Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 16.540317] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 21.524941] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available) [ 21.833782] random: sshd: uninitialized urandom read (32 bytes read, 41 bits of entropy available) [ 22.971539] random: sshd: uninitialized urandom read (32 bytes read, 120 bits of entropy available) Warning: Permanently added '10.128.15.209' (ECDSA) to the list of known hosts. [ 28.515450] random: nonblocking pool is initialized 2018/01/16 21:54:01 fuzzer started 2018/01/16 21:54:01 dialing manager at 10.128.0.26:41189 2018/01/16 21:54:05 kcov=true, comps=false 2018/01/16 21:54:05 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f00006bf000)='/dev/sg#\x00', 0x0, 0x82) writev(r0, &(0x7f00007c0000-0x10)=[{&(0x7f00003ba000-0x2a)="e59bc053dce4000000051f597ea6feb27c6371100ca6f5c53ded1c2f0fd1c92c1f8082c212f70080b3af", 0x2a}], 0x1) mmap(&(0x7f0000000000/0xfb2000)=nil, 0xfb2000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x227c, &(0x7f000035c000-0x44)={{0x2, 0xffffffffffffffff, @rand_addr=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, {0x0, @empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0, {0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @generic="980edbe34139704e389db349f728ad25"}) 2018/01/16 21:54:05 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f000022b000-0x8)='keyring\x00', &(0x7f0000027000)={0x73, 0x79, 0x7a, 0xffffffffffffffff, 0x0}, 0x0, 0x0, 0xfffffffffffffffe) add_key(&(0x7f0000729000-0xb)='asymmetric\x00', &(0x7f0000e6e000+0xe65)={0x73, 0x79, 0x7a, 0xffffffffffffffff, 0x0}, &(0x7f0000f50000-0xe5)="", 0x1009c, r0) 2018/01/16 21:54:06 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00008ad000)='mounts\x00') mkdir(&(0x7f0000978000)='./file0\x00', 0x0) mount(&(0x7f0000588000)='./file0\x00', &(0x7f0000027000)='./file0\x00', &(0x7f0000019000-0x6)='ramfs\x00', 0x10, &(0x7f0000154000-0xdf)="") readv(r0, &(0x7f0000dd2000)=[{&(0x7f0000512000)=""/238, 0xee}], 0x1) 2018/01/16 21:54:06 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000fb7000)='./file0\x00', 0x141046, 0x0) mount(&(0x7f0000374000)='./file0\x00', &(0x7f00000e0000)='./file0\x00', &(0x7f0000c56000)="72616d6673004f24ae0dc68ed445045528e1c5d69e0a2ab581317b76", 0x1000, &(0x7f00002af000-0x2)="") write$evdev(r0, &(0x7f0000053000-0x18)=[{{0x0, 0x0}, 0x0, 0x0, 0x0}], 0x18) sendfile(r0, r0, 0x0, 0x72419a71) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x0, 0xffffffffffffffff, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000b69000-0x10)=@syzn={0x73, 0x79, 0x7a, 0x0, 0x0}, 0x10) syz_emit_ethernet(0x36, &(0x7f0000adf000)={@local={[0xaa, 0xaa, 0xaa, 0xaa], 0xffffffffffffffff, 0xaa}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x0}, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0xffffffffffffffff, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x0, @multicast1=0xe0000001, {[]}}, @tcp={{0xffffffffffffffff, 0xffffffffffffffff, 0x42424242, 0x42424242, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, {[]}}, {""}}}}}}, &(0x7f00003b5000)={0x0, 0x1, [0x0]}) unlink(&(0x7f0000d3c000-0x8)='./file0\x00') 2018/01/16 21:54:06 executing program 4: mmap(&(0x7f0000000000/0xdf9000)=nil, 0xdf9000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000df6000)={0x2, 0x0, @rand_addr=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x200000000000a, &(0x7f0000dee000-0x4)=0x2, 0x4) sendto$inet(r0, &(0x7f0000df8000-0x1)='U', 0x1, 0x20008004, &(0x7f0000db5000-0x10)={0x2, 