 0xf, 0x3}, 0x9}, {{&(0x7f0000001200)=@ipx, 0x80, &(0x7f00000014c0)=[{&(0x7f00000012c0)=""/83, 0x53}, {&(0x7f0000001340)=""/28, 0x1c}, {&(0x7f0000001380)=""/192, 0xc0}, {&(0x7f0000001440)=""/90, 0x5a}], 0x4, 0x0, 0x0, 0xebcf}, 0x4}, {{0x0, 0x0, &(0x7f0000002880)=[{&(0x7f0000001500)=""/26, 0x1a}, {&(0x7f0000001540)=""/53, 0x35}, {&(0x7f0000001580)=""/93, 0x5d}, {&(0x7f0000001600)=""/4096, 0x1000}, {&(0x7f0000002600)=""/235, 0xeb}, {&(0x7f0000002700)=""/86, 0x56}, {&(0x7f0000002780)=""/96, 0x60}, {&(0x7f0000002800)=""/114, 0x72}], 0x8, &(0x7f0000002900)=""/157, 0x9d, 0x100}, 0x4e}, {{&(0x7f00000029c0)=@pptp={0x0, 0x0, {0x0, @local}}, 0x80, &(0x7f0000002b80)=[{&(0x7f0000002a40)=""/36, 0x24}, {&(0x7f0000002a80)=""/202, 0xca}], 0x2, &(0x7f0000002bc0)=""/22, 0x16}, 0x84a3}, {{&(0x7f0000002c00)=@nl, 0x80, &(0x7f0000002f00)=[{&(0x7f00000031c0)=""/68, 0x44}, {&(0x7f0000002d00)}, {&(0x7f0000002d40)=""/111, 0x6f}, {&(0x7f0000002dc0)=""/131, 0x83}, {&(0x7f0000002e80)=""/90, 0x5a}], 0x5, &(0x7f0000002f80)=""/147, 0x93, 0x7fffffff}, 0xd315}], 0x6, 0x0, &(0x7f0000001280)={0x0, 0x1c9c380})
munlockall()

2018/04/06 10:22:33 executing program 3:
unshare(0x20000400)
clone(0x0, &(0x7f0000000140), &(0x7f00000003c0), &(0x7f0000000180), &(0x7f0000000400))
prctl$intptr(0x24, 0x6)

2018/04/06 10:22:33 executing program 7:
mount(&(0x7f000000a000)='.', &(0x7f0000852000)='.', &(0x7f0000000000)='ramfs\x00', 0x0, &(0x7f00008a7000))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
sync()
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
umount2(&(0x7f0000000040)='.', 0x4)
r2 = syz_open_dev$tun(&(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0)
syz_genetlink_get_family_id$fou(&(0x7f00000000c0)='fou\x00')
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000300)={'dummy0\x00', 0x1})
umount2(&(0x7f0000000580)='.', 0x4)

2018/04/06 10:22:33 executing program 6:
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
lseek(0xffffffffffffffff, 0x2, 0x1)
r0 = socket(0x15, 0x80005, 0x0)
getsockopt$bt_BT_CHANNEL_POLICY(r0, 0x114, 0x2710, &(0x7f0000000080), &(0x7f0000000ff8)=0x10225)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0106434, &(0x7f0000000400))
ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40086436, &(0x7f0000000440))
name_to_handle_at(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', &(0x7f0000000340)={0x8}, &(0x7f0000000180), 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000200), 0x0)
r2 = perf_event_open(&(0x7f000025c000)={0x0, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x81}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_ENABLE_CAP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000040)={0x81, 0x0, [0x5, 0x3f, 0x7, 0xfff]})
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200)='/dev/loop-control\x00', 0x200, 0x0)
getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f00007e6fff)=0x4, &(0x7f0000000140)=0xffffffffffffff35)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
ioctl$DRM_IOCTL_DMA(r1, 0xc0286429, &(0x7f0000000800)={0x0, 0x1, &(0x7f0000000540)=[0x4], &(0x7f0000000580)=[0xca9, 0x8, 0x0, 0x6], 0x11, 0x6, 0x8, &(0x7f00000005c0)=[0x2, 0x100000000, 0x5, 0x5, 0x7, 0x616d], &(0x7f00000007c0)=[0xfe, 0xfffffffffffffffe, 0xc1, 0x7, 0x2, 0x328, 0x5, 0x800, 0xfffffffffffffff7]})
r4 = dup3(r2, 0xffffffffffffffff, 0x80000)
ioctl$sock_inet_SIOCADDRT(r1, 0x890b, &(0x7f0000000280)={0x9, {0x2, 0x4e22}, {0x2, 0x4e23, @multicast2=0xe0000002}, {0x2, 0x4e22, @rand_addr=0x1}, 0x100, 0x1, 0x0, 0x1ff, 0x7f, &(0x7f0000000240)='bpq0\x00', 0x1, 0x3, 0xfffffffffffffd46})
syz_genetlink_get_family_id$ipvs(&(0x7f00000004c0)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_SERVICE(r4, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000600)={&(0x7f0000000680)=ANY=[@ANYBLOB="9771bcbfb12d624ff2f252800000000000000094738f8502cd29ca18b2cfcf990f3dafd5a1ead992318b58281003", @ANYBLOB="000828bd7000fcdbdf25030000001c0002000800070008000000080007000010000008000400070000000800060008000000080005001f000000180001001400030000000000000000000000000000000001080005003f000000080006000400000008000600080000000c000300080007004e2100006400020008000900410800000800080005000000080009000500000014000100ff01000000000000000000000000000108000b000200000008000b000a00000008000900ff7f000014000100ac1414aa000000000000000000000000080002004e240000"], 0x2}, 0x1, 0x0, 0x0, 0x5}, 0x40890)

2018/04/06 10:22:34 executing program 5:
sendmsg$alg(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="60c49f1c23119633f124fbb7f003732f3e8e39c9f701aa7f7239aa37343e8ec331714b77c196ef0a89293b50b94a2fe15c9cf5b67927a12239e522c699612a2573e4a54fc64e2d069f1aa7a089bd7f4f2e4a68a681d3400731653ad46d93140ba2", 0x61}], 0x1, &(0x7f0000001480)}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$sock_ifreq(r0, 0x89f0, &(0x7f00000001c0)={'ip6tnl0\x00', @ifru_data=&(0x7f0000000180)="d61a072afa6a2e6e9105a65cf0b08be4d57565e1a85eff283ee23d954743a2e3"})

2018/04/06 10:22:34 executing program 1:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00004a9000)={0x1, &(0x7f00008f0ff8)=[{0x6, 0x0, 0x0, 0x1}]}, 0x10)
sendto$inet6(r0, &(0x7f0000455000)='S', 0x1, 0x0, &(0x7f00009aafe4)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c)

2018/04/06 10:22:34 executing program 0:
perf_event_open(&(0x7f0000348f88)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00005c8000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
flock(r1, 0x2)
flock(r0, 0x1)
r2 = gettid()
readv(r0, &(0x7f0000616fa0)=[{&(0x7f0000e4bfb4)=""/57, 0x39}], 0x1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000a44000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x7)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00002cb000)={0x0, r2})
recvmsg(r4, &(0x7f000070bfc8)={&(0x7f00001d6ff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b30000)}, 0x0)
dup2(r0, r4)
tkill(r2, 0x16)
close(r1)

2018/04/06 10:22:34 executing program 6:
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
lseek(0xffffffffffffffff, 0x2, 0x1)
r0 = socket(0x15, 0x80005, 0x0)
getsockopt$bt_BT_CHANNEL_POLICY(r0, 0x114, 0x2710, &(0x7f0000000080), &(0x7f0000000ff8)=0x10225)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0106434, &(0x7f0000000400))
ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40086436, &(0x7f0000000440))
name_to_handle_at(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', &(0x7f0000000340)={0x8}, &(0x7f0000000180), 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000200), 0x0)
r2 = perf_event_open(&(0x7f000025c000)={0x0, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x81}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_ENABLE_CAP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000040)={0x81, 0x0, [0x5, 0x3f, 0x7, 0xfff]})
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200)='/dev/loop-control\x00', 0x200, 0x0)
getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f00007e6fff)=0x4, &(0x7f0000000140)=0xffffffffffffff35)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
ioctl$DRM_IOCTL_DMA(r1, 0xc0286429, &(0x7f0000000800)={0x0, 0x1, &(0x7f0000000540)=[0x4], &(0x7f0000000580)=[0xca9, 0x8, 0x0, 0x6], 0x11, 0x6, 0x8, &(0x7f00000005c0)=[0x2, 0x100000000, 0x5, 0x5, 0x7, 0x616d], &(0x7f00000007c0)=[0xfe, 0xfffffffffffffffe, 0xc1, 0x7, 0x2, 0x328, 0x5, 0x800, 0xfffffffffffffff7]})
r4 = dup3(r2, 0xffffffffffffffff, 0x80000)
ioctl$sock_inet_SIOCADDRT(r1, 0x890b, &(0x7f0000000280)={0x9, {0x2, 0x4e22}, {0x2, 0x4e23, @multicast2=0xe0000002}, {0x2, 0x4e22, @rand_addr=0x1}, 0x100, 0x1, 0x0, 0x1ff, 0x7f, &(0x7f0000000240)='bpq0\x00', 0x1, 0x3, 0xfffffffffffffd46})
syz_genetlink_get_family_id$ipvs(&(0x7f00000004c0)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_SERVICE(r4, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000600)={&(0x7f0000000680)=ANY=[@ANYBLOB="9771bcbfb12d624ff2f252800000000000000094738f8502cd29ca18b2cfcf990f3dafd5a1ead992318b58281003", @ANYBLOB="000828bd7000fcdbdf25030000001c0002000800070008000000080007000010000008000400070000000800060008000000080005001f000000180001001400030000000000000000000000000000000001080005003f000000080006000400000008000600080000000c000300080007004e2100006400020008000900410800000800080005000000080009000500000014000100ff01000000000000000000000000000108000b000200000008000b000a00000008000900ff7f000014000100ac1414aa000000000000000000000000080002004e240000"], 0x2}, 0x1, 0x0, 0x0, 0x5}, 0x40890)

2018/04/06 10:22:34 executing program 7:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
listen(r0, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x1e, &(0x7f00000dd000), 0x4)

2018/04/06 10:22:34 executing program 2:
perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x46004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x13d}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

2018/04/06 10:22:34 executing program 4:
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000009fe8)={0xaa, 0xe})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000909000/0x4000)=nil, 0x4000}, 0x1})
perf_event_open(&(0x7f0000000000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
madvise(&(0x7f000090b000/0x3000)=nil, 0x3000, 0x4)
mlock(&(0x7f000090b000/0x4000)=nil, 0x4000)
read(r0, &(0x7f0000000300)=""/100, 0x64)

2018/04/06 10:22:34 executing program 3:
capset(&(0x7f0000fc1ff8)={0x4000019980330}, &(0x7f0000001fe8))
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000040)={@ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x14}}}, 0x14)

2018/04/06 10:22:34 executing program 7:
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2000000000008009)
write(r0, &(0x7f00000000c0)="b652b8621e8d00000200000000000000ffffffff0000d29c70068000000000aa1fae1acbe48e60cb315a", 0x2a)

