[....] Starting enhanced syslogd: rsyslogd[ 15.801567] audit: type=1400 audit(1519722024.436:5): avc: denied { syslog } for pid=4050 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 18.064080] audit: type=1400 audit(1519722026.698:6): avc: denied { map } for pid=4190 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.35' (ECDSA) to the list of known hosts. 2018/02/27 09:00:33 fuzzer started [ 24.383687] audit: type=1400 audit(1519722033.018:7): avc: denied { map } for pid=4201 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/02/27 09:00:33 dialing manager at 10.128.0.26:35219 [ 27.083550] can: request_module (can-proto-0) failed. [ 27.092796] can: request_module (can-proto-0) failed. 2018/02/27 09:00:36 kcov=true, comps=true [ 27.597394] audit: type=1400 audit(1519722036.232:8): avc: denied { map } for pid=4201 comm="syz-fuzzer" path="/sys/kernel/debug/kcov" dev="debugfs" ino=9384 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2018/02/27 09:00:36 executing program 7: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='setgroups\x00') sendfile(r0, r0, &(0x7f00003a7000), 0x400000ff) 2018/02/27 09:00:36 executing program 3: sched_setattr(0x0, &(0x7f0000282000)={0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) 2018/02/27 09:00:36 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820faeb995298992ea54c7beef9f5d56534c90c2", 0x18) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000925000)=[{0x0, 0x0, &(0x7f0000d60f80)=[], 0x0, &(0x7f0000f06000)=[@assoc={0x18, 0x117, 0x4, 0x20}], 0x18}], 0x1, 0x0) sendmsg$can_raw(r1, &(0x7f0000477000)={&(0x7f0000523000)={0x1d}, 0x10, &(0x7f0000f9f000)={&(0x7f00002d5fb8)=@canfd={{}, 0x0, 0x0, 0x0, 0x0, "78107cf7ba34bb907619bca78c327758e0977d56a0428fcd2086f76c15e8bbf0272ad8184a3924c666339f8e3d1c1631d81bb612a655343ecf2221f317fc71e1"}, 0x36}, 0x1}, 0x0) recvfrom(r1, &(0x7f000069cfc1)=""/63, 0x1a, 0x0, &(0x7f0000098000)=@ipx={0x4, 0x0, 0x0, "e262589dfba5"}, 0xfdbb) 2018/02/27 09:00:36 executing program 1: mmap(&(0x7f0000000000/0xfd4000)=nil, 0xfd4000, 0x4, 0x40000000000031, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)=[], 0x0, 0x0, &(0x7f00000002c0)}) mmap(&(0x7f0000000000/0xfc1000)=nil, 0xfc1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000fc1000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000a20000)={0x8, 0x0, &(0x7f0000fc1ffc)=[@increfs={0x400c630e}], 0x0, 0x0, &(0x7f000012cf22)}) 2018/02/27 09:00:36 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000003000)={0x0, 0x3, &(0x7f00000000c0)=@framed={{0x18}, [], {0x95}}, &(0x7f0000000080)='sy:kaller\x00', 0xc5, 0x7f, &(0x7f0000000000)=""/127}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001fb8)={0x1, 0x5, &(0x7f0000003000)=@framed={{0x18}, [@alu={0x5}], {0x95}}, &(0x7f000000b000)='syzkaller\x00', 0x7e0, 0x2bc, &(0x7f0000002f19)=""/231}, 0x48) 2018/02/27 09:00:36 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) inotify_init1(0x0) r1 = syz_open_procfs(0x0, &(0x7f0000aabff1)='net/ipv6_route\x00') bind$alg(r0, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha1\x00'}, 0x58) r2 = accept4$alg(r0, 0x0, 0x0, 0x0) sendfile(r2, r1, &(0x7f0000a2effc), 0x1000) 2018/02/27 09:00:36 executing program 5: r0 = add_key$user(&(0x7f0000000340)='user\x00', &(0x7f0000000000)={0x73, 0x79, 0x7a}, &(0x7f0000000040)="ab", 0x1, 0xfffffffffffffffd) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) keyctl$dh_compute(0x17, &(0x7f0000000080)={r0, r0, r0}, &(0x7f0000001300)=""/173, 0xfffffffffffffe9a, 0x0) 2018/02/27 09:00:36 executing program 6: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00002e1000)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0x40085112, &(0x7f0000d37000)={{0x1000ff, 0x80000000a}}) [ 27.926396] audit: type=1400 audit(1519722036.561:9): avc: denied { map } for pid=4201 comm="syz-fuzzer" path="/root/syzkaller-shm070736088" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 