r1, 0x8903, &(0x7f0000000000)=0x0) ioctl$sock_FIOSETOWN(r1, 0x8901, &(0x7f0000000040)=r2) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) setsockopt$inet_mtu(r1, 0x0, 0xa, &(0x7f0000000100)=0x7, 0xfffffffffffffd26) 2018/04/09 20:46:54 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ff", 0x24}], 0x1) [ 127.589377] binder: 11764:11768 ioctl 40046207 0 returned -16 [ 127.619412] binder_alloc: 11764: binder_alloc_buf, no vma [ 127.625123] binder: 11764:11796 transaction failed 29189/-3, size 40-8 line 2963 2018/04/09 20:46:55 executing program 4: r0 = syz_open_dev$audion(&(0x7f00000001c0)='/dev/audio#\x00', 0x8, 0x0) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffff9c, 0x84, 0x6, &(0x7f0000000200)={0x0, @in={{0x2, 0x4e20, @loopback=0x7f000001}}}, &(0x7f00000002c0)=0x84) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f00000004c0)={0x58b, 0xffffffffffffffff, 0x8000, 0x401, 0xe8e, 0x8, 0x40000, 0xbe, r1}, 0x20) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$int_out(r2, 0x2, &(0x7f0000000700)) mkdir(&(0x7f0000fb3000)='./file0\x00', 0x0) mount(&(0x7f0000463000)='./file0\x00', &(0x7f000078eff8)='./file0\x00', &(0x7f0000000140)='hugetlbfs\x00', 0x0, &(0x7f0000e2ef53)) perf_event_open(&(0x7f0000348f88)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) umount2(&(0x7f0000000040)='./file0\x00', 0x4) fchmodat(r0, &(0x7f0000000800)='./file0/file0\x00', 0x0) umount2(&(0x7f0000a23000)='./file0\x00', 0x0) mkdir(&(0x7f00000003c0)='./file1\x00', 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) readlinkat(r0, &(0x7f0000000540)='./file0\x00', &(0x7f0000000740)=""/180, 0xb4) add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a, 0x0}, 0x0, 0x0, 0xfffffffffffffffb) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000180)='sit0\x00', 0x10) sendto$llc(r2, &(0x7f0000001200)="23fc6fc99e714e9e6fd43f8fa21f888d6780b8afbd16cba03a5f74b797b2e11ce2a94b20b5d46d25376b83438a9c8218549b068f3337eae22002f13adeb6497a0813d251b7ec9e7a6415673b171ad97eafc5ec869eb20568b5b9ee287e8b232d31fc366e93fb3e0f8348604579e79170cf70902ebb86fe17923c1de8df09083b5364e4794f3cebf08a7869c48bb90fd6b5e81c45", 0x94, 0x0, &(0x7f00000012c0)={0x1a, 0x308, 0x8001, 0x1000000004b7, 0x4, 0x5}, 0x5) 2018/04/09 20:46:55 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0xffffffffffffff7f, 0x84000) 2018/04/09 20:46:55 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x20199000) 2018/04/09 20:46:55 executing program 2: r0 = socket$inet(0x2, 0x840000000003, 0x5) r1 = dup(r0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) write$binfmt_elf32(r1, &(0x7f0000000000)={{0x7f, 0x45, 0x4c, 0x46, 0x9, 0x1390, 0x3, 0x5, 0xffffffffffff0000, 0x2, 0x3, 0x100000000, 0x18c, 0x38, 0x306, 0x100000000, 0x7ff, 0x20, 0x2, 0x81, 0x200000000000, 0x100000000}, [{0x5, 0x4, 0x80000001, 0x0, 0xffff, 0x9, 0x1, 0x3941f4d1}, {0x6474e553, 0x8e6, 0x9, 0x1039, 0x8, 0x7, 0x4, 0xffffffffffff7fff}], "65f11225917f7476ffb93978dd14936fbc3a0695f2e1b8155c3ae73b5315290213dd834d057804724f05d671a2"}, 0xa5) 2018/04/09 20:46:55 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000", 0x36}], 0x1) 2018/04/09 20:46:55 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_ifreq(r0, 0x8991, &(0x7f00000000c0)={'bond0\x00', @ifru_names='ip6_vti0\x00'}) r1 = open(&(0x7f0000000000)='./file0\x00', 0x40000, 0x2) setsockopt$l2tp_PPPOL2TP_SO_LNSMODE(r1, 0x111, 0x4, 0x1, 0x4) linkat(r1, &(0x7f0000000040)='./file0\x00', r1, &(0x7f0000000080)='./file1\x00', 0x1000) 2018/04/09 20:46:55 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) prctl$setname(0xf, &(0x7f0000000000)='/dev/binder#\x00') mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB]], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) r1 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000080)={0x73, 0x79, 0x7a, 0x1}, 0x0, 0x0, 0xfffffffffffffffc) r2 = add_key(&(0x7f0000000140)='id_resolver\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x0}, &(0x7f00000002c0)="6481e425b30c490db5e8a53057b80daac1b36fcbd9120d182c82b3b79ef8fcbe73ba99033e7cb03bbcedcef60b0de07358f3d050dafb0059e56ef77ad359e305a7509aa182b60d46cb2eead245adcda0c7", 0x51, 0x0) keyctl$search(0xa, r1, &(0x7f00000000c0)='cifs.spnego\x00', &(0x7f0000000100)={0x73, 0x79, 0x7a, 0x2}, r2) 2018/04/09 20:46:55 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x42, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000040)) r1 = epoll_create1(0x0) sendmsg$nl_generic(r0, &(0x7f0000001200)={&(0x7f0000000080)={0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x10c0, 0x41, 0x407, 0x70bd2b, 0x25dfdbff, {}, [@nested={0x10ac, 0x59, [@typed={0xc, 0x12, @u64=0x7fffffff}, @typed={0x8, 0x5c, @fd=r1}, @generic="3211944fd1a992e6a008a0509f3114303cba11ca5e1ed45995b02651036fe9c1ca5a4d39903cc00e7b216cea661405d836caddeaabbf31358bf616e075f0fba0e675da6a641843ef9279136ac5f86e7984c53563c5bfed12eae94480fa24be446961a7092d43d1e5aa356b63662ce22b47e0681ccc2e248db9086e28350c0fcfc0358fd08f133716b18a901d87ea01d666fd47f6aaffd104576bb9ccca6462afb74b53a4e503c55d8991e3610b08c7e3e3269ae7bbca6c87a8dfff9cf29d6a1b92d83412c55cc0751137a63d9c846feb5a709d6d570205e32566554b56e22aee4f4a7a7736632175d197eeeb85f7d5c887f2df94f0ed9bf3107a51e11befd8ebaa49b1f645a8a4ad2f3d2d3534ba2fa28c5511abab6dc65a0b75835c6467aa244a72493c50e3555574ed5ed7794240eae87fdfd3c695e891c9eff9e521e89859a17bab593379bfaef275b8640177c10b3d8691252e3cdb1c497f788675744661c0deb2ce53c1756d287971b6104f54020a89d518e158840da7432df04457b6b3ca3a332ab027ee7c8c15952be69726aa7c76d36f71d30b683155428e25dee2f6934bb1f9f2215383f5080811921c9e2e7020b8b5260f6793a4da4c85840d26aa751f21433c83d0e31dbd5a34fed07d5bb20a78e57f29b4db118fd8a4bf6b33764641bca1781efa7afa74788953186c861636eb1ba935622c216936aba7f398bb09eba5d93ed4114e4d1ef2410717a1762789e9999314667f86a7fe0d252fb1e083179a26a16b44dd76256d8de64054f73d3aa2af9eabcc9c7f0c56b3baab9c79f56ccfed648656b192ee6c86b0fcf3b2beaaa29606c502cbc666a17b67e774f41dd1d563cfc0227c25e9d017b88aa5831bd1a811ed271b0a1e4ecb7425fa111f5d58c26555a167ff2e142e94044930ec7ea824dfe9e25d7a72a2f50a1be2380c2056e03887b4c29de144c00887935866bcc8ae76b8e0333d6d398803355061088f1729e6f8f8f511c90f3eb3b166396d8add3bee7260108aeb8be58f410da03e9142da07f9b6406666a1ad608fc04299748d3866a04a2251e6b34142edb5c824d269dad11f6e92ecbd04ca41b36fd67ce2a3d361a4aa5bb92e4dbae4de7132344f5c9baff6548978b72de49b91941b0c502185f229a74e6944cb70c370102fa441b8b1d913c0219d336df7dbab8f74246bd501c0dbff7a672ce3d0887689e79dfc70a1e83faa723108f39bd535968901492f7d81d0951b2ef1a845347e63aeeff5640ef9f4427d8ff77d2644b666e4f99e3c2c88fb3d3231ee28fa4f7c9da3d2682a015858a9914fef2a07f781dded7593b17b0e7463d10c1d5acb367dcdf519456f9702382d4d5bb7def099538a536b9265300a3e7d069d55f6ff820a671a04a7be08ec1561dd9d9f80b6cb2767b71cb565b14cda041e71bba92fd23f72b7d5e426862a88f4ce1859efc5d45e8be339448a1e01e0860236c60a894e4fd9194c9c03e60fe4758e79778882b8b55ccce43fc7411bd8aa309b088fd2a306c40b624e0dc3fd10232248debc55c4dcdd9745db2cd45b0e76ec42066a199fce444b7d0f10af3f94ec4ec7861e24d7a018000f26e60a35fca52af9d90700c005e7760d18e4551eec147391545e362c75d35aec2a9814aca5c0dffd9b4d30e0f053dfda666e2a900f52efc41f5bafab4b6f50627c0bc0071d5b7457b590a66edef6d10b4769154acf97dff7f6ed7184c0225110ebee80842a54386baa8253159364a9b1c455ca85aca67c34b1838a04cc3b5498accc9df1cf72db4f40948bd2ad5f74d772959d39019da2ffb57cb2b66697d8749d939d3f0abc313b52e2f2fb25bf9473516e7117fad598cb4605bd3bb58847a42ad7f25970f5ff79055c18c3c6559b5e2719cf3ad11810973cb6f06164485e7fef86746447337408fc1ffe4279a50169aeb5fdf3caa062aa47d1accd0ea4c02d20e37253eaf0a67c1540030349d24c4f6bc2950089861ee127bda3925521f4c72f9dd67ec63a7db75dc522a63ca4789ca5dc71276cc65e126b9328db7065774bb0672e059089b91ba8f0e42534330c4dd21df3ffb1908c7d4b5066dc0568f71b3ac4eae5e0eac6d19f3c21f0e86e124775f9e875c6a7e42fe9d0c70a7c785e47eef0ddc6c3ded76b5dacd307a26f0dbdc3ad25f69b60c2cb7a478c0cb09bd40789eea4129cd3a9bf5981b22f845cb01ee33496d66d5817e81a427c4585792b26d88279b0940072edc14688c8a3d08cef6232c407ba4d929ff9bc283f2a7d7150c3d866aa3ff08acc406c892fd41c1e43a575b1fc58154ccef7c2f45dce5dde45f4cdb7de7accd729b4d11ffba628f15c3107f356c9786a1d0597f9b85f16b78b17acdd6eabba212671f961aa57608343d5f29be7a1e8835c74b389fe83d4e953c87937809d5909657d8433f71fbbe2875c5fa7c3f1df513f39cdc7843d34423333dd52f0a5db8965844c116cc37c750fff8fe3d6fa547b1a2fd56897c4435b3ce089a58d36a6a4807d19b0b85d5b52c5b51881ed18b2a3f7c70c571f76f2d28ac883b443510fb8775c20b56a0381a71b709e3973a97ccaa0accb057351d66c9b0c64b9c02aa5c4c26b6d580faa2f2aef7ba3082556113524714c4a5404f86938bc0024947a969dd234858ed69e9f55e4e561126848e1f03f49f223efc6ac91bbd742b5bbb889519eb0eabe191c63d030b365e5b1b313981d2e720cd584eecc1b342360634cc8f16f7a1d5abf0dfa74dea5e6e7af87bc515edc615bc6f2b5e072c94956e31b16f1807b73f502a4843d9809c66d0220000350362951419ce0e8036aceb391b3985b67803cd011578a84aef6c8dedc76c3bdb02327de668db843a5add60ea911780cd9df527ca53b3cdf001852b1125494b80f13a6f5201dd5a7032ce41e1177d2cd4ce7ab328b52833fa4a8bc8265d3dd8c04c8c3fdbad2fa9de1e05a841a5d704d6adccebcede2631de194f4da80670ed5ad933277d488087718e05969cb042d7c93d04453edc412b52ce5e1f6bff53c611819c0913e7173a6dfd38974ae3bf2a14ac0fc21a84c77cb74f06d192213d0726be02c3044924889a8b22c1579b226015963b63ab0a510dd2f4df92b1bb1de68eb2ca25d853d7f4a37b70c90269f118891ca65912fe310f886e87a45aef867e4e8436fd0c45f83ca3166c0a4e7cef829b8215624f8698d3c1a0b5d257c091eb561fe79f52f270e159b5ad436899697ea2eaa84d235c610fb189748bdaf9295d4808c6850ff792590a87950d24f6b5dfa3694469d15dcff5d0362d3a710f0c9110719af2f6fc095b77382fbac28415d431150d92fc136480a9c71c3317f6fd98a7d3f446581313da0fd6b3a8110260c8e53c643ebd530dbcd2c316146827ea824449f2764cae0969c7daf9a2547ceadb4be39cf2b95c0188f177e0dfd1e2b05924d15c66f737eb812d7d9a92d43c7d793ded8383cda73bd37044cba526b8ae84b72a6ae0b3fa80e49992f728da5b14fb19c70ba78fb2493633099c974d8088f51d184ed5558dc74cccfc99d36fe384a0594d30189ed272fb37e974b7258fa6615572a2e2ca8e636a9703d6cc17145fa8e2f7e5839032a9bedbb814284be45e8f5c690064bc5eaa782c562ee2bd8c5831550f3826af584b6bd996ee652f34f6fae305fe5883af5c503c7d216655ba84c309144e9c086f94444ae3b60d722ebfe0d66392f3fbc797aeeb7727f6d42f87bb369cfbceaa0be103db84f1d4cd6a4df1ca2f9bc6408aad7defa115073be554cf40befd2b3b74e1f3b44393200f8255bb27c81368afe8f5dfa6f7203275a8e786f6e1cd2b451d69c9aa7ccb32994529d842611500cc4e3ead6185db6865699077b1cb7fa9bd0515e3a2f7b263182e21367cb5c02f9ea6fcb7337ba0d78afcba9d911cda695a1cfa8e9bc3ce2bf49cfabb5e5c103451b35b1d866aaadc5247efbc0790e65dfd1b9c465f76968877350ade6bad2dcde778274d3a5c7126824cfce7ac02c21362ed6e32d6b3fa79d243fa96c58c0c347c9784ee8245913ce20eb7827d08783def2c731df0e25f7926e7a5eae2e0b3919e7950fdf9e8372e96ebad62db8eb0b6406cc75938500302fffd7cdfb40d120bc63c64eb9b608226cb8339e15b0e997d1400808da41ceb960648766530eba1f42744d0592be40e65a4155686c0255b0f7c14699fa6b33a383963318f6afb38153e58e769a06e14ec34fa1e1f04b69fc253ca0b1170779a43804febd4b1b441bc47b67eddce9c9a06d003097d2a09b8897ba03fee3f144b72ba3b55df6efd83d19145ae27fc2666925872162898e1efddeb8d96db52421fd18500dca6e66271aa487df035d9569f70e39c2014a56744bd7020ae6a56c6f3beb70b320a0fead817913a2a2b2f60875a6d56f453e3f5a49b06ff92ccd806fcc6bc88700d052ffb32cc42871a21c7ae769d869088d2d87453c438283cb61e107312f56b09cbdbf36d04fad4f3af5742c09f482ed1defc23c15401a83e7279d5b15bb27e2cf749572d2c6060bcfac57331508b1b8f898f77aa63cb991b4ce1e1708464063cfa531956d713b34516deba0e67b12e782c56b9d2211f6cb2fe9232e24682ebd84ea07ce04d0147eac2858ec638d50f2c93bedf7d2129ba332161cc999935be21453d725862718fd6e55f56c12b91c25cc13c28c8ef0b0f5894c768ffe7724a6889ade2bc2c2a2af8513daa753b25788e62560c3eaf5e61a33d9bb9a79f14c2acda6596e3547ce7d1d5f7ae8ebb6198d326da5432348bb8b5feed8c8bf7581242bff439f65e621d292772d35f1eac44879dfb8de85e6898e680c85015ab9864fc25f0965bcbfb8552992744a2b00fdd170c9def564a632dbba7a9d1151499eee46deb30a068e8f03a8413b6b7c00344fb257f8736499f7e519f5a4eaa28f675fe604d111613c4b993037410886c21c6e1cbab1969b39e6cfba519d1a9fbe480d2754e52701e860af82380b8fe65807436d6d81d80f0cd8eebf7ae2b850eaf4a401845a2f6c1f182e6172fc770beefcc8e56904cee6ccc01269a1f9780246d212d57f9416721d674afb6b9a3ade9f5815f1f29604686273bab7feb813ac5170a3a32a41253e52e3c204fd79299baa881fcb682ff0293945b16f6117a68ca013107d0baabf577d2a3b4ec558fd50e1d80ab24afd21583e53d6f6b3754685feb433afa1f95d6665eae724d103933a1dbbd0a637abe168c7a55dc299ce5fbadf219dcf1e4b57090748e5d1c3f043e7c08edd2ea028647a00ba5c83170ea734030105a2b10a25388d0b9a0293dd0dc20b97f48c6e490e54e4bf16fa113f7238dd72b92bdbf181e6498920c42e7ea70f22ab66fdea90fb681b6c48d72093214b0e3ad6b803e0539f1517a89b16aef7c101a3ed3cf8ff006b25b0cdfd808a04bd4c52cb6e17ff713f220112805441dff3142d54d8411db72868e997341e99bfa30d5ddcfff9c19bd57ce120e30fea1ba1fd4439df91211438daf515d820c712bdf68d9c72a28db5174137b30764cd2960a8c6e023409739af0872b487c5545675758760a59175c0e3fbedd8ead05bc8f8dd869a591064e4534c7f1dc0df6c7d8587478977ffa5e0283744c2bd3c81b916d46d540b75616ea0c493a8d4a98cafb968e5b9dd71408e4a9bd24cd4b04cff91f84c7be45a908f0bc11c73a6879538c7495b595496d405cd0d39e9a96f5b6a7336aee3820ad155271924439b6140cff0ad10f245b1f49789f81e148a128b1021805ded2db07745ed97fb309e3f", @typed={0xc, 0x6, @u64=0x8}, @generic="11c7daba6f861fae9bab26f1bc631e6ee19d3c2254a9be681e9f88176bcf40ae8017aa51cb4a81d2d0a7ad6ba09bc5c73b0695a245be39c08e3451085788d497d201b9bf720677707482d854a05400dcd06f32bb9b5fb856095617526e20220033f6ce8a78533c95dd2357b5a5d7a3e4081a68802ac59a35a337360e831a3a0907280ea612f1a6f0"]}]}, 0x10c0}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000) ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0106426, &(0x7f0000001280)={0x6, &(0x7f0000001240)=[{}, {}, {}, {}, {}, {}]}) epoll_ctl$EPOLL_CTL_ADD(r1, 0xa000, r0, &(0x7f0000d56ff4)={0x30000001}) epoll_create1(0x80000) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000001840)=@nat={'nat\x00', 0x19, 0x3, 0x518, [0x20001300, 0x0, 0x0, 0x20001330, 0x20001538], 0x0, &(0x7f00000012c0), &(0x7f0000001300)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x2, 0x892f, 'teql0\x00', 'syzkaller0\x00', 'lo\x00', 'ifb0\x00', @random="fef6078ba527", [0xff, 0x0, 0xff, 0x0, 0x0, 0xff], @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [0xff, 0xff, 0x0, 0x0, 0x0, 0xff], 0xa8, 0xa8, 0x1d8, [@mac={'mac\x00', 0x10, {{@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xe}}}}]}}, @common=@SECMARK={'SECMARK\x00', 0x108, {{0x1, 0x7, 'system_u:object_r:netlabel_mgmt_exec_t:s0\x00'}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffc, 0x2, [{{{0x5, 0x50, 0x921f, 'ip_vti0\x00', 'ip6tnl0\x00', 'yam0\x00', 'irlan0\x00', @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [0x0, 0x36a41f8795b036bf, 0xff, 0xff, 0x0, 0xff], @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x16}, [0xff, 0x0, 0x0, 0xff, 0xff], 0xb8, 0x140, 0x178, [@limit={'limit\x00', 0x20, {{0x7f, 0x80000001, 0x4, 0x6, 0xfff, 0x113be3a30000000}}}]}, [@common=@IDLETIMER={'IDLETIMER\x00', 0x28, {{0x1a3, 'syz0\x00', 0xdb64}}}, @snat={'snat\x00', 0x10, {{@remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, 0x10}}}]}, @arpreply={'arpreply\x00', 0x10, {{@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, 0xfffffffffffffffd}}}}, {{{0xb, 0x4, 0x200, 'ip6tnl0\x00', 'yam0\x00', 'teql0\x00', 'vcan0\x00', @random="295378984bb9", [0xff, 0x0, 0xff, 0xff], @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [0x0, 0x0, 0x0, 0xa1fc5c09815f30c0, 0xff, 0xff], 0x70, 0xf0, 0x138}, [@snat={'snat\x00', 0x10, {{@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x13}}}}, @common=@ERROR={'ERROR\x00', 0x20, {"f0f546b89a43b19d3373ed481e77e371c622445f23a030dac30b4c38a094"}}]}, @common=@RATEEST={'RATEEST\x00', 0x20, {{'syz0\x00', 0x1, 0x3, 0x100000001}}}}]}]}, 0x590) [ 127.789635] binder: undelivered TRANSACTION_ERROR: 29189 2018/04/09 20:46:55 executing program 2: r0 = socket$inet(0x2, 0x840000000003, 0x8) r1 = dup(r0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000b00)=@nat={'nat\x00', 0x19, 0x1, 0x9d0, [0x20000100, 0x0, 0x0, 0x20000130, 0x20000160], 0x0, &(0x7f0000000040), &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x50, 0xedff, 'tunl0\x00', 'bcsf0\x00', 'ip6tnl0\x00', 'teql0\x00', @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [0x0, 0xff, 0x0, 0x0, 0xff], @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [0xff, 0xff, 0x0, 0x0, 0xff, 0xff], 0x890, 0x8c0, 0x910, [@realm={'realm\x00', 0x10, {{0x6, 0x3}}}, @u32={'u32\x00', 0x7c0, {{[{[{0x47b93c3d}, {0x2, 0x3}, {0x1, 0x2}, {0x1aac, 0x1}, {0x80000001, 0x3}, {0x6, 0x1}, {0x8000}, {0x3, 0x1}, {0x51}, {0x3fae}, {0x0, 0x3}], [{0x81, 0xfff}, {0x1, 0xc1df}, {0x1, 0x1}, {0x6919, 0x9}, {0xfffffffffffffff7, 0x7f}, {0x2}, {0x6, 0x4}, {0x6bd3, 0x91}, {0x633, 0x2}, {0x3, 0x80000000}, {0xffff, 0x9}], 0xa, 0x1}, {[{0x2}, {0xffffffffffff8d08}, {0x1}, {0x3, 0x3}, {0x81, 0x1}, {0x5, 0x3}, {0x8, 0x1}, {0x101, 0x1}, {0x3}, {0x100, 0x2}, {0x8, 0x1}], [{0x10000, 0x4}, {0x81, 0x7}, {0xff, 0x7}, {0x6, 0x7ff}, {0x20, 0x1}, {0x8, 0x8}, {0x8, 0x80}, {0x1}, {0xf1, 0x7}, {0x10000, 0x81}, {0x3ff, 0xff}], 0x5, 0x8}, {[{0x7f, 0x3}, {0x7, 0x3}, {0x85c}, {0x7, 0x2}, {0x6, 0x1}, {0xb4, 0x3}, {0x5d}, {0xadf, 0x3}, {0x0, 0x2}, {0x5, 0x2}, {0x8, 0x2}], [{0x1, 0x7}, {0x6, 0x7fff}, {0x80000001, 0x8000}, {0x3, 0x8001}, {0x7, 0x1}, {}, {0x0, 0x7}, {0xffff, 0x3ff}, {0xbeea, 0x6}, {0x101, 0x4}, {0x0, 0x3ce}], 0xa, 0x1}, {[{0x5}, {0x7c, 0x1}, {0x101, 0x2}, {0x2, 0x2}, {0x5, 0x3}, {0xa4c, 0x2}, {0x5, 0x3}, {0x1, 0x3}, {0x8000, 0x2}, {0xd46, 0x3}, {0x80, 0x3}], [{0x6, 0x1f}, {0x4, 0x6}, {0x10000, 0x7}, {0x3ea8, 0xff}, {0x7, 0x7fff}, {0x3, 0x7ff}, {0x4, 0x8001}, {0x7, 0xe7}, {0x400, 0x2}, {0x7, 0xa23}, {0x435f, 0xfff}], 0xa, 0x8}, {[{0x8001, 0x3}, {0x100, 0x2}, {0x3, 0x3}, {0xffffffffffffff7f, 0x1}, {0x6f285510}, {0x81, 0x3}, {0x8000, 0x3}, {0x7, 0x3}, {0xfff, 0x2}, {0x7fff, 0x3}, {0x3, 0x2}], [{0x0, 0x6}, {0x1, 0x1000}, {0x8, 0xb2e}, {0xcd3, 0x5}, {0x9562, 0x6}, {0x1, 0x6}, {0xb34, 0x3}, {0x3}, {0x7, 0xfff}, {0x3, 0x6}, {0x1, 0x10000}], 0x6, 0x7}, {[{0x3, 0x2}, {0x5, 0x3}, {0x0, 0x3}, {0x3, 0x2}, {0xa640, 0x3}, {0x800, 0x3}, {0x4, 0x3}, {0x0, 0x2}, {0x800, 0x3}, {0x2}, {0x3, 0x3}], [{0x4, 0x8000}, {0xefc0, 0x80000000000000}, {0x8000, 0xffff}, {0x7, 0x62490fb7}, {0x6, 0x100000001}, {0x6}, {0x0, 0xee5d}, {}, {0x5, 0x1ff}, {0x9, 0x7}, {0x1, 0x4}], 0x2, 0x9}, {[{0x9, 0x3}, {0x1}, {0x1, 0x3}, {0x8, 0x3}, {0x3, 0x3}, {0x2, 0x1}, {0x8001}, {0x3, 0x2}, {0x4, 0x1}, {0xfffffffffffffffd, 0x3}, {0x5, 0x3}], [{0x5, 0x1000}, {0xa79, 0x7fff}, {0xd6b, 0x100000001}, {0x6, 0x8}, {0x1f, 0x2}, {0xffff, 0x2}, {0x2, 0x5}, {0x99d5, 0x7}, {0xeb6d, 0x6}, {0x1, 0x2800}, {0x1, 0x3ff}], 0xb, 0x4}, {[{0x40, 0x1}, {0x7ff, 0x2}, {0x4}, {0x8c5}, {0x101}, {0x9, 0x2}, {0x2, 0x3}, {0x9}, {0xffffffffffffffff}, {0x2d95, 0x2}, {0x100000000, 0x3}], [{0x7, 0x9}, {0x10000, 0x9}, {0x4, 0x7}, {0x100000001, 0x5}, {0x8, 0x8a}, {0x7ff, 0x802}, {0x2, 0x66d2}, {0xffffffffffffffff, 0x9000000000000000}, {0x5, 0x2}, {0x5, 0x1}, {0x3, 0x3f}], 0x8, 0x3}, {[{0x3, 0x3}, {0x1, 0x1}, {0x80000001}, {}, {0x2, 0x3}, {0x3, 0x3}, {0x8, 0x2}, {0x9, 0x1}, {0xffff, 0x2}, {0x8001, 0x2}, {0x80000, 0x3}], [{0x2, 0x5}, {0x7fff, 0x200}, {0x3eeb, 0x80000001}, {0xf59}, {0x7, 0x4}, {0x6, 0x6}, {0x20, 0x9c}, {0xfffffffffffffffc, 0x1}, {0x5f, 0x3}, {0x37d3, 0x7}, {0x1000, 0x3}], 0x6, 0x3}, {[{0x8001, 0x2}, {0x800}, {0xc4e200000000}, {0xbe, 0x2}, {0xfffffffffffffffd, 0x3}, {0xfff}, {0xbdf}, {0xaf6, 0x3}, {0x5, 0x1}, {0x0, 0x3}, {0x2, 0x3}], [{0x20, 0xf55}, {0x1, 0x800}, {0x3, 0x8}, {0x96}, {0x80000000, 0x80000000000}, {0x0, 0x10001}, {0xfffffffffffffffc, 0x7c4a55f2}, {0x61b0, 0x3}, {0x1a59, 0x6}, {0x3, 0x401}, {0x100000000, 0x6}], 0x2, 0xb}, {[{0xffffffffffffffff, 0x3}, {0x3, 0x3}, {0x704f}, {0x7, 0x3}, {0x100000001, 0x2}, {0x3, 0x1}, {0x0, 0x3}, {0x5, 0x1}, {0x9, 0x2}, {}, {0x4, 0x1}], [{0x5, 0x3}, {0x3, 0x9}, {0xffffffff, 0x8}, {0xfffffffffffffff7, 0xe48}, {0x4, 0x6}, {0x1, 0x747}, {0x7f, 0x4a}, {0xfffffffffffffffd, 0x5}, {0x1, 0x9}, {0x80, 0x71}, {0x101}], 0xb, 0x7}], 0x7}}}]}, [@common=@redirect={'redirect\x00', 0x8, {{0xffffffffffffffff}}}]}, @common=@log={'log\x00', 0x28, {{0x582e, "7aa74a197831e00f016da45b5e92002f050f8efb11c32765dc523e1f7f8c", 0x4}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0xa48) socketpair$packet(0x11, 0x3, 0x300, &(0x7f0000000000)) 2018/04/09 20:46:55 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x40000000015, 0x5, 0x0) setsockopt(r0, 0x400000000114, 0x6, &(0x7f0000000ffc)="124b0007", 0x4) poll(&(0x7f0000017000)=[{r0}], 0x1, 0x0) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000180), &(0x7f00000001c0)=0x4) recvmsg(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)=""/156, 0x9c}], 0x1, &(0x7f0000000200)=""/250, 0xfa, 0x80000000}, 0x40012000) [ 127.890010] binder: 11835:11837 got transaction with invalid offsets ptr [ 127.915221] binder: 11835:11837 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:46:55 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000", 0x36}], 0x1) 2018/04/09 20:46:55 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e23}, 0xfffffffffffffe59) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:46:55 executing program 6: r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x802, 0x0) ioctl$KDGKBSENT(r0, 0x4b48, &(0x7f0000000100)={0x6, 0x101, 0x3}) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r1, &(0x7f0000002e00)=@create_id={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000002dc0)={0xffffffff}, 0x106, 0x4}}, 0x20) write$rdma_cm(r1, &(0x7f0000000700)=@notify={0xf, 0x8, 0xfa00, {r2, 0x13}}, 0x10) write$rdma_cm(r1, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), 0xffffffff, 0x0, 0x1, 0x4}}, 0x20) [ 127.973834] binder: BINDER_SET_CONTEXT_MGR already set [ 127.981663] binder_alloc: 11835: binder_alloc_buf, no vma [ 127.987351] binder: 11835:11845 transaction failed 29189/-3, size 40-8 line 2963 2018/04/09 20:46:55 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_SET_DIRECT_IO(r0, 0x40101283, 0x0) [ 128.052026] binder: 11835:11837 ioctl 40046207 0 returned -16 [ 128.067607] QAT: Invalid ioctl 2018/04/09 20:46:55 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x10) finit_module(r0, &(0x7f0000000080)=']nodev\x00', 0x1) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f000008cff4)='/dev/rfkill\x00', 0x0, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0xa000, r1, &(0x7f0000d56ff4)={0x30000001}) 2018/04/09 20:46:55 executing program 4: r0 = open(&(0x7f0000028000)='./control\x00', 0x0, 0x0) symlinkat(&(0x7f0000000000)='./control/file0\x00', r0, &(0x7f000034aff8)='./file0\x00') name_to_handle_at(r0, &(0x7f0000d64000)='./file0\x00', &(0x7f0000000040)=ANY=[@ANYBLOB="8b8562f3953c05000016000000"], &(0x7f0000583000), 0x0) [ 128.100053] QAT: Invalid ioctl [ 128.107134] x_tables: eb_tables: realm match: used from hooks POSTROUTING, but only valid from INPUT/FORWARD/OUTPUT/POSTROUTING 2018/04/09 20:46:55 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x2000, 0x0) ioctl$KDGKBDIACR(r1, 0x4b4a, &(0x7f0000000080)) r2 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r2, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r2, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r2, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:46:55 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000", 0x36}], 0x1) 2018/04/09 20:46:55 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x40000000015, 0x5, 0x0) setsockopt(r0, 0x400000000114, 0x6, &(0x7f0000000ffc)="124b0007", 0x4) poll(&(0x7f0000017000)=[{r0}], 0x1, 0x0) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000180), &(0x7f00000001c0)=0x4) recvmsg(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)=""/156, 0x9c}], 0x1, &(0x7f0000000200)=""/250, 0xfa, 0x80000000}, 0x40012000) 2018/04/09 20:46:55 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=ANY=[@ANYBLOB="0000000000000000f1ffffff", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="3f01000000000000"], 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) [ 128.226728] x_tables: eb_tables: realm match: used from hooks POSTROUTING, but only valid from INPUT/FORWARD/OUTPUT/POSTROUTING [ 128.239502] binder: undelivered TRANSACTION_ERROR: 29189 [ 128.246577] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:46:55 executing program 1: r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x7ff, 0xc2) ioctl$DRM_IOCTL_SET_VERSION(r0, 0xc0106407, &(0x7f0000000040)={0x4, 0x3f, 0x1, 0x8}) r1 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:46:55 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f000008cff4)='/dev/rfkill\x00', 0x0, 0x0) r1 = epoll_create1(0x80000) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x3, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0xa000, r0, &(0x7f0000d56ff4)={0x30000001}) 2018/04/09 20:46:55 executing program 2: r0 = socket$inet(0x2, 0x840000000003, 0xc) syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x10001, 0x0, &(0x7f0000001440), 0x88000, &(0x7f0000001500)={[{@errors_remount='errors=remount-ro', 0x2c}]}) lsetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)=ANY=[@ANYBLOB='gecurity.&!!%\x00'], &(0x7f0000000140)=',\x00', 0x2, 0x2) r1 = dup(r0) setsockopt$bt_l2cap_L2CAP_CONNINFO(r1, 0x6, 0x2, &(0x7f0000000000)={0x100, 0x7, 0x0, 0x8}, 0x33449a584b7ad695) bind$inet6(r1, &(0x7f0000001540)={0xa, 0x4, 0x3, @mcast1={0xff, 0x1, [], 0x1}, 0x3}, 0xe) 2018/04/09 20:46:55 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000040)=0x0) sched_setparam(r2, &(0x7f0000000080)=0x100) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:46:55 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x40000000015, 0x5, 0x0) setsockopt(r0, 0x400000000114, 0x6, &(0x7f0000000ffc)="124b0007", 0x4) poll(&(0x7f0000017000)=[{r0}], 0x1, 0x0) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000180), &(0x7f00000001c0)=0x4) recvmsg(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)=""/156, 0x9c}], 0x1, &(0x7f0000000200)=""/250, 0xfa, 0x80000000}, 0x40012000) 2018/04/09 20:46:55 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4", 0x3f}], 0x1) 2018/04/09 20:46:55 executing program 4: syz_mount_image$vfat(&(0x7f0000000200)='vfat\x00', &(0x7f00000001c0)='./file0\x00', 0xe004, 0x1, &(0x7f00000002c0)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401000200027000f8", 0x16}], 0x0, &(0x7f0000000580)) r0 = socket$inet6(0xa, 0xa, 0x3) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000340)={0x2, [0x0, 0x0]}, &(0x7f0000000380)=0xc) 2018/04/09 20:46:55 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) r2 = open(&(0x7f0000000080)='./file0\x00', 0x10000, 0x1) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f0000000140)="47c5067d564e5d03000000e7aba55b3c", 0xffffffffffffff50) [ 128.453815] binder: 11903:11908 got transaction with invalid offsets ptr [ 128.485883] binder: 11903:11908 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:46:55 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4", 0x3f}], 0x1) [ 128.573385] binder: BINDER_SET_CONTEXT_MGR already set [ 128.597101] binder: 11903:11932 ioctl 40046207 0 returned -16 [ 128.627118] binder_alloc: 11903: binder_alloc_buf, no vma [ 128.632797] binder: 11903:11908 transaction failed 29189/-3, size 40-8 line 2963 2018/04/09 20:46:56 executing program 2: r0 = socket$inet(0x2, 0x840000000003, 0x8) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10) r1 = dup(r0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) 2018/04/09 20:46:56 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x1) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:46:56 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x40000000015, 0x5, 0x0) setsockopt(r0, 0x400000000114, 0x6, &(0x7f0000000ffc)="124b0007", 0x4) poll(&(0x7f0000017000)=[{r0}], 0x1, 0x0) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000180), &(0x7f00000001c0)=0x4) recvmsg(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)=""/156, 0x9c}], 0x1, &(0x7f0000000200)=""/250, 0xfa, 0x80000000}, 0x40012000) 2018/04/09 20:46:56 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f000008cff4)='/dev/rfkill\x00', 0x0, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0xa000, r0, &(0x7f0000d56ff4)={0x30000001}) setsockopt$RDS_CONG_MONITOR(r0, 0x114, 0x6, &(0x7f0000000040)=0x1, 0x4) 2018/04/09 20:46:56 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4", 0x3f}], 0x1) 2018/04/09 20:46:56 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000300)={0xffffffff}, 0x13f, 0x3}}, 0x20) socketpair(0x1b, 0xf, 0x7ff, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r2, 0xc0505510, &(0x7f0000000400)={0xf4a6, 0x1, 0xcc2a, 0x20, &(0x7f00000003c0)=[{}]}) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), 0xffffffff, 0x0, 0x1, 0x4}}, 0x20) ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000380)={0x1, 0x0, &(0x7f0000ffd000/0x2000)=nil}) 2018/04/09 20:46:56 executing program 4: ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000040)={0xffffffffffffff9c}) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000080)={0x3, {{0xa, 0x4e20, 0x3, @loopback={0x0, 0x1}, 0x3b}}, {{0xa, 0x4e21, 0x5, @local={0xfe, 0x80, [], 0xaa}, 0xffff}}}, 0x108) r1 = socket$rds(0x15, 0x5, 0x0) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000001c0)) ioctl$PPPIOCSFLAGS(r0, 0x40047459, &(0x7f0000000000)) connect$rds(r1, &(0x7f0000000200)={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x41, &(0x7f0000000300)=ANY=[@ANYBLOB="6d616e676c650000000000000000000000000000000000000000000000000000ae000000b7cc9373a643e4ab22fb12f98cbdd85c6b2974fa3d4be95cfe3cd9dce14c5d7e1fb4a3db60cb11a54c59ffd96d6ba6d10fb15ed159a88c5d5347f3411b36ad9a470da5bcc84ba33d682b3886ce064be8a3da61955bf9e2570985de73a6d0008ae3eca5aac3b36be2b668b0d5a2365ad0bd09ed6a72f6f8374ebca49c128ec57fe3713594d9f8f9bb8dda0a1b20e9f7a844653981fd2a1eac7f80093fb63cff810ef6bbfe900bb747a6f22fea7430"], &(0x7f0000000400)=0xd2) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sys/net/ipv4/vs/sync_retries\x00', 0x2, 0x0) ioctl$EVIOCGBITKEY(r2, 0x80404521, &(0x7f0000000280)=""/108) 2018/04/09 20:46:56 executing program 1: r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0xaf7, 0x1) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000100)={r0, &(0x7f0000000040)="3d3e497c92d36baf7efc543ef6e4e738e74697da15944dd27999071b761eab259de8f46d70e7de035496d6c6444a76de3cfbdf2a374ff06c9644991a4a6aff111b36eca6485799011e2f8b29742d5d8d2c8f7f443aa60360cc2147c9829923928f8dbf5523d0146442f49bb1cc61c8730662732ef9846d753968d9d95004e899c8ff6691779e4ece2f59d479981d6aae8ee04c775c3bc8d031e5ba"}, 0x10) r1 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) [ 128.719367] binder: undelivered TRANSACTION_ERROR: 29189 [ 128.725348] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:46:56 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c01", 0x44}], 0x1) 2018/04/09 20:46:56 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f000008cff4)='/dev/rfkill\x00', 0x0, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0xa000, r0, &(0x7f0000000040)={0x30000001}) 2018/04/09 20:46:56 executing program 2: r0 = socket$inet(0x2, 0x840000000003, 0x8) r1 = dup(r0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) r2 = getgid() perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f00003b9fdc)) r4 = syz_open_pts(r3, 0x0) getsockopt$inet_mreqn(r1, 0x0, 0x23, &(0x7f0000000080)={@multicast2, @dev, 0x0}, &(0x7f0000000100)=0xc) bind$bt_hci(r1, &(0x7f0000000140)={0x1f, r5, 0x3}, 0xc) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000fdd000)=0x3) ioctl$PIO_UNISCRNMAP(r4, 0x80047456, &(0x7f00007d9f86)) r6 = getegid() getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000040)=0xc) setresgid(r2, r6, r7) 2018/04/09 20:46:56 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000040)={0x1}, 0x18) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:46:56 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f0000000080)='/dev/snd/pcmC#D#p\x00', 0x7, 0x82000) setsockopt$packet_int(r1, 0x107, 0x17, &(0x7f0000000140)=0xfff, 0x4) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r2, 0x0, 0x1, 0x4}}, 0x20) [ 128.820088] binder: 11969:11971 got transaction with invalid offsets ptr [ 128.853651] binder: 11969:11971 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:46:56 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000300)={0xffffffff}, 0x13f, 0x3}}, 0x20) socketpair(0x1b, 0xf, 0x7ff, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r2, 0xc0505510, &(0x7f0000000400)={0xf4a6, 0x1, 0xcc2a, 0x20, &(0x7f00000003c0)=[{}]}) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), 0xffffffff, 0x0, 0x1, 0x4}}, 0x20) ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000380)={0x1, 0x0, &(0x7f0000ffd000/0x2000)=nil}) 2018/04/09 20:46:56 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='attr\x00') fchdir(r0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x4, &(0x7f00000002c0)=@raw=[@call={0x85, 0x0, 0x0, 0x20}, @jmp={0x5, 0x3, 0x2, 0x7, 0xa, 0xfffffff8}], &(0x7f0000000300)='syzkaller\x00', 0x409d11b6, 0xe2, &(0x7f0000000340)=""/226, 0x41000, 0x1}, 0x48) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f0000000080)=0xc) syz_open_procfs(r1, &(0x7f0000000280)='net/tcp6\x00') getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000000c0)={{{@in=@local, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in=@dev}}, &(0x7f0000000200)=0xe8) syz_fuseblk_mount(&(0x7f0000000040)='./file0\x00', &(0x7f0000000240)='8/file0\x00', 0x0, r2, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f00000004c0)='./file0\x00', 0x8) [ 128.904381] binder: BINDER_SET_CONTEXT_MGR already set 2018/04/09 20:46:56 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c01", 0x44}], 0x1) [ 128.984290] binder: 11969:11976 ioctl 40046207 0 returned -16 [ 129.019377] binder_alloc: 11969: binder_alloc_buf, no vma [ 129.025095] binder: 11969:11971 transaction failed 29189/-3, size 40-8 line 2963 [ 129.123879] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.131398] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:46:56 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) accept4$inet(r1, 0x0, &(0x7f0000000040), 0x80800) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:46:56 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000300)={0xffffffff}, 0x13f, 0x3}}, 0x20) socketpair(0x1b, 0xf, 0x7ff, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r2, 0xc0505510, &(0x7f0000000400)={0xf4a6, 0x1, 0xcc2a, 0x20, &(0x7f00000003c0)=[{}]}) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), 0xffffffff, 0x0, 0x1, 0x4}}, 0x20) ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000380)={0x1, 0x0, &(0x7f0000ffd000/0x2000)=nil}) 2018/04/09 20:46:56 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f000008cff4)='/dev/rfkill\x00', 0x0, 0x0) r1 = epoll_create1(0x80000) ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, &(0x7f00000000c0)={0x4, 0x28, [0x7, 0x1f, 0x8001, 0xffff, 0x100000000, 0x9, 0x3, 0x3, 0x1ff, 0xb80]}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000040)={0x8, 0x8, 0x25fa2831, 0x9, 0x68, 0x3ff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0xa000, r0, &(0x7f0000d56ff4)={0x30000001}) 2018/04/09 20:46:56 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000100)=@bind={0x14, 0x0, 0xfa00, {r1, 0x3c, 0x0, @in={0x2, 0x4e22, @multicast2=0xe0000002}}}, 0xfffffffffffffeed) 2018/04/09 20:46:56 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c01", 0x44}], 0x1) 2018/04/09 20:46:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) socketpair(0x9, 0x5, 0xb2, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r1, 0x29, 0xd2, &(0x7f0000000040)={{0xa, 0x4e23, 0x80000000, @mcast2={0xff, 0x2, [], 0x1}, 0x4}, {0xa, 0x4e20, 0x1, @local={0xfe, 0x80, [], 0xaa}, 0x2}, 0xfff, [0x4, 0x568d, 0x38c2, 0x2851, 0x3c, 0x5, 0x3, 0xfff]}, 0x5c) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000100)={0x0}, &(0x7f0000000140)=0xc) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f00000001c0)={0x0}, &(0x7f0000000200)=0xc) setpgid(r3, r4) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$TUNSETVNETHDRSZ(r1, 0x400454d8, &(0x7f00000000c0)=0xe088) 2018/04/09 20:46:56 executing program 2: r0 = socket$inet(0x2, 0x840000000003, 0x8) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) getsockopt$netrom_NETROM_IDLE(r1, 0x103, 0x7, &(0x7f0000000040)=0x6, &(0x7f0000000080)=0x4) r2 = dup(r0) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) 2018/04/09 20:46:56 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x2, 0x2) ioctl$DRM_IOCTL_AGP_INFO(r2, 0x80386433, &(0x7f0000000180)=""/22) pipe2(&(0x7f0000e3eff8)={0x0, 0x0}, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) epoll_pwait(r4, &(0x7f00000002c0)=[{}, {}], 0x2, 0x81, &(0x7f0000000300)={0xffffffff}, 0x8) r6 = dup3(r5, r4, 0x0) ioctl$KVM_SET_SIGNAL_MASK(r3, 0x4004ae8b, &(0x7f00000000c0)={0x93, "875db20c06d28951309f2ed5f39137b2f16e8874b0c84003e8647062a77b07f527fa391009cc2fb9469373dd18e84f95761e3cfc70197aee684548990d431555a9ed5d550d561e8384755a8cd4e3a6400fc0fb64750a15be0b0fba6a032404c140b3483439623ca43a01ee29cbc7c08d24533837e482056e6be2612183567a28f50ef0d7498391ccc8717ab39ddaa24f064904"}) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f00000001c0)=ANY=[@ANYBLOB="0307f1d5", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], &(0x7f0000000200)=0x10) getsockopt$inet_sctp6_SCTP_RTOINFO(r6, 0x84, 0x0, &(0x7f0000000240)={r7, 0x4, 0x9}, &(0x7f0000000280)=0x10) ioctl$KVM_SET_XCRS(r6, 0x4188aea7, &(0x7f0000000000)=ANY=[@ANYBLOB="00000000ff03c033de4e92430abe60a2fbc30015"]) 2018/04/09 20:46:56 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000300)={0xffffffff}, 0x13f, 0x3}}, 0x20) socketpair(0x1b, 0xf, 0x7ff, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r2, 0xc0505510, &(0x7f0000000400)={0xf4a6, 0x1, 0xcc2a, 0x20, &(0x7f00000003c0)=[{}]}) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), 0xffffffff, 0x0, 0x1, 0x4}}, 0x20) ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000380)={0x1, 0x0, &(0x7f0000ffd000/0x2000)=nil}) 2018/04/09 20:46:56 executing program 2: r0 = dup3(0xffffffffffffffff, 0xffffffffffffff9c, 0x80000) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) linkat(r0, &(0x7f0000000000)='./file0\x00', r1, &(0x7f0000000080)='./file0\x00', 0x400) r2 = socket$inet(0x2, 0x840000000003, 0x8) ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000000240)=0x0) ptrace$peek(0x2, r3, &(0x7f0000000280)) r4 = dup(r2) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000100)={{{@in=@remote, @in=@broadcast}}, {{@in6=@remote}, 0x0, @in=@rand_addr}}, &(0x7f0000000200)=0xe8) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) 2018/04/09 20:46:56 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0) ioctl$EVIOCGABS3F(r2, 0x8018457f, &(0x7f0000000080)=""/6) sendto$inet(r1, &(0x7f0000494f01), 0xfffffffffffffe25, 0x0, &(0x7f0000198ff0)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) getsockopt$inet_mreqsrc(r2, 0x0, 0x0, &(0x7f00000000c0)={@multicast1, @dev, @broadcast}, &(0x7f0000000100)=0xc) 2018/04/09 20:46:56 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b2", 0x46}], 0x1) 2018/04/09 20:46:56 executing program 3: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) readlinkat(r0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=""/227, 0xe3) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x2, 0x0) r2 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r2, 0xa000, r1, &(0x7f0000d56ff4)={0x30000001}) 2018/04/09 20:46:56 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) syncfs(r0) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) [ 129.259244] binder: 12013:12017 got transaction with invalid offsets ptr [ 129.283553] binder: 12013:12017 transaction failed 29201/-14, size 40-8 line 2991 [ 129.355313] binder: BINDER_SET_CONTEXT_MGR already set [ 129.382631] binder_alloc: 12013: binder_alloc_buf, no vma [ 129.388339] binder: 12013:12045 transaction failed 29189/-3, size 40-8 line 2963 2018/04/09 20:46:56 executing program 0: socket$inet(0x2, 0x80e, 0xfffffffffffffe4e) r0 = socket$inet(0x10, 0x1000002, 0x0) sendmsg(r0, &(0x7f0000004fc8)={0x0, 0x0, &(0x7f000000eff0)=[{&(0x7f0000000040)="240000001900030007ff0907000083be8020000000048f753e8e0178760b00e7119eaa68", 0x24}]}, 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000004c80)='/dev/rfkill\x00', 0x8000, 0x0) accept4$netrom(r1, &(0x7f0000004cc0), &(0x7f0000004d00)=0x10, 0x80000) 2018/04/09 20:46:56 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) r2 = geteuid() getgroups(0x9, &(0x7f0000000080)=[0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0]) r4 = syz_open_dev$midi(&(0x7f0000000100)='/dev/midi#\x00', 0x6, 0x400000) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r4, 0x28, 0x1, &(0x7f0000000140)=0x3, 0x8) fchown(r0, r2, r3) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) 2018/04/09 20:46:56 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000300)={0xffffffff}, 0x13f, 0x3}}, 0x20) socketpair(0x1b, 0xf, 0x7ff, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r2, 0xc0505510, &(0x7f0000000400)={0xf4a6, 0x1, 0xcc2a, 0x20, &(0x7f00000003c0)=[{}]}) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), 0xffffffff, 0x0, 0x1, 0x4}}, 0x20) 2018/04/09 20:46:56 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b2", 0x46}], 0x1) [ 129.438423] binder: 12013:12017 ioctl 40046207 0 returned -16 2018/04/09 20:46:56 executing program 3: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0xfffffffffffffe92, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f000008cff4)='/dev/rfkill\x00', 0x0, 0x0) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000080)=0x0) r3 = geteuid() ioctl$DRM_IOCTL_GET_CLIENT(r1, 0xc0286405, &(0x7f00000000c0)={0x0, 0xfffffffffffffff7, r2, 0xfff, r3, 0x1, 0x1f, 0xfffffffffffffff7}) r4 = epoll_create1(0x0) fcntl$getownex(r0, 0x10, &(0x7f0000000040)) epoll_ctl$EPOLL_CTL_ADD(r4, 0xa000, r1, &(0x7f0000d56ff4)={0x100030000001}) [ 129.585703] binder: undelivered TRANSACTION_ERROR: 29189 [ 129.591626] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:46:56 executing program 2: r0 = socket$inet(0x2, 0x840000000003, 0x8) r1 = dup(r0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) connect$nfc_raw(r1, &(0x7f0000000000)={0x27, 0x0, 0x2, 0x7}, 0x10) 2018/04/09 20:46:56 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x80040, 0x0) ioctl$VHOST_SET_VRING_ENDIAN(r2, 0x4008af13, &(0x7f0000000080)={0x2, 0x8}) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:46:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) r1 = accept4$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, &(0x7f0000000200)=0x6e, 0x800) connect(r1, &(0x7f00000002c0)=@nfc={0x27, 0x1, 0x2, 0x1}, 0x80) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0563044000000000fbf1cd564a63201d13258b8e1e065c71e5e39f8ee0b897fb92ef1a79a046af8aa8a8e9e43b0b67bcbe41b9906f0ccc"], 0x0, 0x0, &(0x7f0000000240)}) r2 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x5, 0x20c2) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000040)={0x0, 0x3a, "9370a2b112c1724d841ca78ea7b0e07b6152fc30b67261f811b1776abf2177ef5047d235cd405d7c59f0902e40db2287a2914e56ff7af646a3c9"}, &(0x7f00000000c0)=0x42) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f0000000100)={0x39a280000, 0x6990, 0x0, 0x100, 0x100, 0x9, 0x5, 0x0, r3}, 0x20) 2018/04/09 20:46:56 executing program 0: r0 = memfd_create(&(0x7f0000002901)='#-\x00', 0x0) ftruncate(r0, 0xffff) ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000000)={0x4000000, 0x3, 0x1}) write(r0, &(0x7f0000002000)='v', 0x1) sendfile(r0, r0, &(0x7f0000001000), 0xfed) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x8000004, 0x11, r0, 0x0) mq_unlink(&(0x7f0000001000)='dev ') 2018/04/09 20:46:56 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x9, 0x80000) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) 2018/04/09 20:46:56 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f000008cff4)='/dev/rfkill\x00', 0x0, 0x0) syz_mount_image$reiserfs(&(0x7f0000000200)='reiserfs\x00', &(0x7f0000000240)='./file0\x00', 0xa6d, 0x9, &(0x7f00000019c0)=[{&(0x7f0000000280)="8648e3c3da4953b19329c91889a7600561b72918277a18faf07f56a1edab454da7dae4edfdcf80aeec1f54e841389c4b2336ecd77ee782730ce7c4a963470f1a462b03a8b999102197764300b15a346d478462d89405372f40b066e2b30801fb53eb5cc419496a0ed2e2cc16bf03217aed278ebf6d12ab23a1c4e3d3eee107a3d5fe2b88263328dd53ad9f6b68e42cd35ef88ce3d5a791edbf8561cdbf7e", 0x9e, 0x7}, {&(0x7f0000000340)="66c7db1e0e866e749324b7ded6cb50ce4ae52eff1583d82d9862f55b5ce0736b0a8bc95cd06b66dcae52fe09eab043c3b3589446f2ba9a147afd8e2a7c4ab5054c856c96e2755ddfc2", 0x49, 0xa7}, {&(0x7f00000003c0)="0c9cb675d141036ccd52b155b08ab0495c6e77cbe70678819d1cbe61cb29f7d3994cbe3d8eb934a65955022cf0eec626186ace004a97bb1e7fa65c9ad626c439fa2d4a5c06f92326c74479d4725d671f014b4457ef03fa5f43000f9ebb05cf963ed30a3c0ae0aa3dbc799c9f3208b2393f47b8d5e466202105a27e1ae6eb10323a26babf738ddc97e159b8953ea72ed2152e8fda0de4e7764028b575ed457a4db138b9c69916e67918549505860af1f1fb", 0xb1, 0x99}, {&(0x7f0000001ac0)="73e8811a68164f7ce0f2ce06611f9ee3da326d16cba5252d523c8e1b1cd291d3b1d58b9713ebbb5f3778105cebbb123e8e67edabdd96801ff5bdb6191457d8a9b64a1d94cb0f41b7021ac40d4a18846fe8534d1e2e72164c87c058ba2e44488594ca1b2f0e0e73c2e573355b6f6672fe98e2f00d5aac88d8ed45dde10942b97479c0bf495d36c8226887e01c69d26eebe21aa80cc32bd754e0a0e957da412e553f458fef82d8d97b639a6bb70185c68b957465954b692a612f895ffe9ce4cc165d2f", 0xc2, 0x2}, {&(0x7f0000000540)="817fe018e9ef663306236a519dc2da53c84a302c523a38372c8554cc66534a58ffd3e8dfb3e912da135bce15342c7def8215251554893a769eb6482e855b6ee07896fe135ed3d030099ac741ae869c1a675e9ff7282a8f", 0x57, 0x200}, {&(0x7f00000005c0)="d3dedf8160ba8ab3d59b1d2123c05ec859fbd638b8d150f40171ec0ab3987787d3b7203a1ee33d8b25afc7539f3e1254b642fceafe6a9775d07e628b8d155709598856b14e9b76c9b5b2bc18b981f906da5e410dcaa23470f33e9f97fbd74c6a3b20f3e2780f3ab274a89522ccbec8330d798cd5c11b260f246d8266dfa9d3890ee1dda0660c80394f9e0e1861a78bc12a90002c7036fedad2c7caf762c616ebfbf4dbab8bf8d7c983eb4498120a2a43528179527964a82cf5ed3ac9c3a7a0efca428f714996", 0xc6, 0x5}, {&(0x7f00000006c0)="d473c2ed217fc30de20dfd4518d336829659ad01ef4de935276199e1297a99158c2e94fa2ae6482c3de7680fda10b4d783ba4a25ce231a97de3ee0007332239c7f1a45c3adbeef11bc86744a266278b4027c79f307002aa84ee6602b02e559634bdc4eec7419326deb579d03243b96416cf4d418dac133ede54d86330e96ed283801fed924c19fa62d2f8e45cf16d25bfc94b3661da604673a1ddec28a0f11316aadadd7", 0xa4, 0x8}, {&(0x7f0000000780)="874a0e5f63a761c27b7f4c22d0657f776643a4f07cc41d29c4979658689ef9203bc481d433d83391b69a35ec757461cba6644dd160ace87021c373d4e121896d011982f86404575b68600b75e9003396ce7a9ae1cf5572d06accc71f23305aa0716169d80e2d34c3f59bc69ce35d55470e820ca469abe82ca4172b517c729525fd7dad40ee87826eb5ec7baac760162c4e9c16fd7b057546949eee185346e91977182cf987f002d3659ec381a7cec4a5984e5d82318de92ff968751c2640fdd720d7cab92e87e9a74b2f650a1745cbbf28cd0dbf02d7eff290ee8038602a150fdd5136891065efe2c8d1b70342ff60b8e264e0ed37f51c5a5c0d62f3debc388b12df34771ac4c9e135808f22892a92803cacfad5b203e6741631c1490ccfcf17ed36c2077b0ada74321d20ed0ab6396fe9f0773eedec5a2c9790f876f94016963c9aa3ed685c8434da5de367b75a30c31f75c1181a31c3208f76da984bab1b5aa5f2e81d47affe455a78ada4c0893cdbd9c00077f170d4c0851f2bc7c954945321e149d69bcc72ff179f0c07fd086a6cee8168f2d80091acb1086df5fc40c4bf59438951c63fac16355fe07e899cdd0a54fae6149e5b63c4c0861d868e89dcc1ebb1229405c7e69730e9b55e524ea196b84a5163cfbab57ea17615ad37552d34cf02dec196869139185e119ad03f69f61051845925908034a6758fa715ff86d50209c659a13a71954d630e8c9c2da299b614c58dda65a117cea999c18f7482308461e891161ef7ba8cf1f2f536f11c554afccdaf2fb40bd84d56dec09338e5c8b5b907499ae9810e93b436fdde345ef559c6a9b41ed309310cdcacef15fa0ab80e2dd425bf7cf33e9fdb98abfdcb23819e4ae264e264d8c2ddf0d11542b9a977a05b95334f24018a5aba0ca13b2a203bb86fb3aa83833d94c38a74ed2886756c857179cdf7305cfa0dbd7e57f530d6933af42459a6380f17e2fd7e04aee43d4e6cbdd2f542d31f5960872201e4e4d1ea44f7568c40edf38aae5c3b32d1e7739f14668b40ea51286b6a1d20dc0d4e827bd0e5ff59c70ccc26d7067665e0ba58e10e3d4a0b4a2763e5d269f73676d9a51f24608bf7e68b6a6bfdc38035cc9904c37081cdf314c30dec4633b4b1075b34aafd9220eb68051187a80c2a53204b01faa78185dd151e96d3a9055a21c0f4f1c82c95a63e3fb644dd1bf5a815ba17bf70d58d3dc379e7b53eb29bfe351aa87a466508028628a6f009706124a57acde211b860515e6ebcd90adffedddccc7c299268189a8320a951991b533106e252c15cd55b5c1c0607b817f1a7f12c48584a95e1468994feba51eb70e855c903108a7c8522126c08a47e69908fa13e8deabf170f6c34c4651693a4788c4feb557938f3cc8ecef158b2ed0b2aba63383a3c5362207d5864417cfeda74d8121d1dd20ddbbf5a36c69973220285b8840002bec5acdbf451e867aeec246cf0f086c0529b90d147f590bfcc229b55b321d3836e30bd0ec2e59cadca42ae625ce0ec07349003addc54b771fa3f29e6baa6fa928942124b2cdbaa6d95523d4939ac6f2146c9f3d1f3ef4879b14b92412a8245425db076849a1b18291aff83e84c5d8ea99dd8ffa74d9919a51f607dfb63565b9797232d0d8510801279942661bebe7114b145de4c6f62346da1b7e54e52510f3a40481a237e107aef0f38c4f49d960726521058c2b56c4910f1f8f1c709945394269228c66886f4d0e1665b5a61a5e4f836626073a49f83e867a1ed5e842d8b1675b4f0627f3851759646b0969fa88bbfb0a8d9d39a4a4f959d770c97f230074df36547d0e3b3ddfea98b05ff04bc33e43f0c3169aeea93bc86074cac8ef1d46a913ce08827d3357eb357d0f890e5f3baf70d44239902d0edd636accc8239ee3a89af61e9ac361bc33e2116305c1f87b5eb6a504f953825d2d17b25a640702249c665ed545cebd5d3e41c4955c15f4fdf472121f7518e30dc360646b79dfd64eade48d691c838021eb6a7098925b676a79891cbae9263259fa94d3e2cbbe07e65067a7274f2aea1ebb17fd3daf7680b26f9b01da761428962a54eea5ff3d2b1b0a0997661c53c94ef01fb6953ecae0f2077374a8818c6f5b1a9eb4659383e716121c9ca780d28c02d3a00bd418f8a0fded7d28a4cbe9b3e582dad375788cbf0e40a4589205c2e4909e689e8f4edbb3418d770eb69e24fbc817d131b94a143491da4561b9d9d724faa4f2b7fd9fb7a474ea284096f56182ce76cbe828b5bc9202f0e592ec27cfd434debb0ab85df9f56c148656ebb2073cf8fe641a6cfb45d21457a984645a07e9fd3bef6e71596c63074e457363449edaba2f57f72fd7794e3bd0f052fe3ddee3cfb1ee569a2988905997ae1f5b2e57faafd5ddf8dc330204900e9aadcf78a3cd0bbf2e69778d92a01c42ef94b65633a27523643c0fd5d3cab68d76f35b7c3796ba361293736bc817c4f89a041c3fbdee2b34f7ef7ccaa4745a644a545d09999d86e46d04c0417a95323a6ff1539da429561e4204f0f929fc55026f2f5095c398b4e91f1a2d4ee90f143f563083f8ca63f3b02d850f18940505aabff3654f0d7209de8d86d7d3a863b808004c9c03d215bb64c3d8904078791bd0393e688a7a78ec22e1c542134e788d0d8e82dc80ccc93e1c4f7489db6e6ec4a279035526ffd72781aeb41aa8ce8416052ac01f42f343a26da0ba276066b31c2b1c5df5e087e6c5efac67702e26a4fdacb5429c9e5addb1231cbb2ebdb87c48e49dbcba2e90143e81e7410eae2b8d6346b39fa7230af0ea236178dd8e8fc73c72a1c4ea851380d0c6f8099825dac1bf289f8678745f355a2aaa7e0d434216b5a97603109fcfdfd985b59081c8220eede380f54d733bf3881bc85fd08e4960e599d187307e77c2d47e0b8fb46789dc6be014399564be69b309c7c5195a79f4092dd6bc4cd7c209541376b2b3ca09861c892f6884f1ae589ca882e32a6bbabe75c4a4b7dd7e9fd4e96b70a7e198f1765698f8ddfa523e600bb706574dcec25cc931562088af756d6796aacec3559eaffc4ba13f918a22b7fef8b3680e2eed606e6b76e499f677edf8a515ae49ef04ebad346ba3435763466d81c7c51d3cc029a5e34f916a6c729fbc7c3dc50918b32480cf3b897eb15b8902a29c543c54703fe50ccb27e9af1d083cd981e2c239f1971581f61519795fcdb028ce17d101741692af8b9db457581ef7488134a795d39bae63c8d131789a6fa5b78e81c383dcb21d8891507de14047a2a6754fdd632e65b3d53e87ed6420fce648ba1b5588223069d2e36fb5dd0b78afd59d4b20d1723efca321f2fbfac5ed4e5c02e37d584e63fa56dd7c622e8f354cf9bd5334a500ece8e5c6085581a7e5f33b6061910b854678b5b85973cdeae3492ad133a626dde68c1f61da194303791d951bb9e7576aa45aac4f167e9f0c3c867c7f9b3ba69295686eb812f87c1c2352bc7db5fec25820bbd672d43dcdd05f794f5719d86bb55d3724661c223725a0abfbe0b7a0777787c709c290a06e98731ab166a70cfad886450fccea6adcf2bf65ed93a94338fd0db221efebf5a15025ad5c903e45f7a671c357f2182c1f35194213f3aff260022c803c20730fc18cc8e19cf88d2fff113008d118387378d23a6b141f42ce5d3a6ae865aa190cf0f4f1c3ee4242313049d16909596be4051265a34a43aa8e72f837d862a64282bbdaaf72f3ec84bbaf673c578b4c1aff9e12075115498de18e05e676ba7d0686dd447c63febb14c92ae7e1368cef5dbe32379dfd10efea8e202ae70462dbbeb1eb5c579c9457df73f0ed772d8a14d4081cf798d5196fa9f6e665186a1d1685818841058ec3546f4ee038aeb9a4b46d267c2dec168fa694e8aab87e8e8d44fecba7949d3756cab41d3f1773c36839641ad316876bde1964d5ea5b36f1bbf466e0d2caeb648b9bed985814aa421dd5234368f7cda77511bd7b16214c5502e95c74aeaee1857fe90cb8a58492fbbbc59f345b5a9f6b8de134d1903ef63cd3f8f1e780711f03fcf6e18cbfe44fecde7ab3826cceb52a82061343b556ec80e4971db33c2409ae347efb30621e969ba143d7bb2d1b80570175b018886184b4f8dbb9fc4fe5c4bdd65526f10fe3c9cba5325a6aa7ca3ab51e1a10aceb5b41b419fc952ac9aad7638a5c10cbf05f178a3655c7a987c8aab39f77d527c264e7cdfb0676f287523492927ca44ef7c34dfe30157c17397e4430ff24f57ac436a16461fe283b016f7706e7b35cbbb681349de0676e31cf20b2225300b20b77e36220128ea803270f9d03eb79451b687fc395a9defcd30d061da7d2318aafe078c070b4f212f113b8610cfe8efa1920635860cb2f1b93aa4f5add76378974303d5b9cbe5c75fddcde6550d234ee3fba26740609be63deda4fe6fca7a64a1a89cd9661ccba7064e2826c01bab04c1aea271a34830cc32ce855761da1d4715b428e9ed2bc2443a947e60d1d5f9ea5af29b86a55cd315f32de7a40d8dd2923742b6acc2f65be4f5b6f999e18f7604b50e6ccc45b1d75d0aa3d2f5e11b734ea83b428378a3078e88384274b9e902433748efebc631a15f615049ea349dc105e2254ee49f87b369c496ba5e242fc13ee1052b56d3e43cfbc5a62af5c97e6d2317ce69d85a7799f19499e26bd568a2284b2f8ef00ec34e686c4fabfe4a67395603b7080e9e0bc3f6075240294d0fc31807ad89f32653522188f1effdee0a3937794c1aee1e5b5b9eac3383786b1a82a44c88bb400c3c622774914644a437a371ac89ae118300a70af46a9c5a46298853ea22f340fb446fffde95ca039e123683b624c367c1d2def7161dbc9daf5f6be9d16efd57a5a985b58aef3e7518afe947035ee2ff54e4ecf18efa3fd8e4ddfbeb5e3686b57aa9a2940ac1a14c4101f1aa3f0a7d35db8e23b391cde46dd8290a2754ca25ac3d8ce0834059f047e4d14503cbbe603a3a54ed40235fad94c79aef3115e061eb9ef3ac5a14413966af05d1cb0d97ba479872ae8ea76054a02e6f4079e31cbfe27bbfd4148910238da5cce5f5a4717d0bd0be2abe90e273f42771317e467fece8f19f6284699f368438405f1ac54a18a03a4636d5d29ee9606b693f05f2e16063cd24d13fbb9e3ea69e9c26a35ccabfdd413427e259e58b17835bcbf5283486e76c20ef753ac4cb76d86a413252f2aefb4b4a659e111a1bdbd38702d816bc594a7474c49731bb136a7412d8022dd543b6238a70e59358d694823cfdcc42a6c62260efcb2adf32f8afa25e429c93fa10edd14551a8e333e86267ed06b259e27b217d0b5b568216244647f67020db7cb312d8ffd11b18bfbac11ddebba0f5674406970d69e06e0b04ba22992c2774cc8d23e2fad8a2100eda1bf6260986da7a64fff870d0b932795635bca1bde9b526a03885834e5c4dcc85dd77a7101c3e945c443c711e8c0fdacca792e97713a395638c6fa409261b23fd5ab4fa7e4120f0a1eb857641fb7cfc94b2dfd88d56d35cbabada671665d89d0a130e41c471d2eabbcea08f9c933205e4d57ebcb2cfac304224f32f16f7c77bee19859c8248e0dce5d54e9d6cee9001170ae50cbe7b2430ab78a5cf1370cab5337f85f7b7248be81550f385b1e576d99c7acb26adaa56f0b74a2207fabf947b8d3fd82ab12cbe873a0c3241452f3eae3686759e70bcd61c4a3df35b0271733eb4d3a5b2e0428ed8d359bc5eb55b0a5734d2700625bffed86698eb83fff7daade3e8981d848a5efb8107cd858fe263", 0x1000}, {&(0x7f0000001780)="499157af3f8e1c24618617e72e5fc7c911b3dad2ddc565078eb63d1369afbcaadbda9fce97982ab242ebbc6f9441821b8cf40581027f1cfe1e685489ad6085c58cd9da373a5e3305e85cd19dc3221f527073933e367aaf7c9f76fc2aafe0f33669e250f68b8ccb4e2d75a5f90b47af3af94e991833c456b48096feff2759e5b74793f87c1f1b84733e8c796182742511b15d8593789c760ece0e095bd11bab9a13ef4ac556841a680bcb01f020d6971bd5deddd8246a117c35845ff166a9195d041e6d82865797df57495a890a0e7777", 0xd0, 0x1f}], 0x205000, &(0x7f0000001980)={[{@hash_r5='hash=r5', 0x2c}]}) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000001880)=0x7651) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0xa000, r0, &(0x7f0000d56ff4)={0x30000001}) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000018c0)={&(0x7f0000ffd000/0x1000)=nil, 0x1000}) io_setup(0x60f, &(0x7f0000000040)=0x0) sysfs$1(0x1, &(0x7f00000001c0)='\x00') io_cancel(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x7, 0x2, 0xffffffffffffffff, &(0x7f0000000080)="12a81be3b76c1f03a35247aed117474ec58b0591e84568460eb07069322712640d25a889aed9410df7eef513e25a295206151917b0f7dab12a50b57a8f40ff5557e26d0d8f0398fa643b4ee0303b33785055acaeb38b80553590a2beac2e641314f65db6d6a210742c3c4b8c999000d1ba0b34c2ad661037ea580dad12a21a2d4c834ed3affc2d57de844008fb3328629594849acaed8d72483eab40776757", 0x9f, 0x1f, 0x0, 0x0, r0}, &(0x7f0000000180)) ioctl$LOOP_SET_FD(r0, 0x4c00, r0) setsockopt$IP_VS_SO_SET_DELDEST(r0, 0x0, 0x488, &(0x7f00000004c0)={{0x32, @remote={0xac, 0x14, 0x14, 0xbb}, 0x4e20, 0x4, 'sh\x00', 0x8, 0x80000001, 0x6b}, {@loopback=0x7f000001, 0x4e20, 0x2, 0x3, 0x8001, 0x2}}, 0x44) ioctl$KDSKBMETA(r0, 0x4b63, &(0x7f0000000480)) 2018/04/09 20:46:56 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000300)={0xffffffff}, 0x13f, 0x3}}, 0x20) socketpair(0x1b, 0xf, 0x7ff, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r2, 0xc0505510, &(0x7f0000000400)={0xf4a6, 0x1, 0xcc2a, 0x20, &(0x7f00000003c0)=[{}]}) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) 2018/04/09 20:46:56 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b2", 0x46}], 0x1) [ 129.710401] binder: 12104:12106 got transaction with invalid offsets ptr 2018/04/09 20:46:57 executing program 2: r0 = socket$inet(0x2, 0x840000000004, 0x1d) r1 = dup(r0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) 2018/04/09 20:46:57 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000dcc000)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f00000001c0)={{0x80}, "70ef0500000000000000000000000000005b004fb81a353f594b551500000000000000000012c70080000000001c00000000000000020000007d91b800", 0x80, 0x10001}) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000fbf000)={{0x80, 0xff}, 'port0\x00'}) [ 129.777548] binder: 12104:12106 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:46:57 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261", 0x47}], 0x1) 2018/04/09 20:46:57 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x40000, 0x102) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0x4}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000280)={0xfffffffffffffffa, 0x7, 0x0, 0x5f0f, 0x100, 0x0, 0x6d, 0x4, r2}, &(0x7f00000002c0)=0x20) r3 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x100, 0x0) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r3, 0x84, 0x74, &(0x7f0000000100)=""/81, &(0x7f0000000180)=0x51) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) socketpair$inet6_icmp(0xa, 0x2, 0x3a, &(0x7f0000000300)) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r4, 0x0, 0x1, 0x4}}, 0x20) 2018/04/09 20:46:57 executing program 5: r0 = socket$inet6(0xa, 0x206, 0x7fffffff) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x20002, 0x0) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r1, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x3c, r2, 0x4, 0x70bd2d, 0x25dfdbff, {0x4}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5b8e}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e21}]}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e20}]}]}, 0x3c}, 0x1}, 0x8050) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x12400, 0x0) ioctl$sock_inet_tcp_SIOCOUTQNSD(r3, 0x894b, &(0x7f0000000080)) listen(r0, 0x5eb857) r4 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r4, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r4, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r4, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x80000001, 0x800) [ 129.850547] binder: BINDER_SET_CONTEXT_MGR already set [ 129.889436] binder: 12104:12123 ioctl 40046207 0 returned -16 [ 129.997161] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:46:57 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000300)={0xffffffff}, 0x13f, 0x3}}, 0x20) socketpair(0x1b, 0xf, 0x7ff, &(0x7f0000000080)) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) 2018/04/09 20:46:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x6950, 0x80000) ioctl$sock_inet_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000040)={'bond0\x00', {0x2, 0x4e22, @multicast2=0xe0000002}}) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) setsockopt$sock_timeval(r1, 0x1, 0x52417e1614eed8e, &(0x7f00000000c0)={r2, r3/1000+30000}, 0x10) 2018/04/09 20:46:57 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000b40)=[{{&(0x7f0000000040)=@nfc_llcp, 0x80, &(0x7f0000000240)=[{&(0x7f00000000c0)=""/176, 0xb0}, {&(0x7f0000000180)=""/121, 0x79}, {&(0x7f0000000200)=""/2, 0x2}], 0x3, &(0x7f0000000280)=""/61, 0x3d, 0x101}, 0x8}, {{&(0x7f00000002c0)=@pppol2tpv3in6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @mcast1}}}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000340)=""/182, 0xb6}], 0x1, 0x0, 0x0, 0x8}, 0x6}, {{&(0x7f0000000440), 0x80, &(0x7f0000000600)=[{&(0x7f00000004c0)=""/64, 0x40}, {&(0x7f0000000500)=""/44, 0x2c}, {&(0x7f0000000540)=""/130, 0x82}], 0x3, &(0x7f0000000640)=""/19, 0x13, 0x1f}, 0x4}, {{&(0x7f0000000680)=@ipx, 0x80, &(0x7f0000000880)=[{&(0x7f0000000700)=""/90, 0x5a}, {&(0x7f0000000780)=""/19, 0x13}, {&(0x7f00000007c0)=""/177, 0xb1}], 0x3, 0x0, 0x0, 0xffffffffffffffff}, 0xc1a}, {{&(0x7f00000008c0)=@ethernet={0x0, @local}, 0x80, &(0x7f0000000b00)=[{&(0x7f0000000940)=""/70, 0x46}, {&(0x7f00000009c0)=""/74, 0x4a}, {&(0x7f0000000a40)=""/136, 0x88}], 0x3, 0x0, 0x0, 0x9}}], 0x5, 0x0, &(0x7f0000000c80)) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f0000000d00)=[@in6={0xa, 0x4e23, 0x1, @ipv4={[], [0xff, 0xff], @local={0xac, 0x14, 0x14, 0xaa}}, 0x7}, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0xf}}, @in={0x2, 0x4e21, @broadcast=0xffffffff}, @in={0x2, 0x4e21, @loopback=0x7f000001}], 0x102a2) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f000008cff4)='/dev/rfkill\x00', 0x0, 0x0) r2 = epoll_create1(0x0) semget(0x1, 0x0, 0x709) epoll_ctl$EPOLL_CTL_ADD(r2, 0xa000, r1, &(0x7f0000d56ff4)={0x30000001}) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000d80)={{{@in6=@dev, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@dev}}, &(0x7f0000000cc0)=0xe8) write$sndseq(r1, &(0x7f0000001240)=[{0x1000, 0x2, 0x10000, 0x5, @tick=0x7ff, {0x6d0, 0x8}, {0x24, 0xa0000000000000}, @control={0x6, 0x1c, 0x400}}, {0x6, 0x4, 0xe3, 0x7, @tick=0x6, {0x5, 0x1}, {0x1, 0xb0df}, @connect={{0xfffffffffffffffe}, {0x0, 0x9}}}, {0xfff, 0x1, 0x7, 0x6, @time, {0xfffffffffffffffd, 0xfffffffffffffffe}, {0x3, 0x3}, @quote={{0x8001, 0xffffffffca7ef3d1}, 0x9, &(0x7f00000011c0)={0x10001, 0x200, 0x7ff, 0x0, @tick=0x100000000, {0x3f, 0x6026}, {0x80, 0x3ff}, @addr={0x81, 0x400}}}}, {0x3, 0x6, 0x100000001, 0x86e, @tick=0x3, {0x4, 0x2}, {0x5, 0x5}, @ext={0x15, &(0x7f0000001200)="1ab9c3491c21284d9c6b0c9fb7b7f6c22a7fc5025e"}}], 0xc0) execveat(r1, &(0x7f0000000ec0)='./file0\x00', &(0x7f0000001000)=[&(0x7f0000000f00)='\x00', &(0x7f0000000f40)='1vboxnet1*\x00', &(0x7f0000000f80)='/dev/rfkill\x00', &(0x7f0000000fc0)='-mime_type\\posix_acl_access\x00'], &(0x7f0000001180)=[&(0x7f0000001040)='vcan0\x00', &(0x7f0000001080)='vcan0\x00', &(0x7f00000010c0)="656d316b657972696e67eb00", &(0x7f0000001100)='&\x00', &(0x7f0000001140)='em0}^$!\x00'], 0x40e21f620c8e1397) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000e80)={'vcan0\x00', r3}) 2018/04/09 20:46:57 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261", 0x47}], 0x1) 2018/04/09 20:46:57 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) fcntl$notify(r0, 0x402, 0x4) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) 2018/04/09 20:46:57 executing program 0: mkdir(&(0x7f0000632000)='./file0\x00', 0x0) mount(&(0x7f00000001c0)='./bus\x00', &(0x7f0000014ff8)='./file0\x00', &(0x7f0000014000)='proc\x00', 0x400001, &(0x7f0000000040)="497ff9966976094e541ca94c734868ad35bc2c5975f749e258f1728cb08e2710337627dfcc10fcc556963dcc6859f46a2972d3ce335d044090b5cc5c8f20a5d7a7a8707a69d8dfe4796b8a696fd37e6b73b8387b53a174e703353e2e6e9a97f6cbc25dbb63436caf806d864d768b84456600bf2f0752cf3ef14e9be1893d3b930d48f26a1d0926348c650f8f71d66639e805c709718f2e07d6c307799ce8c599a95d4c516272f2fcea5a6675e67ae3ba87608007b9e965e7118a179ea85ff2ad120ca5a906f4d545490bcd3c8a3c49a0205fd5a673079ab4637af7b3ef2140fdff9e9eb6712234c248a3a2f99bfa4bf3ae75b675599084304ebfe3e6a0acb661272c7ea149077068eaccf08b09a3fbf075382008c4c76ade5f64f9367aa19b16722a749f554dde57f775417d8c06196ea0c9882100000000000000000000") syz_fuseblk_mount(&(0x7f0000000000)='./bus\x00', &(0x7f0000000200)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 2018/04/09 20:46:57 executing program 2: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$inet(0x2, 0x840000000003, 0x8) socket$key(0xf, 0x3, 0x2) r2 = dup(r1) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000140)={0x0, 0x10000}, &(0x7f0000000180)=0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f00000001c0)={r3, 0x8, 0x1, 0x81}, 0x10) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r2, 0x84, 0x74, &(0x7f0000000000)=""/113, &(0x7f0000000080)=0x71) syz_open_dev$dmmidi(&(0x7f0000000100)='/dev/dmmidi#\x00', 0x9, 0x109001) 2018/04/09 20:46:57 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x4010, r1, 0x0) getsockopt$inet6_buf(r0, 0x29, 0x37, &(0x7f0000000040)=""/61, &(0x7f0000000080)=0x3d) [ 130.124671] binder: 12161:12172 got transaction with invalid offsets ptr 2018/04/09 20:46:57 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261", 0x47}], 0x1) 2018/04/09 20:46:57 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000300)={0xffffffff}, 0x13f, 0x3}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) 2018/04/09 20:46:57 executing program 6: arch_prctl(0x1003, &(0x7f0000000100)="c33713798ca961b28b0284fcfd54554de035b94fc4ae71c0a522a63611119bdab728bd7a246eec6f892166c12ab649232bdf36d5a14f3882a3d378d40be33e5a34f5583d58b8b83e4f2b9e7ffe181708e78d76e96efcba17933378") r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) sigaltstack(&(0x7f0000ffd000/0x2000)=nil, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000080)={0xffffffffffffff9c}) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r2, 0x84, 0x74, &(0x7f0000000180)=""/138, &(0x7f0000000240)=0x8a) write$rdma_cm(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0e000000180000fa", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="40050000"], @ANYRES32=r1, @ANYBLOB="000000000100000004000000"], 0x20) fcntl$addseals(r0, 0x409, 0x2) 2018/04/09 20:46:57 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xf, 0x4, 0x4, 0x9}, 0x11) r1 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xe, 0x3, &(0x7f0000c91000)=ANY=[@ANYBLOB="850000002f00000027000000000022009520000000000000"], &(0x7f0000000000)="f4206cd55d3174fccd51d063ca3dda5cbf5a01cc7ea92c43b604ffc53727d2d60f55ddeb757cf36a8457125ab48bcbcce4011a423df186cc8d8e6e9a66b1a0a6035a2fc0578cf5aad8b3a24a9c646a37eb26c6212ffc9658f152194b880765d169d550beb059984a10c2", 0x1, 0x99, &(0x7f000000d000)=""/153}, 0x48) r2 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x200, 0x1) ioctl$KDGETLED(r2, 0x4b31, &(0x7f0000000100)) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000080)={r0, r1, 0x5}, 0x10) close(r0) [ 130.180444] binder: 12161:12172 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:46:57 executing program 2: r0 = socket$inet(0x2, 0x840000000003, 0x8) r1 = dup(r0) setsockopt$bt_l2cap_L2CAP_LM(r1, 0x6, 0x3, &(0x7f0000000000)=0x48, 0x4) sendmsg$nl_crypto(r1, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8080}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)=@alg={0x110, 0x10, 0xf10, 0x70bd25, 0x25dfdbff, {{'digest_null\x00'}, [], [], 0x2400, 0x2400}, [{0x8, 0x1, 0x81}, {0x8, 0x1, 0x51}, {0x8, 0x1, 0x10000}, {0x8, 0x1, 0x80000000}, {0x8, 0x1, 0x1f}, {0x8, 0x1, 0xa1}]}, 0x110}, 0x1, 0x0, 0x0, 0x40041}, 0x20000000) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r1, 0x28, 0x0, &(0x7f0000000040)=0x80000000, 0x8) 2018/04/09 20:46:57 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f000008cff4)='/dev/rfkill\x00', 0x4, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0xa000, r0, &(0x7f0000d56ff4)={0x30000001}) syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x7f, 0x40) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000000040)={{0x1ff, 0x5}, {0x101, 0x7fffffff}, 0x80000001, 0x6, 0x7f800000}) 2018/04/09 20:46:57 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x280001, 0x0) ioctl$EVIOCGBITSW(r2, 0x80404525, &(0x7f0000000080)=""/20) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) [ 130.308327] binder: BINDER_SET_CONTEXT_MGR already set [ 130.336554] binder: 12161:12203 ioctl 40046207 0 returned -16 [ 130.371155] binder_alloc: 12161: binder_alloc_buf, no vma [ 130.376857] binder: 12161:12172 transaction failed 29189/-3, size 40-8 line 2963 2018/04/09 20:46:57 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100)}}, 0x18) 2018/04/09 20:46:57 executing program 7 (fault-call:1 fault-nth:0): r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:46:57 executing program 6: syz_mount_image$ext4(&(0x7f0000000880)='ext4\x00', &(0x7f00000008c0)='./file0/file0\x00', 0x80000000, 0x3, &(0x7f0000001a80)=[{&(0x7f0000000900)="c06a16801bdf4a0506c31e165bf3dc6feff691ca6d7fe2b25bc1301650ebad5b6191f1943025d655ad7be63b3aa0e1d11b80df22673b35ae1c179e32ff41c689c856d30d6a28584c4823d7be25a55bda6e9eaac30ef133225fc0d3adba7879195a81ea10514cbc13d8f559f40ce67c39d74a2ed27c30ca64866941189c2815f79fba818fa7568647c66eb4c498a49e8a08150457bac93ba855d89b44db2d47f28af89c3a6843de4c5cf29fda773f334080a3a192a851eef205fcda0b3a39953c933a5df9f6b0e6c51d2110910e827cf069e81176070734fde917a2e783ea170a8f1af235dce1426653fdc1c99ce0f6eb8acc74", 0xf3, 0x8}, {&(0x7f0000000a00)="f183b31b5cb8cb9c9e38e1e1b88bfa334114921c9b39397f3fd77f6f5e1590312993022a87d80c5f163e11909d5972483d5180f93a6876eacd5930529e4a1c9a47df837fe4241bb68ada414a4bf020f87154d9f931e4787cfba0af4294f9f0f733e99b5114b1f36cbb40d40711f8d8cbbd34cf45553e6ff630a6b7cb97ac2b35f9b40196161c51bd9826305b6db821efbe341839156263ea0d506fd6179aa17981bfd56c85de66f2bfe2b07094776d74ab4ee6341c69523bef12b32060bfd2579847ffb9d2eec639f9288c1324e3f0c17100f420fad0563f8f3302b8c2da8d8e942fbf96e083647ffc83e62d56c24ed6e2b2359861fda35b5483598ca3827c54cbe02a1898c18609f96aa0e99e03fa6d6d82ab06b65766602b5089aefac7b8b7cb6a586686418649265dff3875d9d0b413612fae5029ee18007925592c33a6ef1c216bfc4a254d96251925dafd4be0c9984533e36d4bbb852ed8d719b87302c0d888a8a2fb25a5e3927bbb8f8c9900b41549458f2d84a1e9fd85ad54eac35399fbd384baf2b0a001e7c4d7dca2ed5aa71b34eea278e738d29cbb8e6b911cd5388ef03459009e2ababe1aba982f63e2c45040e57ac7604c049d83f1a1a3b7d62e4859085fad35c4d425ff6400dc7498c7b08c53e6360bc61068cca4bdde886a5902899c1d36f17010c11eda593f09a1fc4259c863356a8b7a83533db069fe172672278e63e053879cf88eec9d6af0df6ff4a657694bd9422aab8b12f2d79008f64778bde49bf3eaa0be25473995bfe4d9c75c78dbe277aa6e5b9d64076c73c3e757fae41ac65bb8080b3555069b9287a3b0e6bd4bf235b01a0b255cfdd522afd14d4c60909c38e85abe10ba90a5b2a643d46aa444db35a5e4ba12ea1aa41dcb29471874cc683ae3b8280f164aad5d0c91eb7cccbf23699b6d5b18177527bf87a2869fb4d3c6939dc2addd05d95bb214478d67ea663e781a265a6e5c4f92205b16aeec92fa2cbbcc0844718b029a7c829463189e5e9d1d2cf47bddcbfbad08a9917cb223690288c85e36982712750078298e1bc3b27f9adb7d6030f5f1f3e08223bb17c64d419b5d4b5c33c3d227d773c375585baacd338f76aeabae4d5c3d4777b6f360295811123b52379f37d5c85279f73c99b8b5f13379d3c1de0914224d790987f3585e47f6a6f142cabbcaba4aa59a8d93451769b60d8c65c2f88918e65284dafe550d793faa84ab0ffa00d08f1c54f95217e7029814aa48beb4575e6a71ad2dd12b85617ecb42ba4a60f375d1df8b77c7c5f55653e4314d68427e544c29b2567817e57000c18680f314c1088820e7ba82211e8219cc9a84f7bd4c5e72eccf3509e68be35bada216fde8e992d4705ff37cbf7ecea4c98df2c575c6ee157e67e8d3910e3e1e13b952ba6ee808afc5c66a549b513b5a6519c504b92e4b390619c274c350aa549a971bc92555d6a4d363a1918eae8ea0facf4dd56789fe05bb1d7eb809df9107b57612ac8bc1f405f8030ada96341e227a07f7f57ec0402154039459cfa92601f498ae1a1d12b61e90d2d1eb28c3eac17afa2ff233b9e2e1bccd28f073999e06af9c78022ce96987dbf8db44492e4fa3eb36969de68b08c6d69512dded0bd1a35639f18153733b3831ce2609b3a330d0da68a6c2b6d4b65c29d96f918d21ae5f5e1a865404d405f7fd0f70a26b4d968a0be6e37ec83770dad56c484a1e5907dcd7dc54149d70f3a14757737ae51b30c816bf8d30a206b5bc1c89d4bfe4fa6286cdd9a33d73d2d37f00fa34a7f6fba9ab792cd0c8e12d70aa35647a3e1b2feffd07431f9f606b4392c66e0428b33b6bd0ae08f46a5b45b0ed52bff59bbe497a96e46c5b506fe30c9268d3bbdc55260b868292420e5a936a8581ab2774dd1efd7d59132f0a6a7e3869b070c646d96985a362258ea00efd95dad9a7981f2dc421361eaebd021a0a2da5571528d2bda72815b55b4ac55e6930e03ecf58059c5b418af623d5ce73afdd82be122eca93de3e4b771718fa9675c1b541b9c17f67fb9ad7c21c32618c711e5cf7b66db5a9f7d8bcebc3dc7fde1cbb577cd80ec5afe58d400eb7f6dd7f99c68d2ecfbe5f3221f11b861f9a096bfcda644f74289e00479afc0ad009ed2417d7944793509ab53b4d46b81a41e6bbc71ffc3257734b8c66fc6a32fa1fe589eab69192efe79b5d9d48bb988c3bdcebbedd3061fc78eab396971872c506dd54ed19204c453cb5198cee4424d632d0175df98afa50a64dea93451f3fd54db0f762432f4bec00c2c5187962961e17e839b6b73f8372e58a9683be203b7deeb3f5e5a2683e7b3926cdbc641b056c83258c190fe8c2d5cd32b24faede8bc807d686536e29e449a9ef3abb7dbc92ee18538eb4d03285526cfe74b9e033e32531350d4d93518712a5ea4252bd14d1f20e661b6e53da291fa7e14e48fe875863c5096847a49650581c57f4fe887876a555dc68875f9d2241acac6b03c4485578a1ee7ca7340c32767ddc4130187465b192c0c1da74016db625debb639aac613e6f45bac0bf1c0ca2f9de9922f007511579e81cfac48cfdda3a06f464792097eda0d84ddf602488d5765e05e45fadd8fff5a8e309aa36aa210520b07b12bb1dc814a5a3eaddfa842ff89c48943fbf4c109d2fde680d7894c52a1bf2b41581a6b5bd77537d487dae879b98c602536c282fe849f8a5d2f4283316f76f4752498861bdf30898ac78bc7eb12358bed63171ced66269f1d8efd40bbd860e3738d7cfc2f983d2c71e80a24c984567fa5d435871c54033a2276df92032d2af6388dbc28ff429704814aaf052f26588775db3e2a22824729928e365a95db9b335897f9b4c73c98b460a1eb0500c408baa4f3b5f6d7338633e5c75c6f4f5e5d8db07da9098131f31e0376cb8db6cced5931f856f3dbe4d6276173bf51a68a8c42663ffbf47f3f882e387f35bbc3a6c27e67f004032f60bd42743b099b17377a6a0e1697ee1ed19c0bb9df1cafbbbba5cfec2cbd65faecf6dc2e70f51f87b850344fe71b96cf6261994f99f687b6187b93a6fad0de192a93631ada97a26724e2e5d1ac6312e0c3c3712c51f3a64e92f845e8c7720ba31d4510223a6c963cb9cb79ede1506be7fcec5ac2124dbd5ce829e879acff5e6ab32398906a1f387d72fc8251a98c04624ba25d50b65e83346ff8e137f8e4846b480428031d77fbd84a4b53655e97bea79ae77e1c20d2c0e98977531f11b6eb3a0017d5c7890701c4e81fa6bdd326091a28086f78fe3886bdf383795f0d8cd9ffe2e8d85ba618b5fbcba17d31b77e835462695070d689312725ca74c9ed9a414245c80e280a9340768a570eb2ed479e22072b309337626168eb5a7be14461b11a2aff435bc0ba8efd9761df6aa230a45a5698f2cdff3b24bd614a7f44c508732551321dd20f779a28256eb335b079aadb9df889655367ef18478338e0bf2c627d6ef46e14870403f859aab9719a93f345fd5bf2ffca8d5c1001430f65d2a26a3ed5d36d225b5ea06f1c037b3084084b25efeaf8107b5298e1f9d311c9242c8a9901d5ff7ca3399fe2bb647e15c07ef0539bd19eef9ee5531e1dd638b67c6b7524ce29f4fd19719e995a6cfad08c1de673772c99bdd1bdc0962b67b57ae35a326d1d623ad648903bb3d8e9bc071b268c1c96f77a12fabb37dc444327487fd1a1159b9c0bdea7312f1cc269230cc3a2517ddb0a28a0030fa4148f44fbf278e41ed1b83b00f7efa6b1bfc6691af99a5de2e30d48f2ca174e614beaf0a3d7b1a60c89307dfa768d40e1af49a3a0bf30c977a2bd7f6a8d07bb3b40fa93c6b349c3991b98e07cc46eee7f2682b1814f889d4b44197aae3d2126bfcf9e1986d62ef08ed03cc97a63e4ea0514603592e6817971cca07f230718e314b8eaafba7611522175b94305d2b81db9cdd4efb4ce3c471d4e6c83025160497832eaf14d3587dc121da8bbf3c95c25121cd987b41a16e853720118fc174ad6ce76c332e6a7cfea7899a70fbd03dd0a3b3392adc96f06f7cc8e0f6ab2e134cbc4abacca11b4fb9f81c420bf0a979af6837227a7b875e02e793c0d19b82cb1681ab894157844b3aeec5195b0d1b1a714d49c342602cf1871fe46da17a40f307654a5333fc82886645dd5dbd594a8d2dd4a2cfd58325b5644fa7ef290eed0ffce780779be7d9e49720bcd6abb9765205831c597f956b3fad7e5a036c973b436c0576a80fe92d5b139a766336cc67ee7b02457217d742906c35ad5692f9769af19a7765eef7a67ff04aec2febe51327eb30b3a179dd57affcc3dbf6e42a8593aa72601410dc063fa9ec48c42ca9799557441c1dd9462d7c97b121f699babbe56b845136fd8fd86cc711729557e4b4765eb35da8a4e737ab01b0068849f20285675ec3516b476fd9b8180de640ee7562ad4be70002adfe233ebf32d95bfae997cee049158505e34e1655347660216c1ae400165258ee604529a22537e2f6ea37f77aafff3e990f6295aef1bb914fdfc9f7c2a3d8eff46e34f0270e4cd55f88f540aa99e6014a0a22cf75a961afe6f96022edb3a609cbb4130aaefe6c7935b9a74c47cc11a93ebcf9819a99deb47b1635ae8701dd3abf82d23942cb4af3626edbd58fc1f47d55535df134c8b53639614ba80b8e119ff9eab2166b75c42694b68edb9f3f5ddee511f3e98d7c6afdb071747b9cda8b2d25d48f145e2edf6f107c8c01533efdb647a81c8585b4ee8d3ff80a85bcca558f2cf8f003e4dc7a87875543a7aa4108a44b484ccd180c9bb8a71d8460033c114cb82b344a8dfed51665047af9307a9614d5067be56099bd989890ace8f0aee290c7a651d34d75450521951a87cb6c4a80c36b5eedb23c9533b234badaabb4dadcd5897edf5e8fe866bf622c86417d6f7a0b43282d0c691a3c7ed8385e78cd136288a80d0a63357afc32b20fe2cd76f4fe8d17ef01d0c8597994502bf4950a0e71d62f441966083b58f56f1e9af8db35d9bc47e818169f88a43def9bb0775e9778a20ab8ad9923f1c423495d33298229f978de82d3d241207d9ce6bc12f8f9bff24924bf724391e80238f3dd79f145ea755a81e82a8bc164acd6fef78f46c555d5f9d7145233db47e804daeaa4fc22b94d36abe83af014c75f9aae41735b4bbbe5fbfa4510a90ef1c63e3ac7f6c1174cee52f7d52092522b7e90fb5bbe164e53dc42529d2d07563277547dfb303a27ac7169336e6346e2cc29ba97f3cde5741131b76f6c0ff33b868736379b199dfc1f214bae4297ec44cfd6dc2210776d427f1d792e82e760e6c5142616a719a88d531845d7be623eda969b694c9610f91fcfe35ed240912608aa4f64cb47a5a39549a88039c5f20b21998a38bf66e03dd1ca2948f13810266375e82d333046495e60e182c5da2d57fbd3d8bd846b4be6cf8cf5ad8ce831d13fbb5637443203de09a2fdaf43a65a0c214664186ea2657bce80aaf72dba2af5d6b5c61ab2d487503a43ab2856c9491ae81281495082f5320ec1b238e8c253afb43a5c152989e1b3b829a0f7eee4d28c140ca137b2b664d14d4572c3e20b334e71c13bfb1cfdaefc14049a855fd822e2f5e472705e03b8fb90b7d8695936533fc06a537ffd3f9e0fed185c79043c841c8ff32da5ba989e55af48d74d7ff9cf96c25b35db571b41f104575523f413e2811d7e5da4d2fe98c78a1e1abf96aa0cd884e0b73183d4627c439f934ebdbff3cdbc3b5d831fa6f35a7d711f32fe182381f38859ed6445a85ead4bd56d701f447a40a0f4c06592a813", 0x1000, 0x80}, {&(0x7f0000001a00)="d1f7058acc6639c2dbcd1a0c9c8db9f92ab950a66238c80eed7a792cf45d0c62477a3bd336089a40b0a83cf1e045d1ca7e7af3b6b5624be6e7b2e5b5e003626d0cac36cba783ab785c073a91babb9595cf32d742d13c81da72ab73c5b6612764741645", 0x63, 0x7f}], 0x841800, &(0x7f0000001b00)={[{@discard='discard', 0x2c}]}) syz_mount_image$btrfs(&(0x7f0000000340)='btrfs\x00', &(0x7f0000000380)='./file0\x00', 0x0, 0x5, &(0x7f0000000640)=[{&(0x7f00000003c0)="685e706dfc369107881216867e62636bdc5385cb8b1b671a5a0aecc13e07cefed2e665dc9fe18a3f13ac92c4216bd66380c34da73f24b9322458421a1584cfb5d7246220adcd5337509c7ef256b759aa83638451792f8bf9ce20645ddad71a9fbb50173886ddb513cbc7117530dbb03b9fc6d5", 0x73, 0x6}, {&(0x7f0000000440)="2a6e016856abe0036aec3f7167b963f0c4aabd143193dfa27645435db495c0178e3ac01db9244cd10315db352a722b942f4881e35eff7dcc559eaf541c87b8dcee15c09b9a14bf0b571b104d0cc51b7bf83fc7e4ab5a618b39acbc94bf13fa3369a5108f08e09fd43a11dc0308a503d584b2ec34d7420c40451a47b18e0756432c88d91e76a1ac38", 0x88, 0x1}, {&(0x7f0000000500)="b9b7869dde27b73659f64548e8f46772ad970e003707f87e93afb1c87c9bc8eb4d89f59ab8082d76c41ff4855999bdc14b409b9614776b4c75ffdb8685bbb8b06394d6e4459f1282230b250598d9fd", 0x4f, 0x7ff}, {&(0x7f0000000580)="c86a455e1aad0ff454fae53ea986c49c02d0e9df7bf76e5b7e054b4e6ae5ed05e69479f9fbcabeb044f5b8c67a999fe754c4f70b517ab65ad6b51d0857dd3507cd6993bcb38c0b2f75b3054771378c7e6c68ee4235462c23d0e4142ce430f0274780c62fd99096e29050e2ea7cc98f6bc83fbe6d2545449a639c43a98339e46f5a6227e4b4eb4a553d3ac732", 0x8c, 0x1}, {&(0x7f0000000740)="342ad098abebc6c493ee0c98914ca12a430307a4a85e74fc979bc5f6dcd524cdbb45606f2120bfa7a20936d584c1dc0188f188578b37cbd72079394df36d95ee476f441a31bb5020a8ed3ac767b7cdac18daae31cc56764bf0403c0b48641916e6f87cf40a3b5460df5baf93f87885eb817c9201ce6b041a14bf97c103fbf8a5becb2aa6c8760eae04d200e88e929ad4b64ebb1ad9f89b92b1dd128c50c4686757c7a13aee77e2684efbe1901e6e9d2ce95a2bff48099127529bfaad958fb151cc180e2cbc972844d36aa54c0fa61e28b8067abb24e1379cac25a115", 0xdc, 0x800}], 0x8, &(0x7f0000000840)={[{@nossd='nossd', 0x2c}, {@enospc_debug='enospc_debug', 0x2c}, {@inode_cache='inode_cache', 0x2c}, {@space_cache_v2='space_cache=v2', 0x2c}]}) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vga_arbiter\x00', 0x40042, 0x0) ioctl$KVM_HAS_DEVICE_ATTR(r2, 0x4018aee3, &(0x7f00000002c0)={0x0, 0x5, 0x6ea7, &(0x7f0000000280)}) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) ioctl$DRM_IOCTL_MARK_BUFS(r1, 0x40206417, &(0x7f00000001c0)={0x101, 0x0, 0x8, 0x3ff, 0x3, 0x8}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f0000001bc0)={0x58, 0x1, {0xffffffffffffffff, 0x3, 0x401, 0x1, 0x5}}) r4 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/autofs\x00', 0x80000, 0x0) getsockopt$bt_BT_POWER(r4, 0x112, 0x9, &(0x7f0000000180)=0x2000000, &(0x7f0000001b80)=0xfffffffffffffe5f) ioctl$TIOCPKT(r4, 0x5420, &(0x7f0000000200)=0x1a) fsync(r0) sendfile(r4, r1, 0x0, 0x9) write$rdma_cm(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0e000000180020fa", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00'], @ANYRES32=r3, @ANYBLOB="000000000100000004000000"], 0x20) socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp\x00', 0x220000, 0x0) ioctl$PPPIOCGCHAN(r5, 0x80047437, &(0x7f0000000100)) 2018/04/09 20:46:57 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) userfaultfd(0x0) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:46:57 executing program 2: syz_open_dev$midi(&(0x7f0000000100)='/dev/midi#\x00', 0x77bf, 0x600900) r0 = socket$inet(0x2, 0x840000000003, 0x8) r1 = dup(r0) ioctl$EVIOCGABS20(r1, 0x80184560, &(0x7f0000000000)=""/131) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}, 0x14}, 0x1c) 2018/04/09 20:46:57 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) perf_event_open$cgroup(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240)}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r1) 2018/04/09 20:46:57 executing program 1: r0 = syz_open_dev$sndmidi(&(0x7f0000000080)='/dev/snd/midiC#D#\x00', 0x339, 0x400) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f00000000c0)={0x0, 0x9}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f00000003c0)={r1, 0xf3, "365b695e2e413a912c72c1e19eebe67be2aad31e26f51b2164b2c951fd3ce491354306f87e779ac064ac142a69f129de21649790b4091b0c100787bfd854474b8b6252a12fb5ff0112ca20272ac4fb3d87c2b36bdb9662983ab515854869f0e9409a3330fe73ec02ec061f4c8dcaeea6867d39b66305550c7dad589515528b44d6ef31cd945824ec8738dde3a740a02d87dfae04988502c27e8fc3b2bd68df85edcbd491c027593631d0c171fa7a6e1110959568177c5ee7016ada0ea62afbd756442864cd4e7de925b2ed003b32561fc70827beb3e22819a60094cae81e14d2b99b2c48036fb01bb10c50bc94e6a27947228e"}, &(0x7f0000000140)=0xfb) r2 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000500)={r1, 0x5}, 0x8) r3 = dup2(r2, r2) ioctl$sock_inet6_tcp_SIOCINQ(r3, 0x541b, &(0x7f0000000040)) accept4$inet(r3, &(0x7f0000000280)={0x0, 0x0, @multicast2}, &(0x7f00000004c0)=0x10, 0x80800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x8, 0x0, &(0x7f00000001c0)=[@decrefs={0x40046307, 0x4}], 0x59, 0x0, &(0x7f00000002c0)="ebcfefe98c9015248c028c31026727c870600f42206877bb4decabebe5ffd043a6237a86c62baf8e86d34c89fef04d5b02a627aafdad050779698302681b46b42bf81808473e628b9199b3a4ec93694870a3c4dde199784918"}) getsockopt$kcm_KCM_RECV_DISABLE(r3, 0x119, 0x1, &(0x7f0000000000), 0x4) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB="4574d87008010000"]], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0xfffffffffffffc9f, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:46:57 executing program 3: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f000008cff4)='/dev/rfkill\x00', 0x0, 0x0) r2 = epoll_create1(0x0) perf_event_open$cgroup(&(0x7f0000000080)={0x5, 0x70, 0x779, 0x6, 0x8, 0x3, 0x0, 0x80, 0x10020, 0x0, 0xfff, 0x4, 0x2, 0xd52c, 0x8, 0x7fff, 0x3, 0x74d, 0xfffffffffffffffa, 0xe9, 0x1, 0x1, 0x533, 0x8, 0x0, 0x6, 0x6, 0x7, 0x0, 0x3, 0x6, 0x8, 0x7, 0x100000001, 0x8, 0x81, 0xff, 0x6, 0x0, 0x9, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x1, 0x18bf, 0x7fff, 0x0, 0x7, 0xfffffffffffffff7, 0x5}, r1, 0xb, r0, 0x8) epoll_ctl$EPOLL_CTL_ADD(r2, 0xa000, r1, &(0x7f0000d56ff4)={0x30000001}) [ 130.477674] binder: undelivered TRANSACTION_ERROR: 29189 [ 130.483546] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:46:57 executing program 4: write$rdma_cm(0xffffffffffffffff, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000300)={0xffffffff}, 0x13f, 0x3}}, 0x20) write$rdma_cm(0xffffffffffffffff, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r0}}, 0x18) [ 130.562671] binder: 12242:12243 ioctl 541b 20000040 returned -22 2018/04/09 20:46:57 executing program 2: r0 = socket$inet(0x2, 0x840000000003, 0x8) sched_yield() r1 = dup(r0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}, 0x4bf7dd7}, 0x1be) 2018/04/09 20:46:57 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}, 0x7}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:46:57 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:46:57 executing program 3: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x20000000000000, 0x0) fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000180)=0x1) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0xa000, r0, &(0x7f0000d56ff4)={0x30000001}) fanotify_init(0x44, 0x800) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f0000000040)={0x2, {{0xa, 0x4e20, 0x2, @remote={0xfe, 0x80, [], 0xbb}, 0x5}}, {{0xa, 0x4e21, 0x8, @mcast1={0xff, 0x1, [], 0x1}, 0x100000000}}}, 0x108) [ 130.603237] binder: 12242:12243 got transaction with invalid offsets ptr [ 130.637246] binder: 12242:12243 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:46:58 executing program 4: write$rdma_cm(0xffffffffffffffff, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000300)={0xffffffff}, 0x13f, 0x3}}, 0x20) write$rdma_cm(0xffffffffffffffff, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r0}}, 0x18) 2018/04/09 20:46:58 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) pread64(r0, &(0x7f0000003740)=""/4096, 0xfffffe77, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/cuse\x00', 0x111401, 0x0) r2 = semget$private(0x0, 0x0, 0x0) semctl$GETVAL(r2, 0x1, 0xc, &(0x7f0000000200)=""/38) fanotify_init(0x40, 0x800) socketpair$inet_udp(0x2, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000100)={0x0, @remote, @multicast1}, &(0x7f0000000140)=0xc) [ 130.708093] binder_alloc: binder_alloc_mmap_handler: 12242 20ffb000-20ffe000 already mapped failed -16 2018/04/09 20:46:58 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="effdffff1400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 130.787186] binder: 12242:12243 ioctl 541b 20000040 returned -22 [ 130.822195] binder: BINDER_SET_CONTEXT_MGR already