[   49.452818] capability: warning: `syz-executor3' uses 32-bit capabilities (legacy support in use)
2018/04/06 10:22:34 executing program 6:
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
lseek(0xffffffffffffffff, 0x2, 0x1)
r0 = socket(0x15, 0x80005, 0x0)
getsockopt$bt_BT_CHANNEL_POLICY(r0, 0x114, 0x2710, &(0x7f0000000080), &(0x7f0000000ff8)=0x10225)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0106434, &(0x7f0000000400))
ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40086436, &(0x7f0000000440))
name_to_handle_at(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', &(0x7f0000000340)={0x8}, &(0x7f0000000180), 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000200), 0x0)
r2 = perf_event_open(&(0x7f000025c000)={0x0, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x81}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_ENABLE_CAP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000040)={0x81, 0x0, [0x5, 0x3f, 0x7, 0xfff]})
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200)='/dev/loop-control\x00', 0x200, 0x0)
getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f00007e6fff)=0x4, &(0x7f0000000140)=0xffffffffffffff35)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
ioctl$DRM_IOCTL_DMA(r1, 0xc0286429, &(0x7f0000000800)={0x0, 0x1, &(0x7f0000000540)=[0x4], &(0x7f0000000580)=[0xca9, 0x8, 0x0, 0x6], 0x11, 0x6, 0x8, &(0x7f00000005c0)=[0x2, 0x100000000, 0x5, 0x5, 0x7, 0x616d], &(0x7f00000007c0)=[0xfe, 0xfffffffffffffffe, 0xc1, 0x7, 0x2, 0x328, 0x5, 0x800, 0xfffffffffffffff7]})
r4 = dup3(r2, 0xffffffffffffffff, 0x80000)
ioctl$sock_inet_SIOCADDRT(r1, 0x890b, &(0x7f0000000280)={0x9, {0x2, 0x4e22}, {0x2, 0x4e23, @multicast2=0xe0000002}, {0x2, 0x4e22, @rand_addr=0x1}, 0x100, 0x1, 0x0, 0x1ff, 0x7f, &(0x7f0000000240)='bpq0\x00', 0x1, 0x3, 0xfffffffffffffd46})
syz_genetlink_get_family_id$ipvs(&(0x7f00000004c0)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_SERVICE(r4, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000600)={&(0x7f0000000680)=ANY=[@ANYBLOB="9771bcbfb12d624ff2f252800000000000000094738f8502cd29ca18b2cfcf990f3dafd5a1ead992318b58281003", @ANYBLOB="000828bd7000fcdbdf25030000001c0002000800070008000000080007000010000008000400070000000800060008000000080005001f000000180001001400030000000000000000000000000000000001080005003f000000080006000400000008000600080000000c000300080007004e2100006400020008000900410800000800080005000000080009000500000014000100ff01000000000000000000000000000108000b000200000008000b000a00000008000900ff7f000014000100ac1414aa000000000000000000000000080002004e240000"], 0x2}, 0x1, 0x0, 0x0, 0x5}, 0x40890)

2018/04/06 10:22:34 executing program 2:
perf_event_open(&(0x7f000001d000)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_xfrm(0xa, 0x5, 0x84)
getsockopt$bt_hci(r0, 0x84, 0x11, &(0x7f0000000080)=""/4096, &(0x7f0000000000)=0x1000)

2018/04/06 10:22:34 executing program 3:
r0 = eventfd2(0x0, 0x0)
read$eventfd(r0, &(0x7f0000354000), 0x8)
write$eventfd(r0, &(0x7f0000951ff8), 0x8)

2018/04/06 10:22:34 executing program 5:
r0 = getpid()
sched_setaffinity(r0, 0x3c0, &(0x7f0000000240)=0x8000000000000006)
r1 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a45320, &(0x7f0000000280)={{0x80}, "706f7274310000004000000000000000000000d600fffffff0000000000000000000eda40000af000000000700", 0xbfffffffffffffff, 0x2})
readv(r1, &(0x7f0000459000)=[{&(0x7f0000fd5fc3)=""/61, 0x3d}], 0x1)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000000)={0x1, @time={0x77359400}})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000340))
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r1, 0x40505331, &(0x7f00000001c0))
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x0, 0x0)

2018/04/06 10:22:34 executing program 6:
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
lseek(0xffffffffffffffff, 0x2, 0x1)
r0 = socket(0x15, 0x80005, 0x0)
getsockopt$bt_BT_CHANNEL_POLICY(r0, 0x114, 0x2710, &(0x7f0000000080), &(0x7f0000000ff8)=0x10225)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0106434, &(0x7f0000000400))
ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40086436, &(0x7f0000000440))
name_to_handle_at(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', &(0x7f0000000340)={0x8}, &(0x7f0000000180), 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000200), 0x0)
r2 = perf_event_open(&(0x7f000025c000)={0x0, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x81}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_ENABLE_CAP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000040)={0x81, 0x0, [0x5, 0x3f, 0x7, 0xfff]})
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200)='/dev/loop-control\x00', 0x200, 0x0)
getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f00007e6fff)=0x4, &(0x7f0000000140)=0xffffffffffffff35)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
ioctl$DRM_IOCTL_DMA(r1, 0xc0286429, &(0x7f0000000800)={0x0, 0x1, &(0x7f0000000540)=[0x4], &(0x7f0000000580)=[0xca9, 0x8, 0x0, 0x6], 0x11, 0x6, 0x8, &(0x7f00000005c0)=[0x2, 0x100000000, 0x5, 0x5, 0x7, 0x616d], &(0x7f00000007c0)=[0xfe, 0xfffffffffffffffe, 0xc1, 0x7, 0x2, 0x328, 0x5, 0x800, 0xfffffffffffffff7]})
r4 = dup3(r2, 0xffffffffffffffff, 0x80000)
ioctl$sock_inet_SIOCADDRT(r1, 0x890b, &(0x7f0000000280)={0x9, {0x2, 0x4e22}, {0x2, 0x4e23, @multicast2=0xe0000002}, {0x2, 0x4e22, @rand_addr=0x1}, 0x100, 0x1, 0x0, 0x1ff, 0x7f, &(0x7f0000000240)='bpq0\x00', 0x1, 0x3, 0xfffffffffffffd46})
syz_genetlink_get_family_id$ipvs(&(0x7f00000004c0)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_SERVICE(r4, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000600)={&(0x7f0000000680)=ANY=[@ANYBLOB="9771bcbfb12d624ff2f252800000000000000094738f8502cd29ca18b2cfcf990f3dafd5a1ead992318b58281003", @ANYBLOB="000828bd7000fcdbdf25030000001c0002000800070008000000080007000010000008000400070000000800060008000000080005001f000000180001001400030000000000000000000000000000000001080005003f000000080006000400000008000600080000000c000300080007004e2100006400020008000900410800000800080005000000080009000500000014000100ff01000000000000000000000000000108000b000200000008000b000a00000008000900ff7f000014000100ac1414aa000000000000000000000000080002004e240000"], 0x2}, 0x1, 0x0, 0x0, 0x5}, 0x40890)

2018/04/06 10:22:34 executing program 7:
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2000000000008009)
write(r0, &(0x7f00000000c0)="b652b8621e8d00000200000000000000ffffffff0000d29c70068000000000aa1fae1acbe48e60cb315a", 0x2a)

2018/04/06 10:22:35 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000140)={'ip_vti0\x00', &(0x7f00000000c0)=@ethtool_link_settings={0x4c}})

2018/04/06 10:22:35 executing program 1:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00004a9000)={0x1, &(0x7f00008f0ff8)=[{0x6, 0x0, 0x0, 0x1}]}, 0x10)
sendto$inet6(r0, &(0x7f0000455000)='S', 0x1, 0x0, &(0x7f00009aafe4)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c)

2018/04/06 10:22:35 executing program 7:
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2000000000008009)
write(r0, &(0x7f00000000c0)="b652b8621e8d00000200000000000000ffffffff0000d29c70068000000000aa1fae1acbe48e60cb315a", 0x2a)

2018/04/06 10:22:35 executing program 6:
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket(0x11, 0x4000000000080003, 0x0)
mmap(&(0x7f0000399000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)

2018/04/06 10:22:35 executing program 0:
perf_event_open(&(0x7f0000348f88)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00005c8000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
flock(r1, 0x2)
flock(r0, 0x1)
r2 = gettid()
readv(r0, &(0x7f0000616fa0)=[{&(0x7f0000e4bfb4)=""/57, 0x39}], 0x1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000a44000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x7)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00002cb000)={0x0, r2})
recvmsg(r4, &(0x7f000070bfc8)={&(0x7f00001d6ff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b30000)}, 0x0)
dup2(r0, r4)
tkill(r2, 0x16)
close(r1)

2018/04/06 10:22:35 executing program 4:
r0 = socket(0x10, 0x3, 0x0)
write(r0, &(0x7f0000951000)="2400000032001f1546f9ff7f0000055b090007010c00020050ff01000000000000000000", 0x24)

2018/04/06 10:22:35 executing program 5:
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sndseq(&(0x7f0000832ff3)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r0, 0xc0305302, &(0x7f0000000100))

2018/04/06 10:22:35 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000], 0x1}, {[], @icmpv6=@dest_unreach={0xffffff88, 0x0, 0x0, 0x0, [0x14], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x2], 0x1}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, 0x0)

2018/04/06 10:22:35 executing program 4:
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000289000)={&(0x7f0000cf1ff4)={0x10}, 0xc, &(0x7f0000703000)={&(0x7f000023f000)=ANY=[@ANYBLOB="84000000000000000000000000000000005b659a62290ffc380c2dbfc75e8917e101000006000000001cb4e2bf501db1bb948decd8337f6d63cc8769c29c4d91b0325df0be48b748d3050bc1700612dbc3080c91125fa158cf0d70309f7f19cc7c8262d73295c0351575a9e8aa5944f2a432a15b3fe56aa566ce5ccee93b17c20b412e"], 0x83}, 0x1}, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000020, &(0x7f000023f000)=0xa, 0x20b)
connect$inet6(r0, &(0x7f000053b000)={0xa, 0x4e20}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
r2 = dup(r0)
sendmsg$kcm(r2, &(0x7f00000002c0)={&(0x7f0000000000)=@pppoe={0x18, 0x0, {0x0, @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, 'ip6gre0\x00'}}, 0x1e, &(0x7f0000001340)}, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
tkill(r1, 0x15)

2018/04/06 10:22:35 executing program 2:
r0 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000100)})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}]})

2018/04/06 10:22:35 executing program 3:
r0 = epoll_create1(0x0)
mknod(&(0x7f000086c000)='./file0\x00', 0x103d, 0x0)
r1 = open$dir(&(0x7f00004be000)='./file0\x00', 0x80000880, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00004ffff4))
creat(&(0x7f00007dc000)='./file0\x00', 0x0)

2018/04/06 10:22:35 executing program 6:
r0 = socket$inet_dccp(0x2, 0x6, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x160, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000300], 0x0, &(0x7f0000001480), &(0x7f0000000300)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff010000000d00000000000000000073697430000000000000000000000000658b85a9a9160d9b2fc6acb15e000000626f6e64300000000000000000000000766c616e300000000000000000000000ffffffffffff0000000000000000000000000000000000000000a0000000a0000000d00000006d61726b5f6d00000000000000000000000000000000000000000000000000000c00000000000000000000f79d10e300646e6174000000000000000000000000000000000000000000000000000000000c000000ffffffffffff0000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000001000000fcffffff00000000"]}, 0x1b0)

2018/04/06 10:22:35 executing program 7:
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2000000000008009)
write(r0, &(0x7f00000000c0)="b652b8621e8d00000200000000000000ffffffff0000d29c70068000000000aa1fae1acbe48e60cb315a", 0x2a)

2018/04/06 10:22:35 executing program 1:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00004a9000)={0x1, &(0x7f00008f0ff8)=[{0x6, 0x0, 0x0, 0x1}]}, 0x10)
sendto$inet6(r0, &(0x7f0000455000)='S', 0x1, 0x0, &(0x7f00009aafe4)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c)