27.968720] audit: type=1400 audit(1519722036.603:10): avc: denied { sys_admin } for pid=4244 comm="syz-executor7" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 27.987893] IPVS: ftp: loaded support on port[0] = 21 [ 28.087790] IPVS: ftp: loaded support on port[0] = 21 [ 28.093090] audit: type=1400 audit(1519722036.720:11): avc: denied { net_admin } for pid=4247 comm="syz-executor3" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 28.156086] IPVS: ftp: loaded support on port[0] = 21 [ 28.207673] IPVS: ftp: loaded support on port[0] = 21 [ 28.273601] IPVS: ftp: loaded support on port[0] = 21 [ 28.337776] IPVS: ftp: loaded support on port[0] = 21 [ 28.432629] IPVS: ftp: loaded support on port[0] = 21 [ 28.549986] IPVS: ftp: loaded support on port[0] = 21 [ 29.653447] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 29.698589] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 29.996984] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 30.118972] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 30.175891] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 30.281555] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 30.326750] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 30.348299] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 32.598073] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 32.604361] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.762597] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 32.768755] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.897303] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 32.939662] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 32.945811] 8021q: adding VLAN 0 to HW filter on device bond0 [ 33.037764] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 33.060175] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 33.066299] 8021q: adding VLAN 0 to HW filter on device bond0 [ 33.166590] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 33.172744] 8021q: adding VLAN 0 to HW filter on device bond0 [ 33.187979] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 33.194095] 8021q: adding VLAN 0 to HW filter on device bond0 [ 33.202749] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 33.208828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 33.223686] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 33.230091] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 33.242299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 33.267683] audit: type=1400 audit(1519722041.897:12): avc: denied { sys_chroot } for pid=4248 comm="syz-executor7" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 33.290713] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 33.303204] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 33.314827] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/02/27 09:00:42 executing program 3: sched_setattr(0x0, &(0x7f0000282000)={0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) [ 33.354981] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 33.377548] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 33.383751] 8021q: adding VLAN 0 to HW filter on device bond0 [ 33.428981] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 33.482819] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 33.499599] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 33.539905] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 33.583410] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 33.590474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 33.599976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 33.617838] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 33.626379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 33.643923] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 33.661963] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 