0x0, @loopback=0x7f000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) sendto$inet(r0, &(0x7f0000b0c000)="11a58fde7649496403db92ed306004b3d3cbfc195485c3b895d864ab91a3aebde4f70a917a91ec9612d004000a7b43a35bb73249ede41bf5c05ab608fb7b74ffd57f6e8e43cf9cb723fc0d8d8cabbbbae3a5fde8ad6f52d667c512596f50b9962aa2193688d872a7eeca57801742d74d39c4b003a5e292e077ed102e7999329aab95a3d96363505f76c86a6d2352dd8025207ae531701f1ce353d6b017eb64000000bc2e9f8b66fe4a8e64f0fc7a0aa55d4103e1d7d5b0dd5750071e9b3a786021678a86fcbb0b9f9364ec0f0310306fef9c21b3b20d8b44423b495299cea2c6f40c377a72534453ad7f5af27b1efb2514ace1f9a68cf205a9ddb8fd954e34bde3612e6e05686cf3b968a14bd3a356f7b8d20214c0f7a388ef5ea8d063c65f2aabff685e69f86b4a0b3697f8bfbfe66796f0489ad2e49bdbc1742941c28c88cb93e1f8ccc3db4782cdf9cbd797ddc8d7b1364da50ad48e081a38622280169eba5c6a3bf9b5f15bdf8a8b6483340a3297c31154905db209195c28f15d10153204fbe0586516c714ddc939e0eb68c73969e81fc6f215b476ddf3fcf1a604603360089dadba2779cfed9027ac163067fc0d7592ac8a013b907372a42b242405241ac1f63f85a52fff2d78b30e87a156b5cfa133dabc259bb027bec5eb8c8eb623e9776a13d3ce972a6769de8a78153f498084a244b0146b77be3d1cba7b02fe8906ed8a88f105c763d1772825b986d52823bf38b6f95eca494fd9c64497874b9f450bec65311493cc108b27611eaa6819305a3730d29368f25f7e816d60884a1e0271c3c786ad36391366ac3b65f04c148974f6973005c5ff73d6f0b3f7e44c65da7c4115c4ee543991e4ad26938384cafffffffc8f7e79aaf1b8ef37f627e3c7168ecda2cf224a491bea6129fcd954b88dbb2d29464931bcd5378041db67ddc70ee856ae09c1b26b9ada008a7d52bf1a160606865a29794f36b2a3811c66e9fe27af8fc8356374e37f3eca244367fb535dde71fae4683710761b89f18820d4f06065450c3d1f76fa26ef28320edf6c36480af14f4444edb40ebb3f8ea264486ec31c40c7f0007a69c24da10db6f60da3e648f16b5fc6b5a5c6217e46c1f3ff354a8b49beb3b46a69dcb4c5d547a7b7ba8fe22da0173f9fe80f4bd47afbec4d2e0d3c91b1a326d8bb9fded873e87f847032af52bd6d129f3ce3f11ea9d0b4250af7eaa2649d9972b9b8dc773c869b3a431eac7f55d6bb92dc29f08d7d8959e2af7571efb7ec88eac4b62850e8f6b60d4a5d06d66875b4bd260a9014a2eb88621f4c6eb3f9ed2190b48acf0358d8b82fb4794535fcb8dd50ba86d23d230a94f07a768142ff3b4c8558dac21726b6279980c238041f26e86c8e3fa83028345999464e3e37d610ab7c15daaffb744a505a3dd9802b3721f29553ee23e1cf376f12cc3fe6b7ac76bd13da44356855be096155e355c9cad31fcdeedc6679c531bc1a2765dc8777108ec5e31d793005e718a9ced77d6505e44f649128a29f5264fecba132f9f5016eaf690751edd64d903b36ceb2b08042c60e9e97f8bc985476e6088a5ebd3743c2358171b30b16d730a5dd49c92fa19cc267e2c1927f200fc3d23a80", 0x47f, 0x0, 0x0, 0x0) 2018/01/16 21:54:06 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000ed4000)=0x7b, 0x4) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x3, @broadcast=0xffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000d26000)={0x1, &(0x7f0000818000)=[{0x6, 0x0, 0x0, 0x100}]}, 0x10) sendto$inet(r0, &(0x7f0000fd0000)="", 0x0, 0x200007ff, &(0x7f0000deb000-0x10)={0x2, 0x3, @loopback=0x7f000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) sendto$inet(r0, &(0x7f0000d7d000-0x35)="a2", 0x1, 0x0, &(0x7f000057b000-0x10)={0x2, 0xffffffffffffffff, @empty=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) r1 = syz_open_procfs(0x0, &(0x7f00005f3000)='net/ip_tables_targets\x00') sendfile(r0, r1, 0x0, 0x2fc) sendmsg(r0, &(0x7f0000531000-0x38)={&(0x7f0000bed000-0xe)=@l2={0x1f, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0}, 0xe, &(0x7f00002e3000)=[{&(0x7f0000013000-0x1000)="8063bd765382efe814f0b81a685f0c879ffe79eb63a7f33856f7f830588bdf0b5da10cc277b3cf43c889e7d400b5436b708080081810b2d70ab3a4baf0f76dec17fd63041cf95559fa7a977f0686f3f3a7dce7f428382ffdd5cae31da03bc8759d6cbb7efb54fea725947a54410112492d08d1961fa302272e8661ee5a92340359", 0x81}], 0x1, &(0x7f00003ab000-0x260)=[], 0x0, 0x0}, 0x0) 2018/01/16 21:54:06 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x14, &(0x7f0000d0a000-0x80)="ff55d36cffba04365d0000000000000101000000", 0x14) 2018/01/16 21:54:06 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000f43000)='/dev/rfkill\x00', 0x0, 0x0) madvise(&(0x7f0000e0f000/0x1000)=nil, 0x1000, 0x10200000008) [ 33.507814] IPVS: Creating netns size=2552 id=1 [ 33.601620] IPVS: Creating netns size=2552 id=2 [ 33.655515] IPVS: Creating netns size=2552 id=3 [ 33.712524] IPVS: Creating netns size=2552 id=4 [ 33.818233] IPVS: Creating netns size=2552 id=5 [ 33.946294] IPVS: Creating netns size=2552 id=6 [ 34.050415] IPVS: Creating netns size=2552 