[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 20.710809] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 24.801430] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available) [ 25.131360] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available) [ 26.049818] random: sshd: uninitialized urandom read (32 bytes read, 77 bits of entropy available) Warning: Permanently added '10.128.10.62' (ECDSA) to the list of known hosts. [ 31.698281] random: sshd: uninitialized urandom read (32 bytes read, 85 bits of entropy available) 2018/08/27 01:49:23 fuzzer started [ 32.908583] random: cc1: uninitialized urandom read (8 bytes read, 87 bits of entropy available) 2018/08/27 01:49:25 dialing manager at 10.128.0.26:33579 2018/08/27 01:49:27 syscalls: 1 2018/08/27 01:49:27 code coverage: enabled 2018/08/27 01:49:27 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/08/27 01:49:27 setuid sandbox: enabled 2018/08/27 01:49:27 namespace sandbox: enabled 2018/08/27 01:49:27 fault injection: CONFIG_FAULT_INJECTION is not enabled 2018/08/27 01:49:27 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/08/27 01:49:27 net packed injection: enabled 2018/08/27 01:49:27 net device setup: enabled [ 36.316306] random: nonblocking pool is initialized 01:49:59 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)="2f67726f75702e73746174003c23fb572a1f0294e6f378b41ad54b4d9d9a1f63f8785ad188a7e1c88875e05b18a4cb3a9cd12dcea440d899c22c652b3a471b4a7fa2f3fdf6e034d804e5f0df4b1dee483b157624c59c0100e89e6a357c000000b8d82526", 0x2761, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x100000008}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x26e1, 0x0) write$cgroup_int(r1, &(0x7f0000000080), 0x2001007f) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000200)='threaded\x00', 0x9) 01:49:59 executing program 1: mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0xffffffffffffffff) setxattr(&(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)=@known='trusted.syz\x00', &(0x7f0000000100)='/vmnet0\x00', 0x11f, 0x0) unlink(&(0x7f0000000200)='./file0\x00') 01:49:59 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000280)="636c6561725f7265667300b04978e60c4ba32fd7b949714bcbe80c57af59747c61a31619cbafea034f5b6bb15332860b9f14c654d1012484f5c9d8edcad2f073e0ca5078fc64d38d1e297b9d66a71452b92cae675696216e08f21e87b8b54da0d1b5f3b4d6f8caf34a15ed2b2c98fcbf581297b31beafaffb76778a196ad93aa3d2d7a06720827") write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000000)=ANY=[@ANYBLOB='1'], 0x1) 01:49:59 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) setsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f0000000080), 0x0) 01:49:59 executing program 7: getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000001c0)={@multicast1, @multicast2}, &(0x7f0000000200)=0xc) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000140)=@nat={'nat\x00', 0x19, 0x2, 0x248, [0x20000280, 0x0, 0x0, 0x200002b0, 0x200003f8], 0x0, &(0x7f0000000000), &(0x7f0000000280)=[{}, {0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x94ddfec1711dde3b, 0x2, 0x619, 'team_slave_0\x00', 'ip6_vti0\x00', 'bond0\x00', 'bond_slave_1\x00', @broadcast, [0x0, 0x0, 0xff, 0x0, 0xff, 0xff], @broadcast, [0xff, 0x0, 0x0, 0x0, 0xff], 0x70, 0xa8, 0xe0}, [@arpreply={'arpreply\x00', 0x10, {{@empty, 0xfffffffffffffffe}}}]}, @common=@dnat={'dnat\x00', 0x10, {{@dev={[], 0x1a}, 0xffffffffffffffff}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff, 0x1, [{{{0x5, 0x20, 0x8aff, 'tunl0\x00', 'bridge_slave_0\x00', 'teql0\x00', 'ifb0\x00', @random="5f1bf6929b8f", [0x0, 0xff, 0xff, 0xff], @random="e5148950952d", [0xff, 0xff, 0xff, 0x0, 0x0, 0xff], 0x70, 0x70, 0xa8}}, @snat={'snat\x00', 0x10, {{@dev={[], 0x17}, 0xffffffffffffffff}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x280) 01:49:59 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f000000b000)={&(0x7f0000000100)={0x10, 0x5}, 0xc, &(0x7f0000beeff0)={&(0x7f000063de2c)=@newsa={0x13c, 0x10, 0x713, 0x0, 0x0, {{@in6=@dev, @in=@rand_addr, 0x0, 0x0, 0x0, 0x0, 0x5}, {@in6=@mcast2, 0x0, 0x32}, @in6=@ipv4, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_aead={0x4c, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0x0, 0x60}}]}, 0x13c}}, 0x0) 01:49:59 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) socketpair$unix(0x1, 0x20000000000002, 0x0, &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000200)={@dev}, 0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@dev={0xfe, 0x80, [], 0xd}}, 0xf0) 01:49:59 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[]}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030009100000000000000000000000020013000200000000000000000000010c000600200000000a00000000000000000000e5000000000000000000000000000300000000001b020060ae0000000000000002000000a69f87c391250005000500000000000a00000000000000ff1700000200000000000000000000170000"], 0x80}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0) [ 67.901728] IPVS: Creating netns size=2552 id=1 [ 68.002922] IPVS: Creating netns size=2552 id=2 [ 68.076692] IPVS: Creating netns size=2552 id=3 [ 68.173723] IPVS: Creating netns size=2552 id=4 [ 68.303924] IPVS: Creating netns size=2552 id=5 [ 68.479461] IPVS: Creating netns size=2552 id=6 [ 68.694191] IPVS: Creating netns size=2552 id=7 [ 68.957187] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 69.030070] IPVS: Creating netns size=2552 id=8 [ 69.053606] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 