0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:37 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x0, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  432.322767] binder: undelivered TRANSACTION_ERROR: 29189
[  432.339481] binder: undelivered TRANSACTION_ERROR: 29189
[  432.340447] binder_alloc: 1905: binder_alloc_buf, no vma
[  432.350553] binder: 1911:1912 transaction failed 29189/-3, size 40-16 line 2963
2018/03/31 13:01:37 executing program 0:
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x40000, 0x0)
getsockopt$IPT_SO_GET_REVISION_MATCH(r0, 0x0, 0x42, &(0x7f0000000040)={'icmp6\x00'}, &(0x7f0000000080)=0x1e)
ioctl$sock_inet_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f00000000c0))
r1 = userfaultfd(0x80800)
fcntl$getownex(r1, 0x10, &(0x7f0000000100)={0x0, <r2=>0x0})
ioctl$EVIOCGABS0(r0, 0x80184540, &(0x7f0000000140)=""/141)
setsockopt$inet_opts(r0, 0x0, 0xd, &(0x7f0000000200)="87e6c39fd5c86ca19ed11b9731f083b13c81782177f2411fe359abfee497ba65d3b6f8048a181b8f3110e41af60a3a7b3e3cb431fec563e9e4650b9138a052c6925844d60f66585127b5a42a79448c7052518597d0afa73ead192bc1fdfe27a3544dfc28ad7680a92676df4aafdfb328f38f152520f9eab2f71d5f69f0703b7e0e054ca0674b7725f222d2203ec837b6a9ca4c26ce8c98883d6ca6e3cbd6e91b649efac43fc3de11d663dc806ccd25e022d2bdcf995a67af2b7b0003006cbc32fa", 0xc1)
getsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000300)={<r3=>0x0, 0xfffffffffffffffc, 0x1, [0x9]}, &(0x7f0000000340)=0xa)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000440)={<r4=>0x0, 0xb8, &(0x7f0000000380)=[@in6={0xa, 0x4e24, 0xffffffff, @local={0xfe, 0x80, [], 0xaa}, 0x1f}, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x17}}, @in6={0xa, 0x4e20, 0x3, @dev={0xfe, 0x80, [], 0xa}, 0x2}, @in6={0xa, 0x4e20, 0x7, @mcast2={0xff, 0x2, [], 0x1}, 0x2}, @in6={0xa, 0x4e22, 0x400, @dev={0xfe, 0x80, [], 0x10}, 0xfffffffffffffffa}, @in6={0xa, 0x4e21, 0x5, @empty, 0x7fffffff}, @in6={0xa, 0x4e24, 0x13, @mcast2={0xff, 0x2, [], 0x1}, 0x2}]}, &(0x7f0000000480)=0x10)
getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f00000004c0)={<r5=>r3, 0x7fffffff, 0x3, 0xffffffff80000000, 0x100000001, 0x1, 0x7, 0x100, {r4, @in={{0x2, 0x4e22}}, 0x5, 0xffffffff, 0x4, 0x100000000, 0x5}}, &(0x7f0000000580)=0xb0)
r6 = socket$packet(0x11, 0x3, 0x300)
utimensat(r0, &(0x7f00000005c0)='./file0\x00', &(0x7f0000000600)={{}, {0x77359400}}, 0x0)
userfaultfd(0x80800)
ioctl$UFFDIO_UNREGISTER(r1, 0x8010aa01, &(0x7f0000000640)={&(0x7f0000ffd000/0x1000)=nil, 0x1000})
clock_gettime(0x0, &(0x7f00000006c0)={<r7=>0x0, <r8=>0x0})
utimensat(r0, &(0x7f0000000680)='./file0\x00', &(0x7f0000000700)={{}, {r7, r8/1000+30000}}, 0x100)
setsockopt$IP_VS_SO_SET_TIMEOUT(r0, 0x0, 0x48a, &(0x7f0000000740)={0x3, 0xfa8, 0x7}, 0xc)
ftruncate(r1, 0x8e70)
r9 = add_key$keyring(&(0x7f0000000780)='keyring\x00', &(0x7f00000007c0)={0x73, 0x79, 0x7a, 0x0}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$read(0xb, r9, &(0x7f0000000800)=""/4096, 0x1000)
ptrace$peek(0xffffffffffffffff, r2, &(0x7f0000001800))
ioctl$TIOCGETD(r0, 0x5424, &(0x7f0000001840))
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000001880)=@req={0x400, 0xff, 0x8, 0x6}, 0x10)
getsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f00000018c0)={r5, 0x7, 0x7, [0x8001, 0x9, 0x5, 0x3, 0x3, 0x4, 0x1]}, &(0x7f0000001900)=0x16)
ioctl$sock_SIOCBRADDBR(r6, 0x89a0, &(0x7f0000001940)='syzkaller0\x00')
getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000001980)=@assoc_value, &(0x7f00000019c0)=0x8)
getsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000001a00), &(0x7f0000001a40)=0x8)
ioctl$EVIOCGKEYCODE(r0, 0x80084504, &(0x7f0000001a80))
accept4(r0, &(0x7f0000001ac0)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @mcast1}}}, &(0x7f0000001b40)=0x80, 0x800)
munlockall()

2018/03/31 13:01:37 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, 0xffffffffffffffff, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:37 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  432.367903] binder: 1919:1920 ioctl 8010aa01 20000180 returned -22
[  432.391222] binder: undelivered TRANSACTION_ERROR: 29189
[  432.403963] IPVS: Scheduler module ip_vs_Vlc not found
[  432.408368] binder: 1921:1922 ioctl 8010aa01 20000180 returned -22
[  432.411735] binder: undelivered TRANSACTION_ERROR: 29189
[  432.430239] binder: 1919:1920 ioctl c0086420 20000080 returned -22
[  432.448329] binder: 1919:1920 got transaction with invalid offset (0, min 24 max 40) or object.
[  432.455054] binder: BINDER_SET_CONTEXT_MGR already set
[  432.462492] binder: 1919:1920 transaction failed 29201/-22, size 40-16 line 3026
[  432.464110] IPVS: Scheduler module ip_vs_Vlc not found
[  432.470166] binder: undelivered TRANSACTION_ERROR: 29189
[  432.487853] binder: 1921:1922 ioctl c0086420 20000080 returned -22
[  432.490372] binder: undelivered TRANSACTION_ERROR: 29189
[  432.499234] binder: 1934:1935 ioctl 8010aa01 20000180 returned -22
[  432.503237] binder: 1926:1929 ioctl 40046207 0 returned -16
[  432.509900] binder: BINDER_SET_CONTEXT_MGR already set
[  432.522814] binder: 1934:1935 ioctl c0086420 20000080 returned -22
[  432.523893] binder: 1926:1929 got transaction with invalid offset (40, min 24 max 40) or object.
[  432.529594] binder: 1921:1922 ioctl 40046207 0 returned -16
[  432.540489] binder: undelivered TRANSACTION_ERROR: 29201
[  432.550386] binder: 1926:1929 transaction failed 29201/-22, size 40-16 line 3026
[  432.552741] binder: 1934:1935 transaction failed 29189/-22, size 40-16 line 2848
[  432.568841] binder: 1921:1922 transaction failed 29189/-22, size 40-16 line 2848
2018/03/31 13:01:37 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:37 executing program 6:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000400)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000580)='/dev/input/mice\x00', 0x0, 0x200001)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x3c, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000028000000000000001000000000000000", @ANYPTR64=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x0, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000800)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000000940)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:37 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:37 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x0, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:37 executing program 3:
bind$inet(0xffffffffffffffff, &(0x7f0000000780)={0x2, 0x80000000000000, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10)
setsockopt$RDS_CANCEL_SENT_TO(0xffffffffffffffff, 0x114, 0x1, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x2fa)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x11, @broadcast=0xffffffff, 0x0, 0x0, "566c630000000bab000800"}, 0x2c)
setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000400)={<r2=>r0})
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000700)={<r3=>0x0}, &(0x7f0000000740)=0xc)
r4 = syz_open_procfs(r3, &(0x7f00000007c0)='net/wireless\x00')
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r4, 0x84, 0x1e, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
pread64(r4, &(0x7f0000001200)=""/4096, 0x1000, 0x4)
mq_timedreceive(r4, &(0x7f0000000140)=""/165, 0xa5, 0x0, &(0x7f0000000200)={0x77359400})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r4, 0x402c5342, &(0x7f0000000040)={0xfffffffffffffe01, 0x374b, 0x4, {0x0, 0x989680}, 0xffff})
sendto$ax25(r2, &(0x7f0000000800)="5b9617f54b423fe27a87184d6fb06095630e231fea08109c68803c7c888e282438fe880e49d6eef4dc72028105f573a6990f1cb20d0c0c5867d98be919d89f418a3a59890ec43f8ceb6d054e4a785c2731da59936faab79b3cc971596ab0476ec9c9d86215f04ea8bd871c0c874d1e585824afbd030ece4ebbd9b034adde4ac0c2926fabde77eb0dea402c5a9248b60df63b0d004888c8e55f171ee80c7a61dbcfe7bfd7bd2cfbc37b4f5db12c", 0xad, 0x4000, &(0x7f0000000540)={0x3, {"0b251d74ec7391"}}, 0x10)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000b2000)=0xffffffffffffffff, 0x4)
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000180)={0x0, @multicast2, @multicast2}, &(0x7f0000000500)=0xc)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x0, 0xffff}, 0x14)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r4, 0xc10c5541, &(0x7f0000000580)={0x5, 0x0, 0x7, 0x0, 0x0, [], [], [], 0x80000000, 0x4})
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000380)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha384\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00000006c0)="d3ab27191a01002356ba602dff05000bfef9b9d2a4b20079fffffffffffffe000225070097c11ed4c2c4dc42ffa86eb9", 0x3)
recvmsg(0xffffffffffffffff, &(0x7f0000158000)={&(0x7f00002fffa0)=@nfc_llcp, 0x60, &(0x7f0000b9c000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000da2000)}, 0x0)
ioctl$TUNSETSTEERINGEBPF(r4, 0x800454e0, &(0x7f0000000240)=r4)
connect$llc(r2, &(0x7f0000000000)={0x1a, 0x308, 0x8, 0x5a0, 0x0, 0x7c, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x11}}, 0x10)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffff9c, 0xc00c642d, &(0x7f00000002c0)={0x0, 0x80000, 0xffffffffffffff9c})
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffff9c, 0xc0106426, &(0x7f0000000340)={0x2, &(0x7f0000000300)=[{}, {}]})

2018/03/31 13:01:37 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:37 executing program 0:
socketpair(0x13, 0x2, 0x80, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00000000c0)={<r1=>0x0, 0x3, 0x5}, &(0x7f0000000100)=0x8)
r2 = accept4(0xffffffffffffff9c, 0x0, &(0x7f00000003c0), 0x0)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f00000009c0)=ANY=[@ANYRES32=r1], &(0x7f00000004c0)=0x1)
unshare(0x40000000)
ioctl$sock_ipx_SIOCAIPXPRISLT(r2, 0x89e1, &(0x7f00000002c0)=0x4)
ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, &(0x7f0000000040)=0xfffffffffffffffe)
r3 = accept4$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x800)
splice(r3, &(0x7f0000000240), r3, &(0x7f0000000280), 0x5aa9, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0, 0x8)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00007a0000)={<r4=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000616ff8)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$unix(r6, &(0x7f0000bba000)={&(0x7f00003a2000)=@abs, 0x6e, &(0x7f00006c6ff0), 0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="18000000010003008849e3b97a3395d0e8de63ef1e35b0cde74ea2398f6c3dd617b6d8514d98d4eb4646535129f7207772f40f5d098e0bcb3aefee38e8f240c5a0c61adc3b6d68337cf19ce99b4366fab3e5a4e3c6c58c97b6c2d3c03083329e184944d7667ad77da85214cdc44ddd8d02047b26a416e3f790969a63e222a7b51f0d713812cf302d55dacd0a37e8e614cb3c21809cb3ac42a594a4760d2c9d7e52888b946e53fe1deadf56bf77532e4625d9005f13f39b9cd4f1898e67f2ff7230d5f09cf8d5edbc3e9c57dd2377ab3073d4b18659bcb9ce657dae6ab30781d79f06d1bc3a65ebf131797dd9fb6fdb9c23a20d826b4b6c3172f24426111c0ca95f4596afd49c963e8cbc3914dd08051bd0964e33b8e1dfdde30072c02a9279a00fd6dfcb4c6fc08096"], 0x129}, 0x0)
sendmsg$unix(0xffffffffffffffff, &(0x7f000062e000)={&(0x7f0000690ff6)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f000000d000), 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000001000000010000239306316b75faf704004cc6734df4dfc54d13a15dd1386478bc8b377d298f60765e0888ae9bd45f902331dfd1d293d8cabf9ba344e7dbeaff59532f2657ada7298f920a81ecee0da4d8dee5378a14fbbd8e034c8c37a89bfbf91baf478108f8"], 0x6b}, 0x0)
close(r5)
close(r4)
r7 = getpid()
ioprio_get$pid(0x0, r7)
r8 = syz_open_procfs(0x0, &(0x7f00004c6f8b)='mounts\x00')
readv(r8, &(0x7f0000000740)=[{&(0x7f0000000380)=""/190, 0xbe}, {&(0x7f0000000440)=""/128, 0x80}, {&(0x7f00000002c0)=""/32, 0x20}, {&(0x7f00000005c0)=""/68, 0x44}, {&(0x7f0000000640)=""/240, 0xf0}], 0x5)
setsockopt$inet6_MRT6_ADD_MIF(r8, 0x29, 0xca, &(0x7f0000000180)={0x0, 0x1, 0xff, 0x1, 0xf5d1}, 0xc)
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
recvmsg$netrom(r8, &(0x7f0000001080)={&(0x7f0000000780)=@ax25={0x3, {"3c1b7251c1894a"}, 0x1}, 0x10, &(0x7f0000000fc0), 0x0, &(0x7f0000000ac0), 0x0, 0x80}, 0x40000140)
ptrace$setopts(0x4206, r7, 0x9, 0x41)
sendto(r8, &(0x7f00000008c0), 0x0, 0x0, &(0x7f0000000900)=@pppol2tpv3in6={0x18, 0x1, {0x0, r8, 0x3, 0x1, 0x0, 0x2, {0xa, 0x4e24, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x9}}}, 0x80)
ptrace$peek(0x1, 0x0, &(0x7f00000001c0))
mlockall(0x3)
setxattr(&(0x7f0000000200)='./file0\x00', &(0x7f0000000300)=@known='security.ima\x00', &(0x7f0000000580)='nr0\x00', 0x4, 0x2)
open(&(0x7f00000009c0)='./file0/file0\x00', 0x20000, 0xee)
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000000340)='bdev\x00', 0x100000, &(0x7f00000002c0))
setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000a80)={0x1, &(0x7f0000000080)=[{0x8, 0x0, 0xdda3, 0x3}]}, 0x8)

2018/03/31 13:01:37 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  432.593166] binder: undelivered TRANSACTION_ERROR: 29189
[  432.618423] binder: undelivered TRANSACTION_ERROR: 29201
[  432.629384] binder: undelivered TRANSACTION_ERROR: 29189
[  432.661694] binder: 1940:1952 ioctl 8010aa01 20000180 returned -22
[  432.662865] binder: 1938:1953 ioctl c0086420 20000080 returned -22
[  432.668458] binder: 1939:1943 transaction failed 29189/-22, size 40-16 line 2848
[  432.676273] binder: 1941:1949 ioctl 8010aa01 20000180 returned -22
[  432.695222] binder: 1954:1957 ioctl 8010aa01 20000180 returned -22
[  432.695470] binder: 1940:1952 ioctl c0086420 20000080 returned -22
[  432.707877] IPVS: Scheduler module ip_vs_Vlc not found
[  432.719348] binder: 1954:1957 ioctl c0086420 20000080 returned -22
[  432.728123] binder: 1954:1957 got transaction with invalid offset (0, min 24 max 40) or object.
[  432.729272] binder: 1958:1959 ioctl 8010aa01 20000180 returned -22
[  432.737571] binder: 1954:1957 transaction failed 29201/-22, size 40-16 line 3026
[  432.752047] binder: BINDER_SET_CONTEXT_MGR already set
2018/03/31 13:01:37 executing program 6:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000400)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000580)='/dev/input/mice\x00', 0x0, 0x200001)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x3c, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000028000000000000001000000000000000", @ANYPTR64=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x0, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000800)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000000940)=ANY=[]}, 0x50)
gettid()

[  432.757891] binder: 1940:1952 got transaction with invalid offset (0, min 24 max 40) or object.
[  432.758349] binder: 1941:1949 ioctl c0086420 20000080 returned -22
[  432.770065] binder: undelivered TRANSACTION_ERROR: 29189
[  432.775121] binder: 1938:1953 ioctl 40046207 0 returned -16
[  432.779055] binder: 1940:1952 transaction failed 29201/-22, size 40-16 line 3026
[  432.789910] IPVS: Scheduler module ip_vs_Vlc not found
[  432.798524] binder: 1958:1959 ioctl c0086420 20000080 returned -22
[  432.804309] binder: 1964:1965 got transaction with invalid offsets ptr
[  432.811311] binder: 1938:1953 got transaction with invalid offset (0, min 24 max 40) or object.
[  432.811675] binder: 1964:1965 transaction failed 29201/-14, size 40-16 line 2991
[  432.831368] binder: BINDER_SET_CONTEXT_MGR already set
[  432.838932] binder: 1958:1959 got transaction with invalid offset (0, min 24 max 40) or object.
[  432.854432] binder: 1938:1953 transaction failed 29201/-22, size 40-16 line 3026
[  432.857787] binder: undelivered TRANSACTION_ERROR: 29201
[  432.872838] binder: 1941:1949 ioctl 40046207 0 returned -16
[  432.886759] binder: undelivered TRANSACTION_ERROR: 29201
[  432.897461] binder: 1958:1959 transaction failed 29201/-22, size 40-16 line 3026
[  432.905585] binder: undelivered TRANSACTION_ERROR: 29201
[  432.914260] binder: 1941:1949 transaction failed 29189/-22, size 40-16 line 2848
[  432.926161] binder: undelivered TRANSACTION_ERROR: 29201
[  432.935451] binder: 1941:1949 ioctl 541c 20000100 returned -22
[  432.953367] binder: undelivered TRANSACTION_ERROR: 29201
[  432.975532] binder: undelivered TRANSACTION_ERROR: 29189
[  433.581792] IPVS: ftp: loaded support on port[0] = 21
[  433.615184] IPVS: ftp: loaded support on port[0] = 21
2018/03/31 13:01:38 executing program 6:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000400)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000580)='/dev/input/mice\x00', 0x0, 0x200001)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x3c, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000028000000000000001000000000000000", @ANYPTR64=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000800)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000000940)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:38 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:38 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x0, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:38 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:38 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:38 executing program 3:
bind$inet(0xffffffffffffffff, &(0x7f0000000780)={0x2, 0x80000000000000, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10)
setsockopt$RDS_CANCEL_SENT_TO(0xffffffffffffffff, 0x114, 0x1, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x2fa)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$inet(0x2, 0x4000000000000005, 0x0)
sched_yield()
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x11, @broadcast=0xffffffff, 0x0, 0x0, "566c630000000bab000800"}, 0x2c)
setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000400)={<r2=>r0})
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/wireless\x00')
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r3, 0x84, 0x1e, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
pread64(r3, &(0x7f0000001200)=""/4096, 0x1000, 0x4)
mq_timedreceive(r3, &(0x7f0000000140)=""/165, 0xa5, 0x0, &(0x7f0000000200)={0x77359400})
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r2, 0x84, 0x70, &(0x7f0000000580)={<r4=>0x0, @in={{0x2, 0x4e22}}, [0x3f, 0x2, 0x200, 0x3, 0x8, 0x5, 0x7, 0xa00c, 0x73, 0x7, 0x9, 0xfffffffffffffffc, 0xfffffffffffffffd, 0x8, 0x8]}, &(0x7f0000000680)=0x100)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000006c0)={0x1, 0x80000001, 0x8000, 0x8b, 0x9, 0x2, 0x1f, 0x800, r4}, 0x20)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r3, 0x402c5342, &(0x7f0000000040)={0xfffffffffffffe01, 0x374b, 0x4, {0x0, 0x989680}, 0xffff})
sendto$ax25(r2, &(0x7f0000000440)="5b9617f54b423fe27a87184d6fb06095630e231fea08109c68803c7c888e282438fe880e49d6eef4dc72028105f573a6990f1cb20d0c0c5867d98be919d89f418a3a59890ec43f8ceb6d054e4a785c2731da59936faab79b3cc971596ab0476ec9c9d86215f04ea8bd871c0c874d1e585824afbd030ece4ebbd9b034adde4ac0c2926fabde77eb0dea402c5a9248b60df63b0d004888c8e55f171ee80c7a61dbcfe7bfd7bd2cfbc37b4f5db12c", 0xad, 0x8000, &(0x7f0000000540)={0x3, {"0b251d74ec7391"}}, 0x10)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000b2000)=0xffffffffffffffff, 0x4)
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000180)={0x0, @multicast2, @multicast2}, &(0x7f0000000500)=0xc)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x0, 0xffff}, 0x14)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000380)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha384\x00'}, 0x58)
ioctl$sock_inet_SIOCGIFADDR(r5, 0x8915, &(0x7f0000000700)={'ip6tnl0\x00', {0x2, 0x4e22, @local={0xac, 0x14, 0x14, 0xaa}}})
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab27191a01002356ba602dff05000bfef9b9d2a4b20079fffffffffffffe000225070097c11ed4c2c4dc42ffa86eb9", 0x30)
r6 = openat$audio(0xffffffffffffff9c, &(0x7f0000000240)='/dev/audio\x00', 0x440040, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r5, 0x89e0, &(0x7f0000000280)={r6, r3})
recvmsg(0xffffffffffffffff, &(0x7f0000158000)={&(0x7f00002fffa0)=@nfc_llcp, 0x60, &(0x7f0000b9c000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000da2000)}, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffff9c, 0xc00c642d, &(0x7f00000002c0)={0x0, 0x80000, 0xffffffffffffff9c})
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffff9c, 0xc0106426, &(0x7f0000000340)={0x2, &(0x7f0000000300)=[{}, {}]})
setsockopt$bt_BT_SECURITY(r3, 0x112, 0x4, &(0x7f0000000740)={0x2, 0x8}, 0x2)
ioctl$PPPIOCGFLAGS(r2, 0x8004745a, &(0x7f00000007c0))

2018/03/31 13:01:38 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:38 executing program 0:
r0 = socket$inet6(0xa, 0x2000000802, 0x0)
connect$inet6(r0, &(0x7f000000cfe4)={0xa, 0x0, 0x4}, 0x1c)
sendto$inet6(r0, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000100)={0xa, 0x4e22, 0x0, @dev={0xfe, 0x80}}, 0x1c)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vga_arbiter\x00', 0x440000, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000a80)={0x0, 0x6, 0x0, 0x0, 0x3f, 0xffffffff, 0x6, 0x3}, &(0x7f0000000ac0)=0x20)
getsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000ec0)={0x0, 0x8, 0x7ff}, &(0x7f0000000f00)=0x10)
keyctl$invalidate(0x15, 0x0)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000f80)={0x0, 0x2c, &(0x7f0000000f40)=[@in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, @in6={0xa, 0x4e22, 0x10001, @ipv4={[], [0xff, 0xff], @local={0xac, 0x14, 0x14, 0xaa}}}]}, &(0x7f0000000fc0)=0x10)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000001000)={0x0, 0x0, 0x30, 0x0, 0x5}, &(0x7f0000001040)=0x18)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)="6664001a000000")
getdents64(r1, &(0x7f00000004c0)=""/189, 0xabf70f75d9c5624)
ioctl$fiemap(r1, 0xc020660b, &(0x7f0000000200)=ANY=[@ANYBLOB="e0ff000000000000810000000000000007000000010000000200000000000000000000000000002000000000000000000000000000000000000000000002080000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000e4ffffff000000000000000000000000000000000000000000000000000000000000"])
lseek(0xffffffffffffffff, 0x0, 0x1)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ppp\x00', 0x0, 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000240))
getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000800), &(0x7f0000000300)=0x14)
getpgid(0x0)
getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20}}}, &(0x7f0000000440)=0x84)
sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f0000000000)=@in={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10, &(0x7f0000000140), 0x0, &(0x7f0000000600)=[@sndinfo={0x20, 0x84, 0x2}, @init={0x18, 0x84}], 0x60, 0x4000000}, 0x0)
sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000957000)={&(0x7f0000000040)=@in6={0xa}, 0x1c}, 0x8000)
fdatasync(0xffffffffffffffff)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x800, @remote={0xfe, 0x80, [], 0xbb}}}}, 0x88)
request_key(&(0x7f0000000580)='dns_resolver\x00', &(0x7f00000005c0)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='/dev/ppp\x00', 0xfffffffffffffffb)

[  433.684481] binder: 1970:1973 ioctl 8010aa01 20000180 returned -22
[  433.697918] binder: 1977:1984 ioctl 8010aa01 20000180 returned -22
[  433.700563] binder: 1971:1972 ioctl 8010aa01 20000180 returned -22
[  433.706198] binder: 1976:1980 ioctl c0086420 20000080 returned -22
[  433.711486] binder: 1969:1982 transaction failed 29189/-22, size 40-16 line 2848
[  433.719073] binder: 1974:1975 ioctl 8010aa01 20000180 returned -22
[  433.732195] binder: 1974:1975 ioctl c0086420 20000080 returned -22
[  433.738804] binder: 1977:1984 ioctl c0086420 20000080 returned -22
[  433.745403] binder: 1970:1973 ioctl c0086420 20000080 returned -22
[  433.751873] IPVS: Scheduler module ip_vs_Vlc not found
[  433.752412] binder: 1976:1980 got transaction with invalid offset (0, min 24 max 40) or object.
[  433.758839] binder: 1970:1973 got transaction with invalid offset (0, min 24 max 40) or object.
[  433.772810] binder: 1971:1972 ioctl c0086420 20000080 returned -22
2018/03/31 13:01:38 executing program 6:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000400)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000580)='/dev/input/mice\x00', 0x0, 0x200001)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x3c, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000028000000000000001000000000000000", @ANYPTR64=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000800)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000000940)=ANY=[]}, 0x50)
gettid()

[  433.775347] binder: BINDER_SET_CONTEXT_MGR already set
[  433.789719] binder: 1974:1975 got transaction with invalid offset (0, min 24 max 40) or object.
[  433.795621] binder: 1976:1980 transaction failed 29201/-22, size 40-16 line 3026
[  433.803213] binder: 1970:1973 transaction failed 29201/-22, size 40-16 line 3026
[  433.809439] binder: undelivered TRANSACTION_ERROR: 29189
[  433.820156] binder: 1974:1975 transaction failed 29201/-22, size 40-16 line 3026
[  433.827843] binder: BINDER_SET_CONTEXT_MGR already set
2018/03/31 13:01:38 executing program 0:
mbind(&(0x7f00008c4000/0x1000)=nil, 0x1000, 0x1, &(0x7f00000000c0)=0x7, 0xa, 0x0)
get_mempolicy(&(0x7f0000000040), &(0x7f0000000000), 0x800, &(0x7f00004aa000/0x4000)=nil, 0x2)
mbind(&(0x7f0000740000/0x3000)=nil, 0x3000, 0x3, &(0x7f0000000080)=0x7fff, 0x9, 0x7)

[  433.836089] binder: 1977:1984 ioctl 40046207 0 returned -16
[  433.841915] IPVS: Scheduler module ip_vs_Vlc not found
[  433.844172] binder: 1995:1996 got transaction with invalid offsets ptr
[  433.849049] binder: 1971:1972 ioctl 40046207 0 returned -16
[  433.874323] binder: 1977:1984 got transaction with invalid offset (40, min 24 max 40) or object.
2018/03/31 13:01:38 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(0x0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:38 executing program 3:
bind$inet(0xffffffffffffffff, &(0x7f0000000780)={0x2, 0x80000000000000, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10)
setsockopt$RDS_CANCEL_SENT_TO(0xffffffffffffffff, 0x114, 0x1, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x2fa)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x11, @broadcast=0xffffffff, 0x0, 0x0, "566c630000000bab000800"}, 0x2c)
setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000400)={<r2=>r0})
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/wireless\x00')
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r3, 0x84, 0x1e, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
pread64(r3, &(0x7f0000001200)=""/4096, 0x1000, 0x4)
kexec_load(0x3f, 0x1, &(0x7f0000000240)=[{&(0x7f0000000580)="8d0684d9936a9e10ab144ea7bc857a177e3222dcebf8c53e3f9c18b712a3cc88ccd8531d2873705ae8eabae7fbcbc4acd8b146f2f38b47f9c69a0462a5652d033fa39e49ce626f8a9fc0ce6dee0243155644b6e7c4620b838a7c682edcff720c9b231ba334967c845b59193810ca92c32acc11b18d56f6f86df9ae83c1a57593534ce07ac7b867df5d20fdf917a2b7f824851417fc05bd3ad36312c6f325cd36f2362b81932b42d4aadc2ec0952a9e6329003526ac3b529f8fe7f792364cf09f03e2223951e14b71940c5559667ec5876c3039aa34ec6ff0dd16b3a262dfcb12e2b8296620bf8b2c80e96128e6c769bc1bd0e45a66", 0xf5, 0x0, 0x2}], 0x0)
ioctl$TUNSETSTEERINGEBPF(r3, 0x800454e0, &(0x7f0000000280)=r3)
mq_timedreceive(r3, &(0x7f0000000140)=""/165, 0xa5, 0x0, &(0x7f0000000200)={0x77359400})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r3, 0x402c5342, &(0x7f0000000040)={0xfffffffffffffe01, 0x374b, 0x4, {0x0, 0x989680}, 0xffff})
sendto$ax25(r2, &(0x7f0000000440)="5b9617f54b423fe27a87184d6fb06095630e231fea08109c68803c7c888e282438fe880e49d6eef4dc72028105f573a6990f1cb20d0c0c5867d98be919d89f418a3a59890ec43f8ceb6d054e4a785c2731da59936faab79b3cc971596ab0476ec9c9d86215f04ea8bd871c0c874d1e585824afbd030ece4ebbd9b034adde4ac0c2926fabde77eb0dea402c5a9248b60df63b0d004888c8e55f171ee80c7a61dbcfe7bfd7bd2cfbc37b4f5db12c", 0xad, 0x8000, &(0x7f0000000540)={0x3, {"0b251d74ec7391"}}, 0x10)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000b2000)=0xffffffffffffffff, 0x4)
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000180)={0x0, @multicast2, @multicast2}, &(0x7f0000000500)=0xc)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x0, 0xffff}, 0x14)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000380)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha384\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab27191a01002356ba602dff05000bfef9b9d2a4b20079fffffffffffffe000225070097c11ed4c2c4dc42ffa86eb9", 0x30)
recvmsg(0xffffffffffffffff, &(0x7f0000158000)={&(0x7f00002fffa0)=@nfc_llcp, 0x60, &(0x7f0000b9c000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000da2000)}, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffff9c, 0xc00c642d, &(0x7f00000002c0)={0x0, 0x80000, 0xffffffffffffff9c})
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffff9c, 0xc0106426, &(0x7f0000000340)={0x2, &(0x7f0000000300)=[{}, {}]})

[  433.894478] binder: 1995:1996 transaction failed 29201/-14, size 40-16 line 2991
[  433.918294] binder: undelivered TRANSACTION_ERROR: 29201
[  433.918345] binder: 1971:1972 got transaction with invalid offset (0, min 24 max 40) or object.
2018/03/31 13:01:38 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:38 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(0xffffffffffffffff, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000040)={'syzkaller1\x00', 0x6})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0))
timer_gettime(0x0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x6, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x7, 0x7, 0x7, 0x0, 0x0, 0x0, 0x5, 0x7, 0xff, 0x0, 0xc78, 0x0, 0x0, 0x7ff})
r1 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r1, 0x0)
r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
ioctl$UFFDIO_UNREGISTER(r2, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x7, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0), 0x4)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x0, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:38 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  433.942462] binder: undelivered TRANSACTION_ERROR: 29201
[  433.957637] binder: 1977:1984 transaction failed 29201/-22, size 40-16 line 3026
[  433.979200] binder: undelivered TRANSACTION_ERROR: 29201
2018/03/31 13:01:38 executing program 6:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000400)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000580)='/dev/input/mice\x00', 0x0, 0x200001)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x3c, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000028000000000000001000000000000000", @ANYPTR64=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000800)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000000940)=ANY=[]}, 0x50)
gettid()

[  433.989545] binder: 1971:1972 transaction failed 29201/-22, size 40-16 line 3026
[  433.996979] binder: 2008:2016 ioctl 8010aa01 20000180 returned -22
[  434.012315] binder: undelivered TRANSACTION_ERROR: 29201
[  434.014449] IPVS: Scheduler module ip_vs_Vlc not found
[  434.024807] binder: 1977:1984 ioctl 541c 20000100 returned -22
[  434.025598] binder: 2014:2015 ioctl 8010aa01 20000180 returned -22
[  434.034978] binder: 2019:2020 transaction failed 29189/-22, size 40-16 line 2848
[  434.037376] binder: 2012:2013 ioctl 8010aa01 20000180 returned -22
[  434.047277] binder: 2017:2018 ioctl c0086420 20000080 returned -22
[  434.058426] binder: 2008:2016 ioctl c0086420 20000080 returned -22
[  434.066394] binder: 2008:2016 transaction failed 29189/-22, size 40-16 line 2848
2018/03/31 13:01:38 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x0, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:38 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  434.089416] binder: 2014:2015 ioctl c0086420 20000080 returned -22
[  434.097572] binder: undelivered TRANSACTION_ERROR: 29201
[  434.098593] IPVS: Scheduler module ip_vs_Vlc not found
[  434.114726] binder: 2017:2018 got transaction with invalid offset (0, min 24 max 40) or object.
[  434.118050] binder: 2012:2013 ioctl c0086420 20000080 returned -22
[  434.126734] binder: undelivered TRANSACTION_ERROR: 29201
[  434.143956] binder: 2017:2018 transaction failed 29201/-22, size 40-16 line 3026
[  434.151664] binder: undelivered TRANSACTION_ERROR: 29189
[  434.159130] binder: BINDER_SET_CONTEXT_MGR already set
[  434.164434] binder: 2026:2027 ioctl 8010aa01 20000180 returned -22
[  434.170725] binder: undelivered TRANSACTION_ERROR: 29189
[  434.177121] binder: 2014:2015 ioctl 40046207 0 returned -16
[  434.179462] binder: 2025:2028 ioctl 8010aa01 20000180 returned -22
[  434.189123] binder: 2014:2015 got transaction with invalid offset (40, min 24 max 40) or object.
[  434.189543] binder: 2026:2027 ioctl c0086420 20000080 returned -22
[  434.200399] binder: 2012:2013 got transaction with invalid offset (0, min 24 max 40) or object.
[  434.205415] binder: 2025:2028 ioctl c0086420 20000080 returned -22
[  434.223197] binder: BINDER_SET_CONTEXT_MGR already set
[  434.223727] binder: 2014:2015 transaction failed 29201/-22, size 40-16 line 3026
[  434.228700] binder: 2025:2028 ioctl 40046207 0 returned -16
[  434.241347] binder: undelivered TRANSACTION_ERROR: 29201
[  434.246177] binder: 2026:2027 got transaction with invalid offset (40, min 24 max 40) or object.
[  434.257323] binder: 2025:2028 got transaction with invalid offset (0, min 24 max 40) or object.
[  434.266402] binder: 2025:2028 transaction failed 29201/-22, size 40-16 line 3026
[  434.271795] binder: 2012:2013 transaction failed 29201/-22, size 40-16 line 3026
[  434.274211] binder: 2026:2027 transaction failed 29201/-22, size 40-16 line 3026
[  434.298218] binder: 2026:2027 ioctl 541c 20000100 returned -22
[  434.308961] binder_alloc: binder_alloc_mmap_handler: 2014 20000000-20002000 already mapped failed -16
[  434.325094] binder: 2014:2030 ioctl 8010aa01 20000180 returned -22
[  434.331339] binder: undelivered TRANSACTION_ERROR: 29201
[  434.336335] binder: 2014:2015 ioctl c0086420 20000080 returned -22
[  434.337518] binder: undelivered TRANSACTION_ERROR: 29201
[  434.344336] binder: BINDER_SET_CONTEXT_MGR already set
[  434.361528] binder: 2014:2030 ioctl 40046207 0 returned -16
[  434.370205] binder: undelivered TRANSACTION_ERROR: 29201
[  434.376626] binder: 2014:2015 transaction failed 29189/-22, size 40-16 line 2848
2018/03/31 13:01:39 executing program 6:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000400)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000580)='/dev/input/mice\x00', 0x0, 0x200001)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x3c, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000028000000000000001000000000000000", @ANYPTR64=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x0, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000800)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000000940)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:39 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x0, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00', 0x6})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x6, 0x3f71, 0x8181, 0x0, 0x6, 0x2, 0x80, 0x5f, 0x7, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0x0, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x7, 0xffffffffffffffff})
ioctl$int_out(0xffffffffffffffff, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x0, 0x0, 0x0, 0x20}, 0x8, 0x5})
sysinfo(&(0x7f00000005c0)=""/23)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x0, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x0, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:39 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(0x0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:39 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:39 executing program 3:
bind$inet(0xffffffffffffffff, &(0x7f0000000780)={0x2, 0x80000000000000, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10)
setsockopt$RDS_CANCEL_SENT_TO(0xffffffffffffffff, 0x114, 0x1, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x2fa)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x11, @broadcast=0xffffffff, 0x0, 0x0, "566c630000000bab000800"}, 0x2c)
setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000400)={<r2=>r0})
getpid()
r3 = gettid()
r4 = syz_open_procfs(r3, &(0x7f0000000000)='net/ip_vs\x00')
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r4, 0x84, 0x1e, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
pread64(r4, &(0x7f0000001200)=""/4096, 0x1000, 0x4)
ioctl$VHOST_GET_VRING_ENDIAN(r4, 0x4008af14, &(0x7f0000000240)={0x1, 0x8})
mq_timedreceive(r4, &(0x7f0000000140)=""/165, 0xa5, 0x0, &(0x7f0000000200)={0x77359400})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r4, 0x402c5342, &(0x7f0000000040)={0xfffffffffffffe01, 0x374b, 0x4, {0x0, 0x989680}, 0xffff})
sendto$ax25(r2, &(0x7f0000000440)="5b9617f54b423fe27a87184d6fb06095630e231fea08109c68803c7c888e282438fe880e49d6eef4dc72028105f573a6990f1cb20d0c0c5867d98be919d89f418a3a59890ec43f8ceb6d054e4a785c2731da59936faab79b3cc971596ab0476ec9c9d86215f04ea8bd871c0c874d1e585824afbd030ece4ebbd9b034adde4ac0c2926fabde77eb0dea402c5a9248b60df63b0d004888c8e55f171ee80c7a61dbcfe7bfd7bd2cfbc37b4f5db12c", 0xad, 0x8000, &(0x7f0000000540)={0x3, {"0b251d74ec7391"}}, 0x10)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000b2000)=0xffffffffffffffff, 0x4)
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000180)={0x0, @multicast2, @multicast2}, &(0x7f0000000500)=0xc)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x0, 0xffff}, 0x14)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000380)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha384\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab27191a01002356ba602dff05000bfef9b9d2a4b20079fffffffffffffe000225070097c11ed4c2c4dc42ffa86eb9", 0x30)
recvmsg(0xffffffffffffffff, &(0x7f0000158000)={&(0x7f00002fffa0)=@nfc_llcp, 0x60, &(0x7f0000b9c000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000da2000)}, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffff9c, 0xc00c642d, &(0x7f00000002c0)={0x0, 0x80000, 0xffffffffffffff9c})
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffff9c, 0xc0106426, &(0x7f0000000340)={0x2, &(0x7f0000000300)=[{}, {}]})

2018/03/31 13:01:39 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:39 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x0, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:39 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  434.407360] binder: undelivered TRANSACTION_ERROR: 29189
[  434.413589] binder: undelivered TRANSACTION_ERROR: 29201
[  434.459584] binder: 2032:2035 transaction failed 29189/-22, size 40-16 line 2848
[  434.462059] binder: 2039:2041 ioctl 8010aa01 20000180 returned -22
[  434.468977] binder: 2038:2040 ioctl 8010aa01 20000180 returned -22
[  434.474500] binder: 2044:2046 ioctl 8010aa01 20000180 returned -22
[  434.480853] binder: 2033:2037 ioctl 8010aa01 20000180 returned -22
[  434.493913] binder: 2034:2036 ioctl 8010aa01 20000180 returned -22
[  434.501886] binder: 2034:2036 ioctl c0086420 20000080 returned -22
[  434.512397] binder: 2048:2049 got transaction with invalid offset (40, min 24 max 40) or object.
[  434.512706] binder: 2038:2040 ioctl c0086420 20000080 returned -22
[  434.529375] binder: 2034:2036 got transaction with invalid offset (0, min 24 max 40) or object.
[  434.534168] IPVS: Scheduler module ip_vs_Vlc not found
[  434.538424] binder: 2039:2041 ioctl c0086420 20000080 returned -22
[  434.546606] binder: 2044:2046 ioctl c0086420 20000080 returned -22
[  434.551437] binder: 2034:2036 transaction failed 29201/-22, size 40-16 line 3026
[  434.558560] binder: BINDER_SET_CONTEXT_MGR already set
[  434.571592] binder: 2039:2041 got transaction with invalid offset (0, min 24 max 40) or object.
[  434.574995] binder: 2048:2049 transaction failed 29201/-22, size 40-16 line 3026
[  434.585217] binder: undelivered TRANSACTION_ERROR: 29189
[  434.590399] binder: 2033:2037 ioctl 40046207 0 returned -16
[  434.599747] binder: BINDER_SET_CONTEXT_MGR already set
2018/03/31 13:01:39 executing program 6:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000400)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000580)='/dev/input/mice\x00', 0x0, 0x200001)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x3c, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000028000000000000001000000000000000", @ANYPTR64=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x0, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000800)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000000940)=ANY=[]}, 0x50)
gettid()

[  434.605951] binder: 2039:2041 transaction failed 29201/-22, size 40-16 line 3026
[  434.613493] binder: 2033:2037 got transaction with invalid offset (0, min 24 max 40) or object.
[  434.613535] binder: 2033:2037 transaction failed 29201/-22, size 40-16 line 3026
[  434.614110] binder: 2038:2040 ioctl 40046207 0 returned -16
[  434.622550] binder: BINDER_SET_CONTEXT_MGR already set
2018/03/31 13:01:39 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(0x0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:39 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  434.665343] binder: 2053:2054 got transaction with invalid offsets ptr
[  434.666814] binder: undelivered TRANSACTION_ERROR: 29201
[  434.677708] IPVS: Scheduler module ip_vs_Vlc not found
[  434.688186] binder: 2053:2054 transaction failed 29201/-14, size 40-16 line 2991
[  434.691276] binder: BINDER_SET_CONTEXT_MGR already set
[  434.701670] binder: 2057:2058 ioctl 8010aa01 20000180 returned -22
[  434.709749] binder: undelivered TRANSACTION_ERROR: 29201
[  434.715426] binder_alloc: 2048: binder_alloc_buf, no vma
[  434.721162] binder: 2038:2040 transaction failed 29189/-3, size 40-16 line 2963
[  434.728836] binder: 2057:2058 ioctl c0086420 20000080 returned -22
[  434.738569] binder_alloc: 2048: binder_alloc_buf, no vma
[  434.739996] binder: 2044:2046 ioctl 40046207 0 returned -16
[  434.744170] binder: 2048:2055 transaction failed 29189/-3, size 40-16 line 2963
2018/03/31 13:01:39 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:39 executing program 3:
bind$inet(0xffffffffffffffff, &(0x7f0000000780)={0x2, 0x80000000000000, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10)
setsockopt$RDS_CANCEL_SENT_TO(0xffffffffffffffff, 0x114, 0x1, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x2fa)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x11, @broadcast=0xffffffff, 0x0, 0x0, "566c630000000bab000800"}, 0x2c)
setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000400)={<r2=>r0})
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/wireless\x00')
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r3, 0x84, 0x1e, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
pread64(r3, &(0x7f0000001200)=""/4096, 0x1000, 0x4)
mq_timedreceive(r3, &(0x7f0000000140)=""/165, 0xa5, 0x0, &(0x7f0000000200)={0x77359400})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r3, 0x402c5342, &(0x7f0000000040)={0xfffffffffffffe01, 0x374b, 0x4, {0x0, 0x989680}, 0xffff})
sendto$ax25(r2, &(0x7f0000000440)="5b9617f54b423fe27a87184d6fb06095630e231fea08109c68803c7c888e282438fe880e49d6eef4dc72028105f573a6990f1cb20d0c0c5867d98be919d89f418a3a59890ec43f8ceb6d054e4a785c2731da59936faab79b3cc971596ab0476ec9c9d86215f04ea8bd871c0c874d1e585824afbd030ece4ebbd9b034adde4ac0c2926fabde77eb0dea402c5a9248b60df63b0d004888c8e55f171ee80c7a61dbcfe7bfd7bd2cfbc37b4f5db12c", 0xad, 0x8000, &(0x7f0000000540)={0x3, {"0b251d74ec7391"}}, 0x10)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000b2000)=0xffffffffffffffff, 0x4)
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000180)={0x0, @multicast2, @multicast2}, &(0x7f0000000240)=0xffffffffffffffc8)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x0, 0xffff}, 0x14)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000380)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha384\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab27191a01002356ba602dff05000bfef9b9d2a4b20079fffffffffffffe000225070097c11ed4c2c4dc42ffa86eb9", 0x30)
recvmsg(0xffffffffffffffff, &(0x7f0000158000)={&(0x7f00002fffa0)=@nfc_llcp, 0x60, &(0x7f0000b9c000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000da2000)}, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffff9c, 0xc00c642d, &(0x7f00000002c0)={0x0, 0x80000, 0xffffffffffffff9c})
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffff9c, 0xc0106426, &(0x7f0000000340)={0x2, &(0x7f0000000300)=[{}, {}]})
getresgid(&(0x7f00000005c0)=<r5=>0x0, &(0x7f0000000280), &(0x7f0000000580))
ioctl$TUNSETGROUP(r3, 0x400454ce, r5)
socket$inet(0x2, 0x4, 0x0)