id=7 [ 34.183599] IPVS: Creating netns size=2552 id=8 2018/01/16 21:54:11 executing program 1: 2018/01/16 21:54:11 executing program 1: 2018/01/16 21:54:12 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x1, 0x0) r1 = dup(r0) setsockopt$inet_tcp_int(r1, 0x6, 0x2, &(0x7f00000e5000)=0x80, 0x4) bind$inet(r0, &(0x7f0000105000-0x10)={0x2, 0x3, @broadcast=0xffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000479000)=0x8, 0x6d3) connect$inet(r0, &(0x7f0000987000)={0x2, 0x3, @empty=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) sendto$inet(r0, &(0x7f00008ea000)="0ddbdb16b7b2300daaec80b60b36dcf93ae7dfe6e96f4f0ec596db14294ac95946b765461942a1429ef1f3430b6543e1a7eedd68a06e5ba3116d934f0fcc52e333691df3cf821c3112ea8ab71b61f1dbb921beae58972e56ff08332d0fa82f4c9f86418f53a5d7943c8a4a69e321da60133a12749bc552acb0bd57ba925291b6e8f15e544fc14e364cb359baf94da683be8593d031c2fac43c9269958f047b4951d4da79d2a78238fc45f4f21eb145abd73c8d2779c650ad5cb95abc5cf96d0fa03ac72a910aa45903ec7688b92e01c7eeaae04e06d6d6a8bf95844d3781a8eca238de8f5bcd4783cb6e8e437b17286e5e079e75f8fea668051ed223aa826c8fc7ec8a22592cc9203bde086a2ce8ef0151fd895149a966db1f544642efe55d74f1bc0e40288c6cd8acdcf96ad5db33fee085c034b0ef3ce6fe4d08d4523776c441eb1183bc6104458d9f632a2dfe34e065d34ca3a01adc63ff26bb5c1a987f9d752c5176403f3ce0acce5771491a5c3e32e64fffcd2811d624f595cd45ab04104f9cdcb09c1b22c03ac9eaa530c8aa2ca5a6ca12517880bb6fa0308565e16e0b7deb8890efebd1189008acb7c08fa8934e18e244863d808d01b57dba0a2bf37c1859b206a0f42199ff6fad800fe17809f463691b7394db9ca59422cbc421dcb32fbac9c4e025d11be521cd789026e06ab8611a3b184488e1145af9f455230fd797d9fbb2e523a881c7af034e2f39682087fc47d9a31c158f5e27a1266bd04bf7cfcba2d9ff1259ff6767a56bfd2aa63b290064c0c943a2be681c0dd66612a5ff5859eae53e568ce6c739dfcbdb7dac8eaf8fe9238dfa02bc5e3b149a1284a541bc41ea0355d127864f80ddc692f792ba8555123be5904e027787e280bb1273a2f5972c69426f6bafc81838a132898dacff2d057d1ef7bf342ecd18f97182abdd95c39a9a956daa93a5f9574be656bc272d3b99e1281d42d020c436bc60f0dc481a8fa835ea5dd1bc174b1e60dbe58c06b62bcd4dcbf3a1d157572a40d2a19760fa52b7b9ddc1cb284ffe4e1b196ba59a39c38afb86dae90dad4eb75c7c0c70323f92daede29b7c8527084c18a69acee7142500747835d1053b216b5f479d48085a4f27d8e34776197bd4af5a556d9739a1b01aa9afd6ba1995ecb5dceda6174974088fbf8d10c76d2df75f88ee8f800407f6cfe3e4e4bf9105995d894e480c737a3ab14350561a3e9b66a541820186f63f459233adbbad47db96c2ccabf06c837794963bc75268fade70f2b85bef105427b5ccdd597f5569fcd0ec8ad9a94dce9710b0c1df233d4cd491f846f8a66310b1e1673bb472d1aaba605672e366f432547eb2da2165feee9e77357fd6bc2e0e2e6a8f765efc34f6b1ad19640ce0f5dba393dc6968eeb3dc9a41fc5a087ccd3d07c46408315d7d3ac97f83b3fc87772285c2547ae758f37a165a0678ec259fbe4b22d7602a", 0x415, 0x0, &(0x7f0000ee9000-0x10)={0x2, 0xffffffffffffffff, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) read(r0, &(0x7f0000b4d000)=""/4096, 0x101d) 2018/01/16 21:54:12 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x7e, &(0x7f0000d80000-0xc6)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x0}, @local={[0xaa, 0xaa, 0xaa, 0xaa], 0xffffffffffffffff, 0xaa}, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x70, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, @rand_addr=0xfffffffffffffe01, @dev={0xac, 0x14, 0xffffffffffffffff, 0x200000000000a}, {[]}}, @icmp=@parameter_prob={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2f, 0x0, @empty=0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}, {[@timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [{[], 0x0}, {[@loopback=0x7f000001], 0x0}, {[], 0x0}, {[@empty=0x0], 0x0}]}, @cipso={0x86, 0x22, 0x0, [{0x0, 0xe, "e11b1f7672c665d29ff4a1b5"}, {0x0, 0x4, "b501"}, {0x0, 0x2, ""}, {0x0, 0x8, "f1344d43ac61"}]}, @end={0x0}]}}, ""}}}}}, &(0x7f0000ea3000)={0x0, 0x0, []}) 2018/01/16 21:54:12 executing program 1: 2018/01/16 21:54:12 executing program 4: 2018/01/16 21:54:12 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x14, &(0x7f0000d0a000-0x80)="ff55d36cffba04365d0000000000000101000000", 