33.668689] binder: 5503:5507 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 33.726757] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 33.732944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 33.740417] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 33.757525] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 33.763931] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 33.772214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 33.779681] audit: type=1400 audit(1519722042.414:13): avc: denied { prog_load } for pid=5526 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 33.781906] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 33.808623] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 33.830046] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 33.837465] audit: type=1400 audit(1519722042.472:14): avc: denied { prog_run } for pid=5526 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 33.872686] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready 2018/02/27 09:00:42 executing program 7: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='setgroups\x00') sendfile(r0, r0, &(0x7f00003a7000), 0x400000ff) 2018/02/27 09:00:42 executing program 3: sched_setattr(0x0, &(0x7f0000282000)={0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) 2018/02/27 09:00:42 executing program 1: mmap(&(0x7f0000000000/0xfd4000)=nil, 0xfd4000, 0x4, 0x40000000000031, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)=[], 0x0, 0x0, &(0x7f00000002c0)}) mmap(&(0x7f0000000000/0xfc1000)=nil, 0xfc1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000fc1000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000a20000)={0x8, 0x0, &(0x7f0000fc1ffc)=[@increfs={0x400c630e}], 0x0, 0x0, &(0x7f000012cf22)}) 2018/02/27 09:00:42 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820faeb995298992ea54c7beef9f5d56534c90c2", 0x18) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000925000)=[{0x0, 0x0, &(0x7f0000d60f80)=[], 0x0, &(0x7f0000f06000)=[@assoc={0x18, 0x117, 0x4, 0x20}], 0x18}], 0x1, 0x0) sendmsg$can_raw(r1, &(0x7f0000477000)={&(0x7f0000523000)={0x1d}, 0x10, &(0x7f0000f9f000)={&(0x7f00002d5fb8)=@canfd={{}, 0x0, 0x0, 0x0, 0x0, "78107cf7ba34bb907619bca78c327758e0977d56a0428fcd2086f76c15e8bbf0272ad8184a3924c666339f8e3d1c1631d81bb612a655343ecf2221f317fc71e1"}, 0x36}, 0x1}, 0x0) recvfrom(r1, &(0x7f000069cfc1)=""/63, 0x1a, 0x0, &(0x7f0000098000)=@ipx={0x4, 0x0, 0x0, "e262589dfba5"}, 0xfdbb) 2018/02/27 09:00:42 executing program 5: r0 = add_key$user(&(0x7f0000000340)='user\x00', &(0x7f0000000000)={0x73, 0x79, 0x7a}, &(0x7f0000000040)="ab", 0x1, 0xfffffffffffffffd) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) keyctl$dh_compute(0x17, &(0x7f0000000080)={r0, r0, r0}, &(0x7f0000001300)=""/173, 0xfffffffffffffe9a, 0x0) 2018/02/27 09:00:42 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000003000)={0x0, 0x3, &(0x7f00000000c0)=@framed={{0x18}, [], {0x95}}, &(0x7f0000000080)='sy:kaller\x00', 0xc5, 0x7f, &(0x7f0000000000)=""/127}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001fb8)={0x1, 0x5, &(0x7f0000003000)=@framed={{0x18}, [@alu={0x5}], {0x95}}, &(0x7f000000b000)='syzkaller\x00', 0x7e0, 0x2bc, &(0x7f0000002f19)=""/231}, 0x48) 2018/02/27 09:00:42 executing program 6: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00002e1000)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0x40085112, &(0x7f0000d37000)={{0x1000ff, 0x80000000a}}) 2018/02/27 09:00:42 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) inotify_init1(0x0) r1 = syz_open_procfs(0x0, &(0x7f0000aabff1)='net/ipv6_route\x00') bind$alg(r0, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha1\x00'}, 0x58) r2 = accept4$alg(r0, 0x0, 0x0, 0x0) sendfile(r2, r1, &(0x7f0000a2effc), 0x1000) [ 33.880531] audit: type=1400 audit(1519722042.507:15): avc: denied { dac_override } for pid=5536 comm="syz-executor4" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 33.881638] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 33.918275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/02/27 09:00:42 executing program 3: sched_setattr(0x0, &(0x7f0000282000)={0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) 2018/02/27 09:00:42 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000003000)={0x0, 0x3, &(0x7f00000000c0)=@framed={{0x18}, [], {0x95}}, &(0x7f0000000080)='sy:kaller\x00', 0xc5, 0x7f, &(0x7f0000000000)=""/127}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001fb8)={0x1, 0x5, &(0x7f0000003000)=@framed={{0x18}, [@alu={0x5}], {0x95}}, &(0x7f000000b000)='syzkaller\x00', 0x7e0, 0x2bc, &(0x7f0000002f19)=""/231}, 0x48) 2018/02/27 09:00:42 executing program 6: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00002e1000)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0x40085112, &(0x7f0000d37000)={{0x1000ff, 0x80000000a}}) 2018/02/27 09:00:42 executing program 1: mmap(&(0x7f0000000000/0xfd4000)=nil, 0xfd4000, 0x4, 0x40000000000031, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)=[], 0x0, 0x0, &(0x7f00000002c0)}) mmap(&(0x7f0000000000/0xfc1000)=nil, 0xfc1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000fc1000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000a20000)={0x8, 0x0, &(0x7f0000fc1ffc)=[@increfs={0x400c630e}], 0x0, 0x0, &(0x7f000012cf22)}) [ 33.961630] binder: 5549:5552 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 2018/02/27 09:00:42 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820faeb995298992ea54c7beef9f5d56534c90c2", 0x18) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000925000)=[{0x0, 0x0, &(0x7f0000d60f80)=[], 0x0, &(0x7f0000f06000)=[@assoc={0x18, 0x117, 0x4, 0x20}], 0x18}], 0x1, 0x0) sendmsg$can_raw(r1, &(0x7f0000477000)={&(0x7f0000523000)={0x1d}, 0x10, &(0x7f0000f9f000)={&(0x7f00002d5fb8)=@canfd={{}, 0x0, 0x0, 0x0, 0x0, "78107cf7ba34bb907619bca78c327758e0977d56a0428fcd2086f76c15e8bbf0272ad8184a3924c666339f8e3d1c1631d81bb612a655343ecf2221f317fc71e1"}, 0x36}, 0x1}, 0x0) recvfrom(r1, &(0x7f000069cfc1)=""/63, 0x1a, 0x0, &(0x7f0000098000)=@ipx={0x4, 0x0, 0x0, "e262589dfba5"}, 0xfdbb) 2018/02/27 09:00:42 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) inotify_init1(0x0) r1 = syz_open_procfs(0x0, &(0x7f0000aabff1)='net/ipv6_route\x00') bind$alg(r0, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha1\x00'}, 0x58) r2 = accept4$alg(r0, 0x0, 0x0, 0x0) sendfile(r2, r1, &(0x7f0000a2effc), 0x1000) 2018/02/27 09:00:42 executing program 7: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='setgroups\x00') sendfile(r0, r0, &(0x7f00003a7000), 0x400000ff) 2018/02/27 09:00:42 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='setgroups\x00') sendfile(r0, r0, &(0x7f00003a7000), 0x400000ff) 2018/02/27 09:00:42 executing program 5: r0 = add_key$user(&(0x7f0000000340)='user\x00', &(0x7f0000000000)={0x73, 0x79, 0x7a}, &(0x7f0000000040)="ab", 0x1, 0xfffffffffffffffd) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) keyctl$dh_compute(0x17, &(0x7f0000000080)={r0, r0, r0}, &(0x7f0000001300)=""/173, 0xfffffffffffffe9a, 0x0) 2018/02/27 09:00:42 executing program 6: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00002e1000)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0x40085112, &(0x7f0000d37000)={{0x1000ff, 0x80000000a}}) 2018/02/27 09:00:42 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000003000)={0x0, 0x3, &(0x7f00000000c0)=@framed={{0x18}, [], {0x95}}, &(0x7f0000000080)='sy:kaller\x00', 0xc5, 0x7f, &(0x7f0000000000)=""/127}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001fb8)={0x1, 0x5, &(0x7f0000003000)=@framed={{0x18}, [@alu={0x5}], {0x95}}, &(0x7f000000b000)='syzkaller\x00', 0x7e0, 0x2bc, &(0x7f0000002f19)=""/231}, 0x48) 2018/02/27 09:00:42 executing program 1: mmap(&(0x7f0000000000/0xfd4000)=nil, 0xfd4000, 0x4, 0x40000000000031, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)=[], 0x0, 0x0, &(0x7f00000002c0)}) mmap(&(0x7f0000000000/0xfc1000)=nil, 0xfc1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000fc1000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000a20000)={0x8, 0x0, &(0x7f0000fc1ffc)=[@increfs={0x400c630e}], 0x0, 0x0, &(0x7f000012cf22)}) 2018/02/27 09:00:42 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820faeb995298992ea54c7beef9f5d56534c90c2", 0x18) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000925000)=[{0x0, 0x0, &(0x7f0000d60f80)=[], 0x0, &(0x7f0000f06000)=[@assoc={0x18, 0x117, 0x4, 0x20}], 0x18}], 0x1, 0x0) sendmsg$can_raw(r1, &(0x7f0000477000)={&(0x7f0000523000)={0x1d}, 0x10, &(0x7f0000f9f000)={&(0x7f00002d5fb8)=@canfd={{}, 0x0, 0x0, 0x0, 0x0, "78107cf7ba34bb907619bca78c327758e0977d56a0428fcd2086f76c15e8bbf0272ad8184a3924c666339f8e3d1c1631d81bb612a655343ecf2221f317fc71e1"}, 0x36}, 0x1}, 0x0) recvfrom(r1, &(0x7f000069cfc1)=""/63, 0x1a, 0x0, &(0x7f0000098000)=@ipx={0x4, 0x0, 0x0, "e262589dfba5"}, 0xfdbb) [ 34.064714] binder: 5567:5571 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 2018/02/27 09:00:42 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='setgroups\x00') sendfile(r0, r0, &(0x7f00003a7000), 0x400000ff) 2018/02/27 09:00:42 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) inotify_init1(0x0) r1 = syz_open_procfs(0x0, &(0x7f0000aabff1)='net/ipv6_route\x00') bind$alg(r0, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha1\x00'}, 0x58) r2 = accept4$alg(r0, 0x0, 0x0, 0x0) sendfile(r2, r1, &(0x7f0000a2effc), 0x1000) 2018/02/27 09:00:42 executing program 5: r0 = add_key$user(&(0x7f0000000340)='user\x00', &(0x7f0000000000)={0x73, 0x79, 0x7a}, &(0x7f0000000040)="ab", 0x1, 0xfffffffffffffffd) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) keyctl$dh_compute(0x17, &(0x7f0000000080)={r0, r0, r0}, &(0x7f0000001300)=""/173, 0xfffffffffffffe9a, 0x0) 2018/02/27 09:00:42 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) inotify_init1(0x0) r1 = syz_open_procfs(0x0, &(0x7f0000aabff1)='net/ipv6_route\x00') bind$alg(r0, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha1\x00'}, 0x58) r2 = accept4$alg(r0, 0x0, 0x0, 0x0) sendfile(r2, r1, &(0x7f0000a2effc), 0x1000) 2018/02/27 09:00:42 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='setgroups\x00') sendfile(r0, r0, &(0x7f00003a7000), 0x400000ff) 2018/02/27 09:00:42 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000003000)={0x0, 0x3, &(0x7f00000000c0)=@framed={{0x18}, [], {0x95}}, &(0x7f0000000080)='sy:kaller\x00', 0xc5, 0x7f, &(0x7f0000000000)=""/127}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001fb8)={0x1, 0x5, &(0x7f0000003000)=@framed={{0x18}, [@alu={0x5}], {0x95}}, &(0x7f000000b000)='syzkaller\x00', 0x7e0, 0x2bc, &(0x7f0000002f19)=""/231}, 0x48) 2018/02/27 09:00:42 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) inotify_init1(0x0) r1 = syz_open_procfs(0x0, &(0x7f0000aabff1)='net/ipv6_route\x00') bind$alg(r0, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha1\x00'}, 0x58) r2 = accept4$alg(r0, 0x0, 0x0, 0x0) sendfile(r2, r1, &(0x7f0000a2effc), 0x1000) 2018/02/27 09:00:42 executing program 7: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='setgroups\x00') sendfile(r0, r0, &(0x7f00003a7000), 0x400000ff) [ 34.113874] binder: 5580:5587 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 2018/02/27 09:00:42 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) inotify_init1(0x0) r1 = syz_open_procfs(0x0, &(0x7f0000aabff1)='net/ipv6_route\x00') bind$alg(r0, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha1\x00'}, 0x58) r2 = accept4$alg(r0, 0x0, 0x0, 0x0) sendfile(r2, r1, &(0x7f0000a2effc), 0x1000) 2018/02/27 09:00:42 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000003000)={0x0, 