[....] Starting enhanced syslogd: rsyslogd[   11.417055] audit: type=1400 audit(1513890255.184:5): avc:  denied  { syslog } for  pid=2988 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   16.640151] audit: type=1400 audit(1513890260.407:6): avc:  denied  { map } for  pid=3128 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added 'ci-upstream-mmots-kasan-gce-2,10.128.15.208' (ECDSA) to the list of known hosts.
2017/12/21 21:04:26 fuzzer started
[   22.773078] audit: type=1400 audit(1513890266.540:7): avc:  denied  { map } for  pid=3139 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2017/12/21 21:04:26 dialing manager at 10.128.0.26:40749
2017/12/21 21:04:29 kcov=true, comps=true
[   26.152148] audit: type=1400 audit(1513890269.919:8): avc:  denied  { map } for  pid=3139 comm="syz-fuzzer" path="/sys/kernel/debug/kcov" dev="debugfs" ino=8900 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
2017/12/21 21:04:31 executing program 7:
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000b46000-0x8c)={0x0, 0x0, 0x0, 'queue0\x00', 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r0 = getpgrp(0xffffffffffffffff)
syz_open_procfs(r0, &(0x7f0000003000-0x7)='fdinfo\x00')
2017/12/21 21:04:31 executing program 3:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00009f3000)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw-serpent-sse2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000259000-0x14)="72733976d8030a4ae9fffffff8000000", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000233000)=[{0x0, 0x0, &(0x7f00001e4000)=[{&(0x7f0000786000-0x75)="0b7cc1d500c45a170c17c7373db9e7e0", 0x10}], 0x1, &(0x7f00006a4000)=[], 0x0, 0x0}], 0x1, 0x24008800)
sendmmsg$alg(r1, &(0x7f0000be4000)=[{0x0, 0x0, &(0x7f0000599000-0x30)=[], 0x0, &(0x7f0000b26000)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x0}], 0x1, 0x0)
recvmsg(r1, &(0x7f000053a000-0x38)={&(0x7f0000276000)=@sco={0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x8, &(0x7f0000952000-0x10)=[{&(0x7f0000a20000)=""/163, 0xa3}], 0x1, &(0x7f00007f2000)=""/0, 0x0, 0x0}, 0x0)
2017/12/21 21:04:31 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_group_source_req(r0, 0x0, 0x0, &(0x7f00008be000)={0x0, {{0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, {{0x2, 0x0, @loopback=0x7f000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x118)
2017/12/21 21:04:31 executing program 4:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000833000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4543(gcm(aes))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f000045f000-0x14)="79733976d800000004d960f2bd08cfe62785ce10", 0x14)
r1 = accept$alg(r0, 0x0, 0x0)
sendto(r1, &(0x7f00009a4000)="0b993ec938945a6510ba30278ddc957fdb", 0x11, 0x0, &(0x7f0000715000)=@in={0x2, 0x0, @multicast1=0xe0000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10)
readv(r1, &(0x7f0000094000)=[{&(0x7f00002bd000-0x34)=""/52, 0x34}], 0x1)
2017/12/21 21:04:31 executing program 1:
mmap(&(0x7f0000000000/0xf6e000)=nil, 0xf6e000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000591000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
writev(r0, &(0x7f00005ed000)=[{&(0x7f00005ee000-0x1a0)="d2", 0x1}], 0x1)
2017/12/21 21:04:31 executing program 5:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000833000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4543(gcm(aes))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f000045f000-0x14)="", 0x0)
2017/12/21 21:04:31 executing program 6:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
syz_open_dev$sndseq(&(0x7f0000239000-0xd)='/dev/snd/seq\x00', 0x0, 0x0)
2017/12/21 21:04:31 executing program 2:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000a97000-0x58)={0x26, 'aead\x00', 0x0, 0x0, 'seqiv(echainiv(rfc4106(gcm(aes))))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000259000-0x14)="72733976d8030a4ae9fffffff80000000184ce10", 0x14)
r1 = accept$alg(r0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000be4000)=[{0x0, 0x0, &(0x7f000027c000)=[{&(0x7f0000e07000-0xa8)="5b01721d1afc36f9d50ab675bb5bb473abc1acd9a53174f1d18e198ba345bbe7", 0x20}], 0x1, &(0x7f0000b26000)=[], 0x0, 0x0}], 0x1, 0x0)
recvmsg(r1, &(0x7f000053a000-0x38)={&(0x7f0000276000)=@sco={0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x8, &(0x7f0000952000-0x10)=[{&(0x7f0000a20000)=""/163, 0xa3}], 0x1, &(0x7f00007f2000)=""/0, 0x0, 0x0}, 0x0)
[   27.584541] audit: type=1400 audit(1513890271.352:9): avc:  denied  { map } for  pid=3139 comm="syz-fuzzer" path="/root/syzkaller-shm103014220" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[   28.555585] audit: type=1400 audit(1513890272.323:10): avc:  denied  { sys_admin } for  pid=3184 comm="syz-executor0" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
2017/12/21 21:04:32 executing program 0:
2017/12/21 21:04:32 executing program 0:
[   28.667585] audit: type=1400 audit(1513890272.435:11): avc:  denied  { sys_chroot } for  pid=3354 comm="syz-executor0" capability=18  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
2017/12/21 21:04:32 executing program 0:
2017/12/21 21:04:32 executing program 0:
2017/12/21 21:04:32 executing program 0:
ptrace$setregset(0x4205, 0x0, 0x0, &(0x7f00001e8000-0x8)={&(0x7f0000f59000-0xe6)="", 0x0})
2017/12/21 21:04:32 executing program 6:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x1, 0x0)
perf_event_open(&(0x7f0000508000-0x78)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x668, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x20000000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000000)={0x0, {{0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, {{0x2, 0x0, @loopback=0x7f000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x118)
2017/12/21 21:04:32 executing program 0:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
socketpair$inet(0x2, 0x0, 0x0, &(0x7f000075c000)={0x0, 0x0})
2017/12/21 21:04:32 executing program 2:
mmap(&(0x7f0000000000/0xf6d000)=nil, 0xf6d000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000330000)='./file0\x00', 0x0)
[   28.844339] audit: type=1400 audit(1513890272.612:12): avc:  denied  { dac_read_search } for  pid=3367 comm="syz-executor2" capability=2  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
2017/12/21 21:04:32 executing program 7:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = fcntl$getown(0xffffffffffffff9c, 0x9)
migrate_pages(r0, 0x6, &(0x7f000068e000)=0x9, &(0x7f0000ad9000)=0x0)
perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0x1e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x668, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x20000000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = inotify_init1(0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00007dd000)={<r2=>0x0, 0x0, 0x0}, &(0x7f0000360000)=0xc)
fcntl$setown(r1, 0x8, r2)
fcntl$getownex(r1, 0x10, &(0x7f000066c000)={0x0, <r3=>0x0})
r4 = syz_open_pts(0xffffffffffffffff, 0x80)
ioctl$TIOCCBRK(r4, 0x5428)
ptrace$setopts(0x4206, r3, 0x0, 0x0)
ptrace(0x4207, r3)
ptrace$getregs(0xe, r3, 0x0, &(0x7f0000000000)=""/0)
r5 = openat$selinux_member(0xffffffffffffff9c, &(0x7f0000bab000)='/selinux/member\x00', 0x2, 0x0)
ioctl$KVM_SIGNAL_MSI(r5, 0x4020aea5, &(0x7f0000c0a000-0x20)={0xf000, 0x7002, 0x4cc, 0x6, 0x1eee, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
setsockopt$netlink_NETLINK_PKTINFO(r5, 0x10e, 0x3, &(0x7f0000ca6000)=0x0, 0x4)
2017/12/21 21:04:32 executing program 2:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000bbd000-0x10)={<r0=>0x0, 0x0})
setitimer(0x1, &(0x7f00000e9000)={{0x0, 0x0}, {r0, 0x0}}, &(0x7f0000281000)={{0x0, 0x0}, {0x0, 0x0}})
clock_gettime(0x0, &(0x7f0000a4a000-0x10)={<r1=>0x0, 0x0})
setitimer(0x1, &(0x7f0000b4c000)={{0x77359400, 0x0}, {r1, 0x0}}, &(0x7f0000d09000-0x20)={{0x0, 0x0}, {0x0, 0x0}})
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000faa000-0x10)='/selinux/policy\x00', 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r2, 0xae03, 0x7)
2017/12/21 21:04:32 executing program 1:
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
capget(&(0x7f0000001000-0x8)={0x200f1526, 0x0}, &(0x7f0000a0a000)={0x3, 0x29f1, 0x5, 0x20, 0x100, 0x80bd})
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000002000-0xc)='/dev/rfkill\x00', 0x10c00, 0x0)
r1 = semget(0x2, 0x1, 0x180)
mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
semctl$SEM_STAT(r1, 0x4, 0x12, &(0x7f0000002000)=""/67)
ioctl$KIOCSOUND(r0, 0x4b2f, 0x8)
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000d9d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
timer_create(0x3, &(0x7f0000044000)={0x0, 0x12, 0x0, @tid=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000584000-0x4)=<r2=>0x0)
ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000e89000)=<r3=>0x0)
timer_settime(r2, 0x1, &(0x7f00003d5000-0x20)={{0x0, 0x0}, {0x0, 0x989680}}, &(0x7f00003ce000)={{0x0, 0x0}, {0x0, 0x0}})
getpgid(r3)
2017/12/21 21:04:32 executing program 0:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r0 = creat(&(0x7f000023c000)='./file0\x00', 0x40)
bpf$PROG_LOAD(0x5, &(0x7f0000b50000-0x30)={0x1, 0x2, &(0x7f0000732000-0x10)=[@generic={0x5, 0x1, 0x81, 0x0}, @map={0x7, 0x1f, 0x100, r0}], &(0x7f000015a000)="008b", 0x9, 0x80, &(0x7f0000b4f000)=""/128, 0x4, 0x1}, 0x30)
2017/12/21 21:04:32 executing program 3:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0})
mlock2(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x1)
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
clone(0x0, &(0x7f0000f39000)="", &(0x7f0000eaa000-0x4)=0x0, &(0x7f0000bf3000-0x4)=0x0, &(0x7f00003b9000-0xcd)="")
ioctl$UFFDIO_ZEROPAGE(r0, 0x8010aa02, &(0x7f0000bb7000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000})
2017/12/21 21:04:32 executing program 4:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00003f7000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$int_in(r1, 0x5452, &(0x7f0000867000-0x8)=0x80000001)
sendmmsg$unix(r1, &(0x7f00000bd000)=[], 0x80, 0x0)
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000ebe000-0xc)={0xa48f3798a56e60b, 0x0})
close(r0)
2017/12/21 21:04:32 executing program 5:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000260000-0x10)='/dev/sequencer2\x00', 0x402, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f000036a000)=0x4d)
getsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000039000)={<r1=>0x0, 0x8}, &(0x7f0000156000-0x4)=0x8)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000291000-0xa6)={r1, 0x9e, "24833877e0e6d799c70a3d29db032b283d1a8a4c8ebeec524f24817a9803372eaea3b8f017a4dec5877f5a2d8742e74243c3248e69e6bdd389e9c94cd4034e01c6f0d5f4b00a4a293d21d6bb4a0650db592a5e2247594ef5012b8e7efeefd1d9eec4568ce609c49928e659655cf06dbdf680fd624f73d31479ae60028f850ddb6ebb342190795b1998767839816b5839e024d4deb6c3cc7ae5e70be0ad66"}, &(0x7f00006b6000-0x4)=0xa6)
pwrite64(r0, &(0x7f0000eb6000)="94000bfff3d40060", 0x8, 0x0)
2017/12/21 21:04:32 executing program 6:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000058000-0x12)='/dev/input/event#\x00', 0xafd, 0x8000040000001)
ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f00002a2000)={0x2, 0x78, &(0x7f00006be000-0x78)="454eee1e5f269a2b1c6911e9a812d1c601977c2ec12181485a3d47284f4bca6ed22a7058a8b5eaae20fe36bec2c13281d458db77afe8b1c6ea643e1de907f4b06189ceef4c82d678c0d0055d46910f60560c5621c14100b94a63d7d9ccc0a65dc7798a9eba792400137112963a6b034a9f029e7aaca62fc8"})
r1 = syz_open_dev$mice(&(0x7f0000da8000)='/dev/input/mice\x00', 0x0, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffff9c, 0x84, 0x70, &(0x7f0000ef2000-0x108)={<r2=>0x0, @in6={{0xa, 0x1, 0x8001, @loopback={0x0, 0x1}, 0x7}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x1, 0x101, 0x8, 0x7, 0x101, 0x3, 0x400, 0xe9, 0x0, 0x80000000, 0x100000001, 0x5, 0x3fe0000000000000, 0x0, 0x0]}, &(0x7f000088b000-0x4)=0x108)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f00005dc000-0x14)={r2, 0x71c, 0xbf0, 0x3, 0x9, 0x7}, 0x14)
r3 = accept$unix(0xffffffffffffffff, &(0x7f00006be000-0x8)=@abs={0x0, 0x0, 0x0}, &(0x7f00007fe000)=0x8)
ioctl$TIOCGSID(r1, 0x540f, &(0x7f0000c96000)=<r4=>0x0)
ptrace$getregset(0x4204, r4, 0x207, &(0x7f00006a1000-0x10)={&(0x7f00008b1000)=""/244, 0xf4})
r5 = getpgrp(0x0)
getsockopt$SO_PEERCRED(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000751000)={0x0, <r6=>0x0, 0x0}, 0xc)
setsockopt$inet_sctp_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f00003f4000-0x4)=0x8, 0x4)
getresgid(&(0x7f0000c31000-0x4)=0x0, &(0x7f000028d000)=<r7=>0x0, &(0x7f0000c3b000-0x4)=0x0)
sendmsg$unix(r3, &(0x7f00007c0000-0x38)={&(0x7f0000cf5000)=@abs={0x1, 0x0, 0x0}, 0x8, &(0x7f00004db000-0x20)=[{&(0x7f000053d000)="3bcad1ee5f3db9ae3db6fa7b9effe02578672502917853130db5408de38367c92107ec208a712eb1c738e50c7992051e6d3163d8abbd4f059c02e6f31b9519df6b325ee778e49160619a5f4574f09170a6cda98f72a4cd6cbfde76fd4c93335c73ef22de7f87ac332a8c210d2559dff94fc6271d377abfc28405c34d7fd1040a84b605dcd43052f322551cab995cc8c54974f99931fd9fbed5ca79e8d2fb33c4315eea4230d1d5af192c4d73148ad1730163368112f0c38150ade547f127974c38804edd07782d44f07a8646", 0xcc}, {&(0x7f00008c9000-0x77)="f991c6a1c01ab896a257cec6bda6c0ff541163051f015d11904c126f048a5e49a1e93f80552c757e3234511a1f6a8cdc57465db8d08a78f7c22c4c2f3e6a19db6069f7624412ff05aa299b484fff778f03351890aa838f75c5b95b85978b2274e38b5ad7d2e4f745555c5e996aa24071318c439e69dd86", 0x77}], 0x2, &(0x7f0000e8c000-0x40)=[@cred={0x20, 0x1, 0x2, r5, r6, r7}, @rights={0x20, 0x1, 0x1, [r0, r0, r0]}], 0x40, 0x40000}, 0x0)