2018/04/06 10:22:35 executing program 5:
r0 = socket$can_raw(0x1d, 0x3, 0x1)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000001fc8)={0x0, 0x0, &(0x7f0000006f90)=[{&(0x7f0000000000)="53f6fb15d892e6892be53cbc6efef35bb9365c2a3b73c6486ef250756c10c183816a0eb4937a39522a46625e7129b5a04244f63c9856e81f1d19d6589a33c7f86b5f95bc7b97922b0c323286b7aecf1af6d4c1390f039943cecff64d8d79f2d78e256a308ab9d7e959af1ffec61405cc6594fc5f555ab3c3eff47a7abdb60bc24a4fc48457b1cfab122059dc1066e7aedcb23152276b9fa08b835f5eb186f520c1da393f5163b4836ba176852357e44389ef60871a04d95d4038b477813e8fb62b10678e7680f9ff1f02241758f8bbd2", 0xd0}], 0x1, &(0x7f0000002f00)}, 0x0)
bind$can_raw(r0, &(0x7f0000003ff0)={0x1d}, 0x10)
setsockopt(r0, 0x65, 0x1, &(0x7f0000000000), 0x170)

[   50.812148] binder: BINDER_SET_CONTEXT_MGR already set
2018/04/06 10:22:35 executing program 5:
mmap(&(0x7f0000003000/0xffc000)=nil, 0xffc000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_buf(r0, 0x29, 0x44, &(0x7f0000ab2fe2)=""/30, &(0x7f00000000c0)=0x1e)

[   50.864891] binder: 6007:6008 ioctl 40046207 0 returned -16
2018/04/06 10:22:36 executing program 6:
syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket(0x1e, 0x1, 0x0)
getsockopt(r1, 0x10f, 0x80, &(0x7f0000000000)=""/4, &(0x7f0000000ffc)=0xffffffffffffff7e)
sendmsg$nl_route(r0, &(0x7f0000000300)={&(0x7f0000000180)={0x10}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)=@ipv6_deladdr={0x2c, 0x15, 0x29, 0x0, 0x0, {0xa, 0xbf}, [@IFA_LOCAL={0x14, 0x2, @mcast2={0xff, 0x2, [], 0x1}}]}, 0x2c}, 0x1}, 0x0)

2018/04/06 10:22:36 executing program 7:
r0 = socket$inet6(0xa, 0x80002, 0x88)
recvfrom$inet6(r0, &(0x7f0000fbef6d)=""/185, 0xb9, 0x0, 0x0, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f00000000c0)=0x1, 0xffffff96)
bind$inet6(r0, &(0x7f00008a8000)={0xa, 0x4e23}, 0x1c)
r1 = socket$inet6(0xa, 0x8000000000000802, 0x88)
sendmsg$inet_sctp(r1, &(0x7f0000a29000)={&(0x7f00005dafe4)=@in6={0xa, 0x4e23, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c, &(0x7f0000fc8000)}, 0x0)

2018/04/06 10:22:36 executing program 2:
r0 = syz_open_dev$sndseq(&(0x7f0000000140)='/dev/snd/seq\x00', 0x0, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a45352, &(0x7f0000000240)={{}, 'port1\x00'})

2018/04/06 10:22:36 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000080))
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000580)=ANY=[])
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000200)={0x2, 0x0, [{0x0, 0x1, 0x0, 0x0, @irqchip={0xfff}}, {}]})
getpgrp(0x0)

2018/04/06 10:22:36 executing program 4:
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x200000000003, 0x2)
setsockopt$inet_int(r0, 0x0, 0xd0, &(0x7f0000000080), 0x4)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuacct.usage_percpu_user\x00', 0x0, 0x0)
setsockopt$l2tp_PPPOL2TP_SO_LNSMODE(r1, 0x111, 0x4, 0x0, 0x4)

2018/04/06 10:22:36 executing program 1:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00004a9000)={0x1, &(0x7f00008f0ff8)=[{0x6, 0x0, 0x0, 0x1}]}, 0x10)
sendto$inet6(r0, &(0x7f0000455000)='S', 0x1, 0x0, &(0x7f00009aafe4)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c)

2018/04/06 10:22:36 executing program 5:
socket$nl_generic(0x10, 0x3, 0x10)
sysfs$2(0x2, 0x101, &(0x7f0000000180)=""/78)
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = open(&(0x7f0000000000)='./file0\x00', 0x22800, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000080), 0xfffffffffffffea4)
r1 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x2, 0x28001)
write$evdev(r1, &(0x7f0000000040)=[{{}, 0x1, 0x200000000200046, 0x6}, {}], 0x30)
sysfs$1(0x1, &(0x7f0000000640)="666f75005ca64b13eb74d9e72bb8d69e6c28bd40c0c55df08b10928eabce121179a30768161262912b8a97088f9daf41f6faf1563758")
arch_prctl(0x0, &(0x7f0000000280)="edf53781592740da52f90f4837a8d2a11d44d0c32106c7f8f1eebd09bb1c69daf5ae6084751cac375b2cb845c9460f455b7da5e4c98b6fc83e1765e408f10f0eacf04805a02c883c80bd626b28ffe6c11af64709e8166d270dc31390503405c48b697af8ede8273314a3e730a3ba416ca1f80d17417b308f4a8421249d1571d97bcb32cf357f1762b72fb339b9375407880a9a26701f8e82d6f3ac5ed7bc6acdab8dfe31de24bef747082174dc23c88f47a71ed9ca375867feb2cef4cf4e987b935d9ca99e4b9868427a8babf451ba562126b2b4414eadea1378565e83b8498d")
execveat(r0, &(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[&(0x7f0000000200)='fou\x00', &(0x7f0000000380)='\x00', &(0x7f00000003c0)='\x00', &(0x7f0000000400)='/dev/input/event#\x00', &(0x7f0000000440)='\x00', &(0x7f0000000480)='{/cgroupuser$\x00'], &(0x7f0000000600)=[&(0x7f0000000500)='/dev/ptmx\x00', &(0x7f0000000540)='cpuset\x00', &(0x7f0000000580)='/dev/input/event#\x00', &(0x7f00000005c0)='fou\x00'], 0x100)
ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc004240a, &(0x7f0000000240)={0x6, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x10401, 0x0)

2018/04/06 10:22:36 executing program 0:
perf_event_open(&(0x7f0000348f88)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00005c8000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
flock(r1, 0x2)
flock(r0, 0x1)
r2 = gettid()
readv(r0, &(0x7f0000616fa0)=[{&(0x7f0000e4bfb4)=""/57, 0x39}], 0x1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000a44000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x7)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00002cb000)={0x0, r2})
recvmsg(r4, &(0x7f000070bfc8)={&(0x7f00001d6ff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b30000)}, 0x0)
dup2(r0, r4)
tkill(r2, 0x16)
close(r1)

2018/04/06 10:22:36 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f00000001c0)={@remote={0xfe, 0x80, [], 0xbb}}, 0x14)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00', <r2=>0x0})
setsockopt$inet6_mreq(r0, 0x29, 0x40000000000001c, &(0x7f0000000200)={@remote={0xfe, 0x80, [], 0xbb}, r2}, 0x14)

2018/04/06 10:22:36 executing program 3:
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/igmp6\x00')
r1 = socket$kcm(0x29, 0x2, 0x0)
sendfile(r1, r0, &(0x7f0000301ff8)=0x3, 0xffffffff)

2018/04/06 10:22:36 executing program 1:
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000}, 0x10)
mremap(&(0x7f0000399000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f0000ffe000/0x2000)=nil)
r0 = socket$l2tp(0x18, 0x1, 0x1)
connect$l2tp(r0, &(0x7f0000e71000)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}}, 0x32)
ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000e7a000))

2018/04/06 10:22:36 executing program 4:
r0 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x6e, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}], 0xa)

2018/04/06 10:22:36 executing program 5:
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='ns/cgroup\x00')
setns(r0, 0x0)
connect$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random="b4ee8007aa4c"}, 0x14)

2018/04/06 10:22:36 executing program 6:
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_ifreq(r0, 0x89f0, &(0x7f0000000180)={'ip6gre0\x00', @ifru_data=&(0x7f0000000000)="ac8be4abd0f79d6325ae476aab5970a3131f2fb4bbfb3c75500e33d0612f430d"})

2018/04/06 10:22:37 executing program 4:
perf_event_open(&(0x7f000001d000)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$unix(0x1, 0x805, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = dup(r0)
ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f0000000000))

2018/04/06 10:22:37 executing program 1:
ioctl$KDGKBMODE(0xffffffffffffffff, 0x4b44, &(0x7f00000000c0))
r0 = socket$inet6(0xa, 0x3, 0xe2)
setsockopt$inet6_int(r0, 0x29, 0x7, &(0x7f0000000040)=0x4, 0x4)

2018/04/06 10:22:37 executing program 2:
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000180), &(0x7f00000011c0)=0x8)

2018/04/06 10:22:37 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000600)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = mmap$binder(&(0x7f000000c000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0)
sendmsg$alg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000000c0)}], 0x1, &(0x7f0000000fc0)=ANY=[], 0x0, 0x20000000}, 0x4000)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11624840"], 0x0, 0x0, &(0x7f0000011f9d)})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000f80)={0x18, 0x0, &(0x7f0000000d40)=[@free_buffer={0x40086303, r1}, @free_buffer={0x40086303, r1}], 0x0, 0x0, &(0x7f0000000e80)})
pipe(&(0x7f0000000280)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
accept4$packet(0xffffffffffffff9c, &(0x7f00000003c0)={0x0, 0x0, <r4=>0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000000400)=0x14, 0x800)
ioctl$TIOCGSID(r3, 0x5429, &(0x7f00000000c0))
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xb, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000005200000000000000040000001800f9ff06000000200000000700000018170000"], &(0x7f0000000340)='GPL\x00', 0xffff, 0x19, &(0x7f0000000380)=""/25, 0x41f00, 0x1, [], r4}, 0x48)
r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cuse\x00', 0x0, 0x0)
ioctl$TIOCLINUX5(r5, 0x541c, &(0x7f0000000200)={0x5, 0x3, 0xffffffffffffffe1, 0x4})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r5, 0x4010ae68, &(0x7f0000000240)={0x5000, 0x10000})
ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0xd000)
set_mempolicy(0x3, &(0x7f0000000080)=0x1000000008076db, 0xff)
r6 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/enforce\x00', 0x4041, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r2, 0x84, 0x70, &(0x7f0000000640)={<r7=>0x0, @in6={{0xa, 0x4e21, 0x4, @ipv4={[], [0xff, 0xff], @loopback=0x7f000001}, 0x5e}}, [0x8ec9, 0x8, 0xffffffff, 0xbc0, 0xcc34, 0x4, 0x7, 0x4, 0x4c05, 0x0, 0x100000000, 0x8, 0x80000001, 0xa2b0]}, &(0x7f0000000140)=0x100)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000740)={r7, @in6={{0xa, 0x4e20, 0xf61, @remote={0xfe, 0x80, [], 0xbb}, 0x400}}, 0x9, 0x9, 0x24e7, 0xffffffffffffffae, 0x2}, &(0x7f0000000180)=0x98)
pwrite64(r6, &(0x7f0000000400), 0xfffffffffffffcdc, 0x0)

