000)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fffffff700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x1008, 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000000)='/dev/snd/midiC#D#\x00', 0x8ad, 0x2) r2 = getpgid(0x0) migrate_pages(r2, 0x6, &(0x7f0000000180)=0x276, &(0x7f00000001c0)=0xf92) ioctl$TTUNGETFILTER(r1, 0x801054db, &(0x7f00000000c0)=""/139) ioctl$TIOCLINUX7(r1, 0x541c, &(0x7f0000000200)={0x7, 0x3ff}) 2018/04/09 21:14:04 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:04 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x0) 2018/04/09 21:14:04 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x6304000000000000}, 0x0) 2018/04/09 21:14:04 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1, 0x0, 0x0, 0xfffffff5}, 0x0) 2018/04/09 21:14:04 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:04 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x7]}, 0x10) 2018/04/09 21:14:04 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x4000) ioctl$sock_ipx_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000140)={'tunl0\x00', {0x4, 0xff, 0x3ff, "8ef35218ffe1"}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2018/04/09 21:14:04 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) r0 = syz_open_dev$amidi(&(0x7f0000001180)='/dev/amidi#\x00', 0x3f, 0x202080) setsockopt$l2tp_PPPOL2TP_SO_LNSMODE(r0, 0x111, 0x4, 0x1, 0x4) 2018/04/09 21:14:04 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x2}, 0x0) 2018/04/09 21:14:04 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1, 0x0, 0x0, 0xe00}, 0x0) 2018/04/09 21:14:04 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:05 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x7280]}, 0x10) 2018/04/09 21:14:05 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0xf0ffffffffffff}, 0x0) 2018/04/09 21:14:05 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1, 0x0, 0x0, 0xffffffc0}, 0x0) 2018/04/09 21:14:05 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) sync() 2018/04/09 21:14:05 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:05 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x3ff, 0x400200) ioctl$DRM_IOCTL_ADD_MAP(r2, 0xc0286415, &(0x7f0000000140)={&(0x7f0000006000/0x3000)=nil, 0x0, 0x5, 0x50, &(0x7f000000c000/0x2000)=nil, 0x2}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) getsockopt$sock_buf(r2, 0x1, 0x3b, &(0x7f0000000240)=""/123, &(0x7f00000002c0)=0x7b) 2018/04/09 21:14:05 executing program 1: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/qat_adf_ctl\x00', 0x0, 0x0) r2 = gettid() r3 = getpgrp(0xffffffffffffffff) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vcs\x00', 0x200040, 0x0) kcmp(r2, r3, 0x7, r0, r4) ioctl$TIOCGPGRP(r1, 0x40096102, &(0x7f0000000100)) pivot_root(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00') 2018/04/09 21:14:05 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:05 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) semctl$GETVAL(0x0, 0x0, 0xc, &(0x7f0000000040)=""/17) sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f0000f36000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020200000a0000000000000000000000030006000000000002000000e0000001000000000000000002000100000000000000000200000000030005000000000002000000e000000100000000000000003a184e4b5ae6869d0f31574f439762626d29cf53284926ee9c9f26ec"], 0x50}, 0x1}, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x200, 0x10000) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f00000000c0)=[@in={0x2, 0x4e21, @local={0xac, 0x14, 0x14, 0xaa}}, @in={0x2, 0x4e21, @remote={0xac, 0x14, 0x14, 0xbb}}], 0x20) 2018/04/09 21:14:05 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x9effffff00000000}, 0x0) 2018/04/09 21:14:05 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x4002000000000000]}, 0x10) 2018/04/09 21:14:05 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:05 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1, 0x0, 0x0, 0x3a}, 0x0) 2018/04/09 21:14:06 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x8a07}, 0x0) 2018/04/09 21:14:06 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x10) 2018/04/09 21:14:06 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) sysfs$3(0x3) socketpair(0x15, 0x1, 0x200, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000140)={0x180a, 0x0, 0x2, 0x200}) ioctl$DRM_IOCTL_AGP_UNBIND(r1, 0x40106437, &(0x7f0000000240)={r2}) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x400000, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x200000, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_KVMCLOCK_CTRL(r4, 0xaead) 2018/04/09 21:14:06 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:06 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1, 0x0, 0x0, 0xa00000000000000}, 0x0) 2018/04/09 21:14:06 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x10040000, &(0x7f0000000100), &(0x7f0000000040), &(0x7f000029e000), &(0x7f00000000c0)) r0 = syz_open_dev$amidi(&(0x7f0000000140)='/dev/amidi#\x00', 0xc21d, 0x101000) ioctl$sock_SIOCADDDLCI(r0, 0x8980, &(0x7f00000000c0)={'nr0\x00', 0x8}) syz_open_dev$vcsn(&(0x7f0000000100)='/dev/vcs#\x00', 0xbb7, 0x101000) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000001c0)=r1, 0x4) syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0x6, 0x12c00) 2018/04/09 21:14:06 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x40030000000000}, 0x0) 2018/04/09 21:14:06 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:06 executing program 1: geteuid() r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000040)="390000001300090468fe000081000000e8ffff3f03000000450001070000001419001a0004000200070002000200000800005d14a4e91ee400", 0x39}], 0x1) 2018/04/09 21:14:06 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x20c]}, 0x10) 2018/04/09 21:14:06 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 450.575759] netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'. [ 450.584738] netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'. [ 450.601796] netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'. [ 450.610429] netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'. 2018/04/09 21:14:06 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x63040000}, 0x0) 2018/04/09 21:14:06 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x2002, 0x0) 2018/04/09 21:14:06 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1, 0x0, 0x0, 0xfeffffff00000000}, 0x0) 2018/04/09 21:14:06 executing program 1: r0 = socket$pppoe(0x18, 0x1, 0x0) r1 = getpid() r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x20800, 0x0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r2, 0xc0305302, &(0x7f0000000240)={0x4, 0x8, 0x847, 0x100, 0x7, 0x4}) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000040)={{{@in6=@local, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in=@multicast2}}, &(0x7f0000000140)=0xe8) fstat(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000200)={r1, r3, r4}, 0xc) mkdir(&(0x7f00000002c0)='./file0/file0\x00', 0x4) perf_event_open(&(0x7f000000a000)={0x1, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000496fff)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(&(0x7f00009f8000)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f00005f7ffb)='nfs4\x00', 0x0, &(0x7f000000a000)) 2018/04/09 21:14:06 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0xffffff7f}, 0x0) 2018/04/09 21:14:06 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:06 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0xe1030000]}, 0x10) 2018/04/09 21:14:06 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)={0x80000000}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_PPC_GET_SMMU_INFO(r2, 0x8250aea6, &(0x7f0000000240)=""/128) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x10000000000000aa) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2018/04/09 21:14:06 executing program 6: clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) r0 = getpid() sched_rr_get_interval(r0, &(0x7f0000000000)) 2018/04/09 21:14:06 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1, 0x0, 0x0, 0x200000000000000}, 0x0) 2018/04/09 21:14:06 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x400300}, 0x0) 2018/04/09 21:14:06 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:06 executing program 1: r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000080)={0x73, 0x79, 0x7a}, 0x0, 0x0, 0xffffffffffffffff) r1 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000180)={0x73, 0x79, 0x7a}, 0x0, 0x0, r0) r2 = add_key$user(&(0x7f00003bd000)='user\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a}, &(0x7f0000facfff)="06", 0x1, r1) r3 = syz_open_dev$usbmon(&(0x7f00000003c0)='/dev/usbmon#\x00', 0x8, 0x400840) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000009900)={@dev, @multicast2, 0x0}, &(0x7f0000009940)=0xc) ioctl$sock_inet6_SIOCSIFADDR(r3, 0x8916, &(0x7f0000009980)={@mcast1={0xff, 0x1, [], 0x1}, 0xd, r4}) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000000240)={{{@in=@loopback, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @loopback}}, 0x0, @in6=@loopback}}, &(0x7f0000000140)=0xe8) keyctl$get_persistent(0x16, r5, r0) r6 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000752ffb)={0x73, 0x79, 0x7a}, &(0x7f00000001c0)="64a66b0c52a45cb30000", 0xa, r1) keyctl$update(0x2, r6, &(0x7f00000004c0)="df02754677212dfc3e2abcb24473e8e1cfef09742258cbae7b26fdc3ffa615d9da494137e175e9f2780ac5e2a09f43a1fcebf272a5a135de92bf4a9033933824f6e6aa0238014e3293535d1c0066d28e0f275188b4b4c187e18774fc2227cbb6610fc6697f5337726164c8fbe1181e6d50986cd98a5c44ac0ec375deb27eafcf7d06438f2525100400000003e7dc2f8fd85adcd88ca30e75b1e143262d94defa187e482a9b9a9a387353df7a21affce4e9149e040000000000000065afd979e9", 0xc0) r7 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000340)='syz1\x00', 0x200002, 0x0) mkdirat$cgroup(r7, &(0x7f0000000380)='syz0\x00', 0x1ff) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000400)={0x0, r3, 0x7, 0x3}, 0x14) keyctl$dh_compute(0x17, &(0x7f0000000200)={r2, r6, r2}, &(0x7f0000000580)=""/4096, 0x0, 0x0) 2018/04/09 21:14:06 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x40020000]}, 0x10) 2018/04/09 21:14:06 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) dup3(r0, r1, 0x80000) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0xfffffffffffffffe, &(0x7f0000000000), 0x0) r3 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x7f, 0x200) ioctl$KVM_GET_CPUID2(r3, 0xc008ae91, &(0x7f0000000240)={0x3, 0x0, [{}, {}, {}]}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2018/04/09 21:14:06 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:06 executing program 6: r0 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x9, 0x80) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f00000000c0)=0xffffffff, 0x4) setsockopt$inet6_dccp_int(r0, 0x21, 0x11, &(0x7f0000000080), 0x4) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) 2018/04/09 21:14:06 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000000000000000}, 0x0) 2018/04/09 21:14:06 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x1f000000}, 0x0) 2018/04/09 21:14:06 executing program 1: clone(0x0, &(0x7f0000000380), &(0x7f0000b02000), &(0x7f00000aaffc), &(0x7f0000002886)) r0 = perf_event_open(&(0x7f0000b5a000)={0x4000000002, 0x78, 0x1e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000001c0)) fcntl$getownex(r0, 0x10, &(0x7f0000000200)={0x0, 0x0}) waitid(0x0, r1, &(0x7f0000000240), 0x204100000c, &(0x7f0000000280)) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x200, 0x0) getsockopt$IP6T_SO_GET_REVISION_TARGET(r2, 0x29, 0x45, &(0x7f0000000100)={'IDLETIMER\x00'}, &(0x7f0000000180)=0x1e) 2018/04/09 21:14:06 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:06 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x700]}, 0x10) 2018/04/09 21:14:06 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = syz_open_dev$dmmidi(&(0x7f0000000100)='/dev/dmmidi#\x00', 0x0, 0x800) clock_gettime(0x0, &(0x7f0000000140)={0x0, 0x0}) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) clock_gettime(0x0, &(0x7f0000000280)={0x0, 0x0}) clock_gettime(0x0, &(0x7f00000002c0)={0x0, 0x0}) write$evdev(r3, &(0x7f0000000300)=[{{}, 0x6, 0x39, 0x800}, {{0x77359400}, 0x8, 0x11, 0x81}, {{r4, r5/1000+10000}, 0x3, 0x8, 0x5}, {{r6, r7/1000+30000}, 0xffffffff, 0xb8fa, 0x81}, {{}, 0x800, 0xd0, 0x3}, {{r8, r9/1000+30000}, 0xfffffffffffff800, 0x7, 0xa5}, {{0x77359400}, 0x0, 0x2, 0x81}, {{r10, r11/1000+10000}, 0x40, 0x401, 0x98f9}], 0xc0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2018/04/09 21:14:07 executing program 6: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) socketpair(0x5, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_GET_MP_STATE(r1, 0x8004ae98, &(0x7f0000000080)) open_by_handle_at(r0, &(0x7f00000000c0)={0x1008, 0x9, "5d4de7bbaac6c12575478ef74cb40d4b40205875ae438b1b5012b3b2d2ae3ad3bfdf330d64a784fb33d36f9dc9793f63ccdf52c2d356cab5f3a82dda96e6cef9bf2221331685fbbaa5da8df37a57699d58ea1910f0c1a840bad3ed843e4f0e31de4b3412323f440b28707bd0855b6a07dee50c02ec68cd203a5501d942c59c14a9a66a20efdbebd5a0bc1790d25c7a5e0b9a59fa57b1d602f5d1c494bed68406be62d0a875ab4be65e70e3f755bb381ce2df4013d82e0db4e0ec0f6474a761b686208502406cc9d066c65d9b3f3108c5b7b1936b20e6e72be82ca40dcbf891e4b7971834e2e65dd4f70353790238364708ff8e998fcc71cbc8b3dd32929519fa6dfaff1ae046db72978cad177b960288e69af758b6a286e3f7e06858685c001464114d03404c20b2f7a161fe8559cb50c50e289d96603d5b70487df66797a4dfbe2bee1e252d279336645fa0df0f3d3c8d5e6167d161a80824c1dd99319bb84096837130ad73e79af7ac8ae8f50ec4676a4e64e6d23dbf1be041d2f4f42e4389fcba0db34e3c41a23f5c9c07c0445025f098a4448ee3dc95384891683aa3d43dc8a0d14fc2a9345a92b656ca1e048530efa8b33ff4e1978c78582d96fcc8712160fb59e5481000f53440f9f07e90fa6ba8b2110e551d37200236b0751f90ba888ffbb28dbf538a573b86b315e980f018f747f52a608b849749c17fc55b7dfcef6db11b45d30e4a4005407e5e285c2204da0644a86582aa260a624b281f66e1f547a838def8e5e426a90efc365f0189af82ac1821fd182fef874580ca209db0540956b242b29fa0c7b81ea3bd4945c7959715b1b2cb1824368ff16bd6011bdf9a8975190b2e93871e50b2b9294d3fe7f860eff92073388e38acab5f5d9630e183469d5bc98d5638f2ef4fdf9c6e34920f684f7de10a18f2354a6d3632ee8f3d0f4812cbbaca8a9e8270c53b0cbfa4402d28e1b1c1106aeaee2d7f3b95192d36637b23bbe67f38ecbffcf429b3f167cf50066cfd464e15313b4a361a3cb51ba4a31113d200e940f3d8dd19c783d19aefc523e9f60a3f96558029001b72eb6d86af7ac8f06bd5ab71e3082db9d5809499dfceadc4f474e1c22b2c14a4f2068a12a8255f0984152f5211ec68fd8a5a282b99a7da1358c4df11cd524e1bc72ff1e641479be0fa075aec26f2dbbf820356e5b85397ef410e236a687a955136526240358f963091f8a78abcc33d09e66c03a3c53581cdd0aeb4767fffb80a21864e534b0aadf3396d93ea85da0da9e4b76280a7926e3af229cbb2a93b6c4546341213503b576da30f31ac289aaa0e16412ccbcb6ea9799d1c7393c2444d5f6da877e4d7b199125e34f805e29bb86730a3dd94a1b1e0098d233f54cc01cfe91de134f0cc0b14204c8390b87198e73eda800540953cb55761e4c5d62b216e810126a6d8b766f438b8b473f0e7367fca3a77719e75582e08e44c6c38ea3b36c3b59df2b5fadb28930c0475d6f76b2605238200f5bb5b376e5ea24d4f54489ddd1d1b15b0bb955968d3ab4f374c54066304482009de883cc541868cf236e772a11a00ff4553696fddc35058636fa9f8f4799275671b3cd33e9613a3cd951f0e66284c4ef9eb6d6d5fc5b592db208dfcef692310fdd6f723cef0529c8372cb5ad8ca8267b78afd44b1ed91ca926ac7df2a8f8cfba8aa66ec0a39bb33683c1a05800f3121c6554087b5a730a392e374fd76acac8f7044c7abba8596c331b28dfa15fe618561da3e0caa97e45c31431ce06c57517344591c89f62a6576c502dece192c69bd1588a7076f21ec824846f15d7b41a667d4009917b649239e621e667115e367add41a981314881d382c35df65e9b41d6c43bc67d96fe22236b0212d8562bb3e27a406ce2d37579f96252d6e0f20aeb70adbd3a48b63a76901d0604c70794f72cecf84a778a79aedf86ffb63a04721ae99df14012e6352a4128490844eebfa04a51d8c7b455854c565b4bafd1c98c05178e8a0c580c624a5c6602e6fa8c41f5b0a514471d81ed64b3ec2754e8adddb2167200a21ed86c010fc320d0018157df2cc313741977e03e046ef2b7924ebed13d5e6fcd60d58635ca723919c7e1ffdfa00da7bf2bae5271981490bbf37dfcd60e22cf34979ffd36296056db06127a06a64c480b1892c055c119f5fadece55b583589843221a58c957f448c9350ca23b98a3f869aab76eb422881fdd6cea2b8c1fc4e86fba2a038c772052d04c882cbe90e394fd08725f273daa748086b60e2c17fbce0bc268f1c1d75c1479cf01146548fc142c7dd43171b5ae806e016aaf0c0114427b2b05df30725e2ab312756e4146493ba3c943b68c77b0aefb789716efbf96078c3e9a4faa115bafc57da3ab3d601347dfa2d547174dd12b434d3ad0c3f64e8d980361aa4623d75aae7efa5dddb67ba897affb0d618736bdc05f492a7f259e76d0b802d91a6aedb0e39e04d383c0cc0546936d30df637c7b08d8be8420df8d7d29fc0aa37c39cf4156698026134176c2938fb66909df401cd4cdbf0b39c120f2a6dbbc3e838c54eba642dfc177d1f8ac90ce7c9d52f2763b9890afd77b22acf063154300dae73da0ff7eccc033d22d78d93a5398594f9b6210d7020d43f2e6755d8c6b28a6938dd86172298caa0d60864e82c487b9f65bcb3a41732b7ae28905a5a7d2766b67d784f78f5fa129e952bdd3ac7387b2c335bc2101bdb73515720fa94ab775d9e779c37751944b095a0002fa6fb404390c643290c7788f1beb1d5d9085ed5bd73443d5f24ad2220db0ee88f5228d1079dd138d84a2e115477ba7bbbb7dd5154e99c04ef2af1ef964c10e662b263d4f2f75b68d82bd2a09eb124ad86d52f5b79d35666375952ab434c5e3c48abbd96f576851242a0437323c954228d17bebb768cd00101e56159e27fcd4a50c1ebbea32f28f0c7de501b0fed641b61d7644b257d52b80038a908f8788da6c1c1177c4a8ff77f9a47d6b92de66a15210692789b1b9a66668235118a3903ae19df05cc0e9b09988a73fd7ef0ff295a3a858db8ddfbe3f14f036e3beb42eeaf2a06d068698f387b4f1e1badbb0eed1c267fdbff00ee31605f8b92e6c5818aa6f182b99eea3846bfa5a3d5fc05305280bc5635185eb9520ddf191ebedd8180f39db64c76f1185b4b1d76cf9ee3321f369b40b01bd82d807c6a00a11325b80b75b850f24518cff38cbb799c5feb8fad89aa4b575d7508b258c0b3658677a0e5a2a7b329a1cf56e60b9a0a075eeaa83538bd7fc562f933eb2ff93145214e8b83de9c8cc795d4eaf8ad07f578094b3c673a55d1ef7d65520b362aa82b89581cadb88598aa71415d4503468c20ec15f04f5f45826c4e3fe6830ce5334938ee4552944e1c6d2316901c67b24273e8ad9d492e1cd4a2ed04d4e9c3fdb86f14fc108af366224e63e8055e9d7b5a01e6ee1512f4e07f37dd17dd6a47723beb1febdee67aafccb96094f9a4536ed0ab6725f3e9e07fb83543072315ccd7c83b9f9ddc38b669e99eb0b7c37505b1f74bd66d0611db4d1bdeb32c6f91abc31270e13c795dfd7162782c480c88428c86db15647dd8050963c750e48f6c2a02d4be4df48b90dd2fa68c9aee3c4bdc65383b57442875beab0689e7141493462f482d2739f991c58be550cdffca6cc47a28429a9809063f967ade1c7e71eee8d8f8e50e565c23c9ecb8a5e175c1bae362fc49ca3a7dc9338db5f3234598c37c5c98376439742c970b021961c4c5f8c6ac29a66d014367e0ab0cd7e4afe7921e4d149b56687ae79af00793461d2dc4b1a24dd47f01602ceccacb6d74e03bbe5fd52562f95e7bbbd4b6f7fb816c0e5d058e49f5180556f407814245557c2f600bd6a3e236a029a202bf848443df10bba03fd4462b9fc637723cf6a27cab9bb5c509203337185bb53ce11e83484265eae0cadec02cf02995847d4c61791a7a6ce8cd1f6ca197ef24ca88c201b2882a4f11ced8d1c37d470c4d3365beea54404a2af583f619d9c41c1274f77c7aff705fb0bcfee61159592f2d053c0129fa8047d7c41c3c6852a37ebf8f88c0f6eb72fea9617457d09e03e5ce1543161ae928197a97c783c06a1f1f71e7b657c3792ca35e8663f7210d6eadea16d0651295b0f5f2f7f24bf4f88521046d72a2abcea8949913c51de793cfb43c6bdf85f8982863ef59cdd72c9baf18b184743caed1263e04ebf61177e9addb015622463b67f01b4338d882e35d57ea4223ef655be59996134d498c8fd3e958bed761728918c9d4b858afe9423c29ba9e948a598a810a38311f0a07214d2b5096bc18fb9b25adac5c1cb5fdac0ad6a4445036adf672becddbb97987929480cfa382bd0609d59ef726d909786ea0b5fd7536d11676aeca45fc2241596420eaa06a2d53aba9e9911c23c32de0238ab757a08f7e68493582c3d45da031a0e62ba9882257d8a585589d007e1fc24c5b2ee01575a1de045635047eb2d31fc8e8dfddcb77709d6cd70d72d2a7b48b311a9f3438d0679d65dd0174701a3a8ce3fdffc4b77f4b8f211dbd906c92f9d37343b698a1f510c1fbb9530cc5eba39711a965e2a5667898824695a29b9d225b4aec1645e6036f840b015fb6c86cde458326c537954ffbd3154377b7e427e9a0f409bb8448c56aa88fb6dc7b76062d2eeaa26815846901ff3ac53f6a0e568103669c09ff068eb89968aa82b33aa611cd0302fedd2687958b2925d3c9a37f9baf27bc36838f280601e61a913e37fb20351735d7283a6bd84dc111638f4f1d557972bfd5278188b19bee0ed372e602845ad04c1f3cd4edf1f782c3a26a90f4ca41c9900af5314b240a61cfd56a6bd84fe33f93687b137a338c3345a160fa01a9ecf88d05f252c3f3eb9ddc37be2ed18ec5e58b4acc3974d19198e525d9398d56a3df867cbe544040417b931b66f2e1eac971772885aee50c2bab23d3cea38d6f630130c9d6ca5cbe3b11aeeaf429ff954468b999005cb7698219bbf651aebab7d33e0948caa408f1a7a2bdd711cba945d033c3bef7ef274b6240b81acbd544dd59ca99bb199af8a6b0d1600444550468f9ec13770a5529d4f30158c5c5eb1228f42b5aec410115ecf171c2bce617ec0b2a821114f45af09a9019afef4997e6e4637140ef76bcc5c563cfcc4a95af592476c69d106be399844cc09bba308e9bff3064a7f1648d0b9be76a41907e24097b5dd64960ae78ef512ee0ffc6fc437450bd84f591ddb1e590aa3afd8b9d823c5a0e0ce32d6f1fa56e9cd52ff95a815cb1b14f9de2eb5bb8dd1bc71aa8f936dabff7890a3004e1ac19e5c7d3301be512a43725a0583efa4fc31182e027518176ad374be10e944d3afa2a131e21bd9bdd8ac65e07edd2d0c455ce601b30676ce9479bd13ecdff49f09712c45f4e44a4c47db813e95c5fedffe9461c94c4e0b778dbef032f7c6080139028f766039fe2785fb3e603595e0ec5ade0f5600f8e32ca58ac1bf0928290fce80135e97aa00d008cff343d965cbac4992a46f62b6550c415ce06d95673dfbec400280e3658eb315c8a13d09c17fa9c33ecf7434ff5d7a0690332638417eb2397c40d3d0a34fdbfb9a3190ccdefd67ef03848713efef764a967f25c1dcb488a3352bb9e8ddabad8b5cccee20baef8d1415caba9a1df5c05b682fe6fd9b7d94daf60df6a8539ed001b88889400614f06b67ab49c3d9bf334f6e3cb8d1b6cb92edcf756234021532b63a6c451d36157412698064adc508e2aa27051a9d42747a255edb485f56af4c38c26224dfd224089"}, 0x4040) 2018/04/09 21:14:07 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:07 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0xf000}, 0x0) 2018/04/09 21:14:07 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x8072]}, 0x10) 2018/04/09 21:14:07 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:07 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) sendto$inet(r0, &(0x7f0000fa0fff), 0xffffffffffffffbb, 0x20020003, &(0x7f0000385ff0)={0x2, 0x4e21, @loopback=0x7f000001}, 0x10) r1 = getpgid(0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000100)='/dev/vcsa#\x00', 0xbba, 0x400002) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r2, 0xc0045516, &(0x7f0000000180)=0x6) sched_setaffinity(r1, 0x8, &(0x7f00009ad000)=0x1) pipe2(&(0x7f0000f61000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r5 = userfaultfd(0x0) write$evdev(r4, &(0x7f00000000c0), 0x0) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000bc8000)={0xaa}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000d62fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) write$sndseq(r4, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x1c) openat$cgroup_ro(r4, &(0x7f00000000c0)='cpu.stat\x00', 0x0, 0x0) fcntl$setpipe(r3, 0x407, 0x0) mmap(&(0x7f0000000000/0x709000)=nil, 0x709000, 0x0, 0x32, 0xffffffffffffffff, 0x0) dup2(r3, r5) r6 = gettid() r7 = syz_open_procfs(r6, &(0x7f0000000200)='net/netfilter\x00') fchdir(r7) exit(0x8001) mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5010, &(0x7f00000e7000)) readlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=""/65, 0x41) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='nv\x00', 0x3) socket(0x0, 0x0, 0x0) shutdown(r0, 0x1) 2018/04/09 21:14:07 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:07 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) fcntl$F_GET_FILE_RW_HINT(r2, 0x40d, &(0x7f0000000000)) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2018/04/09 21:14:07 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:07 executing program 6: socketpair$inet_icmp(0x2, 0x2, 0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000018c0)=[{{&(0x7f0000000140)=@nl, 0x80, &(0x7f0000000380)=[{&(0x7f00000001c0)=""/198, 0xc6}, {&(0x7f00000002c0)=""/143, 0x8f}], 0x2, &(0x7f00000003c0)=""/105, 0x69, 0x100}, 0x1}, {{0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000440)=""/84, 0x54}, {&(0x7f00000004c0)=""/183, 0xb7}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000600)=""/249, 0xf9}, {&(0x7f0000000700)=""/4096, 0x1000}, {&(0x7f0000001700)=""/41, 0x29}], 0x6, &(0x7f00000017c0)=""/208, 0xd0, 0x9}, 0x70f}], 0x2, 0x40010003, &(0x7f0000001940)) getpeername$netrom(r0, &(0x7f00000019c0)=@full, &(0x7f00000000c0)=0x48) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000001980)=0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x9, 0x9, 0x0, 0x8, 0x0, 0x4, 0x0, 0x1, 0xa40, 0x20, 0x80, 0x1d, 0x8, 0x4, 0x1ff, 0x8, 0x80000000, 0x7, 0x0, 0xfffffffffffff000, 0x3, 0x2, 0x6, 0x3, 0x4, 0x80, 0x3, 0x0, 0x1, 0x100, 0x2fe1, 0x2, 0x8, 0xffffffffffffffff, 0x74, 0x4, 0x0, 0x3b20, 0x0, @perf_config_ext={0xffff, 0xfc7f}, 0x0, 0x120, 0x800, 0x7, 0x40, 0x4}, r3, 0x10, r2, 0x9) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) 2018/04/09 21:14:07 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:07 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0xf0}, 0x0) 2018/04/09 21:14:07 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:07 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x3e1]}, 0x10) 2018/04/09 21:14:07 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:08 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x78a}, 0x0) 2018/04/09 21:14:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2018/04/09 21:14:08 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="00f0ff7f1200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:08 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) 2018/04/09 21:14:08 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x700000000000000]}, 0x10) 2018/04/09 21:14:08 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:08 executing program 1: r0 = openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x30000, 0x4d) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f00000000c0)=""/191) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ptmx\x00', 0x200000000000000, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x400000000e) ioctl$TCFLSH(r1, 0x80047456, 0x705000) 2018/04/09 21:14:08 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:08 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:08 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x200000000000000}, 0x0) 2018/04/09 21:14:08 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="c00000001200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:08 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0xc020000]}, 0x10) 2018/04/09 21:14:08 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="0f0000001200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:08 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:08 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00006a4ff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) socketpair(0xd, 0x80005, 0x10000, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_buf(r3, 0x29, 0xff, &(0x7f0000000040)="1b830bc06313a987c39b9b1c965668912739c0d2307b54ac92ccd757c47db1b5a0f7eb24d7dda37a55c43620dc2f410a0b248b6dcf7e5ae666239d87c3e4658f095c3fd8b56c0f03eb6e8802dba2c196fbb365b5be9ab89257c3c8865a855c8e25c6baef6d910e774a04557c73625954279ab375ffa3e679305ac7ef529e60ac71ae22590438dcb33f8ea12b4c394d", 0x8f) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x94, 0x0, [0x0, 0x0, 0x80000]}) 2018/04/09 21:14:08 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x5c15000000000000}, 0x0) 2018/04/09 21:14:08 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x90000]}, 0x10) 2018/04/09 21:14:08 executing program 0: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x801, 0x0) ioctl$KVM_INTERRUPT(r0, 0x4004ae86, &(0x7f0000000140)=0x4) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) setns(r3, 0x0) ioctl$KVM_GET_CLOCK(r2, 0x8030ae7c, &(0x7f0000000240)) ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, &(0x7f0000000280)={0x8, 0x7, 0x400, 0x2}) syz_kvm_setup_cpu$x86(r3, r0, &(0x7f0000006000/0x18000)=nil, &(0x7f00000003c0)=[@text16={0x10, &(0x7f0000000340)="66b8010000000f01d966b91c03000066b80b00000066ba000000000f30f3aa0fee91b02366b94d08000066b8affc000066ba000000000f30640fc79d02000f189620eb66b80500000066b9a99500000f01c1d8febaf80c66b82096e08066efbafc0cec", 0x63}], 0x1, 0x50, &(0x7f0000000400)=[@cstype3={0x5, 0x4}], 0x1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r0, 0x4068aea3, &(0x7f00000002c0)={0x7b, 0x0, [0x2, 0x9, 0x3]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2018/04/09 21:14:08 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="c00e00001200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) lstat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x2a201, 0x0) 2018/04/09 21:14:08 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000003000)={0xaa}) r1 = open(&(0x7f0000000080)='./file0\x00', 0x40400, 0x16) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r1, 0x402c5342, &(0x7f00000000c0)={0xf4e3, 0x800, 0x3, {0x77359400}, 0x6}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000019fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) r2 = memfd_create(&(0x7f0000002000)='user\x00', 0x0) pwritev(r2, &(0x7f0000000000)=[{&(0x7f0000012000)="ca", 0x1}], 0x1, 0x0) timer_create(0x0, &(0x7f0000cd0000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) r3 = gettid() tkill(r3, 0x16) rt_sigqueueinfo(r3, 0x16, &(0x7f0000000040)) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) 2018/04/09 21:14:08 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001500)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(anubis)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005e381e5b3b60ced5c54dbb7", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000002680)=[{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000001580)="f4859b4bb55d0d65f93e5cf965c73a2ac1100bb326e51270e92ef1bbaa3fb2b90c53ad606e1023719ab11babfbb786521d15ab48d3771792c6866964a0597634c3398e0a786f706415e4eea7e037c410b43a97a998a7a43450933e8120ec36ee90e41ac7c0661433fe9a97ea6c03d35d421455f8099e2cdf9acf16ef862c6ae70cacd4b2b454a6b6af7d212333254d965deb6c14d78a762151493f65a3fe3b5b7a3952573d375509259b05ade815a69ad6b904af79fc6b1c6efbb4c0eb0240a88f8675f8020ec263a2c6681d5f25dcf4", 0xd0}], 0x1, &(0x7f0000000200)}], 0x1, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x86e9, 0x101000) recvmsg(r1, &(0x7f0000001440)={&(0x7f0000000280)=@sco, 0x80, &(0x7f0000001840)=[{&(0x7f0000001480)=""/90}, {&(0x7f0000001680)=""/251}, {&(0x7f0000000100)=""/56}, {&(0x7f00000026c0)=""/4096}, {&(0x7f0000001780)=""/168}, {&(0x7f0000000240)=""/30}], 0x2, &(0x7f0000001400)=""/6, 0x1}, 0x0) ioctl$void(r1, 0xc0045878) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc\x00', 0x501200, 0x0) chdir(&(0x7f0000000080)='./file0\x00') setsockopt$l2tp_PPPOL2TP_SO_REORDERTO(r2, 0x111, 0x5, 0xfffffffffffffffc, 0x4) 2018/04/09 21:14:08 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:08 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x100000000000000]}, 0x10) 2018/04/09 21:14:08 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:08 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x100000000000000}, 0x0) 2018/04/09 21:14:09 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c8000201200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:09 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x1000000}, 0x0) 2018/04/09 21:14:09 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x2000000]}, 0x10) 2018/04/09 21:14:09 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:09 executing program 1: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x40, 0x0) ioctl$KVM_GET_MSR_INDEX_LIST(r1, 0xc004ae02, &(0x7f0000000040)={0x1, [0x0]}) utime(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x9, 0x80000000}) setsockopt$inet_tcp_int(r0, 0x6, 0xe, &(0x7f0000708ffc), 0x4) 2018/04/09 21:14:09 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0xc00e0000}, 0x0) 2018/04/09 21:14:09 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="e03f03001200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:10 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0xc02]}, 0x10) 2018/04/09 21:14:10 executing program 1: clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f00000000c0)={{0x77359400}, {0x0, r0+10000000}}, &(0x7f0000000100)) r1 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0xde0, 0x1) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f0000000140)=0x280000000000, 0x4) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000280)={0x0}, &(0x7f00000002c0)=0xc) r3 = syz_open_procfs(r2, &(0x7f0000000180)='mountstats\x00') getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r3, 0x84, 0x1b, &(0x7f0000000300)={0x0, 0xae, "58c382c8adb058c0a17236b677f6975e2543e4508ca58c5827fac0cc63228fcbe8af85a1c168a033e015158a3923e9745e6085e9228a7492c6df813e2b70272f3e9d9405a301abc91118a0e786b47043912efa5d4dad46567dc4404a9a0c5ddab2b212b46758e6a4eed2ed0bf653f377fe3b367da4f8c4e4145c5d4ea124e4996f8877179cd65f9ffb43c984df64bc168c213825226c46e29b9005954880ea58945247df94e564225b18db33dab0"}, &(0x7f00000003c0)=0xb6) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000400)={r4, 0x4c, "c526e9f8770275a9caf6a8da86d61c383cc7a19394fa004b01be4ca8bd4f2ae0244975ca0a98688c213b50614e248a0bffe5ac731ec00f23e6c4433acf5eff775a37b0a2230c24ec5d491155"}, &(0x7f0000000480)=0x54) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) timerfd_settime(r1, 0x1, &(0x7f0000000200)={{r5, r6+10000000}, {0x0, 0x1c9c380}}, &(0x7f0000000240)) ioctl$DRM_IOCTL_RES_CTX(r3, 0xc0c0583b, &(0x7f0000000080)={0x0, &(0x7f0000000040)}) 2018/04/09 21:14:10 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000240)=[@vmwrite={0x8, 0x0, 0x7fff, 0x0, 0x100, 0x0, 0xffffffffffff0001, 0x0, 0x1}], 0x1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2018/04/09 21:14:10 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0xc00e}, 0x0) 2018/04/09 21:14:10 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001400ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:10 executing program 6: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x40, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r1, 0x80dc5521, &(0x7f00000000c0)=""/123) r2 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x8001, 0xc00c2) fdatasync(r0) ioctl$KDDISABIO(r2, 0x4b37) 2018/04/09 21:14:10 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:10 executing program 1: r0 = msgget(0x2, 0x0) msgsnd(r0, &(0x7f0000001000)={0x3, "d62f38e95a39dfcec60c4a27096825fbab1006ab2babb37f530ba286777a564d58860f39d1f524a5a3816edf4d416043e92a2895c1fdc795665a5860c31bc824d4924e2ec95fec9f996f9530a040dd107837313400d349c75bb7f2e04cb1f1f879401ab8ac48d8df051527968741d12fddc3ff38e3ba3d360ea68017b07d3a575c910a38411c8dd65d2c77c606d1ce5fa42b88efbbdfe6efbe4cb7c456e149b604d693778fedd38efbaa25c693104798d54b2a20d47ddd23559a1ed6ed1d5b55d7ee3aa7ad2494f5a5364a8c2990423a756b463fe97ca8dd759cc7cecc21e5b22c3c10ac982ef0a47ffaa8d0452301c98db09306b459abf1c44fceef073dcd5375b5ae214be2b7fd3bde6bdaee0702505134168437937a9c50391419807caa6bd1a1fc06682e7b2e28d29d8cfe34cceabceaf95682a6ecc5321b242f25f50a754f2903ee4b438a939d7a2106e3ae85677441be6d0216d26f83aa12f2ceec5b252820c385ff70e8da8735f57e93855dceefda0ffc4344d08ebc1d4ea709c1ec68ddd37d9a560bb7388207ad8b98b2fbe55ebf18522b16ddc8935981057d9898cf09cacf112e5a125fdf6e4fee81163d2dc6511de56a1ab2fce30deb1538ad2efe65543f54b3f175bac58a95bbc3b7fb21bbebc733641be9de3999d15bf7f8694511388830e901e1c52acd7f2ce0f93c09dbe0c858408759ec29216f97fd7e20a7f0789d63170b8c2148d411a2df82f59ed2158ec91ae08fec0ccd0abefff894055a3aaaa23fd49582770a98564186c9d706d722eb13e6620730b50f6787a208d79727cdebbbc5bb16bd61eed1cda6bc79f5c3bf424368c37641dc250153593d5c96ad2b18a6e1e5987ccdd11b5bf4e807362fcbef30b3f03ce629bc6df8e9d3b555fe14e0f167ea74102bfc9ce86904d69305683e981ea01d93db6870a761d6d077aceee2b118b57637298921455ba811063afecfe577226d16d14f9ba0720eb76de109c92e43fab8110ba372570add0cc1658d230ff127846045a14639fe0e58b3c5230850f2f1470ab15fd82dc5570e709927440fcff0a012e291d50d29af40e06e585745131654974fe803a74517f5f31b9871e1f42ee2bc67abffc03ad8cd8c0dbc3beeaed534225759344e41330971a07a931fe8b20b1e3fd864782639f6141784bb19048ae202d885548b896b95882b2d814467b77f658b50f60e9af9312ea4e40b25fa66fe55acb7130856a98f90ac3163ac217d36d291e75298055fb9a83335331dabe1190f83b6baa1c5d48f9f4f549686de2c1d90345a2292f3df53ff97f3b48222b13d97b5e24b1f2dc84b11351af1f8838838214a1b570ea181d131cabffe40ce52aaa30c50e221fd41fe917ddd4d0effd2b7d660b3ac344473badf3effe32ec62aaa8b0ed139f835e36d17cc174f1f2dba84a08bb6dd70c59560d840ab569f212ed00e61d013ec4b577692fd54c272f810f961826520b0d6437d4a336f4c6356aef36c51236eb6bc5b93b953412156d88c0fcdf4b2512cb8864441fad0639400addcd99d6bb85db43014d7dc70c44273f0b403717082d3ab315c0e258f458cd1890053772e2f790439cc46bd6efeebb4e772cc5f6ab60c9c5c04c93a4f713842a3f5406ae829d961dd6691cb1e481a80b311ce1feb3e5daa9d6bb76c3a105c41f4ea7e7e0527c94e6cd417bfd9361d4598f219bdb736a45d895ef93d4ec0d2de1c0406f265774cf6a8b800fcb9efb2310a38d45f7949cbf4b296fca65dcfb5f873e2e2d3fc9b16391a07c0487d9801cee3bd85f37f799bcf055a1a06aec967d4a4f2ad2aacfb3919d69c9bd70f90cec18f45a25dfc7085fa02c5579cc783066db1220505f5bc2b8de204e2d7577f3d8adb0f390d985c6cc4140f58dc5c9113472097c02dccdf1783c6f7dd693ee03385a1bfbe6a7379e10cf510832f34b6d759c78703ec7418c7eaa12477a797703abab34568fe76ef6a51d2c5d903f95dadc1e90ac92693b9f83fa6cea544ce6e59ea4dc13418ce60501258f27d1586384ca463b5ea537376c8c9402597e5ee7e7714c05a76cf7514c2c37f9b79fccaff318344ed9fd1d1bf8c4eec190b2ba0fbe25014ee96ee45fd7dabb050eb3530d79b934a1abb8a1a1b0e9f8452e5513ce3ade21603173cf58e8ff58d1a9eb4fdffbab20c7b73683f9ea6631a179034f7a74df00dc53cc982bb9cbaea08665ad5505f206c3351f2401e6ec7f9944234e9d582d9248882b8b229009e48c243e2ba85456834661e0a47909250312cdb702c7bbfcdccc023770a3da5ace49f3789bfde026255b0218f7e5fc53882870ed8f2a6afe853290a680c25ee0a67eb58e7f3fac7e9ae20978b6d2cacc5e48b191a2450353ad0b7ff7c77c0717f83e7c875a8636f06c7275f9fd12b1480272fcfedd9c9ab3d5967275ad64722f9254e4a262a7b50001514d1a4ffee19fb8fc659e8fbb5b319f5104d0987dd5ce953b6545b9cd83d854554587e171e5f5a11411c0a7d4a584fa51839a7c977c5ab0b3bbf1f619925a2cc94821d64bfdcfbcaa5d978eb1a4453a426392a9ee4fc2fc21354dff5ca8569f514b8a240ceb14573ea05204a878169584092ca3b0c13205df53a9f039ecef6bc065b7f54c9621aa5090bc07abc542926ba5a9d83e25f98ab4b338a3a945063c079ead07243567c497f76461a8d9f92a7f70e1e00045ac7fdda23d55bf814600a582fff2438b3d10f4ac3af663184a2f9e72e2fe8d9f1c0d53d6875ac389855d191e4cc5c8e43387661500756dbe810c68691d219b3380a91ab5e03a4b12272c55c539c739d32c41e9df5e197643604467d124894693febc169ca5245a8769c24be36e1c3801c02b7f8fb23caf5c28b467a6d26de6830b74d8f56a342caefbb05906bad1e914105d1a320ad9ed9aee6fc4264f73226825c9744a1a3771c9d884043f70aea2b33e849ce3ff5dbd71b9a578b03fd9fbd7961965f1f35f8e61bcc8414cbade54aac977243477783b180e4fad343510ee3bef03444bd08c0346e61a59922993c2a467aaf3b802b3187845e29fc426c8b0ffe4085afda4c9779ae0cc5f9ea4e3c6ecb535c400e0dabded238e98c11e22824d6fc94532c7e34ac99b80817f275bf7b2a23edb1ae95f06b066416f408ee09013b28d7adea10e5593d3ec1e7151032deecbb919f8350aa5399769ccfc460c161a89aaf7685e9db5e4ee424dd097f75402f2477da83efa37be24754233aada134ff9fea7f6ea38639fb8ab2a61a3e52f3e858e61c7d306ced0848222cea42f4408b67541bca4b28efd9c4facee763e54b221123f02c9c582b3692988e4d7fe74714869f9d29dbcd185c60efb00a1b1bff188ba3b2699d805036c1e4bdbb9424abf6b7d33263a811a8534d797cf1a710eadf88950ebca82304871387dec4c07e3859098e031b75f6b7f17a72e19e833b3d54712a8ad025d419e3064c58c4255a4f8f284997df12ac79d48e3e440c65ab8b3f7c059f14a63a89d5c07263b475581f13d56f213be82941cfc6de01c57a325f7e84a74ef4049e84ebe536cf0616148da6ea95b575df49beb4a3cecccee9987533b8e47325eb1a600147cb520cf25967010461df4f30273bd1b3d838ef963ce56c75013b86c47e6f4ac210447833f28bfd7903442021e28f60cda576c95ddf2704a90449fd61b05ff31f410d177bcd2536e37aed437244cfc85a51cf6f10ff044acb7e9ac1f3d090a4a3db5cd7e8834cb6651afa55ab67700b3b51506ada2665b1c75bf4df0181bf8f508fde7423ce934777cc36b134c5c08dc8577fe8aeecb121a3d7cdf8f64c1151490576df3e41b49fead04ac0c80cefe5671b1705aa6f06e7026c910e62c32c5ece6281961a496a7c74c0c3a8d4daa9eb7a5a95fdf09f9f99c211ef4c6c70ae9ff8c2216e508a31a00334829a8c7e4c91b1df201d4284dfe1022aa3c220bd1bf79d30dfaef70e6f71c70b10f15a98b418095ebdc8cc6d838aeeb50f74409b2da0e8a8e027f998770d4423ec4b6b1dbcae0baa2555ab11de468f198795ca747b05fd9d6ad68bbf88c1b4208932d9c0fe4317fd4b8c8cbbfc49aebdfedce6ee27161c7d8c7d1145ffa4344bed3d472dcc1a5749f59b2adc6ba59d81972ac2996fb82e683c925f1bb1cc05e3253f08f05b848a1e77415a6ef0a56a67f9d30a5ffb532656a5fed0f60038c04100a8c60fa97240f90f91fb3d5940429c3ae7411942b1ca24d6ab2a5566bebb34cf39200b167ad74a5329a70529f311827d6ccbd962bd72591e567b28f9a828c52c654223612812d961a4a98ddea3cb8e05a76ea56152dd09a346789214082a9909b66e9991aa35e23c455a834deb776720b72ce46d748b6d123320eb8058fa0ff1f89e826af37ee96d5b5a5917fcb59217f1e9f009a2e4dab03c6938b8c8db458e66de89281fd4c96c536e00f340a62845754d39c1450e6a0a3de6f3bc01ab8d0d2e0421c0daef546d23b9f6b275a56fd2b1bcb7778e2a9cc2288db5dae5a8e2a1b90c52f93d5ea4329a7286205bd14fe187ef67e47bc59736f20f7fa5d41f58aa6b18da2756a5f5c6b6fed440ccb65b02f47956b44c4d9dd1f81447f4be5b3cf2e54fb1257e021b8fb1d290072d19af14d0bbe09a6609b5bf77f73a4ca0c04834b1318b672a15f242cd422c4a9d7ff6be23b25475aa2d88b99fe55e2cc873154ecdb45e8bc86ef40f4db67e791674bba86b799bf85f0db778578fc4ffc2ac3a0ff592d6cfe8ce206a03d3bf85426aea5c5d684c2163b6a058bee68bf91b30372da46f3681ba8105f8f2c0491abaf27f08ae24fa80c550b4786462dd71ba4cb61aa00d0151cba3cc32d6aa6a7eabb6bb024dca32c2a883d07c66bc3103f69891bb3dcf7865823850f16d3a6cfb69ff30776c2d8857f6dac87bbd5afa48d47b5b81ba48eeabfc781124c2ae0bc853911e35905a3ff143d33172d7fbfd797517a4984a2145710b954239fbd480ed9140f367b47ebf6a53e73fadefcc835d0d113fef1cc11764248581f719e6e7dfb707b91c3e102ddf8d81baf012c342640ade809e84325bc6b5a43d19b4dd3f9e6f65aefd8fe6f60f56ed44a039a31c3d344a44f5c9778f15d0aa61e0205cb8b8114429a6dacef4934242ed76e52ccd68ae08964f9f81ca74343d1844014bc42ec4a935df9b49d1895ec4244c7085d5514454fc357748b5a5b6a88dfad2e7b0c9e8216c6e46847b76dd38b6ff53c22bc378bba8b3a0cf35264192f12bd6bfd32db889b082a52ed81a4a5de98c5aa6f234d7af8d9756f655a82cbf461ce9bd4d3aeefdc1d1cff30a33ba66834f0ab66b0c74e19f4d39b21a1ae09841552ccdae721ee5ea55540198d49ca8586bc6b0af659674e2ac740778fdc8f819d92076ecde2e5cf2c7df84a5922abcbb7306988cbbff0fb2253419388384834870efe7040f1b65e07518dbe6a8145375362efcd1fefaab58934d400c7512717df672c9aa4a56e45f14b1a912f61f856ad8d75ba859785a79dbd866351fa83484bab912766ae7a4c7ba01f3f674a2bcf6b82a60788da2d9f70393fad599f753d37203efffebc600fd68af134015b26d20e48997e77275233161001c546445fea2bad313486d2d6217051cecf198dde1eaaf1261b9ee5ef0b654f2dbb0939b5056dc4da3c0ad2657b73cbb50761bf9e037aa7ec72f0886a51761dfd045d5d7869959f9743416c32fe4ec176b75c39db014a7115dd1a50bb0a02825cc671b0dec99c6a532ab1964c6eb4ed9fc5e6ed79073d6341abec15a8adeac"}, 0x1008, 0x800) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f0000000000)="440d5d0d010000ff03000000ec", 0xd) getsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f0000000f73)=""/141, &(0x7f000015affc)=0x8d) 2018/04/09 21:14:10 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x8a070000}, 0x0) 2018/04/09 21:14:10 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001f00ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:10 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:10 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0xb400]}, 0x10) 2018/04/09 21:14:10 executing program 1: r0 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r0, &(0x7f0000000180)={0x18, 0x2, {0x0, @local={0xac, 0x14, 0x14, 0xaa}}}, 0x20) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000040)={0x5, 0x100000000, 0x5, 0x1}, 0x10) connect$pptp(r0, &(0x7f0000000000)={0x18, 0x2, {0x2, @rand_addr}}, 0x1e) 2018/04/09 21:14:10 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:10 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x6304}, 0x0) 2018/04/09 21:14:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) getsockname$packet(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000140)=0x14) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2018/04/09 21:14:10 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c00f0001200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:10 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x2]}, 0x10) 2018/04/09 21:14:10 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) 2018/04/09 21:14:10 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:10 executing program 1: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000fe8)={0xaa}) clock_adjtime(0x3, &(0x7f0000000040)={0x8, 0xffffffff, 0x1, 0x8000, 0x270, 0x400, 0x7, 0x3854f152, 0xf0, 0x4, 0x8, 0xffff, 0xfffffffffffffffa, 0xff, 0x7fff, 0x7, 0x20, 0x1829, 0x5, 0x1, 0x1655, 0x6, 0x0, 0x1c00, 0x100, 0x5}) mmap(&(0x7f0000000000/0x5000)=nil, 0x5000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000005000)={{&(0x7f0000001000/0x4000)=nil, 0x4000}, 0x1}) time(&(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000281000)={{&(0x7f0000000000/0x2000)=nil, 0x2000}, 0x2}) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000005000)={&(0x7f0000000000/0x3000)=nil, 0x3000}) 2018/04/09 21:14:10 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:10 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0200001200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:10 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0x78a}, 0x0) 2018/04/09 21:14:10 executing program 1: unshare(0x20000400) r0 = socket$inet_tcp(0x2, 0x1, 0x0) fstat(r0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000680)={{{@in=@broadcast=0xffffffff, @in6=@mcast1={0xff, 0x1, [], 0x1}, 0x4e23, 0xffff, 0x4e20, 0x3, 0xa, 0x20, 0x80, 0x2b, 0x0, r1}, {0x3, 0x5, 0x4, 0x9, 0x4, 0x5, 0x100, 0x800}, {0x8, 0xb84, 0x1000}, 0x2, 0x6e6bb7, 0x1, 0x1, 0x1}, {{@in6=@ipv4={[], [0xff, 0xff], @rand_addr=0x4}, 0x4d2, 0x3c}, 0xa, @in, 0x3504, 0x1, 0x3, 0x1, 0x3, 0x20004000000000, 0x8}}, 0xe8) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f00000000c0)) connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000eb0fb8)={0x1, 0x3, &(0x7f00009ff000)=ANY=[@ANYBLOB="181000000000000000000000000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x4, 0xb7, &(0x7f00006ab000)=""/183}, 0x48) r3 = syz_open_dev$sg(&(0x7f0000000100)='/dev/sg#\x00', 0xffff, 0x2200) recvmsg$kcm(r3, &(0x7f00000005c0)={&(0x7f00000002c0)=@in={0x0, 0x0, @rand_addr}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000340)=""/251, 0xfb}, {&(0x7f0000000440)=""/142, 0x8e}], 0x2, &(0x7f0000000540)=""/117, 0x75, 0x3ff}, 0x2) r4 = socket$kcm(0x29, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x89e0, &(0x7f000031aff8)={r0, r2}) r5 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x2, 0x20000) openat$cgroup_type(r5, &(0x7f0000000080)='cgroup.type\x00', 0x2, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000140)={{{@in6=@mcast2, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6=@mcast1}}, &(0x7f0000000240)=0xe8) bind$can_raw(r5, &(0x7f0000000280)={0x1d, r6}, 0x10) 2018/04/09 21:14:10 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0xb00000000000000]}, 0x10) 2018/04/09 21:14:10 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0003001200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:10 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000006000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0xfffffffffffffffc, &(0x7f0000000000), 0x255) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2018/04/09 21:14:10 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0xffffff9e}, 0x0) 2018/04/09 21:14:10 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) unshare(0x180000) 2018/04/09 21:14:10 executing program 1: ioctl$EVIOCSFF(0xffffffffffffffff, 0x402c4580, &(0x7f0000000300)={0x0, 0x0, 0x0, {0x0, 0x7f}, {0x1}, @cond=[{0x2, 0x736, 0x1ab, 0xfb, 0x5}, {0x0, 0x6, 0x4, 0x0, 0x4, 0x2}]}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000340)={"726f736526000000e7ffffff0000007f"}) rt_sigaction(0x0, &(0x7f0000000540), &(0x7f0000000040), 0xfec4, &(0x7f0000000600)) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000001000)=ANY=[@ANYRES32=0x0, @ANYBLOB="4c1b699f2469acdf9655f412ddc3c84b9bcdde53d00989d5146c2070d0bcea8582fe20cd41b34a1e6842df14c2496ebfe2ca6bc667c4bae7bac76736ca3a4fb8820718f9edb1173cf34430f98f887c578fad310f4daad1bfe5456f1a1cbfc985a4e3e9179d13b5a95230ef3c46ce65f1257ba67371321694f3f8c47fd28b7b1496fef4d4cd31a9e601cb3fc7a2db10ff1276c3e34357d59da03afa4b885992acb1784f0acebf635747b1dcee35c4e014dca05918653bf4e3512c72b8dee1fd4dfd931565a11fdfaf17bf154d304dbea69cbe85c9686718d09b60b26e879b46956ae47024c8e4f0f67b311b1e559627d954e36d9e67767918986e50cc2ae01b90ba0d552a3d19db676381c6275bc2c0f0ae971cc66e18bc1fdaa2b99a44df586a441cb7145a97da49ce0fae322c0116bea93fb617cde6573327ea05c54c1b0eb029b76e2c25590644000000000000000000"], &(0x7f0000000100)=0x2) ioctl$RNDADDENTROPY(0xffffffffffffffff, 0x40085203, &(0x7f0000000380)) getpeername$netrom(0xffffffffffffffff, &(0x7f0000000280)=@full, &(0x7f0000000500)=0x3b) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x4, 0x44031, 0xffffffffffffffff, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x1) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000480)='/proc/self/net/pfkey\x00', 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000005c0)={0x0}, &(0x7f0000000840)=0xc) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f0000000880)={{{@in=@dev, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@rand_addr}, 0x0, @in6=@dev}}, &(0x7f0000000980)=0xe8) stat(&(0x7f00000009c0)='./file0\x00', &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000a80)=0x0) stat(&(0x7f0000000ac0)='./file0\x00', &(0x7f0000000b00)) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000b80)={0x0, 0x0, 0x0}, &(0x7f0000000bc0)=0xc) getpid() getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f0000000cc0)={{{@in6=@ipv4={[], [], @multicast1}, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000dc0)=0xe8) r7 = getgid() fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000200)={0x0, 0x0}) fstat(0xffffffffffffffff, &(0x7f0000001740)={0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f00000017c0), &(0x7f0000001800), &(0x7f0000001840)=0x0) lstat(&(0x7f0000002b40)='./file0\x00', &(0x7f0000002b80)) getgid() lstat(&(0x7f0000002c00)='./file0\x00', &(0x7f0000002c40)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000002cc0), &(0x7f0000002d00)=0xc) sendmmsg$unix(r0, &(0x7f0000003480)=[{&(0x7f00000007c0)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f00000004c0), 0x0, &(0x7f0000000e00)=[@cred={0x20, 0x1, 0x2, r1, r2, r3}, @cred={0x20, 0x1, 0x2, r4, 0x0, r5}, @cred={0x20, 0x1, 0x2, 0x0, r6, r7}], 0x60, 0x80}, {&(0x7f0000000e80)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000001680)=[{&(0x7f0000000f00)="2776d6e3b41e958fb030ccf51ac290476569ac4b314c39460d6b552a2d9b8cfa304a7c400e080c7e810c7d6c1e465a885d3efbb6e4ed08148f58c09bc86919cfbffec9b419f35fa6e78f3bd9d34bdf99c816fb42c724ee073854d6792d3b61da68c3914c6a3f5ce9a5e133b616dfcccf1fe1bed02d94ac9bb9a61e53184e343736bafecee4dd80b4bc7946b2ccdc962931cf906367eda499f26af472e4e0ce57bff19270e202e633fca87e2a142203e661e54beca8f425269635f50b0352d52f6852c16800dd4c867ebbe7a97c134f6b100a8f6aa101d6d7bd40469f52c86975370b9689486248bd30b4d06de6b04c8880b2e744870a349915dbf55d56cb4f", 0xff}], 0x1, &(0x7f0000001880)=[@rights={0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}, @rights={0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}, @rights={0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}, @cred={0x20, 0x1, 0x2, r8, r9, r10}], 0xa0, 0x4005}, {&(0x7f0000002dc0)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000003440)=[{&(0x7f0000002e40)="3ce54adf6b80f2651f90198b0c5f15228d5122f00c7bd74521908c79dc060f28700c67f591a752124f02247ee1c3ae14058d886ac320143aa57a4058647069bdfdb18e8f555d5d42a4cb324169cc5dab913ba910541b68eebe48b8e092437e2b812fb91a5953baf51cad5d", 0x6b}, {&(0x7f00000031c0)="e1339a59b5838c563ace7181bddfd7b95a8facf90c7a32042a32bd0de18b01932d3a389b7fcc1212b1cfa2017e2cc15c89b7dea1e8c46c44359d47d2b13a88b65a1f1d978a3ebcaeff10c1b229cfb8decdf4bc0033c9c940d2d780f68f484d59d0b3d233255a91a2ae30a28d2f0a053c63b712daf830f36e141af8206d61e87cc042a0c158f4d95fd2222ddf67269a45973e240f5622d6cf44bedfbbbd73aafddd7182bb74d94f3e270e4d9c5c49dc398f7443cea966062a16148f9ce8a721bb6c9e53c5c3ea0e21cefa380b4d5eb3e1dd684dc3964264fb4a2b925a922e768f92249904f5bb38ed2276ce4560142b", 0xef}], 0x2, 0x0, 0x0, 0x800}], 0x3, 0x80) sync_file_range(0xffffffffffffffff, 0x5, 0x4, 0x2) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000000)) syz_open_procfs(0x0, &(0x7f0000000580)='oom_score_adj\x00') setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000c00)=@nat={'nat\x00', 0x19, 0x5, 0x170, [0x20000640, 0x0, 0x0, 0x20000820, 0x200009c8], 0x0, &(0x7f0000000080), &(0x7f0000000640)=[{0x0, '\x00', 0x0, 0x0, 0x1, [{{{0x5, 0x2e, 0x808, 'ip6gretap0\x00', 'bridge0\x00', 'gre0\x00', 'eql\x00', @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [0xff, 0xff, 0xff, 0xff, 0xff], @empty, [0xff], 0x70, 0x70, 0xe0}}, @common=@nflog={'nflog\x00', 0x4c, {{0xfffffffffffff000, 0x81, 0x10100000, 0x0, 0x0, "53f5f8107e00ef4e478f4f8bc1930456f2a21622302747f5f044b61f70062e2d6d15bcfd7c795092c73f44b0db02d373dd9cf508948aa9bc6b388faa56fdd5f0"}}}}]}, {0x0, '\x00', 0x2, 0xfffffffffffffffc}, {0x0, '\x00', 0x5, 0xffffffffffffffff}]}, 0x1f0) syz_open_procfs(0x0, &(0x7f00002dd000)='comm\x00') pselect6(0x40, &(0x7f0000000180)={0x0, 0x6, 0xffffffffffffff49, 0x3, 0x8, 0x3, 0x28, 0x40}, &(0x7f00000001c0)={0x7fffffff, 0xfffe0000, 0x6, 0x6, 0x5, 0x81, 0x0, 0x3f}, &(0x7f0000000240)={0x4, 0x63, 0x80000000, 0x5, 0x665, 0x8, 0x400, 0x7ff}, &(0x7f00000003c0), &(0x7f0000000440)={&(0x7f0000000400)={0x4}, 0x8}) syz_open_procfs(0x0, &(0x7f0000000c80)='projid_map\x00') 2018/04/09 21:14:10 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0xe103000000000000]}, 0x10) 2018/04/09 21:14:11 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0463001200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:11 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:11 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0x8a07000000000000}, 0x0) 2018/04/09 21:14:11 executing program 1: userfaultfd(0x0) syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x0) r0 = open(&(0x7f0000ae8ff8)='./file0\x00', 0x14104a, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000974fee)='/dev/input/event#\x00', 0x0, 0x101002) write$evdev(r0, &(0x7f0000037fe8)=[{{}, 0x1, 0x74, 0x2}, {{0x0, 0x2}}], 0x30) sendfile(r1, r0, &(0x7f0000000000), 0x100000001) perf_event_open$cgroup(&(0x7f0000000080)={0x1, 0x70, 0x9, 0x3, 0x3, 0x40, 0x0, 0x2, 0x3c442609c82038ad, 0x0, 0xb7f, 0x8, 0xffffffffffffffff, 0x7, 0x1, 0x0, 0x8138, 0x2, 0x6, 0x7, 0x1, 0x1, 0x7fffffff, 0x9, 0x100000000, 0x7, 0x1, 0x0, 0xfffffffffffffffa, 0x3, 0x8, 0x80, 0xfffffffffffffffc, 0x6, 0x8, 0x0, 0x9, 0x0, 0x0, 0x8000, 0x3, @perf_bp={&(0x7f0000000040), 0x8}, 0x0, 0xe9f, 0x2524, 0x3, 0x8, 0x81, 0x145}, r0, 0x8, r0, 0x9) 2018/04/09 21:14:11 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0xb00]}, 0x10) 2018/04/09 21:14:11 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(0xffffffffffffffff, 0x0, &(0x7f0000000000)) ioctl$sock_netdev_private(r2, 0x89f9, &(0x7f0000000140)="8acc3907e2a7059485ef637eae1641b13ba6dce27d5e20b2235980") r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) socket$can_raw(0x1d, 0x3, 0x1) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f00000003c0)=0x6ab, 0x4) bind$nfc_llcp(r2, &(0x7f0000000340)={0x27, 0x0, 0x1, 0x7, 0x0, 0x9, "8e9e6bbeafa9cbe44546e81ae273e7331ea7b900ac6c56fe684a33e1a43b64add154e4221cac57c8c31e2ddf394f8964a78ffe3abeb803a1a67032df9f3bda", 0xc}, 0x60) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = dup(r0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r4, 0xc08c5335, &(0x7f0000000280)={0x4c, 0x1000, 0x9, 'queue1\x00', 0x9}) getsockopt$inet6_mreq(0xffffffffffffff9c, 0x29, 0x1f, &(0x7f00000013c0)={@loopback, 0x0}, &(0x7f0000001400)=0x14) syz_extract_tcp_res(&(0x7f0000000240), 0x80000000, 0x5) bind$can_raw(r4, &(0x7f0000001440)={0x1d, r5}, 0x10) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2018/04/09 21:14:11 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:11 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) r1 = syz_open_procfs(0x0, &(0x7f0000c1aff9)='ns/uts\x00') setns(r0, 0x3ffffff8) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc0045540, &(0x7f0000000080)=0x21) ioctl$KVM_NMI(r1, 0xae9a) 2018/04/09 21:14:11 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:11 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0x5c15000000000000}, 0x0) 2018/04/09 21:14:11 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000000f00ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:11 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x4002]}, 0x10) 2018/04/09 21:14:11 executing program 1: r0 = socket(0xa, 0x2000000001, 0xfffffffffffffffd) setsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f0000000080)=0xcd, 0x2) getsockopt(r0, 0x0, 0x53, &(0x7f0000001000)=""/8, &(0x7f0000000ffc)=0x3) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f0000000000)=[@in={0x2, 0x4e22, @broadcast=0xffffffff}, @in={0x2, 0x4e20, @multicast1=0xe0000001}, @in={0x2, 0x4e21, @broadcast=0xffffffff}, @in={0x2, 0x4e21, @multicast2=0xe0000002}, @in6={0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, [], 0xb}, 0x800}], 0x5c) 2018/04/09 21:14:11 executing program 1: keyctl$reject(0xc, 0x0, 0x861, 0x6, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000040)={0x3, [0x0, 0x0, 0x0]}, &(0x7f0000000080)=0x10) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000000c0)={r1, 0x0, 0x8, 0x1, 0x5, 0x400}, 0x14) 2018/04/09 21:14:11 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c1b09001200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:11 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0x8a070000}, 0x0) 2018/04/09 21:14:11 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000140)='/dev/hwrng\x00', 0x408040, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f00000002c0)={0x0, 0x101}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000340)={r4, 0x7, 0x30}, &(0x7f0000000380)=0xc) 2018/04/09 21:14:11 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:11 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0xb4]}, 0x10) 2018/04/09 21:14:11 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x102) ioctl$KVM_SET_IRQCHIP(r0, 0x8208ae63, &(0x7f0000000100)=@pic={0x9, 0x2, 0xd9f, 0x1c, 0x6, 0x5cd, 0x7, 0x0, 0x7ff, 0x6, 0x5, 0x3, 0x6, 0x2, 0x9, 0x2}) ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f00000000c0)=0x100000000, 0x4) ioctl$SNDRV_TIMER_IOCTL_TREAD(r0, 0x40045402, &(0x7f0000000080)) 2018/04/09 21:14:11 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:11 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000005c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc-camellia-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="0a0775b0d5e383e5b3b60ced5c54dbb7", 0x10) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) sendmsg$rds(r2, &(0x7f0000001700)={0x0, 0x0, &(0x7f0000001680)=[{&(0x7f0000000300)=""/162, 0xa2}], 0x1}, 0x0) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000100)=0x3ff) ioctl$SNDRV_TIMER_IOCTL_INFO(r0, 0x80e85411, &(0x7f00000003c0)=""/5) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000000080)=@ethernet, 0x80, &(0x7f0000000200)=[{&(0x7f0000000140)=""/170, 0xffffff04}], 0x1, &(0x7f0000000240)=""/148, 0xfffffffffffffe78}, 0x0) 2018/04/09 21:14:11 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c091b001200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:11 