set [ 130.842413] binder_alloc: 12242: binder_alloc_buf, no vma [ 130.848226] binder: 12242:12264 transaction failed 29189/-3, size 40-8 line 2963 [ 130.904612] binder: 12242:12243 ioctl 40046207 0 returned -16 [ 130.934449] binder: undelivered TRANSACTION_ERROR: 29189 [ 130.940309] binder: undelivered TRANSACTION_ERROR: 29201 [ 131.496797] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:46:58 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e23, 0xfffffffffffffffd, @empty, 0x3}, 0xffffffc2) setns(r0, 0x4000000) listen(r0, 0x5eb857) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000180)={0x0, @in={{0x2, 0x4e21, @multicast1=0xe0000001}}, 0x1, 0x9, 0xeb5, 0x6, 0x8}, &(0x7f0000000240)=0x98) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000280)={r1, @in6={{0xa, 0x4e21, 0xbdf1, @empty, 0x1680}}, 0xfffffffffffffff7, 0x100000000000000, 0x1, 0x3, 0x10}, 0x98) r2 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r2, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r2, &(0x7f0000000040)="35c71d3a3cfc6a977b4255e0f9a412a8a44fc162428a5e10be57dd38f1b7c3959b4c9564f495e02bcf489453755b30db355c86742a811b8822bcac6ce612e3adf3c422bd9f7932314f4cfd7d58ea80000cc1b83e00ae41bf1777ee28be0b", 0xffffffffffffffd2) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vga_arbiter\x00', 0x404000, 0x0) connect$nfc_raw(r3, &(0x7f0000000100)={0x27, 0x0, 0x0, 0x6}, 0x10) sendto$inet(r3, &(0x7f0000000180), 0xfc, 0x0, &(0x7f0000000140)={0x2, 0x4e23, @broadcast=0xffffffff}, 0xf) 2018/04/09 20:46:58 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) get_thread_area(&(0x7f0000000100)={0xa80, 0x20001000, 0x3000, 0x56, 0x1, 0x73e, 0x8, 0xfffffffffffffe00, 0x9, 0x9}) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) fcntl$getownex(r0, 0x10, &(0x7f0000000080)={0x0, 0x0}) sched_setaffinity(r2, 0x8, &(0x7f0000000140)=0xfffffff7fffffffb) 2018/04/09 20:46:58 executing program 2: r0 = socket$inet(0x2, 0x840000000003, 0x8) getsockopt$ARPT_SO_GET_INFO(r0, 0x0, 0x60, &(0x7f0000000000)={'filter\x00'}, &(0x7f0000000080)=0x44) r1 = dup(r0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) 2018/04/09 20:46:58 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f000008cff4)='/dev/rfkill\x00', 0x0, 0x0) r1 = epoll_create1(0x0) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f00000002c0)=0xff, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0xa000, r0, &(0x7f0000d56ff4)={0x30000001}) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e23, @rand_addr=0x1}}, 0xe5f4, 0x3, 0x800, 0x5, 0x20}, &(0x7f0000000440)=0x98) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000480)={r2, @in6={{0xa, 0x4e22, 0x0, @ipv4={[], [0xff, 0xff], @rand_addr=0xffffffffffffffd6}}}, 0x5, 0x7}, &(0x7f0000000540)=0x90) getresgid(&(0x7f0000000240), &(0x7f0000000200)=0x0, &(0x7f0000000280)) getgroups(0x7, &(0x7f0000000100)=[0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0]) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) setresgid(r3, r3, r4) r5 = semget$private(0x0, 0x6, 0xa) getsockopt$inet_sctp_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000300), &(0x7f0000000340)=0x4) semctl$GETZCNT(r5, 0x2, 0xf, &(0x7f0000000040)=""/160) accept$alg(r0, 0x0, 0x0) 2018/04/09 20:46:58 executing program 4: write$rdma_cm(0xffffffffffffffff, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000300)={0xffffffff}, 0x13f, 0x3}}, 0x20) write$rdma_cm(0xffffffffffffffff, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r0}}, 0x18) 2018/04/09 20:46:58 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="e03f03001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:46:58 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) perf_event_open$cgroup(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240)}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r1) 2018/04/09 20:46:58 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x1, 0x0) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @rand_addr, @broadcast}, &(0x7f0000000080)=0xc) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x10, 0x0, &(0x7f0000000380)=ANY=[@ANYPTR=&(0x7f00000003c0)=ANY=[@ANYRES64, @ANYBLOB, @ANYBLOB="43e8c4729e07fd6642c76a07bcaa8c80880acaf0d7ffff0000936a50f7c48536e428becdbd1a0d41804a2b2f2a41f7ce1a3c9092fca58d48ef76d6773626aae546d53341ec5321cedb5a026de2bd7bf68dceae066176b8a1657f7aaa20b750a9c391d9aa0f33da2114c3b261", @ANYRES32=r1, @ANYPTR64=&(0x7f0000000100)=ANY=[@ANYRES32=r2, @ANYRES64=r2, @ANYRES64=r0, @ANYRES32=r2], @ANYPTR=&(0x7f0000000140)=ANY=[@ANYRES16=r2, @ANYRES16=r0, @ANYRES16=r0], @ANYPTR64=&(0x7f0000000180)=ANY=[@ANYRES64=r1, @ANYPTR, @ANYRES32=r1, @ANYBLOB="905868785c675ebb6ac4ccd2b0e567a3d8cb42ae28e0e84c3d51d3e84643ce45721df4f7b8eee2938527d3a780b7201ae70a55f8", @ANYRES64=r0, @ANYPTR, @ANYRES32]], @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) msync(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="056304030a0000e41bd0a0faa400afffc55fcdae89efedb084bcc9f83f9106f7b84695584e1e0579faf63d5b842588cee0d6ae9d33609c0e9cd7ed25e71a5252a5fc6e669325264455508be6fa43584d51ca463661b9d120efd1f72ad2e7b26541345b0dad5153c69bf3c7df1731355ae9fae169cba15c21239a0a438ca788fc9f4f65fde032acf846c0dc5d104ceb493e7169a05974b2b14bab4f97f20489bf1e6f7cda8cdb45deab13a8358747a8e0813db0c4d90f3378381bc431b344da49ec3e6b1fbdb69e90577fce18e9cec0b2bb6c2371f7c158b6418da4121361738b"], 0x0, 0x0, &(0x7f0000000240)}) ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x4c09, 0xffffffff) [ 131.539942] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 131.617476] binder: 12308:12309 unknown command 536871872 [ 131.625544] binder: 12308:12309 ioctl c0306201 200002c0 returned -22 [ 131.656899] binder: 12308:12309 unknown command 50619141 2018/04/09 20:46:58 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(0xffffffffffffffff, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000300)={0xffffffff}, 0x13f, 0x3}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) 2018/04/09 20:46:58 executing program 2: r0 = socket$inet(0x2, 0x840000000003, 0x8) r1 = dup(r0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) 2018/04/09 20:46:58 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000040), 0x0) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x74, &(0x7f0000000080)=""/243, &(0x7f0000000180)=0xf3) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:46:58 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x4a0040, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r2, 0x29, 0x2a, &(0x7f0000000100)={0x70, {{0xa, 0x4e22, 0x2, @mcast1={0xff, 0x1, [], 0x1}, 0x2}}}, 0x88) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) ioctl$TUNSETOFFLOAD(r2, 0x400454d0, 0xc) r3 = syz_genetlink_get_family_id$fou(&(0x7f0000000200)='fou\x00') sendmsg$FOU_CMD_DEL(r2, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="f9420000", @ANYRES16=r3, @ANYBLOB="00022dbd7000fcdbdf250200000004000500080001004e240000"], 0x20}, 0x1}, 0x8000) write$binfmt_elf32(r0, &(0x7f0000000740)={{0x7f, 0x45, 0x4c, 0x46, 0x1, 0x7fffffff, 0x3, 0x3, 0x1, 0x3, 0x6, 0x8, 0x34e, 0x38, 0x15, 0x6, 0xfffffffeffffffff, 0x20, 0x2, 0x3, 0x44f2, 0x1000}, [{0x60000004, 0x1, 0xdf38, 0x80000001, 0x0, 0x3, 0x4, 0x2fd4}, {0x6474e551, 0x600000000000000, 0x800, 0x6, 0x0, 0x67, 0x534d3be2, 0x1}], "708675e1e67e023fc6330d94828c7eb5e2e88ec417e95a04a7ad67494302b2fb92bd0b02aec328f6cde3ca9d73bb1eb18b3979961bdb8598fa08583d9c93d0aca0ee40987d1bb73ba5a52468b7e58ddff41b54c845a9b0f0126244e68de57780f3d9164041af6bebd01bbc39175eb9888ca3068b8792307bc19747057e3f111f72a52437072761306f46f351fc64cc514aeb44b7e5c3e41162f200d65b92e04328b237af", [[], [], []]}, 0x41c) ioctl$TUNSETSTEERINGEBPF(r2, 0x800454e0, &(0x7f00000001c0)=r0) splice(r0, &(0x7f0000000340), r2, &(0x7f0000000380), 0x9, 0x4) 2018/04/09 20:46:59 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="0f0000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:46:59 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f000008cff4)='/dev/rfkill\x00', 0x0, 0x0) r1 = epoll_create1(0x0) r2 = request_key(&(0x7f00000000c0)='syzkaller\x00', &(0x7f0000000100)={0x73, 0x79, 0x7a, 0x1}, &(0x7f0000000140)='/dev/rfkill\x00', 0x0) add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000080)={0x73, 0x79, 0x7a, 0x3}, 0x0, 0x0, r2) epoll_ctl$EPOLL_CTL_ADD(r1, 0xa000, r0, &(0x7f0000d56ff4)={0x30000001}) [ 131.668395] binder: 12308:12309 ioctl c0306201 20000280 returned -22 2018/04/09 20:46:59 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f, 0x3}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) [ 131.751950] binder: BINDER_SET_CONTEXT_MGR already set [ 131.760748] binder: 12308:12309 unknown command 536871872 2018/04/09 20:46:59 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="c80000201400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:46:59 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x0, 0x3}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) 2018/04/09 20:46:59 executing program 2: r0 = socket$inet(0x2, 0x840000000003, 0x8) r1 = dup(r0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) ioctl$sock_SIOCGIFBR(r1, 0x8940, &(0x7f0000000100)=@get={0x1, &(0x7f0000000000)=""/176, 0x1}) [ 131.796555] binder: 12308:12309 ioctl c0306201 200002c0 returned -22 [ 131.821422] binder: 12308:12347 unknown command 50619141 [ 131.830671] binder: 12308:12338 ioctl 40046207 0 returned -16 [ 131.838091] binder: 12308:12347 ioctl c0306201 20000280 returned -22 2018/04/09 20:46:59 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) 2018/04/09 20:46:59 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e25, 0x7fff, @local={0xfe, 0x80, [], 0xaa}, 0x10000}, 0x1c) listen(r0, 0x10000000005eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:46:59 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/autofs\x00', 0x40000, 0x0) ioctl$KVM_GET_REG_LIST(r2, 0xc008aeb0, &(0x7f0000000280)={0x0, [0x2]}) ioctl$KVM_DIRTY_TLB(r2, 0x4010aeaa, &(0x7f00000001c0)={0x5, 0xff}) r3 = syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0x8, 0x84) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000140)={'gre0\x00', &(0x7f0000000100)=@ethtool_link_settings={0x4d, 0x0, 0x0, 0x8, 0x33, 0x1f, 0xd9, 0x4, 0x8, 0x5, [0x165c0000000, 0x100000001, 0xfffffffffffffffd, 0xffffffff, 0x6, 0xe6, 0x7, 0x4], [0x3f]}}) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) 2018/04/09 20:46:59 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000040)) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x200, 0x0) ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x541b, &(0x7f00000000c0)) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f000008cff4)='/dev/rfkill\x00', 0x0, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0xa000, r1, &(0x7f0000d56ff4)={0x30000001}) 2018/04/09 20:46:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x8, 0x80) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, &(0x7f0000000040)="ce2d8e4295df87a9d18daa515fbdaa29", 0x10) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:46:59 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="00f0ff7f1400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:46:59 executing program 2: r0 = socket$inet(0x2, 0x840000000003, 0x8) r1 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x3, 0x400880) ioctl$DRM_IOCTL_GET_MAP(r1, 0xc0286404, &(0x7f0000000140)={&(0x7f0000ff9000/0x4000)=nil, 0x6911, 0x0, 0x21, &(0x7f0000ff6000/0x4000)=nil, 0x20}) r2 = dup(r1) ioctl$TUNDETACHFILTER(r0, 0x401054d6, 0x0) setsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000000)="d9fa089b8b36b0170d0ff206a2eefe8468cf9274da5997812fb7e6f3b11c2e4a9af825c039ed0880f941ff251b3c866ec52c460024157b2a6721cfef3b1b9fb54938b7310a6d15d050448aabb77025c45c0fdbc646f78ee5ae1fc165e23c2e15c4af8c47593dd48df4c86d1aba4b3f6492b55079df1c693bf16546fcc8e91523057e85", 0x83) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x4, @ipv4={[], [0xff, 0xff], @rand_addr}, 0x6}, 0x1c) 2018/04/09 20:46:59 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) perf_event_open$cgroup(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240)}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r1) 2018/04/09 20:46:59 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(0xffffffffffffffff, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) [ 132.600908] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:00 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="effd00001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 132.666529] binder: 12391:12394 got transaction with invalid offsets ptr [ 132.679992] binder: 12391:12394 transaction failed 29201/-14, size 40-8 line 2991 [ 132.726466] binder: BINDER_SET_CONTEXT_MGR already set [ 132.750440] binder: 12391:12412 ioctl 40046207 0 returned -16 [ 132.781343] binder_alloc: 12391: binder_alloc_buf, no vma [ 132.787083] binder: 12391:12394 transaction failed 29189/-3, size 40-8 line 2963 [ 132.829239] binder: undelivered TRANSACTION_ERROR: 29189 [ 132.834856] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:01 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) ioctl$PIO_UNIMAPCLR(r1, 0x4b68, &(0x7f0000000080)={0x7, 0x9, 0xfffffffffffffffc}) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f000008cff4)='/dev/rfkill\x00', 0x0, 0x0) r3 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r3, 0xa000, r2, &(0x7f0000d56ff4)) epoll_ctl$EPOLL_CTL_DEL(r2, 0x2, r0) 2018/04/09 20:47:01 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100)}}, 0x18) 2018/04/09 20:47:01 executing program 2: r0 = socket$inet(0x2, 0x840000000003, 0x8000000000000fff) r1 = dup(r0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) 2018/04/09 20:47:01 executing program 6: socket$inet_tcp(0x2, 0x1, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x7fff, 0x2100) recvfrom$unix(r0, &(0x7f0000000440)=""/63, 0x3f, 0x2, &(0x7f00000005c0)=@file={0x1, './file0\x00'}, 0x6e) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/vs/expire_nodest_conn\x00', 0x2, 0x0) ioctl$EVIOCSKEYCODE(r1, 0x40084504, &(0x7f0000000300)=[0x5, 0x1]) ioctl$DRM_IOCTL_GEM_FLINK(r0, 0xc008640a, &(0x7f0000000500)={0x0}) ioctl$DRM_IOCTL_GEM_OPEN(r0, 0xc010640b, &(0x7f0000000540)={0x0, 0x0, 0xa57a}) ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000580)={r2, r3}) sysfs$1(0x1, &(0x7f00000000c0)='\x00') r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r4, &(0x7f0000000700)=ANY=[@ANYBLOB="0000fa000000004a275c4f73b2327100", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="3f01000000010000"], 0x20) modify_ldt$read(0x0, &(0x7f0000000340)=""/134, 0x86) readv(r4, &(0x7f0000000680)=[{&(0x7f0000000480)=""/126, 0x7e}, {&(0x7f0000000740)=""/4096, 0x1000}, {&(0x7f0000001740)=""/190, 0xbe}, {&(0x7f0000000640)=""/36, 0x24}], 0x4) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000100)={{{@in=@rand_addr, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in=@broadcast}}, &(0x7f0000000200)=0xe8) ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000240)={@dev={0xfe, 0x80, [], 0xa}, @mcast1={0xff, 0x1, [], 0x1}, @dev={0xfe, 0x80, [], 0xd}, 0x4, 0x7, 0x16, 0x104, 0xca, 0x4100000, r6}) write$rdma_cm(r4, &(0x7f0000000400)=ANY=[@ANYBLOB="0e000000180000fa", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB="030000007a48c8c9690058eac547cda2a19a0a5001dc6eae6d6dc723736c571e4943f4450181e8750e322e2596e535284db299d7e0"], @ANYRES32=r5, @ANYBLOB="000000000100000004000000"], 0xfffffffffffffeb8) 2018/04/09 20:47:01 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) r1 = socket$inet_dccp(0x2, 0x6, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffff9c, 0xae41, 0x1) ioctl$KVM_SET_SIGNAL_MASK(r2, 0x4004ae8b, &(0x7f00000063c0)={0xfb, "72e829dcd85c20ca484e05714044ffce130199d747c625c021a4ee16e9ba312fa2d1058d52e162edc36084359031fb9b765850062cd689ece580663a854cff08d82add2d4e584a67c2593917e9c08e3f65a648be2773abbfc9722d9d7e8fbfd7a9542390d2c236611f1d48ee1b672bc10b8b787c391c73ca1772249718106ce23fddef4e1445ff03c85ad15baf8616879d9b25d77a39594dba1a0d2af5090f21486135816de1005fdd6851fde30684e895e077e9986fb0379810f8af5147f291a461a3aade4533eb8e0954b907ad88074e2990325a56d847227a69a346e03e36e1e2e43f674fb6483b45adec397d72770e1bb163a3789d04478080"}) setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000100)=ANY=[@ANYBLOB="e0000002ffffffff01eed1176459f3ad887bdbdbc0c1457bbc0000000100000000000000"], 0x14) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c) listen(r0, 0x5eb857) recvmmsg(r1, &(0x7f0000006200)=[{{&(0x7f0000000140)=@nfc, 0x80, &(0x7f00000000c0)=[{&(0x7f00000001c0)=""/4096, 0x1000}, {&(0x7f00000011c0)=""/145, 0x91}, {&(0x7f0000001280)=""/253, 0xfd}], 0x3, &(0x7f0000001380)=""/61, 0x3d, 0x1}, 0x4}, {{&(0x7f00000013c0)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x80, &(0x7f0000003500)=[{&(0x7f0000001440)=""/4096, 0x1000}, {&(0x7f0000002440)=""/15, 0xf}, {&(0x7f0000002480)=""/57, 0x39}, {&(0x7f00000024c0)=""/41, 0x29}, {&(0x7f0000002500)=""/4096, 0x1000}], 0x5, &(0x7f0000003580)=""/23, 0x17, 0x8001}, 0x7fffffff}, {{&(0x7f00000035c0)=@ipx, 0x80, &(0x7f00000057c0)=[{&(0x7f0000003640)=""/4096, 0x1000}, {&(0x7f0000004640)=""/64, 0x40}, {&(0x7f0000004680)=""/4096, 0x1000}, {&(0x7f0000005680)=""/182, 0xb6}, {&(0x7f0000005740)=""/122, 0x7a}], 0x5, &(0x7f0000005840)=""/212, 0xd4, 0x3}, 0xaeb8}, {{&(0x7f0000005940)=@in6={0x0, 0x0, 0x0, @local}, 0x80, &(0x7f0000005b00)=[{&(0x7f00000059c0)=""/86, 0x56}, {&(0x7f0000005a40)=""/174, 0xae}], 0x2, 0x0, 0x0, 0x1}, 0xf1b}, {{&(0x7f0000005b40)=@in={0x0, 0x0, @multicast1}, 0x80, &(0x7f00000060c0)=[{&(0x7f0000005bc0)=""/122, 0x7a}, {&(0x7f0000005c40)=""/200, 0xc8}, {&(0x7f0000005d40)=""/69, 0x45}, {&(0x7f0000005dc0)=""/53, 0x35}, {&(0x7f0000005e00)=""/174, 0xae}, {&(0x7f0000005ec0)=""/124, 0x7c}, {&(0x7f0000005f40)=""/206, 0xce}, {&(0x7f0000006040)=""/127, 0x7f}], 0x8, &(0x7f0000006140)=""/130, 0x82, 0x200}, 0x7}], 0x5, 0x0, &(0x7f0000006340)) setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000006380)=@req3={0x3, 0x0, 0x6, 0x1ff, 0x0, 0x4}, 0x1c) r4 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r4, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) setsockopt$EBT_SO_SET_COUNTERS(r4, 0x0, 0x81, &(0x7f0000000040)={'mangle\x00', 0x4, [{}, {}, {}, {}]}, 0x68) write(r4, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r4, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:01 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="c00000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:01 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) perf_event_open$cgroup(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240)}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r1) 2018/04/09 20:47:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x2012, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000680)=0x3) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000500)={0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000940)={0x10c, 0x0, &(0x7f0000000700)=[@enter_looper={0x630c}, @reply_sg={0x40486312, {{0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x58, 0x28, &(0x7f0000000480)=[@fd={0x66642a85, 0x0, r0, 0x0, 0x2}, @fda={0x66646185, 0x1, 0x3, 0x2}, @fda={0x66646185, 0x0, 0x4, 0x34}], &(0x7f0000000180)=[0x60, 0x78, 0x40, 0x0, 0x38]}, 0x5539c2a3}}, @request_death={0x400c630e, 0x1, 0x4}, @acquire_done={0x40106309, r1, 0x3}, @transaction_sg={0x40486311, {{0x3, 0x0, 0x4, 0x0, 0x11, 0x0, 0x0, 0x70, 0x20, &(0x7f00000005c0)=[@ptr={0x70742a85, 0x0, &(0x7f0000000540), 0x1, 0x0, 0xa}, @ptr={0x70742a85, 0x1, &(0x7f0000000580), 0x1, 0x3, 0xd}, @fda={0x66646185, 0xa, 0x2, 0x1f}], &(0x7f0000000640)=[0x38, 0x20, 0x40, 0x38]}, 0x9}}, @reply_sg={0x40486312, {{0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x40, &(0x7f0000000680), &(0x7f00000006c0)=[0x78, 0x0, 0x38, 0x0, 0x68, 0x40, 0x48, 0x40]}, 0x100000001}}], 0xef, 0x0, &(0x7f0000000840)="55ee7a6da90be38c0f44c6668984f57783c6d7a051c8360d6ede46733cf7de19e6a1c87146bf8c545c31fa8dc5c8c73c16f0fd11164e53c73f9eb56d680c7a03e6346052129035a286385c91a7ed784429b769aa4e20f6a80969a4bdf20e181a7d10fd6fcf67e9922598506d353d99475b4ae1f9adb7b610b01175d9379365166f49567736d8af8eeeaeb93b27cdaf69e8216014ab69364dcec83639d5db8c4cbe5586889cdb99d6bfac45c997a056115215e22ca4c52437ec85ef87d5e3c7c0a43c6d91ae5e85b785b8e42ebbd19af27e82b3fc1df6ec2845084fd4cb2191c1809f208fce759c5f5b2fcc832856cc"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000000000000000776b7719de362367b0a4a1004200000000000028000000", @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB="00e8000000000000"]], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="076300002fcb880000000086a73634650538cc3f63d25e42b79176a73d8f5aab1f35506e8662ef6736246416075d073186fbd3431895906e5b3c985911bc702aec3ed24b36b538a86f688f88a7935824368739f0879c8568c0fe21364cd3c70b23ceba9257e2b47a70fc395b5f1f0a321547fdfa9aaf8f9f273d5e7f8325a8ce04d4d2ce100415d84d48b5c04a150725a6d72a3aa36fcac1a62c224a90"], 0x0, 0x0, &(0x7f0000000240)}) io_setup(0x6, &(0x7f0000000000)=0x0) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/pfkey\x00', 0x0, 0x0) r4 = syz_open_dev$dspn(&(0x7f00000002c0)='/dev/dsp#\x00', 0x0, 0x2082) io_submit(r2, 0x2, &(0x7f0000000340)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x3, 0x4, r0, &(0x7f0000000040)="eb2845b236d10a947030ebf583abc6993fe221c869379a4cda3e745243462e3a7a4cc8a8019943ab9724611da12f71c2331ab98881567407587a38e207f33dc822e0d4d82f0c19aee334318d0db7dbbe4d6b6ba02e3ed4bec5ab0a773e8964e5e2d374c8a9906222ca4c8c5786bcfb29469d6316f3c02b3e0e837e559576af0881293c5cfd4fd31ee9d6d5945a413bddeddb920ee7d79e55c30638512948f7893259022f17c06d186993ca75e2fd1b072b36aefd7579dd6f474004543928dbccdacb9f690554cc9f67a4", 0xca, 0x6, 0x0, 0x1, r3}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x3, 0xd567, r0, &(0x7f0000000200)="15ab150bd6b34fa7f23b2f6a6998c1978559", 0x12, 0x4, 0x0, 0x1, r4}]) [ 133.677120] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 133.762886] binder: 12443:12447 got reply transaction with no transaction stack [ 133.770481] binder: 12443:12447 transaction failed 29201/-71, size 88-40 line 2763 2018/04/09 20:47:01 executing program 5: r0 = shmat(0xffffffffffffffff, &(0x7f0000fff000/0x1000)=nil, 0x6000) shmdt(r0) r1 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r1, 0x5eb857) r2 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r2, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r2, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r2, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:01 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f000008cff4)='/dev/rfkill\x00', 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x5667, 0x40) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0xa000, r0, &(0x7f0000d56ff4)={0x30000001}) 2018/04/09 20:47:01 executing program 2: r0 = syz_open_dev$mouse(&(0x7f0000000100)='/dev/input/mouse#\x00', 0xe4a, 0x400000) socket$inet(0x2, 0x8000f, 0xe2) setsockopt$inet6_group_source_req(r0, 0x29, 0x0, &(0x7f0000000140)={0x10000, {{0xa, 0x4e24, 0x2, @loopback={0x0, 0x1}, 0xbdf0}}, {{0xa, 0x4e20, 0x1, @mcast1={0xff, 0x1, [], 0x1}, 0x81}}}, 0x108) r1 = socket$inet(0x2, 0x840000000000, 0x8) r2 = dup(r1) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) 2018/04/09 20:47:01 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x1, 0x0) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @rand_addr, @broadcast}, &(0x7f0000000080)=0xc) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x10, 0x0, &(0x7f0000000380)=ANY=[@ANYPTR=&(0x7f00000003c0)=ANY=[@ANYRES64, @ANYBLOB, @ANYBLOB="43e8c4729e07fd6642c76a07bcaa8c80880acaf0d7ffff0000936a50f7c48536e428becdbd1a0d41804a2b2f2a41f7ce1a3c9092fca58d48ef76d6773626aae546d53341ec5321cedb5a026de2bd7bf68dceae066176b8a1657f7aaa20b750a9c391d9aa0f33da2114c3b261", @ANYRES32=r1, @ANYPTR64=&(0x7f0000000100)=ANY=[@ANYRES32=r2, @ANYRES64=r2, @ANYRES64=r0, @ANYRES32=r2], @ANYPTR=&(0x7f0000000140)=ANY=[@ANYRES16=r2, @ANYRES16=r0, @ANYRES16=r0], @ANYPTR64=&(0x7f0000000180)=ANY=[@ANYRES64=r1, @ANYPTR, @ANYRES32=r1, @ANYBLOB="905868785c675ebb6ac4ccd2b0e567a3d8cb42ae28e0e84c3d51d3e84643ce45721df4f7b8eee2938527d3a780b7201ae70a55f8", @ANYRES64=r0, @ANYPTR, @ANYRES32]], @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) msync(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="056304030a0000e41bd0a0faa400afffc55fcdae89efedb084bcc9f83f9106f7b84695584e1e0579faf63d5b842588cee0d6ae9d33609c0e9cd7ed25e71a5252a5fc6e669325264455508be6fa43584d51ca463661b9d120efd1f72ad2e7b26541345b0dad5153c69bf3c7df1731355ae9fae169cba15c21239a0a438ca788fc9f4f65fde032acf846c0dc5d104ceb493e7169a05974b2b14bab4f97f20489bf1e6f7cda8cdb45deab13a8358747a8e0813db0c4d90f3378381bc431b344da49ec3e6b1fbdb69e90577fce18e9cec0b2bb6c2371f7c158b6418da4121361738b"], 0x0, 0x0, &(0x7f0000000240)}) ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x4c09, 0xffffffff) 2018/04/09 20:47:01 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="c00e00001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:01 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x10402, 0x0) ioctl$KVM_KVMCLOCK_CTRL(r2, 0xaead) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x3fb) [ 133.835106] binder_alloc: 12443: binder_alloc_buf size 72742278049896 failed, no address space [ 133.844059] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 133.853057] binder: 12443:12447 transaction failed 29201/-28, size 72570479358055-171798691840 line 2963 [ 133.941927] binder: BINDER_SET_CONTEXT_MGR already set [ 133.976372] binder: 12465:12466 ioctl 40046207 0 returned -16 2018/04/09 20:47:01 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f000008cff4)='/dev/rfkill\x00', 0x0, 0x0) r1 = epoll_create1(0x0) pipe2(&(0x7f0000000040), 0x80000) epoll_ctl$EPOLL_CTL_ADD(r1, 0xa000, r0, &(0x7f0000d56ff4)={0x30000001}) 2018/04/09 20:47:01 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000022300190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:01 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) remap_file_pages(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0xc, 0x0) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:01 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="00000000180000fa0000000000000000", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="000000000000000094f33323e8372de9c0e4520c5787bea709cbfb767ad77764bffd5bb01846b7b80f6255447dec406e791436d404060827b168e3c0c018fe1e488ba3372f6d24bf4d21a17cfa9fe2d8ba2161fef17c810131ac3e2314ba742754dba62625668fbd7d19c7cd800bbb08df1ef9b95814358bd6891e0a4844a56300a66cf569564fb5b6471f6983e81fca88a0cec530d861b92e2b013cf4d885be4cf7d657bc783774980953946064620cef7b519176f436c4100c922fbbbcbdd4d4"], 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@resolve_route={0x4, 0x8, 0xfa00, {r1, 0x6}}, 0x10) r2 = dup2(r0, r0) ioctl$PPPOEIOCDFWD(r2, 0xb101, 0x0) [ 133.995645] binder: 12465:12466 unknown command 536871872 [ 134.003581] binder: BINDER_SET_CONTEXT_MGR already set [ 134.015144] binder: 12465:12466 ioctl c0306201 200002c0 returned -22 [ 134.021949] binder: 12443:12481 ioctl 40046207 0 returned -16 [ 134.029814] binder: 12465:12466 unknown command 50619141 2018/04/09 20:47:01 executing program 2: r0 = socket$inet(0x2, 0x840000000003, 0x5) r1 = dup(r0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) [ 134.047438] binder: 12443:12447 got reply transaction with no transaction stack [ 134.051104] binder: 12465:12466 ioctl c0306201 20000280 returned -22 [ 134.055275] binder: 12443:12447 transaction failed 29201/-71, size 88-40 line 2763 [ 134.069277] binder_alloc: 12443: binder_alloc_buf, no vma [ 134.075093] binder: 12443:12487 transaction failed 29189/-3, size 72570479358055-171798691840 line 2963 2018/04/09 20:47:01 executing program 4: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) perf_event_open$cgroup(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240)}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r1) [ 134.241270] binder: 12443:12447 unknown command 25351 [ 134.262411] binder: 12443:12447 ioctl c0306201 20000280 returned -22 [ 134.295915] binder: undelivered TRANSACTION_ERROR: 29189 [ 134.301778] binder: undelivered TRANSACTION_ERROR: 29201 [ 134.798978] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:02 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f000008cff4)='/dev/rfkill\x00', 0x0, 0x0) r1 = epoll_create1(0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0xa000, r0, &(0x7f0000d56ff4)={0x30000001}) 2018/04/09 20:47:02 executing program 2: r0 = socket$inet(0x2, 0x840000000003, 0x8) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x127100, 0x0) bind$bt_sco(r1, &(0x7f0000000040)={0x1f, {0x2, 0x81, 0x3, 0xffffffffffffff00, 0x6, 0x9}}, 0x8) r2 = dup(r0) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) 2018/04/09 20:47:02 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000000f00190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:02 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=ANY=[@ANYBLOB="00000000180000fa0000000000000000", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB], 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) 2018/04/09 20:47:02 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb853) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="e362044000000000"], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:02 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x6950, 0x80000) ioctl$sock_inet_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000040)={'bond0\x00', {0x2, 0x4e22, @multicast2=0xe0000002}}) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) setsockopt$sock_timeval(r1, 0x1, 0x52417e1614eed8e, &(0x7f00000000c0)={r2, r3/1000+30000}, 0x10) 2018/04/09 20:47:02 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) perf_event_open$cgroup(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240)}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) [ 135.235143] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop4. [ 135.310804] binder: 12547:12551 got transaction with invalid offsets ptr [ 135.334858] binder: 12547:12551 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:02 executing program 2: r0 = socket$inet(0x2, 0x840000000003, 0x8) r1 = dup(r0) accept4$inet(r0, 0x0, &(0x7f0000000000), 0x80800) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) 2018/04/09 20:47:02 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0e000000180000fa", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB="6b7669a530dbcbe2c3313c9d4756a9"], @ANYRES32=r1, @ANYBLOB="000000000100000004000000"], 0x20) ioctl$PIO_FONT(r0, 0x4b61, &(0x7f00000000c0)="19fc0826e854bae035d993d7052eede704428987fec032fe63daf9af0b027fc48771f402fc694d978e07659805c4d739d5677509ac68e0882275307cbc8111f9dd2f3c0fcbe7efdc5db0a670ae1fb5f358c2d5aa253c8454b1224094af897652cfe606300c8857f419d655b631158782e0b9d6133f8661f96fe3817ceed65255edaaae3112a58601c94c94b90515483350a80e989bc3a0ebc834e2f3f3414276bd44e387278266ebc2a8946b3eaf9712a459632d5a6c71d2d94d2d69862d61a56130b24bcbd47afb6fd70d70fdfeade67072097e3a93fa253fc6") 2018/04/09 20:47:02 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="4800000ec000190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:02 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) r1 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x9, 0x0) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000200)={0x0, 0x6, 0x10, 0x0, 0x4}, &(0x7f0000000240)=0x18) getsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000280)=@assoc_value={0x0, 0x9}, &(0x7f00000002c0)=0x8) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000380)={0x0, 0x200, 0x8}, &(0x7f00000003c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000400)={0x0, @in6={{0xa, 0x4e22, 0x4, @dev={0xfe, 0x80, [], 0xf}, 0x2}}, 0x7, 0x1}, &(0x7f00000004c0)=0x90) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000700)={r5, 0x7f}, 0x8) sendmmsg$inet_sctp(r1, &(0x7f00000006c0)=[{&(0x7f0000000080)=@in6={0xa, 0x4e21, 0x9, @remote={0xfe, 0x80, [], 0xbb}, 0x2}, 0x1c, &(0x7f00000001c0)=[{&(0x7f00000000c0)="3b0348d0184d9d209ce062c4aab4df4e924866a85ac32ee9d6ff0703f259defcd16017b07800c90a01593ccef3acc36aed7c82360401835463cf4d0b5e7fe75c5f57ce6f059714f635c67fb471e61b08d038c4480591da8ae66c647de1245f3ad2712eb46146bf351d637af459615df2df8fb8cd26f6ef543845b5defa7c8f8f62b95befce656c88534c495b9aa656800189ae795ce8dcd3aaf64efcab7c7d549faa4876dd2447a52bfd344fedf40317c5a6869de7e95996906c79b513de4d3b501882f4433f9e349d8dec991aebf0ccc900ee45c385", 0xd6}], 0x1, &(0x7f0000000500)=[@init={0x18, 0x84, 0x0, {0xffffffffffffffd6, 0x800, 0x40, 0x51e}}, @sndinfo={0x20, 0x84, 0x2, {0x5, 0x2, 0x0, 0x3, r2}}, @sndinfo={0x20, 0x84, 0x2, {0x5, 0x200, 0x3, 0x1, r3}}, @init={0x18, 0x84, 0x0, {0x7fffffff, 0x1, 0x0, 0x20}}, @sndrcv={0x30, 0x84, 0x1, {0x7, 0x1, 0x200, 0x5, 0x3ff, 0x200000000000, 0x20, 0x2}}, @sndrcv={0x30, 0x84, 0x1, {0x3, 0x7, 0x1, 0x7fff, 0x6, 0x4, 0x4ea9d266, 0x3, r4}}, @init={0x18, 0x84, 0x0, {0x5f1e, 0x0, 0x3, 0x5}}, @sndrcv={0x30, 0x84, 0x1, {0x9, 0x3, 0x8000, 0x6, 0x400, 0x3, 0x3, 0x200, r5}}, @init={0x18, 0x84, 0x0, {0x0, 0x8, 0x0, 0x1}}], 0x1b0, 0x8000}], 0x1, 0x0) listen(r0, 0x5eb857) r6 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000740)={r4, 0x7, 0x1, [0x7fffffff]}, &(0x7f0000000780)=0xa) connect$inet(r6, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r6, &(0x7f0000f8aff1), 0xff8f) connect(r1, &(0x7f0000000300)=@nfc={0x27, 0x0, 0x0, 0x1}, 0x80) getpeername$unix(r1, &(0x7f00000007c0)=@abs, &(0x7f0000000840)=0x6e) sendto$inet(r6, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) [ 135.360793] binder: BINDER_SET_CONTEXT_MGR already set [ 135.370324] binder: BINDER_SET_CONTEXT_MGR already set [ 135.389983] binder: 12558:12559 ioctl 40046207 0 returned -16 2018/04/09 20:47:02 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x4002, 0x0) ioctl$TIOCLINUX3(r0, 0x541c, &(0x7f0000000080)=0x3) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f000008cff4)='/dev/rfkill\x00', 0x0, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0xa000, r1, &(0x7f0000d56ff4)={0x30000001}) [ 135.414219] binder_alloc: 12547: binder_alloc_buf, no vma [ 135.420073] binder: 12547:12551 transaction failed 29189/-3, size 40-8 line 2963 [ 135.426055] binder: 12547:12560 ioctl 40046207 0 returned -16 [ 135.441834] binder_alloc: 12547: binder_alloc_buf, no vma [ 135.447651] binder: 12558:12559 transaction failed 29189/-3, size 40-8 line 2963 2018/04/09 20:47:02 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0, 0x0) getsockopt$inet_dccp_buf(r1, 0x21, 0xe, &(0x7f0000000140)=""/34, &(0x7f0000000400)=0x22) ioctl$EVIOCGBITSND(r1, 0x80404532, &(0x7f0000000240)=""/185) setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f0000000100)=0x6, 0x4) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) r3 = accept4(0xffffffffffffffff, &(0x7f0000000180)=@can, &(0x7f0000000000)=0x80, 0x80800) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000080)=0x80000001, 0x4) write$rdma_cm(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="0e000000180000fae09a99920dafd87f9aef5719024b00257ecc1b707296386988d0c32aed101ff57d364f4303307efeda2264f91d2d749243f877066552a9abfee7c610113e75185c1d621f0587fe5c833b26945691157b305a7d47396c4d86b0aa9d0c04a5cb67d5efeca822854042a380d590f1357865edfb1df57ba6f1c9f16d42f35cb6ebc8718499ad", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00'], @ANYRES32=r2, @ANYBLOB="00000000cafea3a3200000000000000000009d7a350b09a7577858612b4052fc28cb3952d51f312c4a6b50cd8a862182027a0779fa9cffd5b300571a65de45bf75fa5b09542615d6ee1de23de4"], 0x20) 2018/04/09 20:47:02 executing program 2: r0 = socket$inet(0x2, 0x840000000003, 0x8) r1 = dup(r0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) [ 135.533483] binder: 12547:12570 unknown command 1074029283 [ 135.551008] QAT: Invalid ioctl [ 135.562167] binder: 12547:12570 ioctl c0306201 20000280 returned -22 [ 135.568702] binder: undelivered TRANSACTION_ERROR: 29189 [ 135.593431] QAT: Invalid ioctl [ 135.629587] binder: undelivered TRANSACTION_ERROR: 29189 [ 135.635256] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:03 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480200001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:03 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e23}, 0x0) write(r1, &(0x7f0000f8aff1), 0xff8f) r2 = openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0xc2200, 0x4) ioctl$sock_ipx_SIOCAIPXITFCRT(r2, 0x89e0, &(0x7f00000000c0)=0xfffffffffffffffc) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:03 executing program 2: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x10000, 0x0) fdatasync(r0) r1 = socket$inet(0x2, 0x840000000003, 0x8) r2 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x1, 0xc00) ioctl$TTUNGETFILTER(r2, 0x801054db, &(0x7f0000000140)=""/143) r3 = fcntl$dupfd(r1, 0x0, r1) bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e21, 0x4, @mcast1={0xff, 0x1, [], 0x1}, 0x3}, 0x14) r4 = dup(r1) getsockopt$inet6_dccp_buf(r3, 0x21, 0xe, &(0x7f0000000200)=""/197, &(0x7f0000000080)=0xc5) ioctl$KVM_IRQ_LINE_STATUS(r4, 0xc008ae67, &(0x7f0000000000)={0x24, 0x7}) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) splice(r3, &(0x7f0000000300), r3, &(0x7f0000000340), 0x5, 0x4) 2018/04/09 20:47:03 executing program 3: openat$rfkill(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rfkill\x00', 0x8000, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) listen$netrom(r0, 0x2) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0xa000, r1, &(0x7f0000d56ff4)={0x30000001}) lookup_dcookie(0x2, &(0x7f00000000c0)=""/30, 0x1e) 2018/04/09 20:47:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_GET_CLOCK(r1, 0x8030ae7c, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:03 executing program 4 (fault-call:2 fault-nth:0): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) 2018/04/09 20:47:03 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000440)=@create_id={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000400)={0xffffffff}, 0x111, 0xf}}, 0x20) write$rdma_cm(r0, &(0x7f0000000200)=@resolve_addr={0x15, 0x110, 0xfa00, {r1, 0x0, 0x0, 0x0, 0x0, @ib={0x1b, 0x3, 0x0, {"c0b5feee4b5bfb003623ca7e3bbc0878"}, 0x80000001, 0x4, 0x2}, @in={0x2, 0x4e24, @rand_addr=0x7fff}}}, 0x118) write$rdma_cm(r0, &(0x7f0000000480)=@disconnect={0xa, 0x0, 0xfa00, {r1}}, 0xfffffffffffffc8e) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000080)=0x0) capget(&(0x7f00000001c0)={0x20000522, r2}, &(0x7f0000000140)={0x8, 0x0, 0x8, 0x8, 0x3ff, 0x42cf640e}) write$rdma_cm(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0e000000180000fa", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00'], @ANYRES32=0xffffffff, @ANYBLOB="000000000100001004000000"], 0x20) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) 2018/04/09 20:47:03 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) perf_event_open$cgroup(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240)}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) 2018/04/09 20:47:03 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="48f000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:03 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) 2018/04/09 20:47:03 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) write$rdma_cm(r0, &(0x7f0000000700)=ANY=[@ANYBLOB="00000000180000fa0000000000000000", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYRES32=0xffffffff], @ANYPTR=&(0x7f0000000740)=ANY=[@ANYBLOB="c0d10bb86542f6dc4077b6329c503492970cde82d284159c39a759c6d3c3d0e4a5ab855a4f47ebc13b7a1e56d83473da0ea3d60fe027252679dd74a666e1235e9f7bf3f033667aa914", @ANYPTR64=&(0x7f0000000100)=ANY=[@ANYPTR, @ANYPTR, @ANYRES32, @ANYBLOB="3b710499fab8bb0b0df4d6fdf2b13963682ab536b060844946b8853cd6c34c0f95da6dd74cb93db15facd5277f16aa68ccc39b688b31e243d2ff7cb89799257ea9b48bdf9b2fa54a9aea6219fca462e84809e84a5ce2ef1bbb87dcbf13bb1dbce6e2fec3ec508158fadde1d687c3e9bc06959d92f715467234e14678ceedca90213f6eecaeb111e1e88d2e063a38f1e304c9f7cd5626aa9e1a698947a47d50ad7964052316ba301cd54ecf5fe9f25d0a6b0bd96313734179fdfb2a289187762dfe1b035a515731253d129c1227b4d388f7328af19179782c01acef6eb16a5828ac7fd97c88adf00b1f97519a372619451d", @ANYRES32=r0, @ANYRES32=r1, @ANYPTR64, @ANYRES16=r0], @ANYRES32=r0, @ANYPTR64=&(0x7f0000000080)=ANY=[@ANYRES16=r0, @ANYPTR64, @ANYRES16, @ANYPTR, @ANYRES64=r0, @ANYPTR64, @ANYPTR64, @ANYRES64=r1], @ANYPTR=&(0x7f0000000240)=ANY=[@ANYPTR64, @ANYPTR64], @ANYBLOB="8b33ca091fd78b7350da8edd00727a0e2d42fe3cc599d991514afcd9b8fe706807a26d69c6f16eff232ccc2bd8b5aa8ca4c762d8a2204fa06ff308366d2c783119efca056aa6527302b42da90b06b3840a54247cef2c38628f988f01d60763eacf196a8f2b57e2fe3ad8bd51599c061876cc569011f4e9228814be7093a5ed42972ad4ab171afa64334f9bc5c001244cdefb9b110ad7d848160e5b8f2f395e8daa5cea312e21760af4ccc94da6291d0b1eeb38ff708985fcb3a9c0904662a13b45d7a56a21a8f6e8fe4f2eed54ed881811733f49157bfddc3672441f63363a36bbafeb73f25261a86e0207156e0e485fe8976e4e8e1ab61a0ba7bcab7620c30adfa60dd6d2ad8fe8af119b242debf5e11bc0a7a418c3ae9a5477ffb557dde621740f655cdb418ccac4b7c4a5ed6b2c4ee7b5f95e5c850523f15f9ed1c5d26e6597b2bc38d595d28903d81ebd6c1d8dfc7b60a84f4240699f83988e9b8158c0f1366a00f9a46e43e2cb5b5b2a696239452ea218e647c3f1087ce48c4931f5ccab6210b7b8aa0d984c0bd01da7bbef88dd5e53b2b06b2ad517201a319a88ad51a5a5d8d87de8919bc1041ca4f921274ea4ffde3e31a9fc0f419a150b373a54da2eed06796706aac176e0b873b75e9c884bd95f402eb1c526479578b334116aa7b935e6c10fa8fe6d5be7a17e1e8276a97cb0b9ab159b83dad7d66c1e0b70c065798426a90a61b6ce8aa202da469d08993c37e052fc448418e8105b9075a0b699e5ed3a57f83e4feac8df7194c6d72987a1ba9e41e6b1cc4a4cdbfde65b3819b77387a3ac0836f4be28c9009c173b09de51a189dfbe4363f59c3966ca8f94f7601830456ac827cdb4b97912758e0dfb66ed3334a6c6937e00942dc7351429daca40e79c0cdfd8b6c21434490f65fedb817173c5e959d9faae084013078ad43321a2cd29581c57bd9ed8cc4ec33ca03b315cf9c954c8aa21f42a59931d7b0085121ebe6a6d69898cfb491a586765d4406d51fb43978a5cf0cd4a8b9f28065c4cdf1f75ad0b5749ac295996303d743635b685b4d1f8cce78047836a4230ae57e00453d89bebd937128dcea39fbac5358ecb8365bd251a94e6b28233629220a93e44de13dd4b74a43a6c17373f49e56229ceaa582d846c733c2c203b2390f7fc125f4350a51133381274b84fe21355698179a00bf5f23a22ed0ec9d086ab1337ff14bdf7af5fb26cd34ba4add58bf87b89d97bd8d8ea828bd667083178c7cd6cf31cdafc999082071f48c54cf26d227f5528b2f6e1fb6864ddd9b374d31ad5386c4119232ffebfefab83b1e15fd173a861309c0275799a5dc15c21705be94495602d68c7fac2f837ed03c086b5bd87dd3aca41c0d651b52c7a94772ea7a1985aa1ecd061b2fb4198f43cd81ba946e3f5e52a3d72285e76821fc44a73c8cac62188db5b5e8d4ee05d82424ba00e3b52d6a685033216cc94d5465328e4afd7f41910bdb88ade252bc5565d933aa71af1bd318a1e3d530cfd39cb810190eb745a4f0ae204911a3c2c6be19713c2b942136ea68e10fdfbbbadb613ea4a256dee8416cefbfdc6b50053f0f077b1cbaacd491cd03b4c9e4aaba43685bb5b003e4a2bae146fc6b62fd029d2769e477ac53f9ef6f494d6793d7f424e516c23c2334da63c36c9b055a2e9315d2306a3b310ea56de16bde3a203ee4122e448bc18abef656b097a61e26c3ea067117bd533e6eaf640fb4d609c6dc0557737823188bbcae762a87bb2ddcdb6296bef8fc9c03d0ca073dc125f964a0cd53b46fd7deb22341b171687f767ca44b63320f7909837046b0253e5d425b255f90152ad9bdebe893cd7e8c4436da0805621d08f6e814b15ab358761b8fc2169811b93a0e83263ae763d9d5100cc48ab55a963241832ce5faa90069096d589e623adb2650155f2689af372fa67abe8d4f2c044e18de9df332313e15261bbeccf9439a373ab145ecb768860af4f29e9be50dfa29df39b4924ac557dbfc7f33a9c4465fe96d96b0bbd3bb05638e57c8b70b855c309bb06d689b627b5d7d4a547dd0b1e6bedd6295f242255f2d4b59201b55b146d88f591a4a46aef45845239cceec977cf1aac4efab356ea5cd54af92df0c775bffcce23f6dd493d8a5a7293d8361b0645a3039cdb12440cb4f5368e9409fb81bff8dedcbc96dc7d48b3896de065a177904267eb827b99cb2fbbaccfe8ab8ce6051333519c466776a129851abe56add0b548be1522e36f4c2157c26af8630176586bbc917947a45c67dbc3282abf2d746dad98e0fd9481336b62ee24246a44a6effd061091443e4079762c7e787daa38146dc53dc1d44d34d09adc40e01895eb9736ae522e5089a7127eeca335e6f81b61a42ddf10a473b7378250e230670826fc115893ad1e2be23f6635e0373927cb3f0e2e29f55b9f8523b39e89a59bcdfc951cb981f6a940f2913e72ff3da6ebe0d0c98834dcd0537e5e0b3a820af5c13f151694728e99a94a7e334f8778703f19e1e3bf02709c1a80063ab0147d09933e0ce856148731f15aca9797397cd62cdfc97c118acb2202e6f7aa95f6ab81cdb3f266754ed578bb95198f581a8f3e22c468369bee1b83a80ff2530753d0e8c19c607e09fb21c2564c5f80ee0d76cd9e4873d657dec5955fbbe35f428e6de1f34e6cfe46cfe56896d4184087a1791d6b97538bdcc49acd1c2705bce4cdffce9e7bc882ee10526c09d4958896fda96134288c7f691100a58d26f8134b354e8b905b4079d6fb3fbb357a47ce57dac85415bb8bfe674bfb47119edca7111db52af96cadcdf80e5c196e80d7846e8a593ad471704030184c6d31a1a1e0685cbd8d858e7ec465d2588925d03e26ff751f4f5abfd6ef81a030ca4aff8263afdaf831c603229dea968b26c4cf57dbe0f7f18928ff2be311b638a986e42f7f2999efd7eb9968bf0db52e3612476a4ae462e575f89ccd9fb570012c62186b6388860a57b3e2c1375a91cc65c0326a64e7df89ecee0740641be40e65cf0a41950f8217714e5e4051b31475a212a76e6dcd23f30e588390d4e9c84b7f34c590c4106f4d060471aa86dd790b0144bd518bd7a323ac9f53c4869711f4c2b92a2c58f38f60abd78d934810e358a401f401bc3c75f57c00fe09d859d390c0eea1dc35f27b440dfa04b8910ef8903a878a140925899a60620dd9730bb9e2a94d3e1bb3c44ea3ee266ba71e935e68d51444208e839e42b5a9e632aca37576cc405d538e0830dc287657d12f822ebe5cac8966b844e71420fc061151c6dff22aabe783f6658593bf86be1ce464085f799c1823a17f673fdbb8bb62f0f3ea8581b57153a5cdee58a6b50eb262124309ab76e14cbaeb01f74a7095c58139ca2ee6e5c76d1a7965e91c2afbef9679a21500c09aa2d9cf8c59435117da51dc7f3677880952046478a4c1c24be90622bf4106144e55e9dea0ad6fca6da74575f9fcb311361158dea88be54900d2cd82b8d34a0e19ab1a65695cfff34b63eb26d678b75fe554444ba957e8ca6cfc50a73e3c269506e164d76c99b0a44d909556a8c6ac618c47f9d6245838db2b8fc8845d26ec7ee2c7b2b16eb0d717b2eb112f9403f5fc0d576bc4d229d311e95f09a8e230ac46872baa69d184f1e30155397a7e76d0fa883077d5f9110d8daad40a6023f860ab836cf180bec06730f6ff4dfcb175911a3df98bfd3cf4c4693680c8c34c73aa52f397521aed3eb3668cfd3402420d54abf944fc95e433bd4e9332b017c4f1f2b63da34d126bef121b56de014db14b9ce4ef1acc72be6444dcb9d6e8060ab549bef354366649ee9d5d8fea9e7623eba31f7fb1de6fe9f761528ca402d7415ebde67b9bf93867947aec8964edb2911ea35550aeba9d7cdbaa5d349d17ff9c788a5fce5321673fb7af6b5a40e618f2bd71ec25caf1d424729d214ed46e0e61a90a6ab3171f9cf9d1f78c9fb227d9781fdf17aa3aba4112198864aafafcf5883905eafdca93e1b94e29d21ac1b8dd38a31e4d23bd1e26adde7ef69c9364310bb8fe5b0f915601705a741b671ddfc343cd469fc636304024ade7d3d81492ab65868ad53acc7c2940f29eaa9ce2233d3a18b307a582a082f615b40a37bb8063c19eb9dd11b289e3a9052fc360e5f98f09ee9dda393308d3a52a75d0383b4309ad2be7b407919933b29a1c003faacad28b8b6bba11982125bef0a3ab10f2fce180cf62846b399de0663468f7180ddecc052844855496145f2184bf75db20dd8fc791df3df8297e46f7bf2cc13885799635130194b1d2b79a0b0079fa546062a55af9d2bf420fa89282943d0ac99449670b14bb417c0bf6c827df1bf85e6d35e0adc32ef9c2c5a0249d110cd3c89521d26d4098ea3e41153c38a11895ce6b69f7195f38242e88948bbf5e82cc8731e90cf8b81a8aa308687b59a835a0ab2fa13ce92f4b286779e89ef0fbc499bfea4426af5a82982ca5914f531403870aa68a066de65f3b3350eb7107e8f8b6607036fed99298420e898782f4b792d9976a451d886a9920462ab4c7940d5b6ccf8538f47f3e4525ad938fd52776045380076e164536dd5e5264b20e6371562fa944f53eeed47a5bc967cf82132482fc29c824a3bef7de8128a1a87f4e33a01554dd6e8fdb6476cf58c49c3dab3b9ce698208c834c7fd2f4e8e8390188a95d09e5f3d78690fd195171207e9189e4e6c9aecb6b8bc6c9fb37dc76435d5da2cba45c4c1fc7fe50187ea77d621cff486f4071df95bd4bf7a0673d5fa854f4e70c73d6b5835cb58b4b5eee205db8fd5c7fd1a0f5404bb60222cda2c3a5614d5135d552d208195cc947f66322bbfab879606f94bbdfcd5fb5458063c0864a9d7de61e48c283c3a98b3383f95276994f85de9449c4a241b6d7eda8d3658af8dc68d3f9f6772d89eace0a6057776bd8757be1338062319d7b0a137ff22abdcfc7c621a036a444a82ff93d83e1f2e7a923187c8eeb29a8b6dda8b28b0d524b798843e7e2e223582e915bd217b531754eaac303d85098e61bbac3197d60f1f74ed7c83cdb9162f2170fb73ae48c090df8f12c546dfce2d45755f382858b0e01e5c5f2dbfed68d9870b30a4e4fcdf1d565e11c18a7c53adce758de8e11a826c45adc2c0aa8c6ea76cbd14c8c5239f5f9b4556ee261d4395ade56874a8e6d97b2df4c3b664865ea5d4c5f72449fd9988bcc416849944388b2b5dc8ac209bb0446590cc54c2805b58e4c0df8a083c278fdbfecb613b489b2ba9d22e2b0620c8edd35f8d25265c633d19af9d16291b03be1e3a012087f2998b417b935f772da3f165cd43a14a01dc589e0f7fea24025837a10e3cb4d2b47c1aab28f8f3571d3cc64ee911ccedcff2127814876eac11495d53f301a1c7f4c2740e1992b7c194269f8095b052fd35d888c665900e9c710efc71fc5db1bbde3ff79384ded168c483f18706a485cfdb2f121c32cd04e4ced5a91140947ef04c7fb305668918c77f07670239881326c8433cab74bcfade6d544636f967812a2c8526ec24aa341743a73f6825db278c854abbfebdc6fd8bbaeec283cc333041514d07623155aa920151cf6e86f0d0da6e0624fb106f5096a871e2145a17c06bd089a73da44ae60dde36bcdf2a7f929e96a0d0e6f286e419e836a46db9277a3f35a067e879d1c9e0554559d2e35d6e85b5231b110e0002b5b949539cfd534a9a95cfc92e9963c7e0600acce178dc9e996eeca84543ec2132fc34966b4746fb018a1a163de59361ebe269f8db2a8041413f67ab12ab0a48cd390ae416e", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYRES32=r0, @ANYPTR64, @ANYPTR, @ANYRES64, @ANYRES16, @ANYBLOB="27a7a9328b70f77f30e83c89e6d747265aa8fe6cde5b5c9f38d31957f12ad1281f2ac2b13aa941a866c41be79c5a83056b4e857b654c0ed8cc923b37d254a305bb6a7d7a8487cd7d476be8aeb22074aa290315de5ef463caafd2ee2f9f31dba2ac", @ANYRES16=r0, @ANYPTR64], @ANYPTR64=&(0x7f0000000340)=ANY=[@ANYPTR64, @ANYRES64=r1, @ANYPTR64, @ANYRES32=r0, @ANYRES16=r1, @ANYRES16=r0, @ANYPTR64], @ANYRES32=r0]], 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r2, 0x0, 0x1, 0x4}}, 0x20) [ 136.446937] binder: 12617:12618 got transaction with invalid offsets ptr [ 136.466569] binder: 12617:12618 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:03 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f00000000c0)={0x0, @multicast1, @multicast2}, &(0x7f0000000100)=0xc) r2 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r2, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r2, &(0x7f0000f8aff1), 0xff8f) syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0x7f, 0x100) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000180)={0x0, 0x2d, "b7da7cf70c66033cb4b5c87057698c76f2c2dfb76eb6844774a217e769c541f8ea33bcc7390f3714b90fe6ac46"}, &(0x7f00000001c0)=0x35) getsockopt$inet_sctp_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000200)={r3, 0xfffffffffffffff8}, &(0x7f0000000240)=0x8) sendto$inet(r2, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) uselib(&(0x7f0000000040)='./file0\x00') 2018/04/09 20:47:03 executing program 2: r0 = socket$inet(0x2, 0x840000000003, 0x8) eventfd(0x200) r1 = dup(r0) getsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000040), &(0x7f0000000140)=0xfffffffffffffffb) ioctl$sock_netrom_TIOCINQ(r1, 0x541b, &(0x7f0000000100)) setsockopt$inet6_int(r1, 0x29, 0x3a, &(0x7f0000000000)=0xb71, 0x4) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000080)=0x6, 0x4) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000180)=0x5, 0x4) [ 136.528289] binder: BINDER_SET_CONTEXT_MGR already set [ 136.553294] binder: 12617:12638 ioctl 40046207 0 returned -16 2018/04/09 20:47:03 executing program 3: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000360000)={0x0, 0x0, &(0x7f000035d000)={&(0x7f000033c000)={0x2, 0xf, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x4e20, @loopback=0x7f000001}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x1, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@mcast1={0xff, 0x1, [], 0x1}, @in6=@ipv4={[], [0xff, 0xff], @multicast1=0xe0000001}}}]}, 0x80}, 0x1}, 0x0) ioctl(r0, 0xfffffffffffffffe, &(0x7f0000000000)="197b2242eb48d1510483cbe2dadace7c6e84a18c29917f3245f78367008819f7b2a7") r1 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0xfffffffffffffff7, 0x81) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffff9c, 0x84, 0x70, &(0x7f0000000080)={0x0, @in={{0x2, 0x4e22, @multicast2=0xe0000002}}, [0x8001, 0x0, 0x0, 0x10000, 0x4, 0xffff, 0x81, 0xfffffffffffffff9, 0x9039, 0x10001, 0x6, 0x200, 0x6, 0x7, 0xd86d]}, &(0x7f0000000180)=0x100) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f00000001c0)={0x40, 0x1, 0x209, 0x8, 0x0, 0x2, 0x1ff, 0x8, r2}, 0x20) 2018/04/09 20:47:03 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x16, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) 2018/04/09 20:47:03 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="48dd02001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 136.584289] binder_alloc: 12617: binder_alloc_buf, no vma [ 136.589973] binder: 12617:12618 transaction failed 29189/-3, size 40-8 line 2963 2018/04/09 20:47:03 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), 0xffffffff, 0x0, 0x1, 0x4}}, 0x20) [ 136.731244] binder: undelivered TRANSACTION_ERROR: 29189 [ 136.738698] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:04 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) socketpair$inet_udp(0x2, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240), &(0x7f00000001c0)=0xfffffffffffffea1) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ptmx\x00', 0x101000, 0x0) ioctl$KDGETLED(r2, 0x4b31, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3c, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) openat$ion(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ion\x00', 0x40000, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0563046000000000"], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:04 executing program 2: r0 = epoll_create(0x7) syz_open_dev$mouse(&(0x7f0000000080)='/dev/input/mouse#\x00', 0x4, 0x220400) openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x1, 0x0) syz_open_dev$sndmidi(&(0x7f0000000100)='/dev/snd/midiC#D#\x00', 0xfff, 0x80000) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer\x00', 0x800, 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x8000, 0x0) r2 = openat$cgroup_type(r1, &(0x7f00000001c0)='cgroup.type\x00', 0x2, 0x0) dup3(r0, r2, 0x80000) r3 = socket$inet(0x2, 0x840000000003, 0x8) r4 = dup(r3) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0xfffffffffffffd19) 2018/04/09 20:47:04 executing program 3: io_setup(0x7, &(0x7f0000000080)=0x0) r1 = dup3(0xffffffffffffff9c, 0xffffffffffffff9c, 0x80000) ioctl$TCSETA(r1, 0x5406, &(0x7f0000000000)={0xffffffffffff7ca0, 0x4, 0x9fff, 0x1, 0x3, 0x0, 0x6, 0x100, 0x80000001, 0xa35f}) io_cancel(r0, &(0x7f00000003c0)={0x0, 0xa5dbe9ebb7e4eede, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)}, &(0x7f0000000400)) 2018/04/09 20:47:04 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="48000f001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:04 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x20000718, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) 2018/04/09 20:47:04 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) perf_event_open$cgroup(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240)}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) 2018/04/09 20:47:04 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0), 0x13f}}, 0x20) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc\x00', 0x400000, 0x0) getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffff9c, 0x84, 0xe, &(0x7f0000000100)={0x0, 0x0, 0x6, 0xdd2, 0x7fff, 0x1000000000, 0x9, 0x1, {0x0, @in6={{0xa, 0x4e24, 0x3, @mcast1={0xff, 0x1, [], 0x1}, 0x8}}, 0x1, 0x2, 0x4, 0x7, 0xffffffffffffffe1}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000200)={0x0, 0x3f, 0x8200, 0x7, 0x80000001, 0x100000001, 0x8, 0x2, r2}, 0x20) write$rdma_cm(r0, &(0x7f0000000000)=ANY=[], 0x2dc) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vga_arbiter\x00', 0x0, 0x0) r4 = syz_genetlink_get_family_id$team(&(0x7f00000002c0)='team\x00') getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000300)={{{@in=@loopback, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in6}}, &(0x7f0000000400)=0xe8) getsockopt$inet6_mreq(r0, 0x29, 0x15, &(0x7f0000000500)={@ipv4={[], [], @dev}, 0x0}, &(0x7f0000000540)=0x14) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000740)={{{@in6=@remote, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@rand_addr}}, &(0x7f0000000640)=0xe8) recvmmsg(r1, &(0x7f0000003a40)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000680)=""/64, 0x40}], 0x1, 0x0, 0x0, 0x3}, 0x38075781800}, {{&(0x7f0000000880), 0x80, &(0x7f0000000b00)=[{&(0x7f0000000900)=""/15, 0xf}, {&(0x7f0000000940)=""/146, 0x92}, {&(0x7f0000000a00)=""/237, 0xed}], 0x3, 0x0, 0x0, 0x4}, 0x1f}, {{&(0x7f0000000b40)=@vsock={0x0, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000000bc0), 0x0, &(0x7f0000000c00)=""/59, 0x3b, 0xffffffff927638a4}, 0x1}, {{&(0x7f0000000c40)=@pppoe={0x0, 0x0, {0x0, @local}}, 0x80, &(0x7f00000020c0)=[{&(0x7f0000000cc0)=""/128, 0x80}, {&(0x7f0000000d40)=""/143, 0x8f}, {&(0x7f0000000e00)=""/32, 0x20}, {&(0x7f0000000e40)=""/4096, 0x1000}, {&(0x7f0000001e40)=""/111, 0x6f}, {&(0x7f0000001ec0)=""/153, 0x99}, {&(0x7f0000001f80)=""/222, 0xde}, {&(0x7f0000002080)=""/37, 0x25}], 0x8, &(0x7f0000002140)=""/62, 0x3e}, 0x800}, {{&(0x7f0000002180)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, 0x80, &(0x7f0000003500)=[{&(0x7f0000002200)=""/55, 0x37}, {&(0x7f0000002240)=""/165, 0xa5}, {&(0x7f0000002300)=""/4096, 0x1000}, {&(0x7f0000003300)=""/190, 0xbe}, {&(0x7f00000033c0)=""/40, 0x28}, {&(0x7f0000003400)=""/198, 0xc6}], 0x6, &(0x7f0000003580)=""/253, 0xfd, 0x9}, 0x8001}, {{&(0x7f0000003680)=@pptp={0x0, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000003780)=[{&(0x7f0000003700)=""/66, 0x42}], 0x1, &(0x7f00000037c0)=""/69, 0x45, 0xfffffffffffff000}, 0x9}, {{&(0x7f0000003840)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, 0x80, &(0x7f0000003940)=[{&(0x7f00000038c0)=""/84, 0x54}], 0x1, &(0x7f0000003980)=""/130, 0x82, 0xffffffff}, 0x4}], 0x7, 0x10000, &(0x7f0000003c00)={0x77359400}) accept4$packet(r1, &(0x7f0000003c40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000003c80)=0x14, 0x800) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000003d80)={{{@in=@dev, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @rand_addr}}, 0x0, @in=@local}}, &(0x7f0000003e80)=0xe8) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000003ec0)={0x0, @multicast2, @remote}, &(0x7f0000003f00)=0xc) accept4(r1, &(0x7f00000041c0)=@hci={0x0, 0x0}, &(0x7f0000004240)=0x80, 0x800) accept4$packet(r1, &(0x7f0000004280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000042c0)=0x14, 0x0) recvmmsg(r1, &(0x7f0000007300)=[{{0x0, 0x0, &(0x7f0000004680)=[{&(0x7f0000004300)=""/7, 0x7}, {&(0x7f0000004340)=""/101, 0x65}, {&(0x7f00000043c0)=""/218, 0xda}, {&(0x7f00000044c0)=""/98, 0x62}, {&(0x7f0000004540)=""/21, 0x15}, {&(0x7f0000004580)=""/194, 0xc2}], 0x6, 0x0, 0x0, 0x400}, 0x1}, {{&(0x7f0000004700)=@nl, 0x80, &(0x7f0000004c00)=[{&(0x7f0000004780)=""/235, 0xeb}, {&(0x7f0000004880)=""/71, 0x47}, {&(0x7f0000004900)=""/196, 0xc4}, {&(0x7f0000004a00)=""/201, 0xc9}, {&(0x7f0000004b00)=""/23, 0x17}, {&(0x7f0000004b40)=""/177, 0xb1}], 0x6, &(0x7f0000004c80)=""/207, 0xcf}, 0x4}, {{&(0x7f0000004d80)=@hci={0x0, 0x0}, 0x80, &(0x7f0000005300)=[{&(0x7f0000004e00)=""/190, 0xbe}, {&(0x7f0000004ec0)=""/127, 0x7f}, {&(0x7f0000004f40)=""/226, 0xe2}, {&(0x7f0000005040)=""/107, 0x6b}, {&(0x7f00000050c0)=""/207, 0xcf}, {&(0x7f00000051c0)=""/13, 0xd}, {&(0x7f0000005200)=""/194, 0xc2}], 0x7, &(0x7f0000005380)=""/192, 0xc0, 0x1}, 0x4}, {{0x0, 0x0, &(0x7f00000054c0)=[{&(0x7f0000005440)=""/99, 0x63}], 0x1, &(0x7f0000005500)=""/120, 0x78, 0x3}, 0x8001}, {{&(0x7f0000005580)=@un=@abs, 0x80, &(0x7f0000005900)=[{&(0x7f0000005600)=""/142, 0x8e}, {&(0x7f00000056c0)=""/165, 0xa5}, {&(0x7f0000005780)=""/236, 0xec}, {&(0x7f0000005880)=""/104, 0x68}], 0x4, 0x0, 0x0, 0x6}, 0x2}, {{&(0x7f0000005940)=@ethernet={0x0, @dev}, 0x80, &(0x7f0000005ec0)=[{&(0x7f00000059c0)=""/255, 0xff}, {&(0x7f0000005ac0)=""/201, 0xc9}, {&(0x7f0000005bc0)=""/83, 0x53}, {&(0x7f0000005c40)=""/227, 0xe3}, {&(0x7f0000005d40)=""/98, 0x62}, {&(0x7f0000005dc0)=""/180, 0xb4}, {&(0x7f0000005e80)=""/11, 0xb}], 0x7, &(0x7f0000005f40)=""/4096, 0x1000, 0x5}, 0xffffffffffffff7f}, {{0x0, 0x0, &(0x7f0000007200)=[{&(0x7f0000006f40)=""/131, 0x83}, {&(0x7f0000007000)=""/35, 0x23}, {&(0x7f0000007040)=""/138, 0x8a}, {&(0x7f0000007100)=""/56, 0x38}, {&(0x7f0000007140)=""/168, 0xa8}], 0x5, &(0x7f0000007280)=""/112, 0x70, 0xf505}, 0xffff}], 0x7, 0x2040, &(0x7f00000074c0)) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000007500)={{{@in6=@dev, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @multicast2}}, 0x0, @in6=@remote}}, &(0x7f0000007600)=0xe8) getpeername$packet(r1, &(0x7f0000007640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000007680)=0x14) accept$packet(r1, &(0x7f0000007780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f00000077c0)=0x14) getpeername$packet(r1, &(0x7f0000008dc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000008e00)=0x14) recvmsg(r1, &(0x7f0000009580)={&(0x7f0000008f00)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, 0x80, &(0x7f0000009400)=[{&(0x7f0000008f80)=""/98, 0x62}, {&(0x7f0000009000)=""/212, 0xd4}, {&(0x7f0000009100)=""/218, 0xda}, {&(0x7f0000009200)=""/115, 0x73}, {&(0x7f0000009280)=""/6, 0x6}, {&(0x7f00000092c0)=""/75, 0x4b}, {&(0x7f0000009340)=""/155, 0x9b}], 0x7, &(0x7f0000009480)=""/230, 0xe6, 0x80}, 0x40000061) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f00000095c0)={{{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in6=@mcast2}}, &(0x7f00000096c0)=0xe8) getsockopt$inet_mreqn(r1, 0x0, 0x27, &(0x7f00000097c0)={@rand_addr, @loopback, 0x0}, &(0x7f0000009800)=0xc) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000009840)={{{@in6=@remote, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in6=@loopback}}, &(0x7f0000009940)=0xe8) getpeername$packet(r1, &(0x7f0000009980)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000099c0)=0x14) recvmsg$kcm(r1, &(0x7f000000ba80)={&(0x7f000000b700)=@can={0x0, 0x0}, 0x80, &(0x7f000000b980)=[{&(0x7f000000b780)=""/118, 0x76}, {&(0x7f000000b800)=""/210, 0xd2}, {&(0x7f000000b900)=""/80, 0x50}], 0x3, &(0x7f000000b9c0)=""/158, 0x9e, 0x400}, 0x1) getpeername$packet(r1, &(0x7f000000bbc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f000000bc00)=0x14) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f000000bc40)={{{@in6=@loopback, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@dev}}, &(0x7f000000bd40)=0xe8) getsockname$packet(r1, &(0x7f000000bd80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f000000bdc0)=0x14) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000012cc0)={0x0, @dev, @dev}, &(0x7f0000000440)=0x26b3b0a84286046e) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000012d40)={{{@in=@local, @in6=@ipv4={[], [], @multicast2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@rand_addr}, 0x0, @in6=@mcast2}}, &(0x7f0000012e40)=0xe8) getsockopt$inet_mreqn(r1, 0x0, 0x27, &(0x7f0000012e80)={@loopback, @loopback, 0x0}, &(0x7f0000012ec0)=0xc) getsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000012f00)={@mcast1, 0x0}, &(0x7f0000012f40)=0x14) getsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000012f80)={@local, 0x0}, &(0x7f0000012fc0)=0x14) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000013000)={{{@in=@local, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@rand_addr}, 0x0, @in=@local}}, &(0x7f0000013100)=0xe8) sendmsg$TEAM_CMD_NOOP(r3, &(0x7f0000013dc0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000013d80)={&(0x7f0000013140)={0xc18, r4, 0x4, 0x70bd25, 0x25dfdbfe, {}, [{{0x8, 0x1, r5}, {0x21c, 0x2, [{0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x4}}}, {0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8, 0x3, 0x5}, {0x10, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x8001}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, r6}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r7}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x10001}}, {0x8, 0x6, r8}}}, {0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8, 0x3, 0x5}, {0x10, 0x4, 'broadcast\x00'}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r9}}}]}}, {{0x8, 0x1, r10}, {0x244, 0x2, [{0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8, 0x3, 0x5}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8, 0x3, 0xe}, {0x8, 0x4, 0x1}}, {0x8, 0x6, r11}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x3abb}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x7fff}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, r12}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x100}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x80}}, {0x8, 0x6, r13}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8, 0x3, 0xe}, {0x8, 0x4, 0x2000000}}, {0x8, 0x6, r14}}}, {0x54, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8, 0x3, 0xb}, {0x24, 0x4, [{0x1, 0x1, 0xb19, 0xfb1}, {0x2, 0x3, 0x7fff}, {0x7fff, 0x3ff, 0x6, 0x20}, {0xe069, 0x1, 0x1, 0x6}]}}}]}}, {{0x8, 0x1, r15}, {0x78, 0x2, [{0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x100}}}]}}, {{0x8, 0x1, r16}, {0x264, 0x2, [{0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, r17}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x1}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8, 0x3, 0xe}, {0x8, 0x4, 0x101}}, {0x8, 0x6, r18}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8, 0x3, 0xb}, {0x8, 0x4, 0x9}}, {0x8, 0x7}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8, 0x3, 0xe}, {0x8, 0x4, 0xfffffffffffffffd}}, {0x8, 0x6, r19}}}, {0x44, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8, 0x3, 0xb}, {0x14, 0x4, [{0x100, 0x47a87f16, 0x1ff, 0x7}, {0xffffffff, 0x9, 0x4, 0x8}]}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8, 0x3, 0xe}, {0x8, 0x4, 0x101}}, {0x8, 0x6, r20}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r21}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x3}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, r22}}}]}}, {{0x8, 0x1, r23}, {0xb8, 0x2, [{0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0xffffffff}}}, {0x3c, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8, 0x3, 0xb}, {0xc, 0x4, [{0x4, 0x4be, 0x6d51, 0x2}]}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, r24}}, {0x8, 0x7}}}]}}, {{0x8, 0x1, r25}, {0x1e4, 0x2, [{0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r26}}}, {0x64, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8, 0x3, 0xb}, {0x34, 0x4, [{0x5, 0x0, 0xfffffffffffffff8}, {0x3, 0x52d, 0xfff, 0x6}, {0xfffffffffffffff7, 0x80000000, 0x5, 0x80}, {0x9, 0x5, 0xff, 0x3}, {0x1f, 0x7, 0x7, 0x80000000}, {0x0, 0x0, 0x1, 0x100000001}]}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x7ff}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r27}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8, 0x3, 0xb}, {0x8, 0x4, 0xc24b}}, {0x8, 0x7}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8, 0x3, 0xe}, {0x8, 0x4, 0x9adb}}, {0x8, 0x6, r28}}}, {0x4c, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8, 0x3, 0xb}, {0x1c, 0x4, [{0xffffffff, 0xffff, 0xffffffff, 0x7fffffff}, {0x8, 0x7, 0x5f3df870, 0xffffffff00000001}, {0x8001, 0x0, 0x5, 0x2}]}}}]}}, {{0x8, 0x1, r29}, {0x170, 0x2, [{0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x10000}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8, 0x3, 0xb}, {0x8, 0x4, 0x7fff}}, {0x8, 0x7}}}, {0x44, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8, 0x3, 0x5}, {0x14, 0x4, 'activebackup\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0xd3a5}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8, 0x3, 0xb}, {0x8, 0x4, 0x200}}, {0x8, 0x6, r30}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0xe96}}}]}}, {{0x8, 0x1, r31}, {0x7c, 0x2, [{0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, r32}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x7fffffff}}, {0x8, 0x6, r33}}}]}}]}, 0xc18}, 0x1, 0x0, 0x0, 0x880}, 0x10) pipe2(&(0x7f0000000080)={0xffffffffffffffff}, 0x800) ioctl$sock_inet_tcp_SIOCOUTQNSD(r34, 0x894b, &(0x7f00000000c0)) 2018/04/09 20:47:04 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480f00001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 137.613361] binder: 12686:12693 got transaction with invalid offsets ptr [ 137.626416] binder: 12686:12693 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:04 executing program 3: unshare(0x20000400) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x0, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000180)={r0, 0xffffffffffffffff, 0x4}, 0x10) futimesat(r0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={{0x0, 0x2710}, {0x0, 0x2710}}) 2018/04/09 20:47:05 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa02, {&(0x7f0000000100), r1}}, 0x18) 2018/04/09 20:47:05 executing program 2: r0 = socket$inet(0x2, 0x840000000003, 0x8) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x8, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x34e) connect$pptp(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x2, {0x3, @multicast1=0xe0000001}}, 0x1e) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000ac0)={'filter\x00', 0x7, 0x4, 0x478, 0x138, 0x3b8, 0x0, 0x3b8, 0x3b8, 0x3b8, 0x4, &(0x7f0000000080), {[{{@uncond, 0xffffffffffffffe1, 0x138}, @unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00', 0x0, 0x397067d6, 0x1}}}, {{@arp={@rand_addr=0x81, @dev={0xac, 0x14, 0x14, 0x1b}, 0x0, 0xff000000, @empty, {[0x0, 0xff, 0xff, 0x0, 0x0, 0xff]}, @mac, {[0x0, 0x0, 0x4f063c24fc6e6210, 0xff, 0x0, 0xff]}, 0x0, 0xb176, 0x80, 0x100, 0x8272, 0x4cdc, 'teql0\x00', 'bridge0\x00', {}, {}, 0x0, 0x2}, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, @mac, @multicast2=0xe0000002, @loopback=0x7f000001, 0x8, 0xffffffff}}}, {{@arp={@dev={0xac, 0x14, 0x14, 0x19}, @local={0xac, 0x14, 0x14, 0xaa}, 0xff000000, 0xff, @empty, {[0xff, 0x0, 0xff, 0x0, 0x0, 0xff]}, @mac=@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], {[0x0, 0xff, 0xff, 0xff, 0xff]}, 0x4, 0xc0000000000, 0x8, 0x7, 0x7ff, 0x1, 'bcsf0\x00', 'teql0\x00', {0xff}, {0xff}, 0x0, 0x100}, 0xf0, 0x118}, @mangle={0x0, 'mangle\x00', 0x0, {@mac=@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @mac=@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @rand_addr=0x25, @empty, 0x1, 0xffffffff}}}], {{[], 0x93, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0xfe1c) 2018/04/09 20:47:05 executing program 5: r0 = socket$inet6(0xa, 0xa, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0xfff, @empty, 0x5}, 0x86) listen(r0, 0x5eb857) r1 = accept$inet(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, @local}, &(0x7f00000004c0)=0x10) connect$inet(r1, &(0x7f0000000500)={0x2, 0x4e21, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) r2 = socket$inet_dccp(0x2, 0x6, 0x0) r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sloppy_tcp\x00', 0x2, 0x0) utimensat(r3, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={{}, {0x77359400}}, 0x0) connect$inet(r2, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r2, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r2, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) [ 137.680140] binder: BINDER_SET_CONTEXT_MGR already set [ 137.699447] binder: 12686:12712 ioctl 40046207 0 returned -16 2018/04/09 20:47:05 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x511441, 0x0) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffff9c, 0x84, 0x13, &(0x7f0000000180)={0x0, 0x1}, &(0x7f00000001c0)=0x8) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f0000000200)={r3, @in6={{0xa, 0x4e21, 0x5, @mcast2={0xff, 0x2, [], 0x1}, 0x8}}, 0x2}, 0x90) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) syz_open_dev$loop(&(0x7f0000000100)='/dev/loop#\x00', 0x40, 0x100) [ 137.734226] binder_alloc: 12686: binder_alloc_buf, no vma [ 137.739917] binder: 12686:12693 transaction failed 29189/-3, size 40-8 line 2963 2018/04/09 20:47:05 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480ec0001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 137.853330] binder: undelivered TRANSACTION_ERROR: 29189 [ 137.868324] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:06 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xc7, {&(0x7f0000000100), r1}}, 0x18) 2018/04/09 20:47:06 executing program 3: r0 = memfd_create(&(0x7f00000001c0)="00002d676a270c9c24fa6da20b5471c8f904d72664bb0266950200000004948bc3a8633cb2fddd5156ea4358210008809453d0e03566f8b8de34ae46ec579f549da82ae1bebf31246ec054507951f89ec6bb5ad694d962ff7ec5bd6ad3fb78c49fc43fcffb42db55a24de93d41e9fc782d22b1c4701d64ef6713bdef1980fb4930c7a295716332b2a5ab14955764f34f4e415ac9c40ae9ebac7f9c8c97fcce1e30a7997d0a92a5ab38e0d1d377e69c91ac1895798fc0b024b63f9330e8129a02feab92bd4e5d0c32a83d0aa47466baa60d1717e59c75998a31336bd7480af0ae53271988c2a9e93200000000000000000000009e81cd9c1b402e17d47a28cc12ad612e7978bb9f70f81a93f7562c908dfdc0b6e835ad0874db0aaf2443719139707a34f09de21a4ff30e996878b5221bb24d42fcdfd5d9437b2d9c2473d5f44d9bc6450eb700", 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r0, &(0x7f0000000000)={0x4}) fcntl$setstatus(r0, 0x4, 0x40800) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x5011, r0, 0x0) 2018/04/09 20:47:06 executing program 2: r0 = socket$inet(0x2, 0x840000000003, 0x8) r1 = dup(r0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) getsockopt$inet_buf(r0, 0x0, 0x24, &(0x7f0000000000), &(0x7f0000000040)) 2018/04/09 20:47:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f0000000180)=0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000583ffc)) sched_rr_get_interval(0x0, &(0x7f00004bb4a0)={0x0, 0x0}) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, r5}}, &(0x7f0000000040)) tkill(r4, 0x15) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:06 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000001500)=@create_id={0x0, 0x18, 0xfa00, {0x4, &(0x7f00000014c0)={0xffffffff}, 0x1}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@notify={0xf, 0x8, 0xfa00, {r1, 0x16}}, 0x10) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), 0xffffffff, 0x0, 0x1, 0x4}}, 0x20) 2018/04/09 20:47:06 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="4800ff001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:06 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) perf_event_open$cgroup(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240)}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) close(r1) 2018/04/09 20:47:06 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0xfffffffffffffdf0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:06 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x400000000) writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)="58000000140019f700db4b01040d8c560a06000000000410489619c3001158a2e04a03ca8164241e8900000028215a0004fbf50dfff90004a50b00cf20d2cddbc80466ff001c0843000000000000221f080001000a00040011c3656153dec58032f58be6cdd9f6dc3c8ca87c37a5f0228fff5d127ec28d7ef90100da8860c71b7007c62740eb68eac4c8bcfb824339ea6d0cb5676d98d9f3c699dd67a2d17ee6c033f5d8e5079c0eccc2c1e1457b0121eb4ffbae6d59ba100336f0667727d78c294a189039c167592603e5b84385959e7964ad38505e987906e832f2f3a98416f7722a1d90e216dc871a2d5755de2a898faad30dc14f8b1c07e78c644c759f50cd48ca80b21c6c56c50dcf8dc339216ddb5b29a83d385b1a3c41e884d1b1da9f5665d2aee0ced6d8efc7a29b6241e6d5", 0x130}], 0x1) r1 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x6, 0x10000) accept4$inet6(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, @loopback}, &(0x7f0000000080)=0x1c, 0x800) [ 138.747158] binder: 12761:12762 got transaction with invalid offsets ptr [ 138.766897] binder: 12761:12762 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:06 executing program 2: r0 = socket$inet(0x2, 0x840000000003, 0x40) r1 = dup(r0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e21, 0x67, @ipv4={[], [0xff, 0xff], @broadcast=0xffffffff}, 0x1000}, 0x1c) 2018/04/09 20:47:06 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001200190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:06 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1, 0x2}}, 0x18) 2018/04/09 20:47:06 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) r2 = dup(r0) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000040)={0x0, @in={{0x2, 0x4e21, @rand_addr=0x80}}, 0x80, 0x3}, &(0x7f0000000100)=0x90) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000140)={r3}, 0x8) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x378, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0xffffffffffffff52) ioctl$KVM_GET_CLOCK(r2, 0x8030ae7c, &(0x7f0000000180)) 2018/04/09 20:47:06 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="00000000180000fa0000000000000000", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="39256d9ec6467ebcc679f04dc575367f5a06c1b06672c62236131bae95421dbb5a4c719a17c298468917caea64e329"], 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) [ 138.837645] netlink: 64 bytes leftover after parsing attributes in process `syz-executor3'. 2018/04/09 20:47:06 executing program 2: r0 = socket$inet(0x2, 0x7, 0x6) r1 = dup(r0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) [ 138.886224] netlink: 64 bytes leftover after parsing attributes in process `syz-executor3'. 