2018/04/06 10:22:37 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0x8000000000000008, &(0x7f0000002180)=0x7fffffff, 0x4)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000ef0ffc)=0x7fe, 0x4)
sendto$inet(r0, &(0x7f0000edf000), 0x0, 0x0, &(0x7f0000ee9ff0)={0x2, 0x4e20}, 0x10)
recvmsg(r0, &(0x7f0000000380)={&(0x7f0000000000)=@pppol2tpv3in6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @loopback}}}, 0x80, &(0x7f0000000280), 0x0, &(0x7f00000002c0)=""/131, 0x83}, 0x0)
recvmsg(r0, &(0x7f0000bd9000)={0x0, 0x0, &(0x7f0000eee000), 0x0, &(0x7f0000b18faf)=""/81, 0x51}, 0x40002106)

2018/04/06 10:22:37 executing program 6:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'sit0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000200)={&(0x7f0000000240)={0x10, 0xfffffff0}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@setlink={0x28, 0x13, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_MASTER={0x8, 0xa, 0xf}]}, 0x28}, 0x1}, 0x0)

2018/04/06 10:22:37 executing program 5:
syz_emit_ethernet(0x36, &(0x7f0000000200)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback=0x7f000001, @remote={0xac, 0x14, 0x14, 0xbb}}, @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, &(0x7f0000775000))

2018/04/06 10:22:37 executing program 7:
capset(&(0x7f0000c2eff8)={0x4000019980330}, &(0x7f0000001fe8))
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000340)=@mangle={'mangle\x00', 0x1f, 0x6, 0x3ec, 0x360, 0x448, 0x360, 0x200, 0x0, 0x550, 0x550, 0x550, 0x550, 0x550, 0x6, &(0x7f00000002c0), {[{{@ip={@rand_addr, @remote={0xac, 0x14, 0x14, 0xbb}, 0x0, 0x0, 'tunl0\x00', 'ip_vti0\x00'}, 0x0, 0x70, 0xb4}, @common=@inet=@TEE={0x44, 'TEE\x00', 0x1, {@ipv6, 'bpq0\x00'}}}, {{@uncond, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00'}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00'}}, {{@uncond, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast1=0xe0000001}}}, {{@uncond, 0x0, 0x70, 0x94}, @TTL={0x24, 'TTL\x00'}}], {{[], 0x0, 0x70, 0x94}, {0x24, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x448)

[   52.708429] binder: 6104:6105 unknown command 1078485521
[   52.714577] bond0: sit0 is up - this may be due to an out of date ifenslave
[   52.719558] binder: 6104:6105 ioctl c0306201 20000040 returned -22
[   52.742552] binder: 6104:6105 BC_FREE_BUFFER u000000002000c000 no match
2018/04/06 10:22:37 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f000001b000)={@multicast2=0xe0000002, @loopback=0x7f000001, @loopback=0x7f000001}, 0xc)
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000008000)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
dup2(r0, r1)
getsockopt$inet_buf(r1, 0x0, 0x30, &(0x7f0000008000)=""/144, &(0x7f0000004000)=0x100d2)

2018/04/06 10:22:37 executing program 5:
syz_emit_ethernet(0x36, &(0x7f0000000200)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback=0x7f000001, @remote={0xac, 0x14, 0x14, 0xbb}}, @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, &(0x7f0000775000))

2018/04/06 10:22:37 executing program 7:
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000982ff9)='mqueue\x00', 0x0, &(0x7f0000000080))
rmdir(&(0x7f0000000140)='./file0\x00')
r0 = syz_open_dev$vcsn(&(0x7f0000000340)='/dev/vcs#\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x0, 0x7, &(0x7f0000000100)=ANY=[@ANYBLOB="ffff00070000000020000000000000009500000000000000e70627b90a771e17ec30b3975cd2aaffffdd890000000000000000000000f00000"], &(0x7f0000000080)='GPL\x00', 0x0, 0xb2, &(0x7f0000000200)=""/178}, 0x48)
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
syz_emit_ethernet(0x437, &(0x7f0000000700)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@ipv6={0x86dd, {0x0, 0x6, "c22df7", 0x401, 0x11, 0x0, @dev={0xfe, 0x80}, @local={0xfe, 0x80, [], 0xaa}, {[], @dccp={{0x0, 0x4e20, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}, "2b00b32def4f1142b6793bb530f9b20e90aa25d5c2b9431efd840a07c1922833b2c789aefbbaee9f63cbab38a8acfb8dba0595ecb683e74ea2bc44a7aee9c52e18ca01c06a5c354712b8b1ff75f45ba55a3487c83849023d37e037d2d3e3e842e9ba099e9ed8775d1173d8e78335aa65d58f54c1d78d4fce897cfefa24b7f268f90be76c7f4e1bfe4d84a869353e931c3732afea55697618a1318ecb657b34172b93fd59d7988d43630cf81e976a0ea01fd8b2547ab593bc605c985f56664b84ed3c9f90ffb666e030c794e2d2d5070af38d83dc275da88cfe6910b2ded59f6c418af5d247237eceb14857c1d7c3ee32e729d9793040f8f4e432eb875a89fe31cbed117f0e76643797169fba3dac3f377d145ce97980ba626da7a279e698a9e040a22d63c535f0ee06adb59e9e06ad7295e6601f3a5fe9b581975993c6c775734212bccb26288d42a672c965d40e80d0e1908f04425a60a08241378ec7ff88315de073b64c5f9647e51732be34988e0948f12e6c560bedbece811bca501d4389dbfe20e4df5160cd7324c0670c7b3e8980b061e31b1c8461d6f7a63f9e9fd24326924c076e01631a0b9703a6106accfaa064075fa1f16e16c5171b6a324e8642b2ab76618b824110c312ab12d9f65d6a980634a6a7cba8bf89e01a91259f446232476a1c490982636b78d1300befab1a2f6e8261e07336c5692db37bb7d3cebf4a942b62f2fa6cceb7e488aa02b2e52c6f82bd3792845fff41cce52e0469d14821ce11491864860c11421a92dae3152eb23106a0c679d2b1f0a9809b56abdcf893f9531508f24e64ec911fd8e8b3c8fd2291f1a7b910222c38533d4caadac9acd194be7e53549c1719bdf668887a0e19db83b5356f8f7d93cbef1ef3505dcc40d0d2a02a2745ab518979b9c3774babfe8e70ead767c7a00289b8cc6e51d1a957548270cb3f5064961a88f61b34f9442d78ae5a8551713f9afb4269d689f9adb6b4a902a637184f7f899efe9fa0ddb45cd1076c4eeeda51ca8dc20dcfc9cc5f56768073b3f4c2c9f543324a4fd0b8bc7b95e232bf85bf222394fa4336ab4007d7ad2dc85afa6eb79ad2624c4be6c674ee98fce9a51786b7cc2b5044de114d36d2690e13bcedf96590c7d5aeb8040b74c4d6a5aa38a7c1f0857522f4f968795056b9a7034dc3444784f9486b575e44dec3216d72845500e63297d7197961e7e593ea3411001d1d47ba42d70e7af8e91246c02d7e37ff0eb60abebc37dd00315b4fbb09e77a6b5f7e8441818ebcfafecf622731f1db8a11fa2de8e30d808bedbfee104b3b1100f5094675521da07dd2a28be7e486b325a0f0e6d75116be1bbc2aa20deb64a6e4e7b824b12d009e6f1802f5a8e31559b125d71d00a5684fbde4668f5af1eb4ca04fa7c4ef4d2a194b0856e007"}}}}}}, &(0x7f0000001780))
sendto$inet6(r1, &(0x7f00000000c0), 0x0, 0x0, &(0x7f00000001c0)={0xa, 0x4e20}, 0x1c)
getsockopt$netrom_NETROM_T4(r0, 0x103, 0x6, &(0x7f0000000380)=0xffff, &(0x7f00000003c0)=0x4)
recvfrom$inet6(r1, &(0x7f00000000c0)=""/191, 0x1457, 0x0, 0x0, 0x0)
ioctl$KDSETMODE(0xffffffffffffffff, 0x4b3a, 0x0)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f00000000c0))
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup\x00', 0x200002, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x7, &(0x7f0000000180)=0x7, 0x4)

[   52.752876] binder: 6104:6105 BC_FREE_BUFFER u000000002000c000 no match
2018/04/06 10:22:37 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={0x73, 0x79, 0x7a}, 0x0, 0x0, r0)
add_key$user(&(0x7f0000c24ffb)='user\x00', &(0x7f00003ebffb)={0x73, 0x79, 0x7a, 0x2}, &(0x7f0000000300)="0000000000000001e3a255ec4a8d9d652d0536c67b9695cfb4c29da627ab9e5e0587e50ec159997396abc344a7d9f563a3e3af2d90a5dfb56e3a2b4717cdf8f03fdf022186424d68996f51a7b3f20108f152bfd57ac5a50bf34a106249d0216d5c98c41df97cd7d5032e9c632e4715a226907aabbfc5b3f2e96bf30394748010a3f5c3601c8886fdfa17663e2ddafbd443a9b79bde2197946eefe3100cd8cc3d20c312e177461c385cd81d1db7fa17798b9aca4e5e276cd5ffd29b2d7e93199b03227462b24eea053d440293d695c46b91c06393477cc20ec63bfdb00eed2aa5c009de7fbfbdb3b820b194d0a0be6d6f83da3c0f5bc590bc", 0xf8, r1)
setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x9a4836a14aa36027, &(0x7f0000000400)={@local={0xac, 0x14, 0x14, 0xaa}, @dev={0xac, 0x14, 0x14, 0x14}}, 0x8)
r2 = add_key$user(&(0x7f0000ef5000)='user\x00', &(0x7f00008fa000)={0x73, 0x79, 0x7a}, &(0x7f0000537ffd)="0003", 0x2, r1)
r3 = add_key$user(&(0x7f0000000140)='user\x00', &(0x7f00008d9ffb)={0x73, 0x79, 0x7a}, &(0x7f0000000180)="b33ab760d897c094255cf9fbf6a72319a95779ebe0d14f729cd653e520d29ad7ef0000000000000044c249b544230b9387fb8bd6ed266ccf59ef70995bf2e8e0ecd3fff32853747eda22d2818d08ca27e0ec821620e365a0e6b9485f2d925493f62113e33e5f8c7eba67fc19a9497f5b07e5849d2e875b066cd6401d36616fe0f3c3002801b4627ee7597689525e8e81f750a86eb580fb4690ea52246bd3d32b1a91f944edb74b1f50ae08c5387ed8fd2498b600579f3af3f864e1c324f6928f6672f98f7e149bd61bd78b506e8bd69b02620d72ea326556ce5ce1c0c75d96ac0000000000000007480192b6e519bf7c0b700d89139a40b7fb8e06a9237d7eb0d0cf97621525f940ec3ab0a2430391ad4f096c7fb9140f5a2e1a6cabf9e36b0e640fb93f04da34b1375915fbb9021327479657d2537b47fe15099bcdccb9e423e4210a1e48c1aa88ad42f86c6c7c0e0aacd3324793756cc056f99584fb45b3c31d58797f5836b1f914231306c0f427e04b", 0x171, r1)
r4 = request_key(&(0x7f0000a98ffb)='user\x00', &(0x7f0000626000)={0x73, 0x79, 0x7a, 0x2}, &(0x7f0000dde000)="2f6465612f7675746f66730719", 0x0)
keyctl$dh_compute(0x17, &(0x7f00004c8ff4)={r2, r3, r4}, &(0x7f00005cd000), 0x0, &(0x7f000010c000)={&(0x7f0000bf4ff3)={'ghash-generic\x00'}, &(0x7f0000000000)})
openat$mixer(0xffffffffffffff9c, &(0x7f0000000440)='/dev/mixer\x00', 0x650200, 0x0)

[   52.784657] bond0: sit0 is up - this may be due to an out of date ifenslave
[   52.793885] binder: BINDER_SET_CONTEXT_MGR already set
2018/04/06 10:22:37 executing program 4:
perf_event_open(&(0x7f000001d000)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$unix(0x1, 0x805, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = dup(r0)
ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f0000000000))