0x3, &(0x7f00000000c0)=@framed={{0x18}, [], {0x95}}, &(0x7f0000000080)='sy:kaller\x00', 0xc5, 0x7f, &(0x7f0000000000)=""/127}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001fb8)={0x1, 0x5, &(0x7f0000003000)=@framed={{0x18}, [@alu={0x5}], {0x95}}, &(0x7f000000b000)='syzkaller\x00', 0x7e0, 0x2bc, &(0x7f0000002f19)=""/231}, 0x48) 2018/02/27 09:00:42 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='setgroups\x00') sendfile(r0, r0, &(0x7f00003a7000), 0x400000ff) 2018/02/27 09:00:42 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) inotify_init1(0x0) r1 = syz_open_procfs(0x0, &(0x7f0000aabff1)='net/ipv6_route\x00') bind$alg(r0, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha1\x00'}, 0x58) r2 = accept4$alg(r0, 0x0, 0x0, 0x0) sendfile(r2, r1, &(0x7f0000a2effc), 0x1000) 2018/02/27 09:00:42 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000003000)={0x0, 0x3, &(0x7f00000000c0)=@framed={{0x18}, [], {0x95}}, &(0x7f0000000080)='sy:kaller\x00', 0xc5, 0x7f, &(0x7f0000000000)=""/127}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001fb8)={0x1, 0x5, &(0x7f0000003000)=@framed={{0x18}, [@alu={0x5}], {0x95}}, &(0x7f000000b000)='syzkaller\x00', 0x7e0, 0x2bc, &(0x7f0000002f19)=""/231}, 0x48) 2018/02/27 09:00:42 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='setgroups\x00') sendfile(r0, r0, &(0x7f00003a7000), 0x400000ff) 2018/02/27 09:00:42 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) inotify_init1(0x0) r1 = syz_open_procfs(0x0, &(0x7f0000aabff1)='net/ipv6_route\x00') bind$alg(r0, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha1\x00'}, 0x58) r2 = accept4$alg(r0, 0x0, 0x0, 0x0) sendfile(r2, r1, &(0x7f0000a2effc), 0x1000) 2018/02/27 09:00:42 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) inotify_init1(0x0) r1 = syz_open_procfs(0x0, &(0x7f0000aabff1)='net/ipv6_route\x00') bind$alg(r0, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha1\x00'}, 0x58) r2 = accept4$alg(r0, 0x0, 0x0, 0x0) sendfile(r2, r1, &(0x7f0000a2effc), 0x1000) 2018/02/27 09:00:42 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='setgroups\x00') sendfile(r0, r0, &(0x7f00003a7000), 0x400000ff) 2018/02/27 09:00:43 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820faeb995298992ea54c7beef9f5d56534c90c2", 0x18) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000925000)=[{0x0, 0x0, &(0x7f0000d60f80)=[], 0x0, &(0x7f0000f06000)=[@assoc={0x18, 0x117, 0x4, 0x20}], 0x18}], 0x1, 0x0) sendmsg$can_raw(r1, &(0x7f0000477000)={&(0x7f0000523000)={0x1d}, 0x10, &(0x7f0000f9f000)={&(0x7f00002d5fb8)=@canfd={{}, 0x0, 0x0, 0x0, 0x0, "78107cf7ba34bb907619bca78c327758e0977d56a0428fcd2086f76c15e8bbf0272ad8184a3924c666339f8e3d1c1631d81bb612a655343ecf2221f317fc71e1"}, 0x36}, 0x1}, 0x0) recvfrom(r1, &(0x7f000069cfc1)=""/63, 0x1a, 0x0, &(0x7f0000098000)=@ipx={0x4, 0x0, 0x0, "e262589dfba5"}, 0xfdbb) 2018/02/27 09:00:43 executing program 7: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820faeb995298992ea54c7beef9f5d56534c90c2", 0x18) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000925000)=[{0x0, 0x0, &(0x7f0000d60f80)=[], 0x0, &(0x7f0000f06000)=[@assoc={0x18, 0x117, 0x4, 0x20}], 0x18}], 0x1, 0x0) sendmsg$can_raw(r1, &(0x7f0000477000)={&(0x7f0000523000)={0x1d}, 0x10, &(0x7f0000f9f000)={&(0x7f00002d5fb8)=@canfd={{}, 0x0, 0x0, 0x0, 0x0, "78107cf7ba34bb907619bca78c327758e0977d56a0428fcd2086f76c15e8bbf0272ad8184a3924c666339f8e3d1c1631d81bb612a655343ecf2221f317fc71e1"}, 0x36}, 0x1}, 0x0) recvfrom(r1, &(0x7f000069cfc1)=""/63, 0x1a, 0x0, &(0x7f0000098000)=@ipx={0x4, 0x0, 0x0, "e262589dfba5"}, 0xfdbb) 2018/02/27 09:00:43 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000fdf000)={0x26, 'hash\x00', 0x0, 0x0, 'md5\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) r2 = open(&(0x7f00004b8ff8)='./file0\x00', 0x28042, 0x0) fallocate(r2, 0x0, 0x0, 0x4) sendfile(r1, r2, &(0x7f0000e64ff8), 0x8) pread64(r2, &(0x7f0000c6f000)=""/194, 