2018/03/31 13:01:39 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x0, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  434.762651] binder: 2059:2060 ioctl 8010aa01 20000180 returned -22
[  434.775094] binder: undelivered TRANSACTION_ERROR: 29201
[  434.788292] binder_alloc: 2048: binder_alloc_buf, no vma
[  434.794169] binder: 2057:2058 transaction failed 29189/-3, size 40-16 line 2963
[  434.800870] binder: 2048:2049 ioctl 40046207 0 returned -16
[  434.802855] binder: undelivered TRANSACTION_ERROR: 29201
2018/03/31 13:01:39 executing program 6:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000400)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000580)='/dev/input/mice\x00', 0x0, 0x200001)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x3c, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000028000000000000001000000000000000", @ANYPTR64=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x0, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000800)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000000940)=ANY=[]}, 0x50)
gettid()

[  434.812262] binder: BINDER_SET_CONTEXT_MGR already set
[  434.826416] binder_alloc: 2048: binder_alloc_buf, no vma
[  434.832014] binder: 2044:2046 transaction failed 29189/-3, size 40-16 line 2963
[  434.843223] binder: undelivered TRANSACTION_ERROR: 29189
[  434.848109] binder: 2059:2060 ioctl 40046207 0 returned -16
[  434.850132] binder: 2064:2066 ioctl 8010aa01 20000180 returned -22
[  434.870704] binder_alloc: 2048: binder_alloc_buf, no vma
[  434.876368] binder: 2069:2072 transaction failed 29189/-3, size 40-16 line 2963
[  434.876684] binder_alloc: 2048: binder_alloc_buf, no vma
[  434.887211] IPVS: Scheduler module ip_vs_Vlc not found
[  434.889446] binder: 2059:2060 transaction failed 29189/-3, size 40-16 line 2963
[  434.904255] binder: 2044:2046 ioctl 541c 20000100 returned -22
[  434.906229] binder: 2070:2071 ioctl 8010aa01 20000180 returned -22
2018/03/31 13:01:39 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:39 executing program 0:
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x4000000, 0x0, "b2cdc16948c2d8debdc6ccd7e69370cd89206e7e7600f494a6f3010400004ec168402aefa9b47ddce6005ef1f5ff018c611f11fe0400973b4f3b4ca8115d75b6", "adcddcbdd258708ed483b1c6d50b363981c4f943de7510903594aa41b5a7d76826f71b49332e607bd68a9352cd05d36e027047e9bd95b49f71e4f89c99b3dacc", "98731c39612dffb0f3700d6862ad2c5e51f2bf1597643d3216b87c072c7cef3c", [0x800000000000004]})
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
r1 = dup(r0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0)
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000400)={0x0, @local}, &(0x7f00000006c0)=0xc)
fchdir(0xffffffffffffffff)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0)
ioctl$DRM_IOCTL_ADD_CTX(r1, 0xc0086420, &(0x7f0000000340)={<r3=>0x0})
ioctl$DRM_IOCTL_SET_SAREA_CTX(r1, 0x4010641c, &(0x7f0000000540)={r3, &(0x7f0000000980)=""/241})
r4 = creat(&(0x7f0000000740)='./file1\x00', 0x0)
fcntl$setstatus(r4, 0x4, 0x6000)
unlink(&(0x7f0000000000)='./file1\x00')
fcntl$getown(r4, 0x9)
pwritev(r4, &(0x7f00000000c0)=[{&(0x7f0000000c00)="cfb93447d6feaef9f73c0561e075a8295d43017ab1a157786dcda36c5eec92a4306f284fa7e3ed364cc2da5c08cf7e4030d394520e123eee6d9ab275c91c174b1364fc943b49faefe12f605b5ce6c1400a91210c00477f900aff390901bf594c18557cb38a7d57ac8ded098b96b9dfc125e3bdc9305193f4cd256068baca5208160d820b9e7a043666ba4801cf6d557fc0f97f35c13ec6c0d1fe97ce1af1c17078ef47ab955200836671e402717481d14936b09828fd6f55fda2f11eb4c61b480e941133c0a4c5ec54033d0d174742191754ffe28b093596286a78ea01078337ada8585aa98dcc1143689002e31ccc5b9f5cfd2bbce5683a0f91b395391a60ba8e8f4d3c10c82c71caa74c44c8b0f3e42f1fc264497d5b9dabf309bad7bdfaa1be37137226b5cf2badc1397e0460b1e002dc5e15a143d79b0e44fb59b43b7f164614bb428a22a6b9acffe96c154bb02d256b3f5f53a92dfd8d1f014a3e30cb061a1ea6abc640869f4be210d60622d528999804f7847eb3a886aeb91f5cd80fd892b950d19144867616ddc95d349a84426d2c2288bac7aa0e7392526874f5ec41e677c4a83ea81e18bb2c382d288b69f1102ee944a764988a87fc38c87ebb41402bf0c7cfc10abb80ad010a68467225c566c3c26ce51decb38b4a36daa4b2a71c8d818dc2973d80fefc0428c801cef822aa6d5678184ea9798450910f223b495ba8886751b815443b370f5aa638d2dfa2c47757ef69e92a7d674e6a7fc866c5bf308232dabbd55fa988952319797b458eaba3cbbe23ede09838646d026f85131a5476770bb5a8eff29472fcfd11e830aee3f276b0a007d85282a11282adb8ca7fe659b2155e01a3243a9381e2c0e75a284a1c99574d1db9f36dee4e6fc399c70697c2e7acdb71b4ff6a600ac2eedb193fac270c5fe4d033f310c95393794be698a66ac15dd2b4b78b3dd3eeae4f3635f7d30884c4f0be382818f53539ec82d781468de173c1ff1126789187ce815d7d6724e8b9f72055ff89a60e6ac533997a3cd3e9ce61e6e954536dd44b0647fa3268150cb64f015efd52fc93d242bac33e7111f118eccb18d20feb69520384a40c93915920904f286b41de292d0e6d531bed37d5ab17932fd57f81a55c82c60a80dc133065bee4f16b881400802420fdb2f23603fe754bf0fe2400c866501f3ce1b37651a134f01ee2ff844707351871a2be3d302e8678cc78a2facfe6db33a09cf99ea9befc93b99f4e17444e589fba89185f5d8ec00d1c4866b5a66d53cf7579cae2f5d789efb20cc34466b9bffd6ef15f54686996828a8ae0f3f93668df29790c03e5c91407ffb244ab3f1e2ddf1a3d501679b34a05765d840a28cb3c5cc1aa711a4b8566f274a897d431b1e4a790360f2075ba4b3ca7cb16666f6b9e60b7dbe868f572882890f8c7e5c03dc0fb343b18dfdab5f5f71f77b97e34c0fbcd24b44fa0fa36bf5064a35a0c2331d0bec6e437835928e29a0aa81843e8917380931882b0fa41903580e260c9b87f00356e260d5ea0f3fdfb64ef678c3cc981f3191f5c5f8d7c16c4f46a837491d7888c6997893bdda25a4934591a0edeee3f08f71467369420986fa34ae0f1654eae41f85fcd7bd1837ad1f26327e43b5dc7d3e54935bc2b1cb2adedb480ca22a9ddd9e38fcd405a008c32dfa5a1364064caa72e1cd552cb18099e5add0c81067ce321a9a96065b6fb2716ab23ecd82d22df153942876cafd10068be6acb7259978ed523c7413302f760d7a77413f8dff3a0c0c0d0e2372dd49e1b709bdbdfba02e4ea475082522953443de01c369ad46e8cf6312b0e21649fa5b330488faeb36eac7da5a6fbdd826ef7bf618a1bec93f2b22d3b2d08203c5049389a944e26ad", 0x53a}], 0x1, 0x0)
getsockopt$packet_int(r1, 0x107, 0x0, &(0x7f0000000200), &(0x7f00000002c0)=0x4)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000140)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000000240)={&(0x7f0000000a80)=ANY=[@ANYBLOB="000000007ec0c5730f367a26bc3b05fbd6324e078bedc00d51e395d96fa4bd8dc0c5b256261b9da9c478065b2053eb6774582233a3bf68c120bf3d5a2611c0251cfa3b54879c5b360e3f529d1d26e5ea7d14b1a83d6be04f6dc730af3f130b1ae42027cd1ad2042d627fa563c4d980c5ea80a5fc14fadfb5a062fd747e07b70031512974a8232dc522c35a376e5e11de51e83403b6b528e94a8ba950269d7daf88ab2d3aa32ced10d51d3341d3c2228e3afef7c81b52af000000000000006874144a32584d147f88fbf8e2c81a06a04636ca04c22ee4f5e872880a9f90ac2b1b22986df62aa188478894933ac36bf05f560cbf3cccf0d41050e4ff4004291d14370c79c0b16845aeae73d80ca1021d3375dfab92673de93191fa24bea9e3d3a51feb9267512e37bec56b0f5d294a1a0c1ae7597aec560887407164382bb94f20902728"], 0x1}, 0x1}, 0x0)
bind$inet6(r0, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c)
fstat(r4, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
quotactl(0x8, &(0x7f0000000080)='./bus\x00', r5, &(0x7f0000000880)="14a70808498915d9a8c5c2fc65dc3d0e46f215f9618afbec03993971ef99656952c281e9b95192f71462d79b9c1e7b26d0bf648a097b04b116bbd17216078869e605bf792fd0ca5c5ce429d663fb95e4da855f579b620fc9f90767e4fbbd2ee4fa15bc597973d932d71348e60cabd56e31fad0ce6dd22a52342f805584eae362407cee8611d6cd916f9dd7663d5ac880de6ebee3968ced66b0436c8bd31be0bbd723b2c9824449d1a7298838af8cb61233a415dcc9ef6b0242d24232203e17b2d37913a039e2dcc0ccfb8e5b7befa8ed1cdc730c18d2d6430da9d0a7009436c1ea7b3116a898af001c0bd28524fc34af798858ac7a801a")
sendto$inet6(r0, &(0x7f0000e77fff), 0xfffffffffffffd8a, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c)
ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f0000000380)={0x0, <r6=>0x0, 0xab6d})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f00000003c0)={r6, 0x80000})
lstat(&(0x7f0000000480)='./bus\x00', &(0x7f00000004c0))
quotactl(0x2, &(0x7f0000000440)='./bus\x00', r5, &(0x7f0000000340))
open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ftruncate(r2, 0x54)
ioctl$EVIOCGRAB(r4, 0x40044590, &(0x7f0000000300)=0xff)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000140), 0x7fffffff)
sendfile(r1, 0xffffffffffffffff, &(0x7f0000d83ff8), 0x0)

[  434.920694] binder: 2064:2066 ioctl c0086420 20000080 returned -22
[  434.943364] binder: undelivered TRANSACTION_ERROR: 29189
[  434.943957] binder_alloc: 2048: binder_alloc_buf, no vma
[  434.954555] binder: 2064:2066 transaction failed 29189/-3, size 40-16 line 2963
[  434.963249] binder: undelivered TRANSACTION_ERROR: 29189
2018/03/31 13:01:39 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:39 executing program 6:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000400)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000580)='/dev/input/mice\x00', 0x0, 0x200001)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x3c, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000028000000000000001000000000000000", @ANYPTR64=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000800)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000000940)=ANY=[]}, 0x50)
gettid()

[  434.973457] binder: undelivered TRANSACTION_ERROR: 29189
[  434.992151] binder: undelivered TRANSACTION_ERROR: 29201
[  434.998269] binder: 2075:2076 ioctl 8010aa01 20000180 returned -22
[  435.010847] binder: 2070:2071 ioctl c0086420 20000080 returned -22
[  435.024901] binder: 2080:2083 ioctl 8010aa01 20000180 returned -22
[  435.033670] binder: undelivered TRANSACTION_ERROR: 29189
[  435.036158] binder: 2075:2076 ioctl c0086420 20000080 returned -22
[  435.056065] binder: 2084:2085 transaction failed 29189/-22, size 40-16 line 2848
[  435.057893] binder: undelivered TRANSACTION_ERROR: 29189
2018/03/31 13:01:39 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  435.068287] binder: 2080:2083 ioctl c0086420 20000080 returned -22
[  435.069319] IPVS: Scheduler module ip_vs_Vlc not found
[  435.076226] binder: 2070:2071 got transaction with invalid offset (0, min 24 max 40) or object.
[  435.098202] binder: BINDER_SET_CONTEXT_MGR already set
[  435.108150] binder: 2089:2092 ioctl 8010aa01 20000180 returned -22
[  435.116167] binder: 2080:2083 got transaction with invalid offset (0, min 24 max 40) or object.
2018/03/31 13:01:39 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:39 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop-control\x00', 0x0, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000240)={0x0, <r1=>0x0})
ptrace$peekuser(0x3, 0x0, 0x542ca047)
socket(0x4, 0x80807, 0x0)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0xa100, 0x0)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@empty, 0xff, 0x2, 0x3, 0x8, 0x81, 0x1, 0xfffffffffffffcd7}, &(0x7f0000000080)=0x20)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
setpgid(r1, r1)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f00000000c0)={<r4=>0x0, 0x9, 0x2}, &(0x7f00000001c0)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={r4, 0xd4, &(0x7f0000000540)=[@in6={0xa, 0x4e21, 0x6, @mcast2={0xff, 0x2, [], 0x1}}, @in6={0xa, 0x4e23, 0x9, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x14, 0xe}}, 0x5}, @in6={0xa, 0x4e24, 0x2, @dev={0xfe, 0x80, [], 0x16}, 0x3}, @in6={0xa, 0x4e21, 0x8, @dev={0xfe, 0x80, [], 0xd}, 0xaf31}, @in6={0xa, 0x4e20, 0x9, @loopback={0x0, 0x1}, 0x6f}, @in6={0xa, 0x4e21, 0x800, @local={0xfe, 0x80, [], 0xaa}, 0x7f}, @in={0x2, 0x4e23, @remote={0xac, 0x14, 0x14, 0xbb}}, @in6={0xa, 0x4e23, 0x9, @loopback={0x0, 0x1}, 0x1}]}, &(0x7f0000000440)=0x10)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r3)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
r5 = dup2(r0, r0)
connect$ax25(0xffffffffffffffff, &(0x7f00000002c0)={0x3, {"20ada8787a1d43"}}, 0x10)
setsockopt$sock_timeval(r5, 0x1, 0x15, &(0x7f00000006c0)={0x0, 0x2710}, 0x10)
ptrace$poke(0x4, r1, &(0x7f0000000680), 0x2)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
getsockopt$packet_int(r2, 0x107, 0x11, &(0x7f0000000480), &(0x7f0000000640)=0x4)
getsockopt$IPT_SO_GET_ENTRIES(r5, 0x0, 0x41, &(0x7f0000000700)={'filter\x00', 0x89, "22adb4830497aae8d6b2cf33de4f619c225f993f727e43b21caac7104dd7aff06de75886371e1d0d8989d413e0a042a4358735b9a5fc8f009d0512083627accac8cb5909413538ce093a72c0a5b6e763cb5e1ea45d0677317a38aba75262f7e246070bbfadb7039e1d854cfaa0ffa79d4f6f720c4aa05a0258ff270068bd2f7e387a54197bc71f83f6"}, &(0x7f0000000800)=0xad)
ioctl$TIOCMSET(r5, 0x5418, &(0x7f0000000280)=0x800)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x38, &(0x7f00000004c0)=[@in6={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}, 0x1f}, @in6={0xa, 0x4e22, 0x3, @mcast1={0xff, 0x1, [], 0x1}}]}, &(0x7f0000000140)=0xc)
execve(&(0x7f0000000300)='./file0\x00', &(0x7f0000000400)=[&(0x7f0000000340)='/dev/loop-control\x00', &(0x7f00000003c0)='/dev/loop-control\x00'], &(0x7f0000000480))

[  435.118139] binder: 2075:2076 ioctl 40046207 0 returned -16
[  435.127183] binder: undelivered TRANSACTION_ERROR: 29189
[  435.132175] binder: 2070:2071 transaction failed 29201/-22, size 40-16 line 3026
[  435.156765] binder: BINDER_SET_CONTEXT_MGR already set
2018/03/31 13:01:39 executing program 6:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000400)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000580)='/dev/input/mice\x00', 0x0, 0x200001)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x3c, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000028000000000000001000000000000000", @ANYPTR64=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000800)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000000940)=ANY=[]}, 0x50)
gettid()

[  435.171296] binder: 2095:2096 ioctl 8010aa01 20000180 returned -22
[  435.191918] binder: 2089:2092 ioctl 40046207 0 returned -16
[  435.192961] binder: undelivered TRANSACTION_ERROR: 29189
[  435.207649] binder: 2080:2083 transaction failed 29201/-22, size 40-16 line 3026
[  435.215144] binder: 2095:2096 got transaction with invalid offset (0, min 24 max 40) or object.
[  435.215379] binder: 2075:2076 got transaction with invalid offset (40, min 24 max 40) or object.
[  435.234194] binder_alloc: 2070: binder_alloc_buf, no vma
[  435.239816] binder: 2089:2092 transaction failed 29189/-3, size 40-16 line 2963
[  435.248965] binder: 2095:2096 transaction failed 29201/-22, size 40-16 line 3026
[  435.259167] binder: undelivered TRANSACTION_ERROR: 29201
[  435.266156] binder: 2075:2076 transaction failed 29201/-22, size 40-16 line 3026
[  435.289674] binder: 2102:2103 transaction failed 29189/-22, size 40-16 line 2848
[  435.316583] binder: undelivered TRANSACTION_ERROR: 29201
[  435.325195] binder: undelivered TRANSACTION_ERROR: 29189
[  435.349213] binder: undelivered TRANSACTION_ERROR: 29201
[  435.356110] binder: 2075:2076 ioctl 541c 20000100 returned -22
[  435.389483] binder: undelivered TRANSACTION_ERROR: 29189
2018/03/31 13:01:40 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:40 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop-control\x00', 0x0, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000240)={0x0, <r1=>0x0})
ptrace$peekuser(0x3, 0x0, 0x542ca047)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
socket(0x4, 0x80807, 0x0)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0xa100, 0x0)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000040)={@empty, 0xff, 0x2, 0x3, 0x8, 0x81, 0x1, 0xfffffffffffffcd7}, &(0x7f0000000080)=0x20)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
setpgid(r1, r1)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f00000000c0)={0x0, 0x9, 0x2}, &(0x7f00000001c0)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0xd4, &(0x7f0000000540)=[@in6={0xa, 0x4e21, 0x6, @mcast2={0xff, 0x2, [], 0x1}}, @in6={0xa, 0x4e23, 0x9, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x14, 0xe}}}, @in6={0xa, 0x4e24, 0x2, @dev={0xfe, 0x80, [], 0x16}, 0x3}, @in6={0xa, 0x4e21, 0x8, @dev={0xfe, 0x80, [], 0xd}, 0xaf31}, @in6={0xa, 0x4e20, 0x9, @loopback={0x0, 0x1}, 0x6f}, @in6={0xa, 0x4e21, 0x800, @local={0xfe, 0x80, [], 0xaa}, 0x7f}, @in={0x2, 0x4e23, @remote={0xac, 0x14, 0x14, 0xbb}}, @in6={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}]}, &(0x7f0000000440)=0x10)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r3)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
r4 = dup2(r0, r0)
connect$ax25(0xffffffffffffffff, &(0x7f00000002c0)={0x3, {"20ada8787a1d43"}}, 0x10)
setsockopt$sock_timeval(r4, 0x1, 0x15, &(0x7f00000006c0)={0x0, 0x2710}, 0x10)
ptrace$poke(0x4, r1, &(0x7f0000000680), 0x2)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
getsockopt$packet_int(r2, 0x107, 0x11, &(0x7f0000000480), &(0x7f0000000640)=0x4)
getsockopt$IPT_SO_GET_ENTRIES(r4, 0x0, 0x41, &(0x7f0000000700)={'filter\x00', 0xab, "22adb4830497aae8d6b2cf33de4f619c225f993f727e43b21caac7104dd7aff06de75886371e1d0d8989d413e0a042a4358735b9a5fc8f009d0512083627accac8cb5909413538ce093a72c0a5b6e763cb5e1ea45d0677317a38aba75262f7e246070bbfadb7039e1d854cfaa0ffa79d4f6f720c4aa05a0258ff270068bd2f7e387a54197bc71f83f6e8c9f21edceb72e71b0549914dd23aced8789a54bc84e1d1aa98ce864379b41d357d"}, &(0x7f0000000800)=0xcf)
ioctl$TIOCMSET(r4, 0x5418, &(0x7f0000000280)=0x800)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x54, &(0x7f00000004c0)=[@in6={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}, 0x1f}, @in6={0xa, 0x4e23, 0xfc3, @ipv4={[], [0xff, 0xff]}}, @in6={0xa, 0x4e22, 0x3, @mcast1={0xff, 0x1, [], 0x1}, 0x2}]}, &(0x7f0000000140)=0x10)
execve(&(0x7f0000000300)='./file0\x00', &(0x7f0000000400)=[&(0x7f0000000340)='/dev/loop-control\x00', &(0x7f0000000380)='uservboxnet0\x00', &(0x7f00000003c0)='/dev/loop-control\x00'], &(0x7f0000000480))

2018/03/31 13:01:40 executing program 3:
bind$inet(0xffffffffffffffff, &(0x7f0000000780)={0x2, 0x80000000000000, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10)
setsockopt$RDS_CANCEL_SENT_TO(0xffffffffffffffff, 0x114, 0x1, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x2fa)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x11, @broadcast=0xffffffff, 0x0, 0x0, "566c630000000bab000800"}, 0x2c)
setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000400)={<r2=>r0})
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/wireless\x00')
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r3, 0x84, 0x1e, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
pread64(r3, &(0x7f0000001200)=""/4096, 0x1000, 0x4)
mq_timedreceive(r3, &(0x7f0000000140)=""/165, 0xa5, 0x0, &(0x7f0000000200)={0x77359400})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r3, 0x402c5342, &(0x7f0000000040)={0xfffffffffffffe01, 0x374b, 0x4, {0x0, 0x989680}, 0x0, 0x1})
sendto$ax25(r2, &(0x7f0000000440)="5b9617f54b423fe27a87184d6fb06095630e231fea08109c68803c7c888e282438fe880e49d6eef4dc72028105f573a6990f1cb20d0c0c5867d98be919d89f418a3a59890ec43f8ceb6d054e4a785c2731da59936faab79b3cc971596ab0476ec9c9d86215f04ea8bd871c0c874d1e585824afbd030ece4ebbd9b034adde4ac0c2926fabde77eb0dea402c5a9248b60df63b0d004888c8e55f171ee80c7a61dbcfe7bfd7bd2cfbc37b4f5db12c", 0xad, 0x8000, &(0x7f0000000540)={0x3, {"0b251d74ec7391"}}, 0x10)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000b2000)=0xffffffffffffffff, 0x4)
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000180)={0x0, @multicast2, @multicast2}, &(0x7f0000000500)=0xc)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x0, 0xffff}, 0x14)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000380)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha384\x00'}, 0x58)
signalfd(r2, &(0x7f0000000240)={0x3f}, 0x8)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab27191a01002356ba602dff05000bfef9b9d2a4b20079fffffffffffffe000225070097c11ed4c2c4dc42ffa86eb9", 0x30)
dup(r3)
recvmsg(0xffffffffffffffff, &(0x7f0000158000)={&(0x7f00002fffa0)=@nfc_llcp, 0x60, &(0x7f0000b9c000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000da2000)}, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffff9c, 0xc00c642d, &(0x7f00000002c0)={0x0, 0x80000, 0xffffffffffffff9c})
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffff9c, 0xc0106426, &(0x7f0000000340)={0x2, &(0x7f0000000300)=[{}, {}]})

2018/03/31 13:01:40 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:40 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:40 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:40 executing program 6:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000400)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000580)='/dev/input/mice\x00', 0x0, 0x200001)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x3c, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000028000000000000001000000000000000", @ANYPTR64=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000800)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000000940)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:40 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  435.419986] binder: undelivered TRANSACTION_ERROR: 29201
[  435.454975] binder: 2112:2114 ioctl 8010aa01 20000180 returned -22
[  435.455869] binder: 2119:2122 ioctl 8010aa01 20000180 returned -22
[  435.471675] IPVS: Scheduler module ip_vs_Vlc not found
[  435.475079] binder: 2110:2115 ioctl 8010aa01 20000180 returned -22
[  435.479333] binder: 2117:2125 ioctl 8010aa01 20000180 returned -22
[  435.484509] binder: 2116:2118 transaction failed 29189/-22, size 40-16 line 2848
[  435.498803] binder: 2112:2114 transaction failed 29189/-22, size 40-16 line 2848
[  435.506331] binder: 2126:2127 ioctl 8010aa01 20000180 returned -22
[  435.513716] binder: 2126:2127 ioctl c0086420 20000080 returned -22
[  435.522205] binder: 2110:2115 ioctl c0086420 20000080 returned -22
[  435.530703] binder: 2119:2122 ioctl c0086420 20000080 returned -22
[  435.539382] binder: 2110:2115 got transaction with invalid offset (0, min 24 max 40) or object.
[  435.544241] binder: 2117:2125 ioctl c0086420 20000080 returned -22
[  435.548445] IPVS: Scheduler module ip_vs_Vlc not found
[  435.561881] binder: undelivered TRANSACTION_ERROR: 29189
[  435.561911] binder: BINDER_SET_CONTEXT_MGR already set
2018/03/31 13:01:40 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  435.585852] binder: 2119:2122 got transaction with invalid offset (0, min 24 max 40) or object.
[  435.594257] binder: 2126:2127 ioctl 40046207 0 returned -16
[  435.604638] binder: 2110:2115 transaction failed 29201/-22, size 40-16 line 3026
[  435.612269] binder: 2133:2135 ioctl 8010aa01 20000180 returned -22
[  435.616842] binder: 2117:2125 got transaction with invalid offset (0, min 24 max 40) or object.
[  435.620232] binder: undelivered TRANSACTION_ERROR: 29189
[  435.630381] binder: 2119:2122 transaction failed 29201/-22, size 40-16 line 3026
[  435.646386] binder: 2117:2125 transaction failed 29201/-22, size 40-16 line 3026
[  435.654918] binder: 2133:2135 got transaction with invalid offset (0, min 24 max 40) or object.
[  435.658169] binder: 2126:2127 got transaction with invalid offset (40, min 24 max 40) or object.
[  435.696424] binder: 2126:2127 transaction failed 29201/-22, size 40-16 line 3026
[  435.706990] binder: undelivered TRANSACTION_ERROR: 29201
[  435.716300] binder: 2133:2135 transaction failed 29201/-22, size 40-16 line 3026
[  435.724585] binder: undelivered TRANSACTION_ERROR: 29201
[  435.745660] binder: 2126:2127 ioctl 541c 20000100 returned -22
[  435.751893] binder: undelivered TRANSACTION_ERROR: 29201
2018/03/31 13:01:40 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:40 executing program 3:
socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000240))
bind$inet(0xffffffffffffffff, &(0x7f0000000780)={0x2, 0x80000000000000, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10)
setsockopt$RDS_CANCEL_SENT_TO(0xffffffffffffffff, 0x114, 0x1, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x2fa)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x11, @broadcast=0xffffffff, 0x0, 0x0, "566c630000000bab000800"}, 0x2c)
setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000400)={<r2=>r0})
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/wireless\x00')
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r3, 0x84, 0x1e, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
pread64(r3, &(0x7f0000001200)=""/4096, 0x1000, 0x4)
mq_timedreceive(r3, &(0x7f0000000140)=""/165, 0xa5, 0x0, &(0x7f0000000200)={0x77359400})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r3, 0x402c5342, &(0x7f0000000040)={0xfffffffffffffe01, 0x374b, 0x4, {0x0, 0x989680}, 0xffff})
sendto$ax25(r2, &(0x7f0000000440)="5b9617f54b423fe27a87184d6fb06095630e231fea08109c68803c7c888e282438fe880e49d6eef4dc72028105f573a6990f1cb20d0c0c5867d98be919d89f418a3a59890ec43f8ceb6d054e4a785c2731da59936faab79b3cc971596ab0476ec9c9d86215f04ea8bd871c0c874d1e585824afbd030ece4ebbd9b034adde4ac0c2926fabde77eb0dea402c5a9248b60df63b0d004888c8e55f171ee80c7a61dbcfe7bfd7bd2cfbc37b4f5db12c", 0xad, 0x8000, &(0x7f0000000540)={0x3, {"0b251d74ec7391"}}, 0x10)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000b2000)=0xffffffffffffffff, 0x4)
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000180)={0x0, @multicast2, @multicast2}, &(0x7f0000000500)=0xc)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x0, 0xffff}, 0x14)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000380)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha384\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab27191a01002356ba602dff05000bfef9b9d2a4b20079fffffffffffffe000225070097c11ed4c2c4dc42ffa86eb9", 0x30)
recvmsg(0xffffffffffffffff, &(0x7f0000158000)={&(0x7f00002fffa0)=@nfc_llcp, 0x60, &(0x7f0000b9c000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000da2000)}, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffff9c, 0xc00c642d, &(0x7f00000002c0)={0x0, 0x80000, 0xffffffffffffff9c})
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffff9c, 0xc0106426, &(0x7f0000000340)={0x2, &(0x7f0000000300)=[{}, {}]})

2018/03/31 13:01:40 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:40 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:40 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:40 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000040)={'syzkaller1\x00', 0x6})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0))
timer_gettime(0x0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x6, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x7, 0x7, 0x7, 0x0, 0x0, 0x0, 0x5, 0x7, 0xff, 0x0, 0xc78, 0x0, 0x0, 0x7ff})
r1 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
ioctl$UFFDIO_UNREGISTER(r2, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(0xffffffffffffffff, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x7, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0), 0x4)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x0, 0x400})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x0, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:40 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:40 executing program 6:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x0, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00', 0x6})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x6, 0x3f71, 0x8181, 0x0, 0x6, 0x2, 0x80, 0x5f, 0x7, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0x0, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x7, 0xffffffffffffffff})
ioctl$int_out(0xffffffffffffffff, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x0, 0x0, 0x0, 0x20}, 0x8, 0x5})
sysinfo(&(0x7f00000005c0)=""/23)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x0, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x0, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)

[  435.795379] binder: undelivered TRANSACTION_ERROR: 29201
[  435.814591] binder: undelivered TRANSACTION_ERROR: 29201
[  435.856543] binder: 2147:2149 ioctl 8010aa01 20000180 returned -22
[  435.860348] binder: 2143:2146 ioctl c0086420 20000080 returned -22
[  435.865814] binder: 2150:2151 ioctl 8010aa01 20000180 returned -22
[  435.873599] binder: 2140:2142 ioctl 8010aa01 20000180 returned -22
[  435.883473] binder: BINDER_SET_CONTEXT_MGR already set
[  435.889371] IPVS: Scheduler module ip_vs_Vlc not found
[  435.892424] binder: 2147:2149 ioctl c0086420 20000080 returned -22
[  435.897102] binder: 2152:2153 got transaction with invalid offset (40, min 24 max 40) or object.
[  435.905216] binder: 2141:2157 ioctl 8010aa01 20000180 returned -22
[  435.910588] binder: 2148:2156 ioctl 40046207 0 returned -16
[  435.922529] binder: 2150:2151 ioctl c0086420 20000080 returned -22
[  435.924345] binder: 2140:2142 ioctl c0086420 20000080 returned -22
[  435.936261] binder: 2143:2146 got transaction with invalid offset (0, min 24 max 40) or object.
[  435.943450] binder: 2147:2149 got transaction with invalid offset (0, min 24 max 40) or object.
[  435.945394] binder: 2152:2153 transaction failed 29201/-22, size 40-16 line 3026
[  435.955434] binder: BINDER_SET_CONTEXT_MGR already set
[  435.962646] binder: 2143:2146 transaction failed 29201/-22, size 40-16 line 3026
[  435.975386] binder: 2141:2157 ioctl c0086420 20000080 returned -22
[  435.977411] binder: 2140:2142 got transaction with invalid offset (0, min 24 max 40) or object.
[  435.985810] IPVS: Scheduler module ip_vs_Vlc not found
[  435.991965] binder: 2148:2156 got transaction with invalid offset (40, min 24 max 40) or object.
[  436.003230] binder: BINDER_SET_CONTEXT_MGR already set
[  436.006154] binder: 2148:2156 transaction failed 29201/-22, size 40-16 line 3026
[  436.013071] binder: 2147:2149 transaction failed 29201/-22, size 40-16 line 3026
[  436.027399] binder: 2150:2151 ioctl 40046207 0 returned -16
[  436.030929] binder: 2140:2142 transaction failed 29201/-22, size 40-16 line 3026
[  436.036767] binder: 2141:2157 ioctl 40046207 0 returned -16
[  436.050954] binder: BINDER_SET_CONTEXT_MGR already set
2018/03/31 13:01:40 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:40 executing program 3:
bind$inet(0xffffffffffffffff, &(0x7f0000000780)={0x2, 0x80000000000000, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10)
setsockopt$RDS_CANCEL_SENT_TO(0xffffffffffffffff, 0x114, 0x1, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x2fa)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x11, @broadcast=0xffffffff, 0x0, 0x0, "566c630000000bab000800"}, 0x2c)
setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000400)={<r2=>r0})
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/wireless\x00')
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r3, 0x84, 0x1e, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
pread64(r3, &(0x7f0000001200)=""/4096, 0x1000, 0x4)
mq_timedreceive(r3, &(0x7f0000000140)=""/165, 0xa5, 0x0, &(0x7f0000000200)={0x77359400})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r3, 0x402c5342, &(0x7f0000000040)={0xfffffffffffffe01, 0x374b, 0x4, {0x0, 0x989680}, 0xffff})
sendto$ax25(r2, &(0x7f0000000580)="5b9617f54b423fe27a87184d6fb06095630e231fea08109c68803c7c888e282438fe880e49d6eef4dc72028105f573a6990f1cb20d0c0c5867d98be919d89f418a3a48c29b9259890ec43f8ceb6d054e4a785c2731da590800aab79b3cc971596ab0476ec9c9d86215f04ea8bd871c0c874d1e585824afbd030ece4ebbd9b034ad475b6dcabf578ab877eb0dea402c5a9248b60df63b0d050000010000000000000061dbcfe7bfd7bd2cfbc37b", 0xad, 0x8003, &(0x7f0000000540)={0x3, {"0b253df4ec8008"}}, 0xfffffffffffffff9)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000b2000)=0xffffffffffffffff, 0x4)
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000180)={0x0, @multicast2, @multicast2}, &(0x7f0000000500)=0xc)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x0, 0xffff}, 0x14)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000380)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha384\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab27191a01002356ba602dff05000bfef9b9d2a4b20079fffffffffffffe000225070097c11ed4c2c4dc42ffa86eb9", 0x30)
recvmsg(0xffffffffffffffff, &(0x7f0000158000)={&(0x7f00002fffa0)=@nfc_llcp, 0x60, &(0x7f0000b9c000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000da2000)}, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffff9c, 0xc00c642d, &(0x7f00000002c0)={0x0, 0x80000, 0xffffffffffffff9c})
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffff9c, 0xc0106426, &(0x7f0000000340)={0x2, &(0x7f0000000300)=[{}, {}]})

[  436.057965] binder_alloc: 2152: binder_alloc_buf, no vma
[  436.063560] binder: 2152:2163 transaction failed 29189/-3, size 40-16 line 2963
[  436.063958] binder_alloc: 2152: binder_alloc_buf, no vma
[  436.071884] binder: undelivered TRANSACTION_ERROR: 29201
[  436.076676] binder: 2150:2151 transaction failed 29189/-3, size 40-16 line 2963
[  436.082933] binder: 2152:2153 ioctl 40046207 0 returned -16
[  436.101297] binder_alloc: 2152: binder_alloc_buf, no vma
[  436.106901] binder: 2141:2157 transaction failed 29189/-3, size 40-16 line 2963
[  436.120879] binder: BINDER_SET_CONTEXT_MGR already set
[  436.134118] binder: 2148:2164 ioctl 40046207 0 returned -16
[  436.134704] binder: 2166:2167 ioctl c0086420 20000080 returned -22
2018/03/31 13:01:40 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:40 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  436.161580] binder: 2141:2157 ioctl 541c 20000100 returned -22
[  436.162507] binder_alloc: 2152: binder_alloc_buf, no vma
[  436.172314] binder: undelivered TRANSACTION_ERROR: 29201
[  436.173308] binder: 2148:2156 transaction failed 29189/-3, size 40-16 line 2963
[  436.192536] binder: undelivered TRANSACTION_ERROR: 29201
[  436.193509] binder_alloc: 2152: binder_alloc_buf, no vma
[  436.204515] binder: 2166:2167 transaction failed 29189/-3, size 40-16 line 2963
2018/03/31 13:01:40 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:40 executing program 6:
madvise(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x9)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f00005d5ff3)={0x2, 0x4e20, @rand_addr}, 0x10)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip6_flowlabel\x00')
readv(r1, &(0x7f0000001400)=[{&(0x7f00000012c0)=""/226, 0xe2}], 0x1)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000000)={<r2=>0x0, 0x7fffffff}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000180)={r2, @in={{0x2, 0x4e22, @multicast2=0xe0000002}}, 0x1f, 0xfff}, &(0x7f0000000080)=0x90)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='htcp\x00', 0x5)
mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000)

[  436.224344] binder: 2172:2173 ioctl 8010aa01 20000180 returned -22
[  436.233651] binder: undelivered TRANSACTION_ERROR: 29189
[  436.239674] binder: undelivered TRANSACTION_ERROR: 29189
[  436.252155] IPVS: Scheduler module ip_vs_Vlc not found
[  436.258797] binder: 2175:2177 ioctl 8010aa01 20000180 returned -22
2018/03/31 13:01:40 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  436.270320] binder: undelivered TRANSACTION_ERROR: 29201
[  436.272619] binder: 2179:2180 ioctl 8010aa01 20000180 returned -22
[  436.278370] binder: 2172:2173 ioctl c0086420 20000080 returned -22
[  436.295290] binder: undelivered TRANSACTION_ERROR: 29189
[  436.301278] binder: 2175:2177 ioctl c0086420 20000080 returned -22
[  436.312602] IPVS: Scheduler module ip_vs_Vlc not found
[  436.321585] binder: 2179:2180 ioctl c0086420 20000080 returned -22
[  436.325136] binder: 2172:2173 transaction failed 29189/-22, size 40-16 line 2848
[  436.333084] binder: 2175:2177 transaction failed 29189/-22, size 40-16 line 2848
[  436.350785] binder: undelivered TRANSACTION_ERROR: 29189
[  436.356065] binder: 2179:2180 got transaction with invalid offset (40, min 24 max 40) or object.
[  436.370676] binder: undelivered TRANSACTION_ERROR: 29189
[  436.373769] binder: 2186:2187 ioctl 8010aa01 20000180 returned -22
[  436.387737] binder: undelivered TRANSACTION_ERROR: 29201
[  436.394118] binder: 2179:2180 transaction failed 29201/-22, size 40-16 line 3026
[  436.424501] binder: undelivered TRANSACTION_ERROR: 29189
[  436.432194] binder: 2179:2180 ioctl 541c 20000100 returned -22
[  436.435454] binder: 2186:2187 ioctl c0086420 20000080 returned -22
[  436.452010] binder: undelivered TRANSACTION_ERROR: 29189
[  436.458639] binder: BINDER_SET_CONTEXT_MGR already set
[  436.469200] binder: 2186:2187 ioctl 40046207 0 returned -16
2018/03/31 13:01:41 executing program 6:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.net\x00', 0x200002, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0/file0\x00', 0x400, 0x100)
fchdir(r0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x2000)
unlink(&(0x7f0000000080)='./file0/file0\x00')
r1 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x9e9a, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(r1, 0x118, 0x0, &(0x7f0000000180)=0x8000, 0xfffffffffffffcfa)
openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0/file0\x00', 0x20000000001, 0x0)
ioctl$EVIOCGABS20(0xffffffffffffffff, 0x80184560, &(0x7f0000000080))
r2 = request_key(&(0x7f0000000280)='blacklist\x00', &(0x7f00000002c0)={0x73, 0x79, 0x7a, 0x1}, &(0x7f0000000300)='\x00', 0x0)
keyctl$setperm(0x5, r2, 0x4)
rmdir(&(0x7f00000000c0)='./file0\x00')

2018/03/31 13:01:41 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:41 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:41 executing program 0:
r0 = socket(0xa, 0x2, 0x0)
flock(r0, 0x6)
sendmsg$IPVS_CMD_GET_INFO(r0, &(0x7f00000009c0)={&(0x7f0000000500)={0x10}, 0xc, &(0x7f0000000980)={&(0x7f0000000d80)=ANY=[@ANYBLOB="010e28bd7000fedb00f0b653f4e0be713966c50f0000000810060003000000680001000800050001000000080001000a00000008000bf072697e0008000b00736970000c0900000008c80f0fa5831f3c9ed96a7f530001000a0000da25c08ec968c3507f62efad1442a6a5079f0404a21c0dedf883e08695c90007c6752b11623f0020000000030100bd001a08370b007369700014000300ffff000000000000753f1e443084836ddea0f0a4a342b7a6bbd9511db0ecc72260e701c8a397000000000000b477e4ca0811f37134cb9d24bb"], 0x1}, 0x1, 0x0, 0x0, 0x50}, 0x20000884)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000200))
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}, 0x1f}, 0x1c)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f00000006c0)={0x0, @in6={{0xa, 0x4e20, 0x0, @mcast1={0xff, 0x1, [], 0x1}, 0x401}}, 0x6d}, &(0x7f00000004c0)=0x88)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000b00)='./cgroup.cpu\x00', 0x200002, 0x0)
fchdir(r1)
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000bc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000940)={&(0x7f0000000c40)={0x6c, 0x0, 0x400, 0x0, 0x25dfdbfe, {0x5}, [@IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}]}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x4}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3}, @IPVS_CMD_ATTR_SERVICE={0x4, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x24, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x1d}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0xdf}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40000c0}, 0x0)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
fallocate(r2, 0x0, 0x8004, 0x0)
fallocate(r2, 0x0, 0x4b99, 0x5)
r3 = open(&(0x7f0000000340)='./bus\x00', 0x141042, 0xc)
sendfile(r3, r3, &(0x7f0000000040), 0x80000001)
fallocate(r0, 0x800000200000008, 0x7, 0x4)
sendfile(r3, r2, 0x0, 0xc08f)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @multicast1=0xe0000001}, 0x10)
r4 = creat(&(0x7f0000000100)='./file1\x00', 0x0)
ioctl$DRM_IOCTL_SET_VERSION(r4, 0xc0106407, &(0x7f00000000c0)={0x55c, 0x2, 0xffffffffffff5165, 0x4c})
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000240)=ANY=[@ANYBLOB], &(0x7f0000000280)=0x1)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r3, 0xc08c5335, &(0x7f0000000140)={0x2, 0x8, 0x0, 'queue0\x00', 0xab})
mlockall(0x2)
mkdir(&(0x7f0000000000)='./file1\x00', 0x21)
remap_file_pages(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x2, 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f000000c000)='ramfs\x00', 0x0, &(0x7f000032e000))
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r5, 0x7fff)

2018/03/31 13:01:41 executing program 3:
bind$inet(0xffffffffffffffff, &(0x7f0000000780)={0x2, 0x80000000000000, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10)
setsockopt$RDS_CANCEL_SENT_TO(0xffffffffffffffff, 0x114, 0x1, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x2fa)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x11, @broadcast=0xffffffff, 0x0, 0x0, "566c630000000bab000800"}, 0x2c)
setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000400)={<r2=>r0})
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/wireless\x00')
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r3, 0x84, 0x1e, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
pread64(r3, &(0x7f0000001200)=""/4096, 0x1000, 0x4)
mq_timedreceive(r3, &(0x7f0000000140)=""/165, 0xa5, 0x0, &(0x7f0000000200)={0x77359400})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r3, 0x402c5342, &(0x7f0000000040)={0xfffffffffffffe01, 0x374b, 0x4, {0x0, 0x989680}, 0xffff})
sendto$ax25(r2, &(0x7f0000000440)="5b9617f54b423fe27a87184d6fb06095630e231fea08109c68803c7c888e282438fe880e49d6eef4dc72028105f573a6990f1cb20d0c0c5867d98be919d89f418a3a59890ec43f8ceb6d054e4a785c2731da59936faab79b3cc971596ab0476ec9c9d86215f04ea8bd871c0c874d1e585824afbd030ece4ebbd9b034adde4ac0c2926fabde77eb0dea402c5a9248b60df63b0d004888c8e55f171ee80c7a61dbcfe7bfd7bd2cfbc37b4f5db12c", 0xad, 0x8000, &(0x7f0000000540)={0x3, {"0b251d74ec7391"}}, 0x10)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x4, &(0x7f0000000240)=0xffffffffffffffff, 0x4)
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000180)={0x0, @multicast2, @multicast2}, &(0x7f0000000500)=0xc)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x0, 0xffff}, 0x14)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000380)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha384\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab27191a01002356ba602dff05000bfef9b9d2a4b20079fffffffffffffe000225070097c11ed4c2c4dc42ffa86eb9", 0x30)
recvmsg(0xffffffffffffffff, &(0x7f0000158000)={&(0x7f00002fffa0)=@nfc_llcp, 0x60, &(0x7f0000b9c000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000da2000)}, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffff9c, 0xc00c642d, &(0x7f00000002c0)={0x0, 0x7fffd, 0xffffffffffffff9c})
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffff9c, 0xc0106426, &(0x7f0000000340)={0x2, &(0x7f0000000300)=[{}, {}]})

2018/03/31 13:01:41 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:41 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  436.476105] binder: undelivered TRANSACTION_ERROR: 29201
[  436.476729] binder: 2186:2187 transaction failed 29189/-22, size 40-16 line 2848
[  436.505919] binder: undelivered TRANSACTION_ERROR: 29189
2018/03/31 13:01:41 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  436.529727] binder: 2195:2197 ioctl 8010aa01 20000180 returned -22
[  436.553594] binder: 2195:2197 ioctl c0086420 20000080 returned -22
[  436.554683] binder: 2203:2209 ioctl 8010aa01 20000180 returned -22
[  436.568377] IPVS: Scheduler module ip_vs_Vlc not found
2018/03/31 13:01:41 executing program 0:
request_key(&(0x7f0000000480)='encrypted\x00', &(0x7f0000000640)={0x73, 0x79, 0x7a}, &(0x7f0000000680)='vmnet0*\x00', 0xfffffffffffffffc)

