[....] Starting enhanced syslogd: rsyslogd[ 11.417055] audit: type=1400 audit(1513890255.184:5): avc: denied { syslog } for pid=2988 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 16.640151] audit: type=1400 audit(1513890260.407:6): avc: denied { map } for pid=3128 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-mmots-kasan-gce-2,10.128.15.208' (ECDSA) to the list of known hosts. 2017/12/21 21:04:26 fuzzer started [ 22.773078] audit: type=1400 audit(1513890266.540:7): avc: denied { map } for pid=3139 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2017/12/21 21:04:26 dialing manager at 10.128.0.26:40749 2017/12/21 21:04:29 kcov=true, comps=true [ 26.152148] audit: type=1400 audit(1513890269.919:8): avc: denied { map } for pid=3139 comm="syz-fuzzer" path="/sys/kernel/debug/kcov" dev="debugfs" ino=8900 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2017/12/21 21:04:31 executing program 7: ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000b46000-0x8c)={0x0, 0x0, 0x0, 'queue0\x00', 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r0 = getpgrp(0xffffffffffffffff) syz_open_procfs(r0, &(0x7f0000003000-0x7)='fdinfo\x00') 2017/12/21 21:04:31 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00009f3000)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw-serpent-sse2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000259000-0x14)="72733976d8030a4ae9fffffff8000000", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000233000)=[{0x0, 0x0, &(0x7f00001e4000)=[{&(0x7f0000786000-0x75)="0b7cc1d500c45a170c17c7373db9e7e0", 0x10}], 0x1, &(0x7f00006a4000)=[], 0x0, 0x0}], 0x1, 0x24008800) sendmmsg$alg(r1, &(0x7f0000be4000)=[{0x0, 0x0, &(0x7f0000599000-0x30)=[], 0x0, &(0x7f0000b26000)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x0}], 0x1, 0x0) recvmsg(r1, &(0x7f000053a000-0x38)={&(0x7f0000276000)=@sco={0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x8, &(0x7f0000952000-0x10)=[{&(0x7f0000a20000)=""/163, 0xa3}], 0x1, &(0x7f00007f2000)=""/0, 0x0, 0x0}, 0x0) 2017/12/21 21:04:31 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r0, 0x0, 0x0, &(0x7f00008be000)={0x0, {{0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, {{0x2, 0x0, @loopback=0x7f000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x118) 2017/12/21 21:04:31 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000833000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4543(gcm(aes))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f000045f000-0x14)="79733976d800000004d960f2bd08cfe62785ce10", 0x14) r1 = accept$alg(r0, 0x0, 0x0) sendto(r1, &(0x7f00009a4000)="0b993ec938945a6510ba30278ddc957fdb", 0x11, 0x0, &(0x7f0000715000)=@in={0x2, 0x0, @multicast1=0xe0000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) readv(r1, &(0x7f0000094000)=[{&(0x7f00002bd000-0x34)=""/52, 0x34}], 0x1) 2017/12/21 21:04:31 executing program 1: mmap(&(0x7f0000000000/0xf6e000)=nil, 0xf6e000, 0x3, 0x32, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000591000)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r0, &(0x7f00005ed000)=[{&(0x7f00005ee000-0x1a0)="d2", 0x1}], 0x1) 2017/12/21 21:04:31 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000833000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4543(gcm(aes))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f000045f000-0x14)="", 0x0) 2017/12/21 21:04:31 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) syz_open_dev$sndseq(&(0x7f0000239000-0xd)='/dev/snd/seq\x00', 0x0, 0x0) 2017/12/21 21:04:31 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000a97000-0x58)={0x26, 'aead\x00', 0x0, 0x0, 'seqiv(echainiv(rfc4106(gcm(aes))))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000259000-0x14)="72733976d8030a4ae9fffffff80000000184ce10", 0x14) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000be4000)=[{0x0, 0x0, &(0x7f000027c000)=[{&(0x7f0000e07000-0xa8)="5b01721d1afc36f9d50ab675bb5bb473abc1acd9a53174f1d18e198ba345bbe7", 0x20}], 0x1, &(0x7f0000b26000)=[], 0x0, 0x0}], 0x1, 0x0) recvmsg(r1, &(0x7f000053a000-0x38)={&(0x7f0000276000)=@sco={0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x8, &(0x7f0000952000-0x10)=[{&(0x7f0000a20000)=""/163, 0xa3}], 0x1, &(0x7f00007f2000)=""/0, 0x0, 0x0}, 0x0) [ 27.584541] audit: type=1400 audit(1513890271.352:9): avc: denied { map } for pid=3139 comm="syz-fuzzer" path="/root/syzkaller-shm103014220" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 28.555585] audit: type=1400 audit(1513890272.323:10): avc: denied { sys_admin } for pid=3184 comm="syz-executor0" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2017/12/21 21:04:32 executing program 0: 2017/12/21 21:04:32 executing program 0: [ 28.667585] audit: type=1400 audit(1513890272.435:11): avc: denied { sys_chroot } for pid=3354 comm="syz-executor0" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2017/12/21 21:04:32 executing program 0: 2017/12/21 21:04:32 executing program 0: 2017/12/21 21:04:32 executing program 0: ptrace$setregset(0x4205, 0x0, 0x0, &(0x7f00001e8000-0x8)={&(0x7f0000f59000-0xe6)="", 0x0}) 2017/12/21 21:04:32 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x1, 0x0) perf_event_open(&(0x7f0000508000-0x78)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x668, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x20000000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000000)={0x0, {{0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, {{0x2, 0x0, @loopback=0x7f000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x118) 2017/12/21 21:04:32 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet(0x2, 0x0, 0x0, &(0x7f000075c000)={0x0, 0x0}) 2017/12/21 21:04:32 executing program 2: mmap(&(0x7f0000000000/0xf6d000)=nil, 0xf6d000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000330000)='./file0\x00', 0x0) [ 28.844339] audit: type=1400 audit(1513890272.612:12): avc: denied { dac_read_search } for pid=3367 comm="syz-executor2" capability=2 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2017/12/21 21:04:32 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = fcntl$getown(0xffffffffffffff9c, 0x9) migrate_pages(r0, 0x6, &(0x7f000068e000)=0x9, &(0x7f0000ad9000)=0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0x1e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x668, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x20000000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = inotify_init1(0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00007dd000)={0x0, 0x0, 0x0}, &(0x7f0000360000)=0xc) fcntl$setown(r1, 0x8, r2) fcntl$getownex(r1, 0x10, &(0x7f000066c000)={0x0, 0x0}) r4 = syz_open_pts(0xffffffffffffffff, 0x80) ioctl$TIOCCBRK(r4, 0x5428) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x4207, r3) ptrace$getregs(0xe, r3, 0x0, &(0x7f0000000000)=""/0) r5 = openat$selinux_member(0xffffffffffffff9c, &(0x7f0000bab000)='/selinux/member\x00', 0x2, 0x0) ioctl$KVM_SIGNAL_MSI(r5, 0x4020aea5, &(0x7f0000c0a000-0x20)={0xf000, 0x7002, 0x4cc, 0x6, 0x1eee, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) setsockopt$netlink_NETLINK_PKTINFO(r5, 0x10e, 0x3, &(0x7f0000ca6000)=0x0, 0x4) 2017/12/21 21:04:32 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000bbd000-0x10)={0x0, 0x0}) setitimer(0x1, &(0x7f00000e9000)={{0x0, 0x0}, {r0, 0x0}}, &(0x7f0000281000)={{0x0, 0x0}, {0x0, 0x0}}) clock_gettime(0x0, &(0x7f0000a4a000-0x10)={0x0, 0x0}) setitimer(0x1, &(0x7f0000b4c000)={{0x77359400, 0x0}, {r1, 0x0}}, &(0x7f0000d09000-0x20)={{0x0, 0x0}, {0x0, 0x0}}) r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000faa000-0x10)='/selinux/policy\x00', 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r2, 0xae03, 0x7) 2017/12/21 21:04:32 executing program 1: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) capget(&(0x7f0000001000-0x8)={0x200f1526, 0x0}, &(0x7f0000a0a000)={0x3, 0x29f1, 0x5, 0x20, 0x100, 0x80bd}) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000002000-0xc)='/dev/rfkill\x00', 0x10c00, 0x0) r1 = semget(0x2, 0x1, 0x180) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) semctl$SEM_STAT(r1, 0x4, 0x12, &(0x7f0000002000)=""/67) ioctl$KIOCSOUND(r0, 0x4b2f, 0x8) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000d9d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_create(0x3, &(0x7f0000044000)={0x0, 0x12, 0x0, @tid=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000584000-0x4)=0x0) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000e89000)=0x0) timer_settime(r2, 0x1, &(0x7f00003d5000-0x20)={{0x0, 0x0}, {0x0, 0x989680}}, &(0x7f00003ce000)={{0x0, 0x0}, {0x0, 0x0}}) getpgid(r3) 2017/12/21 21:04:32 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = creat(&(0x7f000023c000)='./file0\x00', 0x40) bpf$PROG_LOAD(0x5, &(0x7f0000b50000-0x30)={0x1, 0x2, &(0x7f0000732000-0x10)=[@generic={0x5, 0x1, 0x81, 0x0}, @map={0x7, 0x1f, 0x100, r0}], &(0x7f000015a000)="008b", 0x9, 0x80, &(0x7f0000b4f000)=""/128, 0x4, 0x1}, 0x30) 2017/12/21 21:04:32 executing program 3: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) mlock2(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x1) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000f39000)="", &(0x7f0000eaa000-0x4)=0x0, &(0x7f0000bf3000-0x4)=0x0, &(0x7f00003b9000-0xcd)="") ioctl$UFFDIO_ZEROPAGE(r0, 0x8010aa02, &(0x7f0000bb7000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2017/12/21 21:04:32 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00003f7000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000867000-0x8)=0x80000001) sendmmsg$unix(r1, &(0x7f00000bd000)=[], 0x80, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000ebe000-0xc)={0xa48f3798a56e60b, 0x0}) close(r0) 2017/12/21 21:04:32 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000260000-0x10)='/dev/sequencer2\x00', 0x402, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f000036a000)=0x4d) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000039000)={0x0, 0x8}, &(0x7f0000156000-0x4)=0x8) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000291000-0xa6)={r1, 0x9e, "24833877e0e6d799c70a3d29db032b283d1a8a4c8ebeec524f24817a9803372eaea3b8f017a4dec5877f5a2d8742e74243c3248e69e6bdd389e9c94cd4034e01c6f0d5f4b00a4a293d21d6bb4a0650db592a5e2247594ef5012b8e7efeefd1d9eec4568ce609c49928e659655cf06dbdf680fd624f73d31479ae60028f850ddb6ebb342190795b1998767839816b5839e024d4deb6c3cc7ae5e70be0ad66"}, &(0x7f00006b6000-0x4)=0xa6) pwrite64(r0, &(0x7f0000eb6000)="94000bfff3d40060", 0x8, 0x0) 2017/12/21 21:04:32 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000058000-0x12)='/dev/input/event#\x00', 0xafd, 0x8000040000001) ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f00002a2000)={0x2, 0x78, &(0x7f00006be000-0x78)="454eee1e5f269a2b1c6911e9a812d1c601977c2ec12181485a3d47284f4bca6ed22a7058a8b5eaae20fe36bec2c13281d458db77afe8b1c6ea643e1de907f4b06189ceef4c82d678c0d0055d46910f60560c5621c14100b94a63d7d9ccc0a65dc7798a9eba792400137112963a6b034a9f029e7aaca62fc8"}) r1 = syz_open_dev$mice(&(0x7f0000da8000)='/dev/input/mice\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffff9c, 0x84, 0x70, &(0x7f0000ef2000-0x108)={0x0, @in6={{0xa, 0x1, 0x8001, @loopback={0x0, 0x1}, 0x7}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x1, 0x101, 0x8, 0x7, 0x101, 0x3, 0x400, 0xe9, 0x0, 0x80000000, 0x100000001, 0x5, 0x3fe0000000000000, 0x0, 0x0]}, &(0x7f000088b000-0x4)=0x108) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f00005dc000-0x14)={r2, 0x71c, 0xbf0, 0x3, 0x9, 0x7}, 0x14) r3 = accept$unix(0xffffffffffffffff, &(0x7f00006be000-0x8)=@abs={0x0, 0x0, 0x0}, &(0x7f00007fe000)=0x8) ioctl$TIOCGSID(r1, 0x540f, &(0x7f0000c96000)=0x0) ptrace$getregset(0x4204, r4, 0x207, &(0x7f00006a1000-0x10)={&(0x7f00008b1000)=""/244, 0xf4}) r5 = getpgrp(0x0) getsockopt$SO_PEERCRED(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000751000)={0x0, 0x0, 0x0}, 0xc) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f00003f4000-0x4)=0x8, 0x4) getresgid(&(0x7f0000c31000-0x4)=0x0, &(0x7f000028d000)=0x0, &(0x7f0000c3b000-0x4)=0x0) sendmsg$unix(r3, &(0x7f00007c0000-0x38)={&(0x7f0000cf5000)=@abs={0x1, 0x0, 0x0}, 0x8, &(0x7f00004db000-0x20)=[{&(0x7f000053d000)="3bcad1ee5f3db9ae3db6fa7b9effe02578672502917853130db5408de38367c92107ec208a712eb1c738e50c7992051e6d3163d8abbd4f059c02e6f31b9519df6b325ee778e49160619a5f4574f09170a6cda98f72a4cd6cbfde76fd4c93335c73ef22de7f87ac332a8c210d2559dff94fc6271d377abfc28405c34d7fd1040a84b605dcd43052f322551cab995cc8c54974f99931fd9fbed5ca79e8d2fb33c4315eea4230d1d5af192c4d73148ad1730163368112f0c38150ade547f127974c38804edd07782d44f07a8646", 