0x14) 2018/01/16 21:54:12 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000ed4000)=0x7b, 0x4) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x3, @broadcast=0xffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000d26000)={0x1, &(0x7f0000818000)=[{0x6, 0x0, 0x0, 0x100}]}, 0x10) sendto$inet(r0, &(0x7f0000fd0000)="", 0x0, 0x200007ff, &(0x7f0000deb000-0x10)={0x2, 0x3, @loopback=0x7f000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) sendto$inet(r0, &(0x7f0000d7d000-0x35)="a2", 0x1, 0x0, &(0x7f000057b000-0x10)={0x2, 0xffffffffffffffff, @empty=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) r1 = syz_open_procfs(0x0, &(0x7f00005f3000)='net/ip_tables_targets\x00') sendfile(r0, r1, 0x0, 0x2fc) sendmsg(r0, &(0x7f0000531000-0x38)={&(0x7f0000bed000-0xe)=@l2={0x1f, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0}, 0xe, &(0x7f00002e3000)=[{&(0x7f0000013000-0x1000)="8063bd765382efe814f0b81a685f0c879ffe79eb63a7f33856f7f830588bdf0b5da10cc277b3cf43c889e7d400b5436b708080081810b2d70ab3a4baf0f76dec17fd63041cf95559fa7a977f0686f3f3a7dce7f428382ffdd5cae31da03bc8759d6cbb7efb54fea725947a54410112492d08d1961fa302272e8661ee5a92340359", 0x81}], 0x1, &(0x7f00003ab000-0x260)=[], 0x0, 0x0}, 0x0) 2018/01/16 21:54:12 executing program 3: 2018/01/16 21:54:12 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000ed4000)=0x7b, 0x4) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x3, @broadcast=0xffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000d26000)={0x1, &(0x7f0000818000)=[{0x6, 0x0, 0x0, 0x100}]}, 0x10) sendto$inet(r0, &(0x7f0000fd0000)="", 0x0, 0x200007ff, &(0x7f0000deb000-0x10)={0x2, 0x3, @loopback=0x7f000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) sendto$inet(r0, &(0x7f0000d7d000-0x35)="a2", 0x1, 0x0, &(0x7f000057b000-0x10)={0x2, 0xffffffffffffffff, @empty=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) r1 = syz_open_procfs(0x0, &(0x7f00005f3000)='net/ip_tables_targets\x00') sendfile(r0, r1, 0x0, 0x2fc) sendmsg(r0, &(0x7f0000531000-0x38)={&(0x7f0000bed000-0xe)=@l2={0x1f, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0}, 0xe, &(0x7f00002e3000)=[{&(0x7f0000013000-0x1000)="8063bd765382efe814f0b81a685f0c879ffe79eb63a7f33856f7f830588bdf0b5da10cc277b3cf43c889e7d400b5436b708080081810b2d70ab3a4baf0f76dec17fd63041cf95559fa7a977f0686f3f3a7dce7f428382ffdd5cae31da03bc8759d6cbb7efb54fea725947a54410112492d08d1961fa302272e8661ee5a92340359", 0x81}], 0x1, &(0x7f00003ab000-0x260)=[], 0x0, 0x0}, 0x0) 2018/01/16 21:54:12 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndseq(&(0x7f00005b3000)='/dev/snd/seq\x00', 0x0, 0x1) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0x40a85323, &(0x7f000005c000)={{0x0, 0x0}, "55754b1d8d5053f16af6ea3fc35236f55cf1b51d515bf6f2beddb0658891107582435f79c807b4a55dd620119fa6888159c8c15446978f1696e8a41af565265c", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 2018/01/16 21:54:12 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x236, &(0x7f000099f000-0x276)={@local={[0xaa, 0xaa, 0xaa, 0xaa], 0x0, 0xaa}, @empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [], {@ipv6={0x86dd, {0x0, 0x6, '\x00\b\a', 0x200, 0x2c, 0x0, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1}, {[@hopopts={0x11, 0x2e, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [@generic={0x2, 0x81, "7c0a9d7028961d89139ed191b1b10a4e650277c228e77a34f7338284626243c6e6ca139e99f3d7d8a87e3256e56f1d33ab44f92aad87544a697416160d2dc76c6919cc8f448af683b1c4e76b6c07f9f69501f4b65c80ce74015c46d6350c76c71e3432a09df29d3024b723ddcc5bd2af7cface7d14aaadd911e99cb86d78daea55"}, @hao={0xc9, 0x10, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1}}, @generic={0x3ff, 0xd5, "63b8ce46c7a4d1ae2048fe2858ab76d9b684a4b527069858ed9bf708e7a70730efc1e2827d900b9e0858ebb5c44155f502d761b2d8b1de8e7335a1b30172bd754a05787d26c75e215bcf7102431c80efbe5d23c794c8459d39e25564dfbe66f8970c14144e281c502d14987a721c9fd55b652de114621deeacff5856aaa6fcb6f10d28c7edd5829d712df72c6a447acd9fd5068e6be91d79880dbf5e1e907c69b5e47dd85df5d4fbff5a8a8c5e4eaf8c62eb78097e0e0cbd090ab87cd6086e69a67fcfbab7245a4dbdd1922cf5125edd424827111c"}, @jumbo={0xc2, 