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:11 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0xec0}, 0x0) 2018/04/09 21:14:11 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x240]}, 0x10) 2018/04/09 21:14:11 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000232ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000001000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0]}}], 0xffffffffffffff60, 0x0, &(0x7f0000009000)}) mmap$binder(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x11, r2, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000c5a000)={0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000a94fd0)={0x14, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="23a6db5df7589097631040", @ANYRES64=r3, @ANYBLOB="0100000000000000"], 0x0, 0x0, &(0x7f00002e3f90)}) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) 2018/04/09 21:14:11 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:11 executing program 6: r0 = shmat(0x0, &(0x7f0000ffa000/0x4000)=nil, 0x2000) shmdt(r0) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_RESET(r1, 0x2403, 0x800) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) 2018/04/09 21:14:11 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0x40030000000000}, 0x0) 2018/04/09 21:14:11 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c001f001200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:11 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 456.024792] binder_alloc: binder_alloc_mmap_handler: 31625 20000000-20002000 already mapped failed -16 [ 456.091109] binder: 31625:31634 ioctl c0306201 20a94fd0 returned -14 [ 456.120511] binder: BINDER_SET_CONTEXT_MGR already set [ 456.129898] binder: 31625:31634 ioctl 40046207 0 returned -16 [ 456.152842] binder_alloc: binder_alloc_mmap_handler: 31625 20000000-20002000 already mapped failed -16 [ 456.178806] binder: BINDER_SET_CONTEXT_MGR already set [ 456.187128] binder: 31625:31634 ioctl 40046207 0 returned -16 [ 456.204615] binder_alloc: 31625: binder_alloc_buf, no vma [ 456.210343] binder: 31625:31634 transaction failed 29189/-3, size 40-8 line 2963 [ 456.224680] binder: 31625:31659 ioctl c0306201 20a94fd0 returned -14 2018/04/09 21:14:11 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x8072000000000000]}, 0x10) 2018/04/09 21:14:11 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0x400300}, 0x0) 2018/04/09 21:14:11 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:11 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_SIGNAL_MASK(r2, 0x4004ae8b, &(0x7f0000000140)=ANY=[]) r3 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x4, 0x200c1) ioctl$TIOCGPTPEER(r3, 0x5441, 0x81) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2018/04/09 21:14:11 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000ffff00ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:11 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x101080, 0x0) r1 = accept$alg(0xffffffffffffffff, 0x0, 0x0) syslog(0x3, 0x0, 0xb7) ioctl$sock_bt_cmtp_CMTPCONNADD(r0, 0x400443c8, &(0x7f0000000080)={r1, 0x7fffffff}) 2018/04/09 21:14:11 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:11 executing program 1: mmap(&(0x7f0000000000/0xfd4000)=nil, 0xfd4000, 0x0, 0x40000000000031, 0xffffffffffffffff, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000080), 0x14) getsockname$packet(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f0000000040)=0x14) ioctl$EVIOCGPHYS(r1, 0x80404507, &(0x7f00000000c0)=""/4096) [ 456.250880] binder: send failed reply for transaction 44 to 31625:31634 [ 456.258389] binder: undelivered TRANSACTION_ERROR: 29189 2018/04/09 21:14:12 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0300001200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:12 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x2, 0x0, 0x1, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x9, 0xa0000) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000001100)={'team0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'sit0\x00', r3}) sysinfo(&(0x7f0000000600)=""/46) ioctl$sock_inet6_SIOCDIFADDR(r2, 0x8936, &(0x7f0000000140)={@mcast2={0xff, 0x2, [], 0x1}, 0x8, r4}) r5 = socket$inet6(0xa, 0x40000080806, 0x0) ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000540)) ioctl$PPPIOCGFLAGS(r2, 0x8004745a, &(0x7f0000000200)) sync() bind$inet6(r5, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) getsockname(r0, &(0x7f0000000440)=@pppol2tp={0x0, 0x0, {0x0, 0xffffffffffffffff, {0x0, 0x0, @broadcast}}}, &(0x7f0000000300)=0x80) recvfrom$packet(r1, &(0x7f0000000800)=""/122, 0x7a, 0x10143, &(0x7f00000005c0)={0x11, 0x17, r4, 0x1, 0x3, 0x6, @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}}, 0x14) listen(r5, 0x20000003) readv(r2, &(0x7f0000000400)=[{&(0x7f0000000300)}, {&(0x7f0000000340)=""/171, 0xab}], 0x2) rt_sigpending(&(0x7f0000000500), 0x1f4) r7 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r7, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x12) ioctl$KVM_GET_DEVICE_ATTR(r2, 0x4018aee2, &(0x7f00000002c0)={0x0, 0x6, 0x7fffffff, &(0x7f0000000580)}) fcntl$setflags(r7, 0x2, 0x0) ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000640)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4008641c, &(0x7f00000006c0)={r8, &(0x7f0000000680)=""/30}) setsockopt$inet_mreqsrc(r2, 0x0, 0x26, &(0x7f0000000280)={@empty, @multicast1=0xe0000001, @remote={0xac, 0x14, 0x14, 0xbb}}, 0xc) keyctl$join(0x1, &(0x7f00000004c0)={0x73, 0x79, 0x7a, 0x1}) setsockopt$netrom_NETROM_T1(r6, 0x103, 0x1, &(0x7f0000000240)=0x3, 0x4) close(r7) r9 = accept4(r5, &(0x7f0000660ff4)=@nl=@unspec, &(0x7f0000000040)=0xf5b19b4c0b1ce647, 0x0) setsockopt$SO_BINDTODEVICE(r7, 0x1, 0x19, &(0x7f00000000c0)='sit0\x00', 0x39f) recvmsg$netrom(r9, &(0x7f0000000940)={&(0x7f0000000180)=@full={{0x3, {"cc71a2b0fc7562"}, 0xb81d}, [{"ca656386e14354"}, {"7876c075e97b96"}, {"4de983d35ba1d7"}, {"f6e8d540853f18"}, {"7af8c779376ac1"}, {"6e48af09618b41"}, {"cbed916ce34e67"}, {"83eff6f7aab7bc"}]}, 0x48, &(0x7f0000000580), 0x0, &(0x7f00000005c0), 0x0, 0x20000000}, 0x40010101) 2018/04/09 21:14:12 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:12 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0xb4000000000000]}, 0x10) 2018/04/09 21:14:12 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0x9effffff}, 0x0) 2018/04/09 21:14:12 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c6304001200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:12 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0x63040000}, 0x0) 2018/04/09 21:14:12 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:12 executing program 6: openat$mixer(0xffffffffffffff9c, &(0x7f0000000280)='/dev/mixer\x00', 0x18a00, 0x0) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/ignore_tunneled\x00', 0x2, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000040)=ANY=[@ANYBLOB="60290000000000000a004e200600000000000000000000000000000000000001020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000020000000a004e2004000000ff1500000000000000000000000000010000000000000000000000000000000000000000005c690ed15a9900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e2306000000ff010000000000000000000000000001ff07000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x190) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) ioctl$EVIOCRMFF(r0, 0x40044581, &(0x7f0000000200)=0x8001) creat(&(0x7f0000000240)='./file0\x00', 0x121) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) 2018/04/09 21:14:12 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 2018/04/09 21:14:12 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x1000000]}, 0x10) 2018/04/09 21:14:12 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:12 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0x6304}, 0x0) 2018/04/09 21:14:12 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x200000000000000]}, 0x10) 2018/04/09 21:14:12 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup3(r0, r0, 0x80000) getsockopt$netlink(r2, 0x10e, 0xe, &(0x7f00000002c0)=""/74, &(0x7f0000000340)=0x4a) connect$bt_rfcomm(r2, &(0x7f0000000240)={0x1f, {0x3308, 0xeb, 0x4, 0x10000, 0xa, 0x9}, 0x1000}, 0xa) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) ioctl$KVM_GET_VCPU_EVENTS(r3, 0x8040ae9f, &(0x7f0000000000)) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r2, 0xc1205531, &(0x7f0000000380)={0x3, 0xfffffffffffff62d, 0x4, 0x101, [], [], [], 0x5, 0x6e21, 0xdd5a, 0x9, "2d9cbf7c161e2ec8f31affbd6407ee4f"}) flock(r0, 0x2) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f0000000140)=0x5000) truncate(&(0x7f0000000280)='./file0\x00', 0x80000000) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2018/04/09 21:14:12 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) alarm(0x6) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x800, 0x0) bind$netlink(r0, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfc, 0x74110020}, 0xc) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000080), &(0x7f00000000c0)=0x4) 2018/04/09 21:14:12 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:12 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0ec0001200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:12 executing program 1: r0 = syz_open_dev$sndpcmp(&(0x7f0000000100)='/dev/snd/pcmC#D#p\x00', 0x3ff, 0x4000) ioctl$ASHMEM_GET_PROT_MASK(r0, 0x7706, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000348f88)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket(0x2, 0x3, 0x40000000000000ff) fcntl$F_GET_RW_HINT(r1, 0x40b, &(0x7f00000000c0)) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000080)='ip_vti0\x00', 0x10) sendto$inet(r2, &(0x7f00000002c0), 0x2e2, 0x0, &(0x7f0000000040)={0x2, 0x0, @loopback=0x7f000001}, 0x10) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000180)={0xff, 0x3, 0x3, 0x5, 0x7fff, 0x0, 0xffffffffffff2a24, 0x63e, 0x2, 0x3}) 2018/04/09 21:14:12 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0xe103]}, 0x10) 2018/04/09 21:14:12 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4cf000001200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:12 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:12 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001500ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:12 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:12 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x7000000]}, 0x10) 2018/04/09 21:14:12 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0x5c15}, 0x0) 2018/04/09 21:14:12 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$int_out(r0, 0x2, &(0x7f0000001000)) r1 = syz_open_dev$sg(&(0x7f0000004ff7)='/dev/sg#\x00', 0x0, 0x0) ioctl(r1, 0x100000001, &(0x7f0000001000)) 2018/04/09 21:14:12 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x8, 0x0) ioctl$SNDRV_TIMER_IOCTL_STATUS(r0, 0x80605414, &(0x7f0000000080)=""/33) 2018/04/09 21:14:12 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x6, 0x1) ioctl$DRM_IOCTL_MODESET_CTL(r1, 0x40086408, &(0x7f0000000140)={0x100000001, 0x3}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000240)=[@vmwrite={0x8, 0x0, 0x7, 0x0, 0x401, 0x0, 0x8d, 0x0, 0x5}, @vmwrite={0x8, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0xfffffffffffffffb}], 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) geteuid() ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r1, 0x4048ae9b, &(0x7f0000000280)={0x0, 0x0, [0x8, 0xff, 0x81, 0x3, 0x4, 0xffe, 0x1ff, 0xfd]}) 2018/04/09 21:14:12 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0xfffffffffffff000}, 0x0) 2018/04/09 21:14:12 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) 2018/04/09 21:14:12 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001700ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:12 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x900]}, 0x10) 2018/04/09 21:14:12 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:12 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0x2000000}, 0x0) 2018/04/09 21:14:13 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:13 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0x5c150000}, 0x0) [ 457.475006] binder: 31821:31822 Acquire 1 refcount change on invalid ref 128 ret -22 [ 457.483352] binder: 31821:31822 unknown command -928540024 [ 457.505956] binder: 31821:31822 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:13 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:13 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001300ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:13 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0xb]}, 0x10) 2018/04/09 21:14:13 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x10000000, &(0x7f0000000180)="b3f2b01820c117e106650eab79753b69ff4e880c94cdc0a70a4d0be4d7372f3b938875f7fdfbb6f9bf836de6d340f8ceb33bd3e6", &(0x7f00002b7ffc), &(0x7f00000001c0), &(0x7f0000000040)="54d1a08b1bd3a58185d73af321bae833caf83018fbef0680c38c9136a5dee23094c70124900e495d6eb73e667947a8fdee3b79add573b2d910118c17b2b12cbdbe2a3fd2560fdfe90b3f43092a2fe4e1ca8460dd417dc883a41210e89a08e13328087dc65cc93904e512ff29144ecadfe4aee0cfbb798b21d0058e766edb007ca07643f40da4a85074ba90a793dc4ce895782a3611357f434fd1231453d7df7037f165ffb4a336a4639c282d29bdedc519acb0f9d71f0600000000000000000000") 2018/04/09 21:14:13 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000180)={0x0, 0x1, 0x8, [0xc7, 0x7, 0xf61, 0x400, 0x37f5, 0x43f5, 0x8001, 0x0]}, &(0x7f0000000240)=0x18) setsockopt$inet_sctp_SCTP_MAXSEG(r3, 0x84, 0xd, &(0x7f0000000280)=@assoc_value={r4}, 0x8) r5 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x81, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r5, 0xc04c5349, &(0x7f0000000040)={0x8000, 0xfff, 0x7}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2018/04/09 21:14:13 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0x200000000000000}, 0x0) 2018/04/09 21:14:13 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) [ 457.559433] binder: 31821:31822 Acquire 1 refcount change on invalid ref 128 ret -22 [ 457.567494] binder: 31821:31822 unknown command -928540024 [ 457.573935] binder: 31821:31822 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:13 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1400000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:13 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:13 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0x34000}, 0x0) 2018/04/09 21:14:13 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x9000000000000]}, 0x10) 2018/04/09 21:14:13 executing program 6: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) fcntl$getflags(r1, 0x401) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000000c0)={0x0}, &(0x7f0000000100)=0xc) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x40000, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0xd58d, 0x100000001, 0x80, 0x1, 0x0, 0x5, 0x10408, 0xc, 0x8001, 0xe6, 0x9, 0x7, 0x80000001, 0x3, 0xb994, 0x2, 0x7, 0x4, 0x7ff, 0x0, 0x7, 0x8000, 0x3, 0xca, 0x9, 0x8000000000, 0x0, 0x200000000, 0x80000000, 0x7, 0xbe3c, 0xff, 0x47, 0x5715, 0x7ff, 0x3, 0x0, 0x3, 0x4, @perf_config_ext={0x8, 0x4}, 0x4008, 0x9, 0x4, 0x7, 0xc10a, 0x4, 0xffffffffffffff81}, r2, 0x5, r3, 0x9) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) [ 457.743116] binder: 31858:31859 Acquire 1 refcount change on invalid ref 128 ret -22 [ 457.751176] binder: 31858:31859 unknown command -928540024 2018/04/09 21:14:13 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x2ff) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/autofs\x00', 0x0, 0x0) ioctl$TCSETAW(r3, 0x5407, &(0x7f0000000240)={0x7, 0x3, 0x4, 0x3ff, 0x101, 0x8, 0x5, 0x9, 0x8, 0x7ff}) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) 2018/04/09 21:14:13 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4cc00e001200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 457.821900] binder: 31858:31859 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:13 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0x2}, 0x0) 2018/04/09 21:14:13 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:13 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0xb40000]}, 0x10) 2018/04/09 21:14:13 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0003001200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:13 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:13 executing program 6: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x40, 0x0) readlinkat(r0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=""/4096, 0x1000) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) [ 458.120656] binder: 31896:31901 Acquire 1 refcount change on invalid ref 128 ret -22 [ 458.128750] binder: 31896:31901 unknown command -928540024 [ 458.154310] binder: 31896:31901 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:13 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) 2018/04/09 21:14:14 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0xc00e000000000000}, 0x0) 2018/04/09 21:14:14 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0xb400]}, 0x10) 2018/04/09 21:14:14 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:14 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0063041200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:14 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:14 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7008400, &(0x7f0000000100), &(0x7f0000000180), &(0x7f0000000140), &(0x7f00000000c0)) restart_syscall() r0 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x5, 0x2000) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$PIO_CMAP(r0, 0x4b71, &(0x7f0000000080)={0x0, 0x1a, 0x4, 0x0, 0x3, 0x6}) 2018/04/09 21:14:14 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:14 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:14 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c001b091200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:14 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0x155c}, 0x0) 2018/04/09 21:14:14 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x9000000000000]}, 0x10) 2018/04/09 21:14:14 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0, 0x10) openat$cgroup_type(r0, &(0x7f0000000100)='cgroup.type\x00', 0x2, 0x0) symlinkat(&(0x7f0000000040)='./file0\x00', r0, &(0x7f00000000c0)='./file0\x00') connect$pptp(r0, &(0x7f0000000140)={0x18, 0x2, {0x3, @multicast1=0xe0000001}}, 0x1e) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) 2018/04/09 21:14:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) r3 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x20, 0x2000) ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r3, 0xc008551b, &(0x7f0000000240)={0x9, 0xc, [0x1fe, 0x3, 0x10001]}) ioctl$TCSETA(r3, 0x5406, &(0x7f0000000140)={0x7fff, 0x400, 0x7, 0xfffffffffffff3d0, 0x2, 0x0, 0x3, 0x1, 0x2, 0x1f}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 458.426188] binder: 31931:31933 Acquire 1 refcount change on invalid ref 128 ret -22 [ 458.434244] binder: 31931:31933 unknown command -928540024 [ 458.451511] binder: 31931:31933 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:14 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) msgrcv(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) [ 458.757009] binder: 31968:31971 Acquire 1 refcount change on invalid ref 128 ret -22 [ 458.765214] binder: 31968:31971 unknown command -928540024 [ 458.771812] binder: 31968:31971 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:14 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:14 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0xe1030000]}, 0x10) 2018/04/09 21:14:14 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0x9effffff00000000}, 0x0) 2018/04/09 21:14:14 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:14 executing program 6: io_setup(0x35, &(0x7f0000000100)=0x0) r1 = accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000140), &(0x7f00000001c0)=0x60) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000240)='/proc/self/net/pfkey\x00', 0x8000, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000380)='./file0\x00', 0x500, 0x41) r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000440)='/dev/sequencer2\x00', 0x6000, 0x0) r5 = dup3(0xffffffffffffff9c, 0xffffffffffffffff, 0x80000) socketpair(0x4, 0x7, 0x57402047, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r8 = openat$mixer(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/mixer\x00', 0x840, 0x0) r9 = perf_event_open(&(0x7f0000000640)={0x3, 0x70, 0x0, 0x8001, 0x2, 0x40, 0x0, 0x2, 0x80020, 0x2, 0x81, 0x1cb3f31f, 0x0, 0x9, 0x2, 0x0, 0x196a34ae, 0x81, 0xf469, 0x7f, 0xd78, 0x7ff, 0x2, 0x0, 0x9, 0xfffffffffffffffc, 0x4fb, 0x7, 0x8, 0x6, 0x2d8, 0x1, 0x10000, 0x800, 0x1, 0x2, 0xd6b, 0x40, 0x0, 0x1ff, 0x0, @perf_config_ext={0x66fd, 0x1}, 0x4, 0xb4, 0x100, 0x7, 0x3, 0x100000001, 0xffff}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x8) r10 = syz_open_dev$dspn(&(0x7f0000000700)='/dev/dsp#\x00', 0x5, 0x2) io_submit(r0, 0x5, &(0x7f0000000780)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x3, 0x5, r1, &(0x7f0000000200)="7fa4cb9c4c24a4a480", 0x9, 0x6, 0x0, 0x0, r2}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x7, 0xffffffff, r3, &(0x7f00000003c0)="9c53ba94ac0c5a53656d68d703725a1139630b3e6f14c9ba899f3c70446eefb721692940db90b32c0e6e9a32de7a2542512f05e328003eb4bc0d2ac1f3a9325906743ea51b8d8812d9560998f71ae6274fc4905c48f2be2a1be224157cfc4a5e1e517ddef000a991e053328f", 0x6c, 0x0, 0x0, 0x1, r4}, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x8, 0x100000000, r5, &(0x7f00000004c0)="37a050fce733e41f50fc84672bc21a9d978f", 0x12, 0x2, 0x0, 0x1, r6}, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0xffff, r7, &(0x7f0000000580)="ece7ce72d4ddd4c41c5c628f624323a1e5ec74b973fe1b64c08627cf6b683a13dd44cebcb293149da1d9cade", 0x2c, 0x100, 0x0, 0x1, r8}, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x75, r9, &(0x7f00000006c0)="7c60e3da7b377a93d2ad449e420ebe744f347d52e5780f", 0x17, 0x8, 0x0, 0x1, r10}]) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r11 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x40, 0x0) setsockopt$sock_timeval(r4, 0x1, 0x0, &(0x7f00000002c0), 0x10) ioctl$EVIOCSFF(r11, 0x40304580, &(0x7f00000000c0)={0x57, 0x2, 0xa4bb, {0x1c, 0x3}, {0x5, 0x2}, @cond=[{0x3f, 0x8, 0x2, 0x100, 0x1, 0xffffffff}, {0x4, 0x1, 0x85ed, 0x6, 0x937a, 0x1}]}) r12 = socket$inet_icmp(0x2, 0x2, 0x1) setsockopt$sock_linger(r12, 0x1, 0xd, &(0x7f0000000040)={0x1, 0x5b95}, 0x8) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) 2018/04/09 21:14:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) chroot(&(0x7f0000000000)='./file0\x00') syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) r3 = syz_open_dev$mouse(&(0x7f0000000140)='/dev/input/mouse#\x00', 0x2, 0x2000) getsockopt$bt_BT_SNDMTU(r3, 0x112, 0xc, &(0x7f0000000240), &(0x7f0000000280)=0x2) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_TRANSLATE(r3, 0xc018ae85, &(0x7f00000002c0)={0x2000, 0x0, 0x7, 0xa67, 0x3}) 2018/04/09 21:14:14 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0002001200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:14 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:14 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000f01200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:14 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:14 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0xb000000]}, 0x10) 2018/04/09 21:14:14 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0xf0ffffff00000000}, 0x0) [ 458.947904] binder: 31998:31999 Acquire 1 refcount change on invalid ref 128 ret -22 [ 458.956109] binder: 31998:31999 unknown command -928540024 [ 459.009165] binder: 31998:31999 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:14 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c000ec01200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:14 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:14 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:14 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0xfffff000}, 0x0) 2018/04/09 21:14:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000002800)='/dev/kvm\x00', 0xfffffffffffffffc, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pwritev(r0, &(0x7f0000002640)=[{&(0x7f0000000040)="e3e257e2241960a3f0fd62713f3e1684895a0fc51a3c52217e6905b97ec0251581c3d91827bfa2560095e64fa7575142d922b59158ba8c48cf417b631e043d2daac6dd14d23cb77c4411a3e93b6cf20e", 0x50}, {&(0x7f0000000380)="9cc94d5b5d1da33c08eebb6714738f17d419161a070c3fffdf9044254fa55fc05a7a8992c5a630194e9679980fe60fb9eeaa5708a9a242e7abccc3fa721d79372157ed8f990427091ac06bbc250df63d8c1b9f1053efa2d1bde592acb03f9b55800171e9d27bb335af90f07d371076f0152f1202314ec9442ded04992675abdbb0762ae503cb0dc1129781855bafcd2c4b0d341cc000b178f537107e16f51a5b9531a2f5ef45117a16a9801cb5426230c9b75c98a00fd3cf069f18bea997f6a90c29efffc81f1b6ab806b3df9e7bb3d82c289d63c93591a6d2218ad25c55eb5deacb9a210a9ed507cc8425935147c8c2a59a70954dec7b7726d49d15c547dd2190e2ebc6b4789d0e5f5a96aea19119f510a401c940409b31bf5dfc596a63571811eff3951b1f2cea0bf0a8b75e3c15cd9493d840bca4c155cdc067b64923dd7b61a6bab240cf966dffaa3e30f518c96d5cbb90e236ad503d33ff8e98c3a6b31918260ad54ed772e715e050e5b2729bba13e22b6f67edb084777cb5524cda713acb6df250f7384a313496c15b9977308d07848a664f4b83550bd1d7ca9b031187aaee636aa74add74904c2aee97f5c3f693de9c6840c2dc215d21aeaf6fdd0fa8f5ec450eff9b5484c7eb51e7dd21a8fdac4222020702bd854be4369901aa47436f39a599eb847a32e88fb896cc303ede43df2613eb09f83f5049dffb98b8fed9df1a5935930206b21452a12a66a92a3404b5fb4c69a476ff809f98ac332bec29ba2be054ebbeaaa0eb3d1e216eeb26313039ae95ec1cb5133ab348faf9375fcb5fec4e64888ce53cb8ecc4a5e3f4e9ba8f34e2722f84e039563b17303e341c6637aa17ee00daea592cee67a20b52bd87322f4011e28ed651775906a08a1233f5349d75f1169806ff1bf015c4395b945fe522769cf3391ff5fdf791337913af51e5f414236b77559d16768efcd792419ea349ffb75a491b9b5a22f9db2d324b43f804c76fe4f4f78cb14d9fe6bfe5ce24d807ee775dc9e08172cc84775c88fc5874d72826cd15c3cf1ccc699248ced79251a45665999dfd6f6af90dce8ce68bd40fe6d51659fd830fe9d066953dfbe9c7913cb2fa4467d20c522c104bc25c53375ef3b4c46b850f2e06337f3628e6031852588ea9897c647cc275107a77594911fcca5ab934c123819860479941c1f90565d0819b5004030b1156028aedc0157a9c7bfa96eacc934093edeab9c258292d0a3873572e9b0baab62947d106636acf7625c45c310f79e242201164dda0dfc7890ddd3195d7edd4bf83a65ee716d7f5069fd5b66c89a71fa03b28874b42800b0d76d74ad1bcb5889ca40e51a38aab59c4ad1f4d8ecc30317caa07ab4ec8ec5e2624742f5d94786e0966a0ecc0301f9a92ca58e6afa7fa141833271eee8d1603ddfe3e7871516acfa1f39605965a558181b50ffdaf77128dbc94e7a4c44fdd1eb2ac4f16d8351ee0319880d5724da3deb4d74ab29698ec9af8a313ed6c6a5a007a80f6bcc6280a5a123dcd80e16f2a7252f7f17a2e04ae4d0b7a0bdcaab5378df023de46c22c0173cb775bdf523f9bd91fbf05159e57b6175eb280693418f4192f98c8643b60cb13df2c991de4ae82e458eb8c5e16d83cf6e8d44bb6bc2c949b0825bbb178e622b3958a1a0a9c3c6b3fb4d87165be7b13a5c084288952d1d06729e912043b4cc3fd5ab76c67bb68a8b7b52464d824bb15e27703471aa46111dd8805bf01db641da88b824b92be81be21fb9b158ac76394945f1e2bd948549004bd09674c20ce9df70ca967a1319ddffcf8f121a9f0c6ef80462ff06e97d7f8f9cb816c6947cb126cafb67015d70f93d5227a1c330ad0c1d02ed07f40bb41727be6a24ea77b761a5e667d1a707669c3ced8a2a7c4d18af827277ccf164eb9027b16a85c8a172b731847194998c235894773c6393744463beb44320c98da3b072d15d2ba4a7c706408446efe43c6884f530de35c33e94a8fd2465f63c104e7c7d43ce79416da7b55fe6bf84ec210063e916663deef729c68bb14dd245ccc9541d10f3573c269c18725fbc30e164a684c6de3247ffcd1ce8d56ea44702ebfe495b3f0287b92743066cb0bbfd54d7e0f3088034d61f110544660c89ce728339d48482ed9cdab61b4385317067d13f01f4a97a492c0d3d5c7ee3e333531b2e4b2a9ec72d03cf365a64f8c24558094f84230bda6eacefa3677fc8e17b761bedec36ebaf996aa79c8833fcb37cebd4071dadb04463f89fd4f758b33928e9b09fe8c6da0cd161b18153b59991bbe816570a43a843025a60c012ab930ad2ebe0de79f533cf3c3dc126c63266c84c5087fe67d1abc04608450e3680a5cab585c6aad2088c9d403a0225cf4a4a20f14df44312e5a19cc2d61c31b89c8617977d4f97748932fb444a9a11c741034326fbc779c686f6191144b121a1fd9e5d87c2c432e3f827b05ab89bb5d9ce26d83846155dd42c9ed9e7d87926ab0264ea05675927a12aa38adbefed9d73308dceae3a783659fdcfc20a03e8b26755af9d84090d0e5c1867480b697fb2098c548f59f9cec1b8d695e11d6a961ae7b88c68f6c6f25f50a20b9c266ecaa5f541f8711624a20409de56a550e2071dd5c179ee962a8059502df980dad8ba9cced6d97ddfa2fcda7dd886592eec00bdf04bc9fc80b2c183d699d05059c8fedd8149669e61d44951d7b7576b70ff6e6e22e33553d0305c3c058f9005e520800c6fec771dac6c8d2d470ef606c7bc771ad551bcb1ede2a2dfd34aa70c128b879ef8fa1107ac20f972e018f07f5ee7ceee7586054663e0896b2a49585344b5ec8827e281e53d6bff2cb7d92905f62de7305ed6e29cce646653ca51705d53394620dc0af9246ef188598b8a3119b8cae717540ee1cb90f3f7418a771eb329463a84dae9a55bce756da38312e699800b368caadefb08d66ce5cd1b0405a878c681d911447938565b9ed34259223072357fcffa6b4e824f88b7ebd89e5134323ba822615b02fa567759924df99842bcd806070ba2ba0cc0eac147f50cafa36cee226b12e90e1f449a0245b6e2644f0d497c565d4a2ad2048dc22598b356e0d6189be6921f96a23fb43769e9c5d3f40e850587552315aff75cfc75f4111bc778793ddad07ee3689a0449ad238b9db966835baa3a9bf4f3e38cff737823d83cad100e9510dc5e4196ebeee14cd6099e6b99c42308ddbd376b0416d1354476693ff853b67aa8f7e3dab2b789497bee33336f7afebd621280a1be890cd2ce75856452dcbe68575208c7686dcdc880802007ea67dc7279372d2e92a8519bbac341421bb1105ac1b7235efbcac9e9a9eded80e1fd3ceb863e7e9fbf73300df5d40e205fd2f3007839fcbcb7bf01d9a8606b481afe1f7800e887035375a5aaa53193ac2c9a0f93603213f68fbc8a1e9afdbd1e03090a139f4204d646e952f7b27e9aadc7ef61a845cb4106b681dbf3ef58b7d2ed3661b81c0e3cdcc00d8787d346bedcb911d46e2e90e542f4276a4e8a7a3ab379372e269a6b742b6b88204703ebf7726550dce3912a56c83ceec73acf9f493c1b8e217856303e71f327e470dcdbfeceeb96340f8feb5993f8315de03b5b4e15b7132908376ae5c67d929ad3f08800cebb0e63f8de69bea1ab217915d34dc46d233142346dadb5f940c3980710d3d4e5f4628fcf045e74891dcf603ab4b0b96f394c1fe74d5e8587b55f851b59f73116d712c937e4ba9d702808feca3f1f9cc9176726f1e243dae0b3f94978e86b89a1729fc8f92d6cb6fc70f708c8814ec19ee2b934ee9e690880ec5cc78e143376839fdc1a5e8cd7a850652a3bac29f2e0c01d97d9dce6d81ac9be926a6a55138af37b0f97ccbb0654a436525b7110160396e2c02d77183b61c0143c2c66ee3de728d5d45a0734a9b00e2da13f02bb42f930fecbae271e733ed49a52778a91a07561c7f210411f086fe2a95d01ba44d0ea73c462eb57152fe2b6906e257efc02c3b74391e397fba004ea102ac61661a9ee841a6538ffedc25d4ba11e99acfe0feae47bb8522e82af44a1d832106e00af3f6eaa176b6d7c3bb9789ffef4a4a11df0b1b2ffc6b8ef2129484f4e98f0f98d3aa081d5c02b4a655c5bf924ebcd4fc473ef95c5cf8e43fb1b335e71b1ca09187364094f1232204a8b49a4c292b38bd280ed500313f6a5c1b7f44ba636617bf1c45870dcc7a09d0b7757c3a5282180282340a300985206e394c278c07c12cab05ba5e19a87a8b54219a819ebfd00b2b3c23020f2638db93c31f17c9e4ab7649b4bea21eff7f959397006f780a8e18145f0b1206063f3e25f89e566665666d35973529839aa2c4f4bd53fe030d4e500f3bd938598c119f80a72e6edfabcafe926b63cfe71b88e036fdb60723071ca02592c53d4f758da2a448a8a3a6859593c373c0662ad30a85eb11137d9cca2ed49ff6e2af4de16fb48d5dfa1a9fddf3fffef23b7c4ec080e23c4f7a6eada128988fa5be5aef5ce9e850916f78d724abf0b04319710e80a3d3c09f46c06e678d2adddfe67d6990e1680a4d3a90904fd47644531ca396fea61552b597d43d0b19068ad189b7b3a04ac5b3a7baf60c27f67312ce13ab7da028aa5d1c448cbc239647e5451de45aa83a5056c4e8aaf12a48e4f8452b4f955e0f1e6c1cd1e4e442c6efadb2eebc64c4e74c10199e521233cc2e472160e590a3d5acbfd293887c0c0bb8a6e4cfe623006653293f00b824bb1f50b048a9053a31fe94559da87130a619aedd05f9c114878ed37c37df911a1432d1cfb9a1b1f831e775d592924ecb1e2eb09a1a903f882ee4fa0cea3ca84db86f7ce2473329de0353c2b3b8c601fdf6ccb32b3a67749b873f3ae28bf17c1a0e08433677e665ad7f5ac50d254b816171f38bef5f8ad5f73068cdc70bbdc9e17448971dd4ca87f31f68a524a1d73980da9ae655506f4ba0018d9827e6398bbecd1bb2d934daa613b655f11a78674d44c9fbf2bb50c870087585675b10522ca8d8c427ce1c86b1d67ecb3ff80a5e34d31d63050d061a2b80d5c86c39ec608c484a59860bf339fb88decdb7048596d9a5954cceb07b2c91ee15c343e50cfa1f903d39b6bd6142e88e9d8bba74c3c19f78f4c74a8cd34bb92b730c925875b47256db1c63629ba718c0931d226a7ca6589ba92c4730dbcba7b7386f0d6d73e8f8b4318c6348d04413da2af3d9b75fe83fb69b087eb7bb7f8cb6f0a2d369e126a6acc8f55f1f8f0a4e90236776379992158337af2ed5fcb535da3b21fe0eb6c8f206f705b7ffafc5b5a801b554dedb885a940f49e88e0083186963d4f5031fbc761673da99d990ccbd0b20e3cae8a254e62ce765ab57988fca03fd9fa6828af03e71f0b9ab36d5c2d6f1ab494507a1d0c0943503a206b599ef42b8e7d58d329bef84a793a75929aab02a26ea1a21d1c19e986151e45895aaed9cd3a3805fbe7ca3009c095e9dc427a93117c021602a99b64326851efcda459d91c9eee17f5c6db3c9c0d8bf8fb822e1173b9179ae295a99b41dcaca1650570bdca8e02d3b09cfb98b67d8746991c05b4b8de42fdf01fc6405bfe9334718b66813417e1c19b8180dfad6ebb9c761c1babeb485f7701253564cc676d26419511ed61ef6e3ad172aad29b6097ee776adae67c1b0f690a004941134a8a0d18fef4ee48dfbc13e1b84d612038c2b2fc129621bbc2587aec920ba6de32706d4400568454b5ac655d91e6ff5352a9c223efd3c4a5dc2adccce0b52b0657ca90bc0aab90659781051c46bb235dccd2076d1", 0x1000}, {&(0x7f0000001380)="0faa5d0b77656b1bca1f8ee9f7c9754ab2b7bf12015a5c7f6bb3142b19323cbda3f2c4bef8c60bc16cfb8fc4ae65352f1fb77f1c32b256428f074d543a838c1c1b5c09e6ecde9141d02cc6e6c6aae3a3b6dfa7cb650eb5a2e40ea3d6bd4f4ce0e9aa60e4b3d2e2754fd73688f09522af710ed0ca3cd9218ca23e75a7948a0045059ffcf3e0da579001c120788c", 0x8d}, {&(0x7f0000000180)="ec2dcb47dd6d2585a932692ad96d0c3112b2f4416160546fc65756", 0x1b}, {&(0x7f0000001440)="5ab21e65e6d7ce1d6a7999b8c59e97f07016a2ca79d766b321275a3a721b8244e7af4edf53bd908f68d570cd8262434696de8e958cadc1925f", 0x39}, {&(0x7f0000001480)="a2a7a4630098d874d8776c5cd16395c0114ab51c7b58d17652bbbcae57ecd91f00c17fc45c21fae9a6f0e3a0602a34dc828fa4b8677ac487806a9681a7b456418967d05e6bc3a8fd3fba42984648e9047cb125a7c599713c26db68fc86bd0373eb7892aa5409d472ced40232971887cd16e964d4200f705a0ecaa1fac89c26ac4d0435f2fb6b673ce8b38d2abfa22f75e2115835d34d173e54c7313030f5d59064b2285d7282da27920ff4807b504e8d2151da81b030aff33228bf44f507c7be3ac6fc34402ac5170ebb92217d6a300efb2e2fcb67ca1a0e69f2cb06ae1e67dd9f77afd1df08267eb60bf7f47f6c", 0xee}, {&(0x7f0000001580)="55115dd449a6a8690d94d8b500a2bb2bbd93f835a85fe7fc65b483916fa98a961859b0234a774586db9a2863ed726829d245f255", 0x34}, {&(0x7f00000015c0)="481f5ae0b67eec7270b0", 0xa}, {&(0x7f0000001600)="4eaaf4", 0x3}, {&(0x7f0000001640)="5d0463166a4e2a4bee4966b6aa8da7802ccccbc55cd780d3c636be926d81aac1e5489d7def6414533bb4e22dcfb286442b438053794e4b29b5a9c845b3202547618279320daafc84a29735774eccea84bb0cc589b4fc23f9a6180118600b2ea825e0da774b2386aef0e1dda01de43982475d0b464d62e24c181f6c007c98f50ef642ef18da6c59e18f5e4e18c0475a1453a912cf8aa904bd69a2486ad3f18f76a501b81c76d54f4da55dd264b8bbfcedca7f78c29643883ff380deed566569096c845508ead45ac4c9351731d6615bc19597d8dbb5222627655d27bdd2a2b491faae59f5e4f1c31950ed6f56e97efd95ab6db26945ce660b20ef70dde3c604ad129831466a9f14cdab224c859292a36d2ab0c1f4a5d2239b1870aca9fd416b3616b8798d57bbc06f766ddb219205591e9a5db4f94f53f9d565866afea92783fc97e6ff2eab65286a2977288da2d41b0eed5165199338ded907313beedec990710526a34730695364820de95f8324b42ce8e02373bd930c8b2ba2078465b75675a922c508cd0b65563790b21654866c68ddcb4521b0f3f426f878c22338d0b8b5221d4b0d9827d0b10a6dd83b653e59cc5f588ee2dc1904c42fb6b6083805d33b4191b1a9f38b1918a4a6a83b60d940909b7b78d6833a23e7e51a1099e207114ef3bd561cd1bde9e4612b5a5bfdfc67cc9fb5417b724f21d2147e1c3abeb4980bff9d38b917643544ab989e41bdebed83641e9025c6d6d84823bc8021ce383b0d7abe8877f4478d4f58ab69e1525c28679bca3b0afc01455688cf1eff6c094be0f9348517e6c1bb23a7ab79c0edb46fa356779c7d1b1dd5d89c2dc5d381c01f78135168cf68be83cd236de8e67b8549bd3dd1ebff1fb13d199b41a056e12de59974855e13d8d2e7483f0dd0d637ecfb81b929763f5618351bffffd665377acdceeb56fe52cbad7897be2ef011ef225473c2e8a60009bc2076c90c86394794e77fad3acfd90562c7f5a50d57d3ed72881a994dd8ff0bd6d7313811a725d356e836d38a945343dd1cb3463432d0e03d1c64f8058de1c6d57a5387a9962d4c8d720ccd57d2b850c29cc730e7e3d5f5bba1638b7860cefc9fa429c48986f5a726f55907ba267afa219aa27e3bee56822af9d0a4529a3e991b6ff2ad7f693b8406ee2316f5c020fcc01a9644f726077d699ff74eac9dcbe54ccddc1218885c86f261823b88be071d2feb81fae9b25865242d4928d4450da28c599b3dcf17e527e6bc5f76b75e43bbe020b3877763325c3a4c80f6287fad66d2a84cceaa0b79febae89267b85721a47e835e92278c783a5289bb205070918aaa867fc9fa1dceda7f935a9a6530d7695d21a384b36b0a5dfbc0cf60d0ad8d6d12edf397ad91bd8a43e8313d5f55a50b712c0fc1ea27fbac40bfc50218ac44463704152b08576ba099f23e8243132608968785c160e5fc6ca65ad1655b3aaed25586cc7ee6f01cdac8f6e3f53d21535a15b749d06dc4e6cee7b791d48090aab51d097fbd8ed4d05e9378ed8efb6f6bfb8300d01e07da6738ecd28dd9587033701d922f156131e4bc16759e948765b52f1b917875b05946487375c6a0cbae85ddf6780f3d7a0a8190a031a707b14c3a5530dcb247a7b16942504e572ab2c25a440136a883a576cf3ba81b46b47b3f656e22f550f7476af82d6e5e3f090436723f7a56208b57fa0e3859cb9c0d8820d94f0e77a9edb1e09854243dd12b85644f88a676bce425094c3843953454bee48660555b2d006784c8a985c4a15ab39eacbe408c2b0e97505f76790eaa1c006b78f2bfcec2431c1a468ef50db42729431de2290d5091479a2c905325070c343540109a4a2cd9d5badd8e62e38f30cd3c2c293146f05a7792983db71e8b1b69d3d387d2d04fb4ef5fb50d7af870f31bdd354175d7877ab53527f4aaf89fe5ab11c0f50de5c217f836279f5d790116f5556154d4445501fba6016c3dcc7d80c646a8a67798f64a2cd18dab8a71d6faa2efe555c4238931b0e335703074654cead2be1a5f977aa0a9adf339db9f6af2524625b23cfe076880a4f0eb8ff099c7c80b54a22bfb51093eaf603366a2f3715396c265a9a9b5790596087f1083b38989c82030a95afe334757668784c38b5cd36c4b5808a129d70ce1828391182c5ab1d5422b419f1e539b108ab2ff352efa8d91f622783e97bd60eaf4c6214fa7195700ad7a03cc9204fd52f727502386d8bac1a352fe8de2d96b924421779320ee8672489e554008da82733ed9fc7c20a3c7ad1a0b8ce7fc580b5b004f00b87ab40642e5ccc8fb99e85fb1a1cd4e7c5efb1f59e3157bda63a9071511f096406e3e3849b0770c1d14c2c6e275e824cea1fe1070fcc6aff755851ffc2f202477ffd2690deb69559541910b171b2142be4dbebd1d43dcad8eacdcd28e6909af7934f15807764043b474b8c2c6ec6460569065764de94a1a3a39cc14c04001650eaaa4bd8debf3415bf05d2a6fd859ce68ae654be30c216652dda3aa17930ea3ca78079c39db6d4d58997142050ef0e1d12130902415bd81622a764daa48e47d9b42b61b66e1049a222c499df93e1803f37b2c7da78954f0c0b0b70d4a8a3bbd847745bc4022f8ad2b8d495d343ccae518eed48d3330882a814fa02ae2e9b8e8a699200f3f9fd9da4f2b187252e9f55cb4e0a3f823240fda198ce1828b41f5f356889231606a7d5fa8b33863e5a373d426713c7b6472e1befc788c555f1f2c06afea0ad1e4f8ce96feab45e4d40aa919956a1baf9e4e6141dd0ff6c6330cc61ae2a3f9cf7d1250c170a6a512f92ec783b0902947ba5c4a8599b66f5ec3332a30ded657ac1ef360e21185659ea16cca723b084c94a3e3b016cb8da04160df09cd34b5983809fe6bb9e1f286519d506eae0dbdca4ec2ec176c54c1191632f09ee07b99e93ce4c640b9d36b6926aeddaf87710c964ddecb8bad4f9c32dfa6794e9cb67c04f59ed732aeeff4f80f74d20eff48e14bb107982a9ad703992be0b7cee21272a0aad05e722749d4ebb0b594e8ee16a126b205621818720c8c0266180b4503cd37a4a59d28db6d1d89337ab39218792e4254d4b2680a42811fcba8061a07f515f8aec403c822c7d7faff94381ca92753b2b8ecf085b69356b7a0e4230b629349705d956b165cdac66ea867005b4378dec353b2938e2b2419aeba23eac408f2efc872f73168689a5c7c52d4ac58f9d2dce7c7a8e4a2583896a462cec29042720d725a7f0d3945585c98b85c8222c71bf272b67be5abfa66bdc515bba700e8e2ff15d2c40330cbe00d83e0029650f470e00f36252fe17af2a0802966af42be3216ca2338d10de79eacc7a1b8ff47b74a1bc8e802bf3e858b929e0fa28375d978507e858c75e5833349459e3ad0999f044203c5bf8de0d452bf2295f999128331cdbc8c940afc3b45bbaa85417f1cffc0304bdf2df98ee88c242bd4bdb6701790beeb8376cd6094988cdf530772ec33f5c9a22bde4c2d49726702dce84d20c2434863f258c5cad4e1acc8098ada80bf4237429482a44530e8bb48fae95cf3b1cc0b0f23bd30f336df5c7d935e97beea7a2e6b2de5d9f065e026b2db7201b307e3ddaeccc0777ba1037d7b786d78dc26ad8dbd11a9e14e17544f22cbc4239d046a14c2efc9cca61ba00bd0be43822ab0790c46cf2e0f88c981506c47132dc72fcbc88d2d2a8612f2ff573e229531217ec77eab6d07e9e7d8743fed2780c1cc7c6ce354d1e66d79207812e43b6011318396429e4071a4e13a444d5f778ed8b11438ee7fe88bff46b340bbe6d073a9218390c71a9a5820b84bd7779b50fe901cd27bc526e9b760a87ddc84349fa6ccb5b9f8db70f31ba167389732b7c00bd555fea6967372895074771d5e17b770d03b376469fb685471dd3ce06eaf2f229520838d7adbe731aa7fb24d72efc3ad7c756de00f5fe4d6263b35b8fe28259a799eb3ff72dc2f31aefcb73cdb2546148eaada5b96959abc452d0ff7bb1e609c78da6f6f1eeb527cc03d28ddc3f789cc1f6615e22e68758357f7ca354ec6f3a9078b1da0427f3d0197782226fea240f36b269a0bb28f3512cdde4a89a4b90ce52674938c39d92a7a412e3f340cf74aaaa389e86fde99cfb79168dfde3d279fe361fa1483ac156343a26fc247c82d620edfcd22f54725a5176d7a3953c0e54d7fb667539a5aeb536b650756f89f18544f464767ee44ad28a9f5e534107a94d7221ca52d097661fc6801259a82ddd1f191a5755941a95b32006924c73740f4115183546d0520f6907251ac22f88af3f0af3e94e0b4d85a09e1c0920cd77846ac791e93052ccc92d6b137bbd3c198522f9786ac947da29dbb7c5ef76e1e3eb70d943451ed22be88ed5f871a0fbbc0c4a83a1c371da7b2b26df6c1f026e426bde1e6c0d13221f25126a5768ed627b2e2258b67f2054b0b706417f1fc5848d8d91541a6730a77b97f50ac8e6ee1c8041c2784c14c2121494a820cc858838e56d8bb6d47a7f3fd31ce629c5dad09ebaefc6b220e117321c97b4373cc6cf112b310408fd60e98ea82754f2b295f7a9092e37a7ea1342ed245c8f23d523d7b95e6c799161cc2b34a4215939622155e46f4b6f5e854a03c70a8b7d3a04a3c6ae7e25560c942b9ae47c092e732471d64821d1067ba7207e5341fba4eb02b9d849a94dbf281cc1110a6dbc211698a3d6e910b17ed792fd88be19cbfae78186f520678585e05ec85532bf015270cf0d615cd36f628ded06bb5571e27dd5e3dc4fa7d6af0e63d5ba0c498839ae41776743d99d4e96b5d5c2db24181d6274ce0ab46d54fd77c9e2a1bf278283ba11213a839336e1feda4ec81cfa00c543b96da9d669ce664b99f5f31bc3f0c9bc74249f1364685e0a5dbd45d8a2165a651ba9328e258b1a2a572ad2bb2b5a0077cdaebee92efb5f403acb6701a4a7ab8881c0974e81e4a9fc8a0f235c067ab7042336c9272888c31713c9f043192e312cc25fe01f39b6e949956e26923e8850cfa75100c84321444633f9764aff56c65a954ad807125676a901d21c6a140207326b4b7819623b2e82a38c833ff5453036c064fbe4de925e23a091e5ce202429928af9db3f12fd769ea037a46c6fd8623159031b70d55c14748ab333d70d64eae9a2e0b60bc85715b9f25d23b559df28c7ba4aa824bb5e0816289f0615a7ed457885e08b46cdf277f6f034bbf989415e4b7000a82c778eb7bb322f5daa48e28fab4c2b0ea5826618f9fd5d67dd86ef17a92893270d65c0466c765ad067e7d738b4cc7486a50943ad62d0d65b377be25051e6dd744376bc9ca35aa20c0e7d4c9cb64168beb3ced3b712389ed14570ab22d7c0b8cef20c961489fb8e49302626046ae2ad308eda298d9b6a868568aed64c97fc6e1021e384355d43a4e2f4f326bbc91d3b427110308e2e932524f98e70813b178f232177cea4cfe47fa7c7d426ae7998e1cad05429f1bcb8fa95bcd8aba153a72eb079ad38537332cbd288d878f6d565cae963a2b662902bbb2187290909c5ec5cb8ffa516063dc6b36e2e2306004f606e1191357cccdfa91627c43f63e82cfa0ce5abbe43885845c889eea89a93cf0a8d6204ffd6f135a848eab31c2b50659f187ab67c31748cdfa769b155b08d59108fd6f09aa466fc323935f48ff549ad82c728f3fa06cb7755728582b9ff9c61832161078a68ab76e212bef60f42805613fb3f1882352f41183baa95363a5796fc6fdc236a6a9062473156fb46709b2004253b5609f443d4c64d31b0c2bf4", 0x1000}], 0xa, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000140)={0x0, 0xd099, 0x30}, &(0x7f0000000240)=0xc) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r3, 0x84, 0x1a, &(0x7f0000000280)=ANY=[], &(0x7f0000002700)) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$SNDRV_TIMER_IOCTL_STOP(r2, 0x54a1) accept4$ax25(r3, &(0x7f0000000300), &(0x7f0000000340)=0x10, 0x800) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r3, 0x84, 0x13, &(0x7f0000000280)={r4, 0x9a}, &(0x7f00000002c0)=0x8) 2018/04/09 21:14:14 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c000000ffffff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:14 executing program 6: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x4d0880, 0x0) ioctl$KVM_DIRTY_TLB(r0, 0x4010aeaa, &(0x7f00000000c0)={0x7fffffff, 0x80000000}) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = dup2(r1, r1) r3 = geteuid() ioctl$TUNSETOWNER(r2, 0x400454cc, r3) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) r4 = dup(r1) ioctl$KVM_SIGNAL_MSI(r4, 0x4020aea5, &(0x7f0000000100)={0x2000, 0xf000, 0x8, 0x0, 0x4}) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r4, 0x40045542, &(0x7f0000000040)) 2018/04/09 21:14:14 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:14 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x900]}, 0x10) 2018/04/09 21:14:15 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0x1000000}, 0x0) 2018/04/09 21:14:15 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0xff, 0x10000) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r1, 0xc0505350, &(0x7f0000000240)={{0x52c10eb0, 0x5}, {0xffffffffffff8001, 0x100000000}, 0xffffffff, 0x1, 0x9}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2018/04/09 21:14:15 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:15 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c00c00e1200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:15 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x40020000]}, 0x10) [ 459.327449] binder: 32035:32038 Acquire 1 refcount change on invalid ref 128 ret -22 [ 459.335520] binder: 32035:32038 unknown command -928540024 [ 459.361235] binder: 32035:32038 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:15 executing program 6: r0 = syz_open_dev$sndpcmc(&(0x7f0000000100)='/dev/snd/pcmC#D#c\x00', 0x5bb, 0x2000) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000140), &(0x7f0000000180)=0x4) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) 2018/04/09 21:14:15 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r4 = msgget(0x1, 0x80) msgrcv(r4, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:15 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:15 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:15 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) get_robust_list(r0, &(0x7f0000000140)=&(0x7f0000000100)={&(0x7f0000000080)={&(0x7f0000000040)}, 0x0, &(0x7f00000000c0)}, &(0x7f0000000180)=0x18) clone(0x100001, &(0x7f00000003c0)="82f90dee413138cbc8873c07ed30fef1d3e21f867bf8facd93ac9e1d1b2a7d20f1ec16379c069519d6604496c465c68ad4e137f20ab7155877ca39d7d56ccf69dae4cc7d7a89ad29522831cbc4366ad27cca58e08b46fd93f9ccbf4f7993aa7c3a9b086913e74709f5eec1de9479bbaa9563ddeead813c7ee2f60f2b31b2d6f818a69dc5fa260280cc6ddbc964e869fb935a25ae314d706255561fd092b537c5107950c18a6ff6ad73ab99f0293a5c000154097d5fcdf2966d42c6cac03359da8b4dc781a38b1fb7f682f19ef435a68a6ec03462bb5660a61182fbf656c89778eaddbee2d754a902505d2d9e26a08f3e62c13a12d2d57b7dfaec11c62796951512342bfb56564a424eb241555976c33f173258ac8a50a8a34563e85570505130d315b63c6d73770b455e2a56c236b5d2011a3834075ca4f39064b15354c52c07b1fdda422ef18cdf37c4a77c713af84ffcc8df335142309eac", &(0x7f0000000380), &(0x7f0000000280), &(0x7f0000000340)="52dfd51309a200009bd22910a100fb390000040000") 2018/04/09 21:14:15 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0xb00]}, 0x10) 2018/04/09 21:14:15 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:15 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0x8a07}, 0x0) 2018/04/09 21:14:15 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0xaaaaaaaaaaaaadf, 0x0, &(0x7f0000000240), 0x1000000000000058) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x58db, 0x0) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000240)={0x0, 0x1000, "1fdbbac017c1ec4183b1c623b4dd8964213ed964fbcf7d89efdcc812290c18e9b2f2cae700931845de3702a136d31f3b0d716bd17a93ec28f2557949aca34a9a76724bb2184bd93130134f7bb0eddfbc9e62f1224b923d44944f0a6385848a81cdc65a70f0bf1d6a70d456d30d2b2d1cec4d146d314e8e6fa80361e0a17eb2e14d8de1da0583baa81c177b6c4d9ea87d04ed22c5fae09f8ab67e0c752bed23c4847f289973193b61a5b53043485edf9df938d396221c78a11dcd5b27f3c972a25405968174bccf389bc9d91d74ee940fc9824e452830d52add031b7cb79b0fdc3a477272a6348f131cce1501f44d95913cfa23a38219fb990cdf8a5c559fa0f1b7253b5b30c8e31b9f267dc83b9cc4a6eca437435f014b967e745a9d4304daf8787cc367102d91339048ce4fbe91cf2f327fed408316ef201b70400011407e65aad094ff30c39341c3cb82ecd8ec43b652ebca740a43ebd3f84945658c29936a730d841c11ac866549f68ebe550ea7dc76df49151a4323c2e3e09a539544d2d72211c12adce6b59821a845b596011df61f9af1b5f511aeae89c08331e04072d4c40678cd2e74aa897e8f1854127149c695075b90ac2b5c93adecd33ba803028df982d71fc2317ecdd82a66ec373d3d48dbc6b48f4eb70f66ed2614588daf9dadf8414de0b2472ac2649f07f89b733da5d2816bf3c6ffc794ca6ee45c63a7facf1dd89fc2d9b94e2f6617254f8c57d8dbf88e3e29a0ae4e7382d094d188c62e13c875a3d992fb71f8554c96ba81b91520af3709856692ad0183c5ad2094ef6aeee69f1f230cbc1fd7a595accb49352aaa0ea48419ec0edfea1dbcab63cc465363920cace136f7856f84bf6cfa42158eb5a84d7280ec8f3575411208b8ca6df859ce41c64aa8328901fae682d127b57fdf488ee33bbec90ea8ed9bf2f258e09c93686b4d0a01cf43dfc2d83b341fbffc1136b528c35f6bb83ed988f39ed99df3178cf0784b50c995cd6703c0e166d61fefda0eef086e51a026d03a0b076ae91f8ad6bda1b91208602c7e699362f6352ca29a1b0647c051d1e141711533e6be38c225fb1bdf0d02616c4afab12cba4244f308f06ec1df525b6cfdc13e1918fef92de18f0fb2e66fe7e93d5bee08bf1cd6f89517bbcb0a67264ffc71c84d5691954f6822aab0b9f6a5cad099c6a16d2980a7e80943a23c07562bb630f1016aea27e1d04900b5e2d02a7f109b85e70090ed3f07c9500be2818d03e3df5db0fe1d0e06316cb582ad7dc2c5be1062c6499a9c2ad9bb814a609753a4713ae69311a61a2ab0dd8d13fe510ad1746f88cade9c97ee7f33df574deca23c29073dc85db22a701ebad13a6fe5d10235684648ad80796af6d605928f738c78ae0157552538ad41009b38cbee24e9c2cf16efa10887df3f25c77396cbc1b7e9ec019b73a2680af0a813e835bb6bdb4f7059c528a43085cdca808cc80a6a950e591e355a30bdcf3e76df1031f25d1f339763ad75565547d5f4951e5e6af6d6d51052b37cb75dc9ce39e2f76d13352a8aef046a63c1943768d1d31571af808b6f38b5f6294868f89e7f88cb1d5c8b37bd43db7f7e5842c51f700f73a0643044ac4fa46c0dad2fa3b6b4aaa3e2075479e350799adf69133dbe3e3bf11c155b7f468b6b30f6b6b48982caf9df8d067f6ff8391d0530c93b5028ce35f77a22de3b278e20d3541031ff29fb2c14154ed35c27fb950280deeb67d3bd903abec9a55b13153d2011b5a5da48abbd20aec51874865f30d37f0aa418f6d0e3d7f794fccdd75ec1084782a51b48aa72d175650ea179c12835ba339f7941a5d1d648a074a9b5d864f89fc5984811bd43ccdc929f38fc1219ff9c304facaa4c65e77e829384f06da26b175e76e01d93954f3166ca22543fa3b4aab2e4ff64ea4029b8bfe5166bfb04375022f9565c64edb2237311edd66aeae2b16b8d5c018eee4aab6fb7f8347f82f4977c5270a6af80c159104b1981083ead2c2a832839cd6f76ad4a2da4765518c7f070ff63a6e0e8ebaa13ba2550df510c9e20375b718b0e9b1c955dab26292b1f6f1bf01c2072ceead94b4c5d4cc31307d3e4fe7106f34b38f797dcd740065945009eecf2993f7213e83c8c6b192377046aac51cfb4042c08814518bce5c045c4e42525cfc8d35df7d6499ece4146e68ce7e41a939a7b8aca1f61084aca81fff1936c5d0f98fb770b462d7176df1d1eaca51f3f023fe8c2d55b4f1e18e6fe696f24d5de91ac468531d6a36c5654065c44749f3eb506e5072c1af31db40f56da175712bcd4a777d275e5239b3487c5c12ddc80a7c721ddf1b5bd8d081f47f49f44126e3bcbd2e09e1f3d088fea8f982df84bedc428643ccede2c50e62129d3bcbb6589f452611bc5dd89e274b7937abf7c8984a8683579f6599b2b9e2a5d05d57b550619d5dbfa572bf7a8cc1aef02a8a978b2e0108d2fe56e4e098ff9adf12f20b40288b426b1962d3f4c11c027b9a038af14dcaa30d5308e2843bcd2f684546eba1e35d49aade3ba0f00b511f603c6768d1f754d9dfdcad819b485c65c611a3a9d19e3438ec690a019f3be2f46608380cf7fd430cd283635d5ec89848b1c3e30624bf987adfd08719b74c4a47717d1e87ac9edd561901e7dc5d37043b5160fa4c619ba876078b77c9228949675388c944af78cfd7a794e1a1659cd500debbe60f374c9b98564a9cd475cc5053160f43b75621ae61837c81da2d18d7f5832034557c2cee1bbfa8bff45f7723b60cd88666d4988583ca2457e9d6ef8e0b398b10f9e83da05cc232c19ccac19759447e787e7e2631a63c944029bafa1019971f74026ca2287bf0ef13f7f9a221001ec9f5b4b382ac182952743776cf087153f8190a9af78828a18c1dba2e3690cb14891f28ef17aa760a84900506cacdc3a222235917e3c96bf6ce7a3236512d1896f68ed1f9b8aea37dafe8837f6cafe359fa6841ebb716e6f3f3c1f726158a2a80321a9ddb31aad8cda0589b6b331a965bddcb60e9f98b5a8bf87f4c664a1b28a9ba2f788e0ac5502ea42d7de9a735f1875292001a80624f9f284954888cfac6e2c98637f327708a14839051d6675ac049ad0181054f4c72c9e699ec00f27e286b57678e49677d4c7c226a6f362ab82923be4df79291e30cf0f182aa238a380a674c58d90464bfce2bdd8e9a6d5cb6069348cfaf522ae35fa02e9820b2a9a3099c76a432eeaf387c48dec1e8f65bb4ce4bda705e43f8a8cdc4873b126ec238301d5bb0b155217aefb80715d07410ec61287c3e6f9a8c655a2b7d341a91c879bdee3cc9ae8728ec9c6a5db35acb35fbfc3b9901df0a74fb09bcd073dd448b6f1b7d6d85599fa66a143a0ce64632e334f27fc71dcc71288b55b6f95148a6cc427ad2b3469d583ed36b27397a1a84b2bfd13a4d63f106c243b1c938b5cca9ccab9bf9bf5f99fd6d9d34d30285981d20c5bc9ad5cfaae79ba2505aab9d47ae20bedc3d6834ae2fd2956574a1b2f723153ddf895593d919f1dd84d7f3fb9cf88f921bb1ed02ed6052799a91e2a2e836f89b16c64d4b8025a00d0608c8b20466bdafdc15e6f025c0f08c76dc3208c5399aaf2639c0cc205fcccae814f8d321502a11c196c23144f6d97c62f22c610201ecdd61cb3e45a8ef057e4d1289a3e0920b6a20ef90eaac95cc22a1ee7ba6ff04a1d210dd523f2640af94dd8b8e45acfcfc360ab6315db551b68d246c3117faac4cfcc3039678105127cf1ba057b7148cc3ae597b8ee00ce42bae85da470e5813648ff4acf61c5e8111aada29917bb07ba1db56d7c92f6db9b575b151a1bc252949a0059651f13b511444913894f9abada74b45eeb5639aec92746ff0b347088ab8c70aa9f8c91ea7bb3d215df3fe19314e3dd799b8de21e3ef420c290561d5342e71196e43ed1d7dd2a208b2eb372b6531cf7dd04c854eb7962a1189a92a986bc18df989176805651d73565d662e09b7b7b30a7da14f0587dd19471a8f68095c0853357fd4c9d3e6d9d67d5474c6848c49f744be24175a1d9ec39a1aa124013d58020d79af404cd7892bd2d0869c6998a7bb7e8771852dd5892bddbc4d674bf8b1ba81d5268fa1adfa8451aba74376cce48d1a1ec447cd31cc077722b6282b256934d6d5b9fe8a995975ca031e5190208d127e21669493876dbe1527dcfc46e667ae06ffd99839e2b4cf2291d58f00a088652d631bbb90d1bb288e9e2eeb2c8ee299cb1d0c71e4c367f82b6951fbedc4dd3399cdf096115d8b16546ad80e72cbf11f78250db9d4f427910b34dec21b91efca7ad8cdddea8b1b17851b3873544c3aee6a439ff77cea59e684cd16e0c8b91a9dbb51bdb597e80a72f808105d412ee5874c60117a68f75551e13b061c5098fe14052282c23a265064786ff75d0d8d1750bd8209a43cfa1a94cc62dca58aceed3417e479d5114d63f00804d94bc5f437cde53f4391e4eaa06130d68f7eb7661a835144167b767b2a6d768e0ca95563aa564858646d36c2b0091a00c6a6ca368f9a1467b0569456bbfb6435ba0d6631f29dffc0608ce5431c4b39937d79f9332c6264384d8ef9e06fd93b63a9d03b4dad5b78b3db3c0cb8a0c6c8e6553367f03d3c1559fd19560061edc27267aa0f5254d1d08fea4f173308553ff5d6987a249757f731546b639a69e8f2bcf103eb5531e550dcd9f93efedfac501a04e420fb9780dd1fa73ad41f5ec9e738041f7b81702547b41adc6d43153bd0ebf6299e8f5ccd11053e435e4849518ae69cdb507f1a0782591f90401cd86927539722c23f4c95210a17586bc3243c2e658d75014c4cd6bd3f5c7f3a2eb0ca5d6e32e3037db7424b868e5929b203e78bc04e98cabfb95003260dea52405197c1eb4491359f5aef046c6fce7ac5965a23bb24d7d412388d03c3b80d3e1d729edbeac213a60dfd612561559e626e6ef9f786fab972bafdae478ab7ef3cf464c174d2b710ad1fdac76a3d0ba87dd8b017f98f0e8058d1250401cf4887a2af863be0e0d407ca8c74c30337247dc684f11d8d0cf21d7ee1d2ae47c0d98e4e18599c7ad84bf1b463ca5f587c886adaea276e4a7f0531631395629de9918c0e3c078a233933f1e458b509e3384a3c39e86979a6a8fa78f59faec4f21ebf033785e9449659a8a86d303984e04036fa2b5b245d846fd6fb7efd2db6d8c0f18432b5b9b8f94556562e1bea08387af4e4674491a8c27dcb7401f90503a26d00f7507f03e51291dc9f21b8d3ce7285f84810b2b4ca07c948521e5ce018710e109cb8956a52bd0060bf96c14650717d98c94a921d7aa3a5269817eddbd2a079033a8902dfafd07705a22f8d3e4ee26e062e6a5751eb4f818c0c744766231fdeaa327b3dd1da28b025c8b6e86b397bc225dcde6eaaea619aee3a49cd2a649373c409c0e2c03aa0fa86eb509b4436d6955fc36ebde1850014a8774f61bf331333b885137bb0e044afb27d31904fbabc9b02f79c6029da0c9ae33354392a8599cd77616f424d997f7d3174ad9ce79606468a229da16eec01976d840daf259a51ba4965e8fb077477894407f7167e0ac6800bd5a3917f90e10d64c1d7ae3121bc535752378c806284c8975a036eb62608d0a05f4f99d08ecbbf6d3d1e3bc0561782263854f92bec1d9efc0a916ae2012288568c6fecc188b84a7561fbe3a8039fcdfcd2e7fb5c7ae8d6882a05df2027693ec22cfc8cea5b602f0fc061e8dd3164f048587ebbff13d69412b19bdf366a9f8f9d2508018805954d8809eaff657f0d23cf53fa510d76c53"}, &(0x7f0000000140)=0x1008) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r3, 0x84, 0x1a, &(0x7f0000001280)={r4, 0x43, "8373e5fc5e90236783fecb7c1abb3f9964e399bc19e849cb7d38f6667b73545872a2929602edc366dc393ba7f53201b4e56a4518a0512a59712ac1abad092adcfc90c2"}, &(0x7f0000001300)=0x4b) 2018/04/09 21:14:15 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000031200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:15 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r4 = msgget(0x1, 0x80) msgrcv(r4, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:15 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0004631200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:15 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) r0 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x7fffffff, 0x400) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505331, &(0x7f0000000080)={{0x3, 0x7fffffff}, {0x7, 0x6}, 0x0, 0x2, 0x4}) 2018/04/09 21:14:15 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0x463}, 0x0) 2018/04/09 21:14:15 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:15 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0xe103]}, 0x10) 2018/04/09 21:14:15 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:15 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c00091b1200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:15 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0xffffff7f}, 0x0) [ 460.059146] binder: 32135:32136 Acquire 1 refcount change on invalid ref 128 ret -22 [ 460.067298] binder: 32135:32136 unknown command -928540024 [ 460.102552] binder: 32135:32136 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:15 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x3e1]}, 0x10) 2018/04/09 21:14:15 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:15 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0xf000}, 0x0) 2018/04/09 21:14:15 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:15 executing program 6: sysfs$1(0x1, &(0x7f0000000040)='user-eth1$\x00') perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff7}, 0x0, 0x0, 0xffffffffffffffff, 0x40000000) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rfkill\x00', 0x80400, 0x0) ioctl$PPPIOCGL2TPSTATS(r0, 0x80487436, &(0x7f00000000c0)="6b38c1a3608fcecd27328f42de259fb83c21d2eae10dee42ac4b00484e11c431a123a9b32b40e4e0d2c9e8878f10305039740c5fd97eff6f559183d4b0b23af86ee7835c") 2018/04/09 21:14:15 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:15 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = accept$inet(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, @loopback}, &(0x7f0000000140)=0x10) setsockopt$IP_VS_SO_SET_EDIT(r3, 0x0, 0x483, &(0x7f0000000240)={0x0, @dev={0xac, 0x14, 0x14, 0x11}, 0x4e21, 0x4, 'rr\x00', 0x10, 0xfffffffffffffff7, 0x77}, 0x2c) 2018/04/09 21:14:15 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c00001f1200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:16 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c00f0001200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:16 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:16 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0xf0ffffff}, 0x0) [ 460.307853] binder: 32158:32159 Acquire 1 refcount change on invalid ref 128 ret -22 [ 460.315949] binder: 32158:32159 unknown command -928540024 [ 460.340261] binder: 32158:32159 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:16 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0xe103000000000000]}, 0x10) 2018/04/09 21:14:16 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000031200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:16 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x2600, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2018/04/09 21:14:16 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:16 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:16 