69.132415] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 69.193865] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 69.508011] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 69.613435] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 69.711547] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 69.800129] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 69.810017] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 69.929966] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 70.000197] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 70.120491] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 70.130888] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 70.256475] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 70.301514] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 70.359334] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 70.370497] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 70.387766] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 70.411166] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 70.487355] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 70.533088] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 70.548846] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 70.557827] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 70.579656] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 70.629713] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 70.666366] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 70.716703] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 70.729004] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 70.894351] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 71.049144] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 71.064642] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 71.098474] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 71.191206] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 71.207902] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 71.294373] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 71.338733] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 71.347614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 71.428807] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 71.443003] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 71.461009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 71.544300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 71.565821] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 71.672263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 71.682737] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 71.698098] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 71.723266] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 71.780954] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 71.789060] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 71.866281] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 71.983942] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 71.991823] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 72.048544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 72.074512] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 72.150376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 72.205726] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 72.235114] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 72.294739] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 72.317265] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 72.396407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 72.496038] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 72.755217] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 72.857006] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 72.972054] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 73.039642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 75.743858] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 75.762926] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 76.027510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.069078] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.161448] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 76.365375] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 76.490990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.700700] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 76.737608] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.887655] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 77.016372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.192518] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.222512] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 77.604022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.622940] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 77.905398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 01:50:10 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) readv(r0, &(0x7f0000000140)=[{&(0x7f0000000400)=""/255, 0xff}], 0x1) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x400000, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x4c831, 0xffffffffffffffff, 0x0) add_key$keyring(&(0x7f0000000140)='keyring\x00', &(0x7f0000000180), 0x0, 0x0, 0xfffffffffffffff8) add_key(&(0x7f00000001c0)='syzkaller\x00', &(0x7f0000000200), &(0x7f0000000240), 0x0, 0xfffffffffffffff9) ioctl$IOC_PR_CLEAR(r1, 