0xcc}, {&(0x7f00008c9000-0x77)="f991c6a1c01ab896a257cec6bda6c0ff541163051f015d11904c126f048a5e49a1e93f80552c757e3234511a1f6a8cdc57465db8d08a78f7c22c4c2f3e6a19db6069f7624412ff05aa299b484fff778f03351890aa838f75c5b95b85978b2274e38b5ad7d2e4f745555c5e996aa24071318c439e69dd86", 0x77}], 0x2, &(0x7f0000e8c000-0x40)=[@cred={0x20, 0x1, 0x2, r5, r6, r7}, @rights={0x20, 0x1, 0x1, [r0, r0, r0]}], 0x40, 0x40000}, 0x0) write$evdev(r0, &(0x7f00008c2000-0x30)=[{{0x0, 0x0}, 0x2, 0x0, 0x40c}, {{0x0, 0x0}, 0x0, 0x0, 0x0}], 0x30) 2017/12/21 21:04:32 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x2, 0x0) accept$inet(r0, &(0x7f000085d000-0x10)={0x0, 0x0, @rand_addr=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000f7b000)=0x10) ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2, 0x0, []}) ioctl(r0, 0x8936, &(0x7f0000000000)="") 2017/12/21 21:04:32 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000040fe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000f0e000)=0x0) ptrace$getenv(0x4201, r0, 0x4, &(0x7f000063b000)=0x0) ioctl$TIOCGWINSZ(0xffffffffffffffff, 0x5413, &(0x7f0000246000)={0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$sg(&(0x7f0000f0a000-0x9)='/dev/sg#\x00', 0x0, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f000047a000-0xc)={0x0, 0x0, 0x0}, &(0x7f0000b70000)=0xc) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000040fe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sync() r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000d8c000)='/dev/sequencer2\x00', 0x4001, 0x0) add_key$user(&(0x7f0000037000)='user\x00', &(0x7f0000bb3000-0x5)={0x73, 0x79, 0x7a, 0x0, 0x0}, &(0x7f000001b000-0x1)="f9", 0x1, 0xfffffffffffffffe) select(0x40, &(0x7f00005cf000)={0x7234, 0x0, 0x0, 0x6e20, 0x2, 0x7, 0x0, 0x1}, &(0x7f0000581000)={0x6, 0x9, 0xffff, 0x1, 0x1, 0x2, 0x8000, 0x9}, &(0x7f000090f000)={0x7, 0x7, 0x1, 0x0, 0x2, 0x9, 0xa76, 0x4}, &(0x7f000008f000)={0x0, 0x0}) nanosleep(&(0x7f0000470000)={r3, 0x0}, &(0x7f0000000000)={0x0, 0x0}) socket$inet(0x2, 0x5, 0x4000068) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00002e3000-0x78)={0x5, 0x0, [{0x9ea, 0x0, 0x9}, {0x17a, 0x0, 0x61430453}, {0xb13, 0x0, 0x9}, {0xebb, 0x0, 0x400000100000000}, {0x222, 0x0, 0x100000000}]}) r4 = syz_open_dev$tun(&(0x7f000000f000-0xd)='/dev/net/tun\x00', 0x0, 0x400100) setsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00007e4000-0xb)={0x80, 0x0, 0x729, 0x0, 0x7fffffff, 0x0, 0x400000, 0xc28a, 0x4, 0x40000000000000, 0x0}, 0xb) getpid() ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000a5b000-0x28)={@common='gre0\x00', @ifru_names=@generic="4f54000cc0a1ed4f3a0a1fdc222073b5"}) syz_open_dev$evdev(&(0x7f0000ee0000)='/dev/input/event#\x00', 0x0, 0x4000) syz_open_dev$tun(&(0x7f0000fa9000)='/dev/net/tun\x00', 0x0, 0x501000) perf_event_open(&(0x7f000002f000-0x78)={0x0, 0x78, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5825, 0x0, 0x0}, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x0) socket(0x11, 0x80002, 0x300) connect$ax25(r2, &(0x7f0000eb0000)={0x3, {"e80107fffc1508"}, 0x18000}, 0x10) bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000288000-0xe)={0x1f, 0x0, {0x1, 0x0, 0x3ff, 0x3, 0x0, 0xffffffffffffffff}, 0x1, 0x5}, 0xe) ioctl$EVIOCSKEYCODE(0xffffffffffffffff, 0x40084504, &(0x7f000015d000)=[0x800000000000000, 0x10003]) preadv(0xffffffffffffffff, &(0x7f0000005000)=[{&(0x7f0000e6e000)=""/1, 0x1}], 0x1, 0x10000000000000) [ 28.984801] audit: type=1400 audit(1513890272.752:13): avc: denied { prog_load } for pid=3447 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 29.056105] audit: type=1400 audit(1513890272.794:14): avc: denied { dac_override } for pid=3447 comm="syz-executor0" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 29.081180] audit: type=1400 audit(1513890272.814:15): avc: denied { net_admin } for pid=3473 comm="syz-executor3" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 29.152802] audit: type=1400 audit(1513890272.920:16): avc: denied { net_raw } for pid=3476 comm="syz-executor2" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2017/12/21 21:04:33 executing program 7: r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000b27000-0x1e)='/selinux/commit_pending_bools\x00', 0x1, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffff9c, 0x8933, &(0x7f0000000000)={@generic="c1db61313c14b5f56523c061cf7e6b0f", 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000000)={@empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, r1}, 0x14) r2 = openat(0xffffffffffffffff, &(0x7f0000181000-0x8)='./file0\x00', 0x80101, 0x20) ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000be8000)=0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$bt_l2cap_L2CAP_CONNINFO(r2, 0x6, 0x2, &(0x7f0000d7f000-0x5)={0x0, 0x0, 0x0, 0x0}, &(0x7f0000490000)=0x5) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00009a7000)="", 0x0) r4 = add_key$user(&(0x7f00006f3000-0x5)='user\x00', &(0x7f0000fea000)={0x73, 0x79, 0x7a, 0x0, 0x0}, &(0x7f00000d2000-0xd0)="79bd81788c2b6a62ffc668d68a637dd81eb146cbc942aedfcea9918526c7bbaa5334fd3b5a713115b9f6132ca0f09e880fa0f14f2583a717ab9779612381451e242e0dce4dde2b8586e8d7eff74f4d2eb06aa162b3d169a809a7716bc855b6b4fce259c952721bebc366d7fb6055b93bb027560f323e14642a9eb1e72b6ce354821bfd548d6c1e816e1218996ca75482b57cd3da45f9f3b23f0b05427713acfc173dc7d41820e44f658bdf29026bef27d5bc2147d583a0a6987860f1a448002a0c822cf786a8d533d9e2028d2ec5fe49", 0xd0, 0xfffffffffffffffb) r5 = request_key(&(0x7f0000225000)='id_legacy\x00', &(0x7f000040f000-0x5)={0x73, 0x79, 0x7a, 0x1, 0x0}, &(0x7f00005c2000-0x40)='drbg_nopr_ctr_aes128\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0xfffffffffffffffb) r6 = creat(&(0x7f0000dd3000)='./file0\x00', 0x1) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r6, 0x84, 0x79, &(0x7f0000d14000)=0xadbb, 0x4) keyctl$search(0xa, r4, &(0x7f0000782000-0x8)='big_key\x00', &(0x7f00001aa000-0x5)={0x73, 0x79, 0x7a, 0x2, 0x0}, r5) r7 = getpid() ioctl$TIOCGSID(r6, 0x540f, &(0x7f000049e000-0x4)=0x0) r9 = getpgid(r8) rt_tgsigqueueinfo(r7, r9, 0x1e, &(0x7f0000eff000)={0x2a, 0x4, 0x54, 0x3}) bind$alg(r3, &(0x7f00006a3000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) 2017/12/21 21:04:33 executing program 6: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mount(&(0x7f000000a000)='./file0\x00', &(0x7f0000015000-0x8)='./file0\x00', &(0x7f0000001000-0x6)='ramfs\x00', 0x0, &(0x7f000000a000)="") mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f0000002000-0xe)='/selinux/user\x00', 0x2, 0x0) prctl$intptr(0x1, 0x0) 2017/12/21 21:04:33 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00005f1000-0xf)='stat\x00') setsockopt$inet_dccp_int(r0, 0x21, 0x0, &(0x7f00001cc000)=0x2, 0x4) rt_sigprocmask(0x0, &(0x7f0000033000-0x8)={0xfffffffffffffffe}, 0x0, 0x8) setrlimit(0x1, &(0x7f0000011000)={0x3, 0x0}) ftruncate(r0, 0x3d) 2017/12/21 21:04:33 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x100000802, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00006a1000-0x4)={0x0, 0x0, 0x2003}, 0x4) socket(0x11, 0x802, 0x0) 2017/12/21 21:04:33 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) msync(&(0x7f0000e92000/0x3000)=nil, 0x3000, 0x2) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0x400000000e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000f87000)='./control\x00', 0x0) perf_event_open(&(0x7f000000a000)={0x5, 0x78, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x668, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x3, 0x20001008, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000000a000)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x668, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x20001000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x4) r0 = open(&(0x7f000000f000-0xa)='./control\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000001000)=""/27, 0x1b) 2017/12/21 21:04:33 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsn(&(0x7f00001ac000)='/dev/vcs#\x00', 0x40, 0x349000) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f0000b38000)={0x0, 0x40, 0x4, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r1 = getpid() r2 = perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000040fe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, r1, 0x0, 0xffffffffffffffff, 0x0) exit(0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1000000000000002, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f0000350000-0x4)={0x0}, 0x4) ioctl$TIOCLINUX5(0xffffffffffffffff, 0x541c, &(0x7f0000441000-0x28)={0x5, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000bae000)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f000025c000)={0x0, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000e5e000-0x17)='/selinux/validatetrans\x00', 0x1, 0x0) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffff9c, 0x84, 0x71, &(0x7f0000557000-0x8)={0x0, 0xf898}, &(0x7f00005c0000-0x4)=0x8) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r4, 0x84, 0x71, &(0x7f0000495000)={r5, 0x4}, 0x8) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000fd4000-0xa2)="", 0x0) syz_open_dev$sndseq(&(0x7f000032e000-0xd)='/dev/snd/seq\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) dup3(r3, r2, 0x0) ftruncate(0xffffffffffffffff, 0x0) 2017/12/21 21:04:33 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) r1 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00008a2000)='/selinux/load\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffff9c, 0x84, 0x1, &(0x7f0000340000)={0x0, 0x3, 0x3, 0x20, 0x5, 0x6}, &(0x7f0000c14000-0x4)=0x14) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000aed000-0x99)={r2, 0x91, "6005b8456c257a0dd8f02b42871122feb345eee44b837797ed19c63f80f1341b287dfe33066980452b27074c4c3d509b6f7a4a4fd87629d16958838121177bf94211f90c47e77e232985aa96b4f45bbbefc059ff0707a06fb8a55a8326a588460059e2cd70fe9416bdf2e65eacb276eba33a585199c8689d316940a4fa204039c95f5843a6b8ac062c9b28db1d6cfda1b2"}, &(0x7f0000df0000)=0x99) bind$alg(r0, &(0x7f000000a000-0x3d)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000dd000)="01f0ffff", 0x4) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f000005c000)='/dev/vga_arbiter\x00', 0x4401, 0x0) accept$alg(r0, 0x0, 0x0) ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000b76000-0xf8)={0x6, 0x0, [{0xb, 0xffffffffffffffff, 0x6, 0xff, 0x9, 0x3, 0x4, [0x0, 0x0, 0x0]}, {0xa, 0xc21, 0x1, 0x6, 0x36, 0x1000000000, 0xdb6, [0x0, 0x0, 0x0]}, {0x7, 0x80000000, 0x4, 0x2, 0x6, 0x1000, 0x8, [0x0, 0x0, 0x0]}, {0xc000000e, 0x1b, 0x1, 0x0, 0xeb5, 0x8, 0x7, [0x0, 0x0, 0x0]}, {0x4, 0x7, 0x5, 0x200, 0x9, 0x7, 0x81, [0x0, 0x0, 0x0]}, {0x80000019, 0xff, 0x1, 0x7, 0x5, 0x6, 0x4, [0x0, 0x0, 0x0]}]}) 2017/12/21 21:04:33 executing program 3: mmap(&(0x7f0000000000/0xff2000)=nil, 0xff2000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ff2000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ff2000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ff3000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getresgid(&(0x7f000032f000-0x4)=0x0, &(0x7f0000ff4000-0x4)=0x0, &(0x7f0000ff2000)=0x0) r0 = socket$inet6(0xa, 0x400000002, 0x0) sendmsg(r0, &(0x7f0000f66000-0x38)={&(0x7f0000a44000-0x7c)=@generic={0x20000000000a, "daf8ffe6ffffff0001f20000000000b61b340e63f8ab691822e903e7d64ac8fef9507f000daec57f844686fbbf26093d6b53efc1cb2b880001186a68506776e9eba5ebd039273202a52700faccec35120ec64fc333c1c99287b26eaece2900727e347f814dc256ce82cb2c8080000000bff900000000000000076167b456"}, 0x80, &(0x7f0000259000)=[], 0x0, &(0x7f00003e0000)=[], 0x0, 0x0}, 0x0) pipe2(&(0x7f0000e6c000)={0x0, 0x0}, 0x80800) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f00004bc000)='/dev/rfkill\x00', 0x2000, 0x0) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000bc9000)={0x0, 0x5}, &(0x7f00008ab000-0x4)=0x8) eventfd2(0x1, 0x1) ioctl$KVM_X86_SET_MCE(r2, 0x4040ae9e, &(0x7f00000c5000)={0x8100000000000000, 0x10000, 0x8, 0x1, 0x10, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [0x0, 0x0, 0x0]}) mmap(&(0x7f0000ff3000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000ff3000)={r4, 0x10001}, &(0x7f0000711000-0x4)=0x8) r5 = creat(&(0x7f0000209000)='./file0\x00', 0x8) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000296000)={r3, 0xffff, 0x9, r5, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 2017/12/21 21:04:33 executing program 1: mmap(&(0x7f0000000000/0x9f7000)=nil, 0x9f7000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f00009f7000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f00009f7000)='/dev/vcsa#\x00', 0x1000, 0x0) mmap(&(0x7f00009f7000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f00009f7000)={0x0, @in6={{0xa, 0x0, 0xfffffffffffffff9, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbb}, 0xfffffffffffff4d3}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x7, 