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f0000000040)="ba1c060ac8835f2a58a8cfad126c376d7481279a684a88de3634c6cf705e75454b8c892439868a1fedd54c45533e60f283300ba4a59a0d22a211f94eb30af8ef3a0c274646423a463abd8d07d2b9d54e8ddc875186a0044159aa67e28f9029ec070eba115b3cd0455fc0d6680000000000000000000000000000") socketpair$inet6(0xa, 0x6, 0x8, &(0x7f00000000c0)={0xffffffffffffffff}) getsockname(r0, &(0x7f0000000100)=@llc, &(0x7f00000001c0)=0x80) 2018/04/09 21:14:16 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0xc00e0000}, 0x0) 2018/04/09 21:14:16 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0xc020000]}, 0x10) 2018/04/09 21:14:16 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) [ 460.621107] binder: 32197:32204 Acquire 1 refcount change on invalid ref 128 ret -22 [ 460.629156] binder: 32197:32204 unknown command -928540024 [ 460.693671] binder: 32197:32204 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:16 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000021200ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:16 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:16 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0xc00e}, 0x0) 2018/04/09 21:14:16 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0xb4]}, 0x10) 2018/04/09 21:14:16 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffff9c, 0x84, 0x6, &(0x7f0000000240)={0x0, @in={{0x2, 0x4e21, @remote={0xac, 0x14, 0x14, 0xbb}}}}, &(0x7f0000000000)=0x84) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000000140)={0x4, 0x202, 0x3, 0x100, r3}, &(0x7f0000000300)=0x10) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2018/04/09 21:14:16 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r2, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r3 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r4 = msgget(0x1, 0x80) msgrcv(r4, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:16 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:16 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) r0 = socket(0x11, 0x80000, 0x6) accept4(r0, 0x0, &(0x7f0000000040), 0x80000) 2018/04/09 21:14:16 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001300ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:16 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0x1f00}, 0x0) 2018/04/09 21:14:16 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:16 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x2]}, 0x10) [ 460.973385] binder: 32243:32246 Acquire 1 refcount change on invalid ref 128 ret -22 [ 460.981705] binder: 32243:32246 unknown command -928540024 [ 461.011365] binder: 32243:32246 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:16 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0xb4000000000000]}, 0x10) 2018/04/09 21:14:16 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x7ff, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2018/04/09 21:14:16 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:16 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xffff7fffffffffff, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) 2018/04/09 21:14:16 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) [ 461.324223] binder: 32288:32289 Acquire 1 refcount change on invalid ref 128 ret -22 [ 461.332501] binder: 32288:32289 unknown command -928540024 [ 461.357840] binder: 32288:32289 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:17 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001400ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:17 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x10) 2018/04/09 21:14:17 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:17 executing program 0: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) 2018/04/09 21:14:17 executing program 6: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) sendfile(r0, r0, &(0x7f0000000080), 0x7) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000040)=0x1) 2018/04/09 21:14:17 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:17 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:17 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0xf0ffffffffffff}, 0x0) 2018/04/09 21:14:17 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001500ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:17 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000000), &(0x7f0000000140)=0x4) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2018/04/09 21:14:17 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) [ 461.591629] binder: 32311:32324 Acquire 1 refcount change on invalid ref 128 ret -22 [ 461.599827] binder: 32311:32324 unknown command -928540024 [ 461.634300] binder: 32311:32324 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:17 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0x1f00000000000000}, 0x0) 2018/04/09 21:14:17 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x10) 2018/04/09 21:14:17 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001700ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:17 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:17 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:17 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:17 executing program 6: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) r1 = dup2(r0, r0) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffff9c, 0x84, 0x75, &(0x7f0000000040)={0x0, 0xe0000000000000}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f00000000c0)={r2, @in6={{0xa, 0x4e20, 0x200, @remote={0xfe, 0x80, [], 0xbb}, 0x6}}, 0x6, 0x6}, &(0x7f0000000180)=0x90) 2018/04/09 21:14:17 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = syz_open_dev$admmidi(&(0x7f0000000240)='/dev/admmidi#\x00', 0x1, 0x100) getsockopt$inet_sctp6_SCTP_CONTEXT(r3, 0x84, 0x11, &(0x7f0000000000)={0x0, 0x31317641}, &(0x7f0000000280)=0x8) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r3, 0x84, 0x6c, &(0x7f00000002c0)={r4, 0x52, "83dbd585382452241f1d157fec3883a75a45cf3ff39d14839fecefa71894414e00e4608657992e2225aefa4753c8afdce398ffc818175b9e85adde9c02ab1ba86d832e08841cf07a823c5d6e9e0a7ec28f78"}, &(0x7f0000000340)=0x5a) openat$cgroup_int(r3, &(0x7f0000000140)='cpuacct.usage\x00', 0x2, 0x0) 2018/04/09 21:14:17 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:17 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001f00ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:17 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0x100000000000000}, 0x0) 2018/04/09 21:14:17 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x700]}, 0x10) [ 461.988421] binder: 32367:32368 Acquire 1 refcount change on invalid ref 128 ret -22 [ 461.996676] binder: 32367:32368 unknown command -928540024 2018/04/09 21:14:17 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:17 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0xfffffffffffffffe, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x8000000) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) r3 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x0, 0x2000) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000240)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DEST(r3, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10100}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0xac, r4, 0x102, 0x70bd25, 0x25dfdbff, {0x5}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x46}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x55}, @IPVS_CMD_ATTR_DAEMON={0x40, 0x3, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x7}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x116}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'teql0\x00'}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e21}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}]}, @IPVS_CMD_ATTR_DAEMON={0x3c, 0x3, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x401}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x57b}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x8}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x7}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast1=0xe0000001}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0x2}]}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x5}]}]}, 0xac}, 0x1, 0x0, 0x0, 0x10}, 0x4000) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 462.046009] binder: 32367:32368 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:17 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000000f00ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:17 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0xffffff7f00000000}, 0x0) 2018/04/09 21:14:17 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:17 executing program 6: r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x400002, 0x0) sendmsg$rds(r0, &(0x7f0000000580)={&(0x7f00000000c0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0xc4, &(0x7f00000001c0)=[{&(0x7f0000000100)=""/19, 0x13}, {&(0x7f0000000140)=""/96, 0x60}], 0x2, &(0x7f0000000640)=ANY=[@ANYBLOB="480000000000000014010000010000000800000003000000", @ANYPTR=&(0x7f0000000200)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB='(\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000280)=ANY=[@ANYPTR=&(0x7f0000000240)=ANY=[], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB="01000000000000004000000000000000018000000000000058000000000000001401000009000000050000002b000000", @ANYRES64=r0, @ANYPTR=&(0x7f0000000440)=ANY=[@ANYBLOB="58eef995564207a2e3e00383dc83a3139b14f304bc3be7c94d92f6aa42d439585521d73fff3b85a99ec807c4ebce"], @ANYBLOB="9346000000000000400000000000000006000000000000000000000000000000010000000000000003000000000000005800000000000000140100000900000007000000b4940000", @ANYRES32=r0, @ANYPTR=&(0x7f0000000380)=ANY=[@ANYBLOB="faffffffffffffff"], @ANYBLOB="0000000000000000cbc00000000000008a0000000000000094e80000000000001000000000000000200000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f00000003c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB="1500000000000000", @ANYPTR=&(0x7f0000000400)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="4000000000000000180000000000000014010000030000000000000001010000170c9d48d4e66a783d905a3b648258b8240861d4f2671088052ba707d7b4232ae03655c2bc757ca08e348f6167857218b0877793003c8ae8312d4b1a843d43feb98f16d58ccb4dc9f2e759d31d49ad05b6318799896eab667a2cccbeaa4c0136165aa5f123f0d5660e372426cd73657594002bb23182176d20d5326503bb76339a0d964fa5714175a0a458feb73a6a052992c22938b7ebf2557b2e4ed35559c06c3aae69a48823f4c906ce4e53"], 0x140, 0x4}, 0x4) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) chdir(&(0x7f0000000040)='./file0\x00') clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) msync(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x65, &(0x7f0000000240)=0x4b, 0x4) socket$inet_smc(0x2b, 0x1, 0x0) [ 462.384486] binder: 32406:32407 Acquire 1 refcount change on invalid ref 128 ret -22 [ 462.392650] binder: 32406:32407 unknown command -928540024 [ 462.405480] binder: 32406:32407 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:18 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:18 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) r3 = creat(&(0x7f0000000000)='./file0\x00', 0xc6) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000240)='IPVS\x00') sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x60008}, 0xc, &(0x7f0000000400)={&(0x7f0000000280)={0x160, r4, 0x120, 0x70bd2a, 0x25dfdbfe, {0xe}, [@IPVS_CMD_ATTR_DAEMON={0x40, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @local={0xfe, 0x80, [], 0xaa}}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x3}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x9}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3}]}, @IPVS_CMD_ATTR_DAEMON={0x40, 0x3, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0xfffffffffffffffe}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @ipv4={[], [0xff, 0xff]}}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e21}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5ee0}, @IPVS_CMD_ATTR_DAEMON={0x80, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'ip6gretap0\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote={0xfe, 0x80, [], 0xbb}}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote={0xfe, 0x80, [], 0xbb}}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @dev={0xfe, 0x80, [], 0x1a}}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'eql\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e23}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x4e740c28}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x4}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e24}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7ff}]}, 0x160}, 0x1, 0x0, 0x0, 0x4000800}, 0x4000000) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2018/04/09 21:14:18 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0xc02]}, 0x10) 2018/04/09 21:14:18 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000000f00ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:18 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:18 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0x6304000000000000}, 0x0) 2018/04/09 21:14:18 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900000000000000, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:18 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc\x00', 0x80000, 0x0) setsockopt$nfc_llcp_NFC_LLCP_RW(r0, 0x118, 0x0, &(0x7f0000000080)=0x4, 0x4) 2018/04/09 21:14:18 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0xf0ffff}, 0x0) 2018/04/09 21:14:18 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x240]}, 0x10) 2018/04/09 21:14:18 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:18 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001300ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 462.616004] binder: 32435:32438 Acquire 1 refcount change on invalid ref 128 ret -22 [ 462.624100] binder: 32435:32438 unknown command -928540024 2018/04/09 21:14:18 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0x1f000000}, 0x0) [ 462.675265] binder: 32435:32438 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:18 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:18 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x4002000000000000]}, 0x10) 2018/04/09 21:14:18 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x4, 0x3) setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f0000000040)={'mangle\x00', 0x3, [{}, {}, {}]}, 0x58) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) 2018/04/09 21:14:18 executing program 0: r0 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x2, 0x0) ioctl$KVM_GET_MSR_INDEX_LIST(r0, 0xc004ae02, &(0x7f0000000140)={0x4, [0x0, 0x0, 0x0, 0x0]}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2018/04/09 21:14:18 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0xf0}, 0x0) 2018/04/09 21:14:18 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001400ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 463.013397] binder: 32467:32475 Acquire 1 refcount change on invalid ref 128 ret -22 [ 463.021721] binder: 32467:32475 unknown command -928540024 [ 463.034857] binder: 32467:32475 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:18 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:18 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001500ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:18 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0xfffffff0}, 0x0) 2018/04/09 21:14:18 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x7000000]}, 0x10) 2018/04/09 21:14:18 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r3 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r4 = msgget(0x1, 0x80) msgrcv(r4, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:18 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14000000, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:18 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) 2018/04/09 21:14:18 executing program 6: r0 = getpid() r1 = syz_open_dev$sg(&(0x7f0000000100)='/dev/sg#\x00', 0x8, 0x80) perf_event_open(&(0x7f0000000080)={0x3, 0x70, 0x9, 0x9, 0x4, 0xe9, 0x0, 0x5, 0x400, 0x8, 0x100000001, 0x80000001, 0x1, 0xfc30, 0x80000001, 0x5b, 0xa29, 0x2, 0xa91, 0x7, 0x2, 0x2, 0x200, 0xfe, 0x6, 0x5, 0x362, 0x1, 0x0, 0x101, 0x5d9, 0x4, 0x5, 0xfffffffffffffffb, 0x39e2, 0x7fff, 0xc4c, 0x3f, 0x0, 0xc79d, 0x2, @perf_bp={&(0x7f0000000040), 0x1}, 0x1000, 0x2, 0x1, 0x5, 0x4c84, 0x9, 0x800}, r0, 0x5, r1, 0x8) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7008400, &(0x7f0000000180)="30e39e4c25615e20d3ce1409a25800011667d50000000000000000", &(0x7f00002b7ffc), &(0x7f00000001c0), &(0x7f00000000c0)) fcntl$F_SET_RW_HINT(r1, 0x40c, &(0x7f0000000140)=0x1) fadvise64(r2, 0x0, 0x401, 0x0) 2018/04/09 21:14:18 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001700ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:19 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 463.322556] binder: 32512:32513 Acquire 1 refcount change on invalid ref 128 ret -22 [ 463.330685] binder: 32512:32513 unknown command -928540024 2018/04/09 21:14:19 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:19 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x90000]}, 0x10) [ 463.390374] binder: 32512:32513 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:19 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000000)=0x17f9, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2018/04/09 21:14:19 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001202ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:19 executing program 6: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x10000, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x3, r0, 0x0) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) 2018/04/09 21:14:19 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001203ff09fffefd956fa2830007a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:19 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:19 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x4002]}, 0x10) 2018/04/09 21:14:19 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:19 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:19 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:19 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x10000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2018/04/09 21:14:19 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa283001fa6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:19 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:19 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:19 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x8072]}, 0x10) [ 463.813643] binder: 32564:32569 Acquire 1 refcount change on invalid ref 128 ret -22 [ 463.821827] binder: 32564:32569 unknown command -928540024 2018/04/09 21:14:19 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830207a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 463.901207] binder: 32564:32569 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:19 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:19 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:19 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x0, 0x1, &(0x7f0000001fe8)=ANY=[@ANYBLOB="b0e1d2efd502029727"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0xc3, &(0x7f0000009f3d)=""/195}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x5, &(0x7f0000001fd8)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x25}, [@ldst={0x7}], {0x95}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0x437, &(0x7f000000cf3d)=""/195}, 0x48) r4 = socket(0x10, 0x3, 0x0) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000040)=r3, 0x4) socket$netlink(0x10, 0x3, 0x4) ioctl$sock_inet_SIOCGIFNETMASK(r4, 0x891b, &(0x7f0000000140)={'ip6gretap0\x00', {0x2, 0x4e20}}) write(r4, &(0x7f00000005c0)="260000005e0009000000eaf83a0000000000000001000000ffffff000008db1ee9ff4435eade", 0x26) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2018/04/09 21:14:19 executing program 6: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000080)={'filter\x00', 0x7, 0x4, 0x480, 0x0, 0x140, 0x0, 0x398, 0x398, 0x398, 0x4, &(0x7f0000000040), {[{{@uncond, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, @mac=@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xc}, @multicast1=0xe0000001, @broadcast=0xffffffff, 0x0, 0x1}}}, {{@uncond, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @empty, @broadcast=0xffffffff}}}, {{@uncond, 0xf0, 0x118}, @unspec=@NFQUEUE0={0x28, 'NFQUEUE\x00', 0x0, {0x6}}}], {{[], 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x4d0) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) 2018/04/09 21:14:19 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:19 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830307a6008040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:19 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x10) 2018/04/09 21:14:19 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:19 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:19 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:19 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6028040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:19 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x700000000000000]}, 0x10) [ 464.259252] binder: 32612:32619 Acquire 1 refcount change on invalid ref 128 ret -22 [ 464.267384] binder: 32612:32619 unknown command -928540024 [ 464.319558] binder: 32612:32619 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:20 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:20 executing program 6: syz_genetlink_get_family_id$fou(&(0x7f0000000040)='fou\x00') perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:20 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) [ 464.624457] binder: 32646:32647 Acquire 1 refcount change on invalid ref 128 ret -22 [ 464.633265] binder: 32646:32647 unknown command -928540024 [ 464.668351] binder: 32646:32647 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:20 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:20 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6038040010000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:20 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0xc02000000000000]}, 0x10) 2018/04/09 21:14:20 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:20 executing program 6: clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) 2018/04/09 21:14:20 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="440f20c0350e000000440f22c0260f013ab805000000b9078000000f01d9b9321001c0b802000000ba000000000f30c744240000f0d9e8c744240204000000c7442406000000000f011424c4227d0ff70f353e660f38814d0ac4e27d8c07668ec5", 0x61}], 0x1, 0x0, &(0x7f0000000000), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000001c0)="0f35ba2000b000ee670f01b5004000000f01cb67643e0f380ae165260fc76f0066b8090000000f23c80f21f866350000d0000f23f8baf80c66b8d977a98166efbafc0cb000eeba430066ed0f015a01", 0x4f}], 0x1, 0x0, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f0000000000)={0x1, 0x3}) 2018/04/09 21:14:20 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:20 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:20 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:20 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:20 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040020000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:20 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0xb]}, 0x10) [ 464.864625] binder: 32675:32678 Acquire 1 refcount change on invalid ref 128 ret -22 [ 464.872745] binder: 32675:32678 unknown command -928540024 2018/04/09 21:14:20 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind(r0, &(0x7f0000000040)=@nl=@unspec, 0x80) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/mixer\x00', 0x200000, 0x0) r2 = syz_genetlink_get_family_id$fou(&(0x7f0000000340)='fou\x00') sendmsg$FOU_CMD_ADD(r1, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x2c, r2, 0x8, 0x70bd26, 0x2, {0x1}, [@FOU_ATTR_REMCSUM_NOPARTIAL={0x4, 0x5}, @FOU_ATTR_AF={0x8, 0x2, 0xa}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4, 0x5}, @FOU_ATTR_TYPE={0x8, 0x4, 0x3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20008000}, 0x40) sendmsg$nl_xfrm(r0, &(0x7f000014f000)={&(0x7f00003c7ff4)={0x10}, 0xc, &(0x7f0000bd7000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="54010000100017070000000000000000ff02000000000000000000000000000100000000000000000000ffffac14ffaa00000000000000000000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000320000000000000000000000000000f8ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000001c0004000000000000000000fe800000000000000000000000000000480001006d64350000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000033ed7d05d5107000000c66e25a98d3ded0518290a5add2cc17243b6bd6dbbbba1911cdb8dd8240c8e32a926b37756cf86602a12cbe7db4fb1e5651dcea28c423cf2e1a703fd394f8fcd2f18a55501646d07f6c3da6984708957cd66da4f1452763ee3b7f474ee8f82e02e4d90a3fc84e5"], 0x154}, 0x1}, 0x0) read(r0, &(0x7f0000000000)=""/61, 0x3d) [ 464.939210] binder: 32675:32678 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:20 executing program 6: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000000c0)=0x0) ptrace$getregs(0xe, r1, 0x3, &(0x7f0000000540)=""/186) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x41, 0x0) ioctl$KVM_GET_XSAVE(r2, 0x9000aea4, &(0x7f0000000140)) perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x6, 0xfffffffffffffffe, 0x4, 0x1, 0x0, 0x3, 0xb1080, 0x2, 0x100000000, 0xfffffffffffff21f, 0x6, 0x9, 0x9e26, 0x6, 0x100000000, 0x30, 0x8, 0xc3f2, 0x600000000000000, 0xc63, 0x4, 0x9, 0x7, 0x7, 0x4, 0x5, 0x3, 0x6, 0x7, 0x401, 0xff, 0x1, 0x4, 0x100, 0x0, 0x4, 0x0, 0x0, 0x7, @perf_config_ext={0x3, 0x8}, 0x0, 0x9, 0x1, 0x6, 0xffffffffffff0001, 0x81, 0x9}, r1, 0xa, r0, 0x8) 2018/04/09 21:14:20 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040050000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:20 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:20 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:20 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x7280]}, 0x10) 2018/04/09 21:14:20 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:20 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:20 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040080000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:20 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:20 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$sock_void(r0, 0x29, 0x1b, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x20000, 0x22) [ 465.324383] binder: 32721:32722 Acquire 1 refcount change on invalid ref 128 ret -22 [ 465.332531] binder: 32721:32722 unknown command -928540024 [ 465.360362] binder: 32721:32722 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:21 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0xffffffffffffffca, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x518, 0x2) socketpair$inet6_sctp(0xa, 0x1, 0x84, &(0x7f0000000080)) ioctl$KDGETLED(r0, 0x4b31, &(0x7f00000000c0)) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000100)=0x0) ptrace$peekuser(0x3, r1, 0x8) clone(0x7008400, &(0x7f0000000140)="da0182ad63d13d9f26b4b5b051ad5e72da05c714859caed1331835e256dff5f50ff904e5d87e685ef12f6d85000754cf7d50bef3f975a73e3c5e9a5645b0bf13998a087efb47d4f362fc050beeb75501189cdd497563a511a20394c6586789de0179a8a9debd71792c770c58d30f25c425aa482bce0e3d3869608390d0d99551043de6611317c8c7b9b449fa8d0b28b30d92050e784f003f59d58393c48cb9d53f5e56a4716255", &(0x7f0000000240), &(0x7f000029e000), &(0x7f0000000200)="a101ad1131fa50110591bbb0255a3096935ddbcdecbbba8bcc91f9ecd2c259f9971715f6a540200bd850d8a38476255fda4027c3b0460f5321f9e6755950") 2018/04/09 21:14:21 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:21 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:21 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x10) 2018/04/09 21:14:21 executing program 0: msgrcv(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000d6ad93566920c92bae8f00000000b200000000000000000000000000000507f83500000000000000aa7b6046ba229fb71f4c000000000000000004000000000020009abff354facf70580f014f0612466ac573a786827172f41864704a"], 0x57, 0x1, 0xa4a3ad41a879dde1) mkdir(&(0x7f0000000000)='./file0\x00', 0x100) r0 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x4, 0x80000) lstat(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) quotactl(0x8, &(0x7f0000000140)='./file0\x00', r1, &(0x7f0000000240)="4ad1f80a110c3e68d81b9a3689ed6bb87ad15e14a4e6be55e3fa360c09eed2aa5e648628ad5ae0e078f0a52b75780a167e07aeaedf2ef2aaf6bafd487206d0") ioctl$sock_SIOCADDDLCI(r0, 0x8980, &(0x7f0000000280)={'ifb0\x00', 0x3}) 2018/04/09 21:14:21 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:21 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:21 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040030000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:21 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040001300000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:21 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) syz_mount_image$reiserfs(&(0x7f0000000000)='reiserfs\x00', &(0x7f0000000040)='./file0\x00', 0xfffffffffffffffd, 0xa, &(0x7f0000000a80)=[{&(0x7f0000000080)="7c7082ba00395045ace67a19b99f4c1f735a1fd3d6ae5e131eda607eb75e4e133cb788774ebbbf089562ba5e8b8a9b57d9a648f6e06cdb26d2e3ed8bcde4704b2d5b36c2921b6eef8291740af6b35ed244aeef6d86490ed5", 0x58, 0x400}, {&(0x7f0000000100)="48604bd753873a6d18e2bd8fb334e4f56c2db440cf07f2c315b37209ead2ced1ece7bbc1d3ebc26950704bcd38cfdf0ad7a4", 0x32, 0x5}, {&(0x7f00000004c0)="b730a38cf2cfdde57148ec71ba20fef65885b69a695d43c8099a6c13cd1b91fb1ffd2badf51300d0cf12f6d425286099f60b9273daa2e85f598ec1a4fac3c5af93b79f9836a8e9660f2a16cf55a20256448eb204b6b4346fd96afa798df99a45b9912fa3ae27fcd80de28d327b55d191d622b22a02a9793a8f943f898688caabef1e4e2a1184f3a68603722f2ff7ff87df1adee96b202f9f4bbb50d7c8ff233f756c0b3ee3dd36a1239bf7bc1e8a8c611ad91e27bd45d582a2aead5537302d6cc83546c13cf7f1ffb1cf138f134f4b8ec68ce24d44a4f69cb5b9bc", 0xdb, 0x4}, {&(0x7f00000005c0)="0c06d09657fba7bab6e8926583d6648fca3fd730c968871fb5fc087f5bff7e34493da47ebbf2b7cf58e3fac9e9f863e7f6987ca88d0567d2dd0067421934a2dc17db9a959f6a4cb7db45ca7854433e55ffdea39e9a3e7549da2875dbd3d740c7e9b6892dd8eb5a662acc379f05f595280ddf879bcc684cee6216944109bf952c36f4130e2f2e01acd492bf0924ab917aa3acd91e0f6db7faac99ad7fc2d59e409208e024d28027cde5fd5f53b13659c10d185307920ad04046f6c729ff675897e069e4fcb28af413f341d2493bf33ba4e5b67116989b04508b", 0xd9, 0x2}, {&(0x7f0000000140)="55a465c1633a9e52f22468ae8e8876da52424eff618817645ad0a3e93e72626a69260a9aac92b833533e300bd195aa2cf593", 0x32, 0x7}, {&(0x7f00000006c0)="4d02acc9fe41a9a9487d560dbca01595e356788e24ee4b8210a8533458dd8d3665bec66943d8be0eef39beac00c0bf4ec71db454ef7d864d859aa68fcf7995d77a6c1b15d26a1759f2c809c8766c6c2b5d059bfc609d3d28b113b7ee580de2c3fe1522bd25f0e0adc6cb9ad25778b1da95dad4d1b540ff171be3d15d7152f8379c18e760da9b1fcb8fa550a1ed1fe03dc9f180bed6df5bcca9d205e2830c32d9b58e8af7231961ca1161a64ffbf1f919fb56164c692c56ace649e41f993022635f0d6ccecce480adccd48865991270a8e7debe2f65", 0xd5, 0x2}, {&(0x7f00000007c0)="676add742de631aeee36593366f8a16d5f84542e9d68ccffd3e13ef94184471076badb3203eea415f90bf4d41f9800d24e6f91d3d17145bfca538ba2c48266a413539223b74490abb0bf525b13b7566a8f2b49dc3e06794edab98f67859ad1870351f75d740784338af585105f598b6a3de6ca21508d62fe8198a8cea72431a03a92dff48ce1590e1b585f1c7171efb735a94ac4b11ce210eba61d53c7a35e48425f5cdf83b7964217eaeae2dc2ff77d66fddc9faf12e1e35fb41eda75cb6d49ee3c2c942917f2665c92ae2023b65f", 0xcf, 0x6}, {&(0x7f0000001900)="0481c629fd18af89d8f0e9411b643ee77c11eb585628c282e3da5df34ec732cf38f2cd76f37775fa5078aea77407ca6b54808c3df13bd662605de8f43aea044113e39102a06db3f57411f575f28e246ee45e9429d349969022ed2c0c2945d045f630765e34fe2f79054f71e8e70a96235d2455265a4bbdf869e827084ef1e416dcad3f3a38352cad560555cb1843ae360fa9638c4c1bf9d0aba56b3496092ab1b33890051fa0b205f3c41dc56e949f6f523a2cfcc2425116257b3e5ddba775d7e359e83209a3e22c1ac42310133780296fe34c53c3652c4201620b49021faba7a16cea319470376876d5864de093b31a1b2ef6b5cacc78cc3ed436c05ba958f12fb2eec6f9cfd6d2366d4db4409d3266ae263eeb19ddc5755572c240bacd3fd4c251e3a0985640dd66b438ce4546ffcee72052a811134304a0a11a9bc65544935dd53f621d4d07803465406b016cc4bad09ddbb41b0137c5561a61f067eba820c5faabfd5529f57cda060cc53d4ba92f5363ff4242b4acfc4d8db40bfb57b27d021c54ba5e7c1913ff384f92e5c21eca478b9b75946c9c244fc465d92046e117030e7d44ca465d7d18bc1c2510c90d1955c8319bf9f4bf4a05c5138c56426610b411057f876507d47dc98f91effe5fb9678f0aa78464b7998285544f5aef7586a3bdbe05e32aeac71489665c406094b32cd5f7e0b7a4d091f3e0126c1701e3417c19b08e5d99739dfedf0fc89f4f35394a3dcd4626164148c1eea3f7fe044e4e48be12e5096da569d49db4229c9a51f66a0468ce8b7b326fd4e31b35aae5f512afca8006c6ec880e72ea9057c85a7e5b86c331d1113e71bde09098fbda6804c93b96c6d8cdcb8b10b63f5c7d55a5d22531b052012618acd85737fa5b8d6f1be12120daf2bab7affc75fc342912c5c307fd8e5946f635de7a70e72c8a7dea0431aed98d3ce347611036443a576845b5c5759738508d60d77f6b44c8456ae00e034acc26669a296ec49a77aefa96ec66c335093860ca455d70bca4d2dd83d3153c66a6c943ddb1120e9fd8516c9209268530064a0a21dcfb966c7fbdfc656b1147ebbddb178169a9c35511a68101b770367ba81672d0afaf98183c3cea7014271893336fd7ea08425b0de4ffb62e7f2ebe319512d64a35b0a7ccdfe7b7414842f2635536fc3fc2e3a8455b30fbc95dff1141a5804ad23fb8c7e3a8aaec00204cae0e748a2ba0e710a72b2e45d8980cceb2f07a82e0b69240e0827880174a947a94761551eb5766f6128c8f063fa18c3d020174c8eb05fdbc509e8f98fa7e565920dc3cf17793fdb513dfb1532df642a4d4cf898da93e1b0cb72b9735a14211657ac021958e7982ddb185780a069113106267490e691b4625bc524e82aa52496a68df89c497dce4585da80c37b89fa19e5dc8021c5eaf79d661d204b271b373202994ad4a14517e5a135289a5cdc57285660f1d58d40c40b4af89699dfdc467c7244781289ed8d7832c62a7ce2be9cfce8fa79ddaf43ba1a2c5e1613359a6a406d17cef9bf50135fdc430323b2717d5fb6fc85b36eda10f53d78958c748fdac9f7c2bf134dde346dcb6a6f270493c365a97ebdcbbb141e130d196cf2543dde75b177102608c4d5bfc157e369b1db19b8be599dee3dc668ad6caf6a7c5b025979fedcd817b8fd88e0c2e3b2ee76055fdb2dfe40d0e02b505bb96a478ac2d96fb0be06a95625a74c92bc2f787148a471536972b1222bba6265b35e980d39775acf53283413cc921ca439ab88778946f155067f739cfbaccbb5ec945d596b4a2a3d34c36563f00a610890ca60c5c1bb6683996c1ccfdd87528fdc5571bcf10add476d0323683f3fd7a054e26386434ea2a2afd2e80e1f3e335473fd1348551fffe0c343571e1b8a64eaf419e32cec663cc2936d7c6fabcd1fccb6a44ed2fa093281ce62ca373b7564ad3a9e82fdac9ff6de21b254164058d93dff5f3e3dde05e634eedca5bb3a6ba843d3db6958554c30ba58cac83d9abc2fd02c8f465eddc65f38eef3bcfdb229f4a331c2627a38f0e24a8e0934dcc4ecf9155efd6e51ae780a1abc0546e39aeeac6ade6c4e951453965aefb5bed7518edb5aaad3b789e5f1ec1a9adac7cfe7a219c39e8c4efbf7524b3aff6a64c2d42c7de1be22a5082f7ebc9352da4e9b063b782cf3e7a98038df64778a2d6c4ff7d1bb3c8b5a4dbae9e2c1ce3f9b7565a775b53d9833d62216124be37dd1941a09e3a2237589da9e2b67e54920a86f217bed83c92f04b09ed24f39d5bd43752cf90317cb0824550a3813a83f6bde422db4b3a2b101ef3e9baf413198f2c0485787ff80bf95d12862d9e30c7922a9c4ddf3cdd10c0429dc20ec6b02cf2f68ba550ef475c491e9feaef2cf9c9dd227c4878dae0bfc233fb308d05b26062564a71bc7c31f222bc74ee6fa03bada1d3d1c72baf94ab47fce2472f561ddb39979c10207a901b9743b6e92d2e2c947c1ffebb79c373e9ca28e4d79550faa9a6438c90596505f8672f908a9fe50cc3a07d7822dc05d0d40c561011b1d8f59da9193ab2ec6669731873b727c599880227e338381e74464675c03db966f6b363b30e0cda11019db688c30310fa970e19f0ba1f560bc1697ebcf0df163d52cccebb8a4356ace3793605d8c5e1bd8fc8c7ea912a765376a1bb89568fa16c5aea731ab78ae2fa507437f1683ac2f968c989e9c263887875fafe59209577bb17c95bc4c0aa7d41c371254f927722140ec5bc6128676c5df63df79de7516eb052f82300b4e877044ad7ac2906202ad1212ecf478ffabd2913c7059c0bec4fb76f0e1ec8c61535cdb84374a13bdfbf278dba6cc803f24fb6daffce594ed93b3ef03ad12129a2d8663cc076b2bf8ed2b4fa448898e11268b2f8af38148d573319ae0ab5a433cb4470ab9626c3e33c2bf9327aa15efe887461d72d165adc5d086cfffe37fe82d0ad510c2af0f4b138db1884b75d10608b0a55339dd69e4db2c3861e4abe0f97064d98d29f8560e641620d291b02fb6074f4ba646649757f70c86eb4d7416ac1552af36e2969712d323e409976cd6cd20ee55955a34ebb2eca5b241d27006703040326b3983256f6c9772d396b5b654bb3c23b19ff04159b9b644708ac2091987b37fd8f72ed7ae338f4f0ead6efe0e5d6c3c33e75e7ca1cf0db1fe43abdfb4b14723d221ec162af9219eee736a0496414f471aac904b63efeee85d8b9ac6354a8423efe3748edf938c86837ba17f39e711ab247fb83a9adef1cd7665ba6dfe353cfe4e4ebd2f5897bc6d4555cab8975fbf7f40557de23a62a6b82170db338fa0ea9eff2f2c45910c68a3798947b56fd3e4a70c5f6f419d889cd2c122e5ea19df0e56f5a2c05062fd752a892e2eb3c88b9e25269a6acdc71f8f23a03c7c51c3613605b23d77fbc2ca63662f7b7fe24a2f9749e3ab59f29aee79834f4fc29dc79ac1fe6f70c2b11be3fc4f3323718bb87590fc590315522360c07cafa0826e6a9a25fa5b55004dcdb7d59f410d096b2bb0fceae9e4bfc440985a54eda5ef1a66bc7d1143776674f04dfe944e86e23805ed38ce8372077e1f8264d30b742fb61f4e255b8e3cf19962e6012fd4a941ad4cbc006387cf6d5303e67e91b615abbccdc1675658af32489cad7c03d0535a235d9a17de2ace987dee2d83336e27424719eabc8b03779f81a036552f83c83d5b62a4ac584eec14b13334c047b716ab6a5f9d5a486313ca8b4a7aa3dc8709bc740b305a3de1f9340935d62f100b248861f07cc298ee9906a90189cf124b4a425c3a4aa7537883a325c19341336612eb581f5504b81c92baa516289ff1dec520d896883025384ceaa79c381c5e33df047b0c1d4f2e26415913c63991a30e6fc04875a9d5cc40cfec5844da4eb0ecb513a5708e5033cd707bc297647c53ec5a8cbc3b4502127b78531951a6003076ce9d5268462fa3f8069776eab6f54879c13a84614b61e6fb7e8e5b43292a71ba96b25b34f02be95ab6a70b8693257d4f2503ba0a3a0d9b4da71be417aa6f6a577c331ee4a4cde9f006d4c3770fcc61a6c82bd8986931c73793b303618f1eb2ab2e8e62a5f6d89c4bb36ae444bfbb43c36895e55171488eb81b5e555a3c382a323177bab9482ea87c9f288c90e2436475c5ed1fc1affc02ee5c8b410bb831e083167dd20d24e9a67294d944223a46cabcbdc85b2bf3fc01077be4482da2fb5124b4bf3aa7a4ef35c8089d4d950162a58c6282ccf69a4265c8911f1023455d31df7ab183b9abbf9809c8bbbf12b8407e3c5c975dd517d843df276316a110f7cb93aee844470d4361833e397efd5de53363e84a45c8094278b71d68cae7bb23a4e8fc3f951e8745cd4bfbcc5c0318b86b7eb401ee1c21db05ce0a7ae7a3d0e813132e3f7a66874b4112a42c1c22163ebdf139b4390c2d63416bf784f445dbd2d7d5d67e4b16cdb4b004292d25e972bee36bfcdbdb1eb65a605bb9067ecac34171596f1553a6b8d7912dfa63fb02d640187d9c54d554c1165967151d06aa2425a18bb81d070a7e3b0f8a8dde2b7760d7c5b8c071e086a98d288287560c78e2720de1581827e8864c6f24c2072ec2d17f726ae138ba7b01d2c13f0c01c313c4217dda14c47349b933210edf3a10a9f267a87c21d6fbde60ff281bacee7d5263eba68127a4b6a2d9cfe4e689cc794f4112c680c4878edc77228bbe7de5c5b719bc191278634663173768ba00312ef4796e3204a934a54ef453868d3844012651d9a5108269826c7c55a88649dd125c2034d46dafda7acf7899b6c975bd8db23256b57c9e9c1c8f2bc16b57f37e7fbb4b145c99005aef8688a4a03e8274704f03f4798a2e5800db4a9fb516f2b49d11f04080966d192f8db454154849de8b957240a784b0bb497a12bb06504be884067685dc79b780b5604c4572a33d814fba962382f4472317e75f45c8ebed7baacc24364566774d69992105048a7327616b0afbb1b3d29be20299aa4f505788a2b567389743c734962345cc218d8a1045c8ebe2eabef9f3d410b80771cce4f100b7993ea8545972d0aaaeead760cad1fa1c4aa2378b3fff3f33bbbcfa844bbb8ad719cf487ba53559e0b57d0ff9d920647451ab4dbcb62cfe50fe8c5d4f48f766c966c005f1b7e03eaa34c024dfe9607e2343ebc88355e4117812da2cf502e4badb9775baadb6e46425c1947888b0ce562aeeeffd48c8a57966cc45f0abfade8789077f632d9c0c6422b6505dcf91ea687dfa1363bec5d78fa6d90566c964560091c42041e138e9b766ed64170de5402e6fe94e6ba2f802a773250c499bd0637ac279898f7fc01241ce31bfa171e26c467e0d958fa48bdaf42260b232feee6e2a37bb13795e08a7e0b318f301647d6e32c6db08c44f50ce3f046e4546bf5bb597b6a0b19bab30ea8a8dade08a0922f169f3399710007c716b56e70e0f9967e994db9bcd0d28b3fa6a31067cebf6961edf4f0887a95d40188f0313e68bdf23e9da56dbfa276f83b20b5f5026980a2dc649dab51d413da66e83187a19a6beac52afcf360a7c9d0ae4c098aaae989adad89bd487b0882300fd477b5d2a5e88b9efb2cf9910e4968d6df46dba52c328e00c04d962ac9ff5971e68e0886ed6a79cb43698a2de8103894096f8408fdeec86e21832e8899cd08d5578d32848cc1a7c54fb797435d77c0dd7892027c53adc1040a28eb6e303add7c0fd9c5df6d6a4368f7e36be9e3beccdab58a876860a7cdd69f39c8852a82a094212036e2f435d4cf164a95cb7828bd0162e8b5", 0x1000}, {&(0x7f00000008c0)="02dda33a5e2de58c1d9c366cc7784cdbd8e297f0d974dd61a9c6bfb9872c0c954afc74d70dfb4a5fd03db55dd438f48d436879fcb6081e64bc4cf456415ff79b2b649b6b9216367c2b356d1e38cfb3e7de3095d619ab0871931f3418a6180967eea617d85ac8c3a187c459522e45655afb5a3c03c2d685ade0cf85d1427b91e54047ad6cdaac37bcee2ea17921c1056d57b9968ae47e5c5c8ada0bd3ec0080ae77a847b51d6e7aab8a9d26d74d1d131bdbfb8932743b4e", 0xb7, 0x2ce}, {&(0x7f0000000980)="a59618ea021874e5576186135aa97c9a9fe2a10afba3bf3a3ecbbb6788eaefd785a124d01b44d5221aded4f6ed2de0bc7ccca33e113b0b8ff67753d389d7b615df7c85a7a8e87894387937cb8e7bb6de9a769a365f52016f39964e8bed3cb4bcb23b913896232087b5e9efa76e0fb010fc3409b8977a56915f6ecba4aa1b20fbf4f4bef2c2ec0eaba0a15f4cfcb87206367d561ea0bede57093d0db168e5531a77a195dde1c1bde004ff2eae25b25620aa76e964996e67b2ef9219bc8f335a4a84d4d2d7c45e76df1e3843c48118365200ea246515cdecb1f198221cfd26a218a88daa644a678de32c7476bdb22b7ca2d84f1085ccbb83353486b085fa", 0xfd, 0x1000}], 0x0, &(0x7f0000000b80)={[{@user_xattr='user_xattr', 0x2c}, {@acl='acl', 0x2c}, {@balloc_border='block-allocator=border', 0x2c}, {@tails_small='tails=small', 0x2c}, {@balloc_noborder='block-allocator=noborder', 0x2c}, {@usrjquota_file='usrjquota=syz', 0x2c}]}) sendto$inet(r0, &(0x7f0000a88f88), 0x29f, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback=0x7f000001}, 0x10) recvmsg(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000001c0)=""/150, 0x96}, {&(0x7f0000000280)=""/129, 0x81}], 0x2, &(0x7f0000000380)=""/223, 0xdf}, 0x2) sendmmsg(r0, &(0x7f0000005040)=[{{&(0x7f0000001880)=@can={0x1d}, 0x80, &(0x7f0000003b40)=[{&(0x7f0000002a40)="e0", 0x1}], 0x1, &(0x7f0000003bc0)}}], 0x1, 0x0) r1 = memfd_create(&(0x7f0000000180)='-userppp0!\x00', 0x3) accept4$alg(r1, 0x0, 0x0, 0x800) 2018/04/09 21:14:21 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) [ 465.580182] binder: 32755:32761 Acquire 1 refcount change on invalid ref 128 ret -22 [ 465.588293] binder: 32755:32761 unknown command -928540024 [ 465.612265] binder: 32755:32761 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:22 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:22 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x10) 2018/04/09 21:14:22 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804001c00e000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:22 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x8, 0x101000) ioctl$TIOCLINUX7(r0, 0x541c, &(0x7f0000000080)={0x7, 0x2}) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) 2018/04/09 21:14:22 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:22 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r3 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r4 = msgget(0x1, 0x80) msgrcv(r4, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:22 executing program 0: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040001300000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:22 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:22 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:14:22 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010463000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:22 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x80720000]}, 0x10) 2018/04/09 21:14:22 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 466.628540] binder: 337:341 Acquire 1 refcount change on invalid ref 128 ret -22 [ 466.636226] binder: 337:341 unknown command -928540024 2018/04/09 21:14:22 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) utime(&(0x7f0000000200)='./file0\x00', &(0x7f0000a98000)={0x3}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = syz_open_dev$sndctrl(&(0x7f0000000fc0)='/dev/snd/controlC#\x00', 0x2, 0x4401) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) pread64(r3, &(0x7f0000000900)=""/195, 0xc3, 0x0) ioctl$KVM_SET_GSI_ROUTING(r4, 0x4008ae6a, &(0x7f00000007c0)=ANY=[@ANYBLOB="0400000000000000000000000700000000000000000a0000090000000800000000000000000000000000000000000000000000eeff000000de0d0000030000000000000000000000f7ffffff05000000000000000000000000000000000001000000000000000000010000000000000000000000000000000600000000086ef23047000000000000000000000000000000000000000000000600000004000000000000000000000007000000000000000300000000000000ff000000"]) keyctl$set_reqkey_keyring(0xe, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000080)) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000640)) r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/enforce\x00', 0x16907e, 0x0) setsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000f80)=@assoc_value, 0x8) ftruncate(r5, 0x0) pwritev(r5, &(0x7f0000001400)=[{&(0x7f0000000180)="39c90c1158e1ab5b77c4f0229ed23cc22ff000db1614e319ff204ece57c167f012e2d15721c01471db853677fb7d712a423e12e784514bebcad00afb8bd093577a09e2767c39c91d04fa1e851984d465e5dd70c4c597210bb8a3b207613cc81106057f3dd7adb88cc2d4b5e6ff1051e548bcc006f1bd078caacb4f6d8848e605aef192a496e3d6782f6dfe7def701de53a41f332d9a77e5bbe161009760e013620148169afcd6bfc62dcac806afc80773e099d8ef0c2623ea3c3316b1fa09abcdcef4a030a755fb2cdb1ddd0a0b724408fe30180f931148b1eaaf28415fab39aaad2f332aa5143bc89279323a2b2a6697b8e1d202c99aabe8c2b7be24c1362c7992179132dbfd398510f513d4e7a497a0195c9f3271091dc8067d96874edb829e64261a83863dacfb746ffc7c02c518def2fa2a160d2fe8a07dffc91bbeaf3463ad48159437ff83134d74b6ea257ad6783ec69351f5987a8f2f973d8fc2ea16d4b18b2a17db18fde0033e7687fa102b1b02038605997c9c1f5307612ac0d4795f8a56b58c9d247f41a2d57c7e533bf86feb80a6b4f83d45c7d60ee8b528a740e0fba37c36d5ad282b16a8fedddf7f158d1c4a368d807bca431a80f9fef197f8120e8695e847b06b9558a924622822d2608ab62f878e4413265152ad900c3accd0e60a060ed2f7384d4232b88432a0cdd81e736564e8300968877c0398fb816ef8a0d5c20839329f8d6e05f290abc0ee3f199d8618b58d093cb5d5d0d4bf0d5e5843c817826bf33151111d2f282cd48721c752fc0c62268473fb060c760cada06192b470b3204e7f4c968f5749def7ab4ee95e552c800b3808159075fc9b8a9e63090fdc216cbb4fe6ce31c12aa39f1d15e4cf3c8b560ca8fff4e023e2ae6921493827759216e08a5472ba772901d388ad30b8cf0aa15bd12c52529e298798b3a90e02f86a519a0d9569be5080f26ef59eb7f7efc5b8e658b256372f129a508f75e50027a1691937e78e68f0eb041fec73de0ef5b1c8c08b085a4f71b8f0988dc179a4ff9dc4f5c709f6392194a1da8e60e02937a076b8b319be52da19645602df10250e624ba80637234f72a36102f55f9289b4ce2e5d2cdbb084b7ecaa478ead33b9ce3d7ea0a9d45a92dfdc56f3164c986bc7ba93a4b51c00496e8ec3668f34410a7da110adef16fd2d4027a06345595374c74a5dcc27320454b418700b614d667a913129b98058fd29755da1332ab7bfa8325d3a7a83566454b90ff6362d713bff42c2b903082d6ff16c36b7b7481443523d82c1ff8108443bc635c8364725e5464d06fa346f1e91093cb3945e00f26f9154fe02cc193d2ca74e137b1943a729e21fbadeb6d65be0cccf1922c56b81896b15b12df5288aeeef93b1cf8d7f76da939b82d638122dedc6cdc4f4e90869421069e7cb0abdad08eeee5a4be2bb8a146c500d4daed3c9c2ad20a98879e31f2956b29ede05eb10b82d4e743b591503d628720c8e99f27574e4e6e01f8cb8195353415c7191c6fb26f822ec1713d3fc469e6aaab1cbf2075eb8cd912f913e9da7b66f65d11a16769300b63bb91f6bf63f158cf07ced499537f6f55fe95e3a8adaec9346ce22f6363ece0e246aff8b6e7fc72a9e406bdb9463937ce5e48d57f4d4280bb4e94d76f3336c7778d45828dad8c4155dc1314c27979b75a53d738520844a72dd02323c84bf16f5d83e32b119f24bc2b1a952b2d77efdc1f1a2882f2866566d75c787a6db4c14bf6d82441ea3a8fefd2ca1b8499b456608a595582aa03f99ae3ceea75464707be0456da882066c4a8abb71d890276b697fe0c931817382042218f3a6513a00e1cfcb0a17ffc82f41081ba815ed7989b918429427dcf302dbda3acd19924cc4f69dd7789d4e31be52f1064238abcd34589cd4b6a584c4158e4ee16364e5a05a28d221f732605ec2a618ab0de74139b615a4174ebe6efe7fe3e3bb5d99c90a19ffe39fa777fb6e44a91a01f767f740d91eaa5527713c23da4781be430577ebedc212404c63b1a8ff51c91c62d8647410738417ec19b17c5f901e6329f873508c4bb3f5b0aec0ebab258b9c96829b29be2464970b68fa60b23498fd3c3ca9173c37fdb827dff96b27b9292678dfa506ccb84b6724ca685205e681cf2c22c08dc71babd0dbec8e1fe68ca098614db5f56dbd2f84a36eaaf1a7b1488d879b15cccea98ceafa0ce8ab6591cf00cfda024206c00ae28075a9792335022610c0a0dc592d7ad7c003aeb7869e5eb072df47801392cb82c070f69052183acc010fe5b4ac22b2d8b7722f9920658b8c90473eb85d8ad26aabda5199a57544f6b0f90809670499ef7053b24526f1f07245401f3dff00dff31c5f815ec185f58ba3be632e390bfab1790b6d82c234e2338a350cd6a4ab6341d18b01596f6eb7aa36794f0774d6bf3d27480fe081dc809b50738dbb47719bad43fb299bc83e6c49bf8cc8c9f7bc58cf9696c77a37dcd2e95907d11caaa92de2358fc4dd83336e1273ffc2e86344311fcf4da531261b444300785a58294cc0e954510d026a5969a2daadc2650c63856dc754889d3d6a72e1d04a6294ba809b2f6329355f01c307868876a55e56b63d8d369f1952782061a3ee5a6bf64261c3003ffab3ee4124cb3d57d733b80bf3d8293b427762eadcd3bc94a127411e1c137c1a48f5a19d528e8f22e1713f9a1d45dc82ab9270eaad80ed0cae6291c27f573e175d56b510f12cbd8be79cd4248cd848906a814fa1c28c47c44f7ba776c5d0a156fddf7301011645986fe5570f76dd5a8441d9c40f7809c59187b3052d28fdfdeb96368fd47587ee35197da7ab3b1133254f696e44e24053b1b6cda1d8a2117040c2ba91b1b99b15eed0f3beeeccf96a55f738b42f5c4fc0ead873e35bf76c1d3970c9f4d1448e6e3b73c8d693ed328188154cb827e5f5f03575c77099710a80c6b1c53ad1c657bf1e89519eccb848b30f6c946d082af980563d7d7206a22d62479ef11f38f9ef9dd6aee83301fe42aeecbe0aaa7af1cd3c8b1ddca1752b887b97d6442f24236a6b57ba6de5ea9b071d78f2e45b436c535e592533780fa50fd6522c14b5b5ecd391bdbd7acbcf3d571731c604ed437fa1af9cd367a066e01f98c996fad367ec8e9d47b9f427ca299e982386970fe89c9da68cc72832d1d1e18934d5db7f49446ecacea9812a09b7186e51addb5d71c4e7cd2e44576ca87b3e2d92b69e3ae44a6df41214d4f6add3538a8bbe457cd6a3fd255afba7986a521ecae557409812e706764a29efe8ba1b34935549614bc151dfeed1c93f10483f9a867ca1b104f6942fa57cfe4fcf3ce24091279e3c0d17a4bfa0b6efa60c47ea9a7e42c43a2790663d6d702915e0c637b1fcaffcc0273a7d4cf00620f7117fd2d7a70ff9b06503d494a7da5d82d904fa995fd01073718997054aa5ba4f187685ca6a36be41f62e5af2dbc4fe739a3e4d2236756b8e9cd61790b1fc19a3cd3d924d8711e5b456121ebd0976d08b63a44f095aeb40f9d5b04ba9233e6efb0243dd95a8d119283452771bb0980e06c25027be6424c746b61cca317b69313b439950e52fcba852fc5eae8273a4bb288bf970b3ce9823f63ffd708232339dbc4bcc8e84ba885b21568decf985953042a70f37bc931ccf2b50102cac97fe0d2f0d11b80920299bc935c1494005085f60da5b5972bfc5e61ff5e736f7d15c4a9018614e628153d23fedc6b2ba9e71baae94c94154e0757b785973e0372845f40c61d82254fb6d79e1916bb8eb7873def79afeb2545fbc4cb1e84af9d4ca1da1de1c5a0f8b5001a54b4547d14623d407590bc0bf48c9d6cb1b5a2117db491942708a3c6baf79c5668ac786c5a57760e44cb5bb80412a352c803f47df5b38274381f09f2ccaa1212f601df91aa6f0dd9c54e5ad4aeb1eabc5746b90b5c574e5db8606675ffe0090497d0ca2e06bef28e40cfa70e07826f5c095a66c004e2f471c5b9f6c09197d6582f75e1c8c1dd9ec37c586756b26a8311f5b19e31b93865cbd632478f0c0e168f83e64947ee77b318f2738c42a266ace04f94afaa9166e595fcc09458987056664110430553b19f621414debc4d8ee3fa95f0681b3d8158a294308e6d81c4a47b6038b308a56814225dcc67d0cb5ba34deb5b2f33ba7bd41a2ff4fca9948c1016d51a87c7a9f41c85d711b0e9a90a2fe3da262e9f7820d137a03a0f66b3d8b8e00e2bbc06e755b722f2336c1fe585f66958db544d3b5bb9867f5cc8893274123f5818413ec873595aa2c86fb387caab1a4a0e9b50e555cab2cb4cb6b67b521dcfdcb92b683918a636965b4538986637c1ed6531443a26808dca14a9cbe778a0cba16a7b51919b4ffd28fffee755404be5f58a7a9b5af4c48d73a19641b1407c16943ad810edc3b84537fb35c3754e5a8bfbe4b3ec5fa40ac7cd2b089a959e21310f147e97d2ccb2981ebb58a09581f296c941e74c2976ea7b27d0ddc608f513960ffdcf38b496d45dcc05240a37b2909630623b7ed12548e7132fe8e863cef460e04870c3340a00ca27d4aa93d491eb7115348ef745bfb8c6875d259612bf4752e2b6915a48603b7c21edce24b4ba2f7066a669c0786cb4f8e910b5916f9c5c95836e97e205c299a9ff2f48edce2d39dd5dddc7de8b6a4d773c6769676888e400cf9e8cafb2239540428857ab4318bfce847ecaa91dcaacce3e3a21ff3035bd9f6e66d28c9bb134c55826ccadde8bca69ce96e871051310871d32f2cb91685242e7d51c240a68ce89dcce7645f39bfcd35d4d4535673b2071a69d7135a47f52f25bc613baab52334a97753a101c04fb2a8c75d58379c63d7751157ce9386bda220cab0aa829c73967d38f268f318b060948ad2e89701961ab90149430184e41147d7aaa29f5853e3b5b9f718a4e0fae43f48ff2012a", 0xda3}], 0x1, 0x4) bind$unix(0xffffffffffffffff, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e) ioctl$sock_SIOCSIFBR(r4, 0x8941, &(0x7f0000000f40)=@get={0x1, &(0x7f0000000a00)=""/242, 0x81}) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r3, 0xc4c85512, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, "deb9d52d059beadfc4d05c877d7fc272d69092baa2542f21774ea89452bf346da279fd1d617e74b3177a5e1a"}}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x10006, 0x0, 0x0, 0x1000, &(0x7f0000a98000/0x1000)=nil}) syz_open_dev$usbmon(&(0x7f00000002c0)='/dev/usbmon#\x00', 0x0, 0x80000) ioctl$GIO_UNISCRNMAP(r4, 0x4b69, &(0x7f0000001080)=""/103) ioctl$KVM_SMI(r2, 0xaeb7) getsockopt$inet6_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000000c0)=""/65, &(0x7f0000000140)=0x41) ioctl$KVM_RUN(r2, 0xae80, 0x0) r6 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x400400, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000c9bec8)={{0x0, 0xffffffffffffffff}, {0x0, 0xfffffffffffffffd}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x0, 0x1}, {}, {}, {}, 0xfffffffffffffffc, 0x0, 0x0, 0x400060}) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r6, 0x40505330, &(0x7f0000000240)={{0x101, 0x5}, {0xa8, 0x31d9}, 0x9f2, 0x4, 0x7}) mmap(&(0x7f0000000000/0xe62000)=nil, 0xe62000, 0x1000004, 0x400000000032, 0xffffffffffffffff, 0x0) ioctl$KVM_TRANSLATE(r2, 0xc018ae85, &(0x7f0000000040)) ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, &(0x7f00000001c0)={0x2, r6}) [ 466.671977] binder: 337:341 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:22 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x2) 2018/04/09 21:14:22 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) r0 = open(&(0x7f0000000100)='./file0\x00', 0x80200, 0x44) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000140), &(0x7f0000000180)=0x4) msync(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x3) socket$inet_tcp(0x2, 0x1, 0x0) 2018/04/09 21:14:22 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a60080400100000ec000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:22 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r2, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r3 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r4 = msgget(0x1, 0x80) msgrcv(r4, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) [ 466.918765] *** Guest State *** [ 466.922213] CR0: actual=0xffffffff9ffffffc, shadow=0xfffffffffffffffc, gh_mask=fffffffffffffff7 [ 466.931127] CR4: actual=0x0000000000402060, shadow=0x0000000000400060, gh_mask=ffffffffffffe871 [ 466.940062] CR3 = 0x0000000000000000 [ 466.943863] PDPTR0 = 0x0000000000000003 PDPTR1 = 0x0000000000000000 [ 466.950421] PDPTR2 = 0x0000000000000000 PDPTR3 = 0x0000000000000000 [ 466.956368] binder: 380:383 Acquire 1 refcount change on invalid ref 128 ret -22 [ 466.956950] RSP = 0x0000000000000000 RIP = 0x0000000000008000 [ 466.964551] binder: 380:383 unknown command -928540024 [ 466.970512] RFLAGS=0x00010002 DR7 = 0x0000000000000400 [ 466.970527] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 466.970540] CS: sel=0x0000, attr=0x10000, limit=0xffffffff, base=0x0000000000000000 [ 466.970558] DS: sel=0x0000, attr=0x10000, limit=0xfffffffd, base=0x0000000000000000 [ 467.002187] binder: 380:383 ioctl c0306201 20007000 returned -22 [ 467.004651] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 467.004669] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 467.004685] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 467.004703] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 467.004720] GDTR: limit=0x00000000, base=0x0000000000000000 [ 467.050910] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 467.058959] IDTR: limit=0x00000000, base=0x0000000000000000 [ 467.066990] TR: sel=0x0000, attr=0x00081, limit=0x00000000, base=0x0000000000000000 [ 467.075052] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 467.081516] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 467.089056] Interruptibility = 00000008 ActivityState = 00000000 [ 467.095350] *** Host State *** [ 467.098622] RIP = 0xffffffff811f3c09 RSP = 0xffff8801b0bb7360 [ 467.104664] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 467.111111] FSBase=00007f080f9e6700 GSBase=ffff8801db100000 TRBase=fffffe0000034000 [ 467.118972] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 467.124915] CR0=0000000080050033 CR3=00000001ad24f000 CR4=00000000001426e0 [ 467.131988] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87601610 [ 467.138706] EFER = 0x0000000000000d01 PAT = 0x0000000000000000 [ 467.144816] *** Control State *** [ 467.148307] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000c2 [ 467.155052] EntryControls=0000d1ff ExitControls=0023efff [ 467.160548] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 467.167519] VMEntry: intr_info=80000306 errcode=00000000 ilen=00000000 [ 467.174227] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 [ 467.180841] reason=80000021 qualification=0000000000000000 [ 467.187183] IDTVectoring: info=00000000 errcode=00000000 [ 467.192656] TSC Offset = 0xffffff02a4dbbf49 [ 467.196996] EPT pointer = 0x00000001b83bf01e 2018/04/09 21:14:22 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:22 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x9]}, 0x10) 2018/04/09 21:14:22 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x4, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, @perf_config_ext={0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = accept4$inet(0xffffffffffffff9c, &(0x7f0000000180), &(0x7f00000001c0)=0x10, 0x800) sendmmsg(r0, &(0x7f00000009c0)=[{{&(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x3, 0x3, 0x4, 0x1f}}, 0x80, &(0x7f0000000340), 0x0, &(0x7f0000000380)=[{0x10, 0x1ff, 0x3}, {0xb8, 0x117, 0x5, "29878f475133b508cc7b751e37cc104bc1ff32084ea585d4e3d60c55e8dc9347c73eb85c4223f792f1422dd0b2b85cbb6f4e2f589e5e4888eeab2cd5589134d8944f407161ab295045a159b1cdf0be78f3cfb505b588041b5666fe09968b3695ff3cc688ff4cdff65829cce3b2be8fe8e74c3d5603bdfd3e6c35f3b4aa25269f7be8188838ab758259a8462ca8bcbb6e501bbb40d9d33fbb10acfe57b553478b97"}, {0x48, 0x19c, 0x4, "fdae6a9a43d48d7eecb7692af4818824aef289236f471982596c01ec6102f0c3e1c195e02bd04d404206ba86dab8a51ce611feeac08125"}, {0x80, 0x1bb, 0x8, "a3d051573ef2cffa6dcca03623aee078e261ceaa7b42abec3c9e25fa28c103a375666394cd0cbc2f3a6ba6705a45656e0419472ba01196f665ddea2b0b8e79aade45b7c7d5b352a18ec6d6fa48285ae79360b25126e84646fa89514527ae1756881aba026333bb057f89afd7"}, {0xc8, 0x119, 0x6, "51515791bb5ae6cfb359280c3fe7b4343a5ded49c9072b18024ead8347b4842428b2f1aa8343a82c6293d3a2d7c0fda82282ed825c6217ec75e3b9b8cbbba5f024872a68d9571f148bf2a9fe4589b587baf524a5e7704726072e855fed3beae737e9fd188879362270b95414fbbca648cd8c499c223a2195020b29d1a71bdcd7a7adde3c65f922f8ad8d4a791c7d546e302a729ec0439aa66e7c4cd45c3e9f0eab58d67c849e4daef7306da4f35041f8f8e9"}, {0x90, 0x10d, 0x7, "ffe37be16c98119cb25afb67fa28c21e70f87aede57080a7e2e7d103956f7308953b5db239bc8fea335ccfab991fd8b363a5a1a79fb56a1ae75036a79ed94e6f0a30af3124b755c0232be781f6eeca182596285ead7997ee2e97f112854e62df46267d8abdfb8164e687507d0622a5fc0d12d4dfc703157781c0b1d3450482e9"}, {0xd0, 0x119, 