write$evdev(r0, &(0x7f00008c2000-0x30)=[{{0x0, 0x0}, 0x2, 0x0, 0x40c}, {{0x0, 0x0}, 0x0, 0x0, 0x0}], 0x30)
2017/12/21 21:04:32 executing program 3:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket(0xa, 0x2, 0x0)
accept$inet(r0, &(0x7f000085d000-0x10)={0x0, 0x0, @rand_addr=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000f7b000)=0x10)
ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2, 0x0, []})
ioctl(r0, 0x8936, &(0x7f0000000000)="")
2017/12/21 21:04:32 executing program 2:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000040fe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000f0e000)=<r0=>0x0)
ptrace$getenv(0x4201, r0, 0x4, &(0x7f000063b000)=0x0)
ioctl$TIOCGWINSZ(0xffffffffffffffff, 0x5413, &(0x7f0000246000)={0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$sg(&(0x7f0000f0a000-0x9)='/dev/sg#\x00', 0x0, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f000047a000-0xc)={0x0, 0x0, 0x0}, &(0x7f0000b70000)=0xc)
perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000040fe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sync()
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000d8c000)='/dev/sequencer2\x00', 0x4001, 0x0)
add_key$user(&(0x7f0000037000)='user\x00', &(0x7f0000bb3000-0x5)={0x73, 0x79, 0x7a, 0x0, 0x0}, &(0x7f000001b000-0x1)="f9", 0x1, 0xfffffffffffffffe)
select(0x40, &(0x7f00005cf000)={0x7234, 0x0, 0x0, 0x6e20, 0x2, 0x7, 0x0, 0x1}, &(0x7f0000581000)={0x6, 0x9, 0xffff, 0x1, 0x1, 0x2, 0x8000, 0x9}, &(0x7f000090f000)={0x7, 0x7, 0x1, 0x0, 0x2, 0x9, 0xa76, 0x4}, &(0x7f000008f000)={<r3=>0x0, 0x0})
nanosleep(&(0x7f0000470000)={r3, 0x0}, &(0x7f0000000000)={0x0, 0x0})
socket$inet(0x2, 0x5, 0x4000068)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00002e3000-0x78)={0x5, 0x0, [{0x9ea, 0x0, 0x9}, {0x17a, 0x0, 0x61430453}, {0xb13, 0x0, 0x9}, {0xebb, 0x0, 0x400000100000000}, {0x222, 0x0, 0x100000000}]})
r4 = syz_open_dev$tun(&(0x7f000000f000-0xd)='/dev/net/tun\x00', 0x0, 0x400100)
setsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00007e4000-0xb)={0x80, 0x0, 0x729, 0x0, 0x7fffffff, 0x0, 0x400000, 0xc28a, 0x4, 0x40000000000000, 0x0}, 0xb)
getpid()
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000a5b000-0x28)={@common='gre0\x00', @ifru_names=@generic="4f54000cc0a1ed4f3a0a1fdc222073b5"})
syz_open_dev$evdev(&(0x7f0000ee0000)='/dev/input/event#\x00', 0x0, 0x4000)
syz_open_dev$tun(&(0x7f0000fa9000)='/dev/net/tun\x00', 0x0, 0x501000)
perf_event_open(&(0x7f000002f000-0x78)={0x0, 0x78, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5825, 0x0, 0x0}, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x0)
socket(0x11, 0x80002, 0x300)
connect$ax25(r2, &(0x7f0000eb0000)={0x3, {"e80107fffc1508"}, 0x18000}, 0x10)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000288000-0xe)={0x1f, 0x0, {0x1, 0x0, 0x3ff, 0x3, 0x0, 0xffffffffffffffff}, 0x1, 0x5}, 0xe)
ioctl$EVIOCSKEYCODE(0xffffffffffffffff, 0x40084504, &(0x7f000015d000)=[0x800000000000000, 0x10003])
preadv(0xffffffffffffffff, &(0x7f0000005000)=[{&(0x7f0000e6e000)=""/1, 0x1}], 0x1, 0x10000000000000)
[   28.984801] audit: type=1400 audit(1513890272.752:13): avc:  denied  { prog_load } for  pid=3447 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1
[   29.056105] audit: type=1400 audit(1513890272.794:14): avc:  denied  { dac_override } for  pid=3447 comm="syz-executor0" capability=1  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   29.081180] audit: type=1400 audit(1513890272.814:15): avc:  denied  { net_admin } for  pid=3473 comm="syz-executor3" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   29.152802] audit: type=1400 audit(1513890272.920:16): avc:  denied  { net_raw } for  pid=3476 comm="syz-executor2" capability=13  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
2017/12/21 21:04:33 executing program 7:
r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000b27000-0x1e)='/selinux/commit_pending_bools\x00', 0x1, 0x0)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffff9c, 0x8933, &(0x7f0000000000)={@generic="c1db61313c14b5f56523c061cf7e6b0f", <r1=>0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000000)={@empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, r1}, 0x14)
r2 = openat(0xffffffffffffffff, &(0x7f0000181000-0x8)='./file0\x00', 0x80101, 0x20)
ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000be8000)=0x0)
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
getsockopt$bt_l2cap_L2CAP_CONNINFO(r2, 0x6, 0x2, &(0x7f0000d7f000-0x5)={0x0, 0x0, 0x0, 0x0}, &(0x7f0000490000)=0x5)
r3 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00009a7000)="", 0x0)
r4 = add_key$user(&(0x7f00006f3000-0x5)='user\x00', &(0x7f0000fea000)={0x73, 0x79, 0x7a, 0x0, 0x0}, &(0x7f00000d2000-0xd0)="79bd81788c2b6a62ffc668d68a637dd81eb146cbc942aedfcea9918526c7bbaa5334fd3b5a713115b9f6132ca0f09e880fa0f14f2583a717ab9779612381451e242e0dce4dde2b8586e8d7eff74f4d2eb06aa162b3d169a809a7716bc855b6b4fce259c952721bebc366d7fb6055b93bb027560f323e14642a9eb1e72b6ce354821bfd548d6c1e816e1218996ca75482b57cd3da45f9f3b23f0b05427713acfc173dc7d41820e44f658bdf29026bef27d5bc2147d583a0a6987860f1a448002a0c822cf786a8d533d9e2028d2ec5fe49", 0xd0, 0xfffffffffffffffb)
r5 = request_key(&(0x7f0000225000)='id_legacy\x00', &(0x7f000040f000-0x5)={0x73, 0x79, 0x7a, 0x1, 0x0}, &(0x7f00005c2000-0x40)='drbg_nopr_ctr_aes128\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0xfffffffffffffffb)
r6 = creat(&(0x7f0000dd3000)='./file0\x00', 0x1)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r6, 0x84, 0x79, &(0x7f0000d14000)=0xadbb, 0x4)
keyctl$search(0xa, r4, &(0x7f0000782000-0x8)='big_key\x00', &(0x7f00001aa000-0x5)={0x73, 0x79, 0x7a, 0x2, 0x0}, r5)
r7 = getpid()
ioctl$TIOCGSID(r6, 0x540f, &(0x7f000049e000-0x4)=<r8=>0x0)
r9 = getpgid(r8)
rt_tgsigqueueinfo(r7, r9, 0x1e, &(0x7f0000eff000)={0x2a, 0x4, 0x54, 0x3})
bind$alg(r3, &(0x7f00006a3000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
2017/12/21 21:04:33 executing program 6:
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f0000015000-0x8)='./file0\x00', &(0x7f0000001000-0x6)='ramfs\x00', 0x0, &(0x7f000000a000)="")
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
openat$selinux_user(0xffffffffffffff9c, &(0x7f0000002000-0xe)='/selinux/user\x00', 0x2, 0x0)
prctl$intptr(0x1, 0x0)
2017/12/21 21:04:33 executing program 5:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00005f1000-0xf)='stat\x00')
setsockopt$inet_dccp_int(r0, 0x21, 0x0, &(0x7f00001cc000)=0x2, 0x4)
rt_sigprocmask(0x0, &(0x7f0000033000-0x8)={0xfffffffffffffffe}, 0x0, 0x8)
setrlimit(0x1, &(0x7f0000011000)={0x3, 0x0})
ftruncate(r0, 0x3d)
2017/12/21 21:04:33 executing program 1:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket(0x11, 0x100000802, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00006a1000-0x4)={0x0, 0x0, 0x2003}, 0x4)
socket(0x11, 0x802, 0x0)
2017/12/21 21:04:33 executing program 4:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
msync(&(0x7f0000e92000/0x3000)=nil, 0x3000, 0x2)
perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0x400000000e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000f87000)='./control\x00', 0x0)
perf_event_open(&(0x7f000000a000)={0x5, 0x78, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x668, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x3, 0x20001008, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000000a000)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x668, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x20001000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x4)
r0 = open(&(0x7f000000f000-0xa)='./control\x00', 0x0, 0x0)
getdents64(r0, &(0x7f0000001000)=""/27, 0x1b)
2017/12/21 21:04:33 executing program 0:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsn(&(0x7f00001ac000)='/dev/vcs#\x00', 0x40, 0x349000)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f0000b38000)={0x0, 0x40, 0x4, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r1 = getpid()
r2 = perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000040fe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, r1, 0x0, 0xffffffffffffffff, 0x0)
exit(0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1000000000000002, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f0000350000-0x4)={0x0}, 0x4)
ioctl$TIOCLINUX5(0xffffffffffffffff, 0x541c, &(0x7f0000441000-0x28)={0x5, 0x0, 0x0, 0x0, 0x0})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000bae000)={0xffffffffffffffff, 0xffffffffffffffff})
perf_event_open(&(0x7f000025c000)={0x0, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000e5e000-0x17)='/selinux/validatetrans\x00', 0x1, 0x0)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffff9c, 0x84, 0x71, &(0x7f0000557000-0x8)={<r5=>0x0, 0xf898}, &(0x7f00005c0000-0x4)=0x8)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r4, 0x84, 0x71, &(0x7f0000495000)={r5, 0x4}, 0x8)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000fd4000-0xa2)="", 0x0)
syz_open_dev$sndseq(&(0x7f000032e000-0xd)='/dev/snd/seq\x00', 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
dup3(r3, r2, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
2017/12/21 21:04:33 executing program 2:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00008a2000)='/selinux/load\x00', 0x2, 0x0)
getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffff9c, 0x84, 0x1, &(0x7f0000340000)={<r2=>0x0, 0x3, 0x3, 0x20, 0x5, 0x6}, &(0x7f0000c14000-0x4)=0x14)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000aed000-0x99)={r2, 0x91, "6005b8456c257a0dd8f02b42871122feb345eee44b837797ed19c63f80f1341b287dfe33066980452b27074c4c3d509b6f7a4a4fd87629d16958838121177bf94211f90c47e77e232985aa96b4f45bbbefc059ff0707a06fb8a55a8326a588460059e2cd70fe9416bdf2e65eacb276eba33a585199c8689d316940a4fa204039c95f5843a6b8ac062c9b28db1d6cfda1b2"}, &(0x7f0000df0000)=0x99)
bind$alg(r0, &(0x7f000000a000-0x3d)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000dd000)="01f0ffff", 0x4)
r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f000005c000)='/dev/vga_arbiter\x00', 0x4401, 0x0)
accept$alg(r0, 0x0, 0x0)
ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000b76000-0xf8)={0x6, 0x0, [{0xb, 0xffffffffffffffff, 0x6, 0xff, 0x9, 0x3, 0x4, [0x0, 0x0, 0x0]}, {0xa, 0xc21, 0x1, 0x6, 0x36, 0x1000000000, 0xdb6, [0x0, 0x0, 0x0]}, {0x7, 0x80000000, 0x4, 0x2, 0x6, 0x1000, 0x8, [0x0, 0x0, 0x0]}, {0xc000000e, 0x1b, 0x1, 0x0, 0xeb5, 0x8, 0x7, [0x0, 0x0, 0x0]}, {0x4, 0x7, 0x5, 0x200, 0x9, 0x7, 0x81, [0x0, 0x0, 0x0]}, {0x80000019, 0xff, 0x1, 0x7, 0x5, 0x6, 0x4, [0x0, 0x0, 0x0]}]})
2017/12/21 21:04:33 executing program 3:
mmap(&(0x7f0000000000/0xff2000)=nil, 0xff2000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ff2000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ff2000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ff3000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
getresgid(&(0x7f000032f000-0x4)=0x0, &(0x7f0000ff4000-0x4)=0x0, &(0x7f0000ff2000)=0x0)
r0 = socket$inet6(0xa, 0x400000002, 0x0)
sendmsg(r0, &(0x7f0000f66000-0x38)={&(0x7f0000a44000-0x7c)=@generic={0x20000000000a, "daf8ffe6ffffff0001f20000000000b61b340e63f8ab691822e903e7d64ac8fef9507f000daec57f844686fbbf26093d6b53efc1cb2b880001186a68506776e9eba5ebd039273202a52700faccec35120ec64fc333c1c99287b26eaece2900727e347f814dc256ce82cb2c8080000000bff900000000000000076167b456"}, 0x80, &(0x7f0000259000)=[], 0x0, &(0x7f00003e0000)=[], 0x0, 0x0}, 0x0)
pipe2(&(0x7f0000e6c000)={<r1=>0x0, <r2=>0x0}, 0x80800)
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f00004bc000)='/dev/rfkill\x00', 0x2000, 0x0)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000bc9000)={<r4=>0x0, 0x5}, &(0x7f00008ab000-0x4)=0x8)
eventfd2(0x1, 0x1)
ioctl$KVM_X86_SET_MCE(r2, 0x4040ae9e, &(0x7f00000c5000)={0x8100000000000000, 0x10000, 0x8, 0x1, 0x10, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [0x0, 0x0, 0x0]})
mmap(&(0x7f0000ff3000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000ff3000)={r4, 0x10001}, &(0x7f0000711000-0x4)=0x8)
r5 = creat(&(0x7f0000209000)='./file0\x00', 0x8)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000296000)={r3, 0xffff, 0x9, r5, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
2017/12/21 21:04:33 executing program 1:
mmap(&(0x7f0000000000/0x9f7000)=nil, 0x9f7000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f00009f7000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f00009f7000)='/dev/vcsa#\x00', 0x1000, 0x0)
mmap(&(0x7f00009f7000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f00009f7000)={<r1=>0x0, @in6={{0xa, 0x0, 0xfffffffffffffff9, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbb}, 0xfffffffffffff4d3}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x7, 0x7, 0x5, 0x0, 0xff}, &(0x7f0000046000-0x4)=0xa0)
setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f00001d9000-0x10)={r1, 0x101, 0x3f, 0x1d}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000442000-0x8)={0x0, 0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000012000+0x808)={0x0, 0x0, &(0x7f0000894000)=[{&(0x7f0000783000)=[{0x11, 0x16, 0x719, 0x0, 0x0, '\n'}], 0x11}], 0x1, &(0x7f00009ef000)=[], 0x0, 0x0}, 0x0)
2017/12/21 21:04:33 executing program 6:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001000-0x78)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x666, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x20000000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000000)=0x0, 0x4)