0x4, 0x7}, @enc_lim={0x4, 0x1, 0x9}]}, @hopopts={0x2f, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [@padn={0x1, 0x1, [0x0]}, @enc_lim={0x4, 0x1, 0x4}]}, @hopopts={0x3a, 0x9, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [@hao={0xc9, 0x10, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1}}, @padn={0x1, 0x2, [0x0, 0x0]}, @pad1={0x0, 0x1, 0x0}, @jumbo={0xc2, 0x4, 0x10000}, @hao={0xc9, 0x10, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [0xff, 0xff], @rand_addr=0x6}}, @ra={0x5, 0x2, 0x9}, @hao={0xc9, 0x10, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x13}}, @pad1={0x0, 0x1, 0x0}]}, @fragment={0x3b, 0x0, 0x1ff, 0x5, 0x0, 0x6, 0x2}], @dccp={{0xffffffffffffffff, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "c31cf5", 0x0, "52a057"}, ""}}}}}}, 0x0) 2018/01/16 21:54:12 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000649000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = epoll_create(0x4000000010011) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000337000-0xc)={0x0, 0x0}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/01/16 21:54:12 executing program 7: 2018/01/16 21:54:12 executing program 6: 2018/01/16 21:54:12 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x6e, &(0x7f00000f8000)={@random="cd390b081bf2", @local={[0xaa, 0xaa, 0xaa, 0xaa], 0xffffffffffffffff, 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "ffffe8", 0x38, 0x3a, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [0xff, 0xff], @multicast2=0xe0000002}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1}, {[], @icmpv6=@pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "c20ba1", 0x0, 0x3a, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1}, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0xbb}, [], "fca967e17f791010"}}}}}}}, 0x0) 2018/01/16 21:54:12 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000ed4000)=0x7b, 0x4) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x3, @broadcast=0xffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000d26000)={0x1, &(0x7f0000818000)=[{0x6, 0x0, 0x0, 0x100}]}, 0x10) sendto$inet(r0, &(0x7f0000fd0000)="", 0x0, 0x200007ff, &(0x7f0000deb000-0x10)={0x2, 0x3, @loopback=0x7f000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) sendto$inet(r0, &(0x7f0000d7d000-0x35)="a2", 0x1, 0x0, &(0x7f000057b000-0x10)={0x2, 0xffffffffffffffff, @empty=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) r1 = syz_open_procfs(0x0, &(0x7f00005f3000)='net/ip_tables_targets\x00') sendfile(r0, r1, 0x0, 0x2fc) sendmsg(r0, &(0x7f0000531000-0x38)={&(0x7f0000bed000-0xe)=@l2={0x1f, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0}, 0xe, &(0x7f00002e3000)=[{&(0x7f0000013000-0x1000)="8063bd765382efe814f0b81a685f0c879ffe79eb63a7f33856f7f830588bdf0b5da10cc277b3cf43c889e7d400b5436b708080081810b2d70ab3a4baf0f76dec17fd63041cf95559fa7a977f0686f3f3a7dce7f428382ffdd5cae31da03bc8759d6cbb7efb54fea725947a54410112492d08d1961fa302272e8661ee5a92340359", 0x81}], 0x1, &(0x7f00003ab000-0x260)=[], 0x0, 0x0}, 0x0) 2018/01/16 21:54:12 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000ed4000)=0x7b, 0x4) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x3, @broadcast=0xffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000d26000)={0x1, &(0x7f0000818000)=[{0x6, 0x0, 0x0, 0x100}]}, 0x10) sendto$inet(r0, &(0x7f0000fd0000)="", 0x0, 0x200007ff, &(0x7f0000deb000-0x10)={0x2, 0x3, @loopback=0x7f000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) sendto$inet(r0, &(0x7f0000d7d000-0x35)="a2", 0x1, 0x0, &(0x7f000057b000-0x10)={0x2, 0xffffffffffffffff, @empty=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) r1 = syz_open_procfs(0x0, &(0x7f00005f3000)='net/ip_tables_targets\x00') sendfile(r0, r1, 