0x40, "6d54c0c0478b8534ff648db513c7b832fd9269acdfe3c20858a600300d536bdb62aa3828536cdcb2c3ad9fd69e59d1dc4ca63128a175d37545dff68fe51dc76aab7a5a98e854ab35f2b841ad8f23644732ed3ebf8c5caaaa9b6fae34e94209cac114a7ca032ce0fa2b7727701d3e49effd5f522e5afad96a1e9688734407ab50e5c5d707da9c21fd53aa108773db2013611a472fd54aff77c126f7feb65374d4e7c6b1fb6535ca7ed9f2b39913d4b20c67ca53f60f91dd45c4af93dceaf4"}, {0x100, 0x102, 0x6, "9dca27af06899aec9b3d196a2abb8c8e3b97a5a37ca742cf573c16389399c80c5093f6c98c416ee4ddb873cce55359cf6818483c2699173aeeff06e61d08f343654e27b709decee4bd52be0712119e1c418fe534410e3cd4f81ab2c6a309cd2d8b0f83be027ebbd7b390e7ce61db45175ff56cda016971fca99c494f53ab8ef72fd85dcb6c739ed69326506b7f1f13bc858d11cdcca03921aad1e774f9b5b101921ae396b6636fa1f606acfbdeb301456973619a982a725245aba4a71fbaa397fca53f2b8b7f6ed9526cc29d7eb4b9d886f775a2be15bd553d90b688785a48e8c0ba5bcc667b0228d1"}, {0x90, 0x119, 0x7f, "a55da8c24be0b6ceb23957c8c93afa976a2b836dfff7a8cb82ae67da0a01f094145e5b8a62a5a872febb3f888a4eabd83fcb44ac74f14c01c8e07e2a265cec0803b66cd77186fbf884d3332f8d5d40b6133c6e1116cd3a17fbba0f4ae3f160c4d2876be39d3a6f4c96d97e14cb3220c1235bfaf8ed21938a29"}, {0xf8, 0x10b, 0x768, "36ba0c1a756ced9ab33cb7002b86963d17882d467cfaedacb00c5d44e7e611b20ba548bbe91ac6e194586c1f3c3a9454dd77b95a381a13a409cf4b04a13fd54e4b90b30817123738f1fc4e9eebddcd49948e19dddb9cce11a846d984cdc65a86d360eeca3f382332e17a05872acf7515d405f284306990b6a885cde9e5b951d88a3435dec74597bee913707705afd61d46b920ed49c1ca0cd1e54a7d30038a479b18a61e2cbfee4de62204f62ea58b60aca41f3324b33d3edec27fbf057d3f11a9bccbdbba93173dfb0ef96fcd0962e6036441bd33660f1981094eb88057ead875"}], 0x640, 0x804}, 0xebba}], 0x1, 0x800) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000200)={0x0, 0x0, 0x30, 0x100, 0x5}, &(0x7f0000000240)=0x18) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000001300)=ANY=[@ANYRES32=r1, @ANYBLOB="00100000aac76df3677b27084ee26dcdb5f033933f5ead99610832907098f5410fae2f3b3e23e6f2aaecfec4c690b10c6723a483dd8c81f5198d475e8388577a569da5fcf46b411ef09a8ab42e25112b1a6499a0053633cf680e1c6f6f036bae55ee2cb5a6cd716215f6c4efc35b9c672d9e063056837b2ffcc106b630b9bfae6c9e298f3855a5ca290ccb444febc5a58df9861506e4eb5ba11c04176dba8a61c78aad9929187a6e66c3d70735a64aa514bb949752d8144a6efb5388a8f4e18c41ea83de3575d2e59762431fd53a5c0240618680c6fe8940b92c73021a9660e8344142accd4fbe68a3249e7b1c6fc94ef8c4e61b436c8e518ef230a40a5c9b69b2bca01ebc54bb8ad87081e7b67611706a12fef4cede73d75871f4658f36e7858a54b7631c352b30685996ecaf26a9dc0c2d452c7b683b681cbd8623ab03debbe0cad46fa3eb490a2a5c035f11a5736405fbc827002d93f1b8a16acb204ec8d0645d92f1bce3f716a6c7e92107d5452d22d6a1830a9f8b4596f64712d075be1aca9070ba6174f9850035e5b4cd834cab0d593f73d671d0e5046a5f47a3db2b28bb809aec0b352645c2603b5924a93573c568abde5bbafa58fd732f53aea6c4efa85f3999ab22e4a6e29f2b05f387e42ff7dd2963dcc2618015846c7e26662dcc80d76b23972e3da93fc5ab763779454db783f4f8802a137daae501dc3de3810c3ae63802bd14ae12a0bec71561d179dca4652307b36982be4a6875e1ae67b2350f89c5e5b447deeb0161fe7f9dc45c96c228aab62146807b4a50b179fc28df0f6c82ff5065f4654c1d794de9d1d29542f56695b832e0bffa7bb3814b0d5aa25596339572ee6d21fb6cdfa9b8ae8e1b7dc197f1d250697c581ed95859b9fd1755dc5211e0a7f091353194bb0da38281263d6e134d47e26912124793683c25fda349b35534df1890c1808f1e8e6db407468d5421a0233f048e54decfaa5d90578b61f21d51abcc1d0f4fc163f3af4b0df18dae8f901d2752e068e8555cbeb23550ce216d62b8818c8b8de0c9bb69eb0bbbc506ec7107838adec643dd1930c2db0cd7651c1d11fb99794082ed3683888895c7ce7e8bdbd15e1d0ef347700a435ebbc62843597c854e19218d884a1b0b6af29696098be33e88971775631916fdac90d704d47805e0ae24a0e9cbcde8c676d7d3529e42bcf345f33f4d1e57466d3b48fe9585520cee6b986afc9a38c21fcb0d679428635161457a6c604539ee9513a6d278fa0e087b9ae4b2b4c5078063d92382227f8d48e259aef2b8b86611813e61f011ddb73990ed946f16a7a50db089039e12da556173094863ea5a3fdc35856ba32046dd831a55ab563dffd780a2be7a61037528f13712b30696d434686d66d781fd69f10416ac52154e9c22e00b5e43aa0e9544d3896691f5ec286c979514c73b60f3f8a72dc84c3f019c02c36635a175824378d80b5396ed70d59cdd477730f501682aaebf7840bc39f83af8ee725699f08b1f1bde05649e8d0caeb148d7eac902b9a1b920e7c85dc3eb9b935c4b6413ccfc55a3195d5909a1c509b069d2b0be0c545b576b05e5b206627f29c049e0ad219d39bb8fadb600e0dd48a07454db972c79dcab2f4d46db6be0e2fe4a2cd5ce7c2f1c5488f7e534632dc1305f7246a68272e481ad2f762740a18a39a7c333c886ca1097f98a6947f161b400b0051f363484c9c3836e75280ca208cef7b3460394f29747ff727384af97b8d497f89acc73e31d19826c4448c1a477b6e993a346954bb0d46e29bf9aa9b6d847ddaea7f60042745c634ae720147a96219edba21c5d001638acbc1d2a0eacfa921bf2979393d4ef45f51ba357516384e8ea3804df85918651009fe0291296b7ed2e3f4177065244a0a86992456748759abd039df0b673c02444ffae0b3bdc1c5e6e6922c930ea0e503c929edbf6d8489139ff9a7f3d972f2db58814d9fa776cc2877b1008f07b19be0aa8ce44892bf8540a67eb71a1b85c1b34c764bb3f84f7dfaadb03daa3f435fc03ac97ce00301688a637469844c42ed7c6a16ec34597e7f874efc2c94ed8d7ff0391f565e12923d4cbbe6db35f98d62b09fddad66d46919ee19e85bffda2fb13e1e425284ab7171baebb7abd4b002cff72315ffc0027b5f9f44b84b5244c8440c20299d5424ec488d1e14db9d155a4e766acadd17b5456cca6097fc2633b84308d57135b29e62d9c5095539a09bbc52657a821392c85ccf24ec2b9024976959cfd53b52ec53576c24b71e94f0c4a26cd07395f7f6dd3df0baf853ffde3ae1beeed903eb0a83da082930fdea50ca8c219a4d27f0fb193b68f086af49ce86745efa5f6454ed1356f5a35dd1501941096f8c46e465b5037dd412bf431ed2a42727d03fc2527a7da17532a0eefd0d7f8974e5a5db6399309e1805a57f653ed9f1b99ddac547525c5c0a741559de466879366acb992d5422aca9828a6559a2d3c4306784fd946b64f44dccab76c02ef19f7830ac61888560ce7778ef461fc2f2f81da2ee8589f9e8b615dbc28140a8035e47eca2b498a37f74f758ef018813e9b192755dcd4ba7384224e7fed0c13b5fa8283a301dcc2f2e2bbc595eb62c77e26d448939bf1e2dea43bb685f2094f4df94a03c6bcee5ee59e7d5470f368e99281a78a17ee5a73fa03f47de751a19dfef9e7c7ab0aba4d5ca2cfbb742ba2717afbedb734472ad173357ba0c80d4a792d6eb9468e851f57e489229d9977541b54d8b03e6257b3ada4c6d29a45c8e5e761eb66b67cb1076004c33885bc4dd71fbae549d4e1f839ad12dc9b1a7ff5d633ea1dccd122f1854eec92874723525d8d5f80459d0e7afd1b003b7ed4ff1417f6528a5778cedc0b18cbae2fefb7ce9210f62416fb30a19419b96c948daed58da5c15e07487b9cab9e378683d54c7ef263e25734e710bf902bb45bcb1a33fca4771914c6222430b24101042304ec05ad0ab6b00d6467c82a27790afe69800fa8aec7ab254779f398f20a939d30010aa82d9bd23a0c06609230adaa274e35bead3a3f36680d37c4bfd6c751cf9b87661405d8822a751fbe65e433893f2051c8c5ac2d40214560568156563f27c963820f93efc30bb69944b4e58d5a4c6e0f83c761667ba5b778c1d7218183d1812085c6c8967cd95346bb61b09da546cc959bf3e4c87cffeea66108ea40c86ca4857491bf9b300c72c7673f57845cecbd253954f29df5790a0c55d64d53dd7daac930014239c5075a74f304b3f3e2015afda69e6a088e737058e7db28239becefe4a5287b45ddf8e4f4d012d163f72ec52be96359ea76bde1a1a295d3567ef3f4c18996d2b35d1b3e72fd77699145e0eebb59079c24ae34172b8051813360818c5ee20cd8de4985542fd292367d6bf15a58161528627f50043750eac927fc1fb53f4e3febd5585dbee90b7e335aeaa04f89947ac9005b06cd76fc8058c6ef4fd40cb49044d20289b4e051395ffa91f5adbb6cd15c8c3ac7d27387a299830aaebc61776c59e20d05bca6d235d1247601b8d3c222c5c27d43845e0108be526d60bbf7380d6de0b6343436d0327c1fbc6935b1cfedbf2d54779bf7e7bf23e0a6fa86347a54a8ca4e34db61bf037a142678c2720218632d9f7b840b7c5309762c68bea8d5c65950526255689194ed05beb56ce4bbd9139812af1ad67a1efe64eb3f51188977c2d93014cc5c9ebe960ed553f308d880e95c0ad5e91b7e164217c03598bc4e69fec13aa965b9c0990bedc8ed3062eb88ce36e59201f1db71cabc00413dd94a79f87f976660c4c87b9f24f21753b1e4c559009b7b82ef9c4d7f387eee8d54369f317a0dc06e96a123f962c458cfe4b56257eff84902a7784444f398c2f7b7639a6c2ec747ce3206b75043aa59e47b0eb1ab904b1b3c8165a9fd23f411891fe7c7fb48edf26343c4e53c48918eb284bde43aae01fb948ab72788bb4785cdb7c062dd83390b11dfaccc4c7e2c150909fbdbbb236f06ac9d38e084fee5a798483877aedf06f3c23f6d2cf1aebdf8fd599bba8fd54f4009b6717cd5b672623be0767b7544a584768215d1a25a51a8658a6c7b15b8533a202132ec12748b7f1c240a1abaae636549dc20310925191b333f5bb8728d35aa014c95e8bca6dab7d2d58a67cdac2eca87d103add4c2eac66d273ca3636e3c790803599bd11e18e6d8dd48b679b71bdaee806605dfc5196caae75bd2c4dfaf25ebefe722575ae351b7b1f08d40a1744c79d53aafc1b0e4f21a0ecd8bfdec7fcb7e1e1dd0df4c635f9932bbfa8704ee0a0448009903e7c3449b1d99b1c7574eba695fc31cac2b97669a661401b63d37b6dce6c417221ab1f4413a881def174b0b7f9982454f572ce976807655bec9292cac7fd30a05fbff9e7a5a6bfe392c238b51c3472b7e5f0f78f03566099a460a8476d9e8ed9c911fa7130ace35a8c9bb417c5d4139b24955d7dddfdf154563ec2f9ce024ad0038ec4ef1ca3c6d475929e870c6302aa8358dd7c30806b408c5ef8a1393e182ee7b5c479c8eae9e00e05b49a001f00111c0023cdef69ffe7d948308d5a6c2f0aaa7710befb05d3113838c05f66c97a81d9ffab129f8515a94ff8814dfab89f2101f4713b3a23abfc32633763d5546056bc2f122cb6587c50b9553e0904799bcf5d163b6117df714fb228070f9a09680d182d65198d1bdca2bd518bd500b83bd7e7084674a50c86cf1ae873a5e552a080bbadca9aca5d4f54cb65e193e8551d289f9b11164853221e50ae466ae1228d12dfa0d88bd62226646261f86ce15a9847410edc1fdae1aa1b79c419f0f2e0070a9e317ed5ed46dabb9e2d5cd21282a8eb7de5e5ee1d9bb9b38b56999cdd4c1a9abe6e085962a41eb4d4e4dec27def222d8652e8b315ec3958a5805f9408510b73960dd9727120923e3a564d2cbb6d2925c626967c74b71b5b659b2c79fbd58d0cfa42a0893d46436268e2ff9cb17e077e8d6e1169ea0cd36bb2df184b1c3e7c9aa8a6174944698ebd61ae93e09076bf2f0ba4840031bc756885f4a0809eb34480e5be3eae26bdb0db83b94593471cc17fd6ef160a67545ebee8038f4a481a9dafb04ad382dda1762c23b193bdd090d66fa010f9904ecb8f0adf7b87931d2e1cb82dd375b55301fec594a431f80b926d315e9aeaeab2cb9f13ea8a65713eabe95e188e6923255af0b76882711afd0dfee521e86d346238b5bd75827e7f15dc304ed5466a36e79e6e4c8d5df572e7a6462e21618a0dfc7a4ab855be001287b1770da9eaf6f0a7081e8de1fc198675ddb94dc7cd32973ac485907f1a2f648b2ed9fe7e0300cf085dcb13a4647a660b719a3ff6b854eb5940d508418586c6713710a5f599c124147d65b0e7e36f738b989d753bd1e43f782c1f53272a998dd09e7c63b91bc384215dbc9926755ea068780b851e301a5da8c124c19a7ecf28b48f4581cf3db8809c315409d1778894e388032efdbb0362a3ef92ffe0a7929d6fad06e8e9b294d35012a5f7576de53faa12f41dc3856569e6faeaa13795d3f3f3c6734ab1324d1184a0182a36bc83b347cdca6440e89442e7dae8f42d77964213fbfd6523193694fb0c63373c1d8f07da07f6628b173b0db52dd680584fefbdc3d14221d2bdab776f77397f52d5b1279138549c8912840720cc2b13442bd02686ea236f7a9b459f37e816fa9dbcddb3a1ff91d33ebaad3991d90604666c50fa10194c36c08095a9ba7633b10111f0242996d833ccd3f46f7617aedd61b429a57b462bef687388e341aad04e73fddfa8cc2128ed094432ffa31e39f8c5a85b2bcc0af4c9906"], &(0x7f00000012c0)=0x1008) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340)='/dev/ptmx\x00', 0x101, 0x0) ioctl$GIO_SCRNMAP(r2, 0x4b40, &(0x7f0000000a00)=""/1) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) fgetxattr(r3, &(0x7f0000000140)=@known='system.posix_acl_default\x00', &(0x7f0000000280)=""/122, 0x7a) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000300)={0x9, 0x7a8, 0x4, 0x2, 0x101, 0x0, 0x0, 0x996, r1}, 0x20) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e23, 0x8, @empty, 0x3}, 0x1c) ioctl$RNDCLEARPOOL(r3, 0x5206, &(0x7f0000000040)=0x8) 2018/04/09 21:14:22 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040017fffffff00683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:22 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xff00000000000000) 2018/04/09 21:14:22 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:22 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1400000000000000, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:22 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup(r0) setsockopt$inet6_udp_int(r1, 0x11, 0x1, &(0x7f00009c6000), 0x4) setsockopt$inet_tcp_buf(r1, 0x6, 0x16, &(0x7f0000000000)="48af29a356b4ba50a970db84032cdc7b8e750486fe43be35b1687b0abb426a849fbd875ababafd53958284e5aff93fa5674c6751b01c76c2c4818adbf5291bc3d47579a2bc1d449aed6b7d3b9c92f8221e0fd1f2d0e504d2ae7fa7556cbcfaad18441b8fc7191a23b9b0a9d8496e43488f87b4f5eb55a22ba15ac6e2e832f09654588fdf299b0901cffc8f8db87dd08cf104a5561a8072b0a94f4c5f56d86c0bd3931836b5e043fbc1b98b20d70fb050800365eaaf80eaac987789d5fa2c1b71b9219a", 0xc3) 2018/04/09 21:14:23 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x7]}, 0x10) 2018/04/09 21:14:23 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:23 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010040030000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:23 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xc0ffffff00000000) 2018/04/09 21:14:23 executing program 0: socket$nl_netfilter(0x10, 0x3, 0xc) [ 467.353221] binder: 407:411 Acquire 1 refcount change on invalid ref 128 ret -22 [ 467.361177] binder: 407:411 unknown command -928540024 [ 467.386233] binder: 407:411 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:23 executing program 6: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7008400, &(0x7f0000000100), &(0x7f00002b7ffc), &(0x7f000029e000), &(0x7f00000000c0)) r1 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x3, 0x101000) getsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000080), 0x4) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f00000001c0)=0xc) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x7fffffff, 0x80000001, 0x5, 0xddf, 0x0, 0x10000, 0x0, 0x4, 0x8, 0x6, 0x2, 0x400, 0x200, 0x3, 0x3, 0x9, 0x7fff, 0xb6e, 0x8, 0x6, 0x200, 0x73eb, 0x7ff, 0x3, 0xd3a3, 0x5, 0x2, 0x35a, 0x81, 0x2, 0x0, 0x80000001, 0xffffffff, 0x0, 0x8, 0x0, 0x0, 0x800, 0x5, @perf_config_ext={0x2, 0x6}, 0x4208, 0x5, 0xfffffffeffffffff, 0x5, 0x9, 0xffff, 0x7}, r2, 0x4, r0, 0x1) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x4e21, @broadcast=0xffffffff}, 0x10) 2018/04/09 21:14:23 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:23 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804001ffffff9e00683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:23 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000196fe4)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000327f68)={0x2, 0x400000000000003, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_address={0x3, 0x8, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast2=0xe0000002}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0xfffffffb}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x88}, 0x1}, 0x0) r1 = semget(0x3, 0x1, 0x88) semctl$IPC_RMID(r1, 0x0, 0x0) 2018/04/09 21:14:23 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xfeffffff) 2018/04/09 21:14:23 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x20c]}, 0x10) 2018/04/09 21:14:23 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:23 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:23 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:23 executing program 6: r0 = syz_open_procfs(0x0, &(0x7f000076c000)='pagemap\x00') getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x4e23, 0x15, @local={0xfe, 0x80, [], 0xaa}, 0x401}}, 0x1, 0xfffffffffffff8e4, 0x20, 0x4, 0x8}, &(0x7f00000000c0)=0x98) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000100)={0x7, 0xa2, 0x4, 0x0, 0x81, 0xa9d, 0xb5, 0x1ff, r1}, 0x20) write$binfmt_script(r0, &(0x7f00000001c0)={'#! ', './file0', [{0x20, '&'}, {0x20, '\'wlan1wlan1.)'}], 0xa, "20ffe9d701df67"}, 0x22) lseek(r0, 0x0, 0x0) ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, &(0x7f0000000140)=""/75) 2018/04/09 21:14:23 executing program 6: r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x4) mmap(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0) 2018/04/09 21:14:23 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:23 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x3fd) ioctl$LOOP_CHANGE_FD(r0, 0x1269, 0xffffffffffffffff) 2018/04/09 21:14:23 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x8072000000000000]}, 0x10) 2018/04/09 21:14:23 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a60080400100f0000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:23 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x1000000) [ 467.884451] binder: 466:469 Acquire 1 refcount change on invalid ref 128 ret -22 [ 467.892338] binder: 466:469 unknown command -928540024 2018/04/09 21:14:23 executing program 6: r0 = memfd_create(&(0x7f0000000180)='\x00', 0x1) perf_event_open(&(0x7f0000000080)={0x3, 0x70, 0x1ff, 0x1, 0xa3, 0x2, 0x0, 0x3, 0x8, 0x2, 0x4, 0xccc, 0x1000, 0x5, 0x0, 0x200, 0x4, 0x8000, 0xeab4, 0x81, 0x7fff, 0xfffffffffffffff7, 0x4, 0x1, 0xb52e, 0x6, 0x6, 0x4, 0x7, 0x1, 0x0, 0x9, 0xfffffffffffff580, 0x2, 0x100000000000000, 0xcdc0000000000000, 0x7, 0x5, 0x0, 0x69, 0x6, @perf_bp={&(0x7f0000000040), 0x3}, 0x10, 0x401, 0x3, 0x7, 0x1ff, 0x1f, 0x81}, 0x0, 0x5, r0, 0x2) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000100)='/dev/snd/pcmC#D#c\x00', 0xffff, 0x400) [ 467.965255] binder: 466:469 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:23 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:23 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_open_dev$audion(&(0x7f0000000180)='/dev/audio#\x00', 0x7ff, 0x84080) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, &(0x7f0000000100), 0x142) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f0000000100)="66400f388199df16000066ba4000ecf2470fc29043000000c9410f15f8b8010000000f01c1b9800000c00f3235000100000f30c482f5b65de7b92c090000b8f1240000ba000000000f3066410f3882b200000080c4c1a1f330", 0x59}], 0x1, 0x0, &(0x7f0000000180), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2018/04/09 21:14:23 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0xb00000000000000]}, 0x10) 2018/04/09 21:14:23 executing program 6: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x4000, 0x0) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket(0x10, 0x806, 0x0) write(r1, &(0x7f0000000040)="26000000130047f10701c1b00e000000000000000100000009ef18ffff00f132050014006e35", 0x26) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000180)={'team0\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r2, 0x890c, &(0x7f00000001c0)={@dev={0xfe, 0x80, [], 0x15}, @mcast1={0xff, 0x1, [], 0x1}, @remote={0xfe, 0x80, [], 0xbb}, 0x8e4, 0xcc, 0x2, 0x400, 0x47, 0x20, r3}) setsockopt$inet_mreq(r2, 0x0, 0x24, &(0x7f0000000240)={@multicast2=0xe0000002, @rand_addr}, 0x8) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000100)={0x7, &(0x7f0000000080)=[{0x90000000000, 0x7, 0xfff, 0x2}, {0x10000, 0x8000, 0xffff, 0x401}, {0x5, 0x2, 0x8, 0x7}, {0x6, 0x1, 0x3ff, 0x100000000}, {0x3, 0xfe, 0x2a1a743b, 0xf25}, {0x7fffffff, 0xf8e9449, 0x8, 0x5}, {0x62f, 0x7, 0x9, 0xd4}]}, 0x10) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r2, 0x4) 2018/04/09 21:14:23 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xfec00000) 2018/04/09 21:14:23 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804001001f000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:23 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:23 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:23 executing program 0: r0 = socket(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x80000000000004c, &(0x7f0000b34ffc), 0x4) 2018/04/09 21:14:23 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1400, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:24 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:24 executing program 6: ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000000)=0x0) r1 = syz_open_procfs(r0, &(0x7f0000000040)="2f65786500000000000035abe1e80d903e0d717ac1889a45e581c9e14a5c8f95f5d2968ae8c767e9d18fd69a") ioctl$fiemap(r1, 0x80087601, &(0x7f0000000080)) 2018/04/09 21:14:24 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x3f00000000000000) 2018/04/09 21:14:24 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a60080400100f0ffff00683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:24 executing program 0: r0 = socket(0x8080000000001, 0x80000, 0x1e) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x3, 0x630, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000ac0], 0x0, &(0x7f0000000000), &(0x7f0000000ac0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x3, 0x0, 0x0, 'ip6gre0\x00', 'syzkaller1\x00', 'ip6tnl0\x00', 'yam0\x00', @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [], @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [], 0x2a8, 0x328, 0x358, [@bpf0={'bpf\x00', 0x210, {{0x3, [{}, {}, {0x6}]}}}]}, [@common=@IDLETIMER={'IDLETIMER\x00', 0x28, {{0x0, 'syz1\x00'}}}, @common=@STANDARD={'\x00', 0x8}]}, @common=@CONNSECMARK={'CONNSECMARK\x00', 0x8, {{0x2}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff, 0x1, [{{{0x11, 0x0, 0x0, 'ip6tnl0\x00', 'ip6gretap0\x00', 'ip_vti0\x00', 'ifb@\x00\b\x00\x00\x00\x00"\x00', @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, [], @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [], 0xe0, 0x128, 0x160, [@state={'state\x00', 0x8}, @quota={'quota\x00', 0x18}]}, [@common=@RATEEST={'RATEEST\x00', 0x20, {{'syz0\x00'}}}]}, @common=@mark={'mark\x00', 0x10}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff, 0x1, [{{{0x100000000011, 0x0, 0x0, 'lo\x00', 'ifb0\x00', 'gretap0\x00', 'sit0\x00', @random="417b33fff412", [], @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [], 0x70, 0x70, 0xb8}}, @common=@ERROR={'ERROR\x00', 0x20, {"bba57155187d9565c71b6c4f1488b2d332dfd7e0d6cfb7b89a031fa17d1a"}}}]}]}, 0x6a8) [ 468.370579] binder: 524:528 Acquire 1 refcount change on invalid ref 128 ret -22 [ 468.378314] binder: 524:528 unknown command -928540024 2018/04/09 21:14:24 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0xb40000]}, 0x10) [ 468.460558] binder: 524:528 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:24 executing program 6: r0 = socket$inet(0x2, 0x7, 0x7) perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x20000000000000, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(r0, 0x0, 0x480, &(0x7f0000000080)=""/188, &(0x7f0000000000)=0xa8) 2018/04/09 21:14:24 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:24 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:24 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3e1]}, 0x10) 2018/04/09 21:14:24 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x2000000) 2018/04/09 21:14:24 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:24 executing program 0: r0 = syz_open_dev$midi(&(0x7f0000000ff5)='/dev/midi#\x00', 0x420cd632, 0x0) select(0x40, &(0x7f0000038fc0), &(0x7f0000000fc0)={0x80200, 0xffffffffffffffff}, &(0x7f0000031fc0), &(0x7f000004c000)={0x77359400}) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r0) setsockopt$inet_group_source_req(r0, 0x0, 0x2b, &(0x7f0000000100)={0x97, {{0x2, 0x4e24, @rand_addr=0x1}}, {{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}}, 0x108) getrusage(0xffffffffffffffff, &(0x7f0000000000)) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) 2018/04/09 21:14:24 executing program 1: r0 = socket(0x4, 0x6, 0x3) ioctl$KVM_ASSIGN_SET_MSIX_NR(0xffffffffffffffff, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r1 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r2, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r3 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(0xffffffffffffffff, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r4 = msgget(0x1, 0x80) msgrcv(r4, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:24 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010003400000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:24 executing program 6: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0xe0400, 0x0) r1 = geteuid() getgroups(0x5, &(0x7f00000010c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]) fchownat(r0, &(0x7f0000001080)='./file0\x00', r1, r2, 0x400) readv(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000080)=""/4096, 0xffffffffffffff75}], 0x100000000000016a) 2018/04/09 21:14:24 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x700) 2018/04/09 21:14:24 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) move_pages(0x0, 0x0, &(0x7f0000000000), &(0x7f0000000040)=[0x400, 0x400, 0x20, 0x100000001, 0x2, 0x100000000, 0x9], &(0x7f0000002000), 0xffffffffffffffff) 2018/04/09 21:14:24 executing program 0: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) r0 = fcntl$getown(0xffffffffffffff9c, 0x9) ptrace$peekuser(0x3, r0, 0x5) nanosleep(&(0x7f0000000080)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) r1 = syz_open_dev$usbmon(&(0x7f0000000100)='/dev/usbmon#\x00', 0x6, 0x202) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f0000000200)={0x1, 0x8, 0xffffffff, 0x0, 0xf}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000a55000/0x4000)=nil, 0x4000, 0x0, 0x0, 0xffffffffffffffff) syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000840), 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="d8d30067719cc81cff"]) kcmp$KCMP_EPOLL_TFD(r0, r0, 0x7, r1, &(0x7f0000000580)={r1, r1, 0x7}) syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x5bd3, 0x42) r2 = shmget(0x0, 0x2000, 0x2, &(0x7f000016b000/0x2000)=nil) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000280)={{{@in6=@mcast1, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@rand_addr}, 0x0, @in6}}, &(0x7f0000000140)=0xe8) r4 = getegid() stat(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(0xffffffffffffff9c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) shmctl$IPC_SET(r2, 0x1, &(0x7f00000004c0)={{0x8001, r3, r4, r5, r6, 0x170, 0x3c}, 0x20000000000, 0x6, 0x4, 0x0, r0, r0}) prctl$intptr(0x1f, 0x0) 2018/04/09 21:14:24 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:24 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804001fffff00000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:24 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x9000000000000]}, 0x10) [ 468.854591] binder: 587:590 Acquire 1 refcount change on invalid ref 128 ret -22 [ 468.862329] binder: 587:590 unknown command -928540024 2018/04/09 21:14:24 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0xe103000000000000]}, 0x10) 2018/04/09 21:14:24 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010003000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 468.948447] binder: 587:590 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:24 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:24 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x3f00) 2018/04/09 21:14:24 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:24 executing program 6: r0 = socket$inet_sctp(0x2, 0x8, 0x84) r1 = syz_open_procfs(0x0, &(0x7f0000000040)="2f65786500000000000035abe1e80d903e0d717ac1889a45e581c9e14a5c8f95f5d2968ae8c767e9d18fd69a") socket$inet_sctp(0x2, 0x5, 0x84) uname(&(0x7f0000000000)=""/54) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r1, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f00000000c0)={0x0, @in={{0x2}}}, 0x90) 2018/04/09 21:14:24 executing program 1: r0 = dup(0xffffffffffffffff) ioctl$KVM_ASSIGN_SET_MSIX_NR(r0, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(0xffffffffffffffff, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(0xffffffffffffffff, 0x8008ae9d, &(0x7f0000000100)=""/76) r1 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r2, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r3 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r0, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r4 = msgget(0x1, 0x80) msgrcv(r4, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:24 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804001f000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:24 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x700]}, 0x10) 2018/04/09 21:14:24 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x10) 2018/04/09 21:14:24 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xffffff7f) 2018/04/09 21:14:24 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000046300683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 469.269808] binder: 642:645 Acquire 1 refcount change on invalid ref 128 ret -22 [ 469.277567] binder: 642:645 unknown command -928540024 [ 469.299901] binder: 642:645 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:25 executing program 6: capset(&(0x7f00000fc000)={0x19980330}, &(0x7f0000244000)) r0 = syz_open_procfs(0x0, &(0x7f0000593ff6)='ns/cgroup\x00') setns(r0, 0x0) fcntl$F_GET_RW_HINT(r0, 0x40b, &(0x7f0000000000)) ioctl$KVM_ENABLE_CAP_CPU(r0, 0x4068aea3, &(0x7f0000000040)={0x7b, 0x0, [0x80, 0x4, 0x0, 0x7f]}) 2018/04/09 21:14:25 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:25 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x400300) 2018/04/09 21:14:25 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x8072]}, 0x10) 2018/04/09 21:14:25 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000000200683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:25 executing program 1: r0 = socket(0x0, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:25 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:25 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:25 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xfc000000) 2018/04/09 21:14:25 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010ec0000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 470.209738] binder: 699:700 Acquire 1 refcount change on invalid ref 128 ret -22 [ 470.217447] binder: 699:700 unknown command -928540024 [ 470.294216] binder: 699:700 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:26 executing program 6: r0 = socket(0x40000000015, 0x5, 0x0) ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f0000000000)=0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in6=@ipv4}}, &(0x7f0000000040)=0xe8) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000200)={0x0, 0x0, 0x0}, &(0x7f0000000280)=0xc) setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000002c0)={r1, r2, r3}, 0xc) bind$inet(r0, &(0x7f00008a5ff0)={0x2, 0x0, @loopback=0x7f000001}, 0x10) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000080)=@un=@abs, 0xfffffffffffffedc, &(0x7f0000000200)}, 0x10002) sendto$inet(r0, &(0x7f0000f7db7f), 0x0, 0x0, &(0x7f000069affb)={0x2, 0x0, @loopback=0x7f000001}, 0x10) 2018/04/09 21:14:26 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0xb]}, 0x10) 2018/04/09 21:14:26 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:26 executing program 1: r0 = socket(0x4, 0x0, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:26 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040011b09000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:26 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x80fe) 2018/04/09 21:14:26 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9000000, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:26 executing program 0: mmap(&(0x7f0000000000/0xfe6000)=nil, 0xfe6000, 0x3000004, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000bf7ffc), 0x4) r1 = memfd_create(&(0x7f0000000000)='wlan1,vboxnet0-\x00', 0x3) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xcd, &(0x7f0000000140)={{0xa, 0x4e24, 0x8, @empty, 0xe80}, {0xa, 0x4e24, 0x101, @dev={0xfe, 0x80, [], 0x1b}, 0xab5f}, 0xd11f, [0x6, 0xffffffffffffff00, 0x1, 0x9, 0xfffffffffffff4a2, 0x7fff, 0xfffffffffffffffc, 0x100]}, 0x5c) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000300)={r1, &(0x7f0000000040)="70cf471e89c43d8656877f42faf5609f0865a88a4f28b45d22e684473ad92e3cfadb75682ffe3753c84dd1f605f187808f479ae6a92053c191d4dc9cd918e4", &(0x7f0000000340)=""/85}, 0xfffffffffffffd70) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0}, &(0x7f0000000200)=0xc) sched_rr_get_interval(r2, &(0x7f0000000240)) 2018/04/09 21:14:26 executing program 6: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x2) r1 = epoll_create1(0x0) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f000086fff4)) r4 = getpgrp(0x0) io_setup(0xff, &(0x7f0000000040)=0x0) r6 = syz_open_dev$admmidi(&(0x7f0000000180)='/dev/admmidi#\x00', 0x8, 0x80000) io_submit(r5, 0x3, &(0x7f0000000400)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0xb, 0x8ae, r1, &(0x7f0000000080)="d75a3ea7145af16e63527874de42396a853d0ab76fa1b22d01f88ca89940374614f309ff696df1822b8ad877e899a3ddf379ca346e220fd93fa148aecd2b02b6839112852a4581b930b867e2093e689ef80af9d6e38a7c9e5b736d50b5fa8f78a4eda9a51822a703ad59d8f8ada5a3da75a890a4609f0472e7cb07a4acfa0655f123746065e853e32d2982bb3af9fd0c87b888b02767c2867ec93395954aa7a6d7b0a5368b0c8224f94ee1584a800fcd9c1c96c32b3e2474617477a4c924d9136bfc3e23a336e94cf463", 0xca, 0x2, 0x0, 0x1, r6}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x5, r1, &(0x7f0000000200)="ab1674ff3d79a80aa60a47b50d82141c0be12befa9e5396331a89e69672bbeb56d00d29726bb8ee56ad021f3d1950d53b2ef12322cc282e7ee9c3e024294a14dadcaf4bcb76db899f6a3b10b32f786409495d0e801145d2663fae9e7891f573ce1496ac27a5cecc250a903fddde54f13e6a2ec51f5c68e7106885d12e7a40c3b50677c750d79be61a00e6c103faad8753b1f8a001eed74a5766d97ef82fe430aeeb9f0330296ce105fc0da40af497bbf03a647ce0053fb6dde06b4840f3d83b5f48933d16cdb068abc6aac911de8fb52b469a60d", 0xd4, 0x0, 0x0, 0x1, r0}, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x9, r1, &(0x7f0000000340)="244ca76ac8b3e761101e5ff46ce55ae8923b1d5efffc5478ce9bd01c6bf37d308acd8ea5e3b8086fad5ce5b06680539bf8e038316f044f1bf863ecc72f2bd1b66de200f6c8356194a70885a4e6d2ec3eb2f4251fa7236f47ef90510bd54af474e27cfb42ed5160", 0x67, 0x0, 0x0, 0x1, r2}]) geteuid() r7 = getpid() kcmp$KCMP_EPOLL_TFD(r4, r7, 0x7, r3, &(0x7f0000000000)={r3, r2}) 2018/04/09 21:14:26 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7280]}, 0x10) 2018/04/09 21:14:26 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000004ff7)='/dev/sg#\x00', 0x0, 0x0) setsockopt$IP_VS_SO_SET_ZERO(0xffffffffffffffff, 0x0, 0x48f, &(0x7f0000000000)={0x0, @rand_addr=0x1000, 0x0, 0x0, 'nq\x00'}, 0x2c) ioctl(r0, 0x100000001, &(0x7f0000000000)) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000040)=0x5, 0x4) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r0, 0x408c5333, &(0x7f0000000080)={0x4, 0x100000001, 0x3, 'queue0\x00', 0xffffffffffff8000}) syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x20, 0x101600) 2018/04/09 21:14:26 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x8000000000000000) [ 470.621777] binder: 724:726 Acquire 1 refcount change on invalid ref 128 ret -22 [ 470.629575] binder: 724:726 unknown command -928540024 2018/04/09 21:14:26 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040019effffff00683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:26 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 470.687702] binder: 724:726 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:26 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(blowfish))\x00'}, 0x58) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='map_files\x00') ioctl$KDMKTONE(r1, 0x4b30, 0xf62b) r2 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab2719", 0x4) sendmsg$alg(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) sendmsg$alg(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="d85a8a32c7cd25ea55", 0x9}], 0x1}, 0x0) recvmsg(r2, &(0x7f0000158000)={&(0x7f0000000180)=@nfc_llcp, 0x253, &(0x7f0000000000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000da2000)}, 0x0) 2018/04/09 21:14:26 executing program 6: r0 = syz_open_dev$tun(&(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={"64596df17c0e4200", 0x4000000000000401}) ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000000)=ANY=[@ANYBLOB="4500f120"]) syz_open_dev$mice(&(0x7f0000000080)='/dev/input/mice\x00', 0x0, 0x420200) ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f00000000c0)=r0) 2018/04/09 21:14:26 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0xc02000000000000]}, 0x10) 2018/04/09 21:14:26 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xa) 2018/04/09 21:14:26 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:26 executing program 1: r0 = socket(0x4, 0x6, 0x0) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:26 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010200000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:26 executing program 0: perf_event_open(&(0x7f0000fdef88)={0x2, 0x70, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_route(r0, &(0x7f00000fa000)={&(0x7f0000c1b000)={0x10}, 0xc, &(0x7f000052aff0)={&(0x7f0000634000)=@delneigh={0x1c, 0x1d, 0x301, 0x0, 0x0, {0x6b}}, 0x1c}, 0x1}, 0x0) [ 471.056426] netlink: 8 bytes leftover after parsing attributes in process `syz-executor0'. [ 471.075426] binder: 792:793 Acquire 1 refcount change on invalid ref 128 ret -22 [ 471.083423] binder: 792:793 unknown command -928540024 [ 471.099542] binder: 792:793 ioctl c0306201 20007000 returned -22 [ 471.106282] netlink: 8 bytes leftover after parsing attributes in process `syz-executor0'. 2018/04/09 21:14:26 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:26 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xffffffff00000000) 2018/04/09 21:14:26 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0xc020000]}, 0x10) 2018/04/09 21:14:26 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:26 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000000100683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:26 executing program 6: pipe2(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) setsockopt$inet_sctp_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000180)={0x3, 0x1, 0xbb8, 0x8, 0x8, 0x9, 0xcc4, 0x459, 0x4, 0x0, 0x5}, 0xb) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x8a4, 0x63f, 0x1, 0x0, 0x0, 0x5}) syz_emit_ethernet(0x14, &(0x7f0000000000)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, @rand_addr, @link_local={0x1, 0x80, 0xc2}, @remote={0xac, 0x14, 0x14, 0xbb}}}}}, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffff9c, 0x80000) r3 = open(&(0x7f00000000c0)='./file0\x00', 0x41, 0x2) creat(&(0x7f0000000080)='./file0\x00', 0x100) ioctl$SIOCGIFMTU(r2, 0x8921, &(0x7f0000000040)) fcntl$addseals(r2, 0x409, 0x8) fcntl$getownex(r0, 0x10, &(0x7f00000001c0)={0x0, 0x0}) stat(&(0x7f0000000200)='./file1\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_GET_CLIENT(r3, 0xc0286405, &(0x7f00000002c0)={0x20, 0x354, r4, 0x1, r5, 0x1, 0x1, 0x4}) 2018/04/09 21:14:26 executing program 0: perf_event_open(&(0x7f0000fdef88)={0x2, 0x70, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_route(r0, &(0x7f00000fa000)={&(0x7f0000c1b000)={0x10}, 0xc, &(0x7f000052aff0)={&(0x7f0000634000)=@delneigh={0x1c, 0x1d, 0x301, 0x0, 0x0, {0x6b}}, 0x1c}, 0x1}, 0x0) 2018/04/09 21:14:26 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(0xffffffffffffffff) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:26 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x3300000000000000) [ 471.229368] netlink: 8 bytes leftover after parsing attributes in process `syz-executor0'. 2018/04/09 21:14:26 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4002]}, 0x10) 2018/04/09 21:14:26 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000091b00683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:27 executing program 6: r0 = memfd_create(&(0x7f0000002901)='dev ', 0x0) write(r0, &(0x7f0000000000)="164690f11220", 0x6) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f00000000c0)={'sit0\x00', {0x2, 0x4e20, @broadcast=0xffffffff}}) sendfile(r0, r0, &(0x7f0000001000), 0xffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x11, r0, 0x0) ioctl$RNDADDENTROPY(r0, 0x40085203, &(0x7f0000000100)=ANY=[@ANYBLOB="cb6700004c0000070091bae3072d69e42401afd43f94be973703db685950437e14a6ee5e1dbca21ee8ebcfd7c808bf8dd663202d3ad2fc609b8b8c1161e43e3619daa6c747aaf60ae8e2ba8eeaf7f76be69e08002d00000000000000000000000000"]) clock_nanosleep(0x0, 0x0, &(0x7f0000000440)={0x0, 0x1c9c380}, 0x0) 2018/04/09 21:14:27 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 471.281756] binder: 816:820 Acquire 1 refcount change on invalid ref 128 ret -22 [ 471.289479] binder: 816:820 unknown command -928540024 2018/04/09 21:14:27 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x10}, 0x10) ioctl$KVM_ARM_SET_DEVICE_ADDR(r0, 0x4010aeab, &(0x7f0000000140)={0x4, 0x4000}) ioctl$int_in(r0, 0x5452, &(0x7f00005ebff8)=0x3f) recvmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000006380)=""/54, 0x36}}], 0x1, 0x0, &(0x7f00000065c0)) r2 = dup2(r0, r1) getsockopt$inet_udp_int(r2, 0x11, 0x66, &(0x7f0000000080), &(0x7f0000000100)=0x4) 2018/04/09 21:14:27 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xf5ffffff00000000) [ 471.330690] binder: 816:820 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:27 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x10) 2018/04/09 21:14:27 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:27 executing program 0: r0 = syz_open_dev$sndtimer(&(0x7f0000ea5000)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(r0, 0x40045402, &(0x7f0000000100)=0x100000000000000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000001000)={{0x100000001}}) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000140)=0x0) process_vm_writev(r1, &(0x7f00000002c0)=[{&(0x7f0000001040)=""/4096, 0x1000}, {&(0x7f0000000180)=""/88, 0x58}, {&(0x7f0000000200)=""/183, 0xb7}], 0x3, &(0x7f0000000300), 0x0, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f000002aff4)) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f000001cfb0)={0x0, 0x1, 0x0, 0x0, 0x7}) mknod(&(0x7f0000000600)='./file0\x00', 0x0, 0xffff8002) r3 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x4, 0x84002) ioctl$KVM_SET_GUEST_DEBUG(r3, 0x4048ae9b, &(0x7f0000000580)={0x90001, 0x0, [0x3ff, 0xd8, 0x9, 0x4aa, 0x0, 0xfc2, 0x4, 0x2]}) ioctl$sock_inet_SIOCDELRT(r3, 0x890c, &(0x7f0000000080)={0x1, {0x2, 0x4e24}, {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x12}}, {0x2, 0x4e20, @loopback=0x7f000001}, 0x222, 0x8, 0x9, 0x0, 0x6, &(0x7f0000000040)='bcsf0\x00', 0x7, 0x9, 0x6}) getsockopt$EBT_SO_GET_INIT_ENTRIES(r3, 0x0, 0x83, &(0x7f00000004c0)={'nat\x00', 0x0, 0x3, 0xce, [], 0xa, &(0x7f0000000300)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], &(0x7f00000003c0)=""/206}, &(0x7f0000000540)=0x78) ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0) 2018/04/09 21:14:27 executing program 6: mkdir(&(0x7f0000578000)='./file0\x00', 0x0) lsetxattr(&(0x7f0000000200)='./file0\x00', &(0x7f0000faffe7)=@known='system.posix_acl_default\x00', &(0x7f000054afec)="0200000001000000000000000400000000000000", 0x14, 0x0) r0 = fcntl$dupfd(0xffffffffffffff9c, 0x406, 0xffffffffffffffff) inotify_add_watch(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) getxattr(&(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)=@known='com.apple.FinderInfo\x00', &(0x7f0000000240)=""/173, 0x55) accept4$vsock_stream(r0, &(0x7f00000000c0)={0x28, 0x0, 0x270f, @host=0x2}, 0xffffffffffffffa5, 0x80000) execve(&(0x7f0000000100)='./file0\x00', &(0x7f0000000480)=[&(0x7f0000000140)="0200000001000000000000000400", &(0x7f0000000180)='com.apple.FinderInfo\x00', &(0x7f0000000300)='\x00', &(0x7f0000000340)='\x00', &(0x7f0000000380)=']@\x00', &(0x7f00000003c0)='com.apple.FinderInfo\x00', &(0x7f0000000400)='GPL\x00', &(0x7f0000000440)="0200000001000000000000000400"], &(0x7f0000000600)=[&(0x7f00000004c0)='\x00', &(0x7f0000000500)="0200000001000000000000000400", &(0x7f0000000540)='com.apple.FinderInfo\x00', &(0x7f0000000580)='system.posix_acl_default\x00', &(0x7f00000005c0)='system.posix_acl_default\x00']) chroot(&(0x7f0000000640)='./file0\x00') set_mempolicy(0x2, &(0x7f0000000000)=0x7, 0x4) 2018/04/09 21:14:27 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x8072000000000000]}, 0x10) 2018/04/09 21:14:27 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(0xffffffffffffffff, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:27 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xe00000000000000) 2018/04/09 21:14:27 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:27 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040016304000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:28 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x33000000) 2018/04/09 21:14:28 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:28 executing program 6: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fec)={0x5, 0x84, 0xff, 0x1}, 0x14) mmap(&(0x7f000000d000/0x1000)=nil, 0x1000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x200000, 0xe0202) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000040)={0x0, 0x8001}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000000c0)={r2, 0x200}, &(0x7f0000000100)=0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f000000cff9)={r0, 0x28, &(0x7f000000c000)}, 0x10) [ 472.359199] binder: 864:873 Acquire 1 refcount change on invalid ref 128 ret -22 [ 472.367090] binder: 864:873 unknown command -928540024 2018/04/09 21:14:28 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804001f0ffffff00683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:28 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0xb000000]}, 0x10) 2018/04/09 21:14:28 executing program 0: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$packet(0x11, 0x23, 0x300) r0 = getpid() ptrace(0x11, r0) keyctl$session_to_parent(0x12) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f00000000c0)=ANY=[@ANYBLOB="80d22c4f64735e00"], &(0x7f0000000100)=0x8) syz_open_dev$sndctrl(&(0x7f0000001000)='/dev/snd/controlC#\x00', 0x0, 0x0) pselect6(0x40, &(0x7f0000f33fc0)={0x3ffffd}, &(0x7f0000768000), &(0x7f0000086000), &(0x7f0000349000), &(0x7f0000f14000)={&(0x7f0000a65ff8), 0x8}) r2 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x80) ioctl$TIOCSSOFTCAR(r2, 0x541a, &(0x7f0000000180)=0x101) r3 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x107a82, 0x0) ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa04, &(0x7f0000000040)={&(0x7f0000ff9000/0x4000)=nil, 0x4000}) [ 472.411138] binder: 864:873 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:28 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:28 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x3a000000) 2018/04/09 21:14:28 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:28 executing program 6: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f0000000000)={0x1d}, 0x10) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x1, 0x32, 0xffffffffffffffff, 0x0) setsockopt(r0, 0x65, 0x10000000002, &(0x7f0000000000)="c8d63f23", 0x4) ioctl$KVM_GET_PIT(r0, 0xc048ae65, &(0x7f0000000040)) 2018/04/09 21:14:28 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804001fffffff000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:28 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0xb4]}, 0x10) 2018/04/09 21:14:28 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x0, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:28 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x20003e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x11, @broadcast=0xffffffff, 0x0, 0x0, "566c630000000bab000800"}, 0x2c) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/lblc_expiration\x00', 0x2, 0x0) setsockopt$IP_VS_SO_SET_EDIT(r0, 0x0, 0x483, &(0x7f0000000100)={0x3b, @remote={0xac, 0x14, 0x14, 0xbb}, 0x4e20, 0x1, 'wrr\x00', 0xa6f621beb1a528d7, 0x8, 0xf}, 0x2c) ioctl$TIOCGSID(r1, 0x5429, &(0x7f00000000c0)) 2018/04/09 21:14:28 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:28 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x4) 2018/04/09 21:14:28 executing program 6: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(poly1305-simd)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00005c2000)="0a0775b0d5e383e5b3b60ced5c54dbb729", 0x11) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='syscall\x00') ioctl$TIOCGPTPEER(r1, 0x5441, 0x80000001) 2018/04/09 21:14:28 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x3300) 2018/04/09 21:14:28 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:28 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804001091b000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:28 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0xe103]}, 0x10) [ 472.785343] IPVS: Scheduler module ip_vs_Vlc not found [ 472.804829] IPVS: set_ctl: invalid protocol: 59 172.20.20.187:20000 wrr [ 472.821081] binder: 949:950 Acquire 1 refcount change on invalid ref 128 ret -22 [ 472.828804] binder: 949:950 unknown command -928540024 2018/04/09 21:14:28 executing program 6: r0 = socket(0x10, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00008cbfd8)={'vcan0\x00', 0x0}) r2 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x1d, 0x80000) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000080)={{0x4000, 0xd000, 0x10, 0x2, 0xfffffffffffffffb, 0x4, 0x1ff, 0x4, 0x540, 0x2, 0x200, 0x7ff}, {0x0, 0x2000, 0x8, 0x10000, 0x1, 0x401, 0x6, 0x8001, 0x5, 0x8, 0x40, 0xffffffffffffffb6}, {0x1f000, 0x1f000, 0xb, 0x7f, 0x9, 0x9, 0x2, 0x2, 0x1f, 0x8, 0x101, 0xf9}, {0x3000, 0x2, 0x8, 0x4d0, 0x9, 0x2, 0xb8, 0xfffffffffffffff7, 0xdbc5, 0x6, 0x6, 0x1f}, {0x1, 0x6000, 0x1a, 0x800, 0x2, 0x8, 0xd08, 0x4, 0x8, 0x1, 0x5, 0xfffffffffffff54d}, {0x10f000, 0x2, 0x8, 0x1, 0x8, 0xfff, 0x10001, 0x8, 0x6, 0x8, 0x8, 0x80000000}, {0x106006, 0x0, 0xb, 0x48, 0x8, 0x100000001, 0x7, 0x80000000, 0x9, 0xfffffffffffffff8, 0x8000, 0x4}, {0x1f000, 0x10f000, 0x9, 0x5, 0xff, 0x5, 0x4, 0xffffffff, 0x5, 0xfffffffffffff5df, 0x9, 0x34a849a0}, {0x1d000, 0x3000}, {0x1, 0x3000}, 0x4, 0x0, 0x2, 0x104, 0x7, 0x2000, 0x6000, [0x81, 0x7fff, 0x1f, 0x3ff]}) sendmsg$nl_route(r0, &(0x7f0000000000)={&(0x7f00000004c0)={0x10}, 0xc, &(0x7f0000883000)={&(0x7f0000000980)=@setlink={0x44, 0x13, 0x601, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_VFINFO_LIST={0x24, 0x16, [{0x20, 0x1, [@nested={0x1c, 0x5, [@typed={0x18, 0x0, @ipv6=@mcast2={0xff, 0x2, [], 0x1}}]}]}]}]}, 0x44}, 0x1}, 0x0) 2018/04/09 21:14:28 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xc0fe) [ 472.865229] binder: 949:950 ioctl c0306201 20007000 returned -22 [ 472.883604] IPVS: Scheduler module ip_vs_Vlc not found [ 472.896674] IPVS: set_ctl: invalid protocol: 59 172.20.20.187:20000 wrr 2018/04/09 21:14:28 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:28 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:28 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:28 executing program 0: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000001f88)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000fff)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000bf0000/0x2000)=nil, 0x2000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) mmap(&(0x7f0000941000/0x2000)=nil, 0x2000, 0x0, 0x4011, r0, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000900)) accept4$ax25(0xffffffffffffff9c, &(0x7f0000000380), &(0x7f0000000480)=0x10, 0x80000) r2 = syz_open_procfs(0x0, &(0x7f0000000040)="2f65786500000000000090d8b75e67e16b394342abb5158df87ea8984e79c93df7498b2b34796068700e29fbd789f9a031f23e16c96e30baed2961953b057f7a3222943acc4b8cfa4de553f8276731ddeb811efd44ea011e1a0db9074a28a826c88566b89c57cc3cca4aec41d37fa27c8daa19030d03139d0aea71d509d9a20ba7deceb656cc1308d9d1f111b6bd1595486f55e229923be4ed8cbfb78e86280b4cacf386bfa8840afb312a4c520a03b27f805d181bd09ea208931a36e888060a2d") ioctl$DRM_IOCTL_WAIT_VBLANK(r2, 0xc018643a, &(0x7f0000000500)={0x10000000, 0x0, 0x3}) connect$packet(r2, &(0x7f0000002a00)={0x11, 0x0, 0x0, 0x1, 0x4, 0x6, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x15}}, 0x14) fsetxattr(r2, &(0x7f0000000140)=@known='user.syz\x00', &(0x7f0000000180)="363c51940180ebe7753205aff0fa0447a66dafe9356a7523588002a93724a0e1fe2d1192f3e19aec4d078b2ab1bb0365360f1339aa1b80de79356570d0a6b7a6025c471e7b8514989fa1e6746581add1157d812fd9ef438b5cd74178ad1fa3bb6cff15a3ede5d306b4f8d977fd65146e99d0c2b2c1d5f2c62577c3c094b374cc50eafec5b0a349c4b04ad425b5dd4d51856e426f359338dbcbe939c9da32b8ffb1f84e3df8dca651656e7818d949b14b5560d71c92335881a988a06f5c2b798dad13916946e32139ede4df933f525428b81464aea9a3c66c410bc4718ba27dab77cee9c682d9dcba6fdd36e36057a6bda603998e69e4aa516c825653071d26d991b749e7b19c2f076a0dc8f0240aabfae82984f0ee5172a6d18e0de0c1f674e57e4a71c0093db907000000000000000000000000000000", 0x137, 0x0) r3 = request_key(&(0x7f00000002c0)='asymmetric\x00', &(0x7f0000000300)={0x73, 0x79, 0x7a, 0x0}, &(0x7f0000000340)='id_resolver\x00', 0xfffffffffffffff9) keyctl$setperm(0x5, r3, 0x2000000) r4 = add_key(&(0x7f0000000640)='id_resolver\x00', &(0x7f0000000680)={0x73, 0x79, 0x7a, 0x3}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$read(0xb, r4, &(0x7f0000002a40)=""/4096, 0x1000) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000600)={0x1f, 0x100000001, 0x5, 0x8, 0x0, 0x3da, 0x0, 0xffffffff}, &(0x7f00000007c0)=0x20) fremovexattr(0xffffffffffffffff, &(0x7f0000000000)=@known='user.syz\x00') ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x4b, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0c6300003a36678842f095eb5b8d4a9c0b2a865c8300e4c3bc068efd34e3fae605690390293986836dd180833d57526cfbcdb5a0f810cd2b64bc55b03265da5599b123710b2d87c418c6aa"], 0x0, 0x0, &(0x7f0000005000)}) r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x400400, 0x0) syz_open_dev$admmidi(&(0x7f00000005c0)='/dev/admmidi#\x00', 0xfffffffffffffffa, 0x361880) ioctl$TUNSETPERSIST(r5, 0x400454cb, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f000000ffd0)={0x0, 0x0, &(0x7f000000f000), 0x1, 0x0, &(0x7f00000000c0)='b'}) mmap$binder(&(0x7f000000c000/0x2000)=nil, 0x2000, 0x0, 0x12, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:28 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x900]}, 0x10) 2018/04/09 21:14:28 executing program 6: r0 = open(&(0x7f0000000040)='./file0\x00', 0x10000, 0x4) fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f00000000c0)=0x3) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0xc0605345, &(0x7f0000000340)={0x2, 0x1, {0x3, 0x0, 0x63, 0x3, 0x3008}}) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$nl_xfrm(0x11, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX(r1, 0x8931, &(0x7f0000000000)={'bond0\x00'}) mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x7fffffff, 0x2000000208972, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x1, 0x101) r3 = openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x20000, 0x10) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000280)=0x3f) sendto$inet6(r3, &(0x7f0000001000)="c730eeb935fdba42f6b3049214b00bad5943362506cb6fde15e08e5a01f29b8cbe5be8c764f48be38218bd102c0ac4911b7c9d464bddac22d5bbec8a078f398879841f5194dc6a5190dcda5a342e52cbbf6a3e4d4ab111ece94468f55ce874bda7dbb27cdfce2661dcfc972f323d9d15d14a92d81d3bd9e249741372da971e1945f87f4ac2dd299b818a94ed38c83fd3e9f7c0c277ab4799ed338f24aca4d546592d2990f9ec32c5fb69d5c7ccd432470415604c9d52da506f9815fa2d80f2cf9655fd7b67e6b7f40b5202b8d76ad7e250b526dd7ad4fda0b011e7d2a2520691d83391659594bb7a2940c199778e6e02efdc02954267f38e406d1b116d8290a1ff31d554a6db0efb3a59920be0aa59a5cb5795ba418c691800fea8bf2dec7bb384eaa7a22e137aea5143eae2ebd09c060e03bddabdfd2a566c249d500c6055de20e61763dd242f5e39e86d17ec236bef4e6a843aa8659244e15a308b0cb09ff0b46f9fc935e86609f8cc3860aa0ea26e6c15e98b5300da3d2c64f9a148126cf6d703cdbfc55393ca16ab0ad986706a5d2249529de1993cedba671f218debc93fb283f3bf0a89f2146ee459096e97c81419aed1b42fcefae0ca6c198cf8f208c3dcc5ea3a5ef357670214bf5b12a11b82024134426f82b09b73c366d09d9078edf41f34906f00d45afbc9248813ed7b398668e279e58a6063816ded735bffa14bb73c9005d692385a7b6481db94936cd76077cd77024b82a66d178dc8bf18eb4a7e551a8833d2663f34914983340171139099ec7b374187428f600671f5e876b04b0f63b8d31161987aff4970190d34871b99bd2260b5a5e20adee3cebee96432203c24ba3862a889f7e5ec453c185ef833eb94a595a5c77bea87273a53469a60ca54dc4e80dfe45d55ea7526ac0da387727449199d7275698502351268bff8e3e2429ae7794cebccc995c1544fe0b688aaf1d03d701c75dc59d7d9b6f1e25470efcb2bb1835530d7dd619b4bc99607d90e6e9d087638d5a1db158799f231ba617b828cf620981d322607b19f99dc6462e4b5e2ab3cb699c28d8beed02ce934d467aff9db6518505bcc5635ba478e47a66117892e58b0e2a8f3915faf5c8763022c5ef2355db9408df86fd0653297fb3bffa432945c307216511b64ecd63b93494721ff810ff3bcb18251fa7eff63eb658c4ea5a51fc79fa1059611b7f3a9af34b8f0ee63fd6eb1df3c9ce9c378188f308ab5f66546a27aa8889fa51a31b8cbe3e2da8dc3b9109018bfd569120aef4ca964882f994baa355181f33a828602ebc46e8ad7273eccd0ae51f3192235d4af474e667d424d0c90cc27f921ce04efd06af849ba0526d7256ea9923784c49351c086d9577eb25e935d3bd703e45d368cdfdcdc2d635c0a02eb4ce6ef0d0a5d8fddaacd1f6d905c86d89945293f8a631c16e5d774ec352ecb08a6e7945c68f5fd4d83396329aa60f81ac8e6e22dad5051236c4c51e721af17e5bdb2ed7150770a654461a161b70e55b4515f406df6ab84f05b3335a294318b6ee076a478d9517419b22a9ae50c6f573d1e70c5557ea1afa2a21d547b3858221b068671a54a5f800fab8667f0af7f141ef7ca65a9dc64620d85a53d2a38ace1ae3ad223d91ca3cc5c7cce55c50541521f79c6465efb809f98b8c74003abad42b050cb64538fbb89065d2bac38dce3afda8d34c1d80c9a07cf837320b5a5f69688b2133f5ee663e703558def50abed530ff5d0cc8acb5ff31b156227d75e97bbe947b1fdaff101beff5326f5cad5d27388ed81f858cd0341711f44b599b97b294f6e5b99791f40ecc607b515e508aa0b24df7f9d863ebc65ed19afeae77fda37d57c6431acc4b42960910955c71ff650f3fb444cdfa30ad885e8d058c1fad5407bbc02feda4a5a0d69a53ddf71592ef319f9ce47d0610e26dbc8ac05fffd5ccb2494532b0de4c54711b92b4cac2b1b0016ac6535ce2dad62ad6e9dbbc4aaef0c0d8ec72f9740d8a061b1b7399a5baac333ca9ebef914afed137d7c5065b8c1f2d571744445c2e6e52ce65d6d5fcb4b4f4846628257fd3eef42f64b8fa9a68dc3eb7776f83af09bca91857ad867571f9f1f28572d7016b246cadee350a8603b0612e55fe3d67a170858a345fc738293e83ddc823384b1ddc52c892b4d3497a580c47b07a42e2c7c4a8fd79c8702a54a485049902a9e68efabe510c2bb3bbc2e18b4b617046119907debc7712e9d45123873ad7f488fe25193063cbf6db1d122e29cd9ea51563d32e78252083ee81e81aedac1e541883e6671f241192a14a0243699008e2aafc55e5ca9142cd6b060f677930a7781d85d36e9b35d0b136d5b4300bdc999d785453713a60e0fff73d3ffa45e6ccf352542c5c9fb95e759cecbe619a3a96f16984a89c8a03d18615cd510fe114637cac3e77189884a3bd9a6b7ee6655ceb808cdb67d4e9bc95e3c3e29bbacbab5dc1fd59e53a95036c3a5101439cedaf14b314913e20ec39934a955eab25b7fd82bbede5719b0c11fe449a821c543390840d6c3403be3235836632a1746800df93de0b1c8334cce02f8522cf93cd2fb6488ee100250f30172ff126628103e0e8482a2cfc00dab924eef488c3400fb8024aa2e3a91a051e72c328a428345abcf1ed1421e597ea407c708a1f76448d01d365a5e60c92a2d79a856ff33bfab4916199d14696b2b4c7659ff13558b97ccf3f83c23468d86967abdb3d33364ac37fb0115797a901ebcfc7666d1fa49137b60606baa7f7f502e6e397458b3fdbe001272f03f78a67064914c43185fb9a03492657144ae882f8243b396e705c1b80413bb0386357a182abc388423e72e36c83b82e47460ae3fb45b07705d00bbd76c9978b04445f800f68c3fea996217dc88cdf31d7180c53d46971e8c4314f3700d899b8b97d3022f7eda6fe7e00ab8db31f884f177d14c93c5d148db60a94c985bfa5291f905c3481bd1e5c3a873a12e22236d68591ce7c8654fd84b62cb1f1d3ed803582ee01757cddb137a6621e8040927d7c3006f9ba30e7ca44e0b4742ac981aad60f9c750750f3d3b6391bc61d85fff2d1dff2ef9e81613e7879d5967c30a797341cb0697218dd23a2a65a555464811e6536bb7ad77a00f04b44fef7bf7ee3c46a2f3e8e6f04270886388f8d7335700a19ca004d7031a79bd22f3785530343e09e749a2e471e2e04ec7034248c275cead9289cb6d8ebe39cc38f7f6e6d294350ab809b725773a4942613f28e7d47a16088f488ecec1a133a4a1466f7216eece04bee058f24ec590d2f832fb035ac5db41a3584e5051cb4739ac2609c56495e7d5a4c71624f6e4fb95edec74e31a724c4583db0ce8d20bb4068e189226fdaefb4e2c46b0369789853321f3839062564719d91b6e1bfb7a261176a47e6768120364b874c8a2e7711074f67b048315a7fca39c71fb174377823d4ecabacc9fe6e482cfedbf3ba57b65023013d15a63442e23a27b5ca7e808b904c46de9ea001667e32971c536517f6718a5acb3374c152497a403bd121369eac6879648a32049719eb6060b2f23797379d1777f0f21242d7b2d2dd6287aeca09422fa68ee80be77e3270d19e92a8a359f9d33410a6233f5a0b437890754e574be9b153ce7e7e7ec074707efff3352ed77bd00000fa6a85340496c698774917926b9fdf4b3086e80dfc8d8d3667b0e03cb5c9354408e9f18cb49047555d851eb6cf2eea74b4fb3ebfd8ac9d30dde5f4b9ea0f0306faecaa218bfac0bed7c2fa8127736e6f49decf1d2b1ac1e9e99d6ea0ef1815c59996197f5dc89c15c68b9baecd4a0c79cde10fa8e9ca1354332155c45e5c26ce9efc3544cdbebd488a1f554b065fb32ef983c4787528293b474c31b336be555eef427ee2ae3980d6844cd23b623edee60d067c284906b53332251a54e5844f8200320778e9de400f4463761fa162bdf42199b986e4633c4f7b54d26cbf9c750ae3791a4ca4edfba918a398fe9ef8caf39f89e7997949c1e7a4ac46ed74793ec703fe88989a74cdff219ad10106a35563144e5b23a89eb50da6a55e0402afc46b729d61b136893466125b5da3cc3527a27d4c4aad0d50029ec9022944dab1bd57cc666bc7b45189895ae1203ece50f62465d7dce60f9189e59b30c01a145723a41b9792e952a00fd6f69e00f9634fb46c1ee80363bbcf2adb740634fa8d84983e10f2b567e69a989074fe71bea5e78e86997ea1180938c216c12272876a3e98b9545df5620a2c09e8f2e9ad492d8e94dbe01f78ca69eac3bf4da55421a3127700408cd0a5ef68c8397aaa48ff41813109807e8a3467b5c20a670ab3a910de885438648bf3aeaa3daac006f51ea39e2b251c49e74ce3c13150c10f2523495a2c4fb4e1d361e9a52af32e4348bf66e8f370dbab0863f90b37c026c8d26e288e94478557160e0676014cbc70be9023b92eac675a0b94320817d70ec5a55776f045ddc5ac9655e085e087ed204e02f62e702bd64b26d04833518cce89c89c1ede51e09efb1bd17cc629f13eb2c32bb9e392642af3a58f66dfd66797d6dac6c2a893cd560074c7f3f314886092ccf41968094d395fa28e0483db768669b85bbdb8ee796333a03d12d9e799e9bbb39a0ad8add298237b207cdc15f376619a8c6133542e61f98ec682f5f09a3ae954117baf9c44f14025ba6ff2bd0b5ac06e974b684fcff5b5b347e3250e5c29bc45ca08c40d71e7fcecf11bd7e574f701ba3bdd08fd0a679b3c85766497c59da33a875218402946210a1c78aee85d2838983e43a67af3b2e313e232390a8c33acd873d0d682c5e13eedfa7142b58c918eed6e2c98b4022571a6b0822db1208aa7b4444041e3e557bd461fafb26d9524240dc27c34f5841a5ed3c15506227317af9adf4f6431763eea1eb47021d3d0a68cb6d5cb7e4f15019ca4ec08ab45f8c2e58a970bfa4b010990bd82180691ed8a89e7a7b5d6cfd5a3952756ef9e0d2667a6a876bca3dd44514019bfce9ccf82daa9d5c7e12e7cb97a2b0ccdc07cb30c81875b0ddc25af6316655d3a85bdd174907fd3d19603edbd37b6a81c54f8933209dc8f148ed9fed94ea6ddcc70b53bcf7e9c43bff8918d61cfdd5ee72d15b0d86ea44ae7ca61d4dd19e05596703a23e57ae1c4dda9c92880a616c6f98530d863076127e9bf74bffb623d177ba804337196f745e952593abb3a7d228ca4befd859396ad80fc47bdd05c0cbe9a71c37e723fafcb0dae6c81a8c72b1f2fc4cab58bd87ce374ab6fb5d12f12b2dccc9cd6594bea1dc35de3bbb6cd44f8253a716e8041552cda8efa2aa67f0d30e6e4208244ce783cf19751c800bdaff6ae08088e7f0dc89cddd635f29610da756f9a311adbb02042b7451e947c3f6d118685e89dfe359dd58fab8392a7ad2faa73ada6e45ae35c5e2da66fe2f5738b3d513daa3642076d73fd49af41170cda44ac90206f299bb2384cdd6d53620ceed3e0a6685f257b22264e88966415854b0ddbc34309373a0920bc1b1e8036d6a8b6e89c60c45ecedef3308d360e19c0dbd136ec323c3333760873520f34b5a125850a90a6506d2decb14ebd5fdb12b8177e3e548a33e4875dd27a99e952256b889234ff09990c256a371d25ee95c7d9c14787cebd27ddc460ab272b266368b43304f505d71909f6146dee99d0a9acf5ab4f7967f00e001f3ec3497342fc402825bdb304a5510cfc72bc8d338b371fcdf3cf9650759db2931b9b1912cbba1cf4f4abda75bcb4327b4b0f822b8684c3565e1181b859c9448aec63a", 