2018/04/09 20:47:06 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001300190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 139.562634] binder: BINDER_SET_CONTEXT_MGR already set [ 139.568058] binder: 12761:12830 ioctl 40046207 0 returned -16 [ 139.575271] binder_alloc: 12761: binder_alloc_buf, no vma [ 139.580914] binder: 12761:12762 transaction failed 29189/-3, size 40-8 line 2963 [ 139.621390] binder: undelivered TRANSACTION_ERROR: 29189 [ 139.630454] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:07 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1, 0x200000000000000}}, 0x18) 2018/04/09 20:47:07 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4000000004e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:07 executing program 3: getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000161000)={0x0, 0x1c, &(0x7f0000519fa8)=[@in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}, 0x4f}]}, &(0x7f0000f91ffc)=0x10) bpf$PROG_LOAD(0x5, &(0x7f0000903000)={0xd, 0x5, &(0x7f0000519fa8)=@framed={{0x18}, [@ldst={0x3, 0x0, 0xb, 0x1, 0x0, 0xa4}], {0x95}}, &(0x7f00005fc000)='GPL\x00', 0x8000, 0x1000, &(0x7f000062b000)=""/4096}, 0x48) creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x400000, 0x0) renameat(r1, &(0x7f0000000040)='./file0\x00', r1, &(0x7f0000000180)='./file0\x00') r2 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x800, 0x8c89234a92465647) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f00000001c0)=ANY=[@ANYRES32=r0, @ANYBLOB="1c000000982b1e6f93b8e0090000000000000093a85796bdb2b1bb11a463ecc7a246eb290f2494161228035d13f540ecc638f902ade09692140e6683d57fa902a15bd28e485bd1d2d580150e18ece0233daf13e69b7c09d01d7d468f5c9d503a64719b296de39fcbc7e3d870c8f0c8f181d31b881ad9239c298ad500000000000000000000"], &(0x7f0000000080)=0x24) 2018/04/09 20:47:07 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001500190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:07 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000080)={0x6, r0, 0x1}) ioctl$EVIOCGBITSND(r2, 0x80404532, &(0x7f0000000100)=""/88) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) 2018/04/09 20:47:07 executing program 2: r0 = socket$inet(0x2, 0x840000000003, 0x8) r1 = dup(r0) r2 = request_key(&(0x7f0000000080)='trusted\x00', &(0x7f0000000100)={0x73, 0x79, 0x7a, 0x1}, &(0x7f0000000140)='self\x00', 0xfffffffffffffff8) add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a, 0x0}, 0x0, 0x0, r2) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) 2018/04/09 20:47:07 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) perf_event_open$cgroup(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240)}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) umount2(&(0x7f0000000200)='./file0\x00', 0x0) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r1) 2018/04/09 20:47:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000000, 0x10, r0, 0x29) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000040)=[@increfs_done={0x40106308, r1, 0x1}], 0x71, 0x0, &(0x7f0000000080)="904261df483ddaf25862829a01f8b246e2c62dcecb94d15879b0c465a40be2cef1b400dbc6afd3204411f195db322813a0d41a138563f99f6e5b848476cbc6ba3d1b46c281dc324e8de623667835b7f44c5a302fd6790a9bc8a6aa7acf0836062dbb670736ef7860fa683f1b21d6e46670"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05836c4d060d8ed80e0b"], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:07 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="48c00e001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:07 executing program 2: r0 = socket$inet(0x2, 0x840000000003, 0x8) fanotify_init(0x29, 0x2) r1 = dup(r0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[{0x3, 0x7}, {0x0, 0x100000000}, {0x0, 0x3f}, {0xf, 0x8001}, {0xc, 0xffffffff}, {0xc, 0xd0}], 0x6) 2018/04/09 20:47:07 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x40000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, &(0x7f0000000100)=""/44) write$rdma_cm(r0, &(0x7f0000000700)=ANY=[@ANYBLOB="00000000180000fa0000000000", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="3f01000000000000"], 0xffffffffffffffb1) inotify_init1(0x80800) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r2, 0x0, 0x1, 0x4}}, 0x20) 2018/04/09 20:47:07 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) finit_module(r1, &(0x7f0000000040)='\x00', 0x2) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) [ 139.832840] binder: 12850:12855 BC_INCREFS_DONE u0000000000000000 node 391 cookie mismatch 0000000000000001 != 0000000000000000 2018/04/09 20:47:07 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1, 0x100000000000000}}, 0x18) 2018/04/09 20:47:07 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="4800f0001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:07 executing program 2: r0 = socket$inet(0x2, 0x840000000003, 0x8) r1 = dup(r0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/lblc_expiration\x00', 0x2, 0x0) ioctl$TUNSETVNETBE(r1, 0x400454de, &(0x7f0000000000)=0x1) [ 140.608185] binder: 12850:12898 got transaction with invalid offsets ptr [ 140.615203] binder: 12850:12898 transaction failed 29201/-14, size 40-8 line 2991 [ 140.730521] binder: BINDER_SET_CONTEXT_MGR already set [ 140.735909] binder: 12850:12903 ioctl 40046207 0 returned -16 [ 140.744275] binder: 12850:12903 BC_INCREFS_DONE u0000000000000000 no match [ 140.773461] binder_alloc: 12850: binder_alloc_buf, no vma [ 140.775173] binder: 12850:12905 unknown command 1298957061 [ 140.779152] binder: 12850:12898 transaction failed 29189/-3, size 40-8 line 2963 [ 140.784824] binder: 12850:12905 ioctl c0306201 20000280 returned -22 [ 140.827995] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:08 executing program 1: socket$nl_crypto(0x10, 0x3, 0x15) r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1, 0x2010, r0, 0x22) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:08 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1, 0x2000000}}, 0x18) 2018/04/09 20:47:08 executing program 3: getrandom(&(0x7f00000000c0)=""/249, 0xf9, 0x3) 2018/04/09 20:47:08 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f0000000080)='/dev/snd/pcmC#D#p\x00', 0x1e8, 0x105081) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f0000000100)={0x0}) ioctl$DRM_IOCTL_GET_SAREA_CTX(r1, 0xc010641d, &(0x7f0000000140)={r2, &(0x7f0000000740)=""/4096}) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r3, 0x0, 0x1, 0x4}}, 0x20) 2018/04/09 20:47:08 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="48000000ff00190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:08 executing program 2: r0 = socket$inet(0x2, 0x840000000003, 0x8) r1 = dup(r0) bind$inet6(r1, &(0x7f00000012c0)={0xa, 0x4e20, 0x3, @dev={0xfe, 0x80, [], 0xa}, 0x2000}, 0x1c) getsockopt$bt_BT_SECURITY(r1, 0x112, 0x4, &(0x7f0000000040), 0x2) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r1, 0x40505330, &(0x7f0000001300)={{0xb239, 0x6}, {0x10001, 0x1}, 0xa3d7, 0x3, 0x140000000000}) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f0000000100)={0x0, @in6={{0xa, 0x4e20, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0xfffffffffffffff7}}, [0x5, 0x4, 0x8, 0x511c, 0x1, 0xfffffffffffffffb, 0x401, 0x4, 0x5, 0x7, 0x10000, 0xcbbf, 0x9, 0x5, 0x7fffffff]}, &(0x7f0000000000)=0x100) ioctl$KDDELIO(r1, 0x4b35, 0x6) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000200)={r2, @in6={{0xa, 0x4e21, 0x1, @loopback={0x0, 0x1}, 0x1f}}}, 0x84) fgetxattr(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7379737465efff00"], &(0x7f00000002c0)=""/4096, 0x1000) 2018/04/09 20:47:08 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r1) 2018/04/09 20:47:08 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) bind$pptp(r1, &(0x7f0000000040)={0x18, 0x2}, 0x1e) [ 140.910386] binder: undelivered TRANSACTION_ERROR: 29189 [ 140.946223] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:08 executing program 2: r0 = socket$inet(0x2, 0x840000000003, 0x8) r1 = dup(r0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r1, 0xc0105303, &(0x7f0000000000)={0x0, 0x2}) 2018/04/09 20:47:08 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="4802dd001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:08 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f000001aff8)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$unix(r0, &(0x7f00000000c0)=""/32, 0x20, 0x0, 0x0, 0x0) sendmsg$netlink(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f000000a280)={0x10}, 0x10}], 0x1, &(0x7f0000000100)=ANY=[@ANYRES32=r1, @ANYBLOB="0000000023581227f4cba71e54037a1ec6d13b484a37704ab15382e6513394fc6a2eae2e47db6792de38b5be5c51260d13013514d6c5913eeee6b7f3d07603182ebba90aedee7574f594b59d4194cbb39621b821f0a65be318ef78fe02f4904df575b43fe0e80582b1e9308df94fde"], 0x73}, 0x0) 2018/04/09 20:47:08 executing program 6: r0 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x5, 0x401) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000100)={0x3, r1}) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r2, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0), 0x13f}}, 0x20) write$rdma_cm(r2, &(0x7f0000000200)=ANY=[@ANYPTR64, @ANYRES16=r0, @ANYPTR64, @ANYBLOB="000000000100000004000000"], 0x1e) [ 140.987224] binder_alloc: 12933: binder_alloc_buf, no vma [ 140.992934] binder: 12933:12934 transaction failed 29189/-3, size 40-8 line 2963 2018/04/09 20:47:08 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1, 0x1000000}}, 0x18) 2018/04/09 20:47:08 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x200, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000000080)=0xc8a) listen(r0, 0x5eb857) r2 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x4e23}, 0x10) accept$packet(r2, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f0000000140)=0x14) ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f0000000180)={@dev={0xfe, 0x80, [], 0x11}, 0x50, r3}) write(r2, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r2, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:08 executing program 2: r0 = socket$inet(0x2, 0x0, 0x20000080000001) getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000400)={0x0, 0x0, 0x3, 0x1}, &(0x7f0000000440)=0x10) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000480)={r1, 0xf5, "e3a52b2bebf147faaf3ce27efc59c7ad00a5e7201d334e804552a5da9d66014dca3a4952529856564e4aca6071fc0d23384d8f4da94f732cfeb01112c3bb73635de26ef19545ef1a8c487995fc6963d008d87c6c4e71d2af1fddbfc47c9799ca7d7787ee7ce73b6359fd3635919d1f33f30f181a97e22d382f5b4a52bb2af91638470bd030d0da96e75dcb5356279e7a5cc8997077bad34f4009efa8785fe4e93aa64a6b885c0018fe8e50f45374f3a686413230284a94e1fa7128b8e687bf39753abc576080fc510fbfe5b0c492ecfb6e84a7f8d7b91f5c63120d85a4926bdd633b9603798e25313b9823d1b710f6d03670895128"}, &(0x7f0000000580)=0xfd) r2 = memfd_create(&(0x7f0000000080)="ea2500", 0x0) ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f00000002c0)={r0, r0, 0x9, 0xffffffffffffffc1, &(0x7f0000000200)="d432dd7477f47ad6e5707eae070ad049bd3c69290ead2f857f95d23571f99c8b441b7c2f097d7e38fb590ec7e97db73c679c57832df3ba0d627a5c22dcfa5c54c11f9988c4183eb93ce4ac1ca648316e34b1347cd0ca7bcc0e7231f0b5197f5851a902de59190604a2cef0052e78d3901ed705ee77f2ad5b4decc196bccf209d1e", 0x5, 0x101, 0x5, 0xdbc8, 0x29, 0x400, 0xffff, "2081056ed4d2e5a31b335528df3c13c1a8cdd4412f93ea6c37bca3743fbc9151ece46c7630925dc3d56c8b35bf2917ae7a6e3e15d9f0e95d60149bc034ef7c950e70749f952c28f25dc4eb07de2d1d2eff03d21ed419cb316324c04b348eb238acd066a53f9ee4bad3e1adab6072368fa85f3b0716c295b7af1eb2687dabc4d669fef10805e4e911961544e2151de5cfaba8d1018f1d13d308f69dee5771b30a4312e284ca59c119a8a45c0e9f9a6c90d85cee711ee128ac7cc990b8b1389abed63e0aa3424f234ca91f42616e8aa98d3c1b12d96d98254b6b2adcd72cee48ab62a3c43c6fb76b8e5bb5ec495c851381026273c5bff43b15bc446c67c88a67"}) r3 = dup(r0) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0b63091a"], 0xf5, 0x0, &(0x7f0000000100)="a3bb4d25444196c87f0e6959a4f619e53a6496e4ea759ce1e783d7e1ac36b17370fa9c645090e6ef05896d0400fa0f1c97f560e12fab2b3f4729ec72f4fa484dc0ed356c8c4ca44e558ac3f7d2a3a741e947678506bf4c15e46099070673653b64e47f93fabfa10d076c4f194db74ab2efcde6cba21a95eb35e4ee9d8491c646834c5babf00c577758640fea9bf53c00a5196104ac44412a4a3fcc34c447fca24ebf26f530a9fd5bc6497ee23ad02749592294dd1e572f2389c343c1692a0ff14ec19d8fcd3043645dbbf3bd8bcd42faa75922713baf56e2d78610a7b65509fb02c2f8c7ba02ef344bad277d8b0e6c02dc8d7f06bb"}) [ 141.093492] binder: BINDER_SET_CONTEXT_MGR already set [ 141.111372] QAT: Invalid ioctl [ 141.124051] binder_alloc: 12933: binder_alloc_buf, no vma [ 141.129775] binder: 12933:12949 transaction failed 29189/-3, size 40-8 line 2963 2018/04/09 20:47:08 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="4800000f1400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 141.155697] binder: 12933:12934 ioctl 40046207 0 returned -16 [ 141.162178] QAT: Invalid ioctl [ 141.221488] binder: undelivered TRANSACTION_ERROR: 29189 [ 141.227455] binder: undelivered TRANSACTION_ERROR: 29189 [ 141.917298] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:09 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x7) 2018/04/09 20:47:09 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=ANY=[@ANYBLOB="00000000180000fa00000000", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="3f01000000000000"], 0x20) r2 = memfd_create(&(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2) ioctl$TUNSETTXFILTER(r2, 0x400454d1, &(0x7f0000000100)={0x1, 0x1, [@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x16}]}) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) recvmmsg(r2, &(0x7f0000003e80)=[{{&(0x7f0000000140)=@ax25, 0x80, &(0x7f0000000740)=[{&(0x7f00000001c0)=""/187, 0xbb}, {&(0x7f0000000280)=""/125, 0x7d}, {&(0x7f0000000300)=""/55, 0x37}, {&(0x7f0000000340)=""/8, 0x8}, {&(0x7f0000000380)=""/112, 0x70}, {&(0x7f0000000400)=""/44, 0x2c}, {&(0x7f0000000440)=""/38, 0x26}, {&(0x7f0000000480)=""/14, 0xe}, {&(0x7f00000004c0)=""/90, 0x5a}, {&(0x7f0000000540)=""/209, 0xd1}], 0xa, &(0x7f0000000640)=""/84, 0x54, 0x1}, 0xff}, {{&(0x7f0000000800)=@rc, 0x80, &(0x7f0000000940)=[{&(0x7f0000000880)=""/117, 0x75}, {&(0x7f0000000900)}], 0x2, &(0x7f0000000980)=""/195, 0xc3, 0xfffffffffffffff7}, 0x7}, {{&(0x7f0000000a80)=@hci, 0x80, &(0x7f0000001000)=[{&(0x7f0000000b00)=""/52, 0x34}, {&(0x7f0000000b40)=""/226, 0xe2}, {&(0x7f0000000c40)=""/62, 0x3e}, {&(0x7f0000000c80)=""/184, 0xb8}, {&(0x7f0000000d40)=""/223, 0xdf}, {&(0x7f0000000e40)=""/248, 0xf8}, {&(0x7f0000000f40)=""/66, 0x42}, {&(0x7f0000000fc0)}], 0x8, &(0x7f0000001080)=""/89, 0x59, 0x6}, 0x6}, {{&(0x7f0000001100)=@llc={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x80, &(0x7f00000015c0)=[{&(0x7f0000001180)=""/234, 0xea}, {&(0x7f0000001280)=""/179, 0xb3}, {&(0x7f0000001340)=""/76, 0x4c}, {&(0x7f00000013c0)=""/210, 0xd2}, {&(0x7f00000014c0)=""/79, 0x4f}, {&(0x7f0000001540)=""/89, 0x59}], 0x6, &(0x7f0000001640)=""/4096, 0x1000, 0xe5}, 0x5}, {{&(0x7f0000002640)=@pptp={0x0, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000002740)=[{&(0x7f00000026c0)=""/103, 0x67}], 0x1, &(0x7f0000002780)=""/130, 0x82, 0x5}, 0x2}, {{&(0x7f0000002840)=@nfc, 0x80, &(0x7f00000028c0), 0x0, &(0x7f0000002900)=""/170, 0xaa, 0x10001}, 0x7}, {{&(0x7f00000029c0)=@rc, 0x80, &(0x7f0000003c00)=[{&(0x7f0000002a40)=""/203, 0xcb}, {&(0x7f0000002b40)=""/4096, 0x1000}, {&(0x7f0000003b40)=""/125, 0x7d}, {&(0x7f0000003bc0)=""/47, 0x2f}], 0x4, &(0x7f0000003c40)=""/86, 0x56, 0x6}, 0x1ff}, {{&(0x7f0000003cc0)=@pppol2tpv3={0x0, 0x0, {0x0, 0xffffffffffffffff, {0x0, 0x0, @broadcast}}}, 0x80, &(0x7f0000003e40)=[{&(0x7f0000003d40)=""/252, 0xfc}], 0x1, 0x0, 0x0, 0xbf}, 0x400}], 0x8, 0x120, &(0x7f0000004080)={0x77359400}) 2018/04/09 20:47:09 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) syz_genetlink_get_family_id$team(&(0x7f0000000040)='team\x00') write(r1, &(0x7f0000f8aff1), 0xff8f) syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x6, 0x200c0) 2018/04/09 20:47:09 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc\x00', 0x24080, 0x0) ioctl$KVM_X86_SET_MCE(r1, 0x4040ae9e, &(0x7f0000000040)={0x200000000000000, 0x1, 0x5, 0xe, 0x1d}) ioctl$TIOCSLCKTRMIOS(r1, 0x5457, &(0x7f0000000080)) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) setsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x1, &(0x7f00000000c0)={0x4, 0x476, 0x6, 0x3, 0xfffffffffffffc00, 0x3ff, 0x2}, 0xc) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:09 executing program 2: r0 = socket$inet(0x2, 0x840000000003, 0x8) r1 = dup(r0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) getsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000000), &(0x7f0000000040)=0x8) 2018/04/09 20:47:09 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="48000ec01400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:09 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000440), 0xc) 2018/04/09 20:47:09 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r1) 2018/04/09 20:47:09 executing program 2: r0 = socket$inet(0x2, 0x840000000003, 0x8) r1 = dup(r0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r1, 0x404c534a, &(0x7f0000000000)={0x9, 0x7, 0xd0cb}) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) 2018/04/09 20:47:09 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="4800f0001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 142.123827] binder: 12999:13001 got transaction with invalid offsets ptr [ 142.147388] binder: 12999:13001 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:09 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000000040)="47ac80e8a8dbf667bd0e7f5d9541b663fbc657e39e7dc2d711f12e4bd30777cb798de7796da7bded8279fc92242b9285b70ad3d6c6fc4712b43e7feca50d768a29bd08ad78b8affe5878e1ac5455aa476300000000000000000000000000", 0x5e) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp\x00', 0x4800, 0x0) recvfrom$inet6(r0, &(0x7f0000000140)=""/210, 0xd2, 0x40000101, &(0x7f0000000240)={0xa, 0x4e22, 0x7f, @ipv4={[], [0xff, 0xff], @broadcast=0xffffffff}, 0x8000}, 0x1c) ioctl$EVIOCGKEY(r2, 0x80404518, &(0x7f0000000280)=""/4096) setsockopt$RDS_CANCEL_SENT_TO(r2, 0x114, 0x1, &(0x7f0000000100)={0x2, 0x4e21, @broadcast=0xffffffff}, 0x10) 2018/04/09 20:47:09 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x20000718) [ 142.199444] binder: BINDER_SET_CONTEXT_MGR already set 2018/04/09 20:47:09 executing program 3: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f0000cd0000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f00004b1fe0)={{0x0, 0x1c9c380}, {0x0, 0x9}}, &(0x7f0000040000)) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000f40000)='/dev/ptmx\x00', 0x200000000101002, 0x0) sendfile(r1, r0, &(0x7f0000b4bff8), 0x100000002) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)) r2 = getpgid(0x0) tkill(r2, 0x1000000000016) 2018/04/09 20:47:09 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0xffffffffffffffb5) write$rdma_cm(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0e000000180000fa", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB], @ANYRES32=r1, @ANYBLOB="000000000100000004000000"], 0x20) [ 142.229892] binder_alloc: 12999: binder_alloc_buf, no vma [ 142.235643] binder: 12999:13015 transaction failed 29189/-3, size 40-8 line 2963 2018/04/09 20:47:09 executing program 2: r0 = accept$ipx(0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000100)=0xffffffffffffffad) r1 = dup3(0xffffffffffffffff, r0, 0x2000000080000) accept$inet(r1, &(0x7f0000000000)={0x0, 0x0, @multicast1}, &(0x7f0000000040)=0x10) r2 = socket$inet(0x2, 0x840000000003, 0xff) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) r3 = dup(r2) fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000140)=0x5) 2018/04/09 20:47:09 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480002dd1400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:09 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) [ 142.332836] binder: 12999:13001 ioctl 40046207 0 returned -16 2018/04/09 20:47:09 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETVNETHDRSZ(r1, 0x400454d8, &(0x7f00000000c0)=0x2f) ioctl$sock_inet_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000080)) r2 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r2, 0x5eb857) r3 = socket$inet_dccp(0x2, 0x6, 0x0) write(r3, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r3, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x4, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:09 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x90, 0x0, &(0x7f00000002c0)=[@reply={0x40406301, {0x0, 0x0, 0x2, 0x0, 0x10, 0x0, 0x0, 0x0, 0x40, &(0x7f0000000000), &(0x7f0000000040)=[0x40, 0x28, 0x28, 0x18, 0x30, 0x28, 0x0, 0x40]}}, @decrefs={0x40046307}, @transaction={0x40406300, {0x0, 0x0, 0x1, 0x0, 0x10, 0x0, 0x0, 0x30, 0x8, &(0x7f0000000080)=[@fd={0x66642a85, 0x0, r0, 0x0, 0x3}, @fd={0x66642a85, 0x0, r0, 0x0, 0x4}], &(0x7f00000000c0)=[0x48]}}], 0x1f, 0x0, &(0x7f0000000100)="2543f8bff7aaf6afdc856cd12e8550855c2f455f7c8f6f661bb34aece2c720"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="cb9a8311893bab88"], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:09 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="4800dd021400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:09 executing program 6: r0 = creat(&(0x7f0000000640)='./file0\x00', 0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000680)={0x0, 0x0, 0x4, [0x0, 0xfff, 0x7f, 0xffff]}, &(0x7f0000000740)=0x10) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000780)={r1, 0x3}, 0x8) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r2, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r2, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r3, 0x0, 0x1, 0x4}}, 0x20) [ 142.434299] binder: undelivered TRANSACTION_ERROR: 29189 [ 142.440529] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:09 executing program 2: r0 = socket$inet(0x2, 0x840000000003, 0x8) socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000000)) r1 = dup(r0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000001c0)={r1, 0x0, 0x4d, 0xa4, &(0x7f0000000040)="3b5bedb18d7d6ae1ca71bfa8f998af829240f2d10a8d16bcb3c2231da582773f717210f992966a233fa1330c8ed006f45b851712e413ea928cf4895d79af806a98cbabe6f8a73dcb94e9a7267e", &(0x7f0000000100)=""/164, 0x2a99, 0x1f5}, 0x28) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr}}, 0x1c) [ 142.529563] binder: 13058:13060 got reply transaction with no transaction stack [ 142.537185] binder: 13058:13060 transaction failed 29201/-71, size 0-64 line 2763 2018/04/09 20:47:09 executing program 4: r0 = creat(&(0x7f0000000380)='./file0\x00', 0x164) setsockopt(r0, 0x81, 0xffffffff, &(0x7f00000003c0)="7e625a7e3159bf136459b90b020e74d65ab05dafbad793c729481455a2d3a73e3dc7345fc8244e3d6d006fa3f8e6c952a901cc59ebf44d32d0778ab82fd2f752da094b8df555a346acac4d4ebaf0928e8fee52b6bffc0ce255e1aeb48f23c21c13795216f138415b685eafacf63d9f2906e5159e90c57a09cba760c55132723cb0b342cba36bdeaf3dd02a0aeba9d2ddc23f291d68", 0x95) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r1, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) ioctl$ION_IOC_HEAP_QUERY(r0, 0xc0184908, &(0x7f0000000000)={0x5d52, 0x14, 0x1}) write$rdma_cm(r1, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r2}}, 0x18) [ 142.626004] binder: BINDER_SET_CONTEXT_MGR already set [ 142.654905] binder: 13058:13060 got reply transaction with no transaction stack [ 142.662542] binder: 13058:13060 transaction failed 29201/-71, size 0-64 line 2763 [ 142.704814] binder: 13058:13073 ioctl 40046207 0 returned -16 [ 142.713490] binder_alloc: 13058: binder_alloc_buf, no vma [ 142.719336] binder: 13058:13076 transaction failed 29189/-3, size 40-8 line 2963 [ 142.749180] binder: undelivered TRANSACTION_ERROR: 29201 [ 142.754850] binder: undelivered TRANSACTION_ERROR: 29189 [ 142.760919] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:10 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=ANY=[@ANYBLOB="00000000180000fa0000000000000000", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="3feb01ff12800000"], 0x20) r2 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x81, 0x400) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000000180)={r3}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x400000, 0x0) ioctl$TIOCLINUX3(r4, 0x541c, &(0x7f0000000100)=0x3) write$rdma_cm(r0, &(0x7f0000000140)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) 2018/04/09 20:47:10 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480002001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:10 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x10000, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f00000000c0)={&(0x7f0000000080)=[0x0, 0x0, 0x0], 0x3}) setsockopt$inet6_MRT6_DEL_MFC_PROXY(r0, 0x29, 0xd3, &(0x7f0000000100)={{0xa, 0x4e24, 0x7, @empty, 0xff}, {0xa, 0x4e22, 0x20, @mcast2={0xff, 0x2, [], 0x1}, 0x1000}, 0x34c00000000000, [0x8001, 0x0, 0x3, 0x1ff, 0x0, 0xffff, 0x1, 0x401]}, 0x5c) r2 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r2, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r2, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r2, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:10 executing program 2: r0 = syz_open_dev$mice(&(0x7f00000002c0)='/dev/input/mice\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r0, 0xc0305302, &(0x7f0000000080)) 2018/04/09 20:47:10 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000002f80)=@create_id={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000002f40)={0xffffffff}, 0x0, 0xb}}, 0x20) write$rdma_cm(r0, &(0x7f0000002fc0)=@init_qp_attr={0xb, 0x10, 0xfa00, {&(0x7f0000000380), r1, 0x10000}}, 0x18) write$rdma_cm(r0, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000300)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="3f01000000000000"], 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r2}}, 0x18) write$rdma_cm(r0, &(0x7f0000000940)=@join_ip_mcast={0x10, 0x30, 0xfa00, {&(0x7f0000000900)={0xffffffff}, 0xffffffff, {0xa, 0x4e24, 0x16a3, @remote={0xfe, 0x80, [], 0xbb}, 0x2}, r1}}, 0x38) write$rdma_cm(r0, &(0x7f0000000980)=@leave_mcast={0x11, 0x10, 0xfa00, {&(0x7f0000000040), r3}}, 0x18) [ 143.088368] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:10 executing program 3: r0 = socket$inet(0x2, 0x80003, 0x9) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x84, @empty, 0x0, 0x0, 'none\x00'}, 0x2c) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0) 2018/04/09 20:47:10 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r1) 2018/04/09 20:47:10 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) ioctl$TUNSETVNETHDRSZ(r1, 0x400454d8, &(0x7f0000000040)) fcntl$addseals(r2, 0x409, 0xd) socketpair$inet6_tcp(0xa, 0x1, 0x0, &(0x7f0000000080)) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f00000003c0)=ANY=[@ANYBLOB="1500000000000000336804377c74797872d7c8bcbd1e334d9d85a6ea93b7543ce4764bdd9acb2863aa2edb13bfe8ed4d7f2de1e6c4e6afab2ddc0b05d5b484165b1973f73f87c269436b4a589cdcfe333d7663542d4420e8d1e8e2c6bc272aaedfe423bd04030a6e86444ce64240d4ef8135b245bd949ea8d77c33599fc6ab5917dd54af708bb769c414916bb2f9e0e8f449b6531b1c7bd4be9429fd9d28f1f9ce34075601c780de23b96e76fff10e9c11bd0d95baedeaa339c7b32cb50941d3d86575c8e65697847b9d6553cd8ce842695de774eccc4db806ac5926"]], 0x0, 0x0, &(0x7f00000002c0)}) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r2, 0x28, 0x2, &(0x7f00000000c0)=0x1, 0x8) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:10 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="4800c00e1400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:10 executing program 4: r0 = fcntl$dupfd(0xffffffffffffff9c, 0x406, 0xffffffffffffffff) ioctl$EVIOCGEFFECTS(r0, 0x80044584, &(0x7f0000000080)=""/81) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000000)) ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000000380)={0x2, 0x0, 0x10001, 0x9}) ioctl$DRM_IOCTL_AGP_FREE(r0, 0x40206435, &(0x7f00000003c0)={0xd88b, r2, 0x10003, 0x1ff}) write$rdma_cm(r1, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r1, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r3}}, 0x18) fcntl$setpipe(r1, 0x407, 0x7) 2018/04/09 20:47:10 executing program 2: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f00008a6000/0x2000)=nil, 0x4000) pipe(&(0x7f0000000000)) 2018/04/09 20:47:10 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) io_setup(0x100000001, &(0x7f0000000040)=0x0) r2 = eventfd(0x0) io_cancel(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2, 0x1000, r0, &(0x7f0000000080)="d2b034d8e0cc250b3ac85dab581daee0cda05ff8215206298a43880f70de8e73c16926bf2bd328", 0x27, 0x7, 0x0, 0x1, r2}, &(0x7f0000000100)) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r3 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r3, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r3, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r3, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:10 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) syncfs(r0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) 2018/04/09 20:47:10 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="48000f001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:10 executing program 5: r0 = socket$inet6(0xa, 0x2, 0xffffffffffffffff) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote={0xfe, 0x80, [], 0xbb}, 0x7fff, 0x2, 0x0, 0xd, 0x6, 0x0, 0x8}, 0x20) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) prctl$setfpexc(0xc, 0x1) sendto$inet(r1, &(0x7f0000000040), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) bind$llc(r1, &(0x7f0000000040)={0x1a, 0x4, 0x100000000, 0x3, 0x2, 0x34f}, 0x10) 2018/04/09 20:47:10 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000080)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) [ 143.341342] binder: 13127:13135 got transaction with invalid offsets ptr [ 143.373133] binder: 13127:13135 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:10 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) getuid() write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0), 0x13f}}, 0x20) [ 143.418209] binder: BINDER_SET_CONTEXT_MGR already set [ 143.444917] binder: 13127:13148 ioctl 40046207 0 returned -16 [ 143.525507] binder: undelivered TRANSACTION_ERROR: 29201 [ 144.272385] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:11 executing program 3: open(&(0x7f0000000000)='./bus\x00', 0x100000141842, 0x0) syz_mount_image$ntfs(&(0x7f0000000440)='ntfs\x00', &(0x7f0000000480)='./bus\x00', 0x0, 0x0, &(0x7f00000006c0), 0x1000, &(0x7f0000000740)=ANY=[]) r0 = open(&(0x7f0000002000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_CAPACITY(0xffffffffffffffff, 0x4c07) pread64(r0, &(0x7f00000000c0)=""/15, 0xf, 0x0) 2018/04/09 20:47:11 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000f01400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:11 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000009, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:11 executing program 2: r0 = socket$kcm(0x2, 0x3, 0x2) sendmsg$kcm(r0, &(0x7f00000004c0)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000200), 0x0, &(0x7f0000000100)=[{0x28, 0x0, 0x7, "07180f933530693c2f7b4f2a51b7c9e4b9"}], 0x28}, 0x0) 2018/04/09 20:47:11 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000000140)="0000000000009707d4aa23dd27f3784cc117996f686ed5a8bbcfbd1a9c5b52d40b87b4ec54cd7f026d05890ae2f49ab98ca5910049d19d005671e4bb40efb5f7bf606a964d02ec5e62cad430a3c160d213b61923597e97d27f38635a9d97b24f", 0x60) open_by_handle_at(r1, &(0x7f00000000c0)={0x7c, 0x100000001, "44b32565a88499b832961ed46e45eed22e7061386a71fae639f53886c6c6b91bd022cc7d7369dff9e9753f5a6c301c1367e56a554f35a4d902882af4876c0b3a4f2864e435493a5e9607ee85a0554fda4f42fb8e9af8a80c71d901048202243464c688d5d710e7e35ee15226a02a2e716616927f"}, 0x80) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) bind(r0, &(0x7f0000000040)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'sha512-generic\x00'}, 0x80) 2018/04/09 20:47:11 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="00000000180000fa0000000000000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00'], 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x80) ioctl$KDADDIO(r2, 0x4b34, 0x3d) getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={0x0}, &(0x7f0000000340)=0x8) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000380)=@sack_info={r3, 0x8001, 0x400}, 0xc) ioctl$TIOCLINUX5(r2, 0x541c, &(0x7f0000000040)={0x5, 0x9, 0x3, 0x7fffffff, 0x4}) 2018/04/09 20:47:11 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="00000000000000d8dedfb774505d37c99a585830cfac28500fabefe9f27e5e177f736b0b8ae1b30d558fe9c2fe32755bdb8392c3452f9113ceb2a0021d8202c6f5864796d8f4af72631e4bff405fb5f16e673774a43cf1095636ad795d13e37bf62fa6d7d141bb440e6c1c84f88266214f8baa56bfb58e8d9f3355c015da80342d97dfaa4b2b79fc5788fb29a50820f7bae73914e4292301c32dc6f519f73837d094c8e804fd60598ce08c325d666c34c22074565711923e1e5ef5d851497c51c24bb172d2767e02ba6457f232b54b0c5034ed8a3cc871950573e6f10ea0cf1f14328864dc89e89396275c215025e427c2a4ce437105de16987f3931c94d4694002b27fb186fa26731053fe988ea84cbda8d178fc4d307c0afdda864294529675d75bc636e7977fcf96c22a16df38db0d8c1f255ca92563945193dc1", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="3f01000000000000"], 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) 2018/04/09 20:47:11 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r1) 2018/04/09 20:47:11 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000ff1400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 144.540691] binder: 13189:13193 got transaction with invalid offsets ptr [ 144.557418] binder: 13189:13193 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:11 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) fcntl$setlease(r0, 0x400, 0x2) [ 144.596147] binder: BINDER_SET_CONTEXT_MGR already set [ 144.612755] binder: 13189:13216 ioctl 40046207 0 returned -16 [ 144.654920] binder_alloc: 13189: binder_alloc_buf, no vma [ 144.660656] binder: 13189:13193 transaction failed 29189/-3, size 40-8 line 2963 [ 144.737926] binder: undelivered TRANSACTION_ERROR: 29189 [ 144.743567] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:12 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x8000, 0x0) ioctl$TUNSETNOCSUM(r1, 0x400454c8, 0x1) r2 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r2, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r2, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r2, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:12 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = syz_open_dev$tun(&(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000280)={'syzkaller0\x00', 0xb}) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f00000002c0)={{0x2}, {0x0, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}}, 0xa, {0x2, 0x0, @rand_addr}, 'syzkaller0\x00'}) 2018/04/09 20:47:12 executing program 2: mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000176000)="00640001000445") getdents64(r0, &(0x7f0000000df0)=""/528, 0xff95) 2018/04/09 20:47:12 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000080)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0xffffffffffffff04) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) 2018/04/09 20:47:12 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="4800000ec000190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:12 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000380)=@destroy_id={0x1, 0x10, 0xfa00, {&(0x7f00000004c0), r1}}, 0x18) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = accept(r2, &(0x7f0000000100)=@pppoe={0x0, 0x0, {0x0, @local}}, &(0x7f0000000180)=0x80) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f00000001c0)={0x2, @multicast2=0xe0000002, 0x4e21, 0x1, 'dh\x00', 0x1, 0x81, 0x2f}, 0x2c) ioctl$sock_SIOCDELDLCI(r3, 0x8981, &(0x7f0000000080)={'syzkaller1\x00', 0x1}) ioctl$sock_inet_SIOCGIFADDR(r2, 0x8915, &(0x7f00000000c0)={'dummy0\x00', {0x2, 0x4e23, @multicast1=0xe0000001}}) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x40, 0x0) syz_mount_image$msdos(&(0x7f0000000200)='msdos\x00', &(0x7f0000000240)='./file0\x00', 0x2, 0x5, &(0x7f0000000440)=[{&(0x7f0000000500)="3c4d27c1a0744f4aa306e1a1b99f873f18227cf3611f4a945b0f6824e916346389ccf06b136fb534e6805485bf55e68025547d7f4963264fe20cc4245fc0300f6d25b55dcf123c6099758fb415b58d26f5707116f57e8bbe21fe56820dd32a0b23c2faa80a5408be67325bed68d6590d0e0db1769ef4024401b799313ed798f0e1842781a140ee60fd9d1520edd2a59a1335799be924ad113e85714cd2aad452ae608fe0a3b1aca863b0eda2a95fb45f2da60b0b0b20da21798d363eed1b31027a48d0801653be22ae9bf0736a8c400b8f06d5c171bf0ebd570a51e407d5f49198d5177800674553db466873b7b8d760c1ba0d203054c49ebe64f67ef12dc1eebd1136df577e26368ae6bff814ddf0456d492a8fc9158a177ceecdd80d1f0e843f66d2910531d4f053a25920817796860cb0f5c9d2aaae133aa4f6a584ddb28edd9e9b9a6a188b5c0d9996994502bab172ce3d184c750f1c0d43af0e47f4533faed876bafcaba7dc3c9105b12625569a7eb67c70e828a819418cd9bd514a59a8284722d0ecdeb3517eafa0ad6c2ba0611fc2f6039f5f7d7e3af14b8f213d7d4f098dce14016dfe955b212c1333690d1f243236f35e7a330bcf3c0e06e80d55e862d771558f004bec5e798f524e32f7dc532ad1aa6248ab9b88bfebdd5e14de66b2e6df16f70fc913866dab5be7ea59428f0d167fa43328411a9ec4dd39f3d963dcca4df11afff1c4b329801ece623a00800e6f1d3b74b963fdb042f7ec884f3b8010df026f09881e52af397f963440bae967246bdf1d72b49a9e73c5a5aeb386c2afb18e11eeb72314e217a723bcf4d5ee8a9c7f1dd923203a94d9d84fc01ff7ff9a8fde8d9cbfb323eee569adce336c612acbd7d9474002eba4b6efc75a88e0676f228fe09d5d8f999512991337cb7ffca6c66b33122e955d42d3ff6d9c3b0d86d51fc615dbbf17f4caa56145af6473bf7ba4c4928c2b1f94b1a339e65e7530e21fdb404766399b3d2b2977dd421a63f6134e104a92454da4f7abce29e723d9617bab72ea51a8a8399ee0d8b004aef29b2c81c93aa4210799f8b97e05bb3d08a31fedba3151db8cf208406d3ded520709e8d65911f5216b52ea686d3aff64b449518e8570fa9668feed24ac842d94df4256d150c27ec6e029a39340558bc5d99000df24d324714dfa02112b7e7c0f7441cfd0e1e2d58d75880a6109d5e4aab2e72469f3fd4310ae06fa8ceeb540058c412a2958f318b43ba1f0c7f289bc5273d234bcd109ad3793a544c437665ee195905c38f43a8eb19833903b9677c5c6a81d98403183bf6e3b2ff4dc1901284eaddbc4ed6b3b24f8cd5ba3d8ec5698ee134b3535a1703a6967b19a63ca5e3cf9f4e75e90c369f07f7b2817e97bc236ea43aa18e33aeefde3c3fc44a517fac948429b587f4ad268d0e299852d01162e53b7806a408336393a7c28c50bede713db623bd9124b35655cabc8000e287a92d6b5de7b3e665a5de27fe5e23cb7a032dcb8de1afbf1cd1b961f27eacb83c0639346c5226cc8608b924d4ed4fe7b2aafcd54e6a7808357fb668becbee04b1e57e0eb3f8fc0ebe1d49a409f08292f6b10e52bc05641a568b7a70d5f49f27976057c859c202c99627c3606ebdb705d27c9773cdaf69f9bee7b62d231190a6ae51ae5a34542eb49e3f1b2c57a4b375e536b9bb433b9185e0ba6dfa9cf09cc2bd9201f4e486ba27b07fbd81cbc400d86ba8a044f3d170d0fe8b03c550c67892a24e71d606309ee7060c77f19113bb1fcb28eb5e7e97183174c1c934106cf4412b435d6cf17ba1e94269280c4ac3fe673b07aa11333242fd3106259cf2eccfff24b5c43bd81161a59b26f019ad7f278eb6a95f5cdc82c8b88f89faa877791b0669ec30b3d338a8de64275c4d0be07c37b886f562f7247eba76d81932b450752043668b87073d461b1d4338858942d2c1d39705ee9d415e8d2e10240ec2b0876632ecfc52e7c4edbb2a0fe20a6fb83f676a60ae5bedb6e70ee17285d60aa7f1bc5e8eda3073cb91b73c060c95cd5434488e7f48f26731624cd1e70673ad0db550d43fe1d82d99cad15a21b55e6a35cf7826cdead617972c39693bb377a0c833396420dfdd784fae816bc1f43e29ad19ff089057dadbd9cfd28fe115fb3a94dd128c17836d3802aa306d6bb58c235e2e9453b03e2b29305265ab91f5fdb68852c3d0b9e8ded4868c59f0d79ca0a6991965e2e45502a1b11da834932eb29b1c06d3a2255d8a0e5ac677a86dc63a7cc1ca9aa2fe706a695b2d4604f12575e55eb09d9aadb27d69ab3cb22e0a8fdbcf151f53a1711caf3498520971731de5059a256a6af0f253d65137b4230c38126ce67bf16950b87a349773fa9ce361e4790c607b7da3a51abe04837d07aa976ab34a9fa4675b64289aebd3d736f26ecb61bb58e62e0c7e0ceb5340106a2b8b10743f90bc01d2929ded91b4215cd4929b42f96d56d88e8634981a50b2513cac222557de15b60b949d7cd2395d7921ff175fba43b840b6ea9c3efa8e5e01ab1d7daffe1ac24945d2d698c9888aeadb56528cb010ec2665b512b1d36802d56913b1b1c750be7c710eecb055577ad4f49ced672f2bcbb454ca5b4330a813a4bc94bfc6462bd1fc8d83dc21269c4b497191d6977102f5ddf06b61d60b447fbf3cfd7049e3c5eb9544bee5afac986db8439772c89f04340965bcf4b0a64dfd20618cbb542d18ec13ba5dcee6af09c73e2db4bf9b77fcd5ed9a148bb2dd75d821e9307dc4f53428f26306ac4f2ccefa4520ed5bbb387ae31ae2d26b65e106f12a6f77f80e347d3c7d33fb1b5e39e07e208e2a5dc0fb95d3a90e258a52cb5cee214edf02437250d7c786da73fb8f294224e712a6ca17143c94903c08691e89756385c7bc7b83f2d23799b951dd91476045181eba7b654eff023b1e006063aae2ac9029b0884c3847aa013bcca9de1cd14e98d0b489f500b4df5c4e772c5ee6c34cd932c68a711e345c1c3f963503132804caa7df54a368b7f98ffabbdecb56f9a6ff0dc524c60566a61c2b84a23860f001a52ab4089ca796a58e13937c3c06893554e44e0bd204e7286e786ea5de4e82904f1427d76b00cb0161446c29bd16b235045821715602afd46df47de6e0238ad9576f25cc8582cec6b4e070477beeed04d50cbc70da8c2c5427921703c7ea786438548d82339ee83d7f87d16c95fe137a68a087344cfd0f3451786a21c6c5e9c19333580ea3edce7b7c9188887efc20fccc51d5f159cb7b8808b8d6f43cf5b067c2413977d46a10eea59694b51da1a18bd02882fa1c1140d194c8fb92249507c74f3b6cb9f5a300c63045d3d70a807e0deacb060c580ac6b073e9cb5965bc5ff54bf08270de396eeb36b86e90b36124c3124857cd6f65b1fdcc669385675631d50d418a8545a22bcc5b3edd681a4b46592566ec8b594b2407b46ad3f8d3b6db8dd2325b7d37adb94be2b9bbaf4df1f33f250eea7e033d0d58954d6592b5f85023c6daff92844be0903fdfda793b5fd2b7c6c7a9099271281385aa801cefe997209c47c54b750e9582111c42bd41b50ae9e0f3b8ba9b1fa2929b4e7e70665d2c312f183c0f2122daa948dd3b47a7aef7c30200f84d42cce0318218e0b547793151da281d0e7c3cd66e5a642eb7fb2e102fefca5f6de500e744d9c0f4de959bd23fb62de98e9fffba5f072f1bc6ef02c64696417eef0acd6a97a0b44152f05cb5652091852d1084af56ec7c52d9e2db1fe5ccf86c0663b060f89488860fd813a63ce1dcc3bd0c6e67ed1bccd707204a02d1febdd9d6bd8d5c3d0817e8bb84eb89ef39d9e0d18c1e2a70563b9732dfa703b4b098cccc9b7bf9d58b78eebeb275f6cde6f4538dd6bb269d43411c30e9bfaf5f219bffb5a7eaf1fccbc47212ea2b6187e27ad045b13926a6272916cc23791eec14ea53a7406c26f40a7fc2210bd44559fe18cb13bb662113e6f7682b972882209950999201c0f738adb6c41b7b22784f3227dd8dd011939511f2606c94347e165e8698e79a98910df06167e692739258746d4c830ccd4e56dcab2d8acca9164ae04d62267b9f340bd76140e29cc8c45979ee5012dcd948d739293cb04f214981b6f682eee89c1ca81fc3708fdfa332e226f660307074af169f394da3b189af865574d6efce5d300ca6175efb9c2801421d6b77df79ce539c82dbfef33bf2f974aa3fe648dc42de9e6a1184fcef3f9c4fa54309ab05fa57308dfa19a21fd74919063eb1c2f398b8f2f3e6c683872b84aca0bc114567c3b74d3ba92c9c5e208486eecf062980e540db110b11fa72fef6f12e60579b4509b819bdc61f10130f037a58d886ce50b8bec6514c8a1e23f74c590b88e32dddf2612708783fff7b5dda4f16eb317ffef825293fa21f50463b650a5e13d20de6302ab22a432eb9abad5d735c3d17e7a2bf6fd9954b2b93d7f8ea35632c4c834956387ce902b8e881849bd66a723b92efbd1acaf019ee8439807313a9c404ff2bcf0a670c3e7b7bbdefc322ac7664554167c988d78417d33f93b965a44ef366df78ac373bc1de4dfe527ea7838c5a829cd4560440c42eef4ff1582a162f6cf6dd8ba9bb1abcfb67d80f15593811497d6b76f2fbc903f9f1c5c6142af5d9ebce215b85c4bfdaedf6dd8a0d836a8a82ced2b400bf651454a177e80fce60dfa08247ab559706a83de19176b3b799fb3ce3074eef3382ac74d18619ccea6ebc666d898755f2077d8d73ddc3467de50b3e9b08dfef3cfb8a9b1a2aecd5bcc9e720f2a915ae4c42467e32c9652779e4b1cb227a1d342531ec642a8df1074b8c1750d34dd3d356c10d76b2bc6a297395fcbe5e54408ed633ad2e241b09d3ddfe47f01ba483422ccd607682b8a796c1aa32ab9f87ccccfad874151def4048478ff8f961228fce9634050ee48c45de99b306756f06038473a88ca47b06c2bbf895d39f275bd5bb8f3d7d847e1089731f10a91e5592ea23b98e8b4ccb0b1ae13c5fa851c9e20a8d923506a7ab7b654c799fccb9ba2b51683bec1ec68a2ededc1afed259fc8d3640839b540790a4716caa0e47188cd51639cfa88ba51d112db658faa3a632dd6e7f6d2dac4e94b8cf22d329207f59f6427a49e8ddf114af526ff729f640a65ec02d1ad62816e94aaf73c48bc010a1d7e9e0bf475430e131c05645ea4c4d103c2226e1eb40fc7729916b602412e5a19c0c9a24a35b2baaaa08b324fc791a9c40c577975e63aca971e548fab93fb7ef13c9ac81dedcb0ccbe2db1f4e58c4091dfa27ee74df72dc0cb3cc3947497e0ac20925963e15f98e6dd668b31b5ff99beb53e806d865165360fa299266ac1668ee466a0aba91c01be0e83ad2ce325a84a149d513fe7f9f70abade3d9db2b40d9331bb8365164ce9e74f34daf0b893338922c798a3fdca5cc4dc9d865f974954f6d0d33a9157ca4347820c9b82d96b4df6087ec1548c93f37d1c2686fe7a441101a9d06a387127ae146accfa28ad04eea0b57c172a24c6d4deaebcd5ca71acc5135a6f7f823f3ac99ed15a7dd4943c42585d2d70f7678535d267e577f041172f545f1b55b99e60228290f67bda1c9a707f28e20e91a220def97df076a8303b04236c3ff26321e98dd78657a212e1da225104b215eed84d0f7a21d5a7a6a6a0aebaaf03d7a0c3a221bbb1c2885fbbc56b3e7ff3e92a616812555106ea113e745dfe0f4414b41ab485803fd370976e6add1b0236936e1c1f9eca559555575f8ec53006d19829a40d17e65af315bd96bc252012f051c77a25216", 0x1000, 0x1}, {&(0x7f0000000280)="e02399cb74b31209235538798961c333660a0cc9c62680edc3853d1051bbc2bf7b0d0e03c385fdfd96efe880d62d6a6cc1e031c37629f4f28d31979b73699e566bf0a022da7f338eb40f3bd7ad7c4accba94249aaf30ae636cb7e104df47c1bbcc9276e96fd29730c9257001e4e6293e75a0", 0x72, 0x8000}, {&(0x7f00000003c0)="b51b3d9a4fa9be476b1a33be77fa3358e4bdde7a0ae70d162e3895ad88b48d2d8870a1c3dd2f27bfa3af5716d33193e414a882b81e2f3b0daecc5e5c2f1c0295b4d2d22bc62a177073b0a288c8", 0x4d, 0xfffffffffffffffc}, {&(0x7f0000001500)="69a5900aeb376eb7327b75e076588de29c71659f0e4aeb8723accdc5ce8079a4ad3a02094e285b8d620d1ddd3232e978a55775845b27c543317131c0edcb85f948da0ecc7781d14d19295c8350620bf00eda9c555177d480b84009a36e77e220ed1c431c57e316c1049d6d419ccb5ab159aa45f4fbeafac88dc2900125e54b7ff3d28efe1d19ac1a5bd85b02d9133da6f1df1b28a25844c4ac5297e5d7abbc0ddd759b2c1a63feb79cd7689be8d871cb8a6a4f8f3ed2d16f9aaf3e17f9", 0xbd, 0x98a5}, {&(0x7f00000015c0)="d50ae4471e43b21a8695d63943bd2631b8a0354e7b422f4deb06a255ad927bbecd8e278eb9626b2786ca912581ff6327f74231442ba51c8f73f56e320afe939abcaad648680ccd4bc6c01ae8c7cdeb5da0d6cb59ee45f179bbff3e9675ea2fa8d80cf4a470e228fae30fb726acf98ba268c78528d8fa5bb7e535fc0a5d839ab96c5ab39686d15b6c98e08db9eec0b8cd13f862816081876b81d6bcac4c78bbadb542b12caefdc3cc5819d96f43897066b002d61bd3f1ce27331d1bfd47230006716be0d9f3d202cd2bf2d3f527c992cdbe237f2e937b627501da58ea28f1697ec4b270d8d5f529667ecc5883a930dde8fcb532c6501bbe06db374b4a8153b4fbc56228e1d6b26dee5c1ed68f33eb79acc064bff382f5f02f64534f6b5ede6c57df1b0dec2f7f22760fa7d334cb96014d56fe584dfebb465250c53f31f1aee7ec5d55137ffa47e2b6df1db3b59e24315112b7de2e2d25eb4855aece3016ff6299e65463f8e15ee7b556eb27fe3a2542467c099fd9b81865e119134bc5d47958e7d285ca1addabcc867e104c6c7e0e252282c52bdf5d671419d53d7097a5252f6fff8f6d42f8b80f6a08f33c5bba976343d1610f76fb2f76687a921be3bd6be5fdc9be1fb34e05db47cc8b929f596ee94438e39ca0c6bf57fb1506009f6ca99be0e6e780037ff5875283db77ad3ca0c5e93605bb14464cd749549a1075da8d469eed992274631c767060867c40466b4d7d8887f32907bcfdede12fadd5ad4c98930899bfc1cd96339720446f770eb622310432b3f2c4da3b2f538542004f2f95b9e92d66f335d72c12ddbb15cf6fc37f57860d942a797f05ab217db07d54cbb1065cf6fefc72df4071dd2ce711ee3d311a391ba2df3a10acd3bcf840d590b5e30fd5a497593b243fecabaa38ccc438a1502a04caf5c0f93a407bed42566a11a8e1cd580d93eb2ab2dbd9f02538659183cf46cae85c88e932ca6a468ab246e9403b4fc6068059242a5a7731b9c7dc490e4dc54ee7f8aea9bcc17cc996f022f328559eeb7a2271222bf0dba3bfef602576aed84868e085066109293f87c425f74e7a2be8326a120a192f622e0a53ff4af3f7a1c3b5f5663143aa8d7b83c4634672bfe86961e7fc098929dfb424d59f3f1a56b787c8533d2f0b3472782e97687734e7e3740a88e7ee41b9fcac08ec302c17916e1bf4b60ff4dd08492906962224be45b9aeef6bdde66d62c9f80de369cd77716a1bea81f2620fa5c42d9745ef5a9410354708d25e5c86bb7a8f2d0b6b92023a0e2df19515827690b2eadc297bab25fea63d83c43da2b01a5d2fa2e07b9b63bb99ab863ab9d6730889a8213c38c72a6924aac3c9bb709f88b59144c4d78830bd45ef9fbe98bf05446dc2f68e413530e1d28f69c4a37a303bd1c93514fe4815aa1ac9cad78a863b012e4c3b65158f95753e468b6099947169fc659b425b893a1fdb3b5f2e99887293c27e11c8bfe448bdb5c07703fb41781035201adc324d8aaaa3840927a653059f2fe054917e3b20003d378a4748c4828e10e9256a382d606bec9e8951d5bf3896540c21e37976cb052a919057d385653e8ec6694c0170a147cdadd8f627dad34f9176cdba3001617f0b2addb71725fa30e933a5a6fb128b9843e93acdad998cd941bd8f7c3b004bec677421276d4194534cc7ba4cedfb03ab0c3a67fc43424dd1970eadf6ab2ca2c0b197a8f81af947503471b90f7969e16485c789fdd967435b81f566d57abb980561dc49dbe2d8abb1eea68ebbc7e2855ae69c8529bedebbac2814209f26a629e202285db6023c6215f15484a0f7995fdb4026a3134acb5edbb08718e12b9cc58ae6e2bbb952c4e3eac57c45ee11ce320d0b9cb825adb802f5d9cb103dd05aa229951da77b49d244e043efd0b4b6f5eaf849a6180f4eaaceabce98ad4b6286a88c531f089b5beeee9bc55e60202e6c6d6cc8e087f6891730f3b9128acd9373308ab02e94d4ffb104b304b64c6dfa4a571906d37d1be723596ca818cb0e1d30f96f0d4d7121bbef52898549a9bfa95292ba085b2b301c4b4ade7c525ddc70ac40bd5afba644e3b0a417caa5f216c4239e0ddc9b199a5b2a9f0c7eccb7a96a0e7a17ac8d9ae75a5f23beeaaf01d2677df5a63253725e5e58685d9bcad00966ece12b986961c2cc6ef819dbcbf49b3b8961c28e8963168c7544ecbd1291bc672103838503ef5e83e954146df44cef695c590a7a86a05378570850acbc0a862441af059c75615ba0ddf3d4be0ee00e85e604bdf260f4310285d4722d7e55e5434b6b283fd406b1a4bf13cb1169da09d49da684c7b24da223ce82b119d6272005762a222c40e3823701276514d4efbc1a1d1ed30fba553b28045134935848caa81a4b9550911ac6df69b16a56ce82033c7e9be60d969e46e1f385a796a72d22357458bd4b98b3feb68189d8a4e69f5f4d12f30d6a33f2ce1fb700368e975f221825a2a937b95331bf555a89402372b3bcf6a6bd01e65b4780e739647b792c3cd3b3695d1a537be0a0f3acb4255617bd046a98ed66ff66a4051a40902889c1a0c8de4a135a36827e10d4c6795d77220a264986884b0e01c9c5c644d50ad4cac6ab0161bbe7c362832b2408f7f63b77d269a99c96a2219e1f395c891ce8dfae06b5afc807e55016f76e649ac6c6b21f4c7fa327ab4ee2e7517c039bc3522a4b06a599278c66836ba06706b8472d5ec538ee378335bfe565913a3af701312412bf17bc46b3f1b6369f0d6ce59424630dfebf9213943b69a16970ae158002041ae48ae40aee061631fa35cf8f4a06f7c85b8fa3e0209dd38e3c16e67542eb2fb332d37e9da43bff07f280246b04edda055a6d703ea97db4d43a5419c203a10b328fe3b565b30a72071636d370bfae2538d58f656d72b94684972bead12907823288694527f3e90d444a55aa310a351a9f85c366eb26af74d0dda8afe1444514218c19a0613216e5f55b28e8842f850ba63144a0a7940e5a22c0dc9482a4c2c744debe4ad534ff03e46a8e317665e7dd7bea90177257904866a36cb35057d8576f876e8226acaf3e406a3bd01708b89e19b462ffa4a21306d7e3f77057650338e5e9799e3c20ab2040066e2e0eb60f113398a51c793913e6e83924e2de13137949514a2abb5368421a4528847927e9dc0eef813068d2a154b955c9b781a8212d17cdd1bac60d618155c63e3d4c8917daebce50f152ac5f913b2ff7d158fe5c35a5ad75b8058f3b987ab4a3058319d2230f6e0e7e9c7349a9b9e90abc7a0766db486e49e722b90b6c443b19b4c3750fa7e1809b5d529226dbdb640255e0c0a2953cb8ab661022e002a5903303392168b8c8dd82bf5d6218712c7543614c00a8b1487ae4aefdc2e88a3ac2b38849a7fbd984494857383b3466a7e985cec29eeea97e43c8da2bcd8d12c67677322caecffb6295d1f50a71bab007063180a621dc8264c5b6c4ba8b65758a030800674ea07a0a4e931634de42493f7a62f84af795be17e9476e235f8929dd579dbfa8a5c533c6c8f471d609354f939749c347cb5134e2b489a9bcce550cf4205c82ffae07e765060455ef85f2c7129001353e7dad2999038a97a443639531499bdc667c626a346540884d40f8dc01ea62b985861ded089952186da2897ba4efb9990780fe2e36d8112a08c08c99a95b218ef7aea4c2d9b4fe38028e922dce5b886d59cd9ba7efaa28ea108dd6b53cf9a9f606da2d9a48ab93e77368d520886349b421fb25e187d7e05120b7086d2165ad84b151292e61ee8f704a214978b1fd93b6d9f7b88e2f41a9b301da415df06f26587772c3f0877c3532272157b00c30eeb6af2c2d83b4a9655e59c9e6883566988aa52a15e558c999684b34e226b4ceacd95d32d410a9a801bac5b4a7f0cd490aee1781fd34ba354b1a1e864876bacf6860cc00696be945b32d4bcfd52df0ec91b3e702e7edd0dfa541759ba533cd80be10ec4e8ee1c13f1f04d0b8294bce562b7af07af6acbb7e90fbdcb5821322296edce06f622bdc8ac9bbea0ef743d06ea63a4128ae16fc0892d7386941e160e8986e170e88909029a650e46120cd5dc52de06cb603405565632d7a4b255169e0ff2d0fd9fe3d09562a305abd118f099220c4bb87d66e50d1bf020b2b234da83a1971fac1f80baefc4be20270fd24dcb35274777b8df547daa8bad5e1dde7ee24725f7adf2a8bce093c9295409384264f913bb658de76fd985763204153204ae8eee131a0049a2fa120d1a47f9b8a10399c6e774cdb525471822c8852c76e67447c379ce67c60c98b2a558cd8364f7cec4f0f82a983ce309f096db9b1445f30f8edf902887df23b64f5da20b7e4e5ae30780907820da6ca09ad42645ae206a36c16d320b5adbc75aff06705110516aa6bedb6a732a445df6533868a401aeb632cf0a5e9480f131d005e825d2b305371621ed7ebc53822931bc04a9447f75216f9a2935dcf2037a696eeb06e7328263ccc9985b32cc607d75c6e97d3e438b67ec22b2745bab60d4661fcc7c397c5cda8cac9101f9f83d1c0ad354e70949ecb806520ac4212237d9f6fc5b848ac961ae1971a793aa77a733662f1affa6b611be86f03b236dc3a654dddea771a29ae7486f86da0335bce6688be116bf3edf84c87a3f076662fdb0a94fe258407c9b0b7dd8d9df3aa60d703dcffbe5277e488437f6ba2ff3bb02c377796fd62369f397ac5c8829223186dd6bbd5cd400f02dd99b35a09d63bdc92b64eccc473f70b4aaf50ae5b2d541eea67f2c0ca0eed4d88c0e513ccbab7119d8d8a93937f565f6e0bd7f5e0d8a8d035e0f3c242d31d035efed430720a267aa6fa61b3209103bd93c6a94174920e537bdcb53692ca66f0864a50aba87af51558a291a01759a5ca27092425fd6d50f3d0b216d8393431047926b54138e01fa83014fb66fe19af9162fb91ad458c63455279e2039d40036dfe00fae1c4295238e583c960924b6d0cfa6aad0833bf3a0d4a8a360de0f5a33e7657af9f6967612b667d63d4a014dcf112d500da1867f2f32523e53db8fa65e4b19edb4fed18d3d5eba50d189154920a68ae9311a759571a262acfcff91ea489c08463b4aab43327b29c77dca671c0aa8ceed350c98123162fe727d1f84cc6be7ab2f4cce6f814d17fb4f31c1657e7249d05ac34224f633ae0ce2d94004c309bbf9f03c4eee26025c27145e89c628b02e80d2f4d397a8c332171030ff684ece5c43633bf159548bb10f18ba69e97dc6c0731b63e6150ac995b3808c527a29ac0b58b3615cae6b66006edb3745b96606258ea88d31824a557cac430bcb19260a7e478f43341a35b847cf810d0b40bb32b943acd94667756193fbcdf37f8652fa6c2782dd92f7879f11a91ec33d5a38c680b1e2178b08907e5fd272a982211a97abd933a20875a791670c592abf500a7fcfe9236f6c828bf4e482208fec88cbff425501e96c4de35917f7408b946144753fe467cd055dd0f028d3a5a8848995fb8f71492c3c72fb1ff21c4e54c55ff167776574091c09058ebd45cb3b26e8e3c70671d704f345eff907158642bf637ec69158568865711fbcdfb7e461229ab64699b9c68382474571fe9703ec882ed90379415e58eed6ab3322302b156b58be5642cec4483f819614a27e5cb9b447e0108cb8d8016ed72b7ec41f9b0f5477899be612c1bfbde3e9f4c512c77514db450f36e8dba69c54ff7d760322fa29a1afb3a76e5e5750e5c8dafbcd15df7919d3057afe79d2a47806b4aa4306a256706a805", 0x1000, 0x7}], 0x1000400, &(0x7f00000025c0)={[{@gid={'gid', 0x3d, [0x32]}, 0x2c}]}) 2018/04/09 20:47:12 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r1) 2018/04/09 20:47:12 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xc, 0x29810, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) [ 145.495887] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 145.555440] binder: 13242:13247 got transaction with invalid offsets ptr 2018/04/09 20:47:12 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0x0) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) [ 145.597527] FAT-fs (loop4): invalid media value (0x26) [ 145.603270] FAT-fs (loop4): Can't find a valid FAT filesystem [ 145.610529] binder: 13242:13247 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:12 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="48000000ff00190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:12 executing program 2: syz_emit_ethernet(0x2a, &(0x7f0000000100)={@link_local={0x1, 0x80, 0xc2}, @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c}, @udp={0x0, 0x0, 0x8}}}}}, 0x0) 2018/04/09 20:47:12 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="0e000000180000fa30757bd9a333187b4abeb5df2f1de4461a5d9606ad5fe5f3ad626ac0b5d76123675430337501e61d9a", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00'], @ANYRES32=r1, @ANYBLOB="000000000100000004000000"], 0x20) [ 145.661982] binder: BINDER_SET_CONTEXT_MGR already set 2018/04/09 20:47:13 executing program 3: clone(0x200, &(0x7f0000fbf000), &(0x7f0000744000), &(0x7f0000f8b000), &(0x7f00000d5000)) mknod(&(0x7f0000000080)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000f8aff8)='./file0\x00', &(0x7f00000affc0), &(0x7f0000000080)) r0 = syz_open_procfs(0x0, &(0x7f00000e0000)='stack\x00') readv(r0, &(0x7f000066dff0)=[{&(0x7f0000001500)=""/178, 0xb2}], 0x100000000000001a) readv(r0, &(0x7f00000012c0), 0x0) open$dir(&(0x7f00003e8ff8)='./file0\x00', 0x26102, 0x0) [ 145.687298] binder_alloc: 13242: binder_alloc_buf, no vma [ 145.693633] binder: 13242:13247 transaction failed 29189/-3, size 40-8 line 2963 2018/04/09 20:47:13 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) 2018/04/09 20:47:13 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rtc\x00', 0x44000, 0x0) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000100)={0x0, 0x80000000}, &(0x7f0000000140)=0x8) sendfile(r2, r0, &(0x7f00000001c0), 0x3800000) setsockopt$inet_sctp_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000180)={r3, 0x9, 0x7, [0x8000, 0x8001, 0xfffffffffffffffa, 0x4213, 0x7, 0xbb, 0x4]}, 0x16) write$rdma_cm(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="d0a489aa29fd821bb664b573b37039822a003c15ae70281011e882b2ef652c2732c9f781a82d4ed465a02e796ca4cbced40a73e041cb5969a5c92288c58f9c425d9ad101123740990003f15483b409d77e43d7c2f7ba001030686b8986cb4720412d525651e12593363a43698a8ef0273c3e338b2fe4e6df0f2cb31281083f8d9d49ef9559fdf09da5", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="00008c00"], @ANYRES32=r1, @ANYBLOB="000000000100000004000000"], 0x20) [ 145.809250] binder: 13242:13268 ioctl 40046207 0 returned -16 [ 145.923161] binder: undelivered TRANSACTION_ERROR: 29201 [ 145.933417] binder: undelivered TRANSACTION_ERROR: 29189 [ 146.462215] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:13 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x1}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x4000000003}, 0x1c) 2018/04/09 20:47:13 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x38000, 0x400c0) ioctl$sock_inet_tcp_SIOCATMARK(r1, 0x8905, &(0x7f0000000080)) r2 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r2, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r2, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r2, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:13 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000022300190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:13 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) r2 = syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0xffffffff, 0x40000) ioctl$PPPIOCGFLAGS(r2, 0x8004745a, &(0x7f0000000100)) 2018/04/09 20:47:13 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="000000001800fbf90000000080bb0000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="3f01000000000000"], 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) 2018/04/09 20:47:13 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f0000008780)=[{{0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000001480)="0ee53b984ef9729d7e2ba1479ae0da52", 0x10}], 0x1, &(0x7f0000001540)}}, {{&(0x7f0000007100)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x800, @mcast1={0xff, 0x1, [], 0x1}}}}, 0x80, &(0x7f0000007180), 0x0, &(0x7f00000071c0)}}], 0x2, 0x0) 2018/04/09 20:47:13 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0x0, 0x800) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:13 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r1) 2018/04/09 20:47:14 executing program 2: mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000176000)="00640001000445") getdents64(r0, &(0x7f0000000df0)=""/528, 0xff95) 2018/04/09 20:47:14 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000000f00190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:14 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x8) ioctl$EVIOCSKEYCODE(r2, 0x40084504, &(0x7f0000000080)=[0x1, 0x401]) [ 146.703515] binder: 13331:13335 got transaction with invalid offsets ptr [ 146.723164] binder: 13331:13335 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:14 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x3) ioctl$TIOCCBRK(r1, 0x5428) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) fcntl$F_GET_RW_HINT(r1, 0x40b, &(0x7f0000000080)) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r2}}, 0x18) 2018/04/09 20:47:14 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r1 = openat(r0, &(0x7f0000000080)='./file0\x00', 0x8000, 0x100) ioctl$LOOP_SET_CAPACITY(r1, 0x4c07) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r2, 0x0, 0x1, 0x4}}, 0x20) 2018/04/09 20:47:14 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x1, 0x0) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f0000000080)) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) [ 146.806265] binder: BINDER_SET_CONTEXT_MGR already set [ 146.819241] binder_alloc: 13331: binder_alloc_buf, no vma [ 146.824938] binder: 13331:13335 transaction failed 29189/-3, size 40-8 line 2963 [ 146.848161] binder: 13331:13345 ioctl 40046207 0 returned -16 2018/04/09 20:47:14 executing program 2: 2018/04/09 20:47:14 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001200190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:14 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000a40)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000a00)={0xffffffff}, 0x106, 0xa}}, 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@bind_ip={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e23, 0x0, @empty, 0x3}, r1}}, 0x30) write$rdma_cm(r0, &(0x7f0000000440)=ANY=[], 0x365) 2018/04/09 20:47:14 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) r1 = syz_open_dev$sndpcmc(&(0x7f00000015c0)='/dev/snd/pcmC#D#c\x00', 0x44, 0x5150fe3281c7ef96) setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x30, &(0x7f0000001600)={0x2, {{0x2, 0x4e22, @multicast2=0xe0000002}}, 0x1, 0x1, [{{0x2, 0x4e21}}]}, 0x110) openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rfkill\x00', 0x0, 0x0) listen(r0, 0x5eb857) r2 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r2, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r2, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r2, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x400000, 0x0) faccessat(r3, &(0x7f0000000080)='./file0\x00', 0x20, 0x1800) 2018/04/09 20:47:14 executing program 2: syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x1) 2018/04/09 20:47:14 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001500190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 147.062734] binder: undelivered TRANSACTION_ERROR: 29189 [ 147.068843] binder: undelivered TRANSACTION_ERROR: 29201 [ 147.549278] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:15 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x7, 0x10000) fadvise64(r0, 0x0, 0x3, 0x7) 2018/04/09 20:47:15 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0563044000004041db437b1b04de34ebd947aed44b000049d142650fe8be0a90322c9d660fdc39de34ed32322debdc3a463bf22da81420357804966035b2e117874e133f1e7f65618c3286bbcb3742a7b41b6192dfc0e5ea278de0b146b2feecb4c33157b5cc85c1a477ba852228849e5fc3cc"], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:15 executing program 2: syz_open_procfs(0x0, &(0x7f0000c1bff5)='projid_map\x00') 2018/04/09 20:47:15 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r1 = socket$inet_icmp(0x2, 0x2, 0x1) getsockopt$inet_mreq(r1, 0x0, 0x20, &(0x7f0000000080)={@dev, @local}, &(0x7f0000000100)=0x8) write$rdma_cm(r0, &(0x7f0000000700)=ANY=[@ANYBLOB="00000000180000130100000000040000", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="3f01000000000000"], 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r2, 0x0, 0x1, 0x4}}, 0x20) r3 = socket$inet_icmp(0x2, 0x2, 0x1) setsockopt$sock_void(r3, 0x1, 0x1b, 0x0, 0x0) 2018/04/09 20:47:15 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = getpgid(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) clone(0x0, &(0x7f0000000200), &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)) bind$inet(r1, &(0x7f0000df1000)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10) sendto$inet(r1, &(0x7f0000de1fff), 0x0, 0x20008045, &(0x7f000057f000)={0x2, 0x4e20}, 0x10) sendto$inet(r1, &(0x7f0000001080)="11a58fde76494964192b7d36a27acca25803db92ed306004b3d3cbfc195485c3b895d864ab91a3aebde4f70a917a91ec9612d004000a7b43a35bb73249ede41bf5c05ab608fb7b74ffd57f6e8e43cf9cb723fc0d8d8cabbbbae3a5fde8ad6f52d667c512596f50b9962aa2193688d8212115bb57801742d74d39c4b003a5e292e077ed102e7999329aab95a3d96363505f76c86a6d2352dd8025207ae531701f1ce353d6b017eb64000000bc2e9f8b66fe4a8e64f0fc7a0aa55d4103e1d7d5b0dd5750071e9b3a786021678a86fcbb0b9f9364ec0f0310306fef9c21b3b20d8b44423b495299cea2c6f40c377a72534453ad7f5af27b1efb2514ace1f9a68cf205a9ddb8fd954e34bde3612e6e05686cf3b968a14bd3a356f7b8d20214c0f7a388ef5ea8d063c65f2aabff685e69f86b4a0b3697f8bfbfe66796f0489ad2e49bdbc1742941c28c88cb93e1f8ccc3db4782cdf9cbd797ddc8d7b1364da50ad48e081a38622280169eba09000000b5f15bdf8a8b6483340a3297c31154905db209195c28f15d10153204fbe0586516c714ddc939e0eb68c73969e81fc6f215b476ddf3fcf1a604603360089dadba2779cfed9027ac163067fc0d7592ac8a013b907372a42b242405241ac1f63f85a52fff2d78b30e87a156b5cfa133dabc259bb027bec5eb8c8eb623e9776a13d3ce972a6769de8a78153f498084a244b0146b77be3d1cba7b02fe8906ed8a88f105c763d1772825b986d52823bf38b6f95eca494fd9c64497874b9f450bec65311493cc108b27611eaa6819305a3730d29368f25f7e816d60884a1e0271c3c786ad36391366ac3b65f04c148974f6973005c5ff73d6f0b3f7e44c65da7c4115c4ee543991e4ad26938384cafffffffc8f7e79aaf1b8ef80f627e3c7168ecda2cf224a491bea6129fcd954b88dbb2d29464931bcd5378041db67ddc70ee856ae09c1b26b9ada008a7d52bf1a160606865a29794f36b2a3811c66e9fe27af8fc8356374e37f3eca244367fb535dde71fae4683710761b89e28820d4f06065450c3d1f76fa26ef28320edf6c36480af14f4444edb40ebb3f8ea264486e351c40c7e43c7a69c24da10db6f60da3e648f16b5fc6b5a5c6217e46c1f3ff354a8b49beb3b46a69dcb4c5d547a7b7ba8fe22da0173f9fe80f4bd4ec4d2e0d3c91b1a326d8bb9fded873e87f847032af52bd6d129f3ce3f11ea9d0b4250af7eaa2649d9972b9b8dc773c869b3a431eac7f55d6bb92dc29f0eb7d8959e2af7571efb7ec88eac4b62850e8f6b60d4a5d06d66875b4bd260a9014a2eb88621f4c6eb3f9ed2190b48acf0358d8b82fb4794535fcb8dd50ba86d23d230a94f07a768142ff3b4c8558dac21726b6279980c238041f26e86c8e3fa8302834599cff4e5a37d610ab7c15daaffb744a505a3dd9802b3721f29553ee23e1cf376f12cc3fe6b7ac76bd13da44356855be096155e355c9cad31fcdeedc6679c531bc1a2765dc8777108ec5e31d793005e718a9ced77d6505e44f649128a29f5264fecba132f9f5016eaf690751edd64d903b36ceb2b08042c60e9e97f8bc985476e6088a5ebd3743c2358171b30b16d730a5dd49c92fa19cc267e2c1927f200fc3d23a804f0a12b06a6a88a2685051ab28f1721209ada2c14b557a49423795b07040d510bb21ce5d15acedd18cb7cb7a93389c8d934206e4ffb220048a7a82fb3c251d0a31ba5af9eb0c16e29f33f9d0a78f5e6300cf04d17eb5f67711cafa0d4e99eeaf0f8fdbd34170318879a0d12c01891127ba7b677d204268524c5af1d7dc27176826302e34f9d35d2f2eefad5f22f68929d3456c11d5f00d4a8ce8b784bca8088805731eff2d47024c2da68abc2d2c0f7806d7d76cdf489f3bffa75cb826bc0809331d89a3255a498b8150d4ae31d03414ab244939455b6377c2917cb2d8a9f9ebf282657e417860e49ac94f4a838aefd34f28960a78da47933252d8cb2fdb27d413ee54502cd1bf75585468b77b8dca627cab29ef0a5297ee3dcb4c987520804e9a5f45e8241019281bab7e30f4b008bf0edf3b6fb5e8d1c2ab619b2eb84293d636a6a37d716cd8e102b7099676693cb7b01031b57ee93fd22cb18229893fd4d4ef87f1596879ac9f61b2f0c35be34cb6e6f75087ff963c188d43bcb464a95e956e75559eb1f6f2224fb2ca8f0bdc90ae5c2ce712498ee4026b13b8f3137000aa1545a75e5b48e80da30e6dac5529cac1099244e79ad542f45dcfbf16c62b5eb63daee8185c5e79ebfa1ca60880f9e2895f54ab95bbae38ae62200c1e439d73fa63d0bff75935a8ad2ae73b82132e8d4eb4bd55844b2f55c65d5ffa0c65aaf0cc5bc73925d05cf7c1c4383af074feb3a53919d2a3b5bef96115aab966821dbfc4577d19d85911a485c58a5b87cf44d230cfdc255486bb09d5c16f2164397f0fc5f652a171f0269bdcd98291410c010cc377d2690a6032fe5701117adbd0f6b847c9617a9b3d20529024d8d9749b9c49827694d346d3b1bbe434122331986b9f6e84430dfd75d123f3e307d6f5514f3da09b527408bfb6816da54beeefad160e4b095517f3292c2e17fb3bba47527671d0afe7c35d54d25ab307b15d069a05395a9cddd4b519224fe3c689d14827ede6d91ebace2a80afaad3dcd1f8ce20e92012b8934d7ff3ebdd285cc24202a86d70b96674a6af05a3c29065afa4e38b9c34006cb3eb9c87985cfc511a8c261cdeb0c7a3c7a682c40c5b9f1d7d5ef6f97e32d02fdd3f2ded413f4236c4db899b96c8e40d91c2743cd1d435010300000000000000345b66cce79fa49f10baa4ef28535eee8c5c1a4b38bace2fb14ec11d34d620b1cc2396dc1fa857ac6ac9f5689b5935f2f25184edd40f8f5c70714f941beae3e1bc9af757edd9d68fb24218e2a02aad4dc0b3c2e54694ce547fc38f38e52673473fd0e57497978324aee16559e9cdbe5b3a0b96dd69fe5bc97e644487274b6158a0412bd60172bb66f774b8eae7bc1f52ed64d44c553bdc26823e35f18683554e7359802173d1fa86a66104abb1977c3e9fa6970ed7ee483b14b65673a81786fe0ed301f8edb0669fd25bfa0d565e3e93b19b8572c98dbacb103053527a95ee758be002e03df756bbc486def0db079124db72fadc26f0a26b42e21f260f902bb4cd881baae57eff1c3cc15063be17e48208b9a69622adfc03991d204fe0f5ae2528b22c7743f97e0669a1c3c0d0d90f39846fd954d681be0265d14b12285fb1b20bcbaa95915ad51ab8f84094674cbac0071021b261c39a46b0177b98f1662100ef31a3e981236d51e6c1429144a89d46b149301873ef99959f8ab15c12309620d5d548b62ff92233a3f200e0d0a9c2122be615dd91e6a6cd89290d24895540635fead9a56f481ee3fd7890852e27b9fda1d25693cfc33defea84f65c08cce479c66dc16b28d453a1b717fdd9f6ff46b1fa1b6866b4a8c1ad53439c5958403953b3a844b660b28b11d427b392a7c710edbf25725a65e6b94e4c64ae458a8c97c9f7a05a7d8ebf6c76e36cc0204ced97be84986da5403ef31eff1790c039fe00a89976ccab7638d2e217fc64609a41f3a008ed78b25d1a9420b782deef6ce2db2c6d427580087b69c75c1357ed2908c32cffee1c6ddd08510562ab015507a4eb4f54ae5c097cdca34f521f9fa8df7667645a696a472650c1ca9c035e95f34db54722897159c31dc6be5693a5f3871ccbb48a7ead233d03b76875590fa20bae4f37a2011622d0203a3e9d9e198cb075aba26f5e78a8f0b0cd27052527daf0f8e77858dbddec7038c198b868e93ae32f1745d166afed4129460e07af8cb6c3debb6503e87f3cb309e39ed3d682d24adec48ea22702c4d8d48386977a89b73e585f8c2c5fcb0a693cd5028a601b04b833a41ec705735c767c70d316b60aba2da24bd6523533f3180accade90f47e412b393ee1d2456cf8bb430289ddb824350764985c5e35f738f830a378bfa65fd167c7307c13acb912beefa69e499d4a750e820a7af08a7c204ffb64e09fcc921a4e79999757d608837bfd52255bbc16369af4f779edfd9439cfcd17fcc02d5aaa81bac66fa2e551cef55779bd90e8be587ee698575918fced59ec652af26718b3afd1471379132ba0b5143a78f84605b1ef51e49e820a8a8c1639f66bca5afd83602287e982eb125a3a032e4cc5b5be91ab4d8d958fd4dc4cbd310eddc91d89ada4d33fcc963d259e222520281d14e13577906e33665a31afa7cb501cc0c1198d1f755005e82f29bcda62bbf8680bc23d09cac6a8c89709b30c91d27ea148f01ba745346f1ba9ce89cd9b71ff18668a0254c07479762dbb78117c50450506e2a0a606309aa383ec55a49d2569c3a3fef8aad456aa81cb859519765de18a4b92194e8a6a43f1dade801f71eb56699bc021fa48f320f4128d6c153a2ec1fba1c5ca55c5058641692365d311c8902aaf1428d83281aa970af5d98591cd3af30fbb5ee4a1b697491ff6dd727a329feb17b7846254d691f949baf96afa195c62f2c3fd1855a79b25268cef9822e3c6a1b3aa226ec494b070a8774426a5f8877714fe206e569635805208ac7823c8546ec33e4482a85d6fddf86a37a1c60f0a19b5dfe88031b7541af0e93cac8a3bb1ff3e60190b96faedc3b6f63d38f3ee4286fbaa053e8e27ed13b77b2c576d824d777ca53df76d9572e71f74ff180778bf57458b37fe9dbaa6f9927b48b059e5c7fd908ac826aed8f68764285022f4b5cb6b73ef7222ecb0d701c782ed5c16a7c94235fe7c3e0bef9da7310c5f3cda407c5ae7ecfb6b392ad576610b48af17b3fc8a2fd6cd2eee1153cc48a21ba6768a88367a807be008bea547402da4c92c2006c83d74c9d0ef2ca711c54036c8e76ac26c7d22060c9bfc2e67f1d1c6f6bd2f751879295ee21fcf8588c9504cacb02fa3e3fc6e2bed352447a5c2677caba0538960357d6d1706adef5e7d4f6298ed4ecacb7776de15d9bbd672f9991f4bdc4f07401f67cf3a74c0495ea58d0f76a2e6060cecc1d04b93808dc8d61130305740b408359d5552cc23a7b1eff4285d563b4b6b011a4a11372a2bb01cbda724482f95c4487b02c85cc121012b3213041ff6a689072daa4d86a4c125b110f4e2eeed2dd73db0f94ce995896e0b8a9f8f3e9559024251a5b1726b0b3775bac9f4ff5cc9037cc08cd35f88c4d7b89e46a8cbd05e3c35732b5046b33060dce5372b171daa526a46c3444b331e71f0455fb8b43dd46e2c9f2c4effccf040e56de00000007b16de337f13e7a610feac2f336e75405a530815366e7edfbb429babfd0e68db56892b94621edd9df6ff454ab1dcdb8d39d282fa7932ec7ba5203df2f4196538a1fa040c8014d20ff57fdb8515325a6997b9b71f2094e053f126402a47e628eeb7d8f665fbabe8f1a409ca9c7c5c25baaa0e9945acf27e96f8241a445f7d3352494ba4210b348fa0ec11ea67dead4fc1e5e4f9202931386468882bee59f8d12174198142ef7764d6b930e937e20d018c0cc5a780490356f5521aac74d2c1736e20ae5e0cd8cf6676ac337e8a8976aac75a698e34e72bac561038f228c13b6e974bc21bb79618111db507f3ba314dd2d05fd050d684cf33d8da5f8e5f723a092098ac5b180a6579d543515c2e1d0eb502193aedab526d354b625990c7d5a9f90d86c4e374054f1d14270b603065293e7fa3840de575413b74bfbc4f8c139947ade9a000000000000000000bf37544068c0ae5eaad2566baa5b2ac5a6c36831e3b8080be6d325044e377cc259c587d50aad8283032b58fff5865dd9f23d2e1ba911a647c751fdf043", 0x1026, 0x3fff, 0x0, 0x0) r3 = socket$inet_dccp(0x2, 0x6, 0x0) r4 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0xb0, 0x400000) getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffff9c, 0x84, 0x0, &(0x7f0000000080)={0x0, 0x4, 0x0, 0x3bb680000}, &(0x7f00000000c0)=0x10) setsockopt$inet_sctp_SCTP_CONTEXT(r4, 0x84, 0x11, &(0x7f0000000100)={r5, 0xffffffff}, 0x8) connect$inet(r3, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r3, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r3, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) ioctl$sock_inet_udp_SIOCOUTQ(r4, 0x5411, &(0x7f0000000140)) 2018/04/09 20:47:15 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001300190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:15 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x1, 0x0) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f0000000080)) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:15 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r1) 2018/04/09 20:47:15 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="4800000f1400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:15 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=@ipmr_getroute={0x14, 0x1a, 0x101, 0x0, 0x0, {0x80}}, 0x14}, 0x1}, 0x0) 2018/04/09 20:47:15 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$l2tp(0x18, 0x1, 0x1) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ax25, &(0x7f0000000000)=0x80, 0x800) setsockopt$inet_mreqsrc(r1, 0x0, 0x2d, &(0x7f0000000380)={@loopback=0x7f000001, @broadcast=0xffffffff, @loopback=0x7f000001}, 0xc) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=ANY=[@ANYBLOB="05000000100000fa", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYRES32=r2, @ANYBLOB='\x00\x00\x00\x00'], 0x18) [ 147.763262] binder: 13408:13410 got transaction with invalid offsets ptr [ 147.797113] binder: 13408:13410 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:15 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=ANY=[@ANYBLOB="00000d65468d00000000000002070000", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="3f01000000000000"], 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000500)='/dev/qat_adf_ctl\x00', 0x1, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000540)={0x0, 0x1ff}, &(0x7f0000000580)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000005c0)={r3, @in={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x12}}}, 0x2, 0x7, 0x6, 0x6, 0x1c}, &(0x7f0000000680)=0x98) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x450000, 0x0) [ 147.844994] binder: BINDER_SET_CONTEXT_MGR already set [ 147.861330] binder: 13408:13433 ioctl 40046207 0 returned -16 2018/04/09 20:47:15 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000021400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:15 executing program 2: r0 = socket(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) fchdir(r1) r2 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x72439a6b) [ 147.889330] binder_alloc: 13408: binder_alloc_buf, no vma [ 147.895019] binder: 13408:13410 transaction failed 29189/-3, size 40-8 line 2963 2018/04/09 20:47:15 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) socketpair(0x5, 0x80f, 0x80000001, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$rdma_cm(r2, &(0x7f0000000140)=@set_option={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000100)=0xfffffffffffffff9, r1, 0x0, 0x2, 0x4}}, 0x20) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000080)=0x0) sched_setscheduler(r4, 0x1, &(0x7f00000000c0)=0xe93) write$rdma_cm(r0, &(0x7f0000000180)=@notify={0xf, 0x8, 0xfa00, {r1, 0xf}}, 0x673009e0dfcbdb54) ioctl$KVM_SET_FPU(r0, 0x41a0ae8d, &(0x7f00000001c0)={[], 0x75, 0xfae, 0xdfe, 0x0, 0x2, 0x4ffe, 0x5004, [], 0xb2bb}) [ 147.936196] binder: 13408:13433 Acquire 1 refcount change on invalid ref 1094713344 ret -22 2018/04/09 20:47:15 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x244) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) 2018/04/09 20:47:15 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000000f00190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:15 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) r1 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x7fffffff, 0x400000) ioctl$TIOCGWINSZ(r1, 0x5413, &(0x7f00000001c0)) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r1, 0xc10c5541, &(0x7f0000000040)={0x5, 0x9, 0x8, 0x0, 0x0, [], [], [], 0x80, 0x621}) 2018/04/09 20:47:15 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/arp\x00') r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = syz_open_dev$tun(&(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000280)={'syzkaller0\x00', 0xb}) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f00000002c0)={{0x2}, {0x0, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}}, 0x0, {0x2, 0x0, @rand_addr}, 'syzkaller0\x00'}) pread64(r0, &(0x7f0000000200)=""/8, 0x8, 0x40000001) 2018/04/09 20:47:15 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x20e, 0xfffffffffffffffd, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x2) [ 148.042739] binder: undelivered TRANSACTION_ERROR: 29189 [ 148.048970] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:15 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001200190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:15 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) r2 = syz_open_dev$sg(&(0x7f0000000080)='/dev/sg#\x00', 0xffffffffffffff81, 0x101000) ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f0000000100)={0x1, 0x6}) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) [ 148.109253] binder: 13470:13474 got transaction with invalid offsets ptr [ 148.155452] binder: 13470:13474 transaction failed 29201/-14, size 40-8 line 2991 [ 148.202574] binder: BINDER_SET_CONTEXT_MGR already set [ 148.230303] binder_alloc: 13470: binder_alloc_buf, no vma [ 148.236101] binder: 13470:13474 transaction failed 29189/-3, size 40-8 line 2963 [ 148.243332] binder: 13470:13490 ioctl 40046207 0 returned -16 [ 148.285699] binder: undelivered TRANSACTION_ERROR: 29189 [ 148.291366] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:15 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x1, 0x0) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f0000000080)) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) [ 148.649992] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:16 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r1) 2018/04/09 20:47:16 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x1, 0x0) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f0000000080)) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:16 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000540)=@create_id={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000500), 0x0, 0x1009}}, 0x20) write$rdma_cm(r0, &(0x7f0000000a80)=@create_id={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000a40)={0xffffffff}, 0x113}}, 0x20) write$rdma_cm(r0, &(0x7f0000000ac0)=@query={0x13, 0x10, 0xfa00, {&(0x7f0000000740), r1}}, 0x18) write$rdma_cm(r0, &(0x7f0000000700)=@resolve_route={0x4, 0x8, 0xfa00, {0xffffffff, 0x2}}, 0xc) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x200, 0x0) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x1, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r2, 0x8004e500, &(0x7f00000000c0)=r3) 2018/04/09 20:47:16 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000023ff0)={&(0x7f0000000000)={0x1c, 0x24, 0xaff, 0x0, 0x0, {0x3}, [@nested={0x8, 0x1, [@typed={0x4, 0x0, @binary}]}]}, 0x1c}, 0x1}, 0x0) 2018/04/09 20:47:16 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) connect$inet(0xffffffffffffffff, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(0xffffffffffffffff, &(0x7f0000f8aff1), 0xff8f) sendto$inet(0xffffffffffffffff, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x20013e, 0x0) ftruncate(0xffffffffffffffff, 0xffffffff) getsockname$inet6(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, @local}, &(0x7f0000000180)=0x1c) ioctl$KVM_GET_REGS(r1, 0x8090ae81, &(0x7f0000000080)) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(0xffffffffffffffff, 0x81785501, &(0x7f00000001c0)=""/139) sendmsg$nl_netfilter(r1, &(0x7f0000000340)={&(0x7f0000000280)={0x10}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c0000000920bf002dbd0010000000000000000000000000000000007d367c6009a65de2c97a1553722103aef79ac3c306adc13e6205d69c0b0dcec766381459de60375fd14037d68f5382614dac0c6bba25578ed1e65047bbd416785d7853bf4c06e6"], 0x1c}, 0x1}, 0x4000010) 2018/04/09 20:47:16 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001300190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:16 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000a80)=@create_id={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000a40)={0xffffffff}, 0x1, 0x1000}}, 0x20) write$rdma_cm(r0, &(0x7f0000000080)=@listen={0x7, 0x8, 0xfa00, {r1}}, 0x10) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), 0xffffffff, 0x0, 0x1, 0x4}}, 0x20) 2018/04/09 20:47:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0563044000000041"], 0x0, 0x0, &(0x7f0000000240)}) [ 149.471634] netlink: 'syz-executor2': attribute type 1 has an invalid length. [ 149.481265] binder: 13511:13522 got transaction with invalid offsets ptr [ 149.496222] binder: 13511:13522 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:16 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="00000000180000fa0000000000000000", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="75cafb89db023e7221d3c2b4086dd7a67427fd0c1a677711d683da425b2af461310241c6a03f3a2c81994d38d6a2c76a38bca8c72789c6f5e146195802d9ee438c3e7abbb183912954248d65a6d10a6044e7985ad6d6e73e67ac9faedb04d3628f4df86e757a211d7838163770d07dc3d0e35e713263a12817c0156250217e183651ead23d4f9c6c5c6cf66a8c9895a37206870c2c400545544c9060cd21d3f030de52"], 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) 2018/04/09 20:47:16 executing program 5: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x65a000, 0x0) setsockopt$l2tp_PPPOL2TP_SO_SENDSEQ(r0, 0x111, 0x3, 0x1, 0x4) r1 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r1, 0x5eb857) r2 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r2, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r2, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r2, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) ioctl$VHOST_SET_LOG_BASE(r0, 0x4008af04, &(0x7f00000000c0)=&(0x7f0000000080)) 2018/04/09 20:47:16 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001500190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:16 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)="2f657865000000000000d50fef7afaf807e3c2f98d0d02812e3ca05fc31e623a2a051fc20fa5a02d84267a0067ac78b8ed1ee48d8097f99d3188a59818771e21974fc3d02efdabd0512782c2474e0a8c17538091e53bdc54aa574b0615a98c9046beb56b8bb5744fcc54b400dec854d2da9efbbdf5e4c75fae864cc0fce7514c133f17a1003b735d3d5b3e10b683128034ec6e19ed879a810a401f95b9860b41b3b8683ac1b6f21c21769cbd07a9b0f2ab9711ecaaf67a7a74beef377c60b435f3eee826d174ca7516e89abcebd589104d80402acce68d7ae101c57bbc26c33df519152ef8daf388b20fbc8c55cdb7d471a822531e7d7b88bbb269d72051d904000000000000007f9e30fabf336e53827a8bdd4f7c3fba515adeb8e68d965b0a52ec80d74eebb4c2904be489d2d473dab9f302545f6fd2973979092a404bdee5aad5d3eb20cb69f2e8c01eab7fbf98463fcdeb034f041dbd1cd779e40828d9db22f3e839a3f58a0e6ac2312fb1f95ffb6e97c6cc55353b7301984f08f9ca247456b5628692d5e443455794a27c4b194226b60a3b19bf09a2595e1d5aa5eb62934533af467d7de9c30c5f7b4db1f048c64587b71b2be65c78") fgetxattr(r0, &(0x7f00000002c0)=@known='user.syz\x00', &(0x7f0000000280)=""/13, 0xd) 2018/04/09 20:47:16 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000080)=@join_ip_mcast={0x10, 0x30, 0xfa00, {&(0x7f0000000000), 0x0, {0xa, 0x4e22, 0xf68, @empty, 0x3}, r1}}, 0x34) [ 149.529640] binder: BINDER_SET_CONTEXT_MGR already set [ 149.548748] binder_alloc: 13511: binder_alloc_buf, no vma [ 149.554460] binder: 13511:13522 transaction failed 29189/-3, size 40-8 line 2963 [ 149.573257] binder: 13511:13532 ioctl 40046207 0 returned -16 2018/04/09 20:47:16 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="00000000180000fa0000000000000000dd8f149f7a7e95b5dc0a292200a574428d651f1b13f41d9eede63c35dc6c4581764d79e4d289526d1007de6ce567cdfe788b8fbb3a403edda1a9ffef9473541e34c9af18b4deeb8aabb1b9", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="3f01000000000000"], 0x6b) r2 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x3, 0x200) fgetxattr(r2, &(0x7f0000000200)=@known='security.selinux\x00', &(0x7f0000000240)=""/171, 0xab) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000180)={0x3, 0x0, 0x1, 0x3f}) ioctl$DRM_IOCTL_AGP_UNBIND(r2, 0x40106437, &(0x7f00000001c0)={r3, 0x559}) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) [ 149.616424] binder: 13511:13533 Acquire 1 refcount change on invalid ref 1090519040 ret -22 [ 149.626971] dccp_xmit_packet: Payload too large (65423) for featneg. 2018/04/09 20:47:16 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="48000000c00e190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:17 executing program 2: [ 149.769575] binder: undelivered TRANSACTION_ERROR: 29189 [ 149.783528] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:17 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) creat(&(0x7f0000000000)='./control/file0\x00', 0x0) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r1) 2018/04/09 20:47:17 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNGETFEATURES(r1, 0x800454cf, &(0x7f0000000180)) r2 = socket$inet_dccp(0x2, 0x6, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x1010, r2, 0x0) connect$inet(r2, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1, 0x50, r1, 0xffffffff) r3 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x100000000, 0x1) getsockopt$bt_l2cap_L2CAP_OPTIONS(r3, 0x6, 0x1, &(0x7f0000000080), &(0x7f00000000c0)=0xc) write(r2, &(0x7f0000f8aff1), 0xff8f) socketpair$inet_udp(0x2, 0x2, 0x0, &(0x7f0000000100)) sendto$inet(r2, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:17 executing program 2: 2018/04/09 20:47:17 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x1, 0x0) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f0000000080)) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) 2018/04/09 20:47:17 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000200)) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0e000000180000fa", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="00000002"], @ANYRES32=r1, @ANYBLOB="000000000100000004000000"], 0x20) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x90000, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffff9c, 0x84, 0x66, &(0x7f0000000100)={0x0, 0x9}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f0000000180)={r3, 0x7ff, 0x9, 0xe4, 0x3, 0x8000000}, &(0x7f00000001c0)=0x14) 2018/04/09 20:47:17 executing program 4: r0 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x101000, 0x0) ioctl$KDDELIO(r0, 0x4b35, 0x400) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r1, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r1, &(0x7f0000000700)=ANY=[@ANYBLOB, @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYRES32=r2, @ANYBLOB='\x00\x00\x00\x00'], 0x18) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuset.effective_mems\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r3, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000ffc000/0x4000)=nil, 0x4000}) 2018/04/09 20:47:17 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000000)='/dev/snd/midiC#D#\x00', 0x3, 0x42) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000040), &(0x7f0000000080)=0x4) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:17 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000002302190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 150.350887] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:17 executing program 2: [ 150.425483] binder: 13585:13587 got transaction with invalid offsets ptr [ 150.442089] dccp_xmit_packet: Payload too large (65423) for featneg. [ 150.460320] binder: 13585:13587 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:17 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="48000000140f190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:17 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000001a80)=@create_id={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000001a40), 0x13f, 0x4}}, 0x20) write$rdma_cm(r0, &(0x7f0000002240)=@create_id={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000002200)={0xffffffff}, 0x1, 0xa}}, 0x20) write$rdma_cm(r0, &(0x7f0000000340)=@disconnect={0xa, 0x4, 0xfa00, {r1}}, 0xc) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100)}}, 0x18) [ 150.485861] dccp_xmit_packet: Payload too large (65423) for featneg. [ 150.502136] binder: BINDER_SET_CONTEXT_MGR already set [ 150.503686] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 150.515482] binder: 13585:13604 ioctl 40046207 0 returned -16 2018/04/09 20:47:17 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) 2018/04/09 20:47:17 executing program 2: 2018/04/09 20:47:17 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x2, 0x28280) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000180)={0x79, 0x0, [0xfffffffffffffffc, 0x80, 0x7fffffff, 0x8001]}) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r2 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r2, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r2, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r2, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000040)={0x0, @rand_addr, @multicast2}, &(0x7f0000000080)=0xc) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f00000000c0)={@loopback={0x0, 0x1}, @loopback={0x0, 0x1}, @local={0xfe, 0x80, [], 0xaa}, 0x6ad, 0x1f, 0x6, 0x500, 0x80, 0x4000000, r3}) [ 150.552277] binder_alloc: 13585: binder_alloc_buf, no vma [ 150.557993] binder: 13585:13587 transaction failed 29189/-3, size 40-8 line 2963 [ 150.679588] dccp_xmit_packet: Payload too large (65423) for featneg. [ 150.714128] binder: undelivered TRANSACTION_ERROR: 29189 [ 150.726802] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:18 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) creat(&(0x7f0000000000)='./control/file0\x00', 0x0) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r1) 2018/04/09 20:47:18 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) dup3(r0, r0, 0x80000) 2018/04/09 20:47:18 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x101000, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x891b, &(0x7f0000000080)={'ip_vti0\x00', {0x2, 0x4e21, @multicast2=0xe0000002}}) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r2}}, 0x18) 2018/04/09 20:47:18 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) r1 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0xfffffffffffffffa, 0xce93e3c608210744) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r1, 0x118, 0x1, &(0x7f0000000100)=0xc, 0x4) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:18 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001402190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:18 executing program 2: 2018/04/09 20:47:18 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x1, 0x0) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f0000000080)) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) 2018/04/09 20:47:18 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) socketpair(0xa, 0x7, 0x8001, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000002c0)=@broute={'broute\x00', 0x20, 0x1, 0x1c8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000c0], 0x0, &(0x7f0000000080), &(0x7f00000000c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffc, 0x1, [{{{0xb, 0x1, 0x88eb, 'bridge0\x00', 'syzkaller0\x00', 'yam0\x00', 'dummy0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, [0xff, 0x0, 0x0, 0xff, 0xff, 0xff], @empty, [0x0, 0x0, 0xff, 0xff], 0x108, 0x108, 0x138, [@physdev={'physdev\x00', 0x70, {{'bpq0\x00', {}, 'gre0\x00', {0xff}, 0x0, 0xa}}}]}}, @common=@CONNSECMARK={'CONNSECMARK\x00', 0x8, {{0x1}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x240) bind$inet6(r0, &(0x7f0000000380)={0xa, 0x4e22, 0xfffffffdfffffffe, @dev={0xfe, 0x80, [], 0x13}}, 0x7) uselib(&(0x7f0000000340)='./file0\x00') listen(r0, 0x5eb857) r2 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r2, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r2, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r2, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:18 executing program 2: 2018/04/09 20:47:18 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400ff0d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:18 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000100)=ANY=[@ANYRES16, @ANYRES32=r0, @ANYBLOB="00000000000000be6dbf0eea6c75d360a48b5534e0612618a967d892b218ad6dc0b882311b09ff3b02708b1eca"], 0x33) ioctl$KVM_CREATE_DEVICE(0xffffffffffffff9c, 0xc00caee0, &(0x7f0000000080)={0x6, r0}) ioctl$TIOCSBRK(r1, 0x5427) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), 0xffffffff, 0x0, 0x1, 0x4}}, 0x20) [ 151.262965] binder: 13641:13643 got transaction with invalid offsets ptr [ 151.280313] binder: 13641:13643 transaction failed 29201/-14, size 40-8 line 2991 [ 151.297770] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:18 executing program 5: r0 = syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x2, 0x408000) getsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f00000000c0), 0x2) r1 = socket$inet6(0xa, 0x6, 0x0) flock(r0, 0xa) r2 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x4, 0x1) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000400)={{{@in6=@dev, @in=@rand_addr}}, {{@in6}, 0x0, @in=@rand_addr}}, &(0x7f00000002c0)=0xe8) r3 = getpgrp(0x0) ioctl$sock_SIOCSPGRP(r1, 0x8902, &(0x7f00000001c0)=r3) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file0\x00') bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) syz_open_dev$amidi(&(0x7f0000000100)='/dev/amidi#\x00', 0x0, 0x4000) listen(r1, 0x5eb857) r4 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r4, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r4, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r4, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:18 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=ANY=[@ANYBLOB="010445774f460000", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00'], 0x18) [ 151.357620] binder_alloc: 13641: binder_alloc_buf, no vma [ 151.363289] binder: 13641:13643 transaction failed 29189/-3, size 40-8 line 2963 [ 151.363506] binder: BINDER_SET_CONTEXT_MGR already set 2018/04/09 20:47:18 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) creat(&(0x7f0000000000)='./control/file0\x00', 0x0) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r1) 2018/04/09 20:47:18 executing program 2: 2018/04/09 20:47:18 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d100043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:18 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="000095f6d0dae9f1cb8120f3fa000000000000000000", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="3f01000000000000"], 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000002c0)="2f70726f632f7379732f6e65742f697076342f76732f73796e635f736f636b5f3ad3da3be96369f6d40c73697a65001b4c7a226702c907441e164459fd", 0x2, 0x0) ioctl$KVM_PPC_ALLOCATE_HTAB(r2, 0xc004aea7, &(0x7f0000000100)=0x800) [ 151.467255] dccp_xmit_packet: Payload too large (65423) for featneg. [ 151.487167] binder: 13641:13661 ioctl 40046207 0 returned -16 2018/04/09 20:47:18 executing program 2: [ 151.523457] dccp_xmit_packet: Payload too large (65423) for featneg. [ 151.559865] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 151.597353] binder: undelivered TRANSACTION_ERROR: 29189 [ 151.606843] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:19 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000000)='/dev/snd/midiC#D#\x00', 0x8, 0x8040) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000040)={0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000080)=0x20) setsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={r2, 0x4}, 0x8) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$DRM_IOCTL_VERSION(r1, 0xc0406400, &(0x7f00000001c0)={0x7, 0x3, 0x3f, 0x18, &(0x7f0000000100)=""/24, 0x32, &(0x7f0000000140)=""/50, 0x1000, &(0x7f00000003c0)=""/4096}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:19 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=ANY=[@ANYBLOB='\x00', @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="3f01000000000000"], 0x20) r2 = syz_open_dev$mice(&(0x7f0000000080)='/dev/input/mice\x00', 0x0, 0x800) r3 = mmap$binder(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3000001, 0x810, 0xffffffffffffffff, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000100)={r3}) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) arch_prctl(0x1007, &(0x7f0000000140)) 2018/04/09 20:47:19 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000001e80)=@create_id={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000001e40), 0x13f, 0x100d}}, 0x20) write$rdma_cm(r0, &(0x7f0000002cc0)=@create_id={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000002c80)={0xffffffff}, 0x111, 0x3}}, 0x20) write$rdma_cm(r0, &(0x7f0000002d40)=@destroy_id={0x1, 0x10, 0xfa00, {&(0x7f0000001ec0), r1}}, 0x15) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100)}}, 0x18) 2018/04/09 20:47:19 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0xfffffffffffffef0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x0, 0x0) r3 = syz_open_dev$dmmidi(&(0x7f0000000100)='/dev/dmmidi#\x00', 0x2, 0x10040) ioctl$TUNSETSTEERINGEBPF(r2, 0x800454e0, &(0x7f00000000c0)=r3) connect$inet(r2, &(0x7f0000000080)={0x2, 0x4e24, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:19 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x1, 0x0) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f0000000080)) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) 2018/04/09 20:47:19 executing program 2: 2018/04/09 20:47:19 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) write$sndseq(0xffffffffffffffff, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r1) 2018/04/09 20:47:19 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d0900ffeafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:19 executing program 2: [ 152.139617] binder: 13710:13715 got transaction with invalid offsets ptr [ 152.158952] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 152.179185] binder: 13710:13715 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:19 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="00000000180000fa0000000000000000", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="0910f191b5000000000000"], 0x20) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x20) setsockopt(r1, 0x80000000, 0x5, &(0x7f0000000100)="a4128f7067e122464ddee94c2893e90e77178a363160e24d4c141efde4e1027331e0a4336e2a", 0x26) write$rdma_cm(r0, &(0x7f0000002bc0)=@create_id={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000002b80), 0x2, 0xb}}, 0x20) write$rdma_cm(r0, &(0x7f0000003fc0)=@create_id={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000003f80)={0xffffffff}, 0x1, 0x1000}}, 0x20) write$rdma_cm(r1, &(0x7f0000004000)=@set_option={0xe, 0x0, 0xfa00, @id_tos={&(0x7f0000002c80)=0x2, r2}}, 0x22) r3 = semget(0x2, 0x0, 0x2) semctl$GETALL(r3, 0x0, 0xd, &(0x7f0000000740)=""/4096) 2018/04/09 20:47:19 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090f43eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:19 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs\x00', 0x6000, 0x0) ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r2, 0x800442d4, &(0x7f0000000100)=0x100000000) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000040)={0x3, r1, 0x1}) setsockopt$RDS_CANCEL_SENT_TO(r3, 0x114, 0x1, &(0x7f0000000080)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1a}}, 0x10) ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r3) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:19 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100)}}, 0x18) 2018/04/09 20:47:19 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) write$sndseq(0xffffffffffffffff, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r1) [ 152.239565] binder: BINDER_SET_CONTEXT_MGR already set [ 152.273828] binder_alloc: 13710: binder_alloc_buf, no vma [ 152.279544] binder: 13710:13734 transaction failed 29189/-3, size 40-8 line 2963 2018/04/09 20:47:19 executing program 2: 2018/04/09 20:47:19 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=ANY=[@ANYBLOB="00000000180000fa0000000000000000", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB], 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) [ 152.359565] dccp_xmit_packet: Payload too large (65423) for featneg. [ 152.371241] binder: 13710:13715 ioctl 40046207 0 returned -16 [ 152.413903] dccp_xmit_packet: Payload too large (65423) for featneg. [ 152.434273] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 152.467744] binder: undelivered TRANSACTION_ERROR: 29189 [ 152.476529] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:20 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="39a381cab95d97ba0063404000000000000000000000000000000000000000000000000000000000000000002800000000000000a8e90ff97b6390860444599ce810980771036f4ab6085b3a087e3df7f5b20f12c5ff3f3a2c6beea30d4ab125ad6dcbe0bd2346363f0009374ece695c37cd63264626c74ae67428", @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:20 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) write$sndseq(0xffffffffffffffff, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r1) 2018/04/09 20:47:20 executing program 2: 2018/04/09 20:47:20 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e23, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:20 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=ANY=[@ANYBLOB="00000000180000fa0000000000000000", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB='?