r1 = syz_open_dev$sg(&(0x7f0000c1d000-0x9)='/dev/sg#\x00', 0x7fffffff, 0x4000)
getsockopt$netrom_NETROM_T4(r1, 0x103, 0x6, &(0x7f00008df000-0x4)=0x6, &(0x7f0000282000-0x4)=0x4)
2017/12/21 21:04:33 executing program 3:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000af9000-0x8)='./file0\x00', 0x0)
r0 = open(&(0x7f000030c000-0x8)='./file0\x00', 0x0, 0x0)
mkdirat(r0, &(0x7f000003f000+0x154)='./file0\x00', 0x0)
r1 = open$dir(&(0x7f00004db000-0x8)='./file0\x00', 0x0, 0x0)
chdir(&(0x7f0000f50000-0x8)='./file0\x00')
r2 = openat(r1, &(0x7f00008df000-0x8)='./file0\x00', 0x0, 0x0)
mount(&(0x7f0000e20000)='./file0\x00', &(0x7f00000e4000)='./file0\x00', &(0x7f0000450000-0x7)='autofs\x00', 0x1000, &(0x7f00006b8000)="")
symlinkat(&(0x7f0000020000-0x9)='./file0\x00', r2, &(0x7f0000020000-0x8)='./file0\x00')
chroot(&(0x7f0000404000)='./file0\x00')
renameat(r2, &(0x7f0000da3000-0x14)='./file0/file0/file0\x00', 0xffffffffffffffff, &(0x7f000020b000)='./file0/file0\x00')
2017/12/21 21:04:33 executing program 4:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000cf5000-0xa)='/dev/cuse\x00', 0x1, 0x0)
socketpair(0x11, 0x5, 0x0, &(0x7f0000edb000-0x8)={0x0, 0x0})
write$fuse(r0, &(0x7f000016d000)={0x50, 0x0, 0x0, @fuse_init_out={0x7, 0x1a, 0x0, 0x0, 0x6c, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x50)
2017/12/21 21:04:33 executing program 5:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
nanosleep(&(0x7f00008c4000-0x10)={0x77359400, 0x0}, &(0x7f0000d05000)={<r0=>0x0, 0x0})
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000040fe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffff9c, 0x84, 0x12, &(0x7f0000305000-0x4)=0x80, 0x4)
shmget(0x0, 0x4000, 0x1, &(0x7f0000e98000/0x4000)=nil)
r1 = shmget(0x1, 0x3000, 0x0, &(0x7f00004ef000/0x3000)=nil)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000244000)=""/239)
clock_settime(0x7, &(0x7f00001bb000-0x10)={r0, 0x0})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
ioctl$KVM_REINJECT_CONTROL(r3, 0xae71, &(0x7f00002a6000-0x20)={0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r4 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000c65000-0xe)='/selinux/user\x00', 0x2, 0x0)
ioctl$TUNGETSNDBUF(r4, 0x800454d3, &(0x7f0000ce3000)=0x0)
r5 = openat$rtc(0xffffffffffffff9c, &(0x7f000093d000)='/dev/rtc\x00', 0x200, 0x0)
sendto$inet(r5, &(0x7f0000332000-0x2)="f157", 0x2, 0xc4, &(0x7f000091f000)={0x2, 0x2, @broadcast=0xffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10)
openat$kvm(0xffffffffffffff9c, &(0x7f000008d000-0x9)='/dev/kvm\x00', 0x200, 0x0)
2017/12/21 21:04:33 executing program 2:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000f99000-0x9)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000030000)={0x0, 0x0, []})
r3 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f00007d2000-0xd)='/selinux/mls\x00', 0x0, 0x0)
epoll_pwait(r3, &(0x7f000020b000)=[], 0x0, 0x1000, &(0x7f000093b000-0x8)={0x1}, 0x8)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000a9e000)={0x1, 0x0, [{0x3a, 0x0, 0x0}]})
2017/12/21 21:04:33 executing program 7:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00004cf000-0x9)='net/tcp6\x00')
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f000072e000-0xc)={0xfffffffffffffc03, 0x6, 0x7fff})
ioctl$sock_SIOCADDDLCI(r0, 0x8980, &(0x7f00008ea000)={@generic="951df1c5419295f2fa36b0043be80474", 0x80000000})
perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0x2e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00008db000-0x58)={0x26, 'rng\x00', 0x0, 0x2, 'drbg_pr_sha384\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000d1000-0x10)="e513b5a378aa9141fbcd03ff00000cfc", 0x10)
r2 = accept$alg(r1, 0x0, 0x0)
ioctl$KVM_X86_SETUP_MCE(r0, 0x4008ae9c, &(0x7f0000ff6000)={0x20, 0x1, 0x5, 0x0})
setsockopt$sock_int(r2, 0x1, 0x7, &(0x7f0000bef000)=0x0, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000304000)={@common='bcsh0\x00', <r3=>0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
connect$packet(r0, &(0x7f0000815000)={0x11, 0xf5, r3, 0x1, 0xb9, 0x6, @random="afab2fa56b65", [0x0, 0x0]}, 0x14)
sendmsg$alg(r2, &(0x7f0000f00000-0x38)={0x0, 0x0, &(0x7f0000cd4000-0x10)=[{&(0x7f0000a38000-0x101e)="11b981c3293d1e6ad1542a5f601cee8a78a5b3dcdd974d49dde5e1221ddbf06cc93b795b81c963620851a71c695f6781c813dbedae661bf4027a80cf16dd7efcedf805fb599a3341668df2f825de709d389d74548c8adeb2de70463ab0909480cbe9105ef026a9391bf42d96580ea918818be39e671b51c135c9bcaeeb65eabc6bab4a8578495941708a81ce630bd00a135da1cf62b4357369154530c8a3ef02eb24edbf705a5ced4f2bb01d49e21ea5b3e5515b506383fe8502c28578d9677306403066ddee1c99e321c45130cd3a216dc9c84d175eced8de282007c411717d7e7818e761578bac47d2f09a4a89e7d3ba92dc47181857e2ae2714774540fcf79039210bfdc0a15bcf4f91c85a7d97995488017dc4c4802aee4257b65e3ef0f5ed11702a09d33c7aa44ab08867c8dd260c93c5082a4b19a3111783d9371f8b2f1231ae543e9ca77e10fdcbc24c76ab11e72937b3e3866d08008592061b3eb799bafd9635615de8a1077e8cfcdb95766721f0691693abfee445219959e972c6cb950bd8124c736f4df6572171719ed0fbd5b7cf5c7849a4abf622f2ec91594e3603ff9d4378f301517f9b42fcd95da35de020ee9a2cc1ca706a9c4356dd96464aea82371b8c620e30c1e4637e6394528dd7b47fd65ef9466c2677afc0be61f971568c6dd0d849288681f7ba8a68794ee910db6daf318491dcd63f2e76f3a78d9017ebc5bf554d21d24fd875de1d3bbd0fa12082cb0950222f1ebba49ae0e46d848d91be7eac6ae77bcdd7de332ab1d0eac5474cfebf307738eb18f3dd5ceb82a286d735003146eb2fcd9b96bb896617267b22383083278bbedcbb9b2bb3ea3ebdcb69ec61f101f13e5c2be4f32209c8303e6dd974ccaea6c686e8a0aad8cb013fa29b4bebe0f60e0756ed3d03b851f38ede71f88678676771c77727384fef9abef4dab228f6ab8a0a39e91a18cb01f687d4775429cd56a6dfc2c6d5f38d6ddd6e46f07fdfc1d5fbe56597329b6487afc7d5cd209e36dd2343fa7d934fe34d50be392239f81fb83ab6f7a84512cc8e6b0dcff75cd0850dbc919bc628822e587b3a0efe9ade098e72e007875c7858124d417668471523d94ca7d5115dedb78470d850d28660b925e90551e20dd5681b05db4d55ded5dd7b43c6a4eedea3449c2e4f63dd2fad564bddbf0adcb33e6643be3c35621f4d1889309a56e112dbfb865ea75f9c2d36f125825a0e6e83f6a84b839346cde7b125712cdf81b3e1433213feb542af98e34708284b1036710873b5f20dd368a3763701991f1fd9c77522448005c08dc5372320e5786f923973aefb0182e72c8e95af63b38b8fccef3656829bb1846bacb586b6f7ad5d4ec3b18803d5ff5fb007128bc0ba4106fff01c0d2b5245d3ade06c12a62a1a9b1cef04edb4492575087eb241c36431d9e995d76c1bc56f0d6c3ad4c3865f3c2cdec301dfd1b55b5afc99c7a0d3ffdc7d4add3a0f9e5c37c3ad84d377310a0e8c398fc1820a12488ccfa8e55900910f7d00a3cc36618d5c67ba26b71e0502c4be5e78471c93853f2ad18c6032e827b3ff3852a7e6f4d4d628fa22749b3a5b8072ccc03017b99500c7e16736861454a016b20863da16cf1124044b941b0dedf9b75fe70cf403fec3fd8ead5714bf4113630414cdf3f55879e50869d5bd233166bbb69550db396afc28f9bd495eaedec2330abdec5eedb8ccebd38d7f97a0a210b674bf123f1fb2da1f5ddf78642c7c7e96fef99c7d8a42789aaa9ce70899c8102e4402a96d00b931b6cc3458d37917f291c3543ff488723d002831745dcccd9d1af40160d963a29ae66195072a8f65210202d1506fbd40fc4cd9dc5a9d9bb96473afe642c2be663205e44cbbb19b75048b2088730ed3c84b6ac6c7c89d93b689b7c2136f5ba26e5c53c38aacc4da969e8be6e0a69f97ce933dc5af96eea4c82e3b5bb1aab933364a3e6f10454ee8e23192d0b977b48892e5d24d41215c7019a5832388717fe0f11c6703d9290f5ed391e796022ca8235262a12c3b04a3f17f4bf017427b11b2328ddb0455815eedbd8748ce9190d73ae0ca98562faf6ee108ec30b6006638e280ff99d285b3f1c38023c498b7f1263ed4f489b74126818d778db508066c52709716e03d21d3e9a2b9e7eaf5ba24edee067abe7c035778b9f18685cb37023af50a596a8fbee1d811575d690a2a58e37415270592161bbe2217c370c6b4595345bc9fad53eb681b57dcc06464cbf46e140439e0e5505e61dcb510217b24762858f93e54e978098b02c490724c997f8b21117bc88d984e322416c37c4ee8c07854f32890d78c4f69ed8145791896c049166af9f8c343887658f66f6a22913c82c6d01eb57b339b21ee7f97a626efbed20c3c59d68ebaf72e112392f05fdd1ec02e627d332e8d6eeccaa57e8442be2870e5885a88fd79f1bcba6e2f5309fea94a6d3aa8ab008db6c3c3821e9f391ada7c07f3a403e567a0c0debd3782aba5acf52401d282370f55e6c2a1db91cad5fa62aae97d1e4913def71a08749d7f46965e58ea2f737cc56105577b249143b895f0f3c2f62df70e55817a220ed2291d6a77954e3485e40a7b483ba1adc1696232e396bd564a493bf401e3680b05660e39f42745ba05143d24d879ce47d375ba19ff9b95fa66855ed6d559a0df8474ad72e32dbbf8dd5d95c3b7984519c64e9e577db8513f026d3129eb2352f5f55f5b587faf496fdd457ef424eb5d818ff395a00f4a113be47d43d12ed8773659b9964a6141688f1c613a7fd2c5b0ae78d0067cb68ec2a042e2c47b12b500000400ed785ca630c7ca9942c7d99feb00000d80b231dc530cf6ed22e926dd68054227aa99bb6d235ba8dd0e76ff9470a4cd84d84dcf4787a3febe3bb247650e91f2d345e7ad9438c58274cb71ccb4a251432f101dd03f228385a22c33430e44acdb92a9f07770f25cc8b2ab0019029de6a68a1b43a84c8ad7ebc60b8c08c0c857b5c8d6b4a27bac9e946c1d2496bbcb5200bf8bfc27fba10437096bb6ddcaff53130b78f40f09f4ff89246636e72cb709e9aecd90e7f854c08af47954e6cf5bb5df7ba8f29c3a58fe93eed54d81c8e4b759c153c96d83e929552ea4dfd0dafc7efdb36abef8098865255d86cfd3f368ea83f339216b73bd301db5af6ca3e9892cfd61917ed1a9b75377ce322e6993fb73f970f5368ec79f288a0d21b920cf0e5622914a037902fb0888298843d8a5740f2c32e67da6f7c7fae963d43d8822276004aba3987c32c4bad18b2c277dece392d3b1fcb5cc36efc1c2fc65882c3be4f65a41d95b8a0ae7ce831259eff7c52de3e5f56d25f76b15f64130536cdfd73a20924b361068a91f0d0efb1bf14eaa9b59218bc2385f8cf9cbe8a74a143f9f2f69d24655e954112a1580fc6a710e59ef9196cba068e7d1ff22f7977ae8b0093a893306184525352cd9a5956fc18f877c1d1f41ad8b895a90a347cee2d731e9d3e91d68fa48f1b23eef3d92527c589f21cff3b7cc69598e03efeb83335b2973d3ec5e30661c4f276b9b8eb3786705e9034f7a9cb80f3722e9bac0a9f81d51bc88f0d255c875e6d8377d6d090245a47d519d49b8325a4d8b3edf86cbfab71c50dccec8c27c47bf0e87e35c24e2a70238d19f310b275a273ed3079d96073fdc77ccbdc7c029595bfcfeba5a05c33e28173be404dbf30a37dd17ddbba5fc7fcd5fcb6f0b908f28931bc6bed350a653004f7b08a56a990558ef4d1ecc4aad62575c3b8e2d66726fcd97517b3fb41917c8e2f17299e36426297795b0b7ac30ae7f5205ca2340bc17d9da2dc8d5a29894eb4ef0e1144e4ac092b00d189fb121788158df32e5f5f6500736f9240f64f37892fc3cd4a9a864214393b675f8a949304658f335da6babdc724e8d8c1352b91a88e07dbc9b2cc04d15a3e8f58f07075e36619ee2cb228e554990207ca896f779e63573e2b1261f35f8d0018cab12e8d21fa0fb4e51b4762a63d6f1633c0c9bceab843a60c202e4e8bb7d3fa4990b9086908b65ce00c28af904df914bd6cfc471d3d7eac62dbdf7b820fb2589c87cbfe40d366e5e764edf6d0d32e69f0744e9d525426ef7a1f10d351f5a15b021a78d2f7527b080b3480315381caa1fa9f8712b4f3bef0f402a1c3fa6bd591477a43d4552add84cb4723eee30104518c3119c2773ac36ebc09165b382efd06ff8280f776b256e822d4a5fb26ab1bd1c13bba370221db200bea82e55dd0101e2cc59793217c2650f1bfe92b9336ea83772631a578935e98a007bd493ad727085248d3b6a24c36ab1c3b471e683427d8d8bfec897e6b37ebe2479ae18b0da33684b8a6d2863b91f914aac6e10e836bf3f1efe8e41724170ef051e1dcfb867c5dce67068c4417e719990281e33102618cd571173966f93dbe06ab9d1c11bed9952f5ceed152e5bc8bc1bf632de9057799392cac263615fd4b816a8a92df84b126c6b02fc0525021037ba1e39cd44a63e71d4034f8f6847c7e18cdba32b540b2447b5b1384ea21cf8b7d06984783ca477b31a3be3655d8e91dc27a87d75cc48ee01bebf9169873e1c417b4fb9f9ce49ada3bf9f7c0fc6e72e13edc650b7a2b8cf8967c11efacd5eace0673018fbed2e7c4096e57141140834fff27f25bb30c81e60e3a31199aa8f000dcabc93ad6ddb3a4628bc2226b814a47eff0d750396915a1d3ead774aefc5e664b31ac9b64ea9fe42cd3e03ff249f8dc83aafcdb2a49facb8e8682fd59965764b5bb1fa901e46f4d92f9f8af0a5bf3b0cc5517634d6f81ca7d55f6faaf70e76a603f90f1b513c6a41e8ec48d34ba13e7ae33a2c2bae92e325a57a9de2045dad256c8dd30c03e9ae4f7806d0a78a5f63d2399e07f44a834bd77d658adf1bce15c8a416d4a70ae657fa1679220b268ce22674c821a474612d402fd91ff09ccbec082b07158aa8b2e8f546a895b7acf636be328985d953e4f9ce4a4ccff2377768e15cf1dc88d44cd77982d8ed6d35bc6eec0b8370beb94643f4e5d42ac4eeed54e971306e56cc76e1e17180cb8546e07ac09e2f70169c3d4a336f37348d4c2697d2c95fc0dfb454ae6ed9e11e9a68a2c5a40de16fa6b74f8bcb9c46711bc18aafa9c7cc6901214cd71e1b02c0b80b83ef77c72f45a7028fcc19676a09afb40f70fec03638fa765486a8a69df7555d76cc9a1fb211bff585a5b6cc5614ab8c6a328926524b15076ed1022333bb0f23754db344895d8c74c9c695bfe0ca1226fbf8f4fb58d1171b6250a3e8f0fbf973f6ae808276d8ef95a4384cc9038f5067ef49fe1da7a6b2fcedf4bf0af13d814f708303b1d4340ed6bb1e53f742aebab9bd2df1dd6c56c97f9256cdd29adc3839ff59f4bcff1c3094f8938d2abaa78f8a2e743f568ffcac6231f95d30c839875380ca7c91eea63a9eba779fa103ea52c46321f51058293f5f49e10ad3eb47fa747a3a85991916639884dd1530f7dcebf915822dd525dd5c02c59e9464f54f99d3d18f96b7e7f71ddefff8070dfbb3c514e4bfbee58a39461ed6a10c25ff052f30b84ee0a9c3a8a50dd75fa93b4ad303cbace27b46bc826173f5ba04e5c7e2cc3ff820de281c8f78c47c1d804615e073d4fcb0d02243287400303277a96d32a21d7359e89330ea83fdcc3785894596e0dd7efe55a2d72b81b8d48269963fd32c663b3157956360fbd8d8e30f1a31a9abde9d8f8709886233088ae2b5bb0742395900aa49c3d7bd17c6c78a042dbde5ed5e8e5acb97d20294992c211b62e1d89a9ee53bd40901d47aa127c03413", 0x1001}], 0x1, 0x0, 0x0, 0x0}, 0x0)
recvmsg(r2, &(0x7f0000152000-0x38)={0x0, 0x0, &(0x7f00009b7000-0x30)=[{&(0x7f00002fb000)=""/4096, 0x1000}], 0x1, &(0x7f00003b9000-0x39)=""/57, 0x39, 0x0}, 0x0)
2017/12/21 21:04:33 executing program 4:
r0 = memfd_create(&(0x7f0000a9e000)="5c8e2f00", 0x3)
write$tun(r0, &(0x7f00002f4000)=@pi={0x0, 0x890d, @eth={@random="5be4370d69b1", @remote={[0xbb, 0xbb, 0xbb, 0xbb, 0xbb], 0x0}, [{[{0x9100, 0xeb, 0x20, 0xb165}], {0x8100, 0x0, 0x0, 0x401}}], {{0x892f, @x25={0x2, 0xffffffff, 0xf, "8e4cc30bb43b0fc442754bb15697a368176c287da91b096afcc310bf6e0456504d7de49f97a4b1bba05d9a59d83d5d7714fc1aeb468be8b6c9626f5e8586abe6d607e716b8cca1704abd0fce7fa6b6a178d9f27e605888d5144a1d70ef4ce0812c3308e561a031b3a74e5d153c92ec9e4bac10c6c7a75e1ff7bdf0cec24547646b0725259363767b3594"}}}}}, 0xa7)
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000040fe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000e41000-0x12)='/dev/loop-control\x00', 0x0, 0x0)