0x401070cd, &(0x7f0000000080)={0x2d}) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x0, 0x0) r2 = syz_open_pts(r0, 0x2) dup3(r2, r0, 0x0) ioctl$TCSETSW(r2, 0x5403, &(0x7f0000002000)={0x0, 0xcb95}) write(r0, &(0x7f0000000100)='\r', 0x1) 01:50:10 executing program 2: openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000400)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000300)='./file0\x00', 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x31, 0xffffffffffffffff, 0x0) ioctl$TUNATTACHFILTER(r0, 0x400854d5, &(0x7f0000000080)={0xa, &(0x7f0000000000)=[{0x4, 0x87, 0x1f, 0x3}, {0x9, 0x7, 0x1ff, 0x14}, {0x14000000, 0x80000001, 0x3, 0x5a}, {0x100000001, 0x8, 0x8, 0x6}, {0x41246d8a, 0x40, 0x800, 0x1}, {0x8, 0x0, 0x3f, 0x1}, {0x8, 0x7, 0xfffffffeffffffff, 0x3f}, {0x7, 0x100, 0x0, 0x2}, {0x4, 0xffff, 0x7, 0x6}, {0x2, 0x8001, 0x9}]}) ioctl$int_out(r0, 0x5460, &(0x7f0000000340)) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@remote, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in6}}, &(0x7f0000000200)=0xe8) fstat(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchownat(r0, &(0x7f00000000c0)='./file0\x00', r1, r2, 0xc00) 01:50:10 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000700)='./bus\x00', 0x0) truncate(&(0x7f00000002c0)='./bus\x00', 0xa00) ioctl$FS_IOC_RESVSP(r1, 0x402c5828, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x9}) ftruncate(r1, 0x39) lseek(r1, 0x0, 0x4) socket(0x1b, 0x6, 0x8000) 01:50:10 executing program 1: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x1, 0x0) write$sndseq(r0, &(0x7f0000000080)=[{0xfffffffffffffffd, 0x0, 0x0, 0x0, @time={0x77359400}, {}, {}, @quote={{}, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}}}], 0x30) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000200)={{{@in6, @in=@remote}}, {{@in6=@loopback}}}, &(0x7f00000001c0)=0xe8) getpeername$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}, &(0x7f0000000100)=0x1c) 01:50:10 executing program 1: prctl$intptr(0x1c, 0x64) setresuid(0x0, 0x0, 0x0) geteuid() 01:50:10 executing program 1: r0 = socket$inet(0x2, 0x3, 0x0) r1 = geteuid() fchown(r0, r1, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000400)) fchown(0xffffffffffffffff, 0x0, 0x0) r2 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r2, &(0x7f0000000740)=ANY=[@ANYBLOB="8cff7cf90a72d5765345204c695bba276bf97fcba84c8e903eaed2117e489154e741a355bdca5c613464602a9dc87b3945ce3255752a9784bd7a91c1388ee4c7b7c86a1025ce237ebe9f4dbfb1216a4d08bbba3672c670401cbe6fe044c7f289c5aef109afb46a76b4baad26d366efcfd33773a147476246a52f5f7389f77e9d598d113afc36634c706de9a6606e59060f52bc985d270dcbe7246be6aa76a3ee4e26c2974e31caf390818f5071f18cafd15094d614091fd3f7b06bfacab3c92069918f6223b428ef6b93a13c6f4a6b7cc7b54fc0019616167957ae18e635e2283ea2873b75dbb47e43b1babab6bbbe4d4bf9cce71d63ce9b17b1a747ce7e5d52e98911f1deb693cae71a77ca26eebb98294217210a1040916c7c954e8379651593e51e4f58bd6f366e7649a06c88d498f31b6dac38236454a0f06252ee459293a4b6e66f3d20f1b925bf48ac24519d"], 0xffffffffffffff3a) setsockopt$IP_VS_SO_SET_ZERO(0xffffffffffffffff, 0x0, 0x21, &(0x7f0000000040)={0x0, @empty, 0x0, 0x0, 'dh\x00'}, 0x2c) ioctl$sock_inet_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000540)={0xffff, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, {0x2, 0x4e23, @rand_addr=0x3}, {0x2, 0x0, @multicast2}, 0x100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)='ip6gretap0\x00', 0x0, 0x9, 0x5f9d19d0}) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x26, &(0x7f0000000080)={@local, @local, @rand_addr=0x3}, 0xc) socketpair(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) execveat(r4, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000240), &(0x7f0000000340)=[&(0x7f0000000280)='dh\x00', &(0x7f0000000300)='dh\x00'], 0x1100) write$P9_RREADLINK(r3, &(0x7f0000000440)={0x10, 0x17, 0x0, {0x7, './file0'}}, 0x10) ioctl$UI_SET_SNDBIT(r3, 0x4004556a, 0x0) 01:50:10 executing program 1: mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x5, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x800, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_SET_DEST(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x60, r1, 0x405, 0x70bd29, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x4c, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x10}}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'sed\x00'}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x7a}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'nq\x00'}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@remote}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x7fff}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x1}, 0x20000000) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e53fe8)) r3 = inotify_add_watch(r0, &(0x7f0000000200)='./file0\x00', 0x40) inotify_rm_watch(r0, r3) read(r2, &(0x7f0000000280)=""/143, 0x8f) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) 01:50:10 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) poll(&(0x7f0000000000)=[{r0, 0x440}, {r0, 0x240}, {r0, 0x240}, {r0, 0x2000}, {r0, 0x80}, {r0, 0x200}, {r0, 0x8000}, {r0, 0x8}], 0x8, 