2018/04/06 10:22:37 executing program 5:
syz_emit_ethernet(0x36, &(0x7f0000000200)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback=0x7f000001, @remote={0xac, 0x14, 0x14, 0xbb}}, @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, &(0x7f0000775000))

2018/04/06 10:22:37 executing program 2:
perf_event_open(&(0x7f0000348f88)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000ff4)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r0, 0x7709, 0x0)

[   52.833771] binder: 6104:6105 ioctl 40046207 0 returned -16
[   52.867541] binder: 6104:6136 unknown command 1078485521
2018/04/06 10:22:37 executing program 6:
pipe(&(0x7f0000160ff8)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
pipe(&(0x7f0000058ff8)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
vmsplice(r2, &(0x7f0000620000)=[{&(0x7f0000d24fff)='F', 0x1}], 0x1, 0x0)
fcntl$setpipe(r0, 0x407, 0x0)
tee(r1, r0, 0x7, 0x0)
tee(r1, r0, 0x86eb, 0xf)

2018/04/06 10:22:37 executing program 4:
perf_event_open(&(0x7f000001d000)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$unix(0x1, 0x805, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = dup(r0)
ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f0000000000))

[   52.905157] binder: 6104:6136 ioctl c0306201 20000040 returned -22
[   52.944482] binder: 6104:6105 BC_FREE_BUFFER u000000002000c000 no match
[   52.985145] binder: 6104:6105 BC_FREE_BUFFER u000000002000c000 no match
[   53.110214] syz-executor3 (6123) used greatest stack depth: 14536 bytes left
2018/04/06 10:22:38 executing program 5:
syz_emit_ethernet(0x36, &(0x7f0000000200)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback=0x7f000001, @remote={0xac, 0x14, 0x14, 0xbb}}, @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, &(0x7f0000775000))

2018/04/06 10:22:38 executing program 6:
perf_event_open(&(0x7f0000d2af88)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0x0, <r0=>0x0})
r1 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r1, &(0x7f0000000040)=@file={0x1, './file0\x00'}, 0xa)
sendmmsg(r0, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000000300), 0x1b5, &(0x7f0000000600)}}], 0x2, 0x0)

2018/04/06 10:22:38 executing program 4:
perf_event_open(&(0x7f000001d000)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$unix(0x1, 0x805, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = dup(r0)
ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f0000000000))

2018/04/06 10:22:38 executing program 7:
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000982ff9)='mqueue\x00', 0x0, &(0x7f0000000080))
rmdir(&(0x7f0000000140)='./file0\x00')
r0 = syz_open_dev$vcsn(&(0x7f0000000340)='/dev/vcs#\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x0, 0x7, &(0x7f0000000100)=ANY=[@ANYBLOB="ffff00070000000020000000000000009500000000000000e70627b90a771e17ec30b3975cd2aaffffdd890000000000000000000000f00000"], &(0x7f0000000080)='GPL\x00', 0x0, 0xb2, &(0x7f0000000200)=""/178}, 0x48)
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
syz_emit_ethernet(0x437, &(0x7f0000000700)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@ipv6={0x86dd, {0x0, 0x6, "c22df7", 0x401, 0x11, 0x0, @dev={0xfe, 0x80}, @local={0xfe, 0x80, [], 0xaa}, {[], @dccp={{0x0, 0x4e20, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}, "2b00b32def4f1142b6793bb530f9b20e90aa25d5c2b9431efd840a07c1922833b2c789aefbbaee9f63cbab38a8acfb8dba0595ecb683e74ea2bc44a7aee9c52e18ca01c06a5c354712b8b1ff75f45ba55a3487c83849023d37e037d2d3e3e842e9ba099e9ed8775d1173d8e78335aa65d58f54c1d78d4fce897cfefa24b7f268f90be76c7f4e1bfe4d84a869353e931c3732afea55697618a1318ecb657b34172b93fd59d7988d43630cf81e976a0ea01fd8b2547ab593bc605c985f56664b84ed3c9f90ffb666e030c794e2d2d5070af38d83dc275da88cfe6910b2ded59f6c418af5d247237eceb14857c1d7c3ee32e729d9793040f8f4e432eb875a89fe31cbed117f0e76643797169fba3dac3f377d145ce97980ba626da7a279e698a9e040a22d63c535f0ee06adb59e9e06ad7295e6601f3a5fe9b581975993c6c775734212bccb26288d42a672c965d40e80d0e1908f04425a60a08241378ec7ff88315de073b64c5f9647e51732be34988e0948f12e6c560bedbece811bca501d4389dbfe20e4df5160cd7324c0670c7b3e8980b061e31b1c8461d6f7a63f9e9fd24326924c076e01631a0b9703a6106accfaa064075fa1f16e16c5171b6a324e8642b2ab76618b824110c312ab12d9f65d6a980634a6a7cba8bf89e01a91259f446232476a1c490982636b78d1300befab1a2f6e8261e07336c5692db37bb7d3cebf4a942b62f2fa6cceb7e488aa02b2e52c6f82bd3792845fff41cce52e0469d14821ce11491864860c11421a92dae3152eb23106a0c679d2b1f0a9809b56abdcf893f9531508f24e64ec911fd8e8b3c8fd2291f1a7b910222c38533d4caadac9acd194be7e53549c1719bdf668887a0e19db83b5356f8f7d93cbef1ef3505dcc40d0d2a02a2745ab518979b9c3774babfe8e70ead767c7a00289b8cc6e51d1a957548270cb3f5064961a88f61b34f9442d78ae5a8551713f9afb4269d689f9adb6b4a902a637184f7f899efe9fa0ddb45cd1076c4eeeda51ca8dc20dcfc9cc5f56768073b3f4c2c9f543324a4fd0b8bc7b95e232bf85bf222394fa4336ab4007d7ad2dc85afa6eb79ad2624c4be6c674ee98fce9a51786b7cc2b5044de114d36d2690e13bcedf96590c7d5aeb8040b74c4d6a5aa38a7c1f0857522f4f968795056b9a7034dc3444784f9486b575e44dec3216d72845500e63297d7197961e7e593ea3411001d1d47ba42d70e7af8e91246c02d7e37ff0eb60abebc37dd00315b4fbb09e77a6b5f7e8441818ebcfafecf622731f1db8a11fa2de8e30d808bedbfee104b3b1100f5094675521da07dd2a28be7e486b325a0f0e6d75116be1bbc2aa20deb64a6e4e7b824b12d009e6f1802f5a8e31559b125d71d00a5684fbde4668f5af1eb4ca04fa7c4ef4d2a194b0856e007"}}}}}}, &(0x7f0000001780))
sendto$inet6(r1, &(0x7f00000000c0), 0x0, 0x0, &(0x7f00000001c0)={0xa, 0x4e20}, 0x1c)
getsockopt$netrom_NETROM_T4(r0, 0x103, 0x6, &(0x7f0000000380)=0xffff, &(0x7f00000003c0)=0x4)
recvfrom$inet6(r1, &(0x7f00000000c0)=""/191, 0x1457, 0x0, 0x0, 0x0)
ioctl$KDSETMODE(0xffffffffffffffff, 0x4b3a, 0x0)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f00000000c0))
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup\x00', 0x200002, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x7, &(0x7f0000000180)=0x7, 0x4)

2018/04/06 10:22:38 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000600)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = mmap$binder(&(0x7f000000c000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0)
sendmsg$alg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000000c0)}], 0x1, &(0x7f0000000fc0)=ANY=[], 0x0, 0x20000000}, 0x4000)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11624840"], 0x0, 0x0, &(0x7f0000011f9d)})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000f80)={0x18, 0x0, &(0x7f0000000d40)=[@free_buffer={0x40086303, r1}, @free_buffer={0x40086303, r1}], 0x0, 0x0, &(0x7f0000000e80)})
pipe(&(0x7f0000000280)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
accept4$packet(0xffffffffffffff9c, &(0x7f00000003c0)={0x0, 0x0, <r4=>0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000000400)=0x14, 0x800)
ioctl$TIOCGSID(r3, 0x5429, &(0x7f00000000c0))
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xb, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000005200000000000000040000001800f9ff06000000200000000700000018170000"], &(0x7f0000000340)='GPL\x00', 0xffff, 0x19, &(0x7f0000000380)=""/25, 0x41f00, 0x1, [], r4}, 0x48)
r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cuse\x00', 0x0, 0x0)
ioctl$TIOCLINUX5(r5, 0x541c, &(0x7f0000000200)={0x5, 0x3, 0xffffffffffffffe1, 0x4})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r5, 0x4010ae68, &(0x7f0000000240)={0x5000, 0x10000})
ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0xd000)
set_mempolicy(0x3, &(0x7f0000000080)=0x1000000008076db, 0xff)
r6 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/enforce\x00', 0x4041, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r2, 0x84, 0x70, &(0x7f0000000640)={<r7=>0x0, @in6={{0xa, 0x4e21, 0x4, @ipv4={[], [0xff, 0xff], @loopback=0x7f000001}, 0x5e}}, [0x8ec9, 0x8, 0xffffffff, 0xbc0, 0xcc34, 0x4, 0x7, 0x4, 0x4c05, 0x0, 0x100000000, 0x8, 0x80000001, 0xa2b0]}, &(0x7f0000000140)=0x100)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000740)={r7, @in6={{0xa, 0x4e20, 0xf61, @remote={0xfe, 0x80, [], 0xbb}, 0x400}}, 0x9, 0x9, 0x24e7, 0xffffffffffffffae, 0x2}, &(0x7f0000000180)=0x98)
pwrite64(r6, &(0x7f0000000400), 0xfffffffffffffcdc, 0x0)

2018/04/06 10:22:38 executing program 2:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x23, &(0x7f0000000200)=0x9, 0xfffffffffffffd02)
getsockopt$sock_int(r0, 0x1, 0x1d, &(0x7f0000000000), &(0x7f0000000040)=0x4)

2018/04/06 10:22:38 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4)
io_setup(0x8000000007, &(0x7f0000000140)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000100)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000200)='0', 0x1}])

2018/04/06 10:22:38 executing program 1:
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f000000d000)={0xa, 0x4e20}, 0x1c)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0xb}, 0x7a)
syz_emit_ethernet(0x3e, &(0x7f00000001c0)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, [], {@ipv6={0x86dd, {0x0, 0x6, "50a09c", 0x8, 0xffffff11, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @local={0xfe, 0x80, [], 0xaa}, {[], @udp={0x0, 0x4e20, 0x8}}}}}}, &(0x7f0000000040))
syz_emit_ethernet(0x3e, &(0x7f00000001c0)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "50a09c", 0x8, 0xffffff11, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @local={0xfe, 0x80, [], 0xaa}, {[], @udp={0x0, 0x4e20, 0x8}}}}}}, &(0x7f0000000040))

2018/04/06 10:22:38 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000400)={0x2, 0x0, [{0x1, 0x0, 0x0, 0xb0}, {0x7, 0x0, 0x0, 0x7ff}]})

2018/04/06 10:22:38 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000040), 0x3)

2018/04/06 10:22:38 executing program 5:
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket(0x1e, 0x80001, 0x0)
connect$ax25(r0, &(0x7f00001c1ff0)={0x1e, {"03491f0800"}}, 0x10)

[   53.724391] binder: 6172:6179 unknown command 1078485521
[   53.740315] binder: 6172:6179 ioctl c0306201 20000040 returned -22
2018/04/06 10:22:38 executing program 4:
r0 = syz_open_dev$sndseq(&(0x7f0000783000)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0xc0605345, &(0x7f0000000280)={0x81})