\x00\x00\x00\x00\x00\x00\x00'], 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) ioctl$fiemap(r0, 0xc020660b, &(0x7f0000000100)=ANY=[@ANYBLOB="08000000000000000600000000000000060000000200000005000000000000000800000000000000ffffff7f00000000800000000000000000000000000000000000000000000000800000000000000000000000000000000101000000000000070000000000000081ffffffffffffff000000000000000000000000000000000a2100000000000000000000000000000000000000000000090000000000000000000000010000000000000000000000000000000000000000200000000000000000000000000000b30c00000000000002000000000000003f0000000000000000000000000000000000000000000000002a000000000000000000000000000000000080000000000900f5ff0000000001000000010000000000000000000000000000000000000005000000000000000000000000000000"]) 2018/04/09 20:47:20 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x1, 0x0) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f0000000080)) r0 = inotify_init1(0x0) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:20 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090243eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:20 executing program 4: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x0, 0x0) ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x3) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="00000000180000fa00000000000000003876974cc4331ce30b881888a9c9c81e6ca6ee4b80630538f89d8de61300000000000000000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYRES32=0xffffffff], @ANYPTR=&(0x7f0000000400)=ANY=[@ANYPTR64, @ANYRES64=r1]], 0x47) ioctl$EVIOCREVOKE(r0, 0x40044591, &(0x7f0000000340)=0x15) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r0, 0x28, 0x1, &(0x7f00000003c0)=0xffffffff, 0x8) write$rdma_cm(r1, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r2}}, 0x18) ioctl$int_in(r1, 0x5452, &(0x7f0000000380)=0x200) 2018/04/09 20:47:20 executing program 2: [ 153.034389] dccp_xmit_packet: Payload too large (65423) for featneg. [ 153.044884] binder: 13781:13790 unknown command -897473735 [ 153.075592] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 153.091559] binder: 13781:13790 ioctl c0306201 20000240 returned -22 2018/04/09 20:47:20 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560cffffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:20 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x80000, 0x0) getsockname$inet(r2, &(0x7f0000000100)={0x0, 0x0, @loopback}, &(0x7f0000000140)=0x10) 2018/04/09 20:47:20 executing program 2: 2018/04/09 20:47:20 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000040)=ANY=[], 0xfffffffffffffe4d) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100)}}, 0x18) [ 153.134104] binder: BINDER_SET_CONTEXT_MGR already set 2018/04/09 20:47:20 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @loopback=0x7f000001}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:20 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r1) [ 153.181151] binder: 13781:13803 ioctl 40046207 0 returned -16 [ 153.210972] binder: 13781:13790 unknown command -897473735 2018/04/09 20:47:20 executing program 2: [ 153.245437] binder: 13781:13790 ioctl c0306201 20000240 returned -22 [ 153.302495] dccp_xmit_packet: Payload too large (65423) for featneg. [ 153.392667] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:21 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x1b, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB="0000000000000600"]], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="056304400000f330"], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:21 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r1) 2018/04/09 20:47:21 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c5602ffffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:21 executing program 2: 2018/04/09 20:47:21 executing program 4: write$rdma_cm(0xffffffffffffffff, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(0xffffffffffffffff, &(0x7f0000000700)=ANY=[@ANYBLOB="05000000100000fa", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="0000000000000000000007000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f95c9eb9e92f1cfb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00'], 0x18) r1 = dup(0xffffffffffffff9c) ioctl$int_out(r1, 0x5462, &(0x7f0000000080)) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x100000000, 0x10000) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000380)={{{@in6, @in6=@mcast1}}, {{@in6=@remote}, 0x0, @in=@multicast1}}, &(0x7f0000000040)=0xe8) ioctl$LOOP_SET_CAPACITY(r2, 0x4c07) 2018/04/09 20:47:21 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x800, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r2, 0xc1205531, &(0x7f0000000080)={0x8, 0x1, 0x7, 0x0, [], [], [], 0x5563, 0xff, 0x6, 0xf0e8, "a916de06bd139db818c1b725864b4705"}) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:21 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0e000000180000fa", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00'], @ANYRES32=r1, @ANYBLOB="000000000100000004000000"], 0x20) 2018/04/09 20:47:21 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x1, 0x0) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f0000000080)) r0 = inotify_init1(0x0) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:21 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r0, &(0x7f0000adb000), 0x0, 0x0, &(0x7f0000809000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 2018/04/09 20:47:21 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c562bffffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 153.976892] binder: 13841:13847 got transaction with invalid offsets ptr [ 153.998700] binder: 13841:13847 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:21 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000000)=0x0) ptrace$poke(0x4, r2, &(0x7f0000000080), 0x8) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) 2018/04/09 20:47:21 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mixer\x00', 0x400240, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10001000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, 0x19, 0x400, 0x70bd2d, 0x25dfdbff, {0x20}, [@typed={0xc, 0x3, @u64=0x30}, @nested={0x18, 0x5f, [@typed={0x14, 0x32, @ipv6=@ipv4={[], [0xff, 0xff], @loopback=0x7f000001}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000040) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000080)={0x0}, &(0x7f0000000100)=0xc) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r1, 0x84, 0x65, &(0x7f0000000280)=[@in6={0xa, 0x4e21, 0x6, @local={0xfe, 0x80, [], 0xaa}, 0x8}], 0x1c) fcntl$setown(r0, 0x8, r3) write$rdma_cm(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0e000000180000fa", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB='\b\x00\x00\x00'], @ANYRES32=r2, @ANYBLOB="000000000100000004000000"], 0x20) [ 154.037213] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 154.039221] binder: BINDER_SET_CONTEXT_MGR already set 2018/04/09 20:47:21 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000040)={{{@in=@local, @in6=@loopback}}, {{@in6=@dev}, 0x0, @in6=@local}}, &(0x7f0000000140)=0xe8) [ 154.094201] binder: 13841:13865 ioctl 40046207 0 returned -16 [ 154.132372] binder_alloc: 13841: binder_alloc_buf, no vma 2018/04/09 20:47:21 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r1) 2018/04/09 20:47:21 executing program 2: r0 = socket$kcm(0xa, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000001380)={&(0x7f0000000100)=@in6={0xa, 0x4e21, 0x0, @remote={0xfe, 0x80, [], 0xbb}}, 0x1b, &(0x7f0000000280), 0x0, &(0x7f00000002c0), 0x6}, 0x0) [ 154.132904] binder: 13841:13879 Acquire 1 refcount change on invalid ref 821231616 ret -22 [ 154.138081] binder: 13841:13847 transaction failed 29189/-3, size 40-8 line 2963 2018/04/09 20:47:21 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe0060f003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 154.289860] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 154.360570] binder: undelivered TRANSACTION_ERROR: 29189 [ 154.366901] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:22 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x8, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0xf1, 0x0) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000240)={r2, 0x80000000001, 0x400, r4}) r5 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r5, 0x0) write$rdma_cm(r4, &(0x7f0000000200)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffff}, 0x111}}, 0x20) write$rdma_cm(r4, &(0x7f00000002c0)=@join_ip_mcast={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x2, {0xa, 0x4e20, 0x2, @local={0xfe, 0x80, [], 0xaa}, 0x2}, r6}}, 0x38) ioctl$BINDER_SET_CONTEXT_MGR(r5, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000140)={0x10, 0x0, &(0x7f0000000380)=ANY=[@ANYPTR=&(0x7f0000000500)=ANY=[@ANYRES32=r2, @ANYBLOB="9dc96d52ed56ec3bfe4c2701e2dbe934f8a1175b76d64247e457da59a71a045e3963e814296cc6d3ffbd6c80443ecd74db8904f48e5044720a1cc282599d662b7457de002016937b839c952ae56dcd537ebd4eab94eec37e7a6ccdd300366a61d5e1d57a5359eefa866bd2bbacdd0caa5fc8b02c0454c8f95872d4ccf3292f74ddc3", @ANYRES32=r6, @ANYRES32=r2, @ANYPTR64=&(0x7f0000000300)=ANY=[@ANYRES16, @ANYPTR64], @ANYRES32=r4, @ANYPTR=&(0x7f00000003c0)=ANY=[@ANYPTR64, @ANYBLOB="15d46c9ea87f084fe9f49744478fc118fe6d4b695c5a0343628f3692eb1c6c38a22b5f1dceafbb75267fc798accd8d956d19721e0e88621be369cf5e4915a2d6a7351f00df350d8cb1cd2fc63cf3095ad4626485ff3e00e238995c18d31935e4e80eee8f3c892cf81bef38121014c3b1d964c42750f66a17d54cd4deaf6f77cb7ed0c78f701be71f9d02f663f770cc2b33007877379666ddcdb79af20915e0b9e8bf982e3921bf51f1e50d1af42cbbfebc2ded2fb9b07be830ae9aed870ce0e0edc8085bfcfa46b9ee9fe92be737ae91237da0a1d5ea0cc821c24b3154cef901d2a55790d4f1a0e444d829ef", @ANYPTR, @ANYPTR64, @ANYPTR, @ANYPTR64, @ANYRES32=r0, @ANYRES32=r5], @ANYPTR64=&(0x7f0000000340)=ANY=[@ANYRES16=r3], @ANYRES16=r1], @ANYPTR=&(0x7f00000005c0)=ANY=[@ANYBLOB="0000000000000400954269b20b5e85d5fb31ba106d5811b070ed7f67a1cce3054c6d3073397381c64422e47f0a06d90a69cfe4226c6ba0265814fae8cf356ed4b9df20d200000000000000e1441e4c6d1d5c6085e60bacd741eba66818d1e285951f94243916cda6dc0f4e16e4d9991c93a719056ca67996"]], 0x0, 0x0, &(0x7f00000005c0)}) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:22 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) r2 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x75ef7a69, 0x80) ioctl$sock_inet_SIOCSARP(r2, 0x8955, &(0x7f0000000080)={{0x2, 0x4e20, @rand_addr=0x6}, {0x307, @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}}, 0x4, {0x2, 0x4e24, @loopback=0x7f000001}, 'ip6gre0\x00'}) 2018/04/09 20:47:22 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x1, 0x0) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f0000000080)) r0 = inotify_init1(0x0) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:22 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r1) 2018/04/09 20:47:22 executing program 6: creat(&(0x7f00000000c0)='./file0\x00', 0x1c) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0e000000180000fa", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB="003ec83af9000000"], @ANYRES32=r1, @ANYBLOB="000000000100000004000000"], 0x20) 2018/04/09 20:47:22 executing program 2: 2018/04/09 20:47:22 executing program 5: r0 = syz_open_dev$adsp(&(0x7f00000001c0)='/dev/adsp#\x00', 0x7, 0x400000) setsockopt$inet_buf(r0, 0x0, 0x28, &(0x7f0000000200)="46a4f121680459316c969a04f7719c606c0b1f0c9eb22bd46f02e8136fea0c34b526a8550c198f41001742", 0x2b) r1 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r1, 0x800000005eb857) r2 = fcntl$dupfd(r1, 0x0, r1) accept4$inet6(r2, 0x0, &(0x7f0000000180), 0x800) r3 = fcntl$dupfd(r1, 0x0, r2) getsockopt$nfc_llcp(r2, 0x118, 0x3, &(0x7f0000000040)=""/138, 0x8a) r4 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt$inet_sctp6_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000000100)=0x5, 0x4) connect$inet(r4, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r4, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r4, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) ioctl$KVM_IRQ_LINE(r3, 0x4008ae61, &(0x7f0000000140)={0x7, 0x800}) 2018/04/09 20:47:22 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe006c00e3a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:22 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000080)=@resolve_ip={0x3, 0x40, 0xfa00, {{0xa, 0x4e20, 0x100000000, @local={0xfe, 0x80, [], 0xaa}, 0x80}, {0xa, 0x4e23, 0x9, @empty, 0xff}, r1, 0x3}}, 0x48) 2018/04/09 20:47:22 executing program 2: 2018/04/09 20:47:22 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe006dd023a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 154.981276] binder: 13915:13921 unknown command 536872192 [ 155.007414] binder: 13915:13921 ioctl c0306201 20000140 returned -22 [ 155.018581] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:22 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) r2 = openat$cgroup_ro(r0, &(0x7f0000000080)='memory.events\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000100)=0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r2, 0xc1105511, &(0x7f0000000180)={{0xffffffffffffffff, 0x6, 0x4, 0x1ff, "e37aec2f897661445ac723932686c3cdf252c29d172faddb30655c5a807f600137388713f4ca5afdc97e8d0d", 0x9}, 0x0, 0x0, 0xdb3, r3, 0x4, 0x76a, "ddc7b75a81b3dc2218253f830bd48d783eb0cd3f3d2279847a47b94b2227c6b6c576b6e878dee5d9bb6d868c94ddadf48f0864d72462664ad05825d343354ef9", &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x18, [], [0xf6f, 0x7, 0x2, 0x8]}) [ 155.050674] binder: 13915:13921 unknown command 0 [ 155.075152] binder: 13915:13921 ioctl c0306201 20000280 returned -22 [ 155.126241] binder: BINDER_SET_CONTEXT_MGR already set 2018/04/09 20:47:22 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) socket$unix(0x1, 0x3, 0x0) 2018/04/09 20:47:22 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00602003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:22 executing program 2: 2018/04/09 20:47:22 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r1) [ 155.154932] binder: 13915:13921 unknown command 536872192 [ 155.156492] binder: 13915:13946 ioctl 40046207 0 returned -16 [ 155.189466] binder: 13915:13921 ioctl c0306201 20000140 returned -22 [ 155.235905] binder: 13915:13951 unknown command 0 [ 155.253904] binder: 13915:13951 ioctl c0306201 20000280 returned -22 [ 155.325882] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 155.756830] net_ratelimit: 3 callbacks suppressed [ 155.756838] dccp_xmit_packet: Payload too large (65423) for featneg. 2018/04/09 20:47:23 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) r1 = socket$inet6_icmp(0xa, 0x2, 0x3a) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, &(0x7f00000004c0)={'mangle\x00', 0x3, [{}, {}, {}]}, 0x58) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB="a06a102f29bc9419"]], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0xa4, 0x0, &(0x7f00000002c0)=[@transaction_sg={0x40486311, {{0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x20, &(0x7f0000000000), &(0x7f0000000040)=[0x70, 0x18, 0x20, 0x38]}, 0xfff}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x11, 0x0, 0x0, 0x58, 0x30, &(0x7f0000000100)=[@ptr={0x70742a85, 0x0, &(0x7f00000000c0), 0x1, 0x1, 0x1e}, @fd={0x66642a85, 0x0, r0}, @fd={0x66642a85, 0x0, r0, 0x0, 0x4}], &(0x7f0000000180)=[0x78, 0x48, 0x28, 0x78, 0x30, 0x78]}}}, @register_looper={0x630b}, @release={0x40046306, 0x4}], 0xf0, 0x0, &(0x7f00000003c0)="9a86dcdd00b4194364c77a18a67fc14c67f99093478dc9d18dd54ee6eb1cd3e581010392ab2baf3010e9493f50792039d115426eba2a6474add3db179e2c393b3a968aa021f4654487a18604b49aafd163e2f9fb5ae1365b542310c5c2b7f36cc4611e74ceda76cc421ab3a71ae4d6d09e2acababeb09b9ff2d40341151bfc6a55406f93e92cbdd51344a8a80142e89882feb1fc250e444835c3a03673c2c5ca85ad6266d7dd76b068d299c6fc1b620891791df286907ab48f1489e5f5f3944fd99d7c320b19fc3a422b5c89ea4f266ca4a2384625ad45d9df61e3b6998955b30ed9104b9b177e2aadb80b0415f449bf"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, &(0x7f00000000c0)}) [ 155.808663] dccp_xmit_packet: Payload too large (65423) for featneg. [ 155.827312] dccp_close: ABORT with 65423 bytes unread [ 155.833379] dccp_close: ABORT with 65423 bytes unread 2018/04/09 20:47:23 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x101001, 0x0) ioctl$EVIOCGLED(r2, 0x80404519, &(0x7f0000000080)=""/78) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:23 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000080)=@create_id={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000000)={0xffffffff}, 0x106, 0x1000}}, 0x20) write$rdma_cm(r0, &(0x7f00000000c0)=@disconnect={0xa, 0x4, 0xfa00, {r1}}, 0xc) write$rdma_cm(r0, &(0x7f0000000740)=@create_id={0x0, 0x18, 0xfa00, {0x1, &(0x7f00000006c0)={0xffffffff}, 0x106, 0x4}}, 0x20) write$rdma_cm(r0, &(0x7f0000000780)=@resolve_route={0x4, 0x8, 0xfa00, {r2, 0x5}}, 0x10) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r3}}, 0x18) 2018/04/09 20:47:23 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=ANY=[@ANYBLOB="0040ea00180000dc004d0dababca41af", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="3f01000000000000"], 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) 2018/04/09 20:47:23 executing program 2: 2018/04/09 20:47:23 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r1) 2018/04/09 20:47:23 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe006f0003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:23 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x1, 0x0) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f0000000080)) inotify_add_watch(0xffffffffffffffff, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(0xffffffffffffffff, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:23 executing program 2: [ 155.925437] binder: 13978:13985 got transaction with invalid offsets ptr [ 155.935818] dccp_xmit_packet: Payload too large (65423) for featneg. [ 155.965402] binder: 13978:13985 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:23 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe006000f3a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:23 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) 2018/04/09 20:47:23 executing program 4: r0 = inotify_init() write(r0, &(0x7f0000000380)="25a81c05d45391a9616fc174a13e266e9d5936cd706dd91b67c13d4cb9681de3c9e61fd84e229c4f6e679d627eb049d7c41de4a6564947cee06fceb27d7310f9cbb2ef50faa5b65e102436820ad74dda80f39fb28bd697415ca772a29cd17fcd4f990ac8ed9653335313ef10e5ffc3613c4e0df56232869d75d36d00c64d09fd3a5b46a85518d9e6a7e32ba583845e06e6c2dee262d5bfe1c81955a3693620755345", 0xa2) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0xffffffffffffffff, 0x80) sendfile(r0, r1, &(0x7f00000000c0), 0x4) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r2, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r2, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r3}}, 0x18) [ 155.978643] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 156.013336] binder: BINDER_SET_CONTEXT_MGR already set [ 156.054784] binder: 13978:14003 ioctl 40046207 0 returned -16 [ 156.093334] binder_alloc: 13978: binder_alloc_buf, no vma 2018/04/09 20:47:23 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x9) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000080)={0x0, 0x10001, 0x89, 0x0, 0x1}) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r2 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r2, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r2, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r2, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:23 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(0xffffffffffffffff) 2018/04/09 20:47:23 executing program 2: 2018/04/09 20:47:23 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600ff3a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 156.094347] binder: 13978:14012 got transaction to invalid handle [ 156.099159] binder: 13978:13985 transaction failed 29189/-3, size 40-8 line 2963 [ 156.105550] binder: 13978:14012 transaction failed 29201/-22, size 0-32 line 2848 [ 156.236488] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:23 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) pipe(&(0x7f0000000000)={0xffffffffffffffff}) ioctl$KVM_SET_DEBUGREGS(r1, 0x4080aea2, &(0x7f00000000c0)={[0x2, 0x3000, 0x6000, 0xf001], 0x938, 0x8, 0x800}) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000040)={0x81, 0x0, [0x44428c05, 0x0, 0xfffffffffffffff7, 0x3]}) 2018/04/09 20:47:23 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rfkill\x00', 0x200840, 0x0) setsockopt$IP_VS_SO_SET_DELDEST(r1, 0x0, 0x488, &(0x7f0000000240)={{0x2, @multicast1=0xe0000001, 0x4e21, 0x1, 'nq\x00', 0x18, 0x7, 0x79}, {@multicast2=0xe0000002, 0x4e24, 0x2006, 0x100000000, 0x25, 0x7}}, 0x44) ioctl$TIOCGWINSZ(r1, 0x5413, &(0x7f0000000100)) write$rdma_cm(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000180000fa0000000000000000", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="3f01000000000000e3e4df94797d247362f1c9a977"], 0x20) setsockopt$IP_VS_SO_SET_DELDEST(r1, 0x0, 0x488, &(0x7f0000000140)={{0x33, @rand_addr=0xffffffffffff0001, 0x4e24, 0x4, 'wrr\x00', 0x1, 0x9, 0x29}, {@empty, 0x4e24, 0x2000, 0x5, 0x5, 0x8}}, 0x44) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r2, 0x0, 0x1, 0x4}}, 0x20) ioctl$TIOCSWINSZ(r1, 0x5414, &(0x7f0000000200)={0x2, 0x20, 0x1, 0x101}) 2018/04/09 20:47:23 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x1, 0x0) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f0000000080)) inotify_add_watch(0xffffffffffffffff, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(0xffffffffffffffff, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:23 executing program 2: 2018/04/09 20:47:23 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600f03a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:23 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="00000000180000fa0000000000000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB], 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) 2018/04/09 20:47:23 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(0xffffffffffffffff) 2018/04/09 20:47:23 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0x80000000, 0x18d902) ioctl$TIOCLINUX7(r0, 0x541c, &(0x7f0000000040)={0x7, 0x9}) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) [ 156.357835] binder: undelivered TRANSACTION_ERROR: 29189 2018/04/09 20:47:23 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) 2018/04/09 20:47:23 executing program 2: [ 156.426164] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 156.445561] dccp_xmit_packet: Payload too large (65423) for featneg. [ 156.456509] binder: 14059:14062 got transaction with invalid offsets ptr 2018/04/09 20:47:23 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe0060ec03a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 156.488247] binder: 14059:14062 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:23 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x1, 0x0) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f0000000080)) inotify_add_watch(0xffffffffffffffff, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(0xffffffffffffffff, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:23 executing program 6: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffff9c, 0x84, 0xe, &(0x7f0000000100)={0x0, 0x766, 0xfffffffffffffff9, 0x2, 0x23, 0x3, 0x9, 0x400, {0x0, @in6={{0xa, 0x4e22, 0x800, @remote={0xfe, 0x80, [], 0xbb}, 0x2}}, 0x800, 0x3ce, 0x1, 0xfffffffffffffff8, 0x3ff}}, &(0x7f00000001c0)=0xb0) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000200)={r1, 0x5}, &(0x7f0000000240)=0xc) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r2, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) lseek(r2, 0x1, 0x4) write$rdma_cm(r2, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r3, 0x0, 0x1, 0x4}}, 0x20) [ 156.544261] dccp_xmit_packet: Payload too large (65423) for featneg. [ 156.555524] binder: BINDER_SET_CONTEXT_MGR already set 2018/04/09 20:47:23 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(0xffffffffffffffff) 2018/04/09 20:47:23 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)=@delneigh={0x30, 0x1d, 0x801, 0x0, 0x0, {0xa}, [@NDA_DST_IPV6={0x14, 0x1, @dev={0xfe, 0x80}}]}, 0x53}, 0x1}, 0x0) [ 156.591949] binder: 14059:14073 ioctl 40046207 0 returned -16 [ 156.629943] binder_alloc: 14059: binder_alloc_buf, no vma [ 156.635694] binder: 14059:14062 transaction failed 29189/-3, size 40-8 line 2963 2018/04/09 20:47:23 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x101000, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000000380)={{{@in=@multicast1, @in6=@loopback}}, {{@in=@rand_addr}, 0x0, @in=@local}}, &(0x7f0000000480)=0xe8) read$eventfd(r2, &(0x7f00000000c0), 0x8) [ 156.780123] binder: undelivered TRANSACTION_ERROR: 29189 [ 156.786129] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 156.789269] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:24 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) r1 = mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x90030, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x14, 0x0, &(0x7f0000000000)=[@increfs_done={0x40106308, r1}], 0x0, 0x0, &(0x7f00000000c0)}) r2 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0xffff, 0x240000) ioctl$EVIOCGBITKEY(r2, 0x80404521, &(0x7f0000000080)=""/129) 2018/04/09 20:47:24 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00602dd3a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:24 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=ANY=[@ANYBLOB="05000000100000fa", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYRES32=r1, @ANYBLOB='\x00 \x00\x00'], 0x18) 2018/04/09 20:47:24 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:24 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080), 0x4) sendmsg$key(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x2, 0xa, 0x0, 0x0, 0x2}, 0x10}, 0x1}, 0x0) 2018/04/09 20:47:24 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) r2 = dup2(r1, r0) ioctl$VHOST_GET_FEATURES(r2, 0x8008af00, &(0x7f0000000040)) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f0000000080)={0x80000001, 0x7, 0x8209, 0x8, 0xeeba, 0x6, 0xe60, 0x6, 0x0}, &(0x7f00000000c0)=0x20) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r2, 0x84, 0x1a, &(0x7f0000000100)={r3, 0x6c, "591b1362f4de2217ad9b4b0e40095fdb55b7ce6aa155296cdedb6907cdc7ffca828a8034fab95edf1b145299e06273ff88beff5dce97e27b654550b6b1a39bcac5fe56f1f6b40321538c231839a8d3ae3708e644a6dba6db796513b9123e57e11a6f4348790e09526f97ab4c"}, &(0x7f0000000180)=0x74) 2018/04/09 20:47:24 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x1, 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:24 executing program 6: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x1) ioctl$VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f0000000500)={0x2}) getsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000140), &(0x7f0000000180)=0x4) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000400)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r1, 0x40000000af01, &(0x7f0000c97ff8)) rmdir(&(0x7f00000005c0)='./file0\x00') r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x0, 0x0) close(r2) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x33, &(0x7f00000003c0)=0x4, 0x4) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000100)={0x2, &(0x7f0000000080)=[{0x9, 0x8, 0x10001, 0x9}, {0x4, 0x0, 0xf2e4, 0x10001}]}, 0x10) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000b04000)={0x0, 0x0, &(0x7f0000ae5f44)=""/188, &(0x7f0000034000)=""/95, &(0x7f0000ce1f30)=""/208}) get_thread_area(&(0x7f0000000600)={0x8000000000, 0x20001000, 0x0, 0x0, 0x8, 0x7fffffff, 0x0, 0x8, 0x3, 0x5}) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x0, 0x0) timer_create(0x3, &(0x7f0000366000)={0x0, 0x21}, &(0x7f0000aef000)) seccomp(0x1, 0x0, &(0x7f0000e8c000)={0x1, &(0x7f0000000000)=[{0x6}]}) ioctl$int_in(r4, 0x5452, &(0x7f00000004c0)=0x100) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(0xffffffffffffffff, 0x28, 0x2, &(0x7f0000000140), 0x8) timer_delete(0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) fstat(r3, &(0x7f0000000540)) connect$inet(r5, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14}}, 0x10) r6 = add_key$user(&(0x7f00000001c0)='user\x00', &(0x7f0000000200)={0x73, 0x79, 0x7a, 0x2}, &(0x7f0000000240)="5fe9c408f5c267baa0bf517974d67c8ca7fd8f654b041329569daa40637f56b6eb431a09fd2606db3bdf9ba3bb2c1083270433e151f62ef11e6dd148d80e922bcbe440e78536e40637c8f559d30d1fc20a001ea92df0787707629ca3b8cb18e4d54285a6df606d0d2c4b846cb936042e531ec6741ed7fcd9de4ef662ff5d6475e24ce45b98b36de207e7bc069d1e99abc0016dc4bddef765282349aa32461e60", 0xa0, 0xfffffffffffffffc) keyctl$set_timeout(0xf, r6, 0x200) sendfile(0xffffffffffffffff, r5, &(0x7f0000000480), 0xfffffffffffffffb) sendto$inet(r5, &(0x7f0000762fff), 0xfdc7, 0x0, &(0x7f000057bff0)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) setsockopt$EBT_SO_SET_ENTRIES(r5, 0x0, 0x80, &(0x7f0000000c40)=@broute={'broute\x00', 0x20, 0x3, 0x3b8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000680], 0x0, &(0x7f0000000640), &(0x7f0000000680)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0xf, 0x2, 0xcb6d, 'irlan0\x00', '\x00', 'ip6_vti0\x00', 'syzkaller0\x00', @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [0x0, 0xff, 0x0, 0x0, 0x0, 0x9d6966e130960e62], @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x11}, [0x0, 0xff, 0xff, 0xff, 0x0, 0xff], 0x120, 0x198, 0x1c8, [@statistic={'statistic\x00', 0x18, {{0x1, 0x0, 0x6, 0x3, 0xfb99, 0x5}}}, @rateest={'rateest\x00', 0x48, {{'ip6_vti0\x00', 'rose0\x00', 0x1, 0x2, 0x6, 0x7, 0x8, 0x3f, 0x7, 0xffffffffffffffdb}}}]}, [@common=@nflog={'nflog\x00', 0x50, {{0x9, 0x1f, 0x700000000000, 0x0, 0x0, "faaf4cd8207dd8e48823774b4682add15ad0fbf6a20a3c528012c1c2e790126505c5ba9676ffdf9ae572a93a05b387cf77bc5f3f71eea262ac7d5ad3c61e737d"}}}]}, @common=@redirect={'redirect\x00', 0x8, {{0xfffffffffffffffe}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xfffffffffffffffe, 0x1, [{{{0x3, 0x4, 0x9300, 'lo\x00', 'gretap0\x00', 'bridge0\x00', 'erspan0\x00', @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [0xff, 0x0, 0xff, 0xff, 0xff, 0xff], @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [0xff, 0xff, 0x0, 0xff, 0x0, 0xff], 0x70, 0xe8, 0x160}, [@common=@NFLOG={'NFLOG\x00', 0x50, {{0x3, 0x9, 0x3, 0x0, 0x0, "9270053a469c789281a3fdb379aa373460e85d45f5c010aa36addef25054a2ab7b462e146bcba39d4c6faa4af29b0534adfbe24857f876775e872efceeb5263f"}}}]}, @common=@nflog={'nflog\x00', 0x50, {{0x49, 0x95, 0xffffffff, 0x0, 0x0, "2c2cef8295e9a70b256230aa25871407f31741ed325e2c056d5d32181147d7722e908278f09ddcdc89b39df18e57425f3dd9e765bc2106d5adb1ee36931d8cb6"}}}}]}]}, 0x430) sendto$llc(r0, &(0x7f0000000300)="4498726ac24a3b1ab559c915c0026c25f133c291bb9dd7c20034ecdf8ec373819169b5d5310f6661dc99f39c3e8bb4bac41d6fa4ee33daf64cb9d098d92b1a837cbe3cf49e7cb084d63e1c25a3d7bfc18d2f68adfac47daa6c9c19c260cd857e28e51b97a7cd117481ebcc71e175be4829ac9ab0e6c5caa446bb8bf290c75133e867ca3cf98018da5cf07dc664acb83fd5885f9823d3", 0x96, 0x8000, 0x0, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rtc\x00', 0x40400, 0x0) 2018/04/09 20:47:24 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe006000f3a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 156.919657] binder: 14119:14125 got transaction with invalid offsets ptr [ 156.935578] dccp_xmit_packet: Payload too large (65423) for featneg. [ 156.937780] binder: 14119:14125 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:24 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='statm\x00') clone(0x40088100, &(0x7f00000005c0), &(0x7f0000000200), &(0x7f0000000680), &(0x7f00000006c0)) dup2(r0, r0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(r0, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0xc4, r1, 0x730, 0x70bd26, 0x25dfdbfd, {0x2}, [@IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x9}]}, @IPVS_CMD_ATTR_DEST={0x28, 0x2, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@broadcast=0xffffffff}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x4}]}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffffffff3a6}, @IPVS_CMD_ATTR_DEST={0x30, 0x2, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@ipv4={[], [0xff, 0xff]}}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x3}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xffffffffffffffc0}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_DAEMON={0x28, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'ip6gre0\x00'}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e20}]}]}, 0xc4}, 0x1}, 0x4000000) [ 156.986170] binder: BINDER_SET_CONTEXT_MGR already set 2018/04/09 20:47:24 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0xffffffffffffff89) [ 157.015455] binder_alloc: 14119: binder_alloc_buf, no vma [ 157.021208] binder: 14119:14125 transaction failed 29189/-3, size 40-8 line 2963 2018/04/09 20:47:24 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe0060000ff984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 157.062346] IPVS: ftp: loaded support on port[0] = 21 [ 157.063804] binder: 14119:14138 ioctl 40046207 0 returned -16 2018/04/09 20:47:24 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) [ 157.095422] audit: type=1326 audit(1523306844.395:3): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=14123 comm="syz-executor6" exe="/root/syz-executor6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x455259 code=0x0 [ 157.173352] dccp_xmit_packet: Payload too large (65423) for featneg. [ 157.181090] binder: undelivered TRANSACTION_ERROR: 29189 [ 157.187738] binder: undelivered TRANSACTION_ERROR: 29201 [ 157.739223] kernel msg: ebtables bug: please report to author: counter_offset != totalcnt [ 157.905465] audit: type=1326 audit(1523306845.206:4): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=14123 comm="syz-executor6" exe="/root/syz-executor6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x455259 code=0x0 [ 157.934721] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:25 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r1, 0x800442d4, &(0x7f0000000040)=0x1ff) 2018/04/09 20:47:25 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600023a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:25 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) socket$vsock_stream(0x28, 0x1, 0x0) 2018/04/09 20:47:25 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x1, 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:25 executing program 2: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x8001, 0x0) 2018/04/09 20:47:25 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:25 executing program 6: r0 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x6, 0x200) epoll_pwait(r0, &(0x7f0000000100)=[{}, {}], 0x2, 0x1, &(0x7f0000000140)={0x1}, 0x8) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r1, &(0x7f0000000700)=ANY=[@ANYBLOB="00000000180000fa0000200000000000", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="3f01000000000000"], 0x20) write$rdma_cm(r1, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r2, 0x0, 0x1, 0x4}}, 0x20) 2018/04/09 20:47:25 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000080)='/dev/sg#\x00', 0x100, 0xc0000) ioctl$KVM_X86_SET_MCE(r1, 0x4040ae9e, &(0x7f00000000c0)={0x2000000000000000, 0x7004, 0x5, 0x1, 0x5}) prctl$setfpexc(0xc, 0x20000) setsockopt$inet6_tcp_buf(r1, 0x6, 0x21, &(0x7f00000002c0)="4b1799596e3efa9b0b39e5067bc8378e2b74123836f3af38bfcd8f159420d84ad1fa0a986bb9cdcfd088044a86e25775038b738164062c8e97d5ac763b4a1704599f14bb11ce0dd072b913ee17d75daf1716bfc0f4a04261e6ff3f5b651ce891b74504bd81513da9ab65a8a551b3aeca373884eafd7bf8f789fc7cb2050cbc05f0733628700059adcad703edda78c89d5bd9c63b4017f2d2577c6f4f4e8792c830aa524f205b9b4572ca409f2789582e5385b9eda540", 0xb6) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000000000000000000000280000000000000008000000aaade1a742e81a98", @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) setsockopt$inet_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000100), 0x4) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.stat\x00', 0x0, 0x0) timerfd_gettime(r2, &(0x7f0000000040)) ioctl$TIOCGWINSZ(r1, 0x5413, &(0x7f0000000140)) fcntl$setstatus(r1, 0x4, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) [ 157.959292] kernel msg: ebtables bug: please report to author: counter_offset != totalcnt [ 158.187803] dccp_xmit_packet: Payload too large (65423) for featneg. [ 158.209458] binder_alloc: 14187: binder_alloc_buf size -7486416023208219216 failed, no address space [ 158.219088] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 158.228168] binder: 14187:14192 transaction failed 29201/-28, size 34359738368--7486416057567957590 line 2963 2018/04/09 20:47:25 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6fffffffffffffff0bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:25 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000080)=@resolve_ip={0x3, 0x0, 0xfa00, {{0xa, 0x4e20, 0x3bb, @mcast2={0xff, 0x2, [], 0x1}, 0x8}, {0xa, 0x4e22, 0x2, @empty, 0x8}, r1}}, 0xffffffffffffff99) 2018/04/09 20:47:25 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00001edff0)={0x2, 0x4e20}, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @empty, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @local={0xac, 0x223, 0x14, 0xaa}, @dev={0xac, 0x14, 0x14, 0x2b}}, @udp={0x0, 0x4e20, 0x8}}}}}, &(0x7f00000000c0)) 2018/04/09 20:47:25 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000140)=@bind={0x14, 0x88, 0xfa00, {r1, 0x3c, 0x0, @ib={0x1b, 0x1, 0x9, {"511b0bf7dd6b606368c811a53c14e5b3"}, 0x7fff, 0x8001, 0xfffffffffffffffc}}}, 0xfffffffffffffe48) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x101000, 0x0) faccessat(r2, &(0x7f0000000100)='./file0\x00', 0x14, 0x1000) 2018/04/09 20:47:25 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff02dd0000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:25 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) shmget$private(0x0, 0x4000, 0x812, &(0x7f0000ffb000/0x4000)=nil) write(r1, &(0x7f0000f8aff1), 0xffffffffffffffaf) r2 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x401, 0x8b3499aa61b2dd73) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={r2, 0x28, &(0x7f0000000080)}, 0x10) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) r3 = shmget(0x3, 0x1000, 0x1201, &(0x7f0000ffe000/0x1000)=nil) shmctl$IPC_INFO(r3, 0x3, &(0x7f0000000100)=""/133) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, &(0x7f00000001c0)) 2018/04/09 20:47:25 executing program 2: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(0xffffffffffffffff) 2018/04/09 20:47:25 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) r2 = socket$inet6(0xa, 0xa, 0x1) getpeername(r2, &(0x7f0000000080)=@hci, &(0x7f0000000000)=0x80) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) syncfs(r0) pipe2(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) getsockopt$ax25_int(r3, 0x101, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4) dup2(r0, r0) [ 158.422376] binder: BINDER_SET_CONTEXT_MGR already set 2018/04/09 20:47:25 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffffc00e0000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 158.446542] binder: 14187:14228 ioctl 40046207 0 returned -16 2018/04/09 20:47:25 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) r2 = creat(&(0x7f0000000100)='./file0\x00', 0x40) symlinkat(&(0x7f0000000080)='./file0\x00', r2, &(0x7f0000000140)='./file0\x00') write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) 2018/04/09 20:47:25 executing program 5: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000180)='/dev/mixer\x00', 0x80, 0x0) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f00000001c0)) r1 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r1, 0x5eb857) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000240)={0x0}, &(0x7f0000000280)=0xfffffed5) getsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000100)=@assoc_id=r2, &(0x7f0000000140)=0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000080), &(0x7f00000000c0)=0x14) r3 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r3, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) setsockopt$IP_VS_SO_SET_ZERO(r0, 0x0, 0x48f, &(0x7f0000000200)={0x0, @multicast2=0xe0000002, 0x4e20, 0x2, 'wlc\x00', 0x10, 0x7, 0x6}, 0x2c) write(r3, &(0x7f0000f8aff1), 0xff8f) setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000040)={0x0, 0x2}, 0x8) sendto$inet(r3, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) [ 158.489458] binder_alloc: 14187: binder_alloc_buf, no vma [ 158.495183] binder: 14187:14192 transaction failed 29189/-3, size 34359738368--7486416057567957590 line 2963 [ 158.607425] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop2. [ 158.722918] binder: undelivered TRANSACTION_ERROR: 29189 [ 158.729184] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:26 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:26 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6fffffffff0ffffffbc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:26 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) r2 = accept(r0, &(0x7f0000000140)=@pppoe={0x0, 0x0, {0x0, @link_local}}, &(0x7f00000001c0)=0x80) getsockopt$inet6_dccp_buf(r2, 0x21, 0x80, &(0x7f0000000200)=""/123, &(0x7f0000000280)=0x7b) r3 = syz_open_dev$sndpcmc(&(0x7f0000000380)='/dev/snd/pcmC#D#c\x00', 0x1, 0x4482b18d5e133a8a) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000480)={0x9, 0x1, 0x8000}, 0x4) accept4$bt_l2cap(r2, &(0x7f0000000400), &(0x7f0000000440)=0xe, 0x80000) write$rdma_cm(r0, &(0x7f0000000340)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0xffffffffffffff9f) getdents64(r3, &(0x7f00000002c0)=""/113, 0x71) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f0000000000)=@sack_info={0x0, 0xffffffffffffffc0, 0xf1}, &(0x7f0000000080)=0xc) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f00000003c0)=@assoc_value={r4, 0x9}, 0x8) 2018/04/09 20:47:26 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/rfkill\x00', 0x40, 0x0) ioctl$KVM_SMI(r2, 0xaeb7) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000040)={0x0, @in={{0x2, 0x4e22, @loopback=0x7f000001}}, [0x0, 0x9, 0x2, 0x7fffffff, 0x7, 0x2, 0x400, 0x8, 0x100000000, 0x3, 0x6, 0x5, 0x3, 0x4, 0x3]}, &(0x7f0000000140)=0x100) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000180)=r3, 0x4) ioctl$KVM_SET_FPU(r2, 0x41a0ae8d, &(0x7f0000000200)={[], 0x5, 0x9, 0x7ff, 0x0, 0x1000, 0x7000, 0x4, [], 0x81}) 2018/04/09 20:47:26 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) shmget$private(0x0, 0x4000, 0x812, &(0x7f0000ffb000/0x4000)=nil) write(r1, &(0x7f0000f8aff1), 0xffffffffffffffaf) r2 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x401, 0x8b3499aa61b2dd73) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={r2, 0x28, &(0x7f0000000080)}, 0x10) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) r3 = shmget(0x3, 0x1000, 0x1201, &(0x7f0000ffe000/0x1000)=nil) shmctl$IPC_INFO(r3, 0x3, &(0x7f0000000100)=""/133) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, &(0x7f00000001c0)) 2018/04/09 20:47:26 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000000)='/dev/snd/midiC#D#\x00', 0x3, 0x200000) r2 = syz_genetlink_get_family_id$team(&(0x7f0000000080)='team\x00') getpeername$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000000100)=0x14) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffff9c, 0x8933, &(0x7f0000000140)={'vcan0\x00', 0x0}) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000200)={@dev, @remote, 0x0}, &(0x7f00000002c0)=0xc) sendmsg$TEAM_CMD_PORT_LIST_GET(r1, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10020}, 0xc, &(0x7f0000000300)={&(0x7f00000003c0)={0x9c, r2, 0x602, 0x70bd2d, 0x25dfdbfd, {0x3}, [{{0x8, 0x1, r3}, {0x80, 0x2, [{0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r4}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, r5}}, {0x8, 0x7}}}]}}]}, 0x9c}, 0x1, 0x0, 0x0, 0x8004}, 0x840) ioctl$sock_inet_SIOCSIFNETMASK(r1, 0x891c, &(0x7f00000001c0)={'vlan0\x00', {0x2, 0x4e24, @broadcast=0xffffffff}}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:26 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x5, 0x40) getsockopt$inet_sctp_SCTP_INITMSG(r1, 0x84, 0x2, &(0x7f0000000080), &(0x7f00000000c0)=0x8) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r2}}, 0x18) 2018/04/09 20:47:26 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) [ 159.235388] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:26 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00400300bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 159.304404] binder: 14286:14291 got transaction with invalid offsets ptr [ 159.324649] binder: 14286:14291 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:26 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000080)=0x0) r3 = fcntl$getown(r0, 0x9) kcmp(r2, r3, 0x1, r0, r0) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) 2018/04/09 20:47:26 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x800, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r2, 0xc1205531, &(0x7f0000000080)={0x8, 0x1, 0x7, 0x0, [], [], [], 0x5563, 0xff, 0x6, 0xf0e8, "a916de06bd139db818c1b725864b4705"}) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:26 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x9) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000040), 0x37d) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000080), &(0x7f00000000c0)=0x4) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:26 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000000)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) [ 159.364161] binder: BINDER_SET_CONTEXT_MGR already set [ 159.369867] binder_alloc: 14286: binder_alloc_buf, no vma [ 159.375729] binder: 14286:14301 transaction failed 29189/-3, size 40-8 line 2963 [ 159.386782] binder: 14286:14291 ioctl 40046207 0 returned -16 2018/04/09 20:47:26 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="00634040000000000000000000000018000000000000000000000000000000000400000028000000000000000800000000000000", @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0563044000000000a2f9e549ef2b198b659e730c769acc63ecf6d142e0a2f842f88fc4b7941b16611e10dc9c796a4819365394587603ecaa457cd5163f5f4558f28973261f6c75a1edf6ec39bae51b4f388551c702b9c71217cb25abbc04b2f0b4862d93987898674ae178ff0b24f3a6e495c9083aa4fdad4f3571b260c8362833e75896a9ded3f69c3bd0b4a58eddb6f9194b9e8952bc11e8749892011390ac8bd9330c1a5c57cdfbc7e0e22d84fe38ebb8abd68e298e716121e7dda690cf94afa5e4a668d8cfec9fb9"], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:26 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000ec0bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:26 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000000)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x6) socket$bt_bnep(0x1f, 0x3, 0x4) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) [ 159.471986] binder: undelivered TRANSACTION_ERROR: 29189 [ 159.480617] binder: undelivered TRANSACTION_ERROR: 29201 [ 159.599331] binder: 14336:14342 got transaction with invalid offsets ptr [ 159.633919] binder: 14336:14342 transaction failed 29201/-14, size 40-8 line 2991 [ 159.644896] binder: BINDER_SET_CONTEXT_MGR already set [ 159.651721] binder: 14336:14345 ioctl 40046207 0 returned -16 [ 159.660256] binder_alloc: 14336: binder_alloc_buf, no vma [ 159.665923] binder: 14336:14342 transaction failed 29189/-3, size 40-8 line 2963 [ 159.684524] binder: undelivered TRANSACTION_ERROR: 29189 [ 159.691380] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:27 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:27 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:27 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00034000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:27 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) setsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, &(0x7f00000001c0)=0x4, 0x4) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/expire_quiescent_template\x00', 0x2, 0x0) r3 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f00000000c0)="c463e148ae0e0000002665660f2d100f20e035200000000f22e0b9b10200000f3264470f01c9c483f96e530d83c7442400a3000000c74424022f330000ff1c24440f01d1c463850e2b00c481fbe68800f00000", 0x53}], 0x1, 0x41, &(0x7f0000000180)=[@dstype0={0x6, 0x6}, @cr0={0x0, 0xe0000004}], 0x2) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:27 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x9, 0x2940) mq_timedreceive(r2, &(0x7f0000000740)=""/4096, 0x1000, 0xfffffffffffffff8, &(0x7f0000000080)={0x77359400}) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) 2018/04/09 20:47:27 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x800, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r2, 0xc1205531, &(0x7f0000000080)={0x8, 0x1, 0x7, 0x0, [], [], [], 0x5563, 0xff, 0x6, 0xf0e8, "a916de06bd139db818c1b725864b4705"}) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:27 executing program 1: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x202100, 0x0) ioctl$KVM_SET_TSC_KHZ(r0, 0xaea2, 0xfffffffffffffefe) r1 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) r2 = syz_open_dev$amidi(&(0x7f00000000c0)='/dev/amidi#\x00', 0x2, 0x20000) ioctl$sock_inet_tcp_SIOCOUTQNSD(r2, 0x894b, &(0x7f0000000100)) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:27 executing program 6: r0 = dup(0xffffffffffffff9c) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000140)=0x1) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000c00)=@create_id={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000bc0)={0xffffffff}, 0x106, 0xb}}, 0x20) write$rdma_cm(r1, &(0x7f0000000700)=@query={0x13, 0x0, 0xfa00, {&(0x7f0000000180), r2, 0x2}}, 0xfffffdd6) r3 = open(&(0x7f0000000080)='./file0\x00', 0x20000, 0x14) ioctl$KVM_SET_SIGNAL_MASK(r3, 0x4004ae8b, &(0x7f0000000100)={0x12, "77b10e3380227a18b15f3404f75ae7be3830"}) write$rdma_cm(r1, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), 0xffffffff, 0x0, 0x1, 0x4}}, 0x20) [ 160.302267] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:27 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff000000ffbc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 160.389806] binder: 14365:14374 got transaction with invalid offsets ptr [ 160.428097] binder: 14365:14374 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:27 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000d80)=@create_id={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000d40)={0xffffffff}, 0x106}}, 0x20) write$rdma_cm(r0, &(0x7f0000000340)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000480), r1, 0x2}}, 0x18) r2 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0xffffffff, 0x80000) ioctl$EVIOCSMASK(r2, 0x40104593, &(0x7f0000000080)={0x15, 0xc4, &(0x7f0000000380)="1a69d4d374076d49fe1d2c65aea9d929c5d574d9996b6adc97c30ae759f63493b6a35f35041461db24bd24942e976fda728769ac271e07e5f13a466e7ca39063cd80271f6ba891899b7484cad172cbc2ff2f5fe2cb0c4881375de4b00135c6c2fda6d067efebed714a17c6bcf8a05c0269e2af6d2d4a5edc69247c02b2adacb40e527825f801f56e4e45d77b7eed450ba8afa4774e0d1367b15cf86d45aadf5169ba9518b692a7eb8cd88c70aa9c6a7db5f55f950a058719a6277235d4bac2159d6ba2a9"}) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100)}}, 0x18) 2018/04/09 20:47:27 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) syz_open_dev$tun(&(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x4200) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:27 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x800, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r2, 0xc1205531, &(0x7f0000000080)={0x8, 0x1, 0x7, 0x0, [], [], [], 0x5563, 0xff, 0x6, 0xf0e8, "a916de06bd139db818c1b725864b4705"}) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:27 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) r2 = syz_fuse_mount(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x7ff, 0x1000042) r3 = syz_open_dev$dmmidi(&(0x7f0000000100)='/dev/dmmidi#\x00', 0x0, 0x204080) ioctl$FUSE_DEV_IOC_CLONE(r2, 0x8004e500, &(0x7f0000000140)=r2) ioctl$LOOP_SET_FD(r3, 0x4c00, r2) [ 160.446949] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 160.501204] binder: BINDER_SET_CONTEXT_MGR already set [ 160.541559] binder: 14365:14388 ioctl 40046207 0 returned -16 [ 160.578870] binder_alloc: 14365: binder_alloc_buf, no vma 2018/04/09 20:47:27 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:27 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff9effffffbc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:27 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) write$rdma_cm(r0, &(0x7f0000000380)=@resolve_addr={0x15, 0x110, 0xfa00, {r1, 0xbe7f, 0x0, 0x0, 0x0, @in={0x2, 0x4e20, @local={0xac, 0x14, 0x14, 0xaa}}, @in6={0xa, 0x4e21, 0x76, @empty, 0x80000001}}}, 0x118) [ 160.584622] binder: 14365:14374 transaction failed 29189/-3, size 40-8 line 2963 [ 160.680693] binder: undelivered TRANSACTION_ERROR: 29189 [ 160.688437] binder: undelivered TRANSACTION_ERROR: 29201 [ 160.745211] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:28 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:28 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpu.stat\x00', 0x0, 0x0) setsockopt$ax25_int(r1, 0x101, 0x6, &(0x7f0000000040)=0x1f, 0x4) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:28 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000140)={0x1, r0, 0x1}) ioctl$KVM_GET_EMULATED_CPUID(r0, 0xc008ae09, &(0x7f00000001c0)=""/49) 2018/04/09 20:47:28 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) getsockname$inet(r1, &(0x7f0000000040), &(0x7f0000000080)=0x10) 2018/04/09 20:47:28 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000001bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:28 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x800, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r2, 0xc1205531, &(0x7f0000000080)={0x8, 0x1, 0x7, 0x0, [], [], [], 0x5563, 0xff, 0x6, 0xf0e8, "a916de06bd139db818c1b725864b4705"}) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) 2018/04/09 20:47:28 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x40080, 0x0) recvfrom$inet6(r2, &(0x7f0000000380)=""/136, 0x88, 0x40000040, &(0x7f0000000080)={0xa, 0x4e21, 0x1f, @remote={0xfe, 0x80, [], 0xbb}, 0x4f}, 0x1c) 2018/04/09 20:47:28 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:28 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff000002ddbc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 161.208858] binder: 14434:14436 got transaction with invalid offsets ptr [ 161.232553] net_ratelimit: 8 callbacks suppressed [ 161.232562] dccp_xmit_packet: Payload too large (65423) for featneg. [ 161.234336] dccp_xmit_packet: Payload too large (65423) for featneg. [ 161.243487] binder: 14434:14436 transaction failed 29201/-14, size 40-8 line 2991 [ 161.275417] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 161.283754] binder: BINDER_SET_CONTEXT_MGR already set [ 161.312126] binder: 14434:14457 ioctl 40046207 0 returned -16 [ 161.317787] binder_alloc: 14434: binder_alloc_buf, no vma 2018/04/09 20:47:28 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x800, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r2, 0xc1205531, &(0x7f0000000080)={0x8, 0x1, 0x7, 0x0, [], [], [], 0x5563, 0xff, 0x6, 0xf0e8, "a916de06bd139db818c1b725864b4705"}) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) 2018/04/09 20:47:28 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) listen(0xffffffffffffffff, 0xfffffffffffffffa) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x13f}}, 0x20) 2018/04/09 20:47:28 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, &(0x7f000000b000)={0x77359400}, &(0x7f0000000000), 0x0) syz_open_dev$mouse(&(0x7f0000000240)='/dev/input/mouse#\x00', 0xfffffffffffffff9, 0x200) futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f0000d8d000)={0x77359400}, &(0x7f0000000080), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000b7dff0), &(0x7f0000000000), 0x0) r1 = syz_open_dev$mouse(&(0x7f0000000200)='/dev/input/mouse#\x00', 0x2, 0x2) ioctl$TUNSETOFFLOAD(r1, 0x400454d0, 0x2) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0xffffffffffffffda) listen(r0, 0x5eb857) r2 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r2, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r2, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0xbf9c2345b2d17816) r3 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x3f, 0x80) gettid() bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r3, &(0x7f0000000080)="fed9d3de4548aca651e2cf71522f080fb27b7640350c7ba3ccd191c9640a963a4ccf3a54a95aaad47b44d5796303b385ab97f89cf8b9a0344e680fee3892e70ccb545431c6e1ce2fd03925a19f8ea8e6760738cc5458d78bc4046f7a981e359e5d58a0f55a23a9e9d58b78386995a6ac921477d04286b5a10703", &(0x7f0000000100)="4b9f9086df9d859963799c764802a5452b2fa7e694f9ce900252fdb84c4665ee077e3230843280b482f9401c292a4c2e4a738b89b8f5cd42da97bec6a8d6e8aee638722b909443780ef38c1f276ca459c7b252e17518e4e6dbb4593e5159f429d2a05636e9584bf6bf0cc75d8804f9a2", 0x2}, 0x20) ioctl$TCSBRK(r1, 0x5409, 0x418a) ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa04, &(0x7f00000001c0)={&(0x7f0000ffd000/0x1000)=nil, 0x1000}) 2018/04/09 20:47:28 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000080)=@notify={0xf, 0x8, 0xfa00, {r1, 0xf}}, 0x10) [ 161.323713] binder: 14434:14436 transaction failed 29189/-3, size 40-8 line 2963 2018/04/09 20:47:28 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:28 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000002bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 161.414681] dccp_xmit_packet: Payload too large (65423) for featneg. 2018/04/09 20:47:28 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) socket$inet(0x2, 0x1, 0xff) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) [ 161.474405] binder: undelivered TRANSACTION_ERROR: 29189 [ 161.481952] binder: undelivered TRANSACTION_ERROR: 29201 [ 161.569400] binder: 14487:14488 got transaction with invalid offsets ptr [ 161.576534] binder: 14487:14488 transaction failed 29201/-14, size 40-8 line 2991 [ 161.585842] binder: BINDER_SET_CONTEXT_MGR already set [ 161.591324] binder: 14487:14493 ioctl 40046207 0 returned -16 [ 161.599088] binder_alloc: 14487: binder_alloc_buf, no vma [ 161.604749] binder: 14487:14493 transaction failed 29189/-3, size 40-8 line 2963 [ 161.628245] binder: undelivered TRANSACTION_ERROR: 29189 [ 161.634183] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:29 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:29 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r1, &(0x7f00000001c0)=@destroy_id={0x223, 0x10, 0xfa00, {&(0x7f0000000300)}}, 0x18) write$rdma_cm(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="00000000180000fa00000000000000006c8a189e8bb7c109a3ee9eed98ad4a3eef0d514d0d", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="3f01000000000000"], 0x20) write$rdma_cm(r0, &(0x7f0000000540)=@create_id={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000500)={0xffffffff}, 0x1, 0x2}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@notify={0xf, 0x0, 0xfa00, {r2, 0x1b}}, 0xb) 2018/04/09 20:47:29 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:29 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) clock_gettime(0x5, &(0x7f0000000100)) write(r1, &(0x7f0000f8aff1), 0xff8f) r2 = syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x80000001, 0x2400) read$eventfd(r2, &(0x7f00000000c0), 0x8) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000000040)={'nr0\x00', {0x2, 0x4e20, @local={0xac, 0x14, 0x14, 0xaa}}}) 2018/04/09 20:47:29 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff0ec00000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:29 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0), 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000000)=ANY=[], 0xfffffffffffffe37) 2018/04/09 20:47:29 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x800, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r2, 0xc1205531, &(0x7f0000000080)={0x8, 0x1, 0x7, 0x0, [], [], [], 0x5563, 0xff, 0x6, 0xf0e8, "a916de06bd139db818c1b725864b4705"}) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) 2018/04/09 20:47:29 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="fd62044000000000"], 0x0, 0x0, &(0x7f0000000240)}) [ 162.439025] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 162.524425] binder: 14515:14517 got transaction with invalid offsets ptr [ 162.538351] dccp_xmit_packet: Payload too large (65423) for featneg. [ 162.544771] dccp_xmit_packet: Payload too large (65423) for featneg. [ 162.562498] binder: 14515:14517 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:29 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00ff0000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 162.597167] binder: BINDER_SET_CONTEXT_MGR already set [ 162.615292] binder: 14515:14543 ioctl 40046207 0 returned -16 2018/04/09 20:47:29 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x800, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r2, 0xc1205531, &(0x7f0000000080)={0x8, 0x1, 0x7, 0x0, [], [], [], 0x5563, 0xff, 0x6, 0xf0e8, "a916de06bd139db818c1b725864b4705"}) fchdir(r0) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:29 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:29 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x7, 0x40) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000080)={0x0, 0xfffffffffffffff7, 0x2, [0x8, 0x5]}, &(0x7f00000000c0)=0xc) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f0000000100)={r1, @in6={{0xa, 0x4e20, 0x7fffffff, @local={0xfe, 0x80, [], 0xaa}, 0xc878}}}, 0x84) r2 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r2, 0x5eb857) r3 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt(r2, 0xfff, 0x2, &(0x7f00000001c0)=""/38, &(0x7f0000000200)=0x26) connect$inet(r3, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r3, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r3, &(0x7f0000000040), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x4e22, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:29 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000400)=ANY=[@ANYBLOB="10000000300020fabeadd837705056d881d389dbcfb38250ea2a66482832d578d3980ce4f7c904f9e8d485ef2c34a92c025471ef4c4a7f671d557aee054bc47f5f8aa877624516b461a80f5ae226e33593bc438300a42b543cc65b36dc3b4ed775126208053af410e7085b8ff6ccea2299c3713171b560ff0425c37a0d1771d88def39fec92c6f02607582f8587e5ef8c7881693c53c7034b5c8ee", @ANYPTR=&(0x7f0000000000)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="02000000000000000a004e2003000000ff0200000000000000000000000000013b0b0000", @ANYRES32=0xffffffff], 0xe) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100)}}, 0x18) r1 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x400, 0x0) setsockopt$inet_mreqsrc(r1, 0x0, 0x10000000027, &(0x7f00000003c0)={@multicast1=0xe0000001, @multicast1=0xe0000001, @local={0xac, 0x14, 0x14, 0xaa}}, 0xc) ioctl$LOOP_SET_STATUS(r1, 0x4c02, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x80000000, 0x1a, 0x5, 0x4, "1290d8668afa39ea4355325b7fd7e96c3bf5981867b4345a7a0025dd22888c4cfeac06dbdfd47ce1d0f1acf3f777f906ea885a108089f752ca79d814ff38df3e", "16b24a1dcd2c5106e7eecc649e90d95134349da69077c047237970676e2d4c63", [0x11, 0x2]}) 2018/04/09 20:47:30 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="00000000180000fa0000000000000000", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="3f0103edf9e55f80ad00cd26d1ef697c950800000020"], 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) [ 162.640296] binder_alloc: 14515: binder_alloc_buf, no vma [ 162.646015] binder: 14515:14517 transaction failed 29189/-3, size 40-8 line 2963 [ 162.680196] binder: 14515:14543 unknown command 1074029309 [ 162.711016] binder: 14515:14543 ioctl c0306201 20000280 returned -22 2018/04/09 20:47:30 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff02000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 162.751601] dccp_xmit_packet: Payload too large (65423) for featneg. 2018/04/09 20:47:30 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x800, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r2, 0xc1205531, &(0x7f0000000080)={0x8, 0x1, 0x7, 0x0, [], [], [], 0x5563, 0xff, 0x6, 0xf0e8, "a916de06bd139db818c1b725864b4705"}) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) [ 162.825508] dccp_xmit_packet: Payload too large (65423) for featneg. [ 162.852111] binder: undelivered TRANSACTION_ERROR: 29189 [ 162.858196] binder: undelivered TRANSACTION_ERROR: 29201 [ 162.900756] dccp_xmit_packet: Payload too large (65423) for featneg. 2018/04/09 20:47:30 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:30 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x102, 0x0) ioctl$KVM_GET_DEBUGREGS(r2, 0x8080aea1, &(0x7f0000000080)) 2018/04/09 20:47:30 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="00634040000000000000000000000000000080000000000000000000000000000000000028000000000000000800000000000000", @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:30 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00f0ffffbc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:30 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0e000000180000fa", @ANYPTR=&(0x7f0000000200)=ANY=[@ANYBLOB="00e00000e031e13e20f96dc01f6642dca278efc998b09ae352b5d7b5390e9d7a5abc46b71dd41c5c8ba11e58b47640dbfc045b5b4ad5213b47cb9d1f649cabaf46031849b6f94f0c5c61770c94015cdaea5d988bdb2bd18fe4bcc1c48ece01c014182e827dd488b5b87fbabe2933a5fdbd3cfc01220f2a30f7a2996461fff16a9cf988edd5dcf5c63e0f0f09bd40c9edda2fe5c569173a60c6a3065e3b05b222a851ce2ef63c4f622bc0d61658c7ee7d2324b9e2a6c9619c891cbce476353ed103bd7e67573228f839192fb804e2774f02372d7bf6ef3d1d96a2991d1129ce52d32d5202518343acf49ccb7bed0bdbb6511e431e19ec6a8786f5dcaef29ccdc8f1641aadbdb5c8aba8d3fbcb5ecd102fb70f2db945d35efc924713b75d08cadfdf3221415cc2994517ad8069a33ebaa0575d7ea538043b"], @ANYRES32=r1, @ANYBLOB="000000000100000004000000"], 0x20) 2018/04/09 20:47:30 executing program 5: bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) socket$nl_crypto(0x10, 0x3, 0x15) r0 = socket$inet6(0xa, 0x3, 0x6) listen(r0, 0x6ec) unshare(0x8000000) r1 = socket$inet_dccp(0x2, 0x6, 0x0) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:30 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x800, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r2, 0xc1205531, &(0x7f0000000080)={0x8, 0x1, 0x7, 0x0, [], [], [], 0x5563, 0xff, 0x6, 0xf0e8, "a916de06bd139db818c1b725864b4705"}) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:30 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff0f000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 163.497765] dccp_xmit_packet: Payload too large (65423) for featneg. [ 163.510417] binder: 14588:14598 got transaction with invalid offsets ptr 2018/04/09 20:47:30 executing program 5: r0 = socket$inet6(0xa, 0x9, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:30 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:30 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x8, 0x400) recvfrom$inet(r0, &(0x7f0000000080)=""/240, 0xf0, 0x2000, &(0x7f0000000180)={0x2, 0x4e24, @rand_addr=0x8}, 0x10) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r1, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r1, &(0x7f0000000380)=@accept={0x8, 0x120, 0xfa00, {0x0, {0x8, 0x401, "8e3197f677c0fd88b805399b7dfee95af2e874ae1269346bcc146b02bb7ac72dffb5bf130f1438cc3f1a8ae442ffe811541a70c95c8da03eb72cd3677472ad75ea9de1c85254b6671bcca052ed6d2a10d4d8062d787f540672fc2ed98ed0500672a1f946f888eb2c2eb9368f68421a270d218acb028456083c2650bd7b3e1bd0e0f258d7e7f83865ffaf0576753465fa980ee26e1ce130659028eba30b878ed18585f554a15360e154493036d581f2ea58c446a58dee937aa2af3473724a2c49bb76a6bfa91f33e1dd96a4a8f1f42afb9ab67640a1b78e41236dd38ac318cd71ae904bc33c037425815566f48e6df3d96b2feb998dc0d857fa17b3fcfae8170f", 0x66, 0xa0ac, 0x7, 0x2723, 0x1, 0x7, 0x6, 0x1}, r2}}, 0x128) 2018/04/09 20:47:30 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x86000, 0x0) r1 = creat(&(0x7f0000000080)='.