[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 16.580517] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.237263] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 20.487478] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 21.579425] random: nonblocking pool is initialized Warning: Permanently added '10.128.0.12' (ECDSA) to the list of known hosts. 2018/01/26 11:55:27 fuzzer started 2018/01/26 11:55:28 dialing manager at 10.128.0.26:33403 2018/01/26 11:55:31 kcov=true, comps=false 2018/01/26 11:55:32 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r0, &(0x7f000082d000)={0xa, 0x3, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}, 0x1c) r1 = socket$inet_sctp(0x2, 0x5, 0x84) r2 = dup2(r0, r1) connect$inet(r2, &(0x7f0000868000-0x10)={0x2, 0x3, @loopback=0x7f000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000b1e000-0x8)={0x1, [0x0]}, &(0x7f0000a02000-0x4)=0x8) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x66, &(0x7f0000ce6000)={r3, 0x0}, &(0x7f000037a000)=0x8) 2018/01/26 11:55:32 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d18000-0xd)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = gettid() fcntl$setown(0xffffffffffffffff, 0x8, r1) openat$autofs(0xffffffffffffff9c, &(0x7f0000790000-0xc)='/dev/autofs\x00', 0x20000, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000c8000)='/dev/sequencer2\x00', 0x20000, 0x0) syz_open_procfs(r1, &(0x7f0000f97000-0xd)='net/sockstat\x00') ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000-0x30)={0x44, 0x0, &(0x7f000000e000-0xb8)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x8, &(0x7f000000d000)=[@fda={0x66646185, 0x0, 0x0, 0x0}, @flat={0x77682a85, 0x0, 0x0, 0x0}], &(0x7f0000006000)=[0x20]}}], 0x0, 0x0, &(0x7f000047e000)=""}) 2018/01/26 11:55:32 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f00002b1000-0x8)=0x47) sendto$inet(r0, &(0x7f0000fd0000)="", 0xfffffffffffffec1, 0x20000801, &(0x7f0000deb000-0x10)={0x2, 0xffffffffffffffff, @loopback=0x7f000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) 2018/01/26 11:55:32 executing program 4: 2018/01/26 11:55:32 executing program 2: 2018/01/26 11:55:32 executing program 5: 2018/01/26 11:55:32 executing program 6: 2018/01/26 11:55:32 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket(0x1040000000010, 0x2, 0x0) write(r0, &(0x7f0000a1f000)="260000001e00470792f6caff000003c0001900004700000200050800aa073f550000000021ff", 0x26) [ 32.173973] IPVS: Creating netns size=2552 id=1 [ 32.236602] IPVS: Creating netns size=2552 id=2 [ 32.301150] IPVS: Creating netns size=2552 id=3 [ 32.370531] IPVS: Creating netns size=2552 id=4 [ 32.468055] IPVS: Creating netns size=2552 id=5 [ 32.583816] IPVS: Creating netns size=2552 id=6 [ 32.695248] IPVS: Creating netns size=2552 id=7 [ 32.832072] IPVS: Creating netns size=2552 id=8 [ 35.403082] binder: 4303:4305 transaction failed 29189/-22, size 56-8 line 3005 [ 35.459207] binder: undelivered TRANSACTION_ERROR: 29189 2018/01/26 11:55:36 executing program 0: 2018/01/26 11:55:36 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000c0b000-0x8)='keyring\x00', &(0x7f0000077000-0x5)={0x73, 0x79, 0x7a, 0xffffffffffffffff, 0x0}, 0x0, 0x0, 0x0) r1 = add_key$user(&(0x7f000078c000-0x5)='user\x00', &(0x7f0000466000-0x5)={0x73, 0x79, 0x7a, 0xffffffffffffffff, 0x0}, &(0x7f00001e6000-0x1)="ff", 0x1, r0) r2 = add_key$user(&(0x7f0000e26000)='user\x00', &(0x7f000022c000)={0x73, 0x79, 0x7a, 0x3, 0x0}, &(0x7f0000be6000-0x168)="b33ab70087ebe0d94f729cd653e520c19ad7d97fe21769c4db44c249b544230aa287fb8bd6ed266ccf59ef70995bf2e8e0d3fff32853667eda22d2818d08ca27e0ec821620e365a0e6b9485f2d925493ee0c0103005f8c7eba67841200007f5b07e5849d2e875b066cd640b336616fe0f3c300007fb4627ee7597689525e8e812650a86eb580fb4690ea52246bd3d32b1a91f944edb74b1f50ae08c5387ed8fd0598b600579f3af3f864c324f6353c0000f98f7e149be31bd78b506e8b951173", 0xc0, r0) keyctl$dh_compute(0x17, &(0x7f00006b8000)={r1, r2, r1}, &(0x7f0000e3a000-0x1)=""/1, 0x1, &(0x7f0000e17000)={&(0x7f0000788000)={'sha384-generic\x00'}, &(0x7f00001c5000)="", 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 2018/01/26 11:55:36 