r2 = dup(r1)
ioctl$LOOP_CTL_ADD(r2, 0x4c81, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c80, 0x0)
ioctl$GIO_FONT(0xffffffffffffffff, 0x4b60, &(0x7f000089d000)=""/0)
io_setup(0x8, &(0x7f0000c70000)=<r3=>0x0)
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000615000-0x4)=<r4=>0x0)
ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f0000a78000+0x492)=r4)
io_submit(r3, 0x0, &(0x7f00002ce000)=[])
socket$bt_rfcomm(0x1f, 0x1, 0x3)
2017/12/21 21:04:33 executing program 1:
r0 = syz_open_dev$random(&(0x7f0000253000-0xc)='/dev/random\x00', 0x0, 0x301000)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
open_by_handle_at(r0, &(0x7f0000000000)={0x90, 0x8, "e0b6ee4362105c7e4088ca4b64d7dd731ce82235a7932fbfa09278fa864460b3f98f822ea6e35ea26687c8aeaea2fc5f9c5a57059cf4774de1304eb217c1f7caf206836314cbde5f3fea0a3c5e4b40823e7c327b58598769c45288238d9cb5289d301cc0dcdec296c1bb6c8e22ecacbe272fc339a73db3fc496d511ec011c972ce0997a389b8f585"}, 0x20080)
mmap(&(0x7f0000000000/0xfb4000)=nil, 0xfb4000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000fb4000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
io_setup(0x8, &(0x7f0000fb4000)=<r1=>0x0)
mmap(&(0x7f0000fb5000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000fb6000-0x10)='/dev/sequencer2\x00', 0x10000, 0x0)
r3 = openat$selinux_context(0xffffffffffffff9c, &(0x7f0000e8f000-0x11)='/selinux/context\x00', 0x2, 0x0)
io_submit(r1, 0x1, &(0x7f0000925000)=[&(0x7f000055e000-0x40)={0x0, 0x0, 0x0, 0x0, 0x2000000000000, r3, &(0x7f0000334000-0x28)="f5ec4c7d0004eb6f687eea5f06", 0xd, 0x0, 0x0, 0x0, r2}])
2017/12/21 21:04:33 executing program 3:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = getpid()
perf_event_open(&(0x7f00006fe000-0x78)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000040fe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = epoll_create1(0x0)
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f000020e000)='/selinux/policy\x00', 0x0, 0x0)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000de3000)={0x100000001, 0x4, 0x2000}, 0x4)
r3 = socket(0x10, 0x802, 0x0)
kcmp$KCMP_EPOLL_TFD(r0, r0, 0x7, r3, &(0x7f0000b83000)={r1, 0xffffffffffffffff, 0x0})
2017/12/21 21:04:33 executing program 6:
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/policy\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
fstat(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = socket$inet_sctp(0x2, 0x800000000001, 0x84)
mmap(&(0x7f0000000000/0xaab000)=nil, 0xaab000, 0x200000c, 0x32, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp_SCTP_RECVRCVINFO(r1, 0x84, 0x20, &(0x7f0000cec000-0x4)=0x0, &(0x7f0000a96000-0x4)=0x4)
[   29.402975] kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu
2017/12/21 21:04:33 executing program 4:
mmap(&(0x7f0000000000/0x4f1000)=nil, 0x4f1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f000000d000-0x70)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000005000)=""})
mmap(&(0x7f00004f1000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
openat$selinux_load(0xffffffffffffff9c, &(0x7f00004f1000)='/selinux/load\x00', 0x2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000006000-0x2c)=[], 0x0, 0x0, &(0x7f0000002000)=""})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000003000-0x30)={0x4, 0x0, &(0x7f0000268000)=[@register_looper={0x630b}], 0x0, 0x0, &(0x7f0000002000)=""})
2017/12/21 21:04:33 executing program 0:
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000001000-0x11)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffff9c, 0x84, 0x22, &(0x7f0000b64000-0x10)={0x3f3e, 0x800e, 0x1000, 0x4000000000, <r1=>0x0}, &(0x7f0000001000-0x4)=0x10)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000001000-0x98)={r1, @in6={{0xa, 0x0, 0xd5, @loopback={0x0, 0x1}, 0x8}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0, 0x3}, 0x98)
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000960000)={@random="71cc0fb0b178", @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x0}, [], {{0x201, @ipv6={0x0, 0x6, "8d376d", 0x10, 0x0, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xaa}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xaa}, {[], @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "4d4415", 0x0, "7df237"}, ""}}}}}}, &(0x7f0000381000)={0x0, 0x1, [0xb9e]})
socket$kcm(0x29, 0x7, 0x0)
socket$alg(0x26, 0x5, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = accept(r2, &(0x7f0000d21000)=@un=@abs={0x0, 0x0, 0x0}, &(0x7f0000fbb000)=0x8)
ioctl$TIOCLINUX4(r0, 0x541c, &(0x7f0000b13000-0x1)=0x4)
getsockopt$ax25_buf(r3, 0x101, 0x19, &(0x7f0000272000)=""/176, &(0x7f0000237000-0x4)=0xb0)
2017/12/21 21:04:33 executing program 7:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x80e, 0x7)
getpeername$inet(r0, &(0x7f00001c6000-0x10)={0x0, 0x0, @local={0x0, 0x0, 0x0, 0x0}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000961000-0x4)=0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000c48000-0x8)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f000001a000-0x69)='j', 0x1)
recvfrom(r1, &(0x7f000001d000-0x72)=""/1, 0x1, 0x0, &(0x7f000001d000)=@nfc={0x27, 0x0, 0x0, 0x0}, 0x7fffffffefff)
2017/12/21 21:04:33 executing program 2:
r0 = socket(0x1e, 0x1080000000001, 0x0)
getpeername$packet(r0, &(0x7f00002ac000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random=""/6, [0x0, 0x0]}, &(0x7f0000575000)=0x14)
2017/12/21 21:04:33 executing program 3:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00006a9000-0x58)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00003cb000-0x10)="0a0775b0d5e383e5b3b60ced5c54dbb7", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000f6d000)={0x0, 0x0, &(0x7f0000b65000-0x20)=[], 0x0, &(0x7f00008c8000)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x0}, 0x0)
recvmsg(r1, &(0x7f000022f000-0x38)={&(0x7f0000f6f000-0x10)=@ethernet={0x0, @random=""/6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10, &(0x7f0000893000-0x50)=[{&(0x7f0000f6e000)=""/12, 0xc}], 0x1, &(0x7f0000aa5000-0x46)=""/70, 0x46, 0x0}, 0x0)
r2 = openat$selinux_context(0xffffffffffffff9c, &(0x7f0000c1a000)='/selinux/context\x00', 0x2, 0x0)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r2, 0x84, 0x13, &(0x7f0000af0000)=0x7fff, 0x4)
2017/12/21 21:04:33 executing program 1:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x1, 0x0)
r1 = syz_open_dev$tun(&(0x7f0000c55000)='/dev/net/tun\x00', 0x0, 0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000bc5000-0x4)="6b64b22e", 0x4)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000928000-0x28)={@syzn={0x73, 0x79, 0x7a, 0x0, 0x0}, @ifru_settings={0x5, 0x0, @sync=&(0x7f00001a4000-0xc)={0x0, 0x0, 0x0}}})
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000630000-0x20)={@syzn={0x73, 0x79, 0x7a, 0x0, 0x0}, @ifru_flags=0x20301})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00005e9000)={@syzn={0x73, 0x79, 0x7a, 0x0, 0x0}, <r3=>0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
bind$packet(0xffffffffffffffff, &(0x7f0000c85000)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @remote={[0xbb, 0xbb, 0xbb, 0xbb, 0xbb], 0x0}, [0x0, 0x0]}, 0x14)
dup2(0xffffffffffffffff, r2)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f00004e3000)=0x120, 0x4)
write$tun(r2, &(0x7f0000875000-0xa4)=@hdr={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, @ipv4={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast1=0xe0000001, @remote={0xac, 0x14, 0x0, 0xbb}, {[]}}, @igmp={0x0, 0x0, 0x0, @empty=0x0, ""}}}, 0x26)
2017/12/21 21:04:33 executing program 5:
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000b7a000-0x10)={0x1, 0x18, &(0x7f0000000000)={0x0, <r0=>0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000ebe000)=r0, 0x4)
clone(0x0, &(0x7f0000c54000)="", &(0x7f0000134000-0x4)=0x0, &(0x7f0000001000)=0x0, &(0x7f0000001000-0x2)="")
getrlimit(0x0, &(0x7f0000cf3000)={0x0, 0x0})
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
openat$vcs(0xffffffffffffff9c, &(0x7f0000001000-0x9)='/dev/vcs\x00', 0x202, 0x0)
2017/12/21 21:04:33 executing program 6:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x668, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x20000000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00002f7000-0xf)='/dev/sequencer\x00', 0x100, 0x0)
getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f00007c7000-0x67)={<r1=>0x0, 0x5f, "19fe3638994050b837a5381a073e81e269bddc45dda21464ef06c72715ed924ffe6506010e2b8cad683a6c790a621a54f097fec3b5b99843d0bb07d836bdc80c51f2706e965c016cb8acb35b96df0210c44e6db3d65e841bca6e2a0f9a2e56"}, &(0x7f00008d1000)=0x67)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000bae000)={0x10000, 0x8, 0x2, 0xc25, 0x80000000, 0xfffffffffffff000, 0x847, 0x3ff, r1}, &(0x7f0000b0f000)=0x20)
r2 = socket(0x1e, 0x4, 0x0)
getsockopt(r2, 0x10f, 0x82, &(0x7f0000004000-0x4d)=""/0, &(0x7f0000000000)=0x0)
[   29.576072] device syz1 entered promiscuous mode
[   29.581063] audit: type=1400 audit(1513890273.344:17): avc:  denied  { set_context_mgr } for  pid=3558 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
[   29.581082] audit: type=1400 audit(1513890273.344:18): avc:  denied  { map } for  pid=3558 comm="syz-executor4" path="/dev/binder4" dev="devtmpfs" ino=1075 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1
[   29.582475] binder: 3558:3563 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER
[   29.585101] QAT: Invalid ioctl
[   29.643084] binder: BINDER_SET_CONTEXT_MGR already set
[   29.643101] binder: 3558:3563 ioctl 40046207 0 returned -16
2017/12/21 21:04:33 executing program 2:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x16b, &(0x7f0000c51000-0x1a3)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x0}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x0}, [], {{0x86dd, @ipv6={0x0, 0x6, "72f20b", 0x135, 0x0, 0x0, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbb}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xaa}, {[@fragment={0x0, 0x7, 0x8, 0x5, 0x3, 0x7, 0x0}], @tcp={{0x1, 0x0, 0x42424242, 0x42424242, 0x612f, 0x0, 0x11, 0x81, 0x401, 0x0, 0x7f, {[@sack={0x5, 0x1e, [0xfffffffffffffffc, 0xec4, 0x5, 0x7, 0x6, 0x1, 0x1]}, @sack_perm={0x4, 0x2}, @generic={0xc, 0x10, "8ed98d23d4e42c8e34a553dbad43"}]}}, {"04e642e2bb91e1bc63349d99a5ff50b9bc0324ccd6d5d2c89784c9a07dccf5f276c08af8e4b2d9c6189f91552692f607b3e77af3b5d3cabe02bffe781b2594849149895ae9928f25ae401f75b0a2f50d1e7e8e6f5357f4da281cdcece6b9366d5b708da537f0a557a34c15a8df859e9c323fbe038373b08f409e2a8f4b29548e81025d7970285da712404f357d7b954595dade478e749ee83e9325839582841d5193cad51d1532ccabf719cff8d23952415316593301a66ebfc2ca0acffe09aff8bef9b0d01993095606bf745cf83092030e36eee1e91cb880cf01639ce44d4e7a43ff69b32c8d6ca5"}}}}}}}, 0x0)
mprotect(&(0x7f00002e4000/0x4000)=nil, 0x4000, 0x2000000)
r0 = creat(&(0x7f0000795000)='./file0\x00', 0x40)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000882000)={&(0x7f0000c75000)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000126000)=[], &(0x7f000086f000-0x11)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000b5c000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x5, 0x0, 0x5, 0x6, 0x0, 0x0, 0x0, 0x0})
2017/12/21 21:04:33 executing program 1:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa, 0x0, 0x0})
syz_open_dev$mouse(&(0x7f0000b79000)='/dev/input/mouse#\x00', 0x7f, 0x40)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000044000-0x20)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0})
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000c1c000-0x15)='/proc/self/net/pfkey\x00', 0x8000, 0x0)
r2 = creat(&(0x7f000078e000-0x8)='./file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @time={0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, @time=@time={0x0, 0x0}}], 0x1c)
getdents(r2, &(0x7f0000a7f000)=""/102, 0x66)
write$fuse(r2, &(0x7f0000c19000-0x8c)={0x10, 0x0, 0x0, @random=""}, 0x10)
ioctl$LOOP_GET_STATUS64(r2, 0x4c05, &(0x7f0000960000-0xe8)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/64, ""/64, ""/32, [0x0, 0x0]})
setsockopt$inet6_udp_int(r2, 0x11, 0x64, &(0x7f0000913000)=0xbec, 0x4)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$UFFDIO_ZEROPAGE(r0, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000})
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r1)
2017/12/21 21:04:33 executing program 0:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket$inet_sctp(0x2, 0x800000001, 0x84)
sendto$inet(r0, &(0x7f0000c49000)="1a", 0x1, 0x0, &(0x7f0000022000-0x10)={0x2, 0x0, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10)
sendto$inet(r0, &(0x7f0000029000)="c6", 0x1, 0x0, &(0x7f0000008000-0x10)={0x2, 0x0, @remote={0xac, 0x14, 0x0, 0xbb}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10)
shutdown(r0, 0x1)
r1 = fcntl$dupfd(r0, 0x0, r0)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x7b, &(0x7f0000ff9000-0xc)={0x0, 0x0, 0x0}, 0xc)
getsockopt$inet_sctp_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f00005c4000-0xb8)={0x0, 0x80000000, 0x8, 0x6721, 0x1, 0xa0d3, 0x9, 0x4, {<r2=>0x0, @in6={{0xa, 0x2, 0x4, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xaa}, 0x1175}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0xa78, 0x0, 0x6a6f1b59, 0x1, 0xa2b8}}, &(0x7f00007e6000)=0xb8)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000ce5000-0xc)={<r3=>0x0, 0x100, 0x0}, &(0x7f0000458000)=0xc)