\x00', 0x16a) write$rdma_cm(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="0e000000180000fa", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00'], @ANYRES32=0xffffffff, @ANYBLOB="000000000110000004000000c53ac5059a0fa19c0b4ff219c16d254623dde321848225784932acf7e9d0bdf6bac284a20ae962bee051913facda87ab9a0bb7c6877e0f74565b06fa71809d80557215ef89b376a9c0136b0b946af1a7c64a62cf08deb9345be1bb87de5a7c573a87e9766b95737f3acd4b0968a6b0059c252e55a7f8c6c54588c7284de722ce6d679bda8c50144b685b93615f7b9580b22313d08a7777dab49cd20796af8511e0ca065b20931b72851827449f7f7cbcc2f2bf4758"], 0x20) ioctl$LOOP_SET_CAPACITY(r1, 0x4c07) [ 163.543192] binder: 14588:14598 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:30 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x800, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r2, 0xc1205531, &(0x7f0000000080)={0x8, 0x1, 0x7, 0x0, [], [], [], 0x5563, 0xff, 0x6, 0xf0e8, "a916de06bd139db818c1b725864b4705"}) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) [ 163.614275] binder: BINDER_SET_CONTEXT_MGR already set [ 163.660169] binder: 14588:14612 ioctl 40046207 0 returned -16 2018/04/09 20:47:31 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6fffffffffffff000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:31 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {r1, 0x3b, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) [ 163.724223] binder_alloc: 14588: binder_alloc_buf, no vma [ 163.728614] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 163.729930] binder: 14588:14598 transaction failed 29189/-3, size 40-8 line 2963 [ 163.751189] dccp_xmit_packet: Payload too large (65423) for featneg. [ 163.844076] binder: undelivered TRANSACTION_ERROR: 29189 [ 163.850627] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:31 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffffffffff9ebc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:31 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) ioctl$int_out(r0, 0x5462, &(0x7f0000000040)) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rfkill\x00', 0x400000, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(r1, 0x2402, 0x3) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=ANY=[@ANYBLOB="05000000100000fa", @ANYPTR=&(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004a44b9a00fcf32d9fbac3c8c7d97755aa4eeb996283b8a9595d16fd55006ddf748bd40c94c9032594747788dc3fd6377a49472c84e8aef3c76d8500e89f35c392af3e137a343adc3e268827fed74b4d3fcf2a4ac008c5a21522f8ec40479da3c7ffb7bb8de3977e5cd0bca087ea4afc512ef4284109850fd30145b2ddde45cc079908d9ddc605c4fedbfdc7dbe92c0136cc0a5ffbf94a1334359978f602b4a51953e"], @ANYRES32=r2, @ANYBLOB='\x00\x00\x00\x00'], 0x18) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000000)={0x0, 0x6}, &(0x7f0000000080)=0x8) ioctl$PIO_UNISCRNMAP(r1, 0x4b6a, &(0x7f00000001c0)="d95677f08ddf4cfdec3b75a3f44b22599219d07a09b2ad4eb9") getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000100)={r3, 0x50, "6c5c7bd5555667c298b33976bd7024b81f4fbf0d32e42b6fd9f53b1708bd07c6fcad794057b55fefd553f02fb308a735fef352de902faeaa22a7824f1776da6b1c3fda30ada0883639568713b05b99d3"}, &(0x7f0000000180)=0x58) 2018/04/09 20:47:31 executing program 1: openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc\x00', 0x2, 0x0) r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) prctl$setname(0xf, &(0x7f0000000040)='/dev/binder#\x00') mprotect(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x1000004) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="8d4aeffb"], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:31 executing program 3: mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:31 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x800, 0x0) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:31 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:31 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=ANY=[@ANYBLOB="00000000180000fa0000000000000000", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="e7df09c9eb89c214"], 0x20) r2 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x7, 0x0) getsockname$ipx(r2, &(0x7f0000000100), &(0x7f0000000140)=0x10) getsockopt$IPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x43, &(0x7f0000000180)={'TPROXY\x00'}, &(0x7f00000001c0)=0x1e) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) 2018/04/09 20:47:31 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) accept$packet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000000080)=0x14) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f00000000c0)={@remote={0xfe, 0x80, [], 0xbb}, r2}, 0x14) write(r1, &(0x7f0000f8aff1), 0x1024c) socket$pptp(0x18, 0x1, 0x2) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) [ 164.440644] binder: 14659:14661 got transaction with invalid offsets ptr [ 164.461227] binder: 14659:14661 transaction failed 29201/-14, size 40-8 line 2991 [ 164.462746] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 164.498881] binder_alloc: binder_alloc_mmap_handler: 14659 20ffb000-20ffe000 already mapped failed -16 [ 164.528006] binder_alloc: 14659: binder_alloc_buf, no vma [ 164.529278] binder: BINDER_SET_CONTEXT_MGR already set [ 164.533791] binder: 14659:14684 transaction failed 29189/-3, size 40-8 line 2963 [ 164.580824] binder: 14659:14661 ioctl 40046207 0 returned -16 [ 164.612478] binder: undelivered TRANSACTION_ERROR: 29189 [ 164.618088] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:32 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00f00000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:32 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:32 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lremovexattr(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)=@random={'osx.', '\x00'}) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) bind$alg(r2, &(0x7f00000001c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) ioctl$LOOP_SET_STATUS(r3, 0x4c02, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1ff, 0xe, 0x4, 0xc, "5ee7ebad072abf1512d4eae6047c0fedda84a068abd87a4fb9213a71981c7065ec7fa2e2ea55bb7aa2917717eb48cb451933522ab95fba22be6dcd4e580a9596", "fa089ab7b08cf9da2e43c463d47629d0932f08025f2a0f83f107a730bb77b12a", [0x7940000000000000, 0xc317]}) 2018/04/09 20:47:32 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x100, 0x0) ioctl$sock_SIOCSIFBR(r2, 0x8941, &(0x7f0000000080)=@get={0x1, &(0x7f0000000740)=""/4096, 0x6}) 2018/04/09 20:47:32 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) r2 = openat(r0, &(0x7f0000000040)='./file0\x00', 0x464001, 0x80) getpeername$llc(r2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f00000000c0)=0x10) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:32 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:32 executing program 3: mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x0, 0x400c01) ioctl$VT_RELDISP(r1, 0x5605) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$DRM_IOCTL_GET_CAP(r1, 0xc010640c, &(0x7f0000000040)={0x800, 0x2b66c76}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) [ 165.307533] binder: 14694:14702 got transaction with invalid offsets ptr [ 165.328249] binder: 14694:14702 transaction failed 29201/-14, size 40-8 line 2991 [ 165.348984] binder: BINDER_SET_CONTEXT_MGR already set 2018/04/09 20:47:32 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) syz_open_pts(r0, 0x40000) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) 2018/04/09 20:47:32 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffffdd020000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:32 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) fchdir(r0) connect$inet(0xffffffffffffffff, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(0xffffffffffffffff, &(0x7f0000f8aff1), 0xff8f) sendto$inet(0xffffffffffffffff, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:32 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x1014c0, 0x20) ioctl$DRM_IOCTL_GET_MAGIC(r2, 0x80046402, &(0x7f0000000100)=0x9) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) r3 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x100, 0x400) ioctl$KDGETKEYCODE(r3, 0x4b4c, &(0x7f0000000080)={0x6, 0x100000000}) write(r1, &(0x7f0000f8aff1), 0xff8f) ioctl$TIOCGSOFTCAR(r3, 0x5419, &(0x7f0000000140)) ioctl$DRM_IOCTL_WAIT_VBLANK(r3, 0xc018643a, &(0x7f0000000180)={0x3e, 0x7, 0x19}) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:32 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) r2 = socket(0x10000000009, 0x5, 0x80000041) getsockopt$kcm_KCM_RECV_DISABLE(r2, 0x119, 0x1, &(0x7f0000000080), 0x4) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) [ 165.359486] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 165.375331] binder: 14694:14719 ioctl 40046207 0 returned -16 [ 165.382645] binder_alloc: 14694: binder_alloc_buf, no vma [ 165.388362] binder: 14694:14702 transaction failed 29189/-3, size 40-8 line 2963 2018/04/09 20:47:32 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x0, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) [ 165.538168] binder: undelivered TRANSACTION_ERROR: 29189 [ 165.544763] binder: undelivered TRANSACTION_ERROR: 29201 [ 165.624928] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:33 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp\x00', 0x501000, 0x0) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f00000000c0)=0x8, 0x4) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000380)={0x0, 0x80000000}, &(0x7f00000003c0)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000400)={r2, 0x43f}, 0x8) write$rdma_cm(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="00000075c779653a00180000fa000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="3f01000000000000"], 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r3}}, 0x18) timerfd_create(0x4, 0x80800) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x208000, 0x0) 2018/04/09 20:47:33 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff0000000fbc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:33 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:33 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="ff630440f6445ebacf1474ffffff"], 0x0, 0x0, &(0x7f0000000240)}) readlink(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0) 2018/04/09 20:47:33 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x1) setsockopt$bt_BT_SECURITY(r2, 0x112, 0x4, &(0x7f0000000100)={0x10000, 0x5}, 0x2) write$rdma_cm(r0, &(0x7f0000000200)=@query={0x13, 0x0, 0xfa00, {&(0x7f0000000240), r1, 0x2}}, 0xed8aec13) 2018/04/09 20:47:33 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) ioctl$PPPIOCGMRU(r1, 0x80047453, &(0x7f0000000080)) write(r1, &(0x7f0000f8aff1), 0xff8f) socketpair$ax25(0x3, 0x2, 0xc3, &(0x7f0000000040)={0xffffffffffffffff}) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) ioctl$sock_SIOCBRADDBR(r2, 0x89a0, &(0x7f00000010c0)='bond0\x00') setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000001040)=@nat={'nat\x00', 0x19, 0x6, 0xf20, [0x20000100, 0x0, 0x0, 0x20000c48, 0x20000dc8], 0x0, &(0x7f00000000c0), &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x2, [{{{0x3, 0x28, 0x0, 'dummy0\x00', 'syzkaller1\x00', 'eql\x00', 'bond0\x00', @empty, [0xff, 0xff, 0xff, 0xff], @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xf}, [0xff, 0x0, 0x0, 0xff, 0xff, 0xff], 0xb0, 0x120, 0x158, [@mark_m={'mark_m\x00', 0x18, {{0x3, 0x1, 0x3, 0x1}}}]}, [@arpreply={'arpreply\x00', 0x10, {{@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, 0xfffffffffffffffe}}}, @snat={'snat\x00', 0x10, {{@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, 0xffffffffffffffff}}}]}, @snat={'snat\x00', 0x10, {{@remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, 0xfffffffffffffffe}}}}, {{{0x9, 0x61, 0x88a8, 'bcsf0\x00', 'team0\x00', 'teql0\x00', 'nr0\x00', @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [0x0, 0xff, 0xff, 0xff, 0xff], @empty, [0x0, 0xff, 0x0, 0x0, 0xff, 0xff], 0x988, 0x988, 0x9c0, [@among={'among\x00', 0x8b0, {{0x0, 0xe46, 0x2, {[0x6, 0x401, 0x0, 0x6, 0xf5, 0x6, 0x1, 0x7, 0x40, 0x562, 0x6, 0x52, 0x28d, 0x9, 0x8000, 0x7fff, 0x6, 0x101, 0x7f, 0x2000, 0x4, 0x7, 0x2, 0x3, 0x7, 0x10000, 0x6, 0x8, 0x3, 0xffff, 0x1ff, 0x1, 0x7, 0x3, 0x9, 0xed2c, 0x2, 0x4, 0x10000, 0x10001, 0x81a9, 0x2, 0x3, 0x9274, 0x1, 0x80000001, 0xfffffffffffffffb, 0x0, 0x8000, 0x4, 0x86, 0x80, 0x0, 0xff, 0xd28, 0x3f, 0xfffffffffffffffb, 0x20, 0x2, 0x3ff, 0x1, 0x7, 0x10000, 0xffffffff, 0x8000, 0x80000001, 0x80, 0x8, 0x1, 0x4, 0x5, 0x7fff, 0x8, 0xb3, 0xa9d, 0x7f, 0x8, 0x100000001, 0x401, 0x7fff, 0x100, 0x9, 0xfffffffffffffbff, 0x2, 0x1, 0x6, 0x3, 0x3, 0x2, 0x808000000, 0x80000000, 0xa239, 0xfffffffeffffffff, 0x200, 0x7, 0x10000, 0x4f, 0x8, 0xc4, 0x6, 0x75d8, 0x1, 0x10000, 0xfffffffffffffff7, 0x4, 0x45, 0x200, 0x1, 0x8, 0x6, 0x9, 0x5, 0xd7b5, 0xef37, 0xfe6d83d, 0xfff, 0x7, 0xfffffffffffffffb, 0x9, 0x0, 0xc8f7294, 0x35f, 0xfffffffffffff001, 0x9, 0x2, 0x6, 0x7f, 0x6, 0x0, 0x4, 0xffff, 0x4aed, 0x1, 0x0, 0x4, 0x4, 0x3ff, 0x1, 0x4, 0x40000000000000, 0x0, 0x1000, 0x5, 0x0, 0xffffffffffffffff, 0x4, 0x9, 0x1, 0x4, 0x3f, 0xfff, 0x2, 0xd550, 0x10000, 0x1, 0x7fff, 0x3, 0x118a4000000, 0xfffffffffffffff7, 0x0, 0x1, 0x7, 0xa8, 0x1, 0x7, 0x8, 0x3, 0x6, 0x2, 0x1ff, 0x5, 0x0, 0x8, 0x400, 0x200, 0x8c, 0xfffffffffffffffe, 0x1, 0x70, 0x2, 0x5, 0x9, 0x8, 0x4165, 0x5, 0x3, 0x7fffffff, 0x100000001, 0x5a, 0x0, 0x8001, 0x1000, 0x2, 0x3, 0x2, 0x2, 0x8, 0x5, 0x7fffffff, 0x4, 0x9, 0x9126, 0x5, 0x7, 0x1, 0x2, 0x35cd, 0x80, 0x6, 0xff, 0xedf6, 0x0, 0xffffffff80000000, 0x0, 0xff, 0x1000, 0x155a326a, 0x4, 0x8, 0x6, 0x9, 0x6, 0x80, 0x4ab, 0x800, 0x4, 0x3dd, 0x36, 0x45d5176a, 0x8000, 0x401, 0x4, 0x4af, 0x800, 0xffffffffffffff16, 0x5, 0x0, 0xff, 0xfe, 0x3, 0x8001, 0x92f, 0xfffffffffffff001, 0x6, 0x2, 0x7, 0x0, 0x4, 0x1, 0xea, 0x7, 0x1, 0x8000, 0x2, 0x101, 0xfffffffffffffff8, 0x5], 0x5, [{[0x7f, 0x40], @rand_addr=0x2}, {[0x81, 0xd0]}, {[0x81, 0x78b8], @multicast1=0xe0000001}, {[0x3, 0x80000001]}, {[0x6, 0x6], @multicast1=0xe0000001}]}, {[0x7ff, 0x8, 0x1, 0x1, 0x6, 0x7, 0x1, 0xa, 0x2, 0x7, 0x5, 0x7, 0x6c7e, 0x10000, 0x7, 0x7, 0x3, 0xfff, 0xfff, 0x3, 0x8, 0x1, 0x3, 0x0, 0x1ff, 0x3f, 0xc383, 0x41c9, 0xd2c, 0x80, 0x6, 0xcc, 0x0, 0x4496, 0x81, 0x5e, 0x682, 0x800, 0x9, 0x72, 0x5, 0xf0, 0x0, 0x1ff, 0x0, 0x6, 0x10000, 0x40, 0x0, 0xe7, 0x1000, 0x100, 0x1, 0x80000000, 0x5, 0x5, 0xce52, 0x3, 0x7, 0x100000000, 0x8000, 0x7, 0xf7cf, 0x3, 0x2, 0x6, 0x0, 0xffffffffffffffc0, 0xfffffffffffffc81, 0x2699a043, 0x4, 0x2, 0x8, 0xffffffffffff0001, 0x100000000, 0x0, 0x5, 0x82c8, 0x1d, 0x84e, 0xb9, 0x2, 0x10000, 0x64, 0x4, 0x7, 0x3, 0x6, 0x5, 0x3ff, 0xffffffff, 0x709, 0x4, 0x0, 0x7e, 0x0, 0x3629be1b, 0x6, 0x200000000000000, 0x40000000000000, 0x7, 0x3, 0x7d, 0x6, 0x9d1f, 0x1f, 0x3, 0xfffffffffffffff8, 0x5, 0x0, 0x0, 0x1, 0x9f, 0x7, 0x7fffffff, 0x401, 0x6, 0x0, 0x80000000, 0x1ff, 0x9, 0x1000, 0x7, 0x100, 0x6, 0x0, 0xa, 0x400, 0x100000000, 0x5, 0x0, 0x7fff, 0x1000, 0x20, 0x2, 0xfffffffffffffff9, 0x6, 0x100000001, 0x3, 0xbc3, 0x5, 0x3, 0x0, 0x8, 0x100000001, 0x20, 0x9, 0xffffffff, 0xffffffffffffffe1, 0x6bc, 0x9c, 0x100000001, 0x4, 0x200, 0x0, 0x0, 0x80, 0x7ff, 0x4, 0x400, 0x4192, 0x400, 0x0, 0x8, 0x2, 0x2000000, 0x0, 0xff, 0x3, 0x6, 0x2, 0x3f, 0x3, 0x4, 0x1, 0xbc, 0x2, 0x7ff209c6, 0x0, 0x1, 0x0, 0x5, 0x8, 0x3, 0x7, 0x4, 0x8, 0x9, 0x800000000000, 0x5, 0x0, 0x80000001, 0x3, 0x83, 0x9, 0x2, 0x5df2, 0x7, 0x2, 0x7, 0x800, 0x2, 0x4, 0x7f, 0x3ffc00000000, 0xd125, 0x3, 0x81, 0x7, 0x5, 0xb4e, 0x3, 0x1000, 0x80000001, 0x9, 0xffffffffffffff01, 0x9, 0x5, 0x9, 0x80000001, 0x101, 0x81, 0x100000000, 0xaf, 0xde, 0x32, 0x70d, 0x7, 0x5, 0x5, 0x6, 0x401, 0x8d, 0x0, 0x2, 0x0, 0x0, 0xffffffffffffff18, 0x4e, 0x2, 0x5, 0x7ff, 0x8000, 0x7ff, 0x8, 0x200, 0xfff, 0x3, 0x4, 0x8000000000000000, 0x10000, 0x800, 0xfffffffffffffff8, 0x9770, 0x9, 0x4, 0x94], 0x7, [{[0x2, 0x615]}, {[0xc36, 0x36b], @broadcast=0xffffffff}, {[0x610c84ff, 0x4], @rand_addr=0x1}, {[0xf7, 0x1], @rand_addr=0x5}, {[0xa32, 0x20], @loopback=0x7f000001}, {[0xffff, 0x7ff], @dev={0xac, 0x14, 0x14, 0xa}}, {[0x1fffe0000000, 0x79d]}]}}}}, @quota={'quota\x00', 0x18, {{0x1, 0x0, 0x6, 0x5}}}]}}, @arpreply={'arpreply\x00', 0x10, {{@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x1a}}}}}]}, {0x0, '\x00', 0x2, 0xfffffffffffffffe, 0x2, [{{{0x3, 0x40, 0x9300, 'vlan0\x00', 'bcsh0\x00', 'ip_vti0\x00', 'ip6_vti0\x00', @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [0xff, 0x0, 0xff, 0xff, 0xff, 0xff], @empty, [0x0, 0xff, 0x0, 0xff, 0xff, 0xff], 0x70, 0x70, 0xa8}}, @snat={'snat\x00', 0x10, {{@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, 0x10}}}}, {{{0x5, 0x44, 0xe9ff, 'erspan0\x00', 'yam0\x00', 'bond0\x00', 'gre0\x00', @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [0xff, 0x0, 0x0, 0xff, 0xff, 0xff], @random="178105a7fb7c", [0xff, 0x0, 0xff, 0xff, 0xff, 0xff], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x7223109aee3292a4}, 0xfffffffffffffffd}}}}]}, {0x0, '\x00', 0x4, 0xffffffffffffffff, 0x2, [{{{0x15, 0x14, 0xf7, 'team0\x00', '\x00', 'vlan0\x00', 'gre0\x00', @empty, [0x0, 0xff, 0xff, 0xff, 0x0, 0xff], @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [0x0, 0x0, 0x0, 0xff, 0xff, 0xff], 0x70, 0xa8, 0xf0}, [@snat={'snat\x00', 0x10, {{@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], 0xffffffffffffffff}}}]}, @common=@RATEEST={'RATEEST\x00', 0x20, {{'syz0\x00', 0xfffffffffffffffa, 0x3, 0x1}}}}, {{{0x7, 0x40, 0x22eb, 'bridge0\x00', 'gre0\x00', 'ip6gre0\x00', 'ip6gre0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, [0x0, 0x0, 0xff, 0xff, 0xff], @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [0xff, 0xff, 0x0, 0xff], 0xd0, 0x108, 0x138, [@arp={'arp\x00', 0x38, {{0x301, 0x8137, 0x3, @multicast1=0xe0000001, 0xff, @multicast2=0xe0000002, 0xffffffff, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [0x0, 0xff, 0xff, 0x0, 0xff], @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x1a}, [0x0, 0xff, 0xff, 0x0, 0x0, 0xff], 0x6, 0x30}}}]}, [@arpreply={'arpreply\x00', 0x10, {{@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x15}, 0xfffffffffffffffd}}}]}, @common=@CLASSIFY={'CLASSIFY\x00', 0x8, {{0x9}}}}]}]}, 0xf98) 2018/04/09 20:47:33 executing program 3: mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:33 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x0, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:33 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:33 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff000f0000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 166.182201] binder: 14764:14766 got transaction with invalid offsets ptr [ 166.196191] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 166.213849] binder: 14764:14766 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:33 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x0, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:33 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0e000000180000fa", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="b4a44e41fe68e1886a9963c5bc8b7b70257b2a23968e19814a4b33d66dda5cd2840ec24e4c8d2372abbe2b328d000000000000000000fb79da5746d2207009880ac3000f76bfeedfbb74651e13b08e9097de77e342600571d619275485a45be018bc4b4602ada6daf8291f60c8137183cd70340bbba8096b8b0029f782058fbd32eade99449906d00fbc45d31c37f24a268dd29c9746c75692a88ade055787e31033278033aa56410cd063907b530096a108f6236cf284cdbaf8c8e2b5dd84017829d7369cbdb5ab3da39667971c4786f9575f281627921d74ccdbe5c28e698ec3b34585754b29"], @ANYRES32=r1, @ANYBLOB="000000000100000004000000"], 0x20) openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x10000, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000000080)='/dev/snd/pcmC#D#p\x00', 0x101, 0x44000) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x4002) ioctl$TUNSETFILTEREBPF(r2, 0x800454e1, &(0x7f0000000100)=r3) 2018/04/09 20:47:33 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) r2 = syz_open_dev$sndmidi(&(0x7f0000000000)='/dev/snd/midiC#D#\x00', 0x6, 0x2c04c0) setsockopt$l2tp_PPPOL2TP_SO_LNSMODE(r2, 0x111, 0x4, 0x1, 0x4) syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x81) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) [ 166.261399] binder: BINDER_SET_CONTEXT_MGR already set [ 166.268064] binder_alloc: 14764: binder_alloc_buf, no vma [ 166.273800] binder: 14764:14766 transaction failed 29189/-3, size 40-8 line 2963 2018/04/09 20:47:33 executing program 2: bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(0xffffffffffffffff, 0x5eb857) r0 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(0xffffffffffffffff) connect$inet(r0, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r0, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r0, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:33 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = syz_open_dev$random(&(0x7f00000003c0)='/dev/random\x00', 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f000060c000)='oom_score_adj\x00') poll(&(0x7f00000014c0)=[{r1, 0x8000}, {r2}, {r1, 0x2320}], 0x3, 0x232) ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f00000000c0)=0x0) read(r1, &(0x7f0000001640)=""/107, 0x6b) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000000300)=0x8, &(0x7f0000000340)=0x4) r4 = socket$inet6(0xa, 0x2000000802, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000f68000)={@loopback={0x0, 0x1}, 0x0, 0x0, 0xff, 0x1}, 0x20) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000400)=ANY=[@ANYBLOB="04a476eb51bde7090000000000000006", @ANYRES32=0x0], &(0x7f00000015c0)=0x2) setsockopt$inet6_int(r4, 0x29, 0x21, &(0x7f000089b000)=0x3, 0x4) setsockopt$bt_l2cap_L2CAP_OPTIONS(r2, 0x6, 0x1, &(0x7f0000001500)={0x1, 0x2, 0x9, 0x8, 0x46a7}, 0xc) connect$inet6(0xffffffffffffffff, &(0x7f000000cfe4)={0xa, 0x0, 0x807}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000000)={@mcast2={0xff, 0x2, [], 0x1}}, &(0x7f0000000040)=0x20) accept4$inet6(r2, 0x0, &(0x7f0000000080), 0x800) fcntl$getown(0xffffffffffffffff, 0x9) r5 = syz_open_procfs(r3, &(0x7f0000000100)="6e65742f69665f696e6574360093fdd81f12659f45e9cb89f8ffffffd451bea0bcf166e408aa93f2de9c7a1786a0b83e1c0da5210d01b9336480d24bf721df26e12a6152f604622b86f9e8a6d4e0e52b4d4518804bc3d131a1c20cee863e600711d0f8cdebab9c16f184f3835747b5fcfb4a8c439d37279d64119874b715ecd26d08c0b9f7b98e72b9401bf0496339354aaf1e011da685dbc8ee74625b3974533f2e05355dadea49035c03b2809c55c2ece8b4e17928fb1361c58fe2024cfa4798878692a6cfcad49eb3c51b78c9453e001eb16c27a6a39ca29de3e43b781daa7dd4348012f3b554bb56240130d542005d2e50fe46373cfc76a6a49c1b8050c99c08ab6aa3ec304a505456d90803f21ef70a51f56c6f4998e6fbb1d9d09e754b10d4b8f03d7621be8ab07b006d8081d8c353648c513e4d06bc9a3ecd201848931a11f7db75d319c2d37f4298ff0a48ad3e2a1f1a4c3813c47084b80fd1bacef8681897d56a3b0952d1d0d60a1d3db780d2aad06d6f0ac83cb479cc667cb00e0d4133539b1ea8a2c5ffdcd9e6f82000824ed364cdb3d9aef2b4f74545e77ecc557beb1d694fc99c505392916ed300ecd94fe0a7b30886d5c4ef01db53002a4185d19fa71fd8728f0b09de4d8ff1444fa7e59f884f27c0b3fe86fd51a3f63c6adbb36ca81d182d25b311a045ba13") lookup_dcookie(0x4242de7a, &(0x7f00000004c0)=""/4096, 0x1000) ioctl$TIOCLINUX6(r5, 0x541c, &(0x7f0000000380)={0x6, 0x6}) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x65, &(0x7f0000000000), 0x4) setsockopt$sock_int(r5, 0x1, 0x2d, &(0x7f0000001580)=0x1, 0x4) sendfile(r2, r5, &(0x7f0000000040), 0xff) ioctl$sock_ifreq(r2, 0x893f, &(0x7f0000000480)={'gretap0\x00', @ifru_data=&(0x7f0000000440)="06ebc1dce36bf6d768bf66ce9239598a60511818e91226c66cdc70109f95216b"}) ioctl$VT_RELDISP(r5, 0x5605) setsockopt$inet_mreqsrc(r2, 0x0, 0x25, &(0x7f0000001600)={@rand_addr=0x8, @multicast2=0xe0000002, @remote={0xac, 0x14, 0x14, 0xbb}}, 0xc) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r5, 0x84, 0x6b, &(0x7f0000001540)=[@in6={0xa, 0x4e21, 0x7ff, @local={0xfe, 0x80, [], 0xaa}, 0x8000}, @in6={0xa, 0x0, 0x3, @empty, 0xfffffffffffffffd}], 0x38) r6 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r6, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) 2018/04/09 20:47:33 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6fffffffff0000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 166.361280] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 166.383416] binder: 14764:14788 ioctl 40046207 0 returned -16 [ 166.446122] binder: undelivered TRANSACTION_ERROR: 29189 [ 166.452470] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:34 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:34 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r1 = memfd_create(&(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2) setsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x1, &(0x7f00000000c0)={0x6, 0xfff, 0x9, 0x6a1, 0x7ff, 0xf61b, 0x4}, 0xc) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000000)=0x2) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r2}}, 0x18) 2018/04/09 20:47:34 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x70, 0x400000) write$rdma_cm(r0, &(0x7f0000000d40)=@join_mcast={0x16, 0x98, 0xfa00, {&(0x7f0000000d00)={0xffffffff}, 0x1, r1, 0x1c, 0x0, @in={0x2, 0x4e22, @broadcast=0xffffffff}}}, 0xa0) write$rdma_cm(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="11000000000000fa", @ANYPTR=&(0x7f00000002c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00'], @ANYRES32=r2, @ANYBLOB="00800000eef891a8aa9d436872f87374e4db2b64073d84e988fcd27dcaf680215e5d4dfd2e0c57a5be33f98676f44fd5c11c9531e6622abc62c582a0322ae6922e7c88cfb4c69e769c7277ff9d9a99cfaeb46e6302aeb670ed28dc1e1a9d7cdb1c82f7161c023c3dd76b9e451e778e21349583734ebe4ce29675eec10016"], 0xffffffffffffff8e) 2018/04/09 20:47:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:34 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff0000ff00bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:34 executing program 2: r0 = socket$inet6(0xa, 0x0, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:34 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) write$binfmt_elf32(r0, &(0x7f0000000140)={{0x7f, 0x45, 0x4c, 0x46, 0xff, 0xffffffffffffffc0, 0x9, 0x2, 0x8640000000000000, 0x3, 0x3e, 0x100, 0xed, 0x38, 0x2bb, 0xd9a355d, 0x81, 0x20, 0x2, 0x400, 0x4, 0x9}, [{0x70000007, 0x339c, 0x5, 0x800, 0x5, 0x4, 0x7ff, 0xfff}], "5d01c681148b457181c83e21e31560bb40203cb2a29210068db5bdef148c6b70e1ea74fa006ba011a7b5d41c69f44f365afc3ebc851593d0226acd5bbd22e122c011e0a14dfd8887931c42326c1fe42382b1657cf10f651a04f854a78dd617aeeff991b299d53b8a7be12f101709bc980e4ff084bfe3656bfd1c240b0d0ecd7387fa8d7301dc23a00416441ec260f82aa88a458442d27bbb48fa8de19dc7f98d742b3d07669961db20c75887c250f0d96daa93652663274788319289c007ba1a541a31ca7afb114b6ffde0b1db725cb78177eac0f7a91453d7f0c79c360770fba9352905797182bd72665070791e914410d666e1253bf2b1dce8aa395453e4ae4cd05401c0e7456b2b097e6569c082390947b9449e708a6282d21eeaeb5364752989e5f4d513805a780ad130305865523b32934f3c47ab16a318bc905eb8162d909f498b5cb1733373bcf89aa0f3c22af250944b6d8317370f6f62f66f179ec6bae7e7516abd4f72373d4145e5b7047f38be528d1f3f5f97ec66247330d7e601442ea5fbfc6f6c8d043df0286a7aeb85a5e734b2900b64a049bf08a278e49f2ac821a49ef8005860542469a3195800b6103992d1303d4690c35d5a539363579b54954f7903d35f0f0551a204ed3699ce0da5ec695e71784af74af74f7434fb5a906230da9afbc4f74fa14e7d78deeadd5708c89289d90ea02ca6db7e7c8c7b89084656dd96844e4e6b9dd3b5237d0bc70e82ff4a8fd85baa9c56e81a9649e35c07563d357a17759d894272732506a7332856fd64c75c9320d97f475cd17b2a9daa50d9f6375334910820c36be6d3b64f8df08d9254f655b576c51a29a283ff1f2bb9d2a9d7b3f599004d90450bd0d2dee6f6998ae37bc3dc27f42c55d25028e669acb952f9bf51074dc1838d68800e40fd82ea2a118f408ff8d298ae4a4b9dac96868881af1993f7bc8cf275c15c0821dc2d9d95ae5d1a5c59a8ccf7793007efb0a2ec2ca76bc8c171f26e715c50fb65eb451a0f5d693e5d2c295daf13bba921c89a18ee4681117c603b69bab06d5ea3e5d5e773ad15b60cf1dc83eb45716c5e0894102e2ceab52e68842d9ece6c65e8339cac7d40beccd780fd2794bcde9760e1404c7945a023caa87d08c38df30065d4f21734df8e6b4d8e50dea97a95015168525c76d5491a068629f0c17b63bf3b731131fe312a04117ab35a18bfca820320e2f24e7a996281bef52b84ea24bd0867e4fd701a6115786c1e387c997046fc68ccea6e9d63d63ce7f9255dae37a36319fcfcf59aa4d5f4200a51e1467eae9fe0470d46db85c3b34cf06d39a10d7590fc2bd2f605c751a2671e82628c6022c208c47e0853fdd0519a9aeeb2ae7eaf3fad022f0b6b0603b42895669e49425240939040167fcaf6439b1c51c72aff414f08fc4da9f9aa225a3c68dee19f4f9726c48974df7305760a305b7f9c4445287c989b65416c737a798bc2d7c1012508b97e8315b050a0ced128220214ca55ada505cea9abebbeeb1b15a0cd7cf8884d90c805cdb130a386baefdcce57886573595a30e5e550e3ea46ad62a86c4df6edc881caeec88280796faf4e687e95cb9190851f2c8126d644ffd7a70fc1cdce81c55fa41a78888ffe9ebadf915d8241a36f526530b2cb3183afbc2e56f6d9d8d44eb3f2f23448cf36de15e37637b5fccd3b8f6eda623d313a3a78671a10bca02ca149cfd5a9aafb6051f0f8648d325f3f08b8a24e628316d9f746c7f0c003d76519ec665528cabd0e5076ab23ce1f588350c27ebb52a6bf59ee1633ca9c13c7abd7d5917efcc38ca2dee62fdda03da7707354621f223d8d62cfb3fd52f9cc4c34d81f84c70cad3535ec6cfa333412fd8bf3fe999372198efdfafb86d116d0747675401ebcef2dfc3a4b577f5a7dea572c3266af787ac7e6af789772c813c9f4c47bee6b5f12cf061252cbda0076d9b2df20642e472f864e57f96dd6e2255d2d2b73d0d29972224aa0ed7ddf6b9db4cd3456b776d9f907f4dd8def99880cf384920bc2aedb06fce5370ad9acefd15a9914485fe5f1245f4ce1b0916ffb35023700ee1d81bc54fca0b2f92fa4eb04347aa99486473fef0bc073cd702974fdfd795ba7d4a310ebc55953c0f16b249ff7a63b7f16e85cf0cda0b22e5ac78d694dcdf76497d0c497d76972a6df836c6ba98958a803a78884c4142f09fd69916a005f697937d36a721f0ddffc6aa1af01787c8ce2db4e8f3313b0e95d81d2997d77653d1e833faf123c0fd298164d4efb1511c37f728dc7b69a4f5777b43660facd817ef0bcda8fec7f3df1e0d3170e0d59f1715c1753accb854a7f9e14a39c029ce16c5ea479de97cf5420801b70ebad7a0ad331417a7e84300d66b68d4b5c6425025efc5b8528099c8daecc69bdf0107166deed3ba7942beae62ce46c81193dc8476196124ead74a4d8bc90fff9ee900094c8850d4a03e22a40a08aa03f65b8d2b63f0838a0c0c87f0a5e2dac0286f73fa0e8ae0d0555dc1d49090fef4762fd78ccf5ee71091ca4c0047ec712d0ff42661b0887d2723202c812a3eb0df993290cd62aa178d851327f25651f0161f6c3ca3f68221b8635ee89f90525c35a62b3d8dd967849307759f022005f08a4a1b8d5fab5009c3f9156d296fee8cce1e961c3c1e99911f18a8b433c2e3ea692d69ea13df5d353dbfccc7ae10da5dd2610db598ec990e0df605900ba36eb9847d7afff27d56af737ecf726cc4e1b06ed86bb21f17f134ffe6aab806b58bd36e8c846bb5235c5abd4ffeff04c05463e32d1b90435e2cc589ab96431fc38f7bf6df7f2efa768c6c45a7d34c2fcd12967e21f4bbe2c079858a6bd252ccb2d1d690bdc1a86060cf77f129ac7bc5c974ec7340e7a7bd1acab5de80c51c15453e2bbdf18bc968c1454d4632e7cf0a2b510370d060179660926098ec62ea27b0bd28ff8fdc8a3b56ab0e9b7c85cf2f3f2d648765ef43d26e73dc62c72fb48dcb9f791e7f95a5a135cac61a52144faa3515b27950eee85cd5f4dd061d669c0453cde6c394d93ea1b6aec4199754e9f72462ba737fcd7fe0bb72da6bd4e1cda59dd77478d278858e571a5de6f127409ea17b8bd31c54f143d4659aaa74a2807f965656954e99ccde571f2a117b404fbd8e30df496e295c83a42f19f3bc07e2de22cd95d4d3f2bab7592fa2004663eaeb19a4c9b5c6f94d45b050d40a2f14c88e37ced9a528f9a55915d4913d62aed329282bb69c66f021ce503677ca71c36546a29010cb74580e15abee752f114f638ee39c064d51ce104f82227a282d7d354ad33b409269e079541ec16710c71f16f4206ab11f5b0d07ee3bea351a97f476651219ed8cf6d9d9526d4f4421c088f4451eba93ef3e571264f02ceb67e4ae149796a632c26d7740a8e5431bf03639f7b633049d70062596a15bde2c592cbf5730592488c9efbc617662ed3b4dbacd715e07fa1d1a9400066ee5ebad556c903960a4a205d5fe99a49c93de3983cfd1cbf05e2314653b6ac5db67f82e32ba2f74029168a9fcb3484d3be0d95cd9c083b603a880aff6d2899b9750672d9805d67f9e59c3294730b6fbba9c6fc452c991819d6fe82da200eb18bd5a4ac477d82ab598b50b8a4310c2b5452aaaf3c7b970d825ab16733dd7149b6c32616820c5546f270e6f92e5cc70c886dbee6811fb69acf26d69a9629715c339cda44bc2e329ebc9d6070b7ee0f37d78ada3eb5eb703ba3fd9fe8d3e74ae96f41d132dd4e6ecae49834a78957b07cfe3ba3d731e4fa3b84fe89a270322751da13b45dc08632061b8636c042d5c9060fd4c6a69a8deebde966dcdabeeb9238edfea3f40026d6f4b4ced71089cb049a14c29bc060f79bc3a6e76572b56b4e6e67a9170e446fa5bd61fbe44e6a93e6a1c8c8a3c01c597a42698754bdc19ca2338f8becb3531cb8e2943eb1cf9826f6807f2a1ae5e2ecf56752119e5a6459c21fad010370a38f55a1117e3c68d7c3bcdb97fdc746c3fc817e833c99444e86c7d56597444aeafcfac4efaf330eb573081cbf48bd461be94b04f88dbd81569ef09c678e7bfe89736c3e7d4b1371ec25c3c7ed90e6ed1be71c65313e59c93627f02c1cdbf256e5d122c5a6cdfeaba018672b432e282323f245a6b81e59997ca538b5742063455909b74fe8b7b293c80f39bc93c62a256a3177a149213248b6f3a648e9ce7817501ad4550f0a05b4aa2b89275fc1f2e61008b51a46a07816046e3d2be91691513eaad9e43d114a92988de058fcbcdad611a80e20219245bb4fcdec51b785aa6853e74fee48fbcfe15bbd63b999bd5ea08efff4cdc314df8379d9265d6fdee5f03babf08b729c31fcba4df40ce9ebe49caca1ac14a7f3b082bb8e701a911680ab7166f3c2a799c6380f830a9b93722d11e7f2385afe77ba327cde0cc292c6ba97c7795044ea94c051f4610dab452e8bc02a238c85157cceed91fad74f9d923d2e6a9e9275f181f7fdfb4353457ec68a2ed27ddea5205735328911621eee6a45ab30793937169f1787f544b1c1233207e5650fa38775bf5148bc3a6b6d596e0be7549ccf333eaa91e937c62a7ed3c40c2d03c1557852aef3d89cf415f96830f3d0357fd399b37b47016db5eb3b668deec33639e65de2c6b4bbc4c0dfba6bb11a9a5c43ae29a75853879118d3fc267d2c44f641a5395424d68dcceef650b83db25ec665f4a89c9b25684e7d743a200a9e46e7d66f9673d70ee66808bc5cb500f9290b525f0d108b421a15a22f38e235d69c04eca85d49fc5788d4b2b69a267f26802e9fd5cd98b0475259725e8bedacab9c83bce1a25588ef24abb681bbad499e2f4f80c49e0352e4a5b14ed66e4c65d8012aec1c16b28ac64683c318b9dcc211752bcc41ce545466eaa5922e2266acb061947b7d31c5d4206d26e5e019509e319058d14e20d288303e6e7f0259fd405c26ce700100729774c81127f24659c51af2ff2587fc45515a93f103205927915317c27a258cb70c14c4a7a66b5f5ccad347ccee88ce1494597dcafe7d728196d784ccd4e5f84bd9a1097b3761bdca9e957d5eca97b44359d881b955155511aa24c3677b803a4815b12ad78ca85e51b15cddf1c0baaca8be6aa7744860b91890d70bd1197280a0564692e702f3e7be8c9d298454daf05919ddb346376c5057851fb580226d99e17833c02c80d0ce69d29ce6487448533f8685a9719fc36ba691e54bd1fc956b92b3d49f3421686784cd104a671eafc3af79c2d6c98e5fab2c09d4f867632640460f86e2c8b155c0e8214478dae5c067c6852514cf33902647dc5e5cb4e457649da076c13845ce9fec3b6ec7c561e6f28269956f0b646c710de3f4ed6fddcaa7547a83e4a453220fc36d3c8490fbb23c2bcf94090959678e9263af38577075fd8d65dd15b7366bd7e18d7d2c219c0824a2ddc3d8cfa5b53481d7cb983eb443ea6337327476cf4e7e85057a59423b1533b690171edfc2c70feb3f749317d71e9d725c792e685303cc6a322a344f804319d9f3ded7aabbff1964ebd1936b2a8d2f142fa6aaa13d88248d0ae4e61a74ca0a3407e0823ea0bbf0d9081884bdb70abb2b4e6dedb12efb786c9fbbf09d3009a5f6d4ceea42635a4a9c5b691537107bf8c0070297898028862b528903973d31bff08d62e055273d426c93bec834bb8715f0b5a9d1cb51ee3e6fe60baedc78835bb6814627100eb41b04c53d99b3e177987d49b01833231d49341e5920b9b1ac1ffbba652977d37688bb74ced1ff0d2c77104c3dbaeeea73b82cc3f407", [[], [], [], [], [], []]}, 0x1658) setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f0000000040)=0x8, 0x4) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={0x73, 0x79, 0x7a, 0x3}, 0x0, 0x0, 0xfffffffffffffff8) write(r1, &(0x7f0000f8aff1), 0x3f33) sendto$inet(r1, &(0x7f0000494f01), 0xfffffffffffffcae, 0x20004000, &(0x7f0000000080)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:34 executing program 3: perf_event_open(&(0x7f000025c000)={0x0, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) [ 167.463476] binder: 14836:14838 transaction failed 29189/-22, size 40-8 line 2848 [ 167.488638] binder: 14836:14855 transaction failed 29189/-22, size 40-8 line 2848 2018/04/09 20:47:34 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) socketpair$inet_icmp(0x2, 0x2, 0x1, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_MCAST_MSFILTER(r2, 0x0, 0x30, &(0x7f0000000380)={0x14a, {{0x2, 0x4e23, @rand_addr=0xfffffffffffffff9}}, 0x1, 0x5, [{{0x2, 0x4e23, @multicast1=0xe0000001}}, {{0x2, 0x4e24, @remote={0xac, 0x14, 0x14, 0xbb}}}, {{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}}, {{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0xd}}}, {{0x2, 0x4e22, @remote={0xac, 0x14, 0x14, 0xbb}}}]}, 0x310) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) 2018/04/09 20:47:34 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00f00000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:34 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20) 2018/04/09 20:47:34 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r0, &(0x7f0000000040)={0x13}) [ 167.513277] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:34 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x20400, 0x0) r2 = geteuid() sendmsg$nl_route(r1, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000080)={&(0x7f00000003c0)=@ipv6_newroute={0x1038, 0x18, 0x800, 0x70bd28, 0x25dfdbfd, {0xa, 0x10, 0x20, 0x8, 0xfd, 0x1, 0x0, 0x9, 0x3000}, [@RTA_UID={0x8, 0x19, r2}, @RTA_ENCAP={0x10, 0x16, @generic="b6a2c3474eb6024fdf3a4b95"}, @RTA_METRICS={0x1004, 0x8, "eebbde887447581094fccb3e7c76f4370f9374de5c6c18dada4da2e55056833de5e0ddf696a702755950e666b588faf242473f5a48a4a816df279a7d0207a11f28a29a93ea137ccfb4ce4a19c93f8db8364ab7c58c92fb99643f4f96372d770501b264c072a3c5b330c86ecbfdf90096a161d947db56ea9fd0781099e67157bd3bb7c443aa65d699fc8497a8c119c71e8e9a6bf17dd881939261079e2023567d07612ae82c8b245d8d91797de30c2e9f8b188b833da6c10fe7a9df9396fc5babfae1c531cfa22e301055b28e9d1c7dce2cb1b7fa7c52ecfd43842885c264ad32e08b9126340e65c4149322f7391624efa5871c551802d888a1129c7ec6d42aa3fe2f63428c3c56e00ced5c6177e9c586d73d181c733c011bf7bbe7958a40912474d2b003d2ed0f07a918f4351853c5c9d386e15b3a031efca9a86cfff379105ecd03d5c6fe332861a56db8ab9bdf6f2f6a189d4884b0c6ff9be725cd671bba5724da0226311737d789e9c86ff0412b004c4e6938cc4cc145e6f1ef1a0ef522fb387256c2de0ac178a74c67878f7ac0c64bb44580f27e52c501e8c8d9fd8d9766ffc5fd6f7bb61bda0581086681767e243b60fbfec240025516bee52f4e5316da31086eaa5e5f91fe33ef8ec002920c0829c3d42112bc76b51e969a1048ab76544a19fb158335210172fdefd86e2144efab82f67ccedd35dc4706691d7942d9d33befe4c37ae339b80f32a67fa80e0cbdde0cc8abb0b81e55db586b7b81e73555c2d5209172bf22cbba7a5b3ca8ef3c00e90a0cd07e71c42fca8e96f90ea249be818f484e4e205e8be216b06e34cf761d1470c71c14b5357841dfb84d70aa705dea48a0118fdcc15bfb6725a1445c53caea98b85e9349f211252ccf19c6747e11e12a4400dfcec11b95cd58a5a308e8654377cd9e668621a0a041c96a8f3099e869e5482f946e4e07934c0292198b46ceb1b78b89027650801955173f93f87b80d7a0206ea287f4331e8489e2294feab73b0b504a0148fe6276438974315a5048bfee077e87e9567339b63e5b2a10c905eeb50a79ee05c8b463799b10fbc49e4b51d66a2207f33ac26dc1834c2aa8e165ecc672226a3cf32161eec53d7c04ba079fa33d984edee92eab8ee70997feb562077acf9ce45ebd664fe2ff1ea155221c8c7a3041dee435d9c3ed86d0103291ee469de5605127a8009d7f9576425e73744d78b253596b9542669d4130363631479a0265144d90f7b816e3fcafe2d581c89d9a9b8b4ca3509c2a1961e76d8b3e5297c2857e03fdca6bc302cd4c1eb367b569183dccd18fe8c70e58ed6549fe5f0301062dccdf5a6eeaeeb91a69aed3e26aa8b3ddbca13a4dd969e2c50880bff9c8ce41d8edba64cddb240d9f97d84b4b222a92cd2e55c2c1a5aedecb18eef2219bfd056ffafcdaae575c028f3ce9c277c9cbeb25862f09dfcd366bdf1d867ae9daab4dd42d630948508053f1d2a04083136d5b71d181fc3a2610f0afc8d0880ce4cb73c55054c49407c4459f30b50e53007b039053d105602f643ebb6d3fe645ce9e82f7ff1e13c07de02c0bff12ea06cddd2a615f448adfb73244fe3d854e1c51801523630c77c1719bd218c2176c8cf41cba94d7d3705cb232721fa59f1fd66ad2aa6b1afc11d21b2bc012708ab649bfe1df10d49e6289ad827370011c94d07b2530355281070829a6c6a55d0fb95c494ca118bda9a0b66a51135b5ec5019ecd0360117006934b720639fb8b7dffd1daf21241b8bb7c7f63a87db242a0c0b18e9af73033b4766361e677485a4988db8a80453403684be141a45e94a8c72f902880567528fc7f8af9224eaa731602fac07accbb77b4573d67d50a361a218bf7be1ebda6721a805eb16a9a64e02220d1ccd3d2f14c39aa38cebd03a0c9407e1341b5867d7e5999bac3a9004fb731de3197a409a5fef258d62e3e647935a8f450f393504ccb9b37ac41a6f8817a424056bbf5beae7141f5a66c0082dbb0c1cdce936eec56783690d7ab953190c1fbc13c62e503eb4afe32ea9509b19023a21ca58f5dc64061fb4762272c17eab2608f081ef4d8838fbe17496ec7e8f7dc944101f74cb1b5664ea158cc4d4dc33e3446ca3b689eeb5d135730768c68216816bb51689c789145b686e8426575c9d1f507761aa6d8c302c39d3d71bad3dc9259a88cdc91ae12145ed735d0fbbec8437caa9938db5e1316624a59f3dbe7562b330fcac90253ba76db8232617474a10e666cad2251ebecfb35dc250c9036b253d344bbced142ccee26e70295d14d408a8bb848df2ddb0cac883867f02e891dd5321bb9dde4793708083ba95781303619752b07be4f0422cdc7d65dbc3155c051034f24212fba0e0236d6fd6bb19fb290bf14cd4997ff40287e96bf3bea519ed0a7418fdbe5dc02095dbfafcac214b1a30ea9e983babe2684ecdbfe956b2b5570017ce08934173b8f078089e440e0ab0e4820351db2e08988d7aa548a3f6df3635d0ab19ce5d3b8e86ee6725b369ed8ab1f607b3348ad4c30a73f346ab6d676e566c6829c4adc2a450acbc7e4376031ec4bb5f2d87daa6cbcb4144186e4561d8e441a779d99edcf19aaaebd602dd773d42b04e9bddc430b75f35ae5dadf27b641cf17fb4719821fa172983e0c84d990fcdcaece3b14064535390829a7f366f607b91ce0c936a203082c12328a3ed9fd33d82ddb33aaa0f0ec6046a27f61b74a58a46dea267bf5773d4d2688c7579636e371d41bf8f4200648ad6fa4bb6f5268f30fd35683cf147e99c1385a693b3908d0afd9d834e58adbf46234edee2e3b4959975e9c7cd4068ac2bb981da58eeda697b05738d647e2887d85aeec89671c916cdb16b4a40a0958bf19ae56e9bcd02eee25996d979fd01db71a597c7c0cc7c27bc7c5f0d8f9890f48770a676082a188d7756fe47675ce6be95c54398ecc2f3cc52e4cad3f893310ba5e0de08fd4a89451d50e55e03b854be370da2449c84f4089907d6d86356d89c1fcdb9c4a50a9f8ac484631a21fdd85e33eaf09f8e0606beaa4688a5fea271aa30d6fd92565bba972b15354bc2749b9665386060e7295053142a2f6de866417cb6e92a716f303c6b1c4528f3b1168f1ac19733218fd0aea09272ca3ed3ac10e2d30b0047608afdcf4ab58b2835edcc106d2292889f3580f3beb68b7bcad1c93e42f0b8c6f1e6555bf859e1ceb81f6d4529818554ffa4f3eaae6d579679056e4bf5382199e281aad5081a8604ba44a31d656d8ea403a5aa1d630b5745273a1da7b76c9233e91bd6ad024b148aa97200dfc2476a0d38cd7118a5456f8188eb05d7269e5397a6e773d85e6636a5f1f13bce765b29820fcc80bf25c86ab3bb4f46dbac9e3365be8a1fa5fe90bb0b633819d300130465320c78e5f73cbe27c7e4a228fae06934158124db7a09740080a56e3cfb74ff6bd7b8349ee8d29f0edaaf763631410e634e5e56a31362c5fd22192da0b25536d873eaa4496c9c09aa9bd310963445780b7f18e06c7b7f668b7f37ff648365a57f7dcffb796108c21e82662e5ed1904b36763f08ce768c79b615d9d08f32ad28aed2769bdfa2c6fc598e1f834227921e0ace63132b07f02cd6d88979f922ef83d89f1910dbc23d72b305f22e4f30fb042257a432b50b008e959dd4f963cb064b8527ada17022fc12e1db022e2c894411b2ec0336ec1e28c2c40fa172ee320556ea097ffe4199c9a08756878d2d596bb9b54f02bb6318bc91d4b0bd2ab881346604223ab1cc225d9e4aa3f43ca143b6891c8f4a99e04ce5842574aea347fe4e894607095d87b034dd6ca3c1a1141dc98deca6510d41efce3092c72f5dad33e395aaf83256efaaea4b2953faa53d6e7c29ebe3037568ddcfb62b987421448124e5061185c78ab2f425653de0e2304b80f7fbdb3857269e965494931dfc93874201225fc6822cf895ea522c574687686d2e87ef0ee1a824cbcabd700d2a54d96ac39deb6d03a5add22ef072e97c5cf42326f4639cd85b914d65b8a0c2129b61c3739357e897e17b967c596757134c6483cd4d6b8cf9a9da14badaf1485757be1ea90167dffdd55975bf4bd97dfd682653af497ba445065c2fce5acc0994e28ae80fcd6af9102e7e6001c91ede64e22523785f1008d7c41736e847cca4c3fee8bdb3c1e9f0534f25ac770d008a85c9d641d6303d8ae1abedf6eacf6ddf90277f375b8da92710330a5a81fbe20e0afa4b7749442507d8558055f5ae616dddb55072d16bf85bf96ca59bf77e004aad2c34ea68fa97365131942704a60aac2dddb53aecdfb40fd73ff92da52f3409543dd495a54f80a669a58fce930c7b49f7f8ecaf45927283584e342e66569080a36e9a516632b6dbd98f25045dae38725dffc29992a4b45f064954636be81edf10f42bbcf9f9c260b70e7de54c822337e655f98d32afb3f76c9c60c66e48ea848a7ee9cc1977747b0af5c5764c87c543671047ba3c4e528c800733cee2d45cea48c5dd8f1a6761adae2b2efcf5afae18322fe870a8affcc1890ab02a28b349eac15d42fa609fc510ec7167e86076be7368b7df3d3befa03bdc8b758e7e3146eb0ce99338fcaa90649a28efac3f32a90cc68c3eb18b7b7ed6c40aa32ea099a2ae1f217be98f60a6823c364229b16c1ca3829b6abe207003f4be11766193b877bbb04ba733179330b141c70e39c07c5e81b688117a309d71e796148fcaf7e70720876665168b28a5e7fc361dea4a0ecac1d524837f6777b88e668c734a799b9f1ab29980ba856ded1b7594efa8f7ff061b62a8363cef59c0548dafa4584778e979cf4ec3181511be959f81682b83de4614e963d9ad5a04e48810a8c7f476cf7131a06b337eae9fdb3ad81154998793967f75ba8951226250099f19b19b466cf6b15496a3b5be042cf66b531f7b0519fba1427f6bfc0bc87fb2e635f7173439e4bbeb8f1b8e76b793e53228bb33e94a4adbcd87d192f66793a0830898f1654e011deefbbfa7009b84569aeb418b666d3e769cf7df2fab796109c151d2b926c1f6a27d68ed40ee6dfaf5a0ac086120f19807d33f7302c0c0ca40e45c219025a27a698c020f5abe65955a3d167a85795954e4e5e7e9467273749f5491c205685a4967ee0a1efc7a0ebe09cffaa387f07437ccf867d46d9a396dc45b6ec284d82c085a49473ddb7c6ff039fa0d6e4764b2c2e162bbee18ba87a516e3d3bfce82146ef97373b54fd010d0be0745bd25a2af41df3162f4d62352eee1743c84b0819662b763a167835ae4d317180d0f0e2d79a4dd175e23d665620b8982dc298db3efae86202c4b856370337aa8bbbc33aef98d5bcc333947ccd93413fc75f79e08462483a1ab16fc0a680541dba2059e911366333dc77c5846fd6d0d615b156a4eb0580fc3eff23fcf708a4d7b294a433fe5455f5a5c9629209e99d781163a86a267dc94f166687fad51255479d40850c2debf40f5bac38ac63d4c6964e0351b1f1c07640651c178a728f5b0d5a6bb7371750ddc0358c83f6c8df37c2b465c3730682ff8089faaebf0cafabf8b59a892f136adcee26ab17e78fe57964e89d8563e7be34a57d7c26931607fa14cf1ce09dd5cd6341e06f32cc7889f373a7a8026b131c9f468b22d8a34106e548653e57cbf87b1c55f99de56dd1b4950b6cc65467706e3642bda7638f81407ab1afaf7bd5c0a0487e9f9d9958a47f8541370a02303102b2db70fa1d7d7a8041c35510f7f31aeb5aa4e2b0c395e6a61a46b8d3d5bfb97c4cad9e18d2a6c73e3c86070c61a844a5"}]}, 0x1038}, 0x1, 0x0, 0x0, 0x408c1}, 0x4000) 2018/04/09 20:47:34 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:34 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000ff5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 167.604113] binder: undelivered TRANSACTION_ERROR: 29189 [ 167.611230] binder: undelivered TRANSACTION_ERROR: 29189 [ 167.664962] net_ratelimit: 7 callbacks suppressed [ 167.664970] dccp_xmit_packet: Payload too large (65423) for featneg. [ 167.692400] binder: 14883:14886 got transaction with invalid offsets ptr [ 167.730617] binder: 14883:14886 transaction failed 29201/-14, size 40-8 line 2991 [ 167.763579] binder: BINDER_SET_CONTEXT_MGR already set [ 167.779498] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 167.790516] binder: 14883:14895 ioctl 40046207 0 returned -16 [ 167.796774] binder_alloc: 14883: binder_alloc_buf, no vma [ 167.802423] binder: 14883:14886 transaction failed 29189/-3, size 40-8 line 2963 [ 167.841357] binder: undelivered TRANSACTION_ERROR: 29189 [ 167.847759] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:35 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=ANY=[@ANYBLOB="00000000000000fa0000000000000000", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="3f01000000000000"], 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@set_option={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x39d2ca7f4efbbbb3) 2018/04/09 20:47:35 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000380)=@connect={0x6, 0x0, 0xfa00, {{0x9, 0x6, "59686fdbdb2389acffc2c0302ec168c1418189a74c84ba74fca47d9c39de1b97b927f3a89aa11b75b792ba522407ae96b891c807b98505828cc3b30f658b778cce8ba1dea1035cf018819067627a3ed239a16fe4266ff89fd61faba8a5e0caaa2265fd43ef2706bee0054ae9e92471b80fb6f84a7b8bced76a90017de103eafeb4c27c43c0d8084d2d0cadbbfedbec606fb9061003032239f295905efc135a247f53ec5a047cfd7c8b6100d2db6e58d6e0cb5383b96509f45aa035d1965efbdbc45fbb590eb7faf059f4cfd17c67531c53f9481f33b4b6951ce816ce82e304b69ec99b408ce066d09983a8c96aaa33abff79776d7038534e9b8f38221a735459", 0x32, 0xffff, 0x7, 0x6d1, 0x4, 0x0, 0x4dd5, 0x1}, r1}}, 0x5b) 2018/04/09 20:47:35 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00020000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:35 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:35 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = memfd_create(&(0x7f00000008c0)='%\x00', 0x2) ioctl$TUNGETIFF(r1, 0x800454d2, &(0x7f0000000680)) listen(r0, 0x8) getsockopt$inet_sctp6_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000000640), &(0x7f00000006c0)=0x4) setsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f0000000800), 0x2) r2 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000005c0)=@nat={'nat\x00', 0x19, 0x4, 0x520, [0x20000080, 0x0, 0x0, 0x20000188, 0x20000420], 0x0, &(0x7f0000000040), &(0x7f0000000080)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x7, 0x4, 0x8137, 'nr0\x00', 'bpq0\x00', 'ipddp0\x00', 'teql0\x00', @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [0xff, 0xff, 0xff, 0xff, 0xff, 0x903e060e6efe67ce], @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [0xff, 0xff, 0xff, 0x0, 0xff], 0x70, 0xa0, 0xd8}, [@common=@AUDIT={'AUDIT\x00', 0x8}]}, @arpreply={'arpreply\x00', 0x10, {{@empty, 0xffffffffffffffff}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff, 0x2, [{{{0x3, 0x0, 0x60f7, 'erspan0\x00', 'gretap0\x00', 'eql\x00', 'ifb0\x00', @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [0xff, 0xff, 0x0, 0xff, 0xff], @empty, [0xff, 0x0, 0xff, 0x0, 0xff, 0xff], 0xe0, 0x118, 0x150, [@state={'state\x00', 0x8, {{0x8}}}, @devgroup={'devgroup\x00', 0x18, {{0xf, 0xfff, 0x10000, 0x8, 0xffff}}}]}, [@snat={'snat\x00', 0x10, {{@remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, 0x10}}}]}, @arpreply={'arpreply\x00', 0x10, {{@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, 0xfffffffffffffffd}}}}, {{{0x11, 0x2, 0x88fd, 'nr0\x00', 'syzkaller0\x00', 'bpq0\x00', 'dummy0\x00', @empty, [0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @random="c440fba18392", [0x0, 0xff, 0x0, 0xff, 0xff], 0xb0, 0xe8, 0x118, [@quota={'quota\x00', 0x18, {{0x0, 0x0, 0x6, 0x42b}}}]}, [@arpreply={'arpreply\x00', 0x10, {{@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, 0xfffffffffffffffe}}}]}, @common=@AUDIT={'AUDIT\x00', 0x8, {{0x1}}}}]}, {0x0, '\x00', 0x3, 0xfffffffffffffffe, 0x1, [{{{0x3, 0x2, 0x3, 'rose0\x00', 'ipddp0\x00', 'ipddp0\x00', 'eql\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, [0xff, 0x0, 0xff, 0xff], @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, [0x0, 0x0, 0x0, 0xff, 0xff], 0xe0, 0x118, 0x150, [@stp={'stp\x00', 0x48, {{0xd46f, {0x0, 0xe000000000000000, 0x401, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [0xff, 0x0, 0xff, 0xff, 0xff], 0x80, 0x5, 0x0, 0x405, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x11}, [0xff, 0xff, 0xff, 0xff, 0xff, 0xff], 0x4e20, 0x4e22, 0x3f, 0x8, 0x2a, 0x7, 0x1, 0x4, 0xffff, 0xb27}, 0x952, 0x220}}}]}, [@snat={'snat\x00', 0x10, {{@empty, 0xfffffffffffffffc}}}]}, @snat={'snat\x00', 0x10, {{@empty, 0xfffffffffffffffd}}}}]}]}, 0x598) connect$inet(r2, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r2, &(0x7f0000f8aff1), 0xff8f) openat(r1, &(0x7f0000000840)='./file0\x00', 0x2, 0x180) getsockopt$bt_sco_SCO_CONNINFO(r1, 0x11, 0x2, &(0x7f0000000a00)=""/209, &(0x7f00000007c0)=0xd1) sendto$inet(r2, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000000880)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) 2018/04/09 20:47:35 executing program 3: perf_event_open(&(0x7f000025c000)={0x0, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:35 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="00634040000000000000200000220000003c0ed40000000000000000000000000000000000000000000000000000000000008177b34e090000", @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) syz_open_dev$sg(&(0x7f0000000080)='/dev/sg#\x00', 0x80000000, 0x40000) 2018/04/09 20:47:35 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff000f0000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 168.287305] binder_alloc: 14904: binder_alloc_buf size 8611163962509099008 failed, no address space [ 168.296713] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 168.305643] binder: 14904:14905 transaction failed 29201/-28, size 0-8611163962509099008 line 2963 [ 168.322919] kernel msg: ebtables bug: please report to author: NOPROTO & 802_3 not allowed [ 168.343903] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:35 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=ANY=[@ANYBLOB="05000000fbfffff9", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00'], 0x18) 2018/04/09 20:47:35 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:35 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(0xffffffffffffffff, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:35 executing program 6: r0 = semget(0x3, 0x0, 0x40) semctl$SEM_INFO(r0, 0x4, 0x13, &(0x7f0000000000)=""/47) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r1, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="0e000000180000fa", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00'], @ANYRES32=r2, @ANYBLOB="dab970e9901bf00000000004000000000000"], 0x20) 2018/04/09 20:47:35 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff0000f000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 168.389657] binder: BINDER_SET_CONTEXT_MGR already set [ 168.395864] dccp_xmit_packet: Payload too large (65423) for featneg. [ 168.420412] binder_alloc: 14904: binder_alloc_buf, no vma [ 168.426090] binder: 14904:14905 transaction failed 29189/-3, size 0-8611163962509099008 line 2963 [ 168.476215] kernel msg: ebtables bug: please report to author: NOPROTO & 802_3 not allowed [ 168.500692] binder: 14904:14932 ioctl 40046207 0 returned -16 [ 168.509092] dccp_xmit_packet: Payload too large (65423) for featneg. 2018/04/09 20:47:35 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000380)=@create_id={0x0, 0x0, 0xfa00, {0x1, &(0x7f00000000c0), 0x107, 0x6}}, 0x1a4) 2018/04/09 20:47:35 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x0) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) [ 168.520904] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:35 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff000ec000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x0, 0x10, r0, 0x1) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x10001, 0x0) ioctl$sock_inet6_udp_SIOCINQ(r1, 0x541b, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="f41bf8350c922312"], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:35 executing program 6: r0 = syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x6, 0x20002) setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000100)=@routing={0x1e, 0x2, 0x3, 0x8, 0x0, [@dev={0xfe, 0x80, [], 0x17}]}, 0x18) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r1, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x15) setsockopt$inet6_opts(r0, 0x29, 0x3f, &(0x7f0000000200)=@hopopts={0x2f, 0xf, [], [@enc_lim={0x4, 0x1}, @calipso={0x7, 0x20, {0x2, 0x6, 0x2, 0x8, [0x6, 0x8, 0x6]}}, @calipso={0x7, 0x58, {0x81, 0x14, 0x2, 0x3, [0x2, 0x1, 0xcb, 0xffffffffffffff01, 0x800, 0x5, 0x3, 0x6, 0x100000000, 0x44]}}]}, 0x88) write$rdma_cm(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="d6518fa9fe2a745718babb1bfd2af2f8e6dce0e285cabd024da9f03e260c2d87badbd4d7e60e8dcc9eda85f6af8c0755dae90a48888997a1eb795c0a627f7af56e16cfdbdafac7e8e5fc1df3a82c171eb7e3112590594dfc2f43acb64469f7d81d7dd934b8ac1098391e03242f25cecfa44bf982b9103798231997b87322", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00'], @ANYRES32=r2, @ANYBLOB="000000000100000004000000"], 0x20) ioctl$DRM_IOCTL_GET_STATS(r0, 0x80f86406, &(0x7f0000000000)=""/90) 2018/04/09 20:47:35 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e26, @multicast2=0xe0000002}, 0xd) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) [ 168.579149] binder: undelivered TRANSACTION_ERROR: 29189 [ 168.589165] binder: undelivered TRANSACTION_ERROR: 29201 [ 168.651429] binder_alloc: 14971: binder_alloc_buf, no vma [ 168.657095] binder: 14971:14972 transaction failed 29189/-3, size 40-8 line 2963 [ 168.754878] binder: BINDER_SET_CONTEXT_MGR already set [ 168.761876] binder: 14971:14988 ioctl 40046207 0 returned -16 [ 168.771131] binder: 14971:14988 unknown command 905452532 [ 168.771165] binder_alloc: 14971: binder_alloc_buf, no vma [ 168.777017] binder: 14971:14988 ioctl c0306201 20000280 returned -22 [ 168.782331] binder: 14971:14972 transaction failed 29189/-3, size 40-8 line 2963 [ 168.806314] binder: undelivered TRANSACTION_ERROR: 29189 [ 168.811866] binder: undelivered TRANSACTION_ERROR: 29189 2018/04/09 20:47:36 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:36 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff0002dd00bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:36 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(0xffffffffffffffff) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:36 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) socketpair$inet6_dccp(0xa, 0x6, 0x0, &(0x7f0000000400)) r2 = syz_open_dev$admmidi(&(0x7f0000000500)='/dev/admmidi#\x00', 0x6, 0x1) connect$ipx(r2, &(0x7f00000003c0)={0x4, 0x0, 0x81, "7335545830f2", 0x62}, 0x10) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x10000, 0x0) getpeername$netlink(r3, &(0x7f0000000080), &(0x7f00000000c0)=0xc) 2018/04/09 20:47:36 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x30000, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x200, 0x0) accept4$alg(r2, 0x0, 0x0, 0x80800) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:36 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="00000000180000fa0000000000ee4000043d829f167f5134f69c7eb25bbb3d14eae498369c69aec0f6846cb372385bbb1b7860a6bbff88343c8448fbbed1e37da32486bd04b618e28661d73a76a0433321f420e8912f9e6b73bd64e04bc8dd45966a5f70aaa76d11411dd20181b4faa3ed55f42674d7f3e3e7075bf86418bd65e182e78b1a6ddd8420b95ee956e6fa753b0d9356691783ffbc884a42ad6581b590f965833960f0ae1f57c60be62902930b8d954999fbb941a3a717408458659ac29986b2b4776e9b7b841dd3b1a2c5684487f3348ee54e9f94f9117fab92914b12a3d11bd24ebcf8d22b7f0aabf5c1f58a2351a6b401ae70c9183ebe9475e70e7032fc6e932d0febc9156370757734b7f2b4c462e0a532a2ddd6e9332d0db336a7a2331807b0a66ea4026df52680543a56b67447ec2f0383cddebace32ce85e8790d309c417cd5646999291001d6a6b34f31ec1464fc8aec795097206a41467f37730ceb3350bf197fbc3339de90ab434fe3084c5e", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="3f01000000000000"], 0x20) write$rdma_cm(r0, &(0x7f0000001740)=@create_id={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000001700)={0xffffffff}, 0x1, 0x945f66c532541372}}, 0x20) write$rdma_cm(r0, &(0x7f0000000000)=@migrate_id={0x12, 0x10, 0xfa00, {&(0x7f0000000080), r1, r0}}, 0x18) 2018/04/09 20:47:36 executing program 3: perf_event_open(&(0x7f000025c000)={0x0, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:36 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0xfffffffffffffda5}) [ 169.191960] dccp_xmit_packet: Payload too large (65423) for featneg. [ 169.207212] binder: 14997:15003 got transaction with invalid offsets ptr [ 169.216928] dccp_xmit_packet: Payload too large (65423) for featneg. [ 169.225746] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 169.234343] binder: 14997:15003 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:36 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00dd0200bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:36 executing program 4: write$rdma_cm(0xffffffffffffffff, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(0xffffffffffffffff, &(0x7f0000000700)=ANY=[@ANYBLOB="0002000000000000", @ANYRES32=r0], 0xffffffffffffffa4) 2018/04/09 20:47:36 executing program 6: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:36 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(0xffffffffffffffff) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) [ 169.250009] dccp_xmit_packet: Payload too large (65423) for featneg. [ 169.285844] binder: BINDER_SET_CONTEXT_MGR already set 2018/04/09 20:47:36 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) [ 169.310181] binder: 14997:15018 ioctl 40046207 0 returned -16 [ 169.335500] binder_alloc: 14997: binder_alloc_buf, no vma [ 169.341197] binder: 14997:15003 transaction failed 29189/-3, size 40-8 line 2963 2018/04/09 20:47:36 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00c00e00bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:36 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x3) r1 = dup(r0) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000005c0)={0x0, 0x88, &(0x7f0000000500)=[@in={0x2, 0x4e20, @local={0xac, 0x14, 0x14, 0xaa}}, @in={0x2, 0x4e21}, @in={0x2, 0x4e23, @broadcast=0xffffffff}, @in6={0xa, 0x4e23, 0x1, @local={0xfe, 0x80, [], 0xaa}, 0x7}, @in={0x2, 0x4e24, @loopback=0x7f000001}, @in6={0xa, 0x4e23, 0x4, @local={0xfe, 0x80, [], 0xaa}, 0xffff}, @in={0x2, 0x4e20, @loopback=0x7f000001}]}, &(0x7f0000000600)=0x10) getsockopt$inet_sctp_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000640)={r2, 0xe03, 0x7, 0x80000001}, &(0x7f0000000680)=0x10) r3 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r3, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r3, &(0x7f0000f8aff1), 0xff8f) r4 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x5, 0x204000) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_ZERO(r4, &(0x7f00000004c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x900004}, 0xc, &(0x7f0000000100)={&(0x7f0000000380)={0x134, r5, 0x800, 0x70bd2a, 0x25dfdbfc, {0x10}, [@IPVS_CMD_ATTR_DAEMON={0x50, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x9}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0x40}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'ip6tnl0\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x1ff}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x8}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x1}]}, @IPVS_CMD_ATTR_DAEMON={0x6c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x2}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bridge0\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @local={0xfe, 0x80, [], 0xaa}}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x3}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast1=0xe0000001}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0xffffffff80000001}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x32e8}, @IPVS_CMD_ATTR_DAEMON={0x54, 0x3, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @local={0xfe, 0x80, [], 0xaa}}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'rose0\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0xca}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}]}]}, 0x134}, 0x1, 0x0, 0x0, 0x4800}, 0x40050) arch_prctl(0x1006, &(0x7f0000000280)="d63f37296dc012f29701a2f2cd455a01dbe818cb9446ed20522155440006345804ca897ba199fcaba6ba04d072981d762bfd103864904d84415e9ad2bd84449ac3a45caeae252666d183bc72c7a199d93ac9fdeba2384d805eaa6bb3fbc7bd8bd588964c0fd4ee1d9ed25c5faaf51fbb977ec2d98d7f56fc0b3ba4654299a05d8d244ebafde215509bc39f5dbcb7e8843abf4b26192e9fcb0d9df5dc84ad1d904318c86d6509aa7b284d96235080f103ef822c1d49fe515565d1c03f9358fbf0a23c33520d849325f5d02dc164cc7b0ae41f028969555246887d2768d83a3c66d2af86306b8348f899f6bf3d24ceb1cc65c42cf932") sendto$inet(r3, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) exit(0x3) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@local, @in6=@mcast2}}, {{@in6=@mcast2}, 0x0, @in=@dev}}, &(0x7f0000000240)=0xe8) 2018/04/09 20:47:36 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) syz_open_dev$random(&(0x7f0000000380)='/dev/random\x00', 0x0, 0x111800) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/mcfilter6\x00') sendmmsg$nfc_llcp(r2, &(0x7f00000006c0)=[{&(0x7f0000000040)={0x27, 0x0, 0x2, 0x4, 0x6, 0x1ff, "1aaf9f4e11a8a8fceee99bbf3ff3b6666ba1452d98cd66a1f81b3c93cf5c4694aa0665f202b0f40ca58b290dd78ad91710ae5180af879baa5300fe7a96f057", 0x11}, 0x60, &(0x7f0000002740)=[{&(0x7f00000003c0)="1926eb8b30cae0277a9bbc8f2bcd67070699e7760d859d2a0c31f79b0eb8af677a2c89c5d8c1b24fbe5d48c76d0ac22ffe40995dd89df9c261253825c3e693f3a2afffe2fd68fd4d40683dba32aa8bc8fae6f1acdda6079c3ce6104c", 0x5c}, {&(0x7f0000000440)="14c6cd6503e92d9944395a58f4f581566de00b093e3732f813fba2d8f56a2b3c929f8e2cf864e5eb39532b84", 0x2c}, {&(0x7f0000000480)="86d724db9bae2a06436baca6ae9ee49ccf94a51dca92b9f6c1b36b9a2ba0cb5f8316425fcc06909d5a88d79d3156c63b170b356e826506709bd826be429558075cfc816c257d0d3c958654e94729783098a9b7dfa5a6c083985b8fd6ca5b75ca501fa9e2e0e5a08a68e8105faa49b866faf36bbaec9c68eab1af3eed44c781bece33239e0bc70c874fd19ffa7eb608613ff011236ff94091ebe606bdb8b55d44f2e3efc95c6bcd3f7782508e42c3d07e1bc53ab5439631539ee5874a5c402d3cdf1048c194b254fbecb952988cee90202385eea96cb01a", 0xd7}, {&(0x7f0000000580)="dba58cd8d919dc9b93ed3a3e8e3ba1628ac3112325b2a3933201c1206465deb46af83960ec2d82273e13ee1cb7c4576ed88b6cbf4f5928878b714e7339d4d61d86b2c3e57ed2be944168c201800b9ba5df25aec09e3d1c16c658b05d765823e0bba708c931d7cf22b721eafa76139e5c53737115fea9dad1545ff13a15e536d3fa4b22709586d848c1b4bcf193594748470bdc08d3e2fc0856db49255a403af62dbd17eb701cc84be24dfe6a053c829a50fe5096edc470a769f26291c12d782894ff37c8e458017d7b83e080b68eea9750d9096eacc102cf1cf0c6543683ddedc9030016de6d247e1a40d0a59b1e49129dd477e5e00a59b2526d62e880", 0xfd}, {&(0x7f0000000740)="c5cce1cc33487ebcee8a8cf543532627f39a05b2becf7428954bfb6767c854146215d9816f6bec1fad5661ff02b9c13d7cae2c595e9812f068bb32b59d1b9ac1c06c26cbd4fc098cd313546c3564e6b17d2523efaaf5cb6eeba908352804693935ea197f07b494bf7283a764ba9bad8b1cf4b649e0be9b030cb457af16f3dbf88a96a69ef68fd630b1f630fa9f641b29a17fa1fac15432566ceedf7f4faa891bfbb4e2367cd33266124ab6a84fb5f79bc3cdcaee6db2ac33d48150d0637175d75bc00f40e6eef4206c29d617e09efec3fe7c7e46604014f1ab355a2987403927452627a364e477122279fed0abf4c1ebc6fe28ad49cf446818ead52c6c0e86cff9518b183f679ed88cd5f07829f4078e5564c75f833ca9bdadffadfcef83e4120ef958bd671b14660b841558d23507cc97b3a41c4540e908e5e80ba596330c5f2304f8899a8cd5f201b17cc668f116867b1204b2b9651d2d11c1bcc11c4fd3e38c23b1fbc8c3d26701d8e347c464a6ccc4f8fb3ca5ba5728f17345c7c81f7a62f5142d17350e41c3411fa27367db4a49d1150265ed4fb75dbc2345a333733b39b0544386799313c798d4b1e0ff5b462ffa2062a2d5baf0482c6bfa131ea8d9d8566ad5931f4582cfebf56b4b47770fd22ace32243f8fc8c575cb1a102dc6d4d1be4a9feedce7195db360f14cbde088816e5103307647e07f69fdc2232bec2fb7188315141e6698904a66e83f31a9902020f7a1220503d746427f38823a566c3023549c9044db3e273830df2eb27e6d7b62e702c76a291de382fc4b698f5612f5959ab4bafab264682325b8b040b47d1ffdf77cde69a4e587446e136447a775dc535dde37fb38210bb79eb700144277c67e92d570cb3dec68b2fd404b0f187809e19d7a6ba792da057e53734781895df710216e8baf48fea97e73d4408f029c0bb5f7e1d762f7db8a70108f7a081925b95ed343ed7c4401ff70a00ad9e469957c1913a06a56697963ccd3cfb5afcc33f5cc0cb3b652bb488e8442a5823e236f9a68d06d28b415c07abba5c5b97548ef75515f4461430f3e854b92df40f746fc833650877f03a9adf3c91fa512d92387f385e27183c7cb9a6c119a374cb0a780ebe02f378810f924436f18971821391a6bada19bfdd158ccea5c935a666eeba5b3a28a8b67abe23c3f5c81cdf65e5041d8f3be48fe8a3e1a7d52f85125bec68476708910bb45087d725c35e73c594e35ca401abd6274a5f5ce0a659ba683f95585bfd6503d8bdfa4f8edc755138017e40fbc85b9bfab919bbfed8af80a7b8de981fb09ab0917843a005afa3a3c31a588181dbaa99b3c7f24ed4c2dd1abc9dbfdb1dc10cf0cb14fac03d753e7ce3d8a35597415504624ae926bd6129b98d4292f280af924e9c4937e8aad27b50c5e896d40b06b355b776b727c9d0049f82cb0819fca94e6bef457d6d759fc72de9b3e75f7a499f25d3af4f2da5fc433c4bab2fbde5d5a7691c8499b85617de67ec3c079aaba12547618d9bf9a0e8929c4dff50ad9b54c9078e5eab67f4a4ddf1747f76d1304a5ba02ae8b61a53d1fa5f8e38e08595b08d2676422ce65e33b3883ce4fe7a46e12ab16be1d4ebff295b72293c57e581fddaa013db2cc2dffea934d24f175b76cc29ebb66a9c327f43831e469920c7aaa7140b3720ff9bfe4a53b39bff9ade77977e814adfd0c7e6f6d5f81e3a682db75fcf1a4d35e8bdc8c032de6ee40a27b44b1809b499db75e00189ef7e7b69317f6ee80f7d8feb311be4a5a1c223220404a7885d332c33cfcfe8267450efb9423379142975253f6e38c2c7b52125169e0730d826303f656467763d6574730ba8f0b450349c7b457bfae2f7ae291eda8c8eb1110c94d11d81fc7070024a2335ae27b273a088cd8537b3fd3429e0dce6b5c39faadd487236f0211298dd65e447ba3648c25beab5b7f2bc5e3317f1c6b818d3ccd8c9932fe8fe0ff1a87e82a4f3bc7d3a69abb0fe360bdd88aaed85bad312bfabada7b5a0a9c28c15a500239c9a41842f829499da3e920a8c22f8f35aa6b0038f26fcaf28d8d4cb736cbf90043701d7089332e1d2b7069b356a9b8d01971c2f6325e6649c82d964227a9b1df43c6615294ef0c7bee95a426562c1e0eccc6509db0ae2b8974bda09bb754d6aa0cb31c4af5819d586cc397f739bf99ea9713b1dde12d7f17774142115ed8442e0f0346f0421a33b2affa2e9a5f3214e27d8a2fa45b8c27f7591f2ed149c74f0cc015b2c10ffbd55ccb9c86467d135ead0f730a4db182b274fe55f17c89cc6f4f8f6e35f11fb9a22c5dfac9fe84072914d43b203d56e95fb29e36def0f8a8eb31174adfe7b25f54e3cd84f05de6994ba9a4f9f5da281db295cf7d6f47014e8dce6687e7788b32bf65108ae675a07298faa7dca9befcfad7d5ff48273f4ebb131d3d04c7090a59d4edc0f27087f0b99a49e7e7de301ba0f24b6beb62fe6b783c7e4f7291a0a1349c1815f62d81d675cea255fb3324f04f56b63f158add573a95b11b4670c2dd64203b8233a246d6f114cf57f32d94320a2f9a64eb320557bba33f6c7389aecf8600dea354ce463f44c785d08b47f871de64d1690efb46395719ca7694811d24536526aa6add782b66ea812d01602b46e32d9899c89b08aec222594233ab9c9049d5066ae2e11ef7dcdfc1b86fe1437383bc9982a4722cd5db4f5acf634766409fb113095de40d6adb3ad9d9df35f0f87bac66bbed4bf75d0a3b7e0386751d1530a98be84abd438aa05c5b3ac2c0e22660bae3d5129c100377d0dc754b4136e3bba533542a0e0b70cdd77e9fca409595a48cd37ca0f28a0fd9e3e985afbb85cbd7b0d5ac29c3ecac43d4eab07b6c4b7a1d8ea6b53eb787d1d8ae97476d3d2b4d39edf99f5fbe4c0ce76f401d1c7e6331a857adc8cfebd811d0f2573f7563b7c860275b0acd9f89ae0f8bbcb12f6abb0c35cfc90c3a96f5eff0240a4b32dddce77e5952670e3551735866e590c63131cc50dcd9e44a0595cd0210f635494b55ade43b9a5c31bfd4c847adba6cf4108dc910604d48acf340f63c0aefc4ff60245da7356c94b13fd25fe9becce4fe08a2f268960a33372f2ed4b9e7faef8ca144ebcdd878034133c90bbbb84bf20ed426a0c8a4a8e0d9c64710faefebc96fb3e09bc88d18dd9e1120172d8ca51896889720436d4469321b06b35cffefc87eb1f3f4ea875a576dfed8245a8288e27a89e3a27d6c7f531c71c53b39113a7197f3f87e39839f319cb358f96ad25674f12c3a25250eec42c79e0c071f05ac45e42588bc0695189f3956db91ab19da3e1ea57f57baab93466ccc0a02eb8eda2e42cf0befa84de5c039bb6c6abd9379067e56ce2b3d349867f1eb8c8c080a812b00890f96ec8c5f0c8691dc86e1d168e963de7d60dd7ea0858e36168f6b871a2ef6a2df13caef04a116f23285bdc1db7a0cf7d202c2789f7b8ff8792979b33461651c2df6578f417511b05b94be3b14fb4fb7e828196672409e4ae28c2e14fa7e9eaa656f76ce0e8ac2f7be23f0bba85babb32763586210bc50cbe6fc67875b085ffcc937d15777a14e4085e2ed36d9cffe6eaa6fa1504347a2655be260d9850f58989f134b0955ca105ffb6697954bfd317a1959381d58b1cdacb7d0ca4648a1b5270ff6cb59631750d20fdadf9ea4768679bb2d49d911b891c466b475949e89f9a47057078f58bd0a59784ed6d63f559b8e4a287e4f032378c18d451955dae744a9a4071936d4f8253ef873fb49279eaa63bab8ed9a542ef85ea2ac783911dd4c1aa6dd8738886e2518e4261b27384a98b1af14e393fb3e370be223a9c80d0d58e8de505c14dfaeb0e16bd28f5e43fb9397e87dd330738b7aa67d5da4b5715e47a564cc63b3c2a3007212293ae981ee8e2b7375d0c317bb7e02eefa2edf80a7bccf11ce99c4f6c1fc222ad0ba346c5a1102ee31cedc8aafd17c153fc9e8256570435a78481954857b6c71179babcb93e47e3967b8f4e92f915770f555835fbbb01215e2e650faf6c3eec4e45c6f5fde294d4853630fc3963257856cdace662228796da5b4a3307fb76ae8c036fd771913dc46eec387e2742fd094b2601048d749940d84ab1d809fd7d0baf7186fc9cb137fcfca1605789b9632451779a88f0cc43320c14d05398e85d3ef4ec652773083cb7261891b7ff53a301ad0b5f5557b1aa3a15862c95334f9a476a0b623cf8c6326141c85f47bd09a3c6d74dd118a4484a32ed509323df91c572d5f2e0c9ed43cc405414a043951d917027db0541777916e3f3d64d4642daeb088acbc095a8c9e8ed1d346393f86b9764ba383ee96d2763ef845c00f519c5f2c10d47adde4751d596b74dfba5af2cf5df89f2c952a693e49edaf35c67eac274f7b60b1fdde0a6fd8756d45f60d4bc1aaeb2b6cb878bedbf28519abdbb112d6b83973a2b39d6591d3e90ef6f8ead3e4124c4899bc0dcfb2b2f092f81951f3d42b362c48ac0e7a5162ed46a104cf4e4b8ea1843e60117ff323759a247a1cc96ea60d25b51d1f15857f60699a5fbecb52eb8865e365dc71d4f42279f0e1d9894fb27ef1a7f54bf10964cc20a766edccf586e990f5900a1336082e2d5259eda10f92b068be04af34a73f5b1c6f5e613557bf03a69840eaeaeee3a18d7ad3725e69be3e1da5e99faf29408322d160129c3990d43175c916b2747cdf2de725e7ef672548db02c7e929695fbbcb76349bcc42dd89b489ec3b2b1a8225cf28a15d5a65e2873289ad84b994b2bfbe734d82fcaf154aa93f31a49bda80a60e323bb80a6dec7aa660d91289c1c92453f5358a828eebf7025bc7190da8ec4c31284a7d653f5529e7f46550f14eeb19a886e248e24b44208bafa868be8c6645d4979bfa933c0f73fdf49d3f3acc3b76d9aae7104e20f412e7f31c40488ff325150ccade75353aacbf635b7ff04e1be3e601d356085ae365df02efcc948517e8783d2805c49cb07e0100bf5c1e9205d24532cbf583d455a929114d107367c800a822a9ede609470ecaf910706db660442ba8f9c9ac8f848ef413fb65b953cb99e6eb25940c40b0318a5544567ad98999642263f6822cd49925ec8d0b6ecc9834c5feb32db823703cb8c127c078ef1fc470d361f3367267603787a0251627d3f02392d87a30ad37c206b39abd4229ab54ec4872c27280b890fe95f6ab89c7b90ee56346d1e9ae9fbf72df403c366613602bec823d4dc238f5557d1ece8e3a3c9b4f6f058e7032c6a4d2898eb3d79601d48acaa5e6bc3e283be0b66c5c1a2d515422b45bf9e7065a67b59b9081d11b78021b0df69dc2888283467c702b32a23faddb0052c72a33900fae8b10691df7725d897c0d7751533d35bc61113f4f4108a0f7bf4f94632ae17a5e47306296f3c8329a08e1743fd292adf130d5824561d9da350d8283185f0e7535e95eec6f1d1feb414cd8f18a932941261b60588c8207b6ebbe0f050514dc3d572a9cc2b3ad27b4a3245fe985772716d5f8ab12ae5c91ac3e4446c05df4b085062126504f57aaf6c183a574b4c1826937d0c94d32bf09d93c122f612997c99492c67f1f15e883858419fe1214c63854495e1b6b57b98ce388cc49dca22f496a7e0302d76341f9fa0e9cf2023d857c70e4032d298d583d1007c683af54a8b9ce9bb9c9f61de452a54a573ede88d2fe5dc37db49e29bd67aa2a668a5cdc17b26a77abcc62791ebce734bd4935126f541cbf56f3cef5843c46f42577a0b360c63b295aa14c0b8ab8e14adecf9eb5583dc96d7b8779f18918", 0x1000}, {&(0x7f0000001740)="64e756aa7a7f51104cafc5d06045c0db09648addfcc5ed7725b5f2728606972969519d8e3a112b41e6787eeb91554de9b7b493da5abd064fa43b102a7cadd0d64d1146f2cd85f10fe56919c80fa0bd55380ef34fe183a4980186dfa31af091e2e718b1b564f20dbe7b264426bb586dfba009b28efe30ef801fd1edecad1d49833847b6368403f015701e935b777dfdb6eac0804f0a9081f21f2919fe36311d8de71722af744882237ec1705339ad29587988f52f0d39b763916452bed7f237089029288c2792713d03baeb043d1e9397aca3d71e140c08e895795b9cb5b90c57394bb967d91326a54e09cb65f759c711990c33dedc9ca7f296b7bc7a5ddeda95a5d8b7a510bff264fdfc58956a8b33ea3502a9df2dfdc5cd8177e1680f0e20c02ed08ebe6e0c7379878ed2e9e5e48f1437e0a3f0cc6fce8d5325c7c0f3314c0c394c18bebcd41c4d8007d103f2ae47d8b7c25119857a7722e567af7ba1ead6cad7bb27525e56b98df6eef6fdc30631ddbbd8a244dfa519281ed4b2c72e72442c0ba60ec66b3b88191ce2859a1362c16ee321cc2e5d9bd8e9c182cdefec24bc41fdaa1d75ff8f96a3186f7870a92cf2a1325bcbe331dd7f52edcbf3305c12e93c88dbb28cf9a1cb7de2b07a3b415c775107a33eeec47bdbcf586e11a49120a65fe1894607687f8b0beb6cdc9c96b0c8a8493b893fe44af72ad3779724a208608d944960dc97aa3760bb8cd4a0cc032932d4836089a36d826f189b2516fd15b69a7491dec1919775709ae3f1ff25f742de0963e2fd128bccca6d568457262bd8b58bd89403b70899282ea0315179d47b2bdcd70170fb854297d4f9f85b1bcfecacc00e6ccb98d68bc4d1ab380fc061c5df2e629923184bcede43e9607c035a309b2f5867dd560ae7ffa09cbf441d7b5cfbe09e806984718a2d542c0c0148e4380e802a149ab44fabbe53da4add90aa79f44ff0fafef8a428982af81292603a0fdabae31130d53e9cfb7932f2af89ca0e89453a6ab1bde821eb4fcf9d27588bdfb098bed9c3f2b5904ceeebc988228ed7901f61d85097ea71aa34046b13cdb43dafc06cebfe87666d76eb44cbd0d1cc61da1689796d154f0dc8c50e4bab93030cb95cfc10881c14aa852904a0633490ac633d4cb0f3ce9a800aeaf680a7b9314f7c2ac3cbbc1139301ad338bc7cb0ed3d72c1beb771a05efa30dfeb1a8e30536a2104937c122feee93f942d8e63e74fba22ae6aee99c85da40c3cb313481de022f4b0bd2007308bc4566c16d24560936f677cd249334d24973a25685db27569889547f85c3c3ea0be0a342630feb090bdf0d0d14399142b7190260255ecc7677451b076425855b1321e8620f5d5999118cab25c28f0d5ee67bacf2bf92022cef719305401d5ed45013ecdd56ab0891afac3d165ec375fca9f52cebcdbb6acded0d43b3dd6d8e02e8d8919ad741540c0556f0b8b4f1ddc07b95b42df7428e2ba09eab6c916720fe1cdf0793f498d080b55135d9bebd503f8e402f43ba93284dbef8ded845319735aa56b77c792165781da98b8b302af06096304916a5d5f84107bd2bc229a4f1bd7bfb5bcb48ce69259863ea5651d207fb25d02dbba438b789de92fb48d2b80313ece3fef2db3394060bf2c5792bb3392fc5531adf16df8713949fa3f11d6013be64dc6db56bad687f195646d496958c1803893042c814bce9c3c7dff3d9cdb709fef433c5f11154e8c46a3b4499a5ba4248f7508e79cf930c92d4822193a7efbbdee08578e6f169c7ecad7b8b0be85467872566bdad7b295c2287aede6ffa0860a88f22c19996c6026d320c4363bcf7c08c6b8822c3fd5504f9a0f531cbb255c7802328d348ffef2f0444e25207ad35a30cc1dbf1667a218e8bbedd1375fdd8b9444d3eebec3ccc05b6b0fefc5d4ea03e404da6fe3da60ca95319a04a3b28a16747f4f485d3b2e2ce5eb915c3590b09e29a085c407601fea9e13e33bb5ed3934293887077c1d771b2500277b6481fa1ab148b9356fd56c6a8fdce9ef234fcc6cc316296a696d1de6afac0ab8f682766035162db1f5e5eb2af11399f8e95b9946abc0ccc0928f699a88bfebe7eed6653915ac2cf650a72ff67180f761d551cae6687afc8bda2cfd8d9f30a91a6c4d87a292f81371b441e580241412d015edfc260583a67d9bd8874252b3f84b307f14ccf79baff4810560d3d5788397078e9181af274dd87702d86768194d6c7c0d9114c433d25e8755b1cce90974a226f567185c6f9af329c7f1bd12ab8d53be6ebea82ae6128fca7570aa9130a74cc69eb518916e1e88e4f81b2120053c2654c18e91d0cfc12fbd851de935cfa15b72a89f916c1919c50e95682b3fb1717f268bf131192c2cc3b0aea1520bb3edabce7ef554c01cc080c7862dee4427949cf2d255d5d0c7a894c7c9f12e6181682d53459d4e1febd3e13ddc7745b130b8ff1509db4ba4ae9b87031e080684b77379136e08a307549b5aaa89e890b59dd8891c08e4c73c9a28eef9d39e36d69a70baf16d886df059d36a2b8bc8d71589815b396daf7d5f9887d3ffe6a6247fcfb335e80cf0b4bc3ad70e069754ed19792dcd316232b510242f34757133a294b03c67a6fa094e03cd8a61cd9df13097c1c12561ac3cdf8bb3da74cadc5db4e58d9973525ff5c8311c132b2936d5977eb1f5dd88951bbedf49f14bc7b9486abc305959e2791d0794025df5bebb780d2e83f5c2d54503d05e8ad8302cb1ad51e62d83a9de04168575ec1aeb877c6ffdbe1ba3b380b982da599b8ca35b2851c220df2c384e7ce9c955201006cff5f5d71af3dd9ebd04e4c6eea4afdb425dc71659946c6eec4f3e04832cb518a47b3a2e07ab33d8fb0d88b9ecc0890b2f17f3776c9e8dfbd9e975a8de6604925b16ba4de3e153673c67cdbe841d0bc95016b5baeaaf816bb7d2b45a3e2c581a6368812fe46ab7a10c4e450560e83127b6358ec56e11da021efc499b300db00a6173fed3d33dcba8b42d9d9c46173e3fa2b31d1645a992d7125dd241623230754d521eaf67ded9c9f3662bed63e01095318a09ab0f0148fd6c1916cae62c22684da020b084099cd567748ee23a6661e44b70886217a3261bb73d5e5f3ff97d02f81e6ec0fc738042179cac406c887ce460f727002e6568695235d213497723709b764a71c85d0580fadd0db999164fcd8bedde2aa7bb4e50465d9551e00869be70ab8807c7ca1392f9de805830b0ef66c646ce45e1f5570156f06248d6ac4151925c05389f013b7fce2ebf467087fbcb5b4d451bcf4b0ea6addab6edaa57fe48a5c75c66eba3ae9675921e5808dab35b386b6f05e757e4ca0f14f24d5afc42dbb09ec54363479bf70b03c4863558fba9de00aad46d43f8bc163d9b8df51a8169ca6b8a339fc605cc44c2db31d9ea052f5cf4769d7f1b14c1d6e41ae7283bee162c867823253dce7a609fce27ef156098d98143b561c17143d070c291afc5c82f813ca12024d9c887c7f41de912196d47df55d2534d95e7d3a10d65dd5c7fb4a61a368fa5b22343f0ff6df4b15d3ac2eb29e3e106a121b7e8fa18e4a1bcf70c0e8904fb0dae9c7e2495492df4dbb939966f1efc6f354b73f1961064f6454b9b76e335448d6184a9d7bad8cabbe362509c79e31f2618cb3a8afbb7f71466808dcbc150255f0eadeaccab91a1a4925a3241a66dddb5fb57129be5b497a285bef258d7739a76b11a30e0d897cedf0ee30772f2a41532e2f04374e080aba2ed39ea57c0984d8db5c0aa3424e3fc1fab00e3d180802675e22031bc9ef91c195e31046997dd245a0836bc21101ce97ad05962a44cba4ce634ff3fed76aa3afe359f20c20bd85516f32c6a26706e0c09a8ed046ae29f52e6c9b6b0dbe59a35801c438fbb9afd053a32275fda39ccfac8bd6d14e53024e19fa7fa20af0a1638dade80a3108c4a9466103ef61e5c88fa1e081ddb577e126712b0d4b83661f4a96ced58bb31b4dddef8e3b58e8b8e4350d07fc230fc6e0a3672f3c9eefb0d8dec143207d2eb12c454e7831d4c35670870912bb64e19b8a07bcc1b5cfd312941e281acfc18a3ec2f74a5800eea0b79660cc8527524b89fa5b87b6c081c87d13ae0a48b4f349acff8ddb4341d6f11a29fc71c29e80545a505b31dd9c467580fdad1a677aa498899dce6111990b7a74fbd5225f3118d3dd506e30bb2ed01cb35026943771335134312feaf2ecff64af13a3070573149fec2b5acc259ebe980630cfc02242a57cfd66dd2f1adce82f59dc1cc0e6a2272ebaf119b845546e936be54b42203ac83416ca84707dc7674804ed93e27f03f187d92cf00f6278181c78f1f1aa9e4d04c5d941f328bec785c802a7fddbc865ba09b8787312c8ecb882f98f320ac5033684b32fdb0e89636baee69013f4a4ef5f2fccff4caf6083a06464d4baa2d8838c4d71db3ad29699980927a5735be3ae59287c1e89fa9f1f300811bdd5d5213eeeb08eee3331a0015dfd7609cf6c406dcecae7dee1ef5806fa86ac99ab32e9cb7b3c696ca65c2cac39012e9b07e6301aaebeff67792e2682b2c9c5be75fd7e4e66965b06f7d9425e2cdd96304e277277f8527b75845e1a07143d7cb9ddd1ea941880a971042628304200d64602ba70207fbd84ffce3b412df8b21eebadb2a406f8b0ac8d36ca3bb1267f952a8cf847b6651d0fcb88f7b061b64eb2a89d873c710012455e7e5f32291a8f2359c29c397e93b2ffde706fb419d54421a5ffffaff15163a988cc16353eea6c2fc92bcde196519986f149d57e3b7e5c504a1db1dcaf1067e47645ada34ff5962cf476ab24a648f43ea84c65dfd22cfe28624c42216f6174765a0e1825f7f7f8fc46caedc1443eb5a13255626e4ee11ec644cb028cbd9c8fe72d1d6a213cca40f733a2bdfe4ead06c661297801ec8f4ba53cc312b5f194dd81f6a1d12f05237a50368afb24c099e080b69eae99c42699e1444a86dc75c195420950d7aff0f83e57692b90707af872d104b2d1c26eb5c2fe73507a2514c9095b5360dfc45c986dbde40e0ce3bceac6011acdf1e91bcdd9dfcbbec4697b07994e2fb68bd4afd6655265bf92fa5110fc3d902a93fde0b120bfe319e4dedefb8119dcfd9b3cac492f103e66e6a1c7200c64b341117a93c246517b0b4c08b9da78541b61b79cd5838349e43c8cb5ce36e984d475a815cb6c6e881eaf14e8297c224631d0fb2d65aa2fa6164e14a7eb7919ece96cc704de8af1882e519fe0f7c8f1d58c30eed5c9fdd7aeea397fe1ebdd697f33dc8dfdd1913f15b1e67b417a9c2ed1f143b00199f5a6f12898a6c10f1a10fc0be140f06f1d3538261bac2a138118dec3e83ebff7c19c93a0a08af4ab30a96433f8a8ee9a77a4d802ac056beba751ef8750df8dfb7fe46e06698084c3d3b860d471876287166e1c23e18c4b5a5335ccf8f4005015f9641a1de3313c51dd831ed28dc082f8ed431f2047aa3712d1ba6d41c642d43fe19766c2ad9a154e8c7080e8084eb9255e581acde11aed9a77dc99ab8d8cd291136770de7353026dd6ea33ed0322295314463bd77b78fdc5d08c37f323a7c1304a8fc85abad8938bec7bf0b691951502a9cbc59615fe06094f22a2b90f9205ff4ababaa3ec433642815fe32f51bf2a44264e11bc9c062f0243b1dfc4d17fcdf367ce339c5d0b218a7ecad72e5713923e981e194d6aca162283906afa241748e858198bf303dce068c9224b3436468da10697d16eb33d48912b27d681ae19d5b8db6ee87ac09a5408e26dc308ff52cc0d472", 0x1000}, {&(0x7f0000000680)="1191f7229a155af12a5909c960166a4a71f064", 0x13}], 0x7, &(0x7f00000027c0)={0x1010, 0x116, 0x100000001, "864a4cfa6fdf72f9c6fba2dc18b3734ac3ac0b8152f85b2bf101388b18a02e00ab73cd2aede47e7c3e1c7dcab51830c4c28cad4d7d85078f7579d6698a07af3332fa2dcde1a071509fa68e7c1ffb876bbfb7a65ca0eb21e1c5297118882510a72e23f89a78f0d0648fe41ce315e31c9fa3c8cb7b53605b3e5e3ca7a35d8459c25c5ffe4fd00bad56b54d6fe94adc770325e3951d455ebc896556cf74b2a51ffdcd2b145349dbcb4fca82984793c5e3e34675212a58f3c7079d7c138f5c3e9d037dd82f4d4b95a9ebe7c130c007b78a5721ade951915fa9a5bb30f9bfb76f7f110cef60214e037c46f16b900fcb1b4385db9e7da2e9c3a9d61905395ffb9db399cb0434919cdee19b7c4aa5785a603538b48efa96ae7a75b63851898b839300f4758402ca3cc81753a0fffa184216e60e67447c1a68296b8bc45792a63b1bfaf302da5062f2b0e2d71eb67ed8c820495011660df3ebbad25f797bafbe0af42c7a6f395a1789bb92f5fe2a56b517a19b7cd107c54c833ff9dee513d0af39fb64c87eb477a422d12af5f6360ad0b594fb66a99290252c3eaeeb27e770041a8f40357adc73717a4d223cbc9fd3e2785ba2a4a97bb44c12109ad7b8e3d3e8722f823d44a55681bf4a1df297969d728308e94842410b93766094dce103b3d4026c98a521e110d976cd7da5f2d22dd8f53352b9d7dda179c83ab0ef2c62a4b3f84dfdd75b873fe0cb22ca58785a7ac8e57c3573ca09d33b1d2f0395dee0b27f88c3de4b24e76383a960f8ddd01aefe5193a8288a07f29435963a547e2952bbaecb569f920f93c9eb47d845cb51e605c0652864464f23e1eb6a1eea9919694c543c6cbcf9b5e617dd25db3995a1b58c8727e3ff0267bbaad10e5e784f737b56f5545a247f09f32b23101bc38fb63dd85c86abf26542b01f42a2a60a06ecc9f94d764c72e61d75f71c69e8f4d92b6648fffa2faffec2138145d9c2fe8652db85b078802d0c8a1152c3de27529bbd5c7e9cb8ecf26060f21a9e11a897c2f3e3afaf6dccb46a84191dc9e24b7492a50ecfeb1796fbe89b6fe55383357e2fcc247e07e153120e4ec31eb5493897b71c4aa3878dc31434d7cb198d3922a67d58ce9d7068380b24cf9561fd0c71beb560ea1b936121bfff90d39f5e35206b30ecad9a654994c8e7800a07847d5a996b372a4f7d5303a44979d9c25625e539d62ef7d5cf9b9ec51499884dbfd983d6bf3360eee2678ff805e96f50ff84814ebeae4a6db5b7372b4742945f67527388783f150f8863c53098b6cb99adc9c8d808f8e0919a1c25dc201a48ef4a40c017e56eca568b420b5d8946ecb4a2b98fe08c941746f832b1c69384738c2d0ef922e12bce3d0fda205d4d88dee996c36c05b3c8c8500e430564eda7db3447b0c0f7fb2390fef8ff24375d83867bd1b4d10de309a54078df1afea9afc2779a35a6f1382cfa4bf3b21b9da9c993943fcee6a425f44ad1c68fb1a75e9a3fd71e3f184c2fe72ff6cdff0cbc2f4588ccc8065a4fcee0ae3a326cfb83ce109e7afc261f8f9863ba3cfdaa652236c1a7a68b2f8c4d5f958269d45d30896cbd77e67482cb7ccf7dcb863d82e2db65a1dd3a20b002d1b4ba5b697b204c42367c11a9e70f026e505d9c9c016defc13339e6c9e5a1a6f1a1dafac3daeef367303c70a6e1860f9439ef0ea106c2707c1b53fc3459693b59315eab2e82f80ef5037f6ec9ea8df315924210ae6edc21b43e5f3f449a7b7738a66c82c39159fe9f5730b40209b286fbbbe1a114d6aa457aa79dc71dd6edbac7e4c52cde7535620a44d37aa2d5cab9ba294952a53a987f09b0bd3108416d342d5413b2bab483ef2827cb1c6762571182618262e78aa372120840b4ddf8c6c6db301396df548aa36740385342bf037aece4cda08941d958d42f3e05f20e31a43f5bbcd1b22e40cc737109d05cefc3c73369aa3909f7a761755137d7052f973948c58e1b3bfe658e179afb03ca46a26eb842aec5fecaacd03be31a1b6fdf176a434afdf801e59626c7414d316b37403b1228dc2a6826ee834ce119fed6ccc6bfe5b321c4ce3ca5879505a391bc0ddd3fea9c924d9d8612e004ee72c06e4e6bcca1c3ecafd665a6077906d2aea6971df3ef77bb6c0b27569a975622ca61cbc28a9fe49c833b310c766584f08d116ea7059026bf1bb8207082fb5121882d6c55bb364e40904ae7fc6f129e24395e174a9015591240b284e4e12ca0f6a4b32ade6cc55b29d2613a90085fc9e384fc8ec9ceb20ed1029fce88b1f0fad6a4350780016df68a0e29685cc80273f1b59037a522dc6c45f8d56439ee663d049e001bd667fd27b47c0f89a94eb00f911ef53437e3593fe574d92afb21bd5d13c7dbc0a0e22da8e0d9085bb620ae4c81851795fe96f2b6f53ae5ac5ac86d98e8e3bc9ac39d9aa7ab45feb55767f00a68f0736998337f637eb802512f70fd36d2edc27c10aef4a4e7fbb8bdc2551670f01ca77d50da1d0f5078b13445674aa2fd9c94484e0fa5ca627f36ea2acddad3c6c9abe7db66b48ef34d8a0da17891b98124d67a9a0036fed1dd9ea02f75966acffb72bb5f7b4d786eef0f2719a0ad71cd68d3d98e733681dbe5d21c8384385d64f8ae65b1ca28b6fc4ea91b700abffd90f16bda3981a3773baf77c5208306d465898a0fb13a3aa7593f48b1d76688bfb50a070d6bd276e01f00bd6943620621596c00673d68d97f8a9c06a30bcb5700c46f07bc0b13137cc6b4d963de6271e5b06686df3b9dd6fb597a2ae1b49a4fec427393493a3df2bf98b7593678ce49676945d37061f6f734e0a53d9616ccc927d16e100aa2d0f90d7eaaa667ef370bf84aad3464dac8f1937ae6c6559e0e48309c5ffbbed794151af7625e576b1ca887e468d3e483603881e4daa6157d67aee4c2ad967297b119e653c17a2f85468e355b3d32a3ba849cd93c6f53a1802454193b2e39ee78013f2a284544a53e82b77020640fe1dd7dfae1ede70d28a72ada5b27c6c470f051bec53a377fa581e58fa07aa26012dfd9b85282e3dff8581be4385c92e5efbaf7887b4794173520f9f4acf90311419d813b9920d195924a70030cd61c96dec402b40351fbc696bb5b853a85b0edd17acd21f48f56835225df5d4899e56e06e0a99460f972d287b9b71e4191e2bb386c069a48a86e2b9314df0b4df57961b9e85f2eaba0e03ee6e4d6dc6a36d6a257ee0c10ee8257d5a1999c942fb0166dd5570871d26c83428c864c4ac9c5a3f5ea55da5b1a45ed1ea91fc8a5916ba10397721e07d3d7d38ffd8d7d6207e536072ea61714889e561299a0727d61131db94352af3984d4f52d2606a6a55425d29b9ab895009fa2e9898a0c7935b51cb4ac5df183385d6124d137f671fea124d3ae9fd7b4d0a202c435212e239f00d5512d0a2316c88a302183ff7dfe86a423cf4e455af87ff76a56bb20d5ce6bb215ccec9fc4c403077ef2ee192682dd6805848248a8ecb9b0420b1746916b59263bf18b27531e345da3f72ba3e52ca3c2c223f51f411b40ed903234b9ee4276c34b98f0171ae2e6b94955d77ef52b0064ba05d0af12c1deb947a7833aa23bd790c94e82ad7b0178d7a35bcba4140b82548636f5a9632e03cb4c87750716d6289d4d58ed20184899e3d1af13877759301ee74f21659e7942e8890579a6ba569543660540aa0faf24932344be01d0ac6ac80e4782841c4432a46b9b4acb244ed731a42191733eddb007f20130e496b4f11a1df0a93fbe2a151d28074a5e9f9566c15ebb464640e1ab24638cf3ca67ac58fa4e0804e79ebfe004f983d31413c207b1d26dadc6469a22984cbf0be9b39d3e9c2615beba0dbfb5f0ee8c2b953400edf52ec9f5729a57a1f3f7c1a0a92c111bd3d8ac146af10b70c74173ff83cfd9550055b803a006d9869871a77755a3e2ff6fd65cea8da8468c178adef811ef0827e67140d4a4a1d6c520a50e3e4e9637766d41b71ffd6aacf5f83e26bdf17361542c39f44dd642f78f0d3e1f0f2ece2517ca8ff8814936b2913251fd42286682a7358848f909c4bd24e3d8b7fc6e7d86b0dc1a086d3ea6108da6eb08e6479e74dc2aee7c2cd99c8e26af27be27d1077f189cd5aa0bf75d89e7f5e500ba50bd4c566ccb11981b4db5fdecf0b804d7cc019d4bf755e9ec6d657a497a8616944ce50d7c07f74b5786c844b4fa26a9d9bab9163d947df8665b5729c581c6490852e9424b40d273a04d461d2725cfc4120732a202d8dd59dd277af9b4b83cf2deccbb21f124f5a63781c995a0e8c5636d82468d88cfa40d6ea876c0f0ef3cd85d141f95053cb2ecbf51bb5e0b1a78f81e94cc702d6af3998d816b97172bcc44dfb9ff5db26edcde731baefaa9ff69caa31e273416403f038ef193d51f4f72c8fd6134f85363701fac3c2d6bda98296c474366e7613b68f81bcb93666c9b6bf29e9a55178a1aacb5e8302ef82102a6acfa5320c95261d4158007905963369cb53ea7300c55e5b2ca243fe76db9a4f88821b9ed5b3dabec87269480ae86f27a6ebf2e61450351480fe98b81f8ad8e3887f740a7ad0bb39a8b57abc96cb05034e1de2891eaca5f25e137340b5f2bd6b2baefcd5403604bea0221ca5253453e601e63b76df400ce1f13aaced29f6d31bc075a7b15a56ff939ed34f761ce9f34cbd9773f9a085fe67d6a53f8db1f1dafeb168bea52abcb2aeb7cfa6f17bc4c97460e3c1f72b1aee7607633d5335f9ed8dc6570e0c5c3365e7347df7e9c664c1deefd9a7c732799de53ef1a68783c56c6b6c87cd06094cea04e0db7e2b834f6b9903b5b4f7b5d58b2000d99f290c41b7ac9aa88d610b269312aaa108536173657c098206ba75d0346afba688796ad978245cb7363bf0a9c5e770c00e6c129bfb6e720fea45112e386a4f64be3b974873eeed8ec45ef3d6f1bbe76b60a1938d3a67470266c1cd28b77e07427e5d278946e7815f94d312ec0646b1d4eb12c01443c8113682c23b0de81d4054fe7c84f53fd3347ea6554b9fb66a80b7100391c19e35840444f7881bd67448163fd3c26b8c5ee95943045c79cddeee3b5ab22a090d3e8f379753cadfc9d9e8bba308c3ed20c5b68156ec1859a7c413d9daedee817cbcbab222c12c6f82c04aac999143d5f01715c7fe109fbf73debb2879139692b839f03ec9c7565c1719cfd5f7330b35f7fb1bed017bf98b85c4b9d9ef599a7efd7bf99547833d321360f9db5bf8fd016902273b6479fcd9d325a3eac0c5cb5ed0a5b433ca85c126e0c6e13482e52abb1d9132e74559bc24e4c7ec0c1ef4a160fe3218d73316d79481bc196b6d5024a4b8a437ed347357f346f9d607bc83f45af3113b6bd39599714733e9f5d262ed5a64cc4b2cd5577515cbb190aa9d0964f31ce5bf2664bba681b3366919702f8d69a426b4f90ebfc844547e2ac3d3d69fc76fdb7bcbe262b1026b2bf1617c10a4e77539ec8c0cd88ace9e6afc0461c93c17d422abf1f8362d243a99ffbfc704e4c19c3c3262647d172b0220939a23b57b3621aeaf88c09e959e264983fab62b04719069a2aee3f483090bcfe876c672f7d5a958dedde42d96e8018c28f62c2552880cc3d308a2a4b6a21948def1c4225cbfe058dbcf0396f29abe11174972438a37c93c2c8139d4d1ab2bc0a2605f063495552147e7defa2f4745e5a18b352a36580d99dba5383f3c6aa72b5e22bfcfc38921c2263da7a9438c5e429f5e80265c6c7f50c971a7c33e5e59b8f3f762e4fee9c9d6db3672e786ae801a154ee53551d7e109748385579297"}, 0x1010, 0x10}], 0x1, 0x1) [ 169.377583] dccp_xmit_packet: Payload too large (65423) for featneg. [ 169.425088] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 169.458101] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop6. [ 169.459113] binder: undelivered TRANSACTION_ERROR: 29189 2018/04/09 20:47:36 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x2, 0xc0c00) sendmsg$netlink(r1, &(0x7f0000000080)={&(0x7f0000000040)=@proc={0x10, 0x0, 0x25dfdbfb, 0x460000}, 0xc, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x8000}, 0x20044000) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:36 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(0xffffffffffffffff) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) [ 169.467453] dccp_xmit_packet: Payload too large (65423) for featneg. 2018/04/09 20:47:36 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:36 executing program 4: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vcs\x00', 0x8000, 0x0) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f00000003c0)) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="00000000180000fa0000000000000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="3f01000010000000"], 0x20) r3 = socket(0x10, 0x3, 0x0) write(r3, &(0x7f0000d6dfdc)="2400000052001f0014f9f40700090400020007fc10000100ffffffff0800000000000000", 0x24) write$rdma_cm(r1, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r2}}, 0x18) 2018/04/09 20:47:36 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000f00bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:36 executing program 6: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) [ 169.557774] binder: 15051:15054 got transaction with invalid offsets ptr [ 169.591629] dccp_xmit_packet: Payload too large (65423) for featneg. [ 169.605141] binder: 15051:15054 transaction failed 29201/-14, size 40-8 line 2991 [ 169.624483] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 169.641671] binder: BINDER_SET_CONTEXT_MGR already set [ 169.687868] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop6. [ 169.706074] binder: 15051:15069 ioctl 40046207 0 returned -16 [ 169.714312] binder_alloc: 15051: binder_alloc_buf, no vma [ 169.720096] binder: 15051:15054 transaction failed 29189/-3, size 40-8 line 2963 [ 169.771531] binder: undelivered TRANSACTION_ERROR: 29189 [ 169.777195] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:37 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) [ 170.352746] dccp_xmit_packet: Payload too large (65423) for featneg. 