0x1000, 0x0, &(0x7f0000000300)={0xa, 0x100004e24, 0xfffffffffffffffc, @remote={0xfe, 0x80, [], 0xbb}, 0x4}, 0x1c) madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) ioctl$DRM_IOCTL_AGP_ACQUIRE(r2, 0x6430) ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, &(0x7f0000000100)={0x5, 0x1}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/hwrng\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, &(0x7f0000000100), 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_TSS_ADDR(r5, 0xae47, 0xd000) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000f000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="480fc799ef000000420f01cf0f072e2e0f1f4000b944020000b81d1a0000ba000000000f30c74424003c010000c7442402fb000000ff1c24b907090000b800000000ba010000000f3066baf80cb83cf78c88ef66bafc0c66edf244dac60f2182", 0x60}], 0x1, 0x0, &(0x7f00000002c0), 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r6, 0xae80, 0x0) clone(0x0, &(0x7f0000000000), &(0x7f0000000ffc), &(0x7f0000000ffc), &(0x7f0000000000)) mlock(&(0x7f0000a67000/0x2000)=nil, 0x2000) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, &(0x7f00000002c0)={0xf9, 0x3, 0x8, 0x1}) stat(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f0000000240)) 2018/04/09 21:14:28 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010300000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:28 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:28 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x700000000000000) 2018/04/09 21:14:28 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xfe80000000000000) 2018/04/09 21:14:28 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:28 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(anubis)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) socketpair$inet(0x2, 0x80810, 0x81, &(0x7f0000000000)={0xffffffffffffffff}) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r2, 0x84, 0x4, &(0x7f0000000040)=0x3, 0x4) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab27191a01002356ba602dff05000bfef9b9d2a4b20079fffffffffffffe00", 0x20) sendmmsg$alg(r1, &(0x7f0000003940)=[{0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) sendto(r1, &(0x7f0000000080)="b093739571ede042882042a163ee96d6", 0x10, 0x0, &(0x7f0000000200)=@un=@abs, 0x80) recvmsg(r1, &(0x7f0000158000)={&(0x7f00002fffa0)=@nfc_llcp, 0x60, &(0x7f0000b9c000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000da2000)}, 0x0) 2018/04/09 21:14:28 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000000300683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:28 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0xb00000000000000]}, 0x10) [ 473.249688] binder: 1000:1002 Acquire 1 refcount change on invalid ref 128 ret -22 [ 473.257565] binder: 1000:1002 unknown command -928540024 [ 473.279168] binder: 1000:1002 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:29 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x200000000000000) 2018/04/09 21:14:29 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000001f00683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:29 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:29 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:29 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0xb4000000000000]}, 0x10) 2018/04/09 21:14:29 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(0xffffffffffffffff, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:29 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x3f000000) 2018/04/09 21:14:29 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:29 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000400300683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:29 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000142ff0)={0x2, 0x4e22}, 0x10) sendto$inet(r0, &(0x7f0000243fca), 0x0, 0x200080c4, &(0x7f0000b56000)={0x2, 0x4e22}, 0x10) r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x7cc, 0x0) ioctl$KVM_PPC_GET_SMMU_INFO(r1, 0x8250aea6, &(0x7f0000000140)=""/4096) write(r0, &(0x7f0000000000)="ec", 0x1) r2 = syz_open_dev$sndpcmp(&(0x7f00000000c0)='/dev/snd/pcmC#D#p\x00', 0x7, 0x400840) ioctl$VHOST_SET_VRING_CALL(r2, 0x4008af21, &(0x7f0000000080)) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000b26000)=0x1ffa, 0x4) writev(r0, &(0x7f0000018cd2)=[{&(0x7f0000068000)="02", 0x1}], 0x1) listen$netrom(r2, 0x0) 2018/04/09 21:14:29 executing program 6: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000040)) signalfd(0xffffffffffffffff, &(0x7f0000000080)={0xfffffffffffffffb}, 0x8) r0 = socket$pppoe(0x18, 0x1, 0x0) mmap(&(0x7f0000a4d000/0x3000)=nil, 0x3000, 0x0, 0x30, r0, 0x0) quotactl(0x0, &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000000c0)) 2018/04/09 21:14:29 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0xec0) 2018/04/09 21:14:29 executing program 6: r0 = memfd_create(&(0x7f0000002901)='dev ', 0x0) ftruncate(r0, 0xffff) write(r0, &(0x7f00007fbffd)='H', 0x1) sendfile(r0, r0, &(0x7f0000001000), 0xfec) syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x7, 0x181200) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r0, 0x0) execve(&(0x7f0000000ff8)='./file0\x00', &(0x7f0000000000), &(0x7f0000001fe0)=[&(0x7f0000000ffc)='dev ']) 2018/04/09 21:14:29 executing program 0: mmap(&(0x7f0000000000/0x709000)=nil, 0x709000, 0x0, 0x44031, 0xffffffffffffffff, 0x0) ioctl$TIOCSWINSZ(0xffffffffffffffff, 0x5414, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4}) r0 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x9, 0x2000) ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f0000000040)={[{0x804, 0x8001, 0x1, 0xff, 0x4, 0x7, 0x8000, 0xb15, 0x9, 0x0, 0xfffffffffffffff9, 0x6, 0x8a60}, {0x1, 0x3ff, 0x57, 0x6714, 0x8e7, 0x100, 0x0, 0xfff, 0xa, 0x4, 0x52, 0x400}, {0x1, 0x5, 0x7c, 0x3, 0x2, 0x4, 0x3, 0x583db179, 0x7ff, 0x7, 0xfffffffffffffffc, 0x1, 0xfa59}], 0x3}) 2018/04/09 21:14:29 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x7000000) 2018/04/09 21:14:29 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000f0ffff683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:29 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40020000]}, 0x10) [ 473.744947] binder: 1069:1080 Acquire 1 refcount change on invalid ref 128 ret -22 [ 473.752933] binder: 1069:1080 unknown command -928540024 [ 473.765285] binder: 1069:1080 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:29 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0x7, &(0x7f0000d41000), &(0x7f0000eebff0)) eventfd2(0x0, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000080), 0x10) accept4$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, @mcast2}, &(0x7f0000000100)=0x1c, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x84800) sendmsg$rds(r0, &(0x7f0000000380)={&(0x7f0000000140)={0x2, 0x4e21, @multicast2=0xe0000002}, 0x10, &(0x7f0000000240)=[{&(0x7f0000000180)=""/37, 0x25}, {&(0x7f00000001c0)=""/17, 0x11}, {&(0x7f0000000200)}], 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="580000000000000014010000090000000000008001000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="0300000000000000"], @ANYPTR=&(0x7f00000002c0)=ANY=[@ANYBLOB="0000008000000000"], @ANYBLOB="000100000000000002000000000000000000000000000000060000000000000010000000000000000200000000000000"], 0x58, 0x80}, 0x40) 2018/04/09 21:14:29 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x40030000000000) 2018/04/09 21:14:29 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:29 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000), 0x0) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:29 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0xb00]}, 0x10) 2018/04/09 21:14:29 executing program 6: getsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f00000002c0), &(0x7f0000000300)=0x4) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000019c0)=[{&(0x7f0000001800)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001980)=[{&(0x7f0000001880)="1ccc90f965e13a4426450f69f8208fb25f56a2167b244e5f00361f2b7cae9145a55bed4b93c2990406549c1e3fd3456cbc78d8051f003180eeb50ee98a5820d1bf17da0519a119f33e90dff8f963dd4ff570e5fe9c43805c512b9d2521d3de57055108db11f2c3021a70686262486abddda08ba5a3b7cad5e4e05ba40456b2e96c8f5e88234e2fc4e403bf53bedd152d72340a6d57471cbd834502577c2db79d64f596618a614892bc5b472f5dce3074c3f3", 0xb2}], 0x1, 0x0, 0x0, 0x44}], 0x1, 0x80) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0xfffffffffffffffd, 0x1) getpeername$netrom(r1, &(0x7f00000000c0)=@full, &(0x7f0000000140)=0x48) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000200)=0x0) perf_event_open(&(0x7f0000000180)={0x4, 0x70, 0x100000000, 0x9, 0x2abd, 0x24ff, 0x0, 0x6, 0x20000, 0x8, 0x7fffffff, 0x7, 0xffffffff, 0xd479, 0x81, 0x20, 0x1f, 0x4, 0x0, 0x7, 0x80000000, 0x7fffffff, 0x9, 0x2b, 0x10001, 0x0, 0xf7, 0x81, 0xe8d, 0x5, 0x3, 0x9, 0xffff, 0x1, 0x79fae251, 0x5, 0x1, 0x6, 0x0, 0x80000000, 0x0, @perf_config_ext={0xf2e, 0x20}, 0x300, 0x9, 0xfffffffffffffffa, 0x3, 0x5, 0x3, 0x9}, r2, 0x1, r1, 0xb) epoll_create1(0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x40000003, 0x0) setsockopt$RDS_FREE_MR(r1, 0x114, 0x3, &(0x7f0000000240)={{0x1db, 0x40}, 0x14}, 0x10) r4 = accept4(r3, 0x0, &(0x7f0000000280), 0x800) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000380)=0x11, 0x4) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000340)) dup2(r0, r3) 2018/04/09 21:14:29 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a60080400100ffffff9e683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:29 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x3a00) 2018/04/09 21:14:29 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) socketpair$inet6_sctp(0xa, 0x1, 0x84, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f00000001c0)={0x902, 0x1, 0xff, 0x4, 0xff}, 0xc) r3 = open(&(0x7f0000000000)='./file0\x00', 0x1000000, 0x20) getsockopt$inet_tcp_buf(r3, 0x6, 0x21, &(0x7f0000000380)=""/211, &(0x7f0000000480)=0xd3) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='sysfs\x00', 0x0, &(0x7f0000000400)) getsockopt$inet_sctp6_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000000200)=@assoc_value={0x0, 0x5}, &(0x7f0000000280)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f00000002c0)={0x7, 0x2, 0x1, 0x69, 0x7, 0x6, 0x6, 0x3ff, r4}, &(0x7f0000000300)=0x20) pwritev(r1, &(0x7f0000000580)=[{&(0x7f00000004c0)="24c225e4beb1cdd3a25279550aa5aa00c5d2e9da8f2db9dcc319b246005423f00891e4beb02faea51e84185649283ad887c8156efa02440a60a0960e8e9eba5329a7955d5b69981a13ee36a5f0d22a7ba44e99557a2bb4a630b06956991fb4813aa66232f72ac7d0cf1ab3b721e2a0044cb4833d730cbd2e41083e89cdd188344476011a7ea86281fa6c28fa972a6def268b044747394dea32cd08ac1d40357c8b935bd0b4f6caa1e047ff94f4", 0xad}], 0x1, 0x0) mount(&(0x7f0000000040)='./file0/bus\x00', &(0x7f00000000c0)='./file0/bus\x00', &(0x7f0000000340)='sysfs\x00', 0x0, &(0x7f00000004c0)) rmdir(&(0x7f0000000240)='./file0/bus\x00') getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000040)={0x6, 0x4, 0x9, 0xfffffffffffffff7, 0x5d1c19f4, 0x7f, 0x2, 0x1f, 0x0}, &(0x7f0000000080)=0x20) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f00000000c0)=@assoc_value={r5, 0x800}, &(0x7f0000000100)=0x8) sync_file_range(r3, 0x0, 0x0, 0x3) 2018/04/09 21:14:29 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x100000000000000) 2018/04/09 21:14:29 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xe000000) 2018/04/09 21:14:29 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x8a07000000000000) 2018/04/09 21:14:29 executing program 0: syz_emit_ethernet(0x3e, &(0x7f0000000040)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @multicast1=0xe0000001}, @igmp={0x14, 0x0, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}, "000000081e84d84b2db57b8a0af02ad8c4fda114"}}}}}, &(0x7f0000000000)={0x0, 0x1, [0x8e0]}) [ 474.197996] binder: 1125:1127 Acquire 1 refcount change on invalid ref 128 ret -22 [ 474.205918] binder: 1125:1127 unknown command -928540024 2018/04/09 21:14:29 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a60080400100091b0000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:29 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}, 0x10) 2018/04/09 21:14:29 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xffffffffffffff80}) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x1) r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x8, 0x141000) r3 = accept4$packet(r2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000000100)=0x14, 0x80000) write(r1, &(0x7f0000fd6000), 0x0) ioctl$KDDISABIO(r0, 0x4b37) readv(r3, &(0x7f00000003c0)=[{&(0x7f0000000140)=""/40, 0x28}, {&(0x7f0000000180)=""/102, 0x66}, {&(0x7f0000000200)=""/232, 0xe8}, {&(0x7f0000000300)=""/32, 0x20}, {&(0x7f0000000340)=""/20, 0x14}, {&(0x7f0000000380)=""/63, 0x3f}], 0x6) close(0xffffffffffffffff) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000480)=@security={'security\x00', 0xe, 0x4, 0x480, 0xffffffff, 0x288, 0x288, 0x0, 0xffffffff, 0xffffffff, 0x3b0, 0x3b0, 0x3b0, 0xffffffff, 0x4, &(0x7f0000000440), {[{{@uncond, 0x0, 0x110, 0x150, 0x0, {}, [@common=@dst={0x48, 'dst\x00', 0x0, {0x401, 0x2, 0x1, [0x0, 0x7, 0x4, 0x1, 0x0, 0x4, 0x80, 0x2e6, 0x5, 0x1, 0x80, 0x1, 0x5, 0x6, 0xffff, 0x9], 0xf}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x8001, 0x7fff, 0x8}}}, {{@ipv6={@local={0xfe, 0x80, [], 0xaa}, @loopback={0x0, 0x1}, [0xff, 0xffffffff, 0x0, 0xffffff00], [0xffffffff, 0xffffffff, 0xff, 0xffffffff], 'vlan0\x00', 'bcsf0\x00', {}, {0xff}, 0x3f, 0x3, 0x1, 0xa}, 0x0, 0xf0, 0x138, 0x0, {}, [@common=@unspec=@cgroup0={0x28, 'cgroup\x00', 0x0, {0x4, 0x1}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x5, 'syz1\x00'}}}, {{@ipv6={@ipv4={[], [0xff, 0xff]}, @dev={0xfe, 0x80, [], 0xa}, [0xffffffff, 0xff, 0xffffff00, 0xffffff00], [0x0, 0xff, 0xffffff00, 0xffffffff], 'ip_vti0\x00', 'bcsh0\x00', {0xff}, {0xff}, 0x73, 0x3, 0x7, 0x2c}, 0x0, 0xc8, 0x128}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@loopback={0x0, 0x1}, [0xffffffff, 0xff], 0x4e21, 0x4e22, 0x4e23, 0x4e20, 0x6, 0x0, 0x10000, 0x3, 0x3}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x4e0) [ 474.280619] binder: 1125:1127 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:30 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x40000) 2018/04/09 21:14:30 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00006a4ff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) getsockopt$inet_sctp_SCTP_INITMSG(r1, 0x84, 0x2, &(0x7f0000000000), &(0x7f0000000040)=0x8) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SMI(r2, 0xaeb7) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000180)) 2018/04/09 21:14:30 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:30 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x400300) 2018/04/09 21:14:30 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010063040000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:30 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xe) 2018/04/09 21:14:30 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x10) 2018/04/09 21:14:30 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x15, 0x80005, 0x0) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000040)=0x4, 0x4) getsockopt(r0, 0x10e, 0x3, &(0x7f0000000000), &(0x7f0000000080)=0xfffffffffffffd2b) socket(0x0, 0x0, 0x0) 2018/04/09 21:14:30 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000", 0x10) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:30 executing program 0: r0 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt$inet_buf(r0, 0x0, 0x20, &(0x7f0000000000), 0x0) pipe2(&(0x7f0000000080)={0xffffffffffffffff}, 0x84800) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x27c, 0x400000) setsockopt$inet_udp_encap(r2, 0x11, 0x64, &(0x7f0000000040)=0x3, 0x4) openat(r1, &(0x7f00000000c0)='./file0\x00', 0x101800, 0x82) 2018/04/09 21:14:30 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000040)=0x4000100, 0x4) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) socket$inet6(0xa, 0x3, 0x81) syz_emit_ethernet(0x2a, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000008004500001c0100000000119078ac2314aaac14140000004e2000089c78"], &(0x7f00000000c0)) 2018/04/09 21:14:30 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xfffffffe) 2018/04/09 21:14:30 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x6304) 2018/04/09 21:14:30 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a60080400100f0ffffff683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 474.631137] binder: 1185:1192 Acquire 1 refcount change on invalid ref 128 ret -22 [ 474.639150] binder: 1185:1192 unknown command -928540024 2018/04/09 21:14:30 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x10) [ 474.681665] binder: 1185:1192 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:30 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xfffffff5) 2018/04/09 21:14:30 executing program 6: ioctl$KVM_GET_PIT(0xffffffffffffffff, 0xc048ae65, &(0x7f00000002c0)) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0xfffffffffffffffc, 0x2) ioctl$EVIOCSKEYCODE_V2(r1, 0x40284504, &(0x7f000015cfd8)={0x0, 0x1000000000001, 0x0, 0x0, "cc450294828d9b0006c7c917d91a496bed9216a6f3af549d6ee1fe23a16ba2a4"}) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x80000, 0x0) ioctl$KDENABIO(r2, 0x4b36) accept4$inet(r2, &(0x7f0000000840)={0x0, 0x0, @loopback}, &(0x7f0000000880)=0x10, 0x80000) getsockname$inet(r2, &(0x7f00000004c0)={0x0, 0x0, @dev}, &(0x7f0000000800)=0x10) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000500)='/dev/sequencer2\x00', 0x8000000018d002, 0x0) fcntl$getownex(r0, 0x10, &(0x7f00000000c0)={0x0, 0x0}) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r3, 0x84, 0x70, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x4e22, 0xff, @loopback={0x0, 0x1}, 0x6}}, [0x6, 0x7, 0x7, 0x8000, 0x60, 0x4, 0x6, 0x10001, 0x2, 0x3, 0x100, 0x8, 0x1, 0x882, 0x100]}, &(0x7f0000000140)=0x100) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r3, 0x84, 0x1a, &(0x7f0000000700)={r5, 0xdb, "72ec6a9a6561019178c3c0e603b99051cbfdfd1b66bdf160796ea95f962512ca5d223cdfd364f2fbfb9bd7d8ae06a4ca2177f424da23103f372633ed7b2470287658508b5ea876ae128ab79fc2485866c6e94ccfca07b04b0a62fe133616d8706646ccacd177ca26961601073486bfd01ed9221499e2486170379ed7827730415011de55e56420d7a8bdeabe67624666a30a09166ccf352e2c736f8f65ae03124e967b8288d8ab6f15f03aa34ca6ef6983a4dffe8917e6828befc6f8473b5dc30c62474553a47cf63ab517c65c81a0b9bf426c436519b92f0b9fa8"}, &(0x7f0000000180)=0xe3) getresuid(&(0x7f0000000100), &(0x7f0000000080)=0x0, &(0x7f0000000380)) fstat(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240)={r4, r6, r7}, 0xc) r8 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000340)='/dev/rtc\x00', 0x80000, 0x0) write$binfmt_elf64(r8, &(0x7f0000000540)={{0x7f, 0x45, 0x4c, 0x46, 0x8, 0x6, 0x10000, 0x0, 0x1, 0x3, 0x3, 0xc3, 0x248, 0x40, 0xdd, 0x3000000000000000, 0x9, 0x38, 0x2, 0x0, 0x9, 0x1}, [{0x0, 0x8000, 0x1, 0x7fff, 0x3, 0x1ffbfffffffffd, 0x8e, 0xfffffffffffffffc}], "8e6a762262b2c79c0fb3d4f841316d46a8e13608b823a2ada906fa66541331389edffa5d0aa697"}, 0x9f) 2018/04/09 21:14:30 executing program 0: unshare(0x40000000) r0 = socket$packet(0x11, 0x3, 0x300) r1 = syz_open_dev$tun(&(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'bridge0\x00\x00p\x00', 0x4000000000001005}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000180)={'erspan0\x00', 0x3501}) setxattr(&(0x7f0000000540)='./file0\x00', &(0x7f0000000580)=ANY=[], &(0x7f00000005c0)='keyring\x00', 0x8, 0x0) socketpair(0x0, 0x0, 0x40, &(0x7f0000000240)={0xffffffffffffffff}) ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000100)={'bridge8\x00', {0x2, 0x0, @dev={0xac, 0x14, 0x14}}}) syz_open_dev$urandom(&(0x7f00000000c0)='/dev/urandom\x00', 0x0, 0x2000) r3 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000000cf90), 0xc1, 0x0, &(0x7f0000000640)="502ef440712460319b5d667e52a99d6fce9217b2d6d8e2130cf3567653329b51326ccbb8905aa0d2d312a2716762374abbff80b5659e2ba1a71b12c115f1f01a7401dd488a582ea3784292a910f76cb623c403c09dbdacbb8f9c47c69ca22ec65552ee2f166127738223a7e2e9551b03844d7835ba7098aca74c0f06f9b5f551eb1f4428279a33450cddf6755b4a8731db6c541e59c995ba003b531a0c8981927a295ff76cc0f9d72b97107954b68cadddd7563ec2fda67432b3c208c68d38a8f2"}) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f000000ffd0)={0x0, 0x0, &(0x7f000000f000), 0x1, 0x0, &(0x7f00000000c0)='b'}) mmap$binder(&(0x7f000000c000/0x2000)=nil, 0x2000, 0x0, 0x12, r3, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000340)={0x54, 0x0, &(0x7f0000000280)=[@reply_sg={0x40486312, {{0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280), &(0x7f00000002c0)}}}, @increfs={0x40046304}], 0x26, 0x0, &(0x7f0000000140)="b3cb0ea7f6d40c801610b45855b6374f0028c0886fc3a589b77597dceb2277ecc9a720ec37ae"}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000500)={'bond0\x00', 0x2}) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={0x73, 0x79, 0x7a}, 0x0, 0x0, 0x0) unshare(0x20000000) clone(0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f0000000600), &(0x7f0000000100)) [ 474.918060] IPVS: ftp: loaded support on port[0] = 21 [ 474.998183] device erspan0 entered promiscuous mode [ 475.708553] binder: 1233:1246 got reply transaction with bad transaction stack, transaction 49 has target 1233:0 [ 475.718987] binder: 1233:1246 transaction failed 29201/-71, size 0-0 line 2778 [ 475.754585] IPVS: ftp: loaded support on port[0] = 21 [ 475.780652] device erspan0 entered promiscuous mode [ 475.794910] binder: BINDER_SET_CONTEXT_MGR already set [ 475.800432] binder_alloc: 1233: binder_alloc_buf, no vma [ 475.800454] binder: 1233:1236 ioctl 40046207 0 returned -16 [ 475.805953] binder: 1233:1249 transaction failed 29189/-3, size 0-0 line 2963 [ 475.808268] binder: 1233:1246 got reply transaction with no transaction stack 2018/04/09 21:14:31 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:31 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000000003683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:31 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180", 0x18) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:31 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x8a07) 2018/04/09 21:14:31 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xa00000000000000) 2018/04/09 21:14:31 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x10) 2018/04/09 21:14:31 executing program 0: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x802, 0x0) write$binfmt_script(r0, &(0x7f0000000100)=ANY=[@ANYBLOB='#! ile0\n'], 0xb) write$selinux_user(r0, &(0x7f0000000000)={'system_u:object_r:inetd_exec_t:s0', 0x4000000, "73b90000fffe647500d8a3b0c5f65ad276ad7e23a669a728f70c85ba6334b32567692729107fcb313f14433f2ba7db4b84a09437fc36ec07a96c70e86ae27778adaf53da285284e7fa29dc2827a96d09350be959826a0e151d80dcde"}, 0xfffffd5f) 2018/04/09 21:14:31 executing program 6: unshare(0x40000000) r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}}, 0x10) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000440)='/dev/vga_arbiter\x00', 0x800, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000580)={'team0\x00', 0x0}) lstat(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000680)={{{@in6=@ipv4={[], [0xff, 0xff], @loopback=0x7f000001}, @in6=@remote={0xfe, 0x80, [], 0xbb}, 0x4e24, 0x2, 0x4e23, 0x896, 0x2, 0x80, 0x80, 0x0, r2, r3}, {0x4, 0x2, 0x7fff, 0x8, 0xb7eb, 0x9, 0xfffffffffffffc00, 0xffffffffffffffff}, {0x100000001, 0x5, 0xad17, 0xa8}, 0x9, 0x0, 0x2, 0x1, 0x3, 0x3}, {{@in=@multicast2=0xe0000002, 0x4d3}, 0x2, @in6, 0x3506, 0x0, 0x3, 0x8000, 0x208a306f, 0x200, 0x100000000}}, 0xe8) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000140)={0x0, 0x6ec75de1}, &(0x7f0000000340)=0x8) r5 = add_key(&(0x7f0000000080)='id_legacy\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x3}, &(0x7f0000000200)="2cc9b3b75656584935bc788a22a4b0df0e8d6c4607a26f9a8e0ec2c5175e78c4a9762edadf483bc0f79d73a8a61c31d38f552516975336c9545323c0554c4cda97f5d2fe7f665c05ff6e8b793679d740bb842c2b6c26ceb16ade0b6c125cae9a66d6b4941aaf74d1031947b76f45cc2be24ead9ecf79614df6b70849b7e3981b9e49865782ef731b50103c", 0x8b, 0xfffffffffffffffb) r6 = geteuid() r7 = openat$mixer(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/mixer\x00', 0x200000, 0x0) setsockopt$bt_l2cap_L2CAP_CONNINFO(r7, 0x6, 0x2, &(0x7f0000000300)={0x1f, 0x7, 0x2, 0x400}, 0x6) r8 = getegid() ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r7, 0x40a85321, &(0x7f0000000380)={{0x7, 0x3}, 'port1\x00', 0x40, 0x90800, 0x0, 0x100000000, 0x1, 0x3ff, 0x3, 0x0, 0x4, 0x7}) keyctl$chown(0x4, r5, r6, r8) getsockopt$inet_IP_IPSEC_POLICY(r7, 0x0, 0x10, &(0x7f0000000480)={{{@in6=@loopback, @in=@remote}}, {{@in6=@remote}, 0x0, @in=@multicast1}}, &(0x7f0000000180)=0xe8) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r4}, &(0x7f0000000100)=0x8) r9 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0xa2, 0x100) ioctl$TIOCMSET(r9, 0x5418, &(0x7f00000000c0)=0xfffffffffffffffd) socket$unix(0x1, 0x2, 0x0) [ 475.826276] binder: 1233:1246 transaction failed 29201/-71, size 0-0 line 2763 [ 475.842202] binder: undelivered TRANSACTION_ERROR: 29201 [ 475.847690] binder: undelivered TRANSACTION_ERROR: 29189 [ 475.857304] binder: release 1233:1246 transaction 49 out, still active [ 475.864185] binder: send failed reply for transaction 49, target dead [ 475.929752] IPVS: ftp: loaded support on port[0] = 21 2018/04/09 21:14:31 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xfeffffff00000000) 2018/04/09 21:14:31 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x2) 2018/04/09 21:14:31 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a60080400100c00e0000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:31 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x10) [ 475.988157] binder: 1250:1251 Acquire 1 refcount change on invalid ref 128 ret -22 [ 475.996086] binder: 1250:1251 unknown command -928540024 [ 476.030605] binder: 1250:1251 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:31 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x3a00000000000000) 2018/04/09 21:14:31 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0xc00e000000000000) 2018/04/09 21:14:31 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dc", 0x1c) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:31 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000000001683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 476.269860] binder: 1290:1291 Acquire 1 refcount change on invalid ref 128 ret -22 [ 476.277767] binder: 1290:1291 unknown command -928540024 [ 476.301892] binder: 1290:1291 ioctl c0306201 20007000 returned -22 [ 476.875706] IPVS: ftp: loaded support on port[0] = 21 2018/04/09 21:14:36 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:36 executing program 0: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x802, 0x0) write$binfmt_script(r0, &(0x7f0000000100)=ANY=[@ANYBLOB='#! ile0\n'], 0xb) write$selinux_user(r0, &(0x7f0000000000)={'system_u:object_r:inetd_exec_t:s0', 0x4000000, "73b90000fffe647500d8a3b0c5f65ad276ad7e23a669a728f70c85ba6334b32567692729107fcb313f14433f2ba7db4b84a09437fc36ec07a96c70e86ae27778adaf53da285284e7fa29dc2827a96d09350be959826a0e151d80dcde"}, 0xfffffd5f) 2018/04/09 21:14:36 executing program 6: unshare(0x40000000) r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}}, 0x10) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000440)='/dev/vga_arbiter\x00', 0x800, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000580)={'team0\x00', 0x0}) lstat(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000680)={{{@in6=@ipv4={[], [0xff, 0xff], @loopback=0x7f000001}, @in6=@remote={0xfe, 0x80, [], 0xbb}, 0x4e24, 0x2, 0x4e23, 0x896, 0x2, 0x80, 0x80, 0x0, r2, r3}, {0x4, 0x2, 0x7fff, 0x8, 0xb7eb, 0x9, 0xfffffffffffffc00, 0xffffffffffffffff}, {0x100000001, 0x5, 0xad17, 0xa8}, 0x9, 0x0, 0x2, 0x1, 0x3, 0x3}, {{@in=@multicast2=0xe0000002, 0x4d3}, 0x2, @in6, 0x3506, 0x0, 0x3, 0x8000, 0x208a306f, 0x200, 0x100000000}}, 0xe8) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000140)={0x0, 0x6ec75de1}, &(0x7f0000000340)=0x8) r5 = add_key(&(0x7f0000000080)='id_legacy\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x3}, &(0x7f0000000200)="2cc9b3b75656584935bc788a22a4b0df0e8d6c4607a26f9a8e0ec2c5175e78c4a9762edadf483bc0f79d73a8a61c31d38f552516975336c9545323c0554c4cda97f5d2fe7f665c05ff6e8b793679d740bb842c2b6c26ceb16ade0b6c125cae9a66d6b4941aaf74d1031947b76f45cc2be24ead9ecf79614df6b70849b7e3981b9e49865782ef731b50103c", 0x8b, 0xfffffffffffffffb) r6 = geteuid() r7 = openat$mixer(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/mixer\x00', 0x200000, 0x0) setsockopt$bt_l2cap_L2CAP_CONNINFO(r7, 0x6, 0x2, &(0x7f0000000300)={0x1f, 0x7, 0x2, 0x400}, 0x6) r8 = getegid() ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r7, 0x40a85321, &(0x7f0000000380)={{0x7, 0x3}, 'port1\x00', 0x40, 0x90800, 0x0, 0x100000000, 0x1, 0x3ff, 0x3, 0x0, 0x4, 0x7}) keyctl$chown(0x4, r5, r6, r8) getsockopt$inet_IP_IPSEC_POLICY(r7, 0x0, 0x10, &(0x7f0000000480)={{{@in6=@loopback, @in=@remote}}, {{@in6=@remote}, 0x0, @in=@multicast1}}, &(0x7f0000000180)=0xe8) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r4}, &(0x7f0000000100)=0x8) r9 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0xa2, 0x100) ioctl$TIOCMSET(r9, 0x5418, &(0x7f00000000c0)=0xfffffffffffffffd) socket$unix(0x1, 0x2, 0x0) 2018/04/09 21:14:36 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0xc02]}, 0x10) 2018/04/09 21:14:36 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x63040000) 2018/04/09 21:14:36 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xfe800000) 2018/04/09 21:14:36 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a60080400100001f0000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:36 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc5", 0x1e) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:36 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xa00) 2018/04/09 21:14:36 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x5c150000) [ 480.577568] IPVS: ftp: loaded support on port[0] = 21 [ 480.639238] binder: 1323:1327 Acquire 1 refcount change on invalid ref 128 ret -22 [ 480.647120] binder: 1323:1327 unknown command -928540024 [ 480.701343] binder: 1323:1327 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:36 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0xe1030000]}, 0x10) 2018/04/09 21:14:36 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0xf0ffffff) 2018/04/09 21:14:36 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a60080400100f0000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:36 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(0xffffffffffffffff, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:36 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000]}, 0x10) 2018/04/09 21:14:36 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x1f00) [ 480.928666] binder: 1351:1352 Acquire 1 refcount change on invalid ref 128 ret -22 [ 480.936571] binder: 1351:1352 unknown command -928540024 [ 480.946521] binder: 1351:1352 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:40 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:40 executing program 0: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x802, 0x0) write$binfmt_script(r0, &(0x7f0000000100)=ANY=[@ANYBLOB='#! ile0\n'], 0xb) write$selinux_user(r0, &(0x7f0000000000)={'system_u:object_r:inetd_exec_t:s0', 0x4000000, "73b90000fffe647500d8a3b0c5f65ad276ad7e23a669a728f70c85ba6334b32567692729107fcb313f14433f2ba7db4b84a09437fc36ec07a96c70e86ae27778adaf53da285284e7fa29dc2827a96d09350be959826a0e151d80dcde"}, 0xfffffd5f) 2018/04/09 21:14:40 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = shmget(0x1, 0x4000, 0x80, &(0x7f0000ffc000/0x4000)=nil) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000000)={{{@in=@loopback, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in6=@local}}, &(0x7f0000000100)=0xe8) stat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) getgroups(0x8, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff]) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000300)=0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000340)={0x0}, &(0x7f0000000380)=0xc) shmctl$IPC_SET(r1, 0x1, &(0x7f00000003c0)={{0x1, r2, r3, r4, r5, 0x0, 0x9d}, 0xfffffffffffff71a, 0x10000, 0x1, 0x7fff, r6, r7, 0x7b7}) sendmsg$key(r0, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000aa8000)={&(0x7f00000011c0)={0x2, 0x200000009, 0x0, 0x1, 0x2}, 0x10}, 0x1}, 0x0) 2018/04/09 21:14:40 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xe00) 2018/04/09 21:14:40 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804001001b090000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:40 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x0, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:40 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x78a) 2018/04/09 21:14:40 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x90000]}, 0x10) 2018/04/09 21:14:40 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x1f000000) 2018/04/09 21:14:40 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x7) 2018/04/09 21:14:40 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010002000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:40 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20c]}, 0x10) 2018/04/09 21:14:40 executing program 6: r0 = socket$inet6(0xa, 0x80002, 0x88) recvfrom$inet6(r0, &(0x7f0000e65000)=""/185, 0xb9, 0x0, 0x0, 0x90) bind$inet6(r0, &(0x7f00008a8000)={0xa, 0x4e23}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000000)=0x7, 0x4) r1 = socket$inet6(0xa, 0x8000000000000802, 0x88) sendmsg$inet_sctp(r1, &(0x7f0000a29000)={&(0x7f0000520000)=@in6={0xa, 0x4e23, 0x0, @mcast1={0xff, 0x1, [], 0x1}}, 0x1c, &(0x7f0000fc8000)}, 0x0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x200000, 0x0) ioctl$VT_RESIZEX(r2, 0x560a, &(0x7f0000000080)={0x1, 0x80000001, 0x4b, 0x3, 0x1, 0x8}) [ 485.257482] binder: 1375:1377 Acquire 1 refcount change on invalid ref 128 ret -22 [ 485.265375] binder: 1375:1377 unknown command -928540024 [ 485.279305] binder: 1375:1377 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:41 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x34000) 2018/04/09 21:14:41 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:41 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0xffffff9e) [ 485.507864] binder: 1414:1417 Acquire 1 refcount change on invalid ref 128 ret -22 [ 485.515755] binder: 1414:1417 unknown command -928540024 [ 485.525609] binder: 1414:1417 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:45 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1400000000000000, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:45 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:45 executing program 0: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x802, 0x0) write$binfmt_script(r0, &(0x7f0000000100)=ANY=[@ANYBLOB='#! ile0\n'], 0xb) write$selinux_user(r0, &(0x7f0000000000)={'system_u:object_r:inetd_exec_t:s0', 0x4000000, "73b90000fffe647500d8a3b0c5f65ad276ad7e23a669a728f70c85ba6334b32567692729107fcb313f14433f2ba7db4b84a09437fc36ec07a96c70e86ae27778adaf53da285284e7fa29dc2827a96d09350be959826a0e151d80dcde"}, 0xfffffd5f) 2018/04/09 21:14:45 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c) listen(r0, 0x7) r1 = accept4(r0, &(0x7f0000000000)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f0000000100)=0x80, 0x0) getsockopt$inet_sctp_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f0000000200)={0x0, 0x5cb4, 0x7fff, 0x100, 0x4e, 0x200, 0x20, 0x7e, {0x0, @in6={{0xa, 0x4e23, 0x6, @mcast2={0xff, 0x2, [], 0x1}, 0x7}}, 0x7fff, 0x100000001, 0x401, 0x6, 0xf7fd}}, &(0x7f00000002c0)=0xb0) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f0000000300)={r2, 0x14a8, 0x6d, "805eb14bd488678379ba8cea0c3ff9d3bc2dba476b1734b6a93d5b4d7116fa95f2f6eec3ab6bdf5c61820b16f8cf6b18e22a46e924d1654915e6fadb322ed0aea7c59a801f9bf74e52d74cdca52eccfd57a3ebc2701ffea7b081003483e0e70411581b0b3d958976e2f19d80ea"}, 0x75) r3 = socket$inet6_sctp(0xa, 0x4000000000000001, 0x84) getsockopt$inet_tcp_buf(r1, 0x6, 0x0, &(0x7f0000000180)=""/13, &(0x7f00000001c0)=0xd) sendto$inet6(r3, &(0x7f0000000080)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c) connect$pptp(r1, &(0x7f00000000c0)={0x18, 0x2, {0x20002, @local={0xac, 0x14, 0x14, 0xaa}}}, 0x1e) 2018/04/09 21:14:45 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000000ec0683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:45 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x240]}, 0x10) 2018/04/09 21:14:45 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x40030000000000) 2018/04/09 21:14:45 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0xf0ffffffffffff) 2018/04/09 21:14:45 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x9effffff00000000) 2018/04/09 21:14:45 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000]}, 0x10) 2018/04/09 21:14:45 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xfe80) 2018/04/09 21:14:45 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000034000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 489.911441] binder: 1441:1443 Acquire 1 refcount change on invalid ref 128 ret -22 [ 489.919455] binder: 1441:1443 unknown command -928540024 2018/04/09 21:14:45 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0xf0ffffff00000000) [ 489.987696] binder: 1441:1443 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:45 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x80720000]}, 0x10) 2018/04/09 21:14:45 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xfec0) 2018/04/09 21:14:45 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804001000000091b683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:50 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:50 executing program 0: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x802, 0x0) write$selinux_user(r0, &(0x7f0000000000)={'system_u:object_r:inetd_exec_t:s0', 0x4000000, "73b90000fffe647500d8a3b0c5f65ad276ad7e23a669a728f70c85ba6334b32567692729107fcb313f14433f2ba7db4b84a09437fc36ec07a96c70e86ae27778adaf53da285284e7fa29dc2827a96d09350be959826a0e151d80dcde"}, 0xfffffd5f) 2018/04/09 21:14:50 executing program 6: bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x64}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x1, 0x5, &(0x7f0000346fc8)=ANY=[@ANYBLOB="18000000000000000000000000000000c700000000000000b87b84f9aedcb2000000000000000095"], &(0x7f000031cff6)='syzkaller\x00', 0x5c6e, 0x330, &(0x7f00001a7f05)=""/251}, 0x48) 2018/04/09 21:14:50 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x0, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:50 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0xf000) 2018/04/09 21:14:50 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010004630000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:50 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x1100) 2018/04/09 21:14:50 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0xb40000]}, 0x10) 2018/04/09 21:14:50 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x11) 2018/04/09 21:14:50 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0xb400]}, 0x10) 2018/04/09 21:14:50 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0xf0) 2018/04/09 21:14:50 executing program 6: r0 = syz_open_dev$sndctrl(&(0x7f0000006000)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f000000affc)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000676000)='/dev/audio\x00', 0x0, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0) r3 = syz_open_dev$sndpcmc(&(0x7f00006a6fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x40400) dup2(r2, r1) read(r3, &(0x7f0000ec2f6f)=""/145, 0xdf) 2018/04/09 21:14:50 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000030000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 494.576096] binder: 1493:1497 Acquire 1 refcount change on invalid ref 128 ret -22 [ 494.583937] binder: 1493:1497 unknown command -928540024 2018/04/09 21:14:50 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x3a) 2018/04/09 21:14:50 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4002000000000000]}, 0x10) [ 494.617721] binder: 1493:1497 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:50 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0xfffffff0) 2018/04/09 21:14:54 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:54 executing program 0: write$selinux_user(0xffffffffffffffff, &(0x7f0000000000)={'system_u:object_r:inetd_exec_t:s0', 0x4000000, "73b90000fffe647500d8a3b0c5f65ad276ad7e23a669a728f70c85ba6334b32567692729107fcb313f14433f2ba7db4b84a09437fc36ec07a96c70e86ae27778adaf53da285284e7fa29dc2827a96d09350be959826a0e151d80dcde"}, 0xfffffd5f) 2018/04/09 21:14:54 executing program 6: r0 = syz_open_dev$loop(&(0x7f0000308000)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS(r0, 0xc0481273, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "3900ea631d00000000020000010000009f00000023f7b7d65f90b0e6330ee739b319d8f6aa6bd58d1443474482e85040fb4947ebb55bd19f335b5bffff0001f3", "cfa430745a540dc1c149b7b81579f6a41c51f7d51933223e82ab867dac761faf"}) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f0000000000)="1f0000000104ff00fd4354c007110000f305010008000100010423dcffdf00", 0x1f) write(r1, &(0x7f00000001c0)="1f0000000104fffff13b54c007110009f30501000b00044000000000020000", 0x1f) r2 = syz_open_procfs(0x0, &(0x7f000060c000)='oom_score_adj\x00') setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r2, 0x84, 0x21, &(0x7f00000003c0)=0x200, 0x4) r3 = getpid() sched_setparam(r3, &(0x7f0000000400)) syz_open_dev$loop(&(0x7f0000ca9ff5)='/dev/loop#\x00', 0x0, 0x82) r4 = memfd_create(&(0x7f0000614000)="74086e750000000000000000008c00", 0x0) pwritev(0xffffffffffffffff, &(0x7f0000f50f90)=[{&(0x7f0000000040)="aa", 0x1}], 0x1, 0x81006) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r1, 0x800448d3, &(0x7f0000000440)={{0x60000000, 0x40, 0x4, 0x1, 0x10001, 0x2}, 0x6, 0x0, 0x99, 0x0, 0x7, "e02f94f384aedf2ca05e166aaedcccec7301a95b62125b0a1319eb1e0ad95bd4dc52766005c7fdec991968df78480f7ea3bcb2c0139c0a55f8d247b3b53951f9099544a981938993ee7699d37bc1229c4ef1bc25c0612a7b82ca67b2a36d2fd6aa0aa5e50c35ef5ad40eeba6b0609c528acb5a47a9843ea99d64f347a903a586"}) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, r4) r5 = accept4$inet6(r4, &(0x7f0000000100)={0x0, 0x0, 0x0, @mcast1}, &(0x7f0000000140)=0x1c, 0x800) getsockopt$inet_IP_IPSEC_POLICY(r4, 0x0, 0x10, &(0x7f0000000940)={{{@in6=@local, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in=@local}}, &(0x7f0000000780)=0xe8) perf_event_open(&(0x7f000001d000)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = socket(0x15, 0x80005, 0x0) getsockopt(r7, 0x200000000114, 0x8, &(0x7f0000ee3000)=""/4096, &(0x7f0000000000)=0x1000) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000007c0), &(0x7f0000000540)=0xc) fchown(r4, r6, 0x0) mlock(&(0x7f000000c000/0x3000)=nil, 0x3000) r8 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x806) ioctl$BINDER_SET_CONTEXT_MGR(r8, 0x40046207, 0x0) mmap$binder(&(0x7f000000c000/0x2000)=nil, 0x2000, 0x0, 0x12, r8, 0x0) ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="d7e47c15d420b00790c57eceba76b8d0762c38b08af6cc1845e4686612fe918bd3f97a61325887af34125eb5b8c13f000000000000005d8b77e9fcd79843c8e40541df930296ec53621136d7c164344871a9b946f2be2f5325", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x1c4, 0x0, &(0x7f0000011f9d)}) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000140), &(0x7f0000000180)=0x4) ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f00000001c0)=[@exit_looper={0x630d}], 0x0, 0x0, &(0x7f0000000240)}) getsockopt$inet_sctp6_SCTP_INITMSG(r5, 0x84, 0x2, &(0x7f00000002c0), &(0x7f0000000380)=0x8) getsockopt$inet_sctp_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f00000000c0), &(0x7f0000000240)=0x4) 2018/04/09 21:14:54 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000000002683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:54 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xffffff7f00000000) 2018/04/09 21:14:54 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x10) 2018/04/09 21:14:54 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0xfffffffffffff000) 2018/04/09 21:14:54 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:54 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x200000000000000) 2018/04/09 21:14:54 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xff00) 2018/04/09 21:14:54 executing program 0: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x0, 0x0) write$selinux_user(r0, &(0x7f0000000000)={'system_u:object_r:inetd_exec_t:s0', 0x4000000, "73b90000fffe647500d8a3b0c5f65ad276ad7e23a669a728f70c85ba6334b32567692729107fcb313f14433f2ba7db4b84a09437fc36ec07a96c70e86ae27778adaf53da285284e7fa29dc2827a96d09350be959826a0e151d80dcde"}, 0xfffffd5f) 2018/04/09 21:14:54 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc02]}, 0x10) [ 499.165156] netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'. [ 499.184892] binder: 1578:1579 Acquire 1 refcount change on invalid ref 128 ret -22 [ 499.192725] binder: 1578:1579 unknown command -928540024 2018/04/09 21:14:54 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804001007fffffff683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:54 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0xf0ffff) [ 499.218689] netlink: 'syz-executor6': attribute type 4 has an invalid length. [ 499.237087] binder: 1578:1579 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:54 executing program 0: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x802, 0x0) write$selinux_user(0xffffffffffffffff, &(0x7f0000000000)={'system_u:object_r:inetd_exec_t:s0', 0x4000000, "73b90000fffe647500d8a3b0c5f65ad276ad7e23a669a728f70c85ba6334b32567692729107fcb313f14433f2ba7db4b84a09437fc36ec07a96c70e86ae27778adaf53da285284e7fa29dc2827a96d09350be959826a0e151d80dcde"}, 0xfffffd5f) 2018/04/09 21:14:54 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xfc) [ 499.289150] binder: 1568:1582 unknown command 360506583 [ 499.318739] binder: 1568:1582 ioctl c0306201 20000040 returned -22 [ 499.348852] netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'. [ 499.363483] netlink: 'syz-executor6': attribute type 4 has an invalid length. 2018/04/09 21:14:55 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900000000000000, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:55 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x10) 2018/04/09 21:14:55 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000f00000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:55 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x5c15) 2018/04/09 21:14:55 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x0, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:55 executing program 0 (fault-call:1 fault-nth:0): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x802, 0x0) write$selinux_user(r0, &(0x7f0000000000)={'system_u:object_r:inetd_exec_t:s0', 0x4000000, "73b90000fffe647500d8a3b0c5f65ad276ad7e23a669a728f70c85ba6334b32567692729107fcb313f14433f2ba7db4b84a09437fc36ec07a96c70e86ae27778adaf53da285284e7fa29dc2827a96d09350be959826a0e151d80dcde"}, 0xfffffd5f) 2018/04/09 21:14:55 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x100000000000000) 2018/04/09 21:14:55 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x80, 0x2000) ioctl$EVIOCGLED(r1, 0x80404519, &(0x7f0000000040)=""/164) preadv(r0, &(0x7f00000003c0)=[{&(0x7f0000000240)=""/122, 0x7a}, {&(0x7f00000002c0)=""/156, 0x9c}, {&(0x7f00000001c0)=""/29, 0x1d}], 0x3, 0x0) write$rdma_cm(r0, &(0x7f0000000380)=@init_qp_attr={0xb, 0x10, 0xfa00, {&(0x7f0000000100), 0xffffffff, 0x7}}, 0x18) [ 499.400203] binder: BINDER_SET_CONTEXT_MGR already set [ 499.406478] binder: 1568:1582 ioctl 40046207 0 returned -16 [ 499.417987] binder: 1568:1612 unknown command 360506583 [ 499.423515] binder: 1568:1612 ioctl c0306201 20000040 returned -22 [ 499.465697] FAULT_INJECTION: forcing a failure. [ 499.465697] name failslab, interval 1, probability 0, space 0, times 0 [ 499.477211] CPU: 1 PID: 1635 Comm: syz-executor0 Not tainted 4.16.0+ #16 [ 499.484034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 499.493380] Call Trace: [ 499.495952] dump_stack+0x1b9/0x294 [ 499.499567] ? dump_stack_print_info.cold.2+0x52/0x52 [ 499.504764] should_fail.cold.4+0xa/0x1a [ 499.508829] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 499.513934] ? print_usage_bug+0xc0/0xc0 [ 499.517983] ? graph_lock+0x170/0x170 [ 499.521767] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 499.526939] ? find_held_lock+0x36/0x1c0 [ 499.530985] ? __lock_is_held+0xb5/0x140 [ 499.535047] ? check_same_owner+0x320/0x320 [ 499.539357] ? rcu_note_context_switch+0x710/0x710 [ 499.544292] __should_failslab+0x124/0x180 [ 499.548541] should_failslab+0x9/0x14 [ 499.552331] kmem_cache_alloc_trace+0x2cb/0x780 [ 499.556989] ? mutex_trylock+0x2a0/0x2a0 [ 499.561058] snd_pcm_oss_change_params_locked+0x1f9/0x3ce0 [ 499.568243] ? graph_lock+0x170/0x170 [ 499.572026] ? lock_acquire+0x1dc/0x520 [ 499.575996] ? __fdget_pos+0x1a9/0x1e0 [ 499.579884] ? graph_lock+0xf5/0x170 [ 499.583587] ? snd_pcm_hw_param_near.constprop.35+0xb10/0xb10 [ 499.589459] ? find_held_lock+0x36/0x1c0 [ 499.593518] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 499.599049] ? _parse_integer+0x13b/0x190 [ 499.603185] ? find_held_lock+0x36/0x1c0 [ 499.607237] ? lock_downgrade+0x8e0/0x8e0 [ 499.611376] ? kasan_check_read+0x11/0x20 [ 499.615520] ? rcu_is_watching+0x85/0x140 [ 499.619657] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 499.624842] snd_pcm_oss_make_ready_locked+0xbc/0x130 [ 499.630016] snd_pcm_oss_write+0x516/0xa20 [ 499.634234] ? expand_files.part.8+0x9a0/0x9a0 [ 499.638804] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 499.643640] __vfs_write+0x10b/0x880 [ 499.647336] ? __fget_light+0x2ef/0x430 [ 499.651295] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 499.656137] ? kernel_read+0x120/0x120 [ 499.660014] ? wait_for_completion+0x870/0x870 [ 499.664596] ? __lock_is_held+0xb5/0x140 [ 499.668645] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 499.674167] ? security_file_permission+0x1c6/0x240 [ 499.679168] ? rw_verify_area+0x118/0x360 [ 499.683303] vfs_write+0x1f8/0x560 [ 499.686838] ksys_write+0xf9/0x250 [ 499.690365] ? SyS_read+0x30/0x30 [ 499.693889] ? mm_fault_error+0x380/0x380 [ 499.698112] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 499.702937] ? ksys_ioctl+0x81/0xd0 [ 499.706549] SyS_write+0x24/0x30 [ 499.709898] ? ksys_write+0x250/0x250 [ 499.713686] do_syscall_64+0x29e/0x9d0 [ 499.717553] ? vmalloc_sync_all+0x30/0x30 [ 499.721685] ? _raw_spin_unlock_irq+0x27/0x70 [ 499.726166] ? finish_task_switch+0x1ca/0x820 [ 499.730663] ? syscall_return_slowpath+0x5c0/0x5c0 [ 499.735580] ? syscall_return_slowpath+0x30f/0x5c0 [ 499.740497] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 499.745850] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 499.750683] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 499.755855] RIP: 0033:0x455259 2018/04/09 21:14:55 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x240]}, 0x10) 2018/04/09 21:14:55 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4002000000000000]}, 0x10) 2018/04/09 21:14:55 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0xc00e) 2018/04/09 21:14:55 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a60080400100fffffff0683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:55 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x11000000) [ 499.759029] RSP: 002b:00007f080f9e5c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 499.768200] RAX: ffffffffffffffda RBX: 00007f080f9e66d4 RCX: 0000000000455259 [ 499.775458] RDX: 00000000fffffd5f RSI: 0000000020000000 RDI: 0000000000000013 [ 499.782710] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 499.789965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 499.797215] R13: 00000000000006c8 R14: 00000000006fd360 R15: 0000000000000000 2018/04/09 21:14:55 executing program 6: setsockopt(0xffffffffffffffff, 0x84, 0x72, &(0x7f000023dfff), 0x0) r0 = memfd_create(&(0x7f0000000000)='em0bdevcpuset\x00', 0x3) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="04002cbd7000fbdbdf25110000000800040031180dd2acbcd323a141de6f4fed8804000a000100000000f0ffff081bf219ef5a3db88d3b5afcd3dcf339ff8e2ea9a81d8619c1e78c0157b77d81ed128133f6b2738b353530f4348951901e42d289e3d42bd0ecb539db3e455f2b7a908190b378fdbbf97404f34a09e10b7e4a8bbdf8d380680a956d3567089c52c49b61f48d116ba2fb2a72d01e8de46b18493d"], 0x34}, 0x1, 0x0, 0x0, 0x8010}, 0x0) 2018/04/09 21:14:55 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x90000]}, 0x10) 2018/04/09 21:14:55 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804001000ec00000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:55 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:55 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xff000000) 2018/04/09 21:14:55 executing program 0 (fault-call:1 fault-nth:1): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x802, 0x0) write$selinux_user(r0, &(0x7f0000000000)={'system_u:object_r:inetd_exec_t:s0', 0x4000000, "73b90000fffe647500d8a3b0c5f65ad276ad7e23a669a728f70c85ba6334b32567692729107fcb313f14433f2ba7db4b84a09437fc36ec07a96c70e86ae27778adaf53da285284e7fa29dc2827a96d09350be959826a0e151d80dcde"}, 0xfffffd5f) 2018/04/09 21:14:55 executing program 6: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000016c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cast6-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005e381e5b3b60ced5c54dbb7", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f00000001c0)=[{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000002780)="a7118230eef5e420406dc6a099da077d64d054e0293b261f64eeceea9f3e7512", 0x20}], 0x1, &(0x7f0000000200)=[@assoc={0x18, 0x117, 0x4, 0x4}], 0x18}], 0x1, 0x0) socketpair(0x11, 0xb, 0x3, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000140)=[{0x8, 0x9}, {0x8, 0x2}, {0xea9fda8d33b84175, 0x10000}, {0x0, 0x2}, {0x7, 0xffffffff}], 0x5) setsockopt$packet_buf(r2, 0x107, 0x0, &(0x7f0000000300)="9fe43485a5803e653aeef2ca8a6227230950dea0711c9e600d6f3fbef65eebe4002ba0e8c1ac1af10c2294580248146877d7c1bc40184a111507c360c202aef5777d19fb873c580993e4a3513918e9bb29", 0x51) getsockopt$inet_sctp_SCTP_RECVRCVINFO(r3, 0x84, 0x20, &(0x7f00000000c0), &(0x7f0000000100)=0xfffffe9d) recvmsg(r1, &(0x7f0000001440)={&(0x7f0000000280)=@sco, 0x80, &(0x7f0000000000)=[{&(0x7f00000003c0)=""/4096, 0x1000}], 0x1, &(0x7f0000001400)=""/6, 0x6}, 0x0) 2018/04/09 21:14:55 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0x0, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:55 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010003000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:55 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x34000) 2018/04/09 21:14:55 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40020000]}, 0x10) [ 499.987655] binder: 1629:1630 Acquire 1 refcount change on invalid ref 128 ret -22 [ 499.995504] binder: 1629:1630 unknown command -928540024 [ 500.001222] binder: 1629:1630 ioctl c0306201 20007000 returned -22 [ 500.063461] FAULT_INJECTION: forcing a failure. [ 500.063461] name failslab, interval 1, probability 0, space 0, times 0 [ 500.074778] CPU: 0 PID: 1697 Comm: syz-executor0 Not tainted 4.16.0+ #16 [ 500.081606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 500.090939] Call Trace: [ 500.094207] dump_stack+0x1b9/0x294 [ 500.097825] ? dump_stack_print_info.cold.2+0x52/0x52 [ 500.103000] ? __save_stack_trace+0x7e/0xd0 [ 500.107316] should_fail.cold.4+0xa/0x1a [ 500.111368] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 500.116456] ? save_stack+0x43/0xd0 [ 500.120067] ? kasan_kmalloc+0xc4/0xe0 [ 500.123933] ? kmem_cache_alloc_trace+0x152/0x780 [ 500.128755] ? snd_pcm_oss_change_params_locked+0x1f9/0x3ce0 [ 500.134535] ? snd_pcm_oss_make_ready_locked+0xbc/0x130 [ 500.139890] ? snd_pcm_oss_write+0x516/0xa20 [ 500.144282] ? graph_lock+0x170/0x170 [ 500.148073] ? do_syscall_64+0x29e/0x9d0 [ 500.152123] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 500.157479] ? find_held_lock+0x36/0x1c0 [ 500.161553] ? __lock_is_held+0xb5/0x140 [ 500.165612] ? check_same_owner+0x320/0x320 [ 500.169922] ? rcu_note_context_switch+0x710/0x710 [ 500.174851] __should_failslab+0x124/0x180 [ 500.179073] should_failslab+0x9/0x14 [ 500.182862] kmem_cache_alloc_trace+0x2cb/0x780 [ 500.187541] ? mutex_trylock+0x2a0/0x2a0 [ 500.191598] snd_pcm_oss_change_params_locked+0x231/0x3ce0 [ 500.197210] ? graph_lock+0x170/0x170 [ 500.200992] ? lock_acquire+0x1dc/0x520 [ 500.204950] ? __fdget_pos+0x1a9/0x1e0 [ 500.208827] ? graph_lock+0xf5/0x170 [ 500.212529] ? snd_pcm_hw_param_near.constprop.35+0xb10/0xb10 [ 500.218399] ? find_held_lock+0x36/0x1c0 [ 500.222456] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 500.227977] ? _parse_integer+0x13b/0x190 [ 500.232112] ? find_held_lock+0x36/0x1c0 [ 500.236172] ? lock_downgrade+0x8e0/0x8e0 [ 500.240306] ? kasan_check_read+0x11/0x20 [ 500.244438] ? rcu_is_watching+0x85/0x140 [ 500.248569] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 500.253751] snd_pcm_oss_make_ready_locked+0xbc/0x130 [ 500.258926] snd_pcm_oss_write+0x516/0xa20 [ 500.263142] ? expand_files.part.8+0x9a0/0x9a0 [ 500.267712] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 500.272546] __vfs_write+0x10b/0x880 [ 500.276239] ? __fget_light+0x2ef/0x430 [ 500.280197] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 500.285025] ? kernel_read+0x120/0x120 [ 500.288899] ? wait_for_completion+0x870/0x870 [ 500.293465] ? __lock_is_held+0xb5/0x140 [ 500.297517] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 500.303039] ? security_file_permission+0x1c6/0x240 [ 500.308042] ? rw_verify_area+0x118/0x360 [ 500.312178] vfs_write+0x1f8/0x560 [ 500.315707] ksys_write+0xf9/0x250 [ 500.319234] ? SyS_read+0x30/0x30 [ 500.328226] ? mm_fault_error+0x380/0x380 [ 500.332361] ? ksys_ioctl+0x81/0xd0 [ 500.335982] SyS_write+0x24/0x30 [ 500.339331] ? ksys_write+0x250/0x250 [ 500.343116] do_syscall_64+0x29e/0x9d0 [ 500.346983] ? vmalloc_sync_all+0x30/0x30 [ 500.351112] ? _raw_spin_unlock_irq+0x27/0x70 [ 500.355590] ? finish_task_switch+0x1ca/0x820 [ 500.360532] ? syscall_return_slowpath+0x5c0/0x5c0 [ 500.365447] ? syscall_return_slowpath+0x30f/0x5c0 [ 500.370365] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 500.375718] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 500.380550] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 500.385723] RIP: 0033:0x455259 [ 500.388897] RSP: 002b:00007f080f9e5c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 500.396593] RAX: ffffffffffffffda RBX: 00007f080f9e66d4 RCX: 0000000000455259 [ 500.403846] RDX: 00000000fffffd5f RSI: 0000000020000000 RDI: 0000000000000013 2018/04/09 21:14:56 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x5c15000000000000) 2018/04/09 21:14:56 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a60080400100fffff000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:56 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb00]}, 0x10) 2018/04/09 21:14:56 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xfc00) 2018/04/09 21:14:56 executing program 6: socket$inet(0xa, 0x6, 0x0) r0 = semget(0x2, 0x4, 0x300) semctl$SEM_INFO(r0, 0x7, 0x13, &(0x7f0000000000)=""/189) syz_open_dev$sndpcmp(&(0x7f00000000c0)='/dev/snd/pcmC#D#p\x00', 0x8001, 0x40) semget(0x2, 0x2, 0x80) [ 500.411113] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 500.418365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 500.425619] R13: 00000000000006c8 R14: 00000000006fd360 R15: 0000000000000001 2018/04/09 21:14:56 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804001000000001f683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:56 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x6304000000000000) 2018/04/09 21:14:56 executing program 0 (fault-call:1 fault-nth:2): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x802, 0x0) write$selinux_user(r0, &(0x7f0000000000)={'system_u:object_r:inetd_exec_t:s0', 0x4000000, "73b90000fffe647500d8a3b0c5f65ad276ad7e23a669a728f70c85ba6334b32567692729107fcb313f14433f2ba7db4b84a09437fc36ec07a96c70e86ae27778adaf53da285284e7fa29dc2827a96d09350be959826a0e151d80dcde"}, 0xfffffd5f) [ 500.471952] binder: 1714:1715 Acquire 1 refcount change on invalid ref 128 ret -22 [ 500.479801] binder: 1714:1715 unknown command -928540024 [ 500.509505] binder: 1714:1715 ioctl c0306201 20007000 returned -22 [ 500.622203] FAULT_INJECTION: forcing a failure. [ 500.622203] name failslab, interval 1, probability 0, space 0, times 0 [ 500.633582] CPU: 0 PID: 1749 Comm: syz-executor0 Not tainted 4.16.0+ #16 [ 500.640406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 500.649754] Call Trace: [ 500.652356] dump_stack+0x1b9/0x294 [ 500.655972] ? dump_stack_print_info.cold.2+0x52/0x52 [ 500.661150] ? __save_stack_trace+0x7e/0xd0 [ 500.665461] should_fail.cold.4+0xa/0x1a [ 500.669527] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 500.674616] ? save_stack+0x43/0xd0 [ 500.678222] ? kasan_kmalloc+0xc4/0xe0 [ 500.682088] ? kmem_cache_alloc_trace+0x152/0x780 [ 500.686919] ? snd_pcm_oss_change_params_locked+0x231/0x3ce0 [ 500.692712] ? snd_pcm_oss_make_ready_locked+0xbc/0x130 [ 500.698508] ? snd_pcm_oss_write+0x516/0xa20 [ 500.702916] ? graph_lock+0x170/0x170 [ 500.706699] ? do_syscall_64+0x29e/0x9d0 [ 500.710752] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 500.716105] ? find_held_lock+0x36/0x1c0 [ 500.720162] ? __lock_is_held+0xb5/0x140 [ 500.724218] ? check_same_owner+0x320/0x320 [ 500.728529] ? rcu_note_context_switch+0x710/0x710 [ 500.733449] __should_failslab+0x124/0x180 [ 500.737671] should_failslab+0x9/0x14 [ 500.741454] kmem_cache_alloc_trace+0x2cb/0x780 [ 500.746118] ? mutex_trylock+0x2a0/0x2a0 [ 500.750164] snd_pcm_oss_change_params_locked+0x269/0x3ce0 [ 500.755776] ? zap_class+0x720/0x720 [ 500.759478] ? graph_lock+0x170/0x170 [ 500.763262] ? lock_acquire+0x1dc/0x520 [ 500.767239] ? graph_lock+0xf5/0x170 [ 500.770956] ? snd_pcm_hw_param_near.constprop.35+0xb10/0xb10 [ 500.776834] ? find_held_lock+0x36/0x1c0 [ 500.780882] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 500.786402] ? _parse_integer+0x13b/0x190 [ 500.790545] ? find_held_lock+0x36/0x1c0 [ 500.794597] ? lock_downgrade+0x8e0/0x8e0 [ 500.798732] ? rcu_is_watching+0x85/0x140 [ 500.802862] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 500.808044] snd_pcm_oss_make_ready_locked+0xbc/0x130 [ 500.813218] snd_pcm_oss_write+0x516/0xa20 [ 500.817434] ? expand_files.part.8+0x9a0/0x9a0 [ 500.822005] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 500.826841] __vfs_write+0x10b/0x880 [ 500.830534] ? __fget_light+0x2ef/0x430 [ 500.834503] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 500.839329] ? kernel_read+0x120/0x120 [ 500.843207] ? wait_for_completion+0x870/0x870 [ 500.847779] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 500.853300] ? security_file_permission+0x1c6/0x240 [ 500.858303] ? rw_verify_area+0x118/0x360 [ 500.862436] vfs_write+0x1f8/0x560 [ 500.865972] ksys_write+0xf9/0x250 [ 500.869498] ? SyS_read+0x30/0x30 [ 500.872932] ? mm_fault_error+0x380/0x380 [ 500.877079] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 500.881906] ? ksys_ioctl+0x81/0xd0 [ 500.885521] SyS_write+0x24/0x30 [ 500.888872] ? ksys_write+0x250/0x250 [ 500.892658] do_syscall_64+0x29e/0x9d0 [ 500.896530] ? vmalloc_sync_all+0x30/0x30 [ 500.900664] ? _raw_spin_unlock_irq+0x27/0x70 [ 500.905151] ? finish_task_switch+0x1ca/0x820 [ 500.909632] ? syscall_return_slowpath+0x5c0/0x5c0 [ 500.914548] ? syscall_return_slowpath+0x30f/0x5c0 [ 500.919470] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 500.924822] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 500.929653] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 500.934824] RIP: 0033:0x455259 [ 500.937995] RSP: 002b:00007f080f9e5c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 500.945687] RAX: ffffffffffffffda RBX: 00007f080f9e66d4 RCX: 0000000000455259 [ 500.952938] RDX: 00000000fffffd5f RSI: 0000000020000000 RDI: 0000000000000013 [ 500.960200] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 2018/04/09 21:14:56 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9000000, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:56 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x33) 2018/04/09 21:14:56 executing program 6: r0 = syz_open_dev$sndctrl(&(0x7f0000004fed)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000002c0)=0xffff) poll(&(0x7f0000000480), 0x0, 0x1) 2018/04/09 21:14:56 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe103]}, 0x10) 2018/04/09 21:14:56 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x2000000) 2018/04/09 21:14:56 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804001009effffff683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:56 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:14:56 executing program 0 (fault-call:1 fault-nth:3): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x802, 0x0) write$selinux_user(r0, &(0x7f0000000000)={'system_u:object_r:inetd_exec_t:s0', 0x4000000, "73b90000fffe647500d8a3b0c5f65ad276ad7e23a669a728f70c85ba6334b32567692729107fcb313f14433f2ba7db4b84a09437fc36ec07a96c70e86ae27778adaf53da285284e7fa29dc2827a96d09350be959826a0e151d80dcde"}, 0xfffffd5f) [ 500.967461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 500.975147] R13: 00000000000006c8 R14: 00000000006fd360 R15: 0000000000000002 [ 501.029689] FAULT_INJECTION: forcing a failure. [ 501.029689] name failslab, interval 1, probability 0, space 0, times 0 [ 501.041015] CPU: 1 PID: 1769 Comm: syz-executor0 Not tainted 4.16.0+ #16 [ 501.047851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 501.057189] Call Trace: [ 501.059781] dump_stack+0x1b9/0x294 [ 501.063398] ? dump_stack_print_info.cold.2+0x52/0x52 [ 501.068586] should_fail.cold.4+0xa/0x1a [ 501.072645] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 501.077739] ? debug_check_no_locks_freed+0x310/0x310 [ 501.082914] ? graph_lock+0x170/0x170 [ 501.086712] ? lock_acquire+0x1dc/0x520 [ 501.090674] ? find_held_lock+0x36/0x1c0 [ 501.094730] ? __lock_is_held+0xb5/0x140 [ 501.098804] ? check_same_owner+0x320/0x320 [ 501.103108] ? print_usage_bug+0xc0/0xc0 [ 501.107153] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 501.112328] ? rcu_note_context_switch+0x710/0x710 [ 501.117244] ? graph_lock+0x170/0x170 [ 501.121036] __should_failslab+0x124/0x180 [ 501.125254] should_failslab+0x9/0x14 [ 501.129037] __kmalloc+0x2c8/0x760 [ 501.132568] ? constrain_params_by_rules+0x141/0x1360 [ 501.137741] ? find_held_lock+0x36/0x1c0 [ 501.141791] constrain_params_by_rules+0x141/0x1360 [ 501.146794] ? lock_downgrade+0x8e0/0x8e0 [ 501.150933] ? snd_pcm_mmap_control_fault+0x3e0/0x3e0 [ 501.156125] ? rcu_is_watching+0x85/0x140 [ 501.160282] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 501.165459] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 501.170646] ? is_bpf_text_address+0xd7/0x170 [ 501.175126] ? kernel_text_address+0x79/0xf0 [ 501.179520] ? __unwind_start+0x166/0x330 [ 501.183652] ? graph_lock+0x170/0x170 [ 501.187447] ? unwind_get_return_address+0x61/0xa0 [ 501.192364] ? __save_stack_trace+0x7e/0xd0 [ 501.196679] ? __lock_is_held+0xb5/0x140 [ 501.200730] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 501.205743] ? snd_interval_refine+0x428/0x700 [ 501.210314] snd_pcm_hw_refine+0x8e9/0x1180 [ 501.214628] ? constrain_params_by_rules+0x1360/0x1360 [ 501.219899] ? graph_lock+0x170/0x170 [ 501.224646] ? __lock_is_held+0xb5/0x140 [ 501.228702] ? __lock_is_held+0xb5/0x140 [ 501.232754] ? snd_pcm_oss_change_params_locked+0x269/0x3ce0 [ 501.238539] ? rcu_read_lock_sched_held+0x108/0x120 [ 501.243542] ? _snd_pcm_hw_param_min+0x330/0x570 [ 501.248286] snd_pcm_oss_change_params_locked+0x901/0x3ce0 [ 501.253917] ? __fdget_pos+0x1a9/0x1e0 [ 501.257801] ? graph_lock+0xf0/0x170 [ 501.261502] ? snd_pcm_hw_param_near.constprop.35+0xb10/0xb10 [ 501.267371] ? find_held_lock+0x36/0x1c0 [ 501.271415] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 501.276939] ? _parse_integer+0x13b/0x190 [ 501.281072] ? find_held_lock+0x36/0x1c0 [ 501.285126] ? lock_downgrade+0x8e0/0x8e0 [ 501.289284] ? kasan_check_read+0x11/0x20 [ 501.293415] ? rcu_is_watching+0x85/0x140 [ 501.297561] snd_pcm_oss_make_ready_locked+0xbc/0x130 [ 501.302738] snd_pcm_oss_write+0x516/0xa20 [ 501.306978] ? expand_files.part.8+0x9a0/0x9a0 [ 501.311574] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 501.316426] __vfs_write+0x10b/0x880 [ 501.320136] ? __fget_light+0x2ef/0x430 [ 501.324113] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 501.328948] ? kernel_read+0x120/0x120 [ 501.332829] ? wait_for_completion+0x870/0x870 [ 501.337407] ? __lock_is_held+0xb5/0x140 [ 501.341469] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 501.346996] ? security_file_permission+0x1c6/0x240 [ 501.352012] ? rw_verify_area+0x118/0x360 [ 501.356159] vfs_write+0x1f8/0x560 [ 501.359699] ksys_write+0xf9/0x250 [ 501.363229] ? SyS_read+0x30/0x30 [ 501.366669] ? mm_fault_error+0x380/0x380 [ 501.370805] ? ksys_ioctl+0x81/0xd0 [ 501.374426] SyS_write+0x24/0x30 [ 501.377782] ? ksys_write+0x250/0x250 [ 501.381576] do_syscall_64+0x29e/0x9d0 [ 501.385452] ? vmalloc_sync_all+0x30/0x30 [ 501.389589] ? _raw_spin_unlock_irq+0x27/0x70 [ 501.394075] ? finish_task_switch+0x1ca/0x820 [ 501.398610] ? syscall_return_slowpath+0x5c0/0x5c0 [ 501.403532] ? syscall_return_slowpath+0x30f/0x5c0 [ 501.408458] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 501.413817] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 501.418654] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 501.423833] RIP: 0033:0x455259 2018/04/09 21:14:57 executing program 6: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000002fe4)={0xa, 0x4e20, 0x0, @mcast1={0xff, 0x1, [], 0x1}, 0x7}, 0x1c) connect$inet6(r0, &(0x7f0000007000)={0xa, 0x4e20, 0x0, @ipv4={[], [0xff, 0xff], @multicast2=0xe0000002}}, 0xfffffffffffffefd) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffff9c, 0x84, 0x71, &(0x7f0000000040)={0x0}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f00000000c0)={r1, 0x7ff}, &(0x7f0000000100)=0x8) socket$inet6(0xa, 0xe, 0x7) pkey_mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xd, 0xffffffffffffffff) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @dev={0xfe, 0x80}}, 0x1c) 2018/04/09 21:14:57 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xffffffc0) 2018/04/09 21:14:57 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x8a070000) [ 501.427014] RSP: 002b:00007f080f9e5c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 501.434719] RAX: ffffffffffffffda RBX: 00007f080f9e66d4 RCX: 0000000000455259 [ 501.441976] RDX: 00000000fffffd5f RSI: 0000000020000000 RDI: 0000000000000013 [ 501.449234] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 501.456501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 501.463766] R13: 00000000000006c8 R14: 00000000006fd360 R15: 0000000000000003 2018/04/09 21:14:57 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3e1]}, 0x10) 2018/04/09 21:14:57 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000000463683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:57 executing program 6: getdents64(0xffffffffffffffff, &(0x7f00000007c0)=""/250, 0x1015a) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f61fe4)={0xa, 0x8004e20}, 0x1c) perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x101, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x10000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x8000, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000080), 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000f59ffc)=0x4, 0x4) syz_emit_ethernet(0x3e, &(0x7f00000001c0)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, [], {@ipv6={0x86dd, {0x0, 0x6, "50a09c", 0x8, 0xffffff11, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @local={0xfe, 0x80, [], 0xaa}, {[], @udp={0x0, 0x4e20, 0x8}}}}}}, &(0x7f0000000040)) 2018/04/09 21:14:57 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x1100000000000000) 2018/04/09 21:14:57 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x9effffff) [ 501.731595] binder: 1754:1755 Acquire 1 refcount change on invalid ref 128 ret -22 [ 501.739536] binder: 1754:1755 unknown command -928540024 [ 501.798596] binder: 1754:1755 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:57 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14000000, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:14:57 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8072000000000000]}, 0x10) 2018/04/09 21:14:57 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000630400683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:14:57 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xfc00000000000000) 2018/04/09 21:14:57 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0xffffff7f) 2018/04/09 21:14:57 executing program 0 (fault-call:1 fault-nth:4): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x802, 0x0) write$selinux_user(r0, &(0x7f0000000000)={'system_u:object_r:inetd_exec_t:s0', 0x4000000, "73b90000fffe647500d8a3b0c5f65ad276ad7e23a669a728f70c85ba6334b32567692729107fcb313f14433f2ba7db4b84a09437fc36ec07a96c70e86ae27778adaf53da285284e7fa29dc2827a96d09350be959826a0e151d80dcde"}, 0xfffffd5f) 2018/04/09 21:14:57 executing program 6: r0 = syz_open_dev$loop(&(0x7f0000000780)='/dev/loop#\x00', 0xfffffffffffffffe, 0x0) r1 = syz_open_dev$amidi(&(0x7f0000003200)='/dev/amidi#\x00', 0x6, 0x400000) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f0000003240), 0x4) r2 = fcntl$getown(r0, 0x9) ptrace$setregs(0xf, r2, 0xfff, &(0x7f0000000000)="8e88b92b40abc54b12df8da2b00975b3e85641b94f9acbddce1f589a6ae14707552821b94b8daf1830e95b0a11b003783ef0c0d0b11e713321f645618cf863314a038fd06b2b9a2e6b86c40b2a9cc1db7bd02508cc175dbab470ec325b1d83395cb5febeddf85489a287e19b1220d436a85929414a58c69a29d4d23aea78c13679984f01f2a7a430daf19d37dae12763529fe118bf2eff6db72e5d0d0ddeaf6821a18bc3e4bd8361254c544dd3299155448628adc1c7212203b39997c59d5e9d5ea35b77c1fc8dc54ddc5b30f2d5dedfd0982c8f12fb697aa5d9629d2f0718ef805f8f") ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000100)={0x1f, 0x20, 0x1, r1}) 2018/04/09 21:14:57 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0xffffffffffffffff, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) [ 501.894971] FAULT_INJECTION: forcing a failure. [ 501.894971] name failslab, interval 1, probability 0, space 0, times 0 [ 501.906330] CPU: 0 PID: 1827 Comm: syz-executor0 Not tainted 4.16.0+ #16 [ 501.913189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 501.922571] Call Trace: [ 501.925187] dump_stack+0x1b9/0x294 [ 501.928869] ? dump_stack_print_info.cold.2+0x52/0x52 [ 501.934091] ? __save_stack_trace+0x7e/0xd0 [ 501.938457] should_fail.cold.4+0xa/0x1a [ 501.942569] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 501.947709] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 501.952754] ? snd_interval_refine+0x428/0x700 [ 501.957372] ? graph_lock+0x170/0x170 [ 501.961205] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 501.966778] ? snd_pcm_hw_refine+0x362/0x1180 [ 501.971320] ? find_held_lock+0x36/0x1c0 [ 501.975424] ? __lock_is_held+0xb5/0x140 [ 501.979523] ? check_same_owner+0x320/0x320 [ 501.983859] ? rcu_note_context_switch+0x710/0x710 [ 501.988810] __should_failslab+0x124/0x180 [ 501.993055] should_failslab+0x9/0x14 [ 501.996886] kmem_cache_alloc_trace+0x2cb/0x780 [ 502.001564] ? _snd_pcm_hw_param_min+0x330/0x570 [ 502.006331] snd_pcm_oss_change_params_locked+0x99b/0x3ce0 [ 502.011971] ? __fdget_pos+0x1a9/0x1e0 [ 502.015869] ? snd_pcm_hw_param_near.constprop.35+0xb10/0xb10 [ 502.021757] ? find_held_lock+0x36/0x1c0 [ 502.025820] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 502.031355] ? _parse_integer+0x13b/0x190 [ 502.035505] ? find_held_lock+0x36/0x1c0 [ 502.039575] ? lock_downgrade+0x8e0/0x8e0 [ 502.043733] ? kasan_check_read+0x11/0x20 [ 502.047878] ? rcu_is_watching+0x85/0x140 [ 502.052054] snd_pcm_oss_make_ready_locked+0xbc/0x130 [ 502.057253] snd_pcm_oss_write+0x516/0xa20 [ 502.061488] ? expand_files.part.8+0x9a0/0x9a0 [ 502.066088] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 502.070950] __vfs_write+0x10b/0x880 [ 502.074659] ? __fget_light+0x2ef/0x430 [ 502.078640] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 502.083498] ? kernel_read+0x120/0x120 [ 502.087414] ? wait_for_completion+0x870/0x870 [ 502.091995] ? __lock_is_held+0xb5/0x140 [ 502.096070] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 502.101611] ? security_file_permission+0x1c6/0x240 [ 502.106633] ? rw_verify_area+0x118/0x360 [ 502.110798] vfs_write+0x1f8/0x560 [ 502.114358] ksys_write+0xf9/0x250 [ 502.117893] ? SyS_read+0x30/0x30 [ 502.121344] ? mm_fault_error+0x380/0x380 [ 502.125490] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 502.130330] ? ksys_ioctl+0x81/0xd0 [ 502.133952] SyS_write+0x24/0x30 [ 502.137308] ? ksys_write+0x250/0x250 [ 502.141098] do_syscall_64+0x29e/0x9d0 [ 502.144973] ? vmalloc_sync_all+0x30/0x30 [ 502.149130] ? _raw_spin_unlock_irq+0x27/0x70 [ 502.153623] ? finish_task_switch+0x1ca/0x820 [ 502.158108] ? syscall_return_slowpath+0x5c0/0x5c0 [ 502.163041] ? syscall_return_slowpath+0x30f/0x5c0 [ 502.167974] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 502.173362] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 502.178242] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 502.183427] RIP: 0033:0x455259 [ 502.186960] RSP: 002b:00007f080f9e5c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 2018/04/09 21:14:57 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x4000000000000) 2018/04/09 21:14:57 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x463) 2018/04/09 21:14:57 executing program 6: r0 = add_key$keyring(&(0x7f0000000240)='keyring\x00', &(0x7f0000000380)={0x73, 0x79, 0x7a}, 0x0, 0x0, 0xfffffffffffffffe) r1 = add_key$keyring(&(0x7f0000000400)='keyring\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a}, 0x0, 0x0, r0) r2 = add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f0000000200)={0x73, 0x79, 0x7a}, 0x0, 0x0, r1) r3 = add_key$user(&(0x7f00003bd000)='user\x00', &(0x7f0000000b00)={0x73, 0x79, 0x7a}, &(0x7f0000000440)='\x00\x00\x00\x00\x00\x00\x00X', 0x8, r2) r4 = add_key$user(&(0x7f0000002cc0)='user\x00', &(0x7f0000002c80)={0x73, 0x79, 0x7a}, &(0x7f0000000280), 0x3e4, r1) keyctl$dh_compute(0x17, &(0x7f0000000180)={r3, r4, r3}, &(0x7f0000a53ffb)=""/5, 0x5, &(0x7f0000c61fc8)={&(0x7f0000000140)={'rmd256-generic\x00'}}) r5 = memfd_create(&(0x7f0000000280)='\x00', 0x2) setsockopt$bt_l2cap_L2CAP_LM(r5, 0x6, 0x3, &(0x7f00000002c0)=0x3c, 0x4) ioctl$TUNSETTXFILTER(r5, 0x400454d1, &(0x7f0000000480)={0x1, 0x3, [@random="41a4f5cf386f", @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff]]}) r6 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4408002) add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x0}, 0x0, 0x0, r2) request_key(&(0x7f0000000300)='cifs.spnego\x00', &(0x7f0000000340)={0x73, 0x79, 0x7a, 0x3}, &(0x7f00000003c0)='rmd256-generic\x00', r2) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r6, 0x800443d3, &(0x7f00000000c0)={{0x6, 0xfffffffffffffff7, 0x6, 0x95, 0x3, 0x9}, 0x8, 0x7fff, 0x80000001}) [ 502.194684] RAX: ffffffffffffffda RBX: 00007f080f9e66d4 RCX: 0000000000455259 [ 502.201958] RDX: 00000000fffffd5f RSI: 0000000020000000 RDI: 0000000000000013 [ 502.209213] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 502.216486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 502.223764] R13: 00000000000006c8 R14: 00000000006fd360 R15: 0000000000000004 2018/04/09 21:14:58 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000091b00683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 502.294004] binder: 1834:1835 Acquire 1 refcount change on invalid ref 128 ret -22 [ 502.302120] binder: 1834:1835 unknown command -928540024 2018/04/09 21:14:58 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x10) 2018/04/09 21:14:58 executing program 6: r0 = socket$inet6(0xa, 0x5, 0x0) sendfile(r0, r0, &(0x7f0000000000), 0x100000000) bind$inet6(r0, &(0x7f0000d1a000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80}, 0x20}, 0x1c) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/vs/sync_refresh_period\x00', 0x2, 0x0) ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f00000001c0)={0xd000, 0x0, 0x9, 0xc6, 0x20}) r2 = openat(r1, &(0x7f0000000040)='./file0\x00', 0x105000, 0x80) ioctl$EVIOCGKEY(r2, 0x80404518, &(0x7f0000000080)=""/224) 2018/04/09 21:14:58 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x1f00000000000000) [ 502.334712] binder: 1834:1835 ioctl c0306201 20007000 returned -22 2018/04/09 21:14:58 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xfec0000000000000) 2018/04/09 21:15:04 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1400, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:15:04 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000000300683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:15:04 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:15:04 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xf5ffffff) 2018/04/09 21:15:04 executing program 6: times(&(0x7f0000000040)) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) syz_extract_tcp_res$synack(&(0x7f0000000180), 0x1, 0x0) write$rdma_cm(r0, &(0x7f00000018c0)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000001880)={0xffffffff}, 0x106}}, 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@listen={0x7, 0x8, 0xfa00, {r1, 0xffff}}, 0x10) accept4(0xffffffffffffff9c, &(0x7f00000000c0)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @mcast1}}}, &(0x7f0000000140)=0x80, 0x800) getsockopt$inet_mreqn(0xffffffffffffff9c, 0x0, 0x24, &(0x7f0000000240)={@multicast2, @empty, 0x0}, &(0x7f0000000280)=0xc) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000002c0)={'vcan0\x00', r3}) 2018/04/09 21:15:04 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4002]}, 0x10) 2018/04/09 21:15:04 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0xffffff7f00000000) 2018/04/09 21:15:04 executing program 0 (fault-call:1 fault-nth:5): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x802, 0x0) write$selinux_user(r0, &(0x7f0000000000)={'system_u:object_r:inetd_exec_t:s0', 0x4000000, "73b90000fffe647500d8a3b0c5f65ad276ad7e23a669a728f70c85ba6334b32567692729107fcb313f14433f2ba7db4b84a09437fc36ec07a96c70e86ae27778adaf53da285284e7fa29dc2827a96d09350be959826a0e151d80dcde"}, 0xfffffd5f) [ 508.701550] FAULT_INJECTION: forcing a failure. [ 508.701550] name failslab, interval 1, probability 0, space 0, times 0 [ 508.712927] CPU: 1 PID: 1889 Comm: syz-executor0 Not tainted 4.16.0+ #16 [ 508.719776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 508.729128] Call Trace: [ 508.731732] dump_stack+0x1b9/0x294 [ 508.735375] ? dump_stack_print_info.cold.2+0x52/0x52 [ 508.740582] should_fail.cold.4+0xa/0x1a [ 508.744663] ? __save_stack_trace+0x7e/0xd0 [ 508.749002] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 508.754212] ? debug_check_no_locks_freed+0x310/0x310 [ 508.759427] ? graph_lock+0x170/0x170 [ 508.763239] ? save_stack+0x43/0xd0 [ 508.766960] ? __kasan_slab_free+0x11a/0x170 [ 508.771363] ? kasan_slab_free+0xe/0x10 [ 508.775332] ? find_held_lock+0x36/0x1c0 [ 508.779392] ? __lock_is_held+0xb5/0x140 [ 508.783461] ? check_same_owner+0x320/0x320 [ 508.787777] ? debug_check_no_obj_freed+0x2ff/0x584 [ 508.792784] ? rcu_note_context_switch+0x710/0x710 [ 508.797703] ? graph_lock+0x170/0x170 [ 508.801497] __should_failslab+0x124/0x180 [ 508.805721] should_failslab+0x9/0x14 [ 508.809508] __kmalloc+0x2c8/0x760 [ 508.813049] ? constrain_params_by_rules+0x141/0x1360 [ 508.818223] ? find_held_lock+0x36/0x1c0 [ 508.822276] constrain_params_by_rules+0x141/0x1360 [ 508.827282] ? lock_downgrade+0x8e0/0x8e0 [ 508.831426] ? snd_pcm_mmap_control_fault+0x3e0/0x3e0 [ 508.836601] ? rcu_is_watching+0x85/0x140 [ 508.840735] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 508.845925] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 508.851109] ? is_bpf_text_address+0xd7/0x170 [ 508.855595] ? kernel_text_address+0x79/0xf0 [ 508.859990] ? __unwind_start+0x166/0x330 [ 508.864131] ? __kernel_text_address+0xd/0x40 [ 508.868622] ? unwind_get_return_address+0x61/0xa0 [ 508.873544] ? __save_stack_trace+0x7e/0xd0 [ 508.877866] ? save_stack+0xa9/0xd0 [ 508.881480] ? save_stack+0x43/0xd0 [ 508.885099] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 508.890623] ? snd_interval_refine+0x428/0x700 [ 508.895200] snd_pcm_hw_refine+0x8e9/0x1180 [ 508.899520] ? constrain_params_by_rules+0x1360/0x1360 [ 508.904787] ? graph_lock+0x170/0x170 [ 508.908576] ? __lock_is_held+0xb5/0x140 [ 508.912638] ? __lock_is_held+0xb5/0x140 [ 508.916778] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 508.922402] ? snd_interval_refine+0x428/0x700 [ 508.926978] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 508.932510] ? _snd_pcm_hw_param_set.constprop.34+0x259/0x610 [ 508.938385] ? rcu_read_lock_sched_held+0x108/0x120 [ 508.943391] ? snd_pcm_hw_param_max+0x730/0x730 [ 508.948055] ? _snd_pcm_hw_param_min+0x330/0x570 [ 508.952809] snd_pcm_oss_change_params_locked+0x2883/0x3ce0 [ 508.958525] ? snd_pcm_hw_param_near.constprop.35+0xb10/0xb10 [ 508.964399] ? find_held_lock+0x36/0x1c0 [ 508.968449] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 508.973976] ? _parse_integer+0x13b/0x190 [ 508.978120] ? find_held_lock+0x36/0x1c0 [ 508.982192] ? lock_downgrade+0x8e0/0x8e0 [ 508.986334] ? kasan_check_read+0x11/0x20 [ 508.990471] ? rcu_is_watching+0x85/0x140 [ 508.994624] snd_pcm_oss_make_ready_locked+0xbc/0x130 [ 508.999804] snd_pcm_oss_write+0x516/0xa20 [ 509.004033] ? expand_files.part.8+0x9a0/0x9a0 [ 509.008614] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 509.013454] __vfs_write+0x10b/0x880 [ 509.017156] ? __fget_light+0x2ef/0x430 [ 509.021119] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 509.025953] ? kernel_read+0x120/0x120 [ 509.029833] ? wait_for_completion+0x870/0x870 [ 509.034404] ? __lock_is_held+0xb5/0x140 [ 509.038459] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 509.043985] ? security_file_permission+0x1c6/0x240 [ 509.048994] ? rw_verify_area+0x118/0x360 [ 509.053142] vfs_write+0x1f8/0x560 [ 509.056680] ksys_write+0xf9/0x250 [ 509.060211] ? SyS_read+0x30/0x30 [ 509.063653] ? mm_fault_error+0x380/0x380 [ 509.067794] ? ksys_ioctl+0x81/0xd0 [ 509.071411] SyS_write+0x24/0x30 [ 509.074766] ? ksys_write+0x250/0x250 [ 509.078558] do_syscall_64+0x29e/0x9d0 [ 509.082431] ? vmalloc_sync_all+0x30/0x30 [ 509.086568] ? _raw_spin_unlock_irq+0x27/0x70 [ 509.091054] ? finish_task_switch+0x1ca/0x820 [ 509.095540] ? syscall_return_slowpath+0x5c0/0x5c0 [ 509.100460] ? syscall_return_slowpath+0x30f/0x5c0 [ 509.105386] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 509.110746] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 509.115584] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 509.120764] RIP: 0033:0x455259 [ 509.123939] RSP: 002b:00007f080f9e5c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 509.131640] RAX: ffffffffffffffda RBX: 00007f080f9e66d4 RCX: 0000000000455259 [ 509.138896] RDX: 00000000fffffd5f RSI: 0000000020000000 RDI: 0000000000000013 [ 509.146151] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 2018/04/09 21:15:04 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0xfffff000) 2018/04/09 21:15:04 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x10) [ 509.153406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 509.160671] R13: 00000000000006c8 R14: 00000000006fd360 R15: 0000000000000005 2018/04/09 21:15:04 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xa000000) 2018/04/09 21:15:04 executing program 6: r0 = socket(0x1e, 0x1, 0x0) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000000300)=[{&(0x7f0000000200)="ecb0c641899db2af8a08e5275c06bee286eefc81ed267addb00759122a50cc1fc1385c34e69326ba82ad21c5138e2fa3b2ceaa74b675a85447f96ae2b256c383ace919a201f600767fe0d5d77b530ea7852413685387d3947e4d0d58239b685cbee2fe1c2e3170fba8b29e48cd5cbc964674c0d635097b12a34ef3ce0eabbb64ee510335ce7ff440ae3f7a16e7dcec71b14c1b00976d33dd0c71d6408e94fdcd16ffb580efae5f0dfbd28e9ddb11fd42d0d59aa7fcd7461fad5be5a5c18260a8c7bb3f93520e84d4bcbaf63853167db16d2a52da36b9597376b3aa66c0839314416c5d0da08bd92da6c60736270285669e6b60a1a58e345b", 0xf8}], 0x1) shutdown(r0, 0x2) getsockname$netrom(r0, &(0x7f0000000040)=@full, &(0x7f00000000c0)=0x48) ioctl(r0, 0xe30, &(0x7f0000000100)="d700ae87bc31bd371159ae952591c234c48807157a5e4029828160639b3a30c5687dc043ecd0126277c62ef2f88f8f07e4469b04b9be7d45623fc1efd112c26b70bbe3cb222611cf8815cc7dab6a6fb0d7b6dba66f78dc4570a725315ffd194e138894fe9748d1cd8e8debfc1266da4d72e9f52762c61c3b95747417ed840f753eeebe52cff19f65ec97b6bfb457a22fbea4a79e58fe9d26659f27fbd21e9215f1b4b096e69caa5a1f4b946a2dfa189bd1032233ab9b10603eac399f3d2df505d6000819003e46f214cafa0c1c") 2018/04/09 21:15:04 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000046300683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:15:05 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x1000000) [ 509.290130] binder: 1875:1876 Acquire 1 refcount change on invalid ref 128 ret -22 [ 509.298131] binder: 1875:1876 unknown command -928540024 2018/04/09 21:15:05 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0xc0ffffff) 2018/04/09 21:15:05 executing program 6: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/sequencer2\x00', 0x4, 0x0) getsockopt$inet_sctp_SCTP_RECVRCVINFO(r1, 0x84, 0x20, &(0x7f00000002c0), &(0x7f0000000300)=0x4) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f0000000200)="0f07ea040000000f019f0f01c9c4c1785834988fe9b8912d00180000b8010000000f01c166baa000b80ce90d32ef0f23ce0f01df", 0x34}], 0xaaaaaaaaaaaad34, 0x0, &(0x7f0000000100)=[@efer={0x2, 0x4000}], 0x1) ioctl$FUSE_DEV_IOC_CLONE(r1, 0x8004e500, &(0x7f0000000340)=r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000000)={0x0, 0x8}) r4 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x5, 0xc0240) ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r4, 0x4008af23, &(0x7f00000000c0)={0x275de0d9d5760794, 0x39}) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000140)={0x0, 0xd217, 0x0, 0x0, 0x0, 0x609}, &(0x7f00000001c0)=0x14) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4008ae93, &(0x7f0000000080)=0x5000) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 509.344152] binder: 1875:1876 ioctl c0306201 20007000 returned -22 2018/04/09 21:15:07 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:15:07 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc020000]}, 0x10) 2018/04/09 21:15:07 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000c00e00683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:15:07 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0xc00e0000) 2018/04/09 21:15:07 executing program 4: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rtc\x00', 0x4000, 0x0) ioctl$VT_RESIZE(r0, 0x5609, &(0x7f0000000100)={0xb21, 0x8, 0x8}) r1 = socket$inet6(0xa, 0x3, 0xff) r2 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x2000, 0x23) ioctl$EVIOCGKEY(r2, 0x80404518, &(0x7f0000000180)=""/144) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x3, @remote={0xfe, 0x80, [], 0xbb}, 0xc832}, 0xfffffffffffffcc1) sendmsg$key(r1, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="020000000700000000600000000000000000000000000000ac1414a100000000000000000000000000000000"], 0x28}, 0x1}, 0x0) clock_adjtime(0x7, &(0x7f00000002c0)={0x2d4, 0x1ff, 0x6f4, 0x9, 0xf44, 0x9, 0x5, 0x1, 0x401, 0x1, 0x2, 0x1, 0x81, 0x1f, 0xd6, 0x498f, 0x7fff, 0x1000, 0xffffffffffffffff, 0x0, 0x0, 0x1f, 0x8, 0x200, 0x1, 0x7}) 2018/04/09 21:15:07 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:15:07 executing program 6: socketpair(0x8000000000001e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendto$ipx(r0, &(0x7f0000000100)="12847695f703447d48c4b9d856105f6dd114e75630", 0x15, 0x10, &(0x7f0000000140)={0x4, 0x2, 0x1, "0ff693a6a800", 0x4}, 0x10) ioctl$VHOST_GET_FEATURES(r0, 0x8008af00, &(0x7f00000000c0)) getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x7, &(0x7f0000000180), &(0x7f00000001c0)=0x4) close(r0) recvmmsg(r1, &(0x7f0000004800)=[{{&(0x7f0000002d00)=@in={0x0, 0x0, @loopback}, 0x80, &(0x7f0000003080)=[{&(0x7f0000003000)=""/26, 0x1a}], 0x1, &(0x7f0000003180)=""/222, 0xde}}, {{0x0, 0x0, &(0x7f00000037c0)=[{&(0x7f00000035c0)=""/145, 0x91}], 0x1, &(0x7f0000003800)=""/4096, 0x1000}}], 0x2, 0x40, &(0x7f00000048c0)={0x77359400}) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000200)={0x0, 0x100000001}, &(0x7f0000000240)=0x8) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={r2, 0x7}, 0x8) socket$inet_sctp(0x2, 0x1, 0x84) getsockname$ipx(r0, &(0x7f0000000040), &(0x7f0000000080)=0x10) 2018/04/09 21:15:07 executing program 0 (fault-call:1 fault-nth:6): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x802, 0x0) write$selinux_user(r0, &(0x7f0000000000)={'system_u:object_r:inetd_exec_t:s0', 0x4000000, "73b90000fffe647500d8a3b0c5f65ad276ad7e23a669a728f70c85ba6334b32567692729107fcb313f14433f2ba7db4b84a09437fc36ec07a96c70e86ae27778adaf53da285284e7fa29dc2827a96d09350be959826a0e151d80dcde"}, 0xfffffd5f) [ 511.784365] FAULT_INJECTION: forcing a failure. [ 511.784365] name failslab, interval 1, probability 0, space 0, times 0 [ 511.795801] CPU: 1 PID: 1959 Comm: syz-executor0 Not tainted 4.16.0+ #16 [ 511.802644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 511.811999] Call Trace: [ 511.814603] dump_stack+0x1b9/0x294 [ 511.818251] ? dump_stack_print_info.cold.2+0x52/0x52 [ 511.823450] ? lock_downgrade+0x8e0/0x8e0 [ 511.827616] should_fail.cold.4+0xa/0x1a [ 511.831684] ? rcu_is_watching+0x85/0x140 [ 511.835844] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 511.840966] ? graph_lock+0x170/0x170 [ 511.844770] ? is_bpf_text_address+0xd7/0x170 [ 511.849268] ? kernel_text_address+0x79/0xf0 [ 511.853684] ? __unwind_start+0x166/0x330 [ 511.857833] ? find_held_lock+0x36/0x1c0 [ 511.861894] ? __lock_is_held+0xb5/0x140 [ 511.866016] ? check_same_owner+0x320/0x320 [ 511.870342] ? snd_pcm_oss_make_ready_locked+0xbc/0x130 [ 511.875706] ? snd_pcm_oss_write+0x516/0xa20 [ 511.880110] ? __vfs_write+0x10b/0x880 [ 511.883993] ? rcu_note_context_switch+0x710/0x710 [ 511.888922] ? do_syscall_64+0x29e/0x9d0 [ 511.892988] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 511.898350] __should_failslab+0x124/0x180 [ 511.902581] should_failslab+0x9/0x14 [ 511.906371] kmem_cache_alloc_trace+0x2cb/0x780 [ 511.911040] ? do_raw_spin_lock+0xc1/0x200 [ 511.915271] ? trace_hardirqs_off+0xd/0x10 [ 511.919502] snd_pcm_hw_param_near.constprop.35+0x15c/0xb10 [ 511.925209] ? _snd_pcm_hw_param_min+0x570/0x570 [ 511.929954] ? mark_held_locks+0xc9/0x160 [ 511.934094] ? kfree+0x111/0x260 [ 511.937464] ? snd_pcm_oss_change_params_locked+0x2c1e/0x3ce0 [ 511.943340] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 511.948345] ? trace_hardirqs_on+0xd/0x10 [ 511.952489] snd_pcm_oss_change_params_locked+0xc4d/0x3ce0 [ 511.958118] ? snd_pcm_hw_param_near.constprop.35+0xb10/0xb10 [ 511.963990] ? find_held_lock+0x36/0x1c0 [ 511.968046] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 511.973573] ? _parse_integer+0x13b/0x190 [ 511.977713] ? find_held_lock+0x36/0x1c0 [ 511.981770] ? lock_downgrade+0x8e0/0x8e0 [ 511.985920] ? kasan_check_read+0x11/0x20 [ 511.990064] ? rcu_is_watching+0x85/0x140 [ 511.994215] snd_pcm_oss_make_ready_locked+0xbc/0x130 [ 511.999396] snd_pcm_oss_write+0x516/0xa20 [ 512.003619] ? expand_files.part.8+0x9a0/0x9a0 [ 512.008198] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 512.013045] __vfs_write+0x10b/0x880 [ 512.016747] ? __fget_light+0x2ef/0x430 [ 512.020708] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 512.025549] ? kernel_read+0x120/0x120 [ 512.029429] ? wait_for_completion+0x870/0x870 [ 512.034005] ? __lock_is_held+0xb5/0x140 [ 512.038066] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 512.043602] ? security_file_permission+0x1c6/0x240 [ 512.048614] ? rw_verify_area+0x118/0x360 [ 512.052769] vfs_write+0x1f8/0x560 [ 512.056304] ksys_write+0xf9/0x250 [ 512.059839] ? SyS_read+0x30/0x30 [ 512.063280] ? mm_fault_error+0x380/0x380 [ 512.067421] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 512.072253] ? ksys_ioctl+0x81/0xd0 [ 512.075872] SyS_write+0x24/0x30 [ 512.079231] ? ksys_write+0x250/0x250 [ 512.083025] do_syscall_64+0x29e/0x9d0 [ 512.086912] ? vmalloc_sync_all+0x30/0x30 [ 512.091050] ? _raw_spin_unlock_irq+0x27/0x70 [ 512.095539] ? finish_task_switch+0x1ca/0x820 [ 512.100029] ? syscall_return_slowpath+0x5c0/0x5c0 [ 512.104950] ? syscall_return_slowpath+0x30f/0x5c0 [ 512.109873] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 512.115583] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 512.120424] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 512.125600] RIP: 0033:0x455259 2018/04/09 21:15:07 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000000)=0x0) r2 = gettid() tgkill(r1, r2, 0x11) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x38}, 0x1}, 0x0) 2018/04/09 21:15:07 executing program 6: socket$inet(0x2, 0x4000000000000001, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00007d1fef)='/dev/vga_arbiter\x00', 0x0, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000abfc0)={0x3ffffd}, &(0x7f0000768000), &(0x7f0000086000), &(0x7f0000000000), &(0x7f0000f14000)={&(0x7f00001da000), 0x8}) 2018/04/09 21:15:07 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x155c) [ 512.128778] RSP: 002b:00007f080f9e5c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 512.136479] RAX: ffffffffffffffda RBX: 00007f080f9e66d4 RCX: 0000000000455259 [ 512.143739] RDX: 00000000fffffd5f RSI: 0000000020000000 RDI: 0000000000000013 [ 512.151013] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 512.158276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 512.165541] R13: 00000000000006c8 R14: 00000000006fd360 R15: 0000000000000006 2018/04/09 21:15:07 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000f00000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:15:08 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb40000]}, 0x10) 2018/04/09 21:15:08 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000000)={0xa, 0xffffffffffffffff, 0x4, @remote={0xfe, 0x80, [], 0xbb}, 0x840}, 0x1c) r1 = dup2(r0, r0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000040)={0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000080)=0x1c) 2018/04/09 21:15:08 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a60080400100000ec000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 512.279315] binder: 1940:1941 Acquire 1 refcount change on invalid ref 128 ret -22 [ 512.287308] binder: 1940:1941 unknown command -928540024 [ 512.318995] binder: 1940:1941 ioctl c0306201 20007000 returned -22 2018/04/09 21:15:08 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, {0x0, @in6={{0xa, 0x4e20, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000000100)=0xb0) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000140)={{{@in6=@mcast1, @in=@dev}}, {{@in=@remote}, 0x0, @in6=@ipv4={[], [], @rand_addr}}}, &(0x7f0000000000)=0xe8) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000100)=[@in6={0xa, 0x4e20, 0xffff, @dev={0xfe, 0x80}}], 0x1c) setsockopt$inet_buf(r0, 0x0, 0x64, &(0x7f00000000c0), 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000240)={0x8000, {{0x2, 0x4e21, @remote={0xac, 0x14, 0x14, 0xbb}}}}, 0x88) 2018/04/09 21:15:12 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:15:12 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000040)={0x0, 'syz_tun\x00', 0x3}, 0x18) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:15:12 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x0, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:15:12 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/sctp\x00') ioctl$KVM_SET_LAPIC(r1, 0x4400ae8f, &(0x7f00000002c0)={"1064a3b7a647b56d77bc361206a5ef40d47c67b8244022b094c7290131a1df5115d5d8ac06fb24694b4965f3fe7861f4194cf65e7f2a78e2afada8a36cf7192f0a7613b50c81b7bce85a899220b741d3be1de5e1a7b9d18b2e9bb601315a2e5aeed423d7b75edd5c6cb1140a20d8c7c87eb8b9a1269582b0a41f0a7b36a8b2082e4e751d8f5aff9b9cca3a4b1348612f81c07ab63f36921fce9bb5a7ec904a613276116bb467c50718b961fac4538799eddfc3d063175eedcd0c11b43638b6e32c014185c1ebc3f492eea6f1994dac5c1220a7cde62ce20197e16dde2125e6a464d3661b11095d2ba95321fe46eccce3a040b47f3523a187c40e1a695f0e5ec67f0a6a1a5009160c1390109e68568846025cc6635a9e5bd3066fedd1aed7527011dbdceaa5cf0f7977a1820a63faa6b6be35c9bb6bfdaab2aadf7a9b6e5e173fd74f52da0e4cf9875d5cb381124555fb6149b0b3cabaf41de863ee96192aad16e785ea5706ef0809c21477279a6e6ce8be55505db981adff27ef0e22302a3f0ec57e4100c15538bc03810526ab35644b6b989901ae685f8b268cc3cf4b78aec3143f0d11fe79339b22c0dcd54c6e414de3ddb12cdce6fa5fed5a0b70b9aa9f0a2265de67f51e4d33ecbdcd08e60c1aafce817931eeb379487ee6c25999a61499c103e7cc2c8953df204de1a94f375ddd7da334ba0d89da5fc955869aa42e77d010ee9c0ce28ca66ade92a03e960987291825378e3ba1ed9c12b54ad3b71e73e322ec7f2ea19a55d14a87be9a925475eed49516b6b70813d325b6199ceec3f1642b8fcb5bc9157f4dba60afe42f71e378f58e87244be671f521ffa7495e3f466560050156fa7f276cd91f75f43c086b82934e3d0f97289f9dd0ec16a8c97abf81bd96015758deebf8488de30d9b911e595bbcddc12a3938e869ab24721ec5656ec27e4da583662448e6b01fe4868c4b6ce0f921b4cbd0046236d8c10d2f7ac9302207b5698bba43661002652b4980721ec3dc0704fd77cff152f73804b0981448fd449e098cee4e1612b932d5a1fad5955a3cb92602bea8227ad5f5ce3a99988f538f0fe822d390f3182b4f4aee2cc764b0d3be0023407a7377f047d6764dedb32a59abf97afe96808bb9a6e320637a8604c9ba665a849bedb2b865e0c078f9dac23bb028c01534bc2646b45f88bba691a4e00f017f6b9c435cd4ca0ef38d3862825fa8d82e61f38485319e0f9fe68648c227685bf456532edbc6f024cb8e797c5d6f39e3dea7a1173f52f67aa26f307eb787516c55039195d8c328516cb2d0f6a8ae96eb0d24c095451d2d37b774c1c6b87232175f77830cabd547390e34a332f1cb5027a4d4d9c777ad005c7c9b63878572646fea38b96a561f259555888f389c04dcc85a3633d273571ee43914e47fe096454d71eb7a75a3d6887d4d4fbde9"}) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000080)=0xd3, 0x4) 2018/04/09 21:15:12 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804001000000000ec03540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:15:12 executing program 6: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00002e8fa8)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) r2 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x200, 0x101000) setsockopt$l2tp_PPPOL2TP_SO_RECVSEQ(r2, 0x111, 0x2, 0x1, 0x4) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001000)="a23364fd", 0x4) write(r1, &(0x7f00001eaf7c)="d33e3ac1792bbce4d7f62d063a492bc83d59408649b981c2d0e252ec8e311c2c5558503f65a3dac5a7bc6305c80648370caa813da5b8102d6276f941052004f101bc99f4bb70da53ff5e143cc3716651c12a1a70ab796231ead171a904fdc483", 0x60) recvmsg(r1, &(0x7f0000014fc8)={0x0, 0x0, &(0x7f0000095000)=[{&(0x7f00002e8ff2)=""/14, 0xe}, {&(0x7f00000bf000)=""/212, 0xd4}], 0x2, &(0x7f00002e8000)=""/79, 0x4f}, 0x0) r3 = dup2(r1, r0) ioctl$TUNSETOFFLOAD(r3, 0x400454d0, 0x11) ioctl$sock_SIOCGIFBR(r1, 0x8940, &(0x7f0000000000)=@generic={0x2a6, 0x100000000, 0x401}) 2018/04/09 21:15:12 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000]}, 0x10) 2018/04/09 21:15:12 executing program 0 (fault-call:1 fault-nth:7): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x802, 0x0) write$selinux_user(r0, &(0x7f0000000000)={'system_u:object_r:inetd_exec_t:s0', 0x4000000, "73b90000fffe647500d8a3b0c5f65ad276ad7e23a669a728f70c85ba6334b32567692729107fcb313f14433f2ba7db4b84a09437fc36ec07a96c70e86ae27778adaf53da285284e7fa29dc2827a96d09350be959826a0e151d80dcde"}, 0xfffffd5f) [ 516.826783] FAULT_INJECTION: forcing a failure. [ 516.826783] name failslab, interval 1, probability 0, space 0, times 0 [ 516.838181] CPU: 1 PID: 2025 Comm: syz-executor0 Not tainted 4.16.0+ #16 [ 516.845031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 516.854390] Call Trace: [ 516.856990] dump_stack+0x1b9/0x294 [ 516.860631] ? dump_stack_print_info.cold.2+0x52/0x52 [ 516.865837] should_fail.cold.4+0xa/0x1a [ 516.869913] ? fault_create_debugfs_attr+0x1f0/0x1f0 2018/04/09 21:15:12 executing program 6: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x4) ioctl$VT_DISALLOCATE(r0, 0x5608) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text32={0x20, &(0x7f00000005c0)="2e360f350f22d2c4e17d28ffc4c12dc6010e8fe900959c8816e014ab0f30b8010000000f01c1ea150000007100ea0f0000005463c4e3f55f90b4000000cb", 0x3e}], 0x1, 0x0, &(0x7f0000000640), 0x0) r4 = syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x5, 0x4400) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r4, 0x40505331, &(0x7f0000000140)={{0x4, 0x50000000000}, {0x7c4, 0x80}, 0x0, 0x0, 0x1}) mmap(&(0x7f0000000000/0x22000)=nil, 0x22000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x1, 0x0, 0x1000}) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r0, 0x28, 0x1, &(0x7f0000000280)=0x1000, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={r4, 0x2, 0x1, 0x3, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f00000000c0)="660f38829ce00000000081660080cc00000f01d13edce00f07660f3881521ec4c1f56b821aea000066baf80cb8e2dd6488ef66bafc0c66b8680066ef8fc96801d12e660f388246e4", 0x48}], 0x1, 0x0, &(0x7f0000000900), 0x0) 2018/04/09 21:15:12 executing program 3: setsockopt$inet_tcp_buf(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000040)="4b928db0afdf432433675c001ed07f3e39ab72805a69b4be4c76bed8e003739ab8bf9fb4987360f38da1cbb9c68b9ea992369d0d35cba63c5ccb96c0362cd1f9154ddc06971407fcd33dbaf3d143579dadc423b0d6405a8234be77d1787fc7c6462573a9e8030e276856f77621c7a3898d68cadd95a9b27f38a3f60663fb343933fe4e3fc2cb34878d63973e4ee7d4c64950778909ededb7eb79f879ea054d4e466e3030d213af4e6aceb56a007fdd885bdebda541991c0fd06fffe8665b509b431675b2ce4c1962bbf74a448f6a211198c041f621d882c0f6805a046c4fde978cd5b25a2b06e12a84446885df26fedeab1b6f034d0de9172aa067a7ff7a686eee803eb05c8c13f41fbf8c31b6be84f9a8f03090ac1cf156223926e978c23e69bc991e2d3df7ae81acafaf533439a5a2621da08b5fb83111af9c39a8cddc532f537ad12ac64be2a3d266d2607c1d9f1aa564f5a3f3bd0090e6d12efe495308f2cd8ee6f7c9bf47650b137d9cdd9dd97d4b692f9dce0c096115383053dfea3728fb4ab456e46c54e4ebe3eae1d8e0f8b783675661635f29dfbbbe004a4470f454a1ac4a55a221e5dc3563f1e579dbddafdaab5fd7b6ba4858f8f2240dbc031e371f32df2d962ab1ceb2f23b2f4da3363f083148b7d72265c149e6f7a3af746d649bab100f16c30857b6ee728baf5785981810930906eaad2a07e03e66025852eddfa8e0fcd0755197c1da8c1b5e0fc39ee3c7f10d07e7a16d19d3eaf05c17ae2a2c1392bb0228a4e72240b4b6717505286751ea0afe2a6cd9158667dcf6b03fc134285b2b153de120cebeb95d8b69d948fc3f85dd586fbae3ec36deaf22cfafebad3214a48237e133f743d24ccfc892419d3f0e41617d7e94dcc9eb5da05138913deb1ec7112e009702e0f1f7df7d93ca5e9958e9218aa9b1b081a3200da9da0d055f6eed756b5bfc1c75b2d28d9c0ea219c45c2195fca41a9aac34696441a224d44e5447dbc5e2b1aeef6945d5608caca0ea0f75d748a9ea72a8f99e2b82dc6a3d57710a820baaf325e025458b843bb6b413341afd037bf4d0af685c91fca6cc064840651cb53818f8bc4b3fe5e0e1aecc9d4d2295ec842206c1c3f276aeaa07b55979c059214a5c656417795a7e2947eb6d0ab39485e99a677d452105500c92fd19ac1611e055f11d7d0b4602f48feadca42ca938ff540bc13665b8d8f3d8c8c83bf0e2696c64daa27868956ea6c858dcddc2c1c0748d036d1e2d4a0e0d324fdabc6c4c3810ff2b448b1d209745f39aafde767e804340af343c89bed333ade64430c31e35032e7b1783e1203eadc37f72fa0261aa76fb42ce4a74fb26958edb30ffbc25e0dd62af2e184912073ebfee8e03ec2354e427f7e9df43482f0d8887f75441f4e22b2c95cd5c8ad27f233a5fd193b8d569aceb65b2262a69b67fd8dc62ff68d73ce3e0b057c194e1386eab81776620f720650e310a1cca0842041701e0accbe44c47bb361542f01196adedb338fd1050e2bfe393435c07c7edc7e2c4f2fc7c20779ddca089da08f4798be825a29022b200be0a5cd25ce40e9e54e26f93bda0fc1e8a9615e64e51c3c79c92bc8fba49f7c90ada7dad8c68c5ac1cd1f56b6e99c5ea645bb04421d59fbf143599a0c5c66b76a5e915b1ab6713d1d70728c30b098cbb61630e6eed9a1428ad7ba926c90d1c8df0e61ab2f63204f0ee9871b2879e85998baaf385a09643c4b8d72c1b3f401da35f723e791a76e9643fd0fcd9accbfd52557c2ad8dad622c6c3d7e7214f3e627f8bdcdd16717d977b59313fbf3f812e40c4a807db64f8b805c422f1a0bf20fed3e0fd7b5d8c2bf923da937fcfccaefbbd0217bd207362a068ceb1b8ebf021a22cf6322ddf0fe01c9372172b0aaa07935c8cb3087368a2934b287d97d827177924f291ac50f13799f11f57ef6de3f63f6839d703181d9bcaee7f03ae0ce1df36e8a3ac9dd6a940c87172a34715097aa219146740e1c505c243d563bd6276212d4ad4ffc32d8a43dbefcca733b24cdbd84bcc960793bdf2690860c2e3cdefb5428b0f6d2544d3a67208017543e516ac7788f2ca89931b8ba0abb946744f74485ef9278f1712b3eba550f608b1e8878c792da38ab6ca963a0d2f57da7fdb502a4b409204b0676299aa5573a91b17e46e7466ad07f460f892bc453fd9a43ac1a12ca43c0777514f601f4e94a053f15de501dc35902c93a69e3337e2c82283bbf002e0e4fa009c63bc92adf156a80d2de503ce598bff8a69e16040cdd2e9bfc380713f47f2652e9ed258122405e09641fe535c04a3e96de5d36f089ca0cf558edb17a5766ae220e325dece0680e45bd8c52b7ea4dac1dfc7bad7765f25dc45265a5d62fca7aa9de98df38a269a56b9df9699ca2674889d367ebc66d7f149c4d5ffdc975629696377cb91beead056a16debd4cc2125547396966d0e9bbd05fe2e0e7681636f7815fbe038bd7caeb2e2e83a32c355d7d439e752aaba868fa877aff3031e16b83c6231aa0be536809d8be4dce6ada4a1739d0177c258d11dd0e52501fc644dc8baea92fd82aaddb08b2bd8473bb74e308c18e89324d825c0bb92317a88604e7409470990027207dfa2ce4eb942575c0fd3db7386825584d878f74c8f648eaa36a27107015cb9710d922940f1c036e84ecec92756d81d3516a69fb640d2345a7f017599def64a9c1c709c03899819bc338b5682838ead7fbe6cd57c7af221b0d1b9d0c0e34e498d8b30864cb9b6e915041b123f7cd81c08bd727ed059ba8c5cd2c57ad5d070dcbec75f2dba1567166e594286fe41ba10c299dd3880a4d47778befcfdb45f08e0b2e3d20e78d1278ae8a3513e1bbe230e213a112804158407c318055e7cc2417761b942f553873fcfb51d4bf9549bb26ca71a4e8c402667f61bc9e64643747fc3ce1403e6919c8aee2fd65cd57633a83cf151ff00743740624765423f038ee41ae0d7a9431eaba72ceb053ea08117bf5a4d87baf3f99af9d45c0c7635751edcf6ffa0f05c66c0f612969f979a03c3469b93164753ca6c96fd3d60a01e2a47a46cbd88070384b71c08c48713a813cc16d912be9f2c8c066a7d14bdd0ee1214307f0328cc99ba80484cadaf5c22b220231b1c774af306bef9fedc7b33bae5988ffc21e853b47c24b5bf2f4640aa4d44d80c7c8e1dee08d1bade81507a25acdc10c191a6f4b5fdac2278513a9ec4b88bd567058e28f969d534233293413acb0e4949a878f3f0bf9de0ab7b4cb53bdd38291969ab7e18f4301e95f81e80c2c5e55a9d3cfdbbbc7814f2891c6f3d7cdcb1831b80d31231f5081eed5ea7ec57b5aef125eaa434e73ba7fb95391c9f2a92ae496aaa894e593621c9bee42767704b8dfcf6dbea129fcfe0479e76cfaa78ad3776ad13cf85155e622443da508a2998866e234c1f41209b0624e42eca7889b14e1fca2d791a387d0d186b7ccece1c38163e1eb8b58deee5ce5ec68ce7984475946ab5587b1f18291e0ff3824f2063240eda9528aea08ae5c7f4e24daa455a11bdb6c412c7880af44f58103f31bbd989438e7528ed2a2177a1eb76110ca6fca83a89907ffe7b712ff0ced34a0a0b5ea706d563f3361475b31fbf49284ea681b7a42a51071bf6c4497a293d7e40c68b0b4d15e8e0c9d9392d5c468def3aa57f037ff61c3619353c604d8b6b48186df2dce49135fe53e28b031d930791afe60816d8bd125ffbcc38fdbfaebeae3e7a1bedd325ab24ed7ea2e075f17fdb2f21bb0bfdf9a410297652c537d662685c16eeec2cfb44c216b617b2e850531a3725005d40c260754b20b558dc686b4a700a7c18956900a1d7bc39e324390470bb6f5034f7708ba573a88688dfa3bbd3021d0d62518b695548d886d81f30a59219ea24276aaa6dab70026bf77bc53143edc96fa2b529744c1aca0dc211571c9752d9cfa59f1da133c819b727e11eff34e2fbb811d9ba8db84b9835f1783c7b82a62dbd7ecb22f2db3d291b33ac1e9bc55b088b1946a04c395bd073e8ff395983beeb13cfe45a9176feb7e20ae83ac7dd6960525c144088c32bcf33e883c6dda5e6dc257eb14c97c3264c4b613741c59ad2e9b1175f22668b53ec8cd6de6a290b647a585416ec8f57a20673d2ff0be99d5cf2e6a0669b36a2cce5ef67b8c1f2d2a5d9f29f6f477c18d548ab20d0d5aefb078edaaf4f66ac04aa335b5c5372a288e99b9c2b61001489f030f35bade21e2bd72bbadd31ee4b76b8127866d07d198b7e7aca45d9fe9e39da5e36e8fc630bf51c4382aa968ef68ded909d711b60f3fbbc777abdc18057ed6753471ada7cd4eb666f11e5e4bdd657c0b7fe8686a8abe7cc26704d7c8e1209d864c254006bbfcaa30a51cc58614aa17bc80fe3278f6b460ab61948d00ab313c265c4c2400f798a3f9874575e59837ea11f2f83f65f4cd48366088ce6a4c0863f9cfe24b65610e8b045842c54153fcdd89bff6b208169144053a05542b1298181173606ff1ce96ad1ef85a669fecd5830db33d0198cfa2443dcf6669782d250d808453cf323090b3f98b5d731a446cffb604bc8b3d7675de10fa5b36c62c5a8d1e2311b0a1220e00205886f510d2401089311684d2cbe4e4d9237b8d7d6fe74ed0bd8b03d33e576a16c67f7401ec1b5eff2101f38507e421b1da1c36cf60442ada2e879d987aa640538901027c2222eaaa1366c54deed8f5ab6a40956706349ff4740dd29427cae04da89c1d8e5e35ae25e3ce285a5fed9b4c832bc76c60cbba3e7bf8aa858d3590f7958cf724457cdddcf27d51a5da7cb640f3d1374ff8d4c98584711a2f6932ecf3c77e147735c0c1f758d776032d9b7156ec3504e46f07df7f4cfac89bc46c51ccc6de7f68eeb8452f400354059a0a756e5be6a00fb75cb0f13e61c0ae16a648495380aa71f46fd1f0bf0c902d0c8f0e765176724c8686c1c46c2820979713a47922605d5d2ed18955db81086341d845a5b599e5ce064c7077c65107437ca1b4033339d530e78ca59dc7290712f058b4f940bd73fbc3696fd9b12e0f4e74b85d1f5ccf02919faae7608ff3ceb7c0f94ffa164f2103b4c125e9efde44f720ac4bb1494d5f8a2e61c5c78ae105a43cdfa29cf2062c0771fbdb819463945919b1a1c3772c84b6d53fa4b4158daea9c548fd08a371a4fc932be2025ea0252ee480e3b76f522d14b564e0396dfcdb94dde60553f8af36f597d3570e1c98ee320fc7dc2673a1cb199e86c4506d7f63cf503507c36143ef1aaa1adea16b64045b9e4e03fca3d1cc3837a17ea3e96dd7b57b5edca8d221eae67a6859a1e30a71f13b879356c916b7c649640081cb2e203738db28ee8e868b6ff546e30cb64b82d6f9fef73e001c39d293895a23b4c7f9d6e5b0ef73699cb20255e50d39f1965b37b3b4523046b3d7c858c32f74864c5b75c452c9477a83853eec2cb91a8230a4f0b5c12998711b5ff353c54a66f064a110ec05757f2cc6bacf616d4273428eb443fb96f6690c66080812c0eafc9387f89c3d4b637befadfbe50b0019d34bb3262950059c8619b5edd72f7dd5f57923ee13f7ea2c4df804b92359456954373081036fce23bde0162d953b45f93adc34f34e1f9b145f424b1e2be548c530491804f0f4e13c9d505868349787f7c12ecd09eed8548ef7ddeb21c51d0126f324f39d30f86842a426f69920b74c6fa289590d9f8cbcde8f9bcdfb26de18e34d8c93c9f4a38a97efbcfdff6a183a6623000a511cd16f5d4324a02bf13f548a88957576008d3e0a32f4140ea66237e5cc3", 0x1000) sendmsg(0xffffffffffffffff, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 516.875028] ? __lock_acquire+0x7f5/0x5130 [ 516.879271] ? graph_lock+0x170/0x170 [ 516.883086] ? find_held_lock+0x36/0x1c0 [ 516.887158] ? __lock_is_held+0xb5/0x140 [ 516.891242] ? check_same_owner+0x320/0x320 [ 516.895571] ? rcu_note_context_switch+0x710/0x710 [ 516.900515] __should_failslab+0x124/0x180 [ 516.904763] should_failslab+0x9/0x14 [ 516.908567] __kmalloc+0x2c8/0x760 [ 516.912115] ? __lock_acquire+0x7f5/0x5130 [ 516.916366] ? constrain_params_by_rules+0x141/0x1360 [ 516.921571] constrain_params_by_rules+0x141/0x1360 [ 516.926609] ? snd_pcm_mmap_control_fault+0x3e0/0x3e0 [ 516.931811] ? lock_downgrade+0x8e0/0x8e0 [ 516.935974] ? kasan_check_read+0x11/0x20 [ 516.940128] ? rcu_is_watching+0x85/0x140 [ 516.944288] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 