getsockopt$inet_sctp6_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f0000f86000-0xb8)={r2, 0x2, 0x7, 0x101, 0x1, 0x1, 0x230, 0x6, {r3, @in6={{0xa, 0x3, 0xfffffffffffff793, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x7}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0xda35, 0xfffffffffffffffe, 0x2, 0x2, 0x3}}, &(0x7f0000e1a000)=0xb8)
2017/12/21 21:04:33 executing program 4:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000fe1000)='/selinux/load\x00', 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000040fe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00003b3000-0xb6)={@random="efa106a7290c", @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x0}, [], {{0x800, @ipv4={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x40000, 0x29, 0x0, @remote={0xac, 0x14, 0x0, 0xbb}, @local={0xac, 0x14, 0x0, 0xaa}, {[]}}, @icmp=@redirect={0x5, 0x0, 0x0, @remote={0xac, 0x14, 0x0, 0xbb}, {0x7, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @empty=0x0, @empty=0x0, {[@timestamp={0x44, 0x8, 0x0, 0x0, 0x0, [{[], 0x0}]}]}}, "11409d09"}}}}}, 0x0)
setsockopt$inet_udp_int(r0, 0x11, 0x1, &(0x7f0000e8b000-0x4)=0x7, 0x4)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x20100, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000c90000)={0x1ff, 0x1, 0x4003, 0x1000, &(0x7f00007ea000/0x1000)=nil})
2017/12/21 21:04:33 executing program 3:
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000001000-0x3)='/dev/hwrng\x00', 0x100, 0x0)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
sendto$inet(r0, &(0x7f0000000000)="77f33fd1236817282c59c2dcdba8babaab7bb1171a4c4615e09273f8c87e539eddafcc9812f9f9169b81c6ff1d087bf499bf8f6538b6395b66339d1ae52a09c4d7e42f7c61f040f34d3ef774f437aa5df9042bd1240c593c253fef59c458cad1ab58000d3dbe9ba5b51b30ba9023fd109c1a07556a55523e7bdb92074b61fcbd73b80748c9cde17923d950ad9d30b726f39541", 0x93, 0x844, &(0x7f0000000000)={0x2, 0x2, @rand_addr=0x7ff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10)
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r1 = socket$inet(0x2, 0x6, 0x2000003)
fcntl$setstatus(r1, 0x4, 0x2000)
sendmsg(r1, &(0x7f000089c000-0x38)={&(0x7f0000435000-0x14)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [0x0, 0x0]}, 0x14, &(0x7f00008f8000)=[], 0x0, &(0x7f0000783000)=[], 0x0, 0x0}, 0x0)
connect$inet(r1, &(0x7f00001b8000-0x10)={0x2, 0x0, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10)
2017/12/21 21:04:33 executing program 5:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket(0x2, 0x80003, 0x2)
mmap(&(0x7f0000000000/0xfe6000)=nil, 0xfe6000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
setsockopt(r0, 0x0, 0xd0, &(0x7f0000000000)="", 0x4)
r1 = syz_open_procfs(0x0, &(0x7f0000f81000-0x5b)='net/udp\x00')
writev(r1, &(0x7f0000009000-0x8)=[{&(0x7f00002bc000)='5', 0x1}], 0x1)
2017/12/21 21:04:33 executing program 7:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
syz_open_dev$binder(&(0x7f0000005000)='/dev/binder#\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000000)={0x19980330, 0x0}, &(0x7f0000002000-0x18)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_void(r0, 0x29, 0x22, 0x0, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_MAX_THREADS(r1, 0x40046205, 0x400000)
ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000009000-0x30)={0x4, 0x0, &(0x7f000000a000)=[@register_looper={0x630b}], 0x2, 0x0, &(0x7f000000b000-0x4)="d8c6"})
r2 = accept$inet(0xffffffffffffffff, &(0x7f00001ef000)={0x0, 0x0, @remote={0x0, 0x0, 0x0, 0x0}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000d21000-0x4)=0x10)
ioctl$TIOCGSID(0xffffffffffffff9c, 0x540f, &(0x7f0000897000)=<r3=>0x0)
ioctl$sock_FIOSETOWN(r2, 0x8901, &(0x7f0000a17000-0x4)=r3)
sysfs$2(0x2, 0x0, &(0x7f00002cc000)=""/59)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000001000-0x90)=[@reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000005000)=[], &(0x7f0000004000)=[0x0]}, 0x0}}], 0x1, 0x0, &(0x7f0000008000)=','})
2017/12/21 21:04:33 executing program 6:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x6, 0x0)
getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f00001dc000-0x8)={<r1=>0x0, 0x3}, &(0x7f000038c000)=0x8)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f00007d4000)={r1, 0x1000, "a1560b5131ba0745957b230abec93f478224e5c26773e42718e57657b1c722b40d5c5695cefeed0d5aada1f4a9d87c8b779f1a56e6d8f1c563ad06965e9e341f0541642e4f1d74e3d0bf902edc3f6c1e8e840d25d5b4b62c6c5708a8c6a20eed1ec7e21aad3dc88fa144766038cb2fc5dbd12e9320f2d271ae4863b2b8b819af5b181294b40f32a1309302cec671dfd748ec71836bc33f272763e566c07e7e1281dbe9e4c026a8dd8996f6082e8d02ca6b9031c1559e72077b8f2a20a1ca62ea83938a6b703297a1bfaa2421b245350136f5085055546b0992855338d0cd977573cec0e31589822c7c8f0ff57ef22276dc991e98419be24d61bd728d62821cbf2015263baa077e85cea44ddaa8434beebd0fe1b5ba5282fe15884c0a75970d2f305defecfd0731440fb486a988f55b063d7df20b0b8e7888dc2085484332e93caad00519b54da6eb075bb4974fb7026359980fa64460c206128b3a2f5ba71925e48d2f540a75cc59b308b6ce57990e7d1db07932daabb0138694f7727917d98cbe52d8e7beceea9af4b1a87cb1eef1b3efabd04a39ec2a3ae0b1766c8ca2b6bd7a5c51618932ea5414bab2e4cbc67f8c3d0d89521e2da0b240a4ebe69f2c51b78403d4017c5d77a8c4449c7b131138f94785ff4217238e2e81c1bbe86f20f80b60bb11d2be7f640537e8e8045b30bb56bcbee2883a26991b01b37d80028f1a823be706e6319ddeb238fef35ab839a52dd15f262ab1eaf54c37bb0949c7274e6b89570ab0fe8d50d1ef5b3996fc7f20311f1fa67ad45af6fd7e3f7250e4c9c8be74cc0ccfade417ba6fc442717765f778b9470d03c1ce84439c8fef9002130ba3b964ea41604ba558823695f9f89aee9c4aca4f97c8ee9de53e296068967a4e1cd974454830c7b90bc02789a14bf6a2512bd9a8bebfb0944e47fa48071be50ef6f454da2068aed0fafa70e053acf9c14441878126163f5e57ac1c627887d9b39e531f28378fe7bc41f7b60423b1cef12d89b396f4f44fce25f128f754342cc194125a19b3524ac5bfc1839081594ef841f7d13e7c95fea78b681d4ea982d9433d32a6a2a3afe30422b2f8bcab0d055a86126ca95b85a4a55a42621e95251b2428c05cca965c498bb4f65bdcbc8efc29846191a760046996e2564294096494f594ffe002bb045687738c8d35f142073fa45792644e6a90317978e152a5f39325178de083b70a3f5453e8ea6997d44e02c8b39a19a493e34abbe0ce410b9106ca1ffa3ab74d9ef932ac99c5d3e85df1808b99cc7f51d6a950962b4670ccd434334c2131f35e0c669c9baafc9297be1d49678f04fa1f802ab5e38535a03cfac61fa6d170db8b9ce299125f62ebb9129557d14ecd5202e240fa42d6ee287e3b8b5ab07f619a55c3dee9c3d79aa4a84326e0b140e3a453a07c84a57038f01d24100b729e4833c8af8052bb461a011a6f0266814bbbf9c1d0509544c69ddf5bd75fbcde89e76e25b8fc4d6a9edede31a75e156cadc09ee2baeb770c76b1444bdd87078940736366df686fcdcb3f47ef3a20ebb252e2693de19d718827090d37805d897a8c5e7996eb49426a776c3c0adf99c0f776b40a35a1008b8c0ef23330bf22b98b20bd4a1832e4b4391619653d8bb237ea3ea0b58ba795f7b0eb0c15b8b226aff557a69b2c35ee63bf5b6eb7e732cbaced942f34b42c91a9392b998c94abcac102cc79465b6b268237191b2e99d7e96269702108a47a39c7d83bbfcb823460b13045941582ca9c4cbb6a5f907475dddc868a28205a06582d31be1fa1bf8e521cd5051b030c0170767e16518b9c16e5554cfa1f6e49080ed8ffd7a89388f323a0b9a173f289a88c918cfacbc1902ac98c469120db637587223e929533135e68f228c6c773f02c7faa399006339e9ad5c8ff5b7ff0f96486f4d7ea1ae8c9c97d5d1d59f5851920e6bf2381e3b41b3ddae39ce735bafe3a91a384cd9601612503c28153414b677e2db582e8ebaec12de9a71b1dc71e4f82c8c60b7cab23c9d2804637cb415cb9e22e08833e21fd57bff1cb0787bcf406bc6767dba1ad13ab7a57e23acd17e63ff481e49123953161e2ae92749de51eda3fb5e163065a26c09fa1085da4276ea69eace5619d0ea82973b4eb4bfdc5e6eb2b1a327701da2b64a8a82afeb77d862cc0a2f3d72d50b760ddd7baacda003a8437b754fbb3b68d8662358c27bdd5ab0a2ca1203762c362a51e4af5ee87f376d5caa3cf687b2349fc1c857a0ca72b769f425f4af9d9373d77393f19320b6b1a146db1251b71812357aea54866488e479f7ab7423af2ec3458cc2ffea8d952b75569b62a86c1603e8c7bfab96d83565b73fa87fb4163abc8a8c03b706f41f2240552f53a2b342c378c483572e88e812dfeb7f196924bc39a5de9bd339919357e3e5653b72f8d4c597db5496c57660052e04ffed2df47ddb7f2443b4e59eed74c883f800df38356c6f1849c3ab232e7fe50bef4eff87d6b98b172d68c47fe59b3163b955dd16db2c65a4f23a943f198f11cda8fd98de5b8c25e2f5595be2dec32b3be69dc1f70bae5632a9ed98626205ca5aabaef6d16e24f646fc59ffd48c57a2643f37a5bf72d459605d07b3b839c764071165e3ac70c97bedaf80b0434c8857cf76f9009197af7ccca56141f4d0f781c85e3303b6cfd1d3a3d04f24286b6d850ad52b61ae28575277c6ce89f1bcbdc60e2fb42245183f1695508404a8d5fb9d1fa1cc68dd797be2611b3633637b5e35185fd2eca3267cad1621134ce677f7b9185abc881ac338d63db46db8c8f9e4e9f24167739134268965898e6548d20ff8c71f3839f75493fddf606bca29b393ecab5f402f6de3218f3da2bb8577a5036801985ff6ba3a0356b32b90e58895a12954444199cf26a0a864c1a2b31ffe59fad83416b7b3af9643cb5128f63d6142b2634a2fbffb4a21bc811bd13766c45fa9b5b8c1ef5c83da3ee0678224325b66c18d22855176aa056b94af11b79006988a25ba48e6015f370406704f7c381baf5461feb46bd59d1dbd4a38402ee1f8894afd3d9dfe3f2f983806fc92bb01832c104f2ce8a18dd452a9472715b6f9391a1a603b263be489b800deecf14e87603fffc3045169fc4150ef8662ae56ea251ca5002aa19a04c56be7977ab777d5daf1ef548c7e6bb6de08c5992daeeb4df46f4b8554e9c399952cfe49012056aaae993f9146c35e64a3df200186676fe94bf3f91c0f020372216bf61284d1447d9a74eee71b0174a2f3efe1e296653278d079868e9fc74a6e94be8bfd0b872913251c5eeac5620b358f2eba978046c7e3a229c6ba742967f567a93a0654c6f465e6a96b88f4a859b6161ef16c592bf209cd8cca7ad30f9c2c930fba6dcf4340c11f185623135327419d751a096fdc325b0b46db3b0fb0ab7783e3505737c0b290f7b2e3f6ac347f6c6425ef2450fc67376925805f86c2a824522db3064eeadde0c09d212bd61ec2bcbdf5a5a06f9d449b0fc80f66bc04e301abbe1d84e7a49337e1a6e4f3332e6859e6990fc7d6aedfe3435ffcc48ffe1c840e30808c67b7a0a80bba6d7b39873eebc8bbb24ecd05c93c964ba8e16dafa0c7d096403b37b9dadb37710c48fefbb529eede821725d1b7bc65439d3993a31c47ebca2da6504f2e3c6dca7bd7f613587e952e14158b60c00b231dd36e22ff595fc98cfe1af35a607b779ed5260a93875b26e6d6dcc1da3ea9695eaaf3d8fb5293c96cc22d0d3ea487aae6e11ebc6ccec2dd4b748c1082533f2b19f09a49cb06c6d7d1307b325609939dcdba255abfabe59940747c286f3776e091789cb89b80f336930646a6852eb2ae2ab2b2e4d8394229cdb26218067ad4795ab2db74bc2011e3c20c15efebd5603a5429fe2b27ea802f590845d516969bc12ca42291316d97f21ea00c5a91b0630f53af19bd217be0d6b777b7a21eb0d9c2162aa891757bb8a3d99a9f401b8d396c960ead32d79bf228c02ca2e98ea3fff7dc7136fa89007a95d6760cceada782be44a829b7ff59fa50a1635b454b8d12aba94fc0b1c9acfd9b83672535d20b7ea462bf2a3171640d3ef98e84826333ac7f70bae4281e15b8b71cf96bbe0647d91e5835c6055d9e4673bb5f58823fb78501317570e5f6db63715938700349a5884b7a04c5fc44f095f59268c0b1fa39bbcd54782e4eb2b5139ec346c9332cc52e204c2a6d350241a702380f6f72a88efc4f789585b280f4dc51e42b81a558d799fccf7dd62e9bfdbd870dcb6be21236d0a7058f29bed69f6e737fa0301687a78e5ea5235057009dc1bdd14300f8c1d919989fb325ec5545de0e99bdb6a2700f8176e341f0c7542229be4979fa3c84a68cf16bfcbab225d937a0465504578cc695a6dcdfb45562e2e703a59e5cabae80eae2ab192817c483682ad13ddb12f5e398dd09148947f0b575a94dd2243b0f0ea1ba4d442cc9d24934a37f34b63e6d3e6b1d8bc9a9efdd47f49739242f4d65c2bd1cbb91d97911958a10a151af97a06c154f7d197b843e757081957ec3d0d344c8962ee827c545a4ca12f3bd6c1b2265b14aa27a82b1d60debfa65a0089371c63e7cdb40035897961b03c4550cae273039e3208751f28143d217c6604c140887f2a3fd59b7912562d58ec7790dc1fbb5c49e513ae9e96abc28bee7fbd89f5e0e981fc731dbebe803d464c417f986278477344b4297fe15977f9bc0fbc5cd2d5488dc39ceb6bce77605ebba6f59e601e4d0e11b6a27d2aca60890b88c2a2aee1887c24aff60f5b2fad505b3a1f8fe6c01904e81c4c64983a56a1fa298dff9c3cfa5aef7b1b5feb3a9594f33ed223fc8387b37b8fa86f465c46204c0121e44e25d36479eb2c432e047dddb1d45f2ccf4f87101b4d549d8c31be63b83fca6eb24c307ce9f4ddb45312c00f3e8caa495ec51e92b554929992942e3b3a1783fcf4ecee5220586a290c79ec4f8f3d16e1eeb4ae496b2914550f6ee19c6632cd74c55ac417b68a16d58cdf4c52b50467385b980d36ca8b3560c91bb5867f7983af80ba77329167f79ac9e7e5afbf5a12f05647c2ed44a2476ee2d8f060c74239aa21523c3efd9d10518f2f1f953c752a11e94b741484a0fed42aa950d13b726517c1ce29be6603518fe720b197830e8a2b1c26c673ce59b56718384b8b658b4aabac775aa2ff1a7a12b9f51b403cd693b5ff9454698e0f8791a20dd57a2b93e19b6e65529e73473bcacddad74a859d469ab1b77f4031753182715c75b737979e1914ddfdb1c1adced1e6c2b46c7696f0f9cdebd9010e32885cbfab6d55ed61cf5b3a49e0c367f7212fbd26de652e867b69d0db9ec60ebaf667fd8cc360e2d131ec3d1985790288c0a66f6810ebb2802b487a87afbce84d435abce3e766a9a142756ca7226f254c0889bb15bde4c1553a35d6dcce21593a9315fba7a78b0ac0e4490cb92f90a244d8d0e843892da5170d1b1d25f06f4773bc3866cc509cfc40366b9a6876b4ea201a112b58023d48cb4f84d21e180fd114a1e73ba9ab9f1641987f0b06a8c2e6eb1773e7557f97cde523ad23f3eb9e56299a5c6b30efd850f932668a47211705797a5508036b9120213141babb73645415c565952e63e2d3483ff57c3a33a4f028848cb21fadd0f2562685da2de2e5ce0e12670b3d64ae9504958d36c845c97d29917396543f6093bf85cbdec2fc5c530f67678c03462b67506aca8fa43f18b13afe246b7a6a743441fd003bc429a1c657264dd72ecbc92b7cefde94ab0398b0c502966d7cf326f254eba03a8b3a"}, &(0x7f00006ba000-0x4)=0x1008)
fcntl$setstatus(r0, 0x4, 0x2000)
r2 = syz_open_dev$usbmon(&(0x7f0000c8d000)='/dev/usbmon#\x00', 0x7ff, 0x1)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000d8d000)={{{@in=@empty=0x0, @in6=@remote={0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {{@in=@local={0x0, 0x0, 0x0, 0x0}, 0x0, 0x0}, 0x0, @in=@broadcast=0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, &(0x7f0000873000-0x4)=0xe8)
getsockopt$SO_PEERCRED(r0, 0x1, 0x11, &(0x7f00006bd000)={0x0, 0x0, <r4=>0x0}, 0xc)
fchownat(r2, &(0x7f0000986000)='./file0\x00', r3, r4, 0xc00)
sendmsg(r0, &(0x7f000089c000-0x38)={&(0x7f0000435000-0x14)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [0x0, 0x0]}, 0x14, &(0x7f00008f8000)=[], 0x0, &(0x7f0000783000)=[], 0x0, 0x0}, 0x0)
connect$inet(r0, &(0x7f00001b8000-0x10)={0x2, 0x0, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f00001e0000-0x20)={0xf004, &(0x7f00000ae000-0x8)=0x0, 0x1, r2, 0x80000002})
[   29.647334] binder: 3558:3567 ERROR: BC_REGISTER_LOOPER called without request
[   29.652160] QAT: Invalid ioctl