[   53.790244] binder: 6172:6179 BC_FREE_BUFFER u000000002000c000 no match
2018/04/06 10:22:38 executing program 6:
mkdir(&(0x7f00000001c0)='./file0\x00', 0x0)
mount(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f000001bff4)='./file0\x00', 0x0, 0x0)
unlinkat(r0, &(0x7f0000000080)='./file0\x00', 0x200)

2018/04/06 10:22:38 executing program 7:
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000982ff9)='mqueue\x00', 0x0, &(0x7f0000000080))
rmdir(&(0x7f0000000140)='./file0\x00')
r0 = syz_open_dev$vcsn(&(0x7f0000000340)='/dev/vcs#\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x0, 0x7, &(0x7f0000000100)=ANY=[@ANYBLOB="ffff00070000000020000000000000009500000000000000e70627b90a771e17ec30b3975cd2aaffffdd890000000000000000000000f00000"], &(0x7f0000000080)='GPL\x00', 0x0, 0xb2, &(0x7f0000000200)=""/178}, 0x48)
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
syz_emit_ethernet(0x437, &(0x7f0000000700)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@ipv6={0x86dd, {0x0, 0x6, "c22df7", 0x401, 0x11, 0x0, @dev={0xfe, 0x80}, @local={0xfe, 0x80, [], 0xaa}, {[], @dccp={{0x0, 0x4e20, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}, "2b00b32def4f1142b6793bb530f9b20e90aa25d5c2b9431efd840a07c1922833b2c789aefbbaee9f63cbab38a8acfb8dba0595ecb683e74ea2bc44a7aee9c52e18ca01c06a5c354712b8b1ff75f45ba55a3487c83849023d37e037d2d3e3e842e9ba099e9ed8775d1173d8e78335aa65d58f54c1d78d4fce897cfefa24b7f268f90be76c7f4e1bfe4d84a869353e931c3732afea55697618a1318ecb657b34172b93fd59d7988d43630cf81e976a0ea01fd8b2547ab593bc605c985f56664b84ed3c9f90ffb666e030c794e2d2d5070af38d83dc275da88cfe6910b2ded59f6c418af5d247237eceb14857c1d7c3ee32e729d9793040f8f4e432eb875a89fe31cbed117f0e76643797169fba3dac3f377d145ce97980ba626da7a279e698a9e040a22d63c535f0ee06adb59e9e06ad7295e6601f3a5fe9b581975993c6c775734212bccb26288d42a672c965d40e80d0e1908f04425a60a08241378ec7ff88315de073b64c5f9647e51732be34988e0948f12e6c560bedbece811bca501d4389dbfe20e4df5160cd7324c0670c7b3e8980b061e31b1c8461d6f7a63f9e9fd24326924c076e01631a0b9703a6106accfaa064075fa1f16e16c5171b6a324e8642b2ab76618b824110c312ab12d9f65d6a980634a6a7cba8bf89e01a91259f446232476a1c490982636b78d1300befab1a2f6e8261e07336c5692db37bb7d3cebf4a942b62f2fa6cceb7e488aa02b2e52c6f82bd3792845fff41cce52e0469d14821ce11491864860c11421a92dae3152eb23106a0c679d2b1f0a9809b56abdcf893f9531508f24e64ec911fd8e8b3c8fd2291f1a7b910222c38533d4caadac9acd194be7e53549c1719bdf668887a0e19db83b5356f8f7d93cbef1ef3505dcc40d0d2a02a2745ab518979b9c3774babfe8e70ead767c7a00289b8cc6e51d1a957548270cb3f5064961a88f61b34f9442d78ae5a8551713f9afb4269d689f9adb6b4a902a637184f7f899efe9fa0ddb45cd1076c4eeeda51ca8dc20dcfc9cc5f56768073b3f4c2c9f543324a4fd0b8bc7b95e232bf85bf222394fa4336ab4007d7ad2dc85afa6eb79ad2624c4be6c674ee98fce9a51786b7cc2b5044de114d36d2690e13bcedf96590c7d5aeb8040b74c4d6a5aa38a7c1f0857522f4f968795056b9a7034dc3444784f9486b575e44dec3216d72845500e63297d7197961e7e593ea3411001d1d47ba42d70e7af8e91246c02d7e37ff0eb60abebc37dd00315b4fbb09e77a6b5f7e8441818ebcfafecf622731f1db8a11fa2de8e30d808bedbfee104b3b1100f5094675521da07dd2a28be7e486b325a0f0e6d75116be1bbc2aa20deb64a6e4e7b824b12d009e6f1802f5a8e31559b125d71d00a5684fbde4668f5af1eb4ca04fa7c4ef4d2a194b0856e007"}}}}}}, &(0x7f0000001780))
sendto$inet6(r1, &(0x7f00000000c0), 0x0, 0x0, &(0x7f00000001c0)={0xa, 0x4e20}, 0x1c)
getsockopt$netrom_NETROM_T4(r0, 0x103, 0x6, &(0x7f0000000380)=0xffff, &(0x7f00000003c0)=0x4)
recvfrom$inet6(r1, &(0x7f00000000c0)=""/191, 0x1457, 0x0, 0x0, 0x0)
ioctl$KDSETMODE(0xffffffffffffffff, 0x4b3a, 0x0)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f00000000c0))
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup\x00', 0x200002, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x7, &(0x7f0000000180)=0x7, 0x4)

2018/04/06 10:22:38 executing program 0:
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d05000000000000000010400000000000000002000000000000000000000000000000000000000000000080020000000000700000000000000600000000000000010000000000000000100000001000000010000000100000610000000400000000000000000000000000000000000000000000004501000000000000000000000001", 0xca, 0x10000}], 0x0, &(0x7f0000014300))

[   53.831310] binder: 6172:6179 BC_FREE_BUFFER u000000002000c000 no match
2018/04/06 10:22:38 executing program 4:
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000e2d000)='/dev/vhost-net\x00', 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000e4e000)=0x200000000)
write$vnet(r0, &(0x7f0000000200)={0x1, {&(0x7f0000000000)=""/230, 0xe6, &(0x7f0000000100)=""/247, 0x0, 0x2}}, 0x68)

2018/04/06 10:22:38 executing program 1:
socket$l2tp(0x18, 0x1, 0x1)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000007c0)={&(0x7f0000000100)={0x10}, 0xc, &(0x7f0000000180)={&(0x7f00000003c0)=@newlink={0x2c, 0x10, 0x29, 0x0, 0x0, {}, [@IFLA_VF_PORTS={0x4, 0x18}, @IFLA_GROUP={0x8, 0x1b}]}, 0x2c}, 0x1}, 0x0)

[   53.971789] BTRFS: device fsid ecf6f2a3-2997-48ae-b81e-1b00920efd9a devid 1 transid 5 /dev/loop0
[   53.988131] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   54.052893] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
2018/04/06 10:22:38 executing program 6:
syz_emit_ethernet(0x315, &(0x7f0000000000)={@remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, @random="c708eefcb944", [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x307, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @loopback=0x7f000001}, @gre={{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x880b}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd}, {0x8, 0x88be, 0x0, {{0x0, 0x1}, 0x1}}, {0x8, 0x22eb, 0x0, {{0x0, 0x2}, 0x2}}, {0x8, 0x6558, 0x0, "527468f7f5a6579c03dab14dd5d552ae2086430654cef986be7a79aef4fc19453c03e7ce990d757bbfbe2b541252724da622839c45c99c1abab81113fda94cb333077cdc3f62e0b19d856945a365f712bcfac8df851ed69d8549a960282f33b2eea745ff692700374ceaaa193045e5a1618b832ab6938d556f1248dfb3a8c89495fc2525c074532b478463ce2ca7e2deba24bd69c29119a27d60e84f9f2833b9d1495d5dfe343ca5527eb821e2b7a3705a5aec5f07f859419e64b552d7451a53f5a70cad145cf3e382b7b3997715d1dcf67efd1d4a4a8cd104caffeb3b15ea9b6f2dd73e3f5dd5792f84e35c945f2ef98e39acb6df1083c90f1d1a1e36a092c1d12e7187a990ee9e1d1b0aa1a77fa220cc7a29db7195fe0faf9fbe50eee67617f168499f1fe504b95df0c4158a8115a8eb96b693f6759163db5a03a58831530cb854d7c8e0eb1e3026e7ed3fb7bc03daf23af4cf244dc4f6992641e1e36898baed96914aed03bb0b878b09aff8e8baae9d93ae7557946a90212263883956945953257231f3f298c4bcb28ae778d87e4207adb42506d0e7b310ccaccad878c22782563cb606ca24203aa8105458953668853ba287dc5453ccdf4379b67d0937e05d00cfa5dd45f67ef85e01f080cd502a52a2728dd4228aaf7aee0395297d9626dc07004a21a58ac88bb0ed8364ebe8454116dedae6640225d227884a4b5e2b9a5d1c8758035f00c9a14cada8f8d99b1036c6742c92ec999fb99fc0642e92baacc6681deb839a8082af8ce55c2e8f1b720464d67d929a6729aedb16b8cda468d96faaa62b7aba4b550355b6c45d19a2790def0d4a67908f2943ae0bd5eb0a3d564e5b31ea767be9c8d14a7417b73517b841309ce618e78a7a85013afdac112df7b184624782cd0f2a4f4c7776daaca43b7cd7c2b8fa8f0c537dcdc58790c48bb249838af487e782853979114f30cf8a"}}}}}}, &(0x7f0000001280))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000300)=@pic={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x7fff})

2018/04/06 10:22:38 executing program 2:
r0 = add_key(&(0x7f0000016ff8)='keyring\x00', &(0x7f000000b000)={0x73, 0x79, 0x7a, 0x0}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$setperm(0x5, r0, 0x80004)
keyctl$join(0x1, &(0x7f0000019ffb)={0x73, 0x79, 0x7a, 0x0})
keyctl$join(0x1, &(0x7f0000017000)={0x73, 0x79, 0x7a, 0x0})

2018/04/06 10:22:38 executing program 5:
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket(0x1e, 0x80001, 0x0)
connect$ax25(r0, &(0x7f00001c1ff0)={0x1e, {"03491f0800"}}, 0x10)