0xc2, 0x0) 2018/02/27 09:00:43 executing program 3: r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'syz_tun\x00', &(0x7f0000000000)=ANY=[@ANYBLOB='\b']}) mq_timedsend(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000180)={0x0, 0x1c9c380}) 2018/02/27 09:00:43 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000c56000)={0xaa}) mmap(&(0x7f0000011000/0x4000)=nil, 0x4000, 0x3, 0x32, 0xffffffffffffffff, 0x0) 2018/02/27 09:00:43 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f000014dfc8)={&(0x7f0000e60000)={0x10}, 0xc, &(0x7f00006eaff0)={&(0x7f0000fc3dec)=@updpolicy={0xfc, 0x19, 0x403, 0xffffffffffffffff, 0xffffffffffffffff, {{@in=@empty, @in=@rand_addr, 0x4e20, 0x0, 0x4e20, 0x0, 0xa}}, [@tmpl={0x44, 0x5, [{{@in=@broadcast=0xffffffff, 0xffffffffffffffff, 0xff}, 0x0, @in=@rand_addr, 0xffffffffffffffff, 0x3}]}]}, 0xfc}, 0x1}, 0x0) 2018/02/27 09:00:43 executing program 6: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00006a4ff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) pipe2(&(0x7f000063bff8)={0x0, 0x0}, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r4 = dup3(r3, r2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000decfe0)={0x10005, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000460fe4)={0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x805}) mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x1000004, 0x32, 0xffffffffffffffff, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f00000d5000/0x18000)=nil, &(0x7f0000de9000)=[@text64={0x40, &(0x7f0000bfefbf)="0f20d835200000000f22d80f0118470f35f3ab77644ebe0f59128182818201bc8c6a000000674b0f015e9dc483996ba7d900f300004f4f21ae5ddc", 0x3b}], 0x1, 0x0, &(0x7f0000753ff0)=[], 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 2018/02/27 09:00:43 executing program 2: sched_setaffinity(0x0, 0x8, &(0x7f0000000040)) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/02/27 09:00:43 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820faeb995298992ea54c7beef9f5d56534c90c2", 0x18) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000925000)=[{0x0, 0x0, &(0x7f0000d60f80)=[], 0x0, &(0x7f0000f06000)=[@assoc={0x18, 0x117, 0x4, 0x20}], 0x18}], 0x1, 0x0) sendmsg$can_raw(r1, &(0x7f0000477000)={&(0x7f0000523000)={0x1d}, 0x10, &(0x7f0000f9f000)={&(0x7f00002d5fb8)=@canfd={{}, 0x0, 0x0, 0x0, 0x0, "78107cf7ba34bb907619bca78c327758e0977d56a0428fcd2086f76c15e8bbf0272ad8184a3924c666339f8e3d1c1631d81bb612a655343ecf2221f317fc71e1"}, 0x36}, 0x1}, 0x0) recvfrom(r1, &(0x7f000069cfc1)=""/63, 0x1a, 0x0, &(0x7f0000098000)=@ipx={0x4, 0x0, 0x0, "e262589dfba5"}, 0xfdbb) 2018/02/27 09:00:43 executing program 3: r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'syz_tun\x00', &(0x7f0000000000)=ANY=[@ANYBLOB='\b']}) mq_timedsend(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000180)={0x0, 0x1c9c380}) [ 34.449278] kasan: CONFIG_KASAN_INLINE enabled [ 34.454050] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 34.461467] general protection fault: 0000 [#1] SMP KASAN [ 34.466999] Dumping ftrace buffer: [ 34.470525] (ftrace buffer empty) [ 34.474224] Modules linked in: [ 34.477407] CPU: 0 PID: 5637 Comm: syz-executor6 Not tainted 4.16.0-rc3+ #331 [ 34.484664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.494016] RIP: 0010:hrtimer_active+0x1da/0x3c0 [ 34.498744] RSP: 0018:ffff8801b66173c0 EFLAGS: 00010202 [ 34.504087] RAX: 0000000000000008 RBX: 1ffff10036cc2ea5 RCX: ffffffff81610225 [ 34.511332] RDX: 0000000000010000 RSI: ffffc90005181000 RDI: 0000000000000010 [ 34.518577] RBP: ffff8801b6617500 R08: 0000000000002c02 R09: 0000000000000000 [ 34.525826] R10: 0000000000000011 R11: ffffed003b246078 R12: 0000000000000010 [ 34.533072] R13: 0000000000000000 R14: ffffed0036cc2e83 R15: dffffc0000000000 [ 34.540319] FS: 00007f4d8918d700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000 [ 