executing program 7: 2018/01/26 11:55:36 executing program 6: 2018/01/26 11:55:36 executing program 2: 2018/01/26 11:55:36 executing program 5: 2018/01/26 11:55:36 executing program 4: 2018/01/26 11:55:36 executing program 3: 2018/01/26 11:55:36 executing program 7: 2018/01/26 11:55:36 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$loop(&(0x7f0000903000)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0) 2018/01/26 11:55:36 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000498000)={&(0x7f0000d55000)={0x10, 0x0, 0x0, 0x0}, 0xc, &(0x7f00008b8000-0x10)={&(0x7f00003c1000-0x24)={0x24, 0x0, 0x1, 0x800000001, 0xffffffffffffffff, 0xffffffffffffffff, {0x0, 0x0, 0x0}, [@nested={0x10, 0x2, [@typed={0xc, 0x1, @ipv4=@multicast2=0xe0000002}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x0}, 0x0) 2018/01/26 11:55:36 executing program 5: mmap(&(0x7f0000000000/0x16000)=nil, 0x16000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000010000)='net/tcp\x00') read$eventfd(r0, &(0x7f0000009000-0x8)=0x0, 0x57a) 2018/01/26 11:55:36 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d18000-0xd)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000-0x30)={0x44, 0x0, &(0x7f000000e000-0xb8)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x8, &(0x7f000000d000)=[@fda={0x66646185, 0x0, 0x0, 0x0}, @flat={0x77682a85, 0x0, 0x0, 0x0}], &(0x7f0000006000)=[0x20]}}], 0x0, 0x0, &(0x7f000047e000)=""}) 2018/01/26 11:55:36 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff800000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) seccomp(0x1, 0x1, &(0x7f000031b000)={0x1, &(0x7f0000219000-0x8)=[{0x6, 0x0, 0x10000100002, 0x0}]}) [ 36.000050] audit: type=1400 audit(1516967736.674:5): avc: denied { create } for pid=4470 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 36.033948] audit: type=1326 audit(1516967736.704:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=4476 comm="syz-executor4" exe="/root/syz-executor4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452f19 code=0x0 [ 36.039529] audit: type=1400 audit(1516967736.704:7): avc: denied { set_context_mgr } for pid=4475 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 36.040727] audit: type=1400 audit(1516967736.714:8): avc: denied { call } for pid=4475 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 36.040964] binder: 4475:4481 got transaction with invalid handle, 0 [ 36.041051] binder: 4475:4481 transaction failed 29201/-22, size 56-8 line 3220 [ 36.042774] binder_alloc: binder_alloc_mmap_handler: 4475 20000000-20002000 already mapped failed -16 [ 36.045320] binder: BINDER_SET_CONTEXT_MGR already set [ 36.045327] binder: 4475:4481 ioctl 40046207 0 returned -16 [ 36.045455] binder_alloc: 4475: binder_alloc_buf, no vma [ 36.045492] binder: 4475:4484 transaction failed 29189/-3, size 56-8 line 3128 [ 36.049191] audit: type=1400 audit(1516967736.724:9): avc: denied { write } for pid=4470 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 36.049397] netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'. 2018/01/26 11:55:36 executing program 7: r0 = inotify_init1(0x800) read(r0, &(0x7f00004e3000)=""/115, 0x73) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000001000-0x1e)='/selinux/commit_pending_bools\x00', 0x1, 0x0) getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f0000955000)=0x0, &(0x7f0000b32000)=0x4) 2018/01/26 11:55:36 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$netlink(r0, &(0x7f0000f40000)={&(0x7f00005ff000)=@kern={0x10, 0x0, 0x0, 0x0}, 0xc, &(0x7f0000413000-0x10)=[{&(0x7f0000cfc000)={0x18, 0x12, 0x201, 0xffffffffffffffff, 0xffffffffffffffff, "", [@generic="", @typed={0x8, 0x3, @void=""}]}, 0x18}], 0x1, 0x0, 0x0, 0x0}, 0x0) 2018/01/26 11:55:36 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000330000)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000000a000)={0x2, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7e000-0x1)=0x0, 0x0}, 0xa00000400, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(&(0x7f00008df000-0x8)='./file0\x00', &(0x7f0000344000-0x8)='./file0\x00', &(0x7f00007fc000)='nfs\x00', 