2018/04/09 20:47:37 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:37 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r0) connect$inet(0xffffffffffffffff, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:37 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff000002ddbc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:37 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {r1, 0x3b, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) 2018/04/09 20:47:37 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) write$rdma_cm(r0, &(0x7f0000000080)=@bind_ip={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e24, 0x3c, @mcast2={0xff, 0x2, [], 0x1}, 0x3fe000}, r1}}, 0x30) r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x5, 0x4605c546d508d638) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r2, 0xc0bc5351, &(0x7f0000000380)={0x401, 0x1, 'client0\x00', 0x0, "eea04b37d36de520", "08f28d1d17627c1585deade03512af20a13902aed34de2f38a8b7f8a60189a5f", 0x2, 0x2}) 2018/04/09 20:47:37 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getpeername$packet(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000000080)=0x14) r1 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x2000000000000002) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000002, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:37 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000240)={0xffffffffffffffff}) setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x30, &(0x7f0000000280)={0xffffffffffffff00, {{0x2, 0x4e24}}, 0x1, 0x6, [{{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}}, {{0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0xd}}}, {{0x2, 0x4e24, @broadcast=0xffffffff}}, {{0x2, 0x4e21, @broadcast=0xffffffff}}, {{0x2, 0x4e22, @multicast2=0xe0000002}}, {{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}]}, 0x390) r2 = dup3(r0, r0, 0x80000) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000140)={0x0}, &(0x7f0000000180)=0x8) setsockopt$netlink_NETLINK_PKTINFO(r2, 0x10e, 0x3, &(0x7f0000000640)=0x8, 0x4) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f00000001c0)={0x6, 0x200, 0x1, 0x1000, r3}, &(0x7f0000000200)=0x10) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r4 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r4, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r4, &(0x7f0000f8aff1), 0xff8f) getsockopt$inet_buf(r4, 0x0, 0x2d, &(0x7f0000000040)=""/117, &(0x7f00000000c0)=0x75) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng\x00', 0x80000, 0x0) ioctl$ASHMEM_PURGE_ALL_CACHES(r5, 0x770a, 0x0) sendto$inet(r4, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) r6 = accept4(r1, &(0x7f0000000680)=@ax25, &(0x7f0000000700)=0x80, 0x800) accept4$nfc_llcp(r6, &(0x7f0000000740), &(0x7f00000007c0)=0x60, 0x80800) 2018/04/09 20:47:37 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {r1, 0x3b, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) 2018/04/09 20:47:37 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) [ 170.455166] binder: binder_mmap: 15098 20ffb000-20ffe000 bad vm_flags failed -1 [ 170.492752] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:37 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff000000f0bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:37 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) r2 = syz_open_dev$sndmidi(&(0x7f00000003c0)='/dev/snd/midiC#D#\x00', 0x80000001, 0x4000) getsockopt$inet_sctp_SCTP_HMAC_IDENT(r2, 0x84, 0x16, &(0x7f0000000080)={0x5, [0x8000, 0xfffffffffffffffb, 0x7fff, 0x40, 0x401]}, &(0x7f00000000c0)=0xe) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) [ 170.511538] binder_alloc: 15098: binder_alloc_buf, no vma [ 170.517249] binder: 15098:15099 transaction failed 29189/-3, size 40-8 line 2963 2018/04/09 20:47:37 executing program 5: r0 = socket$inet6(0xa, 0x80000000000000c, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:37 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:37 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {r1, 0x3b, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) [ 170.593503] binder: binder_mmap: 15098 20ffb000-20ffe000 bad vm_flags failed -1 [ 170.626560] binder: BINDER_SET_CONTEXT_MGR already set 2018/04/09 20:47:37 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000ec0bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 170.646671] binder: 15098:15124 ioctl 40046207 0 returned -16 [ 170.649619] binder_alloc: 15098: binder_alloc_buf, no vma [ 170.658388] binder: 15098:15135 transaction failed 29189/-3, size 40-8 line 2963 [ 170.692490] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 170.746757] binder: undelivered TRANSACTION_ERROR: 29189 [ 170.752743] binder: undelivered TRANSACTION_ERROR: 29189 2018/04/09 20:47:38 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {0xffffffff, 0x3b, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) 2018/04/09 20:47:38 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(0xffffffffffffffff, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:38 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x10040, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000080)={0x8119, 0x0, 0x10001}) ioctl$DRM_IOCTL_SG_FREE(r2, 0x40106439, &(0x7f00000000c0)={0x9, r3}) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) uname(&(0x7f0000000380)=""/135) getsockopt$inet6_buf(r0, 0x29, 0x1c, &(0x7f0000000440)=""/196, &(0x7f0000000540)=0xc4) getsockname$unix(r2, &(0x7f0000000580)=@abs, &(0x7f0000000600)=0x6e) 2018/04/09 20:47:38 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e22}, 0x8) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:38 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0xfffffffffffffffe, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x3, 0x8000) ioctl$sock_inet_SIOCSIFNETMASK(r1, 0x891c, &(0x7f0000000040)={'yam0\x00', {0x2, 0x4e20, @broadcast=0xffffffff}}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:38 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:38 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(0xffffffffffffffff, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:38 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff0000000fbc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:38 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff000000ffbc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 171.308562] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 171.352516] binder_alloc: 15155: binder_alloc_buf, no vma [ 171.358171] binder: 15155:15175 transaction failed 29189/-3, size 40-8 line 2963 [ 171.424540] binder: BINDER_SET_CONTEXT_MGR already set [ 171.435735] binder: 15155:15183 ioctl 40046207 0 returned -16 [ 171.443117] binder_alloc: 15155: binder_alloc_buf, no vma [ 171.448786] binder: 15155:15175 transaction failed 29189/-3, size 40-8 line 2963 [ 171.464891] binder: undelivered TRANSACTION_ERROR: 29189 [ 171.470588] binder: undelivered TRANSACTION_ERROR: 29189 2018/04/09 20:47:39 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffff9c, 0x84, 0x18, &(0x7f0000000000)={0x0, 0x9}, &(0x7f0000000080)=0x8) r4 = syz_open_dev$adsp(&(0x7f0000000480)='/dev/adsp#\x00', 0x2, 0x400000) r5 = syz_genetlink_get_family_id$fou(&(0x7f0000000500)='fou\x00') r6 = socket$vsock_stream(0x28, 0x1, 0x0) shutdown(r6, 0xffffffffffffffff) sendmsg$FOU_CMD_ADD(r4, &(0x7f0000000600)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010828bd700afbdbdf2501000000a04f04000000000008000100000800000800030062000000080003002b0000000400050004000500080001004e220000ef8d2016d4d5c452a6a641f6a57710b5bc625aa8a878f2f407e435fe4e99b3d90f756230b8b73eb3654c0a4774a27281500fa7dd2b06aeb4ac"], 0x44}, 0x1, 0x0, 0x0, 0x4040000}, 0x20008000) getsockopt$IP6T_SO_GET_INFO(r2, 0x29, 0x40, &(0x7f0000000540)={'nat\x00'}, &(0x7f00000006c0)=0x54) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x6c, &(0x7f0000000380)={r3, 0xeb, "55bba2343a4651d16bf622c0d6acd42d07c8dd430c7728d973e1fa175af6fe182cff3e1afc857de07775427caffb74f0bc617a66ac13685eeacd993cb8ad715d0c8c40e4846f4df376f9bf874034f5ebb63757b5f7a710d2c7df188b98a993ccdd767cb08567170222aa3d4228c94b9fa3af834d693fb5bd68c91414dfc89b4c7b1122f53dc2e49c1bbe75515017f85b5d79dfa4e9e59f19e7d6c7933eb379c5e0dd68c93892458007d19f2d7119f8e4a38881d4a3c05c04d2e397c04fde2a74b73e4a615f8f30252c4c72decb39ca6f9155bdbae5d52eb45ba0840123bcc38ec5fd179255d2c7d62b1ea2"}, &(0x7f00000000c0)=0xf3) 2018/04/09 20:47:39 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {0xffffffff, 0x3b, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) 2018/04/09 20:47:39 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff0000dd02bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:39 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(0xffffffffffffffff, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:39 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000000)='/dev/snd/midiC#D#\x00', 0x1, 0x202000) ioctl$KVM_GET_SUPPORTED_CPUID(r1, 0xc008ae05, &(0x7f0000000040)=""/129) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:39 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(0xffffffffffffffff, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:39 executing program 5: r0 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0xfffffffffffffe00, 0x100) ioctl$int_out(r0, 0x5462, &(0x7f0000000080)) r1 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r1, 0x5eb857) r2 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r2, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r2, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r2, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:39 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) [ 172.147712] binder: 15188:15195 got transaction with invalid offsets ptr [ 172.184366] binder: 15188:15195 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:39 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {0xffffffff, 0x3b, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) 2018/04/09 20:47:39 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000200bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:39 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) [ 172.195750] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:39 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(0xffffffffffffffff, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:39 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="00000000180200c02494cc9bf7490a00", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="3f01000000000000"], 0x20) r2 = accept$inet(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, @rand_addr}, &(0x7f0000000080)=0x10) r3 = syz_open_dev$admmidi(&(0x7f0000000380)='/dev/admmidi#\x00', 0x9, 0x201) setsockopt$sock_void(r3, 0x1, 0x80000001b, 0x0, 0x0) ioctl$sock_ipx_SIOCAIPXITFCRT(r3, 0x89e0, &(0x7f00000003c0)=0x3) ioctl$sock_inet_SIOCGIFADDR(r2, 0x8915, &(0x7f00000000c0)={'syz_tun\x00', {0x2, 0x4e21, @rand_addr=0x100}}) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000400)) 2018/04/09 20:47:39 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f0000000040), &(0x7f0000000080)=0x4) [ 172.239451] binder: BINDER_SET_CONTEXT_MGR already set [ 172.268632] binder_alloc: 15188: binder_alloc_buf, no vma [ 172.274300] binder: 15188:15195 transaction failed 29189/-3, size 40-8 line 2963 2018/04/09 20:47:39 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff0000c00ebc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:39 executing program 6: write$rdma_cm(0xffffffffffffffff, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(0xffffffffffffffff, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {r0, 0x3b, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) [ 172.297266] binder: 15188:15213 ioctl 40046207 0 returned -16 2018/04/09 20:47:39 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000f00bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 172.379320] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:39 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000300)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x20) r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x80, 0x0) setsockopt$netlink_NETLINK_RX_RING(r2, 0x10e, 0x6, &(0x7f0000000080)={0x1000, 0x8d5, 0xff, 0x2}, 0x10) write$rdma_cm(r0, &(0x7f00000004c0)=ANY=[@ANYBLOB="57c94348ed466adaa2a27e6c0760", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00'], 0x18) getsockopt$inet_sctp_SCTP_STATUS(r2, 0x84, 0xe, &(0x7f0000000380)={0x0, 0x1, 0xffffffffffff1a2b, 0xffff, 0xe1ec, 0x401, 0x4, 0xdea, {0x0, @in={{0x2, 0x0, @multicast1=0xe0000001}}, 0x7, 0x0, 0x3, 0x8, 0x1}}, &(0x7f0000000040)=0xb0) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r2, 0x84, 0x73, &(0x7f0000000440)={r3, 0x5, 0x0, 0x7, 0x7}, &(0x7f0000000480)=0x18) mlock2(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1) 2018/04/09 20:47:39 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x10, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=r0], 0x13, 0x0, &(0x7f0000000080)="bd9f44686d465cdfbee591e6393cc84403dd2832491303e67eff03000000000000f0ec"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:39 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x601}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:39 executing program 6: write$rdma_cm(0xffffffffffffffff, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(0xffffffffffffffff, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {r0, 0x3b, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) [ 172.430802] binder: undelivered TRANSACTION_ERROR: 29189 [ 172.436902] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:39 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2), 0x0) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:39 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff0000f000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 172.500842] binder: 15250:15255 got transaction with invalid data ptr [ 172.566115] binder: 15250:15255 transaction failed 29201/-14, size 40-8 line 2982 [ 172.588372] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 172.598627] binder: BINDER_SET_CONTEXT_MGR already set [ 172.627343] binder_alloc: 15250: binder_alloc_buf, no vma [ 172.633073] binder: 15250:15255 transaction failed 29189/-3, size 40-8 line 2963 [ 172.638687] binder: 15250:15269 ioctl 40046207 0 returned -16 [ 172.673879] binder: undelivered TRANSACTION_ERROR: 29189 [ 172.679464] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:40 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:40 executing program 6: write$rdma_cm(0xffffffffffffffff, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(0xffffffffffffffff, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {r0, 0x3b, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) 2018/04/09 20:47:40 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x2) r1 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$ARPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x63, &(0x7f0000000200)={'icmp\x00'}, &(0x7f0000000240)=0x1e) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x8001, 0x109000) ioctl$EVIOCGABS3F(r2, 0x8018457f, &(0x7f0000000080)=""/212) listen(r0, 0x5eb857) r3 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r3, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r3, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r3, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000180)={{0x3b, @empty, 0x4e20, 0x4, 'sed\x00', 0x25, 0x2, 0x19}, {@dev={0xac, 0x14, 0x14, 0xf}, 0x4e22, 0xe5013fdeeaeef51e, 0x2a6, 0x3f, 0x7fffffff}}, 0x44) 2018/04/09 20:47:40 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) membarrier(0x5a, 0x0) r2 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x400000008, 0x80000) r3 = mmap$binder(&(0x7f0000fef000/0x11000)=nil, 0x11000, 0x1, 0x10, 0xffffffffffffffff, 0x24) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000080)={r3}) 2018/04/09 20:47:40 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2), 0x0) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:40 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000ff5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:40 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) eventfd(0x4) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:40 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {0xffffffff, 0x3b, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) 2018/04/09 20:47:40 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(0xffffffffffffffff, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {r1, 0x3b, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) [ 173.151402] binder: 15287:15289 got transaction with invalid offsets ptr [ 173.179328] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:40 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000002bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:40 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:40 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x20001, 0x0) ioctl$KDSIGACCEPT(r2, 0x4b4e, 0x13) [ 173.201164] binder: 15287:15289 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:40 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2), 0x0) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) [ 173.264141] binder: BINDER_SET_CONTEXT_MGR already set [ 173.293302] binder_alloc: 15287: binder_alloc_buf, no vma [ 173.298959] binder: 15287:15314 transaction failed 29189/-3, size 40-8 line 2963 2018/04/09 20:47:40 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(0xffffffffffffffff, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {r1, 0x3b, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) 2018/04/09 20:47:40 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff0000000fbc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:40 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x104000000) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) fsetxattr(r1, &(0x7f0000000040)=@known='security.evm\x00', &(0x7f0000000080)='@trustedkeyring*\x00', 0x11, 0x2) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) [ 173.323670] binder: 15287:15289 ioctl 40046207 0 returned -16 [ 173.391969] binder: undelivered TRANSACTION_ERROR: 29189 [ 173.403823] binder: undelivered TRANSACTION_ERROR: 29201 [ 173.429182] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 173.465570] net_ratelimit: 5 callbacks suppressed [ 173.465579] dccp_xmit_packet: Payload too large (65423) for featneg. 2018/04/09 20:47:41 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(0xffffffffffffffff, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:41 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x7ff) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) recvmmsg(0xffffffffffffffff, &(0x7f0000001c80)=[{{&(0x7f0000000080)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @remote}}}, 0x80, &(0x7f0000000100)=[{&(0x7f00000002c0)=""/169, 0xa9}, {&(0x7f00000003c0)=""/233, 0xe9}, {&(0x7f00000004c0)=""/228, 0xe4}, {&(0x7f00000005c0)=""/254, 0xfe}, {&(0x7f00000006c0)=""/190, 0xbe}], 0x5, 0x0, 0x0, 0x7}, 0x7}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000780)=""/215, 0xd7}, {&(0x7f0000000880)=""/200, 0xc8}], 0x2, 0x0, 0x0, 0x1}, 0x398}, {{0x0, 0x0, &(0x7f0000001b80)=[{&(0x7f00000001c0)=""/94, 0x5e}, {&(0x7f0000000980)=""/46, 0x2e}, {&(0x7f00000009c0)=""/167, 0xa7}, {&(0x7f0000000a80)=""/4096, 0x1000}, {&(0x7f0000001a80)=""/243, 0xf3}], 0x5, &(0x7f0000001c00)=""/103, 0x67, 0x400}, 0x10001}], 0x3, 0x2000, &(0x7f0000001d40)) getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffff9c, 0x84, 0x0, &(0x7f0000001d80)={0x0, 0x9, 0x0, 0x3}, &(0x7f0000001dc0)=0x10) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000001e00)={r2, 0x80000001}, &(0x7f0000001e40)=0x8) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:41 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5602ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:41 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) recvmmsg(0xffffffffffffff9c, &(0x7f0000005440)=[{{&(0x7f0000000380)=@un=@abs, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000400)=""/218, 0xda}, {&(0x7f0000000500)=""/92, 0x5c}, {&(0x7f0000000580)=""/164, 0xa4}], 0x3, &(0x7f0000000740)=""/222, 0xde, 0x3}, 0x6b}, {{&(0x7f0000000640)=@nfc_llcp, 0x80, &(0x7f00000006c0)=[{&(0x7f0000000840)=""/149, 0x95}], 0x1, 0x0, 0x0, 0x7f}, 0x9}, {{0x0, 0x0, &(0x7f0000002cc0)=[{&(0x7f0000000900)=""/227, 0xe3}, {&(0x7f0000000a00)=""/155, 0x9b}, {&(0x7f0000000ac0)=""/4096, 0x1000}, {&(0x7f0000001ac0)=""/129, 0x81}, {&(0x7f0000001b80)=""/227, 0xe3}, {&(0x7f0000001c80)=""/22, 0x16}, {&(0x7f0000001cc0)=""/4096, 0x1000}], 0x7, &(0x7f0000002d40)=""/109, 0x6d, 0x7}, 0x42}, {{&(0x7f0000002dc0)=@l2, 0x80, &(0x7f0000002f80)=[{&(0x7f0000002e40)=""/252, 0xfc}, {&(0x7f0000002f40)}], 0x2, &(0x7f0000002fc0)=""/51, 0x33, 0x6}, 0xd}, {{&(0x7f0000003000)=@pppol2tpv3in6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @dev}}}}, 0x80, &(0x7f0000005300)=[{&(0x7f0000003080)=""/70, 0x46}, {&(0x7f0000003100)=""/28, 0x1c}, {&(0x7f0000003140)=""/94, 0x5e}, {&(0x7f00000031c0)=""/4096, 0x1000}, {&(0x7f00000041c0)=""/169, 0xa9}, {&(0x7f0000004280)=""/4096, 0x1000}, {&(0x7f0000005280)=""/73, 0x49}], 0x7, &(0x7f0000005380)=""/178, 0xb2, 0x401}, 0x3}], 0x5, 0x10000, &(0x7f0000005580)) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f00000055c0)={0x0, @loopback, @multicast2}, &(0x7f0000005600)=0xc) write$rdma_cm(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="00e5ff00180000f9ffffdf0000000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="3f01000000000020"], 0x20) r3 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0xffff, 0x4000) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f0000000080)=0x7fff, 0x4) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000240)={r3, &(0x7f0000005940)="a77eddc76b16f560337769442d4056d80dcc878390b62b0ca14c829f3176c874b4e1cadc0dcacf9202f5d2dff2025c5af7aea4962dc00974bb903e8739ae9e608f38056929e05ef339d01c944610df25537c59429ed06d336d550de895aa56db4d08c697076d8034eca4d4e532e40d053ac530559042035efdee4013c0501dc6efe1cb1e32873b76d004b430653fc3c68cc491fc2d3c4b19936bf981643121660136ad4315e62c6be572648d6d3f2571a27561ff68d072cbf3c2e12b687ba3cf0e478aeb1090766a266a6c7889cced99fecc303ef1d3a547aa4ca84bd68109610703ea6ceb1d7124f9f6bab5e0f331178b49811a0e923ef6d74547ea0b1c012603d8e19c52a19f311f0b2bb2e8396eee8c9e1a1e8bfb7b725448f151410997a5144095ab9b3bd74f71f851c1e9a91447262f81ba220de6a9f11e07d488857eaba48f0e57b6499d79fcdb622d277d90d5e78d61d27144a9fcbbdb80f0e2bf17a938079bd0e5f87c41c298aad5a33be5687637bf987317274064cbf3f32aaf23027b8ba00899cbc8bd952b1a02f91b7f52a34aec1f45d0bbd138c1afa82a75ceeef2491a1dc3d9b415d459f8278bda90d451485f345f43220fcd0fc9e8c6915921d7c7892b62007373ec05c81628f6578a04a0ce5004b3141e4070afddea4822140a1b41b47381f49b1c441a1ac3c07f375417c1003c76abfcc047dba2029fb015ee5d436041ff6f59b689db8d02628393937f2aada8ad8e0f39263732d43a530541f8ccdee979491776dcaa94ff6ce79a9832720618bb70b93bfe681f976b1b2f67e3d73fdd9b8060339a9d4cf296ed695f0e60b514b3522a5963a82e1aa14d3753c554cce867a4dd74241fae3138972475bf8b2b8710051d8e4437db4c6caf9a4a4013cc6243a9293637aae6f5860a1bb12022cec8a23f844dd4b254b1987c0f8ba8b416ffa4c3f5a25555f5b9099b216a4b8cb8ee310d226ae2428ed2e2b5dedc17e066a1df770fb3a2f5fbcdd49693e7081c196d655e71612d19896745bc466ccfbe00d8402ae423f4a1141cad0fafd89b186ef0bf9b880616c67f4be527806d015bd7e668e2906f25d448e12810538b505dab30b3cb621c97b54309a53291da1e6a3a3d1e18b47aa59ec0ffc1d351d17236beb28ec1f3631e27811609ceef9e839e5e2489e06aaff5b34913c982a778e8fde6d21b9157a57b85a969f4bdf04240abb357b4e5713684159167888fdad66ee3e0c863d9f925657660b7c9deac650b6b27665f607616e006218461b3d6cacbfb36d949ed9a483d0b326b7431aeabc078d917651c3c5faf02d9d1416d649cec7b255aa9a07ed0224637b5d0b2d429051c71b16a72cfba14b8e6cab84a2c159bb0537dc920dcdaa7951fabf1d7121f8810b5e53522f49c7c2f13a5e6985f9058ef04d0941163a6d39dcb89ea9c01f9f3b8db48a5d470e2ff3d5259dcba79c8cc35ba1a0978afa0380d9bd93a4ae81a147bbfaba427b868e4aedd3960303631a96f6eee523d58252983890922d5de6d1326aa3fa629dd387e39eb41954022076083dbd5cf86a1b18a98b6e8c4de7004bb493ee6417448e18108870cec87506f6ced5361e5c41e976db7eacbbb8ed1d2a24ccc5a117b4fd5cffa76cd9f6376ded71183e3d7199b757fff9d8ca0901bb9a10bd8d159a92035e58afdc959de91bd0b768c8c699075a007de1c7b1f79c129f1b9638cff8614a3efd077704df52893b431a482b6880114f2f004527952946c2968129727f35613848e8ba6b50d88324256d95825ba70c84fd0e1ab21f52307456fefa89389b3b8fbc856d5240c074d85aba70c55c73e52248d10340fba9691a833d79a92182c519533db6f70ce31f0372de924091689e5816e1523f5a69c06efa947af1837604dc73d9f3619d1ae7985811769db2f30f4fefd85d16915ad2462376944b760f5c685d37adef91769c061667af2b1a490df97c4112d3e7d616fdaa72b72799a3ec4362eb7ab9f0d60430961fe5b1b04df6efd50117f9b8f02f97d36360dc341c89128c913660e470904b788ddf363b14f9bba8ef3f1874920d169becd4172dbc7fab69845a50bf94f2f0cd281c766f8ac7a1a4f88404ef95a33ffdb9804e22d9fe11a14746605501c60685f425c84c13b941fb7faffd864b849ab1b6d3f74611920ca29a22218859210826aca99481259d6fe337e2788f8350c69f75d117f2581530a0a57c87f3bd03241fcb0a1ba6ef2d4e7b5dfcc4682eeb900ed131f47fdb205159413fbbb5537f5f5f379dcc07bdd34ea93c68ad31bcba13261cabc3d4b112f325057618be2de7a5a1c5273bc66002dd421adb428e1327d3c20121e196a0c758d74fe725e75ae0ade49957dafd1c06747bf38d9817d7a736ab3a1a584f93d5da7e992a6bfbe96627d580b059365f25329deb2d7457f4bc44df66f1f68ab93d0a4429bdf79d7b98cbfbc1fb305907235b1a0640133dcccf27bd92c9243b5ce7c75901c28a4c5d8324582bf6f1d7ea21ee1b8a015f62009be6c40319c06a4f7211e1c8053de6922c4bf38a8d6d0e90220fee7a4c19bdaae84c9e6f7c91f5db648a776a4cb1cb08ce93d0e79139a803974440f5cd11b14a8f99b5493d79410827762725c94d9cfb4300fda4538d9b7c602d6f63f35f1df5d7c64e59c0d657434d8fc4168eb96da68504dda6d1f837c9e36bd4285661c227386ad31b6e48ce8b89661af901d835ad269ab25441b35a24f8ee4a398f318fa7b9eb426f8adb4101e87a4e7f651ab30f7fff5811c7cd5b4ed3c5b2cbafbbc6de2f999e79cc266892b7826a3bdabeeae40ac2bc8e820c3f98b2a94b670d95cda479433ea2e994e4454a963684c030e9320d6537a3447972223cbcc8610b8b7a6be55687c8f82b0e50fcbe8f41faf5cff24c1474934944e5540b1b0120e089dfe3b8b838c791ab197e3b8b9448cb0bbeb09bb564aae5dc2ccd8d09830b6f2c477e48bc5d5125c4039625488b975622138741059ddb01799cfa5a12e5c7235f99219604c7d19b99af2d8912b791958bb84efe0e72f7ee520bf4a330c7b69f0e4cbe7d248aaebed4405d0a940150b04a2ec55b4825ed371537ebca04c417bd79f7214d356be458b19e7a86522f79e534950f071922d03b9299144091b6b71ca6c76d12a60bf3d5ac8e6e41f8db38e46de9ae73c16eb5a592966b7ff99d358e68d202c7ccd3de6028bd06e199f9328ce4e0be526dec868de6a0eab9c699c42ce8188078a8af420b940d480cbb45f2dcf764e083bae748123e7a33939aa9acb652fa8c472b7b6699c3fe125e4f44bf187e0568afa47a33f7faa24cc95581d45c08d87dd859582ddf11390484d60b5585ab79da92a0e844530dae358430d29ce6c832bf7e1518a7ab6bc91f1c3beafaf509f1b56d898f553eaa29c13d678d03ab5326a08b8c6def99e42d608f2a9b04685a170b525e0c1bd866e7e7a14b99de726184ae6f00816366781d5f61f12a9d555a754a324ad9cf61e43dfea7f5c622d9032a6cc54562e3b692d5e6a414b835608a4d4c71e04cedec1d7671ca2611219aa695121956ecdd0e641e1fd19ae2af1dc40608ad7a211591ca5db5f53bc378741c9caa9994dd7761cef8996508360edeefe7988fc0ca771f56e2e11dbf86f5be93d5947a2234b36e8ad131b5fdd6746ba136f55f03a9fd72d95cb0cba9a64244e6227ebbee5763c8ec3ffce30fea5215453ad5e3000caca7513375b15d4706e100076f312a69e07f515eaae40382dd92b6ca8ec3f2b851fc80cfc42a1d6cdb74d4fdaa6d965110f05818654cc1b0480f5a03c265f03753cbb6a1ba6a0225fa30bfd86fc7bfbf31efec0d0d302ce2eff095f8d5b40ceb92ed0372677247c85decfe7c0b4efa1c75591111b7015f875bae8142186b484d4145b28789176bcb4743bd38ba70fc8f0bc23c7a7105db76d16bb97be05a3f3413e2365fe81495a2a01904e5533e095e89d72034e40824a5b8ad091b93b3cc75091a0ae3493b1bbf42a5a65d0a4e9bb4a013adc524d9e8e86b5398425965e8e7da45f4e6512b433354ed3db3fec222e21a262fe04e4ab4ec2327359484dca874d55a69c6e9b37cc4074a3dd5b38e82520830b4a930210740140e55f09b2a18628c2ef984e2358da049208d4311aa4f594215faa32e136ecc75597a4dad5ee7ca590ba294e1badea61c40d7d7dc2bbe1e1664f4bb36807567bba5ba8a7b00bff4023f9e21814e02c9c9b8334566eaccb496fea6128ea35d32bd67dea3e984ce4f5b1f82d24f2e9e5322aed521dda4d927d735632306a3b27033a15ac89b188d186772aa241bcc9fb9f932f067eaf0eba29a9c0f95b1e94f2307fa9e5f179e17d8c07e152eecd9ce477ebbd765e0e926b03b9befe1975de3512fcce2f2ceea9b79a0cd9a1f9f4afb0a8311e8aa5ba042b5f64e6414c7ec1de24118f3465178f34873d473e5d57a0e2d503fb3d03e29ba2fe6a443033bf1e97ba2f721d6557458f9616f1395b6ffb7fd0ea7d3ea7acd5ecbd106f02b3ae00c020bea67729215544cdc1b72ab6ec7b9b1116b8be8f98ba64b83353b9f77f19530cb518bbdbaec286ac567a87a7c83c78c58cbbd29cb956a9073639e390584d0e05c8072b21959932ea117be7a3c9c0038b7925589118fe5ef4fa337e82f10dee6528cb29787cdec3cf38de71d8d18d9bcb0e379ba804ac7bef8537fb75438af8fba8f3bd62be7ec7e8f9e0e771809a1ad1ff676999e11aa8d21d18fcc303c6129f6000dffd1292677f5fe13790903292a94ed05ad63cb79974bdd380b157ac1cc764c9dd9049ad466982cae5c396d9ebe0b560e46746ad77d2fa41967edfa2fb6da595b5793faaeb339e1979c3e57b13c2149442c14e128f91d1f24487f9fe8134096fa2d4053b53901d5fd41568e2360ef499e6644c4f76e62fbfbc0e613b3ecd856f000c5a2008ba5fd0c2542f4c5ac7af9273f3c4d4e30ab7a00e8ab73d3db8aaebc5843d407e6bf6ce8707e93351a00d9c3945c68b2e544abbadc9dab68858221dff2d7f95a3eeae24819a30dc6eb373a649ec345ebf291f8491dae028095526b7de4bb404ec9ee9674f10566f27947edd492b0f89c737d35b09d2a654c6f04eeaa502e6c60f5aca4b3deface8f93d8db21dba4ba50fdad69112a2cbb736ccbffa590c5e0e3e119f60143d7b524cb0f76b478c9e03d7f0297c25035888096b899a525d48c3397fb34c2f641bc319e62b1cf3c30baaada5f29d32efa21a8d109143c1316a06ad9b6a72eb3936aaa7b35394145dd9309ab7765eab53d64706489d28fffdf481d7b42e6d1c13af441042c9c273e3a7fc1e72ff90038172c706893acdf8cb39546bf9fcf1fb7d85360e2836e893715a2afd8edbf9823608a954104685c65a9a0a58ef0b74729a4475c79f10e1ac98e7e44dd642671c00b483e824cb2e82f8aebb0a15a4a62b591758ed9510f85398a25d0b23d8cdf7a85e6575f09ba9ffdfc54174d9b3bbffd292a9df3f16a67cbe0044ba0a8d49cd2ffc9a4e2108b62b9a980e7447b84769e32f668245035aa35db8d9fec3489ad558c8744df4a3b4cd050a66ebd1d110eda69d725909d2f2343377f1955797b010322a2e637ae70a1a0555722a0c87292dc22134c3dce1eb1afde8047a6a6eeb2442e653720b7c30255d0b209a1d815b22412cc227bca8829045aa6b53d1f5c4ecfcb5aab1b5d77e3cb38d932fbd8b7854e8fd86891b1e7c8e46dec8e63cec4078f57c076b1897d9bd98adadbb1beeaf0eeb183fb849aa2ce912aa", &(0x7f0000000140)="88afc783d3d582434c0e11ee07b8ef9fada705bb4b4c0e4b98b73f2246cc91c5c2b5b231e39754109781d57d91d820c902f260d4e1dcb005828dd5efc56af395be946184d9881b02025c15d3fb53a333692e0fe3fe0b6b4dc1c852a360f8573894cc49224a0b39bba9fde2a65762a578e72a98ab2cc8f008ccd2ede0dc8fd29ebf2cdae294fa6463a8f478f41bfa874b60a2d59fbc1b236bf02c05c565aa644c009d99cbf87a580182d63af8780b271519cb83299f9532036a76c3bdc460e310c399a75f7aca352db157fbdfd909e3eb071e252808bfcf91dcd2ca42475e3b38215abe67f6028b971a5fdfaef94d8b64", 0x3}, 0x20) r4 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x6, 0x0) openat(r4, &(0x7f0000000280)='./file0\x00', 0x200, 0x80) write$rdma_cm(r0, &(0x7f0000000700)=ANY=[@ANYBLOB, @ANYPTR=&(0x7f0000005640)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004e7906c912b41e77a35aabd48f2b55c7baa53b119aeab6d2db0fb9c02fde4f1e457d3ff57650dad8433a85ba372d2cc1e65b2e35dd5b0b53279e3495c2f1aaf4f9108e2a2bbd568cc6ac78c9bac58c2e0a755fb2eb4728861b2d3ce3622a5684392419fc662413ca6297a30120110535fc8ddbe7349286c618a284a7d64a447071bf5627701d7584349020f6d59ace7178e9fd2df20fbe15d08a8d8a9c4de5e74dbebde3d7d1f9df27f0dc1bc0b29645175766916d7b52cb0b44ed6f07062b0722511a97536b2ec3caee4d9b048762a3ae2bde02f21d31716c2034e1eb8c70ced58172"], @ANYRES32=r2, @ANYBLOB='\x00\x00\x00\x00'], 0x18) 2018/04/09 20:47:41 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(0xffffffffffffffff, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {r1, 0x3b, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) 2018/04/09 20:47:41 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x0, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:41 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) r1 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x2, 0x2000) ioctl$sock_netrom_TIOCINQ(r1, 0x541b, &(0x7f0000000080)) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r2 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r2, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r2, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r2, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) mkdirat$cgroup(r2, &(0x7f00000000c0)='syz1\x00', 0x1ff) 2018/04/09 20:47:41 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {0xffffffff, 0x3b, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) 2018/04/09 20:47:41 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0x3) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) [ 174.124789] dccp_xmit_packet: Payload too large (65423) for featneg. 2018/04/09 20:47:41 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00f0ffffbc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:41 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}}}, 0x20) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {r1, 0x3b, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) 2018/04/09 20:47:41 executing program 4: r0 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x7, 0x0) accept$netrom(r0, &(0x7f00000000c0), &(0x7f0000000380)=0x10) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) sendfile(r1, r1, &(0x7f0000000000)=0x8, 0x5) write$rdma_cm(r1, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r1, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r2}}, 0x18) 2018/04/09 20:47:41 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5605ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:41 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) r2 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x400000) setsockopt$l2tp_PPPOL2TP_SO_LNSMODE(r2, 0x111, 0x4, 0x0, 0x4) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) ioctl$DRM_IOCTL_IRQ_BUSID(r2, 0xc0106403, &(0x7f0000000080)={0x7, 0x8, 0x0, 0x81}) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) [ 174.228706] binder: 15381:15382 got transaction with invalid offsets ptr [ 174.248273] binder: 15381:15382 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:41 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}}}, 0x20) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {r1, 0x3b, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) [ 174.296218] binder: 15381:15382 ioctl 2400 3 returned -22 [ 174.321157] binder: BINDER_SET_CONTEXT_MGR already set 2018/04/09 20:47:41 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00ff0000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 174.349836] binder_alloc: 15381: binder_alloc_buf, no vma [ 174.355574] binder: 15381:15382 transaction failed 29189/-3, size 40-8 line 2963 [ 174.359231] dccp_xmit_packet: Payload too large (65423) for featneg. [ 174.391834] binder: 15381:15400 ioctl 40046207 0 returned -16 [ 174.399184] binder: 15381:15382 ioctl 2400 3 returned -22 [ 174.430302] dccp_xmit_packet: Payload too large (65423) for featneg. [ 174.482750] binder: undelivered TRANSACTION_ERROR: 29189 [ 174.503895] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:42 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00f00fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:42 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) r2 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x7e81, 0x140) getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffff9c, 0x84, 0x0, &(0x7f0000000080)={0x0, 0x800, 0x9, 0x3ff}, &(0x7f00000000c0)=0x10) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r2, 0x84, 0x19, &(0x7f0000000380)={r3, 0x3}, 0x8) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) 2018/04/09 20:47:42 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}}}, 0x20) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {r1, 0x3b, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) 2018/04/09 20:47:42 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x1000000800) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="006340402000000000000000000000000059ca6e0000000000000000000000000000000000000028000000000000000800000000", @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:42 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:42 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000040)=0x0) waitid(0x0, r1, &(0x7f0000000080), 0x2, &(0x7f00000000c0)) listen(r0, 0x5eb857) r2 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r2, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r2, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r2, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:42 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(0xffffffffffffffff, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:42 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x0, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) [ 175.095075] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 175.157168] dccp_xmit_packet: Payload too large (65423) for featneg. 2018/04/09 20:47:42 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) [ 175.207439] binder: 15437:15443 got transaction to invalid handle [ 175.213784] binder: 15437:15443 transaction failed 29201/-22, size 671088640-134217728 line 2848 [ 175.250547] binder: BINDER_SET_CONTEXT_MGR already set [ 175.275292] binder: 15437:15451 ioctl 40046207 0 returned -16 [ 175.281620] binder: 15437:15443 got transaction to invalid handle [ 175.287970] binder: 15437:15443 transaction failed 29201/-22, size 671088640-134217728 line 2848 [ 175.328951] binder: undelivered TRANSACTION_ERROR: 29201 [ 175.334799] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:43 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca0f000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:43 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(0xffffffffffffffff, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {r1, 0x3b, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) 2018/04/09 20:47:43 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) accept4$inet(r1, &(0x7f0000000040)={0x0, 0x0, @broadcast}, &(0x7f0000000080)=0x10, 0x80800) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r1, 0x84, 0x1b, &(0x7f00000000c0)={0x0, 0x82, "171c11687849b4b5f13e4d9c018323e541811a8dc787d59ffe4d7ea0f0b8c8307847d6488f5ecb186e50ffa608b66a9195dcf96dd5e200be92015ed28f6fd78c08e0a3b0434294cf802999596fc93e40f33244d355450944d2ef797f606c1f0d02d0535e9e48633af394dbc365f0c2fa10aeb4f588e6f7e97888070386e49f41d811"}, &(0x7f0000000180)=0x8a) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f00000001c0)=ANY=[@ANYRES32=r2, @ANYBLOB="d70000009acdb3dd661ffedc9112964899a56cfa15c3c136bfb7631c98770b266d646fec6b22a86413b08e8b27f3112c5c739acbcdfe9fe1a1b93e79e2078a1fc21fa1a8d7bd0b198b9389061880bb65e8180dca8b74507a6d0e39ad1de50dfa397864d0c47713db5d4e545ee55c3d739acd4af5779a580d65e239d66e69d412c8114915f5195ee4b1e31a1a8b5d02ae76baa8e93bc0c44c632d21d097ee0a1827dc47d039810d47411097989d7ae411fd729b51c8635638891d3f72e4aa64dfb8655f0fc7ad1a3104e285559817eaa990a1c3a58ed376d392d070"], &(0x7f00000002c0)=0xdf) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:43 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x0, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$sndmidi(&(0x7f0000000000)='/dev/snd/midiC#D#\x00', 0x2, 0x10000) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:43 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) 2018/04/09 20:47:43 executing program 2: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x202100, 0x0) ioctl$KVM_SET_TSC_KHZ(r0, 0xaea2, 0xfffffffffffffefe) r1 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) r2 = syz_open_dev$amidi(&(0x7f00000000c0)='/dev/amidi#\x00', 0x2, 0x20000) ioctl$sock_inet_tcp_SIOCOUTQNSD(r2, 0x894b, &(0x7f0000000100)) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:43 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(0xffffffffffffffff, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) [ 176.164890] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 176.228761] dccp_xmit_packet: Payload too large (65423) for featneg. [ 176.236784] binder: 15478:15481 got transaction with invalid offsets ptr [ 176.246389] binder: BINDER_SET_CONTEXT_MGR already set [ 176.254606] binder: 15489:15491 ioctl 40046207 0 returned -16 [ 176.262356] binder: 15478:15481 transaction failed 29201/-14, size 40-8 line 2991 [ 176.268124] binder: 15489:15491 got transaction with invalid offsets ptr 2018/04/09 20:47:43 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca000f0fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:43 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x2002c2, 0x0) ioctl$KDGKBLED(r2, 0x4b64, &(0x7f0000000080)) 2018/04/09 20:47:43 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(0xffffffffffffffff, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {r1, 0x3b, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) [ 176.279339] dccp_xmit_packet: Payload too large (65423) for featneg. [ 176.293156] binder: 15489:15491 transaction failed 29201/-14, size 40-8 line 2991 [ 176.317231] binder: BINDER_SET_CONTEXT_MGR already set 2018/04/09 20:47:43 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) pwritev(r0, &(0x7f00000013c0)=[{&(0x7f0000000180)="5384bb6de41c5b9e2782fcc1dbd3f636aced1adf4040fc2ef63db01992863ca368015677dd70baac5026b571175c57f2de6c7f77ab88e6d74cffd59f7d3bab864d2e26221737cd90b6c16db33ae99c1a94097c141c2296ff1eec8f97a2925b862cd6f2e180ea2fcaccfcdbc22ce8b184205078935e3eab9132d23f666ba8b56a8004e2f18e4786cd6a5bed944fb2dd1a81d428221aed6c5c9d40ac33eace07a37498625ad19af576e505f049b9b8aed3056ef6fdbfa1edeafd81f1db9c1f481b8aa9040954f1537dfed71a2e06bbf9290c5944c4b5212fd2f3e91bf8489dd5dee93a7423036e8edab38088b9b9494a45cb86babee07bc85754a6d8579cbb1dbe6fcf1f110a578f3290a8eee4e340bd2de5e7533c977e76ca6766c2f0f41fa74b7cb632eccfb9bf5c9b154ab2eae5e5dbebcc3c4a0cb8341f9c1321c520cb51dfd9d655f800b28b6dbceb41aeb08ba883201ae204893736a921c857b64ddf55591b58cbb3d4d385b39896f7b605070147f24f7f57f43179bbf1bf0e071ea0827c521ef05a34187d25743a5d5f288a495d413e90fb7c22d18ce6eb17527c68c0a8a6f625a28f29261979824da76c6233d867ecab3eb71fee545b424363e38702a34a9fc60363a1dac359675503a4ad695d11a308e9ba370b6e095cd9c8a5c063e265cd1d9028e242ff69e2f4342025e5a6186b48bc64140626772e659ab72ce59b0e2fdcf348fdba3a3cff0bb80f011a2c851ce95015ecdce4caa8929874940462bcb85e27cf68ef3c001e2c45380b820c20a06c22dab9b478b5dc88beb49f53a07d3b5bb86b5b5770675fd2e2750858203f58de4eb4a3d35bcf98eddebb9b2efc08dc88c720e4d55d2b1e8a328a4416014735380bf3d0027cf048b08a3d41aa6a4949c75dc8afddc9e1a7312564759261e9d1969be31befc9254ad9da9ad411978c6760a8324ab2874e539f513b198354b1230a42c526294506091af039c8e960af5acd2b29e7eabb5037046f4c950b22f4c33325420e330d9599cdc1ac5918e962f3959731410576c9f6f0297b83dbe5b78ef0387d943ee0401615de0327c85a3e7bc519565a8aeb2c68771e526500ea09042d9b9435e8b8bb2edba7d8571da5d689253e416869dabbe5d798536ebe11bc007d1348fe3ae2251c1775e20ee96c4794c46f91689367f83e954207ffe51f2737f93c3334b3ac173fb76f9e92c6c7f05e69e8a543d56403bd7dd01f78c913e45b181f4597af3dc4ee0e7e52318f92b77a2207c5b32d9d923bfb9a6f221d96368693d316fdcf7adc026c51f1b5556c373ec9964d6e88abb566f98a65435831b26e6ceadf68f4d450a509ed3191739fac7dd6de154bdac1dbfebf1ff73b10dcaf2eb1c15da2a2db7b5f3e2310ce115e41e41e673dc034a747f2f8f64bf6b75927f3ee12b902ceeb61e0486d913b2b81dbdd307f62a4aeb7638dbd824136ff2f46e9ba7c3945aee62e6fcc5ba554094b8ad007903d6ef8421f11317f5541b52e49df72e0754dd6723794ae7c58b75024ded991a5f58bfda3c51950379bc8b402d78f502984978f0b965dd84d6eed9af34f042a4139ee6ef0ab23f8c671b8bf4ce4daaf7ed48228a00c9655f16524da85cc4283e78734d3af5bf1334789d53db033239cfdc0792be3791af9af3ac3c39ad1923eff2f6d6e36d9afe5e15a49d695c4168c7e3a20ca5744a245b4259340600d3b368ccfb5c620f2dad893314792bad5e488caaf18c7ca0a8b89fc61a2a55925778b7a713a6b8482ac84a399a230fa30d88001822c8959f220cd93cb5d8d43c1889b215c6b8a1c3f003184871590dda4e51ff6a68be9b4c17d7df74b2a96af8a1415e3632301ff1e33df18f0b177fe0fbdf54a9f707b8edbedd2ded86e2b1821de76a4227bc3a06827be29ff349d08b2cf120f39336c3dbadbf7545e6322f27e9ca9a7830f82bb730e7c2bb36fd7a4f77ca0bf7622a62a1e86cad01e8e5d96d50a18f0e73d5ce385e32ea960233596864955cbe5c217f8cc7366165573418544f8932d6654e124210f5c01ae1fe2ead2cbce7233e3198576901e84742011c7f42dff32c20f85ce14c173652ceea724bc265a7b247ef28a0e01582bc5c0da4a34f8ec4d7ddcb55a050526f91f7f38dcdfb94aa17740b44887effe7559ee0e6839fa6fce700bd83fc0ebab32d7238e40b22d737b8a503fdac149ed6315fab53d5a7bc43541804cc5b3809d75325b0646dd3cd6728506ff7c5e5c56efe7020fb9e32d25320ad317c381d4e31ed490c7530b0ff12fa6f0672581b0954f652bb578e5e34e74b3e7ebcfcb775e398a5e9369dc3919e3ed31f5b12b3f692180bdba6274ff0cdd2e6f64c63c50062012d4bca67548ea8e3ebeb09478335f8760b048147017ee4b56e266dd121daa01de0a751915952117c4f55f7781fa5dcbee491232eefd0c0860a2d3c5a86e57903c336cf6a1a3acd4b4eaaf91646ab3d989077473673f0de2b0f72e4e7b4149e20002710e6ed0f5acc7a9bf2f75feb560bce2190a6e1eb87a0fe6768df86dd158bf3083d37ec678a9ef3a621de205a0d0c617849c7be8ba4230507132b59add1faaa8b48a22e345734d094b57513c7dfe17d8b52cbe69b647adf18b8229e200ef9217fd4092632fa75f942d0ae44e67ae7b62d389dba7314d9b300ca626b3351c65f5085a5e04d9f5009d9cac4d486ea963210d1d7df21c7d06ee3014e40a575ad3f8bbc91f6a49ac4da9fe40b30e2edf8e3decdd85ecec0c09015f18bc365d5fbbfdb8fae38326277fc32020b80a71096500fdf4b6be3da42647b0d385fe25103ac6ee0aae8ebc832a07ccf14c733e761e9ac94200b994941211ce3574931313fdbe9efabcbc0bf2a4c8f0fac1e2589f554188b50602fe5b00a8cde13fd10063809fcdebd53d90ec5d296bec1e17f14579d1f777007ef83ab9740877de556bccbf6e3c40c2d564dec023db7f340ec5a2e085f2e8820e30c34f0263505c77359c7e50b495e5090b2e87613a1271275859dda17f363a01319fb338d3edf58f813ed20aa286b74f22bb9edb0bcef013164a161a3263d522391a764d63502deabea1046a68eb595364a283066a8e703afa3f5ce2b19ef7449c537f656d8014972d026f5690f8ed761c93fd7026e0c95186c28a71769ede32f7da0f6a92eb971743fc68f969da2dcfa12ad61cf8dc13ef1fa6cdf5286309bb6ceaf38fce08425294504bda413f8beb47d252c2a54669d31a74c445d20f12ab0862d40aa502186be436a9cb5b9d4b2719c35160204fdb9c9deead93d1bce8e245f18e30ee145a76a72e78e6c8981bad52ad2468056de2912ef5d434e1a380d0b814d6ef7157c17df0c5a5519361b978baf76d0f32d84f11d7f27f975b22b39e831a14feef3280428018896174fefdb2ab20d91655b5f39560485656a71d6f7191530b0f0dc168ce33c1f2cba454461b968724c1a4b48caae9d679b9972654109b11930e889371712a8d565a22440226ecfce8ac6f51cf7c45a86442e06c9f1ec4b7c409174c94fe6eebb893cbd4a2b727f777ac17e03406c0a71e7517e7cc4a4ca8190630dce66b4af39e89bf47cd5367b994f1cf81177031238d38b8c62c78f851d4b1db617dc633d6717c40b59239d38725f52a5e0c89754937a7bf115b89cc400b0233a64d01add8b49b9d804ba56670f85b223b8899ecc5c84229c852af4164bef29e7900f5a52cb3732e9e608bc25dddc6e9323a191c45072d079963b8d4bba03bf071aa4f7558914d833160438ae14380eb0d497188f9e980d9757df5ed6494e28d330b5e6220b692976af3d3505276e78f42d02d701346e5b4276377dfe6898712002bc24768272d4e7c305f3f2373ce21fabbcaca082ed6915d4534c59f34bb9a65e050ba18b307c997bbc2d96393d0d70760aa498506ebf6a1f7dcd29d44dafc45cbf2a7c4128761703b31ecd0ae8495a117e1aaa6d55027b68c6aa7e71e0172e3194473a0791e30a63d480bf5c1fa92a4b30489be47e71b1ee78a13e2f2b7e0c2755086dd43a081ede0fdb4a25d03de47956da77bceddffa73cb78f5affc663648d1ce937a00982b4b49a8293276339074d1a6969718683414968ed976782c8019e1e50c61062cb52c17c7b251cc08acb0e483e22eb630a6c14a534181232944683f09f01e0b219f422cfa312cd9a4f6fc53a5337549835173aabe82641e73e50bfc0f31664d9466ea01e6f4cf5bb60611203b4c6ff8250011bb37a53226200a23d3be25469a2d58e0ff1549fb589708dfb4199116f5a2438094c15e572a19140d5936b3b50ab3f3dbc8d63f65fe88f88efb5c9207ea9aeb581d64380df37170713416e0101f8942adc78668f948e5241605fedd8e35a8ad0c50100cfffd84726a321f0425113bcbed50f828b8e099815c835f7a4535a884d372da6cda98ee0c5b2df6046048d25ccfaa371234bce487bd5bf3f776f59d0ae2cadeb564502c5b7ce80f0dbe6b13c157a1def128c92e0d58b1468876ed07326dc8dbd86275066d8cdbb20f3be88e355117a152d73346d1ce070b66844097a6ba4633461056b134f656b6607ab823695a3fc08c5ec2b1a796adc06fa446b73a92674d90f87e52d0ab1875b461483b3b045a594bdd40d704913c535ccd542175284fd55e98243bd7bec5d614fa306c5170c599e8bcd02e3616d46a7b12104d3a3b49b73ed7e71e9bb4b371df04dcc26de15c0f9b64e0131d3d1de499cd79256da5ea2189a4a2ef333911b77a1dfacf145939e64939fd7e0a8d0eca6f62d48b4b39aa8adc7668b4e63076ffa092cb4cbc37e23fe55513f30f8a65c8636962c43b137a18b8f24bdb262c04860b996a0ff0df638a2ac51d8a678bb573f38c201d024a08e00e1ca6d54552511f1ab28efbd542490301b8a0597fc467536eed0bd301f0da1d414f4d799fb39c9a85771c6be2f0626f75bc53e72606acfd4d78e2ec480fd90947048b52db997baa3175d0fbe3426a29af6cf12b13b53efaa47a91eefc7567abea6f06954f43ab3c6167eee373a22270f2283d1b382b64095b5e7d91effc2f580e0730c52a322605c0b8b677273c123e868a9ded3fbbefffe1c729ece41928f141c184ea36e0fb432b33fad2066cbb342ce24bbbcee742b2ce6fc03e5fa92a884d7343117b63c3c28f6a16d857141fe9e0cb0f5133e18d19078b3da6a4d99c1a4dd8c69464339155d872f2a56202a9d30201e77ff12c1ad2143132071c50ef707a28598fe4a99ab99904c7fbfa63422198feb62821d8b1db64506b03df482ca5dd9aa6bca49dca6bb3b7bf58a2ac37ec420e33d526fbb794117b04174eadcf17c3d5d8af540e15baaba89cb443e9deda32002288ab8cd004111e8d0369ac2e429c24636ea7ef773e368d08c7401426ba731db5d863464f11b0a20f95adb9e5688148e972118ed1c4840381e6ec1fccbbb6d0b8e85bd7f295aa076fe1099e89a336f4ed6e984821a4512a0264e14e7264de8298998b733458007f55700a563209cc411e137a84cd67acfecc11af254313451d9179284fce3ee49fb74103a0db4ec1d7d99b05e7535c1de45d9b87f0d9378f2dfbe3c182183b235198505b4c242387b4e12aa902d384e00f005660464738aa7796641cf3640a1c7d901325a4ee1ea801a3ac58a8d8527e2f9d173bb18811fae18da6371a662dd5167bfa7c1cc4e0ee9de969f12b71b32d7b8b04f6b237f9ecd150402b19820936dbc5aefe4cd9ece6d8e577eb0cabfab6a00a5255a2af2ffb4c7dd3230f32d62b42600ac81", 0x1000}, {&(0x7f0000001180)="809c097559bffe0d488dd1de28600195b24d5300f78ce8", 0x17}, {&(0x7f00000011c0)="d66efc9e6c52913b032238471c772341b8af3533373b83910281ff123c742d61ef318feea48fa5cd3d527e7dd36bfa5bfff62c9222cc72432096c564ede8e28b62a80bc1dde7d411a85d2cbab5e559ee79b16de8d15df51d95fb50946f5e7352337c141b4a0f22af9041822c4bcd5436f1e33aebd06704105d370a001fbb5a1e4a04d6fff8ace84bbfd8901c7d0c5f3743345f727359edee9a762e78de5b1dfedabd631e0d7dbc5eac185f1e9d8604ea0c7cbddfd15ffc6f2d60dda860c0d95f46f829755e632a212466144e9b5c32b1dfec7b002307e72dbad010740ace8104b21a3d9aa82588cba91f92270ed7af68dea9b12b", 0xf4}, {&(0x7f00000012c0)}, {&(0x7f0000001300)="63d95ce414383f25f8cf46c904527ed310d74941d9e7927d7da1b23b3c59f5b13e2cadf1151db9342989e5cff61b6545d7386b7e09b05795", 0x38}, {&(0x7f0000001340)="a591311036d7a99bd8b2e2c487057bf8510830795587d1b7b8de52093022c48017ccbea8a3411c36e2e93adf40fa6578c207d16c90656c6ce4d5178aa486f35acb2902715d0bd91ada3a60914e5c2c49e3df4ff104c9223e6eb34df536290b0c1fc8532ae13a24d66b151961faa932b844998028450a6c33278cee", 0x7b}], 0x6, 0x0) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000040)=0x0) waitid(0x1, r2, &(0x7f0000000080), 0x1000004, &(0x7f00000000c0)) sendto$inet(r1, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:43 executing program 2: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r1) 2018/04/09 20:47:43 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603cac00e0fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:43 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(0xffffffffffffffff, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {r1, 0x3b, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) [ 176.351384] binder: 15489:15501 ioctl 40046207 0 returned -16 [ 176.372833] binder: undelivered TRANSACTION_ERROR: 29201 [ 176.379911] binder: 15489:15512 transaction failed 29189/-22, size 40-8 line 2848 2018/04/09 20:47:43 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) ioctl(r0, 0x80000001, &(0x7f0000000080)="c04b8780892bc667780679dc97fec8f6d23cd21a5f03132f37efd10942b86364e68d9cdb2ea75adc30d802efd449e753bbe3e2c891dcc99b9c8c4b3582293394ee16939384b59c6e") write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000500)=ANY=[], 0x0) 2018/04/09 20:47:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0xfe08, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) r1 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x126832e8, 0xc0100) setsockopt$bt_l2cap_L2CAP_CONNINFO(r1, 0x6, 0x2, &(0x7f0000000040)={0x5, 0x8, 0x80000000, 0x2}, 0x6) 2018/04/09 20:47:43 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603cadd020fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 176.449671] dccp_xmit_packet: Payload too large (65423) for featneg. [ 176.485407] binder: undelivered TRANSACTION_ERROR: 29189 [ 176.492303] binder: undelivered TRANSACTION_ERROR: 29201 [ 176.513727] dccp_xmit_packet: Payload too large (65423) for featneg. [ 176.544284] binder: 15534:15536 got transaction with invalid offsets ptr [ 176.558977] binder: 15534:15536 transaction failed 29201/-14, size 40-8 line 2991 [ 176.583471] binder: BINDER_SET_CONTEXT_MGR already set [ 176.606660] binder: 15534:15539 ioctl 40046207 0 returned -16 [ 176.613434] binder_alloc: 15534: binder_alloc_buf, no vma [ 176.613671] binder: 15534:15541 unknown command 0 [ 176.619107] binder: 15534:15536 transaction failed 29189/-3, size 40-8 line 2963 [ 176.624491] binder: 15534:15541 ioctl c0306201 20000280 returned -22 [ 176.652667] binder: undelivered TRANSACTION_ERROR: 29189 [ 176.658335] binder: undelivered TRANSACTION_ERROR: 29201 [ 177.249220] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:44 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="00000000180000fa0000000000000000236c2f47668e4e7ae4c7c1a8ef66fb7c55f447b0c755864c53c0093dde4c2b140a", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="3f01000000000000"], 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) 2018/04/09 20:47:44 executing program 2: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r1) 2018/04/09 20:47:44 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0x0, 0x800) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) getpid() ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00 ', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cgroup.controllers\x00', 0x0, 0x0) ioctl$PIO_UNIMAPCLR(r1, 0x4b68, &(0x7f0000000080)={0x4, 0x0, 0x1}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0563041b74b84000000000"], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:44 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {0xffffffff, 0x3b, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) 2018/04/09 20:47:44 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x0, 0x0) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:44 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca0ec00fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:44 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0x0) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:44 executing program 5: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000380)=@destroy_id={0x1, 0x10, 0xfa00, {&(0x7f00000004c0), r1}}, 0x18) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = accept(r2, &(0x7f0000000100)=@pppoe={0x0, 0x0, {0x0, @local}}, &(0x7f0000000180)=0x80) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f00000001c0)={0x2, @multicast2=0xe0000002, 0x4e21, 0x1, 'dh\x00', 0x1, 0x81, 0x2f}, 0x2c) ioctl$sock_SIOCDELDLCI(r3, 0x8981, &(0x7f0000000080)={'syzkaller1\x00', 0x1}) ioctl$sock_inet_SIOCGIFADDR(r2, 0x8915, &(0x7f00000000c0)={'dummy0\x00', {0x2, 0x4e23, @multicast1=0xe0000001}}) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x40, 0x0) syz_mount_image$msdos(&(0x7f0000000200)='msdos\x00', &(0x7f0000000240)='./file0\x00', 0x2, 0x5, &(0x7f0000000440)=[{&(0x7f0000000500)="3c4d27c1a0744f4aa306e1a1b99f873f18227cf3611f4a945b0f6824e916346389ccf06b136fb534e6805485bf55e68025547d7f4963264fe20cc4245fc0300f6d25b55dcf123c6099758fb415b58d26f5707116f57e8bbe21fe56820dd32a0b23c2faa80a5408be67325bed68d6590d0e0db1769ef4024401b799313ed798f0e1842781a140ee60fd9d1520edd2a59a1335799be924ad113e85714cd2aad452ae608fe0a3b1aca863b0eda2a95fb45f2da60b0b0b20da21798d363eed1b31027a48d0801653be22ae9bf0736a8c400b8f06d5c171bf0ebd570a51e407d5f49198d5177800674553db466873b7b8d760c1ba0d203054c49ebe64f67ef12dc1eebd1136df577e26368ae6bff814ddf0456d492a8fc9158a177ceecdd80d1f0e843f66d2910531d4f053a25920817796860cb0f5c9d2aaae133aa4f6a584ddb28edd9e9b9a6a188b5c0d9996994502bab172ce3d184c750f1c0d43af0e47f4533faed876bafcaba7dc3c9105b12625569a7eb67c70e828a819418cd9bd514a59a8284722d0ecdeb3517eafa0ad6c2ba0611fc2f6039f5f7d7e3af14b8f213d7d4f098dce14016dfe955b212c1333690d1f243236f35e7a330bcf3c0e06e80d55e862d771558f004bec5e798f524e32f7dc532ad1aa6248ab9b88bfebdd5e14de66b2e6df16f70fc913866dab5be7ea59428f0d167fa43328411a9ec4dd39f3d963dcca4df11afff1c4b329801ece623a00800e6f1d3b74b963fdb042f7ec884f3b8010df026f09881e52af397f963440bae967246bdf1d72b49a9e73c5a5aeb386c2afb18e11eeb72314e217a723bcf4d5ee8a9c7f1dd923203a94d9d84fc01ff7ff9a8fde8d9cbfb323eee569adce336c612acbd7d9474002eba4b6efc75a88e0676f228fe09d5d8f999512991337cb7ffca6c66b33122e955d42d3ff6d9c3b0d86d51fc615dbbf17f4caa56145af6473bf7ba4c4928c2b1f94b1a339e65e7530e21fdb404766399b3d2b2977dd421a63f6134e104a92454da4f7abce29e723d9617bab72ea51a8a8399ee0d8b004aef29b2c81c93aa4210799f8b97e05bb3d08a31fedba3151db8cf208406d3ded520709e8d65911f5216b52ea686d3aff64b449518e8570fa9668feed24ac842d94df4256d150c27ec6e029a39340558bc5d99000df24d324714dfa02112b7e7c0f7441cfd0e1e2d58d75880a6109d5e4aab2e72469f3fd4310ae06fa8ceeb540058c412a2958f318b43ba1f0c7f289bc5273d234bcd109ad3793a544c437665ee195905c38f43a8eb19833903b9677c5c6a81d98403183bf6e3b2ff4dc1901284eaddbc4ed6b3b24f8cd5ba3d8ec5698ee134b3535a1703a6967b19a63ca5e3cf9f4e75e90c369f07f7b2817e97bc236ea43aa18e33aeefde3c3fc44a517fac948429b587f4ad268d0e299852d01162e53b7806a408336393a7c28c50bede713db623bd9124b35655cabc8000e287a92d6b5de7b3e665a5de27fe5e23cb7a032dcb8de1afbf1cd1b961f27eacb83c0639346c5226cc8608b924d4ed4fe7b2aafcd54e6a7808357fb668becbee04b1e57e0eb3f8fc0ebe1d49a409f08292f6b10e52bc05641a568b7a70d5f49f27976057c859c202c99627c3606ebdb705d27c9773cdaf69f9bee7b62d231190a6ae51ae5a34542eb49e3f1b2c57a4b375e536b9bb433b9185e0ba6dfa9cf09cc2bd9201f4e486ba27b07fbd81cbc400d86ba8a044f3d170d0fe8b03c550c67892a24e71d606309ee7060c77f19113bb1fcb28eb5e7e97183174c1c934106cf4412b435d6cf17ba1e94269280c4ac3fe673b07aa11333242fd3106259cf2eccfff24b5c43bd81161a59b26f019ad7f278eb6a95f5cdc82c8b88f89faa877791b0669ec30b3d338a8de64275c4d0be07c37b886f562f7247eba76d81932b450752043668b87073d461b1d4338858942d2c1d39705ee9d415e8d2e10240ec2b0876632ecfc52e7c4edbb2a0fe20a6fb83f676a60ae5bedb6e70ee17285d60aa7f1bc5e8eda3073cb91b73c060c95cd5434488e7f48f26731624cd1e70673ad0db550d43fe1d82d99cad15a21b55e6a35cf7826cdead617972c39693bb377a0c833396420dfdd784fae816bc1f43e29ad19ff089057dadbd9cfd28fe115fb3a94dd128c17836d3802aa306d6bb58c235e2e9453b03e2b29305265ab91f5fdb68852c3d0b9e8ded4868c59f0d79ca0a6991965e2e45502a1b11da834932eb29b1c06d3a2255d8a0e5ac677a86dc63a7cc1ca9aa2fe706a695b2d4604f12575e55eb09d9aadb27d69ab3cb22e0a8fdbcf151f53a1711caf3498520971731de5059a256a6af0f253d65137b4230c38126ce67bf16950b87a349773fa9ce361e4790c607b7da3a51abe04837d07aa976ab34a9fa4675b64289aebd3d736f26ecb61bb58e62e0c7e0ceb5340106a2b8b10743f90bc01d2929ded91b4215cd4929b42f96d56d88e8634981a50b2513cac222557de15b60b949d7cd2395d7921ff175fba43b840b6ea9c3efa8e5e01ab1d7daffe1ac24945d2d698c9888aeadb56528cb010ec2665b512b1d36802d56913b1b1c750be7c710eecb055577ad4f49ced672f2bcbb454ca5b4330a813a4bc94bfc6462bd1fc8d83dc21269c4b497191d6977102f5ddf06b61d60b447fbf3cfd7049e3c5eb9544bee5afac986db8439772c89f04340965bcf4b0a64dfd20618cbb542d18ec13ba5dcee6af09c73e2db4bf9b77fcd5ed9a148bb2dd75d821e9307dc4f53428f26306ac4f2ccefa4520ed5bbb387ae31ae2d26b65e106f12a6f77f80e347d3c7d33fb1b5e39e07e208e2a5dc0fb95d3a90e258a52cb5cee214edf02437250d7c786da73fb8f294224e712a6ca17143c94903c08691e89756385c7bc7b83f2d23799b951dd91476045181eba7b654eff023b1e006063aae2ac9029b0884c3847aa013bcca9de1cd14e98d0b489f500b4df5c4e772c5ee6c34cd932c68a711e345c1c3f963503132804caa7df54a368b7f98ffabbdecb56f9a6ff0dc524c60566a61c2b84a23860f001a52ab4089ca796a58e13937c3c06893554e44e0bd204e7286e786ea5de4e82904f1427d76b00cb0161446c29bd16b235045821715602afd46df47de6e0238ad9576f25cc8582cec6b4e070477beeed04d50cbc70da8c2c5427921703c7ea786438548d82339ee83d7f87d16c95fe137a68a087344cfd0f3451786a21c6c5e9c19333580ea3edce7b7c9188887efc20fccc51d5f159cb7b8808b8d6f43cf5b067c2413977d46a10eea59694b51da1a18bd02882fa1c1140d194c8fb92249507c74f3b6cb9f5a300c63045d3d70a807e0deacb060c580ac6b073e9cb5965bc5ff54bf08270de396eeb36b86e90b36124c3124857cd6f65b1fdcc669385675631d50d418a8545a22bcc5b3edd681a4b46592566ec8b594b2407b46ad3f8d3b6db8dd2325b7d37adb94be2b9bbaf4df1f33f250eea7e033d0d58954d6592b5f85023c6daff92844be0903fdfda793b5fd2b7c6c7a9099271281385aa801cefe997209c47c54b750e9582111c42bd41b50ae9e0f3b8ba9b1fa2929b4e7e70665d2c312f183c0f2122daa948dd3b47a7aef7c30200f84d42cce0318218e0b547793151da281d0e7c3cd66e5a642eb7fb2e102fefca5f6de500e744d9c0f4de959bd23fb62de98e9fffba5f072f1bc6ef02c64696417eef0acd6a97a0b44152f05cb5652091852d1084af56ec7c52d9e2db1fe5ccf86c0663b060f89488860fd813a63ce1dcc3bd0c6e67ed1bccd707204a02d1febdd9d6bd8d5c3d0817e8bb84eb89ef39d9e0d18c1e2a70563b9732dfa703b4b098cccc9b7bf9d58b78eebeb275f6cde6f4538dd6bb269d43411c30e9bfaf5f219bffb5a7eaf1fccbc47212ea2b6187e27ad045b13926a6272916cc23791eec14ea53a7406c26f40a7fc2210bd44559fe18cb13bb662113e6f7682b972882209950999201c0f738adb6c41b7b22784f3227dd8dd011939511f2606c94347e165e8698e79a98910df06167e692739258746d4c830ccd4e56dcab2d8acca9164ae04d62267b9f340bd76140e29cc8c45979ee5012dcd948d739293cb04f214981b6f682eee89c1ca81fc3708fdfa332e226f660307074af169f394da3b189af865574d6efce5d300ca6175efb9c2801421d6b77df79ce539c82dbfef33bf2f974aa3fe648dc42de9e6a1184fcef3f9c4fa54309ab05fa57308dfa19a21fd74919063eb1c2f398b8f2f3e6c683872b84aca0bc114567c3b74d3ba92c9c5e208486eecf062980e540db110b11fa72fef6f12e60579b4509b819bdc61f10130f037a58d886ce50b8bec6514c8a1e23f74c590b88e32dddf2612708783fff7b5dda4f16eb317ffef825293fa21f50463b650a5e13d20de6302ab22a432eb9abad5d735c3d17e7a2bf6fd9954b2b93d7f8ea35632c4c834956387ce902b8e881849bd66a723b92efbd1acaf019ee8439807313a9c404ff2bcf0a670c3e7b7bbdefc322ac7664554167c988d78417d33f93b965a44ef366df78ac373bc1de4dfe527ea7838c5a829cd4560440c42eef4ff1582a162f6cf6dd8ba9bb1abcfb67d80f15593811497d6b76f2fbc903f9f1c5c6142af5d9ebce215b85c4bfdaedf6dd8a0d836a8a82ced2b400bf651454a177e80fce60dfa08247ab559706a83de19176b3b799fb3ce3074eef3382ac74d18619ccea6ebc666d898755f2077d8d73ddc3467de50b3e9b08dfef3cfb8a9b1a2aecd5bcc9e720f2a915ae4c42467e32c9652779e4b1cb227a1d342531ec642a8df1074b8c1750d34dd3d356c10d76b2bc6a297395fcbe5e54408ed633ad2e241b09d3ddfe47f01ba483422ccd607682b8a796c1aa32ab9f87ccccfad874151def4048478ff8f961228fce9634050ee48c45de99b306756f06038473a88ca47b06c2bbf895d39f275bd5bb8f3d7d847e1089731f10a91e5592ea23b98e8b4ccb0b1ae13c5fa851c9e20a8d923506a7ab7b654c799fccb9ba2b51683bec1ec68a2ededc1afed259fc8d3640839b540790a4716caa0e47188cd51639cfa88ba51d112db658faa3a632dd6e7f6d2dac4e94b8cf22d329207f59f6427a49e8ddf114af526ff729f640a65ec02d1ad62816e94aaf73c48bc010a1d7e9e0bf475430e131c05645ea4c4d103c2226e1eb40fc7729916b602412e5a19c0c9a24a35b2baaaa08b324fc791a9c40c577975e63aca971e548fab93fb7ef13c9ac81dedcb0ccbe2db1f4e58c4091dfa27ee74df72dc0cb3cc3947497e0ac20925963e15f98e6dd668b31b5ff99beb53e806d865165360fa299266ac1668ee466a0aba91c01be0e83ad2ce325a84a149d513fe7f9f70abade3d9db2b40d9331bb8365164ce9e74f34daf0b893338922c798a3fdca5cc4dc9d865f974954f6d0d33a9157ca4347820c9b82d96b4df6087ec1548c93f37d1c2686fe7a441101a9d06a387127ae146accfa28ad04eea0b57c172a24c6d4deaebcd5ca71acc5135a6f7f823f3ac99ed15a7dd4943c42585d2d70f7678535d267e577f041172f545f1b55b99e60228290f67bda1c9a707f28e20e91a220def97df076a8303b04236c3ff26321e98dd78657a212e1da225104b215eed84d0f7a21d5a7a6a6a0aebaaf03d7a0c3a221bbb1c2885fbbc56b3e7ff3e92a616812555106ea113e745dfe0f4414b41ab485803fd370976e6add1b0236936e1c1f9eca559555575f8ec53006d19829a40d17e65af315bd96bc252012f051c77a25216", 0x1000, 0x1}, {&(0x7f0000000280)="e02399cb74b31209235538798961c333660a0cc9c62680edc3853d1051bbc2bf7b0d0e03c385fdfd96efe880d62d6a6cc1e031c37629f4f28d31979b73699e566bf0a022da7f338eb40f3bd7ad7c4accba94249aaf30ae636cb7e104df47c1bbcc9276e96fd29730c9257001e4e6293e75a0", 0x72, 0x8000}, {&(0x7f00000003c0)="b51b3d9a4fa9be476b1a33be77fa3358e4bdde7a0ae70d162e3895ad88b48d2d8870a1c3dd2f27bfa3af5716d33193e414a882b81e2f3b0daecc5e5c2f1c0295b4d2d22bc62a177073b0a288c8", 0x4d, 0xfffffffffffffffc}, {&(0x7f0000001500)="69a5900aeb376eb7327b75e076588de29c71659f0e4aeb8723accdc5ce8079a4ad3a02094e285b8d620d1ddd3232e978a55775845b27c543317131c0edcb85f948da0ecc7781d14d19295c8350620bf00eda9c555177d480b84009a36e77e220ed1c431c57e316c1049d6d419ccb5ab159aa45f4fbeafac88dc2900125e54b7ff3d28efe1d19ac1a5bd85b02d9133da6f1df1b28a25844c4ac5297e5d7abbc0ddd759b2c1a63feb79cd7689be8d871cb8a6a4f8f3ed2d16f9aaf3e17f9", 0xbd, 0x98a5}, {&(0x7f00000015c0)="d50ae4471e43b21a8695d63943bd2631b8a0354e7b422f4deb06a255ad927bbecd8e278eb9626b2786ca912581ff6327f74231442ba51c8f73f56e320afe939abcaad648680ccd4bc6c01ae8c7cdeb5da0d6cb59ee45f179bbff3e9675ea2fa8d80cf4a470e228fae30fb726acf98ba268c78528d8fa5bb7e535fc0a5d839ab96c5ab39686d15b6c98e08db9eec0b8cd13f862816081876b81d6bcac4c78bbadb542b12caefdc3cc5819d96f43897066b002d61bd3f1ce27331d1bfd47230006716be0d9f3d202cd2bf2d3f527c992cdbe237f2e937b627501da58ea28f1697ec4b270d8d5f529667ecc5883a930dde8fcb532c6501bbe06db374b4a8153b4fbc56228e1d6b26dee5c1ed68f33eb79acc064bff382f5f02f64534f6b5ede6c57df1b0dec2f7f22760fa7d334cb96014d56fe584dfebb465250c53f31f1aee7ec5d55137ffa47e2b6df1db3b59e24315112b7de2e2d25eb4855aece3016ff6299e65463f8e15ee7b556eb27fe3a2542467c099fd9b81865e119134bc5d47958e7d285ca1addabcc867e104c6c7e0e252282c52bdf5d671419d53d7097a5252f6fff8f6d42f8b80f6a08f33c5bba976343d1610f76fb2f76687a921be3bd6be5fdc9be1fb34e05db47cc8b929f596ee94438e39ca0c6bf57fb1506009f6ca99be0e6e780037ff5875283db77ad3ca0c5e93605bb14464cd749549a1075da8d469eed992274631c767060867c40466b4d7d8887f32907bcfdede12fadd5ad4c98930899bfc1cd96339720446f770eb622310432b3f2c4da3b2f538542004f2f95b9e92d66f335d72c12ddbb15cf6fc37f57860d942a797f05ab217db07d54cbb1065cf6fefc72df4071dd2ce711ee3d311a391ba2df3a10acd3bcf840d590b5e30fd5a497593b243fecabaa38ccc438a1502a04caf5c0f93a407bed42566a11a8e1cd580d93eb2ab2dbd9f02538659183cf46cae85c88e932ca6a468ab246e9403b4fc6068059242a5a7731b9c7dc490e4dc54ee7f8aea9bcc17cc996f022f328559eeb7a2271222bf0dba3bfef602576aed84868e085066109293f87c425f74e7a2be8326a120a192f622e0a53ff4af3f7a1c3b5f5663143aa8d7b83c4634672bfe86961e7fc098929dfb424d59f3f1a56b787c8533d2f0b3472782e97687734e7e3740a88e7ee41b9fcac08ec302c17916e1bf4b60ff4dd08492906962224be45b9aeef6bdde66d62c9f80de369cd77716a1bea81f2620fa5c42d9745ef5a9410354708d25e5c86bb7a8f2d0b6b92023a0e2df19515827690b2eadc297bab25fea63d83c43da2b01a5d2fa2e07b9b63bb99ab863ab9d6730889a8213c38c72a6924aac3c9bb709f88b59144c4d78830bd45ef9fbe98bf05446dc2f68e413530e1d28f69c4a37a303bd1c93514fe4815aa1ac9cad78a863b012e4c3b65158f95753e468b6099947169fc659b425b893a1fdb3b5f2e99887293c27e11c8bfe448bdb5c07703fb41781035201adc324d8aaaa3840927a653059f2fe054917e3b20003d378a4748c4828e10e9256a382d606bec9e8951d5bf3896540c21e37976cb052a919057d385653e8ec6694c0170a147cdadd8f627dad34f9176cdba3001617f0b2addb71725fa30e933a5a6fb128b9843e93acdad998cd941bd8f7c3b004bec677421276d4194534cc7ba4cedfb03ab0c3a67fc43424dd1970eadf6ab2ca2c0b197a8f81af947503471b90f7969e16485c789fdd967435b81f566d57abb980561dc49dbe2d8abb1eea68ebbc7e2855ae69c8529bedebbac2814209f26a629e202285db6023c6215f15484a0f7995fdb4026a3134acb5edbb08718e12b9cc58ae6e2bbb952c4e3eac57c45ee11ce320d0b9cb825adb802f5d9cb103dd05aa229951da77b49d244e043efd0b4b6f5eaf849a6180f4eaaceabce98ad4b6286a88c531f089b5beeee9bc55e60202e6c6d6cc8e087f6891730f3b9128acd9373308ab02e94d4ffb104b304b64c6dfa4a571906d37d1be723596ca818cb0e1d30f96f0d4d7121bbef52898549a9bfa95292ba085b2b301c4b4ade7c525ddc70ac40bd5afba644e3b0a417caa5f216c4239e0ddc9b199a5b2a9f0c7eccb7a96a0e7a17ac8d9ae75a5f23beeaaf01d2677df5a63253725e5e58685d9bcad00966ece12b986961c2cc6ef819dbcbf49b3b8961c28e8963168c7544ecbd1291bc672103838503ef5e83e954146df44cef695c590a7a86a05378570850acbc0a862441af059c75615ba0ddf3d4be0ee00e85e604bdf260f4310285d4722d7e55e5434b6b283fd406b1a4bf13cb1169da09d49da684c7b24da223ce82b119d6272005762a222c40e3823701276514d4efbc1a1d1ed30fba553b28045134935848caa81a4b9550911ac6df69b16a56ce82033c7e9be60d969e46e1f385a796a72d22357458bd4b98b3feb68189d8a4e69f5f4d12f30d6a33f2ce1fb700368e975f221825a2a937b95331bf555a89402372b3bcf6a6bd01e65b4780e739647b792c3cd3b3695d1a537be0a0f3acb4255617bd046a98ed66ff66a4051a40902889c1a0c8de4a135a36827e10d4c6795d77220a264986884b0e01c9c5c644d50ad4cac6ab0161bbe7c362832b2408f7f63b77d269a99c96a2219e1f395c891ce8dfae06b5afc807e55016f76e649ac6c6b21f4c7fa327ab4ee2e7517c039bc3522a4b06a599278c66836ba06706b8472d5ec538ee378335bfe565913a3af701312412bf17bc46b3f1b6369f0d6ce59424630dfebf9213943b69a16970ae158002041ae48ae40aee061631fa35cf8f4a06f7c85b8fa3e0209dd38e3c16e67542eb2fb332d37e9da43bff07f280246b04edda055a6d703ea97db4d43a5419c203a10b328fe3b565b30a72071636d370bfae2538d58f656d72b94684972bead12907823288694527f3e90d444a55aa310a351a9f85c366eb26af74d0dda8afe1444514218c19a0613216e5f55b28e8842f850ba63144a0a7940e5a22c0dc9482a4c2c744debe4ad534ff03e46a8e317665e7dd7bea90177257904866a36cb35057d8576f876e8226acaf3e406a3bd01708b89e19b462ffa4a21306d7e3f77057650338e5e9799e3c20ab2040066e2e0eb60f113398a51c793913e6e83924e2de13137949514a2abb5368421a4528847927e9dc0eef813068d2a154b955c9b781a8212d17cdd1bac60d618155c63e3d4c8917daebce50f152ac5f913b2ff7d158fe5c35a5ad75b8058f3b987ab4a3058319d2230f6e0e7e9c7349a9b9e90abc7a0766db486e49e722b90b6c443b19b4c3750fa7e1809b5d529226dbdb640255e0c0a2953cb8ab661022e002a5903303392168b8c8dd82bf5d6218712c7543614c00a8b1487ae4aefdc2e88a3ac2b38849a7fbd984494857383b3466a7e985cec29eeea97e43c8da2bcd8d12c67677322caecffb6295d1f50a71bab007063180a621dc8264c5b6c4ba8b65758a030800674ea07a0a4e931634de42493f7a62f84af795be17e9476e235f8929dd579dbfa8a5c533c6c8f471d609354f939749c347cb5134e2b489a9bcce550cf4205c82ffae07e765060455ef85f2c7129001353e7dad2999038a97a443639531499bdc667c626a346540884d40f8dc01ea62b985861ded089952186da2897ba4efb9990780fe2e36d8112a08c08c99a95b218ef7aea4c2d9b4fe38028e922dce5b886d59cd9ba7efaa28ea108dd6b53cf9a9f606da2d9a48ab93e77368d520886349b421fb25e187d7e05120b7086d2165ad84b151292e61ee8f704a214978b1fd93b6d9f7b88e2f41a9b301da415df06f26587772c3f0877c3532272157b00c30eeb6af2c2d83b4a9655e59c9e6883566988aa52a15e558c999684b34e226b4ceacd95d32d410a9a801bac5b4a7f0cd490aee1781fd34ba354b1a1e864876bacf6860cc00696be945b32d4bcfd52df0ec91b3e702e7edd0dfa541759ba533cd80be10ec4e8ee1c13f1f04d0b8294bce562b7af07af6acbb7e90fbdcb5821322296edce06f622bdc8ac9bbea0ef743d06ea63a4128ae16fc0892d7386941e160e8986e170e88909029a650e46120cd5dc52de06cb603405565632d7a4b255169e0ff2d0fd9fe3d09562a305abd118f099220c4bb87d66e50d1bf020b2b234da83a1971fac1f80baefc4be20270fd24dcb35274777b8df547daa8bad5e1dde7ee24725f7adf2a8bce093c9295409384264f913bb658de76fd985763204153204ae8eee131a0049a2fa120d1a47f9b8a10399c6e774cdb525471822c8852c76e67447c379ce67c60c98b2a558cd8364f7cec4f0f82a983ce309f096db9b1445f30f8edf902887df23b64f5da20b7e4e5ae30780907820da6ca09ad42645ae206a36c16d320b5adbc75aff06705110516aa6bedb6a732a445df6533868a401aeb632cf0a5e9480f131d005e825d2b305371621ed7ebc53822931bc04a9447f75216f9a2935dcf2037a696eeb06e7328263ccc9985b32cc607d75c6e97d3e438b67ec22b2745bab60d4661fcc7c397c5cda8cac9101f9f83d1c0ad354e70949ecb806520ac4212237d9f6fc5b848ac961ae1971a793aa77a733662f1affa6b611be86f03b236dc3a654dddea771a29ae7486f86da0335bce6688be116bf3edf84c87a3f076662fdb0a94fe258407c9b0b7dd8d9df3aa60d703dcffbe5277e488437f6ba2ff3bb02c377796fd62369f397ac5c8829223186dd6bbd5cd400f02dd99b35a09d63bdc92b64eccc473f70b4aaf50ae5b2d541eea67f2c0ca0eed4d88c0e513ccbab7119d8d8a93937f565f6e0bd7f5e0d8a8d035e0f3c242d31d035efed430720a267aa6fa61b3209103bd93c6a94174920e537bdcb53692ca66f0864a50aba87af51558a291a01759a5ca27092425fd6d50f3d0b216d8393431047926b54138e01fa83014fb66fe19af9162fb91ad458c63455279e2039d40036dfe00fae1c4295238e583c960924b6d0cfa6aad0833bf3a0d4a8a360de0f5a33e7657af9f6967612b667d63d4a014dcf112d500da1867f2f32523e53db8fa65e4b19edb4fed18d3d5eba50d189154920a68ae9311a759571a262acfcff91ea489c08463b4aab43327b29c77dca671c0aa8ceed350c98123162fe727d1f84cc6be7ab2f4cce6f814d17fb4f31c1657e7249d05ac34224f633ae0ce2d94004c309bbf9f03c4eee26025c27145e89c628b02e80d2f4d397a8c332171030ff684ece5c43633bf159548bb10f18ba69e97dc6c0731b63e6150ac995b3808c527a29ac0b58b3615cae6b66006edb3745b96606258ea88d31824a557cac430bcb19260a7e478f43341a35b847cf810d0b40bb32b943acd94667756193fbcdf37f8652fa6c2782dd92f7879f11a91ec33d5a38c680b1e2178b08907e5fd272a982211a97abd933a20875a791670c592abf500a7fcfe9236f6c828bf4e482208fec88cbff425501e96c4de35917f7408b946144753fe467cd055dd0f028d3a5a8848995fb8f71492c3c72fb1ff21c4e54c55ff167776574091c09058ebd45cb3b26e8e3c70671d704f345eff907158642bf637ec69158568865711fbcdfb7e461229ab64699b9c68382474571fe9703ec882ed90379415e58eed6ab3322302b156b58be5642cec4483f819614a27e5cb9b447e0108cb8d8016ed72b7ec41f9b0f5477899be612c1bfbde3e9f4c512c77514db450f36e8dba69c54ff7d760322fa29a1afb3a76e5e5750e5c8dafbcd15df7919d3057afe79d2a47806b4aa4306a256706a805", 0x1000, 0x7}], 0x1000400, &(0x7f00000025c0)={[{@gid={'gid', 0x3d, [0x32]}, 0x2c}]}) [ 177.335834] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop2. [ 177.422626] binder_alloc: 15575: binder_alloc_buf size 2305843009213694000 failed, no address space [ 177.431923] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 177.440854] binder: 15575:15578 transaction failed 29201/-28, size 40-2305843009213693960 line 2963 [ 177.452557] binder: BINDER_SET_CONTEXT_MGR already set [ 177.457979] binder: 15575:15586 ioctl 40046207 0 returned -16 [ 177.466497] FAT-fs (loop5): invalid media value (0x26) [ 177.471849] FAT-fs (loop5): Can't find a valid FAT filesystem [ 177.477518] binder_alloc: 15575: binder_alloc_buf, no vma [ 177.483384] binder: 15575:15586 transaction failed 29189/-3, size 40-2305843009213693960 line 2963 [ 177.537520] binder: undelivered TRANSACTION_ERROR: 29189 [ 177.543358] binder: undelivered TRANSACTION_ERROR: 29201 [ 178.329275] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop2. 2018/04/09 20:47:45 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {0xffffffff, 0x3b, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) 2018/04/09 20:47:45 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000640)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="00000000180000fa0000000000000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB=';\f\x00\x00\x00\x00\x00\x00'], 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x402100, 0x0) r2 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0xa1, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffff9c, 0x84, 0x6, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e23, @local={0xac, 0x14, 0x14, 0xaa}}}}, &(0x7f0000000080)=0x84) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f00000000c0)={0x800, 0x4, 0x8, 0xff, r3}, &(0x7f0000000440)=0x10) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f0000000480)) 2018/04/09 20:47:45 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00ff0fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:45 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0xb8, 0x800) close(r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) read(r0, &(0x7f0000000000)=""/36, 0x24) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x1d0, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:45 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000000, 0x10, r0, 0x29) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000040)=[@increfs_done={0x40106308, r1, 0x1}], 0x71, 0x0, &(0x7f0000000080)="904261df483ddaf25862829a01f8b246e2c62dcecb94d15879b0c465a40be2cef1b400dbc6afd3204411f195db322813a0d41a138563f99f6e5b848476cbc6ba3d1b46c281dc324e8de623667835b7f44c5a302fd6790a9bc8a6aa7acf0836062dbb670736ef7860fa683f1b21d6e46670"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05836c4d060d8ed80e0b"], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:45 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0x0) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:45 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x0, 0x0) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(0xffffffffffffffff) 2018/04/09 20:47:45 executing program 2: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) perf_event_open$cgroup(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240)}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) umount2(&(0x7f0000000200)='./file0\x00', 0x0) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r1) [ 178.382091] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:45 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603caf0000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 178.454748] binder: BINDER_SET_CONTEXT_MGR already set [ 178.464509] binder: 15623:15624 BC_INCREFS_DONE u0000000000000000 node 555 cookie mismatch 0000000000000001 != 0000000000000000 2018/04/09 20:47:45 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000840)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="00000000000000000000c4bc477347ec0a6b5b0ef46adcdf5a00af333ccb998ed9a0d03608128697edaad472ee047818e1b01dc32427d5c5bb54ac2df8819b9248d1fb34205f8771451ff655e6eb4e92acc1e5a5a57a6de07a9e211b5011dd7a151cb6777790f682d2c8e55db827838b27460fbdab218213e9231577921aa489cb7a36867ba156ccbe8fde172ee8277fb56143195a4c2e32a713528966cdb53703d8d9cc2e3b5524f7a031398a61993df31d85cf85139fbe9bfe055a3e0f3b279dfd2fd937be6bfbe709cadd0487b5bf734d225b3b405f45fb9d1919ab8646050fe3bd69f72fd43aa143b1439a0c1c10", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="3f01000000000000"], 0x20) write$rdma_cm(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="29d322cd6075db52c8d61f687383a3e1cdecaa", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00'], 0x18) r2 = syz_open_dev$admmidi(&(0x7f00000003c0)='/dev/admmidi#\x00', 0x7, 0x200200) r3 = msgget(0x3, 0x401) msgctl$IPC_INFO(r3, 0x3, &(0x7f00000005c0)=""/93) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000400)={0x0, 0x8}, &(0x7f0000000540)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f0000000580)={0x9, 0x200, 0xe, 0x5, 0x2593, 0xfffffffffffffffd, 0x0, 0xd01, r4}, 0x20) socketpair$inet(0x2, 0x1, 0x400, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = syz_open_dev$sndpcmp(&(0x7f0000000340)='/dev/snd/pcmC#D#p\x00', 0x0, 0x400000) fchdir(r6) ioctl$RNDADDENTROPY(r7, 0x40085203, &(0x7f0000000380)={0x7, 0x15, "59f59ebfa7b2aaf597bdfcec8d05d42ec31a7ee334"}) r8 = semget(0x0, 0x0, 0x400) semop(r8, &(0x7f00000000c0)=[{0x1, 0xfff, 0x800}], 0x1) ioctl$sock_inet_SIOCGIFADDR(r5, 0x8915, &(0x7f0000000080)={'dummy0\x00', {0x2, 0x4e23, @multicast2=0xe0000002}}) r9 = semget(0x1, 0x2, 0x404) semctl$IPC_INFO(r9, 0x3, 0x3, &(0x7f0000000640)=""/97) 2018/04/09 20:47:45 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {0xffffffff, 0x3b, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) 2018/04/09 20:47:45 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca02000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 178.500824] binder: 15619:15629 ioctl 40046207 0 returned -16 [ 178.512959] binder: 15619:15622 transaction failed 29189/-22, size 40-8 line 2848 2018/04/09 20:47:45 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$midi(&(0x7f0000000100)='/dev/midi#\x00', 0xffffffffffffffdf, 0x43ffd) setsockopt$inet6_opts(r1, 0x29, 0x37, &(0x7f0000000080)=@fragment={0x0, 0x0, 0xf3, 0x5, 0x0, 0x9, 0x65}, 0x8) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000040)) syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:45 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {r1, 0x0, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) [ 178.572720] binder: undelivered TRANSACTION_ERROR: 29189 [ 178.611148] binder: BINDER_SET_CONTEXT_MGR already set 2018/04/09 20:47:45 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca02dd0fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:45 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f00000021c0)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000002180), 0x0, 0x1}}, 0x20) write$rdma_cm(r0, &(0x7f0000003c00)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000003bc0), 0x111, 0x1009}}, 0x20) write$rdma_cm(r0, &(0x7f0000005b00)=@create_id={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000005ac0)={0xffffffff}, 0x111, 0x3}}, 0x20) write$rdma_cm(r0, &(0x7f0000003c40)=@resolve_route={0x4, 0x0, 0xfa00, {r1, 0x2}}, 0xffffff7b) r2 = dup2(r0, r0) getpeername$packet(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000000080)=0x14) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100)}}, 0x18) ioctl$DRM_IOCTL_ADD_BUFS(r2, 0xc0206416, &(0x7f00000000c0)={0x5, 0x1, 0x6, 0x1, 0x4, 0x4}) [ 178.627304] binder: 15651:15652 ioctl 40046207 0 returned -16 [ 178.663675] binder: 15651:15652 got transaction with invalid offsets ptr 2018/04/09 20:47:46 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca0000ffff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 178.691481] binder: 15651:15652 transaction failed 29201/-14, size 40-8 line 2991 [ 178.713425] binder: BINDER_SET_CONTEXT_MGR already set [ 178.719386] binder: 15651:15666 ioctl 40046207 0 returned -16 [ 178.729521] binder: 15651:15652 got transaction with invalid offsets ptr [ 178.737398] binder: 15651:15652 transaction failed 29201/-14, size 40-8 line 2991 [ 178.780546] binder: undelivered TRANSACTION_ERROR: 29201 [ 178.786344] binder: undelivered TRANSACTION_ERROR: 29201 [ 179.244768] binder: 15623:15673 got transaction with invalid offsets ptr [ 179.251784] binder: 15623:15673 transaction failed 29201/-14, size 40-8 line 2991 [ 179.381011] binder: undelivered TRANSACTION_ERROR: 29201 [ 179.420044] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop2. 