0x0, 0x2fc) sendmsg(r0, &(0x7f0000531000-0x38)={&(0x7f0000bed000-0xe)=@l2={0x1f, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0}, 0xe, &(0x7f00002e3000)=[{&(0x7f0000013000-0x1000)="8063bd765382efe814f0b81a685f0c879ffe79eb63a7f33856f7f830588bdf0b5da10cc277b3cf43c889e7d400b5436b708080081810b2d70ab3a4baf0f76dec17fd63041cf95559fa7a977f0686f3f3a7dce7f428382ffdd5cae31da03bc8759d6cbb7efb54fea725947a54410112492d08d1961fa302272e8661ee5a92340359", 0x81}], 0x1, &(0x7f00003ab000-0x260)=[], 0x0, 0x0}, 0x0) 2018/01/16 21:54:12 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet6_icmp(0xa, 0x2, 0x3a, &(0x7f00005e4000-0x8)={0x0, 0x0}) setsockopt$inet6_int(r0, 0x29, 0xc9, &(0x7f0000070000)=0x2, 0x4) open(&(0x7f00005a8000-0x2)='./file0\x00', 0x0, 0x45) perf_event_open(&(0x7f0000740000)={0x2, 0x78, 0x46, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f00000c9000-0x8)='./file0\x00', 0x0) mkdir(&(0x7f0000916000-0x8)='./file0\x00', 0x0) chroot(&(0x7f0000e73000)='./file0\x00') chdir(&(0x7f000073a000-0x2)='..') umount2(&(0x7f0000067000)='..', 0x0) 2018/01/16 21:54:12 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000f9b000-0x8)='./file0\x00', 0x8000000000141046, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000fb2000-0x12)='/dev/input/event#\x00', 0x2, 0x1000101002) write$evdev(0xffffffffffffffff, &(0x7f0000994000-0x60)=[{{0x0, 0x0}, 0x20000000001, 0x80, 0x2}], 0x18) ftruncate(r0, 0x10401) sendfile(r1, r0, 0x0, 0x72439a6b) 2018/01/16 21:54:12 executing program 6: 2018/01/16 21:54:12 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x1, 0x0) r1 = dup(r0) setsockopt$inet_tcp_int(r1, 0x6, 0x2, &(0x7f00000e5000)=0x80, 0x4) bind$inet(r0, &(0x7f0000105000-0x10)={0x2, 0x3, @broadcast=0xffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000e9c000-0x10)={0x0, &(0x7f0000f07000)=[]}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000479000)=0x8, 0x6d3) connect$inet(r0, &(0x7f0000987000)={0x2, 0x3, @empty=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) sendto$inet(r0, &(0x7f00008ea000)="0ddbdb16b7b2300daaec80b60b36dcf93ae7dfe6e96f4f0ec596db14294ac95946b765461942a1429ef1f3430b6543e1a7eedd68a06e5ba3116d934f0fcc52e333691df3cf821c3112ea8ab71b61f1dbb921beae58972e56ff08332d0fa82f4c9f86418f53a5d7943c8a4a69e321da60133a12749bc552acb0bd57ba925291b6e8f15e544fc14e364cb359baf94da683be8593d031c2fac43c9269958f047b4951d4da79d2a78238fc45f4f21eb145abd73c8d2779c650ad5cb95abc5cf96d0fa03ac72a910aa45903ec7688b92e01c7eeaae04e06d6d6a8bf95844d3781a8eca238de8f5bcd4783cb6e8e437b17286e5e079e75f8fea668051ed223aa826c8fc7ec8a22592cc9203bde086a2ce8ef0151fd895149a966db1f544642efe55d74f1bc0e40288c6cd8acdcf96ad5db33fee085c034b0ef3ce6fe4d08d4523776c441eb1183bc6104458d9f632a2dfe34e065d34ca3a01adc63ff26bb5c1a987f9d752c5176403f3ce0acce5771491a5c3e32e64fffcd2811d624f595cd45ab04104f9cdcb09c1b22c03ac9eaa530c8aa2ca5a6ca12517880bb6fa0308565e16e0b7deb8890efebd1189008acb7c08fa8934e18e244863d808d01b57dba0a2bf37c1859b206a0f42199ff6fad800fe17809f463691b7394db9ca59422cbc421dcb32fbac9c4e025d11be521cd789026e06ab8611a3b184488e1145af9f455230fd797d9fbb2e523a881c7af034e2f39682087fc47d9a31c158f5e27a1266bd04bf7cfcba2d9ff1259ff6767a56bfd2aa63b290064c0c943a2be681c0dd66612a5ff5859eae53e568ce6c739dfcbdb7dac8eaf8fe9238dfa02bc5e3b149a1284a541bc41ea0355d127864f80ddc692f792ba8555123be5904e027787e280bb1273a2f5972c69426f6bafc81838a132898dacff2d057d1ef7bf342ecd18f97182abdd95c39a9a956daa93a5f9574be656bc272d3b99e1281d42d020c436bc60f0dc481a8fa835ea5dd1bc174b1e60dbe58c06b62bcd4dcbf3a1d157572a40d2a19760fa52b7b9ddc1cb284ffe4e1b196ba59a39c38afb86dae90dad4eb75c7c0c70323f92daede29b7c8527084c18a69acee7142500747835d1053b216b5f479d48085a4f27d8e34776197bd4af5a556d9739a1b01aa9afd6ba1995ecb5dceda6174974088fbf8d10c76d2df75f88ee8f800407f6cfe3e4e4bf9105995d894e480c737a3ab14350561a3e9b66a541820186f63f459233adbbad47db96c2ccabf06c837794963bc75268fade70f2b85bef105427b5ccdd597f5569fcd0ec8ad9a94dce9710b0c1df233d4cd