[  436.572240] binder: 2195:2197 transaction failed 29189/-22, size 40-16 line 2848
[  436.575086] binder: 2202:2204 ioctl 8010aa01 20000180 returned -22
[  436.589059] binder: 2200:2208 ioctl c0086420 20000080 returned -22
[  436.611277] binder: 2200:2208 transaction failed 29189/-22, size 40-16 line 2848
[  436.616293] binder: 2212:2213 ioctl 8010aa01 20000180 returned -22
2018/03/31 13:01:41 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:41 executing program 6:
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000180)='/dev/vcsa#\x00', 0x0, 0x80000)
ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4008af04, &(0x7f0000000240)=&(0x7f0000000200))
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
mount(&(0x7f0000000040)='./control\x00', &(0x7f0000000080)='./control\x00', &(0x7f0000000100)='xfs\x00', 0x21000, &(0x7f00000001c0))
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000380)=ANY=[@ANYRES32=0x0], &(0x7f0000000480)=0x1)
unlink(&(0x7f00000000c0)='./control/file0\x00')
syz_mount_image$btrfs(&(0x7f00000001c0)='btrfs\x00', &(0x7f00000003c0)='./control\x00', 0x0, 0x0, &(0x7f0000000400), 0x0, &(0x7f0000000580)={[{@datasum='datasum', 0x2c}, {@enospc_debug='enospc_debug', 0x2c}]})
rmdir(&(0x7f000015dff6)='./control\x00')
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000440)={0x0, 0x3ff}, &(0x7f0000000600)=0x8)
close(r0)

[  436.625635] binder: 2203:2209 ioctl c0086420 20000080 returned -22
[  436.634252] binder: 2202:2204 ioctl c0086420 20000080 returned -22
[  436.646645] binder: undelivered TRANSACTION_ERROR: 29189
[  436.658774] binder: 2203:2209 got transaction with invalid offset (40, min 24 max 40) or object.
[  436.679718] IPVS: Scheduler module ip_vs_Vlc not found
[  436.680957] binder: BINDER_SET_CONTEXT_MGR already set
[  436.691183] binder: 2203:2209 transaction failed 29201/-22, size 40-16 line 3026
[  436.705231] binder: 2212:2213 ioctl c0086420 20000080 returned -22
[  436.711466] binder: undelivered TRANSACTION_ERROR: 29189
[  436.717528] binder: 2202:2204 ioctl 40046207 0 returned -16
[  436.720170] binder: 2219:2223 ioctl 8010aa01 20000180 returned -22
2018/03/31 13:01:41 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:41 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x200300)
setsockopt$sock_void(0xffffffffffffffff, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000040)={'syzkaller1\x00', 0x6})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0))
timer_gettime(0x0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r1=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r1})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r2 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r2, 0x0)
r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
ioctl$UFFDIO_UNREGISTER(r3, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r3, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x7, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5})
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0), 0x4)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x0, 0x8000, 0x400, 0x0, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x0, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  436.727242] binder: 2203:2209 ioctl 541c 20000100 returned -22
2018/03/31 13:01:41 executing program 3:
bind$inet(0xffffffffffffffff, &(0x7f0000000780)={0x2, 0x80000000000000, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10)
setsockopt$RDS_CANCEL_SENT_TO(0xffffffffffffffff, 0x114, 0x1, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x2fa)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x11, @broadcast=0xffffffff, 0x0, 0x0, "566c630000000bab000800"}, 0x2c)
setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000400)={<r2=>r0})
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/wireless\x00')
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r3, 0x84, 0x1e, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
pread64(r3, &(0x7f0000001200)=""/4096, 0x1000, 0x4)
mq_timedreceive(r3, &(0x7f0000000140)=""/165, 0xa5, 0x0, &(0x7f0000000200)={0x77359400})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r3, 0x402c5342, &(0x7f0000000240)={0xfffffffffffffe01, 0x374b, 0x4, {0x0, 0x989680}, 0xffff})
sendto$ax25(r2, &(0x7f0000000440)="5b9617f54b423fe27a87184d6fb06095630e231fea08109c68803c7c888e282438fe880e49d6eef4dc72028105f573a6990f1cb20d0c0c5867d98be919d89f418a3a59890ec43f8ceb6d054e4a785c2731da59936faab79b3cc971596ab0476ec9c9d86215f04ea8bd871c0c874d1e585824afbd030ece4ebbd9b034adde4ac0c2926fabde77eb0dea402c5a9248b60df63b0d004888c8e55f171ee80c7a61dbcfe7bfd7bd2cfbc37b4f5db12c", 0xad, 0x8000, &(0x7f0000000540)={0x3, {"0b251d74ec7391"}}, 0x10)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000b2000)=0xffffffffffffffff, 0x4)
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000180)={0x0, @multicast2, @multicast2}, &(0x7f0000000500)=0xc)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x0, 0xffff}, 0x14)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000380)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha384\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab27191a01002356ba602dff05000bfef9b9d2a4b20079fffffffffffffe000225070097c11ed4c2c4dc42ffa86eb9", 0x30)
recvmsg(0xffffffffffffffff, &(0x7f0000158000)={&(0x7f00002fffa0)=@nfc_llcp, 0x60, &(0x7f0000b9c000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000da2000)}, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffff9c, 0xc00c642d, &(0x7f00000002c0)={0x0, 0x80000, 0xffffffffffffff9c})
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffff9c, 0xc0106426, &(0x7f0000000340)={0x2, &(0x7f0000000300)=[{}, {}]})

[  436.751006] binder: BINDER_SET_CONTEXT_MGR already set
[  436.762336] binder: 2219:2223 ioctl c0086420 20000080 returned -22
[  436.779499] binder: 2228:2229 got transaction with invalid offset (0, min 24 max 40) or object.
[  436.781075] binder: 2212:2213 ioctl 40046207 0 returned -16
2018/03/31 13:01:41 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  436.799692] binder: 2230:2231 ioctl 8010aa01 20000180 returned -22
[  436.801867] binder: 2219:2223 got transaction with invalid offset (0, min 24 max 40) or object.
[  436.825523] binder: 2228:2229 transaction failed 29201/-22, size 40-16 line 3026
[  436.833899] IPVS: Scheduler module ip_vs_Vlc not found
[  436.837454] binder: 2219:2223 transaction failed 29201/-22, size 40-16 line 3026
2018/03/31 13:01:41 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  436.843149] binder: 2230:2231 ioctl c0086420 20000080 returned -22
[  436.848182] binder: 2212:2213 got transaction with invalid offset (0, min 24 max 40) or object.
[  436.869595] binder: undelivered TRANSACTION_ERROR: 29201
[  436.877951] binder: 2235:2236 ioctl 8010aa01 20000180 returned -22
2018/03/31 13:01:41 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  436.895232] binder: 2212:2213 transaction failed 29201/-22, size 40-16 line 3026
[  436.901422] binder: 2230:2231 got transaction with invalid offset (0, min 24 max 40) or object.
[  436.913557] binder: 2239:2240 ioctl c0086420 20000080 returned -22
[  436.918517] binder: 2235:2236 ioctl c0086420 20000080 returned -22
[  436.924457] binder: undelivered TRANSACTION_ERROR: 29201
[  436.926796] IPVS: Scheduler module ip_vs_Vlc not found
[  436.938725] binder: undelivered TRANSACTION_ERROR: 29201
2018/03/31 13:01:41 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  436.944789] binder: 2230:2231 transaction failed 29201/-22, size 40-16 line 3026
[  436.958211] binder: BINDER_SET_CONTEXT_MGR already set
[  436.963999] binder: BINDER_SET_CONTEXT_MGR already set
[  436.967991] binder: 2243:2244 ioctl 8010aa01 20000180 returned -22
[  436.977412] binder: 2235:2236 ioctl 40046207 0 returned -16
[  436.984464] binder: 2239:2240 ioctl 40046207 0 returned -16
[  436.993097] binder: 2246:2247 got transaction with invalid offset (0, min 24 max 40) or object.
2018/03/31 13:01:41 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:41 executing program 3:
bind$inet(0xffffffffffffffff, &(0x7f0000000780)={0x2, 0x80000000000000, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10)
setsockopt$RDS_CANCEL_SENT_TO(0xffffffffffffffff, 0x114, 0x1, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x2fa)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x11, @broadcast=0xffffffff, 0x0, 0x0, "566c630000000bab000800"}, 0x2c)
setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000400)={<r2=>r0})
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/wireless\x00')
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r3, 0x84, 0x1e, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
pread64(r3, &(0x7f0000001200)=""/4096, 0x1000, 0x4)
mq_timedreceive(r3, &(0x7f0000000140)=""/165, 0xa5, 0x0, &(0x7f0000000200)={0x77359400})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r3, 0x402c5342, &(0x7f0000000040)={0xfffffffffffffe01, 0x374b, 0x4, {0x0, 0x989680}, 0xffff})
sendto$ax25(r2, &(0x7f0000000440)="5b9617f54b423fe27a87184d6fb06095630e231fea08109c68803c7c888e282438fe880e49d6eef4dc72028105f573a6990f1cb20d0c0c5867d98be919d89f418a3a59890ec43f8ceb6d054e4a785c2731da59936faab79b3cc971596ab0476ec9c9d86215f04ea8bd871c0c874d1e585824afbd030ece4ebbd9b034adde4ac0c2926fabde77eb0dea402c5a9248b60df63b0d004888c8e55f171ee80c7a61dbcfe7bfd7bd2cfbc37b4f5db12c", 0xad, 0x8000, &(0x7f0000000540)={0x3, {"0b251d74ec7391"}}, 0x10)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000b2000)=0xffffffffffffffff, 0x4)
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000180)={0x0, @multicast2, @multicast2}, &(0x7f0000000500)=0xc)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x0, 0xffff}, 0x14)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000380)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha384\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab27191a01002356ba602dff05000bfef9b9d2a4b20079fffffffffffffe000225070097c11ed4c2c4dc42ffa86eb9", 0x30)
recvmsg(0xffffffffffffffff, &(0x7f0000158000)={&(0x7f00002fffa0)=@nfc_llcp, 0x60, &(0x7f0000b9c000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000da2000)}, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffff9c, 0xc00c642d, &(0x7f00000002c0)={0x0, 0x80000, 0xffffffffffffff9c})
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffff9c, 0xc0106426, &(0x7f0000000340)={0x2, &(0x7f0000000300)=[{}, {}]})
setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r2, 0x84, 0x7, &(0x7f0000000240)={0x2}, 0x4)

[  436.999335] binder: undelivered TRANSACTION_ERROR: 29201
[  437.008252] binder: 2243:2244 ioctl c0086420 20000080 returned -22
[  437.023985] binder: 2239:2240 got transaction with invalid offset (40, min 24 max 40) or object.
[  437.034305] binder: 2243:2244 got transaction with invalid offset (0, min 24 max 40) or object.
[  437.046271] binder_alloc: binder_alloc_mmap_handler: 2230 20000000-20002000 already mapped failed -16
[  437.046848] binder: 2246:2247 transaction failed 29201/-22, size 40-16 line 3026
[  437.059137] binder: 2239:2240 transaction failed 29201/-22, size 40-16 line 3026
[  437.076185] binder: 2249:2250 ioctl 8010aa01 20000180 returned -22
[  437.089712] binder: 2230:2248 ioctl 8010aa01 20000180 returned -22
[  437.089860] binder: 2243:2244 transaction failed 29201/-22, size 40-16 line 3026
[  437.100876] binder: 2249:2250 ioctl c0086420 20000080 returned -22
[  437.106856] binder: 2239:2240 ioctl 541c 20000100 returned -22
[  437.116678] IPVS: Scheduler module ip_vs_Vlc not found
[  437.124338] binder: 2230:2231 ioctl c0086420 20000080 returned -22
[  437.145606] binder: BINDER_SET_CONTEXT_MGR already set
[  437.151254] binder: undelivered TRANSACTION_ERROR: 29201
[  437.155085] binder: BINDER_SET_CONTEXT_MGR already set
[  437.167088] binder: 2249:2250 ioctl 40046207 0 returned -16
[  437.168675] binder: undelivered TRANSACTION_ERROR: 29201
[  437.179461] binder_alloc: 2230: binder_alloc_buf, no vma
[  437.185055] binder: 2230:2231 transaction failed 29189/-3, size 40-16 line 2963
[  437.193377] IPVS: Scheduler module ip_vs_Vlc not found
[  437.200425] binder_alloc: 2230: binder_alloc_buf, no vma
[  437.206060] binder: 2249:2250 transaction failed 29189/-3, size 40-16 line 2963
[  437.214392] binder: undelivered TRANSACTION_ERROR: 29201
[  437.221177] binder: 2230:2248 ioctl 40046207 0 returned -16
[  437.263578] binder: undelivered TRANSACTION_ERROR: 29189
[  437.269446] binder: undelivered TRANSACTION_ERROR: 29201
[  437.276809] binder: undelivered TRANSACTION_ERROR: 29189
2018/03/31 13:01:42 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:42 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:42 executing program 3:
bind$inet(0xffffffffffffffff, &(0x7f0000000780)={0x2, 0x80000000000000, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10)
setsockopt$RDS_CANCEL_SENT_TO(0xffffffffffffffff, 0x114, 0x1, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x2fa)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x11, @broadcast=0xffffffff, 0x0, 0x0, "566c630000000bab000800"}, 0x2c)
setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000400)={<r2=>r0})
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/wireless\x00')
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r3, 0x84, 0x1e, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
pread64(r3, &(0x7f0000001200)=""/4096, 0x1000, 0x4)
mq_timedreceive(r3, &(0x7f0000000140)=""/165, 0xa5, 0x0, &(0x7f0000000200)={0x77359400})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r3, 0x402c5342, &(0x7f0000000040)={0xfffffffffffffe01, 0x374b, 0x4, {0x0, 0x989680}, 0xffff})
sendto$ax25(r2, &(0x7f0000000440)="5b9617f54b423fe27a87184d6fb06095630e231fea08109c68803c7c888e282438fe880e49d6eef4dc72028105f573a6990f1cb20d0c0c5867d98be919d89f418a3a59890ec43f8ceb6d054e4a785c2731da59936faab79b3cc971596ab0476ec9c9d86215f04ea8bd871c0c874d1e585824afbd030ece4ebbd9b034adde4ac0c2926fabde77eb0dea402c5a9248b60df63b0d004888c8e55f171ee80c7a61dbcfe7bfd7bd2cfbc37b4f5db12c", 0xad, 0x8000, &(0x7f0000000540)={0x3, {"0b251d74ec7391"}}, 0x10)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000b2000)=0xffffffffffffffff, 0x4)
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000180)={0x0, @multicast2, @multicast2}, &(0x7f0000000500)=0xc)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x0, 0xffff}, 0x14)
r4 = socket$alg(0x26, 0x5, 0x0)
ioctl$VHOST_SET_FEATURES(r3, 0x4008af00, &(0x7f0000000240)=0x400801c)
bind$alg(r4, &(0x7f0000000380)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha384\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab27191a01002356ba602dff05000bfef9b9d2a4b20079fffffffffffffe000225070097c11ed4c2c4dc42ffa86eb9", 0x30)
recvmsg(0xffffffffffffffff, &(0x7f0000158000)={&(0x7f00002fffa0)=@nfc_llcp, 0x60, &(0x7f0000b9c000)=[{&(0x7f000080f000)=""/4096, 0x1000}], 0x1, &(0x7f0000da2000)}, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffff9c, 0xc00c642d, &(0x7f00000002c0)={0x0, 0x80000, 0xffffffffffffff9c})
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffff9c, 0xc0106426, &(0x7f0000000340)={0x2, &(0x7f0000000300)=[{}, {}]})

2018/03/31 13:01:42 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:42 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:42 executing program 6:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop-control\x00', 0x0, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000240)={0x0, <r1=>0x0})
ptrace$peekuser(0x3, 0x0, 0x542ca047)
socket(0x4, 0x80807, 0x0)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0xa100, 0x0)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000040)={@empty, 0xff, 0x2, 0x3, 0x8, 0x81, 0x1, 0xfffffffffffffcd7}, &(0x7f0000000080)=0x20)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
setpgid(r1, r1)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f00000000c0)={<r4=>0x0, 0x9, 0x2}, &(0x7f00000001c0)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={r4, 0xd4, &(0x7f0000000540)=[@in6={0xa, 0x4e21, 0x6, @mcast2={0xff, 0x2, [], 0x1}}, @in6={0xa, 0x4e23, 0x9, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x14}}, 0x5}, @in6={0xa, 0x4e24, 0x2, @dev={0xfe, 0x80, [], 0x16}, 0x3}, @in6={0xa, 0x4e21, 0x8, @dev={0xfe, 0x80, [], 0xd}, 0xaf31}, @in6={0xa, 0x4e20, 0x9, @loopback={0x0, 0x1}, 0x6f}, @in6={0xa, 0x4e21, 0x800, @local={0xfe, 0x80, [], 0xaa}}, @in={0x2, 0x4e23, @remote={0xac, 0x14, 0x14, 0xbb}}, @in6={0xa, 0x4e23, 0x9, @loopback={0x0, 0x1}, 0x1}]}, &(0x7f0000000440)=0x10)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r3)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
r5 = dup2(r0, r0)
connect$ax25(0xffffffffffffffff, &(0x7f00000002c0)={0x3, {"20ada8787a1d43"}}, 0x10)
setsockopt$sock_timeval(r5, 0x1, 0x15, &(0x7f00000006c0)={0x0, 0x2710}, 0x10)
ptrace$poke(0x4, r1, &(0x7f0000000680), 0x2)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
getsockopt$packet_int(r2, 0x107, 0x11, &(0x7f0000000480), &(0x7f0000000640)=0x4)
getsockopt$IPT_SO_GET_ENTRIES(r5, 0x0, 0x41, &(0x7f0000000700)={'filter\x00', 0xb6, "22adb4830497aae8d6b2cf33de4f619c225f993f727e43b21caac7104dd7aff06de75886371e1d0d8989d413e0a042a4358735b9a5fc8f009d0512083627accac8cb5909413538ce093a72c0a5b6e763cb5e1ea45d0677317a38aba75262f7e246070bbfadb7039e1d854cfaa0ffa79d4f6f720c4aa05a0258ff270068bd2f7e387a54197bc71f83f6e8c9f21edceb72e71b0549914dd23aced8789a54bc84e1d1aa98ce864379b41d357d76d5159942b585f2020313"}, &(0x7f0000000800)=0xda)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x54, &(0x7f00000004c0)=[@in6={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}, 0x1f}, @in6={0xa, 0x4e23, 0xfc3, @ipv4={[], [0xff, 0xff]}}, @in6={0xa, 0x4e22, 0x3, @mcast1={0xff, 0x1, [], 0x1}, 0x2}]}, &(0x7f0000000140)=0x10)

2018/03/31 13:01:42 executing program 0:
ioctl(0xffffffffffffffff, 0x3ff, &(0x7f0000000840))
r0 = socket$inet6(0xa, 0x80002, 0x88)
recvfrom$inet6(0xffffffffffffffff, &(0x7f0000ffbf47)=""/185, 0xfffffffffffffeba, 0x0, 0x0, 0xfffffffffffffde6)
llistxattr(&(0x7f0000000440)='./file0\x00', &(0x7f00000018c0)=""/4096, 0x1000)
bind$inet6(r0, &(0x7f00008a8000)={0xa, 0x4e23}, 0x1c)
sendfile(r0, 0xffffffffffffffff, &(0x7f00000004c0), 0x7)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x0, 0x0)
setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f00000008c0)=ANY=[@ANYBLOB="00f4ff00100000e803de068347446ec235b7a82883b9d01c2301bfdb01000080000000001f5a62ebec03d7becf1f550ecbe61be9571e7c831feaa60042711b33c55b9a8d4d31becd35d787aa5ed9c5cfa5ba7fbd2f75bf000000000000000000458691bd139528673d329e2310db83b27b25323cbc6a44e3b161269c1018ad9e92eb7fa80ef3ee7f8e55fe3d1bf5eeb68fc9a55bf157af43bbdf4407a6940f0fa829b44630250a714efe5f66380889d1522464d76f98ff0f44243c25f58fdbf8788beb92b828ba14eb6cd2be2f3fd9a9c531a205170e63ea09f967d08abd5605889d20e6cd28d0a8ebe795c89af9649df3a85e9e3751f5c1f000196c22767c9a6738470b4ecbb50ff4bd73d75ebb4ea5923001acef7e423f649791b00fe393d90ebeeecd4ddc4c7c374e3a45cf774073a1c3d08b07a391d206df933a9db52e735d0fa03f5df07ccc7f43f1fb85a125c50f1bb9f0d4468491"], 0x1)
r1 = socket$inet6(0xa, 0x8000000000000802, 0x88)
sendmsg$inet_sctp(r1, &(0x7f0000a29000)={&(0x7f00005dafe4)=@in6={0xa, 0x4e23, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c, &(0x7f0000fc8000)}, 0x8000)
sched_setscheduler(0x0, 0x5, &(0x7f0000000300))
sendto$inet6(r1, &(0x7f0000b0cf6e), 0xffed, 0x0, &(0x7f000001b000)={0xa}, 0x1c)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000280))
open(&(0x7f0000000480)='./file0\x00', 0x80, 0x0)
tgkill(0x0, 0x0, 0x30)
recvfrom$inet6(r0, &(0x7f0000000600)=""/191, 0xbf, 0x0, &(0x7f0000000580)={0xa}, 0x1c)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000000c0)=<r2=>0x0)
r3 = syz_open_procfs(r2, &(0x7f0000000000)="26d4645f6d617000")
tgkill(r2, 0x0, 0x10)
r4 = add_key$keyring(&(0x7f0000000380)='keyring\x00', &(0x7f0000000540)={0x73, 0x79, 0x7a, 0x1}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$get_security(0x11, r4, &(0x7f0000000a40)=""/198, 0xffffffffffffff6b)
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x30, 0x0, @tid=r2}, &(0x7f00000003c0)=<r5=>0x0)
timer_settime(r5, 0x1, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socket$inet6(0xa, 0xa, 0x0)
sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000040)=@in={0x2, 0x0, @rand_addr=0x8}, 0x10, &(0x7f0000000480), 0x0, &(0x7f00000004c0), 0x0, 0x80}, 0x0)
connect$netlink(0xffffffffffffffff, &(0x7f0000000340)=@unspec, 0xc)
ioctl$TIOCMBIC(r3, 0x5417, &(0x7f0000000140)=0x6)

2018/03/31 13:01:42 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  437.622917] binder: 2267:2273 ioctl 8010aa01 20000180 returned -22
[  437.625601] binder: 2268:2277 ioctl 8010aa01 20000180 returned -22
[  437.639903] binder: 2275:2276 ioctl 8010aa01 20000180 returned -22
[  437.648309] binder: 2269:2272 ioctl c0086420 20000080 returned -22
[  437.649445] binder: 2267:2273 ioctl c0086420 20000080 returned -22
[  437.658934] binder: 2270:2274 transaction failed 29189/-22, size 40-16 line 2848
[  437.667445] IPVS: Scheduler module ip_vs_Vlc not found
[  437.670489] binder: 2275:2276 ioctl c0086420 20000080 returned -22
[  437.682380] binder: 2269:2272 got transaction with invalid offset (40, min 24 max 40) or object.
[  437.682583] binder: 2268:2277 ioctl c0086420 20000080 returned -22
[  437.691992] binder: BINDER_SET_CONTEXT_MGR already set
[  437.715351] binder: 2269:2272 transaction failed 29201/-22, size 40-16 line 3026
2018/03/31 13:01:42 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000040)={'syzkaller1\x00', 0x6})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0))
timer_gettime(0x0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x0, 0x6, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x7, 0x7, 0x7, 0x0, 0x0, 0x0, 0x5, 0x7, 0xff, 0x0, 0xc78, 0x0, 0x0, 0x7ff})
r1 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r1, 0x0)
r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
ioctl$UFFDIO_UNREGISTER(r2, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(0xffffffffffffffff, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x7, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0), 0x4)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x0, 0x400})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x0, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  437.720967] binder: BINDER_SET_CONTEXT_MGR already set
[  437.737109] IPVS: Scheduler module ip_vs_Vlc not found
[  437.752475] binder: 2268:2277 got transaction with invalid offset (0, min 24 max 40) or object.
[  437.752682] binder: 2269:2272 ioctl 541c 20000100 returned -22
[  437.766120] binder: 2267:2273 ioctl 40046207 0 returned -16
2018/03/31 13:01:42 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  437.772242] binder: 2288:2289 ioctl 8010aa01 20000180 returned -22
[  437.783224] binder: undelivered TRANSACTION_ERROR: 29189
[  437.789488] binder: 2268:2277 transaction failed 29201/-22, size 40-16 line 3026
[  437.794886] binder: 2275:2276 ioctl 40046207 0 returned -16
[  437.812127] binder: 2291:2292 ioctl 8010aa01 20000180 returned -22
2018/03/31 13:01:42 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop-control\x00', 0x0, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000240)={0x0, <r1=>0x0})
ptrace$peekuser(0x3, 0x0, 0x542ca047)
socket(0x4, 0x80807, 0x0)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0xa100, 0x0)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000040)={@empty, 0xff, 0x2, 0x3, 0x8, 0x81, 0x1, 0xfffffffffffffcd7}, &(0x7f0000000080)=0x20)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
setpgid(r1, r1)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f00000000c0)={<r4=>0x0, 0x9, 0x2}, &(0x7f00000001c0)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={r4, 0xd4, &(0x7f0000000540)=[@in6={0xa, 0x4e21, 0x6, @mcast2={0xff, 0x2, [], 0x1}}, @in6={0xa, 0x4e23, 0x9, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x14}}, 0x5}, @in6={0xa, 0x4e24, 0x2, @dev={0xfe, 0x80, [], 0x16}, 0x3}, @in6={0xa, 0x4e21, 0x8, @dev={0xfe, 0x80, [], 0xd}, 0xaf31}, @in6={0xa, 0x4e20, 0x9, @loopback={0x0, 0x1}, 0x6f}, @in6={0xa, 0x4e21, 0x800, @local={0xfe, 0x80, [], 0xaa}, 0x7f}, @in={0x2, 0x4e23, @remote={0xac, 0x14, 0x14, 0xbb}}, @in6={0xa, 0x4e23, 0x9, @loopback={0x0, 0x1}, 0x1}]}, &(0x7f0000000440)=0x10)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r3)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
r5 = dup2(r0, r0)
connect$ax25(0xffffffffffffffff, &(0x7f00000002c0)={0x3, {"20ada8787a1d43"}}, 0x10)
setsockopt$sock_timeval(r5, 0x1, 0x15, &(0x7f00000006c0)={0x0, 0x2710}, 0x10)
ptrace$poke(0x4, r1, &(0x7f0000000680), 0x2)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
getsockopt$packet_int(r2, 0x107, 0x11, &(0x7f0000000480), &(0x7f0000000640)=0x4)
getsockopt$IPT_SO_GET_ENTRIES(r5, 0x0, 0x41, &(0x7f0000000700)={'filter\x00', 0xb6, "22adb4830497aae8d6b2cf33de4f619c225f993f727e43b21caac7104dd7aff06de75886371e1d0d8989d413e0a042a4358735b9a5fc8f009d0512083627accac8cb5909413538ce093a72c0a5b6e763cb5e1ea45d0677317a38aba75262f7e246070bbfadb7039e1d854cfaa0ffa79d4f6f720c4aa05a0258ff270068bd2f7e387a54197bc71f83f6e8c9f21edceb72e71b0549914dd23aced8789a54bc84e1d1aa98ce864379b41d357d76d5159942b585f2020313"}, &(0x7f0000000800)=0xda)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x54, &(0x7f00000004c0)=[@in6={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}, 0x1f}, @in6={0xa, 0x4e23, 0xfc3, @ipv4={[], [0xff, 0xff]}}, @in6={0xa, 0x4e22, 0x3, @mcast1={0xff, 0x1, [], 0x1}, 0x2}]}, &(0x7f0000000140)=0x10)

2018/03/31 13:01:42 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x0, 0x0, &(0x7f0000004fbc), 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  437.821409] binder: 2288:2289 ioctl c0086420 20000080 returned -22
[  437.836222] binder: 2275:2276 got transaction with invalid offset (0, min 24 max 40) or object.
[  437.849852] binder: 2291:2292 ioctl c0086420 20000080 returned -22
2018/03/31 13:01:42 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  437.872170] binder: 2275:2276 transaction failed 29201/-22, size 40-16 line 3026
[  437.879845] binder: BINDER_SET_CONTEXT_MGR already set
[  437.895276] binder: 2288:2289 ioctl 40046207 0 returned -16
[  437.896840] binder: 2291:2292 got transaction with invalid offset (0, min 24 max 40) or object.
[  437.905277] binder: undelivered TRANSACTION_ERROR: 29201
[  437.911972] binder: 2296:2298 ioctl 8010aa01 20000180 returned -22
2018/03/31 13:01:42 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:42 executing program 6:
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x1, 0x7fc)
fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000040))
write$fuse(r0, &(0x7f0000000080)={0x28, 0x1, 0x1, @fuse_notify_delete_out={0x401, 0x8, 0x4}}, 0x28)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x40)
mount(&(0x7f0000212ff8)='./file0\x00', &(0x7f000078eff8)='./file0\x00', &(0x7f0000982ff9)='mqueue\x00', 0x0, &(0x7f0000653fff))
r1 = creat(&(0x7f0000000180)='./file0/bus\x00', 0x0)
lseek(r1, 0x0, 0x3)
socket$nl_crypto(0x10, 0x3, 0x15)

[  437.936228] binder: 2291:2292 transaction failed 29201/-22, size 40-16 line 3026
[  437.937612] binder: undelivered TRANSACTION_ERROR: 29201
[  437.970579] binder: 2302:2303 ioctl 8010aa01 20000180 returned -22
[  437.975116] binder: 2296:2298 ioctl c0086420 20000080 returned -22
2018/03/31 13:01:42 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  437.993439] binder: 2304:2306 ioctl c0086420 20000080 returned -22
[  437.994288] binder_alloc: binder_alloc_mmap_handler: 2288 20000000-20002000 already mapped failed -16
[  438.010224] binder: undelivered TRANSACTION_ERROR: 29201
[  438.026160] binder: 2302:2303 ioctl c0086420 20000080 returned -22
[  438.027408] binder: 2304:2306 got transaction with invalid offset (40, min 24 max 40) or object.
2018/03/31 13:01:42 executing program 6:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000ed4000)=0x78, 0x4)
bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10)
sendto$inet(r0, &(0x7f0000a88f88), 0x29f, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback=0x7f000001}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='reno\x00', 0x5)
sendto$inet(r0, &(0x7f00003aa000)="1d6fde797136c2386a228b2c7dc0db9fe425c699e778d27d2a0be2dd0a8181144dc32436b22ffc6811f328a5c037dda211dbb5af4ba9a344db162af7f634ac682fac91ba531aa521586888590230b64d2222703802a85aea3bf2e347305da1c5be4f1af3cd9de7bcb7eaf15fa038cd14fa33d96f6e61007d2aaf1ce979c31a5cd2425f0617209272c6705f5ee8a6c9ff4cc516a6f31b29b9caff246001ede21be2df5166ff227bacf436397a89e30d94416a092a7c8c4c0b7552cbf2de6040beedeef0de68480799b0", 0xc9, 0x0, 0x0, 0x0)
shutdown(r0, 0x1)

2018/03/31 13:01:42 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  438.045241] binder: 2302:2303 got transaction with invalid offset (0, min 24 max 40) or object.
[  438.052745] binder: BINDER_SET_CONTEXT_MGR already set
[  438.067311] binder: undelivered TRANSACTION_ERROR: 29201
[  438.071095] binder: 2288:2305 ioctl 8010aa01 20000180 returned -22
[  438.082923] binder: 2311:2312 ioctl 8010aa01 20000180 returned -22
[  438.086131] binder: 2302:2303 transaction failed 29201/-22, size 40-16 line 3026
[  438.096066] binder: 2296:2298 ioctl 40046207 0 returned -16
[  438.109669] binder: 2288:2289 ioctl c0086420 20000080 returned -22
[  438.119163] binder: 2304:2306 transaction failed 29201/-22, size 40-16 line 3026
[  438.125976] binder: BINDER_SET_CONTEXT_MGR already set
[  438.136875] binder: 2320:2321 ioctl 8010aa01 20000180 returned -22
2018/03/31 13:01:42 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:42 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x0, 0x0, &(0x7f0000004fbc), 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  438.155203] binder: 2311:2312 ioctl c0086420 20000080 returned -22
[  438.159697] binder: 2288:2305 ioctl 40046207 0 returned -16
[  438.173561] binder: 2320:2321 ioctl c0086420 20000080 returned -22
[  438.177733] binder: 2304:2306 ioctl 541c 20000100 returned -22
[  438.182884] binder: undelivered TRANSACTION_ERROR: 29201
[  438.225808] binder: BINDER_SET_CONTEXT_MGR already set
[  438.246117] binder: 2311:2312 ioctl 40046207 0 returned -16
[  438.258006] binder: 2320:2321 got transaction with invalid offset (0, min 24 max 40) or object.
[  438.270220] binder: 2325:2326 ioctl 8010aa01 20000180 returned -22
[  438.272165] binder: 2327:2328 ioctl 8010aa01 20000180 returned -22
[  438.287833] binder: 2311:2312 got transaction with invalid offset (0, min 24 max 40) or object.
[  438.295345] binder: undelivered TRANSACTION_ERROR: 29201
[  438.304118] binder: 2320:2321 transaction failed 29201/-22, size 40-16 line 3026
[  438.318208] binder: 2325:2326 ioctl c0086420 20000080 returned -22
[  438.324778] binder: 2311:2312 transaction failed 29201/-22, size 40-16 line 3026
[  438.338081] binder: 2325:2326 transaction failed 29189/-22, size 40-16 line 2848
[  438.342237] binder: 2327:2328 ioctl c0086420 20000080 returned -22
2018/03/31 13:01:43 executing program 3:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(0xffffffffffffffff, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000040)={'syzkaller1\x00', 0x6})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0))
timer_gettime(0x0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r1=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r1})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r2 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r2, 0x0)
r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
ioctl$UFFDIO_UNREGISTER(r3, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r3, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x7, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5})
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0), 0x4)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x0, 0x8000, 0x400, 0x0, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x0, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:43 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x0, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00', 0x6})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x6, 0x3f71, 0x8181, 0x0, 0x6, 0x2, 0x80, 0x5f, 0x7, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0x0, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x7, 0xffffffffffffffff})
ioctl$int_out(0xffffffffffffffff, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x0, 0x0, 0x0, 0x20}, 0x8, 0x5})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x0, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x0, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:43 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:43 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:43 executing program 6:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(0xffffffffffffffff, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000040)={'syzkaller1\x00', 0x6})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0))
timer_gettime(0x0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x6, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x7, 0x7, 0x7, 0x0, 0x0, 0x0, 0x5, 0x7, 0xff, 0x0, 0xc78, 0x0, 0x0, 0x7ff})
r1 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r1, 0x0)
r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
ioctl$UFFDIO_UNREGISTER(r2, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x7, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0x0, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0), 0x4)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x0, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:43 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:43 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:43 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x0, 0x0, &(0x7f0000004fbc), 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  438.391453] binder: undelivered TRANSACTION_ERROR: 29201
[  438.403176] binder: undelivered TRANSACTION_ERROR: 29201
[  438.420245] binder: undelivered TRANSACTION_ERROR: 29189
[  438.433081] binder: 2332:2333 ioctl 8010aa01 20000180 returned -22
[  438.448964] binder: 2334:2338 ioctl 8010aa01 20000180 returned -22
[  438.458848] binder: 2336:2339 ioctl 8010aa01 20000180 returned -22
[  438.462515] binder: BINDER_SET_CONTEXT_MGR already set
[  438.469127] binder: 2337:2341 ioctl 8010aa01 20000180 returned -22
[  438.473112] binder: 2335:2340 ioctl 8010aa01 20000180 returned -22
[  438.480882] binder: 2342:2343 ioctl 8010aa01 20000180 returned -22
[  438.483783] binder: 2332:2333 ioctl c0086420 20000080 returned -22
[  438.498713] binder: 2334:2338 got transaction with invalid offset (40, min 24 max 40) or object.
[  438.500558] binder: 2346:2347 ioctl 8010aa01 20000180 returned -22
[  438.507847] binder: 2344:2345 ioctl 40046207 0 returned -16
[  438.514628] binder: 2336:2339 ioctl c0086420 20000080 returned -22
[  438.520149] binder: 2334:2338 transaction failed 29201/-22, size 40-16 line 3026
[  438.527161] binder: 2337:2341 ioctl c0086420 20000080 returned -22
[  438.534537] binder: 2335:2340 ioctl c0086420 20000080 returned -22
[  438.542324] binder: BINDER_SET_CONTEXT_MGR already set
[  438.552581] binder: BINDER_SET_CONTEXT_MGR already set
[  438.555124] binder: 2337:2341 ioctl 40046207 0 returned -16
[  438.557975] binder: 2342:2343 ioctl c0086420 20000080 returned -22
[  438.563693] binder: BINDER_SET_CONTEXT_MGR already set
[  438.575604] binder: 2332:2333 ioctl 40046207 0 returned -16
[  438.575789] binder: 2344:2345 got transaction with invalid offset (40, min 24 max 40) or object.
[  438.589782] binder: 2335:2340 got transaction with invalid offset (0, min 24 max 40) or object.
[  438.591562] binder: 2336:2339 ioctl 40046207 0 returned -16
[  438.600285] binder: 2332:2333 got transaction with invalid offset (0, min 24 max 40) or object.
[  438.605916] binder: 2346:2347 ioctl c0086420 20000080 returned -22
[  438.616307] binder: 2334:2338 ioctl 541c 20000100 returned -22
[  438.622091] binder: 2337:2341 got transaction with invalid offset (40, min 24 max 40) or object.
[  438.636605] binder: BINDER_SET_CONTEXT_MGR already set
[  438.636668] binder: 2344:2345 transaction failed 29201/-22, size 40-16 line 3026
[  438.644375] binder: 2342:2343 ioctl 40046207 0 returned -16
[  438.650369] binder: 2337:2341 transaction failed 29201/-22, size 40-16 line 3026
[  438.656594] binder: 2335:2340 transaction failed 29201/-22, size 40-16 line 3026
[  438.665779] binder: 2336:2339 got transaction with invalid offset (0, min 24 max 40) or object.
[  438.679426] binder: 2332:2333 transaction failed 29201/-22, size 40-16 line 3026
[  438.687680] binder: 2336:2339 transaction failed 29201/-22, size 40-16 line 3026
2018/03/31 13:01:43 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  438.703387] binder: 2346:2347 got transaction with invalid offset (0, min 24 max 40) or object.
[  438.715334] binder: undelivered TRANSACTION_ERROR: 29201
[  438.730634] binder_alloc: binder_alloc_mmap_handler: 2337 20000000-20002000 already mapped failed -16
[  438.740376] binder: 2344:2348 got transaction with invalid offset (40, min 24 max 40) or object.
2018/03/31 13:01:43 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:43 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f000026c000), &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  438.747812] binder: undelivered TRANSACTION_ERROR: 29201
[  438.759510] binder: 2346:2347 transaction failed 29201/-22, size 40-16 line 3026
[  438.769971] binder_alloc: binder_alloc_mmap_handler: 2336 20000000-20002000 already mapped failed -16
[  438.770252] binder: 2350:2351 ioctl 8010aa01 20000180 returned -22
[  438.787358] binder: 2336:2352 ioctl 8010aa01 20000180 returned -22
[  438.801404] binder: 2353:2354 ioctl 8010aa01 20000180 returned -22
[  438.807988] binder: 2344:2348 transaction failed 29201/-22, size 40-16 line 3026
[  438.816579] binder: 2337:2349 ioctl 8010aa01 20000180 returned -22
[  438.817538] binder: undelivered TRANSACTION_ERROR: 29201
[  438.831488] binder: BINDER_SET_CONTEXT_MGR already set
[  438.834007] binder: 2355:2356 ioctl 8010aa01 20000180 returned -22
[  438.841421] binder: 2336:2339 ioctl c0086420 20000080 returned -22
[  438.848106] binder: undelivered TRANSACTION_ERROR: 29201
[  438.855188] binder: BINDER_SET_CONTEXT_MGR already set
[  438.857057] binder: 2337:2341 ioctl c0086420 20000080 returned -22
[  438.866945] binder: 2353:2354 ioctl c0086420 20000080 returned -22
[  438.868147] binder: BINDER_SET_CONTEXT_MGR already set
[  438.882134] binder: 2350:2351 ioctl 40046207 0 returned -16
[  438.882395] binder: 2337:2349 ioctl 40046207 0 returned -16
[  438.894511] binder: 2355:2356 ioctl c0086420 20000080 returned -22
[  438.895993] binder: undelivered TRANSACTION_ERROR: 29201
[  438.908261] binder: 2350:2351 transaction failed 29189/-22, size 40-16 line 2848
[  438.911941] binder: 2355:2356 got transaction with invalid offset (0, min 0 max 0) or object.
[  438.916960] binder: 2336:2339 got transaction with invalid offset (0, min 24 max 40) or object.
[  438.924750] binder: 2336:2352 ioctl 40046207 0 returned -16
[  438.942062] binder: BINDER_SET_CONTEXT_MGR already set
[  438.947403] binder: undelivered TRANSACTION_ERROR: 29201
[  438.954106] binder: 2353:2354 ioctl 40046207 0 returned -16
[  438.954778] binder: 2337:2360 got transaction with invalid offset (40, min 24 max 40) or object.
[  438.968635] binder: 2355:2356 transaction failed 29201/-22, size 0-16 line 3026
[  438.971211] binder: 2350:2351 ioctl 541c 20000100 returned -22
[  438.984231] binder: 2353:2354 got transaction with invalid offset (0, min 24 max 40) or object.
[  438.993704] binder: 2337:2360 transaction failed 29201/-22, size 40-16 line 3026
[  439.001927] binder: 2353:2354 transaction failed 29201/-22, size 40-16 line 3026
[  439.017468] binder: undelivered TRANSACTION_ERROR: 29201
[  439.026167] binder: 2336:2339 transaction failed 29201/-22, size 40-16 line 3026
[  439.050744] binder: undelivered TRANSACTION_ERROR: 29201
[  439.056470] binder: undelivered TRANSACTION_ERROR: 29201
[  439.075250] binder: undelivered TRANSACTION_ERROR: 29189
[  439.080905] binder: undelivered TRANSACTION_ERROR: 29201
2018/03/31 13:01:43 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f000026c000), &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:43 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:43 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:43 executing program 6:
r0 = socket$inet6(0xa, 0x2000000802, 0x0)
connect$inet6(r0, &(0x7f000000cfe4)={0xa, 0x0, 0x4}, 0x1c)
sendto$inet6(r0, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000100)={0xa, 0x4e22, 0x0, @dev={0xfe, 0x80}}, 0x1c)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vga_arbiter\x00', 0x440000, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000a80)={0x0, 0x6, 0x0, 0x0, 0x3f, 0xffffffff, 0x6, 0x3}, &(0x7f0000000ac0)=0x20)
getsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000ec0)={0x0, 0x8, 0x7ff}, &(0x7f0000000f00)=0x10)
keyctl$invalidate(0x15, 0x0)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000f80)={0x0, 0x2c, &(0x7f0000000f40)=[@in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, @in6={0xa, 0x4e22, 0x10001, @ipv4={[], [0xff, 0xff], @local={0xac, 0x14, 0x14, 0xaa}}}]}, &(0x7f0000000fc0)=0x10)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000001000)={0x0, 0x0, 0x30, 0x0, 0x5}, &(0x7f0000001040)=0x18)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)="6664001a000000")
getdents64(r1, &(0x7f00000004c0)=""/189, 0xabf70f75d9c5624)
ioctl$fiemap(r1, 0xc020660b, &(0x7f0000000200)=ANY=[@ANYBLOB="e0ff000000000000810000000000000007000000010000000200000000000000000000000000002000000000000000000000000000000000000000000002080000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000e4ffffff000000000000000000000000000000000000000000000000000000000000"])
lseek(0xffffffffffffffff, 0x0, 0x1)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ppp\x00', 0x0, 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000240))
getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000800), &(0x7f0000000300)=0x14)
getpgid(0x0)
getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20}}}, &(0x7f0000000440)=0x84)
sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f0000000000)=@in={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10, &(0x7f0000000140), 0x0, &(0x7f0000000600)=[@sndinfo={0x20, 0x84, 0x2}, @init={0x18, 0x84}, @sndinfo={0x20, 0x84, 0x2, {0x0, 0x200, 0x0, 0xfff}}], 0x90, 0x4000000}, 0x0)
sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000957000)={&(0x7f0000000040)=@in6={0xa}, 0x1c}, 0x8000)
fdatasync(0xffffffffffffffff)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x800, @remote={0xfe, 0x80, [], 0xbb}}}}, 0x88)
request_key(&(0x7f0000000580)='dns_resolver\x00', &(0x7f00000005c0)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='/dev/ppp\x00', 0xfffffffffffffffb)

2018/03/31 13:01:43 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop-control\x00', 0x0, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000240)={0x0, <r1=>0x0})
ptrace$peekuser(0x3, 0x0, 0x542ca047)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
r2 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f00000005c0)={0x0, {{0xa, 0x4e24, 0x2, @empty, 0x1e6}}, {{0xa, 0x4e21, 0x0, @empty, 0x800}}}, 0x104)
r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000500)='/dev/vga_arbiter\x00', 0xfffffffffffffffe, 0x0)
signalfd4(r4, &(0x7f00000004c0)={0x1}, 0x8, 0x80000)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r2)
r5 = perf_event_open(&(0x7f0000000380)={0x7, 0x70, 0x302, 0x3ff, 0x8, 0x2, 0x0, 0x200, 0x5208, 0x1, 0x2, 0x0, 0x7f, 0x8, 0x0, 0x80000001, 0x2887, 0xff, 0x100, 0x9, 0x7, 0x1000, 0xffffffffffffffff, 0x1, 0x0, 0x7, 0x0, 0xba64, 0x5, 0x100000000, 0x1000, 0x0, 0x40, 0x8, 0x2, 0x85e9, 0x3, 0x7, 0x0, 0x2, 0x0, @perf_config_ext={0x79b5, 0x1f}, 0x8, 0x100, 0x0, 0x3, 0xd9bc, 0x100000001, 0xdc}, r1, 0x0, r4, 0x0)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r4, 0x84, 0x65, &(0x7f0000000700)=[@in6={0xa, 0x4e24, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x8}, @in6={0xa, 0x4e21, 0x1, @local={0xfe, 0x80, [], 0xaa}, 0x3}, @in6={0xa, 0x4e23, 0x4, @ipv4={[], [0xff, 0xff], @remote={0xac, 0x14, 0x14, 0xbb}}, 0x8000}, @in={0x2, 0x4e23, @broadcast=0xffffffff}, @in6={0xa, 0x4e22, 0x163, @local={0xfe, 0x80, [], 0xaa}, 0x1}, @in={0x2, 0x4e20, @local={0xac, 0x14, 0x14, 0xaa}}, @in6={0xa, 0x4e24, 0x80000000, @ipv4={[], [0xff, 0xff]}, 0x6}, @in6={0xa, 0x4e23, 0x80, @dev={0xfe, 0x80}, 0x8}], 0xc8)
ioctl$KDGKBTYPE(r4, 0x4b33, &(0x7f00000010c0))
r6 = dup2(r0, 0xffffffffffffffff)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r1, 0x8, &(0x7f0000000140))
perf_event_open(&(0x7f0000000540)={0x1, 0x70, 0x5, 0x2, 0x1000, 0x0, 0x0, 0xb3, 0x0, 0x1, 0xc5b00000, 0x5, 0x0, 0x0, 0x1, 0x5d9, 0x8, 0x1000, 0xffffffff00000001, 0x0, 0x0, 0xb8c6, 0x1000, 0x10001, 0x4, 0x0, 0x0, 0x1, 0x1, 0xb20b, 0x6, 0x1, 0x200, 0x507, 0x2, 0x2, 0x6, 0x4, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x1f}, 0x0, 0x4, 0x9, 0x6, 0x0, 0x7fff}, r1, 0xd, r5, 0x8)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
r7 = open(&(0x7f0000ae8ff8)='./file0\x00', 0x14104a, 0x0)
write$evdev(r7, &(0x7f0000037fe8)=[{{}, 0x1, 0x74, 0x2}], 0x10)
sendfile(r7, r7, &(0x7f00009bcffe), 0x0)
sendfile(0xffffffffffffffff, r7, &(0x7f0000fc1ff8), 0x80000001)
ioctl$EVIOCGKEY(0xffffffffffffffff, 0x80404518, &(0x7f0000000080)=""/4096)
ioctl$TIOCMSET(0xffffffffffffffff, 0x5418, &(0x7f0000000280)=0x800)
getsockopt$inet_sctp_SCTP_RTOINFO(r6, 0x84, 0x0, &(0x7f0000000300)={0x0, 0x0, 0xfff, 0x84b}, &(0x7f0000000340)=0x10)
ioctl$UFFDIO_ZEROPAGE(0xffffffffffffffff, 0xc020aa04, &(0x7f0000000000)={&(0x7f0000ffd000/0x2000)=nil, 0x2000})
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f0000000400)={0x0, 0x8}, &(0x7f0000000440)=0x8)