2017/12/21 21:04:33 executing program 3:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000271000)={0x2, 0x78, 0x45, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = mq_open(&(0x7f0000000000)='*GPL[vmnet1@vmnet1{-vmnet@vboxnet0!vboxnet1+M\x00', 0x0, 0x0, &(0x7f0000665000-0x40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = semget$private(0x0, 0x4, 0x535)
semctl$SEM_STAT(r1, 0x6, 0x12, &(0x7f0000f89000)=""/1)
semget$private(0x0, 0x7, 0x100)
mq_getsetattr(r0, &(0x7f00007fe000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f000080a000-0x40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
2017/12/21 21:04:33 executing program 5:
mmap(&(0x7f0000000000/0xef9000)=nil, 0xef9000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
mmap(&(0x7f0000ef9000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000ef9000)='/dev/rfkill\x00', 0x422402, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r1, 0x40505330, &(0x7f000028b000-0x50)={{0x6, 0x6}, {0x1f, 0x100}, 0xa5aa, 0x1, 0x100, [0x0, 0x0, 0x0], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r2 = socket$inet(0x2, 0x2, 0x0)
r3 = dup3(r0, r2, 0x0)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000eee000)=0xffd, 0x4)
mmap(&(0x7f0000efa000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
setsockopt$inet_opts(r3, 0x0, 0xd, &(0x7f0000efb000-0xf3)="c7bf1cbc97569367567f6c371f6e1d830bd729f77850e61c345e2f810e61763e0a6187986a12128132132efe1974fc938a9cfab5ffa892b4e7085a081cd4d841beb4a8330e61cf6c2c0947a4f8a849617afef9aab161a056c8ee26822b2a73b12fbd9bf998267e12749803288af9f40c84605ae5dc6521eaee66f71c4c86319e363589c142aa7104923cb85d9424bc5087fa28856ec452af91af3686f1f23c13cb2baec99139966a72b3dd874f55d9e9e0eeb4f816d6b5a378458a9930d863ce12325ce9fd16c05f794a17b984d8459973e26517c77b108561264ab35d708617adeaae13a670ed416e51245a893cec17932383", 0xf3)
setsockopt$sock_int(r2, 0x1, 0x1d, &(0x7f0000aa6000-0x4)=0xfffffffffffff0cc, 0x4)
sendto$inet(r3, &(0x7f0000833000-0x1)="", 0x0, 0x0, &(0x7f0000eed000)={0x2, 0x0, @empty=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10)
mmap(&(0x7f0000efa000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
recvfrom$inet6(r3, &(0x7f0000ef8000-0x97)=""/151, 0x97, 0x40002021, 0x0, 0x0)
[   29.730914] capability: warning: `syz-executor7' uses 32-bit capabilities (legacy support in use)
2017/12/21 21:04:33 executing program 4:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000040fe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000017000)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, &(0x7f0000f16000-0x4)=0x0)
setsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000bee000-0x8)={0x0, 0x0}, 0x8)
epoll_wait(r0, &(0x7f0000817000-0x78)=[{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}], 0xa, 0x0)
2017/12/21 21:04:33 executing program 2:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f0000f98000)='./file0\x00', 0x80)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000b5c000-0x18)={r0, &(0x7f0000f13000-0xa8)="3ae1b3e2c2f2099207e021505ff0b45a7dd4697f0575f5ae0684e6e4045565d5e831b986fe331ea29db15c724aae8076a37e122fab97494c67c9ee9663c49881aa7dbe9459b97acd0b4fc1cb37cad1f8b9f711e8080830418cf67291e0a3dbcd8bb7e52e581c2950114701e651ecbb5ece47724e5dc3e61085a67b2bdde398e70190a865f13138094ac76d55143e74d517197e982fdbfbc4112410931ce2e2b3a0b9d29b547e6699", &(0x7f00000b5000-0xb4)=""/180}, 0x18)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000a55000)={0x5, 0x1, 0x5, 0x9, 0x0, 0x0, 0x0}, 0x1c)
ioctl$KVM_SET_IDENTITY_MAP_ADDR(r0, 0x4008ae48, &(0x7f00000c7000)=0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000f49000-0x1c)={0xd, 0x4, 0x4, 0x100000001, 0x0, r1, 0x0}, 0x1c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00005f1000)={r2, &(0x7f0000eed000)="", &(0x7f0000b88000)="13", 0x0}, 0x20)
mmap(&(0x7f0000eef000/0x1000)=nil, 0x1000, 0x3, 0x10, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000001000-0xb)='/dev/hwrng\x00', 0x800, 0x0)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_AGP_ALLOC(r3, 0xc0206434, &(0x7f000078c000)={0x3, <r4=>0x0, 0x0, 0xca})
ioctl$DRM_IOCTL_AGP_BIND(r0, 0x40106436, &(0x7f00008b3000)={r4, 0x1000})
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000b3a000-0x10)={r2, &(0x7f0000001000-0x1b)="1b99ad36e9ec34dad931115f01040000c404588488d32de779afa1"}, 0x10)
[   29.776551] binder: 3588:3593 ERROR: BC_REGISTER_LOOPER called without request
[   29.784092] binder: 3593 RLIMIT_NICE not set
[   29.792392] audit: type=1400 audit(1513890273.560:19): avc:  denied  { name_connect } for  pid=3590 comm="syz-executor6" dest=20024 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1
2017/12/21 21:04:33 executing program 3:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tun(&(0x7f0000ef5000)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f000053b000)=0x8000201)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000f58000)={@generic="431df1f38e6e005a112f648d1c22ce26", @ifru_addrs=@rc={0x1f, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0}})
socketpair$inet6_udp(0xa, 0x2, 0x0, &(0x7f0000f98000)={0x0, 0x0})
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
bind$inet6(r1, &(0x7f0000ba4000-0x1c)={0xa, 0x0, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xaa}, 0x401}, 0x1c)
ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000747000)=0x9)
2017/12/21 21:04:33 executing program 6:
mmap(&(0x7f0000000000/0xf60000)=nil, 0xf60000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x80003, 0xff)
mmap(&(0x7f0000f60000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
bind$inet6(r0, &(0x7f0000f61000-0x1c)={0xa, 0x3, 0xfffffffffffff001, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xaa}, 0xfffffffffffff801}, 0x1c)
r1 = socket$inet6(0xa, 0x80003, 0xff)
setsockopt$inet6_int(r1, 0x29, 0x16, &(0x7f000090f000)=0x0, 0x4)
dup3(r0, r1, 0x0)
2017/12/21 21:04:33 executing program 5:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tun(&(0x7f0000ba6000-0xd)='/dev/net/tun\x00', 0x0, 0x0)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000c94000)={@generic="066edf3bba3190d099a423812c36f57d", @ifru_addrs={0x2, 0x2, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}})
set_mempolicy(0x3, &(0x7f00000af000-0x4)=0x0, 0x5)
r2 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000a5b000-0x28)={@common='gre0\x00', @ifru_names=@generic="0252734fb088526cca26b5239cab12c4"})
[   29.812823] binder: 3588:3603 got reply transaction with no transaction stack
2017/12/21 21:04:33 executing program 0:
ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, &(0x7f00007f0000-0x4)=<r0=>0x0)
getpriority(0x1, r0)
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r1 = socket(0xa, 0x803, 0x7)
sendmmsg$nfc_llcp(r1, &(0x7f0000f44000)=[{&(0x7f000088f000-0x60)={0xa, 0x0, 0x0, 0x0, 0x0, 0x0, "0fcca4bb22f2892559edddba1a892f216c6adb6dac3291add84e7dd1b9b1e1043844071c007846f83c7baa707bef6850ccdb39c111743913f1b760121acf03", 0x0}, 0x60, &(0x7f000055a000)=[{&(0x7f0000874000-0xd0)="cddf244efe0acd6c9fe17cd1471e0f48baf0a46edb39a5ce4dd79915c9400fe2b6f47247d4ee7b249d56fb15ca94ecc49cc1fbb7778e7a905cf2a6ec85771f54106bd5a7a57ef1b204391db996e243d7966a585e1bf78acf3ebf040513909784fe37a985470e4b30eae4e7ed86b96c83d04eb924a4a6efa1c4e5698f7cb6add7bd5a149c297e86f6bb3e6d8efbba9a73c65913bbfb3fb128fafa3a3a3e15be0b807d382724c8eb409775cdc76c989107a1e69faf084fc07e238e6987b8d9bb85fe52457a1c3649e4b23093d621a8748c", 0xd0}, {&(0x7f0000d0b000-0xc4)="9e216a464f6f62bd83d208c7c23d076a2f30077033cd2d664ea0b72046450cd08b785670cb3b3b57fbbabb83884635b2c85e64943c5db80b838c0942883974998511fe586496f3712003ba6e5624d29ca853bc99c14f453f67f0eff48d05f756cce1064f32dc14b5fc70033b0717e7fe93f38486951e98cdeb737d85c53fa82c7a28fd4cfb4b0ead0c9c5506b48c11fbcbb5983020207626c47ba44e7bd542bee7518083b903791624c72e277ac081a3b3a5e44a99784e6caba54f92ec4353bdbb24c340", 0xc4}, {&(0x7f00004a6000)="e1219b52800c4f36f6464de429f471573e9b384a169a8e80b80f311c6f94d0398ad1aaf2511c7f21fdc0687694e797aef0b7216e4a3b004d6113f7bd552a5f826bc929014be010a2c57b4a103ca8b470d93bea65549700d4ea42ba5c6dc69d5c8c88628ca2b3cd5721c909175bcbdf96c02796effc2b88d862e632a2f0dd8139df629f7eab72b7dc4cd9fe29942138e98d3ad4177a7bcc50420d2894ff3b7e97343ea544d9a79efa6e8a019ded0fc5382f4c2473283bb68c8682cf0729a64cd667ac797942905ed83c2894984962b428af168e8dd0791d3e2ad79c94fd856ed80115743facb603", 0xe7}], 0x3, &(0x7f000024d000)={0x10, 0x100000000000029, 0xb, ""}, 0x10, 0x0}], 0x1, 0x0)
[   29.812832] binder: 3588:3603 transaction failed 29201/-71, size 0-8 line 2760
[   29.861469] binder: 3588:3603 ERROR: BC_REGISTER_LOOPER called without request
[   29.861479] binder: 3603 RLIMIT_NICE not set
2017/12/21 21:04:33 executing program 6:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001000-0x9)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f000081b000-0x10)={0x0, 0x0, 0x0})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = dup3(r0, r0, 0x80000)
pipe(&(0x7f0000c39000-0x8)={<r3=>0x0, 0x0})
ioctl$FUSE_DEV_IOC_CLONE(r2, 0x8004e500, &(0x7f000034c000-0x4)=r3)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0x0, 0x13ffd, 0x0})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00007e9000)={0x10003, 0x2, 0x0, 0x2000, &(0x7f00006f7000/0x2000)=nil})
ioctl$KVM_SMI(r4, 0xaeb7)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r5 = socket(0x1e, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xf72, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x0, 0x8001, 0x200, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getsockopt(r5, 0x10f, 0x84, &(0x7f0000b2f000)=""/0, &(0x7f0000ee6000)=0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000864000/0x18000)=nil, &(0x7f000082d000)=[@text64={0x40, &(0x7f0000423000-0x45)="c482ddbcbcbc0000000064430f01c80fc7ac7500400000644d0f236a674c0fc71a0f06c4c39141946281510000f3c482a9aaa6873c562a410f005a6f362e0f009b00000000", 0x45}], 0x1, 0x3, &(0x7f0000241000-0x20)=[@cstype0={0x4, 0x2}, @dstype3={0x7, 0x9}], 0x2)
[   29.882299] binder: 3588:3627 got reply transaction with no transaction stack
[   29.882311] binder: 3588:3627 transaction failed 29201/-71, size 0-8 line 2760
[   30.031193] ==================================================================
[   30.039692] BUG: KASAN: use-after-free in __schedule+0xda3/0x2060
[   30.045891] Read of size 8 at addr ffff8801bf0b80d8 by task syz-executor6/3646
[   30.053215] 
[   30.054813] CPU: 0 PID: 3646 Comm: syz-executor6 Not tainted 4.15.0-rc4-mm1+ #47
[   30.062311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.071631] Call Trace:
[   30.074185]  dump_stack+0x194/0x257
[   30.077780]  ? arch_local_irq_restore+0x53/0x53
[   30.082426]  ? show_regs_print_info+0x18/0x18
[   30.086901]  ? __schedule+0xda3/0x2060
[   30.090758]  print_address_description+0x73/0x250
[   30.095575]  ? __schedule+0xda3/0x2060
[   30.099431]  kasan_report+0x23b/0x360
[   30.103204]  __asan_report_load8_noabort+0x14/0x20
[   30.108101]  __schedule+0xda3/0x2060
[   30.111788]  ? __sched_text_start+0x8/0x8
[   30.115906]  ? trace_hardirqs_on+0xd/0x10
[   30.120022]  ? __call_srcu+0x7ee/0x1020
[   30.123968]  ? do_raw_spin_trylock+0x190/0x190
[   30.128515]  ? do_raw_spin_trylock+0x190/0x190
[   30.133077]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   30.138930]  ? __debug_object_init+0x235/0x1040
[   30.143576]  preempt_schedule_common+0x22/0x60
[   30.148127]  _cond_resched+0x1d/0x30
[   30.151815]  wait_for_completion+0xa5/0x770
[   30.156112]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   30.161097]  ? wait_for_completion_interruptible+0x7e0/0x7e0
[   30.166864]  ? __lockdep_init_map+0xe4/0x650
[   30.171246]  ? __init_waitqueue_head+0x97/0x140
[   30.175884]  ? init_wait_entry+0x1b0/0x1b0
[   30.180095]  __synchronize_srcu+0x1ad/0x260
[   30.184384]  ? call_srcu+0x10/0x10
[   30.187895]  ? trace_raw_output_rcu_utilization+0xb0/0xb0
[   30.193407]  ? irq_matrix_allocated+0x80/0x80
[   30.197870]  ? synchronize_srcu+0x3c5/0x570
[   30.202163]  synchronize_srcu+0x1a3/0x570
[   30.206277]  ? synchronize_srcu+0x1a3/0x570
[   30.210564]  ? lock_downgrade+0x980/0x980
[   30.214681]  ? synchronize_srcu_expedited+0x20/0x20
[   30.219668]  ? lock_release+0xa40/0xa40
[   30.223613]  ? free_obj_work+0x690/0x690
[   30.227646]  ? do_raw_spin_trylock+0x190/0x190
[   30.232205]  kvm_page_track_unregister_notifier+0x186/0x270
[   30.237886]  ? trace_hardirqs_off+0xd/0x10
[   30.242091]  ? kvm_slot_page_track_remove_page+0x60/0x60
[   30.247772]  ? kvfree+0x36/0x60
[   30.251020]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   30.256017]  ? trace_hardirqs_on+0xd/0x10
[   30.260154]  kvm_mmu_uninit_vm+0x1c/0x20
[   30.264194]  kvm_arch_destroy_vm+0x73b/0x980
[   30.268574]  ? kvm_arch_sync_events+0x30/0x30
[   30.273038]  ? mmdrop+0x18/0x30
[   30.276288]  ? mmu_notifier_unregister+0x43c/0x5c0
[   30.281190]  ? __mmu_notifier_invalidate_range_end+0x360/0x360
[   30.287132]  ? __free_pages+0x107/0x150
[   30.291076]  ? free_unref_page+0x9e0/0x9e0
[   30.295281]  ? quarantine_put+0xeb/0x190
[   30.299311]  ? kfree+0xf0/0x260
[   30.302560]  ? kvm_put_kvm+0x614/0xde0
[   30.306505]  ? free_pages+0x51/0x90
[   30.310101]  kvm_put_kvm+0x695/0xde0
[   30.313789]  ? kvm_clear_guest+0xb0/0xb0
[   30.317824]  ? kvm_irqfd_release+0xd1/0x120
[   30.322116]  ? lock_downgrade+0x980/0x980
[   30.326247]  ? _raw_spin_unlock_irq+0x27/0x70
[   30.330716]  ? kvm_irqfd_release+0xdd/0x120
[   30.335006]  ? kvm_irqfd_release+0xdd/0x120