0x0, &(0x7f000000a000)="") 2018/01/26 11:55:36 executing program 5: mmap(&(0x7f0000000000/0xfe7000)=nil, 0xfe7000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f000081e000-0xa)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETAW(r0, 0x5402, &(0x7f0000371000-0x14)={0x0, 0x0, 0xb5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003ba000-0x24)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_pts(r0, 0x8000000006) mmap(&(0x7f0000fe7000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$TIOCOUTQ(r0, 0x5411, &(0x7f0000fe8000-0x4)=0x0) writev(r1, &(0x7f00009ca000-0x70)=[{&(0x7f0000a8c000-0x1000)="54e48d2992bcc626347b88220464fdd33b9e9ea80c4ff320e47fbc8bbfa7ba9712e61a1ad833ed083a84f2c25fb63e205d5217da563df1352cd6c514254be507341e60127b23e578a89574807b7892fe832bb04435566a37f97111aaff848f08b112c15e4752b85628fad6eb8fa96d0e15d52105931607a5851f92d2a12290a8494ef0267f56d96745977322746e613d36a72c6ecfeb11ca6735f2ed1297776ed8c3b296755a7ce327c47f355046f8c6aaeaddfe16959a4f240d68456890c2ee4a2bc32040c552f53ae6bf8abf69aa77aeedf14e75e2937284e8a093d6d26a0c59a56b50c56583ba5a7d9e2b41c1253451768ffe08bc75b721dab9df33fa1001d946650518e88aedd596b26c16d13748659ef2b15e6d2d7ce75bcbd280c1b6b99412425402b4c97f2c4b7eeb29274df6950809ab699caf06c69b797a2f0ed6b95794c34e5788f6fba83c144e7c9fff3b5998e6a5028476d026885e6b1812facac6f2af4af9207a76cccc67b0bbd9404be008770180a385f87610e67ebae655a55fe5993c771977557b7f1a62b3799cc4e8fa117160551e85cbb2e8388fa678d2653eae78de0f27e93659546b1da37f6dc3f5d6c8601939ad432a700be159b5e84af86d849046607e3eeee2cae19c5c2b4dfa13a0eabcbe26761b271902b552c0093e4b0b183459d067fbe1dda47bc0bc14076f519fa6c2e7ec5330edc81ccfd2c141f48941655cd3a9148ee839fd99bc05cf7e334ca3ddf8dde42d9eb08b0c5d4ebab291ba3d160d77d354725f187761d9bc86a726e9b3f87176e6341c788f19abda0961d7c25988d86ebdb1a698e19010224d27c99bd8e7fbfa8e26458898541fe6c27961c9abaa4baeab63cf16e63568649abc9aed405ff68958275876715232fb2350346dacc07c68d24535f907b3f776c0ef7a684ea42b40933fad9980d0e2490c8c9445cec61b403364b121a5fbfe1582e3cf4846215b470353f0adab307f84531d1a187061a8191600b44e67cabd6cfe019a97ebe69dd0c184ed7245a67a3e2093f7c42303bde93e9b8864f2886735ad1bf729ffc1055ae9f3751bea9980c79ee4ac1c8aeaab6b888034c0e27abd9f3f0b1edcb580e0125af679fcece3e8c8efbef99f9818df9d6eec085a02bb4a400927744eaf9bf618662a45ca24d007450c4c0ca9a40e750fa128f541ace0903bd8121e4d797a63924df1abb69abad77527650f5388ad7ead67a5f77cd1fdf2129820e68f46930517812b2585cf7a47aab89d71636c6daa7574814ea66c065a3ca68cece473725cf5e201540bb25f48bbc517787164f6e1408e0fdeadd4da68c8ee0f110a15f44f7aab4b76abec6ceeae607c034abf13eec3f8be2d30f88c39f785d3c1a010e6718e98d1e60af4c7b056a8751a11ec6665b83275fd89362ea08baf80e9154aefb6a622ce42013657c715ad8b2b1f13351a59c50796f488ad8e5790fefee5c9cd151c766adaeaa92c732b23d0517f5bf36ec3dd3b93d5283adefc69d97bb7c50e3306b770a15a1a0bfa964b215bcd1e1796d7f50aa6068639d87696acf3cf919062a5fc6944c4146e2185c41a787a20238ff17b87ef4573a08955a97409ed4c6592ac4b173004da20b8a4a4525dfc9cbe67598ae1439ce7a936ce52de86255bdee391a991faddc018e0649e7e4e456d4be11aa7899a369cc28195e28fb251585ff17066d3987701f4c12b424fd9bdb461a3fadd7b615de154d0886afa6a44a9b59d46ea51349e832b875c47b9416d618c4f44d3cecaedbeeb3e704623de68b618a6f8f8e00f7e591977ac1844c5b7db662fe90ad3f0e7fd356c4af87dd472406f7c1eacb6b442250831e275ab176e4672e72c1d2bb942b56698712cbe683d65f8c33047caaed87ba279fe8f609e9eba83f872a240d493e38241a7b1434a5a8f237180cb6b26909f0700775a42c87dba3dfbeb26312a273fd10e6190e3f72dfa0136e9e8f483dc285c687914a213a1052c030098547133c02460c1cc18a10d9793d7cd84cfab686deeee431b5e882b33d1ed84ba9ed3a6be5053b977bdcbc8c0d0de2e0b524034f07338a9fbf2e33affd70d58155e506975f407594b28df2050ba792525020131d828ff8925db5ed6b1542b11c839f7a1a5dd672ee9349eb4e0bd82314528d97d4c06a60388bf94425f97583408d78de358c2e265bc2a4fdbac2ae0db35807fdc53ebe3ccc7fcc794862e3275dddae7adce5e00b7b5364b2755b80080fd0335ad0965bd41e746d054a3cab1f5a54553e5061c2e297e7876e88e71291b40e4410bebab97ef33dc625e90aa7d37876160af3d2e5f91755927924bcf5a7255001cd354b2fc3131e262522069c414257bcaab160658d2539059d9b03933bb713aaf8c3ebabbace327e6bf252e6bccd82ad532a1466484ef0e2e19bb9576eaeeff63e715dfd517d4ef37ecec4fc259b5fb98b4