2018/03/31 13:01:43 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:43 executing program 3:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.net\x00', 0x200002, 0x0)
mkdir(&(0x7f0000000040)='./file0/file0\x00', 0x20)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0/file0\x00', 0x400, 0x100)
ioctl$KDGKBENT(r1, 0x4b46, &(0x7f0000000240)={0x1, 0x8000, 0x1f})
fchdir(r0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x2000)
unlink(&(0x7f0000000080)='./file0/file0\x00')
r2 = syz_open_dev$usbmon(&(0x7f0000000100)='/dev/usbmon#\x00', 0x6, 0x2041fe)
setsockopt$nfc_llcp_NFC_LLCP_RW(r2, 0x118, 0x0, &(0x7f0000000180)=0x8000, 0x4)
openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x20000000001, 0x0)
ioctl$EVIOCGABS20(0xffffffffffffffff, 0x80184560, &(0x7f0000000080))
r3 = request_key(&(0x7f0000000280)='blacklist\x00', &(0x7f00000002c0)={0x73, 0x79, 0x7a, 0x1}, &(0x7f0000000300)='\x00', 0x0)
keyctl$setperm(0x5, r3, 0x4)
rmdir(&(0x7f00000000c0)='./file0\x00')
dup3(r0, r2, 0x80000)

2018/03/31 13:01:43 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680), 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  439.100724] binder: undelivered TRANSACTION_ERROR: 29201
[  439.106461] binder: undelivered TRANSACTION_ERROR: 29201
[  439.141090] binder: 2366:2374 ioctl 8010aa01 20000180 returned -22
[  439.142821] binder: 2370:2377 ioctl 8010aa01 20000180 returned -22
2018/03/31 13:01:43 executing program 3:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x0, 0x6, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680), 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)

[  439.147926] binder: 2364:2376 ioctl 8010aa01 20000180 returned -22
[  439.157010] binder: 2368:2379 transaction failed 29189/-22, size 40-16 line 2848
[  439.160715] binder: 2365:2367 ioctl 8010aa01 20000180 returned -22
[  439.177558] binder: 2366:2374 ioctl c0086420 20000080 returned -22
[  439.186481] binder: 2364:2376 got transaction with invalid offset (40, min 24 max 40) or object.
[  439.195620] binder: 2365:2367 ioctl c0086420 20000080 returned -22
2018/03/31 13:01:43 executing program 6:
socketpair(0x1, 0x1, 0x0, &(0x7f000000dff8)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000c41000)={0x0, 0x0, &(0x7f0000153000), 0x0, &(0x7f0000231f05)=""/251, 0xfb}, 0x0)
close(r0)
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000389000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$kcm(r1, &(0x7f0000948000)={0x0, 0x0, &(0x7f00005dc000)=[{&(0x7f0000d43000), 0x1000002bb}], 0x1, &(0x7f0000d43000)}, 0x0)

[  439.209421] binder: BINDER_SET_CONTEXT_MGR already set
[  439.218516] binder: 2366:2374 ioctl 40046207 0 returned -16
[  439.224490] binder: 2364:2376 transaction failed 29201/-22, size 40-16 line 3026
[  439.232361] binder: BINDER_SET_CONTEXT_MGR already set
[  439.239666] binder: 2365:2367 ioctl 40046207 0 returned -16
[  439.240321] binder: 2370:2377 ioctl c0086420 20000080 returned -22
[  439.246471] binder: 2366:2374 got transaction with invalid offset (0, min 24 max 40) or object.
[  439.260969] binder: 2366:2374 transaction failed 29201/-22, size 40-16 line 3026
[  439.261371] binder: 2385:2386 ioctl 8010aa01 20000180 returned -22
[  439.269071] binder: 2364:2376 ioctl 541c 20000100 returned -22
[  439.281258] binder: 2365:2367 got transaction with invalid offset (0, min 0 max 0) or object.
[  439.290213] binder: 2365:2367 transaction failed 29201/-22, size 0-16 line 3026
[  439.296416] binder: 2370:2377 got transaction with invalid offset (0, min 24 max 40) or object.
2018/03/31 13:01:44 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  439.308360] binder: undelivered TRANSACTION_ERROR: 29189
[  439.322306] binder: 2385:2386 ioctl c0086420 20000080 returned -22
[  439.337419] binder: undelivered TRANSACTION_ERROR: 29201
[  439.348467] binder: 2389:2390 transaction failed 29189/-22, size 40-16 line 2848
2018/03/31 13:01:44 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:44 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680), 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:44 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f000026c000), &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  439.353940] binder: 2385:2386 got transaction with invalid offset (40, min 24 max 40) or object.
[  439.363435] binder: undelivered TRANSACTION_ERROR: 29201
[  439.374373] binder: 2370:2377 transaction failed 29201/-22, size 40-16 line 3026
[  439.392085] binder: undelivered TRANSACTION_ERROR: 29201
[  439.402671] binder: 2394:2396 ioctl 8010aa01 20000180 returned -22
2018/03/31 13:01:44 executing program 0:
madvise(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x9)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f00005d5ff3)={0x2, 0x4e20, @rand_addr}, 0x10)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip6_flowlabel\x00')
readv(r1, &(0x7f0000001400)=[{&(0x7f00000012c0)=""/226, 0xe2}], 0x1)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000000)={0x0, 0x7fffffff}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000180)={0x0, @in={{0x2, 0x4e22, @multicast2=0xe0000002}}, 0x1f, 0xfff}, &(0x7f0000000080)=0x90)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='htcp\x00', 0x5)
mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000)

[  439.411467] binder: 2392:2397 ioctl 8010aa01 20000180 returned -22
[  439.414890] binder: 2385:2386 transaction failed 29201/-22, size 40-16 line 3026
[  439.421899] binder: 2395:2398 ioctl 8010aa01 20000180 returned -22
[  439.436447] binder: 2392:2397 ioctl c0086420 20000080 returned -22
[  439.447232] binder: 2395:2398 ioctl c0086420 20000080 returned -22
[  439.452362] binder: undelivered TRANSACTION_ERROR: 29201
2018/03/31 13:01:44 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200), &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:44 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  439.454839] binder: 2394:2396 ioctl c0086420 20000080 returned -22
[  439.467244] binder: BINDER_SET_CONTEXT_MGR already set
[  439.474373] binder: 2392:2397 got transaction with invalid offset (40, min 24 max 40) or object.
[  439.485222] binder: undelivered TRANSACTION_ERROR: 29189
[  439.490991] binder: 2392:2397 transaction failed 29201/-22, size 40-16 line 3026
[  439.499785] binder: BINDER_SET_CONTEXT_MGR already set
[  439.503820] binder: 2385:2386 ioctl 8010aa01 20000180 returned -22
[  439.505205] binder: 2395:2398 ioctl 40046207 0 returned -16
[  439.513715] binder: 2399:2400 ioctl 8010aa01 20000180 returned -22
[  439.517320] binder: 2394:2396 ioctl 40046207 0 returned -16
[  439.538467] binder: 2392:2397 ioctl 541c 20000100 returned -22
[  439.551104] binder: 2385:2401 ioctl c0086420 20000080 returned -22
[  439.552008] binder_alloc: 2385: binder_alloc_buf, no vma
[  439.562984] binder: 2395:2398 transaction failed 29189/-3, size 0-16 line 2963
[  439.564346] binder_alloc: 2385: binder_alloc_buf, no vma
[  439.575938] binder: 2404:2406 transaction failed 29189/-3, size 40-16 line 2963
[  439.581185] binder_alloc: 2385: binder_alloc_buf, no vma
[  439.588940] binder: 2394:2396 transaction failed 29189/-3, size 40-16 line 2963
[  439.591788] binder: BINDER_SET_CONTEXT_MGR already set
[  439.602898] binder: 2399:2400 ioctl c0086420 20000080 returned -22
2018/03/31 13:01:44 executing program 0:
madvise(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x12)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f00005d5ff3)={0x2, 0x4e20, @rand_addr}, 0x10)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip6_flowlabel\x00')
readv(r1, &(0x7f0000001400)=[{&(0x7f0000000140)=""/46, 0x2e}, {&(0x7f00000012c0)=""/226, 0xe2}], 0x2)

[  439.609503] binder_alloc: 2385: binder_alloc_buf, no vma
[  439.615088] binder: 2385:2409 transaction failed 29189/-3, size 40-16 line 2963
[  439.622601] binder: undelivered TRANSACTION_ERROR: 29201
[  439.640295] binder_alloc: 2385: binder_alloc_buf, no vma
[  439.645226] binder: 2385:2386 ioctl 40046207 0 returned -16
[  439.645862] binder: 2399:2400 transaction failed 29189/-3, size 40-16 line 2963
[  439.684267] binder: undelivered TRANSACTION_ERROR: 29189
[  439.709863] binder: undelivered TRANSACTION_ERROR: 29189
[  439.730707] binder: undelivered TRANSACTION_ERROR: 29189
[  439.744946] binder: undelivered TRANSACTION_ERROR: 29189
[  439.750553] binder: undelivered TRANSACTION_ERROR: 29201
[  439.764148] binder: undelivered TRANSACTION_ERROR: 29189
2018/03/31 13:01:44 executing program 6:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop-control\x00', 0x0, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000240)={0x0, <r1=>0x0})
ptrace$peekuser(0x3, 0x0, 0x542ca047)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
socket(0x4, 0x80807, 0x0)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0xa100, 0x0)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000040)={@empty, 0xff, 0x2, 0x3, 0x8, 0x0, 0x1, 0xfffffffffffffcd7}, &(0x7f0000000080)=0x20)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
setpgid(r1, r1)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f00000000c0)={<r4=>0x0, 0x9, 0x2}, &(0x7f00000001c0)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={r4, 0xd4, &(0x7f0000000540)=[@in6={0xa, 0x0, 0x6, @mcast2={0xff, 0x2, [], 0x1}}, @in6={0xa, 0x4e23, 0x9, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x14, 0xe}}, 0x5}, @in6={0xa, 0x4e24, 0x2, @dev={0xfe, 0x80, [], 0x16}, 0x3}, @in6={0xa, 0x4e21, 0x8, @dev={0xfe, 0x80, [], 0xd}, 0xaf31}, @in6={0xa, 0x4e20, 0x9, @loopback={0x0, 0x1}, 0x6f}, @in6={0xa, 0x4e21, 0x800, @local={0xfe, 0x80, [], 0xaa}, 0x7f}, @in={0x2, 0x4e23, @remote={0xac, 0x14, 0x14, 0xbb}}, @in6={0xa, 0x4e23, 0x9, @loopback={0x0, 0x1}, 0x1}]}, &(0x7f0000000440)=0x10)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r3)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
r5 = dup2(0xffffffffffffffff, r0)
connect$ax25(0xffffffffffffffff, &(0x7f00000002c0)={0x3, {"20ada8787a1d43"}}, 0x10)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f00000006c0)={0x0, 0x2710}, 0x10)
ptrace$poke(0x4, r1, &(0x7f0000000680), 0x2)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
getsockopt$packet_int(r2, 0x107, 0x11, &(0x7f0000000480), &(0x7f0000000640)=0x4)
getsockopt$IPT_SO_GET_ENTRIES(r5, 0x0, 0x41, &(0x7f0000000700)={'filter\x00', 0xb6, "22adb4830497aae8d6b2cf33de4f619c225f993f727e43b21caac7104dd7aff06de75886371e1d0d8989d413e0a042a4358735b9a5fc8f009d0512083627accac8cb5909413538ce093a72c0a5b6e763cb5e1ea45d0677317a38aba75262f7e246070bbfadb7039e1d854cfaa0ffa79d4f6f720c4aa05a0258ff270068bd2f7e387a54197bc71f83f6e8c9f21edceb72e71b0549914dd23aced8789a54bc84e1d1aa98ce864379b41d357d76d5159942b585f2020313"}, &(0x7f0000000800)=0xda)
ioctl$TIOCMSET(0xffffffffffffffff, 0x5418, &(0x7f0000000280)=0x800)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x54, &(0x7f00000004c0)=[@in6={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}, 0x1f}, @in6={0xa, 0x4e23, 0xfc3, @ipv4={[], [0xff, 0xff]}}, @in6={0xa, 0x4e22, 0x3, @mcast1={0xff, 0x1, [], 0x1}, 0x2}]}, &(0x7f0000000140)=0x10)
execve(&(0x7f0000000300)='./file0\x00', &(0x7f0000000400)=[&(0x7f0000000340)='/dev/loop-control\x00', &(0x7f0000000380)='uservboxnet0\x00', &(0x7f00000003c0)='/dev/loop-control\x00'], &(0x7f0000000480))

2018/03/31 13:01:44 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:44 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, 0xffffffffffffffff, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r3, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r3, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r3, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:44 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:44 executing program 0:
ioctl(0xffffffffffffffff, 0x3ff, &(0x7f0000000840))
r0 = socket$inet6(0xa, 0x80002, 0x88)
recvfrom$inet6(0xffffffffffffffff, &(0x7f0000ffbf47)=""/185, 0xfffffffffffffeba, 0x0, 0x0, 0xfffffffffffffde6)
llistxattr(&(0x7f0000000440)='./file0\x00', &(0x7f00000018c0)=""/4096, 0x1000)
bind$inet6(r0, &(0x7f00008a8000)={0xa, 0x4e23}, 0x1c)
sendfile(r0, 0xffffffffffffffff, &(0x7f00000004c0), 0x7)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x0, 0x0)
setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f00000008c0)=ANY=[], 0x0)
r2 = socket$inet6(0xa, 0x8000000000000802, 0x88)
sendmsg$inet_sctp(r2, &(0x7f0000a29000)={&(0x7f00005dafe4)=@in6={0xa, 0x4e23, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c, &(0x7f0000fc8000)}, 0x8000)
sched_setscheduler(0x0, 0x5, &(0x7f0000000300))
sendto$inet6(r2, &(0x7f0000b0cf6e), 0xffed, 0x0, &(0x7f000001b000)={0xa}, 0x1c)
ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000280))
open(&(0x7f0000000480)='./file0\x00', 0x80, 0x0)
tgkill(0x0, 0x0, 0x30)
recvfrom$inet6(r0, &(0x7f0000000600)=""/191, 0xbf, 0x0, &(0x7f0000000580)={0xa, 0x4e24, 0x9e67}, 0x1c)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000000c0)=<r3=>0x0)
r4 = syz_open_procfs(r3, &(0x7f0000000000)="26d4645f6d617000")
tgkill(r3, 0x0, 0x10)
r5 = add_key$keyring(&(0x7f0000000380)='keyring\x00', &(0x7f0000000540)={0x73, 0x79, 0x7a, 0x1}, 0x0, 0x0, 0xfffffffffffffffb)
getsockopt$inet_sctp_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f0000000180)={0x0, 0x1ff, 0x0, 0x3, 0x6, 0x53, 0x319, 0xffff, {0x0, @in={{0x2, 0x4e22, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x9, 0xff, 0x93, 0x0, 0x8}}, &(0x7f0000000100)=0xb0)
keyctl$get_security(0x11, r5, &(0x7f0000000a40)=""/198, 0xffffffffffffff6b)
timer_create(0x5, &(0x7f00000002c0)={0x0, 0x30, 0x3, @tid=r3}, &(0x7f00000003c0)=<r6=>0x0)
timer_settime(r6, 0x1, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
getgid()
socket$inet6(0xa, 0x0, 0x0)
sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000040)=@in={0x2, 0x0, @rand_addr=0x8}, 0x10, &(0x7f0000000480), 0x0, &(0x7f00000004c0), 0x0, 0x80}, 0x0)
connect$netlink(0xffffffffffffffff, &(0x7f0000000340)=@unspec, 0xc)
ioctl$TIOCMBIC(r4, 0x5417, &(0x7f0000000140)=0x6)

2018/03/31 13:01:44 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680), 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:44 executing program 3:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x0, 0x6, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x0, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680), 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)

2018/03/31 13:01:44 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200), &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  440.127900] binder: 2421:2424 ioctl 8010aa01 20000180 returned -22
[  440.133940] binder: 2423:2432 ioctl 8010aa01 20000180 returned -22
[  440.138852] binder: 2427:2429 ioctl 8010aa01 20000180 returned -22
[  440.141426] binder: 2418:2419 ioctl 8010aa01 20000180 returned -22
[  440.155649] binder: 2430:2431 ioctl 8010aa01 20000180 returned -22
[  440.159433] binder: 2421:2424 ioctl c0086420 20000080 returned -22
[  440.167676] binder: 2423:2432 ioctl c0086420 20000080 returned -22
[  440.173957] binder: 2427:2429 ioctl c0086420 20000080 returned -22
[  440.175452] binder: 2430:2431 ioctl c0086420 20000080 returned -22
[  440.184492] binder: 2421:2424 transaction failed 29189/-22, size 40-16 line 2848
[  440.194611] binder: 2418:2419 ioctl c0086420 20000080 returned -22
[  440.202798] binder: 2427:2429 got transaction with invalid offset (0, min 24 max 40) or object.
[  440.209960] binder: release 2423:2432 transaction 5606 out, still active
[  440.218581] binder: unexpected work type, 4, not freed
2018/03/31 13:01:44 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:44 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, 0xffffffffffffffff, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r3, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r3, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r3, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  440.223908] binder: undelivered TRANSACTION_COMPLETE
[  440.224385] binder: 2427:2429 transaction failed 29201/-22, size 40-16 line 3026
[  440.229101] binder: send failed reply for transaction 5606, target dead
[  440.237456] binder: 2421:2424 ioctl 541c 20000100 returned -22
[  440.256869] binder: 2430:2431 got transaction with invalid offset (40, min 24 max 40) or object.
[  440.268929] binder: BINDER_SET_CONTEXT_MGR already set
2018/03/31 13:01:44 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200), &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:45 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  440.286606] binder: 2444:2445 ioctl 8010aa01 20000180 returned -22
[  440.293955] binder: 2430:2431 transaction failed 29201/-22, size 40-16 line 3026
[  440.316111] binder: 2418:2419 ioctl 40046207 0 returned -16
[  440.325371] binder: 2418:2419 got transaction with invalid offset (0, min 24 max 40) or object.
[  440.328899] binder: 2444:2445 ioctl c0086420 20000080 returned -22
[  440.347090] binder: 2448:2451 ioctl 8010aa01 20000180 returned -22
[  440.352816] binder: 2418:2419 transaction failed 29201/-22, size 40-16 line 3026
[  440.355878] binder: 2450:2454 ioctl 8010aa01 20000180 returned -22
[  440.379005] binder: 2448:2451 ioctl c0086420 20000080 returned -22
[  440.385723] binder: undelivered TRANSACTION_ERROR: 29189
[  440.391642] binder: undelivered TRANSACTION_ERROR: 29201
[  440.397443] binder_alloc: binder_alloc_mmap_handler: 2430 20000000-20002000 already mapped failed -16
[  440.399387] binder: 2450:2454 ioctl c0086420 20000080 returned -22
[  440.408870] binder_alloc: 2430: binder_alloc_buf, no vma
[  440.414272] binder: BINDER_SET_CONTEXT_MGR already set
[  440.419053] binder: 2448:2451 transaction failed 29189/-3, size 40-16 line 2963
[  440.434052] binder: 2444:2445 ioctl 40046207 0 returned -16
[  440.443132] binder: undelivered TRANSACTION_ERROR: 29201
[  440.457510] binder: 2430:2457 ioctl 8010aa01 20000180 returned -22
[  440.469868] binder_alloc: 2430: binder_alloc_buf, no vma
[  440.475537] binder: 2444:2445 transaction failed 29189/-3, size 40-8 line 2963
[  440.479339] binder: 2448:2451 ioctl 541c 20000100 returned -22
[  440.485878] binder_alloc: 2430: binder_alloc_buf, no vma
[  440.494519] binder: 2450:2454 transaction failed 29189/-3, size 40-16 line 2963
[  440.501813] binder: undelivered TRANSACTION_ERROR: 29189
[  440.503592] binder: BINDER_SET_CONTEXT_MGR already set
[  440.512051] binder: 2430:2431 ioctl c0086420 20000080 returned -22
[  440.527829] binder: undelivered TRANSACTION_ERROR: 29189
2018/03/31 13:01:45 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, 0xffffffffffffffff, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r3, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r3, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r3, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:45 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:45 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)=@ipv6_getaddr={0x2c, 0x16, 0x1, 0x0, 0x0, {0xa}, [@IFA_LOCAL={0x14, 0x2, @loopback={0x0, 0x1}}]}, 0x2c}, 0x1}, 0x0)

2018/03/31 13:01:45 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:45 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:45 executing program 3:
getpgid(0xffffffffffffffff)
r0 = syz_open_dev$loop(&(0x7f0000ca9ff5)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f00000002c0))

2018/03/31 13:01:45 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x0, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:45 executing program 6:
unshare(0x60000000)
mkdir(&(0x7f00000004c0)='./file0\x00', 0x0)
mount(&(0x7f0000000180)='./file0/bus\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='sysfs\x00', 0x0, &(0x7f00000001c0))
r0 = creat(&(0x7f0000000000)='./file0/bus\x00', 0x0)
getsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000080), &(0x7f0000000540)=0x1)
r1 = add_key(&(0x7f0000000480)='id_resolver\x00', &(0x7f00000005c0)={0x73, 0x79, 0x7a, 0x1}, &(0x7f0000000600)="d0019fa7ee5c1f923c36eb0aea85060249da3bf3fd224ebf60151322f2380a43b631af47146b49a1ea3fc603e59b74af59112cf85e4b63d95b449bd00e82ddedac82dfdb74a00af0a5a3523c0adc6fce6b2f9f49157a9bea755c4d8bc2684506d89840d757231bc0d1402a234ee2df6e80f09308928f895cb863551869240544c621c36897bb945eedfc44c1874534985eb9f8bc84e3c4ccbc016193a74c3586c439058bceffbb89170e0057580bdd23a9f18cc7d13130d423e175f0b434671741d924a236e3c20040c3fd35a7d62c6f39fd983800b3dfa6b381909c44c265a06e7055141bb28af7bc169ad105442d2748fb74b4c77edce49fc13303998fdb68641d5eceb2dd884aebbea369433de195bec9afb9d39bf3bccec4c7f9ff6204ee5bb2df50476cb4c610ca6b875f84f2669cc92f966c9862ddb2522a6766d9ae2da39f0ac31d4458809e29b119f3a52a055dc4eb57c737b81d062311caf455baaedbd65d71310030ede62df1fc7e384d2e1a383ccde6457c300576f239f62837613312ccabfb18dfc3d7a99e0de70cd5fc9f960e0360b6b79150edf3070e1a63b7ef5c852db9a773ec1fd2e016ed888606257d6755bc5d6deb56081ec796dad793fcbdf1841fcb725f0687f0f06558e4ae6574a6b1b262b8a37383e96fd5b409537b71775e268b50cad2038faadfccd38f388f72691822d73142df533dd27d6e2ece0b059c9760431b77aaefd3a840249471c50ad235b0508927eb3eb0b3bf024e90e14da3bc40499ddcbcb5df60ccaabb339a6826ec9d88cd36f568e55a84a9a7421443c71952305c921b7e3542d8df06b82906cbefb5b0629636dc0b615110fa07fc6cdab3e7caf553f12efc50fb58038917c95a947fc09102fa50e335897b0460ca7f513830e6666fcc79d7d56bd790735f0a2af65ff23b07737aad8fc5fa817e7f7183a46aa75c34a22afde47ee8cee68ea69aa75491e9496d5da37e328f5f9f6654be79d81e3e2b812b6ca9764958838fc58314a8282bc35b9f59146b9dabcf29dd3e6d47c0a59fb84570b5094d680c742efb41eb580dcc339637f7145297c83d1b4168d3abee3f4236ab48b0a117205ad2d6cec83567fced9aa3080f57656d956741b6f8b0904d2420e586df2f3b4b29194e569be6fd1e6c58faa2c56c182c89ae83d9769445e3d0c66d2988abf1a3b7c80a45f637cf1ec61f18c51d40442316f7b9a977ff9c21399f1f4843e6cec4b6b64075a7a498b91beb2e5e55eab4b6686711c74946d15b6d81af6827f018cd8f61ebea9b0d99b89933dfb183997a307e23286f4fe09164b88c6e52b9ca58466ad639ba5d88ad80466d1e539e2cc3a44400d79bd84178163a6adcdbcc61aa98dc333b03f60823b41dba2294e1d77c6b503ac19bf46c00d561698766e9683d41de2d3ef525d8119393bf538a18c03cc592a1e7a2b5d778dfad4a83bf7e1b78153093d79ed6bf02f65d0acc8620439dd411dff1a240273befeddd00fcecbdbdd914471aa36e9b24143793f69a9032abadc38740d9a766b900ae1738c77655a5a79ff3c6a5b1a8d724360d99ea97b67afca954606b8911ae7a0d99c758e9b2b2092de92c69f90126875fea53df4a9276b0115a7280bf4580556ffb4bfb09111d4e1e8f53af4f167cc6c353db3411cf332c11577a3e1af7a0b437cf76b8908a51a4364a12de1fb176c740c4eec063b4d154b2448a208452db9faf42be1aaba2b5db6e9e94565c694373671ea06656d0c175182e6c6bea5d78ef2ef58f8e6c724bdc757b31218e2f73734f0ef84c616be6bdb361d1a89c810cb4bd90a4d173e6a7ca6b2d493b349e21e53d50c8b64eddbbdf6aee0db0bc14ea8322cab443cf78c72c9a94f39aca6bea978e47f26b9a978de6b753b46164143bdc59a749ffe7f93f20dbbec92b31b532ec97e50f4c190e1ee3c2e05b9a519fe81a5ae255498bafd6d4cf7f2228a0f10e9c14b1a1d7af4e1f47706f9f241a894e4ba84571330f86dda0c95fb00e67bc64edad699e1068213da6fda169ca4494f94d8d307c64e00372eaf51b9d7075e91666d44f9494f8d5ae689cf0f38addbcd3b067600c31a63178880bf2ba31c41d0cf78adea1130460581e428065dd9d2dc4b1f41787c8576e9e51d604180779831612230ea71327e7a2c9ff9eea80011f932cffbe61b216b9b15194ec1b2f314a025221dce343fe378bebca42c9217cacb55c501a2b9518f8759812a5f203b8e0c9083e455f951b4ce418675c30e706ca404c0015addbd3d8d96b14f548d93975a7ce9cad3262c023bed1c2c2617e03a994df371ba58d6892234e779a7f3259539646242768768d2883e8b4c1226350dbe1fb7a14ae8e946c28348e8b120ec03e9e85df9edf0166ba34a0270a39587420bd1205e53014660ec9dd99c3471a731bb9305a261b141a5a001c3e55872782246424009ca77d46aadedc51c859ed8b0444329aba4057c31de189e37e73797745727bf2d5daaa2421ae76ae962fb5f31af48804d04b98978a9bafa9514233ff19384de19ac6389e788bd913127c0a3278e7d4f0ee7ec467e80e64961f0da0810ce9b194dff68fe5b412fa8a5e99258bc01f1c7af1818165da6e8dc77f11dc6131d0f8feced3cb0766285a93997dbf167a3d905bf9620f47ba958ccce69ee55b462a645e407fa64967ee29fe0bfe951c248fd22fffd2f46b24718d3d844a3b4644d7b910d96b38ef55551d7da75ceccf3b7370426c8048252253df8743ec7722fc1af72d289ec7faa5da105ff1356a0da70d55f814324a2284f18cbdf55e98ba5b351413b070a6c4f12fcf9b617e271990c178d5a17357cb65f24f4bf1ed7377da4fec770cee4fdea1bdabe9938cdb36db3220e590e642cb62c7ab181760744aed6782b881342b9b0a7490cb47c1b81d16800c9d762ebf0d4ce127c9079c5ac605294e35fd1f25f6df7119565050d2bd8e03738f36f3fbef3dd2547bef3c36534f71143301b9d8f0042c4491df878b607743f406a5e1fab2aa3027f87e197fdeaaa63d4fbdab78c8f90b2978e815cf2f5d984c4142837dded453b96cc82d7a41d180e0ec5b94eaede1bc84332f88031c104c15ff706f8684d36dbd79ae8f62b70f877386f0485320ff8e67d5d01d26edc9cab6a4608a5eeab9779cd3c06f3914a28644719ea29bdd45d268263d27b8ec51a15a3b7c26fdcf47d9e390bec4ce03fa8c3b8d833008c3f49a80da5effaeb2155f2f8b570e540a1342e4b522ec01fcf4ee370516a44c50953f616f5f31d38f031ec1a8d4964f859b26b3e6526e44dd813a80a945f47469eb2833f022f4285f0b38c3097555e342d8695497cacac8172f0af54969e0171c9eb481eaaba52f5147d776e57f9a50628cb3d595d41387a498c4258eccde80733e83443975884cf8c67f972bce821361d75da148858897dc180f2d2b38d16932f0cfdd1806edb83b61eefbd16dddfac45b6e8304450ce934ec084ae3d23b77edad2d0156f76da5ddf5a0e36ce8ff8f0eb68b5b4e73b5786c172e29f72406d3c5d9e376a8d1558c5ea475b64443920dbf4ed30fed71786efcc30ab233a7b516532465578aecaa930a766bcfa70ecc552a17d322c4c7d521aacc0c8d57291e09fae523a1d6eb8dfaa8094ae64c3860c7d04221fd56cef8eb2fc5173172197a5a40b46bc214647a88d59ff90f221c9cc0da5c3b7424de966b02aff7b0d0f7c53485ff8453e824a501a34a4fef862facac79e44acd984b1ff01cb8ca90f819aa365bd71c7e1c578d309d24a5629bbc8bebcc55664c4bd6d04f522114b4954bf379f2d2f0b4f299584625df8c9f641f33c0a605454bcd543d4008ac7522fd8a46cefef0a000638bd06c6078e00ef0c5cdee211dd4267f70764c508432f0a01860c8881ae003436343e4d60563706b7ba1e4a819924f3ed64c975ede846212d92e7fee7cd3073f7675957e49d90922a32d39e9c0e2df05194f62a392eaf1bfef61ed54b97fa8f2e1eec3eb7583b1ede28709c27282f7624524a19c2f4ebb85eed43d0da3ab483a7e87e53cd12053ae98174aa21a97fc80d9337e8361da879352245fb474dc16d2248d488062de8207de4ccf47c7e43975d425a1f6918155062b7cfd42b845ba2dca1faff33a7972648f6930d2828b03d18b9c6bb1d7a44ea79030f5d7f588566f3ffe2f5a8ae51d29ea2f35515c26887ebc626f752fd5d50944364f5f5b8630f673838e88e0235aa198dba85ab2c635d577137505259d6fdace45412ca4610e9c08bc6f12cf1c5ebf232bc29fe6bc2989ccfb1ffde6338fa83ce4d4d578f6ab552b8f87f94cda56d0efd4f3db5d00d84d4b5fa9818693bcdc5e1a1be717c238d672bf2d57447557d9bf7f70a3e014cd1ca75a5bdb1a9e7bd5f4b64de2a5e82bc8b8d2824511e693ff17fc948ce0b298b9b3ec83a8478353fa63af6a6f077122e92b6c3df4ee3082955fa84f778896a0dea84537158def36ac25e746b46b69ba2502ceceab4078ce8e66f24c3f63b69c8826b64e740b6ceb8cdfe9aae53d449f684b13710aabe7c76b43500a51126aad3505aa00de523ab515ee1eb434d5af0fac24bd05b9c51f5c05b5f1af34a9291f7c1563a04652711b744cce37807631e28d63a7b09aab87392b66b9129792f1ace46c570e902683b1a9b29c1e94909aaec3e21220ff898597aedbfd8bd91bc3c4ff926c97346e6fd8e116bdd3e47b5e63631db8c02162958482aa4c3b38bb3d42a84dbe10b18a3416703a87078a83e457315f8c31603f8a0af677d95f6675f52701154f3061ca73f86c2e97ea1060e8f10f2e486bcc8251a6f7289c982b51e6763c398d0fd0dfdfef72f74dfd08f6308882cc6b31ac983edc18332faab83762cb004aa46bfefafcfebc63a4ffefeaacf01b0f0bf31f945f1a84a3298bc47d39c5789bc996d2e5337a1990a3057f2e293cd1c24d2b62bdd4429361be667b190f24e3d2c6b3973b1b258781b33368796356e99bc557dac0c5d5abde7da0b90b7a026e29cf59883ff92fc95b5b910820e960ece39bb1997544ad9cd9e8ed7bbb18196b25518850d55f8edce52b5ce7604bb9378321f47857c91070bcbe1785aab134db7793bde6bfd17052c8ec79e09acad94a65bcd0dfcde8f3399cfc27ee46ad6e242c7f8a1794cf3247da4baed75c214a53909c487d3c2043e7412173471038353d6fd8caf2603f2e05114383afed89bde9fc66e4534536b9aff167f0dd1dc44d30dc28474b4b1313d1cf80114fa1622b83d2cdea7de48dfc15b8f731e0a28365a40793b43aa3e85a7d330d9893369f23f0e5d9be840368c8dac1e01a8d15cf07e417fa62b852f381687ba873d1e4d33427b2a072f41009aa8c79cef2971e16ec7c9fe9396246ac51b5948862defeaae24e819ad9046f0665721a66ada372cd1e6597e37a04d32b5a9cbb8d1dc32acbc43e292a0b4e70316444cd945f06107fc7cf9a236747e9733e5d3ff43e8eb78d3f9782272d686ef8fdd60cdb830bd247af45a1734df7637e92a6d6bb91b788f47050364d7e149c2b7d0e446525ca9a2120ddbf28d1b7ec150159a51405eea6749c53f52ffa2d87e4c1d8514d7c3fed2f320ba80c176e885ca7f336f9f274c175f5acbd0d8986d5550a8baa2ee78744c86340d3032eb4f0ddfa2aada30892c9949294ec7360368c4adf821acc38ea7aaddc5c7ef4a99e64f3dac027bee911be9e51d45048a6fbf62f0cb4972561aa33b0d37fcb1d9e6df10ec60d3179bedd430f31fc889209cec26131f4de204ddf18c3", 0x1000, 0xfffffffffffffffc)
r2 = add_key$keyring(&(0x7f0000000240)='keyring\x00', &(0x7f00000000c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, r1)
keyctl$clear(0x7, r2)
accept4$ax25(0xffffffffffffffff, 0x0, &(0x7f00000001c0), 0x80000)
ioctl$PPPIOCGL2TPSTATS(r0, 0x80487436, &(0x7f0000001600)="c24637d916bebc5a210936d24fae9705ddc2466996b9e5f700fdd96a67686394f1fd270cbf1e1cdae0ad4908bafb6966dbb06c629dc259329de3a3f4323392e1530cc23c101a6b8ec3364dcfa15f95a1be9e53732b076339a14c85155458a3ffb4a02981fd85be18bc9ab0a0da4f13e6b316b9fef8378ac5cb2d170ac77a97c779ece4577b9643f05ee738212f99212b47241d55089ce4d6590544a88f1bf4dd1b806bd534c43c4c21eb19cbfed1")
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00')
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000400)={&(0x7f0000000280)={0x17c, r3, 0x300, 0x70bd2a, 0x25dfdbff, {0x5}, [@IPVS_CMD_ATTR_DEST={0x50, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e24}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x2}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x26}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xffffffff}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x5}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@remote={0xfe, 0x80, [], 0xbb}}]}, @IPVS_CMD_ATTR_DEST={0x6c, 0x2, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@multicast2=0xe0000002}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x5}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x32c90fc6}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@remote={0xfe, 0x80, [], 0xbb}}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x181}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x1000}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}]}, @IPVS_CMD_ATTR_DEST={0x58, 0x2, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x100000000}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e22}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x6}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@remote={0xfe, 0x80, [], 0xbb}}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x8}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x8000}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x8}]}, @IPVS_CMD_ATTR_DAEMON={0x54, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x9}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'erspan0\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback={0x0, 0x1}}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast2=0xe0000002}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}]}, 0x17c}, 0x1, 0x0, 0x0, 0x4}, 0x4000080)
setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0)
umount2(&(0x7f0000000040)='./file0\x00', 0x0)
umount2(&(0x7f0000000580)='./file0/bus\x00', 0x0)

[  440.528968] binder: 2430:2457 ioctl 40046207 0 returned -16
[  440.540187] binder: undelivered TRANSACTION_ERROR: 29189
[  440.541772] binder_alloc: 2430: binder_alloc_buf, no vma
[  440.551256] binder: 2430:2431 transaction failed 29189/-3, size 40-16 line 2963
[  440.566103] binder: undelivered TRANSACTION_ERROR: 29189
[  440.592251] binder: 2464:2466 ioctl 8010aa01 20000180 returned -22
[  440.597607] binder: 2465:2473 ioctl 8010aa01 20000180 returned -22
[  440.600737] binder: 2461:2462 ioctl 8010aa01 20000180 returned -22
[  440.610751] IPVS: ftp: loaded support on port[0] = 21
[  440.611394] binder: undelivered TRANSACTION_ERROR: 29201
[  440.617494] binder: 2471:2472 ioctl 8010aa01 20000180 returned -22
2018/03/31 13:01:45 executing program 0:
r0 = socket(0x11, 0x2, 0x0)
perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setsockopt(r0, 0x107, 0x1, &(0x7f0000dfaff0)="010000000300060000071a00009139cc", 0x10)
getsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f0000000280)=""/48, &(0x7f00000002c0)=0x30)

2018/03/31 13:01:45 executing program 3:
r0 = memfd_create(&(0x7f0000000ffc)='\x00', 0x100000201)
write$eventfd(r0, &(0x7f0000af1000), 0xfffffffffffffd0a)
mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1, 0x2011, r0, 0x4)
mbind(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, &(0x7f0000000080), 0x7, 0x3)

2018/03/31 13:01:45 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  440.637507] binder: 2465:2473 ioctl c0086420 20000080 returned -22
[  440.638697] binder: 2464:2466 ioctl c0086420 20000080 returned -22
[  440.657330] binder: 2465:2473 got transaction with invalid offset (0, min 24 max 40) or object.
[  440.662328] binder: 2461:2462 ioctl c0086420 20000080 returned -22
[  440.684190] binder: 2471:2472 ioctl c0086420 20000080 returned -22
[  440.692144] binder: BINDER_SET_CONTEXT_MGR already set
[  440.697845] binder: BINDER_SET_CONTEXT_MGR already set
[  440.704783] binder: 2465:2473 transaction failed 29201/-22, size 40-16 line 3026
[  440.711743] binder: 2461:2462 ioctl 40046207 0 returned -16
[  440.718657] binder: 2464:2466 ioctl 40046207 0 returned -16
[  440.722041] binder: 2471:2472 got transaction with invalid offset (0, min 24 max 40) or object.
[  440.736871] binder: 2481:2483 ioctl 8010aa01 20000180 returned -22
2018/03/31 13:01:45 executing program 3:
madvise(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x9)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f00005d5ff3)={0x2, 0x4e20, @rand_addr}, 0x10)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip6_flowlabel\x00')
readv(r1, &(0x7f0000001400)=[{&(0x7f0000000140)=""/46, 0x2e}, {&(0x7f00000012c0)=""/226, 0xe2}], 0x2)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000000)={<r2=>0x0, 0x7fffffff}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000180)={r2, @in={{0x2, 0x4e22, @multicast2=0xe0000002}}, 0x1f, 0xfff}, &(0x7f0000000080)=0x90)
mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000)

[  440.747876] binder: 2464:2466 ioctl 541c 20000100 returned -22
[  440.758757] binder: 2481:2483 ioctl c0086420 20000080 returned -22
[  440.769926] binder: undelivered TRANSACTION_ERROR: 29201
[  440.771174] binder: 2471:2472 transaction failed 29201/-22, size 40-16 line 3026
[  440.775485] binder: send failed reply for transaction 5630 to 2461:2462
2018/03/31 13:01:45 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:45 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:45 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(0xffffffffffffffff, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000040)={'syzkaller1\x00', 0x6})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0))
timer_gettime(0x0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r1=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r1})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r2 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r2, 0x0)
r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
ioctl$UFFDIO_UNREGISTER(r3, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r3, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x7, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5})
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x0, 0x8000, 0x400, 0x0, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x0, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  440.791772] binder: 2481:2483 transaction failed 29189/-22, size 40-16 line 2848
2018/03/31 13:01:45 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x0, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  440.818970] binder: 2490:2491 ioctl 8010aa01 20000180 returned -22
[  440.848790] binder: 2493:2495 ioctl 8010aa01 20000180 returned -22
2018/03/31 13:01:45 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:45 executing program 6:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000150000)=0x41, 0x4)
connect$inet(r0, &(0x7f0000001ffa)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f000094cffc)=0x10000080000180, 0x5d2f0bfb)
sendto$inet(r0, &(0x7f0000642000)="d3523b23a3a4901f3644faac98a41fe6093934adc1f264cfe9f2ffbea1649bd3d6fd89db8b960bf0cfc609a35312663f3f76257cfa83157cac4b043042e1458673a8fafe2545e6ebe619cc5f3131d10703026b630ed5a527cf27d3902c71ecde9fc15e66aedaab58cc448194eb7344bbdb6c96f5d21ee51d71e32093bbc1b7c4729d545c318f25c80f582d22a1e37a0aa6afd1f86f675cdee0b4af513d38be5a55b42b0e956782d9aa8655ea931ae969253cb09240afa8cfad50cea0eefa084beba0c8f03aa616ba5631e302549857687f49b1303f14d358c7c33e18e97426412682722f56e500ed2129af03a2b08a22bc09cd6c0a6d5916fd8853786a518263312099f6f5ac595998d3c801f7effa741b3094721e13b1b88bc5ee5b8a7716053e1482c8adc0388ca50825e56bbbe550e572344a8e15153a2874b3c013d13f06d19f79217b24f6d07fe0e7029158db63f14cea202939c06af5c68a5fc89a23b4e322dd969f0a2a31295b2ba5a0967da2326de2d7db7ce276596291d329a89c24e2cdf005f5a689727024c144e83e427272138c96deae0feb8dc8131d3ecf27faf0ee09669af12b94906f994fe42d766c3a577a56e6910516f966035242de764daac021f6930c0c820f94b0eb7014dd661b61c047a8447edf27fb9bf9c2d8a2efbd8047702b0d7a18470116e9b705e6fc5d42582e84cb0f98dba3a292bffcc21bf970063a91c1baa39ea9e06c6a4f9fb4cfb2b86690265b99295e3eeddf2df0fb0c240d794b7acbf9dc0ebed672cbb866547d67de9b79a2dcc35cd02325aa6b8fc6", 0x241, 0x91, &(0x7f0000940000)={0x2, 0x0, @broadcast=0xffffffff}, 0x10)
sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f00000006c0)={&(0x7f0000000440)={0x10}, 0xc, &(0x7f0000000680)={&(0x7f0000000a80)=ANY=[@ANYBLOB="8666d612574c481dde96ea1cbdaeba984a8cdfdb73fd38eaceba6c975743334d1d42ec385ab7bbb89369d374906b958025da62329117510ac9da4750cd324cfe45286825f3f00645dae8ea0e93d4ae79602d66be11570b2f5f3584e8d08c66dc365a66d1eb6cf086f147605d59c32677ab64015a07ef16111d77ecd1da5861667fc1bab98f43cf8eec256408bc3963de6245645699231dcaf1dcaa1a0e7ba66186f2e90c7e89b84e8def588f68b9d1a2b62f2e08f76bb2cc80c0d770bcf47e7c0ea90571b5ef692a17345611adaa6e63e4df09e53f243bd27280d423f2d330997e7ddeba0036f790e0ffcc1918748d11ef4d703b559fedda13100b03e030adeaab34d283f30322d0a0105b1e2ba19c627685b764630d056707b494e70b976490e1a20666f93365960c48063c42d7c23c240a08138d01d07edd2d8753432bf4e4103adae45978e2047b9241bb2837156a04174753c44476a7cee6b387c519c08d1e41143ae4cad79e4e795a2c9b265ee716cc23a9baa3cc4cddddcc8ef31900af11e4efc7690605445eefd89f3e499e0f060db26f76af1c45bd111ae7677f4fe7db6cd347d0741bf1bef3dd28ed3b4a09ba2bc4649647469b0ca4022f072a8d0b96cb7417e1d304bb8835d0f3aa67c16a42f12f0aafe10474480000f354726aaaf58072733784360f32a78c72ab0483b0df39bc95d3e5f7a3c4896c30c1673fd575ac26410786d70f3d9ee453e61c6340c201b3088c17be41e3b7da7c1f0e95a035af07d4ca4efb9f9ee38add18870327a9ca4b1c3f600459902d06ddd57501400266336da4f9d982dc4d5f3d751f717aabd275cfd4f41222356a8c9d684a821574ad1e3fc0ed6dabc554dc7f65778be015d23fff6a85092316472b146e79446638d2a033a18c679b9d68f23ad9dfd36f4601ed0b2ea5c8b7f04e96c55ceb686271b248ea88b4a1c9879ff432311b1b5f75df7beb6662b4775c7701d8749231990d5783cba64ad2782604ffffe5dbeaf1bef7f23af7682eb73e0cd0aadf594a7a907c96b341c88c73060647a074b4a47f8f87fdb8ea2f1455d388d9531be1d3ab"], 0x1}, 0x1}, 0x0)
writev(r0, &(0x7f0000000300)=[{&(0x7f0000000200)="365493ae5f91ffefda606e8cf0f706df7353a7bbff1e720923c93958cf2bcfb6c0ae1505c7f518e6d31503dd6fb435074377f20077f1e28213238f65e664a3382ee632493783fb9fe1d5d78ca1ece26e39700f2182c8878a16b8e1260e32ac0715cc65e183b2236dff8fca9d529e9ea594090ca227c0d7e835f72da08943608c507799101fd342c95d6db0bb39179486dfc8aed4abef1c120340b1939e2a43899e0c83709cd075bd7333411027fa0b637e559c3e2a6008bca78681bcdb5de5c19d8fdc6f1ee4d4b54efd65f25dbd03e7f3773a26", 0xd4}], 0x1)
r1 = socket(0x0, 0x2, 0xc638)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000380)={<r2=>0x0, 0x10001}, &(0x7f00000003c0)=0x8)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000400)={r2, 0x7f}, 0x8)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000080)=0xc)
sendto$inet(r0, &(0x7f00000000c0)="d8", 0x1, 0x0, &(0x7f00000001c0)={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10)
sendto(r0, &(0x7f0000000980)="29a85bcd4aeede5abf67ece6f479e6aba3bdf24bbdde09a147837fcfe2d229270ad2ca604c2046127d8586fec7b3673161327d22a7e9ec04b2ae5d1defb591ae64f7053ad0dd556eb79d3ed7264a654dcd8aef0319b0e7109c0d", 0x5a, 0x801, &(0x7f0000000a00)=@nl=@kern={0x10, 0x0, 0x0, 0x40000000}, 0x80)
recvmsg(r0, &(0x7f000091d000)={&(0x7f0000813fec)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x80, &(0x7f0000451fb0)=[{&(0x7f0000948f34)=""/204, 0xcc}, {&(0x7f0000687f5c)=""/164, 0xa4}], 0x2, &(0x7f00009485e1)=""/148, 0x94}, 0x0)
shutdown(r0, 0x1)
recvmsg(r0, &(0x7f0000001ac0)={&(0x7f0000000480)=@in6={0x0, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000001940)=[{&(0x7f0000000500)=""/232, 0xe8}, {&(0x7f0000001700)=""/248, 0xf8}, {&(0x7f0000002040)=""/4096, 0x1000}, {&(0x7f0000000600)=""/117, 0x75}, {&(0x7f0000003040)=""/4096, 0x1000}, {&(0x7f0000001800)=""/36, 0x24}, {&(0x7f0000001840)=""/24, 0x18}, {&(0x7f0000001880)=""/73, 0x49}, {&(0x7f0000001900)=""/29, 0x1d}], 0x9, &(0x7f0000001a00)=""/164, 0xa4, 0x1000}, 0x40000000)
getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xa, &(0x7f0000001b00), &(0x7f0000001b40)=0x4)