0x6) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) sendto$inet(r0, &(0x7f0000000100)="2bdc1d4ea337bd1d9668ce7d85a810d259debae697afbd1415f23a880279973147e717f3cb26edb51e5df06917b6e7d06bb1697806482bfe160ab89ed5882108210fca1f6013415d427765f0a0f6ccb78efb86ccb1c9f14e8c933d2cd8177562cf1be6d85b64336b13d4f76575bc0a8dd9d08364e0627db3044a2b9a2376d4ff1757074a57b31162de9be27f711dbef9161f7d992ebc76a6a0641c04197c6f06b8c4be8193200fb939c7465d83c522178b0b723b9fb62a90bde8be0cbf2c19bbb6d024c07716d60920f91cd9924e2a8b054a570c4ea5d00d6c9a05941e015a89c5368925d093717f40ff51a39ba939b20d0dc2fdd66358021a22558e63d0f71702c1084fd364bc762e1cebaf573c5432974f922403f03f14ebb590f290b13fa45a2bdd40bed8d799473e7fc1b3e52f662df4df7304648f987d4541e01d4c561bf81fbdd01ff2d3c784caf260d9e5056f5110de16536fda01738fa12d3899df2383b53bcc4ec886c6f9d8670b00b5764490e5a2b3878a8fcba2c448f12bc00b4bc6959736cd4f6627787cae98d9fdd3", 0xfffffffffffffeb4, 0x20008005, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback}, 0x13e) ioctl$sock_inet_SIOCRTMSG(r0, 0x890d, &(0x7f0000000340)={0x15, {0x2, 0x3, @remote}, {0x2, 0x4e21, @remote}, {0x2, 0x4e20, @rand_addr=0x924}, 0x9, 0xa2b, 0x1, 0x0, 0x9, &(0x7f0000000300)='team_slave_1\x00', 0x1, 0x15, 0xfffffffffffffff8}) setsockopt$inet_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0), 0x54) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f00000002c0)='/selinux/avc/cache_stats\x00', 0x0, 0x0) sendto$inet(r0, &(0x7f0000000040)="4bca418250bc4309cb2cace5484f03", 0xf, 0x40000, 0x0, 0x0) 01:50:10 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='setgroups\x00') mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) write$cgroup_pid(r0, &(0x7f0000000200), 0x1) 01:50:10 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) getrusage(0x1, &(0x7f0000000000)) sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000333f88)={0x2, 0x1, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_spirange={0x2}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x38}}, 0x0) 01:50:10 executing program 3: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x8040, 0xfffffe6f) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="020b00040200000000004000006dc0006a4d84bd9f3a2cc392c4bf9daa32e31b2127c4a0f8e501fc0fd20b8bb60353000000000000000000000000000053797b5c34fee1926fcae4da59abdd7eaa7413e55223962dee1cfebf04fe9e8ccf5e03a56efae18f9f65b8e55470536c21288f95c134a42471fb295c6e131e"], 0x10}}, 0x0) r1 = open(&(0x7f0000000080)='./file0\x00', 0x8000, 0x188) ioctl$ASHMEM_GET_NAME(r1, 0x81007702, &(0x7f0000000100)=""/67) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f00000001c0)={0x0, 0x2710}, 0x8) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f00000000c0)={0x7, 0x1000, 0x5c5, 0x1, 0x400, 0x0, 0x7fff, 0x6, 0x6, 0x0, 0x170, 0x8233}) recvmmsg(r0, &(0x7f0000000f00), 0x400000000000308, 0x10000, &(0x7f0000001000)={0x77359400}) setsockopt$IP_VS_SO_SET_ZERO(r1, 0x0, 0x48f, &(0x7f0000000300)={0x3b, @remote, 0x4e20, 0x4, 'wrr\x00', 0x28, 0x1ff, 0x48}, 0x2c) r2 = getpgid(0x0) r3 = fcntl$getown(r1, 0x9) setpgid(r2, r3) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000200)={0x0, 0x0, 0x0}, &(0x7f0000000240)=0xc) r5 = getgid() setregid(r4, r5) 01:50:10 executing program 0: mq_open(&(0x7f0000000000)='\x00', 0x40, 0xd2, &(0x7f0000000040)={0x9, 0x7, 0x69, 0x88, 0x3, 0x100000000, 0xfffffffffffffffb, 0x77ec}) clock_settime(0xfffffffffff7fff8, &(0x7f0000000180)={0x0, 0x989680}) mq_open(&(0x7f0000000080)='\x00', 0x842, 0xc8, &(0x7f00000000c0)={0x463d, 0xeda7, 0x101, 0x8, 0x61f7a971, 0x9, 0xb66, 0x100}) prctl$intptr(0x3e, 0x7) 01:50:11 executing program 7: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b000102000000000040faffffff00"], 0x10}}, 0x0) sendmsg$key(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x2, 0xa, 0x0, 0x0, 0x2}, 0x10}}, 0x0) unshare(0x20c00) recvmmsg(r0, &(0x7f0000000200), 0x0, 0x0, &(0x7f0000000040)={0x0, 0x1c9c380}) 01:50:11 executing program 2: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ppp\x00', 0x80, 0x0) r1 = memfd_create(&(0x7f0000000140)='/dev/ppp\x00', 0x3) ioctl$LOOP_SET_CAPACITY(r0, 0x4c07) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000580)='/dev/net/tun\x00', 0x400000000000002, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={"0000000000000000000000000200", 0x5002}) write$P9_RSETATTR(r1, &(0x7f0000000200)={0x7, 0x1b, 0x2}, 0x7) openat$cgroup_type(r2, &(0x7f0000000000)='cgroup.type\x00', 0x2, 0x0) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x400000, 0x0) ioctl$sock_SIOCOUTQ(r0, 0x5411, &(0x7f0000000180)) openat$zero(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/zero\x00', 0x420000, 0x0) write$FUSE_INTERRUPT(r3, &(0x7f00000000c0)={0x10, 0x0, 0x7}, 0x10) write$tun(r2, &(0x7f0000000240)=ANY=[@ANYRES64=r2], 0x1) 01:50:11 executing program 0: r0 = open(&(0x7f0000000140)='./file0\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r0, 0x0) mlock(&(0x7f0000005000/0x4000)=nil, 0x4000) remap_file_pages(&(0x7f0000008000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0) remap_file_pages(&(0x7f0000007000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0) remap_file_pages(&(0x7f0000006000/0x4000)=nil, 0x4000, 0x8, 0x80000001, 0x0) [ 79.662966] mmap: syz-executor0 (6022) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt. 01:50:11 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="0a5cc80700315f85715070") timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) 01:50:11 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0xa, 0x400000000001, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000280)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x1f, 0x0, "8c0eb7912a86ff3e23764a3c01af55410c3d3f813a4513a691be997c7ee1235982875b8ae5c27fc73eb383beca956b51a34191ad3a9f70ebee5f1d003dcd4427c273be993dd363cc8f36cc7f609a2371"}, 