d47ac9e21d04e02fa09183597045632a892d99abaca9257cdeb7130307699fe8da0ef75167ac00b9b495e5d4a3c217b7ba854206ad38790b00c1d72abbdf5e763fce9c89933a10eda25107bf08a14f8ed81aee24b595e7043d5025be5697de603124744dc73140704a23751dc612786ad856bb4871f6a4adb4a4fcd44ec8f1f39947d60465c5af866d49c3aad5b4c3adfe7dc9476d4430514ebd5a33ef31cc3f4057f5906c074fa3cd0cc829ed3ba385b76f10d43c8cc76e0433fb779d0f43d139ec2428ef991fc74be3990cded354454e8f05e833f12e145da9acd5fb46cd920e7f626cf02e8275e296ae3638feba753aa2bdbfc7b88ce856b6809d1b1826a3b8234166facb1c32ed2339aa4d39d7c0103df4de8531a6e65ca3921cade178234feaef65c34db6bc0fb58598d3b3d10cd7c85113b0f0d7348ba219a0737669d5080d3fb9c3780039dcdef0e37cfb144fea7877977c76740fc5afa91c1d580ac482df73394c94b538beb6764bc157c8b68931ad9a292507f2c475353e57bdb41d484085a47c0fab846a37d541fc28453efa3f4b5ec3f9080f1dc67ecb8162981c70e0e38571bd20dc7c2f9890b46e0d1f2b2424bc8d339bd5d10082a504d5e972e4b826c60a88b41d2605b4f97ad3bc4c37f72e0b6fc0eec392fcd93f5132b85a617cb88460a9dabd8586c4edb93d52b93da66f9549528c121f5fce369898adf8a399333318ee4ad7b8b029d69e37eb7a56b45573495d1d3c9cb2375e2617e5edc76810476ede0b571f8f5e04565c6eb7de0a97d28ca90cdbeb7a825ec3a9e673523c4d4122df0992ca018c089fd75d7eb5dd2413a9fb64ed899f37a6de15afe9cab35a949c5ca615a149081962818394f11b8a20e2721094f0d2ba7db46040a3c5818215462adfbc87aa49d8006f756ea38a4732dcf61bab46426191215b9e850c96c9de99d4e7aa602586876dd0f170365e05991b59c15e2ca2eeef2792ce3e449f72ecedcda3e5f8471e48b87c3fc1c99f0198bdaf3568c123d902c26cc655930efb93d11e465c0c55a7aff415e0b7d82bc326c990fb297ae0bab41e857c93103337db9d99f55a1fe889bc713c1d6568b46e70c0e05d4f0bb327c6e5e10925677add450c6825692036be16327a5d337dcd5043399df36800cb645a4a24ef7c37417787000f1fef7299b0ba5d7d1e20160ffb14f9aec75f494b9fa820c67a15a2f6441fdec52d5210c24a84dfb6d5bf26be92dfc6424202b93365b5fbdaa4d27fe0814e6e992f204a766a8d31866d186c179433051e5e6a5fa14abc4e6a457d7be2440aabdd2ff78a3725de8c35aa88fd842e45540ee4ac590a41a3e078947450aa98512dd1917f14a2edaf47f049586ff2399b12f5c0685a2d8576066c9a87024e447da768349f9f9765d62b08abc195de6cbf8dd92e64228b2128128c315097bcb035e3e96d785813706e222ba5a7b735efc40e396ec75aa18d8d915aae021e8f7a78f874fd8455bfada299a22d401d95864c05fb2bb766f9751048ead5bfb03651b1ec135a78eec5b81d979ddd2c23a6d7c1da8c213e4f41d048520b76c2ba494214034486801073213de00c40d0caf76a8d7dfc01ca044820709cc4a49d28360501bed19962911837bc126a9183dc17b20df87a751a9accd42d3717fabf54b958b6120eb1286ceba9ea93abe8fb5ba0f6ee0510cbb996c1dd04f33c1e743c5818cba1fa2385f56123a325630c8690dbca7ac43e658151cf20a20f88930ed9f20780c5f1b24713a40586e67bda3e1249812073c2147ae200288631c98eb8575fbd069374838e89a8138ef903fd67af9c55cc8ea5479a1a46029801f16ae9472922dd92b21f660f79e9450ad01c78a11f2737282dddbea72ec2700f60f8c14e1829576b4b58380d0d", 0xc18}], 0x1) 2018/01/26 11:55:36 executing program 6: r0 = memfd_create(&(0x7f0000782000)='bdev\\wlan1]\x00', 0x2) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_INFO_BUFS(r0, 0xc0106418, &(0x7f0000000000)={0x1ff, 0x100, 0x80000000, 0x6, 0x1a, 0xff}) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = gettid() process_vm_readv(r1, &(0x7f0000fba000-0x80)=[{&(0x7f00002d6000-0x52)=""/82, 0x52}, {&(0x7f0000c0d000)=""/81, 0x51}], 0x2, &(0x7f00004b0000)=[{&(0x7f0000e93000)=""/132, 0x84}], 0x1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000031000-0x8)='pagemap\x00') sendfile(r2, r2, &(0x7f0000014000)=0x100000, 0x1000000800000008) ioctl$TCSETAW(r0, 0x5407, &(0x7f0000114000-0x14)={0x5, 0x0, 0xfffffffffffffffd, 0x4, 0x5, 0xffffffff, 0x6, 0x2, 0x9, 0x8}) keyctl$set_reqkey_keyring(0xe, 0x3) 2018/01/26 11:55:36 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000872000+0x936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) pipe(&(0x7f00009e9000-0x8)={0x0, 0x0}) getsockopt$netrom_NETROM_N2(r1, 0x103, 0x3, &(0x7f0000ac0000)=0x1f, &(0x7f0000a6b000)=0x4) accept$unix(r2, &(0x7f00009b9000-0x8)=@abs={0x0, 0x0, 0xffffffffffffffff}, &(0x7f0000ce6000)=0x8) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x10, 0x0, &(0x7f00005a7000-0x19c)=[@increfs={0x40046304, 0x0}, @release={0x40046306, 0x4}], 0x18, 