34.548520] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 34.554377] CR2: 00007f4d8914b000 CR3: 00000001bb8de004 CR4: 00000000001626f0 [ 34.561623] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 34.568867] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 34.576114] Call Trace: [ 34.578695] ? hrtimer_forward+0x2d0/0x2d0 [ 34.582909] ? vmx_update_msr_bitmap+0x13a/0x430 [ 34.587653] ? setup_msrs+0x926/0x1d80 [ 34.591517] ? vmx_set_cr4+0x353/0x610 [ 34.595398] hrtimer_try_to_cancel+0x91/0x5b0 [ 34.599871] ? update_exception_bitmap+0x19a/0x200 [ 34.604777] ? __hrtimer_get_remaining+0x1c0/0x1c0 [ 34.609682] ? vmx_vcpu_reset+0x55f/0xc70 [ 34.613808] ? load_vmcs12_host_state+0x1fa0/0x1fa0 [ 34.618807] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 34.623639] ? kvm_arch_vcpu_load+0x1c1/0x8d0 [ 34.628111] ? futex_wake+0x680/0x680 [ 34.631893] hrtimer_cancel+0x22/0x40 [ 34.635672] kvm_lapic_reset+0x93/0xf40 [ 34.639628] ? kvm_lapic_set_base+0x750/0x750 [ 34.644100] ? kvm_arch_vcpu_free+0x80/0x80 [ 34.648412] kvm_arch_vcpu_setup+0x31/0x50 [ 34.652626] kvm_vm_ioctl+0x52d/0x1cf0 [ 34.656500] ? hash_futex+0x15/0x210 [ 34.660198] ? kvm_set_memory_region+0x50/0x50 [ 34.664760] ? kfree+0xf3/0x260 [ 34.668025] ? get_futex_key+0x1d50/0x1d50 [ 34.672236] ? trace_hardirqs_on+0xd/0x10 [ 34.676368] ? perf_trace_lock_acquire+0xe3/0x980 [ 34.681202] ? perf_trace_lock+0x900/0x900 [ 34.685427] ? trace_hardirqs_off+0x10/0x10 [ 34.689728] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 34.694744] ? find_held_lock+0x35/0x1d0 [ 34.698797] ? __fget+0x342/0x5b0 [ 34.702229] ? lock_downgrade+0x980/0x980 [ 34.706359] ? lock_release+0xa40/0xa40 [ 34.710315] ? __lock_is_held+0xb6/0x140 [ 34.714375] ? __fget+0x36b/0x5b0 [ 34.717821] ? iterate_fd+0x3f0/0x3f0 [ 34.721596] ? check_same_owner+0x320/0x320 [ 34.725897] ? get_unused_fd_flags+0x190/0x190 [ 34.730457] ? rcu_note_context_switch+0x710/0x710 [ 34.735376] ? kvm_set_memory_region+0x50/0x50 [ 34.739934] do_vfs_ioctl+0x1b1/0x1520 [ 34.743802] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 34.749057] ? ioctl_preallocate+0x2b0/0x2b0 [ 34.753448] ? selinux_capable+0x40/0x40 [ 34.757495] ? SyS_futex+0x1fb/0x390 [ 34.761204] ? security_file_ioctl+0x7d/0xb0 [ 34.765588] ? security_file_ioctl+0x89/0xb0 [ 34.769987] SyS_ioctl+0x8f/0xc0 [ 34.773334] ? do_vfs_ioctl+0x1520/0x1520 [ 34.777463] do_syscall_64+0x281/0x940 [ 34.781329] ? __do_page_fault+0xc90/0xc90 [ 34.785541] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.790019] ? finish_task_switch+0x1c1/0x7e0 [ 34.794492] ? syscall_return_slowpath+0x550/0x550 [ 34.799402] ? syscall_return_slowpath+0x2ac/0x550 [ 34.804313] ? prepare_exit_to_usermode+0x350/0x350 [ 34.809309] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 34.814656] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.819491] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 34.824654] RIP: 0033:0x453d69 [ 34.827818] RSP: 002b:00007f4d8918cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 34.835500] RAX: ffffffffffffffda RBX: 00007f4d8918d6d4 RCX: 0000000000453d69 [ 34.842745] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000014 [ 34.849991] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 34.857237] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 34.864482] R13: 000000000000020e R14: 00000000006f31f0 R15: 0000000000000000 [ 34.871753] Code: ff ff 48 8d 85 18 ff ff ff 48 c1 e8 03 4e 8d 34 38 e8 1b f2 0f 00 48 8b 85 f0 fe ff ff c6 00 00 48 8b 85 d8 fe ff ff 48 c1 e8 03 <42> 80 3c 38 00 0f 85 c2 01 00 00 48 8b 85 e8 fe ff ff 48 8b 58 [ 34.890988] RIP: hrtimer_active+0x1da/0x3c0 RSP: ffff8801b66173c0 [ 34.898624] ---[ end trace 6396865b52e3f016 ]--- [ 34.903413] Kernel panic - not syncing: Fatal exception [ 34.909240] Dumping ftrace buffer: [ 34.912751] (ftrace buffer empty) [ 34.916431] Kernel Offset: disabled [ 34.920027] Rebooting in 86400 seconds..