2018/04/06 10:22:38 executing program 7:
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000982ff9)='mqueue\x00', 0x0, &(0x7f0000000080))
rmdir(&(0x7f0000000140)='./file0\x00')
r0 = syz_open_dev$vcsn(&(0x7f0000000340)='/dev/vcs#\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x0, 0x7, &(0x7f0000000100)=ANY=[@ANYBLOB="ffff00070000000020000000000000009500000000000000e70627b90a771e17ec30b3975cd2aaffffdd890000000000000000000000f00000"], &(0x7f0000000080)='GPL\x00', 0x0, 0xb2, &(0x7f0000000200)=""/178}, 0x48)
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
syz_emit_ethernet(0x437, &(0x7f0000000700)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@ipv6={0x86dd, {0x0, 0x6, "c22df7", 0x401, 0x11, 0x0, @dev={0xfe, 0x80}, @local={0xfe, 0x80, [], 0xaa}, {[], @dccp={{0x0, 0x4e20, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}, "2b00b32def4f1142b6793bb530f9b20e90aa25d5c2b9431efd840a07c1922833b2c789aefbbaee9f63cbab38a8acfb8dba0595ecb683e74ea2bc44a7aee9c52e18ca01c06a5c354712b8b1ff75f45ba55a3487c83849023d37e037d2d3e3e842e9ba099e9ed8775d1173d8e78335aa65d58f54c1d78d4fce897cfefa24b7f268f90be76c7f4e1bfe4d84a869353e931c3732afea55697618a1318ecb657b34172b93fd59d7988d43630cf81e976a0ea01fd8b2547ab593bc605c985f56664b84ed3c9f90ffb666e030c794e2d2d5070af38d83dc275da88cfe6910b2ded59f6c418af5d247237eceb14857c1d7c3ee32e729d9793040f8f4e432eb875a89fe31cbed117f0e76643797169fba3dac3f377d145ce97980ba626da7a279e698a9e040a22d63c535f0ee06adb59e9e06ad7295e6601f3a5fe9b581975993c6c775734212bccb26288d42a672c965d40e80d0e1908f04425a60a08241378ec7ff88315de073b64c5f9647e51732be34988e0948f12e6c560bedbece811bca501d4389dbfe20e4df5160cd7324c0670c7b3e8980b061e31b1c8461d6f7a63f9e9fd24326924c076e01631a0b9703a6106accfaa064075fa1f16e16c5171b6a324e8642b2ab76618b824110c312ab12d9f65d6a980634a6a7cba8bf89e01a91259f446232476a1c490982636b78d1300befab1a2f6e8261e07336c5692db37bb7d3cebf4a942b62f2fa6cceb7e488aa02b2e52c6f82bd3792845fff41cce52e0469d14821ce11491864860c11421a92dae3152eb23106a0c679d2b1f0a9809b56abdcf893f9531508f24e64ec911fd8e8b3c8fd2291f1a7b910222c38533d4caadac9acd194be7e53549c1719bdf668887a0e19db83b5356f8f7d93cbef1ef3505dcc40d0d2a02a2745ab518979b9c3774babfe8e70ead767c7a00289b8cc6e51d1a957548270cb3f5064961a88f61b34f9442d78ae5a8551713f9afb4269d689f9adb6b4a902a637184f7f899efe9fa0ddb45cd1076c4eeeda51ca8dc20dcfc9cc5f56768073b3f4c2c9f543324a4fd0b8bc7b95e232bf85bf222394fa4336ab4007d7ad2dc85afa6eb79ad2624c4be6c674ee98fce9a51786b7cc2b5044de114d36d2690e13bcedf96590c7d5aeb8040b74c4d6a5aa38a7c1f0857522f4f968795056b9a7034dc3444784f9486b575e44dec3216d72845500e63297d7197961e7e593ea3411001d1d47ba42d70e7af8e91246c02d7e37ff0eb60abebc37dd00315b4fbb09e77a6b5f7e8441818ebcfafecf622731f1db8a11fa2de8e30d808bedbfee104b3b1100f5094675521da07dd2a28be7e486b325a0f0e6d75116be1bbc2aa20deb64a6e4e7b824b12d009e6f1802f5a8e31559b125d71d00a5684fbde4668f5af1eb4ca04fa7c4ef4d2a194b0856e007"}}}}}}, &(0x7f0000001780))
sendto$inet6(r1, &(0x7f00000000c0), 0x0, 0x0, &(0x7f00000001c0)={0xa, 0x4e20}, 0x1c)
getsockopt$netrom_NETROM_T4(r0, 0x103, 0x6, &(0x7f0000000380)=0xffff, &(0x7f00000003c0)=0x4)
recvfrom$inet6(r1, &(0x7f00000000c0)=""/191, 0x1457, 0x0, 0x0, 0x0)
ioctl$KDSETMODE(0xffffffffffffffff, 0x4b3a, 0x0)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f00000000c0))
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup\x00', 0x200002, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x7, &(0x7f0000000180)=0x7, 0x4)

2018/04/06 10:22:39 executing program 0:
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d05000000000000000010400000000000000002000000000000000000000000000000000000000000000080020000000000700000000000000600000000000000010000000000000000100000001000000010000000100000610000000400000000000000000000000000000000000000000000004501000000000000000000000001", 0xca, 0x10000}], 0x0, &(0x7f0000014300))

2018/04/06 10:22:39 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000600)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = mmap$binder(&(0x7f000000c000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0)
sendmsg$alg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000000c0)}], 0x1, &(0x7f0000000fc0)=ANY=[], 0x0, 0x20000000}, 0x4000)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11624840"], 0x0, 0x0, &(0x7f0000011f9d)})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000f80)={0x18, 0x0, &(0x7f0000000d40)=[@free_buffer={0x40086303, r1}, @free_buffer={0x40086303, r1}], 0x0, 0x0, &(0x7f0000000e80)})
pipe(&(0x7f0000000280)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
accept4$packet(0xffffffffffffff9c, &(0x7f00000003c0)={0x0, 0x0, <r4=>0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000000400)=0x14, 0x800)
ioctl$TIOCGSID(r3, 0x5429, &(0x7f00000000c0))
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xb, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000005200000000000000040000001800f9ff06000000200000000700000018170000"], &(0x7f0000000340)='GPL\x00', 0xffff, 0x19, &(0x7f0000000380)=""/25, 0x41f00, 0x1, [], r4}, 0x48)
r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cuse\x00', 0x0, 0x0)
ioctl$TIOCLINUX5(r5, 0x541c, &(0x7f0000000200)={0x5, 0x3, 0xffffffffffffffe1, 0x4})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r5, 0x4010ae68, &(0x7f0000000240)={0x5000, 0x10000})
ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0xd000)
set_mempolicy(0x3, &(0x7f0000000080)=0x1000000008076db, 0xff)
r6 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/enforce\x00', 0x4041, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r2, 0x84, 0x70, &(0x7f0000000640)={<r7=>0x0, @in6={{0xa, 0x4e21, 0x4, @ipv4={[], [0xff, 0xff], @loopback=0x7f000001}, 0x5e}}, [0x8ec9, 0x8, 0xffffffff, 0xbc0, 0xcc34, 0x4, 0x7, 0x4, 0x4c05, 0x0, 0x100000000, 0x8, 0x80000001, 0xa2b0]}, &(0x7f0000000140)=0x100)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000740)={r7, @in6={{0xa, 0x4e20, 0xf61, @remote={0xfe, 0x80, [], 0xbb}, 0x400}}, 0x9, 0x9, 0x24e7, 0xffffffffffffffae, 0x2}, &(0x7f0000000180)=0x98)
pwrite64(r6, &(0x7f0000000400), 0xfffffffffffffcdc, 0x0)

2018/04/06 10:22:39 executing program 4:
r0 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r0, &(0x7f0000000180)={0x18, 0x2, {0x0, @local={0xac, 0x14, 0x14, 0xaa}}}, 0x20)
connect$pptp(r0, &(0x7f0000000080)={0x18, 0x2, {0x0, @local={0xac, 0x14, 0x14, 0xaa}}}, 0x1e)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='vcan0\x00', 0x10)

2018/04/06 10:22:39 executing program 1:
r0 = signalfd(0xffffffffffffffff, &(0x7f00007b5000), 0x8)
mkdir(&(0x7f00007b7000)='./control\x00', 0x0)
r1 = signalfd(0xffffffffffffffff, &(0x7f00007b6ff8)={0x4}, 0x8)
r2 = inotify_init1(0x0)
fcntl$setstatus(r2, 0x4, 0x72109c5fef5d34d3)
r3 = gettid()
fcntl$setown(r2, 0x8, r3)
readv(r1, &(0x7f000008bfe0)=[{&(0x7f0000525000)=""/216, 0xd8}], 0x1)
r4 = dup2(r2, r0)
fcntl$setsig(r2, 0xa, 0x3)
r5 = inotify_add_watch(r2, &(0x7f00007b4ff6)='./control\x00', 0x2000000)
inotify_rm_watch(r4, r5)

[   54.184077] binder: 6231:6233 unknown command 1078485521
[   54.219171] binder: 6231:6233 ioctl c0306201 20000040 returned -22
2018/04/06 10:22:39 executing program 2:
r0 = add_key(&(0x7f0000016ff8)='keyring\x00', &(0x7f000000b000)={0x73, 0x79, 0x7a, 0x0}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$setperm(0x5, r0, 0x80004)
keyctl$join(0x1, &(0x7f0000019ffb)={0x73, 0x79, 0x7a, 0x0})
keyctl$join(0x1, &(0x7f0000017000)={0x73, 0x79, 0x7a, 0x0})

2018/04/06 10:22:39 executing program 5:
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket(0x1e, 0x80001, 0x0)
connect$ax25(r0, &(0x7f00001c1ff0)={0x1e, {"03491f0800"}}, 0x10)

2018/04/06 10:22:39 executing program 7:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TCSETA(r0, 0x802c542a, &(0x7f0000fe7fec))

2018/04/06 10:22:39 executing program 0:
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d05000000000000000010400000000000000002000000000000000000000000000000000000000000000080020000000000700000000000000600000000000000010000000000000000100000001000000010000000100000610000000400000000000000000000000000000000000000000000004501000000000000000000000001", 0xca, 0x10000}], 0x0, &(0x7f0000014300))

[   54.233454] dst_release: dst:000000005f48aff5 refcnt:-1
[   54.243108] binder: 6231:6233 BC_FREE_BUFFER u000000002000c000 no match
[   54.270948] binder: 6231:6233 BC_FREE_BUFFER u000000002000c000 no match
2018/04/06 10:22:39 executing program 6:
syz_emit_ethernet(0x315, &(0x7f0000000000)={@remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, @random="c708eefcb944", [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x307, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @loopback=0x7f000001}, @gre={{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x880b}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd}, {0x8, 0x88be, 0x0, {{0x0, 0x1}, 0x1}}, {0x8, 0x22eb, 0x0, {{0x0, 0x2}, 0x2}}, {0x8, 0x6558, 0x0, "527468f7f5a6579c03dab14dd5d552ae2086430654cef986be7a79aef4fc19453c03e7ce990d757bbfbe2b541252724da622839c45c99c1abab81113fda94cb333077cdc3f62e0b19d856945a365f712bcfac8df851ed69d8549a960282f33b2eea745ff692700374ceaaa193045e5a1618b832ab6938d556f1248dfb3a8c89495fc2525c074532b478463ce2ca7e2deba24bd69c29119a27d60e84f9f2833b9d1495d5dfe343ca5527eb821e2b7a3705a5aec5f07f859419e64b552d7451a53f5a70cad145cf3e382b7b3997715d1dcf67efd1d4a4a8cd104caffeb3b15ea9b6f2dd73e3f5dd5792f84e35c945f2ef98e39acb6df1083c90f1d1a1e36a092c1d12e7187a990ee9e1d1b0aa1a77fa220cc7a29db7195fe0faf9fbe50eee67617f168499f1fe504b95df0c4158a8115a8eb96b693f6759163db5a03a58831530cb854d7c8e0eb1e3026e7ed3fb7bc03daf23af4cf244dc4f6992641e1e36898baed96914aed03bb0b878b09aff8e8baae9d93ae7557946a90212263883956945953257231f3f298c4bcb28ae778d87e4207adb42506d0e7b310ccaccad878c22782563cb606ca24203aa8105458953668853ba287dc5453ccdf4379b67d0937e05d00cfa5dd45f67ef85e01f080cd502a52a2728dd4228aaf7aee0395297d9626dc07004a21a58ac88bb0ed8364ebe8454116dedae6640225d227884a4b5e2b9a5d1c8758035f00c9a14cada8f8d99b1036c6742c92ec999fb99fc0642e92baacc6681deb839a8082af8ce55c2e8f1b720464d67d929a6729aedb16b8cda468d96faaa62b7aba4b550355b6c45d19a2790def0d4a67908f2943ae0bd5eb0a3d564e5b31ea767be9c8d14a7417b73517b841309ce618e78a7a85013afdac112df7b184624782cd0f2a4f4c7776daaca43b7cd7c2b8fa8f0c537dcdc58790c48bb249838af487e782853979114f30cf8a"}}}}}}, &(0x7f0000001280))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000300)=@pic={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x7fff})