0x0, &(0x7f0000e31000-0x18)="e9ed30547acd243c5ee6dbd66b17cecf329a013256218e32"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000009000-0x30)={0x8, 0x0, &(0x7f0000008000)=[@release={0x400c630f, 0x0}], 0x0, 0x0, &(0x7f0000001000-0xb3)=""}) bind$unix(0xffffffffffffffff, &(0x7f0000a5f000-0xa)=@file={0x0, './file0\x00'}, 0xa) 2018/01/26 11:55:36 executing program 2: r0 = socket$inet6(0xa, 0x5, 0x0) socket$pptp(0x18, 0x1, 0x2) ioctl(r0, 0x101, &(0x7f0000c28000)="c9ef284e876204c4628fc1363eb80885dc796b3842bab6937f49f69b9adb09bc77d3c0af7ffa4281b1272da0ea61f0ac1870432fee7ac038c9943d128a06537690936442b8a2643b55626d1b4962497f9e737ea59b5d30b1be96b5201ff6661b171e6b93aa37d6d5110fde6a39cdb03877a0765e4ecb1446ca1e35967d133a0aa146f3ea1a1275bdd420d1949a69a2b4a2990b66b7ffdcefe483d9655cc051a08341cc36250873cc34b60c97de3d981d1b354946ceeb537f7cb78c13fae25e2f9bfe2cce33c48f1695c5c797029e3e55c188c1a0ff40b474af8174492c8848064eb9de616e0c369069f1b1411245164139895c6f3a8b5e4a67ca415ff7874798b61bda8e084c4dea1561c7f3db1ece71aee4dee9b06f956689b595ab9062fcc82da72ca0f9ab6cbe6d4cb27715c8af61370dd6bad053e282af16addd25f131ebd96fe39c7de55e5b6b5b729df3e4dbe21d5abbaa116909bee0c350c809a9e4e8712fd05dd9b2da42e2e42175c6318704fe949008d330a83d91bdb7fbe1fa0ad48c1086dbd148c7620232f5593362b36f7b046f9dfe3aafea91fcc7dca81b6bb10cef821eb6471feb746693a01dcd4ec74c7a717a9bfcf16c12386f102f7d02e74b365614935de5d1ccea81c116fc2e7079793f99c82cfd4dcb0dccb3c61b44e2b7273893395000bad163348711ba0700fb5256fb6cf3938abcdb175ba1884e4e7d77ee7d6bdb8e4bd22c22ae4c40196a4aa611b5df9959ba8ba091a1fb662a3862e52a1d4bd5d42e58d8617c4a1fa3af28f4f6ca503a1b3ef1d73e37088a6ca7bc20a9a8e7b71ba7c9927d8c2d2d2e5416c017f7c6b2d9e4d287e45250f55aa5d245a9430d152e6b4ea2f98e81122fc062dd6812188f455a8cd87fbc50cfeeffd7bf44100216b25964bf5da25dd2a72244d03f7556928090f73f457f6086d94403e046283f6275044cfe17103ff19a09248a951e7be6f9de822a87b39783e965e6b80d1bb271d2027bf1a3a9dedfb67987c195a4dfa7a3afef0281ffd45006d0b66c635aab3ee9d26d9ca1671c69d0e77bc38eef931540e53eabc99048635b8a42c8887b04e0bfc841c973f5983aa56a84c6bdbd68be5b0a035f401c91ab70b568777544796eafee7f5237933f39bcebc024862a5eff4984b0cc218e059225f169075664d787cb8530a219517d1ecca530198fe334460182710af2751374c5e470f14f1f44149cef45997ac0711e66088ab12e5ab3a27bb721e34d89f17edb5c688e7d61bd844db3a73e509584ff31260dad791563e5986270129c82938ebd8092276cbc5ab4eeebec69dd38633b69f69fbe8b5891492156c79dc721ba23d90b39f4e76ed05629dbc2a49f4de51e88e8fa76c0e14c5aae64bf32ec85a3e8b4428a0e9c66eda70aa5e1e45cb46187c082d4250a62945b287bcf34784982881adcd7fde14436b301b54bd24ce65e962ba805b4422378f54cd201b0daa2739a21f0a0dadb511a4e9028f585205618bf1be92fa8103d7177bb7afb4c06feaf831c7312f8b7bf7b5eba1be7e45433480c932144bf02c3586a11886047febad9cb6d491d1f96fbbfc292d4ae93b93eb52dde108a81a62eb89dce278fd63b75269b57c9eeb5ce7a2f87d1d390826097a9942e03515e59ce9cd9c33f8ae5755820f0a7ee46b65661cc7e8c61f4ed9ec9b0c1e2d341a91f336f3498c073d0bb2d2dbee13b3b4802986dc0b46ff8c02b4934eae43be8a10700fd15b1b5b44260ef1dd41e5fa73e87c2f7feb413231cd449574b0af812ca83f3f86d3701e52663bc3b3accc3631b4d4ac50a5f757ae645b83a1c913e666c1c5d2b309183dfd386e36a47fc116012cff5944af7c7c3a459b8822914a9b1357ebbf9befd7f2a7684f5a71f90d2569202bc7b5b4929179cb32367806b9736a1e84ad4bb43f9c6b1749c97a497d5eacc3b06a317325351d43d96f57e35f110dbddffb91bcd9633eeaf4aea26e2468700c61f9d688c4e7ac76a7aafe38617ed75df2c7a780b81a0b211652acf86970aa8c33055685ef4e1a337f376ed96d708d6998ba7cd01fd6ce762b23e75a652c490c864480c23de5aed912d4c94c76bec6aa2b53be978d652464a1dc70f474cca6603c5844bc958f304d8e5ef4ffa2b0d2153eaa890602425bf9f68d714cb9c207f87dea7e659236bc25fc7f8a5306b82ee73df93e6602712410800db1427cb324edaecb3540b54287e206b02f32ff68820f41c4f43aeb7fab029fda0366b9fb84e9c6b630464df63872be67d67a164f760f59617a4d6185d90e635ab815c429518e51efdd5708fcb1398d233c34c9c892cefb3fcefea33042b76b031176ed6cbec2cf84d4943c21c5445c80a051011ee983d379659e3889b80c61afecc569910a4345a8b3493f365f4e65a72bef1ca570d6b1b9b67f0bf3bdf5e10bee336b3f79fd1584d3aa1af91252518e01c8631d46bbf80021733b3b49563b7c8a35db520bbe4d23d0cbd0859b3def4b1f61398ab2334a09e488a533e695df9d6963d41e16482206934f15511c4894f29bae80c4640b3f7123fa7cdf427f08c85d9e06bb48587e19f485659e83e8b3ceabf4f106c3a4ed8026509