2018/04/09 20:47:46 executing program 2 (fault-call:6 fault-nth:0): r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(0xffffffffffffffff, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:46 executing program 4: restart_syscall() r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f000001effd)='./file0/file0\x00', r2, &(0x7f0000012ff8)='./file0\x00') syz_fuse_mount(&(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_netrom_SIOCGSTAMP(r2, 0x8906, &(0x7f0000000080)) r3 = accept4$packet(r2, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f00000004c0)=0x14, 0x80800) ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000500)={@mcast2={0xff, 0x2, [], 0x1}, 0x17, r4}) accept4$packet(r3, 0x0, &(0x7f00000003c0), 0x3d897c91360fe5f) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r5, &(0x7f0000d65000)={&(0x7f0000de2ff4)={0x10}, 0xc, &(0x7f0000023000)={&(0x7f0000197000)={0x14, 0x4, 0x1, 0xfffbfffffffffffd}, 0x14}, 0x1}, 0x0) ioctl$sock_netrom_SIOCGSTAMP(0xffffffffffffffff, 0x8906, &(0x7f0000000180)) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x7, &(0x7f00000000c0), 0x0) mkdir(&(0x7f00000000c0)='./file0/file0\x00', 0x2) execve(&(0x7f0000000200)='./file0\x00', &(0x7f00000002c0)=[&(0x7f0000000240)='}$+\x00', &(0x7f0000000280)='ppp1\x00'], &(0x7f0000000380)=[&(0x7f0000000300)="13706f7369785f61636c5f61636365737300", &(0x7f0000000340)='#keyringvboxnet1.vmnet1vboxnet1@@wlan0keyring}^\x00']) ioctl$EVIOCSCLOCKID(r2, 0x400445a0, &(0x7f0000000100)=0x8001) open(&(0x7f0000000140)='./file0\x00', 0x80000, 0x10) sendmsg$nfc_llcp(r2, &(0x7f0000000a00)={&(0x7f0000000400)={0x27, 0x1, 0x2, 0x7, 0xbb, 0x7ff, "86fa2846f3c69a72171862b33a7129022953bce8e8fda3ad2bed7f9f71aba16fb627597196f005310cb9640ad72f2a12ccc1871daf99e59da7058ed099becc", 0xe}, 0x60, &(0x7f0000000980)=[{&(0x7f0000000580)="ca39cb58bed0d4eb343bb1722e7a3f751a0dfc9bc0598ce4dab04de4aace58ca5b3715bed187aecfa8c53649b0949db27c6b8b3849a05ce0f18a58076181630311cc0de32e0bcc4cb49338505daa1e6fd149a0743588bfa5327786dc3bfec483113b28283577675ba0dbc7e369f9eb7ec99899da5e4d6e4fa448763c", 0x7c}, {&(0x7f0000000700)="c6a6bc870831a45de1b430c6c153a232e1552d74c9583dc8468c26c54d9dbb0cb91764a89e63aed96d61c6629ca6953c159f39dcc6281019d841ede3b9d7eff538e0f35c63ec577dbc5c293a8d7c03213ec7425683aadacd40c9b113c5b588d308bc56ce3ab63fb7f3a4da96f0def2356afb49a1", 0x74}, {&(0x7f0000000880)="b2f933ae7aa71a03411b06bb15f668fe297b2155639beb264fbab97fd850cd03270540823aaca6462350c1bb3b4594509321f0761d9e10519756cdfa2a7baf58150377ebfce6a0bf8c36d8c970489771ebd1a35a28607c83fb6fc6e69195fb289574de2d0bdb2b6308d56c874cd8fe65f879d342dd0ebed0240dc95edfb8b3746ccc5a8ad47863fdaeaaf6f9d774c1413a", 0x91}], 0x3, 0x0, 0x0, 0x800}, 0x4000) write$rdma_cm(r0, &(0x7f0000000700)=ANY=[@ANYBLOB="05000000100000fa", @ANYPTR=&(0x7f0000000380)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000006aac17073a912033000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e339b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a70000000000000000000000000000000000000000000000000000000000c7eb19690000000000000000000000000000000000000000"], @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00'], 0x18) 2018/04/09 20:47:46 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca000f0fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:46 executing program 6 (fault-call:2 fault-nth:0): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {r1, 0x0, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) 2018/04/09 20:47:46 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000600), &(0x7f0000000640)=""/255, 0xff, &(0x7f0000000900)={&(0x7f00000007c0)={'wp256-generic\x00'}, &(0x7f0000000800)}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'bcsf0\x00', 0x1}, 0x18) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) perf_event_open$cgroup(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240)}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x3, 0x80000) close(r1) 2018/04/09 20:47:46 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) r1 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a, 0x0}, 0x0, 0x0, 0xfffffffffffffffd) r2 = add_key$keyring(&(0x7f0000000200)='keyring\x00', &(0x7f0000001740)={0x73, 0x79, 0x7a, 0x1}, 0x0, 0x0, 0xfffffffffffffffd) socketpair$inet(0x2, 0xa, 0x10000, &(0x7f0000001840)) keyctl$instantiate_iov(0x14, r1, &(0x7f00000016c0)=[{&(0x7f0000000080)="b7f1ff6bb6c5305cd4a9ac820451a96ae0777dff0672e563b0114de4ff2266ccdd71d488178afdba5931bdf8206cc12cb39af86a7c5cd101d8f7d5ec50c3edad1e22f30fe4e2c57daacdfdb5445a471a306ce18d302ceb", 0x3a}, {&(0x7f0000000100)="0a50e2267bd1902b74a40b92b659b44e58d2be860d3089f7d76c66d204a9d0aa6ff05fbead44a60c14dc187d80c2010b4c9f5c96273875d61cadc3b49fd750f941a77758a27937465c4947667955361ff037f84ecb8649f4341dd8c770ba91e9da8d23c1d106132108f882d31b788511d4d71113", 0x74}, {&(0x7f00000003c0)="cde278b36fffcdc5ccd13188b466531d3b3be2d0636703ff48a44a312cdb1a53239e424ae6c46ce72381ce0fda36735d8b2a2d44e0478c9602c3e4584c712952cf4a08d0ef6643fa5d107a6642aaa1cfd694aa7ef08dbebed1ed6500470725b0c5f51f4807a7a5773a11555361b725930853a1154b5d98d089fe7f8a74bce14f4fb25656416fe1bc192b89c1724998cafe863677626c7d0b2412d0fb8c9f756f7280568d1e4a1edae8a7f0bcb7202a767b388aa600d3ce1bc8a489f122495d13db52913f5f63cd", 0xc7}, {&(0x7f00000004c0)="12305d07936bf1f2e4da5437672e27ba93f3be59bf61b325d4b9be6cecb53d80a4cef97de9ceed96f75551edb6d1126ca93effa38ab9d19de30bb3febb685527ad823a6035b82e02c6194ccb180999a9ba5db35a5dcaf7642a3b42cd56ea46f0b68266f7e55d89dbe60aaf538b93e0c3089448c9710360daabf63d8c71a4def26b89a9232b7562a67a861d44614db4902a1eb2d4d59620ba164aea1fbe4e16d3769f9214c68cb7504a3af26a452e27d078d293a78b91ef30f6bc7c3c450ab9493a738e1ae759390741b1c10c079f3e91c2d70cc6c4f203ab7604357ed452e1bb3560b4faae05414ce4", 0xe9}, {&(0x7f00000005c0)="a4a948d9331965e8dc23e256291530f4235ca4cff3c07a7542e6360a32fe46a02441284b55b610e5a261db86215ec567856452d79bc5e4d5e5d491f1de9979c45123466a8bd9778c7f8a1a58e56e63bb23f25fa1bddc999dbd50cf5fddb2c024307e7e6a61744cded1886e2e041f73dc006af05992ea61d50cfdd6023ec17383a847ac2166e1ed7ab4c26ba77e1004e276c44625ca9d96b80a9a781681e3a47911a7e929efc6429bbd2ff243451e2ef61c12261985c2b2d21827f2d15b9ce6ad5222be97bb1da7cb6e2e19b056939521b7d72c52a99f87acc91be91d1a5d3b9cc3c8db0d7d2d92bfff433929840f11a1284f02fd4e0b291ab76794c99755f4f5c33d9224cf2136a7bc1f5fca376c2c5d854a2083ea896dc6a002b6ebaacb2b7b52bb2c2ecd724aee32233686bc8854880f05fe4176df77822f3a2cd90c58d627d4026f76e96cc070745a4404723426980f6ffd2e117c952eadaa0095906f14638ef10d284646cdbce61a64aab16ff11f87fe29677c91d154723c796013de74aa432f92abed86a9ba946db0fbd7f780e06f5d852cc534da6b6483af019ed361f29948d7b3ce089c3943c36b15fa8d96a23479fc11d77101a3d0765df5095e6bf90f26acd0d3e3760c2fe31f57fc96dfb4043c69ae4d3e849eb0cbb8f4976042e9ad4bb7f05a3ee7501ecc7bc4c8119ac70d68a7cd7907d7b5ea75a5dfa40a2d5603750493276cbdfdef4e874ee0e14013b31153659a6eb34a6e49d7af15725f97a2b471f1fbbd1c155231f1e6e2664768c15d757668400164d58b5d3ec76e4a608fae438f044dec3d47223ed850118e55fb27e32bab4a21ba1e7a9c91e8c812cb41574930487665725190012aabc16437c033c001e8c1bc10a21d2496a8f70f1561af497f1d8c7774b54dc29bbfd846f90e96062e70d15b8e8f265f8e9550bcd103b6c711053dc15af67fdc946f028e84e4f9ea948f67a65a89122249c7bab1c720b2e35e852350d22b3ea462147c3b6c64ff803fbb35b9820906e55d19701988fcb05ecf8f3ab839601c7237049b43b8aef470828ef0f6f2eb96e3fca76c8aab6ff7919694bca294e5dcb8ebfed2014a692a8e8a55d93fd525e220e3eac78f923671a80e834139217987f92d42aa94166fcf061b908269e5303b4f0b441e030b309c6af2a3fbff01a80fb5e14dd91072b091ac929b2e67a4a5dbebd52d440651928e4bb34ce2f1ddda7d44d3fe1525981562da33bab53d0674087babf6d63db6f2ed628e7432afef33d9a3e11efc801f1b60f1bf5f940fa6afe227cff395ff1bfb7e0df09a3141cfe9d42ad2c3bce8cb4100e5d98d9b6b6e04f7156d0484651d76f12131db5d238d74edbcd4b8b9da38c54a1960ef5777c30fa59eb74188267f9bf6ab6dc565ef4defba02bc54995089e681dc230469a61dbc101d110a668edc0185a73e8a2a2a39b656abdd8a3d0fbf256c096908965f720a42d1c24a69cb107016fa626dcce66fb9443a1c79ca7c93cfa020f54c07dfeaec327c918e8494416226c0605978d388b2ab00171cdfe61173d76ae4f97bb1ea764eee59ec7b2f13e7b424d3fe582c57f22d29ccb76e58ba62e5f3e521002c6027b22c5a465dacc84c8753d5f1d6ca8f3765ef5e123d3efe136863cbcf7597857a91176a50685d0fce5ff0f60d4cd256c8edba77e181ebfb42dfaab83abbec5f498665129ad6882a238a312d50f30dbdfe0621c02e68bb265037f309f2986dc6aa998464ccc7cf3ce70eca37ed66cc2d10d2405d9087823515a2241c3e21f47f744f49970d116b5340ae93e260c5c49c9d99a48d1399ea72d6eb1a37a53185b44cd9a073983b052f7109ca8f8c58698bb1afa5e63e85d52f0ff056b697264ef0769ea2538c935278432d6faf30054040065f6a812dd23d4236d2a94e51506abf1e95a8a784a78b5509056efea09b0f96c62f39ed2cedc5993d763e7aac3e2e523a1210149346008f2c0bf476265b21a6e821e06e05da741b9752a2e3585bbcfbcb8771337c16496f9b7e5a07c6cf7640943073654460db0da17af18b2475f07832b4c2e8bce7d27d898d92f79a2c99c6dd8e596328bf6e9d8cfebeece38df982c57ab218976c1fae13b2c5673ca187a19f4e7aa2614ce7ea9cd8cd29ccfd0d7b1038a133f390a37eb42293bf4d80f1dd539e210c54f6ddac542587207dcc33c994b206a81179b66164f71cf695c9bef9a108ad582c7273ca7a8b6abae6041b78305067e66f65047126bb5e1c1b87743eaa785bf7eddc1d38fa1f517419d723fd50247174e7bbaf3ec8dd1034797c8a2015ca7332e59366b0c1126e7695000e1ad898f18356f7fd36af38d8ac4793aee796742e8ade0fd9cf2f4c01417e06450ed964b26ef3991cd64257b3fb5b2ce36fa6cb9e8e136227bc470562538277b9ed8e838a60e07373c2c2c64df0e450cce2a55b80795615a235637d72b3f7c78cc0790ae99fc1d587ba24dfd4afc2ae1d31e8b5d9c456d56a3316767e94dcd4270233b6b9cb0bbe5cb5498dcfda769f54d568cbaf82b5df8be55d5fdbcd7b39e03b63b8b1bbe2dc2000378653d7148b8932cfb5733411cd9f079857010e8f028f6993256d7a20fcaf5bd844c25720b2322c4a70aef76df19b1a134bd79d3d0f06e88ef310690859305de68d02b239dd73c096f5b2850ed12d8529e215b665fe30d6f9b63d0c6deac3d8ba8ba1fbcffe8bc0ca7e7e2f092b270d2706ee70d39583248639c7bb1d30881dfc9ffc3147be464c6e43e5df4130db52a8eca5054cc6eb02054f7323369eb730c1b50402ef920d801cc870b64ea60db1390140fa2e13a206f4b57014c057a4ce4158f3990f186e75e15979ee7a35f11f0dc7c22d0b7fa9e8b85ae955db9f4505b1717d44635314bc33a61cfd2be7ccfd2f3b18f34f661786892ab46c6a885c1473f05676fa1400bdc9bd1cda7b517aacfef67236650d0d4fad81ce0aa1307cb3ba5dbe3db017a42eb70ec8cfc707e74c34a66e8f542e2e4364eca4a288116f503ca60a251d2eed5a87afff645fe50584836eae7f7e6da707739c9ec4fec433927c45d9aa8023f8d2dea70e6a7fe1b43d6324458800ea76bc103164ed950d9d4ec9852209f748d42e9ce230b5983b69823d4d1316086abc9771dfb8cc9bf06fa42fb9201e81d6e601cc788258b69c4f7943302c9903feace6180d4cc7ad4bdcbde911ad888ddcfb397b233f4e239926d41b4299729f542747d993c86c88960b3477c0c31e59eeee50b457e8fcb8025b8c0b14c500bc1d40a33fbd06fd719fa98ec37d2bfd431c48bce20aa40b810dbec091e6a44e3e87d479c7b35dddaf030b9f8bd3a635e5823ff605864624e00b63932938f29b12d71ad7e571d9d48e23bc31d90381e42ea803960e146f598113f6cdaf1874855efd695112396be2417fe63d0bd646c20b089f76bde6d1af919ecccbe97d5469ac0f8d8bf84c212e672e3c8d82267c663b3217c12dbf29d2df3028b099a0235f19fe316221ac4b380ec89950103fff4cf47c2b538c2364c69ec97598864570851db1ace0b70a84f0427a740904e42bfb978ebe7764963d55f3d55904c3d782811d1101827242de5d7facb623731874e031e6a1958abf73099d64e8b4201cc50fe445f0f3a0287a1e9a70331d420f17b492c99d5c6cb07354a37f50e38f04775a10e6233d72521e646226dcff19857fb367acfcb6d340a1d712a02218664d00b1b48f6bf750efdc21c325111504a77c56ef27934d7d026e04bb5a21ec6cf2f6d14a452e8dc1c280dae1de2869be068e6e995fbb330f2f13e633bc2be5337e0dabd019584df78cf073e00e518628a8bb0480513e4599c11be9364e7a7034f1b5d19469757baed161b1e34f806556a3c5408e0758b9122111ab1e144d1cbebebf7eba9b849ef02be7638bd15bf2de60eff0a915848b87c67503d1f7b7d82e4a6c2be60e4acea8c984d2639023238ae5e17ac9f23f9d64a2f87699e82ff371872e7d4bed7e1375428c0ff90c08186e403b47e5ca47bd6c228031bbeae9764e6fa91ab23fb0b56ab97721a0803c3af53d8c05370b1f9e60b2a042fe89fbf741b3f81f088ef3d54a9bad2a6e1ed499d9296b5a9fa3e01f4e39eb94241fb21d29c9a739732fcbd30a84ffe0a465e9e56997ef3aee9302119766cd02e79f9eb94f6354ccf56ed983e76d0cc2ea3f5bb7b8d9b3f22d0f0f5dd33db0d17e44a17bbe1b43cedc9a2824b67395a90cf37f5473b5d5e37a98ff84901e2be2c5da1c307dca29243ef8596bf27d04532a055158f30481ca8659114285c1da7902579d447033c99c0037a17cd7a9f5dc320e853affabb1a75efdd0788dd29b63038b40bdc3ad45fb78fa55614ab0db063f32383f3371d422fa76400a37da082ad86fa58f5ddfc659f991abffc7f113c3ab30f3ee5b796a40a870b6154ca70e6af7fa84ff1277bfaa17388e92e13f101feeb5ad6e0fb6932906aa247e95bea44a8e56d3f5b69f38509f90978047c9588604573df42c407e3902108c37837dd9a25ff54979eae1f1002011d07563b6ca3029c39fb73fcf16bb78f125acc388451e630d58c204b98b688298075f4caf5f73f6905aa6223b7132f570e7a626257751042edfeb466a872029a925c14610f80dc0ed43db360b39c383f92c689a0664380f56eb85d600af52e4dfa609cf7634bb8854ddc5ed2c3849ed3e7c3b3df3932b2aad7eb92bb57c4510d3797e49ef837fb384f0976189edd402d1b367825c5bfa1a8c4ff7fef2f08ebe7f1530351e3e93fc336284ef4cd0706e7d1c33c53cf4e4ba63082239c7a5514ff33f5fded17a72fb1b1d0ee5f3f1889d56d6f235d9b6a9081da91ef63e33df1784bd99c021cd9e57966e4235f2e61e1ae74d03a3c8fa1370eece8b64d55b3179b3c6f6f0fb9f7a239b2f3eb777e6280c40b0312703f8c9b924bbe16a37ef1f496cc76f4871b2b33d38a732eb70132b0b62b8569838438392a8ad8470ca74e562c043f22a25051cb7ee13488336a475b32bbabd271413e0ad5fa7933e8ad82e325d7c13d5a6c94f786b0da45f8af3dd61f33d7a477f47b3002acf9be130fa14e4156232aed39d9f1ea901f26f0098f6de1058099d75d14959cfb46e628aad2ccc5c3da6e587af86ff6ce542fc80bd77e7d0c29af2109840ea9978d3b7b9e8d0a710faf4ddba1926f2409d07cdea6f034f1f6bcd317a357dfe3cd8e1bc2bef6a83f2b820a210e0f6db415ddc90ca612d55578ff473c94ba60efc25cc21fc4bdfb0c6e615f4b68ba64364dc2904cf1603a230c8139eff669674a79b41b57621fd619ad392713723e67f6793cb97fe61f5ca6dea5c2eedbb410a112d5dd124c0b2bba3e3ff1ff0bf48dbcf9ddac4ef0477f5eff8c76f04c765110067fd297436c58684a11d73f2453da44c17e66355455120570a409c1bc52c5cd02d125deaf2757569538a29a6f23d445ad0f2d65263ef84cbbc88572625a2cdfe95485df621c29f03d19e1a958291369dabea7a9b4d3125f8c4d7ac4abfbfdceaf2bc42abd2a1568ed9911027cc2095c85f65ffef02d50f234b38e870e643d371f9c8bc4a3080d7c89eb5bcb5f9e801efd3396aa9fff23c365a3b7dfe0afb832a385ccf80581fad6a88c513b25d48da71811418f26cba5dccf9ac51e99b46094c8715f1aa2065f7e28fa7e4187261b192b68135a7febf54378c086c28e12c0429858909cbde787a8807ab7dfb8b12d778536350b843db9a09a686c81a043036aa5b01b020207d2abce5e8c20e7eea01403e1e", 0x1000}, {&(0x7f00000001c0)="9d420637b6c8206bbbff615f2d811e52", 0x10}, {&(0x7f00000002c0)="bde8c752b14fce0364030319837015fed82dbfecc26d2a85e5f2de41bc4b37c6b0c8bde6ad5d42dd90e147187e016bd5ee59c1f8b32e762ff1dd31e97452ca7f8fa20c9a7e7599372ae98e5146358834959309211057dbcd4a65634096fa04e7eb7256fa0b850f05edd56369c955400e902fd23b2b8efe52b8b55d36c318d6cc4e79dc3fc22c840967686c34dc8cf7", 0x8f}, {&(0x7f00000015c0)="6f057bd6acf348e2524438cd01c214cb57c1d6666a108e86a753550060ae6f8563afc1211a95709d897372ad251281b10d582f184c1ebd6d620516536af834d00a7c7b75c9a19a0ffc45755f9c98f3a2801e9b3d53c0479413d360d0c624c3adf3d083e828a5f2929c82f494960efedcd9c9270044523b66f52bc4807f483ffda845f53f6d90d8149161d43d4423d1a1bb2ddfdd82b6065583cca330c0c22db5a88f2deb75c254def7de708db4c7f2598f7634eaf86b1b7b08c4943fbaa4ebd799e3a8b544a2f50857fcec3c39abfe9de81d33c8039420281b583a93faea89b2a7faad203127dd03821dc15feb18e0", 0xef}], 0x8, r2) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r3 = semget(0x3, 0x1, 0x2) semctl$SEM_INFO(r3, 0x2, 0x13, &(0x7f0000001880)=""/213) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f00000019c0)=ANY=[@ANYBLOB="4841f5f9e1b2edb0b0847dc3513e01e1706d64ec7e00c70454c3f1cb8067000000"]], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) r4 = accept$ax25(0xffffffffffffffff, &(0x7f0000001780), &(0x7f00000017c0)=0x10) ioctl$sock_inet_SIOCGIFDSTADDR(r4, 0x8917, &(0x7f0000001800)={'eql\x00', {0x2, 0x4e24, @loopback=0x7f000001}}) 2018/04/09 20:47:46 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0x0) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:46 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x0, 0x0) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(0xffffffffffffffff) 2018/04/09 20:47:46 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00020fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 179.553043] binder: 15695:15701 got transaction with invalid offsets ptr [ 179.554251] FAULT_INJECTION: forcing a failure. [ 179.554251] name failslab, interval 1, probability 0, space 0, times 0 [ 179.564300] binder: 15695:15701 transaction failed 29201/-14, size 40-8 line 2991 [ 179.571320] CPU: 1 PID: 15707 Comm: syz-executor2 Not tainted 4.16.0+ #14 [ 179.585795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 179.595153] Call Trace: [ 179.597762] dump_stack+0x1b9/0x294 2018/04/09 20:47:46 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff89c00e000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 179.601411] ? dump_stack_print_info.cold.2+0x52/0x52 [ 179.606606] ? lock_acquire+0x1dc/0x520 [ 179.610604] should_fail.cold.4+0xa/0x1a [ 179.614681] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 179.619800] ? check_noncircular+0x20/0x20 [ 179.624045] ? debug_check_no_locks_freed+0x310/0x310 [ 179.629237] ? rcu_is_watching+0x85/0x140 [ 179.633393] ? find_held_lock+0x36/0x1c0 [ 179.637482] ? check_same_owner+0x320/0x320 [ 179.641802] ? __lock_acquire+0x7f5/0x5130 [ 179.646041] ? rcu_note_context_switch+0x710/0x710 2018/04/09 20:47:46 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {r1, 0x0, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) [ 179.650974] ? perf_trace_lock+0xd6/0x900 [ 179.655133] __should_failslab+0x124/0x180 [ 179.659379] should_failslab+0x9/0x14 [ 179.663196] kmem_cache_alloc_node+0x272/0x780 [ 179.667787] ? debug_check_no_locks_freed+0x310/0x310 [ 179.667841] binder_alloc: 15695: binder_alloc_buf, no vma [ 179.672967] ? lock_acquire+0x1dc/0x520 [ 179.672992] __alloc_skb+0x111/0x780 [ 179.673014] ? skb_scrub_packet+0x580/0x580 [ 179.678586] binder: 15695:15701 transaction failed 29189/-3, size 40-8 line 2963 [ 179.682501] ? print_usage_bug+0xc0/0xc0 2018/04/09 20:47:47 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff89dd02000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:47 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x16, 0x108, 0xfa00, {r1, 0x0, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) [ 179.682519] ? perf_trace_lock+0xd6/0x900 [ 179.682537] ? perf_trace_lock+0xd6/0x900 [ 179.710365] alloc_skb_with_frags+0x137/0x760 [ 179.714871] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 179.720073] ? skb_complete_wifi_ack+0x1e0/0x1e0 [ 179.724842] sock_alloc_send_pskb+0x87a/0xae0 [ 179.729352] ? sock_wmalloc+0x1e0/0x1e0 [ 179.733327] ? lock_downgrade+0x8e0/0x8e0 [ 179.737480] ? kasan_check_read+0x11/0x20 [ 179.742557] ? do_raw_spin_unlock+0x9e/0x2e0 [ 179.746974] ? __local_bh_enable_ip+0x161/0x230 2018/04/09 20:47:47 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff8900f0000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 179.751651] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 179.756669] ? release_sock+0x1e2/0x2b0 [ 179.760651] ? trace_hardirqs_on+0xd/0x10 [ 179.764800] ? __local_bh_enable_ip+0x161/0x230 [ 179.769475] ? _raw_spin_unlock_bh+0x30/0x40 [ 179.773890] ? release_sock+0x1e2/0x2b0 [ 179.777867] ? __release_sock+0x3a0/0x3a0 [ 179.780118] binder: BINDER_SET_CONTEXT_MGR already set [ 179.782020] sock_alloc_send_skb+0x32/0x40 [ 179.782042] dccp_sendmsg+0x2c2/0x1020 [ 179.782065] ? dccp_getsockopt+0xf0/0xf0 [ 179.799471] ? find_held_lock+0x36/0x1c0 [ 179.803549] ? lock_downgrade+0x8e0/0x8e0 [ 179.806371] binder: 15695:15716 ioctl 40046207 0 returned -16 [ 179.807708] inet_sendmsg+0x19f/0x690 [ 179.807728] ? ipip_gro_receive+0x100/0x100 [ 179.807750] ? security_socket_sendmsg+0x94/0xc0 [ 179.807766] ? ipip_gro_receive+0x100/0x100 [ 179.807782] sock_sendmsg+0xd5/0x120 [ 179.807800] sock_write_iter+0x35a/0x5a0 [ 179.838559] ? sock_sendmsg+0x120/0x120 [ 179.842549] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 179.848096] ? iov_iter_init+0xc9/0x1f0 [ 179.852078] __vfs_write+0x5bc/0x880 [ 179.855806] ? kernel_read+0x120/0x120 [ 179.859700] ? wait_for_completion+0x870/0x870 [ 179.864304] ? rw_verify_area+0x118/0x360 [ 179.868462] vfs_write+0x1f8/0x560 [ 179.872014] ksys_write+0xf9/0x250 [ 179.875566] ? SyS_read+0x30/0x30 [ 179.879024] ? mm_fault_error+0x380/0x380 [ 179.883183] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 179.888728] SyS_write+0x24/0x30 [ 179.892097] ? ksys_write+0x250/0x250 [ 179.895894] do_syscall_64+0x29e/0x9d0 [ 179.899768] ? vmalloc_sync_all+0x30/0x30 [ 179.903915] ? _raw_spin_unlock_irq+0x27/0x70 [ 179.908408] ? finish_task_switch+0x1ca/0x820 [ 179.912890] ? syscall_return_slowpath+0x5c0/0x5c0 [ 179.917807] ? syscall_return_slowpath+0x30f/0x5c0 [ 179.922722] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 179.928078] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 179.932930] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 179.938110] RIP: 0033:0x455259 [ 179.941282] RSP: 002b:00007fe6acfbcc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 179.948970] RAX: ffffffffffffffda RBX: 00007fe6acfbd6d4 RCX: 0000000000455259 [ 179.956231] RDX: 000000000000ff8f RSI: 0000000020f8aff1 RDI: 0000000000000014 [ 179.963495] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 179.970747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 179.977999] R13: 00000000000006b6 R14: 00000000006fd1b0 R15: 0000000000000000 [ 180.033714] binder: undelivered TRANSACTION_ERROR: 29189 [ 180.040618] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:47 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x20000210, 0xfa00, {r1, 0x0, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) 2018/04/09 20:47:47 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890f00000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:47 executing program 2 (fault-call:6 fault-nth:1): r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(0xffffffffffffffff, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:47 executing program 4: mlockall(0xfffffffffffffffd) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@get_event={0xc, 0x0, 0xfa00, {&(0x7f0000000400)}}, 0xfffffffffffffd17) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x8000, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) write$evdev(r1, &(0x7f0000000380)=[{{r2, r3/1000+10000}, 0x4, 0x3800000000, 0x8}, {{0x0, 0x2710}, 0x101, 0x6, 0x2}, {{0x77359400}, 0x2, 0x7, 0x9}, {{0x0, 0x7530}, 0x7fffffff, 0x7, 0xfffffffffffffeff}, {{0x77359400}, 0x8, 0x1, 0x40}], 0x78) 2018/04/09 20:47:47 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000140)='syzkaller0\x00', 0x10) r1 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0004000000000089687481796215a119c16e46efe8a5a66d0a6330f3470a1a932c01875c5d0800000000000000001eceb7edaf9d", @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0563f7ce0440000000007ba98ae3e7b44962d49eec94f7844806f90b707f5c5238832c5dd5e0a1f2897a12075c1485cac19a51708ea80b630fb7be4a9a9bc2cbc0063ad25a821b47dd1112214d142a9d90da9ed1add0ff23b9164a83ab6ce569e3c2e1d8ea106c7e7018ed74824f3e2cb7c3448d109b2f56529bb963e93a66e03e72b50b5e44fa756dbb4dbda886f7f27965c8954b0a02b22caf0a54da9b618eec7915a4d3a53d201bf4ce50c9df5f2ae0214d817293da95e7702926b861b17f54fdbccf32cb27dff8bbcbddad1507708e98fb816f9eddb96a02d29e8893c7cd4480c98c93668f6496dd544d2474c23ef9e37f49ba29460184105543e814ebe1ba1e797ae15cf36117116b3f3b31cd5634abe98f29d3a8"], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:47 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(0xffffffffffffffff, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:47 executing program 5: restart_syscall() r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f000001effd)='./file0/file0\x00', r2, &(0x7f0000012ff8)='./file0\x00') syz_fuse_mount(&(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_netrom_SIOCGSTAMP(r2, 0x8906, &(0x7f0000000080)) r3 = accept4$packet(r2, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f00000004c0)=0x14, 0x80800) ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000500)={@mcast2={0xff, 0x2, [], 0x1}, 0x17, r4}) accept4$packet(r3, 0x0, &(0x7f00000003c0), 0x3d897c91360fe5f) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r5, &(0x7f0000d65000)={&(0x7f0000de2ff4)={0x10}, 0xc, &(0x7f0000023000)={&(0x7f0000197000)={0x14, 0x4, 0x1, 0xfffbfffffffffffd}, 0x14}, 0x1}, 0x0) ioctl$sock_netrom_SIOCGSTAMP(0xffffffffffffffff, 0x8906, &(0x7f0000000180)) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x7, &(0x7f00000000c0), 0x0) mkdir(&(0x7f00000000c0)='./file0/file0\x00', 0x2) execve(&(0x7f0000000200)='./file0\x00', &(0x7f00000002c0)=[&(0x7f0000000240)='}$+\x00', &(0x7f0000000280)='ppp1\x00'], &(0x7f0000000380)=[&(0x7f0000000300)="13706f7369785f61636c5f61636365737300", &(0x7f0000000340)='#keyringvboxnet1.vmnet1vboxnet1@@wlan0keyring}^\x00']) ioctl$EVIOCSCLOCKID(r2, 0x400445a0, &(0x7f0000000100)=0x8001) open(&(0x7f0000000140)='./file0\x00', 0x80000, 0x10) sendmsg$nfc_llcp(r2, &(0x7f0000000a00)={&(0x7f0000000400)={0x27, 0x1, 0x2, 0x7, 0xbb, 0x7ff, "86fa2846f3c69a72171862b33a7129022953bce8e8fda3ad2bed7f9f71aba16fb627597196f005310cb9640ad72f2a12ccc1871daf99e59da7058ed099becc", 0xe}, 0x60, &(0x7f0000000980)=[{&(0x7f0000000580)="ca39cb58bed0d4eb343bb1722e7a3f751a0dfc9bc0598ce4dab04de4aace58ca5b3715bed187aecfa8c53649b0949db27c6b8b3849a05ce0f18a58076181630311cc0de32e0bcc4cb49338505daa1e6fd149a0743588bfa5327786dc3bfec483113b28283577675ba0dbc7e369f9eb7ec99899da5e4d6e4fa448763c", 0x7c}, {&(0x7f0000000700)="c6a6bc870831a45de1b430c6c153a232e1552d74c9583dc8468c26c54d9dbb0cb91764a89e63aed96d61c6629ca6953c159f39dcc6281019d841ede3b9d7eff538e0f35c63ec577dbc5c293a8d7c03213ec7425683aadacd40c9b113c5b588d308bc56ce3ab63fb7f3a4da96f0def2356afb49a1", 0x74}, {&(0x7f0000000880)="b2f933ae7aa71a03411b06bb15f668fe297b2155639beb264fbab97fd850cd03270540823aaca6462350c1bb3b4594509321f0761d9e10519756cdfa2a7baf58150377ebfce6a0bf8c36d8c970489771ebd1a35a28607c83fb6fc6e69195fb289574de2d0bdb2b6308d56c874cd8fe65f879d342dd0ebed0240dc95edfb8b3746ccc5a8ad47863fdaeaaf6f9d774c1413a", 0x91}], 0x3, 0x0, 0x0, 0x800}, 0x4000) write$rdma_cm(r0, &(0x7f0000000700)=ANY=[@ANYBLOB="05000000100000fa", @ANYPTR=&(0x7f0000000380)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000006aac17073a912033000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e339b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a70000000000000000000000000000000000000000000000000000000000c7eb19690000000000000000000000000000000000000000"], @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00'], 0x18) 2018/04/09 20:47:47 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x0, 0x0) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(0xffffffffffffffff) [ 180.667625] binder: 15756:15757 unknown command 1024 [ 180.690249] FAULT_INJECTION: forcing a failure. [ 180.690249] name failslab, interval 1, probability 0, space 0, times 0 [ 180.701594] CPU: 1 PID: 15754 Comm: syz-executor2 Not tainted 4.16.0+ #14 [ 180.708531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 180.717894] Call Trace: [ 180.720503] dump_stack+0x1b9/0x294 [ 180.724155] ? dump_stack_print_info.cold.2+0x52/0x52 [ 180.729366] ? is_bpf_text_address+0xd7/0x170 [ 180.733883] should_fail.cold.4+0xa/0x1a [ 180.737939] ? __save_stack_trace+0x7e/0xd0 [ 180.742255] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 180.747357] ? save_stack+0x43/0xd0 [ 180.750969] ? kasan_kmalloc+0xc4/0xe0 [ 180.754844] ? kasan_slab_alloc+0x12/0x20 [ 180.758981] ? find_held_lock+0x36/0x1c0 [ 180.763053] ? check_same_owner+0x320/0x320 [ 180.767372] ? rcu_note_context_switch+0x710/0x710 [ 180.772293] __should_failslab+0x124/0x180 [ 180.776517] should_failslab+0x9/0x14 [ 180.780307] kmem_cache_alloc_node_trace+0x26f/0x770 [ 180.785456] __kmalloc_node_track_caller+0x33/0x70 [ 180.790379] __kmalloc_reserve.isra.38+0x3a/0xe0 [ 180.795127] __alloc_skb+0x14d/0x780 [ 180.798830] ? skb_scrub_packet+0x580/0x580 [ 180.803146] ? print_usage_bug+0xc0/0xc0 [ 180.807199] ? perf_trace_lock+0xd6/0x900 [ 180.811336] ? perf_trace_lock+0xd6/0x900 [ 180.815476] alloc_skb_with_frags+0x137/0x760 [ 180.819958] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 180.825141] ? skb_complete_wifi_ack+0x1e0/0x1e0 [ 180.829893] sock_alloc_send_pskb+0x87a/0xae0 [ 180.834388] ? sock_wmalloc+0x1e0/0x1e0 [ 180.838348] ? lock_downgrade+0x8e0/0x8e0 [ 180.842488] ? kasan_check_read+0x11/0x20 [ 180.846623] ? do_raw_spin_unlock+0x9e/0x2e0 [ 180.851025] ? __local_bh_enable_ip+0x161/0x230 [ 180.855686] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 180.860696] ? release_sock+0x1e2/0x2b0 [ 180.864658] ? trace_hardirqs_on+0xd/0x10 [ 180.868791] ? __local_bh_enable_ip+0x161/0x230 [ 180.873448] ? _raw_spin_unlock_bh+0x30/0x40 [ 180.877843] ? release_sock+0x1e2/0x2b0 [ 180.881805] ? __release_sock+0x3a0/0x3a0 [ 180.885942] sock_alloc_send_skb+0x32/0x40 [ 180.890170] dccp_sendmsg+0x2c2/0x1020 [ 180.894059] ? dccp_getsockopt+0xf0/0xf0 [ 180.898122] ? find_held_lock+0x36/0x1c0 [ 180.902176] ? lock_downgrade+0x8e0/0x8e0 [ 180.906321] inet_sendmsg+0x19f/0x690 [ 180.910113] ? ipip_gro_receive+0x100/0x100 [ 180.914428] ? security_socket_sendmsg+0x94/0xc0 [ 180.919169] ? ipip_gro_receive+0x100/0x100 [ 180.923479] sock_sendmsg+0xd5/0x120 [ 180.927182] sock_write_iter+0x35a/0x5a0 [ 180.931231] ? sock_sendmsg+0x120/0x120 [ 180.935204] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 180.940725] ? iov_iter_init+0xc9/0x1f0 [ 180.944689] __vfs_write+0x5bc/0x880 [ 180.948391] ? kernel_read+0x120/0x120 [ 180.952265] ? wait_for_completion+0x870/0x870 [ 180.956848] ? rw_verify_area+0x118/0x360 [ 180.960987] vfs_write+0x1f8/0x560 [ 180.964519] ksys_write+0xf9/0x250 [ 180.968052] ? SyS_read+0x30/0x30 [ 180.971489] ? mm_fault_error+0x380/0x380 [ 180.975627] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 180.981152] SyS_write+0x24/0x30 [ 180.984502] ? ksys_write+0x250/0x250 [ 180.988287] do_syscall_64+0x29e/0x9d0 [ 180.992158] ? vmalloc_sync_all+0x30/0x30 [ 180.996290] ? _raw_spin_unlock_irq+0x27/0x70 [ 181.000773] ? finish_task_switch+0x1ca/0x820 [ 181.005255] ? syscall_return_slowpath+0x5c0/0x5c0 [ 181.010172] ? syscall_return_slowpath+0x30f/0x5c0 [ 181.015091] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 181.020444] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 181.025276] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 181.030448] RIP: 0033:0x455259 [ 181.033621] RSP: 002b:00007fe6acfbcc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 2018/04/09 20:47:48 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(0xffffffffffffffff, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:48 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff89000f000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:48 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {r1, 0x100000000000000, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) [ 181.041316] RAX: ffffffffffffffda RBX: 00007fe6acfbd6d4 RCX: 0000000000455259 [ 181.048572] RDX: 000000000000ff8f RSI: 0000000020f8aff1 RDI: 0000000000000014 [ 181.055837] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 181.063093] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 181.070350] R13: 00000000000006b6 R14: 00000000006fd1b0 R15: 0000000000000001 [ 181.083100] binder: 15756:15757 ioctl c0306201 20000240 returned -22 2018/04/09 20:47:48 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100)}}, 0x18) 2018/04/09 20:47:48 executing program 2 (fault-call:6 fault-nth:2): r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(0xffffffffffffffff, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:48 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff89f000000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 181.130872] binder: 15756:15757 unknown command -822648059 2018/04/09 20:47:48 executing program 5: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x3, 0x7ffe) setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000200)=0x4, 0x4) sendmsg$netrom(r0, &(0x7f00000001c0)={&(0x7f0000000080)=@full={{0x3, {"841f4fe4a76355"}, 0x2}, [{"acf94354fd93e6"}, {"4944ec93b78348"}, {"3f9a5d5797ada5"}, {"5359db05acc235"}, {"a35b9b2f8198d2"}, {"b0283b8a985091"}, {"50745aa0a016f7"}, {"06bcc896eb6267"}]}, 0x48, &(0x7f0000000180)=[{&(0x7f0000000100)="cfc0f34e5086f0c196a04595562a1d3e7e52daa725f5afc83f2a2a30b75ade274b57dac21caca92ba726f0e513412dea53922e3cf38bde756c74f61f8ecf2162a29b776f88f14f44a2208ad25bc17d8d7d23d3f42d3cb1f5", 0x58}], 0x1}, 0x40) r1 = socket$inet6(0xa, 0x80001, 0x40000015f) r2 = perf_event_open(&(0x7f000001d000)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f00004d8000/0x2000)=nil, 0x2000, 0x4000000000002, 0x4403e, r2, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000265000), 0x10) socket$l2tp(0x18, 0x1, 0x1) getsockopt$bt_hci(r1, 0x84, 0x40000000010, &(0x7f0000001080)=""/4096, &(0x7f0000000000)=0x1137) [ 181.179168] binder: 15756:15757 ioctl c0306201 20000280 returned -22 [ 181.237260] FAULT_INJECTION: forcing a failure. [ 181.237260] name failslab, interval 1, probability 0, space 0, times 0 [ 181.248919] CPU: 0 PID: 15799 Comm: syz-executor2 Not tainted 4.16.0+ #14 [ 181.255848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 181.265207] Call Trace: [ 181.267807] dump_stack+0x1b9/0x294 [ 181.268456] binder: BINDER_SET_CONTEXT_MGR already set [ 181.271440] ? dump_stack_print_info.cold.2+0x52/0x52 [ 181.281983] ? percpu_ref_put_many+0x132/0x230 [ 181.286570] ? memcg_kmem_charge_memcg+0x74/0x110 [ 181.291423] ? percpu_ref_tryget+0x2b0/0x2b0 [ 181.295839] should_fail.cold.4+0xa/0x1a [ 181.299911] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 181.301392] binder: 15756:15757 ioctl 40046207 0 returned -16 [ 181.305022] ? graph_lock+0x170/0x170 [ 181.305043] ? find_held_lock+0x36/0x1c0 [ 181.305064] ? __lock_is_held+0xb5/0x140 [ 181.305095] ? check_same_owner+0x320/0x320 [ 181.305111] ? graph_lock+0x170/0x170 [ 181.305127] ? rcu_note_context_switch+0x710/0x710 [ 181.305146] __should_failslab+0x124/0x180 [ 181.340115] should_failslab+0x9/0x14 [ 181.343916] kmem_cache_alloc+0x2af/0x760 [ 181.348067] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 181.353618] ptlock_alloc+0x20/0x80 [ 181.357254] pte_alloc_one+0x6b/0x120 [ 181.361060] do_huge_pmd_anonymous_page+0xe7d/0x1e40 [ 181.366186] ? __thp_get_unmapped_area+0x180/0x180 [ 181.371117] ? __lock_acquire+0x7f5/0x5130 [ 181.375353] ? kasan_check_read+0x11/0x20 [ 181.379502] ? rcu_is_watching+0x85/0x140 2018/04/09 20:47:48 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {r1, 0x1000000, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) 2018/04/09 20:47:48 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff8902dd000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:48 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff89000000ff09ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:48 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890ec0000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:48 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18f) [ 181.383667] ? debug_check_no_locks_freed+0x310/0x310 [ 181.388863] ? is_bpf_text_address+0xd7/0x170 [ 181.393364] ? kernel_text_address+0x79/0xf0 [ 181.397774] ? __unwind_start+0x166/0x330 [ 181.401924] ? __kernel_text_address+0xd/0x40 [ 181.406423] ? unwind_get_return_address+0x61/0xa0 [ 181.411357] ? __save_stack_trace+0x7e/0xd0 [ 181.415690] ? save_stack+0xa9/0xd0 [ 181.419318] ? pud_val+0x80/0xf0 [ 181.422685] ? pmd_val+0xf0/0xf0 [ 181.426057] ? alloc_skb_with_frags+0x137/0x760 [ 181.430727] ? sock_alloc_send_skb+0x32/0x40 [ 181.435134] ? dccp_sendmsg+0x2c2/0x1020 [ 181.439194] ? inet_sendmsg+0x19f/0x690 [ 181.443169] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 181.448713] __handle_mm_fault+0x290b/0x4150 [ 181.453130] ? vm_insert_mixed_mkwrite+0x40/0x40 [ 181.457885] ? graph_lock+0x170/0x170 [ 181.461691] ? kasan_check_read+0x11/0x20 [ 181.465840] ? find_held_lock+0x36/0x1c0 [ 181.469910] ? lock_downgrade+0x8e0/0x8e0 [ 181.474064] ? handle_mm_fault+0x8c0/0xc70 [ 181.478309] handle_mm_fault+0x53a/0xc70 [ 181.482373] ? __handle_mm_fault+0x4150/0x4150 [ 181.486959] ? find_vma+0x34/0x190 [ 181.490516] __do_page_fault+0x60b/0xe40 [ 181.494588] ? mm_fault_error+0x380/0x380 [ 181.498750] ? refcount_dec_if_one+0x170/0x170 [ 181.503334] do_page_fault+0xee/0x8a7 [ 181.507138] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 181.512332] ? vmalloc_sync_all+0x30/0x30 [ 181.516489] ? find_held_lock+0x36/0x1c0 [ 181.520561] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 181.525414] page_fault+0x25/0x50 [ 181.528874] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 [ 181.534749] RSP: 0018:ffff880189f3f6a0 EFLAGS: 00010202 [ 181.540111] RAX: 0000000000000000 RBX: 000000000000ff8f RCX: 000000000000ff8f [ 181.547378] RDX: 000000000000ff8f RSI: 0000000020f8aff1 RDI: ffff880187a4128c [ 181.554646] RBP: ffff880189f3f6d8 R08: ffffed0030f4a244 R09: ffffed0030f4a244 [ 181.561912] R10: ffffed0030f4a243 R11: ffff880187a5121a R12: 0000000020f9af80 [ 181.569180] R13: 0000000020f8aff1 R14: ffff880187a4128c R15: 00007ffffffff000 [ 181.576480] ? copyin+0xe4/0x100 [ 181.579861] _copy_from_iter_full+0x25f/0xd10 [ 181.584089] binder: 15827:15828 got transaction with invalid offsets ptr [ 181.584356] ? usercopy_warn+0x120/0x120 [ 181.595225] ? __local_bh_enable_ip+0x161/0x230 [ 181.599900] ? iov_iter_advance+0x14c0/0x14c0 [ 181.602827] binder: 15827:15828 transaction failed 29201/-14, size 40-8 line 2991 [ 181.604394] ? __local_bh_enable_ip+0x161/0x230 [ 181.604412] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 181.604428] ? skb_put+0x17b/0x1e0 [ 181.604449] dccp_sendmsg+0x418/0x1020 [ 181.604477] ? dccp_getsockopt+0xf0/0xf0 [ 181.633180] ? find_held_lock+0x36/0x1c0 [ 181.637252] ? lock_downgrade+0x8e0/0x8e0 [ 181.640929] binder: BINDER_SET_CONTEXT_MGR already set [ 181.641402] ? kasan_check_read+0x11/0x20 [ 181.641428] inet_sendmsg+0x19f/0x690 [ 181.647581] binder_alloc: 15827: binder_alloc_buf, no vma [ 181.650818] ? ipip_gro_receive+0x100/0x100 [ 181.650839] ? security_socket_sendmsg+0x94/0xc0 [ 181.650853] ? ipip_gro_receive+0x100/0x100 [ 181.650871] sock_sendmsg+0xd5/0x120 [ 181.650888] sock_write_iter+0x35a/0x5a0 [ 181.650903] ? sock_sendmsg+0x120/0x120 2018/04/09 20:47:48 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cuse\x00', 0x10000, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000001680)=0x0) lstat(&(0x7f00000016c0)='./file0\x00', &(0x7f0000001700)={0x0, 0x0, 0x0, 0x0, 0x0}) getgroups(0x1, &(0x7f0000001780)=[0x0]) sendmsg$unix(r1, &(0x7f0000001800)={&(0x7f00000001c0)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f0000001600)=[{&(0x7f00000003c0)="fccd13b863c61ec9108683783f997e282e32209cd4ad9c9e0e722075f44521a41a345e6b696858e483bd622a491b467003b9287b6fbad40437e13c7fcfad3f3ff3603c8a28883a4c49464a40dafd695bf3bb4b5fdd85f882efaec58d0c6c2fe33dfe22804f37941545a98f825c6ede1336e211d432dbe37f924c0ac6f03c534758e62aed48a7ec7354dd02a3ba9d4118315e06601671e75da812ccdfc5cc3ade1393df80e0aca59d7bb19f905a35e00ac307dbf9e84794dc0ef3a0b873e714e584fa232f061477cf2bbd7f6c01c018291c8d0f26ea1ef945055da5b59ce9242e52bd942c2625f5b92296a1b7d6d31f67f941a549", 0xf4}, {&(0x7f00000002c0)="0f332433ca8b1a5ff09879f4a533dcbae9458d17e94129cecaf15ac4635fc265784b791bdb5e13a1276aa143d6f44211ceb892ddc2ea54536f01c668b6d0fe43fdbf05f4a5d3536fd4a821820e26383fed9f2c17d9f84bad5b54", 0x5a}, {&(0x7f00000004c0)="eed585aaf7d92a03b04c137986fc23c0ffcc286a185e125345a2e25991a3a57bf7050099f1be5c462da0d8a056f3fe179d304eadbd3f72f3641c71dacc7c1b01d962462599ced1168370ad1dcd355f3b789a8c18f943ba416dac8e894c5eb752ed1c33", 0x63}, {&(0x7f0000000140)="9e7c7991", 0x4}, {&(0x7f0000000340)="2f7dd88106e87a7407154cc9be905be1c372d1001aab2a74819bd9294494", 0x1e}, {&(0x7f0000000540)="d08fa191900f8889ffbf120674a4159e417a8caffdbc9fdf3a26945156dc50cd20fbd5d26481e17b46b14489420aeed440ddb1e84d789f62ced494a3ab047fbcc211b92fd3de82354f548b6c834be01a5e300226e4598f6b8b1c76e5c86457dc04896c19fe45e189e0cc7626a6d59ee4ad771242f51bcf9a0f11b6cac6bab1d0c4a157225a1b529ba3730860ae7bf0e591a2b42e435dd479c50927d032c939e803fdacd803e6606d587d747cbe7077bc1e105aad27930ceb22b1f520ae7334c9b119bfdd578b01eb8071e3141b575e6e1778c0f0ab9b551f849ae8f27fcf7919be6c895ddad23d53c8584a480cfceeb9fd43b3bb93db1b565786a899d3848198340bcab82b08f4d161f4f0b72be74fd239e8c0ff97f125f9705c6725d35369e1d9208e208f7e9d4c84d8a246f0e63785ad2bbedcae5e69280f22c03729fb7dd6e82662ab0b7d7eb3d99e00512217063fd5eb2e473ef9c8a02f9459e91239e7c93f8d82c0ba117fb561443e0d86803b2afb6c83aebf48be3c9913f1a9f031f0fdd445f107e828f78984549ecdb307e4809bb5fc1c85badeb714efed233b0d8f910cfc44f804389fe6477e9c04931d1d8d5705c4148ed3e5a46a1882692292c4e790c732ddbb4dcb4cd8c1dd0dfaa6bee125056023cb2c11abe25a9ce6c5676ad7f4149c80ef77c3c037e3ac3c3722b1d3ab62110454dfd2d64486b49076add48f0ff042ca58c329c81397f89cfdf0f65b65b126cc928e4e196b2fc5063b9c956d9f6e47fc78327e3df2b316a99380e2f22e37d7e00dabb2e05123541cd73a05670285acc5c529d2703e5ceb7ec885dc4148ba267c5736f2ff4fb3c744e65710d6cf767cbe56c782c75f419bcd8d27d72943cb3d807d5af0badcf69594ead64d5b26d13fe72fa0c304edde9d33b3df0530db852e3f7f878bc65e19f84ad233c4a69155e5cffa08ef2d0b9f5c716f1b28eec20f23285294a42b02be646469eafa2217c41ec259705dc571e13e293fc077725ea30928f88ae8db5d8f8ca3c8ab7682827d28ba3f1ec8b51febba4b61b54dfb79a943dfddc4f189c95eb4df05710ab5d1573a15eab54d2b54b9037301ed6af3a06a9d695d65af4c7908b7a60f31b9a774258e7e579479cf8b4e43e15e990aace65f5ff298cd5202d7dba696780c99a05fb794b2b34aff7a389b6b6118c6f302aab6413fa0e07f2af6e6f5bf02491e104c137251844c0753f4406bf32b35294abf907614b07bc0f224c7676e21f609b049d1ecccff1aa775927f3c867b225cfa86e4aded4699c8d326ae15c72f31b5ee573d313abcfd3b65655e6a1a62d8729992bf9c23c9c2a81ec265886eaa56e5677b45d0dd39d249056f41cceae5a415f58f9b73de0b17acf7d9628a2f5b2fbe4bb750aaf151f0146c2ffc5d40abac2c12387f99ae741dd6dca40d0ff558f04759f8bea248187daa3908656347fc23ff62ba956cc9e9d05ab744d6232506c5d5fabad24758b629b1870d5715b24dce12dfadd4485aab69405c2927340948c871fec182e04f6a5b8d89e68317deb92adf450271bce99186214401ed2ce20fec5503f3ec819903c9a893c1ef82f2b0f9a483c173df05dfd3657382b946a690c0a2c8b9068dee462eb9b3a63b70faee04e937e821b2fa78b1fbf898e79b14c180895e8033aa7217190a072f122cde4d0c72fda87dba8970aefd8a192da3517272af42100e7ef2eb4c8a07605d32159582802933b8c54d382a8c26fb05d6b7c132ff3bc6ce82a27ece1c9ad576963e0e616099d1e68f2978dcb7738528462f737053bd671d4f94b6644be17b007e7e1180df09691be6f4dcbca8adf86ccacc32f6461627d958c6394795cb98820062e67d38349ec3fa40e39e040f179afbdd5ec450955cd58f8778731e6047e37396be96c4eba80461be135be557e89a631d50c4dfb19d3d86a79fdeb175fe04602dd079e0f56e9056dfffb215229b789692246aa019a950f2379959a2f1c1c69aa4409a6d882818f925bc9831908e4dd1e90788a448ee7dd36545772c33940448b3dab5823415c1724a53964301ed25d22f276b1dbf111bcf3fd57701f1ca8421ce869cbd6ed387222e6eab3faecfc8cc540c9f33c9fb1f84c568df9f1fa5378c51d91d2d862074bcc93c47a24248eb3ec570c44fb7d703204b27b3421cd2f042a808e60ae57d034118575e820d47046e28d5f6e85a4e39f920c626c118eec457af7147ecd5b19ab763dee63e6e2d23b25b91a4c9f08449b54b30f70b340b74dba78a8ad68914f68403a54e50c36d57d9cb8705f0bca94a4c793cbe94eebd4ce25f404f269a4609066f77f996f54c212a66f3a5749ac7b5e90c08b03a237ab12be36036494eeef2aa9da0d9b5cb19f6cfe36db1992e0b096763814a221714a62b8b13e6cda7baaa6764ec66bb2e21c0e657a02fb87621965b7614fc2904f070178229ccefdf33f020af123aeb83ab112bb18f296476756076695d275fe5e940c2bb58f6d61beaad19fc7663d83807404c4dd2637cadb9cae7d3e2474ed25575c98bd2e3c2f735928c90f9253e5b4a7542b51bb8291af4fbf62c64e166e36b7a1a04ab55201b121486314a534cbd1ec47c18e27183b3a3343d3532fa8114e5c362c1bcf13d9ad613732e27e86a915c51a44e18de483da6638a3a68f030ccc3ebd5ea4c660f59d7903f2836e46b8c5a8719145686664e739ed040b70cc42f784c8310e32bd9125ec1f6cdab0cbf51be768f89a7b1cca5247d792211bf3afdaf8c8c8e7a319d41326cc77bbe67a20bb277c37b4ff3986be5405106439edcb93281eeb6d18024260677755a282a1ec57d86023becc9e5982f2527ba08b52bac4a46b66b4bfcb28d8f6f8533028eb8ed33bb29c943fd3fc599be135f74a3976d3c4ff326025598916f2c143a6a25483cf727a5f1f6efa2d31304d16108fa1609df6b43c951d827fca2172a64d8a39036ab37ce26a4de1e1b3b97d9ef11e973f2f5aa1656360ff7a32860fe7a7dd43dcaff2489d2850ca9159ef65e9ae26a043c829ffaad3522c4c541e87ce299ebfe77d03214abe134c05d93d0b0064ff7fd5a51b2378a5c425b18e92b02ae26f57bf2532ba815b4ad1b5e5b130d27c4b740cac5991d1a137e3ae19ca8811f706182a754885713946aed468c7ee6033953555f5894d704ca768dde75ebb0c900d99428db5de7e25c451aebdcf0847e0b624d9877a86a63723518d38ad9c2c794be8144a21a2a241de52abd96f7d2077d25a6cc945e463cb011a4f9700023ffc52fd1b82e23a79455bbcbb928caa22936942939ac0faacebee5ced6c333b4e49cf37ec21b0b1cd3f2b64f9c5c1881878b37897a766ef2271c7af909c855935052ea217a3241f7e9b9b2bdb06e0f33e0c1cba6923fc9af5bb54804dea72a8758bf20c54fb2c45415655e3db8c13715e1c300ce6af1ea37bf000150d3721a02fa599cb41b1fcdca1afbe0f6ff4d266034a8a70961b6b5ec6507f247f271cf41350f2f489d1c69e836f85bbbe14526e3e910a02d46932a73a47aa3c3c5d6cba71ce8a5dfb0e671a92d8a31c4017d452c67d5c5090d755e6dcb0e365778add2bd308acbb40c0f073112143edb3c5104fbd386cebb30d02fa8a455bb275d2a5e72916e1f31584457da962f487c8939c207669ea1e904391dda791479e2d2319e25ca535559a7c0af4b9798a37efdfbebeebc9ac8a0c909d27768cfa543df0ce24b83164425bc359f3736245b4093c8dcb407f3e9575eca2667fa3e51442cdd834a9e0609079ebae4baa64a581b17e3798c8f53d62aa5baf68da5ee8d5adfcfeb9ced8454367aa1c011db9d1f1c8b6a4b0913e3cd8ea9c536230129f3831e5f4ba0de09e67109853f887271b007e5e8d06a239f146cca3c16171d58bc21fdc9c1087cd40f17fd78a7d554d83a01579586d1f714e5ff31621efc066fe649ad2c7ff3525d51b75c381d7322782994b38cbaf982e7cb9679a52d2145904f2077e4d2236c34097510b828433c0f4302b3dc1161abe4c37e89ec1b5ba50cbd27f175ea8b084032cac46121ff36be2e65bec2b61c302da1eed14f2a12bdccb07708d6beb3827b1b0d43e333f6954efa63dad6dee9c9a9bc10b91b7cdce848c955b093ebdb7a37c4a2868172babcb5090b6df77fac81323042b4ad65b2788c192edf4b975d2883d29945b0d7c9805b3e2ab7f8517328250eceade894e72e569729e5e1fd9b5bfd0547c1eabd1fddb4e7a4f12e932c61a9b079b1d2349b3eba768eaf1070292a4464631e8f902c7c7c9575e234dfa2cc7da37909e8b067d656290e737198812b93c9011ffe2d38f8e666e597d48db49cfa67b26d1125827b15c01c0683cef009b12f68b2e38d631aa14c30659ec7bb330c624f093b2bcdbde0d208d87e832e4951c47465fb9648e6d6d1bea437a15261cd4a3f3f22cfed0d6c16a7139180e6a6fce1adfdd8813d27fca8ecc90dd2913a50364bdd728bd84b5075588e38487058e9da145411f5120c31c5528f739b52791b20c8dba35bebcf3697db3c0b1d4affd78cd70363f8fc4b1c0a162aca3953f8f0239ba218274099269f1d369a43d48a6c4bcb044c20cb0b8a972bf1c195058f45556311e752b75d2ff91481747931326bb14e34968ddbe697d68d72289cff7c006e091d141c351b09d67545ced0cd2721b41d1ac9f98c05f573b478bf7aab65f82173c755222e62eb6a8445e2746bbd826c7037ad9a97f42b1da605d7edf18f1d1dfaa4c9faabbbd7c249fa26a74490422460c8b01080a6f8e12a9e5f507a432f51f6d684f79cb8cc207eeb242af4b0b285a6785d96f2663700c934ce8b02cd72925b522af9c7cd761c20d19b303ec643c6470306b6c8e78e5228349f99f4551c686301706c9b1fc958b7c879ffa392ace6e52afda292a9fe9c569ef2274e78a0c55d272e76b6c9fb9413ede87ebbce13fd667ed60ebd8e948979f314840d7d467c04e781290813d4df48bfdc9d0f3d53e7dbe584a20e6d673a660b0020fa6463ae66fb99480567ffc6b5d90986c4824e9ab4baf5dd9d9159348e6d9642f8f236ef6106afb128e39d1e5895765bd6a96a3fe35e857400e2498f5bb3d90fd6156dfc1d436c49d8526abaccb675001736f4803c8935f57727514ca57ed9c973c133bc2e487818e6d6cf06559b36e17b0e0c3070f503bcef821eb2b75378d8c7ee1765f3b89de011072753074c02be94b4fdda453fe08d146819a682be9957644b2892cf822fd373a8ba972ba7b8cee3451a90ce5e97b95271f088fcee6acc6071ddeb2508f9eab0febfa5afe71ed8ce4a5a4dc335a86b9db371e85d20bf7ab80c055edbd90aaf5a0d03ec17b23c85dcf6575bd115dc933539d9276ebb5a2e172b5d1cc37e416f714504427771294b20d2f03ab1caf49593227216f080135d7eb5a6e93ccde23577c330776a28b16bcc653e01f4ae267abcb27ac80f192b7bea1bfece51cbb03cd22fdb5d10d02c0b4141c7bb30b3d0472f6f28f82cf553747c18a5fe9e50a66b1181fec792734fa7f1957551d7f842051ddc49847e1415e14674307ff8c617321fdbeca3f899c7e4954a5b889ca15234d43d24cd58de3af34eb2d2f87f0e398c49eb2b63a1a965dde7a770885a8093af796c8ae4358bf8331112961066525633711f926f7421195e7c13f68363829feb51e7ff89d97e7321a640dcb5a0ee2f6f3813d091b9f951fe40fbd24d62e28fd397e95f2c20b74b31daf85ebb5c428278b3ff9290f0e8bafec1c3114346c021d3196fe15ae169", 0x1000}, {&(0x7f0000001540)="c3c0984e61df40aa5f8fb78503d8fecf2c91b20c6813db9fc30b4caa6b7facbee912e242e875d72f8e9191c287ebb73ab83d03dab3d56dbfa9396a416911f1276fa4ef2db7c9fcd6af2e36ded2357b17f7cbb25ab8932e43fc6bb58c3428b548992784d75886a96ae8bafaa21af56fec8bb0b413dd7d3b", 0x77}, {&(0x7f00000015c0)="686a4856d1a99df9024678cb09ea2b873ff7f184", 0x14}], 0x8, &(0x7f00000017c0)=[@cred={0x20, 0x1, 0x2, r2, r3, r4}], 0x20}, 0x44004) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) r5 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x6, 0x80000) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffff9c, 0x84, 0x75, &(0x7f0000000040)={0x0, 0x200}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r5, 0x84, 0x78, &(0x7f00000000c0)=r6, 0x4) 2018/04/09 20:47:48 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000209ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 181.650925] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 181.654746] binder: 15827:15833 transaction failed 29189/-3, size 40-8 line 2963 [ 181.660217] ? iov_iter_init+0xc9/0x1f0 [ 181.660236] __vfs_write+0x5bc/0x880 [ 181.660253] ? kernel_read+0x120/0x120 [ 181.660267] ? wait_for_completion+0x870/0x870 [ 181.660295] ? rw_verify_area+0x118/0x360 [ 181.685849] binder: 15827:15828 ioctl 40046207 0 returned -16 [ 181.690838] vfs_write+0x1f8/0x560 [ 181.690859] ksys_write+0xf9/0x250 [ 181.690876] ? SyS_read+0x30/0x30 [ 181.690891] ? mm_fault_error+0x380/0x380 [ 181.690909] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 181.690925] SyS_write+0x24/0x30 [ 181.690937] ? ksys_write+0x250/0x250 [ 181.690950] do_syscall_64+0x29e/0x9d0 [ 181.690961] ? vmalloc_sync_all+0x30/0x30 [ 181.690975] ? _raw_spin_unlock_irq+0x27/0x70 [ 181.690988] ? finish_task_switch+0x1ca/0x820 [ 181.691002] ? syscall_return_slowpath+0x5c0/0x5c0 [ 181.691018] ? syscall_return_slowpath+0x30f/0x5c0 [ 181.691037] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 181.691053] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 181.691072] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 181.691082] RIP: 0033:0x455259 [ 181.691090] RSP: 002b:00007fe6acfbcc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 181.691103] RAX: ffffffffffffffda RBX: 00007fe6acfbd6d4 RCX: 0000000000455259 [ 181.691117] RDX: 000000000000ff8f RSI: 0000000020f8aff1 RDI: 0000000000000014 [ 181.726279] binder: undelivered TRANSACTION_ERROR: 29189 [ 181.728234] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 181.728243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 181.728252] R13: 00000000000006b6 R14: 00000000006fd1b0 R15: 0000000000000002 [ 181.747384] dccp_xmit_packet: Payload too large (65423) for featneg. [ 181.750288] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:49 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x10, 0x0, 0x6}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000300)="c16a00012e260f01ca0f300f350f20e06635000100000f22e066b8ef0000000f23c80f21f866350c00e0000f23f80f21976766c7442400a56c05676766c7442402af3f00006766c744240600000000670f011424b8f1008ee80faeaf0100", 0x5e}], 0x1, 0x0, &(0x7f0000000100), 0x0) setsockopt$RDS_GET_MR(0xffffffffffffffff, 0x114, 0x2, &(0x7f0000000100)={{&(0x7f00000003c0)=""/38, 0xffffffffffffff4f}, &(0x7f0000000400), 0x2}, 0xfffffffffffffdc1) sendmsg$key(0xffffffffffffffff, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f00000001c0)={0x2, 0x4000000000000d, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1=0xe0000001}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}}}, @sadb_lifetime={0x4, 0x3, 0x4}]}, 0xa0}, 0x1}, 0x0) chroot(&(0x7f0000000140)='./file0\x00') r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, &(0x7f00000002c0)=0x14) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, &(0x7f0000000180)={0x3}, 0x1) open(&(0x7f0000000040)='./file0\x00', 0x101000, 0xb0d5be50b8ef2fc1) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2018/04/09 20:47:49 executing program 0 (fault-call:12 fault-nth:0): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x0, 0x0) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:49 executing program 4: r0 = accept4(0xffffffffffffffff, &(0x7f0000000040)=@nl=@unspec, &(0x7f00000000c0)=0x80, 0x80800) accept4$vsock_stream(r0, &(0x7f0000000380)={0x28, 0x0, 0x2711, @host=0x2}, 0x10, 0x80000) setsockopt$packet_buf(r0, 0x107, 0x16, &(0x7f00000003c0)="b68a9e25afdc61aeb82d674ed58b5f194059050411ad558b18e52d80022786f6254ac1332bd7f335b3651eb58be57e51983806aa41cc204879d38fd721b4218fc16ca02cbfea1018769d2038a62d1e7d4917d235460705d98cf6e5bfdd5eba8acd7477edaff9e69896598a6a007cc4e35482466d553fac6a041d6bdc67fce0a5142e2c72342e830c039c746c73cc21ee84d0ad031f5c479fd214ea5061c344dc3584ce226e075982cf181a448a95823ea7ab192b900448a788519aed8457c0ae19e7dad112126f79a998b78d0cf347881be0aae2dd69f6d7a956410a1b7a179c38ddca0034eb481aa8b77981e73bbf9c76db92f65a6b3a29ace1599737", 0xfd) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r1, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r1, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r2}}, 0x18) 2018/04/09 20:47:49 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890200000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:49 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {r1, 0x0, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x20000210) 2018/04/09 20:47:49 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x4, 0x400000) ioctl$KVM_SMI(r1, 0xaeb7) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:49 executing program 2 (fault-call:6 fault-nth:3): r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(0xffffffffffffffff, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:49 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(0xffffffffffffffff, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:49 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {r1, 0x0, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x7) [ 182.230179] binder: 15852:15861 got transaction with invalid offsets ptr [ 182.252676] dccp_xmit_packet: Payload too large (65423) for featneg. [ 182.259280] FAULT_INJECTION: forcing a failure. [ 182.259280] name failslab, interval 1, probability 0, space 0, times 0 [ 182.270542] CPU: 0 PID: 15864 Comm: syz-executor2 Not tainted 4.16.0+ #14 [ 182.277473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 182.286831] Call Trace: [ 182.289440] dump_stack+0x1b9/0x294 [ 182.293084] ? dump_stack_print_info.cold.2+0x52/0x52 [ 182.298290] ? llist_reverse_order+0x70/0x70 [ 182.302715] should_fail.cold.4+0xa/0x1a [ 182.303227] binder: 15852:15861 transaction failed 29201/-14, size 40-8 line 2991 [ 182.306784] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 182.306809] ? is_console_locked+0x20/0x20 [ 182.306828] ? console_unlock+0x82c/0x1100 [ 182.306854] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 182.333002] ? console_unlock+0xb37/0x1100 [ 182.337249] ? wake_up_klogd+0x100/0x100 [ 182.341303] ? mark_held_locks+0xc9/0x160 [ 182.345448] ? __down_trylock_console_sem+0xd3/0x200 [ 182.350544] ? vprintk_emit+0x694/0xdd0 [ 182.354510] ? vprintk_emit+0x694/0xdd0 [ 182.358469] ? __down_trylock_console_sem+0x155/0x200 [ 182.363649] __should_failslab+0x124/0x180 [ 182.367872] should_failslab+0x9/0x14 [ 182.371655] kmem_cache_alloc_node+0x56/0x780 [ 182.376141] __alloc_skb+0x111/0x780 [ 182.379857] ? skb_scrub_packet+0x580/0x580 [ 182.384162] ? mark_held_locks+0xc9/0x160 [ 182.388292] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 182.392863] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 182.397953] ? vprintk_default+0x28/0x30 [ 182.402008] ? vprintk_func+0x81/0xe7 [ 182.405801] ? printk+0x9e/0xba [ 182.409064] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 182.413814] ? idr_get_free+0x1090/0x1090 [ 182.417959] dccp_send_ack+0xd2/0x340 [ 182.421746] dccp_xmit_packet+0x629/0x790 [ 182.425889] ? dccp_send_sync+0x270/0x270 [ 182.430032] ? qpolicy_simple_top+0x45/0x60 [ 182.434341] dccp_write_xmit+0x190/0x1f0 [ 182.438414] dccp_sendmsg+0x8c7/0x1020 [ 182.442297] ? dccp_getsockopt+0xf0/0xf0 [ 182.446340] ? find_held_lock+0x36/0x1c0 [ 182.450393] ? lock_downgrade+0x8e0/0x8e0 [ 182.454540] inet_sendmsg+0x19f/0x690 [ 182.458325] ? ipip_gro_receive+0x100/0x100 [ 182.462634] ? security_socket_sendmsg+0x94/0xc0 [ 182.467381] ? ipip_gro_receive+0x100/0x100 [ 182.471686] sock_sendmsg+0xd5/0x120 [ 182.475389] sock_write_iter+0x35a/0x5a0 [ 182.479437] ? sock_sendmsg+0x120/0x120 [ 182.483404] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 182.488930] ? iov_iter_init+0xc9/0x1f0 [ 182.492897] __vfs_write+0x5bc/0x880 [ 182.496603] ? kernel_read+0x120/0x120 [ 182.500477] ? wait_for_completion+0x870/0x870 [ 182.505059] ? rw_verify_area+0x118/0x360 [ 182.509194] vfs_write+0x1f8/0x560 [ 182.512723] ksys_write+0xf9/0x250 [ 182.516253] ? SyS_read+0x30/0x30 [ 182.519690] ? mm_fault_error+0x380/0x380 [ 182.523828] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 182.529350] SyS_write+0x24/0x30 [ 182.532698] ? ksys_write+0x250/0x250 [ 182.536484] do_syscall_64+0x29e/0x9d0 [ 182.540353] ? vmalloc_sync_all+0x30/0x30 [ 182.544486] ? _raw_spin_unlock_irq+0x27/0x70 [ 182.548968] ? finish_task_switch+0x1ca/0x820 [ 182.553449] ? syscall_return_slowpath+0x5c0/0x5c0 [ 182.558368] ? syscall_return_slowpath+0x30f/0x5c0 [ 182.563284] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 182.568636] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 182.573466] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 182.578635] RIP: 0033:0x455259 2018/04/09 20:47:49 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff8900ff000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:49 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000380)=@resolve_addr={0x15, 0x0, 0xfa00, {r1, 0x80, 0x0, 0x0, 0x0, @in={0x2, 0x4e20, @loopback=0x7f000001}, @ib={0x1b, 0x6, 0x9, {"43a3423f2b94765be73fa9c245c71b57"}, 0x10001, 0xfff, 0x7}}}, 0xf) getsockname(0xffffffffffffff9c, &(0x7f0000000080)=@pppol2tpv3in6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @dev}}}, &(0x7f0000000000)=0x80) setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, &(0x7f0000000100), 0x4) r3 = syz_open_dev$amidi(&(0x7f0000000140)='/dev/amidi#\x00', 0x2, 0x20000) ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffffff, 0xc008640a, &(0x7f0000000180)={0x0}) fcntl$getownex(r3, 0x10, &(0x7f0000000240)={0x0, 0x0}) r6 = gettid() rt_tgsigqueueinfo(r5, r6, 0x11, &(0x7f0000000280)={0x8, 0x0, 0x6, 0x80}) r7 = syz_open_dev$vcsa(&(0x7f00000001c0)='/dev/vcsa#\x00', 0x6, 0x0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f0000000200)={r4, 0x80000, r7}) [ 182.581808] RSP: 002b:00007fe6acfbcc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 182.589499] RAX: ffffffffffffffda RBX: 00007fe6acfbd6d4 RCX: 0000000000455259 [ 182.596753] RDX: 000000000000ff8f RSI: 0000000020f8aff1 RDI: 0000000000000014 [ 182.604008] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 182.611278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 182.618537] R13: 00000000000006b6 R14: 00000000006fd1b0 R15: 0000000000000003 [ 182.658826] binder: BINDER_SET_CONTEXT_MGR already set 2018/04/09 20:47:50 executing program 2 (fault-call:6 fault-nth:4): r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(0xffffffffffffffff, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:50 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000), 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) [ 182.696131] binder: 15852:15882 ioctl 40046207 0 returned -16 [ 182.696940] binder_alloc: 15852: binder_alloc_buf, no vma [ 182.707782] binder: 15852:15861 transaction failed 29189/-3, size 40-8 line 2963 [ 182.780485] dccp_xmit_packet: Payload too large (65423) for featneg. [ 182.786594] binder: undelivered TRANSACTION_ERROR: 29189 [ 182.787114] FAULT_INJECTION: forcing a failure. [ 182.787114] name failslab, interval 1, probability 0, space 0, times 0 [ 182.792882] binder: undelivered TRANSACTION_ERROR: 29201 [ 182.803776] CPU: 1 PID: 15897 Comm: syz-executor2 Not tainted 4.16.0+ #14 [ 182.803786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 182.803792] Call Trace: [ 182.803814] dump_stack+0x1b9/0x294 [ 182.803837] ? dump_stack_print_info.cold.2+0x52/0x52 [ 182.836954] ? is_bpf_text_address+0xd7/0x170 [ 182.841438] ? kernel_text_address+0x79/0xf0 [ 182.845832] ? __unwind_start+0x166/0x330 [ 182.849986] should_fail.cold.4+0xa/0x1a [ 182.854036] ? __save_stack_trace+0x7e/0xd0 [ 182.858345] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 182.863436] ? save_stack+0xa9/0xd0 [ 182.867050] ? save_stack+0x43/0xd0 [ 182.870659] ? kasan_kmalloc+0xc4/0xe0 [ 182.874527] ? kasan_slab_alloc+0x12/0x20 [ 182.878655] ? kmem_cache_alloc_node+0x144/0x780 [ 182.883397] ? __alloc_skb+0x111/0x780 [ 182.887270] ? dccp_send_ack+0xd2/0x340 [ 182.891225] ? dccp_xmit_packet+0x629/0x790 [ 182.895530] ? dccp_write_xmit+0x190/0x1f0 [ 182.899748] ? dccp_sendmsg+0x8c7/0x1020 [ 182.903790] ? inet_sendmsg+0x19f/0x690 [ 182.907749] ? sock_sendmsg+0xd5/0x120 [ 182.911623] ? sock_write_iter+0x35a/0x5a0 [ 182.915841] ? __vfs_write+0x5bc/0x880 [ 182.919712] ? vfs_write+0x1f8/0x560 [ 182.923409] ? ksys_write+0xf9/0x250 [ 182.927105] ? SyS_write+0x24/0x30 [ 182.930629] ? do_syscall_64+0x29e/0x9d0 [ 182.934677] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 182.940035] ? print_usage_bug+0xc0/0xc0 [ 182.944082] ? graph_lock+0x170/0x170 [ 182.947863] ? mark_held_locks+0xc9/0x160 [ 182.952000] ? __down_trylock_console_sem+0xd3/0x200 [ 182.957088] ? vprintk_emit+0x694/0xdd0 [ 182.961046] __should_failslab+0x124/0x180 [ 182.965264] should_failslab+0x9/0x14 [ 182.969048] kmem_cache_alloc_node_trace+0x5a/0x770 [ 182.974055] __kmalloc_node_track_caller+0x33/0x70 [ 182.978972] __kmalloc_reserve.isra.38+0x3a/0xe0 [ 182.983711] __alloc_skb+0x14d/0x780 [ 182.987411] ? skb_scrub_packet+0x580/0x580 [ 182.991713] ? mark_held_locks+0xc9/0x160 [ 182.995847] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 183.000414] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 183.005506] ? vprintk_default+0x28/0x30 [ 183.009551] ? vprintk_func+0x81/0xe7 [ 183.013358] ? printk+0x9e/0xba [ 183.016630] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 183.021368] ? idr_get_free+0x1090/0x1090 [ 183.025506] dccp_send_ack+0xd2/0x340 [ 183.029291] dccp_xmit_packet+0x629/0x790 [ 183.033425] ? dccp_send_sync+0x270/0x270 [ 183.037561] ? qpolicy_simple_top+0x45/0x60 [ 183.041875] dccp_write_xmit+0x190/0x1f0 [ 183.045921] dccp_sendmsg+0x8c7/0x1020 [ 183.049798] ? dccp_getsockopt+0xf0/0xf0 [ 183.053840] ? find_held_lock+0x36/0x1c0 [ 183.057904] ? lock_downgrade+0x8e0/0x8e0 [ 183.062049] inet_sendmsg+0x19f/0x690 [ 183.065836] ? ipip_gro_receive+0x100/0x100 [ 183.070148] ? security_socket_sendmsg+0x94/0xc0 [ 183.074889] ? ipip_gro_receive+0x100/0x100 [ 183.079198] sock_sendmsg+0xd5/0x120 [ 183.082897] sock_write_iter+0x35a/0x5a0 [ 183.086959] ? sock_sendmsg+0x120/0x120 [ 183.090924] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 183.096448] ? iov_iter_init+0xc9/0x1f0 [ 183.100413] __vfs_write+0x5bc/0x880 [ 183.104117] ? kernel_read+0x120/0x120 [ 183.107992] ? wait_for_completion+0x870/0x870 [ 183.112578] ? rw_verify_area+0x118/0x360 [ 183.116711] vfs_write+0x1f8/0x560 [ 183.120238] ksys_write+0xf9/0x250 [ 183.123763] ? SyS_read+0x30/0x30 [ 183.127202] ? mm_fault_error+0x380/0x380 [ 183.131353] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 183.136889] SyS_write+0x24/0x30 [ 183.140270] ? ksys_write+0x250/0x250 [ 183.144087] do_syscall_64+0x29e/0x9d0 [ 183.147955] ? vmalloc_sync_all+0x30/0x30 [ 183.152087] ? _raw_spin_unlock_irq+0x27/0x70 [ 183.156568] ? finish_task_switch+0x1ca/0x820 [ 183.161049] ? syscall_return_slowpath+0x5c0/0x5c0 [ 183.165963] ? syscall_return_slowpath+0x30f/0x5c0 [ 183.170885] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 183.176237] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 183.181067] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 183.186236] RIP: 0033:0x455259 [ 183.189408] RSP: 002b:00007fe6acfbcc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 183.197100] RAX: ffffffffffffffda RBX: 00007fe6acfbd6d4 RCX: 0000000000455259 [ 183.204352] RDX: 000000000000ff8f RSI: 0000000020f8aff1 RDI: 0000000000000014 [ 183.211617] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 183.218871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 183.226125] R13: 00000000000006b6 R14: 00000000006fd1b0 R15: 0000000000000004 2018/04/09 20:47:50 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) r2 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x7, 0x20000) ioctl$UFFDIO_WAKE(r2, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000ffc000/0x4000)=nil, 0x4000}) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {r1, 0x0, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) 2018/04/09 20:47:50 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000509ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:50 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x0, 0x0) mq_timedsend(r1, &(0x7f0000000040)="d852ba52505250b54a698ea2d091b5037c51808bd4d9852f76f4882c1af4fbd4e9a3888f7e5ab41b709eae374b3fabd2d1d8159142004267c11d0e5b840a4ade5dd07715", 0x44, 0x2, &(0x7f00000000c0)={0x77359400}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:50 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x0, 0x0) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:50 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x13f}}, 0x20) r1 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x800, 0x20000) ioctl$KVM_GET_ONE_REG(r1, 0x4010aeab, &(0x7f0000000080)={0x100}) ioctl$DRM_IOCTL_GET_CAP(r1, 0xc010640c, &(0x7f00000000c0)={0xfff, 0xfff}) write$rdma_cm(r0, &(0x7f0000000700)=@get_event={0xc, 0x8, 0xfa00, {&(0x7f0000000380)}}, 0x10) 2018/04/09 20:47:50 executing program 2 (fault-call:6 fault-nth:5): r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(0xffffffffffffffff, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:50 executing program 5: r0 = fcntl$dupfd(0xffffffffffffff9c, 0x406, 0xffffffffffffff9c) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505331, &(0x7f0000000040)={{0x2, 0x81}, {0x5}, 0x0, 0x1, 0x7c57}) perf_event_open(&(0x7f0000d2af88)={0x2, 0x78, 0xe2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = epoll_create(0x10001) fcntl$notify(r1, 0x0, 0x2a2) 2018/04/09 20:47:50 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000), 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:50 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000f00309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:50 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000), 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) [ 183.365893] binder: 15911:15916 got transaction with invalid offsets ptr [ 183.398176] binder: 15911:15916 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:50 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000100)=@disconnect={0xa, 0x0, 0xfa00, {r1}}, 0xfffffffffffffd66) 2018/04/09 20:47:50 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000590fa8)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="0a0775b0d5e383e5b3b60ced5c54dbb7295df0df8217ad4000000000000000e6", 0x20) r1 = accept$alg(r0, 0x0, 0x0) io_setup(0x1, &(0x7f0000479000)=0x0) sysfs$1(0x1, &(0x7f0000000040)='skcipher\x00') io_submit(r2, 0x1, &(0x7f0000738000)=[&(0x7f0000f73fc0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f000079a000)="16", 0x1}]) 2018/04/09 20:47:50 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff89000ec00309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 183.432844] dccp_xmit_packet: Payload too large (65423) for featneg. [ 183.446303] binder: BINDER_SET_CONTEXT_MGR already set [ 183.465212] binder: 15911:15930 ioctl 40046207 0 returned -16 2018/04/09 20:47:50 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(0xffffffffffffffff, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:50 executing program 3 (fault-call:4 fault-nth:0): perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:50 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000001000)=@create_id={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000fc0)={0xffffffff}, 0x106, 0x5}}, 0x20) write$rdma_cm(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="2066070088003f00c92633bfe637879035b46b32948565ecaa715b690a22218fbfa066b2671defad0f1ed9043f2f5fbdb8f679bc8549d8b6ca5688061b39cea42a2767b907da4bb02247bf189d8a2f97bf8c9f5c3d094914ee399c8fad0de3acb8f582a0f20975e5b43a1748ef663aa3a4494d57d52dfdd6fac8000c9f0b5e21165887945ae31d4640de977cdc2511fbe4952c95322eacd108568f43fdd1c49cfd24f9ca0fb32699b3bdbc056015490b6779690f1b23595edc9ffe510d7831cc5d53eacb4a89c30a9bba890e46976f3dea431e539ef11c0000000000000000000000000000000000000000000000", @ANYRES32=r1, @ANYBLOB="300000000a004e2305000000fe8000000000000000000000000000bb0500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x100) write$rdma_cm(r0, &(0x7f0000000240)=@connect={0x6, 0x0, 0xfa00, {{0xfffffffffffffffc, 0x9, "029ced241492547da9681bc0bc30016f53d75de40278551b82a5c7999343dcbc82b96314212b1c3f66357f50e51b262c5081badedb94a26a7f19ee48d6e53b5be983f4509e8527ca55d164821d775efcb8c4a9758d548ef2110e5aaf35bad1bad53edee4d56cff5c3084e4c126a4753977c8152ff88442f235ed1cfef9da6d826581acc10a6eb0dd0835a184b76e436f04af88275ea441f2117739c851521dd6395fb1baceceb4c1961313e69dc17c7f37a1dccf2c3f4a081a3de9f68bca2f08af1e2a1edae863571325f4aa83305e1231e6ed8859968084e6b546fcfa0ab4ba44a16500fa7d938c5c3fd40fea69f5e144ddcc6f5da9459758e71f59a397e24d", 0x43, 0x9, 0x0, 0x4, 0x1, 0x1f, 0x7}, r1}}, 0xffffffffffffffee) r2 = shmget$private(0x0, 0x1000, 0x80, &(0x7f0000ffd000/0x1000)=nil) shmctl$SHM_STAT(r2, 0xd, &(0x7f0000001040)=""/4096) [ 183.505171] binder_alloc: 15911: binder_alloc_buf, no vma [ 183.510856] binder: 15911:15941 transaction failed 29189/-3, size 40-8 line 2963 2018/04/09 20:47:50 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000ff0309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 183.617841] dccp_xmit_packet: Payload too large (65423) for featneg. [ 183.635061] binder: undelivered TRANSACTION_ERROR: 29189 [ 183.641710] binder: undelivered TRANSACTION_ERROR: 29201 [ 184.327563] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:51 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000180)={0x0, 0x45, "21a2d7fecc6c1c81abb89948bca4abea28226f8e07e1555637eb98ee26ac9f393b08f2ae03cf0fa9f4d38250551eed82a758ca533ada0535057840b77f6f0369e53fc71830"}, &(0x7f00000000c0)=0x4d) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000100)={r1, 0x8001}, &(0x7f0000000140)=0x8) mmap(&(0x7f0000001000/0x9000)=nil, 0x9000, 0x0, 0x8012, r0, 0x0) 2018/04/09 20:47:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x37, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="006340400000000000000000000000000000280000000000000008000000000000000000000000b5406eb358000000", @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x48, 0x0, &(0x7f0000000000)="df04ae7ce1b3925c11f960dfa0f7ab5f90f92145265ee592facc9db5ee279bc8a6072de220b5e69381add82879857e01661c63820abc45715908897e05de8eba0d47f0c67b1983dc"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:51 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {r1, 0x0, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) r2 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000080)={0x9, 0x0, 0x4, 0x100000001, 0x401, 0x7, 0x8, 0x9, 0x0}, &(0x7f00000000c0)=0x20) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000000240)={r3, 0x5}, 0x8) 2018/04/09 20:47:51 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff8900dd020309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:51 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0x20f9af80) sendto$inet(0xffffffffffffffff, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:51 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=ANY=[@ANYBLOB="05000000100000fa", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000ff010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000abd901fd9ffac4d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00'], 0x18) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x426000, 0x0) openat(r2, &(0x7f0000000400)='./file0\x00', 0x200, 0x49) ioctl$EVIOCGSND(r2, 0x8040451a, &(0x7f0000000080)=""/7) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000380)={&(0x7f00000000c0)=[0x3, 0x0, 0x8, 0xe4, 0x6, 0x0, 0x47, 0x0], 0x8, 0x5c2fdcf4, 0x1, 0x0, 0x9, 0xffff, {0xfff, 0x7f, 0xa84, 0x5, 0x40, 0x7f, 0x3, 0xafdc, 0x0, 0x8, 0x8000, 0x1f, 0x3, 0x80000001, "3bc1ba4591439919d734e221a18b800ce838cbe5e579e15b85916e81b7887cc9"}}) 2018/04/09 20:47:51 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:51 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='//file0\x00', 0x0) timerfd_create(0x0, 0x0) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:51 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xffc3) sendto$inet(0xffffffffffffffff, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:51 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890002000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 184.433234] binder_alloc: 15992: binder_alloc_buf size 6400581474726182912 failed, no address space [ 184.442867] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 184.451807] binder: 15992:15998 transaction failed 29201/-28, size 6391573520362504192-9007954363678720 line 2963 2018/04/09 20:47:51 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/netstat\x00') r3 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(r2, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)={0xbc, r3, 0x314, 0x70bd2b, 0x25dfdbfd, {0x2}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x3f}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'ip6gretap0\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x200}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x3}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x400}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6}]}, @IPVS_CMD_ATTR_DEST={0x4c, 0x2, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x1}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0xffffffff80000001}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x5}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e24}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x6}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x63}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e21}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e23}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x5}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xaadf}]}, 0xbc}, 0x1, 0x0, 0x0, 0x40044}, 0x4004) 2018/04/09 20:47:51 executing program 5: r0 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x2c00000000000000, 0x206000) setsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f00000000c0)=0x10001, 0x2) syz_emit_ethernet(0x3e, &(0x7f0000000040)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @random="e7d0881a9ffe", [], {@ipv6={0x86dd, {0x0, 0x6, "f83796", 0x8, 0x2b, 0x0, @dev={0xfe, 0x80}, @local={0xfe, 0x80, [], 0xaa}, {[], @udp={0x4e20, 0x0, 0x8}}}}}}, &(0x7f0000000000)={0x0, 0x0, [0x0, 0xdd, 0x0, 0x400000]}) 2018/04/09 20:47:51 executing program 6: r0 = accept$netrom(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000080)=0x10) ioctl$sock_inet_SIOCGIFNETMASK(r0, 0x891b, &(0x7f00000000c0)={'\x00', {0x2, 0x4e21, @remote={0xac, 0x14, 0x14, 0xbb}}}) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r1, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r1, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {r2, 0x0, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) [ 184.518341] dccp_xmit_packet: Payload too large (65475) for featneg. 2018/04/09 20:47:51 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000000)=0x0) r2 = syz_open_procfs(r1, &(0x7f0000000040)='setgroups\x00') sendfile(r0, r2, &(0x7f00005d4ff8)=0x84b, 0x2000000000000ff) 2018/04/09 20:47:51 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff8900c00e0309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 184.565620] binder_alloc: 15992: binder_alloc_buf, no vma [ 184.571301] binder: 15992:15998 transaction failed 29189/-3, size 6391573520362504192-9007954363678720 line 2963 [ 184.586665] dccp_xmit_packet: Payload too large (65475) for featneg. [ 184.597832] binder: BINDER_SET_CONTEXT_MGR already set 2018/04/09 20:47:51 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0x5f5e0ff) sendto$inet(0xffffffffffffffff, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) [ 184.648219] binder: 15992:16014 ioctl 40046207 0 returned -16 2018/04/09 20:47:52 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="e409409ead72d4bac5", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00'], 0x18) syz_open_dev$sndmidi(&(0x7f0000000000)='/dev/snd/midiC#D#\x00', 0x8, 0x2400) setns(r0, 0x0) 2018/04/09 20:47:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x40000) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000000)=ANY=[@ANYBLOB="00000000000000002e21a309000000000000001b158b8f3637ee184593e410cf8bbaa89c9b302e0dc52f04b65bfb5dbaf2e82263412f6f0736b516cc0c"]], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f0000000080)={0x5, 0x7, 0x1, 0x800, "7546591f0df4181ba8d9de8213fccbf6da3dbc0bfbf7aae839e0dc9178599f877ac75e4fe6085d4a4d0920d2", 0x101}) 2018/04/09 20:47:52 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {0xffffffff, 0x0, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) r1 = socket$bt_bnep(0x1f, 0x3, 0x4) setsockopt$sock_void(r1, 0x1, 0x24, 0x0, 0x0) 2018/04/09 20:47:52 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/snmp6\x00') preadv(r0, &(0x7f0000b5cff8)=[{&(0x7f00006f0000)=""/154, 0x9a}], 0x1, 0x47) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x2, 0x1, &(0x7f0000000040)=""/21, &(0x7f0000000080)=""/59, &(0x7f00000000c0)=""/215}) 2018/04/09 20:47:52 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xfffffffffffffdef) sendto$inet(0xffffffffffffffff, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:52 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff8900000f0309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:52 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./.ile0\x00', 0x0) timerfd_create(0x0, 0x0) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:52 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x10}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) [ 185.373260] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 185.399131] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:52 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) 2018/04/09 20:47:52 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff89000f000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:52 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) prctl$setname(0xf, &(0x7f0000000000)='@-+)\x00') write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {r1, 0x0, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) [ 185.472207] binder: 16069:16073 got transaction with invalid offsets ptr [ 185.511451] binder: 16069:16073 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:52 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xfdef) sendto$inet(0xffffffffffffffff, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:52 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000041000)="6500000005", 0x0) ioctl$TCSETS(r0, 0x5402, &(0x7f00000000c0)={0x1ff, 0x0, 0x8, 0x1, 0x2000000000, 0x8, 0x7, 0x0, 0x0, 0x101, 0x7f, 0x6}) r1 = syz_open_dev$sndseq(&(0x7f0000048ff3)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000080)={@rand_addr=0x4, @remote={0xac, 0x14, 0x14, 0xbb}, 0x1, 0x1, [@broadcast=0xffffffff]}, 0x14) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r2, 0x114, 0xa, &(0x7f0000000180)={0x3, "ceace2"}, 0x4) setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0x5, &(0x7f0000000040)=0x5, 0x4) ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000100)=0x0) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r3, 0x3, &(0x7f0000000140)=""/54) [ 185.540240] binder: BINDER_SET_CONTEXT_MGR already set [ 185.575268] binder_alloc: 16069: binder_alloc_buf, no vma [ 185.580927] binder: 16069:16073 transaction failed 29189/-3, size 40-8 line 2963 [ 185.590259] binder: 16069:16087 ioctl 40046207 0 returned -16 2018/04/09 20:47:52 executing program 4: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x4) write$rdma_cm(0xffffffffffffffff, &(0x7f0000000ac0)=@join_ip_mcast={0x10, 0x30, 0xfa00, {&(0x7f0000000a80)={0xffffffff}, 0x4, {0xa, 0x4e20, 0x5, @mcast2={0xff, 0x2, [], 0x1}, 0x3}}}, 0x38) write$rdma_cm(r0, &(0x7f0000000b00)=@leave_mcast={0x11, 0x10, 0xfa00, {&(0x7f0000000080), r1}}, 0x18) getsockname$netrom(r0, &(0x7f0000000380)=@full, &(0x7f00000000c0)=0x48) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="00000000180000fa0000000000000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB='?\x00\x00\x00\x00\x00\x00\x00'], 0x20) write$rdma_cm(r0, &(0x7f00000005c0)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000580)={0xffffffff}, 0x13f, 0xb}}, 0x20) write$rdma_cm(r2, &(0x7f0000000600)=@bind_ip={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e20, 0x8, @loopback={0x0, 0x1}, 0xf26a}, r3}}, 0x30) [ 185.739552] binder: undelivered TRANSACTION_ERROR: 29189 [ 185.745615] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:53 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) fchmod(r0, 0x40) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {r1, 0x0, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) 2018/04/09 20:47:53 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='.//ile0\x00', 0x0) timerfd_create(0x0, 0x0) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:53 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x2022c008}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:53 executing program 5: mmap(&(0x7f0000000000/0xddf000)=nil, 0xddf000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$bt_hci(r0, 0x0, 0x2, &(0x7f0000000000)=""/74, &(0x7f0000000200)=0x3d) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000380)={"6970365f707469a600000000000800", {0x2, 0x4e24}}) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x118) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000100)={0x0, @in6={{0xa, 0x4e22, 0x2, @ipv4={[], [0xff, 0xff]}, 0x836}}, 0x0, 0x8}, &(0x7f00000001c0)=0x90) setsockopt$inet_sctp_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000240)={r2, 0xffffffff, 0x100, 0x24b}, 0x10) write$cgroup_pid(r1, &(0x7f0000000300)={[0x34]}, 0x1) getsockname$inet6(r1, &(0x7f0000000280), &(0x7f00000002c0)=0x1c) 2018/04/09 20:47:53 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890002dd0309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:53 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xa) sendto$inet(0xffffffffffffffff, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0) epoll_pwait(r1, &(0x7f0000000040)=[{}], 0x1, 0x5, &(0x7f0000000080)={0x3}, 0x8) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x10, r1, 0x0) 2018/04/09 20:47:53 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f0000000000)) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) [ 186.470328] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 186.498154] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:53 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x10}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:53 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff8900f0000309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 186.566840] binder: 16148:16151 got transaction with invalid offsets ptr [ 186.575289] binder: 16148:16151 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:53 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000180000fa0000000000004a87e1e90a995d9f7e460000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="3f01000000000000"], 0x20) r2 = fcntl$dupfd(r0, 0x406, r0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r2, 0x0, 0x48c, &(0x7f0000000340)={0x0, 'gretap0\x00', 0x1}, 0x18) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000080)={'gre0\x00', {0x2, 0x4e24}}) 2018/04/09 20:47:53 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0x63) sendto$inet(0xffffffffffffffff, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:53 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="00000000180000fa0000000000000000", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="3f013de9f556981732fe9ec9639cd2549d8a7c2eec9fa4c667a310a716e86b2814bce8af00391d"], 0x20) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {r1, 0x0, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) [ 186.633439] binder: BINDER_SET_CONTEXT_MGR already set [ 186.653435] binder: 16148:16163 ioctl 40046207 0 returned -16 [ 186.663537] binder_alloc: 16148: binder_alloc_buf, no vma [ 186.669206] binder: 16148:16151 transaction failed 29189/-3, size 40-8 line 2963 2018/04/09 20:47:54 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000020309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:54 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000340)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000240)=@set_option={0xe, 0x18, 0xfa00, @ib_path={&(0x7f00000000c0)=[{0x20, 0x0, [0x6, 0x0, 0x3c1e, 0x0, 0x3, 0x80, 0x1aa4, 0xff, 0x100000001, 0x0, 0x3, 0x1, 0x80, 0x5, 0x400000, 0x4]}, {0xa, 0x0, [0xfffffffffffffffb, 0xfffffffeffffffff, 0x2, 0x99, 0x7ff, 0x3ff, 0xffff, 0x8, 0x101, 0x2d6f, 0x77d, 0x100, 0x2, 0x8a, 0x4, 0x1]}, {0x2, 0x0, [0x3ff, 0x2, 0x1ff, 0xffff, 0x6, 0x9d0, 0x8, 0x6, 0x6, 0x40, 0x3, 0x1, 0x7ff, 0x2, 0x100, 0x10001]}, {0x0, 0x0, [0x7, 0x8, 0x5, 0x8, 0x80000001, 0x5, 0x97e, 0x7ff, 0x81, 0x4, 0x8, 0x200, 0x7, 0x6bb0, 0x9, 0x3ff]}], r1, 0x1, 0x1, 0x120}}, 0x20) 2018/04/09 20:47:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f00000000c0)={'bcsh0\x00', {0x2, 0x4e23, @rand_addr=0x5}}) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x800) fcntl$getownex(r0, 0x10, &(0x7f0000000580)={0x0, 0x0}) getresuid(&(0x7f00000005c0), &(0x7f0000000600)=0x0, &(0x7f0000000640)) r4 = getgid() ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, &(0x7f0000000680)=0x0) stat(&(0x7f00000006c0)='./file0\x00', &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f0000000780), &(0x7f00000007c0)=0x0, &(0x7f0000000800)) sendmsg$unix(r1, &(0x7f0000000900)={&(0x7f0000000040)=@abs={0x1, 0x0, 0x4e20}, 0x6e, &(0x7f0000000500)=[{&(0x7f00000000c0)}, {&(0x7f0000000100)="72e7e66482d8639b857cb90935b0978beb8b9b8c27ca917021e71e75babd77e609ca61c262facdecb61f5034e0c16168d498d66e8fd054c059c4bcbbddc878e2e7b62183404eb5861509598eb6dffdc5", 0x50}, {&(0x7f00000003c0)="e9a97807c5a6515e131d9b1e75f5d638cb4cbdf78dc3bfc730c6f852d5ad80b2845fac0cfd40504fe42678c3aba098c8f2a0d750d30b4016bff1af2760948b76059d54507a40b0a5df324c993765774a5d8db4ca3de1ed324bca16b38f97c54c0c51148ff07c0e8f91c539e853a9b734f6a3eb5abd034373d6f86818f7b1aea5ec1041e740f0d2bd26202c5112c393e5c2ea1ca3ad6f6fe520a0b96b228df7edf0ed5cbbd7dc0a50942b34734a6308f47e877b2693b46d7144c2a69b24f35a2f2c57bd8a62e1a1630a73167da15e07040e787707", 0xd4}, {&(0x7f00000001c0)="e74d83708f566daf0af0a1a31dcbc90ebd1647704a1373c33219c8f8d2fee6c2faf0d89470339945d4db4c6e3628bf53c2e326f6bdd782328fa85eba38a2afe1bbdded49558936ba88ba499bd7789f", 0x4f}, {&(0x7f00000002c0)="eff63e8b28578c087b68b59809c7f02973b22655e8cae155af95fe381a5ed7fabf86e85ea3a372903b0ebece82b79c526a8f0a2f066a995587007f765c68109037e6c54d09e1f2c8d443cee5c73e70ce7e05d81e58f547c2d3ddcf826d6eba", 0x5f}, {&(0x7f0000000340)}, {&(0x7f00000004c0)="b57413ef5c97deccecd25f9a905938ee7f7c371a", 0x14}], 0x7, &(0x7f0000000840)=[@rights={0x30, 0x1, 0x1, [r0, r0, r0, r0, r0, r0, r0]}, @rights={0x20, 0x1, 0x1, [r0, r0, r0, r0]}, @cred={0x20, 0x1, 0x2, r2, r3, r4}, @cred={0x20, 0x1, 0x2, r5, r6, r7}], 0x90, 0x4011}, 0x4000) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) [ 186.802416] binder: undelivered TRANSACTION_ERROR: 29201 [ 186.818590] binder: undelivered TRANSACTION_ERROR: 29189 [ 186.847633] binder: 16196:16197 got transaction with invalid offsets ptr [ 186.855785] binder: 16196:16197 transaction failed 29201/-14, size 40-8 line 2991 [ 186.877358] binder: 16196:16197 ioctl 891c 200000c0 returned -22 [ 186.886970] binder: BINDER_SET_CONTEXT_MGR already set [ 186.892462] binder: 16196:16200 ioctl 40046207 0 returned -16 [ 186.900231] binder_alloc: 16196: binder_alloc_buf, no vma [ 186.904111] binder: 16196:16200 ioctl 891c 200000c0 returned -22 [ 186.905910] binder: 16196:16197 transaction failed 29189/-3, size 40-8 line 2963 [ 186.937099] binder: undelivered TRANSACTION_ERROR: 29189 [ 186.951142] binder: undelivered TRANSACTION_ERROR: 29201 [ 187.595873] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:54 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sloppy_sctp\x00', 0x2, 0x0) ioctl$DRM_IOCTL_RES_CTX(r2, 0xc0106426, &(0x7f0000000440)={0x4, &(0x7f0000000400)=[{}, {}, {}, {0x0}]}) ioctl$DRM_IOCTL_RM_CTX(r2, 0xc0086421, &(0x7f0000000480)={r3, 0x1}) getsockopt$IP6T_SO_GET_ENTRIES(r2, 0x29, 0x41, &(0x7f0000000240)={'mangle\x00', 0xfa, "25182de284f3bffd22905617ead25c55507fde61b8c0342497d32f52ece8d6bda329c0ac80f20ed077ddb075d9bc66ac26b8edc0217d243edd9780b95c6cc66e59fad6b4785eb6a82a45339b699c936466e7578fe750461d88201a152fd6199ae0f7f0bbbf64db3df9fa83dde7b5363545c7fead7dc3082b441384151e734eb90543f0513f75b15fbe3317a7dfa76fb317c7157685ac588e2b2adfdd034d539e1cb8d81216d896ae051fbcbe44bf0dd3832df1b17fdf81b4244d954425148b782ec2050e0248abf42fe8c0a7453723ab278eced6756e58fc47fad28784bfe501bcf452162a7b3a133dbb30060a35ab19f4487af436768ec06091"}, &(0x7f0000000080)=0x11e) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffff9c, 0x84, 0x77, &(0x7f00000000c0)={0x0, 0x7, 0x9, [0x47, 0x9, 0x1b6000000, 0x2, 0x1000, 0x4, 0x7, 0x1, 0x9]}, &(0x7f0000000380)=0x1a) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f0000000740)={r4, 0x1000, "359cde4c584f4d1bf8e7017025845d375798078c61af71953d16cac91dfc0bda7a417cebec9364e6e7776f32a1ebf75fdcc85cd85aad6747bcf45a17737b2d6ea095fe925490b1e74fc1217851362403f96e60d2a4871c73a34eeaa905a75a2a102fd7499bd344d06fefd9253076210533def83b276bb6fb3916a79c6e223be7aaf51b176ba0c2688fe9defbb9e8b00d85164f71ba3b0215ec1f74a648304c73fb8417b50fd8f32d3fa9f38441f568a2a148be704f718dc6f49e03e1fdb319eff2a5332919aadc2317edb8dda7ef4dedc4ab7eae2c0e2c5d7a6b18df17e1fbfebc8724d72ed79b387c539cbbdf89d78c55075229fc2fb95be53098e66faf055abfb54c6726c36777efa758a40898970de6eb818e4ed1d847411114e4f518445a59e7ee1e77330cc6e6bdf42b82de3030714d70cfd8d469218a10381cb394fac7d7b978d2b21714146e74e11b38f19f6c4c3815b8eec05720414a97d5f0afedcd2d3ea2fc3b401b80d98aa67a9055ee78b2304aed7971ecdeb167df94e494525ffe2d61d522dda1ec4100145519312b672bbd793036dfef7c6ed2d9303a2e9a0fccb82ef65161aab52cb435ea2cf588db9f2564f4b85d2c9149f882069a1a8c17a8c0057db40f7e604a2290b561dd34cd13403b774f2d365451daf3c6dfef9b411cad6b26f36432d8850939ee548539f846b759ab5cedbd9df471a5b3e65ac4ebc91137593431dbd24f2eaa8d1de63ec5bb508254f56dfc938fb5dcefbff7be7928f5444b1d21cf157380842f7852c4236848aa9ea5f3c7b062687f83f09345ef5f837088891c751c1e30d84bea29500e8e70b4406afff3da3f7c7dd3c28b29d5082a856d073bdc500742bbbc5a4de7446535cb04abadd55996a454c3769c3068ba2f1c3680dd58d456209a817fdcf42e275b06bc838a255ee09b1787d046a0cbfc2a50cec1e7c63e3d8f4a2a675f31937e2c8ad27e6ed54d04175d3a92861f990b776fffc8fd2d9b80221db27cbc1fbff5a0fc2de86b0ab876f1befed89cc4dec32e58a6181295c53d30d5adaf8ffd20586b1f2562f6791ef7f9af821ea1f9347c5d6d69844f1bfd47e8f6e7a94efd6534888287cbc2f8d071530fa84036d5306bee7a9bffd1901380479283df0ce48324a7a4715a4a7e49818b5f9b10735181aa8c20d876412b4404ff245e0dc8209bf7b2ad6cb843775b4cb61748faef840fc4dbd7da03d277e3819821856b5a980fc089b8d33fe0831d611c27b1d59ea8412b54534238b773bc168bd0d6a1a7cca2b52bfef40be9ffe3e48e3d4d1579a3cbe79f2eb9d4989e93d2c2b7507870b2ec0411e23e8e18080789d5653bda542c5fd22128c61299efaed8aa91ee9080fed1c95565e971b4dbde0360b70147cf1c1eed57751e0b8a574bb88b46d7300303f09c3c5f8e85078f0497166010db499fc9d8866270870caba6d22ce4dc77a67c995ae05226c6b0e165f5c9ef91013566a525390536964a2242f2010970867404e971a766cac83525e2ed740e72737a4e01308fcd97d58c220453bb79b4214a6c973904387cc634df20b5a9b20ab8d1b4e9ad2f0ce29e9415c789f743342e38b53f604630cc48ff6506985e88e07d2ad3c00405d5d6f40ef5f69ee54b9f0399c21089d5f2f936ff68d625960fc06ae7962c2625b4881080061d14bdda27776588323b9ce098b8c772de104f9579dba145bb168a7fea796b69104a4491c088c19892949d26d373e8f286532c6e078ac1e9b901e68ce6c6c98832ff9de136dd3bfd437af314f9a930e838e7d012171ed0cfff1aec0b21764c46cd94e241c76f0ddc1ef56359e1de5c5ab0bd30677662963f8710cadf1a23f34c6287127c6c4e21f45c462266eea1a0029933b000e10d4b52c718c94d7fdc5efa6312c221be02709ba66d4fb52f8d4eaa1afd033d97551a7fe9f5a66dbccce1312609ac915b59b536e8722fb6d7a49664871b999f846b0469212edae22f9ed913e64e2be168ed61adf767a8772f2173587781fd815c13551b6d9daaae693b61446cd549f41c898a828ddfd4926ccb88dc52d42b05d517fb754c0e1377e36a2faaf47731d501d374b10645cf5dbecafd88ca2c71f6665e3102c4e6e8df5e8be7a40912230310ae56639ee4ffda97d0c6ad6dc13ceaf6b08107e5e3a8ade89148c3bbfa9e218b87d1bcd311fd2a99397f53cfa2f91d1b1c9c6caf401e2a6b7ace0b335a4f1ef7f7616809dd76b350cfffd24fc23e14c33b6a40e1b3bb417178f9ecba247a8830e4113bee047857d3876c63927973d2fd07a239732ccfc03c3c39f47d47e1dfb43ed2b4d9c948cd336dad4626f0f93d9291bf5b5c2278664c21c7d85788250a26f870eedac895a4aa64c3bb005a5d9d54e23c62dd8735404cbc4377ab32fab2a2a680ec5471d526759d1a81fa168854aded3d7430bdebb63101e15065491860330ecd3bd5933ee0bfe3d0364252ff12522ba634b60c1aa551cdc0f326af7811f90021428c9ad9e2155df4beca9f21e46df745838ac49888eb18d6e3c12a9c64625c38b44381c34165b00326d40b9017fd2dcd8cd35d91e8a404a38f9d1433b9a6dcb42e014c66f29d546d545e5fc856a8b8e01a69ef695c7a1a5832d1eca375f2fe39adbad5c8b5eaa26032d38b3791a600b31156da0f99ce1fcd39f774bb3a420ae4c12fd785b09f9997e9b2adae58414b7e59c4a4a962f027b90fce396c658bb4851ba17e886607ed24610c07880618714a3706a4161581095f26cec27c1ba0c57de2cf2d3c65ce9b665e75af6f9208bd2569e2fbde92f257ce418ba6a7e4ae632425e65f73c35bc866686bffe99ccb3878ef6ab0756d7e99f6b6856e336700b4d89e9c5f834ac6c52638752430d4244f1c8edf3648421d77a1619413943e6df87ad3625e57055473f428b8ec30717c5dd185c256f9a7ac955af79e05e091eb71ded4d1a2bb50b3a18d6dbc0f0a9a18d7df7914ea2cc47d85f977668162d905ff1c7ffe69ca012c40c7c6f30ed79a2674051e906383b04632661b2c71acc21977bd87225405a9d34d739ddbf191d656de7793014d01f12b6da4ca4401cba64fa2b387363a57fa32f0f908d20d4d2fa1f5f467cf5dbffadf01dadf858790b8eb29ad393c7efcea9ced6cf1a04195792342fef10f9fed79a20890e3a5568e24d1db71ff332ac812ffa09ef53284e33a756ebe80485ec6c0e422a0bdf1900a0f943c2753b8ff5520d24254f611e30b884a3c17b625d2a0d0060a3dd26a70d7d37ba43b71ffb45dbde038f99c771c68412caa6cab904e15880735c35a72d04c647f4998a7180136b98a7ccc9d499d1733bd92a695e1ec480d1d7395b41d3420049b3a1a6b13edcc41227244c3168765d0d04a82a64496f1b519022488f0907239f65f2849a054a5e8614a593a27bc89a9f0e60391e5b43caaae76dd10b20eab38b30b0d78df683f9f4699c102290d58735f30bd1d77a097d1158a22cbf575833f2edaa3af3d9712aa9d3f33ad6abd1836b99e3b03144c17ca096a2664665c7cd78408032ec994508d1239f2429154afd06f4f3436a3dc8cb93ab8b06c2e9fe96eeefb8a60ffd0c5ceae0984adc579972281df732df7ce14d629326922b98dffac4dc81ee7e462376e6b6d68b281da02e090a00d1e6cde475015af7a84421f0116a450d0530b031170506d9e2f5a5c6c189cf83802578d6fb5528133510b7d0517e8953043f464360fd244ab0ad94e094453b7c8f9a25c30e9b9c4d3d8d6aac6d2c84b1de5059b9c45280e2bdc752101ee97c8e4eb9f99fb517ebb41f73f074e751bcebbd534a004ef4b3ce3991fbca9c310938421630b2dbd253f1027848ce65d737bafbb8741a1c312dc5016dacd0fa9b334f83313c04859dc035b601f178032ae77265e581af5eb187c070155f833d3b6fb9b057bca867cfab70336445cfafe7323d76b71fad7bfa934c1827a7ccf8b64e36259bdbfcba4cf88e809355632824c2e19b0acf3b8b1c496230a644f0722ee4cb92d86d2dbd977fb510e0910fed4bb02a0414834f146f0b3a4ac08255a768463d118b2d1c4f693f12b8fbf646c0155c34bf002acae41f7a778443417065053ff4c551594353c190f16167ab02185e98f28c7aeff191122b2604bf53fecf27d35f6ae331a24a37bec689eadc28581382f6ffcecd65386ce4a598b95573b0b07c1639cc17dad2263e0f001ce40c145fd2aff980f2f4d502f690226afe95db7a8f522f35278f7bbc6366541a64d060608dc7d9988b8a9a9a3353d821da8c17019b2090c1294c4a461f58db9100030e6dec3747b6ebb6acc15bcba2d449cd0592e30414f0c08ccec49cb00b6f8fdbcfd650793a0f1d06968e4033552c74e8cec2188322dfcc4bec21beafa8966e0278b2af27a83c2d75fee12693ee262b8e06e24f038431ed5ee2bfea120d34bf29448720fc3d1e9789f72ff179ff1095787ede1c8f142bf1783d77360ca32d234c3541871e631b74c03a0aa82c298f07d91b226f7ad95a6f54f2fc09c36a26af65590434e8901b2448b74101a1bc3fa19db21797132c68a5b8ca507019b64099b6e23a137045801f78c80660febca4fd88515fcc623a1f4401906150342d9d175bc2603c6da278feebe1fc9f212db62a73c9dceecc71d32830a2765e52d7d8a6b1ddc3ed4873dad16840fe0448ead76bac4407a63e5d7879b798f0c25e33eb92bfa43d5deebc891adccdec999e2da8308a670325e3ba6603a29466b3f63546947803b6448e68a47f2afd63e23ec508299b3dd87c6f7f64d48535aa616a0823f5db65391fb5ba93ef594975fbf249a501b7ef82cd5698191b51c6efbe721d4473cd9d41cfa799e3677c8476e976a2e81da56b2a0d29f6d0393267a9cfb91cba8ef514cb4c638f6ca973b40e265493fc8c46ddaf415663cd3763b1e663caadb27671b30e5c4623573389d834d7f46d07c10ebc222ee8c1aec3634a6907c25657a715d6ea5258dd1a00e513bb9764e3718be683a5bfa740e42b3913a0b3290bf9de72974cd3de9b4f48609d871be71c2d4c577249ea27048ba5b38e7f0d1465ced38ffc16a79fcf406d5eca8f80e4c932816e2a339f8d23e40886992142fda88278a0eaf4caff7c35f0ae4cc7ca9c280fd2bb799ed6d54f81f0b9610cbccdcfd50b28092a1fb4266b1b71569166043e51e10b7e583d24b67b10ae2dd635f761c980c18e300bf755a52fa1e0072313ae822d429fb5c4e277562f53ae4326921d00fa86581a51b556144628239e4daddf383885d753ced0a56cbb8c33ae1023895325c0ddfe9b7e650b472e93a36062db332af54fcf9d707214cf61011e417b1180540640334091f4467f0d7de28521416e20c24836553ba34c7f03d11d8f019b92e6e4eab88e5fc2752cd28a25427f68bd97809a2e60004740f802c10d90d237a5d43e9185ca3fa714046db9ff7db9b9535724dfc878e1af03520dc01ac3be81e09e53de6691420612dffa83385270a3d306328dc9c14cd2a47693149b1a9264dec1b08f66d75aa020fa41b77555a7953b714f3faf686d3c9012a47218ffa9efc1019548cc46f9adc157de8ac774539f9243f7d4a423c66d6957b418a40d585a430a30f8e4342d96f6712cb78071eb9a36ac386ed489c11a3aa98bc284f855d1c503adbef719896484c604f22fa059d89b0b0553ab452397705d0e1e42158da75f00c8370f672753d99153d7fa84f4632f25bf204d6d37622d78d6a73d9ba1dbd063358d84a9d4985cb02301f77212fe17e9b4843c0ef21cf9d"}, &(0x7f00000003c0)=0x1008) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {r1, 