0x7, 0x5, 0x0, 0xff}, &(0x7f0000046000-0x4)=0xa0) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f00001d9000-0x10)={r1, 0x101, 0x3f, 0x1d}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000442000-0x8)={0x0, 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r2, &(0x7f0000012000+0x808)={0x0, 0x0, &(0x7f0000894000)=[{&(0x7f0000783000)=[{0x11, 0x16, 0x719, 0x0, 0x0, '\n'}], 0x11}], 0x1, &(0x7f00009ef000)=[], 0x0, 0x0}, 0x0) 2017/12/21 21:04:33 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001000-0x78)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x666, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x20000000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000000)=0x0, 0x4) r1 = syz_open_dev$sg(&(0x7f0000c1d000-0x9)='/dev/sg#\x00', 0x7fffffff, 0x4000) getsockopt$netrom_NETROM_T4(r1, 0x103, 0x6, &(0x7f00008df000-0x4)=0x6, &(0x7f0000282000-0x4)=0x4) 2017/12/21 21:04:33 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000af9000-0x8)='./file0\x00', 0x0) r0 = open(&(0x7f000030c000-0x8)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f000003f000+0x154)='./file0\x00', 0x0) r1 = open$dir(&(0x7f00004db000-0x8)='./file0\x00', 0x0, 0x0) chdir(&(0x7f0000f50000-0x8)='./file0\x00') r2 = openat(r1, &(0x7f00008df000-0x8)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000e20000)='./file0\x00', &(0x7f00000e4000)='./file0\x00', &(0x7f0000450000-0x7)='autofs\x00', 0x1000, &(0x7f00006b8000)="") symlinkat(&(0x7f0000020000-0x9)='./file0\x00', r2, &(0x7f0000020000-0x8)='./file0\x00') chroot(&(0x7f0000404000)='./file0\x00') renameat(r2, &(0x7f0000da3000-0x14)='./file0/file0/file0\x00', 0xffffffffffffffff, &(0x7f000020b000)='./file0/file0\x00') 2017/12/21 21:04:33 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000cf5000-0xa)='/dev/cuse\x00', 0x1, 0x0) socketpair(0x11, 0x5, 0x0, &(0x7f0000edb000-0x8)={0x0, 0x0}) write$fuse(r0, &(0x7f000016d000)={0x50, 0x0, 0x0, @fuse_init_out={0x7, 0x1a, 0x0, 0x0, 0x6c, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x50) 2017/12/21 21:04:33 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) nanosleep(&(0x7f00008c4000-0x10)={0x77359400, 0x0}, &(0x7f0000d05000)={0x0, 0x0}) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000040fe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffff9c, 0x84, 0x12, &(0x7f0000305000-0x4)=0x80, 0x4) shmget(0x0, 0x4000, 0x1, &(0x7f0000e98000/0x4000)=nil) r1 = shmget(0x1, 0x3000, 0x0, &(0x7f00004ef000/0x3000)=nil) shmctl$IPC_STAT(r1, 0x2, &(0x7f0000244000)=""/239) clock_settime(0x7, &(0x7f00001bb000-0x10)={r0, 0x0}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$KVM_REINJECT_CONTROL(r3, 0xae71, &(0x7f00002a6000-0x20)={0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r4 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000c65000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$TUNGETSNDBUF(r4, 0x800454d3, &(0x7f0000ce3000)=0x0) r5 = openat$rtc(0xffffffffffffff9c, &(0x7f000093d000)='/dev/rtc\x00', 0x200, 0x0) sendto$inet(r5, &(0x7f0000332000-0x2)="f157", 0x2, 0xc4, &(0x7f000091f000)={0x2, 0x2, @broadcast=0xffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) openat$kvm(0xffffffffffffff9c, &(0x7f000008d000-0x9)='/dev/kvm\x00', 0x200, 0x0) 2017/12/21 21:04:33 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000f99000-0x9)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000030000)={0x0, 0x0, []}) r3 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f00007d2000-0xd)='/selinux/mls\x00', 0x0, 0x0) epoll_pwait(r3, &(0x7f000020b000)=[], 0x0, 0x1000, &(0x7f000093b000-0x8)={0x1}, 0x8) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000a9e000)={0x1, 0x0, [{0x3a, 0x0, 0x0}]}) 2017/12/21 21:04:33 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00004cf000-0x9)='net/tcp6\x00') ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f000072e000-0xc)={0xfffffffffffffc03, 0x6, 0x7fff}) ioctl$sock_SIOCADDDLCI(r0, 0x8980, &(0x7f00008ea000)={@generic="951df1c5419295f2fa36b0043be80474", 0x80000000}) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0x2e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00008db000-0x58)={0x26, 'rng\x00', 0x0, 0x2, 'drbg_pr_sha384\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000d1000-0x10)="e513b5a378aa9141fbcd03ff00000cfc", 0x10) r2 = accept$alg(r1, 0x0, 0x0) ioctl$KVM_X86_SETUP_MCE(r0, 0x4008ae9c, &(0x7f0000ff6000)={0x20, 0x1, 0x5, 0x0}) setsockopt$sock_int(r2, 0x1, 0x7, &(0x7f0000bef000)=0x0, 0x4) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000304000)={@common='bcsh0\x00', 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) connect$packet(r0, &(0x7f0000815000)={0x11, 0xf5, r3, 0x1, 0xb9, 0x6, @random="afab2fa56b65", [0x0, 0x0]}, 0x14) sendmsg$alg(r2, &(0x7f0000f00000-0x38)={0x0, 0x0, &(0x7f0000cd4000-0x10)=[{&(0x7f0000a38000-0x101e)="11b981c3293d1e6ad1542a5f601cee8a78a5b3dcdd974d49dde5e1221ddbf06cc93b795b81c963620851a71c695f6781c813dbedae661bf4027a80cf16dd7efcedf805fb599a3341668df2f825de709d389d74548c8adeb2de70463ab0909480cbe9105ef026a9391bf42d96580ea918818be39e671b51c135c9bcaeeb65eabc6bab4a8578495941708a81ce630bd00a135da1cf62b4357369154530c8a3ef02eb24edbf705a5ced4f2bb01d49e21ea5b3e5515b506383fe8502c28578d9677306403066ddee1c99e321c45130cd3a216dc9c84d175eced8de282007c411717d7e7818e761578bac47d2f09a4a89e7d3ba92dc47181857e2ae2714774540fcf79039210bfdc0a15bcf4f91c85a7d97995488017dc4c4802aee4257b65e3ef0f5ed11702a09d33c7aa44ab08867c8dd260c93c5082a4b19a3111783d9371f8b2f1231ae543e9ca77e10fdcbc24c76ab11e72937b3e3866d08008592061b3eb799bafd9635615de8a1077e8cfcdb95766721f0691693abfee445219959e972c6cb950bd8124c736f4df6572171719ed0fbd5b7cf5c7849a4abf622f2ec91594e3603ff9d4378f301517f9b42fcd95da35de020ee9a2cc1ca706a9c4356dd96464aea82371b8c620e30c1e4637e6394528dd7b47fd65ef9466c2677afc0be61f971568c6dd0d849288681f7ba8a68794ee910db6daf318491dcd63f2e76f3a78d9017ebc5bf554d21d24fd875de1d3bbd0fa12082cb0950222f1ebba49ae0e46d848d91be7eac6ae77bcdd7de332ab1d0eac5474cfebf307738eb18f3dd5ceb82a286d735003146eb2fcd9b96bb896617267b22383083278bbedcbb9b2bb3ea3ebdcb69ec61f101f13e5c2be4f32209c8303e6dd974ccaea6c686e8a0aad8cb013fa29b4bebe0f60e0756ed3d03b851f38ede71f88678676771c77727384fef9abef4dab228f6ab8a0a39e91a18cb01f687d4775429cd56a6dfc2c6d5f38d6ddd6e46f07fdfc1d5fbe56597329b6487afc7d5cd209e36dd2343fa7d934fe34d50be392239f81fb83ab6f7a84512cc8e6b0dcff75cd0850dbc919bc628822e587b3a0efe9ade098e72e007875c7858124d417668471523d94ca7d5115dedb78470d850d28660b925e90551e20dd5681b05db4d55ded5dd7b43c6a4eedea3449c2e4f63dd2fad564bddbf0adcb33e6643be3c35621f4d1889309a56e112dbfb865ea75f9c2d36f125825a0e6e83f6a84b839346cde7b125712cdf81b3e1433213feb542af98e34708284b1036710873b5f20dd368a3763701991f1fd9c77522448005c08dc5372320e5786f923973aefb0182e72c8e95af63b38b8fccef3656829bb1846bacb586b6f7ad5d4ec3b18803d5ff5fb007128bc0ba4106fff01c0d2b5245d3ade06c12a62a1a9b1cef04edb4492575087eb241c36431d9e995d76c1bc56f0d6c3ad4c3865f3c2cdec301dfd1b55b5afc99c7a0d3ffdc7d4add3a0f9e5c37c3ad84d377310a0e8c398fc1820a12488ccfa8e55900910f7d00a3cc36618d5c67ba26b71e0502c4be5e78471c93853f2ad18c6032e827b3ff3852a7e6f4d4d628fa22749b3a5b8072ccc03017b99500c7e16736861454a016b20863da16cf1124044b941b0dedf9b75fe70cf403fec3fd8ead5714bf4113630414cdf3f55879e50869d5bd233166bbb69550db396afc28f9bd495eaedec2330abdec5eedb8ccebd38d7f97a0a210b674bf123f1fb2da1f5ddf78642c7c7e96fef99c7d8a42789aaa9ce70899c8102e4402a96d00b931b6cc3458d37917f291c3543ff488723d002831745dcccd9d1af40160d963a29ae66195072a8f65210202d1506fbd40fc4cd9dc5a9d9bb96473afe642c2be663205e44cbbb19b75048b2088730ed3c84b6ac6c7c89d93b689b7c2136f5ba26e5c53c38aacc4da969e8be6e0a69f97ce933dc5af96eea4c82e3b5bb1aab933364a3e6f10454ee8e23192d0b977b48892e5d24d41215c7019a5832388717fe0f11c6703d9290f5ed391e796022ca8235262a12c3b04a3f17f4bf017427b11b2328ddb0455815eedbd8748ce9190d73ae0ca98562faf6ee108ec30b6006638e280ff99d285b3f1c38023c498b7f1263ed4f489b74126818d778db508066c52709716e03d21d3e9a2b9e7eaf5ba24edee067abe7c035778b9f18685cb37023af50a596a8fbee1d811575d690a2a58e37415270592161bbe2217c370c6b4595345bc9fad53eb681b57dcc06464cbf46e140439e0e5505e61dcb510217b24762858f93e54e978098b02c490724c997f8b21117bc88d984e322416c37c4ee8c07854f32890d78c4f69ed8145791896c049166af9f8c343887658f66f6a22913c82c6d01eb57b339b21ee7f97a626efbed20c3c59d68ebaf72e112392f05fdd1ec02e627d332e8d6eeccaa57e8442be2870e5885a88fd79f1bcba6e2f5309fea94a6d3aa8ab008db6c3c3821e9f391ada7c07f3a403e567a0c0debd3782aba5acf52401d282370f55e6c2a1db91cad5fa62aae97d1e4913def71a08749d7f46965e58ea2f737cc56105577b249143b895f0f3c2f62df70e55817a220ed2291d6a77954e3485e40a7b483ba1adc1696232e396bd564a493bf401e3680b05660e39f42745ba05143d24d879ce47d375ba19ff9b95fa66855ed6d559a0df8474ad72e32dbbf8dd5d95c3b7984519c64e9e577db8513f026d3129eb2352f5f55f5b587faf496fdd457ef424eb5d818ff395a00f4a113be47d43d12ed8773659b9964a6141688f1c613a7fd2c5b0ae78d0067cb68ec2a042e2c47b12b500000400ed785ca630c7ca9942c7d99feb00000d80b231dc530cf6ed22e926dd68054227aa99bb6d235ba8dd0e76ff9470a4cd84d84dcf4787a3febe3bb247650e91f2d345e7ad9438c58274cb71ccb4a251432f101dd03f228385a22c33430e44acdb92a9f07770f25cc8b2ab0019029de6a68a1b43a84c8ad7ebc60b8c08c0c857b5c8d6b4a27bac9e946c1d2496bbcb5200bf8bfc27fba10437096bb6ddcaff53130b78f40f09f4ff89246636e72cb709e9aecd90e7f854c08af47954e6cf5bb5df7ba8f29c3a58fe93eed54d81c8e4b759c153c96d83e929552ea4dfd0dafc7efdb36abef8098865255d86cfd3f368ea83f339216b73bd301db5af6ca3e9892cfd61917ed1a9b75377ce322e6993fb73f970f5368ec79f288a0d21b920cf0e5622914a037902fb0888298843d8a5740f2c32e67da6f7c7fae963d43d8822276004aba3987c32c4bad18b2c277dece392d3b1fcb5cc36efc1c2fc65882c3be4f65a41d95b8a0ae7ce831259eff7c52de3e5f56d25f76b15f64130536cdfd73a20924b361068a91f0d0efb1bf14eaa9b59218bc2385f8cf9cbe8a74a143f9f2f69d24655e954112a1580fc6a710e59ef9196cba068e7d1ff22f7977ae8b0093a893306184525352cd9a5956fc18f877c1d1f41ad8b895a90a347cee2d731e9d3e91d68fa48f1b23eef3d92527c589f21cff3b7cc69598e03efeb83335b2973d3ec5e30661c4f276b9b8eb3786705e9034f7a9cb80f3722e9bac0a9f81d51bc88f0d255c875e6d8377d6d090245a47d519d49b8325a4d8b3edf86cbfab71c50dccec8c27c47bf0e87e35c24e2a70238d19f310b275a273ed3079d96073fdc77ccbdc7c029595bfcfeba5a05c33e28173be404dbf30a37dd17ddbba5fc7fcd5fcb6f0b908f28931bc6bed350a653004f7b08a56a990558ef4d1ecc4aad62575c3b8e2d66726fcd97517b3fb41917c8e2f17299e36426297795b0b7ac30ae7f5205ca2340bc17d9da2dc8d5a29894eb4ef0e1144e4ac092b00d189fb121788158df32e5f5f6500736f9240f64f37892fc3cd4a9a864214393b675f8a949304658f335da6babdc724e8d8c1352b91a88e07dbc9b2cc04d15a3e8f58f07075e36619ee2cb228e554990207ca896f779e63573e2b1261f35f8d0018cab12e8d21fa0fb4e51b4762a63d6f1633c0c9bceab843a60c202e4e8bb7d3fa4990b9086908b65ce00c28af904df914bd6cfc471d3d7eac62dbdf7b820fb2589c87cbfe40d366e5e764edf6d0d32e69f0744e9d525426ef7a1f10d351f5a15b021a78d2f7527b080b3480315381caa1fa9f8712b4f3bef0f402a1c3fa6bd591477a43d4552add84cb4723eee30104518c3119c2773ac36ebc09165b382efd06ff8280f776b256e822d4a5fb26ab1bd1c13bba370221db200bea82e55dd0101e2cc59793217c2650f1bfe92b9336ea83772631a578935e98a007bd493ad727085248d3b6a24c36ab1c3b471e683427d8d8bfec897e6b37ebe2479ae18b0da33684b8a6d2863b91f914aac6e10e836bf3f1efe8e41724170ef051e1dcfb867c5dce67068c4417e719990281e33102618cd571173966f93dbe06ab9d1c11bed9952f5ceed152e5bc8bc1bf632de9057799392cac263615fd4b816a8a92df84b126c6b02fc0525021037ba1e39cd44a63e71d4034f8f6847c7e18cdba32b540b2447b5b1384ea21cf8b7d06984783ca477b31a3be3655d8e91dc27a87d75cc48ee01bebf9169873e1c417b4fb9f9ce49ada3bf9f7c0fc6e72e13edc650b7a2b8cf8967c11efacd5eace0673018fbed2e7c4096e57141140834fff27f25bb30c81e60e3a31199aa8f000dcabc93ad6ddb3a4628bc2226b814a47eff0d750396915a1d3ead774aefc5e664b31ac9b64ea9fe42cd3e03ff249f8dc83aafcdb2a49facb8e8682fd59965764b5bb1fa901e46f4d92f9f8af0a5bf3b0cc5517634d6f81ca7d55f6faaf70e76a603f90f1b513c6a41e8ec48d34ba13e7ae33a2c2bae92e325a57a9de2045dad256c8dd30c03e9ae4f7806d0a78a5f63d2399e07f44a834bd77d658adf1bce15c8a416d4a70ae657fa1679220b268ce22674c821a474612d402fd91ff09ccbec082b07158aa8b2e8f546a895b7acf636be328985d953e4f9ce4a4ccff2377768e15cf1dc88d44cd77982d8ed6d35bc6eec0b8370beb94643f4e5d42ac4eeed54e971306e56cc76e1e17180cb8546e07ac09e2f70169c3d4a336f37348d4c2697d2c95fc0dfb454ae6ed9e11e9a68a2c5a40de16fa6b74f8bcb9c46711bc18aafa9c7cc6901214cd71e1b02c0b80b83ef77c72f45a7028fcc19676a09afb40f70fec03638fa765486a8a69df7555d76cc9a1fb211bff585a5b6cc5614ab8c6a328926524b15076ed1022333bb0f23754db344895d8c74c9c695bfe0ca1226fbf8f4fb58d1171b6250a3e8f0fbf973f6ae808276d8ef95a4384cc9038f5067ef49fe1da7a6b2fcedf4bf0af13d814f708303b1d4340ed6bb1e53f742aebab9bd2df1dd6c56c97f9256cdd29adc3839ff59f4bcff1c3094f8938d2abaa78f8a2e743f568ffcac6231f95d30c839875380ca7c91eea63a9eba779fa103ea52c46321f51058293f5f49e10ad3eb47fa747a3a85991916639884dd1530f7dcebf915822dd525dd5c02c59e9464f54f99d3d18f96b7e7f71ddefff8070dfbb3c514e4bfbee58a39461ed6a10c25ff052f30b84ee0a9c3a8a50dd75fa93b4ad303cbace27b46bc826173f5ba04e5c7e2cc3ff820de281c8f78c47c1d804615e073d4fcb0d02243287400303277a96d32a21d7359e89330ea83fdcc3785894596e0dd7efe55a2d72b81b8d48269963fd32c663b3157956360fbd8d8e30f1a31a9abde9d8f8709886233088ae2b5bb0742395900aa49c3d7bd17c6c78a042dbde5ed5e8e5acb97d20294992c211b62e1d89a9ee53bd40901d47aa127c03413", 