[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 12.549688] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.722497] random: sshd: uninitialized urandom read (32 bytes read) [ 20.004988] random: sshd: uninitialized urandom read (32 bytes read) [ 20.653438] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.57' (ECDSA) to the list of known hosts. [ 26.319327] random: sshd: uninitialized urandom read (32 bytes read) 2018/08/26 15:35:49 fuzzer started [ 27.553318] random: cc1: uninitialized urandom read (8 bytes read) 2018/08/26 15:35:51 dialing manager at 10.128.0.26:43161 2018/08/26 15:35:54 syscalls: 1 2018/08/26 15:35:54 code coverage: enabled 2018/08/26 15:35:54 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/08/26 15:35:54 setuid sandbox: enabled 2018/08/26 15:35:54 namespace sandbox: enabled 2018/08/26 15:35:54 fault injection: CONFIG_FAULT_INJECTION is not enabled 2018/08/26 15:35:54 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/08/26 15:35:54 net packed injection: enabled 2018/08/26 15:35:54 net device setup: enabled [ 35.374850] random: crng init done 15:36:43 executing program 1: clone(0x0, &(0x7f0000003300), &(0x7f00000022c0), &(0x7f0000004340), &(0x7f0000001200)) clone(0x0, &(0x7f0000000040), &(0x7f0000000200), &(0x7f0000000000), &(0x7f0000000080)) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='children\x00') pread64(r0, &(0x7f00000002c0)=""/167, 0xa7, 0x0) 15:36:43 executing program 7: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000080), 0x0, 0x20000801, &(0x7f0000000080)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x10) vmsplice(0xffffffffffffffff, &(0x7f0000002680), 0x0, 0x0) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x8004020000000000}, 0x6) 15:36:43 executing program 0: r0 = socket(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000180)={'bond_slave_0\x00', &(0x7f0000000040)=@ethtool_cmd={0x48}}) 15:36:43 executing program 2: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x856, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x11, &(0x7f00000000c0)=0x2, 0x4) 15:36:43 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f00005fafd2)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r1, &(0x7f0000005fc0)=[{{&(0x7f0000005680)=@sco, 0x340, &(0x7f0000005b00)}}, {{&(0x7f0000000000)=@l2, 0x80, &(0x7f0000005c40), 0x1f4, &(0x7f0000005c80), 0x3a00}}], 0x38c, 0x0) 15:36:43 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$key(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000313000000000000000000000005000600000000000a0000000000000000000000000000000000ffff00000000000000000000000005000900000000000a0000000000000000000000000000000000000000000000000000000000000002000100000000000000070b0000000005000500000000000a000000001e0000ff0200001b00000000000000000000010000000000000000"], 0x98}}, 0x0) 15:36:43 executing program 6: clone(0x0, &(0x7f0000003300), &(0x7f00000022c0), &(0x7f0000004340), &(0x7f0000001200)) perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x6, 0x108000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioprio_set$uid(0x3, 0x0, 0x0) 15:36:43 executing program 5: socket$key(0xf, 0x3, 0x2) [ 80.321841] IPVS: Creating netns size=2536 id=1 [ 80.366437] IPVS: Creating netns size=2536 id=2 [ 80.407691] IPVS: Creating netns size=2536 id=3 [ 80.433317] IPVS: Creating netns size=2536 id=4 [ 80.486392] IPVS: Creating netns size=2536 id=5 [ 80.516410] IPVS: Creating netns size=2536 id=6 [ 80.568454] IPVS: Creating netns size=2536 id=7 [ 80.642209] IPVS: Creating netns size=2536 id=8 [ 81.110560] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 81.174746] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 81.300838] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 81.360786] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 81.378060] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 81.438802] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 81.489134] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 81.538886] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 81.565331] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 81.578046] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 81.606278] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 81.691497] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 81.709476] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 81.720723] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 81.742632] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 81.760513] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 81.784367] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 81.799280] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 81.816646] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 81.837816] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 81.864114] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 81.871798] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 81.927904] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 81.960280] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 81.970520] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 82.038609] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 82.057391] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 82.093167] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 82.101747] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 82.109244] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 82.134301] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 82.145153] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 82.152916] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 82.166402] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 82.180550] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 82.193997] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 82.202806] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 82.213215] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 82.224475] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 82.236468] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 82.250120] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 82.260764] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 82.274754] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 82.287242] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 82.295891] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 82.303606] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 82.312095] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 82.327858] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 82.335898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 82.350677] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 82.366658] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 82.373999] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 82.388225] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 82.424945] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 82.432529] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 82.439991] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 82.447588] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 82.457984] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 82.466743] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 82.487528] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 82.498408] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 82.511298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 82.526235] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 82.556984] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 82.582548] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 82.590152] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 82.599401] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 82.619340] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 82.629863] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 82.653746] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 