c096886e3e3f2052d6350fe3eb1b0456d2d4cff98048ab2f7e6a3b4195d99a064a06c7436720492b048045aabaa1771950ffa34820523cc0c3aeb175104f8f594f6251f702192fd5acaf592184fef4b7add85ee3f9da46c0200c4aa826b64bc96e39a049ece79ad766a4f155b993e082fa244ea32d9a69648d3af8ef0915ce2e5aa4da917efe0a94db9692140e33ceba41947976538ef4d5478fd49f8b741bd0d59e4070103ec2630d319a8b5ce88e65ae7b1f10139b4fbb4b2b00e75e4b498d5dbb6a1808c3388d1d416e548a08fd3c6bf7755cd4e66d6e45187bef2aed6a325e3c7476c7c5d00dad9d0ea4fb03361d02bb85543c204c45cdd5573bc3ca171ea89f325b524b310c1a7770ffd323cbbdfcc46f6e5e8d3a4c5ff789fa8b7b7c287b927337d19514484ffdf11ae87c33be710c658e3b0c50b5adf3f4253ea0029e2b9207a323357a07f212899d28645ae381ce83bdf9f549265ecda37671c7adabb15d015c842f45e6796ea9b60b2a1b2a2cf56487c65389ffcfc799886d5d69f8e08a0b844eaff7acf9a52017eddf865ef96e3cacc4414ba71e08864510fe1d02be6d0b2aa86afdcba033bbcdedd5b7deec2ae3097a154ed451a66fd221b5cb16002e413a0ee0f1e9ccef5f5a7293de3cf352a2c48bc7b402e42bac8aeff1f8bd784b56851bb81d2165e5ead43c648f1ac384628c57e44c02e1195c8ea61236ead2971f3d1ce07e026688ba2a78cf8720775b7d260d495ecab73dac109e1cad1ffc66226845f5cb7b2ec37aa964c06dd13a3f1bc3618c7d218e90b0e82c282301b398fdf11415edbc6a337bd5c586f65b86691d448de3858a742d6161a08e6e1a7a0a3dc1fc1a481f5b6eb08f91751e7f7f815781a42f5fc450b5b03e90a5306531f438cba7107f8e7f15725329e476baf883d22cd68b6fbb5aab1a30667c38d5c04b653fc6f316f85678290b4304b6cbda1c500404ef2b1ed8ebdbe283389f25178d73d0f015edb57943fb28660238c63b4fd26fd578447e23c4df686f41c139e1cde320c3955b9099773fbbbdbdab3a51f2c2aa14108d64b03a847648583565b804f472cb1a4759337ca4b9773578e565f2a732d86c9bc92d66701875c15de5dce27486ea46d67c0b269236199c59191671c3f64eb2631093a9b3a597cef3cc0eafb6e38931992bbe9c35aceb634625bc38ec3912605bba92c26e3ea0dca59ffbb9c57090bfef9f02e52c35856b4b6bdfe9789b4f3766a817e5683c0b0d9e9911f3b82917b978aec241cf99bac464a272968374d8f8c52c82743ab0f42b83a24d0027f661509362cde3494395c160baa444085f35101974c5faee9bd3f0af6828db78d53449d5a48c81a1e70c9f63cb1b7c143a247a14bd7c13cb6886d0fb185146d3211fcd243e2444dccd48f6a0bba81e7aa8620f3c799820bc4fbadac06aa75c1c6b1512dc2e986c07714b0036228f9c0d6f881aee9900a34fc66e434c7914a62db612ca5567b98cc0e3ab53fe50387fa7ff4d9e49bba7b7b081271259d1656df7deae6cd3c9f57e7ef00a27e8b750703b0dc7d5337b441b2bdcbf224d19bddb7609199062c1434cece60e27fd1dfb78e0d3b9ef89a7ddaef6ca51328a47d10251be901ab2946c928fccfd79dfd8d92db719b594da063f732afbc1dec5173a6f889789c5b5305ffd49ff36eb860a0b6a44b5d9e6db088f2f45e9d103dcdac4e10605797e3075e3768a7f10f1702fe9805d1d05930e25593dbf318c3d0494c05348bc4aa30894d2ee66f44dfd8af39c2372aaac8e887fe93e75434980cb60060d5e419b790793f1c22c005370a59a86f861205a4030b419744e8ba9ea254db0026dfe8476d068dcfbccb5c8a70a88c9e616032f5649792c98f530256d8de01d1b9f6b95a82fe233e7736e3fd24cabc327170bef3cd183047af4c748408ca1bb44e307270f2f67f8e8d4a3113808b20c650e4f75b55a9028b46461a86b0ddaff6fffca19906c94cd6fe40f66aa4ca1b994f9a070f42b463e1f38279bf045ed889011404a4fc099a3741f165f0804815027a99af7e48047f2ce3ce9dcdb8a82c4d1dad574c985ddedbc64ca551d6ebcc33d7c553ce026485b4bb3958daf8b8223a1a974d77d42d06728d67af6f1df772b43c820b410d08b080d9e5b1fd19fd8f3c41ad3fb3ff1566333820a05a93a70a50f6d9451b5eecc8ddf5dfff103d8ce76ffcd956a2fe5bd36ba5b5a2a0db640c9c43d917999334c7ba7645286c3bf5bce9d0735d053956dbd08663d26c52835fe98c4027ad122c703ef362d48003cf308df922c1ecb6a6af00ceb40c77e621b3ec9b46c2216a82f0a47af43e75eb11c59391b2119cb1d131ce99710b5a6bb4559a66f4c69624c144c7ef00b21c07cb10eb073a80d43be21c4bc0f424e84a7955ec39dd9167eca05b4ce50de39ac21c15dc631c32b5aa6c493deb44a11daf886fba4a494c4fd70628ce386b5fddf6540be15fb0d6fef7492daeb18b00f6c8864afdabb5e09b183814391249758bb081ae6b3da51e569403088520dd546a6dbab423879f3bad7488185a81d530ee184ff51ab14e612812bd143185f6ef16133c24fd41dd22878553efaf6ece8972fa1769412818834822e063be29cb25010b65c7f4147b3c458d37eab324cafbef2262f435dd95f7b816413892ff08a9eee9ac3eb6900ed6d4e8083de3e97942beccc121eabc839e2f27e852bd6fd77eaf1e67b02703c4b78624449ac1219bd7e4386d961f91104f598457ffbbfec30de6e6b3fd926bb62e4dec7c29bb9835882da2563da42cbc5e846e5c2ee89726116415e2d276b15a77885eace78f83f5cb51fb4f8f5fa6fbd2430913ed170f3ed6049811ed4b7b66c019b36b3b21212b4a1545a10f4c11b05adca4b27f562a883a05d3d5941904ed23665b133fec43ceab1d1289f7c1d0dedbd3fb4353de97372707d9e483dce0151c739c9871df6aeed1d7ce35664f849f44f6a48bc67d170e2d977a6ccba5c323599050d3713da3dbb83efe9aa21991543f3b6ae36b22d3d5159f963cb3eb0f12a15694ef2f3e62fe18e77bd11c3b9fe6a1d520cb63e3a98c2a1e12d96d75b3c42d2153efa2c9029833baa4cb51809a60d9f0dcf015212504082a778857125fb8bd6185f486e31ed35301b61741f6b53da2d4e48b7cf") r1 = dup2(r0, r0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r1, 0xc058534b, &(0x7f000026d000-0x58)={0x1ff, 0x5, 0x4, 0x7, 0x1d, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000a62000)=0x0, 0x0) 2018/01/26 11:55:36 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f00008e4000-0x8)='./file0\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000b2e000)='./file0\x00', 0x60) r1 = dup(r0) r2 = accept4$inet6(r1, 0x0, &(0x7f0000ffd000-0x4)=0x0, 0x80000) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r2, 0x84, 0x20, &(0x7f0000537000)=0x0, &(0x7f0000511000-0x4)=0x4) open(&(0x7f00002b0000-0x8)='./file0\x00', 0x0, 0x0) open(&(0x7f000025b000-0x8)='./file0\x00', 0x0, 0x0) [ 36.081562] audit: type=1326 audit(1516967736.754:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=4476 comm="syz-executor4" exe="/root/syz-executor4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452f19 code=0x0 [ 36.082778] binder: undelivered TRANSACTION_ERROR: 29189 [ 36.082811] binder: undelivered TRANSACTION_ERROR: 29201 [ 36.257728] kasan: CONFIG_KASAN_INLINE enabled [ 36.262222] kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN [ 36.275195] Dumping ftrace buffer: [ 36.278715] (ftrace buffer empty) [ 36.282409] Modules linked in: [ 36.285712] CPU: 0 PID: 4499 Comm: syz-executor0 Not tainted 4.4.113-ge70c132 #34 [ 36.293320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 2018/01/26 11:55:36 executing program 4: mmap(&(0x7f0000000000/0x2a000)=nil, 0x2a000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f000002a000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$mice(&(0x7f000002b000-0x10)='/dev/input/mice\x00', 0x0, 0x101000) mmap(&(0x7f000002a000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f000002a000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f000002a000)=0x0, &(0x7f000002a000)=0x4) r1 = syz_open_dev$loop(&(0x7f0000002000)='/dev/loop#\x00', 0x0, 0x0) ioctl(r1, 0x4000000000001261, &(0x7f0000017000)="") 2018/01/26 11:55:37 executing program 6: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socketpair(0x9, 0x2, 0x0, &(0x7f0000001000-0x8)={0x0, 0x0}) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000031000-0x8)='pagemap\x00') creat(&(0x7f0000af9000)='./file0\x00', 0x80) lseek(r0, 0x0, 0x2) 2018/01/26 11:55:37 executing program 2: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = accept4(0xffffffffffffff9c, &(0x7f00003dd000)=@sco={0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, &(0x7f0000001000-0x4)=0x8, 0x800) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000001000-0x20)={@loopback={0x0, 0x1}, 0x4, 0x1, 0x3, 0x1, 0xfff, 0x1, 0x5}, 0x20) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_ifreq(r1, 0x8929, &(0x7f0000641000)={@syzn={0x73, 0x79, 0x7a, 0x0, 0x0}, @ifru_data=&(0x7f0000dff000)="0b00000000000000000305fffe00eb00ecff0000a10000000449faf4e2007e23"}) openat$rfkill(0xffffffffffffff9c, &(0x7f0000a40000-0xc)='/dev/rfkill\x00', 0x100, 0x0) 2018/01/26 11:55:37 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tun(&(0x7f0000002000)='/dev/net/tun\x00', 0x0, 0x40000) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f000050b000-0x15)='/proc/self/net/pfkey\x00', 0x2000, 0x0) ioctl$TIOCLINUX5(r1, 0x541c, &(0x7f0000e97000)={0x5, 0x100000001, 0x8, 0x6, 0x1}) fcntl$setstatus(r0, 0x4, 0x40000) [ 36.302662] task: ffff8801d7250000 task.stack: ffff8801d4de8000 [ 36.308706] RIP: 0010:[] [] __list_del_entry+0x86/0x1d0 [ 36.317407] RSP: 0018:ffff8801d4def5a8 EFLAGS: 00010246 [ 36.322844] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff8801d4091e90 [ 36.330110] RDX: 0000000000000000 RSI: ffffffff851c42f0 RDI: ffff8801d4091e98 [ 36.337371] RBP: ffff8801d4def5c0 R08: 0000000000000001 