491f846f8a66310b1e1673bb472d1aaba605672e366f432547eb2da2165feee9e77357fd6bc2e0e2e6a8f765efc34f6b1ad19640ce0f5dba393dc6968eeb3dc9a41fc5a087ccd3d07c46408315d7d3ac97f83b3fc87772285c2547ae758f37a165a0678ec259fbe4b22d7602a63287e3aa4c356439917e740c62ba06999cfd174e8a27a40c0a63c6bc46a9a6dbfe31bad9d9f747b3120c7f36a74face81f1a03a62654603cd11d0aa8e43a80316f2dbc826ecb4acfe6718de02a9b4078d66864008e78cc2b7689370c113545f65e578653c8d1111cdf855c2e21f924606bb15af8002c0f7522c9584db54607e6910d117eb4759ca01ee69ae129b0a34e5651ca3dc9bc8088538fd5d80343dbbe2e09b87e92c0aca9de81f519be5bc0cdcf9212b9726e8697520798866ba986a6f67757680f8f1924a5f24a65bd3d2e5c9abfc0eea4e4bed9a8df509a811fa612823e2a9b33b6eddb35a6300a15ffa76dcf1223421cb6a0ab9afa45e1fa47c972928143e4c166768", 0x51d, 0x0, &(0x7f0000ee9000-0x10)={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) read(r0, &(0x7f0000b4d000)=""/4096, 0x101d) 2018/01/16 21:54:12 executing program 6: 2018/01/16 21:54:12 executing program 6: 2018/01/16 21:54:12 executing program 6: [ 39.846094] ================================================================== [ 39.853497] BUG: KASAN: use-after-free in __lock_acquire+0x387e/0x4b50 [ 39.860145] Read of size 8 at addr ffff8801d055bc38 by task syz-executor3/5164 [ 39.867476] [ 39.869075] CPU: 0 PID: 5164 Comm: syz-executor3 Not tainted 4.4.111-gc2f631b #27 [ 39.876831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.886153] 0000000000000000 4c128a1c0926c4eb ffff8801cee6f580 ffffffff81d0513d [ 39.894104] ffffea0007415680 ffff8801d055bc38 0000000000000000 ffff8801d055bc38 [ 39.902073] 0000000000000000 ffff8801cee6f5b8 ffffffff814fd433 ffff8801d055bc38 [ 39.910028] Call Trace: [ 39.912589] [] dump_stack+0xc1/0x124 [ 39.917928] [] print_address_description+0x73/0x260 [ 39.924562] [] kasan_report+0x285/0x370 [ 39.930154] [] ? __lock_acquire+0x387e/0x4b50 [ 39.936274] [] __asan_report_load8_noabort+0x14/0x20 [ 39.942994] [] __lock_acquire+0x387e/0x4b50 [ 39.948936] [] ? __lock_acquire+0xb5f/0x4b50 [ 39.954965] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 39.961946] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 39.968925] [] ? mark_held_locks+0xaf/0x100 [ 39.974872] [] lock_acquire+0x15e/0x460 [ 39.980476] [] ? remove_wait_queue+0x14/0x40 [ 39.986512] [] _raw_spin_lock_irqsave+0x4e/0x70 [ 39.992809] [] ? remove_wait_queue+0x14/0x40 [ 39.998840] [] remove_wait_queue+0x14/0x40 [ 40.004696] [] ep_unregister_pollwait.isra.6+0xa8/0x220 [ 40.011677] [] ? ep_unregister_pollwait.isra.6+0x114/0x220 [ 40.018922] [] ? ep_free+0x1c0/0x1c0 [ 40.024259] [] ep_free+0x93/0x1c0 [ 40.029326] [] ? ep_free+0x1c0/0x1c0 [ 40.034658] [] ep_eventpoll_release+0x44/0x60 [ 40.040768] [] __fput+0x233/0x6d0 [ 40.045844] [] ____fput+0x15/0x20 [ 40.050920] [] task_work_run+0x104/0x180 [ 40.056596] [] do_exit+0x871/0x2a20 [ 40.061846] [] ? release_task+0x1240/0x1240 [ 40.067786] [] ? recalc_sigpending+0x76/0xa0 [ 40.073825] [] do_group_exit+0x108/0x320 [ 40.079509] [] get_signal+0x565/0x1660 [ 40.085029] [] do_signal+0x8b/0x1d40 [ 40.090365] [] ? trace_hardirqs_on+0xd/0x10 [ 40.096319] [] ? setup_sigcontext+0x780/0x780 [ 40.102450] [] ? SyS_epoll_ctl+0x230/0x2050 [ 40.108392] [] ? SyS_futex+0x210/0x2c0 [ 40.113897] [] ? SyS_epoll_create+0x190/0x190 [ 40.120017] [] ? exit_to_usermode_loop+0xec/0x170 [ 40.126474] [] exit_to_usermode_loop+0x122/0x170 [ 40.132853] [] syscall_return_slowpath+0x1b5/0x1f0 [ 40.139406] [] int_ret_from_sys_call+0x25/0xa3 [ 40.145601] [ 40.147202] Allocated by task 5156: [ 40.150791] [] save_stack_trace+0x26/0x50 [ 40.156679] [] save_stack+0x43/0xd0 [ 40.162042] [] kasan_kmalloc+0xad/0xe0 [ 40.167667] [] kmem_cache_alloc_trace+0x100/0x2b0 [ 40.174241] [] binder_get_thread+0x181/0x7a0 [ 40.180387] [] binder_poll+0x4a/0x210 [ 40.185919] [] SyS_epoll_ctl+0x10b1/0x2050 [ 40.191884] [] entry_SYSCALL_64_fastpath+0x16/0x92 [ 40.198546] [ 40.200141] Freed by task 5156: [ 40.203386] [] save_stack_trace+0x26/0x50 [ 40.209270] [] save_stack+0x43/0xd0 [ 40.214645] [] kasan_slab_free+0x72/0xc0 [ 40.220437] [] kfree+0xfc/0x300 [ 40.225453] [] binder_thread_dec_tmpref+0x1c1/0x250 [ 40.232207] [] binder_thread_release+0x27d/0x540 [ 40.238698] [] binder_ioctl+0xb94/0x12e0 [ 40.244490] [] do_vfs_ioctl+0x7aa/0xee0 [ 40.250196] [] SyS_ioctl+0x8f/0xc0 [ 40.255469] [] entry_SYSCALL_64_fastpath+0x16/0x92 [ 40.262130] [ 40.263727] The buggy address belongs to the object at ffff8801d055bb80 [ 40.263727] which belongs to the cache kmalloc-512 of size 512 [ 40.276351] The buggy address is located 184 bytes inside of [ 40.276351] 512-byte region [ffff8801d055bb80, ffff8801d055bd80) [ 40.288203] The buggy address belongs to the page: [ 40.303163] kasan: CONFIG_KASAN_INLINE enabled [ 40.307594] kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN [ 40.320486] Dumping ftrace buffer: [ 40.324010] (ftrace buffer empty) [ 40.327708] Modules linked in: [ 40.331014] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.4.111-gc2f631b #27 [ 40.338015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.347367] task: ffff8801da3a97c0 task.stack: ffff8801da3b8000 [ 40.353426] RIP: 0010:[] [] debug_object_deactivate+0x1a6/0x3c0 [ 40.362856] RSP: 0018:ffff8801db307d10 EFLAGS: 00010003 [ 40.368312] RAX: 0000000000000096 RBX: 4f5f4755425f4d56 RCX: ffff8801da38fb30 [ 40.375585] RDX: 09ebe8eaa84be9ad RSI: ffffffff842c2560 RDI: 4f5f4755425f4d6e [ 40.382857] RBP: ffff8801db307dd8 R08: 1ffff10039c852a4 R09: ffffffff85108e30 [ 40.390131] R10: 0000000000000001 R11: 1ffff1003b660f68 R12: 1ffff1003b660fa6 [ 40.397399] R13: 0000000000000003 R14: dffffc0000000000 R15: ffffffff8585a808 [ 40.404666] FS: 0000000000000000(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 [ 40.412896] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.418770] CR2: 000000000041b580 CR3: 00000000b4d46000 CR4: 0000000000160670 [ 40.426106] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 40.433383] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 40.440654] Stack: [ 40.442800] 0000000000000000 ffffffff842c2560 ffff8801da38fb30 0000000000000096 [ 40.450848] 0000000041b58ab3 ffffffff83fcc981 ffffffff81d66f50 ffffffff812a1a72 [ 40.458888] ffff880100000000 ffff880100000000 0000000000000046 ffff8801da3a97c0 [ 40.466932] Call Trace: [ 40.469508] [ 40.471577] [] ? debug_object_activate+0x500/0x500 [ 40.478464] [] ? run_timer_softirq+0x102/0xbb0 [ 40.484711] [] ? init_timer_key+0x360/0x360 [ 40.490696] [] run_timer_softirq+0x336/0xbb0 [ 40.496767] [] ? clockevents_program_event+0x1a5/0x350 [ 40.503764] [] ? msleep+0xe0/0xe0 [ 40.508883] [] __do_softirq+0x24d/0xa59 [ 40.514521] [] irq_exit+0x119/0x140 [ 40.519809] [] smp_apic_timer_interrupt+0x7b/0xa0 [ 40.526311] [] apic_timer_interrupt+0xa0/0xb0 [ 40.532450] [ 40.534529] [] ? native_safe_halt+0x6/0x10 [ 40.540730] [] ? trace_hardirqs_on+0xd/0x10 [ 40.546718] [] default_idle+0x55/0x3c0 [ 40.552267] [] arch_cpu_idle+0xa/0x10 [ 40.557749] [] default_idle_call+0x48/0x70 [ 40.563652] [] cpu_startup_entry+0x605/0x820 [ 40.569726] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 40.576595] [] ? call_cpuidle+0xe0/0xe0 [ 40.582230] [] ? clockevents_register_device+0x122/0x230 [ 40.589351] [] start_secondary+0x304/0x3e0 [ 40.595249] [] ? set_cpu_sibling_map+0x1040/0x1040 [ 40.601823] Code: eb 1a 48 89 da 48 c1 ea 03 42 80 3c 32 00 0f 85 86 01 00 00 48 8b 1b 48 85 db 74 7a 48 8d 7b 18 41 83 c5 01 48 89 fa 48 c1 ea 03 <42> 80 3c 32 00 0f 85 3c 01 00 00 48 3b 4b 18 75 c6 48 8d 7b 10 [ 40.629151] RIP [] debug_object_deactivate+0x1a6/0x3c0 [ 40.636217] RSP [ 40.639850] ---[ end trace a2fd7433ca8b7880 ]--- [ 40.644602] Kernel panic - not syncing: Fatal exception in interrupt [ 41.769816] Shutting down cpus with NMI [ 41.774942] Dumping ftrace buffer: [ 41.778467] (ftrace buffer empty) [ 41.782142] Kernel Offset: disabled [ 41.785735] Rebooting in 86400 seconds..