0xd8) r2 = dup3(r1, r1, 0x0) r3 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) ioctl$RTC_WIE_ON(r3, 0x700f) r4 = dup(r1) setsockopt$inet6_tcp_int(r4, 0x6, 0x20000000000002, &(0x7f00007b1000)=0x81, 0x4) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c) bind$unix(r2, &(0x7f0000000380)=@file={0x1, './bus\x00'}, 0x6e) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='vegas\x00', 0x6) prctl$void(0x80000027) sendto$inet6(r4, &(0x7f0000e77fff), 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$SG_SET_RESERVED_SIZE(r5, 0x2275, &(0x7f0000000080)=0x8001) setsockopt$inet_opts(r5, 0x0, 0x4, &(0x7f0000000400)="d219be78c6c7788246a81e6d2830fb10cbfe4680d62b74bb6b07e85c2afa3b40f28e5f430d0bc5bbaaaeb6f0c411e61059e6d4eff2f95d2a193a869a830c1775cfc444de459e7b9b8c82688ee591506deab513e83926c306f1872cbbe1b2a3161b96bb71d9c19c2396f9e0c109a627eb50c94dbae71887219db52d02454604b083cf4711fbce859d3f99c77a3ea3002c", 0x90) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000180)) pwrite64(0xffffffffffffffff, &(0x7f00000004c0), 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) socketpair$inet_udplite(0x2, 0x2, 0x88, &(0x7f0000000100)) ftruncate(r5, 0x7fff) ioctl$EVIOCSREP(r4, 0x40084503, &(0x7f0000000140)=[0x4, 0x3]) sendfile(r4, r5, &(0x7f0000000040), 0x8000fffffffe) 01:50:11 executing program 4: r0 = dup(0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f0000000000)={0x1, 0x9, 0xde2}) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(r1, 0x0, 0x41, &(0x7f0000000280)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x74) ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000080)) 01:50:11 executing program 5: futex(&(0x7f0000000000), 0x800000000005, 0x8, &(0x7f0000000080)={0x77359400}, &(0x7f00000000c0), 0x0) socketpair(0x13, 0x806, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc02c5341, &(0x7f0000000100)) 01:50:11 executing program 0: exit(0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='cmdline\x00') close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)) write$P9_RSTAT(r0, &(0x7f0000000180)=ANY=[], 0x0) 01:50:11 executing program 7: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x20000003) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendmsg(r1, &(0x7f0000000d80)={&(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000000940), 0x0, &(0x7f0000000240)=[{0x10}], 0x10}, 0x0) 01:50:11 executing program 2: pipe2(&(0x7f0000000000), 0x0) ioctl$PIO_FONT(0xffffffffffffffff, 0x4b61, &(0x7f0000000040)) r0 = socket$unix(0x1, 0x1, 0x0) r1 = dup(r0) setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000440), 0x8) 01:50:11 executing program 1: syz_emit_ethernet(0x66, &(0x7f0000000080)={@empty=[0x2b], @random="04ffbaca67bd", [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @local}, @gre={{0x0, 0x0, 0x1, 0x0, 0x3}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x57}}}}}}, &(0x7f0000000040)) 01:50:11 executing program 4: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, "e91f7189591e9233614b00"}, 0x3b) 01:50:11 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) connect$inet6(r0, &(0x7f0000001c40)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) setsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f0000000080), 0x0) 01:50:11 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[]}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000184000)=ANY=[@ANYBLOB="021800001000000000000000000000000800120000000000000009000000000015006e39498b80bc0000000000000000e000000100000000000000265bac760700000000000000000000000000000000030006001600000002002000ac14ffbb000000000000000003000500000000000200003db28dbebb0000000000000000"], 0x80}}, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0) 01:50:11 executing program 6: socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)=""/109, &(0x7f00000000c0)=0x6d) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000340)={0x4, {{0x2, 0x0, @loopback}}, 0x0, 0x1, [{{0x2, 0x0, @broadcast}}]}, 0x110) 01:50:11 executing program 4: 01:50:11 executing program 6: 01:50:11 executing program 7: 01:50:11 executing program 4: 01:50:11 executing program 1: syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f0000000100)={'veth0_to_bond\x00', {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}}) r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000366000)=@file={0x1, "e91f7189591e9233614b00"}, 0xc) listen(r1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = accept4$unix(r2, &(0x7f0000000000), &(0x7f0000000080)=0x6e, 0x0) connect$unix(r0, &(0x7f0000932000)=@file={0x1, "e91f7189591e9233614b00"}, 0x60) getpeername(r3, &(0x7f0000000140)=@pptp={0x18, 0x2, {0x0, @broadcast}}, &(0x7f00000001c0)=0x80) 01:50:12 executing program 6: exit(0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='cmdline\x00') close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)) write$P9_ROPEN(r0, &(0x7f0000000100)={0x18}, 0x18) 01:50:12 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}}, 0x1c) sendmmsg(r1, &(0x7f0000005fc0), 0x80000000000006a, 0x24) 01:50:12 executing program 7: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[]}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x2, 0x3, 0x0, 0x9, 0x10, 0x0, 0x0, 0x0, [@sadb_x_sa2={0x2, 0x13, 0x2}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x17, [], 0x17}}}]}, 0x80}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0) r1 = gettid() fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x101, r1}) 01:50:12 