0x0, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) 2018/04/09 20:47:54 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xfffffdef) sendto$inet(0xffffffffffffffff, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:54 executing program 1: socket$pptp(0x18, 0x1, 0x2) r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:54 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff8900000f0309ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:54 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f00000000c0)=@create_id={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080)={0xffffffff}, 0x106, 0x100b}}, 0x20) write$rdma_cm(r0, &(0x7f0000000340)=@destroy_id={0x1, 0x10, 0xfa00, {&(0x7f0000000000), r1}}, 0x18) write$rdma_cm(r0, &(0x7f0000000700)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000100)}}, 0x18) r2 = syz_open_dev$sndpcmc(&(0x7f0000000300)='/dev/snd/pcmC#D#c\x00', 0x80000000, 0x210000) r3 = syz_genetlink_get_family_id$team(&(0x7f00000003c0)='team\x00') getpeername$packet(r2, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f00000005c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000680)={'team0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000006c0)={'irlan0\x00', 0x0}) getsockopt$inet_mreqn(r2, 0x0, 0x24, &(0x7f0000000f40)={@broadcast, @multicast2, 0x0}, &(0x7f0000000f80)=0xc) getsockname$packet(r2, &(0x7f0000001000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000001040)=0x14) getsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000001080)={@empty, @dev, 0x0}, &(0x7f00000010c0)=0xc) getsockname$packet(r2, &(0x7f0000001100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000001140)=0x14) getsockname$packet(r2, &(0x7f0000001180)={0x0, 0x0, 0x0}, &(0x7f00000011c0)=0x14) sendmsg$TEAM_CMD_OPTIONS_GET(r2, &(0x7f00000014c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1480020}, 0xc, &(0x7f0000001480)={&(0x7f0000001200)={0x27c, r3, 0x300, 0x70bd2c, 0x25dfdbfc, {0x2}, [{{0x8, 0x1, r4}, {0x218, 0x2, [{0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8, 0x3, 0xb}, {0x8, 0x4, 0x4}}, {0x8, 0x6, r5}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0xb1}}}, {0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8, 0x3, 0x5}, {0x10, 0x4, 'roundrobin\x00'}}}, {0x64, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8, 0x3, 0xb}, {0x34, 0x4, [{0x6, 0x45, 0x8, 0x8}, {0x4, 0x3, 0xffffffffffff017d, 0x6}, {0xc89, 0x3ff, 0x0, 0x3}, {0x7b6b, 0x1ff2, 0x77, 0x8000}, {0xc09, 0x6, 0x200, 0x2}, {0xb3, 0x9, 0x2, 0x8}]}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r6}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, r7}}, {0x8, 0x7}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r9}}}]}}, {{0x8, 0x1, r10}, {0x40, 0x2, [{0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r11}}}]}}]}, 0x27c}, 0x1, 0x0, 0x0, 0x4040080}, 0x20000000) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000740)={"e07528b21cf3816bd09333a880054b3d013f169471a3d4ce0852b1614ed5357366118c0a4d689a4949c0132d23394af7b62c8dc16fe2aa5a60f9f3a11cf1c254ea60209deb525ab3b7cf4af30491b5a06043b381e3979890f4658ae373b3f744280cbc70f41d648d5523b12051b4f22f45afdbe653f4e38c88ec8613afae90ed14c64083eb141f04c84d70ecb154c5a490896d350946275ba1573bad737d3218b5b4e15d202b6a6d4d94a0dfe8971c74bab78ce34ae6a8fa1cc34cfd8a22bc06ff8b6cca9e616a7254d9cf347ccdd962e3c653dd0b209ac3c6dcec64bc430b7f67cc5222a5a893a040ca062242bd60acdede6c47c62cfbd0797531e764ea145edae1977898467bde05fb03b83a63a98fb45bc8cd5800bacd60fd31b233b4245d01376676d3d7124c975a9d8f2c965f356a0141b1f49bdf269f6ffa130a1b7938107aef8e4d1d918fbedd6771c32bda4c6fefb2897ebb03057689fa6904cabdc39a2d994b9475b1f967b790c2ab740c09fc011b51781ecc1b2295912b57ce1b2b04889a25e558d1009ee14e3bd846c968cd305c8fda64c87f4e9037b12e9bf11227915f232408ac89655d63c32e13b5677fe2d13497f5fa3a55e098643510a8890d8b34dd41c7298144d9f8fce9cdb838bfa18d7550458a399cd4f90ccf946d66254a91578cc2554092156912e7740d296c9989a55be1bf98374c0e1fa07126c692f3695e9be96071c2e60c2d79b9f707e6f332f8d86bd36cf082e1afe63ffc5fb45fd2370c797798db520e5db56744c70ece24b19a7ed55c4652fffbf7c459c1af3063edc3ee3bd4c07b7000d21a8d19eed3d87bf9322274c9e9f0ff85ffe0bac298a1cf7c0027d499aa317a6e4f07bf02b0c20aee6944ba4c1919de98e0e8731a890b68ba126815db36c2b465a1c6d15891490a0790b331fa91826b2c9b9ab4c8edcd47e13418804f98833b42e33b5256da1343bbbc99a0efef40d7762558dd733b52c552fb83505d0701e9192840ee38e87187d22554b16dcaeda8aa79bbcdfe0024798a704a52870dc1aa609538feef92809b9db41df697cdc3dd8f1a8cc3de4df7a9d0c64e0c2dd72cf6b7bde6e17d1fd7b34443e37c340ee4965036c0f69352bed05a42dd2746c0b75d7cc0a1df25073dde58a73c3d75c7b7cba1c0e6ab9460f1c95a2d1e15274d7441b8587037a01b77291abfbfb449f262d5ebe67967fb864b70c275112770cda12a632e8f95168a65f9cf37cd87d1cb5c642f93ad09f6692695e201b5dc14e9a94575f81552745b3b000399390884d64acccfdedad64c47209727991f710f6102469707e80aa47b774c03e53a8f094a018805ffa7d57fef26a7b86cb600587fb2eb4c832e54de8e8dcae31e17a6e5ee3258b835534476d30d57e0a426f293bc05c5ee74e188fd5b8ffede53f098e2bfbeef4652a760"}) 2018/04/09 20:47:54 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)="2e2f66696c6530f6", 0x0) timerfd_create(0x0, 0x0) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:54 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x7ffff000}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) 2018/04/09 20:47:54 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x10}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) [ 187.650068] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 187.700273] binder: 16221:16223 got transaction with invalid offsets ptr [ 187.722748] binder: 16221:16223 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:55 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000f00009ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:55 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff43) sendto$inet(0xffffffffffffffff, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:55 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x40000) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000000)=ANY=[@ANYBLOB="00000000000000002e21a309000000000000001b158b8f3637ee184593e410cf8bbaa89c9b302e0dc52f04b65bfb5dbaf2e82263412f6f0736b516cc0c"]], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f0000000080)={0x5, 0x7, 0x1, 0x800, "7546591f0df4181ba8d9de8213fccbf6da3dbc0bfbf7aae839e0dc9178599f877ac75e4fe6085d4a4d0920d2", 0x101}) [ 187.748855] binder_alloc: binder_alloc_mmap_handler: 16221 20ffb000-20ffe000 already mapped failed -16 [ 187.777764] binder_alloc: 16221: binder_alloc_buf, no vma [ 187.783446] binder: 16221:16247 transaction failed 29189/-3, size 40-8 line 2963 [ 187.787327] binder: BINDER_SET_CONTEXT_MGR already set 2018/04/09 20:47:55 executing program 6: r0 = syz_open_dev$sndmidi(&(0x7f0000000200)='/dev/snd/midiC#D#\x00', 0xfffffffffffff952, 0x40000) getdents64(r0, &(0x7f0000000240)=""/77, 0x4d) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f00000002c0)={0x0}) ioctl$DRM_IOCTL_UNLOCK(r0, 0x4008642b, &(0x7f0000000300)={r2, 0x8}) write$rdma_cm(r1, &(0x7f00000003c0)=@leave_mcast={0x11, 0x10, 0xfa00}, 0x18) r3 = socket$kcm(0x29, 0x6, 0x0) write$rdma_cm(r1, &(0x7f0000000080)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0xac6b11fb9a67980) ioctl$sock_inet_SIOCSIFNETMASK(r3, 0x891c, &(0x7f00000001c0)={'ip6tnl0\x00', {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xb}}}) write$rdma_cm(r0, &(0x7f00000005c0)=ANY=[@ANYRES32=r1, @ANYRES32=r4, @ANYBLOB="ec23c4ce7cfc4ba301141f920d069dc30402afd1894d44ee0de1420cf956d7c1c3c14aca1794b57528eb0a4bfaaaf398562bc06b204c37a292fcd040df1f73d038fcf903219bdbc35f2089", @ANYBLOB="25f7d9a638818b66c2f11e99ff52f9fb18f90ad0494b94521d33cff182fdad33d0a7458693903f14f3bee89eef0339becc570d7094e79f8ed4859a189bf8ac556f0a15218e692e7cda0d02fdaf768a1d8a6d7e05b6657f11c7fd7b50370f26f58165776ff3519107e9390b0756dbecc76cb5c64ca402c3e1e90095046cb75e34b50727935823724f43d2cf891d4d794492760d8442582f3c3274d1ae1c0a032bdeb401b9"], 0xfffffffffffffe3b) pipe(&(0x7f00000000c0)={0xffffffffffffffff}) name_to_handle_at(r5, &(0x7f0000000100)='./file0\x00', &(0x7f0000000480)=ANY=[@ANYBLOB="1400000000010000c2ce0414c17b7acbf3212e916a1d2b04f4591eaaa01580f04c1dc649385a92a1ab91ea7f53b5fca52a61f914296ea420a1c0dbe18e699ae8ff75be37f301aeb0cdc72c27375eeabc9e50054a93a5231f82be0cfc337a7069e3e7f988aa1f586c6d639c87ed1467656a398ca05258df5f6b9e764a8cdaae326f298e4d955fd9b908fc48f3673caac31b383f1e7e001d2cdf325a59"], &(0x7f0000000180), 0x0) stat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000540)) [ 187.843944] binder: 16221:16243 ioctl 40046207 0 returned -16 [ 187.872188] binder: BINDER_SET_CONTEXT_MGR already set [ 187.884583] binder: 16255:16256 ioctl 40046207 0 returned -16 2018/04/09 20:47:55 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000509ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:55 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) getsockopt$sock_buf(r0, 0x1, 0x3f, &(0x7f0000000280)=""/181, &(0x7f0000000340)=0xb5) write(r1, &(0x7f0000f8aff1), 0xff8f) r2 = open(&(0x7f0000001480)='./file0\x00', 0x400000, 0x1) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r2, 0x84, 0x65, &(0x7f00000014c0)=[@in6={0xa, 0x4e20, 0x80, @ipv4={[], [0xff, 0xff], @broadcast=0xffffffff}, 0xd4}, @in6={0xa, 0x4e23, 0x8, @local={0xfe, 0x80, [], 0xaa}}, @in6={0xa, 0x4e20, 0x10000, @mcast2={0xff, 0x2, [], 0x1}, 0xa257}, @in={0x2, 0x4e22, @remote={0xac, 0x14, 0x14, 0xbb}}, @in6={0xa, 0x4e22, 0xd611, @empty, 0xfffffffffffffffe}], 0x80) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f0000000080)={0x0, @in6={{0xa, 0x4e22, 0x7, @remote={0xfe, 0x80, [], 0xbb}, 0x5916}}, 0x3, 0x9}, &(0x7f0000000140)=0x90) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000180)={r3, @in={{0x2, 0x4e21, @rand_addr=0xc18}}, 0x199, 0xe42, 0xbc, 0x8, 0xc47}, &(0x7f0000000240)=0x98) socket$inet(0x2, 0x80004, 0x0) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x7, 0x4) setsockopt$bt_hci_HCI_FILTER(r2, 0x0, 0x2, &(0x7f0000000380)={0xc6, 0xff, 0xac, 0xc000000000000000}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) [ 187.894272] binder_alloc: 16221: binder_alloc_buf, no vma [ 187.899995] binder: 16255:16256 transaction failed 29189/-3, size 40-8 line 2963 2018/04/09 20:47:55 executing program 4: mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x0, 0x44031, 0xffffffffffffffff, 0x0) timer_create(0x2, &(0x7f0000000000)={0x0, 0x22, 0x5}, &(0x7f0000000040)=0x0) timer_gettime(r0, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{}, {0x0, 0x989680}}, &(0x7f0000000240)) 2018/04/09 20:47:55 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = memfd_create(&(0x7f0000000000)='/dev/binder#\x00', 0x2) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000040)={0x0, 0xd1, "c8d952a807cc704084ea7dab95a5645649af23d6ffed902c24dfeaf885edca20b4e52e90eececbb1987632d64deea073e1544e3dc75c68684679e587c5942809fb66882b29a4fb40d221d3be76042027d8c0fddf1823b661a54c33f0dae2088fbfb3a47e9bcaf98e10b474b51f5578aed08d2bfe3b15089f656135321d67120f40708c8587b6e1af657f6be79747d0238efcba342aee70e216e1485f349d6449108bd18cb80b8f7f57a74b427dc213f8229b55360b4950f8efe961e494c24668833a9edca9e922c2b9517f2b5c7176455e"}, &(0x7f0000000140)=0xd9) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f00000001c0)={r2, 0x1ff, 0xc7b}, &(0x7f0000000200)=0x8) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:55 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="09000000080100fa", @ANYRES32=0xffffffff, @ANYBLOB="008b60732fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c0c6c063f94b7d7e2e9fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19e1857703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"], 0x110) [ 187.956148] binder: undelivered TRANSACTION_ERROR: 29189 [ 187.965478] binder: undelivered TRANSACTION_ERROR: 29201 [ 187.971099] binder: undelivered TRANSACTION_ERROR: 29189 [ 188.011685] dccp_xmit_packet: Payload too large (65423) for featneg. [ 188.042583] binder: 16274:16275 got transaction with invalid offsets ptr [ 188.084955] binder: 16274:16275 transaction failed 29201/-14, size 40-8 line 2991 [ 188.125312] binder: BINDER_SET_CONTEXT_MGR already set [ 188.130950] binder: 16274:16284 ioctl 40046207 0 returned -16 [ 188.132323] dccp_xmit_packet: Payload too large (65423) for featneg. [ 188.140167] binder_alloc: 16274: binder_alloc_buf, no vma [ 188.149184] binder: 16274:16284 transaction failed 29189/-3, size 40-8 line 2963 [ 188.177815] binder: undelivered TRANSACTION_ERROR: 29189 [ 188.185539] binder: undelivered TRANSACTION_ERROR: 29201 2018/04/09 20:47:56 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff89000000ff09ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:56 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng\x00', 0x4000, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000002680)='/dev/rtc\x00', 0x0, 0x0) setsockopt$netrom_NETROM_T4(r1, 0x103, 0x6, &(0x7f00000026c0)=0x3, 0x4) accept4$inet6(r0, 0x0, &(0x7f0000000000), 0x80002) recvmsg$netrom(r0, &(0x7f0000002640)={&(0x7f0000000140)=@ax25={0x3, {"de173d43ad247f"}, 0x6e}, 0x10, &(0x7f0000002580)=[{&(0x7f0000000180)="f4a1c9014ddd47688cdd8bc452e935187465c2b2eef709c42a29a8d3c810bb78a56ff819c346ad317fc28b7866104ef647bc40f87b2d08acaf3ad7187724cc66a2139d14b96bf033831a8e2d4d201b382b1b1e4d939b4d51", 0x58}, {&(0x7f0000000200)="cf71a27a2915bee234b9688ee7a2e46fd2696baafb67c9027ed8234b31ea79bc06650b2116908fb38930bbb6b8097d187d31635b0e14ddef308e0d0bc15aa4f2c12022cf18701a72dd1bcf33849323441802c1f77bb261fbc38d6bc7a86b675e40eed12e6deb9374c30850d063c1a2fca70a43ee17da394e11d6aea0435dcf6f9d", 0x81}, {&(0x7f00000002c0)="b610224ebbf060e4e20ea237fcf3361270e263d11041c0174ea3c60dc024dd66e6765b49051957b50b6e4c53828f7bec7a1ca0a32895a6a9f07541e7938961842ffe1cac4a8646c8162a6a4d53d41f9e6c81ee6e78af2980bd4880b324c0c61bf981af3332e9b28c4e3520f6d22f1e10ecf95689bd7148", 0x77}, {&(0x7f0000000340)="c17a7bd1996a0b86f05a094b4d1091685195714eee4f2e3ccda975f5e6bc7753bb03cdcd852c14bda77a256e821befdfb5eab6ec84a8a2d2f8298ab5a7b7bee8da8ca43eb4a0332019650bd455c00efa7ad3aa7d73733a20a87e2ad89b9f7d7f2dcd9f63f7633489", 0x68}, {&(0x7f00000004c0)="62e640341f16927a1f864d5cb7b6a35b1e61fa0caba66e5d3ba85689064451d6892c05fcbc796247be9363edf20c3ba0fdbf39a65c0ea6c47844d5273f528b0e7d849be056b643a74b2475388a3dc28c222341051a6cdfb12edaed3594d775fdb7f7e15ecd1e62ec163be77d57dc34ac24b12f08cd25d564b2e220fa0db513d85cf555395c6fbe49fb0b48ac27654460c6707697d60c6cc06693d4b2f3d244edf852bebe254ad04d580695ec54409f64c0cbfd3c089a2d7bbe1a22b760e9b573196e0faa0324843bc65845ec3c63b4ef366666fd49f88c64258d05fccc6e399a3d27c96023af1c5da6326b01c14f5945802922e85b5b4cf3557aef16ee633667615e91042e6521123c71cd620e30f1db98e1bf647f50000b3725eb597ece46320fa891b5c363b0eb75b9dab9e415592fc6b9ba13087dd406397fb385bc0b7c5613dbdb08dae1a2ca089046961eba05ed09411106a7ff22aa068b124766f8295501e52b91d57e2e82aed6e53023acb2af4bc8ce90ff117b315bb43a5e3368fe8367141114eadbc70d61a618336bf018e5e89db56c87ff36cc0920e9af929dc18e66e0c82ba24558bf43f60fc12d1073e8168df868af9b8bb8e1e2681a1c535d4bae4612c55233047acf9239c024e2d824ebc89790684ba53760861e60e5be12e7222019f34b7e18823654ac15e8c6c5c258af70ccc8e429972e409d7687b2aa6290cd3ab351acf0be4144ca1d53bb0dab5c471a0858ea68eedfc29de120b6aa17491afcaf43343bb7f8bcce8e2c76f8d1e7b660509e9df05429295a0ed9fe7a64041c79c90e83517f84adf2eda66589a72eae7b598808ae412e00f47b20315067d44a76311c3a7a413153e8cafd095348b7fbf2d63843db6a2b045feb7575833bdb51c58b0a61583ac5bfa12d6b6f08fc43a0bb6e2291a0405236cd5886f6fe9669837e0c23caa782f07f5873ec542ae3b1a7e6e29882f7869a302ba398a20d2ae0f7ecc6871188a2f4c85fbff751ff81fcde4edfea2897b75def8d477537ba35194101f4002694a043a93245c62a1ed95898b7f0ffb83f7e160a07a0e82db4bd15166e96169932819ec42df2b727166a2d8e09434e7e28afd864fb2a07082f261a6cf21e2ddc252e4624aeda44d5a6e07eb01845a7cf986044fdb89afc651135f9b11783ffbafa9687942a1c5d3344fa8e2605d4245a76a6f973c4e151dcccea05c0b3a9bea91aebb2fb6303ab110ce94893aef5811d46b1671dad6698443b63f148b1b53ae82f502405be4400cea449f49665cd08de6792b978445e38e8c61cd81fa9954fc45ca9d198cdec138be307d77b8a260b4675ae0d03c6be6c16aa2bc8dc39bb60c604a55d7f604f504a5259f3af87ebd70342e4562e279328f5d567960df239bbb235f85d7623f8378d1ca3d3ceae89f436f29ec02c58c5e287b884ba20c359355778827525cb34b05b15ca4b0e7f1d32a251146406de49451572c5b040545c7653f9f7421224200ce02c1befb2fc5a69d21486b46585949857bdc80097a364c4bf52cfb5f113a161c22869e4697ee068285129d7240bb2ce0795d4c8c8da56801518b8eac391189d5f88293220c90b932798f9ae50dc84b9552955044543f12abdd43e6d35abd9dd9015231a51984f522a3c58797e1398437b33a9666d5f73515a5deb40ac66ebc4c28ff5cb5378319dfe068aaac514ed1d64f3b8524daca6608587a601f5cdc4c8bf5e6127bbb372ff3b312faabd6bd6c4d3862dabb83a914d2f3d07a3f75b920331f21808517c14ca5cf3882f2bcea9ef3524862751dad1549bb8e21d19a0451a0d6b692ca0035cdc2dde12b3a0c964d7be86f6c238d4062eba4446dcc3c5d59b45976fa3ff1f3e850e0a56e7d0599a57c715465cf0a6fc80fe72582fe7aa4bbeb7311560b787a21d043e68dabc92fbce15803d8053ff94799baaefed0416c2d9e572c362d20b28d5a8c5f11ce6ed9820cc85a295253ef6e8b956df1e5d2a21595f35a7061c8beac1c31e193c26d0a83eeec60fd531d597094dc1c3eda49b71cb8776c1cf6b4184cec701575f048eb8c790ad94b67efc36dbb7eab9850ec8bfff2a4d3c4c00432ec4a636efc4af5c660903224faad870ed5a2f8c553568016ca5691d7ac410864370b4c2f780e856947bc94dca37b1e6cbd92606c421fc18e134d33dfb02b177e517c94ac6e6e4d70c5bc5383346665c6422e1d23b9213f019af291779a54924ab09719e9a740357edcb70ac2d7d9538dbf1bb0768cc0ac89028746ae8140a7a9a33739c338488ad8dd3763ceb362411bdfa9587b48ea5f14257e4e0cc4cff703137cbaf0ef5cc4e5cd84caa2203b62f827bcea007034107f9784de77554927fa7c9fd3f0b44a3f1c3781727363ea98150aa1392d30b4fc8326a6757ab7853113dc05b7698e8f8566979615c3f89aac2c29ae780ec1af01c2b1750bae0b57f8a905e73b1980961928214288051818ff16dec99e4a425708839f71f273da14227c318968705d4490045e7d81283e72484d79dcea002a3e7d31a560abf181eb0e384cadfb1b08935e93645278b8f49af58d76b9f704cbcb4a89fcbba275feef9d85ca054117df9fdeab4ed3557c232dfdb71db47794292cf965a1ebe89b57ff9aa0337e54336939bb3b7c64cfb923aefdbce36eb56ba4c24cdc79a3ee0688c3a80edead8a83a55570ac800dddaa20420059fec7b118bd2bba2e9a16fbb4e2223f5b490862587d75cdb5ec18e944465fa8e00a53c556ff2efefb07aa92d88edc54b9e55e97b6c909d4b9647eba4d8fe78e88bd86a4b649dffbb304eeb24bf1195d3976b5fd89dd207893df89df25005f3767349b452d0f63483ece24acf866e0d79b3310ab321cbf518c727bd2efc6e76da3111d95a75a96fbacccc5e9ae2ee29a9539f9e25ff07319f9bab049f75961be7be3cb49836be52f4e8609263d7908dde1d7ea28e34fb181ab1a3ee09d1385fe7328b2ca946e6fa698f1d0aaf1cd3b8224c269d3efa2ae86412246c89c06666c4832a3da96432ac7ce88a0448fd44b1d5f39780b23c9e2430288dd37126cee89ea3cfbd143b4e4571baf218567fec28cc0f108a15868f2aa96d594e9d38e35bffe76f97eef191a0ed04d32c77a94ee095c173426fdaf7a07cc227b69564adfe824634dc9d0a1282e0a27b28b7f1d76fa91f5688794030eb5b947cf90e287641174f660b67dcded901028bdf1247e2849b3f7189bf9674e7f8fb0309800d2fef5e23c6c3debf709327832e7f69a6507fb49a8c8772426e00d8332d289d248cb1ec433a1f8a3ff0245db7eb65e454f421ab4531ee4ca29851d50910e1e4e56681facab76247b4a5835112d0ca2cab135f22ffc913317d8fe63f5168308e97405890bf1ac6a0e2e1fe02ba1ce384a7714aea8e63dbee32991be3c20f169392ad9d89409208cc6ff047c4fce2b4336020a7453ff7e03a0e3838fa5fef49db885ec89aa8568acca8562684c82ce2031c318e5e37ccb2cd828d4458b450cebeb1982aaecbadc9fcbbfec4681701071f229e2eec6d1fdd17f3611c4be18055cabb11dc0e969b68144cfcd2d4fd033847304c6cf5a8d68b923f38ba38c3901f2378427085407bc6f8b285649773a531926ed37b8eb30d42306f5cbc2a6f6ed357671f380a8d05d7ec0f412930271f52e8afb9604857a213bc5d4779615555deb5e9486a94f4fa84be43d71b3eb754e06752f2df352cd46a8412a9bd4a79d0ffc79a21ed9133d82389dbec4ab30caf02127dc1e9ab305e40c6a7138199adbebc581bc258082643fc11ad858d04445573ed231f8bbb07e2213dc7880bf867ebec856bc007d9d16ba1272008a2c8186a9f65ae418014c0469484f790ba38a834b5a36a82f61288747516002f092ce3b899cc03636d1d464c60069ae02fedf5eb722eee0b3dd1bb2a34186538d3d73df9d7d5b6e4deec1e20b1efa376a6402e4ca1702b8b4c536540c57d23e026be0cef07c97258d732f883eba1f0530226bf293b953f6d56c1c38fab4d42f13d5ea59726c42ed7c85861157e181cfa9dbdad202d7b5ef0d1afaf630aef9b37497bed356725986ee3aa067dba1b332acf1742c1d4ee97425103fcefb22af4a5d14179f939a51719d6881dbb4a66f7dbc57de0354c269f2eae2de550e980b7cb71388513a3114c3c6d9d3a158f9ea9fe5a971525395853a51a55726a2ad5e24ada1dc932179799cbe306a3e59c1eb60748f43048f837a607d2402f87e67766f59375558bb85c14b46d84756363a8b01c12cc3cf94c2b79a1edaeb04e18cff7e1a42ccfa91ed34f95507cc99c6442519e3232c687d560347e7e8642a9ed5945cafa6e6c1150bda1b9ea8320180e470a6838da0fdaaeb9619c07a3e0c27fa79fb5bb1a27c6495d336d59c3e1a1a69eae5f3c1edffb62e1d60be55ff3ca29ca14efcf9ac1e5685ec8cae67a863bf5492855700c0c0d59e06809f42426cc766da197c242bc735343c112d104113f1f2286b1d041b04c50a1c45023638df5a75aa8210ced9d331dfce0007705d0f90c47c7302dc78e64c98d59b7d16297bed3d376c53d11ebf58c8c4b33db4629ddef3c7fa09553edc8f9b2b9875c16dfc76e770b00ba55a3335b75f990b2029f6f4d8d8be78f403412e4d31f6dbd94c77175102e3e205622afe6704a045cf591d28cdf5702da0c18bb2f8a94566f21e76ac3854bf4664b9c66ec83a1b5933fcdd72de5e90003a3a321b4ba4097cb72f8962e0e7714951b93a8a6b11ccfba4def40c91a87cfa2b1059af53768713f15ee15ba0cd681367a18b6d118c6b4f8047fa4b9cd40bb2ffde6635593e9141e4bba4bb819294e147cfb14d6cb393f3beca7116d67c0a3bd816cf80893b018d49493bc8c6213c40f75d8d6107f788da884780b0dc45445dfb90ecaae7becb2af2669dae8a87f11ac1bfcf58a61fc3c62d7e052d906fd45dc7fd3c0e324cf9c37d735dc07e4e251e10e4c276e11cb8f0f7ad22a2d6553d17e9b8af059faa4a7bd985288ef0459fc201554d72331108c0af7a957101f0f89d5367c5c083a166459ce60bba86e2a311fa43e3053c856775d120684897a8c94e99793949d938a74f6c2c6b34f93db7d75592f5c7ec96fae1c40d65b3fde2a8ae1d115dfd31f530a7e6b9c0710c0fb2bfc715b236e44cdb8ee09b252570caa09b4fd01ed160597443b3bad6dfefe983b299c0f3621f74cd3973f63c893c38162292356aacd386840e31caf26b90d1c7bbde548b5553c0109dcb6363a5a3bc150e2ef713bb8e68b5dec9c4ea1d622b424e0a09f76287646d32c36615e2410feef1db82855d6f26af06089a457bf7a9dc08898f22603a536a0a1481755ff8e95b292925a9dc83361eef29c707a84d6865fbf1bcea8ed3afa1bac8d915fd0b73586c3ae791d657ce8e1eea2b57d2a86e44c9bc02c08e8546ef1aa83ab4ff8270ec0850d6d38e20c4fb38d3dd975fc957b47e98dcaee0a96233d7695321441da7b6bbda96b13309d362c42e4b24c6b6e1d4be00381fb4f1d24afff0f3e29e768c2d637152d8aad029b3cdad57475d8a30111545063ee71b8ba2a830813db53e8fe9bdecdbec4f1618f17468fd592d70ad8177ebccbfd5cea07238ed25c784040ddbe2dc3803dedbdae411fcacbf04630bcf8cafaa542537e9b83616c40086f17dde422c703f50a128b641ee7811a784e5f126b19ccff210f32a6dd079a12be7f1e5b42f491fbbab3be0b353504a3b71252a5286b686b1c40c10a736aa87d3fd91c6519cee67d24d9ec", 0x1000}, {&(0x7f00000014c0)="166879074fc8e2a1c0a4047e61b84bb9cff48f8428ccc0cb6e81102cb7f1a5c9e060b333da78f0cfd234dc4aae9b5f2d606706da4f67fae2747d24e9ae3de1d5c91e22199ad69b8012818f4440294124eb3cc36b7af7f2815c5f8a3665817e7d5fcbe697129ae27b764680530479f84ee15afdf06437eaa8e8e50181fc2cb0ed4abc626f2e6574f50e293c8d610fac581dea15710294b9e8939c9e1daff4868f2bda6d383c6cda3088e6ef82ba769c4ad11d23fcf13a71f5cce7bb48ebc2d7be0fda3f060753078031fe25ed57e622a382b014defab08935c2c39a378a5015c28c2e5320dafbdc418baae638bbbd9ac16b6f5ede7963359499a62051a79eada6c10c7fa0f3fefc06b9450ff46aac19e0a4758c8a053ee69aca167af6e95119d45e26b40a22e95459be9484b6635892ede0355f41c88c0b822a6ffc0fab9c8efb9ddaecdd61af2616b11c6a5ee4caea6f6629eeda4e209a49fa2fe60b2d2218e4d96967494fc792b3ad6547dfa4572c0129aec30ea6d31fefe8af298da2b70735275657936bab217773d6ef97a539a346205efd3cea99231d602159d9c48d52910b6956838e4d75bc6a8fecbc415ef496cd54c2d5fb13a4ef5e1294f21df65172be47f5c6fd028ec159ba5974031646e0d1ea2d2705a232d43ef5f0867c6f2db17915881eb7112e4601c01f843faddee81f056f94fd99289fc2c997a4e6fcdc658d5cb68f9b712e2f39dcfa9fed2a001ae7ca7b967ed720c30aae4f227fcecb0162bfeddaea18aaff67c9378a288f2f216f70e433297e2c49eaba4f38746f8dc7f283ed72936db576eb958c3dd0b510f9a41b1ac5f9c6c8f4fc2e40444b8f0d00d7e0313da230c25aedffae47c478dce8d969ed901610930034be92ffd049200c62dce29e8797a2f124c4f9d72901e5689d2e31a6fa658e95f597c09ed5860e6d6442779713861a359ef0659a0305b13ececed5d17a81cfd11cf4c5523ebfdc5361b3ecd56fdd8e1a36df66986b154433ccbc375afee7ab76a65a3c55a0b404909c335a5b8c7a9740fe7a83519629c74a9c8e868ab370f9c1e2a0dece79c53d0ac28c3eac00d8cab086b14b521b8247ae83b058a8c90c67fa17f525e561c4e90ff526d082e9865851c22f9ba608a1724eb1769ee78b734d6dc20101c2da3d52bc4fc390bf2e06bfb7f3d1f20bf50f30f937506266d5c8024e1d0ce734dc7e5cd20523bc0dc3f5cd81390c22abf16570b275636b367b88cb8c7068f59799de4d3a0e8d730f7a6a6a5195b974f65863370041c21eaa2a9219cc6121d4a474b7fd8242890b9256217b3fb260f6a569c0f57596521cc6b8add0156485fc92bc1cea8ba7361825980c347d3764d36aa96ac1060225c293a88ecd77c95f6c094f734b6c8a234fa3061f5f1e4d96f2e18e44fa24ef9a6f45f5af97f861585447dfe8bbd3b4f21215d7282d6450cf5c1f2d6d5c0a5f856139c0a4c828c31aa368486df405f5797756aa58cec0b5706928fca8a4bafa224dd6251b5b9647b2b618153653eb63399455f9b9ba4f2de2864170b92571c1bf578e5957a682808a75d808d274bd55eee0fdd804f83b2b17abd45fdc99439c81b93ae5e4b9d730892ea17abd66d271633e564f26883356a8f31d27c8ffbcaaf3c09d8da6b3540be4f1e865e52b29842f34b218df090561ed5ea45a84b0a19e5d4e04591f16786ef3a4413477c1cd56c790bff77b08be1412ccc10b9904c3f494c72e352b0d693bc963a4b3c97624e3e4c3492a4a80f13cc336950b34dbe89abbca4a0894b454b50e35c7689cb15e67673282cb0fe436e9c7f2584d902689a189c48c96a6fa4a5816219adf09c0bdbe4b5ad0174ebffe072ab30f7e8da0c1c22dd3753e55ce751af1c50adc003940ed547ed950bd5c5911ca034c42dd81ef7aeac347c6f37b9def0bb1ff07adc3e8fd006b586723082c34ccdc915b4f81f86eae96aa0a40fe103150fd0c9848ec8e696d04a3c03d367c07cc2f3743ec0b18480f4bc9c99d934b35576acd5b79844e7f3bb2efa34d5ea725feefe7f795df637ae6960a7b1a2e261148213a23b656b5c45b6b12fa26a05084909e96a6a5293731c1fe0c48c307782609a9669f58d3135068a341999f7da222afc0bb07ebcab8e6018feedb4417e2121067aa4c08b71e71a64e206b84d467b4abb39f875e1247b1842eea309b2549bbe55aaf74381ccdc0baae5d99cb2431ae2b80cb04a110c3e380de025fe5c6895d74330383caf92be511d0d9959d731c0b0dd3544ed62528da5d9a7389e8b6bdb16612e235fdb035e28cff9b6ff457cc6c4c2bde6c63b7236e5e3a2bfd2f4bcc47d73525fe4f557771e5054102d801b3819a78f9b53c02e6b0b6432abf1bd47d2ebde5456d96d86f51dd64448384ecc12dbb99da8781ea460dd7ca0b4749cfde329bd6f7b96c5335515be36f0e74565a3ebc1d8017bcfaf2377e9550f6b4fed1d9b23218540d789a9a6f174d32d0f65e211927d12e9e147d06110531e84df48987139825a133154ee71bb4a7cee54979cf71b4c22efcaa567bc0aba73f82fc425a59ede816492b680f414425663859395b88a6654879fb116287e9e388a6345ffb12cf34957bc5f3a7a6c9094de0d6024c93093e385eb394e6af5bd96e4af2292a41d43bf100358c900cdf65836e1f9f85a4be60735c8752bea7199642693eafe28ee60be82d21756ec82f517abc2d53f6fbe7b4b29f1117a4445b4396d14d1ba547a555f9ee7df03b2f9094e71b75e648320a2722ee86535a15242a37ff21dbcddfbba0874b6ae746792f312f4f7503ab0f2d31473a65c1e3e705eeaf0d8487ab3bc9b5c9034b635f3b21568e2c30059d09e976056025c0aae539e1eac61b2cb58be7834ab3ed94b9b900a97e46f41a8776fa90ba819690347d262fc2fc0b5ac1f1acd87984b26fb1e6d3a6cde0d281d3f9f0948d3f805c2a0d4d8ce96db0804305ee45be1b8c4b7a06c983830649560ebbcdd71f5f33acf53794a54d64c2e912b43d5647ef7c253a34d0c75d43b1a7d5dde05c990348e611bef70f00a8b7db84df5333989029480c6c04b361669becdb6259ebadf9f004f64dcb8e3640468ac729fe6a7eaccbf628751ef0e10aed5929789bf42b1e17584dd5a2197d9ed9264c5b143f25d32369e059b1941f8ecb8d28f9be28033f6ed84680a42c607b1cbddbe0342c819cb2d6a6e92807c6b0c1062224357ef2cbe9fb1aa366e17263aa5fc3834e560cddcf779e0f2abd65d68749e84e666e0434f9fb6b83c448f24e2527b65d6eb4fd0db6e7eb18ed35a318574a17de72c3947377eaed4737ca5acbb2ac33061244a105da1acc425a7f5ce0cbd2996bd61ce4d299935c8037b1d0778fd06aa7e06f0a34ad1bc7a9df628a97dd915bc7766b53f146f8e5e6dc0f495a860c01c2c6f6a5c56c572755e35d485ae213632b459bac93a18ccff6508d5995c597feab96ee6673ec98aabf56186e0d42921dd16836c83140b1a5844e8d3ad434189afdb38cf461aba7652d3b25889d3e5eca0abc889cad25e211f9f0f3fe5d3ead1b0e05a75524b5dca076d21fe98dce13b8c294e7cc92b3561b022dbfd914cc664ec8792f6d6fbb252bab384dfce749f291cdaa71459331298dc23a61bc87b25528a3efeeb96f1c3f749ab4f4976851d036e38fb5ef62ce9acff0069c4228a00285e0943bc6dfd7d6260f9dc5f68bd150b51d7c17a4c7c6840006244446780c815d81ee21d0d166524c5d29b5f8c591164665379bf0a1c5e299edd8a15f96f29f83089ff0f00660f7dfb98ca9f01bdb5905f15753352522966475e1cdcbf8da2519527003b739df1c929979d493a3ecd452cc82b64e9a1fe1cf3f64a47d31f755475b27af2645567ae6754bacd0ec7b09f57a5a4d903c47bc665d3d3bce3f78c33e1e3d5418c6f5324f15ad515a9a491a1074fab2a04629ab2a6c04085f2f18963cb62d12939788dccc39f30fcac66df5dee9bca54e85c709facdc5b6ecd60e954ea60dd04469fd11833e5759f08714da4fe6cbf32d284763c019c7146fb4262db06b101151a1387583f7f8cd4d042fc226ba5e8607b0dbf27a8cf01028a1eb94d3047489f5743e64932ac48a1bcec1f4d0c4eff356c9ccd2d511a51c031dec4874b51934a9a688b0fa86227cbab7e0097ef6cb346467f04e3f1683e775a2c70f601735f9591040efd8bef53ead97ca7491f06e54d550cc3c9cc94a4a4b2273567b333b8debfcb6e68baea2ef3c5bc3521cbdc77aa06c3e3c61c285940656f87cccbb710013fc936f1249ba8596b053dcee83b9eae8ba52c5299fa207e7203148c5a76361268cded36b81847316a2c23567a4edf644d3492e601ac72de3fede08f39276b106f92d2d3635f34d532a35d9a00a2ea97d6a4b0e0b743256b62f352fe9548d2017e204e8d99238b0a23dc7deef4552dca405f85378b0b7d1e1196a7d8aa0e9ccf5c3d6069db2daedf872947c617d76b91d269dcc27cd8c8011ce23ea98c0b2a9637209416c89053d8555ee232b036a0996784057a1012365a55aba65e9123192133b3e165ddcdb7a7246f27d2ddd2fdac0209440f5fc033bb7b91928f57f113e263ca2189ac67f420fdd38babbb2cf2c2eb0de4fd4635002852efa465abbaeb88000641df5ed6c76b0e2b0fd6e230fa7263592f8e4f416867e70d66c2e5f867023c8d6e45ea27435aad3f48414485db1fc456eae13cf2502a40df809918e54133c9b4e30a4acc6971a5f07d4824ddf07ed4db6938a7471c28dcbed73f7de5f476f739d9a24b8c68cf0ff4945a4e3072e67408e2f54de9b98e0bad304951d58e6732ce1c48d6bbf81984f0f496747453752bdccd0d46269c6c40608e2236f4dbb221a38210a7f267d0825a972d063b3dfd1aad6c95a339e74f1ab829f8e3b15bcaaceedc44f99ce7069d41de02048993943ef2db8a24eed041b5edac582a166244eff84286bb9861f0978aeeaece5736708f30e78293fe28260fc25ac6fd4e778d3b761d9d6f6e00ab96537793c26f0121f714fa33379d4e11978f21115a41c69b766246bb6d933c41e49e5675c9db45bc1ef0473aea9ecbf571d2970b850d649adb22cf95db5be625d676014c75809f4807ad7aff32941cdee12dcd390f44ef20381bdc8dd44f90872e0a7dbf6b1c94702c238c63ac6bfadac22470eec08452dba4614f9b0d952b13ba3f03aa982139cb9bd5a42df5499a27f775702dbddf84b317fea0306c8afbcf1f9e0a8ec5119cb256e2943953dd5ddac3d5592c75e84cbc2d693b05c93e440b1b98972e4e018b9c2a3226674076baf8ad351a7800a158efc19f6cb6b7d3be576afda3c43f95a834beccbacf6f73a98ed2c6246aa9e8fd6da11347b022e7d67d84e2051b0dade7df0140f02daf95c856473ca218b6eb9034e5e88ac800ff347270bf61fee447edd894ca71a68ba15ea7e3771dae76ddcda9863079f392debfc9d90d7e523877c04fa8c01005daeb8439058aebad0751089f5e497cd9d5f9ff1af9f0f4af7a09b74289679a2bcf4cb7778494cd53a7c22ec10d9a69669aefc6981a1a75c574aba417229f427c9d6dbf7be33ac81c9fd95503808edffeea5ecb302874cda50bbe5e699e8127477788a3c88de6cd8874b99883ec3084dfc5bc9c6ddf682fa76ce8ceb0b5106e78ef82cc5fa85bd1e8f3cc68be6a367b0d1348804fe9a1cb8efc641674cc9eacb2dd44300ec7e92fdab91b47d9e830ed62b1c7542bd979f33aa5e7e6081b0db8eafa0a26f125aedae8dc697884cded85e", 0x1000}, {&(0x7f00000003c0)="6ac5598154eb6924a8fcf37b172bfa6d140fa502d178c05568cddd0e7412d4efd91e632c225ec05bd4e4cda7dc31de1cb04cf9c33d46ba0a0050bc5b65d8f73db871a9c8d1ebe1c08830fb4487cb467241b86aa1b124ee140a52da4d02307cf0b8e9c05eb0a872eed8e3dc154c5440566e5486ab125fac2d9467f39f2352dd8838385f1f4874dad2f115ca0fb8e0282f72dbc5de5adcce9eade96756b0f0b97080fd1d2fba628a5093", 0xa9}, {&(0x7f00000024c0)="778a4314bc0976e924056f02bbfc4731204ab6c0e1a96768eac066a1a3d9804841e646046ad7087b569cf796e71173e637ccf093dd9134f9cc277e4fc45cdaebc8c7a41401fa227f132967", 0x4b}, {&(0x7f0000002540)="2941371460382293e154289ccdd28fa57f592c6f444d650758f499aa29d5f57eb3a416ea4783a836538abe803e15", 0x2e}], 0x9, 0x0, 0x0, 0x80}, 0x2040) chdir(&(0x7f0000002700)='./file0\x00') getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f0000002880)=""/84, &(0x7f0000002900)=0xffffffffffffff46) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000480)={0x1f}, 0xc) 2018/04/09 20:47:56 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000680)=@create_id={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000640)={0xffffffff}, 0x2, 0x100b}}, 0x20) write$rdma_cm(r0, &(0x7f0000000740)=@query_route={0x5, 0x10, 0xfa00, {&(0x7f0000000240), r1}}, 0x319) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {0xffffffff, 0x0, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) 2018/04/09 20:47:56 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x0, 0x0) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x0, 0x202000) getpeername$netlink(r1, &(0x7f0000000080), &(0x7f0000000140)=0xc) r2 = dup3(r0, r0, 0x80000) setsockopt$IP_VS_SO_SET_FLUSH(r2, 0x0, 0x485, 0x0, 0x0) getsockopt$inet6_dccp_buf(r1, 0x21, 0xe, &(0x7f00000002c0)=""/149, &(0x7f0000000180)=0x95) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000500)=[@dead_binder_done={0x40086310}], 0xffffffffffffff8b, 0x0, &(0x7f00000003c0)="953de60a47ce12bffbe598dedfffcc02fba460873223580b2476e6652730215854da2bf46e8685ea4a8a102f02cde66c94ffbade3c6306c7ea9622289b4d6f5d6feb20b4be9e0ec501d4b4c9039d464d40b0d3399069c40cd3b5d0ebb54f4fefb187177760731c5f92839cfad146a6d023230f506f5288f83e7a73b31519731049cc1ac834b5ba90c29b579858f2c98134dab0fbcbd4927fade1d929a8e8c5ecc3a44e1e4658e13330031f015095568eeb6e8668eacae496e796d52d29faeccd463d39902c27a0d00afc153fb204bcd80950a98f70275be0c07684fef36989d31392d0c6e70ed2a329aad97a0ddcd2471612c7a9877602587346dd255b0dc2c5e87de0b004bf0c2e3f15b65a8c15e53efe20e25c4adab34b9486b6442be261"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x24, 0x0, &(0x7f0000000000)="5fb3216c11206ee972330845ecd8bcf76c8fc511ebe4e568fe0d42625600000000000000"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0xffffffffffffffe9, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff58605a75c104000000000000090027720d33c81664f0e5af0aab1f38ef6fbc78e16494654c894d01000000c1bb281d58e10444a1ec1d891b92cd27347c5d28077eff9688351bfe966b04c0f0fae0acfcfcb0a01df7d7bb12c0"], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:56 executing program 5: r0 = socket$inet6(0xa, 0x8000000000006, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x43, &(0x7f00000003c0)=@raw={'raw\x00', 0x9, 0x3, 0x2e8, 0x110, 0xffffffff, 0xffffffff, 0x110, 0xffffffff, 0x350, 0xffffffff, 0xffffffff, 0x350, 0xffffffff, 0x3, &(0x7f0000000000), {[{{@uncond, 0x0, 0xc8, 0x110}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@ipv6={@remote={0xfe, 0x80, [], 0xbb}, @loopback={0x0, 0x1}, [], [], 'vlan0\x00', 'lo\x00'}, 0x0, 0xc8, 0x108}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x348) 2018/04/09 20:47:56 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x4000000000}, 0x1c) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='cpuset\x00') ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0) listen(r0, 0x5eb857) r2 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r1) r3 = shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x6000) shmdt(r3) connect$inet(r2, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) accept$inet6(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, @dev}, &(0x7f0000000100)=0x1c) pipe(&(0x7f0000000040)) setns(r0, 0x8000000) write(r2, &(0x7f0000f8aff1), 0xff8f) sendto$inet(0xffffffffffffffff, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:56 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1400) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) [ 188.733233] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 188.760698] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:56 executing program 5: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x6, 0x2) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r0, 0x12, 0x2, &(0x7f0000000300)=""/184, &(0x7f00000003c0)=0xb8) accept4$inet6(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, @mcast1}, &(0x7f00000002c0)=0x1c, 0x800) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0) getsockopt$inet_tcp_buf(r1, 0x6, 0x1f, &(0x7f00000001c0)=""/198, &(0x7f0000000040)=0xc6) syz_emit_ethernet(0x4a, &(0x7f0000000100)={@link_local={0x1, 0x80, 0xc2}, @random="adce3b20530b", [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x6, 0x0, @local={0xfe, 0x80, [], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, &(0x7f0000000180)) 2018/04/09 20:47:56 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) r2 = getuid() stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) epoll_create1(0x80000) setreuid(r2, r3) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {r1, 0x0, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) 2018/04/09 20:47:56 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000509ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:56 executing program 4: socketpair(0xf, 0x801, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f0000000040)={{0x2, 0x4e24, @broadcast=0xffffffff}, {0x306, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x1a}}, 0x10, {0x2, 0x4e21, @multicast2=0xe0000002}, 'ifb0\x00'}) r1 = socket$inet(0x2, 0x20000000000002, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x8000000000000802, 0x0) sendmsg$inet_sctp(r2, &(0x7f0000000080)={&(0x7f0000000100)=@in6={0xa, 0x4e20, 0x0, @mcast2={0xff, 0x2, [], 0x1}, 0x9}, 0x1c, &(0x7f0000000000)=[{&(0x7f0000000d40)="020aa5afef222d5e37852eaf3ef07acb6fcc360aa74556fd26e854d23b59bcb98a26dd7d20951327c5703f7dd18db9f4a4ca3d5ca77d887dfc4be3eda5abd2e6a0b5182ce722fa77df0a5fa1bd23e1a5ff389e1362a4ea780f87c74ada31be64e9bdb18b940cde86279856e40850013ec6102b032a24cf9c3a1e7d7865995c6b86f9a2469c44fa4ea7da5835de36a6a85accb655299541b87f606498b7559c5ccade5c671fbfe49948f63e875970718df631d01091ad9457eee889010aa8ac803536628e4233e92cb450e947c3555129576a430e7651a4580cde1af885e0d123a21c56dbcfcb11823af90477d25a55b0e9f67767ad15d73484fdfe4b979a067278613509d6ba8951bb8c33f1047ae109b6176e53bcfe71677b5bd9e2f930c27020c4c102fc06ac58c7da5a93268dfe78118de71afa06df7a0ba1a36688dec7e516f6c3fb5a7d1f9774cabf24d46dcc229f16e5eb3d4650e0421035a1020a1c7f019f5aab4954dad3ba29293f980ef4d2f560b1f55906bdf05497a43e57e56906e8d1b0aed85dcb39a0dfed6ee2f54dfd5cddd3e8689883175e5a9c33ae1f1bda342708b1e406424be0a11ba5db4473429d157ccada1d610b77c445ec66fa311c32e66e32ee6508716b82db128e09af4a9a6b499c4165223bd9fab4f3aa15bb6b437d955431dd0b84b2af01456cbd0e3beea8f1d5aa9f40a968e69e5c830bec0095f86c81b791072b75c2ccc1d34eca168f0bcdd4e52338126a034c70b0cee5e74fa1dda8ceac9e4a214cd4f133227caa9e6ab90d379319cc0a847bae9614e832b8f7049cfa57e73488a013ab8049201c7c2f574daa123600e267aa35c39be3ce2d44c6d40d6aa5876671bf74927dd58b4c37a901f09f5100bc0ffb649954c87ef9d3ded28b6d2e8260931476cb11da0ed1262d572c60dac78483cd9219b5dbeeb3740aba0a62106222bdfb5a5790c41b13d23b6a55ce7f51d3a7ebf6d699a95d004ea111d7b9a389a3cda84d3c6739f72c5dea9956bd014390e8fa40abea7535443db1e6e13cb3ca15312f932950be1537f9d2bfe972958be41747b89a081ad8194a1011948f38899fa66df8cdf599e3326608fd2f4be8f613ffc4d7697fcf004df29a0f07ce50ed62544b0fc602f83d5292af54f97205aa293b455ad104451fc7f44588d9481654c50efc4d08ecc5d129305eb2b2d18c6b3287ebaa4587bc987eb2392e073363f18c1558afafa5a499e69c9783d27fd221e33f53b8a454edf6500d3aa6089cf819db16a221f197cdda0be1edd8d86ae73a2403f99d5492f6f004942287d54bf84e9244a8a1ffe6d87a05985f47015a435272585ffe64730fc5ba6d7e84bf30a23a7afce78404cb6c9ebdb144fa1894a9f821480c0033a66e21c8dd0cc2f621f6a2237e57dd36f9e7d1131725197e64541124b264deb2452bf23c40abb7c52bbe752c00bc22fd0e4bb7ee9615eb2ff69ab04de593d3f3fe11cbc9a198f66338bd5378ee1153e118ca6a6c968edc752a0a29e71748f524816d3bbae8e6e03105f6b7592a81b117e04033c7b8caf02819f27e3a636b8059f5ed5ac995b11643bafc022efe48bef9109d4ba44b861e524046cef5d886097d958df33bc345662f71c9f36eb73087da21fe8c610a1b71392168039d56c53936daca86d1107ee730bf9f6fda37ae7ae774af73205ce2cc9a0b4cdab63c796c3ce2b506bfcb6c6db1a7e2aac331ccf17b3aff5cfd636f6e2411315e49756080d9cc4966719c83cf6746170a8c36bed8110eb43f48f5343923d1e97b26f010719311e79b461dd22f7c8ec676cf200dbc6f76603ec578aa0186457d911d18f692bca66b4b058fa7eca4d3803e7df633cf3b2cf63d29b33aeeb4657b4e3c732fbd3e564e0ea71d7d6f1829f5205b17aa7146e296a4348da7d053c690dbcea1e31bba31b85a7ed8ca5f7f61a29224a75c3875f2d81fc1d293e0622bb01001f3d6b23d", 0x57d}], 0x1}, 0x8000) setsockopt$inet6_mtu(r2, 0x29, 0x17, &(0x7f0000000d00)=0x4, 0x4) setsockopt$inet6_udp_int(r2, 0x11, 0x1, &(0x7f00009f0ffc), 0x4) setsockopt$inet_mtu(r1, 0x0, 0xa, &(0x7f0000ff0ffc)=0x8000000000004, 0x7a) socket$packet(0x11, 0x840000000a, 0x300) sendto$inet(r1, &(0x7f0000865000), 0xffe4, 0x0, &(0x7f0000fd9ff0)={0x2, 0x4e20, @rand_addr}, 0x10) [ 188.843574] binder: 16320:16323 got transaction with invalid offsets ptr [ 188.874530] binder: 16320:16323 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:56 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x2) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) [ 188.938588] binder: BINDER_SET_CONTEXT_MGR already set [ 188.945517] ucma_write: process 723 (syz-executor6) changed security contexts after opening file descriptor, this is not allowed. [ 188.966144] binder: 16320:16323 ioctl 40046207 0 returned -16 2018/04/09 20:47:56 executing program 5: syz_open_dev$loop(&(0x7f0000ca9ff5)='/dev/loop#\x00', 0x0, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x1000000000000004, 0x202}, 0x2c) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=ANY=[@ANYBLOB="1800000000000000000000007100000000000000e5ff000000000000"], &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x50, &(0x7f00000000c0)}, 0x10) socketpair$inet_icmp(0x13, 0x1267, 0x6f2000, &(0x7f00000003c0)) 2018/04/09 20:47:56 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000209ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) [ 188.989151] binder_alloc: 16320: binder_alloc_buf, no vma [ 188.994819] binder: 16320:16338 transaction failed 29189/-3, size 40-8 line 2963 [ 188.998228] IPv4: Oversized IP packet from 127.0.0.1 2018/04/09 20:47:56 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x80) ioctl$sock_inet6_tcp_SIOCOUTQ(r1, 0x5411, &(0x7f0000000080)) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x14) write$rdma_cm(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="eeffffff070100fa", @ANYRES32=r2, @ANYBLOB="008b60732fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"], 0x110) 2018/04/09 20:47:56 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000310ff5bff87c3e4cb6b716c0123b261a2", 0x48}], 0x1) 2018/04/09 20:47:56 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000000)={0x7, 0x9, 0x80, 0x1}, 0x10) r1 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = syz_open_dev$vcsn(&(0x7f0000000340)='/dev/vcs#\x00', 0x6, 0x4000) connect$ax25(r2, &(0x7f0000001680)={0x3, {"a4f90e3ca9aaf2"}, 0x3}, 0x10) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x1b, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB="000000000100ab00"]], 0x0, 0x0, &(0x7f00000000c0)="4a16f663510ee41e2d70dcd6db3e5feeb08b630327223fc2249e9dffc563a24a80ff7a358bd5a5a37aa7076907f5f88e0000a41e58f4e5ae52139b0e7008ee6979"}) socket$unix(0x1, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="056304400000000014cb22ab585c8b3032c68b541c4f2bc293ab5e814897c6e14787b3cc040496c6d09211102656ada2031dfd430c0d521d94a8455454e3ac9d2ca5"], 0x0, 0x0, &(0x7f0000000240)}) getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r2, 0x84, 0x12, &(0x7f0000000140), &(0x7f0000000180)=0x4) 2018/04/09 20:47:56 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0x0, 0x20000802, &(0x7f0000000000)={0x2, 0x4e23, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) r1 = socket$bt_cmtp(0x1f, 0x3, 0x5) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000280)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f00000000c0)='C', 0x1, 0x0, 0x0, 0x0) ioctl$sock_ifreq(r0, 0x89bd, &(0x7f0000000100)={'erspan0\x00', @ifru_names='ip6_vti0\x00'}) setsockopt$bt_BT_POWER(r1, 0x112, 0x9, &(0x7f0000000140)=0x8, 0x1) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x2, 0x4) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000880)="dcc303c7a2f9bcdcd69540fb526c4507f742d32a4d21b3feee1079a4bdf95c8eea3534afafe07812a6f20133103cb4adc045cfa3be40b7ac92a2e1d3d231e4768407d11de0f875316033319ac753669a9bc6d59cf9070ded8c2c33af4075303b470ba5872675986f9ac2a9a509eaac27ae9ce20a80a56478a99f91a15df26d1286033f4618b480517c2ea79a2e946ab3fc09e1d40e9f9e6628cbe8956c4a4fa429f67cdcbdc572baac36a76e83743508e912c41f9a4ef392db5b0163c2d412780cc5b26a9504575e69f77c681852cb3055e8b0507251e390dfe7f354ecb7552c42cadcdc7d199be3207d634a5573f12263b8ab6503b8b3d592145b5e520c565e117133bee6956ddc6b4b5c27d966a5db3d3405529a1dfa16c20cb2a413766be23cf2aa41e13ebf53dd4f7e9eeca9f48aae01b65ab849480e69ce51e1497279950b0f3c392211288239d86bc05d9f7a60b260151262804d286dbc0c4e31a2d9fdb7fb56714f7f1dbda9e72926f080ffa84d35ba645d46ba813f01c5ef8315577192218e1547734edd8cabb4f0b004866bb8cbe6d7c8ca4b8e457be9709a3bc113b7e1fb77fc6c4e5a6c37c1cd29a9941e5518823b81b815dbe1946707420c42ea2c8a654e6c648e342b69012df25482f8e332ba23c15fd9ab429bf4c45e752010a834b81ea96c596f785393147378dd7b4ac993ec5c2c0511185053dcce38b1899c0f5c7dec06c1c67bc03728819419c3f5f26e0e03aa7fdaf76d7b68cee3584362b49024364fb720e6849b321bf09b1245d137536c1c20ff57297418cb9e8a8cdd303600f0d9970e09765dc6c8f50770c98557c9fc33ce7d6d4630f2aefab95624b527b70b1e5d24beaeb75eba76aad0408a25a493037d0ccd228be61f4c0eeadd81e56a44d55861734134d52c37c317b761c54c56ff20e1806d7e8722947b0a7289e8c6cf3efbacc27716b0c401d55cda8d7df47f0a5adb86a0e702435ae5db29fba0a9b01a28b09d8b3971f2ee33f0860e95e6f4d1dd37d3bc0a5f205f6708fb2279d3d841b156d9e9352359c8291c1a8909c7bd47d3823b60e9005ec31c0672c6a550b2cee7b147c0bed65104409b9c602ff6cbdf999d217c23fafd940c2589a75c03125a09e9d273d694ba9a13ae2b1205037519df9707d9d887ea701cdedd21aeb56c0700407dbb74ca8bbcc1ed45899639b9a4ae292265d5afd31e5419e2fd433d5e6a103ac8c96e095954d5f78b2907c1d4063520307053cbd52658e6c2eacb07e252575b5c4cc0789014d7bdeb94dc9db38ce4c22fc5227e48a5cdce27f49be75e7e815abaec2ddc279cf52d6b879c4b471d666968cec547539dfe8c5730fecd749dc803c2b0c7d78243033211e460feef6a9b67b1637bbc864960c5121524dc5943af69e288adbb63a6cb20d4e2f9419e24d0f6d1c25ad05f1adce0fd150006340ca140b9fd2e13aaf3e1721ff5022608c8aac846afc800e393ee6c2602af9c5b5a14c40623aa154f7f8cf05844cb1e63ec064c85c7383409dbabbbe2e431ae6fce8958ea9bee4cffc7eb67a7700e0ae171191890d09743023d465efda20682407b6a2ae95a8e5743ece2490b500b46e7de4407a844323decb19738ab1c4d3e118c261ca4cba36ebb71389db8fa3d38240252ae84d1648c171aa1b4ed2194cc764a9aed388c8beb744f1696547ebd971b2dfcefa0ebdfdcd6e0f319e3923fa76aa44125181f2d7fbdfd6e3e177dd492d0f1a996254e97e724912de1b4f64ea4d447cb0fa8e639a7f449611827d7627adc7a2430d76010cf50dfb13ea9bca9c98099d0926de7731ed13576b76e7b0a80118fe728e1a1ff726d8fce0b6ebf9eb241307847547f20baef1683757bbbe8a36d3891e8811182ca75b7888812d117a45f1443df36bbea91fd32f8c545ebaceef54350c5b8d49b4d0f1bce5e2e4dc1c0d9c82360d94ea7e84842d8e2bf2d98d262d9188ba70d558beb50126bf168541ea1f1c8177a7ed9edd7005fc24bb01fc358f1232ef67c528ddfd84f16bf66afaa3f2442cf69f89bf049d908e73e835b4e702573bd530e3b5e09c969f89497bb1c022b67c5b90ff53930acd87e43ea5413aea0c571956bea02a615e43129e384b7e4274d06e2e6c627fcfb4e197590930131b809fad5cb65814dc117880cc3bfc0f95dd4df1c043c376b450c1cc64508f0e6e6033860332fc6bccfc2cee86c487e1dd992aad8a87882b571c2dfefcebd8d1ddd982aabcf3ca6044fdc968ba09742e61da174702ecce67140d75c6a0c13b6c8300a14a2908b49abd913f6da45f2e0fa97830ac2e7e74540f18eed533074c98883916910a14f8a7b36affee46ec9f32c779d1eaf5122a40b78416bafbd86b70ba83d4ddeb2b2e2c882bc42a77c5f8f92e1490ecae4c95155cb3ff786cd71901c583dd3a0013c9d2d8f37068944069bc9db4f5d17e1657f4beb1375489fdea3fb47321009eb4ce2eac7e5839a9129669fd4bc693d39daa673deb39c2b671ba9b937d6d1d74673dd429eb03c3b0a5d0a4bcca6428760b6d9d163586b06ca5bdaeef54c75cafce113185e5fefaf05ed7295270c1b588db2ecc32b0ed94bbcfe1870c76fb8f86f8f9c14e35276d63d7291d4e9ec4111e47630ef6567046ded1b74bc0b4d79d481fe1dc5237f811913d5935098c278fc15af5c7f22908171e5c5036fe2bf64abc25955d50ffcfcadf1e3b5fa01cbe5e9305c3ea1ffac2bb9cd12372bbe5f1e30311c985b9400533dc761e6cb4e887308c943b015c148012e536b55d2e2a602e36531d96d23296e44488d4a593fb9162148ea84e00672f63322166975e166f76a6c6c51d05e5704dd9dbd8094c35ead8ee2d824e24a8a3034ba548157c303b2e68fc6b97fc3f57203da115bcdfc0740ca7237bcb64b85eec09758ce30bf89f950c3bfc0a23b5bec03c1e75d0656bb0684bf3511c0f0dda2da04199b125a99a18743905902a75c37bcd074e340bdcd519fbe978b9862fdc707693ea44adee4c10c7666c4f207ed74c72cae14d191ea6a7e11b86962d24045c62204bb7a53d123ab2bdc6c2c41f078eeb963e3dc028c970d24450fc697eeebca6b7f0092932b76b426d7608e7e9537cb510ff854cd32cf4dfd178ed933f16b60507d2a16d6622a049313ef8929b72347203365ec55ed69e9cbab72cafc117c9eb91215ceeba9c9b871d365bb90055765fd1643e0120016488d1178ca11c906c26454c828d2113d5f41c5a1a69f8d31ac9449e662a0d2cd97afe11c84bfba7b3f746b2db30bcfa8410610644ced520f32c63222a9801da1dbb6420aacb5b0a48be265e2a43966c4f1d0a220d9a5747733036ab870cfc4d6db61ea0437b544879ed8792d1b168fa598129cd929489f38d164748a70f0206b22c35037274a73f43f22079c0a1e06b5675f25d0c8c2c1ef4ab4949ae3866f29b15e189f973a1a3b35edd1d3aa4cba85079cc159f3190ec5293dfd53ea7fd43d5b2b57c7c5f5820325e6c5cc04a24607514b1addb158b40b7f35e4cdc3d94f5f40b4f092111aaa28080d24a348acba992b43208181c7f8be6e816e0c1699d192fa14af756567bbbf24773442013f31314765266d0cca6506ce244b2016b0451a06a3f1db62efa1bb8417e91bc909a3b532c8884f3fad2dffc4cdbfc56c6d21f0f02b8bf16bbee485324930a7031077880d4808136903ba8e414962faa603e6f4a7caf4856b63d5a9318884c17c7382aa65a21b6ac72d284762af33472922575a18d0ce5225af375fd02a32a549f9ea702ee283f372833777b626800ef2c5248b759c70e5", 0xa8c}], 0x1) [ 189.064260] IPv4: Oversized IP packet from 127.0.0.1 [ 189.081429] binder: undelivered TRANSACTION_ERROR: 29189 [ 189.089978] binder: undelivered TRANSACTION_ERROR: 29201 [ 189.150609] binder: 16365:16366 got transaction with invalid offsets ptr [ 189.160680] binder: 16365:16366 transaction failed 29201/-14, size 40-8 line 2991 [ 189.193644] binder: BINDER_SET_CONTEXT_MGR already set [ 189.208807] binder: 16365:16373 ioctl 40046207 0 returned -16 [ 189.229628] binder_alloc: 16365: binder_alloc_buf, no vma [ 189.235353] binder: 16365:16366 transaction failed 29189/-3, size 40-8 line 2963 [ 189.261842] binder: undelivered TRANSACTION_ERROR: 29189 [ 189.267455] binder: undelivered TRANSACTION_ERROR: 29201 [ 189.817802] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:57 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x0, 0x0) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:57 executing program 4: r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x5, 0x6a0082) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f00000000c0)={&(0x7f0000000040)=[0x1f6d, 0x0, 0x116, 0x1, 0x1], 0x5, 0x1f, 0x6, 0x8, 0x1, 0xb7b9, {0x101, 0x7, 0xff, 0x9, 0x8, 0x3, 0x689a, 0xc5f, 0x0, 0xab70, 0xffffffff, 0x5, 0x20, 0x3, "f8f3ea339718231493a232774ccf22a54a40e779eee95acd97bfb907759162f9"}}) r1 = socket$netlink(0x10, 0x3, 0x9) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000080)=0x15, 0x4) 2018/04/09 20:47:57 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0823b261a2", 0x48}], 0x1) 2018/04/09 20:47:57 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0)={0xffffffff}, 0x13f}}, 0x20) write$rdma_cm(r0, &(0x7f0000000240)=@accept={0x8, 0x120, 0xfa00, {0x3, {0x3ff, 0x10001, "1d123c02eac324f961260d339c8a796cb2f4024bcb4d5887a4cbd97a1db33f3e60aa2ef1f0712c0dccb2594b6c9225c7b91eda0156f35ec18b2e0540001bc18e391363aef4e0facdacfe0f6f03f0d5e700c053d2e05b783cb00520d108215016c9ec0370a51787be093139885ace5e820575357b5e330290a68c5f4dbeaea3dc7a8083949add1748bcbc74f49ecfbd44b69942c4548c312e3449f9b445b3ef62765806be080613ff936e81f4fcd2c97eedc9d83685760b6c3648fd3753d3f96bb1d8eff80901f0c6d871102e9e020404c081c7a1ec8dfa8a8e22626689d5f9dbb87c48d93f9c9df55fe96fe320c3f6936e0cc98de355111cf6027d04759bd5e3", 0x2f, 0x6, 0x400, 0x6, 0x6, 0x101, 0xfffffffffffffff7, 0x1}, r1}}, 0x128) 2018/04/09 20:47:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000200)='/dev/binder#\x00', 0x0, 0x2) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000000)={0x0}) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000040)={0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x2c, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="03630840", @ANYRES64=r1, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES64=r2, @ANYBLOB="0100000000000000"], 0x86, 0x0, &(0x7f00000000c0)="f6ee99158dd5be854b5f5e18da2185d8cc30b6a70a31ccaea635b4ba9c3beaaa586759da7ed2b73d3a056adbe89055c8c69d08d4881a0a61b27676ae77bc461b0cb1d1976523338e804fc66fc9989901d992c17d0c0709da0d001fd39dc400c7ebfc4b74768de4ab441d69eaa736346f6e574ea1795f196a29600386df894ec6eb631b578d4a"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:57 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0x0, 0x20000802, &(0x7f0000000000)={0x2, 0x4e23, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) r1 = socket$bt_cmtp(0x1f, 0x3, 0x5) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000280)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f00000000c0)='C', 0x1, 0x0, 0x0, 0x0) ioctl$sock_ifreq(r0, 0x89bd, &(0x7f0000000100)={'erspan0\x00', @ifru_names='ip6_vti0\x00'}) setsockopt$bt_BT_POWER(r1, 0x112, 0x9, &(0x7f0000000140)=0x8, 0x1) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x2, 0x4) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000880)="dcc303c7a2f9bcdcd69540fb526c4507f742d32a4d21b3feee1079a4bdf95c8eea3534afafe07812a6f20133103cb4adc045cfa3be40b7ac92a2e1d3d231e4768407d11de0f875316033319ac753669a9bc6d59cf9070ded8c2c33af4075303b470ba5872675986f9ac2a9a509eaac27ae9ce20a80a56478a99f91a15df26d1286033f4618b480517c2ea79a2e946ab3fc09e1d40e9f9e6628cbe8956c4a4fa429f67cdcbdc572baac36a76e83743508e912c41f9a4ef392db5b0163c2d412780cc5b26a9504575e69f77c681852cb3055e8b0507251e390dfe7f354ecb7552c42cadcdc7d199be3207d634a5573f12263b8ab6503b8b3d592145b5e520c565e117133bee6956ddc6b4b5c27d966a5db3d3405529a1dfa16c20cb2a413766be23cf2aa41e13ebf53dd4f7e9eeca9f48aae01b65ab849480e69ce51e1497279950b0f3c392211288239d86bc05d9f7a60b260151262804d286dbc0c4e31a2d9fdb7fb56714f7f1dbda9e72926f080ffa84d35ba645d46ba813f01c5ef8315577192218e1547734edd8cabb4f0b004866bb8cbe6d7c8ca4b8e457be9709a3bc113b7e1fb77fc6c4e5a6c37c1cd29a9941e5518823b81b815dbe1946707420c42ea2c8a654e6c648e342b69012df25482f8e332ba23c15fd9ab429bf4c45e752010a834b81ea96c596f785393147378dd7b4ac993ec5c2c0511185053dcce38b1899c0f5c7dec06c1c67bc03728819419c3f5f26e0e03aa7fdaf76d7b68cee3584362b49024364fb720e6849b321bf09b1245d137536c1c20ff57297418cb9e8a8cdd303600f0d9970e09765dc6c8f50770c98557c9fc33ce7d6d4630f2aefab95624b527b70b1e5d24beaeb75eba76aad0408a25a493037d0ccd228be61f4c0eeadd81e56a44d55861734134d52c37c317b761c54c56ff20e1806d7e8722947b0a7289e8c6cf3efbacc27716b0c401d55cda8d7df47f0a5adb86a0e702435ae5db29fba0a9b01a28b09d8b3971f2ee33f0860e95e6f4d1dd37d3bc0a5f205f6708fb2279d3d841b156d9e9352359c8291c1a8909c7bd47d3823b60e9005ec31c0672c6a550b2cee7b147c0bed65104409b9c602ff6cbdf999d217c23fafd940c2589a75c03125a09e9d273d694ba9a13ae2b1205037519df9707d9d887ea701cdedd21aeb56c0700407dbb74ca8bbcc1ed45899639b9a4ae292265d5afd31e5419e2fd433d5e6a103ac8c96e095954d5f78b2907c1d4063520307053cbd52658e6c2eacb07e252575b5c4cc0789014d7bdeb94dc9db38ce4c22fc5227e48a5cdce27f49be75e7e815abaec2ddc279cf52d6b879c4b471d666968cec547539dfe8c5730fecd749dc803c2b0c7d78243033211e460feef6a9b67b1637bbc864960c5121524dc5943af69e288adbb63a6cb20d4e2f9419e24d0f6d1c25ad05f1adce0fd150006340ca140b9fd2e13aaf3e1721ff5022608c8aac846afc800e393ee6c2602af9c5b5a14c40623aa154f7f8cf05844cb1e63ec064c85c7383409dbabbbe2e431ae6fce8958ea9bee4cffc7eb67a7700e0ae171191890d09743023d465efda20682407b6a2ae95a8e5743ece2490b500b46e7de4407a844323decb19738ab1c4d3e118c261ca4cba36ebb71389db8fa3d38240252ae84d1648c171aa1b4ed2194cc764a9aed388c8beb744f1696547ebd971b2dfcefa0ebdfdcd6e0f319e3923fa76aa44125181f2d7fbdfd6e3e177dd492d0f1a996254e97e724912de1b4f64ea4d447cb0fa8e639a7f449611827d7627adc7a2430d76010cf50dfb13ea9bca9c98099d0926de7731ed13576b76e7b0a80118fe728e1a1ff726d8fce0b6ebf9eb241307847547f20baef1683757bbbe8a36d3891e8811182ca75b7888812d117a45f1443df36bbea91fd32f8c545ebaceef54350c5b8d49b4d0f1bce5e2e4dc1c0d9c82360d94ea7e84842d8e2bf2d98d262d9188ba70d558beb50126bf168541ea1f1c8177a7ed9edd7005fc24bb01fc358f1232ef67c528ddfd84f16bf66afaa3f2442cf69f89bf049d908e73e835b4e702573bd530e3b5e09c969f89497bb1c022b67c5b90ff53930acd87e43ea5413aea0c571956bea02a615e43129e384b7e4274d06e2e6c627fcfb4e197590930131b809fad5cb65814dc117880cc3bfc0f95dd4df1c043c376b450c1cc64508f0e6e6033860332fc6bccfc2cee86c487e1dd992aad8a87882b571c2dfefcebd8d1ddd982aabcf3ca6044fdc968ba09742e61da174702ecce67140d75c6a0c13b6c8300a14a2908b49abd913f6da45f2e0fa97830ac2e7e74540f18eed533074c98883916910a14f8a7b36affee46ec9f32c779d1eaf5122a40b78416bafbd86b70ba83d4ddeb2b2e2c882bc42a77c5f8f92e1490ecae4c95155cb3ff786cd71901c583dd3a0013c9d2d8f37068944069bc9db4f5d17e1657f4beb1375489fdea3fb47321009eb4ce2eac7e5839a9129669fd4bc693d39daa673deb39c2b671ba9b937d6d1d74673dd429eb03c3b0a5d0a4bcca6428760b6d9d163586b06ca5bdaeef54c75cafce113185e5fefaf05ed7295270c1b588db2ecc32b0ed94bbcfe1870c76fb8f86f8f9c14e35276d63d7291d4e9ec4111e47630ef6567046ded1b74bc0b4d79d481fe1dc5237f811913d5935098c278fc15af5c7f22908171e5c5036fe2bf64abc25955d50ffcfcadf1e3b5fa01cbe5e9305c3ea1ffac2bb9cd12372bbe5f1e30311c985b9400533dc761e6cb4e887308c943b015c148012e536b55d2e2a602e36531d96d23296e44488d4a593fb9162148ea84e00672f63322166975e166f76a6c6c51d05e5704dd9dbd8094c35ead8ee2d824e24a8a3034ba548157c303b2e68fc6b97fc3f57203da115bcdfc0740ca7237bcb64b85eec09758ce30bf89f950c3bfc0a23b5bec03c1e75d0656bb0684bf3511c0f0dda2da04199b125a99a18743905902a75c37bcd074e340bdcd519fbe978b9862fdc707693ea44adee4c10c7666c4f207ed74c72cae14d191ea6a7e11b86962d24045c62204bb7a53d123ab2bdc6c2c41f078eeb963e3dc028c970d24450fc697eeebca6b7f0092932b76b426d7608e7e9537cb510ff854cd32cf4dfd178ed933f16b60507d2a16d6622a049313ef8929b72347203365ec55ed69e9cbab72cafc117c9eb91215ceeba9c9b871d365bb90055765fd1643e0120016488d1178ca11c906c26454c828d2113d5f41c5a1a69f8d31ac9449e662a0d2cd97afe11c84bfba7b3f746b2db30bcfa8410610644ced520f32c63222a9801da1dbb6420aacb5b0a48be265e2a43966c4f1d0a220d9a5747733036ab870cfc4d6db61ea0437b544879ed8792d1b168fa598129cd929489f38d164748a70f0206b22c35037274a73f43f22079c0a1e06b5675f25d0c8c2c1ef4ab4949ae3866f29b15e189f973a1a3b35edd1d3aa4cba85079cc159f3190ec5293dfd53ea7fd43d5b2b57c7c5f5820325e6c5cc04a24607514b1addb158b40b7f35e4cdc3d94f5f40b4f092111aaa28080d24a348acba992b43208181c7f8be6e816e0c1699d192fa14af756567bbbf24773442013f31314765266d0cca6506ce244b2016b0451a06a3f1db62efa1bb8417e91bc909a3b532c8884f3fad2dffc4cdbfc56c6d21f0f02b8bf16bbee485324930a7031077880d4808136903ba8e414962faa603e6f4a7caf4856b63d5a9318884c17c7382aa65a21b6ac72d284762af33472922575a18d0ce5225af375fd02a32a549f9ea702ee283f372833777b626800ef2c5248b759c70e5", 0xa8c}], 0x1) 2018/04/09 20:47:57 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(0xffffffffffffffff, &(0x7f0000000080)="907da4fbb03bb13042ca220bab98e67bc0dd76f20c0486804f9cf3f4313b47d2a7d2864672ec0a98c722f75a051c832396443b9041ba6542c8f517d50444a31ce078c096d7602c896921e31aef8346d855750bb6275acd98f10aa908f349877a51a21f5eaea41605bcb5d2f3703c0df16ab826ba14e21fb76eaf4ae18b92daa0cf331bf8c23305ab4e99fce2e8aef54f7db93fdfaa1c8b308dfbd8ec20200ddb7d64e4af49dff99b18a7b932d96006be16882a743cbff25786f9bdcc17514c7f6289ac6d87a1", 0xc6, 0x200, &(0x7f0000000040)={0x2, 0x1000, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:57 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x8) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) [ 189.901059] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 189.976276] dccp_xmit_packet: Payload too large (65423) for featneg. [ 189.989995] binder: 16405:16414 got transaction with invalid offsets ptr [ 190.012494] dccp_xmit_packet: Payload too large (65423) for featneg. [ 190.018520] binder: 16405:16414 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:57 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0223b261a2", 0x48}], 0x1) 2018/04/09 20:47:57 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000d40)=@create_id={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000680), 0x13f, 0x5}}, 0x20) write$rdma_cm(r0, &(0x7f0000000e00)=@create_id={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000dc0), 0x0, 0x1000}}, 0x20) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {0xffffffff, 0x0, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rfkill\x00', 0x240, 0x0) ioctl$TIOCPKT(r1, 0x5420, &(0x7f0000000240)=0x80000001) r2 = dup3(r0, r0, 0x80000) symlinkat(&(0x7f0000000000)='./file0\x00', r2, &(0x7f0000000080)='./file0\x00') 2018/04/09 20:47:57 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0x29f, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback=0x7f000001}, 0x10) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYBLOB="9cc2d54687e489475c554cbe21"], &(0x7f0000000280)=0x319) io_setup(0x2, &(0x7f0000000080)=0x0) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180)='/dev/hwrng\x00', 0x4000, 0x0) r4 = syz_open_dev$vcsn(&(0x7f00000003c0)='/dev/vcs#\x00', 0x10000, 0x4000) io_submit(r2, 0x1ffffffffffffd9a, &(0x7f0000000440)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x7, 0x7f, r1, &(0x7f00000000c0)="fc1d72105b32654c55ddf4bcd0d9b6c1c69a4c5c00e8d679a6e3db238058f686ae2badf900adaacc373bf14852e820300b30cfcdaf03008440ff6d94e981a2d15888528b4c54bde7c7c00ab2655f56f332b05a574633114d43148a8f004230b2c7c80f54d135a6ada299295622c97907e0aaab4b9dcd85f5795e7d9f4be18cfa03d6108e47249929983a0174ef26bb1266e410c6e2c8d8deb9479b9feb82d6ede97bbf53559e49abdb1c8a085e81ea46eb85", 0xb2, 0x2, 0x0, 0x1, r3}, &(0x7f00000002c0)={0x0, 0x2000000000000, 0x0, 0x1, 0x10000, r0, &(0x7f0000000200)="bbdc19e4ae157abc688f664661fd7432b93c4720ff975631248248b8e03b21689f37e417fa7aceea9ee261a04ec3a8dc3d03fa8a201a293ca6956c437d7a2ccd57a0d6729ef18159a94251d73325b092f4fa60afe6b8c7", 0x57, 0x7, 0x0, 0x0, r0}, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x4, r0, &(0x7f0000000480)="9e7956c46d72b258bbd3662888aa67895025c2af3a01be3b31daed0e6aad77990fe1622a0b7e0b9abf682ae1aa8bb73614ae570e8142590883585e9552713645bdbff945041f9d26ebe5fdf33b0af7d7f9fb290c8076babc9e9b2e86c47e039ca81be34084db059f752747ce4155ed579c52890800f7a7e156dcc407c134c027bd6d04c846c1b57536d36c898212fb4441fc1201eafbf1e83c6caf10a0bfd16fd86a59473a58b2c7a7606d56bcbdd16e648aa152cb9733ab047af247ae6becc48d472fe1ca36617a8106dfb21ba1c54fbc27", 0xd2, 0x7, 0x0, 0x1, r4}]) sendmmsg(r0, &(0x7f0000009240)=[{{&(0x7f0000004540)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(cbc(twofish),sha1-avx)\x00'}, 0x80, &(0x7f0000004880), 0x0, &(0x7f0000004900)}}, {{&(0x7f0000007bc0)=@l2={0x1f}, 0x80, &(0x7f0000007d40), 0x0, &(0x7f0000000000)=[{0x10, 0x1, 0x172f9d4c}], 0x10}}], 0x2, 0x0) ioctl$TIOCGSOFTCAR(r3, 0x5419, &(0x7f0000000300)) 2018/04/09 20:47:57 executing program 5: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) userfaultfd(0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socket$packet(0x11, 0x3, 0x300) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4, 0x21e}, 0x35e) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0xff16, &(0x7f0000000240)}, 0x10) socketpair$inet_icmp(0x16, 0x29, 0x30, &(0x7f0000000180)) [ 190.059259] binder: BINDER_SET_CONTEXT_MGR already set [ 190.064835] binder_alloc: 16405: binder_alloc_buf, no vma [ 190.070590] binder: 16405:16421 transaction failed 29189/-3, size 40-8 line 2963 [ 190.073811] binder: 16405:16414 ioctl 40046207 0 returned -16 2018/04/09 20:47:57 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) getsockopt$inet_mreqsrc(r1, 0x0, 0x28, &(0x7f00000000c0)={@remote, @dev, @local}, &(0x7f0000000080)) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(0xffffffffffffffff, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) [ 190.160663] binder: 16405:16414 BC_FREE_BUFFER u0000000000000000 no match [ 190.168220] binder: 16405:16414 unknown command 0 [ 190.182453] binder: 16405:16414 ioctl c0306201 200001c0 returned -22 [ 190.206942] dccp_xmit_packet: Payload too large (65423) for featneg. [ 190.230427] dccp_xmit_packet: Payload too large (65423) for featneg. [ 190.248361] binder: undelivered TRANSACTION_ERROR: 29189 [ 190.983969] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:58 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0xfffffdef}], 0x1) 2018/04/09 20:47:58 executing program 4: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000c45ff7)='/dev/dsp\x00', 0x80001, 0x0) write$eventfd(r0, &(0x7f0000006000), 0xff03) mmap$binder(&(0x7f0000624000/0x4000)=nil, 0x4000, 0x3000002, 0x22812, r0, 0x0) ppoll(&(0x7f0000254ffc)=[{r0}], 0x1, &(0x7f0000ebf000)={0x0, 0x989680}, &(0x7f0000599ff8), 0x8) 2018/04/09 20:47:58 executing program 6: syz_open_dev$admmidi(&(0x7f0000000180)='/dev/admmidi#\x00', 0x1, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x92540, 0x25) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000080)={@reserved=0x1}) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f00000005c0)=@create_id={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000580)={0xffffffff}, 0x1, 0x6}}, 0x20) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f00000001c0)=0x3) ioctl$KDGETMODE(r0, 0x4b3b, &(0x7f00000000c0)) write$rdma_cm(r0, &(0x7f0000000140)=@listen={0x7, 0x8, 0xfa00, {r2, 0x800}}, 0x2eb) getsockopt$packet_buf(r0, 0x107, 0x3, &(0x7f0000000600)=""/4096, &(0x7f0000000100)=0x1000) write$rdma_cm(r1, &(0x7f0000000240)=ANY=[@ANYBLOB="09000000080100fa", @ANYRES32, @ANYBLOB="008b60732fd5c742e17ecf92b02a7c1c49316b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"], 0x110) 2018/04/09 20:47:58 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x400000000020011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) write$binfmt_misc(r0, &(0x7f0000000000)={'syz0', "0ad8e5f74305b1523bef4b720fbf7871bb44973814ed4f68ad1b020038d35ac2063f24f39aec4249d8aa79eef7f7cee158b7059d915bd055f3c2a9d111719b31d57e3fcf094952c4e8cc10266fe4c72d14b4f8f57dea986a23f1ac209fa0c95f8891bc4b598172e64b4fdb123dc5d720801d0694f725f921a839a5d0344d6ddbc4ddbfcd8b615ca058e7ee64"}, 0x90) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000240)}) 2018/04/09 20:47:58 executing program 5: r0 = memfd_create(&(0x7f0000000140)='dev ', 0x0) write(r0, &(0x7f0000000180)="16f91220a8c7a6", 0x7) sendfile(r0, r0, &(0x7f0000001000), 0xffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x11, r0, 0x0) memfd_create(&(0x7f0000000080)='dev ', 0x3) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000000)={{0x0, 0x1c9c380}, {0x0, 0x989680}}, &(0x7f0000000040)) 2018/04/09 20:47:58 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x0, &(0x7f0000000080)=0x1, 0x4) fchdir(r0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x8) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(0xffffffffffffffff, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 20:47:58 executing program 0: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) mremap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x3000, 0x2, &(0x7f0000011000/0x3000)=nil) umount2(&(0x7f0000000200)='./file0\x00', 0x0) timerfd_create(0x0, 0x0) syz_mount_image$minix(&(0x7f0000000300)='minix\x00', &(0x7f0000000340)='./control/file0\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0) close(r0) 2018/04/09 20:47:58 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000040)) mkdir(&(0x7f0000029ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000ad4000)='./control\x00', 0xa4000960) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000080)) readv(r0, &(0x7f00009a4000)=[{&(0x7f000022c000)=""/32, 0x8}], 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000e21ff6)='./control\x00', 0x0, 0x0) [ 191.048596] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. 2018/04/09 20:47:58 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0xc0}], 0x1) [ 191.115321] binder: 16465:16473 got transaction with invalid offsets ptr [ 191.149721] binder: 16465:16473 transaction failed 29201/-14, size 40-8 line 2991 2018/04/09 20:47:58 executing program 6: r0 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x0, 0x80000) ioctl$KVM_SET_IRQCHIP(r0, 0x8208ae63, &(0x7f0000000240)=@ioapic={0x13003, 0xccb0, 0x6ab, 0x5, 0x0, [{0x7, 0x7, 0x6, [], 0x8000}, {0x1, 0x101, 0x1, [], 0x9a}, {0x4, 0x7, 0x8000, [], 0x7fffffff}, {0x7, 0x5, 0x6, [], 0x1}, {0x2385ce48, 0x7, 0x7}, {0x4872, 0x2, 0x8000}, {0x9b, 0xfffffffffffffffa, 0x3, [], 0xfff}, {0xd56, 0x0, 0x4, [], 0x7}, {0x1000, 0xa5a, 0xfff, [], 0x7f}, {0xb4, 0x2, 0x7fff, [], 0x5}, {0x6, 0xffffffffffffffff, 0x7fffffff, [], 0x9}, {0x7c, 0x4, 0x2, [], 0x5}, {0x177, 0xc6c4, 0x9, [], 0x3}, {0x0, 0x2, 0x8, [], 0x3}, {0x7174, 0x4, 0x10001, [], 0x9}, {0x5, 0x100000000, 0x0, [], 0x6}, {0xe7, 0x80, 0x9, [], 0x24}, {0x8, 0x0, 0x8, [], 0x6}, {0x1, 0x1, 0x7fffffff, [], 0xfffffffffffff000}, {0x1, 0x0, 0x2, [], 0x4d13dae8}, {0x27b9, 0xb8, 0x3ff000000000000, [], 0xfff}, {0xb14d, 0x2, 0x1, [], 0x6}, {0x100000000, 0x7ff, 0x2}, {0x9, 0xa3, 0x8, [], 0x5}]}) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2) write$rdma_cm(r1, &(0x7f0000000700)=@create_id={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0), 0x13f}}, 0x20) pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000340)="16abf96a53477fbb800898f541199067c42270c4430cee88d85550a5d2bf52004b8819068fddb63181468acadf3d4e68b6f4f44478b91fc6733b6432a8d4790ad48194ba6f29818689d9820cb00a07eee47c7841158fb26de6d3db9acb9cbdccf71aac00ffbfb8e40e0ce917815b52c9353a78590544b18a4b222f34278d98df65e792eafb9680535409763adf290cccf91194ce04b6295537c84d", 0x9b}, {&(0x7f0000000400)="e9d3f744fa46faddf95fa74208a14877456b98b7fea22289e13327863320cecdcd45b4d3e62a0604d6ccd8bd63d082fa99b0d5e96da40b91aabdac5624bfd673079c8b630feae55ba7e4c1c37340c0be04e8b629727d6e3bc2123dbd2b1f7f991006ad9d4c0b5b834f08ed8ee6ad87b19956367d5739f377d70bafdcb335742df70e2d9d57f003a3ff7dbe19f4489242dc9626668bdbe1da5aea362ac84e2c10e65b90de16498c05906a523558fe5a34ab52d9cfb9360dd910db36756819b094bc3dbd1dd92f7cf769d6ab896d", 0xcd}, {&(0x7f0000000500)="fd0a2b332796529c5febeac979c223f8470fe4a741b7b76a2926c35e09d3f43a20be260a862087928bb4c9a2bea1c4a279b77b9b4a5e3dfa2a499e3ca612c2e44a4c8608a4143f64d518efad2bec1485ba686f66b5c676f40a3e083a2900bf518baf474c6bf6e444c808edb1f0e9c8e7005d7a112711b49785eb38b6525b0b3fa0c469d7ab7040d9f23b7af997a2", 0x8e}, {&(0x7f00000005c0)="9263f1a74b2428fdef30b7314e63889a31f1324e014f6a0219bc9140c66bc7fed00e4f86b493a8bf9a127c84d67ada71063e9e3477791231eccf96196279155b72c75cc4cd23538d0fba3150ed7ae5faf36ce8fdbe0c90737ba0925f9f3c78c292de466985c823895559cb5c3f0d5d5bc9252302df8d9d7389e6f2af01d913604d4f0b77bc409ce279151d6c10048d023695789a9c35fb2f2449ed379a6e069d0f99c8fb8c1bdaf6bc0d3b537c41ad74ac80a65f18c2a0528adcb7850f81ad8d8008197e2251153e238dfcfdba150496e00d32a4a12d207c38bbc9545d5834e6de238fac34fde1e0da495c41bb6623a7110d2a7323bc", 0xf6}, {&(0x7f0000000740)="4daf416f7fa0fed82974bcadd2f26b1ed351e2bd0238ea5f3cfdfca9a5ee47b1df22573e646f31556777a605342c556ed9e5954ea396eec29781e439f3589f396a58bfd2a895504d79a2ca0244615e6ed8d0915a8da33ad45f5a7d86364b928e5021f7ef7b0df97f0bfa1a8649c96813c2838e21454cc3295be915c4c1bfbc9a606009a80f75818a52d752c059cf90417307a40ba3496b553de37571029722773d644c48355e309de9912656b1e6c101c08f9b228f99c93b", 0xb8}], 0x5, 0x0) 2018/04/09 20:47:58 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00') listen(r0, 0xf1f) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fchdir(r1) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r1, &(0x7f0000f8aff1), 0xff8f) sendto$inet(0xffffffffffffffff, &(0x7f0000494f01), 0x0, 0x0, &(0x7f0000198ff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) [ 191.181756] binder: BINDER_SET_CONTEXT_MGR already set [ 191.207140] binder: 16465:16486 ioctl 40046207 0 returned -16 [ 191.216622] binder_alloc: 16465: binder_alloc_buf, no vma [ 191.222323] binder: 16465:16473 transaction failed 29189/-3, size 40-8 line 2963 2018/04/09 20:47:58 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000312ff0)=[{&(0x7f0000000080)="480000001400190d090043eafd068c560affffffffe00600003a984fb2bff49a3326a6ffffffff00000000bc5603ca00000fff890000000309ff5bff87c3e4cb6b716c0123b261a2", 0xec0}], 0x1) 2018/04/09 20:47:58 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000018d8ff00004aa24b47a2da906d94a4eb1ae380099d5f8da874d260b60a02ecebe78241844925b07c61c211564036c2ff", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYRES32=0xffffffff], @ANYBLOB="3f01000000000000"], 0x20) write$rdma_cm(r0, &(0x7f0000000100)=@reject={0x9, 0x108, 0xfa00, {r1, 0x0, "8b6073", "2fd5c742e17ecf92b02a7c1c491c6b3cdd043ce3d2c238a85ced9dc1c0c6c063f94b7d7ea49fefb8fb57f1fe99e791f631679efe71a08d75ececa1ae42023cea1cf3308d3f6542360cdcddaf39d4301a881af3b3c5bf5550d7d0e2b338c3b04d2d601756ad6dbd85524249d3ab5e576bcadcde06d69a62a2b9346c31f30e64aac1970edae186b3c239edafd6949686f28cccedbb19b7097703b1712f93370c9d4cf7195b3cd30207eea971029c95924032c43b80c1a60a4666d48d55f35c78897fede2145abfae0e1c315e2c5af60e9be84587096bab00c0dc82e30d731119127e9ce552644a4986fc411502daa03fb0fbd27ed46a446e6f3c674f5d1fc1313d"}}, 0x110) [ 191.268806] dccp_xmit_packet: Payload too large (65423) for featneg. 2018/04/09 20:47:58 executing program 1: r0 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x66, 0x4000) ioctl$VT_RESIZE(r0, 0x5609, &(0x7f0000000040)={0x2, 0x8, 0x7}) r1 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x10000000, 0x2001d, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x3c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000280)={0xfffffffffffffcf2, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="43be7a99b9a38289bf8e8aea62adca296571eac4eea0f919e5ea42a234fa5e9f1aeb8d0873541b0c55ac9616d11c0f5a25ea04000000c5b3d102fee7d85d40c5cb451bcd643d0ac4e6d7b66baa6d7f28325293cf98572a5e63dcd6d269a0da011682f67ffe44d81aaf95494a2dff6bb6748bcb15dac015a026b50cac75d55d15bdc47cecda"], 0x0, 0x0, &(0x7f0000000240)}) [ 191.317705] dccp_xmit_packet: Payload too large (65423) for featneg. [ 191.318703] binder: undelivered TRANSACTION_ERROR: 29189 [ 191.349645] binder: undelivered TRANSACTION_ERROR: 29201 [ 191.374732] binder_alloc: 16507: binder_alloc_buf, no vma [ 191.380419] binder: 16507:16508 transaction failed 29189/-3, size 40-8 line 2963 [ 191.397563] binder: BINDER_SET_CONTEXT_MGR already set [ 191.407213] binder: 16507:16511 ioctl 40046207 0 returned -16 [ 191.424871] binder_alloc: 16507: binder_alloc_buf, no vma [ 191.430628] binder: 16507:16508 transaction failed 29189/-3, size 40-8 line 2963 [ 191.465972] binder: undelivered TRANSACTION_ERROR: 29189 [ 191.472010] binder: undelivered TRANSACTION_ERROR: 29189 [ 192.109831] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 192.171139] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop0. [ 324.335024] INFO: rcu_sched self-detected stall on CPU [ 324.340474] 1-....: (124999 ticks this GP) idle=1fe/1/4611686018427387906 softirq=59879/59879 fqs=31205 [ 324.350908] (t=125000 jiffies g=32608 c=32607 q=180) [ 324.356181] NMI backtrace for cpu 1 [ 324.359793] CPU: 1 PID: 16485 Comm: syz-executor4 Not tainted 4.16.0+ #14 [ 324.366707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 324.376307] Call Trace: [ 324.378885] [ 324.381040] dump_stack+0x1b9/0x294 [ 324.384751] ? dump_stack_print_info.cold.2+0x52/0x52 [ 324.390099] ? lock_release+0xa10/0xa10 [ 324.394151] nmi_cpu_backtrace.cold.4+0x19/0xce [ 324.398805] ? lapic_can_unplug_cpu.cold.26+0x3f/0x3f [ 324.403987] nmi_trigger_cpumask_backtrace+0x151/0x192 [ 324.409253] arch_trigger_cpumask_backtrace+0x14/0x20 [ 324.414430] rcu_dump_cpu_stacks+0x175/0x1c2 [ 324.418822] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 324.423828] check_cpu_stall.isra.61.cold.80+0x36c/0x59a [ 324.429280] ? print_other_cpu_stall+0x4a0/0x4a0 [ 324.434041] ? debug_check_no_locks_freed+0x310/0x310 [ 324.439231] ? find_held_lock+0x36/0x1c0 [ 324.443280] ? lock_downgrade+0x8e0/0x8e0 [ 324.447421] ? debug_check_no_locks_freed+0x310/0x310 [ 324.452592] ? lock_release+0xa10/0xa10 [ 324.456550] ? graph_lock+0x170/0x170 [ 324.460335] ? graph_lock+0x170/0x170 [ 324.464117] ? graph_lock+0x170/0x170 [ 324.467904] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 324.473521] ? graph_lock+0x170/0x170 [ 324.477306] ? graph_lock+0x170/0x170 [ 324.481095] ? __lock_is_held+0xb5/0x140 [ 324.485147] rcu_check_callbacks+0x21b/0xad0 [ 324.489543] ? rcu_cpu_stall_reset+0x210/0x210 [ 324.494109] ? trace_hardirqs_off+0xd/0x10 [ 324.498328] ? raise_softirq+0x1b2/0x450 [ 324.502373] ? raise_softirq_irqoff+0x310/0x310 [ 324.507039] ? read_boot_clock64+0x70/0x70 [ 324.511261] ? account_guest_time+0x3d0/0x3d0 [ 324.515741] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 324.521260] ? hrtimer_run_queues+0x70/0x300 [ 324.525653] ? run_local_timers+0x168/0x1d0 [ 324.529955] ? timer_clear_idle+0x50/0x50 [ 324.534090] ? account_system_time+0x7f/0xb0 [ 324.538481] ? account_process_tick+0x76/0x240 [ 324.543053] update_process_times+0x2d/0x70 [ 324.547357] tick_sched_handle+0xa0/0x180 [ 324.551491] tick_sched_timer+0x42/0x130 [ 324.555535] __hrtimer_run_queues+0x3e3/0x10a0 [ 324.560101] ? tick_sched_do_timer+0x100/0x100 [ 324.564666] ? hrtimer_start_range_ns+0xd10/0xd10 [ 324.569495] ? pvclock_read_flags+0x160/0x160 [ 324.573974] ? kvm_clock_read+0x25/0x30 [ 324.578027] ? kvm_clock_read+0x25/0x30 [ 324.581989] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 324.586993] ? ktime_get_update_offsets_now+0x3a6/0x570 [ 324.592346] ? do_timer+0x50/0x50 [ 324.595779] ? rcu_nmi_exit+0xd7/0x2b0 [ 324.599671] ? do_raw_spin_lock+0xc1/0x200 [ 324.603893] hrtimer_interrupt+0x286/0x650 [ 324.608125] smp_apic_timer_interrupt+0x15d/0x710 [ 324.612951] ? smp_call_function_single_interrupt+0x650/0x650 [ 324.618816] ? _raw_spin_lock+0x32/0x40 [ 324.622776] ? _raw_spin_unlock+0x22/0x30 [ 324.626910] ? handle_edge_irq+0x330/0x870 [ 324.631129] ? task_prio+0x50/0x50 [ 324.634656] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 324.639484] apic_timer_interrupt+0xf/0x20 [ 324.643695] [ 324.645922] RIP: 0010:__snd_pcm_lib_xfer+0x774/0x1d10 [ 324.651088] RSP: 0018:ffff88018cb56b78 EFLAGS: 00000207 ORIG_RAX: ffffffffffffff13 [ 324.658779] RAX: 0000000000000000 RBX: ffffffffffffffe0 RCX: 0000000000000000 [ 324.666039] RDX: 0000000000000000 RSI: ffffffff85a3fc9e RDI: ffffed003196adb8 [ 324.673295] RBP: ffff88018cb56e18 R08: ffff8801b0960db8 R09: 0000000000000006 [ 324.680636] R10: ffff8801b0960540 R11: 0000000000000000 R12: 0000000000000004 [ 324.687886] R13: 00000000ffffffe0 R14: ffff8801b14d91c0 R15: ffff8801ce88c4c0 [ 324.695152] ? __snd_pcm_lib_xfer+0x73e/0x1d10 [ 324.699717] ? __snd_pcm_lib_xfer+0x73e/0x1d10 [ 324.704282] ? print_usage_bug+0xc0/0xc0 [ 324.708362] ? print_usage_bug+0xc0/0xc0 [ 324.712405] ? lock_release+0xa10/0xa10 [ 324.716361] ? snd_pcm_hw_rule_noresample_func+0x110/0x110 [ 324.721972] ? dummy_proc_read+0x6e0/0x6e0 [ 324.726189] ? pcm_lib_apply_appl_ptr+0x5a0/0x5a0 [ 324.731023] ? mark_held_locks+0xc9/0x160 [ 324.735161] ? retint_kernel+0x10/0x10 [ 324.739047] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 324.744138] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 324.748879] ? retint_kernel+0x10/0x10 [ 324.752763] ? __snd_pcm_lib_xfer+0x1e/0x1d10 [ 324.757244] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 324.762764] ? snd_pcm_oss_prepare+0x87/0x1b0 [ 324.767245] snd_pcm_oss_write3+0xe9/0x220 [ 324.771467] snd_pcm_oss_write2+0x34c/0x460 [ 324.775772] ? snd_pcm_oss_write3+0x220/0x220 [ 324.780250] ? find_held_lock+0x36/0x1c0 [ 324.784302] snd_pcm_oss_sync1+0x332/0x5a0 [ 324.788534] ? snd_pcm_oss_write2+0x460/0x460 [ 324.793018] ? kasan_check_read+0x11/0x20 [ 324.797156] ? rcu_is_watching+0x85/0x140 [ 324.801304] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 324.806488] ? wake_up_q+0x100/0x100 [ 324.810196] ? snd_pcm_format_set_silence+0x203/0x540 [ 324.815383] snd_pcm_oss_sync.isra.29+0x790/0x980 [ 324.820224] ? snd_pcm_oss_sync1+0x5a0/0x5a0 [ 324.824625] ? fsnotify_first_mark+0x330/0x330 [ 324.829215] ? kobject_put+0x8e/0x280 [ 324.833010] snd_pcm_oss_release+0x214/0x290 [ 324.837420] ? snd_pcm_oss_sync.isra.29+0x980/0x980 [ 324.842433] __fput+0x34d/0x890 [ 324.845720] ? fput+0x1a0/0x1a0 [ 324.849009] ? check_same_owner+0x320/0x320 [ 324.853420] ? _raw_spin_unlock_irq+0x27/0x70 [ 324.857927] ____fput+0x15/0x20 [ 324.861206] task_work_run+0x1e4/0x290 [ 324.865095] ? task_work_cancel+0x240/0x240 [ 324.869413] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 324.874940] ? switch_task_namespaces+0xa2/0xd0 [ 324.879599] do_exit+0x1aee/0x2730 [ 324.883126] ? mm_update_next_owner+0x980/0x980 [ 324.887777] ? print_usage_bug+0xc0/0xc0 [ 324.891818] ? graph_lock+0x170/0x170 [ 324.895599] ? do_raw_spin_unlock+0x9e/0x2e0 [ 324.899989] ? rcu_note_context_switch+0x710/0x710 [ 324.904906] ? lock_acquire+0x1dc/0x520 [ 324.908891] ? __might_sleep+0x95/0x190 [ 324.912848] ? __lock_acquire+0x7f5/0x5130 [ 324.917078] ? debug_check_no_locks_freed+0x310/0x310 [ 324.922335] ? do_raw_spin_unlock+0x9e/0x2e0 [ 324.926728] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 324.931293] ? kasan_check_write+0x14/0x20 [ 324.935510] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 324.940684] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 324.946202] ? drop_futex_key_refs.isra.13+0x6d/0xe0 [ 324.951288] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 324.956803] ? futex_wait+0x5c1/0x9f0 [ 324.960597] ? perf_trace_lock+0xd6/0x900 [ 324.964731] ? zap_class+0x720/0x720 [ 324.968427] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 324.973601] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 324.979133] ? drop_futex_key_refs.isra.13+0x6d/0xe0 [ 324.984222] ? futex_wake+0x2f6/0x750 [ 324.988009] ? graph_lock+0x170/0x170 [ 324.991806] ? memset+0x31/0x40 [ 324.995070] ? find_held_lock+0x36/0x1c0 [ 324.999117] ? lock_downgrade+0x8e0/0x8e0 [ 325.003253] do_group_exit+0x16f/0x430 [ 325.007140] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 325.011707] ? SyS_exit+0x30/0x30 [ 325.015146] ? _raw_spin_unlock_irq+0x27/0x70 [ 325.019627] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 325.024628] get_signal+0x886/0x1960 [ 325.028337] ? ptrace_notify+0x130/0x130 [ 325.032381] ? zap_class+0x720/0x720 [ 325.036082] ? vm_insert_mixed_mkwrite+0x40/0x40 [ 325.040819] ? graph_lock+0x170/0x170 [ 325.044603] ? vm_mmap_pgoff+0x1a1/0x2a0 [ 325.048648] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 325.053646] ? graph_lock+0x170/0x170 [ 325.057428] ? find_held_lock+0x36/0x1c0 [ 325.061492] do_signal+0x98/0x2040 [ 325.065029] ? find_held_lock+0x36/0x1c0 [ 325.069079] ? setup_sigcontext+0x7d0/0x7d0 [ 325.073382] ? lock_downgrade+0x8e0/0x8e0 [ 325.077511] ? handle_mm_fault+0x8c0/0xc70 [ 325.081733] ? handle_mm_fault+0x55a/0xc70 [ 325.085960] ? exit_to_usermode_loop+0x87/0x310 [ 325.090615] exit_to_usermode_loop+0x28a/0x310 [ 325.095184] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 325.100011] ? ksys_ioctl+0x81/0xd0 [ 325.103629] ? do_syscall_64+0xb7/0x9d0 [ 325.107587] do_syscall_64+0x792/0x9d0 [ 325.111456] ? vmalloc_sync_all+0x30/0x30 [ 325.115587] ? kasan_check_write+0x14/0x20 [ 325.119806] ? syscall_return_slowpath+0x5c0/0x5c0 [ 325.124717] ? syscall_return_slowpath+0x30f/0x5c0 [ 325.129633] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 325.134983] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 325.139817] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 325.144989] RIP: 0033:0x455259 [ 325.148166] RSP: 002b:00007f26a3e16ce8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 325.155872] RAX: fffffffffffffe00 RBX: 000000000072bf80 RCX: 0000000000455259 [ 325.163125] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000072bf80 [ 325.170377] RBP: 000000000072bf80 R08: 0000000000000000 R09: 000000000072bf58 [ 325.177632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 325.184891] R13: 00007ffd0383ed4f R14: 00007f26a3e179c0 R15: 0000000000000001