[   30.339296]  ? kvm_put_kvm+0xde0/0xde0
[   30.343152]  kvm_vm_release+0x42/0x50
[   30.346920]  __fput+0x327/0x7e0
[   30.350171]  ? fput+0x140/0x140
[   30.353421]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   30.359271]  ? _raw_spin_unlock_irq+0x27/0x70
[   30.363739]  ____fput+0x15/0x20
[   30.366987]  task_work_run+0x199/0x270
[   30.370846]  ? task_work_cancel+0x210/0x210
[   30.375139]  ? _raw_spin_unlock+0x22/0x30
[   30.379254]  ? switch_task_namespaces+0x87/0xc0
[   30.383896]  do_exit+0x9bb/0x1ad0
[   30.387319]  ? check_noncircular+0x20/0x20
[   30.391526]  ? mm_update_next_owner+0x930/0x930
[   30.396177]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   30.401337]  ? __might_sleep+0x95/0x190
[   30.405284]  ? find_held_lock+0x35/0x1d0
[   30.409319]  ? futex_wait+0x402/0x9a0
[   30.413090]  ? lock_downgrade+0x980/0x980
[   30.417208]  ? __unqueue_futex+0x1c0/0x290
[   30.421409]  ? lock_release+0xa40/0xa40
[   30.425351]  ? fault_in_user_writeable+0x90/0x90
[   30.430074]  ? do_raw_spin_trylock+0x190/0x190
[   30.434626]  ? check_noncircular+0x20/0x20
[   30.438831]  ? drop_futex_key_refs.isra.12+0x63/0xa0
[   30.443904]  ? futex_wait+0x6a9/0x9a0
[   30.447684]  ? find_held_lock+0x35/0x1d0
[   30.451719]  ? get_signal+0x7ae/0x16c0
[   30.455574]  ? lock_downgrade+0x980/0x980
[   30.459703]  do_group_exit+0x149/0x400
[   30.463559]  ? do_raw_spin_trylock+0x190/0x190
[   30.468110]  ? SyS_exit+0x30/0x30
[   30.471530]  ? _raw_spin_unlock_irq+0x27/0x70
[   30.475996]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   30.480983]  get_signal+0x73f/0x16c0
[   30.484670]  ? ptrace_notify+0x130/0x130
[   30.488703]  ? kvm_vcpu_fault+0x520/0x520
[   30.492821]  ? exit_robust_list+0x240/0x240
[   30.497110]  ? find_held_lock+0x35/0x1d0
[   30.501144]  ? __fget+0x333/0x570
[   30.504569]  ? lock_downgrade+0x980/0x980
[   30.508703]  do_signal+0x94/0x1ee0
[   30.512216]  ? __lock_is_held+0xb6/0x140
[   30.516249]  ? setup_sigcontext+0x7d0/0x7d0
[   30.520540]  ? __fget+0x35c/0x570
[   30.523966]  ? iterate_fd+0x3f0/0x3f0
[   30.527737]  ? _raw_spin_unlock_irq+0x27/0x70
[   30.532201]  ? task_work_run+0x1f4/0x270
[   30.536234]  ? task_work_cancel+0x210/0x210
[   30.540527]  ? exit_to_usermode_loop+0x8c/0x2f0
[   30.545167]  exit_to_usermode_loop+0x258/0x2f0
[   30.549719]  ? ioctl_preallocate+0x2b0/0x2b0
[   30.554096]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   30.559601]  ? selinux_capable+0x40/0x40
[   30.563637]  syscall_return_slowpath+0x490/0x550
[   30.568360]  ? prepare_exit_to_usermode+0x340/0x340
[   30.573344]  ? entry_SYSCALL_64_fastpath+0x69/0x96
[   30.578242]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   30.583226]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   30.587955]  entry_SYSCALL_64_fastpath+0x94/0x96
[   30.592686] RIP: 0033:0x452a09
[   30.595842] RSP: 002b:00007f89f3ccece8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   30.603518] RAX: fffffffffffffe00 RBX: 000000000071bf80 RCX: 0000000000452a09
[   30.610755] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000071bf80
[   30.617994] RBP: 000000000071bf80 R08: 000000000000059d R09: 000000000071bf58
[   30.625232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   30.632483] R13: 0000000000a2f7ff R14: 00007f89f3ccf9c0 R15: 0000000000000002
[   30.639738] 
[   30.641343] Allocated by task 3646:
[   30.644961]  save_stack+0x43/0xd0
[   30.648394]  kasan_kmalloc+0xad/0xe0
[   30.652080]  kasan_slab_alloc+0x12/0x20
[   30.656035]  kmem_cache_alloc+0x12e/0x760
[   30.660166]  vmx_create_vcpu+0xc4/0x2f20
[   30.664217]  kvm_arch_vcpu_create+0x12c/0x1a0
[   30.668699]  kvm_vm_ioctl+0x48b/0x1c60
[   30.672596]  do_vfs_ioctl+0x1b1/0x1520
[   30.676454]  SyS_ioctl+0x8f/0xc0
[   30.679795]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   30.684523] 
[   30.686117] Freed by task 3646:
[   30.689364]  save_stack+0x43/0xd0
[   30.692786]  kasan_slab_free+0x71/0xc0
[   30.696640]  kmem_cache_free+0x83/0x2a0
[   30.700589]  vmx_free_vcpu+0x1ee/0x260
[   30.704444]  kvm_arch_destroy_vm+0x4a2/0x980
[   30.708821]  kvm_put_kvm+0x695/0xde0
[   30.712587]  kvm_vm_release+0x42/0x50
[   30.716355]  __fput+0x327/0x7e0
[   30.719601]  ____fput+0x15/0x20
[   30.722850]  task_work_run+0x199/0x270
[   30.727055]  do_exit+0x9bb/0x1ad0
[   30.730476]  do_group_exit+0x149/0x400
[   30.734331]  get_signal+0x73f/0x16c0
[   30.738011]  do_signal+0x94/0x1ee0
[   30.741518]  exit_to_usermode_loop+0x258/0x2f0
[   30.746066]  syscall_return_slowpath+0x490/0x550
[   30.750789]  entry_SYSCALL_64_fastpath+0x94/0x96
[   30.755508] 
[   30.757105] The buggy address belongs to the object at ffff8801bf0b80c0
[   30.757105]  which belongs to the cache kvm_vcpu of size 23872
[   30.769639] The buggy address is located 24 bytes inside of
[   30.769639]  23872-byte region [ffff8801bf0b80c0, ffff8801bf0bde00)
[   30.781566] The buggy address belongs to the page:
[   30.786874] page:ffffea0006fc2e00 count:1 mapcount:0 mapping:ffff8801bf0b80c0 index:0x0 compound_mapcount: 0
[   30.796810] flags: 0x2fffc0000008100(slab|head)
[   30.801449] raw: 02fffc0000008100 ffff8801bf0b80c0 0000000000000000 0000000100000001
[   30.809299] raw: ffffea0006fd4620 ffff8801d6426648 ffff8801d6425540 0000000000000000
[   30.817143] page dumped because: kasan: bad access detected
[   30.822819] 
[   30.824412] Memory state around the buggy address:
[   30.829318]  ffff8801bf0b7f80: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[   30.836643]  ffff8801bf0b8000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.843973] >ffff8801bf0b8080: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   30.851296]                                                     ^
[   30.857492]  ffff8801bf0b8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   30.864819]  ffff8801bf0b8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   30.872142] ==================================================================
[   30.879467] Kernel panic - not syncing: panic_on_warn set ...
[   30.879467] 
[   30.886797] CPU: 0 PID: 3646 Comm: syz-executor6 Tainted: G    B            4.15.0-rc4-mm1+ #47
[   30.895598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.904924] Call Trace:
[   30.907485]  dump_stack+0x194/0x257
[   30.911083]  ? arch_local_irq_restore+0x53/0x53
[   30.915719]  ? kasan_end_report+0x32/0x50
[   30.919836]  ? lock_downgrade+0x980/0x980
[   30.923952]  ? vsnprintf+0x1ed/0x1900
[   30.927723]  ? __schedule+0xcf0/0x2060
[   30.931581]  panic+0x1e4/0x41c
[   30.934742]  ? refcount_error_report+0x214/0x214
[   30.939472]  ? print_shadow_for_address+0xdc/0x1a0
[   30.944368]  ? add_taint+0x1c/0x50
[   30.947880]  ? __schedule+0xda3/0x2060
[   30.951735]  kasan_end_report+0x50/0x50
[   30.955679]  kasan_report+0x148/0x360
[   30.959452]  __asan_report_load8_noabort+0x14/0x20
[   30.964349]  __schedule+0xda3/0x2060
[   30.968038]  ? __sched_text_start+0x8/0x8
[   30.972156]  ? trace_hardirqs_on+0xd/0x10
[   30.976275]  ? __call_srcu+0x7ee/0x1020
[   30.980220]  ? do_raw_spin_trylock+0x190/0x190
[   30.984769]  ? do_raw_spin_trylock+0x190/0x190
[   30.989327]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   30.995180]  ? __debug_object_init+0x235/0x1040
[   30.999825]  preempt_schedule_common+0x22/0x60
[   31.004374]  _cond_resched+0x1d/0x30
[   31.008055]  wait_for_completion+0xa5/0x770
[   31.012345]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.017331]  ? wait_for_completion_interruptible+0x7e0/0x7e0
[   31.023099]  ? __lockdep_init_map+0xe4/0x650
[   31.027481]  ? __init_waitqueue_head+0x97/0x140
[   31.032124]  ? init_wait_entry+0x1b0/0x1b0
[   31.036335]  __synchronize_srcu+0x1ad/0x260
[   31.040625]  ? call_srcu+0x10/0x10
[   31.044137]  ? trace_raw_output_rcu_utilization+0xb0/0xb0
[   31.049654]  ? irq_matrix_allocated+0x80/0x80
[   31.054134]  ? synchronize_srcu+0x3c5/0x570
[   31.058427]  synchronize_srcu+0x1a3/0x570
[   31.062542]  ? synchronize_srcu+0x1a3/0x570
[   31.066832]  ? lock_downgrade+0x980/0x980
[   31.070948]  ? synchronize_srcu_expedited+0x20/0x20
[   31.075933]  ? lock_release+0xa40/0xa40
[   31.079877]  ? free_obj_work+0x690/0x690
[   31.083907]  ? do_raw_spin_trylock+0x190/0x190
[   31.088466]  kvm_page_track_unregister_notifier+0x186/0x270
[   31.094143]  ? trace_hardirqs_off+0xd/0x10
[   31.098346]  ? kvm_slot_page_track_remove_page+0x60/0x60
[   31.103767]  ? kvfree+0x36/0x60
[   31.107015]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.112000]  ? trace_hardirqs_on+0xd/0x10
[   31.116120]  kvm_mmu_uninit_vm+0x1c/0x20
[   31.120151]  kvm_arch_destroy_vm+0x73b/0x980
[   31.124532]  ? kvm_arch_sync_events+0x30/0x30
[   31.128995]  ? mmdrop+0x18/0x30
[   31.132244]  ? mmu_notifier_unregister+0x43c/0x5c0
[   31.137145]  ? __mmu_notifier_invalidate_range_end+0x360/0x360
[   31.143085]  ? __free_pages+0x107/0x150
[   31.147029]  ? free_unref_page+0x9e0/0x9e0
[   31.151232]  ? quarantine_put+0xeb/0x190
[   31.155260]  ? kfree+0xf0/0x260
[   31.158507]  ? kvm_put_kvm+0x614/0xde0
[   31.162364]  ? free_pages+0x51/0x90
[   31.165962]  kvm_put_kvm+0x695/0xde0
[   31.169651]  ? kvm_clear_guest+0xb0/0xb0
[   31.173685]  ? kvm_irqfd_release+0xd1/0x120
[   31.177976]  ? lock_downgrade+0x980/0x980
[   31.182102]  ? _raw_spin_unlock_irq+0x27/0x70
[   31.186569]  ? kvm_irqfd_release+0xdd/0x120
[   31.190858]  ? kvm_irqfd_release+0xdd/0x120
[   31.195151]  ? kvm_put_kvm+0xde0/0xde0
[   31.199008]  kvm_vm_release+0x42/0x50
[   31.202775]  __fput+0x327/0x7e0
[   31.206028]  ? fput+0x140/0x140
[   31.209291]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   31.215140]  ? _raw_spin_unlock_irq+0x27/0x70
[   31.219618]  ____fput+0x15/0x20
[   31.222871]  task_work_run+0x199/0x270
[   31.226735]  ? task_work_cancel+0x210/0x210
[   31.231024]  ? _raw_spin_unlock+0x22/0x30
[   31.235140]  ? switch_task_namespaces+0x87/0xc0
[   31.239782]  do_exit+0x9bb/0x1ad0
[   31.243202]  ? check_noncircular+0x20/0x20
[   31.247413]  ? mm_update_next_owner+0x930/0x930
[   31.252053]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   31.257213]  ? __might_sleep+0x95/0x190
[   31.261161]  ? find_held_lock+0x35/0x1d0
[   31.265197]  ? futex_wait+0x402/0x9a0
[   31.268966]  ? lock_downgrade+0x980/0x980
[   31.273082]  ? __unqueue_futex+0x1c0/0x290
[   31.277283]  ? lock_release+0xa40/0xa40
[   31.281224]  ? fault_in_user_writeable+0x90/0x90
[   31.285951]  ? do_raw_spin_trylock+0x190/0x190
[   31.290501]  ? check_noncircular+0x20/0x20
[   31.294718]  ? drop_futex_key_refs.isra.12+0x63/0xa0
[   31.299790]  ? futex_wait+0x6a9/0x9a0
[   31.303568]  ? find_held_lock+0x35/0x1d0
[   31.307606]  ? get_signal+0x7ae/0x16c0
[   31.311464]  ? lock_downgrade+0x980/0x980
[   31.315589]  do_group_exit+0x149/0x400
[   31.319447]  ? do_raw_spin_trylock+0x190/0x190
[   31.324000]  ? SyS_exit+0x30/0x30
[   31.327422]  ? _raw_spin_unlock_irq+0x27/0x70
[   31.331887]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.336876]  get_signal+0x73f/0x16c0
[   31.340571]  ? ptrace_notify+0x130/0x130
[   31.344607]  ? kvm_vcpu_fault+0x520/0x520
[   31.348735]  ? exit_robust_list+0x240/0x240
[   31.353026]  ? find_held_lock+0x35/0x1d0
[   31.357061]  ? __fget+0x333/0x570
[   31.360482]  ? lock_downgrade+0x980/0x980
[   31.364603]  do_signal+0x94/0x1ee0
[   31.368121]  ? __lock_is_held+0xb6/0x140
[   31.372155]  ? setup_sigcontext+0x7d0/0x7d0
[   31.376450]  ? __fget+0x35c/0x570
[   31.379877]  ? iterate_fd+0x3f0/0x3f0
[   31.383645]  ? _raw_spin_unlock_irq+0x27/0x70
[   31.388109]  ? task_work_run+0x1f4/0x270
[   31.392141]  ? task_work_cancel+0x210/0x210
[   31.396432]  ? exit_to_usermode_loop+0x8c/0x2f0
[   31.401074]  exit_to_usermode_loop+0x258/0x2f0
[   31.405624]  ? ioctl_preallocate+0x2b0/0x2b0
[   31.410004]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   31.415511]  ? selinux_capable+0x40/0x40
[   31.419552]  syscall_return_slowpath+0x490/0x550
[   31.424276]  ? prepare_exit_to_usermode+0x340/0x340
[   31.429261]  ? entry_SYSCALL_64_fastpath+0x69/0x96
[   31.434170]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.439156]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   31.443886]  entry_SYSCALL_64_fastpath+0x94/0x96
[   31.448614] RIP: 0033:0x452a09
[   31.451781] RSP: 002b:00007f89f3ccece8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   31.459458] RAX: fffffffffffffe00 RBX: 000000000071bf80 RCX: 0000000000452a09
[   31.466699] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000071bf80
[   31.473937] RBP: 000000000071bf80 R08: 000000000000059d R09: 000000000071bf58
[   31.481174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   31.488414] R13: 0000000000a2f7ff R14: 00007f89f3ccf9c0 R15: 0000000000000002
[   31.495679] 
[   31.495682] ======================================================
[   31.495684] WARNING: possible circular locking dependency detected
[   31.495686] 4.15.0-rc4-mm1+ #47 Not tainted
[   31.495688] ------------------------------------------------------
[   31.495690] syz-executor6/3646 is trying to acquire lock:
[   31.495692]  ((console_sem).lock){..-.}, at: [<000000004b3f0721>] down_trylock+0x13/0x70
[   31.495697] 
[   31.495699] but task is already holding lock:
[   31.495700]  (report_lock){....}, at: [<00000000c3593a24>] kasan_report+0x6b/0x360
[   31.495705] 
[   31.495707] which lock already depends on the new lock.