executing program 0: 01:50:12 executing program 4: 01:50:12 executing program 3: 01:50:12 executing program 1: [ 80.725075] ================================================================== [ 80.732505] BUG: KASAN: slab-out-of-bounds in ip6_xmit+0x177c/0x1a00 [ 80.739003] Read of size 8 at addr ffff8800b051c658 by task syz-executor5/6120 [ 80.746360] [ 80.748001] CPU: 0 PID: 6120 Comm: syz-executor5 Not tainted 4.4.152-ge5c5f1f #25 [ 80.755625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.764984] 0000000000000000 142e9fd097255657 ffff8800b5c4f548 ffffffff81e15fed 01:50:12 executing program 4: [ 80.773122] ffffea0002c14700 ffff8800b051c658 0000000000000000 ffff8800b051c658 [ 80.781249] 0000000000001000 ffff8800b5c4f580 ffffffff8151b489 ffff8800b051c658 [ 80.789373] Call Trace: [ 80.791978] [] dump_stack+0xc1/0x124 [ 80.797351] [] print_address_description+0x6c/0x216 [ 80.804021] [] kasan_report.cold.7+0x175/0x2f7 [ 80.810268] [] ? ip6_xmit+0x177c/0x1a00 [ 80.815995] [] __asan_report_load8_noabort+0x14/0x20 [ 80.822753] [] ip6_xmit+0x177c/0x1a00 [ 80.828232] [] ? kasan_slab_free+0x72/0xc0 [ 80.834117] [] ? kfree+0xf4/0x310 [ 80.839230] [] ? pskb_expand_head+0x683/0x970 [ 80.845377] [] ? ip6_finish_output2+0x1ca0/0x1ca0 [ 80.851875] [] ? __lock_is_held+0xa2/0xf0 [ 80.857678] [] ? ipv4_dst_check+0x111/0x160 [ 80.863655] [] ? __sk_dst_check+0x114/0x270 [ 80.869633] [] inet6_csk_xmit+0x245/0x490 [ 80.875437] [] ? inet6_csk_xmit+0xff/0x490 [ 80.881326] [] ? inet6_csk_update_pmtu+0x160/0x160 [ 80.887913] [] ? udp6_set_csum+0xd3/0xa70 [ 80.893717] [] l2tp_xmit_skb+0xb9c/0xe80 [ 80.899434] [] pppol2tp_sendmsg+0x4e0/0x7d0 [ 80.905444] [] ? selinux_socket_sendmsg+0x3f/0x50 [ 80.911964] [] ? pppol2tp_release+0x310/0x310 [ 80.918116] [] sock_sendmsg+0xcc/0x110 [ 80.923805] [] ___sys_sendmsg+0x441/0x880 [ 80.929592] [] ? copy_msghdr_from_user+0x550/0x550 [ 80.936162] [] ? __fget+0x148/0x3b0 [ 80.941591] [] ? __fget+0x16f/0x3b0 [ 80.946916] [] ? __fget+0x47/0x3b0 [ 80.952093] [] ? __fget_light+0x9f/0x1f0 [ 80.957810] [] ? __fdget+0x18/0x20 [ 80.963058] [] ? sockfd_lookup_light+0xb6/0x160 [ 80.969426] [] __sys_sendmmsg+0x1d4/0x2e0 [ 80.975211] [] ? SyS_sendmsg+0x50/0x50 [ 80.980736] [] ? ip6_datagram_connect+0x3a/0x50 [ 80.987050] [] ? inet_dgram_connect+0x11e/0x200 [ 80.993358] [] ? fput+0x20/0x150 [ 80.998369] [] ? SYSC_connect+0x22a/0x300 [ 81.004165] [] ? SYSC_bind+0x280/0x280 [ 81.009692] [] ? compat_SyS_futex+0x1e1/0x2f0 [ 81.015824] [] ? compat_SyS_get_robust_list+0x310/0x310 [ 81.022873] [] ? SyS_socket+0x121/0x1b0 [ 81.028487] [] ? move_addr_to_kernel+0x50/0x50 [ 81.034726] [] compat_SyS_sendmmsg+0x32/0x40 [ 81.040820] [] ? compat_SyS_sendmsg+0x40/0x40 SeaBIOS (version 1.8.2-20180718_090847-google) Total RAM Size = 0x00000001e0000000 = 7680 MiB CPUs found: 2 Max CPUs supported: 256 found virtio-scsi at 0:3 virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0 removable=0 virtio-scsi blksize=512 sectors=4194304 = 2048 MiB drive 0x000f2280: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304 Booting from Hard Disk 0... early console in decompress_kernel input_data: 0x0000000003b4f26e input_len: 0x00000000014d0c22 output: 0x0000000001000000 output_len: 0x000000000400ba90 run_size: 0x0000000005755000 Decompressing Linux... Parsing ELF... done. Booting the kernel. [ 0.000000] Initializing cgroup subsys cpuset [ 0.000000] Initializing cgroup subsys cpu [ 0.000000] Initializing cgroup subsys cpuacct [ 0.000000] Initializing cgroup subsys schedtune [ 0.000000] Linux version 4.4.152-ge5c5f1f (syzkaller@ci) (gcc version 8.0.1 20180413 (experimental) (GCC) ) #25 SMP PREEMPT Sat Aug 25 07:03:14 UTC 2018 [ 0.000000] Command line: BOOT_IMAGE=/vmlinuz root=/dev/sda1 console=ttyS0 earlyprintk=serial vsyscall=native rodata=n ftrace_dump_on_oops=orig_cpu oops=panic panic_on_warn=1 nmi_watchdog=panic panic=86400 workqueue.watchdog_thresh=140 nopti [ 0.000000] KERNEL supported cpus: [ 0.000000] Intel GenuineIntel [ 0.000000] AMD AuthenticAMD [ 0.000000] Centaur CentaurHauls [ 0.000000] x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256 [ 0.000000] x86/fpu: Supporting XSAVE feature 0x01: 'x87 floating point registers' [ 0.000000] x86/fpu: Supporting XSAVE feature 0x02: 'SSE registers' [ 0.000000] x86/fpu: Supporting XSAVE feature 0x04: 'AVX registers' [ 0.000000] x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'standard' format. [ 0.000000] e820: BIOS-provided physical RAM map: [ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable [ 0.000000] BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved [ 0.000000] BIOS-e820: [mem 0x0000000000100000-0x00000000bfff2fff] usable [ 0.000000] BIOS-e820: [mem 0x00000000bfff3000-0x00000000bfffffff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000fffbc000-0x00000000ffffffff] reserved [ 0.000000] BIOS-e820: [mem 0x0000000100000000-0x000000021fffffff] usable [ 0.000000] bootconsole [earlyser0] enabled [ 0.000000] NX (Execute Disable) protection: active [ 0.000000] SMBIOS 2.4 present. [ 0.000000] Hypervisor detected: KVM [ 0.000000] Kernel/User page tables isolation: disabled [ 0.000000] e820: last_pfn = 0x220000 max_arch_pfn = 0x400000000 [ 0.000000] x86/PAT: Configuration [0-7]: WB WC UC- UC WB WC UC- WT [ 0.000000] e820: last_pfn = 0xbfff3 max_arch_pfn = 0x400000000 [ 0.000000] found SMP MP-table at [mem 0x000f2300-0x000f230f] mapped at [ffff8800000f2300] [ 0.000000] Scanning 1 areas for low memory