2018/03/31 13:01:45 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:45 executing program 3:
syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x200000)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000080)={0x0, @in6={{0xa, 0x4e21, 0x4, @dev={0xfe, 0x80, [], 0xc}}}, [0x5, 0xff, 0x101, 0xffffffffffff0000, 0x401, 0xfff, 0x3ff, 0x80, 0x1, 0x9, 0x0, 0x100000001, 0x200, 0x1, 0x10000]}, &(0x7f0000000180)=0x100)
r0 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c)
listen(r0, 0x1008005)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10)

[  440.867432] binder: 2490:2491 ioctl c0086420 20000080 returned -22
[  440.867759] binder: undelivered TRANSACTION_ERROR: 29201
[  440.888008] binder: 2496:2497 ioctl 8010aa01 20000180 returned -22
[  440.891789] binder: 2493:2495 ioctl c0086420 20000080 returned -22
[  440.905617] binder: 2498:2499 ioctl 8010aa01 20000180 returned -22
[  440.922472] binder: undelivered TRANSACTION_COMPLETE
[  440.927330] binder: 2501:2507 ioctl 8010aa01 20000180 returned -22
[  440.927656] binder: undelivered TRANSACTION_ERROR: 29189
[  440.934940] binder: 2490:2491 got transaction with invalid offset (0, min 24 max 40) or object.
[  440.941502] binder: 2500:2503 ioctl 8010aa01 20000180 returned -22
[  440.955473] binder: 2496:2497 ioctl c0086420 20000080 returned -22
[  440.960472] binder: 2498:2499 ioctl c0086420 20000080 returned -22
2018/03/31 13:01:45 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop-control\x00', 0x0, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000240)={0x0, <r1=>0x0})
ptrace$peekuser(0x3, 0x0, 0x542ca047)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
r2 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f00000005c0)={0x0, {{0xa, 0x4e24, 0x2, @empty, 0x1e6}}, {{0xa, 0x4e21, 0x0, @empty, 0x800}}}, 0x104)
r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000500)='/dev/vga_arbiter\x00', 0xfffffffffffffffe, 0x0)
signalfd4(r4, &(0x7f00000004c0)={0x1}, 0x8, 0x80000)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r2)
r5 = perf_event_open(&(0x7f0000000380)={0x7, 0x70, 0x302, 0x3ff, 0x8, 0x2, 0x0, 0x200, 0x5208, 0x1, 0x2, 0x0, 0x7f, 0x8, 0x0, 0x80000001, 0x2887, 0xff, 0x100, 0x9, 0x0, 0x1000, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0, 0xba64, 0x5, 0x100000000, 0x1000, 0x0, 0x40, 0x8, 0x0, 0x85e9, 0x3, 0x7, 0x0, 0x2, 0x0, @perf_config_ext={0x79b5, 0x1f}, 0x8, 0x100, 0x0, 0x3, 0xd9bc, 0x100000001, 0xdc}, r1, 0x10, r4, 0x0)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r4, 0x84, 0x65, &(0x7f0000000700)=[@in6={0xa, 0x4e24, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x8}, @in6={0xa, 0x4e21, 0x1, @local={0xfe, 0x80, [], 0xaa}, 0x3}, @in6={0xa, 0x4e23, 0x4, @ipv4={[], [0xff, 0xff], @remote={0xac, 0x14, 0x14, 0xbb}}, 0x8000}, @in={0x2, 0x4e23, @broadcast=0xffffffff}, @in6={0xa, 0x4e22, 0x163, @local={0xfe, 0x80, [], 0xaa}, 0x1}, @in={0x2, 0x4e20, @local={0xac, 0x14, 0x14, 0xaa}}, @in6={0xa, 0x4e24, 0x80000000, @ipv4={[], [0xff, 0xff]}, 0x6}, @in6={0xa, 0x4e23, 0x80, @dev={0xfe, 0x80}, 0x8}], 0xc8)
ioctl$KDGKBTYPE(r4, 0x4b33, &(0x7f00000010c0))
r6 = dup2(r0, 0xffffffffffffffff)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r1, 0x8, &(0x7f0000000140))
perf_event_open(&(0x7f0000000540)={0x1, 0x70, 0x5, 0x2, 0x1000, 0x0, 0x0, 0xb3, 0x0, 0x1, 0xc5b00000, 0x5, 0x0, 0x0, 0x1, 0x5d9, 0x8, 0x1000, 0xffffffff00000001, 0x0, 0x0, 0xb8c6, 0x1000, 0x10001, 0x4, 0x0, 0x0, 0x1, 0x1, 0xb20b, 0x6, 0x1, 0x200, 0x507, 0x2, 0x2, 0x6, 0x4, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x0, 0x4, 0x9, 0x6, 0x0, 0x7fff, 0x80000001}, r1, 0xd, r5, 0x8)
r7 = open(&(0x7f0000ae8ff8)='./file0\x00', 0x14104a, 0x0)
r8 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x101002)
write$evdev(r7, &(0x7f0000037fe8)=[{{}, 0x1, 0x74, 0x2}], 0x10)
sendfile(r7, r7, &(0x7f00009bcffe), 0x0)
sendfile(r8, r7, &(0x7f0000fc1ff8), 0x80000001)
ioctl$EVIOCGKEY(r8, 0x80404518, &(0x7f0000000080)=""/4096)
ioctl$TIOCMSET(0xffffffffffffffff, 0x5418, &(0x7f0000000280)=0x800)
getsockopt$inet_sctp_SCTP_RTOINFO(r6, 0x84, 0x0, &(0x7f0000000300)={0x0, 0x0, 0xfff, 0x84b}, &(0x7f0000000340)=0x10)
ioctl$UFFDIO_ZEROPAGE(0xffffffffffffffff, 0xc020aa04, &(0x7f0000000000)={&(0x7f0000ffd000/0x2000)=nil, 0x2000})
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f0000000400), &(0x7f0000000440)=0x8)

[  440.970304] binder: BINDER_SET_CONTEXT_MGR already set
[  440.975714] binder: 2501:2507 ioctl c0086420 20000080 returned -22
[  440.978594] binder: undelivered TRANSACTION_ERROR: 29189
[  440.988320] binder: 2493:2495 ioctl 40046207 0 returned -16
[  440.990771] binder: 2501:2507 got transaction with invalid offset (0, min 24 max 40) or object.
[  440.994294] binder: BINDER_SET_CONTEXT_MGR already set
[  441.006085] binder: 2490:2491 transaction failed 29201/-22, size 40-16 line 3026
[  441.009293] binder: BINDER_SET_CONTEXT_MGR already set
[  441.018565] binder: 2496:2497 ioctl 40046207 0 returned -16
[  441.023143] binder: 2500:2503 ioctl c0086420 20000080 returned -22
[  441.034176] binder: 2498:2499 ioctl 40046207 0 returned -16
[  441.041325] binder: 2493:2495 got transaction with invalid offset (0, min 24 max 40) or object.
[  441.049739] binder: 2501:2507 transaction failed 29201/-22, size 40-16 line 3026
[  441.051182] binder: 2493:2495 transaction failed 29201/-22, size 40-16 line 3026
2018/03/31 13:01:45 executing program 6:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x0, 0x6, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x2, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680), 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
gettid()

[  441.069821] binder: 2500:2503 got transaction with invalid offset (0, min 24 max 40) or object.
[  441.079991] binder: 2498:2499 ioctl 541c 20000100 returned -22
[  441.102397] binder_alloc: binder_alloc_mmap_handler: 2493 20000000-20002000 already mapped failed -16
[  441.113541] binder: 2500:2503 transaction failed 29201/-22, size 40-16 line 3026
2018/03/31 13:01:45 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:45 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  441.131737] binder: 2493:2516 ioctl 8010aa01 20000180 returned -22
[  441.132986] binder: undelivered TRANSACTION_ERROR: 29201
[  441.143653] binder: send failed reply for transaction 5644 to 2496:2497
[  441.160615] binder: 2493:2495 ioctl c0086420 20000080 returned -22
[  441.171527] binder: 2519:2520 ioctl 8010aa01 20000180 returned -22
[  441.195995] binder: 2521:2525 ioctl 8010aa01 20000180 returned -22
[  441.199725] binder: 2523:2524 ioctl 8010aa01 20000180 returned -22
[  441.202788] binder_alloc: 2493: binder_alloc_buf, no vma
[  441.214318] binder: 2493:2495 transaction failed 29189/-3, size 40-16 line 2963
[  441.235292] binder: 2519:2520 ioctl c0086420 20000080 returned -22
[  441.236479] binder: undelivered TRANSACTION_ERROR: 29201
[  441.249436] binder: 2521:2525 ioctl c0086420 20000080 returned -22
[  441.259431] binder: undelivered TRANSACTION_COMPLETE
[  441.264263] binder: BINDER_SET_CONTEXT_MGR already set
[  441.264729] binder: undelivered TRANSACTION_ERROR: 29189
[  441.270386] binder: BINDER_SET_CONTEXT_MGR already set
[  441.275834] binder: 2523:2524 ioctl c0086420 20000080 returned -22
[  441.285110] binder: 2519:2520 ioctl 40046207 0 returned -16
[  441.288075] binder: BINDER_SET_CONTEXT_MGR already set
[  441.298169] binder: 2521:2525 ioctl 40046207 0 returned -16
[  441.298615] binder: undelivered TRANSACTION_ERROR: 29201
[  441.307281] binder_alloc: 2493: binder_alloc_buf, no vma
[  441.309645] binder: 2523:2524 ioctl 40046207 0 returned -16
[  441.314906] binder: 2519:2520 transaction failed 29189/-3, size 40-16 line 2963
[  441.324287] binder: 2521:2525 ioctl 541c 20000100 returned -22
[  441.334117] binder: undelivered TRANSACTION_ERROR: 29189
[  441.345221] binder: undelivered TRANSACTION_ERROR: 29201
[  441.351114] binder: 2519:2520 ioctl 8010aa01 20000180 returned -22
[  441.356430] binder: 2523:2524 transaction failed 29189/-22, size 40-16 line 2848
[  441.365173] binder: 2519:2528 ioctl c0086420 20000080 returned -22
[  441.391265] binder: 2519:2528 got transaction with invalid offset (40, min 24 max 40) or object.
[  441.393275] binder: undelivered TRANSACTION_ERROR: 29189
[  441.412119] binder: 2519:2528 transaction failed 29201/-22, size 40-16 line 3026
2018/03/31 13:01:46 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:46 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:46 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x0, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:46 executing program 3:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000040)={'syzkaller1\x00', 0x6})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0))
timer_gettime(0x0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x0, 0x6, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x7, 0x7, 0x7, 0x0, 0x0, 0x0, 0x5, 0x7, 0xff, 0x0, 0xc78, 0x0, 0x0, 0x7ff})
r1 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r1, 0x0)
r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
ioctl$UFFDIO_UNREGISTER(r2, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(0xffffffffffffffff, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x7, 0xffffffffffffffff})
ioctl$int_out(r0, 0x0, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0), 0x4)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x0, 0x400})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x0, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:46 executing program 6:
r0 = syz_open_procfs(0x0, &(0x7f0000252000)='map_files\x00')
openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000300)='cgroup.type\x00', 0x2, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='hybla\x00', 0x6)
getsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000540), &(0x7f0000000580)=0x4)
accept4$ax25(r0, &(0x7f00000001c0), &(0x7f0000000200)=0x1a5, 0x80000)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x11, "9aab3d82b1776054d38127306e44ac8153b8b24804589ebd16cdd7a0c81b2f22aa4f80697755839f61c801fe88be1935b9942e1e0ff81774c2cb833d89837970", "66e4c3f56840f22734ab2845d16cbb4c46b8d2f616486137839829e6f173d68b65f7abd65f6c290317d948466e0dd150c6bdc096aaea8d463a4afc2db7cb4f24", "0501e7607b140f8d43310b68d4acb8c229b70c2fb9994c8aed7ee7c71e52c829", [0x20]})
getdents(r0, &(0x7f0000000040), 0x7385baf8532ca971)
setsockopt$inet_sctp_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000180)=0x6, 0x4)
setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000140)={&(0x7f0000000040)=[0x0], &(0x7f0000000080), &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0], 0x1, 0x0, 0x7, 0x2})
r1 = socket$inet(0x2, 0x1, 0x0)
r2 = dup(r1)
bind$inet(r1, &(0x7f000012e000)={0x2, 0x4e23, @broadcast=0xffffffff}, 0x10)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000e9bff0)={0x1, &(0x7f0000f07000)=[{0x6, 0xfffffffffffffffe}]}, 0x8)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000005c0)={0x0, <r3=>0x0}, &(0x7f0000000600)=0xc)
sendmsg$nl_xfrm(r0, &(0x7f0000000740)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000100}, 0xc, &(0x7f0000000700)={&(0x7f0000000640)=@delpolicy={0xb8, 0x14, 0x2, 0x70bd27, 0x25dfdbfd, {{@in, @in6=@loopback={0x0, 0x1}, 0x4e21, 0x101, 0x4e21, 0x1dc3, 0xa, 0x80, 0xa0, 0x6, 0x0, r3}, 0x6e6bb1, 0x2}, [@algo_comp={0x68, 0x3, {{'deflate\x00'}, 0xe8, "cf026b94c0238bc7c5785f5e59e68796168579ed5dc5fa28de650e412b"}}]}, 0xb8}, 0x1, 0x0, 0x0, 0x4050}, 0x810)
connect$inet(r1, &(0x7f0000987000)={0x2, 0x4e23}, 0x10)
sendto$inet(r2, &(0x7f00004eef09)="96427feebcc603c266d2a2c2da2644124066d6c52746a66fd07a4a9370b924b494651c3febca0be535e0f30bbafe65b8b859d66972208f558b002bbc2366429da28cdb97727474f32fcce772ce439a1b5785bb74b8680705191a3d28e775b402a04cdf7881cf1c80eb042835db0e8c24fd", 0x71, 0x4001, &(0x7f0000848ff0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}}, 0x10)
sendmsg$key(r2, &(0x7f0000e96fc8)={0x0, 0x0, &(0x7f00009df000)={&(0x7f00007cc000)={0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, [@sadb_x_sec_ctx={0x1, 0x18}]}, 0x18}, 0x1}, 0x0)
time(&(0x7f0000000780))
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000266ffc), 0x4)
sendmsg$key(0xffffffffffffffff, &(0x7f0000351000)={0x0, 0x0, &(0x7f0000886000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="f9e9d3a0830a23beb26f93c716bd8c55049d1572036a765186937967b2075decd035123f9eb8d4a8e414217d438156d0b1597aeea35807799d8554af7d0331"], 0x3f}, 0x1}, 0x40001)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, &(0x7f0000000000)={<r4=>0x0, 0x3e, "28269bcb13202a2b2fee172fd0ce16245080087ac6e5dba05788e4ff6302529dba83dcc8cd21ff1656a0dbb21e312eb09bc8cc51043fb8255c4713491236"}, &(0x7f00000000c0)=0x46)
getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000140)={r4, 0x6}, &(0x7f0000000180)=0x8)
shutdown(r2, 0x1)
ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f00000002c0)={'erspan0\x00', {0x2, 0x4e24, @loopback=0x7f000001}})
select(0x40, &(0x7f0000000340)={0x200, 0x7f, 0x0, 0x0, 0x7fff, 0x10000, 0x6, 0x1}, &(0x7f0000000380)={0x3, 0x3, 0x1800, 0x0, 0x7, 0x3, 0x0, 0x9}, &(0x7f00000003c0)={0xad7, 0x734752c5, 0x8, 0x0, 0xffff, 0x800000000, 0x0, 0x80000001}, &(0x7f0000000400)={0x77359400})
r5 = syz_open_procfs(0x0, &(0x7f0000006a00)='net/raw6\x00')
preadv(r5, &(0x7f0000000000)=[{&(0x7f0000000100)=""/4096, 0x1000}], 0x1, 0x0)
accept4(r5, &(0x7f0000001100)=@ipx, &(0x7f00000000c0)=0x80, 0x0)

2018/03/31 13:01:46 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x0, 0x0, &(0x7f0000004fbc), 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:46 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x0, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:46 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop-control\x00', 0x0, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000240)={0x0, <r1=>0x0})
ptrace$peekuser(0x3, 0x0, 0x542ca047)
socket(0x4, 0x80807, 0x0)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0xa100, 0x0)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000040)={@empty, 0xff, 0x2, 0x3, 0x8, 0x81, 0x1, 0xfffffffffffffcd7}, &(0x7f0000000080)=0x20)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
setpgid(r1, r1)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f00000000c0)={<r4=>0x0, 0x9, 0x2}, &(0x7f00000001c0)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={r4, 0xd4, &(0x7f0000000540)=[@in6={0xa, 0x4e21, 0x6, @mcast2={0xff, 0x2, [], 0x1}}, @in6={0xa, 0x4e23, 0x9, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x14, 0xe}}, 0x5}, @in6={0xa, 0x4e24, 0x2, @dev={0xfe, 0x80, [], 0x16}, 0x3}, @in6={0xa, 0x4e21, 0x0, @dev={0xfe, 0x80, [], 0xd}, 0xaf31}, @in6={0xa, 0x4e20, 0x9, @loopback={0x0, 0x1}, 0x6f}, @in6={0xa, 0x4e21, 0x800, @local={0xfe, 0x80, [], 0xaa}, 0x7f}, @in={0x2, 0x4e23, @remote={0xac, 0x14, 0x14, 0xbb}}, @in6={0xa, 0x4e23, 0x9, @loopback={0x0, 0x1}}]}, &(0x7f0000000440)=0x10)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r3)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
r5 = dup2(r0, r0)
connect$ax25(0xffffffffffffffff, &(0x7f00000002c0)={0x3, {"20ada8787a1d43"}}, 0x10)
setsockopt$sock_timeval(r5, 0x1, 0x15, &(0x7f00000006c0)={0x0, 0x2710}, 0x10)
ptrace$poke(0x4, r1, &(0x7f0000000680), 0x2)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
getsockopt$packet_int(r2, 0x107, 0x11, &(0x7f0000000480), &(0x7f0000000640)=0x4)
getsockopt$IPT_SO_GET_ENTRIES(r5, 0x0, 0x41, &(0x7f0000000700)={'filter\x00', 0xb6, "22adb4830497aae8d6b2cf33de4f619c225f993f727e43b21caac7104dd7aff06de75886371e1d0d8989d413e0a042a4358735b9a5fc8f009d0512083627accac8cb5909413538ce093a72c0a5b6e763cb5e1ea45d0677317a38aba75262f7e246070bbfadb7039e1d854cfaa0ffa79d4f6f720c4aa05a0258ff270068bd2f7e387a54197bc71f83f6e8c9f21edceb72e71b0549914dd23aced8789a54bc84e1d1aa98ce864379b41d357d76d5159942b585f2020313"}, &(0x7f0000000800)=0xda)
ioctl$TIOCMSET(r5, 0x5418, &(0x7f0000000280)=0x800)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x54, &(0x7f00000004c0)=[@in6={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}, 0x1f}, @in6={0xa, 0x4e23, 0xfc3, @ipv4={[], [0xff, 0xff]}}, @in6={0xa, 0x4e22, 0x3, @mcast1={0xff, 0x1, [], 0x1}, 0x2}]}, &(0x7f0000000140)=0x10)
execve(&(0x7f0000000300)='./file0\x00', &(0x7f0000000400)=[&(0x7f0000000340)='/dev/loop-control\x00', &(0x7f00000003c0)='/dev/loop-control\x00'], &(0x7f0000000480))

[  441.436932] binder: undelivered TRANSACTION_ERROR: 29201
[  441.442715] binder: undelivered TRANSACTION_ERROR: 29189
[  441.464916] binder: 2530:2531 ioctl 8010aa01 20000180 returned -22
[  441.479652] binder: 2532:2539 ioctl 8010aa01 20000180 returned -22
[  441.479994] binder: 2534:2542 ioctl 8010aa01 20000180 returned -22
[  441.494462] binder: 2536:2537 ioctl 8010aa01 20000180 returned -22
[  441.501429] binder: 2532:2539 ioctl c0086420 20000080 returned -22
[  441.509269] binder: 2533:2541 ioctl 8010aa01 20000180 returned -22
[  441.509619] binder: 2538:2540 ioctl 8010aa01 20000180 returned -22
[  441.518104] binder: 2536:2537 ioctl c0086420 20000080 returned -22
[  441.522462] binder: 2530:2531 ioctl c0086420 20000080 returned -22
[  441.531970] binder: 2533:2541 ioctl c0086420 20000080 returned -22
[  441.548055] binder: 2532:2539 transaction failed 29189/-22, size 40-16 line 2848
[  441.548341] binder: 2534:2542 ioctl c0086420 20000080 returned -22
[  441.563701] binder: 2530:2531 ioctl 541c 20000100 returned -22
[  441.569230] binder: 2536:2537 got transaction with invalid offset (0, min 24 max 40) or object.
[  441.579961] binder: 2538:2540 ioctl c0086420 20000080 returned -22
[  441.590234] binder: BINDER_SET_CONTEXT_MGR already set
2018/03/31 13:01:46 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x0, 0x0, &(0x7f0000004fbc), 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  441.602141] binder: BINDER_SET_CONTEXT_MGR already set
[  441.607664] binder: 2536:2537 transaction failed 29201/-22, size 40-16 line 3026
[  441.610882] binder: BINDER_SET_CONTEXT_MGR already set
[  441.617638] binder: 2533:2541 ioctl 40046207 0 returned -16
[  441.630387] binder: 2534:2542 ioctl 40046207 0 returned -16
2018/03/31 13:01:46 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  441.651893] binder: undelivered TRANSACTION_ERROR: 29189
[  441.654774] binder: 2534:2542 transaction failed 29189/-22, size 40-16 line 2848
[  441.664334] binder: 2538:2540 ioctl 40046207 0 returned -16
[  441.678525] binder: 2533:2541 transaction failed 29189/-22, size 40-16 line 2848
2018/03/31 13:01:46 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x0, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:46 executing program 0:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.net\x00', 0x200002, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0/file0\x00', 0x400, 0x100)
ioctl$KDGKBENT(r1, 0x4b46, &(0x7f0000000240)={0x1, 0x8000, 0x1f})
fchdir(r0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x2000)
unlink(&(0x7f0000000080)='./file0/file0\x00')
r2 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x9e9a, 0x204200)
setsockopt$nfc_llcp_NFC_LLCP_RW(r2, 0x118, 0x0, &(0x7f0000000180)=0x8000, 0xfffffffffffffcfa)
openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x20000000001, 0x0)
ioctl$EVIOCGABS20(0xffffffffffffffff, 0x80184560, &(0x7f0000000080))
r3 = request_key(&(0x7f0000000280)='blacklist\x00', &(0x7f00000002c0)={0x73, 0x79, 0x7a, 0x1}, &(0x7f0000000300)='\x00', 0x0)
keyctl$setperm(0x5, r3, 0x4)
rmdir(&(0x7f00000000c0)='./file0\x00')

[  441.696618] binder: 2552:2553 ioctl 8010aa01 20000180 returned -22
[  441.705506] binder: undelivered TRANSACTION_ERROR: 29201
[  441.732710] binder: 2555:2556 ioctl 8010aa01 20000180 returned -22
[  441.733564] binder: 2538:2540 transaction failed 29189/-22, size 40-8 line 2848
2018/03/31 13:01:46 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x0, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  441.753396] binder: 2552:2553 ioctl c0086420 20000080 returned -22
[  441.764996] binder: undelivered TRANSACTION_ERROR: 29189
[  441.765728] binder: 2552:2553 ioctl 541c 20000100 returned -22
[  441.775180] binder: 2555:2556 ioctl c0086420 20000080 returned -22
[  441.780290] binder: 2558:2559 ioctl 8010aa01 20000180 returned -22
[  441.793704] binder: 2558:2559 ioctl c0086420 20000080 returned -22
[  441.808711] binder_alloc: binder_alloc_mmap_handler: 2533 20000000-20002000 already mapped failed -16
[  441.819855] binder: 2563:2565 ioctl 8010aa01 20000180 returned -22
[  441.826099] binder_alloc: 2552: binder_alloc_buf failed to map pages in userspace, no vma
[  441.834618] binder: 2558:2559 transaction failed 29189/-3, size 40-16 line 2963
[  441.842346] binder_alloc: 2552: binder_alloc_buf failed to map pages in userspace, no vma
[  441.850201] binder: 2533:2562 ioctl 8010aa01 20000180 returned -22
2018/03/31 13:01:46 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x0, 0x0, &(0x7f0000004fbc), 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:46 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:46 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop-control\x00', 0x0, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000240)={0x0, <r1=>0x0})
ptrace$peekuser(0x3, 0x0, 0x542ca047)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
socket(0x4, 0x80807, 0x0)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0xa100, 0x0)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000040)={@empty, 0xff, 0x2, 0x3, 0x8, 0x81, 0x1, 0xfffffffffffffcd7}, &(0x7f0000000080)=0x20)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
setpgid(r1, r1)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f00000000c0)={<r3=>0x0, 0x9}, &(0x7f00000001c0)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={r3, 0xd4, &(0x7f0000000540)=[@in6={0xa, 0x4e21, 0x6, @mcast2={0xff, 0x2, [], 0x1}}, @in6={0xa, 0x4e23, 0x9, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x14, 0xe}}, 0x5}, @in6={0xa, 0x4e24, 0x2, @dev={0xfe, 0x80, [], 0x16}, 0x3}, @in6={0xa, 0x4e21, 0x8, @dev={0xfe, 0x80, [], 0xd}, 0xaf31}, @in6={0xa, 0x4e20, 0x9, @loopback={0x0, 0x1}, 0x6f}, @in6={0xa, 0x4e21, 0x800, @local={0xfe, 0x80, [], 0xaa}, 0x7f}, @in={0x2, 0x4e23, @remote={0xac, 0x14, 0x14, 0xbb}}, @in6={0xa, 0x4e23, 0x9, @loopback={0x0, 0x1}, 0x1}]}, &(0x7f0000000440)=0x10)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
r4 = dup2(r0, r0)
connect$ax25(0xffffffffffffffff, &(0x7f00000002c0)={0x3, {"20ada8787a1d43"}}, 0x10)
setsockopt$sock_timeval(r4, 0x1, 0x15, &(0x7f00000006c0)={0x0, 0x2710}, 0x10)
ptrace$poke(0x4, r1, &(0x7f0000000680), 0x2)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
getsockopt$packet_int(r2, 0x107, 0x0, &(0x7f0000000480), &(0x7f0000000640)=0x4)
getsockopt$IPT_SO_GET_ENTRIES(r4, 0x0, 0x41, &(0x7f0000000700)={'filter\x00'}, &(0x7f0000000800)=0x24)
ioctl$TIOCMSET(r4, 0x5418, &(0x7f0000000280)=0x800)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x54, &(0x7f00000004c0)=[@in6={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}, 0x1f}, @in6={0xa, 0x4e23, 0xfc3, @ipv4={[], [0xff, 0xff]}}, @in6={0xa, 0x4e22, 0x3, @mcast1={0xff, 0x1, [], 0x1}, 0x2}]}, &(0x7f0000000140)=0x10)
execve(&(0x7f0000000300)='./file0\x00', &(0x7f0000000400)=[&(0x7f0000000340)='/dev/loop-control\x00', &(0x7f0000000380)='uservboxnet0\x00', &(0x7f00000003c0)='/dev/loop-control\x00'], &(0x7f0000000480))

[  441.850975] binder: 2555:2556 transaction failed 29189/-3, size 40-16 line 2963
[  441.859834] binder: 2563:2565 ioctl c0086420 20000080 returned -22
[  441.871754] binder: undelivered TRANSACTION_ERROR: 29189
[  441.879587] binder: 2533:2541 ioctl c0086420 20000080 returned -22
[  441.894161] binder: BINDER_SET_CONTEXT_MGR already set
[  441.905718] binder: 2567:2568 ioctl 8010aa01 20000180 returned -22
[  441.910158] binder: 2566:2569 ioctl 8010aa01 20000180 returned -22
[  441.921856] binder: 2563:2565 got transaction with invalid offset (0, min 24 max 40) or object.
[  441.935169] binder: 2533:2562 ioctl 40046207 0 returned -16
[  441.936697] binder: 2567:2568 ioctl c0086420 20000080 returned -22
[  441.946007] binder: 2563:2565 transaction failed 29201/-22, size 40-16 line 3026
2018/03/31 13:01:46 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x0, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  441.955703] binder: 2533:2541 got transaction with invalid offset (40, min 24 max 40) or object.
[  441.957202] binder: undelivered TRANSACTION_ERROR: 29189
[  441.965385] binder: 2566:2569 ioctl c0086420 20000080 returned -22
[  441.982546] binder: 2533:2541 transaction failed 29201/-22, size 40-16 line 3026
[  441.988319] binder: BINDER_SET_CONTEXT_MGR already set
[  442.003282] binder: 2575:2576 ioctl 8010aa01 20000180 returned -22
2018/03/31 13:01:46 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x0, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  442.003396] binder: 2567:2568 ioctl 40046207 0 returned -16
[  442.014988] binder: BINDER_SET_CONTEXT_MGR already set
[  442.031520] binder: undelivered TRANSACTION_ERROR: 29201
[  442.038733] binder: 2566:2569 ioctl 40046207 0 returned -16
[  442.041647] binder: 2567:2568 transaction failed 29189/-22, size 40-8 line 2848
[  442.051390] binder: 2575:2576 ioctl c0086420 20000080 returned -22
2018/03/31 13:01:46 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  442.070409] binder: undelivered TRANSACTION_ERROR: 29189
[  442.072720] binder: 2566:2569 ioctl 541c 20000100 returned -22
[  442.083182] binder: 2580:2581 ioctl 8010aa01 20000180 returned -22
[  442.100528] binder: 2575:2576 transaction failed 29189/-22, size 40-16 line 2848
[  442.113283] binder: undelivered TRANSACTION_ERROR: 29201
2018/03/31 13:01:46 executing program 3:
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$vcsa(&(0x7f0000000180)='/dev/vcsa#\x00', 0x7, 0x80000)
ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4008af04, &(0x7f0000000240)=&(0x7f0000000200))
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
mount(&(0x7f0000000040)='./control\x00', &(0x7f0000000080)='./control\x00', &(0x7f0000000100)='xfs\x00', 0x21000, &(0x7f00000001c0))
unlink(&(0x7f00000000c0)='./control/file0\x00')
rmdir(&(0x7f000015dff6)='./control\x00')
unlink(&(0x7f0000000140)='./control/file0\x00')
flock(r1, 0x4)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000440), &(0x7f0000000600)=0x8)
close(r0)

2018/03/31 13:01:46 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(0xffffffffffffffff, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  442.117233] binder: 2582:2584 ioctl 8010aa01 20000180 returned -22
[  442.119380] binder: undelivered TRANSACTION_ERROR: 29189
[  442.136399] binder: 2580:2581 ioctl c0086420 20000080 returned -22
[  442.159548] binder: 2582:2584 ioctl c0086420 20000080 returned -22
[  442.176155] binder: 2580:2581 got transaction with invalid offset (0, min 24 max 40) or object.
[  442.186750] binder: 2582:2584 got transaction with invalid offset (0, min 24 max 40) or object.
[  442.192386] binder: undelivered TRANSACTION_ERROR: 29189
[  442.205434] binder: 2588:2589 ioctl 8010aa01 20000180 returned -22
[  442.216905] binder: 2582:2584 transaction failed 29201/-22, size 40-16 line 3026
[  442.217978] binder: 2588:2589 ioctl c0086420 20000080 returned -22
[  442.226071] binder: 2580:2581 transaction failed 29201/-22, size 40-16 line 3026
[  442.231601] binder: undelivered TRANSACTION_ERROR: 29189
[  442.262528] binder: BINDER_SET_CONTEXT_MGR already set
[  442.282502] binder: undelivered TRANSACTION_ERROR: 29201
[  442.288668] binder: undelivered TRANSACTION_ERROR: 29201
[  442.298372] binder: 2588:2589 ioctl 40046207 0 returned -16
[  442.318377] binder: 2588:2589 transaction failed 29189/-22, size 40-16 line 2848
[  442.348853] binder: undelivered TRANSACTION_ERROR: 29189
2018/03/31 13:01:47 executing program 6:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop-control\x00', 0x0, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000240)={0x0, <r1=>0x0})
ptrace$peekuser(0x3, 0x0, 0x542ca047)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
r2 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f00000005c0)={0x0, {{0xa, 0x4e24, 0x2, @empty, 0x1e6}}, {{0xa, 0x4e21, 0x0, @empty, 0x800}}}, 0x104)
r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000500)='/dev/vga_arbiter\x00', 0xfffffffffffffffe, 0x0)
signalfd4(r4, &(0x7f00000004c0)={0x1}, 0x8, 0x80000)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r2)
r5 = perf_event_open(&(0x7f0000000380)={0x7, 0x70, 0x302, 0x3ff, 0x8, 0x2, 0x0, 0x200, 0x5208, 0x1, 0x2, 0x0, 0x7f, 0x8, 0x0, 0x80000001, 0x2887, 0xff, 0x100, 0x9, 0x7, 0x1000, 0xffffffffffffffff, 0x1, 0x0, 0x7, 0x0, 0xba64, 0x5, 0x100000000, 0x1000, 0x0, 0x40, 0x8, 0x2, 0x85e9, 0x3, 0x7, 0x0, 0x2, 0x0, @perf_config_ext={0x79b5, 0x1f}, 0x8, 0x100, 0x0, 0x3, 0xd9bc, 0x100000001, 0xdc}, r1, 0x0, r4, 0x0)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r4, 0x84, 0x65, &(0x7f0000000700)=[@in6={0xa, 0x4e24, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x8}, @in6={0xa, 0x4e21, 0x1, @local={0xfe, 0x80, [], 0xaa}, 0x3}, @in6={0xa, 0x4e23, 0x4, @ipv4={[], [0xff, 0xff], @remote={0xac, 0x14, 0x14, 0xbb}}, 0x8000}, @in={0x2, 0x4e23, @broadcast=0xffffffff}, @in6={0xa, 0x4e22, 0x163, @local={0xfe, 0x80, [], 0xaa}, 0x1}, @in={0x2, 0x4e20, @local={0xac, 0x14, 0x14, 0xaa}}, @in6={0xa, 0x4e24, 0x80000000, @ipv4={[], [0xff, 0xff]}, 0x6}, @in6={0xa, 0x4e23, 0x80, @dev={0xfe, 0x80}, 0x8}], 0xc8)
ioctl$KDGKBTYPE(r4, 0x4b33, &(0x7f00000010c0))
r6 = dup2(r0, 0xffffffffffffffff)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r1, 0x8, &(0x7f0000000140))
perf_event_open(&(0x7f0000000540)={0x1, 0x70, 0x5, 0x2, 0x1000, 0x0, 0x0, 0xb3, 0x0, 0x1, 0xc5b00000, 0x5, 0x0, 0x0, 0x1, 0x5d9, 0x8, 0x1000, 0xffffffff00000001, 0x0, 0x0, 0xb8c6, 0x1000, 0x10001, 0x4, 0x0, 0x0, 0x1, 0x1, 0xb20b, 0x6, 0x1, 0x200, 0x507, 0x2, 0x2, 0x6, 0x4, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x1f}, 0x0, 0x4, 0x9, 0x6, 0x0, 0x7fff}, r1, 0xd, r5, 0x8)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
r7 = open(&(0x7f0000ae8ff8)='./file0\x00', 0x14104a, 0x0)
syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x101002)
write$evdev(r7, &(0x7f0000037fe8)=[{{}, 0x1, 0x74, 0x2}], 0x10)
sendfile(r7, r7, &(0x7f00009bcffe), 0x0)
sendfile(0xffffffffffffffff, r7, &(0x7f0000fc1ff8), 0x80000001)
ioctl$EVIOCGKEY(0xffffffffffffffff, 0x80404518, &(0x7f0000000080)=""/4096)
ioctl$TIOCMSET(0xffffffffffffffff, 0x5418, &(0x7f0000000280)=0x800)
getsockopt$inet_sctp_SCTP_RTOINFO(r6, 0x84, 0x0, &(0x7f0000000300)={0x0, 0x0, 0xfff, 0x84b}, &(0x7f0000000340)=0x10)
ioctl$UFFDIO_ZEROPAGE(0xffffffffffffffff, 0xc020aa04, &(0x7f0000000000)={&(0x7f0000ffd000/0x2000)=nil, 0x2000})

2018/03/31 13:01:47 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x4000002000000001, 0x84)
sendto$inet6(r0, &(0x7f0000000100)='<', 0x1, 0x0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev={0xfe, 0x80}, 0x4}, 0x1c)
sendto$inet6(r0, &(0x7f000087dffe)='F', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c)

2018/03/31 13:01:47 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x0, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:47 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0), 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:47 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f000026c000), &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:47 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:47 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(0xffffffffffffffff, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:47 executing program 3:
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$vcsa(&(0x7f0000000180)='/dev/vcsa#\x00', 0x7, 0x80000)
ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4008af04, &(0x7f0000000240)=&(0x7f0000000200))
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
mount(&(0x7f0000000040)='./control\x00', &(0x7f0000000080)='./control\x00', &(0x7f0000000100)='xfs\x00', 0x21000, &(0x7f00000001c0))
unlink(&(0x7f00000000c0)='./control/file0\x00')
rmdir(&(0x7f000015dff6)='./control\x00')
unlink(&(0x7f0000000140)='./control/file0\x00')
flock(r1, 0x4)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000440), &(0x7f0000000600)=0x8)
close(r0)

[  443.119791] binder: 2600:2602 ioctl 8010aa01 20000180 returned -22
[  443.132425] binder: 2605:2606 ioctl 8010aa01 20000180 returned -22
[  443.135189] binder: 2609:2611 ioctl 8010aa01 20000180 returned -22
[  443.147110] binder: 2607:2608 ioctl 8010aa01 20000180 returned -22
[  443.147758] binder: 2605:2606 ioctl c0086420 20000080 returned -22
[  443.155565] binder: 2599:2603 ioctl 8010aa01 20000180 returned -22
[  443.160063] binder: 2600:2602 ioctl c0086420 20000080 returned -22
[  443.169800] binder: 2607:2608 ioctl c0086420 20000080 returned -22
[  443.175174] binder: 2600:2602 got transaction with invalid offset (0, min 24 max 40) or object.
[  443.179712] binder: 2599:2603 ioctl c0086420 20000080 returned -22
[  443.189929] binder: 2605:2606 got transaction with invalid offset (0, min 24 max 40) or object.
[  443.194770] binder: 2609:2611 ioctl c0086420 20000080 returned -22
[  443.203577] binder: 2600:2602 transaction failed 29201/-22, size 40-16 line 3026
2018/03/31 13:01:47 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0), 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  443.211193] binder: BINDER_SET_CONTEXT_MGR already set
[  443.217547] binder: 2605:2606 transaction failed 29201/-22, size 40-16 line 3026
[  443.222642] binder: BINDER_SET_CONTEXT_MGR already set
[  443.237578] binder: 2599:2603 got transaction with invalid offset (0, min 24 max 40) or object.
[  443.246658] binder: 2607:2608 ioctl 40046207 0 returned -16
[  443.252564] binder: 2599:2603 transaction failed 29201/-22, size 40-16 line 3026
[  443.253716] binder: undelivered TRANSACTION_ERROR: 29201
2018/03/31 13:01:47 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  443.260332] binder: 2609:2611 ioctl 40046207 0 returned -16
[  443.272859] binder: 2607:2608 transaction failed 29189/-22, size 0-16 line 2848
[  443.282598] binder: 2607:2608 ioctl 541c 20000100 returned -22
[  443.304207] binder: undelivered TRANSACTION_ERROR: 29201
[  443.307568] binder: 2609:2611 transaction failed 29189/-22, size 40-16 line 2848
2018/03/31 13:01:48 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x0, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:48 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f000026c000), &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  443.313388] binder: 2614:2616 ioctl 8010aa01 20000180 returned -22
[  443.326893] binder: undelivered TRANSACTION_ERROR: 29201
[  443.339175] binder: 2614:2616 ioctl c0086420 20000080 returned -22
[  443.350481] binder: 2618:2619 ioctl 8010aa01 20000180 returned -22
[  443.352081] binder: 2620:2621 ioctl 8010aa01 20000180 returned -22
[  443.358384] binder: undelivered TRANSACTION_ERROR: 29189
[  443.373272] binder: 2614:2616 got transaction with invalid offset (0, min 24 max 40) or object.
[  443.375310] binder: 2620:2621 ioctl c0086420 20000080 returned -22
[  443.390888] binder: 2620:2621 got transaction with invalid offset (0, min 24 max 40) or object.
[  443.397756] binder: 2618:2619 ioctl c0086420 20000080 returned -22
[  443.405221] binder: 2623:2624 ioctl 8010aa01 20000180 returned -22
[  443.407150] binder: undelivered TRANSACTION_ERROR: 29189
2018/03/31 13:01:48 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(0xffffffffffffffff, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  443.413262] binder: 2623:2624 ioctl c0086420 20000080 returned -22
[  443.418336] binder: 2614:2616 transaction failed 29201/-22, size 40-16 line 3026
[  443.424938] binder: 2620:2621 transaction failed 29201/-22, size 40-16 line 3026
[  443.443557] binder: 2618:2619 got transaction with invalid offset (0, min 24 max 40) or object.
[  443.451423] binder: BINDER_SET_CONTEXT_MGR already set
[  443.455217] binder: 2625:2626 ioctl 8010aa01 20000180 returned -22
[  443.464382] binder: 2618:2619 transaction failed 29201/-22, size 40-16 line 3026
2018/03/31 13:01:48 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  443.470053] binder: 2623:2624 ioctl 40046207 0 returned -16
[  443.472553] binder: 2625:2626 ioctl c0086420 20000080 returned -22
[  443.485111] binder: BINDER_SET_CONTEXT_MGR already set
[  443.494105] binder: undelivered TRANSACTION_ERROR: 29201
[  443.505840] binder: 2623:2624 got transaction with invalid offset (0, min 0 max 0) or object.
[  443.515665] binder: 2625:2626 ioctl 40046207 0 returned -16
[  443.522778] binder: undelivered TRANSACTION_ERROR: 29201
[  443.528565] binder: 2623:2624 transaction failed 29201/-22, size 0-16 line 3026
[  443.534638] binder: undelivered TRANSACTION_ERROR: 29201
[  443.545983] binder: 2625:2626 transaction failed 29189/-22, size 40-16 line 2848
[  443.546134] binder: 2628:2629 ioctl 8010aa01 20000180 returned -22
[  443.561410] binder: 2628:2629 ioctl c0086420 20000080 returned -22
[  443.568237] binder: 2623:2624 ioctl 541c 20000100 returned -22
[  443.571552] binder: undelivered TRANSACTION_ERROR: 29189
[  443.576197] binder: 2628:2629 transaction failed 29189/-22, size 40-16 line 2848
[  443.598817] binder: undelivered TRANSACTION_ERROR: 29201
[  443.607221] binder: undelivered TRANSACTION_ERROR: 29189
2018/03/31 13:01:48 executing program 6:
r0 = syz_open_procfs(0x0, &(0x7f0000252000)='map_files\x00')
openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000300)='cgroup.type\x00', 0x2, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='hybla\x00', 0x6)
getsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000540), &(0x7f0000000580)=0x4)
accept4$ax25(r0, &(0x7f00000001c0), &(0x7f0000000200)=0x1a5, 0x80000)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x11, "9aab3d82b1776054d38127306e44ac8153b8b24804589ebd16cdd7a0c81b2f22aa4f80697755839f61c801fe88be1935b9942e1e0ff81774c2cb833d89837970", "66e4c3f56840f22734ab2845d16cbb4c46b8d2f616486137839829e6f173d68b65f7abd65f6c290317d948466e0dd150c6bdc096aaea8d463a4afc2db7cb4f24", "0501e7607b140f8d43310b68d4acb8c229b70c2fb9994c8aed7ee7c71e52c829", [0x20]})
getdents(r0, &(0x7f0000000040), 0x7385baf8532ca971)
setsockopt$inet_sctp_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000180)=0x6, 0x4)
setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000140)={&(0x7f0000000040)=[0x0], &(0x7f0000000080), &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0], 0x1, 0x0, 0x7, 0x2})
r1 = socket$inet(0x2, 0x1, 0x0)
r2 = dup(r1)
bind$inet(r1, &(0x7f000012e000)={0x2, 0x4e23, @broadcast=0xffffffff}, 0x10)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000e9bff0)={0x1, &(0x7f0000f07000)=[{0x6, 0xfffffffffffffffe}]}, 0x8)
sendmsg$nl_xfrm(r0, &(0x7f0000000740)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000100}, 0xc, &(0x7f0000000700)={&(0x7f0000000640)=@delpolicy={0xb8, 0x14, 0x2, 0x70bd27, 0x25dfdbfd, {{@in, @in6=@loopback={0x0, 0x1}, 0x4e21, 0x101, 0x4e21, 0x1dc3, 0xa, 0x80, 0xa0, 0x6}, 0x6e6bb1, 0x2}, [@algo_comp={0x68, 0x3, {{'deflate\x00'}, 0xe8, "cf026b94c0238bc7c5785f5e59e68796168579ed5dc5fa28de650e412b"}}]}, 0xb8}, 0x1, 0x0, 0x0, 0x4050}, 0x810)
connect$inet(r1, &(0x7f0000987000)={0x2, 0x4e23}, 0x10)
sendto$inet(r2, &(0x7f00004eef09)="96427feebcc603c266d2a2c2da2644124066d6c52746a66fd07a4a9370b924b494651c3febca0be535e0f30bbafe65b8b859d66972208f558b002bbc2366429da28cdb97727474f32fcce772ce439a1b5785bb74b8680705191a3d28e775b402a04cdf7881cf1c80eb042835db0e8c24fd0e3c0f396da612f44d9999de32f883521dfa4593a5772e19b5c0c27ace555870d7fe3a1819c614a8d9447cfa592c236d96bf255bf3966b0c1c34711ce489df2032a31902ae0742b79d7334ef248790fa0e3787e4b945215cddc03c4f384e6815bab43d34b8c04eb06ff00f10743a0e25f6", 0xe2, 0x4001, &(0x7f0000848ff0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}}, 0x10)
sendmsg$key(r2, &(0x7f0000e96fc8)={0x0, 0x0, &(0x7f00009df000)={&(0x7f00007cc000)={0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, [@sadb_x_sec_ctx={0x1, 0x18}]}, 0x18}, 0x1}, 0x0)
time(&(0x7f0000000780))
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000266ffc), 0x4)
sendmsg$key(0xffffffffffffffff, &(0x7f0000351000)={0x0, 0x0, &(0x7f0000886000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="f9e9d3a0830a23beb26f93c716bd8c55049d1572036a765186937967b2075decd035123f9eb8d4a8e414217d438156d0b1597aeea35807799d8554af7d0331"], 0x3f}, 0x1}, 0x40001)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, &(0x7f0000000000)={<r3=>0x0, 0x3e, "28269bcb13202a2b2fee172fd0ce16245080087ac6e5dba05788e4ff6302529dba83dcc8cd21ff1656a0dbb21e312eb09bc8cc51043fb8255c4713491236"}, &(0x7f00000000c0)=0x46)
getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000140)={r3, 0x6}, &(0x7f0000000180)=0x8)
shutdown(r2, 0x1)
ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f00000002c0)={'erspan0\x00', {0x2, 0x4e24, @loopback=0x7f000001}})
select(0x40, &(0x7f0000000340)={0x200, 0x7f, 0x0, 0x0, 0x7fff, 0x0, 0x6, 0x1}, &(0x7f0000000380)={0x3, 0x3, 0x1800, 0x0, 0x7, 0x3, 0x0, 0x9}, &(0x7f00000003c0)={0xad7, 0x734752c5, 0x8, 0x0, 0xffff, 0x800000000, 0x0, 0x80000001}, &(0x7f0000000400)={0x77359400})
r4 = syz_open_procfs(0x0, &(0x7f0000006a00)='net/raw6\x00')
preadv(r4, &(0x7f0000000000)=[{&(0x7f0000000100)=""/4096, 0x1000}], 0x1, 0x0)
accept4(r4, &(0x7f0000001100)=@ipx, &(0x7f00000000c0)=0x80, 0x0)