R09: 0000000000000000 [ 36.344653] R10: 0000000000000001 R11: 1ffff1003a9bde84 R12: 0000000000000000 2018/01/26 11:55:37 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000df2000)=[{&(0x7f0000b81000)="480000001400190d09004beafd0d8c560a84780080ffe00600000000000000a2bc5603ca00000fff00000006200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x48}], 0x1) fadvise64(r0, 0x0, 0x8ea, 0x7) [ 36.351918] R13: ffff8801d4091e39 R14: ffff8801d4091eb8 R15: 00000000ffffffde [ 36.359186] FS: 00007f1ec22ac700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000 [ 36.367401] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 36.367864] binder: 4491:4498 Release 1 refcount change on invalid ref 4 ret -22 [ 36.380785] CR2: 0000000020007000 CR3: 00000000bb86e000 CR4: 0000000000160670 [ 36.388051] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 36.395303] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 36.402546] Stack: [ 36.404678] ffff8801d4091eb8 ffff8801d4091e90 ffff8801cb9b19c0 ffff8801d4def5d8 [ 36.412670] ffffffff81d62add ffff8801d4091e90 ffff8801d4def5f8 ffffffff832ae63e [ 36.420646] ffff8801ced61100 ffff8801d4091e90 ffff8801d4def618[ 36.425406] binder: BINDER_SET_CONTEXT_MGR already set [ 36.425413] binder: 4491:4540 ioctl 40046207 0 returned -16 [ 36.429837] binder: 4491:4540 Release 1 refcount change on invalid ref 4 ret -22 [ 36.430966] binder: 4491:4539 BC_CLEAR_DEATH_NOTIFICATION death notification not active [ 36.453319] ffffffff832cdb93 [ 36.456805] Call Trace: [ 36.459364] [] list_del+0xd/0x70 [ 36.464350] [] xfrm_state_walk_done+0x6e/0xa0 [ 36.470463] [] xfrm_dump_sa_done+0x73/0xa0 [ 36.476318] [] ? xfrm_dump_policy_start+0x20/0x20 [ 36.482782] [] netlink_dump+0x871/0xb40 [ 36.488381] [] __netlink_dump_start+0x52e/0x7c0 [ 36.494684] [] ? __netlink_ns_capable+0xe1/0x120 [ 36.501057] [] xfrm_user_rcv_msg+0x5bd/0x6b0 [ 36.507085] [] ? xfrm_user_rcv_msg+0x6b0/0x6b0 [ 36.513289] [] ? xfrm_dump_sa_done+0xa0/0xa0 [ 36.519325] [] ? xfrm_user_rcv_msg+0x6b0/0x6b0 [ 36.525524] [] ? xfrm_dump_policy_start+0x20/0x20 [ 36.531988] [] ? avc_has_perm_noaudit+0x460/0x460 [ 36.538454] [] ? mark_held_locks+0xaf/0x100 [ 36.544395] [] ? mutex_lock_nested+0x5d4/0x850 [ 36.550597] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 36.557406] [] ? mutex_lock_nested+0x560/0x850 [ 36.563607] [] ? xfrm_netlink_rcv+0x60/0x90 [ 36.569548] [] ? netlink_lookup+0xee/0x740 [ 36.575411] [] netlink_rcv_skb+0x13e/0x370 [ 36.581277] [] ? xfrm_dump_sa_done+0xa0/0xa0 [ 36.587312] [] xfrm_netlink_rcv+0x6f/0x90 [ 36.593080] [] netlink_unicast+0x522/0x760 [ 36.598933] [] ? netlink_unicast+0x44f/0x760 [ 36.604963] [] ? netlink_attachskb+0x6c0/0x6c0 [ 36.611163] [] netlink_sendmsg+0x8e8/0xc50 [ 36.617017] [] ? netlink_unicast+0x760/0x760 [ 36.623045] [] ? selinux_socket_sendmsg+0x3f/0x50 [ 36.629508] [] ? security_socket_sendmsg+0x89/0xb0 [ 36.636057] [] ? netlink_unicast+0x760/0x760 [ 36.642086] [] sock_sendmsg+0xca/0x110 [ 36.647607] [] ___sys_sendmsg+0x6c1/0x7c0 [ 36.653377] [] ? copy_msghdr_from_user+0x550/0x550 [ 36.659946] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 36.666928] [] ? __fget+0x232/0x3b0 [ 36.672174] [] ? __fget+0x47/0x3b0 [ 36.677332] [] ? __fget_light+0xa1/0x1e0 [ 36.683012] [] ? __fdget+0x18/0x20 [ 36.688171] [] __sys_sendmsg+0xd3/0x190 [ 36.693764] [] ? SyS_shutdown+0x1b0/0x1b0 [ 36.699532] [] ? SyS_futex+0x210/0x2c0 [ 36.705037] [] ? fd_install+0x4d/0x60 [ 36.710460] [] ? move_addr_to_kernel+0x50/0x50 [ 36.716660] [] SyS_sendmsg+0x2d/0x50 [ 36.721992] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 36.728536] Code: c4 0f 84 94 00 00 00 48 b8 00 02 00 00 00 00 ad de 48 39 c3 0f 84 a5 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 e8 00 00 00 4c 8b 03 49 39 c8 0f 85 9b 00 00 [ 36.755138] RIP [] __list_del_entry+0x86/0x1d0 [ 36.761457] RSP [ 36.765095] ---[ end trace ff1161bb4c81d3a2 ]--- [ 36.769859] Kernel panic - not syncing: Fatal exception in interrupt [ 36.776753] Dumping ftrace buffer: [ 36.780268] (ftrace buffer empty) [ 36.783949] Kernel Offset: disabled [ 36.787543] Rebooting in 86400 seconds..