0x1001}], 0x1, 0x0, 0x0, 0x0}, 0x0) recvmsg(r2, &(0x7f0000152000-0x38)={0x0, 0x0, &(0x7f00009b7000-0x30)=[{&(0x7f00002fb000)=""/4096, 0x1000}], 0x1, &(0x7f00003b9000-0x39)=""/57, 0x39, 0x0}, 0x0) 2017/12/21 21:04:33 executing program 4: r0 = memfd_create(&(0x7f0000a9e000)="5c8e2f00", 0x3) write$tun(r0, &(0x7f00002f4000)=@pi={0x0, 0x890d, @eth={@random="5be4370d69b1", @remote={[0xbb, 0xbb, 0xbb, 0xbb, 0xbb], 0x0}, [{[{0x9100, 0xeb, 0x20, 0xb165}], {0x8100, 0x0, 0x0, 0x401}}], {{0x892f, @x25={0x2, 0xffffffff, 0xf, "8e4cc30bb43b0fc442754bb15697a368176c287da91b096afcc310bf6e0456504d7de49f97a4b1bba05d9a59d83d5d7714fc1aeb468be8b6c9626f5e8586abe6d607e716b8cca1704abd0fce7fa6b6a178d9f27e605888d5144a1d70ef4ce0812c3308e561a031b3a74e5d153c92ec9e4bac10c6c7a75e1ff7bdf0cec24547646b0725259363767b3594"}}}}}, 0xa7) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000040fe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000e41000-0x12)='/dev/loop-control\x00', 0x0, 0x0) r2 = dup(r1) ioctl$LOOP_CTL_ADD(r2, 0x4c81, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c80, 0x0) ioctl$GIO_FONT(0xffffffffffffffff, 0x4b60, &(0x7f000089d000)=""/0) io_setup(0x8, &(0x7f0000c70000)=0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000615000-0x4)=0x0) ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f0000a78000+0x492)=r4) io_submit(r3, 0x0, &(0x7f00002ce000)=[]) socket$bt_rfcomm(0x1f, 0x1, 0x3) 2017/12/21 21:04:33 executing program 1: r0 = syz_open_dev$random(&(0x7f0000253000-0xc)='/dev/random\x00', 0x0, 0x301000) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) open_by_handle_at(r0, &(0x7f0000000000)={0x90, 0x8, "e0b6ee4362105c7e4088ca4b64d7dd731ce82235a7932fbfa09278fa864460b3f98f822ea6e35ea26687c8aeaea2fc5f9c5a57059cf4774de1304eb217c1f7caf206836314cbde5f3fea0a3c5e4b40823e7c327b58598769c45288238d9cb5289d301cc0dcdec296c1bb6c8e22ecacbe272fc339a73db3fc496d511ec011c972ce0997a389b8f585"}, 0x20080) mmap(&(0x7f0000000000/0xfb4000)=nil, 0xfb4000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000fb4000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) io_setup(0x8, &(0x7f0000fb4000)=0x0) mmap(&(0x7f0000fb5000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000fb6000-0x10)='/dev/sequencer2\x00', 0x10000, 0x0) r3 = openat$selinux_context(0xffffffffffffff9c, &(0x7f0000e8f000-0x11)='/selinux/context\x00', 0x2, 0x0) io_submit(r1, 0x1, &(0x7f0000925000)=[&(0x7f000055e000-0x40)={0x0, 0x0, 0x0, 0x0, 0x2000000000000, r3, &(0x7f0000334000-0x28)="f5ec4c7d0004eb6f687eea5f06", 0xd, 0x0, 0x0, 0x0, r2}]) 2017/12/21 21:04:33 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = getpid() perf_event_open(&(0x7f00006fe000-0x78)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000040fe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = epoll_create1(0x0) r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f000020e000)='/selinux/policy\x00', 0x0, 0x0) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000de3000)={0x100000001, 0x4, 0x2000}, 0x4) r3 = socket(0x10, 0x802, 0x0) kcmp$KCMP_EPOLL_TFD(r0, r0, 0x7, r3, &(0x7f0000b83000)={r1, 0xffffffffffffffff, 0x0}) 2017/12/21 21:04:33 executing program 6: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/policy\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) fstat(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = socket$inet_sctp(0x2, 0x800000000001, 0x84) mmap(&(0x7f0000000000/0xaab000)=nil, 0xaab000, 0x200000c, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_RECVRCVINFO(r1, 0x84, 0x20, &(0x7f0000cec000-0x4)=0x0, &(0x7f0000a96000-0x4)=0x4) [ 29.402975] kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu 2017/12/21 21:04:33 executing program 4: mmap(&(0x7f0000000000/0x4f1000)=nil, 0x4f1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f000000d000-0x70)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000005000)=""}) mmap(&(0x7f00004f1000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) openat$selinux_load(0xffffffffffffff9c, &(0x7f00004f1000)='/selinux/load\x00', 0x2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000006000-0x2c)=[], 0x0, 0x0, &(0x7f0000002000)=""}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000003000-0x30)={0x4, 0x0, &(0x7f0000268000)=[@register_looper={0x630b}], 0x0, 0x0, &(0x7f0000002000)=""}) 2017/12/21 21:04:33 executing program 0: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001000-0x11)='/dev/qat_adf_ctl\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffff9c, 0x84, 0x22, &(0x7f0000b64000-0x10)={0x3f3e, 0x800e, 0x1000, 0x4000000000, 0x0}, &(0x7f0000001000-0x4)=0x10) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000001000-0x98)={r1, @in6={{0xa, 0x0, 0xd5, @loopback={0x0, 0x1}, 0x8}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0, 0x3}, 0x98) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x46, &(0x7f0000960000)={@random="71cc0fb0b178", @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x0}, [], {{0x201, @ipv6={0x0, 0x6, "8d376d", 0x10, 0x0, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xaa}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xaa}, {[], @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "4d4415", 0x0, "7df237"}, ""}}}}}}, &(0x7f0000381000)={0x0, 0x1, [0xb9e]}) socket$kcm(0x29, 0x7, 0x0) socket$alg(0x26, 0x5, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = accept(r2, &(0x7f0000d21000)=@un=@abs={0x0, 0x0, 0x0}, &(0x7f0000fbb000)=0x8) ioctl$TIOCLINUX4(r0, 0x541c, &(0x7f0000b13000-0x1)=0x4) getsockopt$ax25_buf(r3, 0x101, 0x19, &(0x7f0000272000)=""/176, &(0x7f0000237000-0x4)=0xb0) 2017/12/21 21:04:33 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x80e, 0x7) getpeername$inet(r0, &(0x7f00001c6000-0x10)={0x0, 0x0, @local={0x0, 0x0, 0x0, 0x0}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000961000-0x4)=0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000c48000-0x8)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f000001a000-0x69)='j', 0x1) recvfrom(r1, &(0x7f000001d000-0x72)=""/1, 0x1, 0x0, &(0x7f000001d000)=@nfc={0x27, 0x0, 0x0, 0x0}, 0x7fffffffefff) 2017/12/21 21:04:33 executing program 2: r0 = socket(0x1e, 0x1080000000001, 0x0) getpeername$packet(r0, &(0x7f00002ac000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random=""/6, [0x0, 0x0]}, &(0x7f0000575000)=0x14) 2017/12/21 21:04:33 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00006a9000-0x58)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00003cb000-0x10)="0a0775b0d5e383e5b3b60ced5c54dbb7", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000f6d000)={0x0, 0x0, &(0x7f0000b65000-0x20)=[], 0x0, &(0x7f00008c8000)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x0}, 0x0) recvmsg(r1, &(0x7f000022f000-0x38)={&(0x7f0000f6f000-0x10)=@ethernet={0x0, @random=""/6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10, &(0x7f0000893000-0x50)=[{&(0x7f0000f6e000)=""/12, 0xc}], 0x1, &(0x7f0000aa5000-0x46)=""/70, 0x46, 0x0}, 0x0) r2 = openat$selinux_context(0xffffffffffffff9c, &(0x7f0000c1a000)='/selinux/context\x00', 0x2, 0x0) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r2, 0x84, 0x13, &(0x7f0000af0000)=0x7fff, 0x4) 2017/12/21 21:04:33 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x1, 0x0) r1 = syz_open_dev$tun(&(0x7f0000c55000)='/dev/net/tun\x00', 0x0, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000bc5000-0x4)="6b64b22e", 0x4) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000928000-0x28)={@syzn={0x73, 0x79, 0x7a, 0x0, 0x0}, @ifru_settings={0x5, 0x0, @sync=&(0x7f00001a4000-0xc)={0x0, 0x0, 0x0}}}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000630000-0x20)={@syzn={0x73, 0x79, 0x7a, 0x0, 0x0}, @ifru_flags=0x20301}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00005e9000)={@syzn={0x73, 0x79, 0x7a, 0x0, 0x0}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) bind$packet(0xffffffffffffffff, &(0x7f0000c85000)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @remote={[0xbb, 0xbb, 0xbb, 0xbb, 0xbb], 0x0}, [0x0, 0x0]}, 0x14) dup2(0xffffffffffffffff, r2) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f00004e3000)=0x120, 0x4) write$tun(r2, &(0x7f0000875000-0xa4)=@hdr={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, @ipv4={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast1=0xe0000001, @remote={0xac, 0x14, 0x0, 0xbb}, {[]}}, @igmp={0x0, 0x0, 0x0, @empty=0x0, ""}}}, 0x26) 2017/12/21 21:04:33 executing program 5: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000b7a000-0x10)={0x1, 0x18, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000ebe000)=r0, 0x4) clone(0x0, &(0x7f0000c54000)="", &(0x7f0000134000-0x4)=0x0, &(0x7f0000001000)=0x0, &(0x7f0000001000-0x2)="") getrlimit(0x0, &(0x7f0000cf3000)={0x0, 0x0}) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000001000-0x9)='/dev/vcs\x00', 0x202, 0x0) 2017/12/21 21:04:33 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x668, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x20000000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00002f7000-0xf)='/dev/sequencer\x00', 0x100, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f00007c7000-0x67)={0x0, 0x5f, "19fe3638994050b837a5381a073e81e269bddc45dda21464ef06c72715ed924ffe6506010e2b8cad683a6c790a621a54f097fec3b5b99843d0bb07d836bdc80c51f2706e965c016cb8acb35b96df0210c44e6db3d65e841bca6e2a0f9a2e56"}, &(0x7f00008d1000)=0x67) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000bae000)={0x10000, 0x8, 0x2, 0xc25, 0x80000000, 0xfffffffffffff000, 0x847, 0x3ff, r1}, &(0x7f0000b0f000)=0x20) r2 = socket(0x1e, 0x4, 0x0) getsockopt(r2, 0x10f, 0x82, &(0x7f0000004000-0x4d)=""/0, &(0x7f0000000000)=0x0) [ 29.576072] device syz1 entered promiscuous mode [ 29.581063] audit: type=1400 audit(1513890273.344:17): avc: denied { set_context_mgr } for pid=3558 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 29.581082] audit: type=1400 audit(1513890273.344:18): avc: denied { map } for pid=3558 comm="syz-executor4" path="/dev/binder4" dev="devtmpfs" ino=1075 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1 [ 29.582475] binder: 3558:3563 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 29.585101] QAT: Invalid ioctl [ 29.643084] binder: BINDER_SET_CONTEXT_MGR already set [ 29.643101] binder: 3558:3563 ioctl 40046207 0 returned -16 2017/12/21 21:04:33 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x16b, &(0x7f0000c51000-0x1a3)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x0}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x0}, [], {{0x86dd, @ipv6={0x0, 0x6, "72f20b", 0x135, 0x0, 0x0, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbb}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xaa}, {[@fragment={0x0, 0x7, 0x8, 0x5, 0x3, 0x7, 0x0}], @tcp={{0x1, 0x0, 0x42424242, 0x42424242, 0x612f, 0x0, 0x11, 0x81, 0x401, 0x0, 0x7f, {[@sack={0x5, 0x1e, [0xfffffffffffffffc, 0xec4, 0x5, 0x7, 0x6, 0x1, 0x1]}, @sack_perm={0x4, 0x2}, @generic={0xc, 0x10, "8ed98d23d4e42c8e34a553dbad43"}]}}, {"04e642e2bb91e1bc63349d99a5ff50b9bc0324ccd6d5d2c89784c9a07dccf5f276c08af8e4b2d9c6189f91552692f607b3e77af3b5d3cabe02bffe781b2594849149895ae9928f25ae401f75b0a2f50d1e7e8e6f5357f4da281cdcece6b9366d5b708da537f0a557a34c15a8df859e9c323fbe038373b08f409e2a8f4b29548e81025d7970285da712404f357d7b954595dade478e749ee83e9325839582841d5193cad51d1532ccabf719cff8d23952415316593301a66ebfc2ca0acffe09aff8bef9b0d01993095606bf745cf83092030e36eee1e91cb880cf01639ce44d4e7a43ff69b32c8d6ca5"}}}}}}}, 0x0) mprotect(&(0x7f00002e4000/0x4000)=nil, 0x4000, 0x2000000) r0 = creat(&(0x7f0000795000)='./file0\x00', 0x40) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000882000)={&(0x7f0000c75000)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000126000)=[], &(0x7f000086f000-0x11)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000b5c000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x5, 0x0, 0x5, 0x6, 0x0, 0x0, 0x0, 0x0}) 2017/12/21 21:04:33 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa, 0x0, 0x0}) syz_open_dev$mouse(&(0x7f0000b79000)='/dev/input/mouse#\x00', 0x7f, 0x40) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000044000-0x20)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000c1c000-0x15)='/proc/self/net/pfkey\x00', 0x8000, 0x0) r2 = creat(&(0x7f000078e000-0x8)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @time={0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, @time=@time={0x0, 0x0}}], 0x1c) getdents(r2, &(0x7f0000a7f000)=""/102, 0x66) write$fuse(r2, &(0x7f0000c19000-0x8c)={0x10, 0x0, 0x0, @random=""}, 0x10) ioctl$LOOP_GET_STATUS64(r2, 0x4c05, &(0x7f0000960000-0xe8)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/64, ""/64, ""/32, [0x0, 0x0]}) setsockopt$inet6_udp_int(r2, 0x11, 0x64, &(0x7f0000913000)=0xbec, 0x4) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r1) 2017/12/21 21:04:33 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet_sctp(0x2, 0x800000001, 0x84) sendto$inet(r0, &(0x7f0000c49000)="1a", 0x1, 0x0, &(0x7f0000022000-0x10)={0x2, 0x0, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) sendto$inet(r0, &(0x7f0000029000)="c6", 0x1, 0x0, &(0x7f0000008000-0x10)={0x2, 0x0, @remote={0xac, 0x14, 0x0, 0xbb}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) shutdown(r0, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x7b, &(0x7f0000ff9000-0xc)={0x0, 0x0, 0x0}, 0xc) getsockopt$inet_sctp_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f00005c4000-0xb8)={0x0, 0x80000000, 0x8, 0x6721, 0x1, 0xa0d3, 0x9, 0x4, {0x0, @in6={{0xa, 0x2, 0x4, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xaa}, 0x1175}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0xa78, 0x0, 0x6a6f1b59, 0x1, 0xa2b8}}, &(0x7f00007e6000)=0xb8) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000ce5000-0xc)={0x0, 0x100, 0x0}, &(0x7f0000458000)=0xc) getsockopt$inet_sctp6_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f0000f86000-0xb8)={r2, 0x2, 0x7, 0x101, 0x1, 0x1, 0x230, 0x6, {r3, @in6={{0xa, 0x3, 0xfffffffffffff793, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x7}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0xda35, 0xfffffffffffffffe, 0x2, 0x2, 0x3}}, &(0x7f0000e1a000)=0xb8) 2017/12/21 21:04:33 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000fe1000)='/selinux/load\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000040fe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x4a, &(0x7f00003b3000-0xb6)={@random="efa106a7290c", @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x0}, [], {{0x800, @ipv4={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x40000, 0x29, 0x0, @remote={0xac, 0x14, 0x0, 0xbb}, @local={0xac, 0x14, 0x0, 0xaa}, {[]}}, @icmp=@redirect={0x5, 0x0, 0x0, @remote={0xac, 0x14, 0x0, 0xbb}, {0x7, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @empty=0x0, @empty=0x0, {[@timestamp={0x44, 0x8, 0x0, 0x0, 0x0, [{[], 0x0}]}]}}, "11409d09"}}}}}, 0x0) setsockopt$inet_udp_int(r0, 0x11, 0x1, &(0x7f0000e8b000-0x4)=0x7, 0x4) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x20100, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000c90000)={0x1ff, 0x1, 0x4003, 0x1000, &(0x7f00007ea000/0x1000)=nil}) 2017/12/21 21:04:33 executing program 3: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000001000-0x3)='/dev/hwrng\x00', 0x100, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) sendto$inet(r0, &(0x7f0000000000)="77f33fd1236817282c59c2dcdba8babaab7bb1171a4c4615e09273f8c87e539eddafcc9812f9f9169b81c6ff1d087bf499bf8f6538b6395b66339d1ae52a09c4d7e42f7c61f040f34d3ef774f437aa5df9042bd1240c593c253fef59c458cad1ab58000d3dbe9ba5b51b30ba9023fd109c1a07556a55523e7bdb92074b61fcbd73b80748c9cde17923d950ad9d30b726f39541", 0x93, 0x844, &(0x7f0000000000)={0x2, 0x2, @rand_addr=0x7ff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x6, 0x2000003) fcntl$setstatus(r1, 0x4, 0x2000) sendmsg(r1, &(0x7f000089c000-0x38)={&(0x7f0000435000-0x14)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [0x0, 0x0]}, 0x14, &(0x7f00008f8000)=[], 0x0, &(0x7f0000783000)=[], 0x0, 0x0}, 0x0) connect$inet(r1, &(0x7f00001b8000-0x10)={0x2, 0x0, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) 2017/12/21 21:04:33 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket(0x2, 0x80003, 0x2) mmap(&(0x7f0000000000/0xfe6000)=nil, 0xfe6000, 0x0, 0x10, 0xffffffffffffffff, 0x0) setsockopt(r0, 0x0, 0xd0, &(0x7f0000000000)="", 0x4) r1 = syz_open_procfs(0x0, &(0x7f0000f81000-0x5b)='net/udp\x00') writev(r1, &(0x7f0000009000-0x8)=[{&(0x7f00002bc000)='5', 0x1}], 0x1) 2017/12/21 21:04:33 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000005000)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) capset(&(0x7f0000000000)={0x19980330, 0x0}, &(0x7f0000002000-0x18)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$sock_void(r0, 0x29, 0x22, 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000001000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_MAX_THREADS(r1, 0x40046205, 0x400000) ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000009000-0x30)={0x4, 0x0, &(0x7f000000a000)=[@register_looper={0x630b}], 0x2, 0x0, &(0x7f000000b000-0x4)="d8c6"}) r2 = accept$inet(0xffffffffffffffff, &(0x7f00001ef000)={0x0, 0x0, @remote={0x0, 0x0, 0x0, 0x0}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000d21000-0x4)=0x10) ioctl$TIOCGSID(0xffffffffffffff9c, 0x540f, &(0x7f0000897000)=0x0) ioctl$sock_FIOSETOWN(r2, 0x8901, &(0x7f0000a17000-0x4)=r3) sysfs$2(0x2, 0x0, &(0x7f00002cc000)=""/59) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000001000-0x90)=[@reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000005000)=[], &(0x7f0000004000)=[0x0]}, 0x0}}], 0x1, 0x0, &(0x7f0000008000)=','}) 2017/12/21 21:04:33 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x6, 0x0) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f00001dc000-0x8)={0x0, 0x3}, &(0x7f000038c000)=0x8) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f00007d4000)={r1, 0x1000, "a1560b5131ba0745957b230abec93f478224e5c26773e42718e57657b1c722b40d5c5695cefeed0d5aada1f4a9d87c8b779f1a56e6d8f1c563ad06965e9e341f0541642e4f1d74e3d0bf902edc3f6c1e8e840d25d5b4b62c6c5708a8c6a20eed1ec7e21aad3dc88fa144766038cb2fc5dbd12e9320f2d271ae4863b2b8b819af5b181294b40f32a1309302cec671dfd748ec71836bc33f272763e566c07e7e1281dbe9e4c026a8dd8996f6082e8d02ca6b9031c1559e72077b8f2a20a1ca62ea83938a6b703297a1bfaa2421b245350136f5085055546b0992855338d0cd977573cec0e31589822c7c8f0ff57ef22276dc991e98419be24d61bd728d62821cbf2015263baa077e85cea44ddaa8434beebd0fe1b5ba5282fe15884c0a75970d2f305defecfd0731440fb486a988f55b063d7df20b0b8e7888dc2085484332e93caad00519b54da6eb075bb4974fb7026359980fa64460c206128b3a2f5ba71925e48d2f540a75cc59b308b6ce57990e7d1db07932daabb0138694f7727917d98cbe52d8e7beceea9af4b1a87cb1eef1b3efabd04a39ec2a3ae0b1766c8ca2b6bd7a5c51618932ea5414bab2e4cbc67f8c3d0d89521e2da0b240a4ebe69f2c51b78403d4017c5d77a8c4449c7b131138f94785ff4217238e2e81c1bbe86f20f80b60bb11d2be7f640537e8e8045b30bb56bcbee2883a26991b01b37d80028f1a823be706e6319ddeb238fef35ab839a52dd15f262ab1eaf54c37bb0949c7274e6b89570ab0fe8d50d1ef5b3996fc7f20311f1fa67ad45af6fd7e3f7250e4c9c8be74cc0ccfade417ba6fc442717765f778b9470d03c1ce84439c8fef9002130ba3b964ea41604ba558823695f9f89aee9c4aca4f97c8ee9de53e296068967a4e1cd974454830c7b90bc02789a14bf6a2512bd9a8bebfb0944e47fa48071be50ef6f454da2068aed0fafa70e053acf9c14441878126163f5e57ac1c627887d9b39e531f28378fe7bc41f7b60423b1cef12d89b396f4f44fce25f128f754342cc194125a19b3524ac5bfc1839081594ef841f7d13e7c95fea78b681d4ea982d9433d32a6a2a3afe30422b2f8bcab0d055a86126ca95b85a4a55a42621e95251b2428c05cca965c498bb4f65bdcbc8efc29846191a760046996e2564294096494f594ffe002bb045687738c8d35f142073fa45792644e6a90317978e152a5f39325178de083b70a3f5453e8ea6997d44e02c8b39a19a493e34abbe0ce410b9106ca1ffa3ab74d9ef932ac99c5d3e85df1808b99cc7f51d6a950962b4670ccd434334c2131f35e0c669c9baafc9297be1d49678f04fa1f802ab5e38535a03cfac61fa6d170db8b9ce299125f62ebb9129557d14ecd5202e240fa42d6ee287e3b8b5ab07f619a55c3dee9c3d79aa4a84326e0b140e3a453a07c84a57038f01d24100b729e4833c8af8052bb461a011a6f0266814bbbf9c1d0509544c69ddf5bd75fbcde89e76e25b8fc4d6a9edede31a75e156cadc09ee2baeb770c76b1444bdd87078940736366df686fcdcb3f47ef3a20ebb252e2693de19d718827090d37805d897a8c5e7996eb49426a776c3c0adf99c0f776b40a35a1008b8c0ef23330bf22b98b20bd4a1832e4b4391619653d8bb237ea3ea0b58ba795f7b0eb0c15b8b226aff557a69b2c35ee63bf5b6eb7e732cbaced942f34b42c91a9392b998c94abcac102cc79465b6b268237191b2e99d7e96269702108a47a39c7d83bbfcb823460b13045941582ca9c4cbb6a5f907475dddc868a28205a06582d31be1fa1bf8e521cd5051b030c0170767e16518b9c16e5554cfa1f6e49080ed8ffd7a89388f323a0b9a173f289a88c918cfacbc1902ac98c469120db637587223e929533135e68f228c6c773f02c7faa399006339e9ad5c8ff5b7ff0f96486f4d7ea1ae8c9c97d5d1d59f5851920e6bf2381e3b41b3ddae39ce735bafe3a91a384cd9601612503c28153414b677e2db582e8ebaec12de9a71b1dc71e4f82c8c60b7cab23c9d2804637cb415cb9e22e08833e21fd57bff1cb0787bcf406bc6767dba1ad13ab7a57e23acd17e63ff481e49123953161e2ae92749de51eda3fb5e163065a26c09fa1085da4276ea69eace5619d0ea82973b4eb4bfdc5e6eb2b1a327701da2b64a8a82afeb77d862cc0a2f3d72d50b760ddd7baacda003a8437b754fbb3b68d8662358c27bdd5ab0a2ca1203762c362a51e4af5ee87f376d5caa3cf687b2349fc1c857a0ca72b769f425f4af9d9373d77393f19320b6b1a146db1251b71812357aea54866488e479f7ab7423af2ec3458cc2ffea8d952b75569b62a86c1603e8c7bfab96d83565b73fa87fb4163abc8a8c03b706f41f2240552f53a2b342c378c483572e88e812dfeb7f196924bc39a5de9bd339919357e3e5653b72f8d4c597db5496c57660052e04ffed2df47ddb7f2443b4e59eed74c883f800df38356c6f1849c3ab232e7fe50bef4eff87d6b98b172d68c47fe59b3163b955dd16db2c65a4f23a943f198f11cda8fd98de5b8c25e2f5595be2dec32b3be69dc1f70bae5632a9ed98626205ca5aabaef6d16e24f646fc59ffd48c57a2643f37a5bf72d459605d07b3b839c764071165e3ac70c97bedaf80b0434c8857cf76f9009197af7ccca56141f4d0f781c85e3303b6cfd1d3a3d04f24286b6d850ad52b61ae28575277c6ce89f1bcbdc60e2fb42245183f1695508404a8d5fb9d1fa1cc68dd797be2611b3633637b5e35185fd2eca3267cad1621134ce677f7b9185abc881ac338d63db46db8c8f9e4e9f24167739134268965898e6548d20ff8c71f3839f75493fddf606bca29b393ecab5f402f6de3218f3da2bb8577a5036801985ff6ba3a0356b32b90e58895a12954444199cf26a0a864c1a2b31ffe59fad83416b7b3af9643cb5128f63d6142b2634a2fbffb4a21bc811bd13766c45fa9b5b8c1ef5c83da3ee0678224325b66c18d22855176aa056b94af11b79006988a25ba48e6015f370406704f7c381baf5461feb46bd59d1dbd4a38402ee1f8894afd3d9dfe3f2f983806fc92bb01832c104f2ce8a18dd452a9472715b6f9391a1a603b263be489b800deecf14e87603fffc3045169fc4150ef8662ae56ea251ca5002aa19a04c56be7977ab777d5daf1ef548c7e6bb6de08c5992daeeb4df46f4b8554e9c399952cfe49012056aaae993f9146c35e64a3df200186676fe94bf3f91c0f020372216bf61284d1447d9a74eee71b0174a2f3efe1e296653278d079868e9fc74a6e94be8bfd0b872913251c5eeac5620b358f2eba978046c7e3a229c6ba742967f567a93a0654c6f465e6a96b88f4a859b6161ef16c592bf209cd8cca7ad30f9c2c930fba6dcf4340c11f185623135327419d751a096fdc325b0b46db3b0fb0ab7783e3505737c0b290f7b2e3f6ac347f6c6425ef2450fc67376925805f86c2a824522db3064eeadde0c09d212bd61ec2bcbdf5a5a06f9d449b0fc80f66bc04e301abbe1d84e7a49337e1a6e4f3332e6859e6990fc7d6aedfe3435ffcc48ffe1c840e30808c67b7a0a80bba6d7b39873eebc8bbb24ecd05c93c964ba8e16dafa0c7d096403b37b9dadb37710c48fefbb529eede821725d1b7bc65439d3993a31c47ebca2da6504f2e3c6dca7bd7f613587e952e14158b60c00b231dd36e22ff595fc98cfe1af35a607b779ed5260a93875b26e6d6dcc1da3ea9695eaaf3d8fb5293c96cc22d0d3ea487aae6e11ebc6ccec2dd4b748c1082533f2b19f09a49cb06c6d7d1307b325609939dcdba255abfabe59940747c286f3776e091789cb89b80f336930646a6852eb2ae2ab2b2e4d8394229cdb26218067ad4795ab2db74bc2011e3c20c15efebd5603a5429fe2b27ea802f590845d516969bc12ca42291316d97f21ea00c5a91b0630f53af19bd217be0d6b777b7a21eb0d9c2162aa891757bb8a3d99a9f401b8d396c960ead32d79bf228c02ca2e98ea3fff7dc7136fa89007a95d6760cceada782be44a829b7ff59fa50a1635b454b8d12aba94fc0b1c9acfd9b83672535d20b7ea462bf2a3171640d3ef98e84826333ac7f70bae4281e15b8b71cf96bbe0647d91e5835c6055d9e4673bb5f58823fb78501317570e5f6db63715938700349a5884b7a04c5fc44f095f59268c0b1fa39bbcd54782e4eb2b5139ec346c9332cc52e204c2a6d350241a702380f6f72a88efc4f789585b280f4dc51e42b81a558d799fccf7dd62e9bfdbd870dcb6be21236d0a7058f29bed69f6e737fa0301687a78e5ea5235057009dc1bdd14300f8c1d919989fb325ec5545de0e99bdb6a2700f8176e341f0c7542229be4979fa3c84a68cf16bfcbab225d937a0465504578cc695a6dcdfb45562e2e703a59e5cabae80eae2ab192817c483682ad13ddb12f5e398dd09148947f0b575a94dd2243b0f0ea1ba4d442cc9d24934a37f34b63e6d3e6b1d8bc9a9efdd47f49739242f4d65c2bd1cbb91d97911958a10a151af97a06c154f7d197b843e757081957ec3d0d344c8962ee827c545a4ca12f3bd6c1b2265b14aa27a82b1d60debfa65a0089371c63e7cdb40035897961b03c4550cae273039e3208751f28143d217c6604c140887f2a3fd59b7912562d58ec7790dc1fbb5c49e513ae9e96abc28bee7fbd89f5e0e981fc731dbebe803d464c417f986278477344b4297fe15977f9bc0fbc5cd2d5488dc39ceb6bce77605ebba6f59e601e4d0e11b6a27d2aca60890b88c2a2aee1887c24aff60f5b2fad505b3a1f8fe6c01904e81c4c64983a56a1fa298dff9c3cfa5aef7b1b5feb3a9594f33ed223fc8387b37b8fa86f465c46204c0121e44e25d36479eb2c432e047dddb1d45f2ccf4f87101b4d549d8c31be63b83fca6eb24c307ce9f4ddb45312c00f3e8caa495ec51e92b554929992942e3b3a1783fcf4ecee5220586a290c79ec4f8f3d16e1eeb4ae496b2914550f6ee19c6632cd74c55ac417b68a16d58cdf4c52b50467385b980d36ca8b3560c91bb5867f7983af80ba77329167f79ac9e7e5afbf5a12f05647c2ed44a2476ee2d8f060c74239aa21523c3efd9d10518f2f1f953c752a11e94b741484a0fed42aa950d13b726517c1ce29be6603518fe720b197830e8a2b1c26c673ce59b56718384b8b658b4aabac775aa2ff1a7a12b9f51b403cd693b5ff9454698e0f8791a20dd57a2b93e19b6e65529e73473bcacddad74a859d469ab1b77f4031753182715c75b737979e1914ddfdb1c1adced1e6c2b46c7696f0f9cdebd9010e32885cbfab6d55ed61cf5b3a49e0c367f7212fbd26de652e867b69d0db9ec60ebaf667fd8cc360e2d131ec3d1985790288c0a66f6810ebb2802b487a87afbce84d435abce3e766a9a142756ca7226f254c0889bb15bde4c1553a35d6dcce21593a9315fba7a78b0ac0e4490cb92f90a244d8d0e843892da5170d1b1d25f06f4773bc3866cc509cfc40366b9a6876b4ea201a112b58023d48cb4f84d21e180fd114a1e73ba9ab9f1641987f0b06a8c2e6eb1773e7557f97cde523ad23f3eb9e56299a5c6b30efd850f932668a47211705797a5508036b9120213141babb73645415c565952e63e2d3483ff57c3a33a4f028848cb21fadd0f2562685da2de2e5ce0e12670b3d64ae9504958d36c845c97d29917396543f6093bf85cbdec2fc5c530f67678c03462b67506aca8fa43f18b13afe246b7a6a743441fd003bc429a1c657264dd72ecbc92b7cefde94ab0398b0c502966d7cf326f254eba03a8b3a"}, &(0x7f00006ba000-0x4)=0x1008) fcntl$setstatus(r0, 