corruption [ 0.000000] Using GB pages for direct mapping [ 0.000000] ACPI: Early table checksum verification disabled [ 0.000000] ACPI: RSDP 0x00000000000F22C0 000014 (v00 Google) [ 0.000000] ACPI: RSDT 0x00000000BFFF3430 000038 (v01 Google GOOGRSDT 00000001 GOOG 00000001) [ 0.000000] ACPI: FACP 0x00000000BFFFCF60 0000F4 (v02 Google GOOGFACP 00000001 GOOG 00000001) [ 0.000000] ACPI: DSDT 0x00000000BFFF3470 0017B2 (v01 Google GOOGDSDT 00000001 GOOG 00000001) [ 0.000000] ACPI: FACS 0x00000000BFFFCF00 000040 [ 0.000000] ACPI: FACS 0x00000000BFFFCF00 000040 [ 0.000000] ACPI: SSDT 0x00000000BFFF65F0 00690D (v01 Google GOOGSSDT 00000001 GOOG 00000001) [ 0.000000] ACPI: APIC 0x00000000BFFF5D10 000076 (v01 Google GOOGAPIC 00000001 GOOG 00000001) [ 0.000000] ACPI: WAET 0x00000000BFFF5CE0 000028 (v01 Google GOOGWAET 00000001 GOOG 00000001) [ 0.000000] ACPI: SRAT 0x00000000BFFF4C30 0000C8 (v01 Google GOOGSRAT 00000001 GOOG 00000001) [ 0.000000] kvm-clock: Using msrs 4b564d01 and 4b564d00 [ 0.000000] kvm-clock: cpu 0, msr 2:1fffd001, primary cpu clock [ 0.000000] kvm-clock: using sched offset of 2114828717 cycles [ 0.000000] clocksource: kvm-clock: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns [ 0.000000] Zone ranges: [ 0.000000] DMA [mem 0x0000000000001000-0x0000000000ffffff] [ 0.000000] DMA32 [mem 0x0000000001000000-0x00000000ffffffff] [ 0.000000] Normal [mem 0x0000000100000000-0x000000021fffffff] [ 0.000000] Movable zone start for each node [ 0.000000] Early memory node ranges [ 0.000000] node 0: [mem 0x0000000000001000-0x000000000009efff] [ 0.000000] node 0: [mem 0x0000000000100000-0x00000000bfff2fff] [ 0.000000] node 0: [mem 0x0000000100000000-0x000000021fffffff] [ 0.000000] Initmem setup node 0 [mem 0x0000000000001000-0x000000021fffffff] [ 0.000000] kasan: KernelAddressSanitizer initialized [ 0.000000] ACPI: PM-Timer IO Port: 0xb008 [ 0.000000] ACPI: LAPIC_NMI (acpi_id[0xff] dfl dfl lint[0x1]) [ 0.000000] IOAPIC[0]: apic_id 0, version 17, address 0xfec00000, GSI 0-23 [ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 5 global_irq 5 high level) [ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 high level) [ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 10 global_irq 10 high level) [ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 11 global_irq 11 high level) [ 0.000000] Using ACPI (MADT) for SMP configuration information [ 0.000000] smpboot: Allowing 2 CPUs, 0 hotplug CPUs [ 0.000000] PM: Registered nosave memory: [mem 0x00000000-0x00000fff] [ 0.000000] PM: Registered nosave memory: [mem 0x0009f000-0x0009ffff] [ 0.000000] PM: Registered nosave memory: [mem 0x000a0000-0x000effff] [ 0.000000] PM: Registered nosave memory: [mem 0x000f0000-0x000fffff] [ 0.000000] PM: Registered nosave memory: [mem 0xbfff3000-0xbfffffff] [ 0.000000] PM: Registered nosave memory: [mem 0xc0000000-0xfffbbfff] [ 0.000000] PM: Registered nosave memory: [mem 0xfffbc000-0xffffffff] [ 0.000000] e820: [mem 0xc0000000-0xfffbbfff] available for PCI devices [ 0.000000] Booting paravirtualized kernel on KVM [ 0.000000] clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns [ 0.000000] setup_percpu: NR_CPUS:64 nr_cpumask_bits:64 nr_cpu_ids:2 nr_node_ids:1 [ 0.000000] PERCPU: Embedded 42 pages/cpu @ffff8801db200000 s134152 r8192 d29688 u1048576 [ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 1935227 [ 0.000000] Kernel command line: BOOT_IMAGE=/vmlinuz root=/dev/sda1 console=ttyS0 earlyprintk=serial vsyscall=native rodata=n ftrace_dump_on_oops=orig_cpu oops=panic panic_on_warn=1 nmi_watchdog=panic panic=86400 workqueue.watchdog_thresh=140 nopti [ 0.000000] PID hash table entries: 4096 (order: 3, 32768 bytes) [ 0.000000] Dentry cache hash table entries: 1048576 (order: 11, 8388608 bytes) [ 0.000000] Inode-cache hash table entries: 524288 (order: 10, 4194304 bytes) [ 0.000000] Memory: 6579080K/7863876K available (41801K kernel code, 6308K rwdata, 9068K rodata, 1868K init, 23696K bss, 1284796K reserved, 0K cma-reserved) [ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=2, Nodes=1 [ 0.000000] Running RCU self tests [ 0.000000] Preemptible hierarchical RCU implementation. [ 0.000000] RCU lockdep checking is enabled. [ 0.000000] Build-time adjustment of leaf fanout to 64. [ 0.000000] RCU restricting CPUs from NR_CPUS=64 to nr_cpu_ids=2. [ 0.000000] RCU: Adjusting geometry for rcu_fanout_leaf=64, nr_cpu_ids=2 [ 0.000000] NR_IRQS:4352 nr_irqs:440 16 [ 0.000000] console [ttyS0] enabled [ 0.000000] console [ttyS0] enabled [ 0.000000] bootconsole [earlyser0] disabled [ 0.000000] bootconsole [earlyser0] disabled [ 0.000000] Lock dependency validator: Copyright (c) 2006 Red Hat, Inc., Ingo Molnar [ 0.000000] ... MAX_LOCKDEP_SUBCLASSES: 8 [ 0.000000] ... MAX_LOCK_DEPTH: 48 [ 0.000000] ... MAX_LOCKDEP_KEYS: 8191 [ 0.000000] ... CLASSHASH_SIZE: 4096 [ 0.000000] ... MAX_LOCKDEP_ENTRIES: 32768 [ 0.000000] ... MAX_LOCKDEP_CHAINS: 65536 [ 0.000000] ... CHAINHASH_SIZE: 32768 [ 0.000000] memory used by lock dependency info: 8159 kB [ 0.000000] per task-struct memory footprint: 1920 bytes [ 0.000000] tsc: Detected 2300.000 MHz processor [ 1.204397] Calibrating delay loop (skipped) preset value.. 