2018/03/31 13:01:48 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0), 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:48 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x0, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:48 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:48 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:48 executing program 3:
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$vcsa(&(0x7f0000000180)='/dev/vcsa#\x00', 0x7, 0x80000)
ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4008af04, &(0x7f0000000240)=&(0x7f0000000200))
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
mount(&(0x7f0000000040)='./control\x00', &(0x7f0000000080)='./control\x00', &(0x7f0000000100)='xfs\x00', 0x21000, &(0x7f00000001c0))
unlink(&(0x7f00000000c0)='./control/file0\x00')
rmdir(&(0x7f000015dff6)='./control\x00')
unlink(&(0x7f0000000140)='./control/file0\x00')
flock(r1, 0x4)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000440), &(0x7f0000000600)=0x8)
close(r0)

2018/03/31 13:01:48 executing program 0:
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x2000000, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, &(0x7f0000000240), 0x4)
rmdir(&(0x7f0000000080)='./file0\x00')
r2 = syz_open_dev$tun(&(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x1)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={"d202b999cf85000000000088f301e710", 0x102})
r3 = syz_open_dev$tun(&(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={"d202b999cf85000000000088f301e710", 0x1102})
write$tun(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0000c0ae0001080006040000ffffffffffff7f000001aaaaaaaaaa00ac141400"], 0x1)
kexec_load(0x7, 0x1, &(0x7f0000000040)=[{&(0x7f0000000180)="1bb2e3cafeda4470027cd5db5396e8f2788461969fcef6f7ffa683a74ca8996c8744eeadb1a01b70c9ab292af6ed3dcf164802456c707f5ee88f", 0x3a, 0x0, 0x2}], 0x0)
connect$nfc_llcp(0xffffffffffffffff, &(0x7f0000000540)={0x27, 0x0, 0x2, 0x0, 0x7, 0x6, "4021bc5c62a8b600554fd217a152db8c5e202690ff5e106c7c3952d6060c481cf11e7913f883ddd296bfa5479216af340d0d68910e8d8adb388f562a8d6718", 0x3d}, 0x60)
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'})
getsockopt$packet_int(r0, 0x107, 0x0, &(0x7f00000001c0), &(0x7f00000002c0)=0x4)
prctl$seccomp(0x16, 0x2, &(0x7f0000000680)={0x6, &(0x7f0000000500)=[{0x22, 0x7, 0xc6, 0x1}, {0x6, 0x2, 0x8, 0x5}, {0x7, 0x4, 0x0, 0x8}, {0x7, 0x8896, 0x53}, {0xfffffffffffffff9, 0x5, 0x1f, 0x5}, {0x5, 0x7, 0x1, 0x6}]})
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000001d40)={'lo\x00', 0xfff})
setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f0000000380)={{0xa, 0x4e21, 0x7, @local={0xfe, 0x80, [], 0xaa}, 0x9}, {0xa, 0x4e22, 0x0, @ipv4={[], [0xff, 0xff], @broadcast=0xffffffff}, 0xd2}, 0x3, [0x7fffffff, 0x80000001, 0x0, 0xfffffffffffffffa, 0x80, 0x7, 0x1, 0x2]}, 0x5c)
getsockopt$inet_sctp_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000280)=ANY=[@ANYBLOB="09003c9dbb000009007f000300501c0100bc28f298fbff0000"], &(0x7f0000000200)=0x1)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, &(0x7f0000000180)=0x1, 0x4)
pread64(r0, &(0x7f0000000080)=""/156, 0x9c, 0x0)
syz_open_dev$mice(&(0x7f00000004c0)='/dev/input/mice\x00', 0x0, 0x200000)
accept4$netrom(r0, &(0x7f0000000300), &(0x7f0000000340)=0x10, 0x800)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f0000000400)={<r5=>0x0, 0x6}, &(0x7f0000000440)=0x8)
setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000480)={0x2, 0x1, 0x7, 0x4, r5}, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00001cb000)={&(0x7f00008e5ff4)={0x10}, 0xc, &(0x7f0000f4a000)={&(0x7f0000000140)=ANY=[@ANYBLOB="c4af7ec9e1d975042a"], 0x1}, 0x1}, 0x0)
ioctl$EVIOCSKEYCODE_V2(r2, 0x40284504, &(0x7f00000006c0)={0x8, 0x5, 0x800, 0x0, "93e2a449a81957578308e26155592849d552681bf17d4ff2d5540a6dc87aef62"})
write(0xffffffffffffffff, &(0x7f00000005c0)="ba639044bbc2d3bb3f08404f06e43d8e2783ec23711381e53445b588e1fe03b7bc333e1573b49861b4acc37549019677e6a202b03dc02cba800cf4a839acb386ee0af85efb4a60a52034280881cb70f847f56b79eaed0383ac0922d0a9896bf92eac820630290ecd194634154964d46b2162b3ecfe3f5fdd82ef8f818019fa60da89bba4ccd9321a", 0x88)

2018/03/31 13:01:48 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f000026c000), &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  444.098418] binder: 2643:2645 ioctl 8010aa01 20000180 returned -22
[  444.106192] binder: 2641:2651 ioctl 8010aa01 20000180 returned -22
[  444.106278] binder: 2644:2646 ioctl 8010aa01 20000180 returned -22
[  444.112994] binder: 2648:2649 ioctl 8010aa01 20000180 returned -22
[  444.120910] binder: 2644:2646 ioctl c0086420 20000080 returned -22
[  444.125929] binder: 2641:2651 ioctl c0086420 20000080 returned -22
[  444.133195] device lo left promiscuous mode
[  444.139743] binder: 2643:2645 ioctl c0086420 20000080 returned -22
[  444.144680] binder: 2647:2650 ioctl 8010aa01 20000180 returned -22
[  444.150731] binder: 2648:2649 ioctl c0086420 20000080 returned -22
[  444.157698] device lo entered promiscuous mode
[  444.162622] binder: 2641:2651 transaction failed 29189/-22, size 40-16 line 2848
[  444.167125] binder: 2644:2646 got transaction with invalid offset (0, min 0 max 0) or object.
[  444.175724] binder: BINDER_SET_CONTEXT_MGR already set
[  444.184641] binder: 2647:2650 ioctl c0086420 20000080 returned -22
[  444.190109] binder: 2644:2646 transaction failed 29201/-22, size 0-16 line 3026
[  444.195048] binder: BINDER_SET_CONTEXT_MGR already set
[  444.210185] binder: 2648:2649 got transaction with invalid offset (0, min 24 max 40) or object.
[  444.214731] binder: undelivered TRANSACTION_ERROR: 29189
[  444.221950] binder: 2647:2650 ioctl 40046207 0 returned -16
[  444.225012] binder: 2644:2646 ioctl 541c 20000100 returned -22
[  444.230790] binder: 2648:2649 transaction failed 29201/-22, size 40-16 line 3026
2018/03/31 13:01:48 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r2 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r2, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r3, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r3, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r3, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  444.236946] binder: 2643:2645 ioctl 40046207 0 returned -16
[  444.248696] binder: 2647:2650 got transaction with invalid offset (0, min 24 max 40) or object.
[  444.259640] device lo left promiscuous mode
[  444.266363] device lo entered promiscuous mode
[  444.273551] binder: 2655:2656 ioctl 8010aa01 20000180 returned -22
[  444.281403] binder: 2655:2656 ioctl c0086420 20000080 returned -22
[  444.284339] binder: 2647:2650 transaction failed 29201/-22, size 40-16 line 3026
[  444.297195] binder: 2643:2645 got transaction with invalid offset (0, min 24 max 40) or object.
[  444.300091] binder: undelivered TRANSACTION_ERROR: 29201
[  444.324386] binder_alloc: 2644: binder_alloc_buf, no vma
[  444.324492] binder: undelivered TRANSACTION_ERROR: 29201
[  444.329919] binder: 2655:2656 transaction failed 29189/-3, size 40-16 line 2963
[  444.342989] binder: 2643:2645 transaction failed 29201/-22, size 40-16 line 3026
[  444.357221] binder: undelivered TRANSACTION_ERROR: 29201
[  444.364574] binder: undelivered TRANSACTION_ERROR: 29201
[  444.381781] binder: undelivered TRANSACTION_ERROR: 29189
2018/03/31 13:01:49 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:49 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x0, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:49 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:49 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0))
timer_gettime(0x0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x6, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x7, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff})
r1 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r1, 0x0)
r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
ioctl$UFFDIO_UNREGISTER(r2, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x7, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0x0, 0x1}, 0x8, 0x5})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x0, 0x400})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x0, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:49 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:49 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r2 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r2, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r3, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r3, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r3, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:49 executing program 3:
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$vcsa(&(0x7f0000000180)='/dev/vcsa#\x00', 0x7, 0x80000)
ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4008af04, &(0x7f0000000240)=&(0x7f0000000200))
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
mount(&(0x7f0000000040)='./control\x00', &(0x7f0000000080)='./control\x00', &(0x7f0000000100)='xfs\x00', 0x21000, &(0x7f00000001c0))
unlink(&(0x7f00000000c0)='./control/file0\x00')
rmdir(&(0x7f000015dff6)='./control\x00')
unlink(&(0x7f0000000140)='./control/file0\x00')
flock(r1, 0x4)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000440), &(0x7f0000000600)=0x8)
close(r0)

2018/03/31 13:01:49 executing program 6:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000040)={'syzkaller1\x00', 0x6})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0))
timer_gettime(0x0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000140)={0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x6, 0x3f71, 0x8181, 0x0, 0x6, 0x2, 0x80, 0x5f, 0x7, 0x7, 0x7, 0x0, 0x0, 0x0, 0x5, 0x7, 0xff, 0x0, 0xc78, 0x0, 0x0, 0x7ff})
r1 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r1, 0x0)
r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
ioctl$UFFDIO_UNREGISTER(r2, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x7, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0), 0x4)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x0, 0x400})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x0, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  445.002826] binder: 2667:2669 ioctl 8010aa01 20000180 returned -22
[  445.015189] binder: 2668:2670 ioctl 8010aa01 20000180 returned -22
[  445.017848] binder: 2671:2677 ioctl 8010aa01 20000180 returned -22
[  445.023901] binder: 2674:2678 ioctl 8010aa01 20000180 returned -22
[  445.030606] binder: 2672:2673 ioctl 8010aa01 20000180 returned -22
[  445.035785] binder: 2675:2676 ioctl 8010aa01 20000180 returned -22
[  445.048198] binder: 2674:2678 ioctl c0086420 20000080 returned -22
[  445.050657] binder: 2679:2680 ioctl 8010aa01 20000180 returned -22
[  445.055816] binder: 2667:2669 ioctl c0086420 20000080 returned -22
[  445.061613] binder: 2672:2673 ioctl c0086420 20000080 returned -22
[  445.067483] binder: 2668:2670 ioctl c0086420 20000080 returned -22
[  445.074384] binder: 2671:2677 ioctl c0086420 20000080 returned -22
[  445.082519] binder: 2675:2676 ioctl c0086420 20000080 returned -22
[  445.088719] binder: 2679:2680 ioctl c0086420 20000080 returned -22
[  445.094852] binder: BINDER_SET_CONTEXT_MGR already set
[  445.104520] binder: BINDER_SET_CONTEXT_MGR already set
[  445.109928] binder: 2675:2676 got transaction with invalid offset (40, min 0 max 40) or object.
[  445.109972] binder: 2672:2673 got transaction with invalid offset (0, min 24 max 40) or object.
[  445.119000] binder: 2679:2680 ioctl 40046207 0 returned -16
[  445.128185] binder: 2671:2677 got transaction with invalid offset (0, min 24 max 40) or object.
[  445.133704] binder: 2667:2669 ioctl 40046207 0 returned -16
[  445.142377] binder: BINDER_SET_CONTEXT_MGR already set
[  445.142397] binder: 2668:2670 ioctl 40046207 0 returned -16
[  445.148147] binder: BINDER_SET_CONTEXT_MGR already set
[  445.153889] binder: 2671:2677 transaction failed 29201/-22, size 40-16 line 3026
[  445.159384] binder: 2675:2676 transaction failed 29201/-22, size 40-8 line 3026
[  445.164948] binder: 2672:2673 transaction failed 29201/-22, size 40-16 line 3026
[  445.172346] binder: 2674:2678 ioctl 40046207 0 returned -16
[  445.182157] binder: 2668:2670 got transaction with invalid offset (0, min 24 max 40) or object.
[  445.189784] binder: 2667:2669 got transaction with invalid offset (40, min 24 max 40) or object.
[  445.194236] binder: 2675:2676 ioctl 541c 20000100 returned -22
[  445.207633] binder: 2667:2669 transaction failed 29201/-22, size 40-16 line 3026
[  445.225259] binder: 2668:2670 transaction failed 29201/-22, size 40-16 line 3026
[  445.235976] binder: undelivered TRANSACTION_ERROR: 29201
[  445.236587] binder: 2674:2678 got transaction with invalid offset (0, min 24 max 40) or object.
2018/03/31 13:01:49 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r2 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r2, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r3, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r3, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r3, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:49 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  445.250632] binder_alloc: binder_alloc_mmap_handler: 2679 20000000-20002000 already mapped failed -16
[  445.262157] binder: undelivered TRANSACTION_ERROR: 29201
[  445.271723] binder: 2674:2678 transaction failed 29201/-22, size 40-16 line 3026
[  445.278317] binder: 2685:2686 ioctl 8010aa01 20000180 returned -22
[  445.279990] binder: 2679:2683 ioctl 8010aa01 20000180 returned -22
2018/03/31 13:01:50 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  445.303145] binder: 2688:2689 ioctl 8010aa01 20000180 returned -22
[  445.303583] binder_alloc: binder_alloc_mmap_handler: 2667 20000000-20002000 already mapped failed -16
[  445.319164] binder: 2685:2686 ioctl c0086420 20000080 returned -22
[  445.322792] binder: undelivered TRANSACTION_ERROR: 29201
[  445.328580] binder: 2679:2680 ioctl c0086420 20000080 returned -22
[  445.331629] binder: 2688:2689 ioctl c0086420 20000080 returned -22
[  445.349094] binder_alloc: 2675: binder_alloc_buf, no vma
2018/03/31 13:01:50 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:50 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  445.354636] binder: 2685:2686 transaction failed 29189/-3, size 40-16 line 2963
[  445.356065] binder: BINDER_SET_CONTEXT_MGR already set
[  445.367463] binder: undelivered TRANSACTION_ERROR: 29201
[  445.373001] binder: send failed reply for transaction 5738 to 2679:2680
[  445.380308] binder: 2667:2687 ioctl 8010aa01 20000180 returned -22
[  445.384514] binder: 2688:2689 transaction failed 29189/-22, size 40-16 line 2848
[  445.390162] binder: 2695:2696 ioctl 8010aa01 20000180 returned -22
2018/03/31 13:01:50 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r2 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r2, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r3, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r3, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r3, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  445.401182] binder: 2692:2693 ioctl 8010aa01 20000180 returned -22
[  445.409725] binder: 2692:2693 ioctl c0086420 20000080 returned -22
[  445.412433] binder: undelivered TRANSACTION_ERROR: 29201
[  445.417558] binder: 2667:2669 ioctl c0086420 20000080 returned -22
[  445.424462] binder: 2697:2698 ioctl 8010aa01 20000180 returned -22
[  445.428727] binder: 2695:2696 ioctl c0086420 20000080 returned -22
[  445.438590] binder: 2697:2698 ioctl c0086420 20000080 returned -22
[  445.446932] binder: 2692:2693 got transaction with invalid offset (0, min 24 max 40) or object.
[  445.449206] binder: undelivered TRANSACTION_ERROR: 29189
[  445.456614] binder: 2679:2683 ioctl 40046207 0 returned -16
[  445.471811] binder: BINDER_SET_CONTEXT_MGR already set
[  445.480259] binder: BINDER_SET_CONTEXT_MGR already set
[  445.485944] binder: 2692:2693 transaction failed 29201/-22, size 40-16 line 3026
[  445.487576] binder: undelivered TRANSACTION_ERROR: 29189
[  445.495044] binder: 2700:2701 ioctl 8010aa01 20000180 returned -22
[  445.503321] binder: 2695:2696 ioctl 40046207 0 returned -16
[  445.506400] binder: 2700:2701 ioctl c0086420 20000080 returned -22
[  445.512336] binder: 2667:2687 ioctl 40046207 0 returned -16
[  445.521486] binder: 2667:2703 got transaction with invalid offset (40, min 24 max 40) or object.
[  445.523646] binder: BINDER_SET_CONTEXT_MGR already set
[  445.538344] binder: 2697:2698 ioctl 40046207 0 returned -16
[  445.544297] binder: 2695:2696 got transaction with invalid offset (40, min 0 max 40) or object.
[  445.550762] binder: undelivered TRANSACTION_ERROR: 29201
[  445.554556] binder: 2695:2696 transaction failed 29201/-22, size 40-8 line 3026
[  445.558806] binder: send failed reply for transaction 5750 to 2679:2690
[  445.564630] binder: undelivered TRANSACTION_COMPLETE
[  445.572499] binder: 2697:2698 transaction failed 29189/-22, size 40-16 line 2848
[  445.573115] binder: undelivered TRANSACTION_ERROR: 29189
[  445.592417] binder: 2695:2696 ioctl 541c 20000100 returned -22
[  445.595644] binder: 2700:2701 transaction failed 29189/-22, size 40-16 line 2848
[  445.615395] binder: 2667:2703 transaction failed 29201/-22, size 40-16 line 3026
[  445.628858] binder: undelivered TRANSACTION_COMPLETE
[  445.634302] binder: undelivered TRANSACTION_ERROR: 29189
[  445.640750] binder: undelivered TRANSACTION_ERROR: 29201
[  445.647754] binder: undelivered TRANSACTION_ERROR: 29201
[  445.656978] binder: undelivered TRANSACTION_ERROR: 29189
[  445.662594] binder: undelivered TRANSACTION_ERROR: 29201
[  445.668246] binder: undelivered TRANSACTION_ERROR: 29189
2018/03/31 13:01:50 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:50 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(0xffffffffffffffff, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:50 executing program 6:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop-control\x00', 0x0, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000240)={0x0, <r1=>0x0})
ptrace$peekuser(0x3, 0x0, 0x542ca047)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
socket(0x4, 0x80807, 0x0)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0xa100, 0x0)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000040)={@empty, 0x0, 0x2, 0x3, 0x8, 0x81, 0x1, 0xfffffffffffffcd7}, &(0x7f0000000080)=0x20)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
setpgid(r1, r1)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f00000000c0)={0x0, 0x9, 0x2}, &(0x7f00000001c0)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0xd4, &(0x7f0000000540)=[@in6={0xa, 0x4e21, 0x6, @mcast2={0xff, 0x2, [], 0x1}}, @in6={0xa, 0x4e23, 0x9, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x14, 0xe}}}, @in6={0xa, 0x4e24, 0x2, @dev={0xfe, 0x80, [], 0x16}, 0x3}, @in6={0xa, 0x4e21, 0x8, @dev={0xfe, 0x80, [], 0xd}, 0xaf31}, @in6={0xa, 0x4e20, 0x9, @loopback={0x0, 0x1}, 0x6f}, @in6={0xa, 0x4e21, 0x800, @local={0xfe, 0x80, [], 0xaa}, 0x7f}, @in={0x2, 0x4e23, @remote={0xac, 0x14, 0x14, 0xbb}}, @in6={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}]}, &(0x7f0000000440)=0x10)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r3)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
r4 = dup2(r0, r0)
connect$ax25(0xffffffffffffffff, &(0x7f00000002c0)={0x3, {"20ada8787a1d43"}}, 0x10)
setsockopt$sock_timeval(r4, 0x1, 0x15, &(0x7f00000006c0)={0x0, 0x2710}, 0x10)
ptrace$poke(0x4, r1, &(0x7f0000000680), 0x2)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
getsockopt$packet_int(r2, 0x107, 0x11, &(0x7f0000000480), &(0x7f0000000640)=0x4)
getsockopt$IPT_SO_GET_ENTRIES(r4, 0x0, 0x41, &(0x7f0000000700)={'filter\x00', 0xab, "22adb4830497aae8d6b2cf33de4f619c225f993f727e43b21caac7104dd7aff06de75886371e1d0d8989d413e0a042a4358735b9a5fc8f009d0512083627accac8cb5909413538ce093a72c0a5b6e763cb5e1ea45d0677317a38aba75262f7e246070bbfadb7039e1d854cfaa0ffa79d4f6f720c4aa05a0258ff270068bd2f7e387a54197bc71f83f6e8c9f21edceb72e71b0549914dd23aced8789a54bc84e1d1aa98ce864379b41d357d"}, &(0x7f0000000800)=0xcf)
ioctl$TIOCMSET(r4, 0x5418, &(0x7f0000000280)=0x800)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x54, &(0x7f00000004c0)=[@in6={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}, 0x1f}, @in6={0xa, 0x4e23, 0xfc3, @ipv4={[], [0xff, 0xff]}}, @in6={0xa, 0x4e22, 0x3, @mcast1={0xff, 0x1, [], 0x1}, 0x2}]}, &(0x7f0000000140)=0x10)
execve(&(0x7f0000000300)='./file0\x00', &(0x7f0000000400)=[&(0x7f0000000340)='/dev/loop-control\x00', &(0x7f0000000380)='uservboxnet0\x00', &(0x7f00000003c0)='/dev/loop-control\x00'], &(0x7f0000000480))

2018/03/31 13:01:50 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:50 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r2 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r2, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r3, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r3, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r3, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:50 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:50 executing program 3:
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$vcsa(&(0x7f0000000180)='/dev/vcsa#\x00', 0x7, 0x80000)
ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4008af04, &(0x7f0000000240)=&(0x7f0000000200))
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
mount(&(0x7f0000000040)='./control\x00', &(0x7f0000000080)='./control\x00', &(0x7f0000000100)='xfs\x00', 0x21000, &(0x7f00000001c0))
unlink(&(0x7f00000000c0)='./control/file0\x00')
rmdir(&(0x7f000015dff6)='./control\x00')
unlink(&(0x7f0000000140)='./control/file0\x00')
flock(r1, 0x4)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000440), &(0x7f0000000600)=0x8)

2018/03/31 13:01:50 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop-control\x00', 0x0, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000240)={0x0, <r1=>0x0})
ptrace$peekuser(0x3, 0x0, 0x542ca047)
socket(0x4, 0x80807, 0x0)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0xa100, 0x0)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000040)={@empty, 0xff, 0x2, 0x3, 0x8, 0x81, 0x1, 0xfffffffffffffcd7}, &(0x7f0000000080)=0x20)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
setpgid(r1, r1)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f00000000c0)={<r4=>0x0, 0x9, 0x2}, &(0x7f00000001c0)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={r4, 0xb8, &(0x7f0000000540)=[@in6={0xa, 0x4e21, 0x6, @mcast2={0xff, 0x2, [], 0x1}}, @in6={0xa, 0x4e23, 0x9, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x14, 0xe}}, 0x5}, @in6={0xa, 0x4e21, 0x8, @dev={0xfe, 0x80, [], 0xd}, 0xaf31}, @in6={0xa, 0x4e20, 0x9, @loopback={0x0, 0x1}, 0x6f}, @in6={0xa, 0x4e21, 0x800, @local={0xfe, 0x80, [], 0xaa}, 0x7f}, @in={0x2, 0x4e23, @remote={0xac, 0x14, 0x14, 0xbb}}, @in6={0xa, 0x4e23, 0x9, @loopback={0x0, 0x1}}]}, &(0x7f0000000440)=0xc)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r3)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
r5 = dup2(r0, r0)
connect$ax25(0xffffffffffffffff, &(0x7f00000002c0)={0x3, {"20ada8787a1d43"}}, 0x10)
setsockopt$sock_timeval(r5, 0x1, 0x15, &(0x7f00000006c0)={0x0, 0x2710}, 0x10)
ptrace$poke(0x4, r1, &(0x7f0000000680), 0x2)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
getsockopt$packet_int(r2, 0x107, 0x11, &(0x7f0000000480), &(0x7f0000000640)=0x4)
getsockopt$IPT_SO_GET_ENTRIES(r5, 0x0, 0x41, &(0x7f0000000700)={'filter\x00', 0xb6, "22adb4830497aae8d6b2cf33de4f619c225f993f727e43b21caac7104dd7aff06de75886371e1d0d8989d413e0a042a4358735b9a5fc8f009d0512083627accac8cb5909413538ce093a72c0a5b6e763cb5e1ea45d0677317a38aba75262f7e246070bbfadb7039e1d854cfaa0ffa79d4f6f720c4aa05a0258ff270068bd2f7e387a54197bc71f83f6e8c9f21edceb72e71b0549914dd23aced8789a54bc84e1d1aa98ce864379b41d357d76d5159942b585f2020313"}, &(0x7f0000000800)=0xda)
ioctl$TIOCMSET(r5, 0x5418, &(0x7f0000000280)=0x800)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x54, &(0x7f00000004c0)=[@in6={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}, 0x1f}, @in6={0xa, 0x4e23, 0xfc3, @ipv4={[], [0xff, 0xff]}}, @in6={0xa, 0x4e22, 0x3, @mcast1={0xff, 0x1, [], 0x1}, 0x2}]}, &(0x7f0000000140)=0x10)
execve(&(0x7f0000000300)='./file0\x00', &(0x7f0000000400)=[&(0x7f0000000340)='/dev/loop-control\x00', &(0x7f00000003c0)='/dev/loop-control\x00'], &(0x7f0000000480))

[  445.980006] binder: 2722:2724 ioctl 8010aa01 20000180 returned -22
[  445.981882] binder: 2723:2725 ioctl 8010aa01 20000180 returned -22
[  445.986790] binder: 2715:2717 ioctl 8010aa01 20000180 returned -22
[  445.994244] binder: 2719:2720 ioctl 8010aa01 20000180 returned -22
[  446.004449] binder: 2722:2724 ioctl c0086420 20000080 returned -22
[  446.012370] binder: 2712:2714 ioctl 8010aa01 20000180 returned -22
[  446.017909] binder: 2719:2720 ioctl c0086420 20000080 returned -22
[  446.024182] binder: 2712:2714 ioctl c0086420 20000080 returned -22
[  446.027494] binder: 2723:2725 ioctl c0086420 20000080 returned -22
[  446.032707] binder: 2715:2717 ioctl c0086420 20000080 returned -22
[  446.038786] binder: 2719:2720 transaction failed 29189/-22, size 40-16 line 2848
[  446.046062] binder: 2722:2724 got transaction with invalid offset (40, min 0 max 40) or object.
[  446.052621] binder: BINDER_SET_CONTEXT_MGR already set
[  446.061248] binder: 2722:2724 transaction failed 29201/-22, size 40-8 line 3026
[  446.066526] binder: 2723:2725 ioctl 40046207 0 returned -16
2018/03/31 13:01:50 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r2 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r2, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r3, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r3, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r3, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  446.073930] binder: BINDER_SET_CONTEXT_MGR already set
[  446.085212] binder: 2712:2714 ioctl 40046207 0 returned -16
[  446.092618] binder: 2715:2717 got transaction with invalid offset (0, min 24 max 40) or object.
[  446.095488] binder: undelivered TRANSACTION_ERROR: 29189
[  446.101881] binder: 2715:2717 transaction failed 29201/-22, size 40-16 line 3026
[  446.116396] binder: 2723:2725 got transaction with invalid offset (0, min 24 max 40) or object.
2018/03/31 13:01:50 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(0xffffffffffffffff, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  446.117778] binder: 2712:2714 got transaction with invalid offset (0, min 24 max 40) or object.
[  446.125525] binder: 2723:2725 transaction failed 29201/-22, size 40-16 line 3026
[  446.135134] binder: 2722:2724 ioctl 541c 20000100 returned -22
[  446.160670] binder: 2712:2714 transaction failed 29201/-22, size 40-16 line 3026
[  446.161344] binder: undelivered TRANSACTION_ERROR: 29201
2018/03/31 13:01:50 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:50 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  446.194330] binder: undelivered TRANSACTION_ERROR: 29201
[  446.198508] binder: 2732:2733 ioctl 8010aa01 20000180 returned -22
[  446.207532] binder: undelivered TRANSACTION_ERROR: 29201
[  446.217796] binder: 2730:2731 ioctl 8010aa01 20000180 returned -22
[  446.238407] binder: 2730:2731 ioctl c0086420 20000080 returned -22
2018/03/31 13:01:50 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x0, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  446.249423] binder: 2741:2743 ioctl 8010aa01 20000180 returned -22
[  446.254506] binder: 2732:2733 ioctl c0086420 20000080 returned -22
[  446.263648] binder: 2735:2740 ioctl 8010aa01 20000180 returned -22
[  446.264876] binder: 2730:2731 got transaction with invalid offset (0, min 24 max 40) or object.
[  446.273995] binder: undelivered TRANSACTION_ERROR: 29201
[  446.280928] binder: 2732:2733 got transaction with invalid offset (0, min 24 max 40) or object.
[  446.292646] binder: 2735:2740 ioctl c0086420 20000080 returned -22
[  446.294891] binder: 2732:2733 transaction failed 29201/-22, size 40-16 line 3026
[  446.301394] binder: 2741:2743 ioctl c0086420 20000080 returned -22
[  446.308075] binder: 2730:2731 transaction failed 29201/-22, size 40-16 line 3026
[  446.318580] binder: 2748:2749 ioctl 8010aa01 20000180 returned -22
[  446.328559] binder: 2748:2749 ioctl c0086420 20000080 returned -22
[  446.336191] binder: 2735:2740 got transaction with invalid offset (0, min 24 max 40) or object.
2018/03/31 13:01:51 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r1=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r1})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r2 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r2, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r3, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r3, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r3, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:51 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(0xffffffffffffffff, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  446.345968] binder: BINDER_SET_CONTEXT_MGR already set
[  446.351598] binder: BINDER_SET_CONTEXT_MGR already set
[  446.357065] binder: 2741:2743 ioctl 40046207 0 returned -16
[  446.358252] binder: undelivered TRANSACTION_ERROR: 29201
[  446.362930] binder: 2735:2740 transaction failed 29201/-22, size 40-16 line 3026
[  446.377561] binder: 2748:2749 ioctl 40046207 0 returned -16
[  446.388205] binder: 2741:2743 ioctl 541c 20000100 returned -22
[  446.394339] binder: 2748:2749 got transaction with invalid offset (0, min 24 max 40) or object.
[  446.401469] binder: undelivered TRANSACTION_ERROR: 29201
[  446.408781] binder: send failed reply for transaction 5781 to 2741:2743
[  446.413187] binder: 2748:2749 transaction failed 29201/-22, size 40-16 line 3026
[  446.432300] binder: 2754:2755 ioctl 8010aa01 20000180 returned -22
[  446.438994] binder: 2754:2755 ioctl c0086420 20000080 returned -22
[  446.444932] binder: undelivered TRANSACTION_COMPLETE
[  446.446525] binder: 2754:2755 got transaction with invalid offset (0, min 24 max 40) or object.
[  446.450502] binder: undelivered TRANSACTION_ERROR: 29189
[  446.459501] binder: 2754:2755 transaction failed 29201/-22, size 40-16 line 3026
[  446.485778] binder: undelivered TRANSACTION_ERROR: 29201
[  446.491582] binder: undelivered TRANSACTION_ERROR: 29201
[  446.499212] binder: undelivered TRANSACTION_ERROR: 29201
[  446.534741] binder: 2756:2757 ioctl 8010aa01 20000180 returned -22
[  446.541375] binder: 2756:2757 ioctl c0086420 20000080 returned -22
[  446.549626] binder: 2756:2757 transaction failed 29189/-22, size 40-16 line 2848
[  446.576561] binder: undelivered TRANSACTION_ERROR: 29189
2018/03/31 13:01:51 executing program 3:
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$vcsa(&(0x7f0000000180)='/dev/vcsa#\x00', 0x7, 0x80000)
ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4008af04, &(0x7f0000000240)=&(0x7f0000000200))
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
mount(&(0x7f0000000040)='./control\x00', &(0x7f0000000080)='./control\x00', &(0x7f0000000100)='xfs\x00', 0x21000, &(0x7f00000001c0))
unlink(&(0x7f00000000c0)='./control/file0\x00')
rmdir(&(0x7f000015dff6)='./control\x00')
unlink(&(0x7f0000000140)='./control/file0\x00')
flock(r1, 0x4)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000440), &(0x7f0000000600)=0x8)

2018/03/31 13:01:51 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x0, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:51 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:51 executing program 6:
perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sndctrl(&(0x7f0000006000)='/dev/snd/controlC#\x00', 0x0, 0x0)
syz_open_dev$sndpcmp(&(0x7f00000000c0)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
pselect6(0x40, &(0x7f00000abfc0)={0x3ffffd}, &(0x7f0000768000), &(0x7f00007fbfc0), &(0x7f0000f22000)={0x0, 0x989680}, &(0x7f0000f14000)={&(0x7f0000553ff8), 0x8})

2018/03/31 13:01:51 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:51 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000040)={'syzkaller1\x00', 0x6})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0))
timer_gettime(0x0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000140)={0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x6, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x7, 0x7, 0x7, 0x0, 0x0, 0x0, 0x5, 0x7, 0xff, 0x0, 0xc78, 0x0, 0x0, 0x7ff})
r1 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r1, 0x0)
r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
ioctl$UFFDIO_UNREGISTER(r2, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x7, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0), 0x4)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x0, 0x400})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x0, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:51 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x0, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:51 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r1=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r1})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r2 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r2, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r3, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r3, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r3, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:51 executing program 6:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.net\x00', 0x200002, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0/file0\x00', 0x400, 0x100)
ioctl$KDGKBENT(r1, 0x4b46, &(0x7f0000000240)={0x1, 0x8000, 0x1f})
fchdir(r0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x2000)
unlink(&(0x7f0000000080)='./file0/file0\x00')
r2 = syz_open_dev$usbmon(&(0x7f0000000100)='/dev/usbmon#\x00', 0x9e9a, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(r2, 0x118, 0x0, &(0x7f0000000180)=0x8000, 0x4)
openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x20000000001, 0x0)
ioctl$EVIOCGABS20(0xffffffffffffffff, 0x80184560, &(0x7f0000000080))
r3 = request_key(&(0x7f0000000280)='blacklist\x00', &(0x7f00000002c0)={0x73, 0x79, 0x7a, 0x1}, &(0x7f0000000300)='\x00', 0x0)
keyctl$setperm(0x5, r3, 0x4)
rmdir(&(0x7f00000000c0)='./file0\x00')

[  447.042328] binder: 2771:2773 ioctl 8010aa01 20000180 returned -22
[  447.042435] binder: 2766:2769 ioctl 8010aa01 20000180 returned -22
[  447.056613] binder: 2767:2776 ioctl 8010aa01 20000180 returned -22
[  447.064679] binder: 2775:2777 ioctl 8010aa01 20000180 returned -22
[  447.065204] binder: 2771:2773 ioctl c0086420 20000080 returned -22
[  447.071391] binder: 2767:2776 ioctl c0086420 20000080 returned -22
[  447.084298] binder: 2775:2777 ioctl c0086420 20000080 returned -22
[  447.093124] binder: 2772:2774 ioctl 8010aa01 20000180 returned -22
[  447.098744] binder: 2771:2773 got transaction with invalid offset (0, min 24 max 40) or object.
[  447.100447] binder: BINDER_SET_CONTEXT_MGR already set
[  447.108440] binder: 2778:2779 ioctl 8010aa01 20000180 returned -22
[  447.113903] binder: 2772:2774 ioctl c0086420 20000080 returned -22
[  447.120183] binder: 2766:2769 ioctl c0086420 20000080 returned -22
[  447.127249] binder: BINDER_SET_CONTEXT_MGR already set
2018/03/31 13:01:51 executing program 6:
syz_emit_ethernet(0x1, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c200c9b1844de383a98d0800450000240000000080f1de00f534758727e6d1625a35bdb32ff1e527ab2f91ce2c9d5b851437c5af4a1332a53cd77ade3095f8965647fa7a9cd9abea4000000000000000000000000000"], 0x0)

[  447.133479] binder: 2771:2773 transaction failed 29201/-22, size 40-16 line 3026
[  447.138234] binder: 2767:2776 ioctl 40046207 0 returned -16
[  447.139922] binder: 2778:2779 ioctl c0086420 20000080 returned -22
[  447.147190] binder: 2775:2777 ioctl 40046207 0 returned -16
[  447.152309] binder: BINDER_SET_CONTEXT_MGR already set
[  447.170520] binder: 2767:2776 ioctl 541c 20000100 returned -22
[  447.170753] binder: 2772:2774 got transaction with invalid offset (0, min 24 max 40) or object.
[  447.187299] binder: 2778:2779 got transaction with invalid offset (0, min 24 max 40) or object.
[  447.196445] binder: 2766:2769 ioctl 40046207 0 returned -16
[  447.202436] binder: 2778:2779 transaction failed 29201/-22, size 40-16 line 3026
[  447.211802] binder: 2766:2769 got transaction with invalid offset (0, min 24 max 40) or object.
[  447.214758] binder_alloc: binder_alloc_mmap_handler: 2775 20000000-20002000 already mapped failed -16
[  447.220856] binder: 2772:2774 transaction failed 29201/-22, size 40-16 line 3026
2018/03/31 13:01:51 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x0, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:51 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:51 executing program 6:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop-control\x00', 0x0, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000240)={0x0, <r1=>0x0})
ptrace$peekuser(0x3, 0x0, 0x542ca047)
socket(0x4, 0x80807, 0x0)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0xa100, 0x0)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000040)={@empty, 0xff, 0x2, 0x3, 0x8, 0x81, 0x1, 0xfffffffffffffcd7}, &(0x7f0000000080)=0x20)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
setpgid(r1, r1)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f00000000c0)={<r4=>0x0, 0x9, 0x2}, &(0x7f00000001c0)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={r4, 0xd4, &(0x7f0000000540)=[@in6={0xa, 0x4e21, 0x6, @mcast2={0xff, 0x2, [], 0x1}}, @in6={0xa, 0x4e23, 0x9, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x14, 0xe}}, 0x5}, @in6={0xa, 0x4e24, 0x2, @dev={0xfe, 0x80, [], 0x16}, 0x3}, @in6={0xa, 0x4e21, 0x8, @dev={0xfe, 0x80, [], 0xd}, 0xaf31}, @in6={0xa, 0x4e20, 0x9, @loopback={0x0, 0x1}, 0x6f}, @in6={0xa, 0x4e21, 0x800, @local={0xfe, 0x80, [], 0xaa}, 0x7f}, @in={0x2, 0x4e23, @remote={0xac, 0x14, 0x14, 0xbb}}, @in6={0xa, 0x4e23, 0x9, @loopback={0x0, 0x1}, 0x1}]}, &(0x7f0000000440)=0x10)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r3)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
r5 = dup2(r0, r0)
connect$ax25(0xffffffffffffffff, &(0x7f00000002c0)={0x3, {"20ada8787a1d43"}}, 0x10)
setsockopt$sock_timeval(r5, 0x1, 0x15, &(0x7f00000006c0)={0x0, 0x2710}, 0x10)
ptrace$poke(0xffffffffffffffff, r1, &(0x7f0000000680), 0x2)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
getsockopt$packet_int(r2, 0x107, 0x11, &(0x7f0000000480), &(0x7f0000000640)=0x4)
getsockopt$IPT_SO_GET_ENTRIES(r5, 0x0, 0x41, &(0x7f0000000700)={'filter\x00', 0xb6, "22adb4830497aae8d6b2cf33de4f619c225f993f727e43b21caac7104dd7aff06de75886371e1d0d8989d413e0a042a4358735b9a5fc8f009d0512083627accac8cb5909413538ce093a72c0a5b6e763cb5e1ea45d0677317a38aba75262f7e246070bbfadb7039e1d854cfaa0ffa79d4f6f720c4aa05a0258ff270068bd2f7e387a54197bc71f83f6e8c9f21edceb72e71b0549914dd23aced8789a54bc84e1d1aa98ce864379b41d357d76d5159942b585f2020313"}, &(0x7f0000000800)=0xda)
ioctl$TIOCMSET(r5, 0x5418, &(0x7f0000000280)=0x800)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x54, &(0x7f00000004c0)=[@in6={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}, 0x1f}, @in6={0xa, 0x4e23, 0xfc3, @ipv4={[], [0xff, 0xff]}}, @in6={0xa, 0x4e22, 0x3, @mcast1={0xff, 0x1, [], 0x1}, 0x2}]}, &(0x7f0000000140)=0x10)