0x4, 0x2000) r2 = syz_open_dev$usbmon(&(0x7f0000c8d000)='/dev/usbmon#\x00', 0x7ff, 0x1) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000d8d000)={{{@in=@empty=0x0, @in6=@remote={0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {{@in=@local={0x0, 0x0, 0x0, 0x0}, 0x0, 0x0}, 0x0, @in=@broadcast=0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, &(0x7f0000873000-0x4)=0xe8) getsockopt$SO_PEERCRED(r0, 0x1, 0x11, &(0x7f00006bd000)={0x0, 0x0, 0x0}, 0xc) fchownat(r2, &(0x7f0000986000)='./file0\x00', r3, r4, 0xc00) sendmsg(r0, &(0x7f000089c000-0x38)={&(0x7f0000435000-0x14)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [0x0, 0x0]}, 0x14, &(0x7f00008f8000)=[], 0x0, &(0x7f0000783000)=[], 0x0, 0x0}, 0x0) connect$inet(r0, &(0x7f00001b8000-0x10)={0x2, 0x0, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f00001e0000-0x20)={0xf004, &(0x7f00000ae000-0x8)=0x0, 0x1, r2, 0x80000002}) [ 29.647334] binder: 3558:3567 ERROR: BC_REGISTER_LOOPER called without request [ 29.652160] QAT: Invalid ioctl 2017/12/21 21:04:33 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000271000)={0x2, 0x78, 0x45, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = mq_open(&(0x7f0000000000)='*GPL[vmnet1@vmnet1{-vmnet@vboxnet0!vboxnet1+M\x00', 0x0, 0x0, &(0x7f0000665000-0x40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = semget$private(0x0, 0x4, 0x535) semctl$SEM_STAT(r1, 0x6, 0x12, &(0x7f0000f89000)=""/1) semget$private(0x0, 0x7, 0x100) mq_getsetattr(r0, &(0x7f00007fe000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f000080a000-0x40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2017/12/21 21:04:33 executing program 5: mmap(&(0x7f0000000000/0xef9000)=nil, 0xef9000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) mmap(&(0x7f0000ef9000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000ef9000)='/dev/rfkill\x00', 0x422402, 0x0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r1, 0x40505330, &(0x7f000028b000-0x50)={{0x6, 0x6}, {0x1f, 0x100}, 0xa5aa, 0x1, 0x100, [0x0, 0x0, 0x0], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r2 = socket$inet(0x2, 0x2, 0x0) r3 = dup3(r0, r2, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000eee000)=0xffd, 0x4) mmap(&(0x7f0000efa000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet_opts(r3, 0x0, 0xd, &(0x7f0000efb000-0xf3)="c7bf1cbc97569367567f6c371f6e1d830bd729f77850e61c345e2f810e61763e0a6187986a12128132132efe1974fc938a9cfab5ffa892b4e7085a081cd4d841beb4a8330e61cf6c2c0947a4f8a849617afef9aab161a056c8ee26822b2a73b12fbd9bf998267e12749803288af9f40c84605ae5dc6521eaee66f71c4c86319e363589c142aa7104923cb85d9424bc5087fa28856ec452af91af3686f1f23c13cb2baec99139966a72b3dd874f55d9e9e0eeb4f816d6b5a378458a9930d863ce12325ce9fd16c05f794a17b984d8459973e26517c77b108561264ab35d708617adeaae13a670ed416e51245a893cec17932383", 0xf3) setsockopt$sock_int(r2, 0x1, 0x1d, &(0x7f0000aa6000-0x4)=0xfffffffffffff0cc, 0x4) sendto$inet(r3, &(0x7f0000833000-0x1)="", 0x0, 0x0, &(0x7f0000eed000)={0x2, 0x0, @empty=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) mmap(&(0x7f0000efa000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) recvfrom$inet6(r3, &(0x7f0000ef8000-0x97)=""/151, 0x97, 0x40002021, 0x0, 0x0) [ 29.730914] capability: warning: `syz-executor7' uses 32-bit capabilities (legacy support in use) 2017/12/21 21:04:33 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000040fe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000017000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, &(0x7f0000f16000-0x4)=0x0) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000bee000-0x8)={0x0, 0x0}, 0x8) epoll_wait(r0, &(0x7f0000817000-0x78)=[{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}], 0xa, 0x0) 2017/12/21 21:04:33 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000f98000)='./file0\x00', 0x80) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000b5c000-0x18)={r0, &(0x7f0000f13000-0xa8)="3ae1b3e2c2f2099207e021505ff0b45a7dd4697f0575f5ae0684e6e4045565d5e831b986fe331ea29db15c724aae8076a37e122fab97494c67c9ee9663c49881aa7dbe9459b97acd0b4fc1cb37cad1f8b9f711e8080830418cf67291e0a3dbcd8bb7e52e581c2950114701e651ecbb5ece47724e5dc3e61085a67b2bdde398e70190a865f13138094ac76d55143e74d517197e982fdbfbc4112410931ce2e2b3a0b9d29b547e6699", &(0x7f00000b5000-0xb4)=""/180}, 0x18) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000a55000)={0x5, 0x1, 0x5, 0x9, 0x0, 0x0, 0x0}, 0x1c) ioctl$KVM_SET_IDENTITY_MAP_ADDR(r0, 0x4008ae48, &(0x7f00000c7000)=0x1) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000f49000-0x1c)={0xd, 0x4, 0x4, 0x100000001, 0x0, r1, 0x0}, 0x1c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00005f1000)={r2, &(0x7f0000eed000)="", &(0x7f0000b88000)="13", 0x0}, 0x20) mmap(&(0x7f0000eef000/0x1000)=nil, 0x1000, 0x3, 0x10, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000001000-0xb)='/dev/hwrng\x00', 0x800, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(r3, 0xc0206434, &(0x7f000078c000)={0x3, 0x0, 0x0, 0xca}) ioctl$DRM_IOCTL_AGP_BIND(r0, 0x40106436, &(0x7f00008b3000)={r4, 0x1000}) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000b3a000-0x10)={r2, &(0x7f0000001000-0x1b)="1b99ad36e9ec34dad931115f01040000c404588488d32de779afa1"}, 0x10) [ 29.776551] binder: 3588:3593 ERROR: BC_REGISTER_LOOPER called without request [ 29.784092] binder: 3593 RLIMIT_NICE not set [ 29.792392] audit: type=1400 audit(1513890273.560:19): avc: denied { name_connect } for pid=3590 comm="syz-executor6" dest=20024 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 2017/12/21 21:04:33 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tun(&(0x7f0000ef5000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f000053b000)=0x8000201) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000f58000)={@generic="431df1f38e6e005a112f648d1c22ce26", @ifru_addrs=@rc={0x1f, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0}}) socketpair$inet6_udp(0xa, 0x2, 0x0, &(0x7f0000f98000)={0x0, 0x0}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r1, &(0x7f0000ba4000-0x1c)={0xa, 0x0, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xaa}, 0x401}, 0x1c) ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000747000)=0x9) 2017/12/21 21:04:33 executing program 6: mmap(&(0x7f0000000000/0xf60000)=nil, 0xf60000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80003, 0xff) mmap(&(0x7f0000f60000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) bind$inet6(r0, &(0x7f0000f61000-0x1c)={0xa, 0x3, 0xfffffffffffff001, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xaa}, 0xfffffffffffff801}, 0x1c) r1 = socket$inet6(0xa, 0x80003, 0xff) setsockopt$inet6_int(r1, 0x29, 0x16, &(0x7f000090f000)=0x0, 0x4) dup3(r0, r1, 0x0) 2017/12/21 21:04:33 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tun(&(0x7f0000ba6000-0xd)='/dev/net/tun\x00', 0x0, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000c94000)={@generic="066edf3bba3190d099a423812c36f57d", @ifru_addrs={0x2, 0x2, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) set_mempolicy(0x3, &(0x7f00000af000-0x4)=0x0, 0x5) r2 = fcntl$dupfd(r0, 0x0, r0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000a5b000-0x28)={@common='gre0\x00', @ifru_names=@generic="0252734fb088526cca26b5239cab12c4"}) [ 29.812823] binder: 3588:3603 got reply transaction with no transaction stack 2017/12/21 21:04:33 executing program 0: ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, &(0x7f00007f0000-0x4)=0x0) getpriority(0x1, r0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = socket(0xa, 0x803, 0x7) sendmmsg$nfc_llcp(r1, &(0x7f0000f44000)=[{&(0x7f000088f000-0x60)={0xa, 0x0, 0x0, 0x0, 0x0, 0x0, "0fcca4bb22f2892559edddba1a892f216c6adb6dac3291add84e7dd1b9b1e1043844071c007846f83c7baa707bef6850ccdb39c111743913f1b760121acf03", 0x0}, 0x60, &(0x7f000055a000)=[{&(0x7f0000874000-0xd0)="cddf244efe0acd6c9fe17cd1471e0f48baf0a46edb39a5ce4dd79915c9400fe2b6f47247d4ee7b249d56fb15ca94ecc49cc1fbb7778e7a905cf2a6ec85771f54106bd5a7a57ef1b204391db996e243d7966a585e1bf78acf3ebf040513909784fe37a985470e4b30eae4e7ed86b96c83d04eb924a4a6efa1c4e5698f7cb6add7bd5a149c297e86f6bb3e6d8efbba9a73c65913bbfb3fb128fafa3a3a3e15be0b807d382724c8eb409775cdc76c989107a1e69faf084fc07e238e6987b8d9bb85fe52457a1c3649e4b23093d621a8748c", 0xd0}, {&(0x7f0000d0b000-0xc4)="9e216a464f6f62bd83d208c7c23d076a2f30077033cd2d664ea0b72046450cd08b785670cb3b3b57fbbabb83884635b2c85e64943c5db80b838c0942883974998511fe586496f3712003ba6e5624d29ca853bc99c14f453f67f0eff48d05f756cce1064f32dc14b5fc70033b0717e7fe93f38486951e98cdeb737d85c53fa82c7a28fd4cfb4b0ead0c9c5506b48c11fbcbb5983020207626c47ba44e7bd542bee7518083b903791624c72e277ac081a3b3a5e44a99784e6caba54f92ec4353bdbb24c340", 0xc4}, {&(0x7f00004a6000)="e1219b52800c4f36f6464de429f471573e9b384a169a8e80b80f311c6f94d0398ad1aaf2511c7f21fdc0687694e797aef0b7216e4a3b004d6113f7bd552a5f826bc929014be010a2c57b4a103ca8b470d93bea65549700d4ea42ba5c6dc69d5c8c88628ca2b3cd5721c909175bcbdf96c02796effc2b88d862e632a2f0dd8139df629f7eab72b7dc4cd9fe29942138e98d3ad4177a7bcc50420d2894ff3b7e97343ea544d9a79efa6e8a019ded0fc5382f4c2473283bb68c8682cf0729a64cd667ac797942905ed83c2894984962b428af168e8dd0791d3e2ad79c94fd856ed80115743facb603", 0xe7}], 0x3, &(0x7f000024d000)={0x10, 0x100000000000029, 0xb, ""}, 0x10, 0x0}], 0x1, 0x0) [ 29.812832] binder: 3588:3603 transaction failed 29201/-71, size 0-8 line 2760 [ 29.861469] binder: 3588:3603 ERROR: BC_REGISTER_LOOPER called without request [ 29.861479] binder: 3603 RLIMIT_NICE not set 2017/12/21 21:04:33 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001000-0x9)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f000081b000-0x10)={0x0, 0x0, 0x0}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = dup3(r0, r0, 0x80000) pipe(&(0x7f0000c39000-0x8)={0x0, 0x0}) ioctl$FUSE_DEV_IOC_CLONE(r2, 0x8004e500, &(0x7f000034c000-0x4)=r3) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0x0, 0x13ffd, 0x0}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00007e9000)={0x10003, 0x2, 0x0, 0x2000, &(0x7f00006f7000/0x2000)=nil}) ioctl$KVM_SMI(r4, 0xaeb7) ioctl$KVM_RUN(r4, 0xae80, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r5 = socket(0x1e, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xf72, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x0, 0x8001, 0x200, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt(r5, 0x10f, 0x84, &(0x7f0000b2f000)=""/0, &(0x7f0000ee6000)=0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000864000/0x18000)=nil, &(0x7f000082d000)=[@text64={0x40, &(0x7f0000423000-0x45)="c482ddbcbcbc0000000064430f01c80fc7ac7500400000644d0f236a674c0fc71a0f06c4c39141946281510000f3c482a9aaa6873c562a410f005a6f362e0f009b00000000", 0x45}], 0x1, 0x3, &(0x7f0000241000-0x20)=[@cstype0={0x4, 0x2}, @dstype3={0x7, 0x9}], 0x2) [ 29.882299] binder: 3588:3627 got reply transaction with no transaction stack [ 29.882311] binder: 3588:3627 transaction failed 29201/-71, size 0-8 line 2760 [ 30.031193] ================================================================== [ 30.039692] BUG: KASAN: use-after-free in __schedule+0xda3/0x2060 [ 30.045891] Read of size 8 at addr ffff8801bf0b80d8 by task syz-executor6/3646 [ 30.053215] [ 30.054813] CPU: 0 PID: 3646 Comm: syz-executor6 Not tainted 4.15.0-rc4-mm1+ #47 [ 30.062311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.071631] Call Trace: [ 30.074185] dump_stack+0x194/0x257 [ 30.077780] ? arch_local_irq_restore+0x53/0x53 [ 30.082426] ? show_regs_print_info+0x18/0x18 [ 30.086901] ? __schedule+0xda3/0x2060 [ 30.090758] print_address_description+0x73/0x250 [ 30.095575] ? __schedule+0xda3/0x2060 [ 30.099431] kasan_report+0x23b/0x360 [ 30.103204] __asan_report_load8_noabort+0x14/0x20 [ 30.108101] __schedule+0xda3/0x2060 [ 30.111788] ? __sched_text_start+0x8/0x8 [ 30.115906] ? trace_hardirqs_on+0xd/0x10 [ 30.120022] ? __call_srcu+0x7ee/0x1020 [ 30.123968] ? do_raw_spin_trylock+0x190/0x190 [ 30.128515] ? do_raw_spin_trylock+0x190/0x190 [ 30.133077] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 30.138930] ? __debug_object_init+0x235/0x1040 [ 30.143576] preempt_schedule_common+0x22/0x60 [ 30.148127] _cond_resched+0x1d/0x30 [ 30.151815] wait_for_completion+0xa5/0x770 [ 30.156112] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 30.161097] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 30.166864] ? __lockdep_init_map+0xe4/0x650 [ 30.171246] ? __init_waitqueue_head+0x97/0x140 [ 30.175884] ? init_wait_entry+0x1b0/0x1b0 [ 30.180095] __synchronize_srcu+0x1ad/0x260 [ 30.184384] ? call_srcu+0x10/0x10 [ 30.187895] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 30.193407] ? irq_matrix_allocated+0x80/0x80 [ 30.197870] ? synchronize_srcu+0x3c5/0x570 [ 30.202163] synchronize_srcu+0x1a3/0x570 [ 30.206277] ? synchronize_srcu+0x1a3/0x570 [ 30.210564] ? lock_downgrade+0x980/0x980 [ 30.214681] ? synchronize_srcu_expedited+0x20/0x20 [ 30.219668] ? lock_release+0xa40/0xa40 [ 30.223613] ? free_obj_work+0x690/0x690 [ 30.227646] ? do_raw_spin_trylock+0x190/0x190 [ 30.232205] kvm_page_track_unregister_notifier+0x186/0x270 [ 30.237886] ? trace_hardirqs_off+0xd/0x10 [ 30.242091] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 30.247772] ? kvfree+0x36/0x60 [ 30.251020] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 30.256017] ? trace_hardirqs_on+0xd/0x10 [ 30.260154] kvm_mmu_uninit_vm+0x1c/0x20 [ 30.264194] kvm_arch_destroy_vm+0x73b/0x980 [ 30.268574] ? kvm_arch_sync_events+0x30/0x30 [ 30.273038] ? mmdrop+0x18/0x30 [ 30.276288] ? mmu_notifier_unregister+0x43c/0x5c0 [ 30.281190] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 30.287132] ? __free_pages+0x107/0x150 [ 30.291076] ? free_unref_page+0x9e0/0x9e0 [ 30.295281] ? quarantine_put+0xeb/0x190 [ 30.299311] ? kfree+0xf0/0x260 [ 30.302560] ? kvm_put_kvm+0x614/0xde0 [ 30.306505] ? free_pages+0x51/0x90 [ 30.310101] kvm_put_kvm+0x695/0xde0 [ 30.313789] ? kvm_clear_guest+0xb0/0xb0 [ 30.317824] ? kvm_irqfd_release+0xd1/0x120 [ 30.322116] ? lock_downgrade+0x980/0x980 [ 30.326247] ? _raw_spin_unlock_irq+0x27/0x70 [ 30.330716] ? kvm_irqfd_release+0xdd/0x120 [ 30.335006] ? kvm_irqfd_release+0xdd/0x120 [ 30.339296] ? kvm_put_kvm+0xde0/0xde0 [ 30.343152] kvm_vm_release+0x42/0x50 [ 30.346920] __fput+0x327/0x7e0 [ 30.350171] ? fput+0x140/0x140 [ 30.353421] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 30.359271] ? _raw_spin_unlock_irq+0x27/0x70 [ 30.363739] ____fput+0x15/0x20 [ 30.366987] task_work_run+0x199/0x270 [ 30.370846] ? task_work_cancel+0x210/0x210 [ 30.375139] ? _raw_spin_unlock+0x22/0x30 [ 30.379254] ? switch_task_namespaces+0x87/0xc0 [ 30.383896] do_exit+0x9bb/0x1ad0 [ 30.387319] ? check_noncircular+0x20/0x20 [ 30.391526] ? mm_update_next_owner+0x930/0x930 [ 30.396177] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 30.401337] ? __might_sleep+0x95/0x190 [ 30.405284] ? find_held_lock+0x35/0x1d0 [ 30.409319] ? futex_wait+0x402/0x9a0 [ 30.413090] ? lock_downgrade+0x980/0x980 [ 30.417208] ? __unqueue_futex+0x1c0/0x290 [ 30.421409] ? lock_release+0xa40/0xa40 [ 30.425351] ? fault_in_user_writeable+0x90/0x90 [ 30.430074] ? do_raw_spin_trylock+0x190/0x190 [ 30.434626] ? check_noncircular+0x20/0x20 [ 30.438831] ? drop_futex_key_refs.isra.12+0x63/0xa0 [ 30.443904] ? futex_wait+0x6a9/0x9a0 [ 30.447684] ? find_held_lock+0x35/0x1d0 [ 30.451719] ? get_signal+0x7ae/0x16c0 [ 30.455574] ? lock_downgrade+0x980/0x980 [ 30.459703] do_group_exit+0x149/0x400 [ 30.463559] ? do_raw_spin_trylock+0x190/0x190 [ 30.468110] ? SyS_exit+0x30/0x30 [ 30.471530] ? _raw_spin_unlock_irq+0x27/0x70 [ 30.475996] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 30.480983] get_signal+0x73f/0x16c0 [ 30.484670] ? ptrace_notify+0x130/0x130 [ 30.488703] ? kvm_vcpu_fault+0x520/0x520 [ 30.492821] ? exit_robust_list+0x240/0x240 [ 30.497110] ? find_held_lock+0x35/0x1d0 [ 30.501144] ? __fget+0x333/0x570 [ 30.504569] ? lock_downgrade+0x980/0x980 [ 30.508703] do_signal+0x94/0x1ee0 [ 30.512216] ? __lock_is_held+0xb6/0x140 [ 30.516249] ? setup_sigcontext+0x7d0/0x7d0 [ 30.520540] ? __fget+0x35c/0x570 [ 30.523966] ? iterate_fd+0x3f0/0x3f0 [ 30.527737] ? _raw_spin_unlock_irq+0x27/0x70 [ 30.532201] ? task_work_run+0x1f4/0x270 [ 30.536234] ? task_work_cancel+0x210/0x210 [ 30.540527] ? exit_to_usermode_loop+0x8c/0x2f0 [ 30.545167] exit_to_usermode_loop+0x258/0x2f0 [ 30.549719] ? ioctl_preallocate+0x2b0/0x2b0 [ 30.554096] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 30.559601] ? selinux_capable+0x40/0x40 [ 30.563637] syscall_return_slowpath+0x490/0x550 [ 30.568360] ? prepare_exit_to_usermode+0x340/0x340 [ 30.573344] ? entry_SYSCALL_64_fastpath+0x69/0x96 [ 30.578242] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 30.583226] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 30.587955] entry_SYSCALL_64_fastpath+0x94/0x96 [ 30.592686] RIP: 0033:0x452a09 [ 30.595842] RSP: 002b:00007f89f3ccece8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 30.603518] RAX: fffffffffffffe00 RBX: 000000000071bf80 RCX: 0000000000452a09 [ 30.610755] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000071bf80 [ 30.617994] RBP: 000000000071bf80 R08: 000000000000059d R09: 000000000071bf58 [ 30.625232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 30.632483] R13: 0000000000a2f7ff R14: 00007f89f3ccf9c0 R15: 0000000000000002 [ 30.639738] [ 30.641343] Allocated by task 3646: [ 30.644961] save_stack+0x43/0xd0 [ 30.648394] kasan_kmalloc+0xad/0xe0 [ 30.652080] kasan_slab_alloc+0x12/0x20 [ 30.656035] kmem_cache_alloc+0x12e/0x760 [ 30.660166] vmx_create_vcpu+0xc4/0x2f20 [ 30.664217] kvm_arch_vcpu_create+0x12c/0x1a0 [ 30.668699] kvm_vm_ioctl+0x48b/0x1c60 [ 30.672596] do_vfs_ioctl+0x1b1/0x1520 [ 30.676454] SyS_ioctl+0x8f/0xc0 [ 30.679795] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 30.684523] [ 30.686117] Freed by task 3646: [ 30.689364] save_stack+0x43/0xd0 [ 30.692786] kasan_slab_free+0x71/0xc0 [ 30.696640] kmem_cache_free+0x83/0x2a0 [ 30.700589] vmx_free_vcpu+0x1ee/0x260 [ 30.704444] kvm_arch_destroy_vm+0x4a2/0x980 [ 30.708821] kvm_put_kvm+0x695/0xde0 [ 30.712587] kvm_vm_release+0x42/0x50 [ 30.716355] __fput+0x327/0x7e0 [ 30.719601] ____fput+0x15/0x20 [ 30.722850] task_work_run+0x199/0x270 [ 30.727055] do_exit+0x9bb/0x1ad0 [ 30.730476] do_group_exit+0x149/0x400 [ 30.734331] get_signal+0x73f/0x16c0 [ 30.738011] do_signal+0x94/0x1ee0 [ 30.741518] exit_to_usermode_loop+0x258/0x2f0 [ 30.746066] syscall_return_slowpath+0x490/0x550 [ 30.750789] entry_SYSCALL_64_fastpath+0x94/0x96 [ 30.755508] [ 30.757105] The buggy address belongs to the object at ffff8801bf0b80c0 [ 30.757105] which belongs to the cache kvm_vcpu of size 23872 [ 30.769639] The buggy address is located 24 bytes inside of [ 30.769639] 23872-byte region [ffff8801bf0b80c0, ffff8801bf0bde00) [ 30.781566] The buggy address belongs to the page: [ 30.786874] page:ffffea0006fc2e00 count:1 mapcount:0 mapping:ffff8801bf0b80c0 index:0x0 compound_mapcount: 0 [ 30.796810] flags: 0x2fffc0000008100(slab|head) [ 30.801449] raw: 02fffc0000008100 ffff8801bf0b80c0 0000000000000000 0000000100000001 [ 30.809299] raw: ffffea0006fd4620 ffff8801d6426648 ffff8801d6425540 0000000000000000 [ 30.817143] page dumped because: kasan: bad access detected [ 30.822819] [ 30.824412] Memory state around the buggy address: [ 30.829318] ffff8801bf0b7f80: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 30.836643] ffff8801bf0b8000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.843973] >ffff8801bf0b8080: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 30.851296] ^ [ 30.857492] ffff8801bf0b8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.864819] ffff8801bf0b8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.872142] ================================================================== [ 30.879467] Kernel panic - not syncing: panic_on_warn set ... [ 30.879467] [ 30.886797] CPU: 0 PID: 3646 Comm: syz-executor6 Tainted: G B 4.15.0-rc4-mm1+ #47 [ 30.895598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.904924] Call Trace: [ 30.907485] dump_stack+0x194/0x257 [ 30.911083] ? arch_local_irq_restore+0x53/0x53 [ 30.915719] ? kasan_end_report+0x32/0x50 [ 30.919836] ? lock_downgrade+0x980/0x980 [ 30.923952] ? vsnprintf+0x1ed/0x1900 [ 30.927723] ? __schedule+0xcf0/0x2060 [ 30.931581] panic+0x1e4/0x41c [ 30.934742] ? refcount_error_report+0x214/0x214 [ 30.939472] ? print_shadow_for_address+0xdc/0x1a0 [ 30.944368] ? add_taint+0x1c/0x50 [ 30.947880] ? __schedule+0xda3/0x2060 [ 30.951735] kasan_end_report+0x50/0x50 [ 30.955679] kasan_report+0x148/0x360 [ 30.959452] __asan_report_load8_noabort+0x14/0x20 [ 30.964349] __schedule+0xda3/0x2060 [ 30.968038] ? __sched_text_start+0x8/0x8 [ 30.972156] ? trace_hardirqs_on+0xd/0x10 [ 30.976275] ? __call_srcu+0x7ee/0x1020 [ 30.980220] ? do_raw_spin_trylock+0x190/0x190 [ 30.984769] ? do_raw_spin_trylock+0x190/0x190 [ 30.989327] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 30.995180] ? __debug_object_init+0x235/0x1040 [ 30.999825] preempt_schedule_common+0x22/0x60 [ 31.004374] _cond_resched+0x1d/0x30 [ 31.008055] wait_for_completion+0xa5/0x770 [ 31.012345] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 31.017331] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 31.023099] ? __lockdep_init_map+0xe4/0x650 [ 31.027481] ? __init_waitqueue_head+0x97/0x140 [ 31.032124] ? init_wait_entry+0x1b0/0x1b0 [ 31.036335] __synchronize_srcu+0x1ad/0x260 [ 31.040625] ? call_srcu+0x10/0x10 [ 31.044137] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 31.049654] ? irq_matrix_allocated+0x80/0x80 [ 31.054134] ? synchronize_srcu+0x3c5/0x570 [ 31.058427] synchronize_srcu+0x1a3/0x570 [ 31.062542] ? synchronize_srcu+0x1a3/0x570 [ 31.066832] ? lock_downgrade+0x980/0x980 [ 31.070948] ? synchronize_srcu_expedited+0x20/0x20 [ 31.075933] ? lock_release+0xa40/0xa40 [ 31.079877] ? free_obj_work+0x690/0x690 [ 31.083907] ? do_raw_spin_trylock+0x190/0x190 [ 31.088466] kvm_page_track_unregister_notifier+0x186/0x270 [ 31.094143] ? trace_hardirqs_off+0xd/0x10 [ 31.098346] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 31.103767] ? kvfree+0x36/0x60 [ 31.107015] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 31.112000] ? trace_hardirqs_on+0xd/0x10 [ 31.116120] kvm_mmu_uninit_vm+0x1c/0x20 [ 31.120151] kvm_arch_destroy_vm+0x73b/0x980 [ 31.124532] ? kvm_arch_sync_events+0x30/0x30 [ 31.128995] ? mmdrop+0x18/0x30 [ 31.132244] ? mmu_notifier_unregister+0x43c/0x5c0 [ 31.137145] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 31.143085] ? __free_pages+0x107/0x150 [ 31.147029] ? free_unref_page+0x9e0/0x9e0 [ 31.151232] ? quarantine_put+0xeb/0x190 [ 31.155260] ? kfree+0xf0/0x260 [ 31.158507] ? kvm_put_kvm+0x614/0xde0 [ 31.162364] ? free_pages+0x51/0x90 [ 31.165962] kvm_put_kvm+0x695/0xde0 [ 31.169651] ? kvm_clear_guest+0xb0/0xb0 [ 31.173685] ? kvm_irqfd_release+0xd1/0x120 [ 31.177976] ? lock_downgrade+0x980/0x980 [ 31.182102] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.186569] ? kvm_irqfd_release+0xdd/0x120 [ 31.190858] ? kvm_irqfd_release+0xdd/0x120 [ 31.195151] ? kvm_put_kvm+0xde0/0xde0 [ 31.199008] kvm_vm_release+0x42/0x50 [ 31.202775] __fput+0x327/0x7e0 [ 31.206028] ? fput+0x140/0x140 [ 31.209291] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 31.215140] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.219618] ____fput+0x15/0x20 [ 31.222871] task_work_run+0x199/0x270 [ 31.226735] ? task_work_cancel+0x210/0x210 [ 31.231024] ? _raw_spin_unlock+0x22/0x30 [ 31.235140] ? switch_task_namespaces+0x87/0xc0 [ 31.239782] do_exit+0x9bb/0x1ad0 [ 31.243202] ? check_noncircular+0x20/0x20 [ 31.247413] ? mm_update_next_owner+0x930/0x930 [ 31.252053] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 31.257213] ? __might_sleep+0x95/0x190 [ 31.261161] ? find_held_lock+0x35/0x1d0 [ 31.265197] ? futex_wait+0x402/0x9a0 [ 31.268966] ? lock_downgrade+0x980/0x980 [ 31.273082] ? __unqueue_futex+0x1c0/0x290 [ 31.277283] ? lock_release+0xa40/0xa40 [ 31.281224] ? fault_in_user_writeable+0x90/0x90 [ 31.285951] ? do_raw_spin_trylock+0x190/0x190 [ 31.290501] ? check_noncircular+0x20/0x20 [ 