[   31.495708] 
[   31.495709] 
[   31.495711] the existing dependency chain (in reverse order) is:
[   31.495712] 
[   31.495713] -> #3 (report_lock){....}:
[   31.495718]        _raw_spin_lock_irqsave+0x96/0xc0
[   31.495720]        kasan_report+0x6b/0x360
[   31.495722]        __asan_report_load8_noabort+0x14/0x20
[   31.495724]        __schedule+0xda3/0x2060
[   31.495725]        preempt_schedule_common+0x22/0x60
[   31.495727]        _cond_resched+0x1d/0x30
[   31.495729]        wait_for_completion+0xa5/0x770
[   31.495731]        __synchronize_srcu+0x1ad/0x260
[   31.495732]        synchronize_srcu+0x1a3/0x570
[   31.495734]        kvm_page_track_unregister_notifier+0x186/0x270
[   31.495736]        kvm_mmu_uninit_vm+0x1c/0x20
[   31.495738]        kvm_arch_destroy_vm+0x73b/0x980
[   31.495739]        kvm_put_kvm+0x695/0xde0
[   31.495741]        kvm_vm_release+0x42/0x50
[   31.495743]        __fput+0x327/0x7e0
[   31.495744]        ____fput+0x15/0x20
[   31.495746]        task_work_run+0x199/0x270
[   31.495747]        do_exit+0x9bb/0x1ad0
[   31.495749]        do_group_exit+0x149/0x400
[   31.495751]        get_signal+0x73f/0x16c0
[   31.495752]        do_signal+0x94/0x1ee0
[   31.495754]        exit_to_usermode_loop+0x258/0x2f0
[   31.495756]        syscall_return_slowpath+0x490/0x550
[   31.495758]        entry_SYSCALL_64_fastpath+0x94/0x96
[   31.495759] 
[   31.495759] -> #2 (&rq->lock){-.-.}:
[   31.495765]        _raw_spin_lock+0x2a/0x40
[   31.495766]        task_fork_fair+0x7a/0x690
[   31.495768]        sched_fork+0x435/0xc00
[   31.495770]        copy_process.part.37+0x1758/0x4b60
[   31.495771]        _do_fork+0x1f7/0xf70
[   31.495773]        kernel_thread+0x34/0x40
[   31.495775]        rest_init+0x22/0xf0
[   31.495776]        start_kernel+0x7f1/0x819
[   31.495778]        x86_64_start_reservations+0x2a/0x2c
[   31.495780]        x86_64_start_kernel+0x77/0x7a
[   31.495782]        secondary_startup_64+0xa5/0xb0
[   31.495782] 
[   31.495783] -> #1 (&p->pi_lock){-.-.}:
[   31.495789]        _raw_spin_lock_irqsave+0x96/0xc0
[   31.495791]        try_to_wake_up+0xbc/0x1600
[   31.495792]        wake_up_process+0x10/0x20
[   31.495794]        __up.isra.0+0x1cc/0x2c0
[   31.495795]        up+0x13b/0x1d0
[   31.495797]        __up_console_sem+0xb2/0x1a0
[   31.495799]        console_unlock+0x538/0xd70
[   31.495801]        do_con_write+0x106e/0x1f70
[   31.495802]        con_write+0x25/0xb0
[   31.495804]        n_tty_write+0x5ef/0xec0
[   31.495805]        tty_write+0x3fa/0x840
[   31.495807]        __vfs_write+0xef/0x970
[   31.495808]        vfs_write+0x189/0x510
[   31.495810]        SyS_write+0xef/0x220
[   31.495812]        entry_SYSCALL_64_fastpath+0x1f/0x96
[   31.495813] 
[   31.495814] -> #0 ((console_sem).lock){..-.}:
[   31.495819]        lock_acquire+0x1d5/0x580
[   31.495821]        _raw_spin_lock_irqsave+0x96/0xc0
[   31.495823]        down_trylock+0x13/0x70
[   31.495825]        __down_trylock_console_sem+0xa2/0x1e0
[   31.495827]        console_trylock+0x15/0x100
[   31.495828]        vprintk_emit+0x49b/0x590
[   31.495830]        vprintk_default+0x28/0x30
[   31.495831]        vprintk_func+0x57/0xc0
[   31.495833]        printk+0xaa/0xca
[   31.495834]        kasan_report+0x7b/0x360
[   31.495836]        __asan_report_load8_noabort+0x14/0x20
[   31.495838]        __schedule+0xda3/0x2060
[   31.495840]        preempt_schedule_common+0x22/0x60
[   31.495842]        _cond_resched+0x1d/0x30
[   31.495843]        wait_for_completion+0xa5/0x770
[   31.495845]        __synchronize_srcu+0x1ad/0x260
[   31.495847]        synchronize_srcu+0x1a3/0x570
[   31.495849]        kvm_page_track_unregister_notifier+0x186/0x270
[   31.495851]        kvm_mmu_uninit_vm+0x1c/0x20
[   31.495853]        kvm_arch_destroy_vm+0x73b/0x980
[   31.495854]        kvm_put_kvm+0x695/0xde0
[   31.495856]        kvm_vm_release+0x42/0x50
[   31.495857]        __fput+0x327/0x7e0
[   31.495859]        ____fput+0x15/0x20
[   31.495860]        task_work_run+0x199/0x270
[   31.495862]        do_exit+0x9bb/0x1ad0
[   31.495864]        do_group_exit+0x149/0x400
[   31.495865]        get_signal+0x73f/0x16c0
[   31.495867]        do_signal+0x94/0x1ee0
[   31.495868]        exit_to_usermode_loop+0x258/0x2f0
[   31.495870]        syscall_return_slowpath+0x490/0x550
[   31.495872]        entry_SYSCALL_64_fastpath+0x94/0x96
[   31.495873] 
[   31.495875] other info that might help us debug this:
[   31.495876] 
[   31.495877] Chain exists of:
[   31.495878]   (console_sem).lock --> &rq->lock --> report_lock
[   31.495885] 
[   31.495886]  Possible unsafe locking scenario:
[   31.495887] 
[   31.495889]        CPU0                    CPU1
[   31.495891]        ----                    ----
[   31.495891]   lock(report_lock);
[   31.495895]                                lock(&rq->lock);
[   31.495899]                                lock(report_lock);
[   31.495902]   lock((console_sem).lock);
[   31.495905] 
[   31.495906]  *** DEADLOCK ***
[   31.495907] 
[   31.495909] 2 locks held by syz-executor6/3646:
[   31.495910]  #0:  (&rq->lock){-.-.}, at: [<0000000028e1a9de>] __schedule+0x24e/0x2060
[   31.495915]  #1:  (report_lock){....}, at: [<00000000c3593a24>] kasan_report+0x6b/0x360
[   31.495921] 
[   31.495922] stack backtrace:
[   31.495925] CPU: 0 PID: 3646 Comm: syz-executor6 Not tainted 4.15.0-rc4-mm1+ #47
[   31.495928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.495929] Call Trace:
[   31.495931]  dump_stack+0x194/0x257
[   31.495933]  ? arch_local_irq_restore+0x53/0x53
[   31.495934]  print_circular_bug.isra.37+0x2cd/0x2dc
[   31.495936]  ? save_trace+0xe0/0x2b0
[   31.495938]  __lock_acquire+0x30a8/0x3e00
[   31.495940]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   31.495942]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   31.495944]  ? print_lockdep_cache.isra.31+0x109/0x109
[   31.495945]  ? save_stack_trace+0x1a/0x20
[   31.495947]  ? save_trace+0xe0/0x2b0
[   31.495949]  ? __lock_acquire+0x36c0/0x3e00
[   31.495951]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   31.495952]  ? __lock_is_held+0xb6/0x140
[   31.495954]  ? __lock_is_held+0xb6/0x140
[   31.495955]  lock_acquire+0x1d5/0x580
[   31.495957]  ? lock_acquire+0x1d5/0x580
[   31.495959]  ? down_trylock+0x13/0x70
[   31.495960]  ? find_held_lock+0x35/0x1d0
[   31.495962]  ? lock_release+0xa40/0xa40
[   31.495964]  ? vprintk_emit+0x379/0x590
[   31.495965]  ? lock_downgrade+0x980/0x980
[   31.495967]  ? kvm_sched_clock_read+0x25/0x40
[   31.495969]  ? sched_clock+0x31/0x40
[   31.495970]  ? sched_clock_cpu+0x1b/0x170
[   31.495972]  ? vprintk_emit+0x49b/0x590
[   31.495974]  _raw_spin_lock_irqsave+0x96/0xc0
[   31.495975]  ? down_trylock+0x13/0x70
[   31.495977]  down_trylock+0x13/0x70
[   31.495978]  ? vprintk_emit+0x49b/0x590
[   31.495980]  __down_trylock_console_sem+0xa2/0x1e0
[   31.495982]  console_trylock+0x15/0x100
[   31.495983]  vprintk_emit+0x49b/0x590
[   31.495985]  vprintk_default+0x28/0x30
[   31.495986]  vprintk_func+0x57/0xc0
[   31.495988]  printk+0xaa/0xca
[   31.495989]  ? show_regs_print_info+0x18/0x18
[   31.495991]  ? __schedule+0xda3/0x2060
[   31.495992]  kasan_report+0x7b/0x360
[   31.495994]  __asan_report_load8_noabort+0x14/0x20
[   31.495996]  __schedule+0xda3/0x2060
[   31.495997]  ? __sched_text_start+0x8/0x8
[   31.495999]  ? trace_hardirqs_on+0xd/0x10
[   31.496001]  ? __call_srcu+0x7ee/0x1020
[   31.496002]  ? do_raw_spin_trylock+0x190/0x190
[   31.496004]  ? do_raw_spin_trylock+0x190/0x190
[   31.496006]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   31.496008]  ? __debug_object_init+0x235/0x1040
[   31.496010]  preempt_schedule_common+0x22/0x60
[   31.496011]  _cond_resched+0x1d/0x30
[   31.496013]  wait_for_completion+0xa5/0x770
[   31.496015]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.496017]  ? wait_for_completion_interruptible+0x7e0/0x7e0
[   31.496019]  ? __lockdep_init_map+0xe4/0x650
[   31.496020]  ? __init_waitqueue_head+0x97/0x140
[   31.496022]  ? init_wait_entry+0x1b0/0x1b0
[   31.496024]  __synchronize_srcu+0x1ad/0x260
[   31.496025]  ? call_srcu+0x10/0x10
[   31.496027]  ? trace_raw_output_rcu_utilization+0xb0/0xb0
[   31.496029]  ? irq_matrix_allocated+0x80/0x80
[   31.496031]  ? synchronize_srcu+0x3c5/0x570
[   31.496033]  synchronize_srcu+0x1a3/0x570
[   31.496034]  ? synchronize_srcu+0x1a3/0x570
[   31.496036]  ? lock_downgrade+0x980/0x980
[   31.496038]  ? synchronize_srcu_expedited+0x20/0x20
[   31.496039]  ? lock_release+0xa40/0xa40
[   31.496041]  ? free_obj_work+0x690/0x690
[   31.496043]  ? do_raw_spin_trylock+0x190/0x190
[   31.496045]  kvm_page_track_unregister_notifier+0x186/0x270
[   31.496047]  ? trace_hardirqs_off+0xd/0x10
[   31.496049]  ? kvm_slot_page_track_remove_page+0x60/0x60
[   31.496050]  ? kvfree+0x36/0x60
[   31.496052]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.496054]  ? trace_hardirqs_on+0xd/0x10
[   31.496056]  kvm_mmu_uninit_vm+0x1c/0x20
[   31.496057]  kvm_arch_destroy_vm+0x73b/0x980
[   31.496059]  ? kvm_arch_sync_events+0x30/0x30
[   31.496060]  ? mmdrop+0x18/0x30
[   31.496062]  ? mmu_notifier_unregister+0x43c/0x5c0
[   31.496064]  ? __mmu_notifier_invalidate_range_end+0x360/0x360
[   31.496066]  ? __free_pages+0x107/0x150
[   31.496068]  ? free_unref_page+0x9e0/0x9e0
[   31.496069]  ? quarantine_put+0xeb/0x190
[   31.496071]  ? kfree+0xf0/0x260
[   31.496072]  ? kvm_put_kvm+0x614/0xde0
[   31.496074]  ? free_pages+0x51/0x90
[   31.496075]  kvm_put_kvm+0x695/0xde0
[   31.496077]  ? kvm_clear_guest+0xb0/0xb0
[   31.496079]  ? kvm_irqfd_release+0xd1/0x120
[   31.496080]  ? lock_downgrade+0x980/0x980
[   31.496082]  ? _raw_spin_unlock_irq+0x27/0x70
[   31.496084]  ? kvm_irqfd_release+0xdd/0x120
[   31.496085]  ? kvm_irqfd_release+0xdd/0x120
[   31.496087]  ? kvm_put_kvm+0xde0/0xde0
[   31.496088]  kvm_vm_release+0x42/0x50
[   31.496090]  __fput+0x327/0x7e0
[   31.496091]  ? fput+0x140/0x140
[   31.496093]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   31.496095]  ? _raw_spin_unlock_irq+0x27/0x70
[   31.496097]  ____fput+0x15/0x20
[   31.496099]  task_work_run+0x199/0x270
[   31.496101]  ? task_work_cancel+0x210/0x210
[   31.496102]  ? _raw_spin_unlock+0x22/0x30
[   31.496104]  ? switch_task_namespaces+0x87/0xc0
[   31.496106]  do_exit+0x9bb/0x1ad0
[   31.496107]  ? check_noncircular+0x20/0x20
[   31.496109]  ? mm_update_next_owner+0x930/0x930
[   31.496111]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   31.496113]  ? __might_sleep+0x95/0x190
[   31.496114]  ? find_held_lock+0x35/0x1d0
[   31.496116]  ? futex_wait+0x402/0x9a0
[   31.496117]  ? lock_downgrade+0x980/0x980
[   31.496119]  ? __unqueue_futex+0x1c0/0x290
[   31.496121]  ? lock_release+0xa40/0xa40
[   31.496123]  ? fault_in_user_writeable+0x90/0x90
[   31.496124]  ? do_raw
[   31.496127] Lost 45 message(s)!
[   32.577310] Shutting down cpus with NMI
[   33.633303] Dumping ftrace buffer:
[   33.636815]    (ftrace buffer empty)
[   33.640489] Kernel Offset: disabled
[   33.644083] Rebooting in 86400 seconds..