516.949477] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 516.954673] ? is_bpf_text_address+0xd7/0x170 [ 516.959161] ? kernel_text_address+0x79/0xf0 [ 516.963583] ? __unwind_start+0x166/0x330 [ 516.967723] ? __kernel_text_address+0xd/0x40 [ 516.972229] ? unwind_get_return_address+0x61/0xa0 [ 516.977148] ? __save_stack_trace+0x7e/0xd0 [ 516.981465] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 516.986994] ? snd_interval_refine+0x428/0x700 [ 516.991612] snd_pcm_hw_refine+0x8e9/0x1180 [ 516.995928] ? constrain_params_by_rules+0x1360/0x1360 [ 517.001188] ? snd_pcm_oss_make_ready_locked+0xbc/0x130 [ 517.006536] ? snd_pcm_oss_write+0x516/0xa20 [ 517.010929] ? __vfs_write+0x10b/0x880 [ 517.014798] ? vfs_write+0x1f8/0x560 [ 517.018501] ? ksys_write+0xf9/0x250 [ 517.022198] ? SyS_write+0x24/0x30 [ 517.025731] ? do_syscall_64+0x29e/0x9d0 [ 517.029778] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 517.035126] ? kasan_check_read+0x11/0x20 [ 517.039263] ? do_raw_spin_unlock+0x9e/0x2e0 [ 517.043656] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 517.048222] ? print_usage_bug+0xc0/0xc0 [ 517.052268] ? kasan_check_write+0x14/0x20 [ 517.056540] ? do_raw_spin_lock+0xc1/0x200 [ 517.060762] ? trace_hardirqs_off+0xd/0x10 [ 517.064983] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 517.070076] ? debug_check_no_obj_freed+0x2ff/0x584 [ 517.075080] ? mark_held_locks+0xc9/0x160 [ 517.079211] ? quarantine_put+0xeb/0x190 [ 517.083262] snd_pcm_hw_param_first+0x30e/0x680 [ 517.087919] snd_pcm_hw_param_near.constprop.35+0x6e2/0xb10 [ 517.093615] ? _snd_pcm_hw_param_min+0x570/0x570 [ 517.098351] ? mark_held_locks+0xc9/0x160 [ 517.102485] ? kfree+0x111/0x260 [ 517.105837] ? snd_pcm_oss_change_params_locked+0x2c1e/0x3ce0 [ 517.111705] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 517.116704] ? trace_hardirqs_on+0xd/0x10 [ 517.120841] snd_pcm_oss_change_params_locked+0xc4d/0x3ce0 [ 517.126459] ? snd_pcm_hw_param_near.constprop.35+0xb10/0xb10 [ 517.132327] ? find_held_lock+0x36/0x1c0 [ 517.136373] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 517.141896] ? _parse_integer+0x13b/0x190 [ 517.146034] ? find_held_lock+0x36/0x1c0 [ 517.150085] ? lock_downgrade+0x8e0/0x8e0 [ 517.154222] ? kasan_check_read+0x11/0x20 [ 517.158356] ? rcu_is_watching+0x85/0x140 [ 517.162499] snd_pcm_oss_make_ready_locked+0xbc/0x130 [ 517.167674] snd_pcm_oss_write+0x516/0xa20 [ 517.171894] ? expand_files.part.8+0x9a0/0x9a0 [ 517.176468] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 517.181304] __vfs_write+0x10b/0x880 [ 517.185065] ? __fget_light+0x2ef/0x430 [ 517.189028] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 517.193856] ? kernel_read+0x120/0x120 [ 517.197733] ? wait_for_completion+0x870/0x870 [ 517.202305] ? __lock_is_held+0xb5/0x140 [ 517.206354] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 517.211878] ? security_file_permission+0x1c6/0x240 [ 517.216883] ? rw_verify_area+0x118/0x360 [ 517.221021] vfs_write+0x1f8/0x560 [ 517.224554] ksys_write+0xf9/0x250 [ 517.228083] ? SyS_read+0x30/0x30 [ 517.231521] ? mm_fault_error+0x380/0x380 [ 517.235656] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 517.240488] ? ksys_ioctl+0x81/0xd0 [ 517.244102] SyS_write+0x24/0x30 [ 517.247454] ? ksys_write+0x250/0x250 [ 517.251239] do_syscall_64+0x29e/0x9d0 [ 517.255125] ? vmalloc_sync_all+0x30/0x30 [ 517.259258] ? _raw_spin_unlock_irq+0x27/0x70 [ 517.263738] ? finish_task_switch+0x1ca/0x820 [ 517.268236] ? syscall_return_slowpath+0x5c0/0x5c0 [ 517.273162] ? syscall_return_slowpath+0x30f/0x5c0 [ 517.278080] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 517.283436] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 517.288269] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 517.293445] RIP: 0033:0x455259 [ 517.296631] RSP: 002b:00007f080f9e5c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 517.304337] RAX: ffffffffffffffda RBX: 00007f080f9e66d4 RCX: 0000000000455259 [ 517.311591] RDX: 00000000fffffd5f RSI: 0000000020000000 RDI: 0000000000000013 [ 517.318844] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 2018/04/09 21:15:13 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000020000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:15:13 executing program 4: r0 = socket$inet6(0xa, 0x80e, 0x4) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) [ 517.326096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 517.333350] R13: 00000000000006c8 R14: 00000000006fd360 R15: 0000000000000007 2018/04/09 21:15:13 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000040)=0x0) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r1, 0xe65, &(0x7f0000000080)=""/125) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:15:13 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000030000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:15:13 executing program 3: r0 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x677a9635, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.effective_mems\x00', 0x0, 0x0) renameat2(r0, &(0x7f0000000080)='./file0\x00', r1, &(0x7f0000000100)='./file0\x00', 0x2) r2 = socket$inet(0x10, 0x3, 0x4) sendmsg(r2, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 517.416755] binder: 2019:2020 Acquire 1 refcount change on invalid ref 128 ret -22 [ 517.424671] binder: 2019:2020 unknown command -928540024 2018/04/09 21:15:13 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe103000000000000]}, 0x10) [ 517.476573] binder: 2019:2020 ioctl c0306201 20007000 returned -22 2018/04/09 21:15:17 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:15:17 executing program 0 (fault-call:1 fault-nth:8): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x802, 0x0) write$selinux_user(r0, &(0x7f0000000000)={'system_u:object_r:inetd_exec_t:s0', 0x4000000, "73b90000fffe647500d8a3b0c5f65ad276ad7e23a669a728f70c85ba6334b32567692729107fcb313f14433f2ba7db4b84a09437fc36ec07a96c70e86ae27778adaf53da285284e7fa29dc2827a96d09350be959826a0e151d80dcde"}, 0xfffffd5f) 2018/04/09 21:15:17 executing program 6: r0 = syz_open_dev$audion(&(0x7f0000000440)='/dev/audio#\x00', 0x5a7c, 0x480000) r1 = accept4$inet(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, @remote}, &(0x7f00000004c0)=0x10, 0x80000) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, &(0x7f0000000500)={r1}) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x100, 0x0) getresgid(&(0x7f00000001c0), &(0x7f0000000200), &(0x7f0000000240)) shutdown(r2, 0x0) r3 = socket(0x40000000015, 0x5, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000180)=[{0x8, 0x35000}, {0x0, 0xc7e4}], 0x2) r4 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x100, 0x8043) ioctl$EVIOCGABS2F(r4, 0x8018456f, &(0x7f00000000c0)=""/106) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000080)={'vcan0\x00', {0x2, 0x0, @rand_addr}}) setsockopt(r3, 0x114, 0x1d, &(0x7f0000000000)="2a8e339c", 0x4) 2018/04/09 21:15:17 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}, 0x8}, 0xfffffcc1) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x8000, 0x0) sendmsg$key(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0xe, 0x6b, 0xf, 0x11, 0x0, 0x70bd2d, 0x25dfdbfd, [@sadb_lifetime={0x4, 0x2, 0x1, 0x7ff, 0x1, 0x9}, @sadb_sa={0x2, 0x1, 0x4d4, 0x8000, 0x4, 0x8f, 0x3, 0x40000000}, @sadb_x_policy={0x8, 0x12, 0x3, 0x3, 0x0, 0x6e6bbd, 0x3, {0x6, 0xff, 0xff, 0xfffffffffffffe00, 0x0, 0x3ff, 0x0, @in6=@loopback={0x0, 0x1}, @in6}}, @sadb_x_nat_t_port={0x1, 0x16, 0x4e20}]}, 0x88}, 0x1}, 0x40000) 2018/04/09 21:15:17 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a60080400100001b0900683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:15:17 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:15:17 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r1 = add_key(&(0x7f0000000180)='pkcs7_test\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x1}, &(0x7f0000000200)="67d448a5ac04af23f8b9fe260a9c71a7ae7229fffb2c53ac992985567b5c3ce2b1eb033ab759b578ed7952f1ce", 0x2d, 0xfffffffffffffffa) r2 = add_key$keyring(&(0x7f0000000240)='keyring\x00', &(0x7f0000000140)={0x73, 0x79, 0x7a, 0x0}, 0x0, 0x0, r1) request_key(&(0x7f0000000040)='syzkaller\x00', &(0x7f0000000080)={0x73, 0x79, 0x7a, 0x3}, &(0x7f00000000c0)='\x00', r2) fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000100)=0x6) 2018/04/09 21:15:17 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe1030000]}, 0x10) [ 522.170972] FAULT_INJECTION: forcing a failure. [ 522.170972] name failslab, interval 1, probability 0, space 0, times 0 [ 522.182299] CPU: 1 PID: 2076 Comm: syz-executor0 Not tainted 4.16.0+ #16 [ 522.189147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 522.198504] Call Trace: [ 522.201187] dump_stack+0x1b9/0x294 [ 522.204827] ? dump_stack_print_info.cold.2+0x52/0x52 [ 522.210028] ? lock_downgrade+0x8e0/0x8e0 [ 522.214190] should_fail.cold.4+0xa/0x1a [ 522.218264] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 522.223378] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 522.228582] ? graph_lock+0x170/0x170 [ 522.232395] ? is_bpf_text_address+0xd7/0x170 [ 522.236901] ? kernel_text_address+0x79/0xf0 [ 522.241317] ? find_held_lock+0x36/0x1c0 [ 522.245393] ? __lock_is_held+0xb5/0x140 [ 522.249474] ? check_same_owner+0x320/0x320 [ 522.253812] ? constrain_params_by_rules+0x1360/0x1360 [ 522.259102] ? snd_pcm_oss_make_ready_locked+0xbc/0x130 [ 522.264478] ? rcu_note_context_switch+0x710/0x710 [ 522.269411] ? ksys_write+0xf9/0x250 [ 522.273119] ? SyS_write+0x24/0x30 [ 522.276650] ? do_syscall_64+0x29e/0x9d0 [ 522.280706] __should_failslab+0x124/0x180 [ 522.286064] should_failslab+0x9/0x14 [ 522.289862] __kmalloc+0x2c8/0x760 [ 522.293387] ? kasan_check_write+0x14/0x20 [ 522.297613] ? do_raw_spin_lock+0xc1/0x200 [ 522.301841] ? snd_pcm_plugin_build+0x64/0x670 [ 522.306416] snd_pcm_plugin_build+0x64/0x670 [ 522.310821] snd_pcm_plugin_build_mulaw+0x2aa/0x8b0 [ 522.315826] ? snd_pcm_plugin_build_linear+0x900/0x900 [ 522.321105] ? mulaw_transfer+0x310/0x310 [ 522.325250] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 522.330436] snd_pcm_plug_format_plugins+0x12f9/0x1a60 [ 522.335705] ? snd_pcm_plug_slave_format+0x760/0x760 [ 522.340792] ? snd_interval_refine+0x428/0x700 [ 522.345369] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 522.350903] ? snd_pcm_hw_param_max+0x730/0x730 [ 522.355560] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 522.360742] snd_pcm_oss_change_params_locked+0x11bd/0x3ce0 [ 522.366454] ? snd_pcm_hw_param_near.constprop.35+0xb10/0xb10 [ 522.372327] ? find_held_lock+0x36/0x1c0 [ 522.376376] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 522.381902] ? _parse_integer+0x13b/0x190 [ 522.386045] ? find_held_lock+0x36/0x1c0 [ 522.390107] ? lock_downgrade+0x8e0/0x8e0 [ 522.394250] ? kasan_check_read+0x11/0x20 [ 522.398469] ? rcu_is_watching+0x85/0x140 [ 522.402619] snd_pcm_oss_make_ready_locked+0xbc/0x130 [ 522.407797] snd_pcm_oss_write+0x516/0xa20 [ 522.412021] ? expand_files.part.8+0x9a0/0x9a0 [ 522.416604] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 522.421441] __vfs_write+0x10b/0x880 [ 522.425141] ? __fget_light+0x2ef/0x430 [ 522.429100] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 522.433932] ? kernel_read+0x120/0x120 [ 522.437807] ? wait_for_completion+0x870/0x870 [ 522.442377] ? __lock_is_held+0xb5/0x140 [ 522.446429] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 522.451954] ? security_file_permission+0x1c6/0x240 [ 522.456959] ? rw_verify_area+0x118/0x360 [ 522.461100] vfs_write+0x1f8/0x560 [ 522.464633] ksys_write+0xf9/0x250 [ 522.468165] ? SyS_read+0x30/0x30 [ 522.471606] ? mm_fault_error+0x380/0x380 [ 522.475742] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 522.480572] ? ksys_ioctl+0x81/0xd0 [ 522.484196] SyS_write+0x24/0x30 [ 522.487550] ? ksys_write+0x250/0x250 [ 522.491339] do_syscall_64+0x29e/0x9d0 [ 522.495212] ? vmalloc_sync_all+0x30/0x30 [ 522.499346] ? _raw_spin_unlock_irq+0x27/0x70 [ 522.503831] ? finish_task_switch+0x1ca/0x820 [ 522.508314] ? syscall_return_slowpath+0x5c0/0x5c0 [ 522.513231] ? syscall_return_slowpath+0x30f/0x5c0 [ 522.518157] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 522.523512] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 522.528351] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 522.533527] RIP: 0033:0x455259 [ 522.536702] RSP: 002b:00007f080f9e5c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 522.544399] RAX: ffffffffffffffda RBX: 00007f080f9e66d4 RCX: 0000000000455259 [ 522.551654] RDX: 00000000fffffd5f RSI: 0000000020000000 RDI: 0000000000000013 [ 522.558907] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 2018/04/09 21:15:18 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x1000}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="0600000000000000000000000000000005001800ffffffff000000000000000000000000b41414aa00000000000000000000000000000000b43a5fca5777431298a497d0dd9230629c4eb0adaa068dde1892418e8d2861f8d08455643c8b3e410f3208994d6b1dd38aad052ee1aa34b269e20f9c88bfe0b426b9a89ace72efa8b08f9237d9571b7a22fb721b3f89c29ce6061fada10e81b8789fe525793c1d8362861e18ad20"], 0x28}, 0x1}, 0x0) 2018/04/09 21:15:18 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804001000000f000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:15:18 executing program 6: r0 = syz_open_dev$vcsn(&(0x7f0000000140)='/dev/vcs#\x00', 0x7, 0x80) ioctl$SIOCGIFHWADDR(r0, 0x8927, &(0x7f0000000180)) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_STATUS(0xffffffffffffffff, 0x80605414, &(0x7f0000000a40)=""/252) ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffffff, 0xc008640a, &(0x7f00000005c0)) perf_event_open(&(0x7f000025c000)={0x0, 0x78}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r1, 0x40485404, &(0x7f00000006c0)) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f0000000500)=ANY=[], 0xac, 0x0, &(0x7f0000000200)}) r2 = dup3(r1, r1, 0x80000) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r2, 0xc0bc5310, &(0x7f0000000040)) 2018/04/09 21:15:18 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}, 0x10) [ 522.566202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 522.573458] R13: 00000000000006c8 R14: 00000000006fd360 R15: 0000000000000008 2018/04/09 21:15:18 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000600)='net/netfilter\x00') ioctl$KVM_SET_XCRS(r0, 0x4188aea7, &(0x7f0000000080)=ANY=[]) getsockopt$inet_tcp_int(r0, 0x6, 0x17, &(0x7f0000000540), &(0x7f0000000580)=0x4) r1 = socket$inet6(0xa, 0x3, 0xff) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_IDENTITY_MAP_ADDR(r2, 0x4008ae48, &(0x7f0000000040)=0x5000) sendmsg$netrom(r2, &(0x7f0000000500)={&(0x7f00000000c0)=@ax25={0x3, {"ec8e468d0e64c9"}, 0x3}, 0x10, &(0x7f0000000240)=[{&(0x7f0000000100)="61916d794ee99ebeefba6c6d365245a4bc512137467e8b8c31f6e15ddd232493ce01fff03e44fbe44ddd", 0x2a}, {&(0x7f0000000200)="6e055f0c1f9f946dd81d9441acb945a6df2eb1627513906770194e03", 0x1c}, {&(0x7f0000000400)="c4a99a7e90fb406de7bbf821415074e8cd0dd4b336649671eb672109c0962c95dbdf8458688e055899182fa7c440b13d1d0a1fc0b808418fffa8f4550bb405ff5d001c4fe26cd035db0b10aef5a4c037334c565a6883f39bf8855b9e260e5b67cca17b2e30d0e1a2d0561e42edfbef261498138f0f08462147c05e9bdd6827e3fc39411b21a9040c7ebeceb3457ef66f197df592bac9891e244041d2b40b196b874fce9e3d84e087d4a69931f1cd94ca25b3b31f58acc8aac1642e2bb287a1e6dbed12", 0xc3}], 0x3}, 0x0) syncfs(r1) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r1, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0200000007000000000000000000000005001a00ffffffff000000000000000000000000ac1414aa00000000000000000000000000000000df366cfcca44aecbad69331dc1ed626c113ea401e176208e317ce9925880607dd963a648a46c189f49fea299ec705ec1d51e7e4e82bdaa76ba9045201e030270ae3057167004f8499fbfc5fbb3cefe62b3343d72a018362d1aafc278ae34c4c0dcb0c46aed5ebb3f2ecac7f16080a570ca92634ab61baac0648535ce5f5d292503d5d1203e5cb6e324ba08d6975ff24e726db9d0923f51e9993580814d817b1dbf4fefda46782b9ca5ba290f12875c99eeaa3320ae169d4c3b671412821e40ca3d7019882a1a3ca67bde9e3f0c06aa896c5a"], 0x28}, 0x1}, 0x0) [ 522.658352] binder: 2081:2085 Acquire 1 refcount change on invalid ref 128 ret -22 [ 522.666302] binder: 2081:2085 unknown command -928540024 2018/04/09 21:15:18 executing program 0 (fault-call:1 fault-nth:9): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x802, 0x0) write$selinux_user(r0, &(0x7f0000000000)={'system_u:object_r:inetd_exec_t:s0', 0x4000000, "73b90000fffe647500d8a3b0c5f65ad276ad7e23a669a728f70c85ba6334b32567692729107fcb313f14433f2ba7db4b84a09437fc36ec07a96c70e86ae27778adaf53da285284e7fa29dc2827a96d09350be959826a0e151d80dcde"}, 0xfffffd5f) 2018/04/09 21:15:18 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000001f00683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:15:18 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x2000, 0x0) ppoll(&(0x7f00000000c0)=[{r0, 0x4}, {r1, 0x2000}, {r0, 0x9160}, {r0, 0x8015}, {r1, 0x1002}, {r1, 0x4}], 0x6, &(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f0000000140)={0x1}, 0x8) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)={0x9}) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 522.720500] binder: 2081:2085 ioctl c0306201 20007000 returned -22 [ 522.778020] FAULT_INJECTION: forcing a failure. [ 522.778020] name failslab, interval 1, probability 0, space 0, times 0 [ 522.789451] CPU: 0 PID: 2124 Comm: syz-executor0 Not tainted 4.16.0+ #16 [ 522.796308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 522.805676] Call Trace: [ 522.808288] dump_stack+0x1b9/0x294 [ 522.811947] ? dump_stack_print_info.cold.2+0x52/0x52 [ 522.817153] ? perf_trace_lock_acquire+0xe3/0x980 [ 522.822009] ? __save_stack_trace+0x7e/0xd0 [ 522.826356] should_fail.cold.4+0xa/0x1a [ 522.830436] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 522.835557] ? save_stack+0x43/0xd0 [ 522.839199] ? kasan_kmalloc+0xc4/0xe0 [ 522.843097] ? __kmalloc+0x14e/0x760 [ 522.846833] ? snd_pcm_plugin_build+0x64/0x670 [ 522.851424] ? snd_pcm_plugin_build_mulaw+0x2aa/0x8b0 [ 522.856629] ? snd_pcm_plug_format_plugins+0x12f9/0x1a60 [ 522.862096] ? graph_lock+0x170/0x170 [ 522.865909] ? vfs_write+0x1f8/0x560 [ 522.869637] ? ksys_write+0xf9/0x250 [ 522.873362] ? SyS_write+0x24/0x30 [ 522.876911] ? do_syscall_64+0x29e/0x9d0 [ 522.880987] ? find_held_lock+0x36/0x1c0 [ 522.885069] ? __lock_is_held+0xb5/0x140 [ 522.889161] ? check_same_owner+0x320/0x320 [ 522.893499] ? rcu_note_context_switch+0x710/0x710 [ 522.898448] __should_failslab+0x124/0x180 [ 522.902697] should_failslab+0x9/0x14 [ 522.906506] __kmalloc+0x2c8/0x760 [ 522.910061] ? kasan_check_write+0x14/0x20 [ 522.914305] ? do_raw_spin_lock+0xc1/0x200 [ 522.918566] ? snd_pcm_plugin_build+0x448/0x670 [ 522.923258] snd_pcm_plugin_build+0x448/0x670 [ 522.927779] snd_pcm_plugin_build_mulaw+0x2aa/0x8b0 [ 522.932813] ? snd_pcm_plugin_build_linear+0x900/0x900 [ 522.938112] ? mulaw_transfer+0x310/0x310 [ 522.942284] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 522.947496] snd_pcm_plug_format_plugins+0x12f9/0x1a60 [ 522.952798] ? snd_pcm_plug_slave_format+0x760/0x760 [ 522.957906] ? snd_interval_refine+0x428/0x700 [ 522.962505] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 522.968067] ? snd_pcm_hw_param_max+0x730/0x730 [ 522.972755] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 522.977960] snd_pcm_oss_change_params_locked+0x11bd/0x3ce0 [ 522.983707] ? snd_pcm_hw_param_near.constprop.35+0xb10/0xb10 [ 522.989609] ? perf_trace_lock+0x900/0x900 [ 522.993852] ? find_held_lock+0x36/0x1c0 [ 522.997927] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 523.003470] ? _parse_integer+0x13b/0x190 [ 523.007621] ? find_held_lock+0x36/0x1c0 [ 523.011674] ? lock_downgrade+0x8e0/0x8e0 [ 523.015858] ? rcu_is_watching+0x85/0x140 [ 523.020006] snd_pcm_oss_make_ready_locked+0xbc/0x130 [ 523.025191] snd_pcm_oss_write+0x516/0xa20 [ 523.029413] ? expand_files.part.8+0x9a0/0x9a0 [ 523.033984] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 523.038829] __vfs_write+0x10b/0x880 [ 523.042540] ? __fget_light+0x2ef/0x430 [ 523.046500] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 523.051331] ? kernel_read+0x120/0x120 [ 523.055202] ? wait_for_completion+0x870/0x870 [ 523.059775] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 523.065294] ? security_file_permission+0x1c6/0x240 [ 523.070305] ? rw_verify_area+0x118/0x360 [ 523.074442] vfs_write+0x1f8/0x560 [ 523.077968] ksys_write+0xf9/0x250 [ 523.081493] ? SyS_read+0x30/0x30 [ 523.084931] ? mm_fault_error+0x380/0x380 [ 523.089074] ? ksys_ioctl+0x81/0xd0 [ 523.092687] SyS_write+0x24/0x30 [ 523.096047] ? ksys_write+0x250/0x250 [ 523.099836] do_syscall_64+0x29e/0x9d0 [ 523.103711] ? vmalloc_sync_all+0x30/0x30 [ 523.107841] ? _raw_spin_unlock_irq+0x27/0x70 [ 523.112325] ? finish_task_switch+0x1ca/0x820 [ 523.116803] ? syscall_return_slowpath+0x5c0/0x5c0 [ 523.121716] ? syscall_return_slowpath+0x30f/0x5c0 [ 523.126643] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 523.131995] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 523.136832] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 523.142002] RIP: 0033:0x455259 [ 523.145181] RSP: 002b:00007f080f9e5c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 523.152872] RAX: ffffffffffffffda RBX: 00007f080f9e66d4 RCX: 0000000000455259 [ 523.160123] RDX: 00000000fffffd5f RSI: 0000000020000000 RDI: 0000000000000013 [ 523.167372] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 523.174624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 523.181872] R13: 00000000000006c8 R14: 00000000006fd360 R15: 0000000000000009 2018/04/09 21:15:18 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:15:18 executing program 6: getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000f42000), &(0x7f0000196000)=0x4) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/hci\x00') ioctl$sock_ipx_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000040)={'gretap0\x00', {0x4, 0xa16, 0x2, "7c782e1cfb43", 0x5}}) setsockopt$l2tp_PPPOL2TP_SO_RECVSEQ(r0, 0x111, 0x2, 0x1, 0x4) openat(r0, &(0x7f0000000080)='./file0\x00', 0x0, 0x20) 2018/04/09 21:15:18 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x2, &(0x7f0000000600)=[{0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:15:18 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8072]}, 0x10) 2018/04/09 21:15:18 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a60080400100000000ffff3540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:15:18 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) rt_sigpending(&(0x7f0000000040), 0x8) 2018/04/09 21:15:18 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x24002, 0x0) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000080)={0x0, 0x0, 0x10001, 0x6, 0x7, 0x7}, &(0x7f00000000c0)=0x14) ioctl$EVIOCSKEYCODE(r0, 0x40084504, &(0x7f0000000140)=[0x5, 0x49]) setsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000100)={r1, 0x101}, 0x8) r2 = socket$inet(0x10, 0x0, 0x4) sendmsg(r2, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540008924001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000000180)={'lo\x00', {0x2, 0x4e21, @loopback=0x7f000001}}) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f00000001c0)={0x0, 0xfffffffffffffff7, 0x5, 0x3b9, [], [], [], 0x4, 0x7, 0x3, 0x5, "5fcdc7489367f037a5f67d3e89c09f3e"}) 2018/04/09 21:15:18 executing program 0 (fault-call:1 fault-nth:10): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x802, 0x0) write$selinux_user(r0, &(0x7f0000000000)={'system_u:object_r:inetd_exec_t:s0', 0x4000000, "73b90000fffe647500d8a3b0c5f65ad276ad7e23a669a728f70c85ba6334b32567692729107fcb313f14433f2ba7db4b84a09437fc36ec07a96c70e86ae27778adaf53da285284e7fa29dc2827a96d09350be959826a0e151d80dcde"}, 0xfffffd5f) 2018/04/09 21:15:18 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x150) ioctl$KVM_GET_XSAVE(r1, 0x9000aea4, &(0x7f0000000080)) [ 523.260499] FAULT_INJECTION: forcing a failure. [ 523.260499] name failslab, interval 1, probability 0, space 0, times 0 [ 523.272604] CPU: 0 PID: 2138 Comm: syz-executor0 Not tainted 4.16.0+ #16 [ 523.279475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 523.288839] Call Trace: [ 523.291444] dump_stack+0x1b9/0x294 [ 523.295088] ? dump_stack_print_info.cold.2+0x52/0x52 [ 523.300284] ? snd_pcm_oss_write+0x516/0xa20 [ 523.304697] ? __vfs_write+0x10b/0x880 2018/04/09 21:15:19 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7280]}, 0x10) [ 523.308587] ? vfs_write+0x1f8/0x560 [ 523.312309] ? ksys_write+0xf9/0x250 [ 523.316026] ? SyS_write+0x24/0x30 [ 523.319569] ? do_syscall_64+0x29e/0x9d0 [ 523.323642] should_fail.cold.4+0xa/0x1a [ 523.327715] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 523.332826] ? graph_lock+0x170/0x170 [ 523.336641] ? __lock_is_held+0xb5/0x140 [ 523.340717] ? graph_lock+0x170/0x170 [ 523.344542] ? find_held_lock+0x36/0x1c0 [ 523.348612] ? __lock_is_held+0xb5/0x140 [ 523.352696] ? check_same_owner+0x320/0x320 2018/04/09 21:15:19 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb400]}, 0x10) [ 523.357028] ? rcu_note_context_switch+0x710/0x710 [ 523.361964] ? snd_pcm_plugin_build+0x4d0/0x670 [ 523.366648] __should_failslab+0x124/0x180 [ 523.370896] should_failslab+0x9/0x14 [ 523.374694] __kmalloc+0x2c8/0x760 [ 523.378237] ? mulaw_transfer+0x310/0x310 [ 523.382397] ? snd_pcm_plugin_build+0x64/0x670 [ 523.386988] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 523.392192] snd_pcm_plugin_build+0x64/0x670 [ 523.396714] snd_pcm_plugin_build_io+0x28c/0x720 [ 523.401484] ? io_playback_transfer+0x310/0x310 [ 523.406175] ? snd_pcm_hw_param_max+0x730/0x730 [ 523.410858] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 523.416064] snd_pcm_oss_change_params_locked+0x1247/0x3ce0 [ 523.421803] ? snd_pcm_hw_param_near.constprop.35+0xb10/0xb10 [ 523.427698] ? find_held_lock+0x36/0x1c0 [ 523.431765] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 523.437299] ? _parse_integer+0x13b/0x190 [ 523.441443] ? find_held_lock+0x36/0x1c0 [ 523.445506] ? lock_downgrade+0x8e0/0x8e0 [ 523.449646] ? kasan_check_read+0x11/0x20 [ 523.454715] ? rcu_is_watching+0x85/0x140 [ 523.458866] snd_pcm_oss_make_ready_locked+0xbc/0x130 [ 523.464048] snd_pcm_oss_write+0x516/0xa20 [ 523.468269] ? expand_files.part.8+0x9a0/0x9a0 [ 523.472844] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 523.477729] __vfs_write+0x10b/0x880 [ 523.481428] ? __fget_light+0x2ef/0x430 [ 523.485390] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 523.490220] ? kernel_read+0x120/0x120 [ 523.494096] ? wait_for_completion+0x870/0x870 [ 523.498669] ? __lock_is_held+0xb5/0x140 [ 523.502721] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 523.508245] ? security_file_permission+0x1c6/0x240 [ 523.513251] ? rw_verify_area+0x118/0x360 [ 523.517408] vfs_write+0x1f8/0x560 [ 523.520941] ksys_write+0xf9/0x250 [ 523.524470] ? SyS_read+0x30/0x30 [ 523.527919] ? mm_fault_error+0x380/0x380 [ 523.532054] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 523.536885] ? ksys_ioctl+0x81/0xd0 [ 523.540505] SyS_write+0x24/0x30 [ 523.543857] ? ksys_write+0x250/0x250 [ 523.547645] do_syscall_64+0x29e/0x9d0 [ 523.551605] ? vmalloc_sync_all+0x30/0x30 [ 523.555738] ? _raw_spin_unlock_irq+0x27/0x70 [ 523.560221] ? finish_task_switch+0x1ca/0x820 [ 523.564705] ? syscall_return_slowpath+0x5c0/0x5c0 [ 523.569620] ? syscall_return_slowpath+0x30f/0x5c0 [ 523.574543] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 523.579897] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 523.584732] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 523.589906] RIP: 0033:0x455259 [ 523.593082] RSP: 002b:00007f080f9e5c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 523.600780] RAX: ffffffffffffffda RBX: 00007f080f9e66d4 RCX: 0000000000455259 2018/04/09 21:15:19 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900]}, 0x10) [ 523.608035] RDX: 00000000fffffd5f RSI: 0000000020000000 RDI: 0000000000000013 [ 523.615289] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 523.622554] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 523.629811] R13: 00000000000006c8 R14: 00000000006fd360 R15: 000000000000000a 2018/04/09 21:15:19 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000000000ffff40150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:15:19 executing program 6: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/vs/expire_nodest_conn\x00', 0x2, 0x0) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r1) getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffff9c, 0x84, 0x11, &(0x7f00000001c0)={0x0, 0x400}, &(0x7f0000000200)=0x8) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f0000000240)={r2, 0x87, "34a4b6996ab332d1a8f4682f34db91ffc1cb9325d46fe5d5acce33c6c2185da1535640714e564347eb417aa85ede0d3e70bd54d7ad38f049333a87c12845e8317ce04c10fb7fdd3e578630d79d9db8951d4b7273e1fbb0df00707d9a525fa499e4da69b6a68f092bc99d44964ea1143a755f58c7ff5d068083ea67fdeb1a83c04df727fb59ea1c"}, &(0x7f0000000300)=0x8f) capset(&(0x7f0000594ff8)={0x19980330}, &(0x7f0000244000)) fcntl$getown(r0, 0x9) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000040)=0x0) socketpair(0xb, 0x807, 0x5, &(0x7f0000000080)) ptrace$poke(0x5, r3, &(0x7f0000000340), 0x9) lstat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)) setpriority(0x0, r3, 0x0) 2018/04/09 21:15:19 executing program 4: r0 = socket$inet6(0xa, 0x802, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) setsockopt$inet6_tcp_buf(r0, 0x6, 0x1a, &(0x7f0000000040)="cedf0c90eff2ac9c535c21177367e3cf1d35e1387994d342a2aa5998e09b01c306124091c3bd4dde91", 0x29) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0200000007000000000000000000080000001a00ffffffff000000000002010000000000ac1414aa00000000000000000000040000000000f6bc9acf768a083d926be8d7a4150cf554b2a7994a717a10b88a4e835ec9ba24b0350558514f59ca16b44bb2698954e7c6e47d5059956f557008abb19fc2cdd84febb90a8c351e19da0c33eed55cb9e78bec3b675635d97974a9042c3d79da1fb7bd9f5b3f639cf8b6d9c522421eaec1ecb0f29a5767e6eb1a8b020c4c72352e3c18fbb78407dd5ac85841caaf0300000000000042d61ffc96d6b2f930458cf1c69356d2784d950fed137a287393098d5fea1b026347d72383e7f8f0b8734a020c8d7131c0f924a98b865cb422f8550c9e95571c7e18611732982490e2af0241afa53ce1b2a6fc4f48bd64108917775134c90276502572097b7f0a0b999902132d0586bd6087a0b2d372"], 0x28}, 0x1}, 0x0) 2018/04/09 21:15:19 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x10) [ 523.730319] binder: 2166:2168 Acquire 1 refcount change on invalid ref 128 ret -22 [ 523.738206] binder: 2166:2168 unknown command -928540024 [ 523.764991] binder: 2166:2168 ioctl c0306201 20007000 returned -22 2018/04/09 21:15:19 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:15:19 executing program 0 (fault-call:1 fault-nth:11): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x802, 0x0) write$selinux_user(r0, &(0x7f0000000000)={'system_u:object_r:inetd_exec_t:s0', 0x4000000, "73b90000fffe647500d8a3b0c5f65ad276ad7e23a669a728f70c85ba6334b32567692729107fcb313f14433f2ba7db4b84a09437fc36ec07a96c70e86ae27778adaf53da285284e7fa29dc2827a96d09350be959826a0e151d80dcde"}, 0xfffffd5f) 2018/04/09 21:15:19 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) ioctl$sock_inet_udp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000040)) 2018/04/09 21:15:19 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x0, 0x8000, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:15:19 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000000300683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:15:19 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700]}, 0x10) 2018/04/09 21:15:19 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x200000, 0x0) getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x7, &(0x7f0000000180), &(0x7f00000001c0)=0x4) syz_open_dev$sg(&(0x7f0000000100)='/dev/sg#\x00', 0x7, 0xa8002) ioctl$TCSETS(r1, 0x5402, &(0x7f0000000780)={0x1f, 0x0, 0x101, 0x1ff, 0x7, 0xfffffffffffffffb, 0x8, 0x5, 0x4, 0xa, 0x6, 0x4}) getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000040), &(0x7f00000000c0)=0x4) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=ANY=[@ANYBLOB="0200000007000000000000000000000005001a00ff4c78525cc88d7f7e8187a5db616cbc54000000000090000000000000ac1414aa533a3a89c8ed9d5957f60c0169ef0389d333a4113437dec297ed683260cb1adb91bb50d97a375231f08ec67702000000f5dd119bbd1e9482549b5d1c168afe0d80b9834551448f045aabf1deb0b201d0b626eead73"], 0x28}, 0x1}, 0x0) execveat(r1, &(0x7f0000000200)='./file0\x00', &(0x7f0000000440)=[&(0x7f0000000240)='/dev/dsp\x00', &(0x7f00000002c0)="76626f786e65743070707030cd00", &(0x7f0000000300)='/dev/dsp\x00', &(0x7f0000000340)=']*-\x00', &(0x7f0000000380)='/dev/dsp\x00', &(0x7f00000003c0)='/dev/dsp\x00', &(0x7f0000000400)='/dev/dsp\x00'], &(0x7f0000000700)=[&(0x7f0000000480)='/dev/dsp\x00', &(0x7f00000004c0)='/dev/dsp\x00', &(0x7f0000000500)='/dev/dsp\x00', &(0x7f0000000540)='/dev/dsp\x00', &(0x7f0000000580)='/dev/dsp\x00', &(0x7f00000005c0)='/dev/dsp\x00', &(0x7f0000000600)='em1,\x00', &(0x7f0000000640)='\x00', &(0x7f0000000680)='!\x00', &(0x7f00000006c0)='&\x00'], 0x800) 2018/04/09 21:15:19 executing program 6: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000080)=0x7, 0xff62) bind$inet6(r0, &(0x7f0000fa8fe4)={0xa, 0x4e23}, 0x1c) r1 = memfd_create(&(0x7f00000000c0)='[posix_acl_accesskeyring\x00', 0x1) ioctl$BINDER_SET_MAX_THREADS(r1, 0x40046205, 0x5) connect$inet6(r0, &(0x7f000098cfe4)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000da2ffc)=0xa069, 0xfea4) r2 = dup(r0) write$eventfd(r2, &(0x7f0000605ff8), 0xffbe) write$eventfd(r2, &(0x7f0000000040), 0x8) sendmmsg$alg(r2, &(0x7f0000359000)=[{0x0, 0x0, &(0x7f0000a45000)=[{&(0x7f0000001140)="c0", 0x1}], 0x1, &(0x7f0000360cd8)}], 0x1, 0x0) write$eventfd(r2, &(0x7f00006d5000), 0x8) write$cgroup_subtree(r2, &(0x7f0000000100)={[{0x0, 'memory', 0x20}]}, 0x8) write(r0, &(0x7f0000000000)="c4", 0x1) 2018/04/09 21:15:19 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20c]}, 0x10) [ 524.019801] FAULT_INJECTION: forcing a failure. [ 524.019801] name failslab, interval 1, probability 0, space 0, times 0 [ 524.031253] CPU: 0 PID: 2219 Comm: syz-executor0 Not tainted 4.16.0+ #16 [ 524.038102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 524.047485] Call Trace: [ 524.050082] dump_stack+0x1b9/0x294 [ 524.053721] ? dump_stack_print_info.cold.2+0x52/0x52 [ 524.058925] ? __save_stack_trace+0x7e/0xd0 [ 524.063262] should_fail.cold.4+0xa/0x1a 2018/04/09 21:15:19 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000006304683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 524.067336] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 524.072451] ? save_stack+0x43/0xd0 [ 524.076083] ? kasan_kmalloc+0xc4/0xe0 [ 524.079977] ? __kmalloc+0x14e/0x760 [ 524.083700] ? snd_pcm_plugin_build+0x64/0x670 [ 524.088286] ? snd_pcm_plugin_build_io+0x28c/0x720 [ 524.093229] ? snd_pcm_oss_change_params_locked+0x1247/0x3ce0 [ 524.099122] ? graph_lock+0x170/0x170 [ 524.102930] ? ksys_write+0xf9/0x250 [ 524.106650] ? SyS_write+0x24/0x30 [ 524.110197] ? do_syscall_64+0x29e/0x9d0 [ 524.114271] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 2018/04/09 21:15:19 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804001000000f000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 524.119647] ? find_held_lock+0x36/0x1c0 [ 524.123722] ? __lock_is_held+0xb5/0x140 [ 524.127802] ? check_same_owner+0x320/0x320 [ 524.132136] ? rcu_note_context_switch+0x710/0x710 [ 524.137080] __should_failslab+0x124/0x180 [ 524.141326] should_failslab+0x9/0x14 [ 524.145160] __kmalloc+0x2c8/0x760 [ 524.148707] ? mulaw_transfer+0x310/0x310 [ 524.152867] ? snd_pcm_plugin_build+0x448/0x670 [ 524.157545] snd_pcm_plugin_build+0x448/0x670 [ 524.162053] snd_pcm_plugin_build_io+0x28c/0x720 2018/04/09 21:15:19 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02000000070000000000000005001a00578effffffff000000000000000000000000ac1414aa00000000000000000000000018e3aca9414601c0cc5dd286cd04000000000000000000968e6e27aa948e98649a84ad784d98e02ce9de9c8e58f307af097356124fefa67fbf1f573a459e583239a5d9b5d1b7379ff94193d33e035fe5c26dcfbffabf41d3f9d2d580b4f156a25004576a0330f02fe8b0ec242fd954fec5e5821e72be48c89b1a2c9d0996f8d8d9a463e30c7a50b320f4472da118554d678f4faafee0f7a8df74b3dafce47c348dea0c3f75ff3525ac4994613c21"], 0x28}, 0x1}, 0x0) [ 524.166816] ? io_playback_transfer+0x310/0x310 [ 524.171500] ? snd_pcm_hw_param_max+0x730/0x730 [ 524.176186] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 524.181393] snd_pcm_oss_change_params_locked+0x1247/0x3ce0 [ 524.187123] ? snd_pcm_hw_param_near.constprop.35+0xb10/0xb10 [ 524.193018] ? find_held_lock+0x36/0x1c0 [ 524.197087] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 524.203065] ? _parse_integer+0x13b/0x190 [ 524.207222] ? find_held_lock+0x36/0x1c0 [ 524.211305] ? lock_downgrade+0x8e0/0x8e0 [ 524.215471] ? kasan_check_read+0x11/0x20 2018/04/09 21:15:19 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc02000000000000]}, 0x10) [ 524.219713] ? rcu_is_watching+0x85/0x140 [ 524.223877] snd_pcm_oss_make_ready_locked+0xbc/0x130 [ 524.229071] snd_pcm_oss_write+0x516/0xa20 [ 524.233314] ? expand_files.part.8+0x9a0/0x9a0 [ 524.237908] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 524.242766] __vfs_write+0x10b/0x880 [ 524.246482] ? __fget_light+0x2ef/0x430 [ 524.250480] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 524.255332] ? kernel_read+0x120/0x120 [ 524.259229] ? wait_for_completion+0x870/0x870 [ 524.263820] ? __lock_is_held+0xb5/0x140 2018/04/09 21:15:19 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000040)={{0x2, 0x4e22, @broadcast=0xffffffff}, {0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x1a, {0x2, 0x4e20, @broadcast=0xffffffff}, 'lo\x00'}) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0xffffffffffffff9a}], 0x1, 0x0, 0xfe83, 0xfffffffffffffffe}, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ppp\x00', 0x800, 0x0) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r1, 0x54a3) 2018/04/09 21:15:19 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000000ec0683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 524.267890] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 524.273446] ? security_file_permission+0x1c6/0x240 [ 524.278482] ? rw_verify_area+0x118/0x360 [ 524.282639] vfs_write+0x1f8/0x560 [ 524.286188] ksys_write+0xf9/0x250 [ 524.289744] ? SyS_read+0x30/0x30 [ 524.293201] ? mm_fault_error+0x380/0x380 [ 524.297353] ? ksys_ioctl+0x81/0xd0 [ 524.300987] SyS_write+0x24/0x30 [ 524.304359] ? ksys_write+0x250/0x250 [ 524.308274] do_syscall_64+0x29e/0x9d0 [ 524.312168] ? vmalloc_sync_all+0x30/0x30 [ 524.316322] ? _raw_spin_unlock_irq+0x27/0x70 2018/04/09 21:15:20 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000040)={0x0, 0x4d, &(0x7f0000000000)=[{&(0x7f0000000080)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 524.320823] ? finish_task_switch+0x1ca/0x820 [ 524.325412] ? syscall_return_slowpath+0x5c0/0x5c0 [ 524.330360] ? syscall_return_slowpath+0x30f/0x5c0 [ 524.335301] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 524.340676] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 524.345533] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 524.350721] RIP: 0033:0x455259 [ 524.353906] RSP: 002b:00007f080f9e5c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 524.361620] RAX: ffffffffffffffda RBX: 00007f080f9e66d4 RCX: 0000000000455259 [ 524.368894] RDX: 00000000fffffd5f RSI: 0000000020000000 RDI: 0000000000000013 [ 524.376163] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 524.383440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 524.390719] R13: 00000000000006c8 R14: 00000000006fd360 R15: 000000000000000b [ 524.430459] binder: 2216:2222 Acquire 1 refcount change on invalid ref 128 ret -22 [ 524.438335] binder: 2216:2222 unknown command -928540024 [ 524.456876] binder: 2216:2222 ioctl c0306201 20007000 returned -22 2018/04/09 21:15:20 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1400, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:15:20 executing program 6: r0 = socket(0x40000000015, 0x805, 0x0) bind$inet(r0, &(0x7f00000a9000)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10) sendto$inet(r0, &(0x7f0000dbf000), 0x0, 0x0, &(0x7f0000b2d000)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet6_tcp_int(r0, 0x6, 0x5, &(0x7f0000000180)=0x2, 0xee70dc649cdd0eca) getsockopt$llc_int(r0, 0x10c, 0x7, &(0x7f0000000100), &(0x7f0000000140)=0x4) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x20000000000002, &(0x7f00007b1000)=0x81, 0x4) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000000)) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000040), 0x4) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp\x00', 0x10000, 0x0) ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f00000000c0)={0x1000, 0x10f000, 0x19c, 0x8, 0x6}) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f00001e0f74)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(0xffffffffffffffff, 0xc08c5336, &(0x7f0000faff74)={0x0, 0x0, 0x0, "71756575653002000000000000000000000000000000000000000000000000000000000000000000000000000000090800"}) r2 = socket(0x15, 0x80005, 0x0) getsockopt(r2, 0x114, 0x2715, &(0x7f0000af0fe7)=""/13, &(0x7f000033bffc)=0xb) 2018/04/09 21:15:20 executing program 3: r0 = socket$inet(0x10, 0x0, 0xfddc) setsockopt$IP_VS_SO_SET_EDITDEST(r0, 0x0, 0x489, &(0x7f0000000080)={{0x2f, @empty, 0x4e22, 0x0, 'fo\x00', 0x2, 0x800, 0x63}, {@local={0xac, 0x14, 0x14, 0xaa}, 0x4e21, 0x0, 0xac90, 0x1, 0xff}}, 0x44) sendmsg(r0, &(0x7f0000014000)={0x0, 0x5b, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={0xffffffffffffffff, 0x28, &(0x7f00000001c0)={0x0, 0x0}}, 0x10) prctl$setname(0xf, &(0x7f0000000180)='+em0}(md5sumsystemmime_type:\x00') bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={r1, 0x0, 0x8}, 0xc) r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x10001, 0x8) sendmsg$nl_xfrm(r2, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@newspdinfo={0x28, 0x24, 0x8, 0x70bd29, 0x25dfdbfc, 0xece, [@srcaddr={0x14, 0xd, @in=@dev={0xac, 0x14, 0x14, 0x15}}]}, 0x28}, 0x1, 0x0, 0x0, 0x40804}, 0x4000) 2018/04/09 21:15:20 executing program 0 (fault-call:1 fault-nth:12): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x802, 0x0) write$selinux_user(r0, &(0x7f0000000000)={'system_u:object_r:inetd_exec_t:s0', 0x4000000, "73b90000fffe647500d8a3b0c5f65ad276ad7e23a669a728f70c85ba6334b32567692729107fcb313f14433f2ba7db4b84a09437fc36ec07a96c70e86ae27778adaf53da285284e7fa29dc2827a96d09350be959826a0e151d80dcde"}, 0xfffffd5f) 2018/04/09 21:15:20 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9000000000000]}, 0x10) 2018/04/09 21:15:20 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000000003683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:15:20 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0xfffffffffffffddf) r1 = dup2(r0, r0) ioctl$TUNGETFEATURES(r1, 0x800454cf, &(0x7f0000000040)) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0200000007000000000000000000000005001a00ffffffff000000020000000000000000ac1414aa0000000000f7ff000000000000000039fb52c770e5c4bf9b249bf45b99775bb93287cecf53a0129d86f2a3d262bcb3b5936d42196686ef70d421e55bce457de6744ce97286d3a285583aa5b799b600394c707f5b7ca870ba9bf7e246860aa5493be9417fc3344e8ecad7b03b9beb51613823558c57ba3dc669e86be646283075fa3a424f26d4032dac6e8e96de7aa824a96128289013204a4a85ba97963f7118b1ec37c0312b2416db217a9e2e36bba534247928ba036ff44c5b694bb3d6075a0f49dc2b2900fbcea2e0e0c2ae9eebec0261d64d0682bc6ac670f3c2015c875e13b6964dec3f96beb3f9379abd4b1b18655cff0609d4813e4de477622e6fadfd2eea1976297003ae509a48000000306af4f57cc8fd8b47b65a1ee3da155f5e4ef61f673e778617e951d6f184b9bf5d1917a99a04b999b0745770d427f097b4c4a206fbd22f65144e8bcf2b0351441d78b25237590b5bdd8763736fef038128a12238c8eddf42f5e13ae7e086039e"], 0x28}, 0x1}, 0x0) 2018/04/09 21:15:20 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x0, 0x4e13, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) [ 524.905428] FAULT_INJECTION: forcing a failure. [ 524.905428] name failslab, interval 1, probability 0, space 0, times 0 [ 524.916750] CPU: 1 PID: 2283 Comm: syz-executor0 Not tainted 4.16.0+ #16 [ 524.923606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 524.932966] Call Trace: [ 524.935562] dump_stack+0x1b9/0x294 [ 524.939195] ? dump_stack_print_info.cold.2+0x52/0x52 [ 524.944411] should_fail.cold.4+0xa/0x1a [ 524.948474] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 524.953573] ? snd_pcm_plugin_build+0x448/0x670 [ 524.958233] ? snd_pcm_plugin_build_io+0x28c/0x720 [ 524.963150] ? snd_pcm_oss_change_params_locked+0x1247/0x3ce0 [ 524.969029] ? snd_pcm_oss_make_ready_locked+0xbc/0x130 [ 524.974402] ? snd_pcm_oss_write+0x516/0xa20 [ 524.978804] ? __vfs_write+0x10b/0x880 [ 524.982679] ? vfs_write+0x1f8/0x560 [ 524.986390] ? graph_lock+0x170/0x170 [ 524.990187] ? find_held_lock+0x36/0x1c0 [ 524.994244] ? __lock_is_held+0xb5/0x140 [ 524.998322] ? check_same_owner+0x320/0x320 [ 525.002645] ? rcu_note_context_switch+0x710/0x710 [ 525.007574] __should_failslab+0x124/0x180 [ 525.011806] should_failslab+0x9/0x14 [ 525.015595] kmem_cache_alloc_trace+0x2cb/0x780 [ 525.020256] ? snd_pcm_plugin_build+0x448/0x670 [ 525.024920] snd_pcm_hw_param_near.constprop.35+0x15c/0xb10 [ 525.030627] ? _snd_pcm_hw_param_min+0x570/0x570 [ 525.035379] ? snd_pcm_hw_param_max+0x730/0x730 [ 525.040043] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 525.045228] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 525.050757] ? snd_pcm_plug_slave_size+0x1d0/0x350 [ 525.055683] snd_pcm_oss_change_params_locked+0x1b46/0x3ce0 [ 525.061406] ? snd_pcm_hw_param_near.constprop.35+0xb10/0xb10 [ 525.067284] ? find_held_lock+0x36/0x1c0 [ 525.071338] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 525.076870] ? _parse_integer+0x13b/0x190 [ 525.081012] ? find_held_lock+0x36/0x1c0 [ 525.085073] ? lock_downgrade+0x8e0/0x8e0 [ 525.089216] ? kasan_check_read+0x11/0x20 [ 525.093353] ? rcu_is_watching+0x85/0x140 [ 525.097524] snd_pcm_oss_make_ready_locked+0xbc/0x130 [ 525.102705] snd_pcm_oss_write+0x516/0xa20 [ 525.106929] ? expand_files.part.8+0x9a0/0x9a0 [ 525.111506] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 525.116345] __vfs_write+0x10b/0x880 [ 525.120046] ? __fget_light+0x2ef/0x430 [ 525.124012] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 525.128848] ? kernel_read+0x120/0x120 [ 525.132731] ? wait_for_completion+0x870/0x870 [ 525.137306] ? __lock_is_held+0xb5/0x140 [ 525.141365] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 525.146892] ? security_file_permission+0x1c6/0x240 [ 525.151901] ? rw_verify_area+0x118/0x360 [ 525.156045] vfs_write+0x1f8/0x560 [ 525.159579] ksys_write+0xf9/0x250 [ 525.163109] ? SyS_read+0x30/0x30 [ 525.166555] ? mm_fault_error+0x380/0x380 [ 525.170699] ? ksys_ioctl+0x81/0xd0 [ 525.174320] SyS_write+0x24/0x30 [ 525.177674] ? ksys_write+0x250/0x250 [ 525.181465] do_syscall_64+0x29e/0x9d0 [ 525.185339] ? vmalloc_sync_all+0x30/0x30 [ 525.189477] ? _raw_spin_unlock_irq+0x27/0x70 [ 525.193964] ? finish_task_switch+0x1ca/0x820 [ 525.198449] ? syscall_return_slowpath+0x5c0/0x5c0 [ 525.203370] ? syscall_return_slowpath+0x30f/0x5c0 [ 525.208294] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 525.213651] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 525.218492] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 525.223673] RIP: 0033:0x455259 [ 525.226851] RSP: 002b:00007f080f9e5c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 525.234552] RAX: ffffffffffffffda RBX: 00007f080f9e66d4 RCX: 0000000000455259 [ 525.241808] RDX: 00000000fffffd5f RSI: 0000000020000000 RDI: 0000000000000013 [ 525.249067] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 525.256323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 525.263582] R13: 00000000000006c8 R14: 00000000006fd360 R15: 000000000000000c 2018/04/09 21:15:21 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sync_file_range(r0, 0xffffffff, 0x6, 0x5) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x8000) fstat(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000140)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0xc) syz_fuse_mount(&(0x7f0000000000)='./file0\x00', 0xf000, r1, r2, 0x6, 0x10000) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f00000001c0)=0x5) 2018/04/09 21:15:21 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000080)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x4000, 0x80, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x2b}, 0x1}, 0x0) signalfd(r0, &(0x7f0000000180)={0x7}, 0xfffffffffffffdcd) 2018/04/09 21:15:21 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000]}, 0x10) 2018/04/09 21:15:21 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000000463683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:15:21 executing program 6: r0 = socket(0x40000000015, 0x805, 0x0) bind$inet(r0, &(0x7f00000a9000)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10) sendto$inet(r0, &(0x7f0000dbf000), 0x0, 0x0, &(0x7f0000b2d000)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet6_tcp_int(r0, 0x6, 0x5, &(0x7f0000000180)=0x2, 0xee70dc649cdd0eca) getsockopt$llc_int(r0, 0x10c, 0x7, &(0x7f0000000100), &(0x7f0000000140)=0x4) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x20000000000002, &(0x7f00007b1000)=0x81, 0x4) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000000)) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000040), 0x4) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp\x00', 0x10000, 0x0) ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f00000000c0)={0x1000, 0x10f000, 0x19c, 0x8, 0x6}) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f00001e0f74)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(0xffffffffffffffff, 0xc08c5336, &(0x7f0000faff74)={0x0, 0x0, 0x0, "71756575653002000000000000000000000000000000000000000000000000000000000000000000000000000000090800"}) r2 = socket(0x15, 0x80005, 0x0) getsockopt(r2, 0x114, 0x2715, &(0x7f0000af0fe7)=""/13, &(0x7f000033bffc)=0xb) 2018/04/09 21:15:21 executing program 0 (fault-call:1 fault-nth:13): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x802, 0x0) write$selinux_user(r0, &(0x7f0000000000)={'system_u:object_r:inetd_exec_t:s0', 0x4000000, "73b90000fffe647500d8a3b0c5f65ad276ad7e23a669a728f70c85ba6334b32567692729107fcb313f14433f2ba7db4b84a09437fc36ec07a96c70e86ae27778adaf53da285284e7fa29dc2827a96d09350be959826a0e151d80dcde"}, 0xfffffd5f) 2018/04/09 21:15:21 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb000000]}, 0x10) [ 525.479966] FAULT_INJECTION: forcing a failure. [ 525.479966] name failslab, interval 1, probability 0, space 0, times 0 [ 525.491376] CPU: 1 PID: 2309 Comm: syz-executor0 Not tainted 4.16.0+ #16 [ 525.498228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 525.507590] Call Trace: [ 525.510191] dump_stack+0x1b9/0x294 [ 525.513837] ? dump_stack_print_info.cold.2+0x52/0x52 [ 525.519055] should_fail.cold.4+0xa/0x1a [ 525.523137] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 525.528260] ? debug_check_no_locks_freed+0x310/0x310 [ 525.533480] ? graph_lock+0x170/0x170 [ 525.537292] ? snd_pcm_oss_change_params_locked+0xc4d/0x3ce0 [ 525.543109] ? snd_pcm_oss_write+0x516/0xa20 [ 525.547535] ? __vfs_write+0x10b/0x880 [ 525.551443] ? vfs_write+0x1f8/0x560 [ 525.555175] ? ksys_write+0xf9/0x250 [ 525.558892] ? find_held_lock+0x36/0x1c0 [ 525.562963] ? __lock_is_held+0xb5/0x140 [ 525.567062] ? check_same_owner+0x320/0x320 [ 525.571389] ? rcu_note_context_switch+0x710/0x710 [ 525.576319] ? graph_lock+0x170/0x170 [ 525.580121] __should_failslab+0x124/0x180 [ 525.584356] should_failslab+0x9/0x14 [ 525.588146] __kmalloc+0x2c8/0x760 [ 525.591689] ? constrain_params_by_rules+0x141/0x1360 [ 525.596869] ? find_held_lock+0x36/0x1c0 [ 525.600932] constrain_params_by_rules+0x141/0x1360 [ 525.605946] ? lock_downgrade+0x8e0/0x8e0 [ 525.610096] ? snd_pcm_mmap_control_fault+0x3e0/0x3e0 [ 525.615292] ? rcu_is_watching+0x85/0x140 [ 525.619436] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 525.624621] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 525.629821] ? is_bpf_text_address+0xd7/0x170 [ 525.634315] ? kernel_text_address+0x79/0xf0 [ 525.638718] ? __unwind_start+0x166/0x330 [ 525.642859] ? __kernel_text_address+0xd/0x40 [ 525.647352] ? unwind_get_return_address+0x61/0xa0 [ 525.652277] ? __save_stack_trace+0x7e/0xd0 [ 525.656603] ? save_stack+0xa9/0xd0 [ 525.660223] ? save_stack+0x43/0xd0 [ 525.663842] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 525.668846] ? snd_interval_refine+0x428/0x700 [ 525.673451] snd_pcm_hw_refine+0x8e9/0x1180 [ 525.677776] ? constrain_params_by_rules+0x1360/0x1360 [ 525.683051] ? graph_lock+0x170/0x170 [ 525.686843] ? __lock_is_held+0xb5/0x140 [ 525.690908] ? __lock_is_held+0xb5/0x140 [ 525.694967] ? snd_pcm_hw_param_near.constprop.35+0x15c/0xb10 [ 525.700846] ? rcu_read_lock_sched_held+0x108/0x120 [ 525.705852] ? kmem_cache_alloc_trace+0x616/0x780 [ 525.710688] ? _snd_pcm_hw_param_min+0x330/0x570 [ 525.715439] snd_pcm_hw_param_near.constprop.35+0x2cf/0xb10 [ 525.721146] ? _snd_pcm_hw_param_min+0x570/0x570 [ 525.725896] ? snd_pcm_hw_param_max+0x730/0x730 [ 525.730559] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 525.735742] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 525.741269] ? snd_pcm_plug_slave_size+0x1d0/0x350 [ 525.746193] snd_pcm_oss_change_params_locked+0x1b46/0x3ce0 [ 525.751911] ? snd_pcm_hw_param_near.constprop.35+0xb10/0xb10 [ 525.757788] ? find_held_lock+0x36/0x1c0 [ 525.761845] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 525.767377] ? _parse_integer+0x13b/0x190 [ 525.771520] ? find_held_lock+0x36/0x1c0 [ 525.775584] ? lock_downgrade+0x8e0/0x8e0 [ 525.779726] ? rcu_is_watching+0x85/0x140 [ 525.783879] snd_pcm_oss_make_ready_locked+0xbc/0x130 [ 525.789063] snd_pcm_oss_write+0x516/0xa20 [ 525.793290] ? expand_files.part.8+0x9a0/0x9a0 [ 525.797873] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 525.802722] __vfs_write+0x10b/0x880 [ 525.806427] ? __fget_light+0x2ef/0x430 [ 525.810393] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 525.815229] ? kernel_read+0x120/0x120 [ 525.819110] ? wait_for_completion+0x870/0x870 [ 525.823699] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 525.829229] ? security_file_permission+0x1c6/0x240 [ 525.834253] ? rw_verify_area+0x118/0x360 [ 525.838410] vfs_write+0x1f8/0x560 [ 525.841946] ksys_write+0xf9/0x250 [ 525.845480] ? SyS_read+0x30/0x30 [ 525.848921] ? mm_fault_error+0x380/0x380 [ 525.853066] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 525.857903] ? ksys_ioctl+0x81/0xd0 [ 525.861526] SyS_write+0x24/0x30 [ 525.864882] ? ksys_write+0x250/0x250 [ 525.868673] do_syscall_64+0x29e/0x9d0 [ 525.872550] ? vmalloc_sync_all+0x30/0x30 [ 525.876690] ? _raw_spin_unlock_irq+0x27/0x70 [ 525.881266] ? finish_task_switch+0x1ca/0x820 [ 525.885753] ? syscall_return_slowpath+0x5c0/0x5c0 [ 525.890674] ? syscall_return_slowpath+0x30f/0x5c0 [ 525.895599] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 525.900959] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 525.905802] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 525.910988] RIP: 0033:0x455259 [ 525.914168] RSP: 002b:00007f080f9e5c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 525.921880] RAX: ffffffffffffffda RBX: 00007f080f9e66d4 RCX: 0000000000455259 2018/04/09 21:15:21 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x10) [ 525.929147] RDX: 00000000fffffd5f RSI: 0000000020000000 RDI: 0000000000000013 [ 525.936416] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 525.943674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 525.950945] R13: 00000000000006c8 R14: 00000000006fd360 R15: 000000000000000d [ 526.022982] binder: 2274:2276 Acquire 1 refcount change on invalid ref 128 ret -22 [ 526.031147] binder: 2274:2276 unknown command -928540024 [ 526.057837] binder: 2274:2276 ioctl c0306201 20007000 returned -22 2018/04/09 21:15:26 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:15:26 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="0000000000000005001a00ffffffff000000000000000000000000ac1414aa00000000000000000000000000000000"], 0x28}, 0x1}, 0x0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/sync_retries\x00', 0x2, 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f00000000c0)={&(0x7f0000000040)='./file0\x00', r1}, 0x10) 2018/04/09 21:15:26 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804001000000c00e683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:15:26 executing program 3: r0 = socket$inet_sctp(0x2, 0x800000000000001, 0x84) sendto$inet(r0, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}}, 0x10) sendto$inet(r0, &(0x7f000026cfff)="c6", 0x1, 0x0, &(0x7f0000033ff0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}}, 0x10) shutdown(r0, 0x1) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000004c0)={0x0, @in={{0x2}}, 0x0, 0x0, 0x0, 0x5, 0x34}, 0x98) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x40007f9) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r1, 0x84, 0x79, &(0x7f0000000100)=0x1, 0x4) socket$inet(0x10, 0x3, 0x0) 2018/04/09 21:15:26 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb4]}, 0x10) 2018/04/09 21:15:26 executing program 6: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0x8, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1, 0xb) ioctl$KVM_SET_NR_MMU_PAGES(r1, 0xae44, 0x1) ppoll(&(0x7f0000053ff8)=[{r0}], 0x1, &(0x7f0000048000)={0x77359400}, &(0x7f0000052000), 0x8) signalfd4(0xffffffffffffffff, &(0x7f0000000040)={0x3}, 0xfd26, 0x0) 2018/04/09 21:15:26 executing program 0 (fault-call:1 fault-nth:14): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x802, 0x0) write$selinux_user(r0, &(0x7f0000000000)={'system_u:object_r:inetd_exec_t:s0', 0x4000000, "73b90000fffe647500d8a3b0c5f65ad276ad7e23a669a728f70c85ba6334b32567692729107fcb313f14433f2ba7db4b84a09437fc36ec07a96c70e86ae27778adaf53da285284e7fa29dc2827a96d09350be959826a0e151d80dcde"}, 0xfffffd5f) 2018/04/09 21:15:26 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x0, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:15:26 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="0200000007000000000000000000002105001a00ffffffff110000230000000000000000ac1414aa0000000000000000e200000000000000"], 0x28}, 0x1}, 0x0) 2018/04/09 21:15:26 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x10) [ 530.731841] FAULT_INJECTION: forcing a failure. [ 530.731841] name failslab, interval 1, probability 0, space 0, times 0 [ 530.743315] CPU: 0 PID: 2345 Comm: syz-executor0 Not tainted 4.16.0+ #16 [ 530.750173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 530.759540] Call Trace: [ 530.762155] dump_stack+0x1b9/0x294 [ 530.765815] ? dump_stack_print_info.cold.2+0x52/0x52 [ 530.771055] should_fail.cold.4+0xa/0x1a [ 530.775165] ? kernel_text_address+0x79/0xf0 [ 530.779617] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 530.784756] ? __lock_acquire+0x7f5/0x5130 [ 530.789023] ? graph_lock+0x170/0x170 [ 530.792862] ? find_held_lock+0x36/0x1c0 [ 530.796969] ? __lock_is_held+0xb5/0x140 [ 530.801093] ? check_same_owner+0x320/0x320 [ 530.805438] ? do_raw_spin_lock+0xc1/0x200 [ 530.809702] ? rcu_note_context_switch+0x710/0x710 [ 530.814668] ? trace_hardirqs_off+0xd/0x10 [ 530.818938] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 530.824074] __should_failslab+0x124/0x180 [ 530.828341] should_failslab+0x9/0x14 2018/04/09 21:15:26 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x1b, &(0x7f0000000040)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @dev={0xfe, 0x80, [], 0x16}, 0x3}, 0x1c) [ 530.832182] __kmalloc+0x2c8/0x760 [ 530.835763] ? __lock_acquire+0x7f5/0x5130 [ 530.840033] ? mark_held_locks+0xc9/0x160 [ 530.844230] ? constrain_params_by_rules+0x141/0x1360 [ 530.849465] constrain_params_by_rules+0x141/0x1360 [ 530.854527] ? snd_pcm_mmap_control_fault+0x3e0/0x3e0 [ 530.859748] ? lock_downgrade+0x8e0/0x8e0 [ 530.863927] ? kasan_check_read+0x11/0x20 [ 530.868220] ? rcu_is_watching+0x85/0x140 [ 530.872408] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 530.877631] ? rcu_bh_force_quiescent_state+0x20/0x20 2018/04/09 21:15:26 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a60080400100000000f0683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:15:26 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x10) [ 530.882862] ? is_bpf_text_address+0xd7/0x170 [ 530.887404] ? kernel_text_address+0x79/0xf0 [ 530.891845] ? __unwind_start+0x166/0x330 [ 530.896037] ? __kernel_text_address+0xd/0x40 [ 530.900552] ? unwind_get_return_address+0x61/0xa0 [ 530.905512] ? __save_stack_trace+0x7e/0xd0 [ 530.909870] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 530.915437] ? snd_interval_refine+0x428/0x700 [ 530.920069] snd_pcm_hw_refine+0x8e9/0x1180 [ 530.924429] ? constrain_params_by_rules+0x1360/0x1360 [ 530.929736] ? snd_pcm_oss_make_ready_locked+0xbc/0x130 [ 530.935110] ? snd_pcm_oss_write+0x516/0xa20 [ 530.939549] ? __vfs_write+0x10b/0x880 [ 530.943466] ? vfs_write+0x1f8/0x560 [ 530.947194] ? ksys_write+0xf9/0x250 [ 530.950927] ? SyS_write+0x24/0x30 [ 530.954503] ? do_syscall_64+0x29e/0x9d0 [ 530.958598] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 530.963991] ? kasan_check_read+0x11/0x20 [ 530.968160] ? do_raw_spin_unlock+0x9e/0x2e0 [ 530.972586] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 530.977191] ? print_usage_bug+0xc0/0xc0 2018/04/09 21:15:26 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000000200683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:15:26 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000180)={{{@in6=@remote, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in=@multicast2}}, &(0x7f0000000040)=0xe8) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000080)={@dev={0xfe, 0x80, [], 0x1b}, @mcast1={0xff, 0x1, [], 0x1}, @ipv4={[], [0xff, 0xff], @multicast2=0xe0000002}, 0x5, 0x1, 0xca, 0x500, 0x2cb, 0x4000000, r1}) [ 530.981279] ? kasan_check_write+0x14/0x20 [ 530.985542] ? do_raw_spin_lock+0xc1/0x200 [ 530.989816] ? trace_hardirqs_off+0xd/0x10 [ 530.994082] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 530.999223] ? debug_check_no_obj_freed+0x2ff/0x584 [ 531.004283] ? mark_held_locks+0xc9/0x160 [ 531.008464] ? quarantine_put+0xeb/0x190 [ 531.012556] snd_pcm_hw_param_first+0x30e/0x680 [ 531.017252] snd_pcm_hw_param_near.constprop.35+0x6e2/0xb10 [ 531.022999] ? _snd_pcm_hw_param_min+0x570/0x570 [ 531.027790] ? snd_pcm_hw_param_max+0x730/0x730 2018/04/09 21:15:26 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000001b09683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 531.032479] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 531.037690] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 531.043252] ? snd_pcm_plug_slave_size+0x1d0/0x350 [ 531.048215] snd_pcm_oss_change_params_locked+0x1b46/0x3ce0 [ 531.053965] ? snd_pcm_hw_param_near.constprop.35+0xb10/0xb10 [ 531.059887] ? find_held_lock+0x36/0x1c0 [ 531.064023] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 531.069593] ? _parse_integer+0x13b/0x190 [ 531.073773] ? find_held_lock+0x36/0x1c0 [ 531.077863] ? lock_downgrade+0x8e0/0x8e0 [ 531.082046] ? kasan_check_read+0x11/0x20 [ 531.086211] ? rcu_is_watching+0x85/0x140 [ 531.090402] snd_pcm_oss_make_ready_locked+0xbc/0x130 [ 531.095618] snd_pcm_oss_write+0x516/0xa20 [ 531.099864] ? expand_files.part.8+0x9a0/0x9a0 [ 531.104492] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 531.109366] __vfs_write+0x10b/0x880 [ 531.113098] ? __fget_light+0x2ef/0x430 [ 531.117104] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 531.121975] ? kernel_read+0x120/0x120 [ 531.125895] ? wait_for_completion+0x870/0x870 [ 531.130496] ? __lock_is_held+0xb5/0x140 [ 531.134585] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 531.140149] ? security_file_permission+0x1c6/0x240 [ 531.145197] ? rw_verify_area+0x118/0x360 [ 531.149376] vfs_write+0x1f8/0x560 [ 531.152948] ksys_write+0xf9/0x250 [ 531.156519] ? SyS_read+0x30/0x30 [ 531.159980] ? mm_fault_error+0x380/0x380 [ 531.164160] ? ksys_ioctl+0x81/0xd0 [ 531.167821] SyS_write+0x24/0x30 [ 531.171200] ? ksys_write+0x250/0x250 [ 531.175026] do_syscall_64+0x29e/0x9d0 [ 531.178939] ? vmalloc_sync_all+0x30/0x30 [ 531.183114] ? kasan_check_write+0x14/0x20 [ 531.187380] ? syscall_return_slowpath+0x5c0/0x5c0 [ 531.192338] ? syscall_return_slowpath+0x30f/0x5c0 [ 531.197323] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 531.202722] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 531.207611] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 531.212813] RIP: 0033:0x455259 [ 531.216012] RSP: 002b:00007f080f9e5c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 531.223762] RAX: ffffffffffffffda RBX: 00007f080f9e66d4 RCX: 0000000000455259 [ 531.231090] RDX: 00000000fffffd5f RSI: 0000000020000000 RDI: 0000000000000013 [ 531.238359] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 531.245641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 531.252929] R13: 00000000000006c8 R14: 00000000006fd360 R15: 000000000000000e [ 531.290472] binder: 2329:2330 Acquire 1 refcount change on invalid ref 128 ret -22 [ 531.298374] binder: 2329:2330 unknown command -928540024 [ 531.304733] binder: 2329:2330 ioctl c0306201 20007000 returned -22 2018/04/09 21:15:27 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1400000000000000, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:15:27 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13}, {0xfffffffffffffffc, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:15:27 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb4000000000000]}, 0x10) 2018/04/09 21:15:27 executing program 6: socketpair(0x8000000000001e, 0x5, 0x0, &(0x7f000000dff8)={0xffffffffffffffff}) close(0xffffffffffffffff) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc}, 0xffffffffffffff46) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000000)=ANY=[@ANYBLOB="55380000000000000a004e2400000000ff02000000000000000000000000000123ad00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000030000000a004e22030000000000000000000000000000000000000107000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e230800000000000000000000000000ffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e210900000000000000000000000000ffff00000003eb050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000adb5837ecbc493070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x210) bind$unix(0xffffffffffffffff, &(0x7f0000d77000)=@abs, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000265000)=@req={0x3fc}, 0x10) ioctl$EVIOCSREP(0xffffffffffffffff, 0x40084503, &(0x7f0000000240)=[0x0, 0xd45]) 2018/04/09 21:15:27 executing program 3: r0 = socket$inet(0x10, 0x4, 0x200) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:15:27 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804001000000001f683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:15:27 executing program 4: r0 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x1, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) utimensat(r0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)={{0x0, 0x2710}, {r1, r2/1000+30000}}, 0x100) r3 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r3, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x2}, 0x10}, 0x1}, 0x0) 2018/04/09 21:15:27 executing program 0 (fault-call:1 fault-nth:15): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x802, 0x0) write$selinux_user(r0, &(0x7f0000000000)={'system_u:object_r:inetd_exec_t:s0', 0x4000000, "73b90000fffe647500d8a3b0c5f65ad276ad7e23a669a728f70c85ba6334b32567692729107fcb313f14433f2ba7db4b84a09437fc36ec07a96c70e86ae27778adaf53da285284e7fa29dc2827a96d09350be959826a0e151d80dcde"}, 0xfffffd5f) [ 531.759387] FAULT_INJECTION: forcing a failure. [ 531.759387] name failslab, interval 1, probability 0, space 0, times 0 [ 531.770734] CPU: 0 PID: 2395 Comm: syz-executor0 Not tainted 4.16.0+ #16 [ 531.777597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 531.786968] Call Trace: [ 531.789577] dump_stack+0x1b9/0x294 [ 531.793237] ? dump_stack_print_info.cold.2+0x52/0x52 [ 531.798450] ? kernel_text_address+0x79/0xf0 [ 531.802895] ? __unwind_start+0x166/0x330 [ 531.807080] should_fail.cold.4+0xa/0x1a [ 531.811173] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 531.816333] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 531.821930] ? snd_pcm_hw_refine+0x362/0x1180 [ 531.826468] ? graph_lock+0x170/0x170 [ 531.830301] ? find_held_lock+0x36/0x1c0 [ 531.834386] ? __lock_is_held+0xb5/0x140 [ 531.838525] ? check_same_owner+0x320/0x320 [ 531.842911] ? debug_check_no_obj_freed+0x2ff/0x584 [ 531.847978] ? rcu_note_context_switch+0x710/0x710 [ 531.852941] __should_failslab+0x124/0x180 [ 531.857196] should_failslab+0x9/0x14 [ 531.861031] kmem_cache_alloc_trace+0x2cb/0x780 [ 531.865738] ? snd_pcm_hw_param_first+0x2eb/0x680 [ 531.870619] snd_pcm_hw_param_near.constprop.35+0x15c/0xb10 [ 531.876366] ? _snd_pcm_hw_param_min+0x570/0x570 [ 531.881152] ? snd_pcm_hw_param_max+0x730/0x730 [ 531.885856] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 531.891085] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 531.896663] ? snd_pcm_plug_slave_size+0x1d0/0x350 [ 531.901631] snd_pcm_oss_change_params_locked+0x1bb1/0x3ce0 [ 531.907391] ? snd_pcm_hw_param_near.constprop.35+0xb10/0xb10 [ 531.913317] ? find_held_lock+0x36/0x1c0 [ 531.917428] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 531.922994] ? _parse_integer+0x13b/0x190 [ 531.927179] ? find_held_lock+0x36/0x1c0 [ 531.931285] ? lock_downgrade+0x8e0/0x8e0 [ 531.935473] ? kasan_check_read+0x11/0x20 [ 531.939655] ? rcu_is_watching+0x85/0x140 [ 531.943862] snd_pcm_oss_make_ready_locked+0xbc/0x130 [ 531.949087] snd_pcm_oss_write+0x516/0xa20 [ 531.953352] ? expand_files.part.8+0x9a0/0x9a0 [ 531.957964] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 531.962838] __vfs_write+0x10b/0x880 [ 531.966568] ? __fget_light+0x2ef/0x430 [ 531.970566] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 531.975559] ? kernel_read+0x120/0x120 [ 531.979477] ? wait_for_completion+0x870/0x870 [ 531.984101] ? __lock_is_held+0xb5/0x140 [ 531.988187] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 531.993758] ? security_file_permission+0x1c6/0x240 [ 531.998815] ? rw_verify_area+0x118/0x360 [ 532.002989] vfs_write+0x1f8/0x560 [ 532.006560] ksys_write+0xf9/0x250 [ 532.010120] ? SyS_read+0x30/0x30 [ 532.013584] ? mm_fault_error+0x380/0x380 [ 532.017749] ? ksys_ioctl+0x81/0xd0 [ 532.021396] SyS_write+0x24/0x30 [ 532.024781] ? ksys_write+0x250/0x250 [ 532.028600] do_syscall_64+0x29e/0x9d0 [ 532.032502] ? vmalloc_sync_all+0x30/0x30 [ 532.036671] ? _raw_spin_unlock_irq+0x27/0x70 [ 532.041191] ? finish_task_switch+0x1ca/0x820 [ 532.045712] ? syscall_return_slowpath+0x5c0/0x5c0 [ 532.050655] ? syscall_return_slowpath+0x30f/0x5c0 [ 532.055611] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 532.061045] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 532.065916] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 532.071134] RIP: 0033:0x455259 [ 532.074332] RSP: 002b:00007f080f9e5c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 532.082055] RAX: ffffffffffffffda RBX: 00007f080f9e66d4 RCX: 0000000000455259 [ 532.089349] RDX: 00000000fffffd5f RSI: 0000000020000000 RDI: 0000000000000013 [ 532.096647] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 2018/04/09 21:15:27 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'yam0\x00', 0xc00}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) listen(r1, 0x4) sendto$inet6(r0, &(0x7f0000000040), 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @ipv4={[], [0xff, 0xff]}}, 0x1c) r2 = accept4$inet(0xffffffffffffff9c, 0x0, &(0x7f0000000080), 0x80800) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f00000000c0)={0xbd, {{0x2, 0x4e24, @rand_addr=0xe}}}, 0x88) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)=0x0) r4 = syz_open_procfs(r3, &(0x7f0000000000)="6e65749b7463703600") preadv(r4, &(0x7f00000004c0)=[{&(0x7f00000001c0)=""/250, 0xfa}, {&(0x7f0000000340)=""/75, 0x4b}], 0x2, 0x0) ioctl$PIO_CMAP(r4, 0x4b71, &(0x7f00000002c0)={0x1, 0x2, 0xfff, 0x4, 0xffffffff7fffffff, 0xf3be}) 2018/04/09 21:15:27 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/nat_icmp_send\x00', 0x2, 0x0) ioctl$KVM_S390_UCAS_MAP(r1, 0x4018ae50, &(0x7f0000000080)={0x157, 0x9, 0x4}) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) fcntl$setflags(r0, 0x2, 0x1) 2018/04/09 21:15:27 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) socket(0x2, 0x80006, 0x8) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x480200, 0x0) ioctl$RNDADDENTROPY(r1, 0x40085203, &(0x7f0000000080)={0x2, 0xaf, "4956251baef096bd6dc986d5c634e03bcfcb88a7088a125abdc8325c6a284b477e33275c2bb3527eebdda5eac2afaa8e94a6253cf4c262681d3b5596f9c59320f4e7d2ba8a0f7b3e9a352928c185fa79c92c570273c1185b9af348b9a72b88ae4401ede3b7aff474be3d5050153eb80f2f6ce561c10899f1ce526cd541acabfce511912ac903c4aede30304e4bc00cdfb2425b3913264d15c9d5c8d00c33328a9c825fb8ea7fd477728b25ad862482"}) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1, 0x0, 0x0, 0x10000}, 0x0) 2018/04/09 21:15:27 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804001000000091b683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:15:27 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb]}, 0x10) 2018/04/09 21:15:27 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804001000000000ec03540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:15:27 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="0200000007000000000000000000000005001a00ffffffff000000000000000000000000ac1414aa000000"], 0x28}, 0x1}, 0x0) 2018/04/09 21:15:27 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb00000000000000]}, 0x10) [ 532.103941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 532.111238] R13: 00000000000006c8 R14: 00000000006fd360 R15: 000000000000000f [ 532.187587] binder: 2401:2435 Acquire 1 refcount change on invalid ref 128 ret -22 [ 532.195706] binder: 2401:2435 unknown command -928540024 [ 532.215252] binder: 2401:2435 ioctl c0306201 20007000 returned -22 2018/04/09 21:15:28 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:15:28 executing program 4: r0 = socket$l2tp(0x18, 0x1, 0x1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000040)={0x0}, &(0x7f0000000080)=0xc) ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f00000000c0)=r1) r2 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r2, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) 2018/04/09 21:15:28 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000fdcff6)='/dev/ptmx\x00', 0x0, 0x0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv4/vs/nat_icmp_send\x00', 0x2, 0x0) r2 = syz_open_dev$vcsn(&(0x7f00000002c0)='/dev/vcs#\x00', 0x6, 0xc101) perf_event_open$cgroup(&(0x7f0000000200)={0x7, 0x70, 0x6, 0x2, 0x5, 0x5ea0, 0x0, 0x6, 0x0, 0xb, 0xfc5, 0x7fff, 0x7fffffff, 0x2, 0x3, 0xf615, 0x1, 0xab, 0xffff, 0x800, 0x1f, 0x3ff, 0x7, 0x3cf0, 0x3f, 0x7fffffff, 0x2, 0x5, 0x7fffffff, 0x5, 0x6ec1, 0x2, 0x7, 0x80000001, 0x19a00000, 0x7fffffff, 0xa1b, 0x9, 0x0, 0x20, 0x4, @perf_bp={&(0x7f00000001c0), 0x8}, 0x400, 0x5, 0xce5, 0x7, 0x4, 0x7, 0x7fffffff}, r1, 0x9, r2, 0x8) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r3 = syz_open_pts(r0, 0x20201) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000b28fdc)={0xfffffffffffffffd, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x3, 0x0, 0x1}) writev(r3, &(0x7f0000fe7f90)=[{&(0x7f00005e8f7e)="ae3b156f6594a2ec4aff8690e29b5acfed0a15ddabfbcbf1533984a7bffe6b44082a7640069fde4a681bb4a2160a0d", 0x2f}], 0x1) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000184000)={0x2, 0xf, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}}}]}, 0x40}, 0x1}, 0x0) r5 = socket$inet6(0xa, 0x2, 0x10001) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) setsockopt$inet6_IPV6_PKTINFO(r5, 0x29, 0x32, &(0x7f0000000140)={@loopback={0x0, 0x1}, r6}, 0x14) r7 = socket$inet(0x2, 0xf, 0x1) ioctl$sock_ifreq(r5, 0x8915, &(0x7f0000000180)={'bcsh0\x00', @ifru_names='syzkaller1\x00'}) recvfrom$inet(r7, &(0x7f0000000000)=""/151, 0x97, 0x40, &(0x7f00000000c0)={0x2, 0x4e24, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) 2018/04/09 21:15:28 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80720000]}, 0x10) 2018/04/09 21:15:28 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000000003683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:15:28 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f0000000040)={0x0, 0x5}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f00000000c0)={r1}, 0x8) 2018/04/09 21:15:28 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x2, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:15:28 executing program 0 (fault-call:1 fault-nth:16): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x802, 0x0) write$selinux_user(r0, &(0x7f0000000000)={'system_u:object_r:inetd_exec_t:s0', 0x4000000, "73b90000fffe647500d8a3b0c5f65ad276ad7e23a669a728f70c85ba6334b32567692729107fcb313f14433f2ba7db4b84a09437fc36ec07a96c70e86ae27778adaf53da285284e7fa29dc2827a96d09350be959826a0e151d80dcde"}, 0xfffffd5f) [ 532.807331] FAULT_INJECTION: forcing a failure. [ 532.807331] name failslab, interval 1, probability 0, space 0, times 0 [ 532.818873] CPU: 0 PID: 2465 Comm: syz-executor0 Not tainted 4.16.0+ #16 [ 532.825735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 532.835734] Call Trace: [ 532.835795] dump_stack+0x1b9/0x294 [ 532.835816] ? dump_stack_print_info.cold.2+0x52/0x52 [ 532.835837] ? is_bpf_text_address+0xd7/0x170 [ 532.835866] ? kernel_text_address+0x79/0xf0 2018/04/09 21:15:28 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2000000000000000}, 0xfffffc8c}, 0x1}, 0x0) 2018/04/09 21:15:28 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x10) [ 532.835894] should_fail.cold.4+0xa/0x1a [ 532.835920] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 532.835945] ? graph_lock+0x170/0x170 [ 532.835971] ? find_held_lock+0x36/0x1c0 [ 532.835993] ? __lock_is_held+0xb5/0x140 [ 532.836027] ? check_same_owner+0x320/0x320 [ 532.836065] ? debug_check_no_obj_freed+0x2ff/0x584 [ 532.836088] ? rcu_note_context_switch+0x710/0x710 [ 532.836115] __should_failslab+0x124/0x180 [ 532.836135] should_failslab+0x9/0x14 [ 532.836154] __kmalloc+0x2c8/0x760 [ 532.836169] ? __lock_acquire+0x7f5/0x5130 [ 532.836182] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 532.836207] ? constrain_params_by_rules+0x141/0x1360 [ 532.836232] ? graph_lock+0x170/0x170 [ 532.836252] constrain_params_by_rules+0x141/0x1360 [ 532.836287] ? find_held_lock+0x36/0x1c0 [ 532.836305] ? snd_pcm_mmap_control_fault+0x3e0/0x3e0 [ 532.836335] ? lock_downgrade+0x8e0/0x8e0 [ 532.836368] ? kasan_check_read+0x11/0x20 [ 532.836383] ? rcu_is_watching+0x85/0x140 [ 532.836402] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 532.836424] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 532.836449] ? is_bpf_text_address+0xd7/0x170 [ 532.836476] ? kernel_text_address+0x79/0xf0 [ 532.836502] ? __unwind_start+0x166/0x330 [ 532.836518] ? __kernel_text_address+0xd/0x40 [ 532.836543] ? unwind_get_return_address+0x61/0xa0 [ 532.836570] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 532.836584] ? snd_interval_refine+0x428/0x700 [ 532.836613] snd_pcm_hw_refine+0x8e9/0x1180 [ 532.836638] ? constrain_params_by_rules+0x1360/0x1360 [ 532.836651] ? snd_pcm_oss_change_params_locked+0x1bb1/0x3ce0 2018/04/09 21:15:28 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000000002683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 532.836664] ? snd_pcm_oss_make_ready_locked+0xbc/0x130 [ 532.836687] ? snd_pcm_oss_write+0x516/0xa20 [ 532.836703] ? __vfs_write+0x10b/0x880 [ 532.836716] ? vfs_write+0x1f8/0x560 [ 532.836730] ? ksys_write+0xf9/0x250 [ 532.836758] ? SyS_write+0x24/0x30 [ 532.836778] ? do_syscall_64+0x29e/0x9d0 [ 532.836798] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 532.836819] ? kasan_check_read+0x11/0x20 [ 532.836839] ? do_raw_spin_unlock+0x9e/0x2e0 [ 533.049819] ? do_raw_spin_trylock+0x1b0/0x1b0 2018/04/09 21:15:28 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x102) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e21, 0x6, @mcast1={0xff, 0x1, [], 0x1}, 0x4d2}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x28}, 0x1}, 0x0) [ 533.049842] ? print_usage_bug+0xc0/0xc0 2018/04/09 21:15:28 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x90000]}, 0x10) [ 533.049857] ? kasan_check_write+0x14/0x20 [ 533.049868] ? do_raw_spin_lock+0xc1/0x200 [ 533.049888] ? trace_hardirqs_off+0xd/0x10 [ 533.049901] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 533.049918] ? debug_check_no_obj_freed+0x2ff/0x584 [ 533.049942] ? mark_held_locks+0xc9/0x160 [ 533.049953] ? quarantine_put+0xeb/0x190 [ 533.049979] snd_pcm_hw_param_last+0x323/0x660 [ 533.049999] snd_pcm_hw_param_near.constprop.35+0x831/0xb10 [ 533.050031] ? _snd_pcm_hw_param_min+0x570/0x570 2018/04/09 21:15:28 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) r1 = dup3(r0, r0, 0x80000) sendmsg(r0, &(0x7f0000001240)={0x0, 0x0, &(0x7f00000010c0)=[{&(0x7f0000000080)="a600eef72d8c6850857b632be1fcc66e40462426bff7b0bfb7ffed5499ec996031cd577245e0ab65ba8391a805b83842bc6eb78c21c490308d23852f710e759abb61e6e8ffce5234361a1ac1d9f5c5965b99d849c77d481d9895cb808e3be237734a7afa369d74e4ae977d16c48e91dc39eb87bc241a3c8db1c8b5a7a9341af891c10786e74f17ef4d1e7ed155aff6904c978989c5807cd6403369e6c9f4205a83e5cd68300a9f8c3b01138aea7f3d63427cd979441b7a24929f387bfc0db8a95ebb5f802f73b4177a82b601c5b577dc39df3222fe7bb1e0d5b3c1935132d8c3c629aa1d9d12f28d3140ec25a2ade7a715f4a299b6d710154fbaaede45785f77447e015cfff580178ee68a708e01ac5d4de33cf67baef1947a6d898ba7e97cd94e070279bae6ad793cff4a94493a131268f2324c631a84fd14be3bea18f6d859da75ecf65f050e2e8ce0caf8101f991a5d5fee0a427d52a5a403381671234cebb2098a6e073547cff25fcaabbc5e076adf7bd48c55f466a64119bfc95e43c2b839659fd93b10f7e27874775f353eda3f34868469ee048b6c8546e311f24997c84bd7a705c860b5a5ff01b864609321775df6a7e5c3cbfee846e22d9b382e802b46fa2ccded0258cb75a7def18a2b799e0a20c4f872fdc620ecbb2e62fdabc6080703e3f7d1dcabe12f2073ce72037534fcd94ff83367e7bb5d3e731faf3f30476000737611286335c2d5de313206562b9289fccfdcc4c6cf8d7d6b1dc7e8b98ec64af490baf12193c1a301345df10cf47620d06d87e4ff923e7aad37d1d7baee5ac6a1f24a66a04dbd86edcbad19f25901056ff0262998593a8714011615cf401a4c571b97abced720072e191337918c32d7304965b8f4fecedfb3639756bf383736ed1a6c0159212ad2c1c58196867f27f0f1c09ecc418405fda3e96eabd896a11b6f84384139c187a008bd07b7e0f36223206f82107d4e3bca8247a042ca95c1d7f1de8337b0ad7fc3f8f12aca0bba17cdb650e72a8f09932a4f8726a4240b6011a6ab4789ec133e6b8d8412f33c12a0908ca8774db3eb1498073cc3925ef819ca428003d3f422bd71c95e9eeda272c33979b7918c4df5d5fb51db3eeaafb5e7f10a2b4390db4051447e31d23ec4f36df96cf30b6bd2f6468336526736b5d21d213e6d7f797130d22b9f4fe4b87fd0e2fd6057ca5a7cef086c6433430d9137d702626fe5a6412640c5f7a302c3721d235743d3ca883f4845aa92d5039011df943450ea2f133230fd1874fc9eab68272b69835134f1fe6edf65bddabb5af060f413e751c5acfacd65cff6b30907c635f69025b1028ae6ddc5c0b779e054a292fdec9228a4c9df6fad05753ea5a7acaa10966346d2eadef1c63f8c5635ed82441fb6a7f260de0c077e0b8a84c601e45892e47b95b0d3f5725a227c7fcdaabc87e9489554092df3b3edccfd67cfe50abbeec1af054c01bb3a04ea0c018d1f19e86def0667b9ea57c29db3eddb07b888bad6abe97c2909b1c8fb80a67cdc9847cbf650f03ed0b64c0117b952a856dc6ab2ac6d1972d56634cf6f464a4f8e15ffdfd0557471802d8f3ec5e69d963a993923c1d4d23e33ab75cea3ace2be8bbc52386718e7fdc4eb1b01ec46def0c70f84870064a1d8cf2ea671abaa4f45d45899c3eecd5ccdb8d43fbcf4cd306af4aeb3f16664040d7b5d05355579d00dc8d947e0824dabbc5dd06107e5f4d9cab172e1d56a2d36f7e199c8ae4e61690d9564e0e4e1fdb1d0482c0b08c488040eedbb6caa35117745bea163110521f5f8309e9786730169b3d6e9947d1362df8437ae9d1fab0ab81864867c2f7e70149da99a7acc92e09f333cfcae3bfefddc37cb98d930b52340ee9149f4ebedec3b13802bc3e8cc7c563105161df0338904b97018abe85b83f9688c83a2609a1ef6153bb5d4847ceeee1d45c989f14038a5e93d3088c3194a0c05fecd22653916c2dc80ea4f2015cb0015cf0febc71322ddb4fd4fb0bf32d40bf26897e26185229945277de2a2a83ed22051405f799c4afa34fd54287bc04e24262834c447285801737885e58bf4c8d3e9b3bc8446fa4c1cd3d03bf66a38c52075459d19a6b178c9dc5ac2527509bb17650a14cac5c6c25d07b8fd8c0b4e644fe5c1469aea6d8163c068de1c60be1c623df2b96fc8e1fcd4fe00f6d48d1698b36b3dbdc75a3dcadbc0d8da419a0c3d335de244f52a34f3afb94556448a62f627721d1bed757a8b5411244eddf9e75d16a1cc9d5172f777710114658355cd47120604fb897712b009d2632ca09431f1d702958037902d9786c6fb4570c3452cf43a1f01048ddc4d3a32095619f5b31fb1c5f05590bf1826f2c99409a525cbff47291f80d7e747ba9eba4d451aa7102212dba9b598fa1bd7caef22912f8f10c2b0a787860fcfbfe79a894afd34f9d034c0a553b8728a2ec5ee3b0db1a9a65fc6070794288b27f2dc0ba79022735d831fc2e561609e05ec906891ecde4a52daaa93e694b18575701608325f52c07ad8aa3207ba01028eb79eec576e1cd083c5c229de9bf8eec542b2099dd747d756dbc255103c9ec4ac4e17948d32b9afabc7423514f6aaf3448b9d01441e253a258813c66f9e2823b2fe7e9941cd91f8130a5ea3d54330af5694ec70a19facebf65636fbe8f099799cd9f2354080004c4c9fe9093c8811afb50042353060751103a3e55f3037cd3d038bb88506cbe287cf19f30d430ee4417eac533a73f457f271a221304d3f3c710b714b730fd3f82e762a098a9f5f4c16321912ed05a4f716ac7efedff6711078500864d1d7b9d2c14d43dc3abe72761daca1f0a26f265dd1be7260dcd71680ef9e4ad09109f740e2a6328e122b7c44c2232885d6900ecf81f290accbe527f32a21c06a4b058688cd81c9fdd05b3b7e482be7b91164dc54a7c54b99abdc9a1f3ee8125f86d9d8ceb20f1bfb389aad5545762418f4ef50852fb866dfa74028c06fb907e8a4ba41aa31888ad8f988b539139134613e0220e9f1b72f6d9b958eb3f9905268eb70987339028f09a138a5b7f3b666b5b30e1ac19b5889d246eb817e3ce3a9affc7a86a50074f9ca577d4c2443b78edfcaaa54a8db6e2c2f95dae0605739f51d544ed877adbfb9b4283549c8b483bc7a1ed73c748d5f68010b201f96dd44ca9fd8e84b15ba5cd87239fff8769e559e4296da2ed3c7746df5a22b14033635d393b93679cb829cbeba89fb58ed683759e98ade4f12e7f2c8456abce0153fdefbf375f8213e5e91b54154526c37c2e9095af49503ba829db689a32313ae0977f1d6f41f1586fb078c53a04005254731c51d0716fc4c2c352fdee19afb4b5b32068da9e0ce9ad70963fac63cf1ae36e0d00f1b040c02250a33bddfb389b8c7cb2f21b8ad1ff06cb779594b378d7d783b435b06c3b870c915c4e41aded76a6442cefb43e6c8c96c639abfe73d9574c3c781aaf31aa0c1cb8888c039f6a670d742352820983b4dbbe5cdcf05d80b90b6eb2666bff4fbc46d04f6b49c18cec2658e76f1ba9ed788c02c49713d9432ce4cdd8600cf395d5d185e4238a370cc3579290e234862bdb5a2e0687b38b1105681e2890e07ad8e6b3d25beee07c938c9f9d983ccf85ed77d8911fc53e4c909f74858f0e8f91aef38eadc909538c663e588cb4eda32ae67c407c67af048169a305baa6793451a7ce7456d67682bb6c1f5c491015627fe57dff25ec441095ddebe6f84b8dc1eb8af4f8d68b52edfed2f1bcff64b1c15a18dd983ee0803181b32d2e3ae8441869501c7b5b8502536e556cc668a9ac935de916a80e510fc7fc7331ce0895ac2ea936bf782d34242ff10fe052ecbb0266535c5d14a56618149ef2fb9010ba3742b41822d04eb536964938b0420095411d6576735c6fd0d97ed42d0c278cb442900d46073e04aff8f5dbe136eb2f58d827b56de5dd112289ab5ef9510ed0708d8cd9d0a9823cf10fd561911678f77ffdd5cdf253b2af6d9e7245092ed4db553a1a334d264dcf11308730460e63b13f8c8d0442fa994c24ec994313c013a260de5b560812f3875bc1d1b5d19d0662f3e21c9bfe6ff830327f16484a4292c1d7b8c3476113fd1bba32efeea731d9c6b772dd540f60ee042aa0a814c25f205d9503fb1185b0f773978ab272bca3b49d58578619b1cfcce420cf0653b0a9dfd2ba8a1df322abda0afc3f1967a138f4ee71704a2b82d4201e5ce087ef0be34e5fedbcb2a7137eadc7d144135d2a8f784312c5c214a31efe47d459ea0f211044063655ad48ec8314a8ae22875c4ac340547c68710c89ecdd67b09e6cdf233d73533a0809c1b17aae65ad362905b5f6c522330297109eac67ef19e15d661a9c853b5ddbed258a4933f20ab7600f212f77bc3a70d3f7bbd92912562519da5d2acc3c113c7022ea14808d6fbf1396167b52b4849554772152310a1f0f4cf2bb39bb2ef3d45cf572a232542f22fbb9c4d9d02afea73eb0cf39a51ce0f88f807e1bb768c537048c478e0ea70d8e2d0e531adbd54b482ed19dc63d6f22ac0c1c15c26e5b168cb93dd83616a36aa38a62631cf2fff82d0a037111c1c64f1cd4f7538831307c435bc5207baaab714aef6ae0b8e2a301af06cb84bbbd8e4802c5c68a58ca60872b2f22311e7a834a27b83f6bf788fdb2d9b3866f948175a8761efa9e18dbe6009b01b7bc021a018bd08f6cbf861a2e55905b662ed610147dc1c52c0156178f6975b6af336eeb2d15a03a96266cad2a7c7b316398d6a904db899b8d0b58bc3c0eda7e29fef9edc91b5c010b01384a150448f1de18c735b3070b1e1ce7254bd342117f2520a39f2219e460ee1934312b2cc9a25f493541afe2916804e899b5355518ea8bd70d08b64d6838c58ed1dce6e5524b4776e0da3393a6c140ce76bd3cb3969e26e4915d89210461ddb91c25524d3328a79dd066492280ebc4a505eecaa8bb746b176e3d8c093f0b8c292d5ee8a359a75b360e8fd55c196fa1ba011677b6fcc09c8c7c3f5518fa85827a3ee612b81d34e0e20e029b52408b78e94bca4387d0ccd632499f8da4c1ddc03393075d564ac6948bdc1076f213cf8b5ffde5f7db08377ee4cc9de158911effab79992a553b9a59ce21a6cf76ffaf6bb66a62e38029c42de6bd7f572752e5d6505bbd38a48fd70816cc519e67783b2438749b742d1e1ab358b73cd2e93010d403bc477ed5d9220dd19892a913775a8b8a9e6f8f0719ff2c987d275c67429099345055efb62900a665002f6eeb673285e04b1dee236585356c076e49e2a73ce7bc212b41d2181dbf89259b6c986df71d17644b19269a28ab49d024956c1e3ab09e8520dd61e76c33a4bc7b1e7488bf79a7e096242fb7d5eed934b58d537917b2bc95e651bfd5de5e62b9db620115169b54d89a0caf615b1d26f8a16d4edcb2fe85dc4bb26081d44df7f40feeaa89c9215864d373a0a21ff700368781b1d18ea04432a0e7a6e1d3bc3a925ae5f42e57994875ea2055845ddb6848a4f0f73f3f1b533f6815bd33b023b2782327cd365d83ef3c31bdc3b637830a20dded7ee6e4eaba4292e1047874398968dbba94be5c122a1b3bb0e49c88656cccb5b8494e1d70e827b8ebfa387d87f3417202e5f2dfabe1e09c64ca34530f9042d93acaec6233ce3a60122715439e0c91ba7544f0b4240cf8046d53414d4e631857b551095c0051489f77e2c8e961d09b701726d413134a43ca75e65c734340ad72c876ad4e4e4b74c77b867b0f4cdfb368492424c9e62979c299f85e0cb2efb042fc7", 0x1000}, {&(0x7f0000001080)="2cfb77a3ad73fc808f8fd8d41c3ee2a9167f464a6e47dd4ecfbac3580092da605f25ea75d86cd47fd45f5901bd39b2", 0x2f}], 0x2, &(0x7f0000001100)=[{0x18, 0xff, 0x3, "879f76"}, {0xc0, 0x11f, 0x80, "4074172a818572d72eff68a19e27d41f5d7f9ab069116f69987f89a4ac36f1a97cff13e7234e8904a7df94bf758f6275a244bb3adf79bb33580fc8ee65687138c3cb7e8b9c3eb5b0b4905be56644562a8a965cbc93ff7af2930e4913c69dbe1d130b2f6109ab869ae8d3031c89c45497493a565c4c7d05466ea46754f1ed705b16b2cab94d6aeb0d79681d1f581ef07f7d769c76d4773a03380aef6f2d843601c5e2fb9333e996952fae10ba06b5"}, {0x30, 0x116, 0x200, "60d85d88b2ceb6a6d700a3402835171586352c92222bde228db3ffd154208dbe"}], 0x108, 0x4}, 0x4004001) ioctl$EVIOCSREP(r1, 0x40084503, &(0x7f0000000040)=[0x800, 0x5]) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/09 21:15:28 executing program 0 (fault-call:1 fault-nth:17): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x802, 0x0) write$selinux_user(r0, &(0x7f0000000000)={'system_u:object_r:inetd_exec_t:s0', 0x4000000, "73b90000fffe647500d8a3b0c5f65ad276ad7e23a669a728f70c85ba6334b32567692729107fcb313f14433f2ba7db4b84a09437fc36ec07a96c70e86ae27778adaf53da285284e7fa29dc2827a96d09350be959826a0e151d80dcde"}, 0xfffffd5f) [ 533.050051] ? snd_pcm_hw_param_max+0x730/0x730 [ 533.050066] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 533.050088] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 533.050109] ? snd_pcm_plug_slave_size+0x1d0/0x350 [ 533.050132] snd_pcm_oss_change_params_locked+0x1bb1/0x3ce0 [ 533.050161] ? snd_pcm_hw_param_near.constprop.35+0xb10/0xb10 [ 533.050179] ? find_held_lock+0x36/0x1c0 [ 533.050196] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 533.050210] ? _parse_integer+0x13b/0x190 [ 533.050226] ? find_held_lock+0x36/0x1c0 [ 533.050251] ? lock_downgrade+0x8e0/0x8e0 [ 533.050267] ? kasan_check_read+0x11/0x20 [ 533.050279] ? rcu_is_watching+0x85/0x140 [ 533.050308] snd_pcm_oss_make_ready_locked+0xbc/0x130 [ 533.050322] snd_pcm_oss_write+0x516/0xa20 [ 533.050336] ? expand_files.part.8+0x9a0/0x9a0 [ 533.050356] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 533.050383] __vfs_write+0x10b/0x880 [ 533.050396] ? __fget_light+0x2ef/0x430 [ 533.050407] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 533.050420] ? kernel_read+0x120/0x120 [ 533.050443] ? wait_for_completion+0x870/0x870 [ 533.050462] ? __lock_is_held+0xb5/0x140 [ 533.050479] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 533.050492] ? security_file_permission+0x1c6/0x240 [ 533.050510] ? rw_verify_area+0x118/0x360 [ 533.050526] vfs_write+0x1f8/0x560 [ 533.050542] ksys_write+0xf9/0x250 [ 533.050557] ? SyS_read+0x30/0x30 [ 533.050576] ? mm_fault_error+0x380/0x380 [ 533.050590] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 533.050602] ? ksys_ioctl+0x81/0xd0 [ 533.050623] SyS_write+0x24/0x30 [ 533.050634] ? ksys_write+0x250/0x250 [ 533.050648] do_syscall_64+0x29e/0x9d0 [ 533.050658] ? vmalloc_sync_all+0x30/0x30 [ 533.050669] ? _raw_spin_unlock_irq+0x27/0x70 [ 533.050685] ? finish_task_switch+0x1ca/0x820 [ 533.050698] ? syscall_return_slowpath+0x5c0/0x5c0 [ 533.050711] ? syscall_return_slowpath+0x30f/0x5c0 [ 533.050740] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 533.050756] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 533.050778] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 533.050791] RIP: 0033:0x455259 [ 533.050797] RSP: 002b:00007f080f9e5c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 533.050815] RAX: ffffffffffffffda RBX: 00007f080f9e66d4 RCX: 0000000000455259 [ 533.050822] RDX: 00000000fffffd5f RSI: 0000000020000000 RDI: 0000000000000013 [ 533.050829] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 533.050847] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 533.050854] R13: 00000000000006c8 R14: 00000000006fd360 R15: 0000000000000010 [ 533.150125] binder: 2469:2484 Acquire 1 refcount change on invalid ref 128 ret -22 [ 533.293806] FAULT_INJECTION: forcing a failure. [ 533.293806] name failslab, interval 1, probability 0, space 0, times 0 [ 533.296702] binder: 2469:2484 unknown command -928540024 [ 533.349939] binder: 2469:2484 ioctl c0306201 20007000 returned -22 [ 533.350821] CPU: 1 PID: 2503 Comm: syz-executor0 Not tainted 4.16.0+ #16 [ 533.350834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 533.350845] Call Trace: [ 533.489568] dump_stack+0x1b9/0x294 [ 533.493194] ? dump_stack_print_info.cold.2+0x52/0x52 [ 533.498376] ? perf_trace_lock_acquire+0xe3/0x980 [ 533.503217] ? lock_downgrade+0x8e0/0x8e0 [ 533.507365] should_fail.cold.4+0xa/0x1a [ 533.511419] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 533.516522] ? graph_lock+0x170/0x170 [ 533.520313] ? kernel_text_address+0x79/0xf0 [ 533.524712] ? __unwind_start+0x166/0x330 [ 533.528856] ? find_held_lock+0x36/0x1c0 [ 533.532916] ? __lock_is_held+0xb5/0x140 [ 533.536984] ? check_same_owner+0x320/0x320 [ 533.541297] ? snd_pcm_hw_param_near.constprop.35+0x831/0xb10 [ 533.547168] ? snd_pcm_oss_change_params_locked+0x1bb1/0x3ce0 [ 533.553050] ? snd_pcm_oss_make_ready_locked+0xbc/0x130 [ 533.558409] ? rcu_note_context_switch+0x710/0x710 [ 533.563330] ? ksys_write+0xf9/0x250 [ 533.567040] ? SyS_write+0x24/0x30 [ 533.570572] ? do_syscall_64+0x29e/0x9d0 [ 533.574625] __should_failslab+0x124/0x180 [ 533.578853] should_failslab+0x9/0x14 [ 533.582638] __kmalloc+0x2c8/0x760 [ 533.586174] ? trace_hardirqs_off+0xd/0x10 [ 533.590403] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 533.595495] ? constrain_params_by_rules+0x141/0x1360 [ 533.600676] constrain_params_by_rules+0x141/0x1360 [ 533.605686] ? __lock_acquire+0x7f5/0x5130 [ 533.609907] ? mark_held_locks+0xc9/0x160 [ 533.614051] ? kfree+0x111/0x260 [ 533.617409] ? snd_pcm_mmap_control_fault+0x3e0/0x3e0 [ 533.622591] ? debug_check_no_locks_freed+0x310/0x310 [ 533.627769] ? constrain_params_by_rules+0xa3d/0x1360 [ 533.632959] ? snd_pcm_mmap_control_fault+0x3e0/0x3e0 [ 533.638142] ? perf_trace_lock+0xd6/0x900 [ 533.642276] ? perf_trace_lock_acquire+0xe3/0x980 [ 533.647104] ? lock_downgrade+0x8e0/0x8e0 [ 533.651243] ? zap_class+0x720/0x720 [ 533.654945] ? perf_trace_lock+0x900/0x900 [ 533.659169] ? rcu_is_watching+0x85/0x140 [ 533.663313] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 533.668320] ? snd_interval_refine+0x428/0x700 [ 533.672901] snd_pcm_hw_refine+0x8e9/0x1180 [ 533.677227] ? constrain_params_by_rules+0x1360/0x1360 [ 533.682496] ? find_held_lock+0x36/0x1c0 [ 533.686549] ? print_usage_bug+0xc0/0xc0 [ 533.690611] ? lock_downgrade+0x8e0/0x8e0 [ 533.694749] ? lock_release+0xa10/0xa10 [ 533.698716] ? kasan_check_read+0x11/0x20 [ 533.702860] ? do_raw_spin_unlock+0x9e/0x2e0 [ 533.707262] ? mark_held_locks+0xc9/0x160 [ 533.711407] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 533.716421] snd_pcm_hw_params+0x2a9/0x1e20 [ 533.720737] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 533.725837] ? debug_check_no_obj_freed+0x2ff/0x584 [ 533.730851] ? snd_pcm_hw_refine+0x1180/0x1180 [ 533.735430] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 533.740438] ? snd_pcm_hw_param_value+0x112/0x550 [ 533.745276] ? snd_pcm_hw_param_last+0x300/0x660 [ 533.750207] ? snd_pcm_hw_param_near.constprop.35+0x6e9/0xb10 [ 533.756094] ? _snd_pcm_hw_param_min+0x570/0x570 [ 533.760850] ? snd_pcm_hw_param_max+0x730/0x730 [ 533.765512] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 533.770698] snd_pcm_kernel_ioctl+0x6c/0x240 [ 533.775101] snd_pcm_oss_change_params_locked+0x1be8/0x3ce0 [ 533.780831] ? snd_pcm_hw_param_near.constprop.35+0xb10/0xb10 [ 533.786710] ? perf_trace_lock+0x900/0x900 [ 533.790934] ? find_held_lock+0x36/0x1c0 [ 533.794987] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 533.800519] ? _parse_integer+0x13b/0x190 [ 533.804663] ? find_held_lock+0x36/0x1c0 [ 533.808726] ? lock_downgrade+0x8e0/0x8e0 [ 533.812874] ? rcu_is_watching+0x85/0x140 [ 533.817053] snd_pcm_oss_make_ready_locked+0xbc/0x130 [ 533.822235] snd_pcm_oss_write+0x516/0xa20 [ 533.826460] ? expand_files.part.8+0x9a0/0x9a0 [ 533.831052] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 533.835913] __vfs_write+0x10b/0x880 [ 533.839617] ? __fget_light+0x2ef/0x430 [ 533.843581] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 533.848416] ? kernel_read+0x120/0x120 [ 533.852296] ? wait_for_completion+0x870/0x870 [ 533.856881] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 533.862410] ? security_file_permission+0x1c6/0x240 [ 533.867421] ? rw_verify_area+0x118/0x360 [ 533.871564] vfs_write+0x1f8/0x560 [ 533.875099] ksys_write+0xf9/0x250 [ 533.878633] ? SyS_read+0x30/0x30 [ 533.882073] ? mm_fault_error+0x380/0x380 [ 533.886228] ? ksys_ioctl+0x81/0xd0 [ 533.889850] SyS_write+0x24/0x30 [ 533.893207] ? ksys_write+0x250/0x250 [ 533.897002] do_syscall_64+0x29e/0x9d0 [ 533.900883] ? vmalloc_sync_all+0x30/0x30 [ 533.905027] ? _raw_spin_unlock_irq+0x27/0x70 [ 533.909522] ? finish_task_switch+0x1ca/0x820 [ 533.914012] ? syscall_return_slowpath+0x5c0/0x5c0 [ 533.918939] ? syscall_return_slowpath+0x30f/0x5c0 [ 533.923869] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 533.929229] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 533.934074] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 533.939253] RIP: 0033:0x455259 [ 533.942433] RSP: 002b:00007f080f9e5c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 2018/04/09 21:15:29 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000000000683540150324001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 533.950134] RAX: ffffffffffffffda RBX: 00007f080f9e66d4 RCX: 0000000000455259 [ 533.957392] RDX: 00000000fffffd5f RSI: 0000000020000000 RDI: 0000000000000013 [ 533.964651] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 533.971908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 533.979168] R13: 00000000000006c8 R14: 00000000006fd360 R15: 0000000000000011 2018/04/09 21:15:29 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000580)) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180), 0x0) getpgrp(0xffffffffffffffff) mq_unlink(&(0x7f0000000680)='\x00') perf_event_open(&(0x7f0000940000)={0x7, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900000000000000, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 21:15:29 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb000000]}, 0x10) 2018/04/09 21:15:29 executing program 6: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) r0 = fcntl$getown(0xffffffffffffff9c, 0x9) ptrace$peekuser(0x3, r0, 0x5) nanosleep(&(0x7f0000000080)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) r1 = syz_open_dev$usbmon(&(0x7f0000000100)='/dev/usbmon#\x00', 0x6, 0x202) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f0000000200)={0x1, 0x8, 0xffffffff, 0x0, 0xf}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000a55000/0x4000)=nil, 0x4000, 0x0, 0x0, 0xffffffffffffffff) syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000840), 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="e4a141fc47174d268fca0e8d49f0a86f39a23a5a337da710f490dd545558e6e62dc3b1ea9480c63ea50dcd9feca5fe725596b1ce46194bd8e273a8a080a755900b846dc15f1db7b8714b7d1215b6b445535013ee6a3c5ff9e72affed45427dc480a0524c3235f891a537254c7141b2d6572aad"]) kcmp$KCMP_EPOLL_TFD(r0, r0, 0x7, r1, &(0x7f0000000580)={r1, r1, 0x7}) syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x5bd3, 0x42) r2 = shmget(0x0, 0x2000, 0x2, &(0x7f000016b000/0x2000)=nil) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000280)={{{@in6=@mcast1, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@rand_addr}, 0x0, @in6}}, &(0x7f0000000140)=0xe8) r4 = getegid() stat(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(0xffffffffffffff9c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) shmctl$IPC_SET(r2, 0x1, &(0x7f00000004c0)={{0x8001, r3, r4, r5, r6, 0x170, 0x3c}, 0x20000000000, 0x6, 0x4, 0x0, r0, r0}) prctl$intptr(0x1f, 0x0) 2018/04/09 21:15:29 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r0, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="2200000007000000800000000000000005001a00ffffff7f000000000000000000000000ac1414aa00000000000000000000000000000000"], 0x28}, 0x1}, 0x0) 2018/04/09 21:15:29 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x400, 0x0) ioctl$KVM_SET_MP_STATE(r1, 0x4004ae99, &(0x7f0000000080)=0x2) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f00000000c0)=[@in6={0xa, 0x4e24, 0x64, @mcast1={0xff, 0x1, [], 0x1}, 0x200}, @in6={0xa, 0x4e24, 0x8, @empty, 0x1}, @in={0x2, 0x4e21, @multicast1=0xe0000001}, @in={0x2, 0x4e21, @loopback=0x7f000001}, @in={0x2, 0x4e24, @remote={0xac, 0x14, 0x14, 0xbb}}, @in6={0xa, 0x4e22, 0x92, @mcast1={0xff, 0x1, [], 0x1}, 0x8001}, @in6={0xa, 0x4e20, 0x8, @loopback={0x0, 0x1}, 0x7fffffff}, @in6={0xa, 0x4e20, 0xfff, @mcast1={0xff, 0x1, [], 0x1}, 0x804}, @in6={0xa, 0x4e21, 0x8c8e, @ipv4={[], [0xff, 0xff], @local={0xac, 0x14, 0x14, 0xaa}}, 0x9}], 0xd8) 2018/04/09 21:15:29 executing program 1: r0 = socket(0x4, 0x6, 0x3) r1 = dup(r0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2de17bdc, 0x9}) write(r0, &(0x7f000007e000)="1f0000000104ff00fdde45c807110000f305fcf008000180010002dcffc500", 0x1f) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/76) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@loopback}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x40000000003a, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0xffffff82, 0xd, 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) geteuid() getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) fcntl$getownex(r3, 0x10, &(0x7f0000000480)) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)) socket$inet6_dccp(0xa, 0x6, 0x0) gettid() mkdir(&(0x7f0000eb1000)='./file0\x00', 0x0) mount(&(0x7f0000a3f000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f00005e5000)='ramfs\x00', 0x1, &(0x7f0000fcd000)) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000640)={0x3, &(0x7f0000000600)=[{0x7, 0x8000, 0x4e13, 0x8}, {0x0, 0x0, 0x0, 0xffff}, {0x7, 0xfffffffffffffff9, 0x3, 0xb9ad}]}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000aa7ff0)={&(0x7f0000910000)='./file0\x00'}, 0x10) perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000005c0)='/dev/binder#\x00', 0x0, 0x0) r4 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0xb5, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0563044080000000889aa7c84ef1b19017af724015e930aac7b037bfe7e84d6a0f0bf9653beabb5b2197f383000012420b8df39f3ac1aafb6b8c11637cb962f9911ee15bdcbf317a20bd2ac162032a93ead0ea4b86ac1a68c3f176433a2113912e0b170bc2f1a1fae7b863d7619badaca07984b5863fd4d7afbeefd49fad00c34c6fbd2c3a237de3caceaa25f72b0ab7d7aceafb4c46009f57671f0c6644f7bd842c51116b2268526129824adeef00dc2577588713"], 0xb0, 0x0, &(0x7f0000000680)="3b96fa7a5b1bfad908d2a8bb95dd032bafd1e6cde317569b39cc2b7e5aec256a39508a46a550652b04e4f4aaba7de1c7f631472f490b931cd92f6f49c556d46e500994170993f2bdc67ba5239261ee18081254bd47ed3fb710da6e32c01e8de94fdc036cfb03000000000000006e5b812b7347b1fff64714b497352f724f77af5fcbbf2afc8963bde54902feec050a6bd30fc5ac34fe1f0bbb48466e2ec5ea150dde34fe153854dd8e5148fb9a56a504"}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x3, 0x0, [{0x7000, 0x61, &(0x7f0000000500)=""/97}, {0x0, 0x5c, &(0x7f0000000800)=""/92}, {0x0, 0x7d, &(0x7f0000000880)=""/125}]}) write$tun(r1, &(0x7f0000000180)={@pi={0x0, 0x88ef}, @hdr={0x1, 0x7, 0x3ff, 0xe8d8, 0x4}, @eth={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, @empty, [], {@can={0xc, {{0x4, 0x4, 0x7fffffff, 0x1ff}, 0x1, 0x2, 0x0, 0x0, "08d809277bebb402"}}}}}, 0x2c) r5 = msgget(0x1, 0x80) msgrcv(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cd5a30098545900000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x611e6b035e39ef78, 0x3800) 2018/04/09 21:15:29 executing program 0 (fault-call:1 fault-nth:18): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x802, 0x0) write$selinux_user(r0, &(0x7f0000000000)={'system_u:object_r:inetd_exec_t:s0', 0x4000000, "73b90000fffe647500d8a3b0c5f65ad276ad7e23a669a728f70c85ba6334b32567692729107fcb313f14433f2ba7db4b84a09437fc36ec07a96c70e86ae27778adaf53da285284e7fa29dc2827a96d09350be959826a0e151d80dcde"}, 0xfffffd5f) 2018/04/09 21:15:29 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000000000683540150224001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 534.135239] FAULT_INJECTION: forcing a failure. [ 534.135239] name failslab, interval 1, probability 0, space 0, times 0 [ 534.146539] CPU: 1 PID: 2520 Comm: syz-executor0 Not tainted 4.16.0+ #16 [ 534.153390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 534.162750] Call Trace: [ 534.165353] dump_stack+0x1b9/0x294 [ 534.168997] ? dump_stack_print_info.cold.2+0x52/0x52 [ 534.174203] should_fail.cold.4+0xa/0x1a [ 534.178260] ? kernel_text_address+0x79/0xf0 [ 534.182683] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 534.187780] ? __save_stack_trace+0x7e/0xd0 [ 534.192095] ? graph_lock+0x170/0x170 [ 534.195890] ? find_held_lock+0x36/0x1c0 [ 534.199943] ? __lock_is_held+0xb5/0x140 [ 534.204002] ? check_same_owner+0x320/0x320 [ 534.208319] ? do_raw_spin_lock+0xc1/0x200 [ 534.212548] ? rcu_note_context_switch+0x710/0x710 [ 534.217468] ? trace_hardirqs_off+0xd/0x10 [ 534.221696] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 534.226813] __should_failslab+0x124/0x180 [ 534.231040] should_failslab+0x9/0x14 [ 534.234827] __kmalloc+0x2c8/0x760 [ 534.238351] ? mark_held_locks+0xc9/0x160 [ 534.242513] ? quarantine_put+0xeb/0x190 [ 534.246568] ? constrain_params_by_rules+0x141/0x1360 [ 534.251752] constrain_params_by_rules+0x141/0x1360 [ 534.256771] ? trace_hardirqs_on+0xd/0x10 [ 534.260920] ? snd_pcm_mmap_control_fault+0x3e0/0x3e0 [ 534.266103] ? snd_pcm_mmap_control_fault+0x3e0/0x3e0 [ 534.271289] ? debug_check_no_locks_freed+0x310/0x310 [ 534.276468] ? constrain_params_by_rules+0xa3d/0x1360 [ 534.281656] ? snd_pcm_mmap_control_fault+0x3e0/0x3e0 [ 534.288093] ? lock_downgrade+0x8e0/0x8e0 [ 534.292230] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 534.297752] ? snd_interval_refine+0x428/0x700 [ 534.302325] snd_pcm_hw_refine+0x8e9/0x1180 [ 534.306631] ? snd_interval_refine+0x428/0x700 [ 534.311202] ? constrain_params_by_rules+0x1360/0x1360 [ 534.316468] ? constrain_params_by_rules+0x1360/0x1360 [ 534.321730] ? find_held_lock+0x36/0x1c0 [ 534.325777] ? print_usage_bug+0xc0/0xc0 [ 534.329828] ? graph_lock+0x170/0x170 [ 534.333613] ? lock_downgrade+0x8e0/0x8e0 [ 534.337758] ? lock_release+0xa10/0xa10 [ 534.341720] ? kasan_check_read+0x11/0x20 [ 534.345856] ? __lock_is_held+0xb5/0x140 [ 534.349904] snd_pcm_hw_param_first+0x30e/0x680 [ 534.354566] snd_pcm_hw_params+0x340/0x1e20 [ 534.358878] ? snd_pcm_hw_refine+0x1180/0x1180 [ 534.363455] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 534.368455] ? snd_pcm_hw_param_value+0x112/0x550 [ 534.373290] ? snd_pcm_hw_param_last+0x300/0x660 [ 534.378039] ? snd_pcm_hw_param_near.constprop.35+0x6e9/0xb10 [ 534.383910] ? _snd_pcm_hw_param_min+0x570/0x570 [ 534.388653] ? snd_pcm_hw_param_max+0x730/0x730 [ 534.393305] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 534.398479] snd_pcm_kernel_ioctl+0x6c/0x240 [ 534.402871] snd_pcm_oss_change_params_locked+0x1be8/0x3ce0 [ 534.408576] ? snd_pcm_hw_param_near.constprop.35+0xb10/0xb10 [ 534.414443] ? find_held_lock+0x36/0x1c0 [ 534.418488] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 534.424011] ? _parse_integer+0x13b/0x190 [ 534.428148] ? find_held_lock+0x36/0x1c0 [ 534.432197] ? lock_downgrade+0x8e0/0x8e0 [ 534.436331] ? kasan_check_read+0x11/0x20 [ 534.440463] ? rcu_is_watching+0x85/0x140 [ 534.444601] snd_pcm_oss_make_ready_locked+0xbc/0x130 [ 534.449775] snd_pcm_oss_write+0x516/0xa20 [ 534.453993] ? expand_files.part.8+0x9a0/0x9a0 [ 534.458564] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 534.463395] __vfs_write+0x10b/0x880 [ 534.467091] ? __fget_light+0x2ef/0x430 [ 534.471062] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 534.475897] ? kernel_read+0x120/0x120 [ 534.479769] ? wait_for_completion+0x870/0x870 [ 534.484335] ? __lock_is_held+0xb5/0x140 [ 534.488381] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 534.493905] ? security_file_permission+0x1c6/0x240 [ 534.498906] ? rw_verify_area+0x118/0x360 [ 534.503041] vfs_write+0x1f8/0x560 [ 534.506565] ksys_write+0xf9/0x250 [ 534.510093] ? SyS_read+0x30/0x30 [ 534.513533] ? mm_fault_error+0x380/0x380 [ 534.517663] ? ksys_ioctl+0x81/0xd0 [ 534.521277] SyS_write+0x24/0x30 [ 534.524627] ? ksys_write+0x250/0x250 [ 534.528409] do_syscall_64+0x29e/0x9d0 [ 534.532280] ? vmalloc_sync_all+0x30/0x30 [ 534.536413] ? kasan_check_write+0x14/0x20 [ 534.540630] ? syscall_return_slowpath+0x5c0/0x5c0 [ 534.545543] ? syscall_return_slowpath+0x30f/0x5c0 [ 534.550460] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 534.555811] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 534.560654] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 534.565977] RIP: 0033:0x455259 [ 534.569161] RSP: 002b:00007f080f9e5c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 534.576855] RAX: ffffffffffffffda RBX: 00007f080f9e66d4 RCX: 0000000000455259 [ 534.584132] RDX: 00000000fffffd5f RSI: 0000000020000000 RDI: 0000000000000013 [ 534.591387] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 534.598833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 534.606088] R13: 00000000000006c8 R14: 00000000006fd360 R15: 0000000000000012 [ 534.613750] WARNING: CPU: 1 PID: 2520 at sound/core/pcm_native.c:620 snd_pcm_hw_params+0x65a/0x1e20 [ 534.622938] Kernel panic - not syncing: panic_on_warn set ... [ 534.622938] [ 534.630316] CPU: 1 PID: 2520 Comm: syz-executor0 Not tainted 4.16.0+ #16 [ 534.637155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 534.646505] Call Trace: [ 534.649105] dump_stack+0x1b9/0x294 [ 534.652736] ? dump_stack_print_info.cold.2+0x52/0x52 [ 534.657938] ? snd_pcm_hw_params+0x5f0/0x1e20 [ 534.662434] panic+0x22f/0x4de [ 534.665628] ? add_taint.cold.5+0x16/0x16 [ 534.669783] ? __warn.cold.8+0x148/0x1a3 [ 534.673863] ? snd_pcm_hw_params+0x65a/0x1e20 [ 534.678363] __warn.cold.8+0x163/0x1a3 [ 534.682261] ? snd_pcm_hw_params+0x65a/0x1e20 2018/04/09 21:15:30 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x0, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000]}, 0x10) 2018/04/09 21:15:30 executing program 5: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008040010000000000683540150024001f0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 534.686764] report_bug+0x252/0x2d0 [ 534.690404] do_error_trap+0x1de/0x490 [ 534.694299] ? math_error+0x420/0x420 [ 534.698110] ? print_usage_bug+0xc0/0xc0 [ 534.702181] ? graph_lock+0x170/0x170 [ 534.705985] ? lock_downgrade+0x8e0/0x8e0 [ 534.710144] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 534.714997] do_invalid_op+0x1b/0x20 [ 534.718715] invalid_op+0x1b/0x40 [ 534.722172] RIP: 0010:snd_pcm_hw_params+0x65a/0x1e20 [ 534.727268] RSP: 0018:ffff8801917bf498 EFLAGS: 00010246 [ 534.732634] RAX: 0000000000040000 RBX: 00000000fffffff4 RCX: ffffc90001eb8000 [ 534.739908] RDX: 0000000000040000 RSI: ffffffff85a20a6a RDI: 0000000000000005 [ 534.747181] RBP: ffff8801917bf6e8 R08: ffff8801ab456180 R09: ffffed003b6246c2 [ 534.754456] R10: ffffed003b6246c2 R11: ffff8801db123613 R12: ffffffff8826949c [ 534.761731] R13: ffff8801ceb59680 R14: ffff8801bc225b00 R15: dffffc0000000000 [ 534.769026] ? snd_pcm_hw_params+0x65a/0x1e20 [ 534.773534] ? snd_pcm_hw_params+0x65a/0x1e20 [ 534.778040] ? snd_pcm_hw_refine+0x1180/0x1180 [ 534.782634] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 534.787656] ? snd_pcm_hw_param_value+0x112/0x550 [ 534.792507] ? snd_pcm_hw_param_last+0x300/0x660 [ 534.797270] ? snd_pcm_hw_param_near.constprop.35+0x6e9/0xb10 [ 534.803164] ? _snd_pcm_hw_param_min+0x570/0x570 [ 534.807926] ? snd_pcm_hw_param_max+0x730/0x730 [ 534.812601] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 534.817795] snd_pcm_kernel_ioctl+0x6c/0x240 [ 534.822207] snd_pcm_oss_change_params_locked+0x1be8/0x3ce0 [ 534.827937] ? snd_pcm_hw_param_near.constprop.35+0xb10/0xb10 [ 534.833833] ? find_held_lock+0x36/0x1c0 2018/04/09 21:15:30 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffff9c) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f00000002c0)={'filter\x00', 0x7, 0x4, 0x478, 0x120, 0x0, 0x260, 0x390, 0x390, 0x390, 0x4, &(0x7f0000000040), {[{{@uncond, 0xf0, 0x120}, @unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0xffff, 0x1, 0x86, 0x2}}}, {{@arp={@broadcast=0xffffffff, @local={0xac, 0x14, 0x14, 0xaa}, 0x0, 0xffffffff, @mac=@link_local={0x1, 0x80, 0xc2}, {[0xff, 0x0, 0xff, 0xff, 0xff, 0xff]}, @empty, {[0xff, 0x0, 0x0, 0x0, 0x0, 0xff]}, 0x5, 0x7fffffff, 0xffff, 0x5, 0x4, 0x8, 'nr0\x00', 'lo\x00', {0xff}, {}, 0x0, 0x4a}, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@random="ce9bb06b531d", @mac=@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @empty, @local={0xac, 0x14, 0x14, 0xaa}, 0x9, 0x1}}}, {{@arp={@local={0xac, 0x14, 0x14, 0xaa}, @dev={0xac, 0x14, 0x14, 0x16}, 0xffffffff, 0xffffffff, @mac=@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x11}, {[0xff, 0x0, 0xff, 0xff, 0xff]}, @mac=@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, {[0xff, 0xff, 0x0, 0xff, 0xff]}, 0x6, 0x1b4e, 0x6a3, 0xfffffffffffffffa, 0x4, 0x0, 'bond0\x00', 'vcan0\x00', {0xff}, {}, 0x0, 0x10}, 0xf0, 0x130}, @unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "86bdb02e0c82ae95d93c6ccf35694a0baf8501ba2d4f839e1514d5790449"}}], {{[], 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x4c8) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendmsg$key(r1, &(0x7f0000000280)={0x20480, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0xffffffffffffffff, 0x0, 0x0, 0x7, 0x0, 0x70bd28, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@broadcast=0xffffffff, @in=@local={0xac, 0x14, 0x14, 0xaa}}]}, 0x38}, 0x1}, 0x0) 2018/04/09 21:15:30 executing program 3: r0 = socket$inet(0x10, 0x80004, 0x5) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a600804e220000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 534.837903] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 534.843447] ? _parse_integer+0x13b/0x190 [ 534.847600] ? find_held_lock+0x36/0x1c0 [ 534.851673] ? lock_downgrade+0x8e0/0x8e0 [ 534.855839] ? kasan_check_read+0x11/0x20 [ 534.859991] ? rcu_is_watching+0x85/0x140 [ 534.864158] snd_pcm_oss_make_ready_locked+0xbc/0x130 [ 534.869359] snd_pcm_oss_write+0x516/0xa20 [ 534.873602] ? expand_files.part.8+0x9a0/0x9a0 [ 534.878198] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 534.883057] __vfs_write+0x10b/0x880 [ 534.886778] ? __fget_light+0x2ef/0x430 [ 534.890760] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 534.895614] ? kernel_read+0x120/0x120 [ 534.899510] ? wait_for_completion+0x870/0x870 [ 534.904160] ? __lock_is_held+0xb5/0x140 [ 534.908237] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 534.913781] ? security_file_permission+0x1c6/0x240 [ 534.918807] ? rw_verify_area+0x118/0x360 [ 534.922961] vfs_write+0x1f8/0x560 [ 534.926515] ksys_write+0xf9/0x250 [ 534.930059] ? SyS_read+0x30/0x30 [ 534.933520] ? mm_fault_error+0x380/0x380 [ 534.937681] ? ksys_ioctl+0x81/0xd0 [ 534.941315] SyS_write+0x24/0x30 [ 534.944685] ? ksys_write+0x250/0x250 [ 534.948493] do_syscall_64+0x29e/0x9d0 [ 534.952382] ? vmalloc_sync_all+0x30/0x30 [ 534.956536] ? kasan_check_write+0x14/0x20 [ 534.960798] ? syscall_return_slowpath+0x5c0/0x5c0 [ 534.965746] ? syscall_return_slowpath+0x30f/0x5c0 [ 534.970678] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 534.976058] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 534.980917] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 534.986097] RIP: 0033:0x455259 [ 534.989274] RSP: 002b:00007f080f9e5c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 534.996972] RAX: ffffffffffffffda RBX: 00007f080f9e66d4 RCX: 0000000000455259 [ 535.004229] RDX: 00000000fffffd5f RSI: 0000000020000000 RDI: 0000000000000013 [ 535.011487] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 535.018756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 535.026015] R13: 00000000000006c8 R14: 00000000006fd360 R15: 0000000000000012 [ 535.034151] Dumping ftrace buffer: [ 535.037944] (ftrace buffer empty) [ 535.041656] Kernel Offset: disabled [ 535.045275] Rebooting in 86400 seconds..