31.294718] ? drop_futex_key_refs.isra.12+0x63/0xa0 [ 31.299790] ? futex_wait+0x6a9/0x9a0 [ 31.303568] ? find_held_lock+0x35/0x1d0 [ 31.307606] ? get_signal+0x7ae/0x16c0 [ 31.311464] ? lock_downgrade+0x980/0x980 [ 31.315589] do_group_exit+0x149/0x400 [ 31.319447] ? do_raw_spin_trylock+0x190/0x190 [ 31.324000] ? SyS_exit+0x30/0x30 [ 31.327422] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.331887] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 31.336876] get_signal+0x73f/0x16c0 [ 31.340571] ? ptrace_notify+0x130/0x130 [ 31.344607] ? kvm_vcpu_fault+0x520/0x520 [ 31.348735] ? exit_robust_list+0x240/0x240 [ 31.353026] ? find_held_lock+0x35/0x1d0 [ 31.357061] ? __fget+0x333/0x570 [ 31.360482] ? lock_downgrade+0x980/0x980 [ 31.364603] do_signal+0x94/0x1ee0 [ 31.368121] ? __lock_is_held+0xb6/0x140 [ 31.372155] ? setup_sigcontext+0x7d0/0x7d0 [ 31.376450] ? __fget+0x35c/0x570 [ 31.379877] ? iterate_fd+0x3f0/0x3f0 [ 31.383645] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.388109] ? task_work_run+0x1f4/0x270 [ 31.392141] ? task_work_cancel+0x210/0x210 [ 31.396432] ? exit_to_usermode_loop+0x8c/0x2f0 [ 31.401074] exit_to_usermode_loop+0x258/0x2f0 [ 31.405624] ? ioctl_preallocate+0x2b0/0x2b0 [ 31.410004] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 31.415511] ? selinux_capable+0x40/0x40 [ 31.419552] syscall_return_slowpath+0x490/0x550 [ 31.424276] ? prepare_exit_to_usermode+0x340/0x340 [ 31.429261] ? entry_SYSCALL_64_fastpath+0x69/0x96 [ 31.434170] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 31.439156] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 31.443886] entry_SYSCALL_64_fastpath+0x94/0x96 [ 31.448614] RIP: 0033:0x452a09 [ 31.451781] RSP: 002b:00007f89f3ccece8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 31.459458] RAX: fffffffffffffe00 RBX: 000000000071bf80 RCX: 0000000000452a09 [ 31.466699] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000071bf80 [ 31.473937] RBP: 000000000071bf80 R08: 000000000000059d R09: 000000000071bf58 [ 31.481174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 31.488414] R13: 0000000000a2f7ff R14: 00007f89f3ccf9c0 R15: 0000000000000002 [ 31.495679] [ 31.495682] ====================================================== [ 31.495684] WARNING: possible circular locking dependency detected [ 31.495686] 4.15.0-rc4-mm1+ #47 Not tainted [ 31.495688] ------------------------------------------------------ [ 31.495690] syz-executor6/3646 is trying to acquire lock: [ 31.495692] ((console_sem).lock){..-.}, at: [<000000004b3f0721>] down_trylock+0x13/0x70 [ 31.495697] [ 31.495699] but task is already holding lock: [ 31.495700] (report_lock){....}, at: [<00000000c3593a24>] kasan_report+0x6b/0x360 [ 31.495705] [ 31.495707] which lock already depends on the new lock. [ 31.495708] [ 31.495709] [ 31.495711] the existing dependency chain (in reverse order) is: [ 31.495712] [ 31.495713] -> #3 (report_lock){....}: [ 31.495718] _raw_spin_lock_irqsave+0x96/0xc0 [ 31.495720] kasan_report+0x6b/0x360 [ 31.495722] __asan_report_load8_noabort+0x14/0x20 [ 31.495724] __schedule+0xda3/0x2060 [ 31.495725] preempt_schedule_common+0x22/0x60 [ 31.495727] _cond_resched+0x1d/0x30 [ 31.495729] wait_for_completion+0xa5/0x770 [ 31.495731] __synchronize_srcu+0x1ad/0x260 [ 31.495732] synchronize_srcu+0x1a3/0x570 [ 31.495734] kvm_page_track_unregister_notifier+0x186/0x270 [ 31.495736] kvm_mmu_uninit_vm+0x1c/0x20 [ 31.495738] kvm_arch_destroy_vm+0x73b/0x980 [ 31.495739] kvm_put_kvm+0x695/0xde0 [ 31.495741] kvm_vm_release+0x42/0x50 [ 31.495743] __fput+0x327/0x7e0 [ 31.495744] ____fput+0x15/0x20 [ 31.495746] task_work_run+0x199/0x270 [ 31.495747] do_exit+0x9bb/0x1ad0 [ 31.495749] do_group_exit+0x149/0x400 [ 31.495751] get_signal+0x73f/0x16c0 [ 31.495752] do_signal+0x94/0x1ee0 [ 31.495754] exit_to_usermode_loop+0x258/0x2f0 [ 31.495756] syscall_return_slowpath+0x490/0x550 [ 31.495758] entry_SYSCALL_64_fastpath+0x94/0x96 [ 31.495759] [ 31.495759] -> #2 (&rq->lock){-.-.}: [ 31.495765] _raw_spin_lock+0x2a/0x40 [ 31.495766] task_fork_fair+0x7a/0x690 [ 31.495768] sched_fork+0x435/0xc00 [ 31.495770] copy_process.part.37+0x1758/0x4b60 [ 31.495771] _do_fork+0x1f7/0xf70 [ 31.495773] kernel_thread+0x34/0x40 [ 31.495775] rest_init+0x22/0xf0 [ 31.495776] start_kernel+0x7f1/0x819 [ 31.495778] x86_64_start_reservations+0x2a/0x2c [ 31.495780] x86_64_start_kernel+0x77/0x7a [ 31.495782] secondary_startup_64+0xa5/0xb0 [ 31.495782] [ 31.495783] -> #1 (&p->pi_lock){-.-.}: [ 31.495789] _raw_spin_lock_irqsave+0x96/0xc0 [ 31.495791] try_to_wake_up+0xbc/0x1600 [ 31.495792] wake_up_process+0x10/0x20 [ 31.495794] __up.isra.0+0x1cc/0x2c0 [ 31.495795] up+0x13b/0x1d0 [ 31.495797] __up_console_sem+0xb2/0x1a0 [ 31.495799] console_unlock+0x538/0xd70 [ 31.495801] do_con_write+0x106e/0x1f70 [ 31.495802] con_write+0x25/0xb0 [ 31.495804] n_tty_write+0x5ef/0xec0 [ 31.495805] tty_write+0x3fa/0x840 [ 31.495807] __vfs_write+0xef/0x970 [ 31.495808] vfs_write+0x189/0x510 [ 31.495810] SyS_write+0xef/0x220 [ 31.495812] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 31.495813] [ 31.495814] -> #0 ((console_sem).lock){..-.}: [ 31.495819] lock_acquire+0x1d5/0x580 [ 31.495821] _raw_spin_lock_irqsave+0x96/0xc0 [ 31.495823] down_trylock+0x13/0x70 [ 31.495825] __down_trylock_console_sem+0xa2/0x1e0 [ 31.495827] console_trylock+0x15/0x100 [ 31.495828] vprintk_emit+0x49b/0x590 [ 31.495830] vprintk_default+0x28/0x30 [ 31.495831] vprintk_func+0x57/0xc0 [ 31.495833] printk+0xaa/0xca [ 31.495834] kasan_report+0x7b/0x360 [ 31.495836] __asan_report_load8_noabort+0x14/0x20 [ 31.495838] __schedule+0xda3/0x2060 [ 31.495840] preempt_schedule_common+0x22/0x60 [ 31.495842] _cond_resched+0x1d/0x30 [ 31.495843] wait_for_completion+0xa5/0x770 [ 31.495845] __synchronize_srcu+0x1ad/0x260 [ 31.495847] synchronize_srcu+0x1a3/0x570 [ 31.495849] kvm_page_track_unregister_notifier+0x186/0x270 [ 31.495851] kvm_mmu_uninit_vm+0x1c/0x20 [ 31.495853] kvm_arch_destroy_vm+0x73b/0x980 [ 31.495854] kvm_put_kvm+0x695/0xde0 [ 31.495856] kvm_vm_release+0x42/0x50 [ 31.495857] __fput+0x327/0x7e0 [ 31.495859] ____fput+0x15/0x20 [ 31.495860] task_work_run+0x199/0x270 [ 31.495862] do_exit+0x9bb/0x1ad0 [ 31.495864] do_group_exit+0x149/0x400 [ 31.495865] get_signal+0x73f/0x16c0 [ 31.495867] do_signal+0x94/0x1ee0 [ 31.495868] exit_to_usermode_loop+0x258/0x2f0 [ 31.495870] syscall_return_slowpath+0x490/0x550 [ 31.495872] entry_SYSCALL_64_fastpath+0x94/0x96 [ 31.495873] [ 31.495875] other info that might help us debug this: [ 31.495876] [ 31.495877] Chain exists of: [ 31.495878] (console_sem).lock --> &rq->lock --> report_lock [ 31.495885] [ 31.495886] Possible unsafe locking scenario: [ 31.495887] [ 31.495889] CPU0 CPU1 [ 31.495891] ---- ---- [ 31.495891] lock(report_lock); [ 31.495895] lock(&rq->lock); [ 31.495899] lock(report_lock); [ 31.495902] lock((console_sem).lock); [ 31.495905] [ 31.495906] *** DEADLOCK *** [ 31.495907] [ 31.495909] 2 locks held by syz-executor6/3646: [ 31.495910] #0: (&rq->lock){-.-.}, at: [<0000000028e1a9de>] __schedule+0x24e/0x2060 [ 31.495915] #1: (report_lock){....}, at: [<00000000c3593a24>] kasan_report+0x6b/0x360 [ 31.495921] [ 31.495922] stack backtrace: [ 31.495925] CPU: 0 PID: 3646 Comm: syz-executor6 Not tainted 4.15.0-rc4-mm1+ #47 [ 31.495928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.495929] Call Trace: [ 31.495931] dump_stack+0x194/0x257 [ 31.495933] ? arch_local_irq_restore+0x53/0x53 [ 31.495934] print_circular_bug.isra.37+0x2cd/0x2dc [ 31.495936] ? save_trace+0xe0/0x2b0 [ 31.495938] __lock_acquire+0x30a8/0x3e00 [ 31.495940] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 31.495942] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 31.495944] ? print_lockdep_cache.isra.31+0x109/0x109 [ 31.495945] ? save_stack_trace+0x1a/0x20 [ 31.495947] ? save_trace+0xe0/0x2b0 [ 31.495949] ? __lock_acquire+0x36c0/0x3e00 [ 31.495951] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 31.495952] ? __lock_is_held+0xb6/0x140 [ 31.495954] ? __lock_is_held+0xb6/0x140 [ 31.495955] lock_acquire+0x1d5/0x580 [ 31.495957] ? lock_acquire+0x1d5/0x580 [ 31.495959] ? down_trylock+0x13/0x70 [ 31.495960] ? find_held_lock+0x35/0x1d0 [ 31.495962] ? lock_release+0xa40/0xa40 [ 31.495964] ? vprintk_emit+0x379/0x590 [ 31.495965] ? lock_downgrade+0x980/0x980 [ 31.495967] ? kvm_sched_clock_read+0x25/0x40 [ 31.495969] ? sched_clock+0x31/0x40 [ 31.495970] ? sched_clock_cpu+0x1b/0x170 [ 31.495972] ? vprintk_emit+0x49b/0x590 [ 31.495974] _raw_spin_lock_irqsave+0x96/0xc0 [ 31.495975] ? down_trylock+0x13/0x70 [ 31.495977] down_trylock+0x13/0x70 [ 31.495978] ? vprintk_emit+0x49b/0x590 [ 31.495980] __down_trylock_console_sem+0xa2/0x1e0 [ 31.495982] console_trylock+0x15/0x100 [ 31.495983] vprintk_emit+0x49b/0x590 [ 31.495985] vprintk_default+0x28/0x30 [ 31.495986] vprintk_func+0x57/0xc0 [ 31.495988] printk+0xaa/0xca [ 31.495989] ? show_regs_print_info+0x18/0x18 [ 31.495991] ? __schedule+0xda3/0x2060 [ 31.495992] kasan_report+0x7b/0x360 [ 31.495994] __asan_report_load8_noabort+0x14/0x20 [ 31.495996] __schedule+0xda3/0x2060 [ 31.495997] ? __sched_text_start+0x8/0x8 [ 31.495999] ? trace_hardirqs_on+0xd/0x10 [ 31.496001] ? __call_srcu+0x7ee/0x1020 [ 31.496002] ? do_raw_spin_trylock+0x190/0x190 [ 31.496004] ? do_raw_spin_trylock+0x190/0x190 [ 31.496006] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 31.496008] ? __debug_object_init+0x235/0x1040 [ 31.496010] preempt_schedule_common+0x22/0x60 [ 31.496011] _cond_resched+0x1d/0x30 [ 31.496013] wait_for_completion+0xa5/0x770 [ 31.496015] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 31.496017] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 31.496019] ? __lockdep_init_map+0xe4/0x650 [ 31.496020] ? __init_waitqueue_head+0x97/0x140 [ 31.496022] ? init_wait_entry+0x1b0/0x1b0 [ 31.496024] __synchronize_srcu+0x1ad/0x260 [ 31.496025] ? call_srcu+0x10/0x10 [ 31.496027] ? trace_raw_output_rcu_utilization+0xb0/0xb0 [ 31.496029] ? irq_matrix_allocated+0x80/0x80 [ 31.496031] ? synchronize_srcu+0x3c5/0x570 [ 31.496033] synchronize_srcu+0x1a3/0x570 [ 31.496034] ? synchronize_srcu+0x1a3/0x570 [ 31.496036] ? lock_downgrade+0x980/0x980 [ 31.496038] ? synchronize_srcu_expedited+0x20/0x20 [ 31.496039] ? lock_release+0xa40/0xa40 [ 31.496041] ? free_obj_work+0x690/0x690 [ 31.496043] ? do_raw_spin_trylock+0x190/0x190 [ 31.496045] kvm_page_track_unregister_notifier+0x186/0x270 [ 31.496047] ? trace_hardirqs_off+0xd/0x10 [ 31.496049] ? kvm_slot_page_track_remove_page+0x60/0x60 [ 31.496050] ? kvfree+0x36/0x60 [ 31.496052] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 31.496054] ? trace_hardirqs_on+0xd/0x10 [ 31.496056] kvm_mmu_uninit_vm+0x1c/0x20 [ 31.496057] kvm_arch_destroy_vm+0x73b/0x980 [ 31.496059] ? kvm_arch_sync_events+0x30/0x30 [ 31.496060] ? mmdrop+0x18/0x30 [ 31.496062] ? mmu_notifier_unregister+0x43c/0x5c0 [ 31.496064] ? __mmu_notifier_invalidate_range_end+0x360/0x360 [ 31.496066] ? __free_pages+0x107/0x150 [ 31.496068] ? free_unref_page+0x9e0/0x9e0 [ 31.496069] ? quarantine_put+0xeb/0x190 [ 31.496071] ? kfree+0xf0/0x260 [ 31.496072] ? kvm_put_kvm+0x614/0xde0 [ 31.496074] ? free_pages+0x51/0x90 [ 31.496075] kvm_put_kvm+0x695/0xde0 [ 31.496077] ? kvm_clear_guest+0xb0/0xb0 [ 31.496079] ? kvm_irqfd_release+0xd1/0x120 [ 31.496080] ? lock_downgrade+0x980/0x980 [ 31.496082] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.496084] ? kvm_irqfd_release+0xdd/0x120 [ 31.496085] ? kvm_irqfd_release+0xdd/0x120 [ 31.496087] ? kvm_put_kvm+0xde0/0xde0 [ 31.496088] kvm_vm_release+0x42/0x50 [ 31.496090] __fput+0x327/0x7e0 [ 31.496091] ? fput+0x140/0x140 [ 31.496093] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 31.496095] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.496097] ____fput+0x15/0x20 [ 31.496099] task_work_run+0x199/0x270 [ 31.496101] ? task_work_cancel+0x210/0x210 [ 31.496102] ? _raw_spin_unlock+0x22/0x30 [ 31.496104] ? switch_task_namespaces+0x87/0xc0 [ 31.496106] do_exit+0x9bb/0x1ad0 [ 31.496107] ? check_noncircular+0x20/0x20 [ 31.496109] ? mm_update_next_owner+0x930/0x930 [ 31.496111] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 31.496113] ? __might_sleep+0x95/0x190 [ 31.496114] ? find_held_lock+0x35/0x1d0 [ 31.496116] ? futex_wait+0x402/0x9a0 [ 31.496117] ? lock_downgrade+0x980/0x980 [ 31.496119] ? __unqueue_futex+0x1c0/0x290 [ 31.496121] ? lock_release+0xa40/0xa40 [ 31.496123] ? fault_in_user_writeable+0x90/0x90 [ 31.496124] ? do_raw [ 31.496127] Lost 45 message(s)! [ 32.577310] Shutting down cpus with NMI [ 33.633303] Dumping ftrace buffer: [ 33.636815] (ftrace buffer empty) [ 33.640489] Kernel Offset: disabled [ 33.644083] Rebooting in 86400 seconds..