4600.00 BogoMIPS (lpj=23000000) [ 1.207034] pid_max: default: 32768 minimum: 301 [ 1.208726] ACPI: Core revision 20150930 [ 1.635880] ACPI: 2 ACPI AML tables successfully acquired and loaded [ 1.638274] Security Framework initialized [ 1.639401] SELinux: Initializing. [ 1.640528] AppArmor: AppArmor disabled by boot time parameter [ 1.642238] Mount-cache hash table entries: 16384 (order: 5, 131072 bytes) [ 1.644323] Mountpoint-cache hash table entries: 16384 (order: 5, 131072 bytes) [ 1.649394] Initializing cgroup subsys io [ 1.650861] Initializing cgroup subsys freezer [ 1.652376] Initializing cgroup subsys hugetlb [ 1.654013] Initializing cgroup subsys debug [ 1.655688] CPU: Physical Processor ID: 0 [ 1.657978] mce: CPU supports 32 MCE banks [ 1.659553] Last level iTLB entries: 4KB 1024, 2MB 1024, 4MB 1024 [ 1.661489] Last level dTLB entries: 4KB 1024, 2MB 1024, 4MB 1024, 1GB 4 [ 1.663605] Spectre V2 : Mitigation: Full generic retpoline [ 1.665397] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch [ 1.667895] Speculative Store Bypass: Vulnerable [ 1.672269] Freeing SMP alternatives memory: 48K [ 1.683881] ..TIMER: vector=0x30 apic1=0 pin1=0 apic2=-1 pin2=-1 [ 1.802810] smpboot: CPU0: Intel(R) Xeon(R) CPU @ 2.30GHz (family: 0x6, model: 0x3f, stepping: 0x0) [ 1.806059] Performance Events: unsupported p6 CPU model 63 no PMU driver, software events only. [ 1.893101] x86: Booting SMP configuration: [ 1.894591] .... node #0, CPUs: #1 [ 1.896111] kvm-clock: cpu 1, msr 2:1fffd041, secondary cpu clock [ 1.901525] x86: Booted up 1 node, 2 CPUs [ 1.902887] smpboot: Total of 2 processors activated (9200.00 BogoMIPS) [ 1.908471] devtmpfs: initialized [ 1.919805] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns [ 1.922976] futex hash table entries: 512 (order: 4, 65536 bytes) [ 1.924404] kworker/u4:0 (20) used greatest stack depth: 27920 bytes left [ 1.927887] xor: automatically using best checksumming function: [ 2.022787] avx : 24422.000 MB/sec [ 2.025088] RTC time: 1:50:17, date: 08/27/18 [ 2.025322] kworker/u4:1 (22) used greatest stack depth: 27424 bytes left [ 2.031028] NET: Registered protocol family 16 [ 2.032913] schedtune: init normalization constants... [ 2.034356] schedtune: no energy model data [ 2.035568] schedtune: disabled! [ 2.063093] cpuidle: using governor ladder [ 2.092832] cpuidle: using governor menu [ 2.094863] ACPI: bus type PCI registered [ 2.096075] acpiphp: ACPI Hot Plug PCI Controller Driver version: 0.5 [ 2.100615] PCI: Using configuration type 1 for base access [ 2.180415] kworker/u4:0 (178) used greatest stack depth: 27024 bytes left [ 2.572752] raid6: sse2x1 gen() 4515 MB/s [ 2.742589] raid6: sse2x1 xor() 2384 MB/s [ 2.912532] raid6: sse2x2 gen() 7121 MB/s [ 3.082494] raid6: sse2x2 xor() 4016 MB/s [ 3.252445] raid6: sse2x4 gen() 9487 MB/s [ 3.422416] raid6: sse2x4 xor() 5412 MB/s [ 3.592360] raid6: avx2x1 gen() 9576 MB/s [ 3.762313] raid6: avx2x2 gen() 13598 MB/s [ 3.932269] raid6: avx2x4 gen() 18266 MB/s [ 3.933839] raid6: using algorithm avx2x4 gen() 18266 MB/s [ 3.935591] raid6: using avx2x2 recovery algorithm [ 3.937737] ACPI: Added _OSI(Module Device) [ 3.938947] ACPI: Added _OSI(Processor Device) [ 3.940393] ACPI: Added _OSI(3.0 _SCP Extensions) [ 3.941817] ACPI: Added _OSI(Processor Aggregator Device) [ 3.969659] ACPI: Executed 2 blocks of module-level executable AML code [ 4.916346] ACPI: Interpreter enabled [ 4.918075] ACPI: (supports S0 S3 S4 S5) [ 4.919386] ACPI: Using IOAPIC for interrupt routing [ 4.921545] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug [ 6.208472] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-ff]) [ 6.210733] acpi PNP0A03:00: _OSC: OS supports [ASPM ClockPM Segments MSI] [ 6.213579] acpi PNP0A03:00: _OSC failed (AE_NOT_FOUND); disabling ASPM [ 6.216073] acpi PNP0A03:00: fail to add MMCONFIG information, can't access extended PCI configuration space under this bridge. [ 6.248844] PCI host bridge to bus 0000:00 [ 6.250296] pci_bus 0000:00: root bus resource [io 0x0000-0x0cf7 window] [ 6.252752] pci_bus 0000:00: root bus resource [io 0x0d00-0xffff window] [ 6.255341] pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000bffff window] [ 6.257775] pci_bus 0000:00: root bus resource [mem 0xc0000000-0xfebfffff window] [ 6.260424] pci_bus 0000:00: root bus resource [bus 00-ff] [ 6.311390] pci 0000:00:01.3: quirk: [io 0xb000-0xb03f] claimed by PIIX4 ACPI [ 6.412873] ACPI: PCI Interrupt Link [LNKA] (IRQs 5 *10 11) [ 6.420843] ACPI: PCI Interrupt Link [LNKB] (IRQs 5 *10 11) [ 6.428739] ACPI: PCI Interrupt Link [LNKC] (IRQs 5 10 *11) [ 6.436690] ACPI: PCI Interrupt Link [LNKD] (IRQs 5 10 *11) [ 6.442139] ACPI: PCI Interrupt Link [LNKS] (IRQs *9) [ 7.043445] ACPI: Enabled 16 GPEs in block 00 to 0F [ 7.048547] vgaarb: loaded [ 7.052895] SCSI subsystem initialized [ 7.072569] ACPI: bus type USB registered [ 7.075258] usbcore: registered new interface driver usbfs [ 7.077599] usbcore: registered new interface driver hub [ 7.080187] usbcore: registered new device driver usb [ 7.083759] pps_core: LinuxPPS API ver. 1 registered [ 7.085571] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti [ 7.088958] PTP clock support registered [ 7.091807] ioremap error for 0xbfffd000-0xc0000000, requested 0x2, got 0x0 [ 7.094321] dmi: Firmware registration failed. [ 7.096832] Advanced Linux Sound Architecture Driver Initialized. [ 7.100233] PCI: Using ACPI for IRQ routing [ 7.109666] NetLabel: Initializing [ 7.111341] NetLabel: domain hash size = 128 [ 7.112787] NetLabel: protocols = UNLABELED CIPSOv4 [ 7.114718] NetLabel: unlabeled traffic allowed by default [ 7.118542] amd_nb: Cannot enumerate AMD northbridges [ 7.121024] clocksource: Switched to clocksource kvm-clock