[  447.237844] binder: 2766:2769 transaction failed 29201/-22, size 40-16 line 3026
[  447.244755] binder: release 2767:2776 transaction 5796 out, still active
[  447.250730] binder: 2775:2786 ioctl 8010aa01 20000180 returned -22
[  447.252414] binder: unexpected work type, 4, not freed
[  447.264046] binder: undelivered TRANSACTION_COMPLETE
2018/03/31 13:01:51 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x0, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:51 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r1=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r1})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r2 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r2, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r3, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r3, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r3, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:52 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  447.293417] binder: 2775:2786 ioctl c0086420 20000080 returned -22
[  447.297819] binder: 2790:2791 ioctl 8010aa01 20000180 returned -22
[  447.311166] binder: 2789:2792 ioctl 8010aa01 20000180 returned -22
[  447.331874] binder: 2790:2791 ioctl c0086420 20000080 returned -22
[  447.341165] binder: undelivered TRANSACTION_ERROR: 29201
[  447.341482] binder_alloc: 2771: binder_alloc_buf, no vma
[  447.346981] binder: 2789:2792 ioctl c0086420 20000080 returned -22
[  447.352264] binder: 2775:2786 transaction failed 29189/-3, size 40-8 line 2963
[  447.352759] binder: 2795:2797 ioctl 8010aa01 20000180 returned -22
[  447.359454] binder: BINDER_SET_CONTEXT_MGR already set
[  447.367933] binder: 2796:2801 ioctl 8010aa01 20000180 returned -22
[  447.375240] binder: undelivered TRANSACTION_ERROR: 29201
[  447.381584] binder: 2802:2804 ioctl 8010aa01 20000180 returned -22
[  447.384754] binder: BINDER_SET_CONTEXT_MGR already set
[  447.390298] binder: 2802:2804 ioctl c0086420 20000080 returned -22
[  447.396613] binder: undelivered TRANSACTION_ERROR: 29201
[  447.402312] binder: 2795:2797 ioctl c0086420 20000080 returned -22
[  447.408500] binder: 2790:2791 ioctl 40046207 0 returned -16
[  447.415120] binder: 2796:2801 ioctl c0086420 20000080 returned -22
[  447.421376] binder: undelivered TRANSACTION_ERROR: 29201
[  447.426657] binder: 2789:2792 got transaction with invalid offset (0, min 24 max 40) or object.
[  447.431951] binder: send failed reply for transaction 5796, target dead
[  447.438765] binder: BINDER_SET_CONTEXT_MGR already set
[  447.446245] binder: send failed reply for transaction 5797 to 2775:2777
[  447.446868] binder: 2775:2793 ioctl 40046207 0 returned -16
[  447.454934] binder: 2802:2804 got transaction with invalid offset (0, min 24 max 40) or object.
[  447.462289] binder: 2790:2791 ioctl 541c 20000100 returned -22
[  447.466873] binder: 2802:2804 transaction failed 29201/-22, size 40-16 line 3026
[  447.495612] binder: 2796:2801 got transaction with invalid offset (0, min 24 max 40) or object.
[  447.495838] binder: release 2790:2791 transaction 5819 out, still active
[  447.505165] binder: 2795:2797 ioctl 40046207 0 returned -16
[  447.511465] binder: unexpected work type, 4, not freed
[  447.511473] binder: undelivered TRANSACTION_COMPLETE
[  447.517332] binder: 2789:2792 transaction failed 29201/-22, size 40-16 line 3026
[  447.536480] binder: 2796:2801 transaction failed 29201/-22, size 40-16 line 3026
[  447.538350] binder: undelivered TRANSACTION_ERROR: 29189
[  447.550234] binder: undelivered TRANSACTION_COMPLETE
[  447.555588] binder: undelivered TRANSACTION_ERROR: 29189
[  447.556265] binder: 2795:2797 got transaction with invalid offset (0, min 24 max 40) or object.
[  447.588151] binder: 2795:2797 transaction failed 29201/-22, size 40-16 line 3026
[  447.590750] binder: undelivered TRANSACTION_ERROR: 29201
[  447.613722] binder: undelivered TRANSACTION_ERROR: 29201
[  447.619661] binder: undelivered TRANSACTION_ERROR: 29201
[  447.625239] binder: send failed reply for transaction 5819, target dead
[  447.636376] binder: undelivered TRANSACTION_ERROR: 29201
2018/03/31 13:01:52 executing program 6:
madvise(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x9)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f00005d5ff3)={0x2, 0x4e20, @rand_addr}, 0x10)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip6_flowlabel\x00')
readv(r1, &(0x7f0000001400)=[{&(0x7f00000012c0)=""/226, 0xe2}], 0x1)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000000)={<r2=>0x0, 0x7fffffff}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000180)={r2, @in={{0x2, 0x4e22, @multicast2=0xe0000002}}, 0x1f, 0xfff}, &(0x7f0000000080)=0x90)
mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000)

2018/03/31 13:01:52 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:52 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:52 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000040)={'syzkaller1\x00', 0x6})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0))
timer_gettime(0x0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000140)={0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x6, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x7, 0x7, 0x7, 0x0, 0x0, 0x0, 0x5, 0x7, 0xff, 0x0, 0xc78, 0x0, 0x0, 0x7ff})
r1 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r1, 0x0)
r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
ioctl$UFFDIO_UNREGISTER(r2, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x7, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0), 0x4)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x0, 0x400})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x0, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:52 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x0, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:52 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x0, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:52 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_gettime(0x0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r1=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r1})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r2 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r2, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r3, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r3, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r3, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:52 executing program 3:
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$vcsa(&(0x7f0000000180)='/dev/vcsa#\x00', 0x7, 0x80000)
ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4008af04, &(0x7f0000000240)=&(0x7f0000000200))
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
mount(&(0x7f0000000040)='./control\x00', &(0x7f0000000080)='./control\x00', &(0x7f0000000100)='xfs\x00', 0x21000, &(0x7f00000001c0))
unlink(&(0x7f00000000c0)='./control/file0\x00')
rmdir(&(0x7f000015dff6)='./control\x00')
unlink(&(0x7f0000000140)='./control/file0\x00')
flock(r1, 0x4)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000440), &(0x7f0000000600)=0x8)

[  448.106505] binder: 2816:2818 ioctl 8010aa01 20000180 returned -22
[  448.109759] binder: 2813:2820 ioctl 8010aa01 20000180 returned -22
[  448.119115] binder: 2814:2826 ioctl 8010aa01 20000180 returned -22
[  448.120184] binder: 2817:2824 ioctl 8010aa01 20000180 returned -22
[  448.131218] binder: 2816:2818 ioctl c0086420 20000080 returned -22
[  448.134846] binder: 2821:2823 ioctl 8010aa01 20000180 returned -22
[  448.141704] binder: 2814:2826 ioctl c0086420 20000080 returned -22
2018/03/31 13:01:52 executing program 6:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000150000)=0x41, 0x4)
connect$inet(r0, &(0x7f0000001ffa)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/autofs\x00', 0x80080, 0x0)
getsockopt$bt_BT_SECURITY(r1, 0x112, 0x4, &(0x7f0000000140), 0x2)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f000094cffc)=0x10000080000180, 0x5d2f0bfb)
sendto$inet(r0, &(0x7f0000642000)="d3523b23a3a4901f3644faac98a41fe6093934adc1f264cfe9f2ffbea1649bd3d6fd89db8b960bf0cfc609a35312663f3f76257cfa83157cac4b043042e1458673a8fafe2545e6ebe619cc5f3131d10703026b630ed5a527cf27d3902c71ecde9fc15e66aedaab58cc448194eb7344bbdb6c96f5d21ee51d71e32093bbc1b7c4729d545c318f25c80f582d22a1e37a0aa6afd1f86f675cdee0b4af513d38be5a55b42b0e956782d9aa8655ea931ae969253cb09240afa8cfad50cea0eefa084beba0c8f03aa616ba5631e302549857687f49b1303f14d358c7c33e18e97426412682722f56e500ed2129af03a2b08a22bc09cd6c0a6d5916fd8853786a518263312099f6f5ac595998d3c801f7effa741b3094721e13b1b88bc5ee5b8a7716053e1482c8adc0388ca50825e56bbbe550e572344a8e15153a2874b3c013d13f06d19f79217b24f6d07fe0e7029158db63f14cea202939c06af5c68a5fc89a23b4e322dd969f0a2a31295b2ba5a0967da2326de2d7db7ce276596291d329a89c24e2cdf005f5a689727024c144e83e427272138c96deae0feb8dc8131d3ecf27faf0ee09669af12b94906f994fe42d766c3a577a56e6910516f966035242de764daac021f6930c0c820f94b0eb7014dd661b61c047a8447edf27fb9bf9c2d8a2efbd8047702b0d7a18470116e9b705e6fc5d42582e84cb0f98dba3a292bffcc21bf970063a91c1baa39ea9e06c6a4f9fb4cfb2b86690265b99295e3eeddf2df0fb0c240d794b7acbf9dc0ebed672cbb866547d67de9b79a2dcc35cd02325aa6b8fc6", 0x241, 0x91, &(0x7f0000940000)={0x2, 0x0, @broadcast=0xffffffff}, 0x10)
getsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000180)=@assoc_value={<r2=>0x0, 0x4}, &(0x7f0000000340)=0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000700)={r2, 0x6, 0x30}, &(0x7f0000000740)=0xc)
ioctl$GIO_FONTX(r1, 0x4b6b, &(0x7f0000000780)=""/116)
sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f00000006c0)={&(0x7f0000000440)={0x10}, 0xc, &(0x7f0000000680)={&(0x7f0000000a80)=ANY=[@ANYBLOB="8666d612574c481dde96ea1cbdaeba984a8cdfdb73fd38eaceba6c975743334d1d42ec385ab7bbb89369d374906b958025da62329117510ac9da4750cd324cfe45286825f3f00645dae8ea0e93d4ae79602d66be11570b2f5f3584e8d08c66dc365a66d1eb6cf086f147605d59c32677ab64015a07ef16111d77ecd1da5861667fc1bab98f43cf8eec256408bc3963de6245645699231dcaf1dcaa1a0e7ba66186f2e90c7e89b84e8def588f68b9d1a2b62f2e08f76bb2cc80c0d770bcf47e7c0ea90571b5ef692a17345611adaa6e63e4df09e53f243bd27280d423f2d330997e7ddeba0036f790e0ffcc1918748d11ef4d703b559fedda13100b03e030adeaab34d283f30322d0a0105b1e2ba19c627685b764630d056707b494e70b976490e1a20666f93365960c48063c42d7c23c240a08138d01d07edd2d8753432bf4e4103adae45978e2047b9241bb2837156a04174753c44476a7cee6b387c519c08d1e41143ae4cad79e4e795a2c9b265ee716cc23a9baa3cc4cddddcc8ef31900af11e4efc7690605445eefd89f3e499e0f060db26f76af1c45bd111ae7677f4fe7db6cd347d0741bf1bef3dd28ed3b4a09ba2bc4649647469b0ca4022f072a8d0b96cb7417e1d304bb8835d0f3aa67c16a42f12f0aafe10474480000f354726aaaf58072733784360f32a78c72ab0483b0df39bc95d3e5f7a3c4896c30c1673fd575ac26410786d70f3d9ee453e61c6340c201b3088c17be41e3b7da7c1f0e95a035af07d4ca4efb9f9ee38add18870327a9ca4b1c3f600459902d06ddd57501400266336da4f9d982dc4d5f3d751f717aabd275cfd4f41222356a8c9d684a821574ad1e3fc0ed6dabc554dc7f65778be015d23fff6a85092316472b146e79446638d2a033a18c679b9d68f23ad9dfd36f4601ed0b2ea5c8b7f04e96c55ceb686271b248ea88b4a1c9879ff432311b1b5f75df7beb6662b4775c7701d8749231990d5783cba64ad2782604ffffe5dbeaf1bef7f23af7682eb73e0cd0aadf594a7a907c96b341c88c73060647a074b4a47f8f87fdb8ea2f1455d388d9531be1d3ab"], 0x1}, 0x1}, 0x0)
writev(r0, &(0x7f0000000300)=[{&(0x7f0000000200)="365493ae5f91ffefda606e8cf0f706df7353a7bbff1e720923c93958cf2bcfb6c0ae1505c7f518e6d31503dd6fb435074377f20077f1e28213238f65e664a3382ee632493783fb9fe1d5d78ca1ece26e39700f2182c8878a16b8e1260e32ac0715cc65e183b2236dff8fca9d529e9ea594090ca227c0d7e835f72da08943608c507799101fd342c95d6db0bb39179486dfc8aed4abef1c120340b1939e2a43899e0c83709cd075bd7333411027fa0b637e559c3e2a6008bca78681bcdb5de5c19d8fdc6f1ee4d4b54efd65f25dbd03e7f3773a26", 0xd4}], 0x1)
r3 = socket(0x0, 0x2, 0xc638)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000380)={<r4=>0x0, 0x10001}, &(0x7f00000003c0)=0x8)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f0000000400)={r4, 0x7f}, 0x8)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000080)=0xc)
sendto$inet(r0, &(0x7f00000000c0)="d8", 0x1, 0x0, &(0x7f00000001c0)={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10)
sendto(r0, &(0x7f0000000980)="29a85bcd4aeede5abf67ece6f479e6aba3bdf24bbdde09a147837fcfe2d229270ad2ca604c2046127d8586fec7b3673161327d22a7e9ec04b2ae5d1defb591ae64f7053ad0dd556eb79d3ed7264a654dcd8aef0319b0e7109c0d", 0x5a, 0x801, &(0x7f0000000a00)=@nl=@kern={0x10, 0x0, 0x0, 0x40000000}, 0x80)
recvmsg(r0, &(0x7f000091d000)={&(0x7f0000813fec)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x80, &(0x7f0000451fb0)=[{&(0x7f0000948f34)=""/204, 0xcc}, {&(0x7f0000687f5c)=""/164, 0xa4}], 0x2, &(0x7f00009485e1)=""/148, 0x94}, 0x0)
shutdown(r0, 0x1)
recvmsg(r0, &(0x7f0000001ac0)={&(0x7f0000000480)=@in6={0x0, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000001940)=[{&(0x7f0000000500)=""/232, 0xe8}, {&(0x7f0000001700)=""/248, 0xf8}, {&(0x7f0000002040)=""/4096, 0x1000}, {&(0x7f0000000600)=""/117, 0x75}, {&(0x7f0000003040)=""/4096, 0x1000}, {&(0x7f0000001800)=""/36, 0x24}, {&(0x7f0000001840)=""/24, 0x18}, {&(0x7f0000001880)=""/73, 0x49}, {&(0x7f0000001900)=""/29, 0x1d}], 0x9, &(0x7f0000001a00)=""/164, 0xa4, 0x1000}, 0x40000000)
getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xa, &(0x7f0000001b00), &(0x7f0000001b40)=0x4)

[  448.145550] binder: 2817:2824 ioctl c0086420 20000080 returned -22
[  448.154143] binder: 2816:2818 transaction failed 29189/-22, size 40-16 line 2848
[  448.159744] binder: 2822:2825 ioctl 8010aa01 20000180 returned -22
[  448.168125] binder: 2814:2826 transaction failed 29189/-22, size 40-16 line 2848
[  448.172434] binder: 2822:2825 ioctl c0086420 20000080 returned -22
[  448.186319] binder: 2813:2820 ioctl c0086420 20000080 returned -22
[  448.196673] binder: 2817:2824 got transaction with invalid offset (0, min 24 max 40) or object.
2018/03/31 13:01:52 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_gettime(0x0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r1=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r1})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r2 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r2, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r3, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r3, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r3, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:52 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x0, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  448.211262] binder: 2821:2823 ioctl c0086420 20000080 returned -22
[  448.217219] binder: undelivered TRANSACTION_ERROR: 29189
[  448.221218] binder: BINDER_SET_CONTEXT_MGR already set
[  448.228860] binder: 2817:2824 transaction failed 29201/-22, size 40-16 line 3026
[  448.235209] binder: undelivered TRANSACTION_ERROR: 29189
[  448.238599] binder: BINDER_SET_CONTEXT_MGR already set
[  448.249793] binder: BINDER_SET_CONTEXT_MGR already set
[  448.267213] binder: 2821:2823 ioctl 40046207 0 returned -16
[  448.269706] binder: 2833:2835 ioctl 8010aa01 20000180 returned -22
[  448.274212] binder: 2813:2820 ioctl 40046207 0 returned -16
[  448.293938] binder: 2822:2825 ioctl 40046207 0 returned -16
[  448.295353] binder: 2838:2840 ioctl 8010aa01 20000180 returned -22
[  448.301331] binder: undelivered TRANSACTION_ERROR: 29201
2018/03/31 13:01:53 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  448.313074] binder: 2821:2823 transaction failed 29189/-22, size 40-8 line 2848
[  448.314143] binder: 2838:2840 ioctl c0086420 20000080 returned -22
[  448.327545] binder: 2833:2835 ioctl c0086420 20000080 returned -22
[  448.331534] binder: 2822:2825 transaction failed 29189/-22, size 40-16 line 2848
[  448.337803] binder: 2833:2835 transaction failed 29189/-22, size 40-16 line 2848
[  448.351141] binder: 2813:2820 transaction failed 29189/-22, size 40-16 line 2848
[  448.352591] binder: 2838:2840 transaction failed 29189/-22, size 40-16 line 2848
2018/03/31 13:01:53 executing program 6:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x0, 0x6, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x0, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680), 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)

2018/03/31 13:01:53 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000040)={'syzkaller1\x00', 0x6})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0))
timer_gettime(0x0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000140)={0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x6, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x7, 0x7, 0x7, 0x0, 0x0, 0x0, 0x5, 0x7, 0xff, 0x0, 0xc78, 0x0, 0x0, 0x7ff})
r1 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r1, 0x0)
r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
ioctl$UFFDIO_UNREGISTER(r2, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x7, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0), 0x4)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x0, 0x400})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x0, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:53 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_gettime(0x0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r1=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r1})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r2 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r2, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r3, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r3, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r3, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  448.369486] binder: 2841:2842 ioctl 8010aa01 20000180 returned -22
[  448.372709] binder: 2813:2820 ioctl 541c 20000100 returned -22
[  448.385877] binder: 2841:2842 ioctl c0086420 20000080 returned -22
[  448.402226] binder: undelivered TRANSACTION_ERROR: 29189
[  448.413349] binder: 2843:2844 ioctl 8010aa01 20000180 returned -22
2018/03/31 13:01:53 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x0, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:53 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  448.420623] binder: undelivered TRANSACTION_ERROR: 29189
[  448.426575] binder: 2843:2844 ioctl c0086420 20000080 returned -22
[  448.435569] binder: 2841:2842 got transaction with invalid offset (0, min 24 max 40) or object.
[  448.438368] binder: BINDER_SET_CONTEXT_MGR already set
[  448.450339] binder: 2843:2844 ioctl 40046207 0 returned -16
[  448.458391] binder: 2843:2844 got transaction with invalid offset (40, min 24 max 40) or object.
[  448.468956] binder: undelivered TRANSACTION_ERROR: 29189
[  448.469112] binder: 2841:2842 transaction failed 29201/-22, size 40-16 line 3026
[  448.493167] binder: 2848:2851 ioctl 8010aa01 20000180 returned -22
[  448.498131] binder: 2843:2844 transaction failed 29201/-22, size 40-16 line 3026
[  448.503549] binder: 2847:2850 ioctl 8010aa01 20000180 returned -22
[  448.509983] binder: 2849:2853 ioctl 8010aa01 20000180 returned -22
2018/03/31 13:01:53 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x0, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  448.513681] binder: undelivered TRANSACTION_ERROR: 29189
[  448.520881] binder: 2849:2853 ioctl c0086420 20000080 returned -22
[  448.538840] binder: 2848:2851 ioctl c0086420 20000080 returned -22
[  448.546504] binder: 2852:2854 ioctl 8010aa01 20000180 returned -22
[  448.546623] binder: 2847:2850 ioctl c0086420 20000080 returned -22
[  448.560279] binder: undelivered TRANSACTION_ERROR: 29189
2018/03/31 13:01:53 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  448.560640] binder: 2856:2857 ioctl 8010aa01 20000180 returned -22
[  448.569765] binder: BINDER_SET_CONTEXT_MGR already set
[  448.572374] binder: 2843:2844 ioctl 8010aa01 20000180 returned -22
[  448.581502] binder: undelivered TRANSACTION_ERROR: 29201
[  448.586286] binder: 2852:2854 ioctl c0086420 20000080 returned -22
[  448.589778] binder: 2848:2851 ioctl 40046207 0 returned -16
[  448.601458] binder: 2849:2853 got transaction with invalid offset (0, min 24 max 40) or object.
[  448.604167] binder: 2847:2850 got transaction with invalid offset (0, min 24 max 40) or object.
[  448.616189] binder: 2843:2855 ioctl c0086420 20000080 returned -22
[  448.626171] binder: 2847:2850 transaction failed 29201/-22, size 40-16 line 3026
[  448.626745] binder: 2856:2857 ioctl c0086420 20000080 returned -22
[  448.636991] binder: 2848:2851 got transaction with invalid offset (0, min 24 max 40) or object.
[  448.642902] binder: 2858:2859 ioctl 8010aa01 20000180 returned -22
[  448.649654] binder: 2848:2851 transaction failed 29201/-22, size 40-16 line 3026
[  448.657803] binder: 2849:2853 transaction failed 29201/-22, size 40-16 line 3026
2018/03/31 13:01:53 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  448.672107] binder: BINDER_SET_CONTEXT_MGR already set
[  448.677509] binder: 2852:2854 ioctl 40046207 0 returned -16
[  448.677815] binder: undelivered TRANSACTION_ERROR: 29201
[  448.683492] binder: BINDER_SET_CONTEXT_MGR already set
[  448.691552] binder: 2858:2859 ioctl c0086420 20000080 returned -22
[  448.695793] binder: 2856:2857 got transaction with invalid offset (0, min 24 max 40) or object.
[  448.707594] binder: 2848:2851 ioctl 541c 20000100 returned -22
2018/03/31 13:01:53 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x0, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:53 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000040)={'syzkaller1\x00', 0x6})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0))
timer_gettime(0x0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000140)={0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x6, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x7, 0x7, 0x7, 0x0, 0x0, 0x0, 0x5, 0x7, 0xff, 0x0, 0xc78, 0x0, 0x0, 0x7ff})
r1 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r1, 0x0)
r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
ioctl$UFFDIO_UNREGISTER(r2, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x7, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0), 0x4)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x0, 0x400})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x0, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  448.717786] binder: 2843:2855 got transaction with invalid offset (40, min 24 max 40) or object.
[  448.727255] binder: 2843:2844 ioctl 40046207 0 returned -16
[  448.732158] binder: 2860:2861 ioctl 8010aa01 20000180 returned -22
[  448.740330] binder: BINDER_SET_CONTEXT_MGR already set
[  448.742644] binder: 2856:2857 transaction failed 29201/-22, size 40-16 line 3026
[  448.748245] binder: undelivered TRANSACTION_ERROR: 29201
[  448.758779] binder: send failed reply for transaction 5860 to 2852:2854
[  448.773532] binder: 2860:2861 ioctl c0086420 20000080 returned -22
[  448.777117] binder: 2858:2859 ioctl 40046207 0 returned -16
[  448.805331] binder: 2868:2869 ioctl 8010aa01 20000180 returned -22
[  448.806090] binder: 2843:2855 transaction failed 29201/-22, size 40-16 line 3026
2018/03/31 13:01:53 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  448.814189] binder: 2868:2869 ioctl c0086420 20000080 returned -22
[  448.826507] binder: 2860:2861 transaction failed 29189/-22, size 40-16 line 2848
[  448.829289] binder: 2858:2859 transaction failed 29189/-22, size 40-16 line 2848
[  448.839853] binder: undelivered TRANSACTION_ERROR: 29201
[  448.848098] binder: undelivered TRANSACTION_ERROR: 29201
[  448.856134] binder: 2866:2867 ioctl 8010aa01 20000180 returned -22
[  448.857643] binder: 2868:2869 got transaction with invalid offset (0, min 24 max 40) or object.
[  448.867097] binder: undelivered TRANSACTION_COMPLETE
[  448.876540] binder: undelivered TRANSACTION_ERROR: 29189
[  448.880303] binder: 2868:2869 transaction failed 29201/-22, size 40-16 line 3026
[  448.883058] binder: 2866:2867 ioctl c0086420 20000080 returned -22
[  448.896233] binder: 2870:2871 ioctl 8010aa01 20000180 returned -22
[  448.902904] binder: 2870:2871 ioctl c0086420 20000080 returned -22
[  448.904883] binder: undelivered TRANSACTION_ERROR: 29189
[  448.909606] binder: BINDER_SET_CONTEXT_MGR already set
[  448.931178] binder: BINDER_SET_CONTEXT_MGR already set
[  448.944201] binder: undelivered TRANSACTION_ERROR: 29189
[  448.948857] binder: 2870:2871 ioctl 40046207 0 returned -16
[  448.956608] binder: 2866:2867 ioctl 40046207 0 returned -16
[  448.965366] binder_alloc: 2868: binder_alloc_buf, no vma
[  448.965433] binder: undelivered TRANSACTION_ERROR: 29201
[  448.970894] binder: 2870:2871 transaction failed 29189/-3, size 40-16 line 2963
[  448.976854] binder: undelivered TRANSACTION_ERROR: 29201
[  448.984971] binder: 2870:2871 ioctl 541c 20000100 returned -22
[  448.989838] binder: undelivered TRANSACTION_ERROR: 29201
[  449.001586] binder: 2866:2867 transaction failed 29189/-22, size 40-8 line 2848
[  449.011468] binder: undelivered TRANSACTION_ERROR: 29189
[  449.023396] binder: undelivered TRANSACTION_ERROR: 29189
2018/03/31 13:01:53 executing program 3:
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$vcsa(&(0x7f0000000180)='/dev/vcsa#\x00', 0x7, 0x80000)
ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4008af04, &(0x7f0000000240)=&(0x7f0000000200))
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
mount(&(0x7f0000000040)='./control\x00', &(0x7f0000000080)='./control\x00', &(0x7f0000000100)='xfs\x00', 0x21000, &(0x7f00000001c0))
unlink(&(0x7f00000000c0)='./control/file0\x00')
rmdir(&(0x7f000015dff6)='./control\x00')
unlink(&(0x7f0000000140)='./control/file0\x00')
flock(r1, 0x4)
close(r0)

2018/03/31 13:01:53 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(0xffffffffffffffff, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:53 executing program 6:
socket(0x10, 0x20000000802, 0x0)
r0 = socket$inet6(0xa, 0x2000000802, 0x0)
connect$inet6(r0, &(0x7f000000cfe4)={0xa}, 0x1c)
sendto$inet6(r0, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000100)={0xa, 0x4e22, 0x0, @dev={0xfe, 0x80}}, 0x1c)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vga_arbiter\x00', 0x440000, 0x0)
getsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000ec0)={0x0, 0x8, 0x7ff, 0x3}, &(0x7f0000000f00)=0x10)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000f80)={0x0, 0x2c, &(0x7f0000000f40)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14}}, @in6={0xa, 0x0, 0x10001, @ipv4={[], [0xff, 0xff], @local={0xac, 0x14, 0x14, 0xaa}}, 0xfff}]}, &(0x7f0000000fc0)=0x10)
syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0xfffffffffffffff7, 0x800)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e22}, 0x1c)
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000300)='/dev/rfkill\x00', 0x200000, 0x0)
setsockopt$bt_BT_VOICE(r3, 0x112, 0xb, &(0x7f0000000340), 0x2)
listen(r2, 0x0)
sendto$inet6(r1, &(0x7f0000f6f000), 0x1000000c4, 0x20000001, &(0x7f0000faafe4)={0xa, 0x4e22}, 0x1c)
sendmsg(r1, &(0x7f0000000b00)={&(0x7f0000000440)=@in={0x2, 0x4e24, @multicast1=0xe0000001}, 0x80, &(0x7f0000000a80)=[{&(0x7f00000004c0)="55aebf077baa6ad01f6b1616c0a6bc1f4d8243fc467fc460bd9204df4579a429354226372f8fbfb81db93cb11a8bb57c257da25cf9fb1a4827cfaa885c90f9fc4a719007686e18125d908c96a63272da8be3584977b3a2e96973310e9f490d6f51de9b25db8b994e116aaa0f23363c7c8c8da89baaf0f49282a8f5a285e8037d1d335e2e8061ef20adf57378cbaed4d8f69e32ddde2786c6626ec9d39f6e43a4f068", 0xa2}], 0x1, &(0x7f0000001600)=ANY=[], 0x0, 0x80000}, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f00000015c0)={0x0, 0x0, 0x9, 0x1e000000}, 0x14)
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000400)=<r4=>0x0)
syz_open_procfs(r4, &(0x7f0000000580)='ns/net\x00')
r5 = accept4(r2, &(0x7f00000000c0)=@alg, &(0x7f0000000040)=0x80, 0x80800)
getsockname$packet(r3, &(0x7f0000000900)={0x0, 0x0, <r6=>0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000000940)=0x14)
sendto$packet(r5, &(0x7f0000000880)="47d82f4ee2f635e2e20450e412b0220acf243910ddbe76aa3a2361f0b552fa5080b53e8ce74b03e9c5f56ed3a13eebb299bb4be847774442d083280fec30813686eb7d6d00a7fc10de0b6b585e579b067e0cd3f397fc7737b38588f0bfa6d14ad61ee6", 0x63, 0x10, &(0x7f0000000980)={0x11, 0x1f, r6, 0x1, 0x8, 0x6, @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}}, 0x14)
r7 = add_key$keyring(&(0x7f00000002c0)='keyring\x00', &(0x7f00000003c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0x0)
add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f0000000280)={0x73, 0x79, 0x7a, 0x3}, 0x0, 0x0, r7)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_inet_SIOCGIFNETMASK(r3, 0x891b, &(0x7f0000000380)={'bcsf0\x00', {0x2, 0x4e21, @multicast2=0xe0000002}})
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000001000)={0x0, 0xf5, 0x0, 0x0, 0x5}, &(0x7f0000001040)=0xffffffffffffff65)
r8 = syz_open_procfs(0x0, &(0x7f0000000700)="6664001a000000")
getdents64(r8, &(0x7f00000004c0)=""/189, 0xabf70f75d9c5643)

2018/03/31 13:01:53 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000040)={'syzkaller1\x00', 0x6})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0))
timer_gettime(0x0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000140)={0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x6, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x7, 0x7, 0x7, 0x0, 0x0, 0x0, 0x5, 0x7, 0xff, 0x0, 0xc78, 0x0, 0x0, 0x7ff})
r1 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r1, 0x0)
r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
ioctl$UFFDIO_UNREGISTER(r2, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x7, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0), 0x4)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x0, 0x400})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x0, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)

2018/03/31 13:01:53 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:53 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:53 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x0, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:53 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x0, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  449.196962] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  449.199806] binder: 2886:2888 ioctl 8010aa01 20000180 returned -22
[  449.212963] binder: 2878:2880 ioctl 8010aa01 20000180 returned -22
[  449.218933] binder: 2883:2885 ioctl 8010aa01 20000180 returned -22
[  449.226273] binder: 2878:2880 ioctl c0086420 20000080 returned -22
[  449.227188] binder: 2887:2889 ioctl 8010aa01 20000180 returned -22
[  449.235012] binder: 2878:2880 transaction failed 29189/-22, size 40-16 line 2848
[  449.241405] binder: 2890:2891 ioctl 8010aa01 20000180 returned -22
[  449.249265] binder: 2882:2884 ioctl 8010aa01 20000180 returned -22
[  449.254601] binder: 2883:2885 ioctl c0086420 20000080 returned -22
[  449.266778] binder: 2887:2889 ioctl c0086420 20000080 returned -22
[  449.272617] binder: 2882:2884 ioctl c0086420 20000080 returned -22
[  449.275140] binder: 2890:2891 ioctl c0086420 20000080 returned -22
[  449.279522] binder: 2886:2888 ioctl c0086420 20000080 returned -22
[  449.286630] binder: BINDER_SET_CONTEXT_MGR already set
2018/03/31 13:01:54 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x0, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  449.298923] binder: 2887:2889 got transaction with invalid offset (40, min 24 max 40) or object.
[  449.301700] binder: undelivered TRANSACTION_ERROR: 29189
[  449.308181] binder: 2887:2889 transaction failed 29201/-22, size 40-16 line 3026
[  449.314640] binder: 2883:2885 ioctl 40046207 0 returned -16
[  449.321788] binder: BINDER_SET_CONTEXT_MGR already set
[  449.333227] binder: 2882:2884 got transaction with invalid offset (0, min 24 max 40) or object.
[  449.333379] binder: 2886:2888 ioctl 40046207 0 returned -16
2018/03/31 13:01:54 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(0xffffffffffffffff, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  449.342583] binder: BINDER_SET_CONTEXT_MGR already set
[  449.359690] binder: 2890:2891 ioctl 40046207 0 returned -16
[  449.365258] binder: undelivered TRANSACTION_ERROR: 29201
[  449.365918] binder: 2882:2884 transaction failed 29201/-22, size 40-16 line 3026
[  449.374319] binder: 2896:2897 ioctl 8010aa01 20000180 returned -22
[  449.387482] binder: 2890:2891 transaction failed 29189/-22, size 40-16 line 2848
[  449.387712] binder: 2886:2888 transaction failed 29189/-22, size 40-8 line 2848
[  449.397373] binder: 2883:2885 transaction failed 29189/-22, size 40-16 line 2848
[  449.413959] binder: 2898:2899 ioctl 8010aa01 20000180 returned -22
[  449.420592] binder: 2896:2897 ioctl c0086420 20000080 returned -22
[  449.427919] binder: 2898:2899 ioctl c0086420 20000080 returned -22
[  449.444139] binder: undelivered TRANSACTION_ERROR: 29189
2018/03/31 13:01:54 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  449.447504] binder: 2898:2899 got transaction with invalid offset (40, min 24 max 40) or object.
[  449.453186] binder: undelivered TRANSACTION_ERROR: 29201
[  449.475420] binder: 2896:2897 got transaction with invalid offset (0, min 24 max 40) or object.
[  449.481814] binder: 2900:2902 ioctl 8010aa01 20000180 returned -22
[  449.496468] binder: 2898:2899 transaction failed 29201/-22, size 40-16 line 3026
[  449.501142] binder: 2896:2897 transaction failed 29201/-22, size 40-16 line 3026
[  449.511845] binder: undelivered TRANSACTION_ERROR: 29189
[  449.521235] binder: 2900:2902 ioctl c0086420 20000080 returned -22
[  449.530206] binder: undelivered TRANSACTION_ERROR: 29189
[  449.538877] binder: 2900:2902 got transaction with invalid offset (0, min 24 max 40) or object.
[  449.544434] binder: undelivered TRANSACTION_ERROR: 29201
[  449.564438] binder: 2900:2902 transaction failed 29201/-22, size 40-16 line 3026
[  449.564669] binder: undelivered TRANSACTION_ERROR: 29201
[  449.586874] binder: undelivered TRANSACTION_ERROR: 29201
2018/03/31 13:01:54 executing program 3:
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$vcsa(&(0x7f0000000180)='/dev/vcsa#\x00', 0x7, 0x80000)
ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4008af04, &(0x7f0000000240)=&(0x7f0000000200))
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
mount(&(0x7f0000000040)='./control\x00', &(0x7f0000000080)='./control\x00', &(0x7f0000000100)='xfs\x00', 0x21000, &(0x7f00000001c0))
unlink(&(0x7f00000000c0)='./control/file0\x00')
rmdir(&(0x7f000015dff6)='./control\x00')
unlink(&(0x7f0000000140)='./control/file0\x00')
flock(r1, 0x4)
close(r0)

2018/03/31 13:01:54 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000040)={'syzkaller1\x00', 0x6})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0))
timer_gettime(0x0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000140)={0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x6, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x7, 0x7, 0x7, 0x0, 0x0, 0x0, 0x5, 0x7, 0xff, 0x0, 0xc78, 0x0, 0x0, 0x7ff})
r1 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r1, 0x0)
r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
ioctl$UFFDIO_UNREGISTER(r2, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x7, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0), 0x4)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x0, 0x400})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x0, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)

2018/03/31 13:01:54 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:54 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x0, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:54 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x0, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:54 executing program 6:
socket$inet(0xa, 0x0, 0x0)
r0 = socket$inet(0xa, 0x2, 0x0)
setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(0xffffffffffffffff, 0x84, 0xc, &(0x7f0000000080), 0xfffffd79)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f000000a000)=@broute={'broute\x00', 0x20, 0x1, 0xd0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20009000], 0x2, &(0x7f0000008000), &(0x7f0000009000)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x19, 0x0, 0x0, '\x00', '\x00', '\x00', '\x00', @remote={[0xaa, 0xaa, 0xaa, 0xaa], 0xffffffffffffffff}, [], @local={[0xaa, 0xaa, 0xaa, 0xaa], 0xffffffffffffffff}, [], 0x70, 0x70, 0xa0}}, @common=@NFQUEUE0={'NFQUEUE\x00', 0x8}}]}]}, 0x118)

2018/03/31 13:01:54 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(0xffffffffffffffff, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:54 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  450.147737] binder: 2911:2914 ioctl 8010aa01 20000180 returned -22
[  450.150898] binder: 2919:2922 ioctl 8010aa01 20000180 returned -22
[  450.154487] binder: 2909:2913 ioctl 8010aa01 20000180 returned -22
[  450.163580] binder: 2915:2923 ioctl 8010aa01 20000180 returned -22
[  450.176104] binder: 2910:2921 ioctl 8010aa01 20000180 returned -22
[  450.180582] binder: 2911:2914 ioctl c0086420 20000080 returned -22
[  450.188251] binder: 2910:2921 ioctl c0086420 20000080 returned -22
[  450.195027] kernel msg: ebtables bug: please report to author: Wrong len argument
[  450.196143] binder: 2919:2922 ioctl c0086420 20000080 returned -22
[  450.204464] binder: 2909:2913 ioctl c0086420 20000080 returned -22
[  450.210317] binder: BINDER_SET_CONTEXT_MGR already set
[  450.221980] binder: 2911:2914 got transaction with invalid offset (0, min 24 max 40) or object.
[  450.222491] binder: 2915:2923 ioctl c0086420 20000080 returned -22
[  450.231517] binder: BINDER_SET_CONTEXT_MGR already set
[  450.242277] binder: 2910:2921 ioctl 40046207 0 returned -16
2018/03/31 13:01:54 executing program 6:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.net\x00', 0x200002, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0/file0\x00', 0x400, 0x100)
ioctl$KDGKBENT(r1, 0x4b46, &(0x7f0000000240)={0x1, 0x8000, 0x1f})
fchdir(r0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x2000)
unlink(&(0x7f0000000080)='./file0/file0\x00')
r2 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x9e9a, 0x204200)
setsockopt$nfc_llcp_NFC_LLCP_RW(r2, 0x118, 0x0, &(0x7f0000000180)=0x8000, 0xfffffffffffffcfa)
openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0/file0\x00', 0x20000000001, 0x0)
ioctl$EVIOCGABS20(0xffffffffffffffff, 0x80184560, &(0x7f0000000080))
r3 = request_key(&(0x7f0000000280)='blacklist\x00', &(0x7f00000002c0)={0x73, 0x79, 0x7a, 0x1}, &(0x7f0000000300)='\x00', 0x0)
keyctl$setperm(0x5, r3, 0x4)
rmdir(&(0x7f00000000c0)='./file0\x00')

[  450.248461] binder: 2919:2922 got transaction with invalid offset (0, min 24 max 40) or object.
[  450.249768] binder: 2911:2914 transaction failed 29201/-22, size 40-16 line 3026
[  450.257826] binder: 2919:2922 transaction failed 29201/-22, size 40-16 line 3026
[  450.266567] binder: 2918:2920 ioctl 8010aa01 20000180 returned -22
[  450.279100] binder: 2915:2923 got transaction with invalid offset (0, min 24 max 40) or object.
2018/03/31 13:01:55 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000040)={'syzkaller1\x00', 0x6})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0))
timer_gettime(0x0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000140)={0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x6, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x7, 0x7, 0x7, 0x0, 0x0, 0x0, 0x5, 0x7, 0xff, 0x0, 0xc78, 0x0, 0x0, 0x7ff})
r1 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r1, 0x0)
r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
ioctl$UFFDIO_UNREGISTER(r2, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x7, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0), 0x4)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x0, 0x400})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x0, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)

[  450.298417] binder: 2909:2913 ioctl 40046207 0 returned -16
[  450.302509] binder: release 2910:2921 transaction 5904 out, still active
[  450.308140] binder: 2915:2923 transaction failed 29201/-22, size 40-16 line 3026
[  450.311501] binder: unexpected work type, 4, not freed
[  450.311506] binder: undelivered TRANSACTION_COMPLETE
[  450.335966] binder: 2909:2913 got transaction with invalid offset (0, min 24 max 40) or object.
2018/03/31 13:01:55 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:55 executing program 6:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x0, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00', 0x6})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x6, 0x3f71, 0x8181, 0x0, 0x6, 0x2, 0x80, 0x5f, 0x7, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0x0, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x7, 0xffffffffffffffff})
ioctl$int_out(0xffffffffffffffff, 0x5462, &(0x7f0000000480))
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x0, 0x0, 0x0, 0x20}, 0x8, 0x5})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x0, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x0, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  450.345355] binder: 2909:2913 transaction failed 29201/-22, size 40-16 line 3026
[  450.353984] binder: 2918:2920 ioctl c0086420 20000080 returned -22
[  450.357140] binder: 2935:2936 ioctl 8010aa01 20000180 returned -22
[  450.360957] binder: BINDER_SET_CONTEXT_MGR already set
[  450.372292] binder: undelivered TRANSACTION_ERROR: 29201
2018/03/31 13:01:55 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x0, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:55 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:55 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x0, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  450.410693] binder: undelivered TRANSACTION_ERROR: 29201
[  450.416858] binder: undelivered TRANSACTION_ERROR: 29201
[  450.418843] binder: 2918:2920 ioctl 40046207 0 returned -16
[  450.422450] binder: send failed reply for transaction 5904, target dead
[  450.441595] binder: 2935:2936 ioctl c0086420 20000080 returned -22
[  450.451432] binder: 2938:2939 ioctl 8010aa01 20000180 returned -22
[  450.457795] binder: 2942:2943 ioctl 8010aa01 20000180 returned -22
[  450.461904] binder: 2940:2941 got transaction with invalid offset (40, min 24 max 40) or object.
[  450.464643] binder: BINDER_SET_CONTEXT_MGR already set
[  450.481708] binder: 2946:2947 ioctl 8010aa01 20000180 returned -22
[  450.483613] binder: 2944:2945 ioctl 8010aa01 20000180 returned -22
[  450.488554] binder: 2938:2939 ioctl c0086420 20000080 returned -22
[  450.495752] binder: 2918:2920 got transaction with invalid offset (40, min 24 max 40) or object.
[  450.510304] binder: 2940:2941 transaction failed 29201/-22, size 40-16 line 3026
[  450.510767] binder: 2918:2920 transaction failed 29201/-22, size 40-16 line 3026
[  450.518223] binder: 2946:2947 ioctl c0086420 20000080 returned -22
[  450.525776] binder: 2942:2943 ioctl c0086420 20000080 returned -22
[  450.536632] binder: 2938:2939 got transaction with invalid offset (0, min 24 max 40) or object.
[  450.538973] binder: 2944:2945 ioctl c0086420 20000080 returned -22
[  450.547347] binder: undelivered TRANSACTION_ERROR: 29201
[  450.554841] binder: 2935:2936 ioctl 40046207 0 returned -16
[  450.562935] binder: 2946:2947 got transaction with invalid offset (0, min 24 max 40) or object.
[  450.565669] binder: 2938:2939 transaction failed 29201/-22, size 40-16 line 3026
[  450.574341] binder: 2946:2947 transaction failed 29201/-22, size 40-16 line 3026
[  450.591659] binder: BINDER_SET_CONTEXT_MGR already set
[  450.597149] binder: BINDER_SET_CONTEXT_MGR already set
[  450.605312] binder: 2942:2943 ioctl 40046207 0 returned -16
2018/03/31 13:01:55 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x0, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  450.606793] binder: BINDER_SET_CONTEXT_MGR already set
[  450.616794] binder: 2944:2945 ioctl 40046207 0 returned -16
[  450.621226] binder: undelivered TRANSACTION_ERROR: 29201
[  450.632775] binder: release 2935:2936 transaction 5923 out, still active
[  450.633434] binder_alloc: 2940: binder_alloc_buf, no vma
[  450.639708] binder: unexpected work type, 4, not freed
[  450.639715] binder: undelivered TRANSACTION_COMPLETE
[  450.645251] binder: 2942:2943 transaction failed 29189/-3, size 40-16 line 2963
[  450.651164] binder: 2940:2941 ioctl 40046207 0 returned -16
[  450.655767] binder_alloc: 2940: binder_alloc_buf, no vma
[  450.674503] binder: 2940:2948 transaction failed 29189/-3, size 40-16 line 2963
[  450.683149] binder_alloc: 2940: binder_alloc_buf, no vma
[  450.688719] binder: 2944:2945 transaction failed 29189/-3, size 40-16 line 2963
[  450.695144] binder: 2949:2950 ioctl 8010aa01 20000180 returned -22
[  450.703792] binder: 2949:2950 ioctl c0086420 20000080 returned -22
[  450.704771] binder: undelivered TRANSACTION_ERROR: 29201
[  450.710607] binder: BINDER_SET_CONTEXT_MGR already set
[  450.728356] binder: undelivered TRANSACTION_ERROR: 29201
[  450.746525] binder: 2949:2950 ioctl 40046207 0 returned -16
[  450.758237] binder: undelivered TRANSACTION_ERROR: 29189
[  450.761463] binder_alloc: 2940: binder_alloc_buf, no vma
[  450.764508] binder: undelivered TRANSACTION_ERROR: 29189
[  450.769303] binder: 2949:2950 transaction failed 29189/-3, size 40-16 line 2963
[  450.783348] binder: 2949:2950 ioctl 541c 20000100 returned -22
[  450.791171] binder: undelivered TRANSACTION_ERROR: 29201
[  450.796718] binder: send failed reply for transaction 5923, target dead
[  450.804709] binder: undelivered TRANSACTION_ERROR: 29189
[  450.810339] binder: undelivered TRANSACTION_ERROR: 29189
2018/03/31 13:01:55 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:55 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:55 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x0, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:55 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x0, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:55 executing program 6:
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x4000000, 0x0, "b2cdc16948c2d8debdc6ccd7e69370cd89206e7e7600f494a6f3010400004ec168402aefa9b47ddce6005ef1f5ff018c611f11fe0400973b4f3b4ca8115d75b6", "adcddcbdd258708ed483b1c6d50b363981c4f943de7510903594aa41b5a7d76826f71b49332e607bd68a9352cd05d36e027047e9bd95b49f71e4f89c99b3dacc", "98731c39612dffb0f3700d6862ad2c5e51f2bf1597643d3216b87c072c7cef3c", [0x800000000000004]})
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
r1 = dup(r0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0)
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000400)={0x0, @local}, &(0x7f00000006c0)=0xc)
fchdir(0xffffffffffffffff)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0)
ioctl$DRM_IOCTL_ADD_CTX(r1, 0xc0086420, &(0x7f0000000340)={<r3=>0x0})
ioctl$DRM_IOCTL_SET_SAREA_CTX(r1, 0x4010641c, &(0x7f0000000540)={r3, &(0x7f0000000980)=""/241})
r4 = creat(&(0x7f0000000740)='./file1\x00', 0x0)
fcntl$setstatus(r4, 0x4, 0x6000)
unlink(&(0x7f0000000000)='./file1\x00')
fcntl$getown(r4, 0x9)
pwritev(r4, &(0x7f00000000c0)=[{&(0x7f0000000c00)="cfb93447d6feaef9f73c0561e075a8295d43017ab1a157786dcda36c5eec92a4306f284fa7e3ed364cc2da5c08cf7e4030d394520e123eee6d9ab275c91c174b1364fc943b49faefe12f605b5ce6c1400a91210c00477f900aff390901bf594c18557cb38a7d57ac8ded098b96b9dfc125e3bdc9305193f4cd256068baca5208160d820b9e7a043666ba4801cf6d557fc0f97f35c13ec6c0d1fe97ce1af1c17078ef47ab955200836671e402717481d14936b09828fd6f55fda2f11eb4c61b480e941133c0a4c5ec54033d0d174742191754ffe28b093596286a78ea01078337ada8585aa98dcc1143689002e31ccc5b9f5cfd2bbce5683a0f91b395391a60ba8e8f4d3c10c82c71caa74c44c8b0f3e42f1fc264497d5b9dabf309bad7bdfaa1be37137226b5cf2badc1397e0460b1e002dc5e15a143d79b0e44fb59b43b7f164614bb428a22a6b9acffe96c154bb02d256b3f5f53a92dfd8d1f014a3e30cb061a1ea6abc640869f4be210d60622d528999804f7847eb3a886aeb91f5cd80fd892b950d19144867616ddc95d349a84426d2c2288bac7aa0e7392526874f5ec41e677c4a83ea81e18bb2c382d288b69f1102ee944a764988a87fc38c87ebb41402bf0c7cfc10abb80ad010a68467225c566c3c26ce51decb38b4a36daa4b2a71c8d818dc2973d80fefc0428c801cef822aa6d5678184ea9798450910f223b495ba8886751b815443b370f5aa638d2dfa2c47757ef69e92a7d674e6a7fc866c5bf308232dabbd55fa988952319797b458eaba3cbbe23ede09838646d026f85131a5476770bb5a8eff29472fcfd11e830aee3f276b0a007d85282a11282adb8ca7fe659b2155e01a3243a9381e2c0e75a284a1c99574d1db9f36dee4e6fc399c70697c2e7acdb71b4ff6a600ac2eedb193fac270c5fe4d033f310c95393794be698a66ac15dd2b4b78b3dd3eeae4f3635f7d30884c4f0be382818f53539ec82d781468de173c1ff1126789187ce815d7d6724e8b9f72055ff89a60e6ac533997a3cd3e9ce61e6e954536dd44b0647fa3268150cb64f015efd52fc93d242bac33e7111f118eccb18d20feb69520384a40c93915920904f286b41de292d0e6d531bed37d5ab17932fd57f81a55c82c60a80dc133065bee4f16b881400802420fdb2f23603fe754bf0fe2400c866501f3ce1b37651a134f01ee2ff844707351871a2be3d302e8678cc78a2facfe6db33a09cf99ea9befc93b99f4e17444e589fba89185f5d8ec00d1c4866b5a66d53cf7579cae2f5d789efb20cc34466b9bffd6ef15f54686996828a8ae0f3f93668df29790c03e5c91407ffb244ab3f1e2ddf1a3d501679b34a05765d840a28cb3c5cc1aa711a4b8566f274a897d431b1e4a790360f2075ba4b3ca7cb16666f6b9e60b7dbe868f572882890f8c7e5c03dc0fb343b18dfdab5f5f71f77b97e34c0fbcd24b44fa0fa36bf5064a35a0c2331d0bec6e437835928e29a0aa81843e8917380931882b0fa41903580e260c9b87f00356e260d5ea0f3fdfb64ef678c3cc981f3191f5c5f8d7c16c4f46a837491d7888c6997893bdda25a4934591a0edeee3f08f71467369420986fa34ae0f1654eae41f85fcd7bd1837ad1f26327e43b5dc7d3e54935bc2b1cb2adedb480ca22a9ddd9e38fcd405a008c32dfa5a1364064caa72e1cd552cb18099e5add0c81067ce321a9a96065b6fb2716ab23ecd82d22df153942876cafd10068be6acb7259978ed523c7413302f760d7a77413f8dff3a0c0c0d0e2372dd49e1b709bdbdfba02e4ea475082522953443de01c369ad46e8cf6312b0e21649fa5b330488faeb36eac7da5a6fbdd826ef7bf618a1bec93f2b22d3b2d08203c5049389a944e26ad", 0x53a}], 0x1, 0x0)
getsockopt$packet_int(r1, 0x107, 0x0, &(0x7f0000000200), &(0x7f00000002c0)=0x4)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000140)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000000240)={&(0x7f0000000a80)=ANY=[@ANYBLOB="000000007ec0c5730f367a26bc3b05fbd6324e078bedc00d51e395d96fa4bd8dc0c5b256261b9da9c478065b2053eb6774582233a3bf68c120bf3d5a2611c0251cfa3b54879c5b360e3f529d1d26e5ea7d14b1a83d6be04f6dc730af3f130b1ae42027cd1ad2042d627fa563c4d980c5ea80a5fc14fadfb5a062fd747e07b70031512974a8232dc522c35a376e5e11de51e83403b6b528e94a8ba950269d7daf88ab2d3aa32ced10d51d3341d3c2228e3afef7c81b52af000000000000006874144a32584d147f88fbf8e2c81a06a04636ca04c22ee4f5e872880a9f90ac2b1b22986df62aa188478894933ac36bf05f560cbf3cccf0d41050e4ff4004291d14370c79c0b16845aeae73d80ca1021d3375dfab92673de93191fa24bea9e3d3a51feb9267512e37bec56b0f5d294a1a0c1ae7597aec560887407164382bb94f20902728"], 0x1}, 0x1}, 0x0)
bind$inet6(r0, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c)
fstat(r4, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
quotactl(0x8, &(0x7f0000000080)='./bus\x00', r5, &(0x7f0000000880)="14a70808498915d9a8c5c2fc65dc3d0e46f215f9618afbec03993971ef99656952c281e9b95192f71462d79b9c1e7b26d0bf648a097b04b116bbd17216078869e605bf792fd0ca5c5ce429d663fb95e4da855f579b620fc9f90767e4fbbd2ee4fa15bc597973d932d71348e60cabd56e31fad0ce6dd22a52342f805584eae362407cee8611d6cd916f9dd7663d5ac880de6ebee3968ced66b0436c8bd31be0bbd723b2c9824449d1a7298838af8cb61233a415dcc9ef6b0242d24232203e17b2d37913a039e2dcc0ccfb8e5b7befa8ed1cdc730c18d2d6430da9d0a7009436c1ea7b3116a898af001c0bd28524fc34af798858ac7a801a")
sendto$inet6(r0, &(0x7f0000e77fff), 0xfffffffffffffd8a, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c)
ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f0000000380)={0x0, <r6=>0x0, 0xab6d})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f00000003c0)={r6, 0x80000})
lstat(&(0x7f0000000480)='./bus\x00', &(0x7f00000004c0))
quotactl(0x2, &(0x7f0000000440)='./bus\x00', r5, &(0x7f0000000340))
open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ftruncate(r2, 0x54)
ioctl$EVIOCGRAB(r4, 0x40044590, &(0x7f0000000300)=0xff)
sendfile(r1, 0xffffffffffffffff, &(0x7f0000d83ff8), 0x0)