2018/04/06 10:22:39 executing program 4:
r0 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r0, &(0x7f0000000180)={0x18, 0x2, {0x0, @local={0xac, 0x14, 0x14, 0xaa}}}, 0x20)
connect$pptp(r0, &(0x7f0000000080)={0x18, 0x2, {0x0, @local={0xac, 0x14, 0x14, 0xaa}}}, 0x1e)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='vcan0\x00', 0x10)

2018/04/06 10:22:39 executing program 5:
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket(0x1e, 0x80001, 0x0)
connect$ax25(r0, &(0x7f00001c1ff0)={0x1e, {"03491f0800"}}, 0x10)

2018/04/06 10:22:39 executing program 2:
r0 = add_key(&(0x7f0000016ff8)='keyring\x00', &(0x7f000000b000)={0x73, 0x79, 0x7a, 0x0}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$setperm(0x5, r0, 0x80004)
keyctl$join(0x1, &(0x7f0000019ffb)={0x73, 0x79, 0x7a, 0x0})
keyctl$join(0x1, &(0x7f0000017000)={0x73, 0x79, 0x7a, 0x0})

2018/04/06 10:22:39 executing program 7:
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
futex(&(0x7f0000000100), 0x5, 0x0, &(0x7f0000000200)={0x0, 0x989680}, &(0x7f00000001c0), 0x0)

[   54.430069] ==================================================================
[   54.437595] BUG: KASAN: use-after-free in dst_release+0x27/0xa0
[   54.443651] Write of size 4 at addr ffff8801c8ebc940 by task syz-executor4/6272
[   54.451085] 
[   54.452708] CPU: 1 PID: 6272 Comm: syz-executor4 Not tainted 4.16.0+ #288
[   54.459631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   54.468977] Call Trace:
[   54.471563]  dump_stack+0x1a7/0x27d
[   54.475196]  ? arch_local_irq_restore+0x53/0x53
[   54.479859]  ? show_regs_print_info+0x18/0x18
[   54.484341]  ? kasan_check_write+0x14/0x20
[   54.488551]  ? dst_release+0x27/0xa0
[   54.492245]  print_address_description+0x73/0x250
[   54.497061]  ? dst_release+0x27/0xa0
[   54.500753]  kasan_report+0x23c/0x360
[   54.504532]  check_memory_region+0x137/0x190
[   54.508916]  kasan_check_write+0x14/0x20
[   54.512953]  dst_release+0x27/0xa0
[   54.516472]  sock_setsockopt+0x431/0x1b20
[   54.520601]  ? sock_enable_timestamp+0xb0/0xb0
[   54.525164]  ? rcu_is_watching+0x85/0x130
[   54.529286]  ? rcu_report_exp_cpu_mult+0x480/0x480
[   54.534197]  ? __fget+0x370/0x580
[   54.537631]  ? iterate_fd+0x3f0/0x3f0
[   54.541422]  ? kasan_check_write+0x14/0x20
[   54.545633]  ? fput+0xe0/0x150
[   54.548806]  ? __sys_bind+0x290/0x410
[   54.552584]  ? SyS_accept+0x30/0x30
[   54.556195]  ? security_socket_setsockopt+0x89/0xb0
[   54.561194]  __compat_sys_setsockopt+0x37d/0x710
[   54.565927]  ? __compat_sys_getsockopt+0x770/0x770
[   54.570843]  ? compat_SyS_get_robust_list+0x300/0x300
[   54.576010]  ? move_addr_to_kernel+0x60/0x60
[   54.580400]  ? kasan_check_write+0x14/0x20
[   54.584611]  ? fput+0xe0/0x150
[   54.587786]  ? compat_SyS_ioctl+0x77/0x2a30
[   54.592087]  compat_SyS_setsockopt+0x34/0x50
[   54.596469]  ? scm_detach_fds_compat+0x3d0/0x3d0
[   54.601203]  do_fast_syscall_32+0x3ec/0xf9f
[   54.605508]  ? do_int80_syscall_32+0x9c0/0x9c0
[   54.610071]  ? finish_task_switch+0x1b9/0x970
[   54.614537]  ? finish_task_switch+0x17a/0x970
[   54.619017]  ? syscall_return_slowpath+0x2ac/0x550
[   54.623923]  ? prepare_exit_to_usermode+0x350/0x350
[   54.628919]  ? sysret32_from_system_call+0x5/0x3c
[   54.633738]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   54.638559]  entry_SYSENTER_compat+0x70/0x7f
[   54.642944] RIP: 0023:0xf7f71c99
[   54.646281] RSP: 002b:00000000f5f6d0ac EFLAGS: 00000282 ORIG_RAX: 000000000000016e
[   54.653966] RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 0000000000000001
[   54.661208] RDX: 0000000000000019 RSI: 0000000020000000 RDI: 0000000000000010
[   54.668451] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   54.675695] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   54.682944] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   54.690199] 
[   54.691802] Allocated by task 6272:
[   54.695404]  save_stack+0x43/0xd0
[   54.698829]  kasan_kmalloc+0xad/0xe0
[   54.702517]  kasan_slab_alloc+0x12/0x20
[   54.706465]  kmem_cache_alloc+0x12e/0x760
[   54.710587]  dst_alloc+0x11f/0x1a0
[   54.714104]  rt_dst_alloc+0xe9/0x540
[   54.717792]  ip_route_output_key_hash_rcu+0xa49/0x2c60
[   54.723045]  ip_route_output_key_hash+0x20b/0x370
[   54.727859]  ip_route_output_flow+0x26/0xa0
[   54.732158]  pptp_connect+0xa84/0x1170
[   54.736024]  __sys_connect+0x213/0x4a0
[   54.739883]  SyS_connect+0x24/0x30
[   54.743396]  do_fast_syscall_32+0x3ec/0xf9f
[   54.747691]  entry_SYSENTER_compat+0x70/0x7f
[   54.752069] 
[   54.753669] Freed by task 5835:
[   54.756924]  save_stack+0x43/0xd0
[   54.760353]  __kasan_slab_free+0x11a/0x170
[   54.764562]  kasan_slab_free+0xe/0x10
[   54.768336]  kmem_cache_free+0x83/0x2a0
[   54.772288]  dst_destroy+0x266/0x380
[   54.775975]  dst_destroy_rcu+0x16/0x20
[   54.779838]  rcu_process_callbacks+0xd6c/0x17b0
[   54.784483]  __do_softirq+0x2d7/0xb85
[   54.788258] 
[   54.789860] The buggy address belongs to the object at ffff8801c8ebc900
[   54.789860]  which belongs to the cache ip_dst_cache of size 168
[   54.803036] The buggy address is located 64 bytes inside of
[   54.803036]  168-byte region [ffff8801c8ebc900, ffff8801c8ebc9a8)
[   54.814797] The buggy address belongs to the page:
[   54.819702] page:ffffea000723af00 count:1 mapcount:0 mapping:ffff8801c8ebc000 index:0x0
[   54.827818] flags: 0x2fffc0000000100(slab)
[   54.832030] raw: 02fffc0000000100 ffff8801c8ebc000 0000000000000000 0000000100000010
[   54.840153] raw: ffffea0006deb0a0 ffff8801d4e74748 ffff8801d4f01500 0000000000000000
[   54.848004] page dumped because: kasan: bad access detected
[   54.853687] 
[   54.855287] Memory state around the buggy address:
[   54.860192]  ffff8801c8ebc800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   54.867525]  ffff8801c8ebc880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   54.874856] >ffff8801c8ebc900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   54.882185]                                            ^
[   54.887608]  ffff8801c8ebc980: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
[   54.894939]  ffff8801c8ebca00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   54.902270] ==================================================================
[   54.909599] Disabling lock debugging due to kernel taint
[   54.915430] Kernel panic - not syncing: panic_on_warn set ...
[   54.915430] 
[   54.922785] CPU: 1 PID: 6272 Comm: syz-executor4 Tainted: G    B            4.16.0+ #288
[   54.931000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   54.940337] Call Trace:
[   54.942916]  dump_stack+0x1a7/0x27d
[   54.946540]  ? arch_local_irq_restore+0x53/0x53
[   54.951200]  ? kasan_end_report+0x32/0x50
[   54.955341]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   54.960090]  ? vsnprintf+0x1ed/0x1900
[   54.963885]  ? dst_alloc+0xe0/0x1a0
[   54.967504]  panic+0x1f8/0x42c
[   54.970689]  ? refcount_error_report+0x214/0x214
[   54.975439]  ? do_raw_spin_unlock+0x9e/0x310
[   54.979835]  ? do_raw_spin_unlock+0x9e/0x310
[   54.984235]  ? dst_release+0x27/0xa0
[   54.987942]  kasan_end_report+0x50/0x50
[   54.991908]  kasan_report+0x149/0x360
[   54.995690]  check_memory_region+0x137/0x190
[   55.000159]  kasan_check_write+0x14/0x20
[   55.004279]  dst_release+0x27/0xa0
[   55.007792]  sock_setsockopt+0x431/0x1b20
[   55.011915]  ? sock_enable_timestamp+0xb0/0xb0
[   55.016473]  ? rcu_is_watching+0x85/0x130
[   55.020596]  ? rcu_report_exp_cpu_mult+0x480/0x480
[   55.025501]  ? __fget+0x370/0x580
[   55.028931]  ? iterate_fd+0x3f0/0x3f0
[   55.032706]  ? kasan_check_write+0x14/0x20
[   55.036911]  ? fput+0xe0/0x150
[   55.040080]  ? __sys_bind+0x290/0x410
[   55.043856]  ? SyS_accept+0x30/0x30
[   55.047460]  ? security_socket_setsockopt+0x89/0xb0
[   55.052454]  __compat_sys_setsockopt+0x37d/0x710
[   55.057184]  ? __compat_sys_getsockopt+0x770/0x770
[   55.062090]  ? compat_SyS_get_robust_list+0x300/0x300
[   55.067249]  ? move_addr_to_kernel+0x60/0x60
[   55.071628]  ? kasan_check_write+0x14/0x20
[   55.075836]  ? fput+0xe0/0x150
[   55.079004]  ? compat_SyS_ioctl+0x77/0x2a30
[   55.083299]  compat_SyS_setsockopt+0x34/0x50
[   55.087681]  ? scm_detach_fds_compat+0x3d0/0x3d0
[   55.092410]  do_fast_syscall_32+0x3ec/0xf9f
[   55.096708]  ? do_int80_syscall_32+0x9c0/0x9c0
[   55.101265]  ? finish_task_switch+0x1b9/0x970
[   55.105734]  ? finish_task_switch+0x17a/0x970
[   55.110202]  ? syscall_return_slowpath+0x2ac/0x550
[   55.115107]  ? prepare_exit_to_usermode+0x350/0x350
[   55.120101]  ? sysret32_from_system_call+0x5/0x3c
[   55.124918]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   55.129737]  entry_SYSENTER_compat+0x70/0x7f
[   55.134119] RIP: 0023:0xf7f71c99
[   55.137459] RSP: 002b:00000000f5f6d0ac EFLAGS: 00000282 ORIG_RAX: 000000000000016e
[   55.145139] RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 0000000000000001
[   55.152380] RDX: 0000000000000019 RSI: 0000000020000000 RDI: 0000000000000010
[   55.159620] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   55.166861] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   55.174104] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   55.181765] Dumping ftrace buffer:
[   55.185278]    (ftrace buffer empty)
[   55.188958] Kernel Offset: disabled
[   55.192555] Rebooting in 86400 seconds..