2018/03/31 13:01:55 executing program 3:
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$vcsa(&(0x7f0000000180)='/dev/vcsa#\x00', 0x7, 0x80000)
ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4008af04, &(0x7f0000000240)=&(0x7f0000000200))
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
mount(&(0x7f0000000040)='./control\x00', &(0x7f0000000080)='./control\x00', &(0x7f0000000100)='xfs\x00', 0x21000, &(0x7f00000001c0))
unlink(&(0x7f00000000c0)='./control/file0\x00')
rmdir(&(0x7f000015dff6)='./control\x00')
unlink(&(0x7f0000000140)='./control/file0\x00')
flock(r1, 0x4)
close(r0)

2018/03/31 13:01:55 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x0, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:55 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000040)={'syzkaller1\x00', 0x6})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0))
timer_gettime(0x0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000140)={0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x6, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x7, 0x7, 0x7, 0x0, 0x0, 0x0, 0x5, 0x7, 0xff, 0x0, 0xc78, 0x0, 0x0, 0x7ff})
r1 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r1, 0x0)
r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
ioctl$UFFDIO_UNREGISTER(r2, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x7, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0), 0x4)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x0, 0x400})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x0, 0x0)
gettid()

[  451.112944] binder: 2968:2969 ioctl 8010aa01 20000180 returned -22
[  451.116423] binder: 2959:2972 ioctl 8010aa01 20000180 returned -22
[  451.122666] binder: 2960:2962 ioctl 8010aa01 20000180 returned -22
[  451.127856] binder: 2966:2970 ioctl 8010aa01 20000180 returned -22
[  451.138145] binder: 2960:2962 ioctl c0086420 20000080 returned -22
[  451.147985] binder: 2964:2971 ioctl 8010aa01 20000180 returned -22
[  451.149082] binder: 2966:2970 ioctl c0086420 20000080 returned -22
[  451.154473] binder: 2961:2963 ioctl 8010aa01 20000180 returned -22
[  451.161306] binder: 2959:2972 ioctl c0086420 20000080 returned -22
[  451.167540] binder: 2968:2969 ioctl c0086420 20000080 returned -22
[  451.178809] binder: 2966:2970 got transaction with invalid offset (0, min 24 max 40) or object.
[  451.180980] binder: 2964:2971 ioctl c0086420 20000080 returned -22
[  451.189136] binder: 2960:2962 got transaction with invalid offset (0, min 24 max 40) or object.
[  451.197785] binder: BINDER_SET_CONTEXT_MGR already set
[  451.205093] binder: 2959:2972 got transaction with invalid offset (0, min 24 max 40) or object.
[  451.209569] binder: 2961:2963 ioctl c0086420 20000080 returned -22
[  451.218587] binder: 2960:2962 transaction failed 29201/-22, size 40-16 line 3026
[  451.225195] binder: 2966:2970 transaction failed 29201/-22, size 40-16 line 3026
[  451.232810] binder: 2959:2972 transaction failed 29201/-22, size 40-16 line 3026
[  451.241358] binder: BINDER_SET_CONTEXT_MGR already set
[  451.247889] binder: 2968:2969 ioctl 40046207 0 returned -16
2018/03/31 13:01:56 executing program 7:
setsockopt$sock_void(0xffffffffffffffff, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r0=>0x0)
timer_gettime(r0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000140)={<r1=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'bond0\x00', r1})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r2 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r2, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r3, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r3, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(0xffffffffffffffff, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(0xffffffffffffffff, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r3, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  451.253570] binder: 2964:2971 ioctl 40046207 0 returned -16
[  451.267109] binder: BINDER_SET_CONTEXT_MGR already set
[  451.273819] binder: 2961:2963 ioctl 40046207 0 returned -16
[  451.294518] binder: 2961:2963 got transaction with invalid offset (40, min 24 max 40) or object.
[  451.300917] binder: undelivered TRANSACTION_ERROR: 29201
2018/03/31 13:01:56 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x0, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:56 executing program 6:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0))
timer_gettime(0x0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x6, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x7, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff})
r1 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r1, 0x0)
r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
ioctl$UFFDIO_UNREGISTER(r2, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x7, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0x0, 0x1}, 0x8, 0x5})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x0, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:56 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x0, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:56 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000040)={'syzkaller1\x00', 0x6})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0))
timer_gettime(0x0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000140)={0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x6, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x7, 0x7, 0x7, 0x0, 0x0, 0x0, 0x5, 0x7, 0xff, 0x0, 0xc78, 0x0, 0x0, 0x7ff})
r1 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r1, 0x0)
r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
ioctl$UFFDIO_UNREGISTER(r2, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x7, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0), 0x4)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x0, 0x400})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x0, 0x0)
gettid()

[  451.306060] binder_alloc: 2960: binder_alloc_buf, no vma
[  451.314557] binder: 2964:2971 transaction failed 29189/-3, size 40-16 line 2963
[  451.320700] binder: undelivered TRANSACTION_ERROR: 29201
[  451.327620] binder: send failed reply for transaction 5940 to 2968:2969
[  451.333790] binder: 2961:2963 transaction failed 29201/-22, size 40-16 line 3026
[  451.352397] binder: 2961:2963 ioctl 541c 20000100 returned -22
[  451.380572] binder: 2976:2977 ioctl 8010aa01 20000180 returned -22
[  451.391786] binder: 2979:2980 ioctl 8010aa01 20000180 returned -22
[  451.401878] binder: 2981:2982 ioctl 8010aa01 20000180 returned -22
[  451.402651] binder: 2985:2986 ioctl 8010aa01 20000180 returned -22
[  451.410727] binder: 2983:2987 ioctl 8010aa01 20000180 returned -22
[  451.422562] binder: 2976:2977 ioctl c0086420 20000080 returned -22
2018/03/31 13:01:56 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x0, 0x1, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:56 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  451.427166] binder: undelivered TRANSACTION_ERROR: 29189
[  451.430000] binder: 2979:2980 ioctl c0086420 20000080 returned -22
[  451.435328] binder: undelivered TRANSACTION_ERROR: 29201
[  451.445218] binder: 2976:2977 transaction failed 29189/-22, size 40-16 line 2848
[  451.454118] binder: 2981:2982 ioctl c0086420 20000080 returned -22
[  451.463765] binder: 2988:2989 ioctl 8010aa01 20000180 returned -22
[  451.464434] binder: 2983:2987 ioctl c0086420 20000080 returned -22
[  451.472621] binder: 2990:2991 ioctl 8010aa01 20000180 returned -22
[  451.477121] binder: 2981:2982 transaction failed 29189/-22, size 40-16 line 2848
[  451.483583] binder: undelivered TRANSACTION_COMPLETE
[  451.492229] binder: 2979:2980 got transaction with invalid offset (40, min 24 max 40) or object.
[  451.495719] binder: undelivered TRANSACTION_ERROR: 29189
[  451.504999] binder: 2979:2980 transaction failed 29201/-22, size 40-16 line 3026
[  451.510904] binder: 2985:2986 ioctl c0086420 20000080 returned -22
[  451.522715] binder: BINDER_SET_CONTEXT_MGR already set
2018/03/31 13:01:56 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x0, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:56 executing program 7:
setsockopt$sock_void(0xffffffffffffffff, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r0=>0x0)
timer_gettime(r0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000140)={<r1=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'bond0\x00', r1})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r2 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r2, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r3, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r3, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(0xffffffffffffffff, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(0xffffffffffffffff, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r3, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  451.525804] binder: 2988:2989 ioctl c0086420 20000080 returned -22
[  451.536887] binder: 2990:2991 ioctl c0086420 20000080 returned -22
[  451.542093] binder: 2983:2987 ioctl 40046207 0 returned -16
[  451.543352] binder: BINDER_SET_CONTEXT_MGR already set
[  451.555113] binder: BINDER_SET_CONTEXT_MGR already set
[  451.563132] binder: BINDER_SET_CONTEXT_MGR already set
[  451.568654] binder: 2985:2986 ioctl 40046207 0 returned -16
[  451.571510] binder: 2983:2987 got transaction with invalid offset (0, min 24 max 40) or object.
[  451.578123] binder: 2988:2989 ioctl 40046207 0 returned -16
[  451.589662] binder: undelivered TRANSACTION_ERROR: 29201
[  451.596699] binder: 2990:2991 ioctl 40046207 0 returned -16
[  451.599564] binder: 2993:2995 ioctl 8010aa01 20000180 returned -22
[  451.608157] binder: undelivered TRANSACTION_ERROR: 29189
[  451.612412] binder: 2994:2996 ioctl 8010aa01 20000180 returned -22
[  451.620404] binder: 2990:2991 got transaction with invalid offset (40, min 24 max 40) or object.
2018/03/31 13:01:56 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000040)={'syzkaller1\x00', 0x6})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0))
timer_gettime(0x0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000140)={0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x6, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x7, 0x7, 0x7, 0x0, 0x0, 0x0, 0x5, 0x7, 0xff, 0x0, 0xc78, 0x0, 0x0, 0x7ff})
r1 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r1, 0x0)
r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
ioctl$UFFDIO_UNREGISTER(r2, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x7, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0), 0x4)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x0, 0x400})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x0, 0x0)
gettid()

[  451.624475] binder: 2983:2987 transaction failed 29201/-22, size 40-16 line 3026
[  451.635168] binder: undelivered TRANSACTION_ERROR: 29189
[  451.639596] binder: 2993:2995 ioctl c0086420 20000080 returned -22
[  451.650140] binder: 2994:2996 ioctl c0086420 20000080 returned -22
[  451.650235] binder: 2988:2989 got transaction with invalid offset (0, min 24 max 40) or object.
[  451.656772] binder_alloc: binder_alloc_mmap_handler: 2979 20000000-20002000 already mapped failed -16
[  451.674276] binder: 2990:2991 transaction failed 29201/-22, size 40-16 line 3026
[  451.675265] binder: release 2985:2986 transaction 5956 out, still active
[  451.689227] binder: unexpected work type, 4, not freed
[  451.693833] binder: 2999:3000 ioctl 8010aa01 20000180 returned -22
[  451.694533] binder: undelivered TRANSACTION_COMPLETE
[  451.705418] binder: 2988:2989 transaction failed 29201/-22, size 40-16 line 3026
[  451.714352] binder_alloc: 2979: binder_alloc_buf, no vma
[  451.714606] binder: 2990:2991 ioctl 541c 20000100 returned -22
2018/03/31 13:01:56 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x0, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:56 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x0, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  451.719923] binder: 2993:2995 transaction failed 29189/-3, size 40-16 line 2963
[  451.720905] binder_alloc: 2979: binder_alloc_buf, no vma
[  451.728330] binder: 2999:3000 ioctl c0086420 20000080 returned -22
[  451.733525] binder: 2994:2996 transaction failed 29189/-3, size 40-16 line 2963
[  451.756604] binder: BINDER_SET_CONTEXT_MGR already set
2018/03/31 13:01:56 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x0, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  451.776744] binder: 2979:2997 ioctl 8010aa01 20000180 returned -22
[  451.780967] binder: 2999:3000 ioctl 40046207 0 returned -16
[  451.797143] binder: 2979:2980 ioctl c0086420 20000080 returned -22
[  451.803917] binder: undelivered TRANSACTION_ERROR: 29189
[  451.804491] binder: 3001:3002 ioctl 8010aa01 20000180 returned -22
[  451.815722] binder: 3004:3005 ioctl 8010aa01 20000180 returned -22
[  451.817779] binder: 3001:3002 ioctl c0086420 20000080 returned -22
[  451.822674] binder: undelivered TRANSACTION_ERROR: 29201
[  451.829801] binder_alloc: 2979: binder_alloc_buf, no vma
[  451.834247] binder: BINDER_SET_CONTEXT_MGR already set
[  451.839554] binder: 2999:3000 transaction failed 29189/-3, size 40-8 line 2963
[  451.852404] binder: BINDER_SET_CONTEXT_MGR already set
[  451.853700] binder: 3004:3005 ioctl c0086420 20000080 returned -22
[  451.860884] binder: 2979:2997 ioctl 40046207 0 returned -16
[  451.866424] binder: 3003:3006 ioctl 8010aa01 20000180 returned -22
[  451.876378] binder: undelivered TRANSACTION_ERROR: 29201
[  451.882331] binder: undelivered TRANSACTION_ERROR: 29201
[  451.889480] binder_alloc: 2979: binder_alloc_buf, no vma
[  451.894423] binder: 3001:3002 ioctl 40046207 0 returned -16
[  451.895057] binder: 3004:3005 transaction failed 29189/-3, size 40-16 line 2963
[  451.909150] binder: undelivered TRANSACTION_ERROR: 29189
[  451.909244] binder_alloc: 2979: binder_alloc_buf, no vma
[  451.915570] binder: undelivered TRANSACTION_ERROR: 29189
[  451.920276] binder: 2979:2980 transaction failed 29189/-3, size 40-16 line 2963
[  451.933965] binder: 3003:3006 ioctl c0086420 20000080 returned -22
[  451.937435] binder_alloc: 2979: binder_alloc_buf, no vma
[  451.941261] binder: BINDER_SET_CONTEXT_MGR already set
[  451.945857] binder: 3001:3002 transaction failed 29189/-3, size 40-16 line 2963
[  451.960602] binder: 3003:3006 ioctl 40046207 0 returned -16
[  451.960773] binder: undelivered TRANSACTION_ERROR: 29189
[  451.973891] binder_alloc: 2979: binder_alloc_buf, no vma
[  451.979453] binder: 3003:3006 transaction failed 29189/-3, size 40-16 line 2963
[  451.995379] binder: undelivered TRANSACTION_ERROR: 29189
[  452.005533] binder: undelivered TRANSACTION_ERROR: 29189
[  452.011152] binder: undelivered TRANSACTION_ERROR: 29201
[  452.016768] binder: send failed reply for transaction 5956, target dead
[  452.025138] binder: undelivered TRANSACTION_ERROR: 29189
2018/03/31 13:01:56 executing program 3:
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$vcsa(&(0x7f0000000180)='/dev/vcsa#\x00', 0x7, 0x80000)
ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4008af04, &(0x7f0000000240)=&(0x7f0000000200))
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
mount(&(0x7f0000000040)='./control\x00', &(0x7f0000000080)='./control\x00', &(0x7f0000000100)='xfs\x00', 0x21000, &(0x7f00000001c0))
unlink(&(0x7f00000000c0)='./control/file0\x00')
rmdir(&(0x7f000015dff6)='./control\x00')
unlink(&(0x7f0000000140)='./control/file0\x00')
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000440), &(0x7f0000000600)=0x8)
close(r0)

2018/03/31 13:01:56 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:56 executing program 6:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop-control\x00', 0x0, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000240)={0x0, <r1=>0x0})
ptrace$peekuser(0x3, 0x0, 0x542ca047)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
socket(0x4, 0x80807, 0x0)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0xa100, 0x0)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000040)={@empty, 0xff, 0x2, 0x3, 0x8, 0x81, 0x1, 0xfffffffffffffcd7}, &(0x7f0000000080)=0x20)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
setpgid(r1, r1)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f00000000c0)={<r3=>0x0, 0x9}, &(0x7f00000001c0)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={r3, 0xd4, &(0x7f0000000540)=[@in6={0xa, 0x4e21, 0x6, @mcast2={0xff, 0x2, [], 0x1}}, @in6={0xa, 0x4e23, 0x9, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x14, 0xe}}, 0x5}, @in6={0xa, 0x4e24, 0x2, @dev={0xfe, 0x80, [], 0x16}, 0x3}, @in6={0xa, 0x4e21, 0x8, @dev={0xfe, 0x80, [], 0xd}, 0xaf31}, @in6={0xa, 0x4e20, 0x9, @loopback={0x0, 0x1}, 0x6f}, @in6={0xa, 0x4e21, 0x800, @local={0xfe, 0x80, [], 0xaa}, 0x7f}, @in={0x2, 0x4e23, @remote={0xac, 0x14, 0x14, 0xbb}}, @in6={0xa, 0x4e23, 0x9, @loopback={0x0, 0x1}, 0x1}]}, &(0x7f0000000440)=0x10)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
r4 = dup2(r0, r0)
connect$ax25(0xffffffffffffffff, &(0x7f00000002c0)={0x3, {"20ada8787a1d43"}}, 0x10)
setsockopt$sock_timeval(r4, 0x1, 0x15, &(0x7f00000006c0)={0x0, 0x2710}, 0x10)
ptrace$poke(0x4, r1, &(0x7f0000000680), 0x2)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
getsockopt$packet_int(r2, 0x107, 0x0, &(0x7f0000000480), &(0x7f0000000640)=0x4)
getsockopt$IPT_SO_GET_ENTRIES(r4, 0x0, 0x41, &(0x7f0000000700)={'filter\x00', 0xab, "22adb4830497aae8d6b2cf33de4f619c225f993f727e43b21caac7104dd7aff06de75886371e1d0d8989d413e0a042a4358735b9a5fc8f009d0512083627accac8cb5909413538ce093a72c0a5b6e763cb5e1ea45d0677317a38aba75262f7e246070bbfadb7039e1d854cfaa0ffa79d4f6f720c4aa05a0258ff270068bd2f7e387a54197bc71f83f6e8c9f21edceb72e71b0549914dd23aced8789a54bc84e1d1aa98ce864379b41d357d"}, &(0x7f0000000800)=0xcf)
ioctl$TIOCMSET(r4, 0x5418, &(0x7f0000000280)=0x800)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x54, &(0x7f00000004c0)=[@in6={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, @in6={0xa, 0x4e23, 0xfc3, @ipv4={[], [0xff, 0xff]}}, @in6={0xa, 0x4e22, 0x3, @mcast1={0xff, 0x1, [], 0x1}, 0x2}]}, &(0x7f0000000140)=0x10)
execve(&(0x7f0000000300)='./file0\x00', &(0x7f0000000400)=[&(0x7f0000000340)='/dev/loop-control\x00', &(0x7f0000000380)='uservboxnet0\x00', &(0x7f00000003c0)='/dev/loop-control\x00'], &(0x7f0000000480))

2018/03/31 13:01:56 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x0, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:56 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000040)={'syzkaller1\x00', 0x6})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0))
timer_gettime(0x0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000140)={0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x6, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x7, 0x7, 0x7, 0x0, 0x0, 0x0, 0x5, 0x7, 0xff, 0x0, 0xc78, 0x0, 0x0, 0x7ff})
r1 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r1, 0x0)
r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
ioctl$UFFDIO_UNREGISTER(r2, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x7, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0), 0x4)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x0, 0x400})
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:56 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x0, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:56 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x0, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:56 executing program 7:
setsockopt$sock_void(0xffffffffffffffff, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r0=>0x0)
timer_gettime(r0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000140)={<r1=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'bond0\x00', r1})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r2 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r2, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r3, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r3, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(0xffffffffffffffff, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(0xffffffffffffffff, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r3, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  452.083273] binder: 3015:3017 ioctl 8010aa01 20000180 returned -22
[  452.086803] binder: 3014:3016 ioctl 8010aa01 20000180 returned -22
[  452.099274] binder: 3013:3023 ioctl 8010aa01 20000180 returned -22
[  452.100996] binder: 3019:3025 ioctl 8010aa01 20000180 returned -22
[  452.110534] binder: 3015:3017 ioctl c0086420 20000080 returned -22
[  452.122171] binder: 3021:3022 ioctl 8010aa01 20000180 returned -22
[  452.125875] binder: 3014:3016 ioctl c0086420 20000080 returned -22
[  452.130096] binder: 3021:3022 ioctl c0086420 20000080 returned -22
[  452.135394] binder: 3019:3025 ioctl c0086420 20000080 returned -22
[  452.142631] binder: 3013:3023 ioctl c0086420 20000080 returned -22
[  452.149285] binder: 3014:3016 got transaction with invalid offset (0, min 24 max 40) or object.
[  452.156192] binder: BINDER_SET_CONTEXT_MGR already set
[  452.163488] binder: 3024:3026 ioctl 8010aa01 20000180 returned -22
[  452.169411] binder: 3013:3023 got transaction with invalid offset (0, min 24 max 40) or object.
[  452.175563] binder: 3024:3026 ioctl c0086420 20000080 returned -22
[  452.184173] binder: 3015:3017 ioctl 40046207 0 returned -16
[  452.191826] binder: 3019:3025 got transaction with invalid offset (0, min 24 max 40) or object.
[  452.195873] binder: 3014:3016 transaction failed 29201/-22, size 40-16 line 3026
[  452.204834] binder: 3019:3025 transaction failed 29201/-22, size 40-16 line 3026
[  452.212920] binder: BINDER_SET_CONTEXT_MGR already set
[  452.225168] binder: BINDER_SET_CONTEXT_MGR already set
2018/03/31 13:01:56 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  452.226370] binder: 3013:3023 transaction failed 29201/-22, size 40-16 line 3026
[  452.230688] binder: 3024:3026 ioctl 40046207 0 returned -16
[  452.238725] binder: 3021:3022 ioctl 40046207 0 returned -16
[  452.260708] binder: undelivered TRANSACTION_ERROR: 29201
[  452.260723] binder: 3015:3017 got transaction with invalid offset (40, min 24 max 40) or object.
2018/03/31 13:01:56 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x0, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  452.299048] binder: undelivered TRANSACTION_ERROR: 29201
[  452.309509] binder: 3033:3035 ioctl 8010aa01 20000180 returned -22
[  452.320324] binder: 3021:3022 got transaction with invalid offset (0, min 24 max 40) or object.
[  452.332204] binder: undelivered TRANSACTION_ERROR: 29201
[  452.336183] binder: 3015:3017 transaction failed 29201/-22, size 40-16 line 3026
[  452.337765] binder: send failed reply for transaction 5985 to 3024:3026
[  452.347756] binder: 3033:3035 ioctl c0086420 20000080 returned -22
[  452.357043] binder: 3036:3037 ioctl 8010aa01 20000180 returned -22
[  452.365639] binder: 3015:3017 ioctl 541c 20000100 returned -22
[  452.374182] binder: 3021:3022 transaction failed 29201/-22, size 40-16 line 3026
[  452.381062] binder: 3033:3035 transaction failed 29189/-22, size 40-16 line 2848
[  452.387010] binder: 3036:3037 ioctl c0086420 20000080 returned -22
[  452.396253] binder: undelivered TRANSACTION_COMPLETE
[  452.401436] binder: undelivered TRANSACTION_ERROR: 29189
[  452.417284] binder: 3036:3037 transaction failed 29189/-22, size 40-16 line 2848
[  452.418843] binder: undelivered TRANSACTION_ERROR: 29201
[  452.447322] binder: undelivered TRANSACTION_ERROR: 29189
[  452.453341] binder: undelivered TRANSACTION_ERROR: 29201
[  452.459279] binder: undelivered TRANSACTION_ERROR: 29189
2018/03/31 13:01:57 executing program 3:
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$vcsa(&(0x7f0000000180)='/dev/vcsa#\x00', 0x7, 0x80000)
ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4008af04, &(0x7f0000000240)=&(0x7f0000000200))
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
mount(&(0x7f0000000040)='./control\x00', &(0x7f0000000080)='./control\x00', &(0x7f0000000100)='xfs\x00', 0x21000, &(0x7f00000001c0))
unlink(&(0x7f00000000c0)='./control/file0\x00')
rmdir(&(0x7f000015dff6)='./control\x00')
unlink(&(0x7f0000000140)='./control/file0\x00')
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000440), &(0x7f0000000600)=0x8)
close(r0)

2018/03/31 13:01:57 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000040)={'syzkaller1\x00', 0x6})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0))
timer_gettime(0x0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000140)={0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x6, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x7, 0x7, 0x7, 0x0, 0x0, 0x0, 0x5, 0x7, 0xff, 0x0, 0xc78, 0x0, 0x0, 0x7ff})
r1 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r1, 0x0)
r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
ioctl$UFFDIO_UNREGISTER(r2, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x7, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0), 0x4)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x0, 0x400})
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:57 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x0, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:57 executing program 6:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop-control\x00', 0x0, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000240)={0x0, <r1=>0x0})
ptrace$peekuser(0x3, 0x0, 0x542ca047)
socket(0x4, 0x80807, 0x0)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0xa100, 0x0)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@empty, 0xff, 0x2, 0x3, 0x8, 0x81, 0x1, 0xfffffffffffffcd7}, &(0x7f0000000080)=0x20)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
setpgid(r1, r1)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f00000000c0)={<r3=>0x0, 0x9, 0x2}, &(0x7f00000001c0)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={r3, 0xd4, &(0x7f0000000540)=[@in6={0xa, 0x4e21, 0x6, @mcast2={0xff, 0x2, [], 0x1}}, @in6={0xa, 0x4e23, 0x9, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x14, 0xe}}, 0x5}, @in6={0xa, 0x4e24, 0x2, @dev={0xfe, 0x80, [], 0x16}, 0x3}, @in6={0xa, 0x4e21, 0x8, @dev={0xfe, 0x80, [], 0xd}, 0xaf31}, @in6={0xa, 0x4e20, 0x9, @loopback={0x0, 0x1}, 0x6f}, @in6={0xa, 0x4e21, 0x800, @local={0xfe, 0x80, [], 0xaa}, 0x7f}, @in={0x2, 0x4e23, @remote={0xac, 0x14, 0x14, 0xbb}}, @in6={0xa, 0x4e23, 0x9, @loopback={0x0, 0x1}, 0x1}]}, &(0x7f0000000440)=0x10)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
r4 = dup2(r0, r0)
connect$ax25(0xffffffffffffffff, &(0x7f00000002c0)={0x3, {"20ada8787a1d43"}}, 0x10)
setsockopt$sock_timeval(r4, 0x1, 0x15, &(0x7f00000006c0)={0x0, 0x2710}, 0x10)
ptrace$poke(0x4, r1, &(0x7f0000000680), 0x2)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
getsockopt$packet_int(r2, 0x107, 0x11, &(0x7f0000000480), &(0x7f0000000640)=0x4)
getsockopt$IPT_SO_GET_ENTRIES(r4, 0x0, 0x41, &(0x7f0000000700)={'filter\x00', 0x89, "22adb4830497aae8d6b2cf33de4f619c225f993f727e43b21caac7104dd7aff06de75886371e1d0d8989d413e0a042a4358735b9a5fc8f009d0512083627accac8cb5909413538ce093a72c0a5b6e763cb5e1ea45d0677317a38aba75262f7e246070bbfadb7039e1d854cfaa0ffa79d4f6f720c4aa05a0258ff270068bd2f7e387a54197bc71f83f6"}, &(0x7f0000000800)=0xad)
ioctl$TIOCMSET(r4, 0x5418, &(0x7f0000000280)=0x800)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x38, &(0x7f00000004c0)=[@in6={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}, 0x1f}, @in6={0xa, 0x4e22, 0x3, @mcast1={0xff, 0x1, [], 0x1}}]}, &(0x7f0000000140)=0xc)
execve(&(0x7f0000000300)='./file0\x00', &(0x7f0000000400)=[&(0x7f0000000340)='/dev/loop-control\x00', &(0x7f00000003c0)='/dev/loop-control\x00'], &(0x7f0000000480))

2018/03/31 13:01:57 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x0, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:57 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:57 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:57 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x0, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  453.048215] binder: 3049:3050 ioctl 8010aa01 20000180 returned -22
[  453.048506] binder: 3053:3056 ioctl 8010aa01 20000180 returned -22
[  453.056374] binder: 3045:3051 ioctl 8010aa01 20000180 returned -22
[  453.064092] binder: 3044:3048 ioctl 8010aa01 20000180 returned -22
[  453.067627] binder: 3052:3055 ioctl 8010aa01 20000180 returned -22
[  453.085212] binder: 3046:3047 ioctl 8010aa01 20000180 returned -22
[  453.085302] binder: 3044:3048 ioctl c0086420 20000080 returned -22
[  453.092990] binder: 3046:3047 ioctl c0086420 20000080 returned -22
[  453.100899] binder: 3053:3056 ioctl c0086420 20000080 returned -22
[  453.104602] binder: 3049:3050 ioctl c0086420 20000080 returned -22
[  453.112382] binder: 3044:3048 transaction failed 29189/-22, size 40-16 line 2848
[  453.119125] binder: 3052:3055 ioctl c0086420 20000080 returned -22
[  453.127569] binder: 3053:3056 got transaction with invalid offset (40, min 24 max 40) or object.
[  453.131711] binder: 3045:3051 ioctl c0086420 20000080 returned -22
[  453.140296] binder: 3053:3056 transaction failed 29201/-22, size 40-16 line 3026
[  453.146588] binder: BINDER_SET_CONTEXT_MGR already set
[  453.159590] binder: 3049:3050 ioctl 40046207 0 returned -16
[  453.167179] binder: 3046:3047 got transaction with invalid offset (0, min 24 max 40) or object.
[  453.168060] binder: undelivered TRANSACTION_ERROR: 29189
[  453.176805] binder: BINDER_SET_CONTEXT_MGR already set
[  453.182095] binder: 3046:3047 transaction failed 29201/-22, size 40-16 line 3026
2018/03/31 13:01:57 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x0, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  453.187078] binder: 3052:3055 ioctl 40046207 0 returned -16
[  453.201205] binder: BINDER_SET_CONTEXT_MGR already set
[  453.206745] binder: 3053:3056 ioctl 541c 20000100 returned -22
[  453.213622] binder: 3045:3051 ioctl 40046207 0 returned -16
[  453.223893] binder: 3061:3062 ioctl 8010aa01 20000180 returned -22
[  453.237322] binder: 3052:3055 got transaction with invalid offset (0, min 24 max 40) or object.
[  453.239836] binder: undelivered TRANSACTION_ERROR: 29201
[  453.250005] kasan: CONFIG_KASAN_INLINE enabled
[  453.251787] binder: send failed reply for transaction 6001 to 3049:3050
[  453.256566] binder: 3052:3055 transaction failed 29201/-22, size 40-16 line 3026
[  453.261356] binder: 3045:3051 transaction failed 29189/-22, size 40-16 line 2848
[  453.263393] kasan: GPF could be caused by NULL-ptr deref or user memory access
[  453.263404] general protection fault: 0000 [#1] SMP KASAN
[  453.263411] Dumping ftrace buffer:
[  453.294807]    (ftrace buffer empty)
2018/03/31 13:01:57 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x28]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000100)={0x5, 0x7, 0x0, 0xfffffffffff7ffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x1bae, 0x0, 0x20}, 0x9, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x804, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:57 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000040)={'syzkaller1\x00', 0x6})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0))
timer_gettime(0x0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000140)={0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x6, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x7, 0x7, 0x7, 0x0, 0x0, 0x0, 0x5, 0x7, 0xff, 0x0, 0xc78, 0x0, 0x0, 0x7ff})
r1 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r1, 0x0)
r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
ioctl$UFFDIO_UNREGISTER(r2, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x7, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0), 0x4)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x0, 0x400})
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:58 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x3f71, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x65, &(0x7f00000006c0), 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  453.296256] binder: 3068:3069 ioctl 8010aa01 20000180 returned -22
[  453.298500] Modules linked in:
[  453.298510] CPU: 0 PID: 3064 Comm: modprobe Not tainted 4.16.0-rc7+ #283
[  453.298514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  453.298530] RIP: 0010:qlist_free_all+0x12b/0x160
[  453.298533] RSP: 0018:ffff8801afcdf818 EFLAGS: 00010207
[  453.298540] RAX: dead4ead00000000 RBX: 0000000000000282 RCX: ffffea0000000000
[  453.298544] RDX: 037aa11ab4000000 RSI: ffff8801d055ece0 RDI: 0000000000000282
2018/03/31 13:01:58 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  453.298552] RBP: ffff8801afcdf850 R08: 1ffff10035f9bed1 R09: 0000000000000000
[  453.313766] binder: undelivered TRANSACTION_ERROR: 29189
[  453.314828] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  453.314833] R13: 0000000000000000 R14: dead4ead00000000 R15: ffffffff88512760
[  453.314840] FS:  00007fd7f211e700(0000) GS:ffff8801db000000(0000) knlGS:0000000000000000
[  453.314844] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  453.314849] CR2: 00007fd7f2123000 CR3: 00000001b0432006 CR4: 00000000001606f0
2018/03/31 13:01:58 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'syzkaller1\x00'})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0)=<r1=>0x0)
timer_gettime(r1, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={<r2=>0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', r2})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x0, 0x0, 0x0, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x0, 0x7, 0x7, 0x0, 0x5f71, 0x0, 0x5, 0x7, 0xff, 0xff, 0xc78, 0x40, 0x0, 0x7ff, 0x0, 0x401})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000140))
r3 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r3, 0x0)
syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x800)
r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0, 0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x0, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x249)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000680)={0x0, 0xfff}, 0x8)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0)=0x9f9, 0x4)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x5, 0x8000, 0x400, 0x80000001, 0x1})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

2018/03/31 13:01:58 executing program 6:
sendto$inet6(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80}}, 0x1c)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vga_arbiter\x00', 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x3}, &(0x7f0000000ac0)=0x20)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)}, &(0x7f0000000fc0)=0x10)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000001000), &(0x7f0000001040)=0x18)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ppp\x00', 0x0, 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000240))
getpgid(0x0)
request_key(&(0x7f0000000580)='dns_resolver\x00', &(0x7f00000005c0)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='/dev/ppp\x00', 0xfffffffffffffffb)

[  453.314856] DR0: 0000000020000000 DR1: 0000000020000000 DR2: 0000000000000000
[  453.314860] DR3: 0000000000000002 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  453.314863] Call Trace:
[  453.314879]  quarantine_reduce+0x141/0x170
[  453.314888]  kasan_kmalloc+0xca/0xe0
[  453.330132] binder: 3061:3062 ioctl c0086420 20000080 returned -22
[  453.334399]  kasan_slab_alloc+0x12/0x20
[  453.334406]  kmem_cache_alloc_node_trace+0x139/0x760
[  453.334419]  ? rcutorture_record_progress+0x10/0x10
[  453.360510] binder: 3068:3069 ioctl c0086420 20000080 returned -22
2018/03/31 13:01:58 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x3ff, 0x200300)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000040)={'syzkaller1\x00', 0x6})
timer_create(0x2, &(0x7f0000000080)={0x0, 0x27, 0x6}, &(0x7f00000000c0))
timer_gettime(0x0, &(0x7f0000000bc0))
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000140)={0x0, @remote, @rand_addr}, &(0x7f0000000440)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, &(0x7f0000000240)=0x8)
clock_adjtime(0x7, &(0x7f0000000340)={0x1, 0x20, 0x6, 0x3f71, 0x8181, 0x3f, 0x6, 0x2, 0x80, 0x5f, 0x7, 0x7, 0x7, 0x0, 0x0, 0x0, 0x5, 0x7, 0xff, 0x0, 0xc78, 0x0, 0x0, 0x7ff})
r1 = syz_open_dev$binder(&(0x7f0000236ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x20011, r1, 0x0)
r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
ioctl$UFFDIO_UNREGISTER(r2, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffa000/0x5000)=nil, 0x5000})
ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000080))
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000100)={0x5, 0x5, 0x7, 0xffffffffffffffff})
ioctl$int_out(r0, 0x5462, &(0x7f0000000480))
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000540)={{0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20}, 0x8, 0x5, 0x78})
sysinfo(&(0x7f00000005c0)=""/23)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000600), &(0x7f0000000640)=0x4)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000006c0), 0x4)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x0, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000ec0)=@filter={'filter\x00', 0xe, 0x4, 0x0, [0x0, 0x20000800, 0x20000be0, 0x20000d70], 0x0, &(0x7f00000007c0), &(0x7f0000001340)=ANY=[]}, 0x50)
gettid()

[  453.361591]  __kmalloc_node+0x33/0x70
[  453.361602]  kvmalloc_node+0x99/0xd0
[  453.361612]  seq_read+0x7fc/0x1410
[  453.361624]  ? trace_hardirqs_off+0x10/0x10
[  453.377111] binder: undelivered TRANSACTION_ERROR: 29201
[  453.384855]  ? save_stack+0x43/0xd0
[  453.384863]  ? seq_lseek+0x3c0/0x3c0
[  453.384872]  ? find_held_lock+0x35/0x1d0
[  453.384881]  ? quarantine_put+0x17a/0x190
[  453.384889]  ? seq_lseek+0x3c0/0x3c0
[  453.414233] binder: 3061:3062 transaction failed 29189/-22, size 40-16 line 2848
[  453.415429]  proc_reg_read+0xe8/0x160
[  453.415438]  ? proc_reg_write+0x160/0x160
[  453.415447]  __vfs_read+0xef/0xa00
[  453.415455]  ? fsnotify+0x7b3/0x1140
[  453.415465]  ? vfs_copy_file_range+0x940/0x940
[  453.436511] binder: undelivered TRANSACTION_ERROR: 29201
[  453.438783]  ? fsnotify_first_mark+0x2b0/0x2b0
[  453.438796]  ? security_file_permission+0x89/0x1e0
[  453.438806]  ? rw_verify_area+0xe5/0x2b0
[  453.438815]  ? __fdget_raw+0x20/0x20
[  453.482207] binder: 3079:3080 ioctl 8010aa01 20000180 returned -22
[  453.486262]  vfs_read+0x11e/0x350
[  453.486271]  SyS_read+0xef/0x220
[  453.486280]  ? kernel_write+0x120/0x120
[  453.486351]  ? ext4_llseek+0x237/0x2a0
[  453.486363]  ? do_syscall_64+0xb7/0x940
[  453.497634] binder: 3079:3080 ioctl c0086420 20000080 returned -22
[  453.501351]  ? kernel_write+0x120/0x120
[  453.501361]  do_syscall_64+0x281/0x940
[  453.501371]  ? vmalloc_sync_all+0x30/0x30
[  453.501379]  ? trace_event_raw_event_sys_exit+0x260/0x260
[  453.501386]  ? syscall_return_slowpath+0x550/0x550
[  453.501395]  ? syscall_return_slowpath+0x2ac/0x550
[  453.506311] binder: BINDER_SET_CONTEXT_MGR already set
[  453.509046]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[  453.509057]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  453.509067]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  453.509073] RIP: 0033:0x7fd7f1a36310
[  453.509076] RSP: 002b:00007ffe6c4ed3c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  453.512890] binder: 3079:3080 ioctl 40046207 0 returned -16
[  453.517327] RAX: ffffffffffffffda RBX: 0000000000000fff RCX: 00007fd7f1a36310
[  453.517332] RDX: 0000000000000fff RSI: 00007ffe6c4ed610 RDI: 0000000000000000
[  453.517336] RBP: 0000000000000000 R08: 00007fd7f211e700 R09: 00007ffe6c4ed4e8
[  453.517339] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe6c4ed610
[  453.517344] R13: 0000000000000000 R14: 00007ffe6c4ed610 R15: 00007ffe6c4ed610
[  453.517352] Code: 00 00 00 80 48 01 c2 72 44 48 b9 00 
[  453.524948] binder_alloc: 3068: binder_alloc_buf, no vma
[  453.527364] 00 00 80 ff 77 00 00 48 01 ca 48 b9 00 00 00 00 00 ea ff ff 48 c1 ea 0c 
[  453.532346] binder: 3079:3080 transaction failed 29189/-3, size 40-8 line 2963
[  453.536354] 48 c1 e2 06 48 01 ca <48> 8b 4a 
[  453.550146] binder: undelivered TRANSACTION_ERROR: 29189
[  453.553129] 20 48 8d 71 ff 83 e1 01 48 0f 45 d6 4c 8b 6a 30 e9 f4 
[  453.553181] RIP: qlist_free_all+0x12b/0x160 RSP: ffff8801afcdf818
[  453.553294] ---[ end trace edd3e967ec9a910f ]---
[  453.558391] binder: undelivered TRANSACTION_COMPLETE
[  453.561042] Kernel panic - not syncing: Fatal exception
[  453.561515] Dumping ftrace buffer:
[  453.561519]    (ftrace buffer empty)
[  453.561522] Kernel Offset: disabled
[  453.746817] Rebooting in 86400 seconds..