82.661905] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 82.669825] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 82.681259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 82.699423] ip (4309) used greatest stack depth: 23928 bytes left [ 82.706944] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 82.742005] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 82.758723] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 82.778386] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 82.806498] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 82.836533] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 82.857936] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 82.882714] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 82.900358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 82.908299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 82.915825] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 82.934055] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 82.941063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 82.948561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 82.967868] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 82.980235] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 82.989826] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 83.002001] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 83.009676] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 83.022836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 83.048494] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 83.062801] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 83.070284] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 85.482564] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 85.684306] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 85.690452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 85.700331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 85.765341] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 85.794708] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 85.834970] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 85.885808] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 85.998352] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 86.016774] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 86.031495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 86.039403] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 86.052482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 86.059219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 86.095230] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 86.110730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 86.123480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 86.157125] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 86.169461] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 86.179453] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 86.198200] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 86.229662] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 86.307594] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 86.422347] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 86.438757] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 86.456344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 86.464693] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 86.479180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 86.486233] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 86.574916] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 86.589588] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 86.599783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 15:36:50 executing program 7: 15:36:50 executing program 7: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140)='/dev/uinput\x00', 0x20000000805, 0x0) write$uinput_user_dev(r0, &(0x7f0000000400)={'syz1\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x2) ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, &(0x7f0000000080)={{}, 'syz1\x00'}) r1 = openat$pktcdvd(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pktcdvd/control\x00', 0x40000, 0x0) setsockopt$inet6_tcp_buf(r1, 0x6, 0x1a, &(0x7f0000000040)="683d98910cff13663d28190440aeb90876419517b53b0908398e046a09274f145b21818965c0f7e48280d6e729915fd3027b0e27bc0e96", 0x37) write$uinput_user_dev(r0, &(0x7f0000001040)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) [ 87.382364] input: syz1 as /devices/virtual/input/input4 [ 87.436456] input: syz1 as /devices/virtual/input/input5 15:36:50 executing program 7: r0 = socket$inet6(0xa, 0x1, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) getpeername(r0, &(0x7f0000000100)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f00000001c0)=0x80) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'ip6tnl0\x00', r2}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'veth0_to_bond\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000180)={&(0x7f0000000040), 0xc, &(0x7f0000000080)={&(0x7f0000000440)=@newlink={0x2c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_ADDRESS={0xc, 0x1, @local}]}, 0x2c}}, 0x0) 15:36:50 executing program 7: socket(0x2000000400000018, 0x0, 0x3) epoll_create(0xc0bd) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='fdinfo/4\x00') readv(r0, &(0x7f0000f46000)=[{&(0x7f0000949000)=""/101, 0x65}], 0x1) sysinfo(&(0x7f0000000000)=""/163) eventfd(0x6) 15:36:50 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockopt$SO_COOKIE(r0, 0x1, 0x39, &(0x7f00000000c0), &(0x7f0000000100)=0x8) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0x101200, 0x0) getsockopt$IPT_SO_GET_ENTRIES(r2, 0x0, 0x41, &(0x7f0000000240)={'nat\x00', 0xfb, "8a8e4eeccbea40132abbff0dc1ea9041b023b66c0177f5207304e1c81597d07caa5b2abca8b2a563b5292f86e70f87ccc174529d515592cbc49072e8a7ce94f5d3a5bb4134bd83ef3559af1bdf30f6c659a7fcb62d8cfc3a107278060639c5e1614bbd99731ce2c93ed64db4632c618fc8dc755d3025a1e318a14f822f7d3713ced389d4bd38e8376cad54d734869a9882e04597c360288a1577793e4230d5fa690ffb5293511b7ded0e994496f328a2b103861f1632758d39162ea02fa65ce123381113a2079fbe70478e928d21fa04af368066e5d60a4a21ee7909735b36550c9f5e38f8c035ee731dfa159be402743e7ec379dd08ce4ffc6f02"}, &(0x7f0000000380)=0x11f) r3 = inotify_init1(0x0) fcntl$setown(r3, 0x8, 0xffffffffffffffff) fcntl$getownex(r3, 0x10, &(0x7f00000001c0)={0x0, 0x0}) socket$inet6(0xa, 0x203000000000002, 0x0) ptrace$setopts(0x4206, r4, 0x80000000, 0x40) ptrace(0x4207, r4) clone(0x0, &(0x7f0000000100), &(0x7f0000000040), &(0x7f0000000080), &(0x7f0000000200)) ptrace$getregs(0x2, r4, 0x2072fffd, &(0x7f0000000000)=""/38) 15:36:50 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85715070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x400032, 0xffffffffffffffff, 0x0) ioctl$TIOCSWINSZ(r1, 0x5414, &(0x7f00000000c0)={0x5, 0x3ff, 0x5, 0x85}) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000040)) 15:36:50 executing program 7: r0 = socket$inet(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r0, 0x0, 0x42, &(0x7f00000001c0)={'NETMAP\x00'}, &(0x7f0000000200)=0x1e) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000280)={{{@in=@broadcast, @in=@rand_addr, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in=@remote}}, &(0x7f0000000380)=0xe8) setsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f00000003c0)={r1, @remote}, 0xc) listen(r0, 0x7) getsockopt$inet_mreqsrc(r0, 0x0, 0x2f, &(0x7f0000000140)={@multicast1, @rand_addr, @loopback}, &(0x7f0000000180)=0xc) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='bridge_slave_0\x00', 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='dummy0\x00', 0x10) write$binfmt_script(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="2321202e2f66696c6530206272696467655f736c6176655f3000202064756d6d793000205b2d2b20206272696467655f736c6176655f30000a3111a39addff457d6f3a5d0a8174037016901adffa3e2c4add96f8303d212d2ad00f856fe7c4ce9f1745978da4e2e4e3b11e6ac42b1a2c1da55ec9520cd3c7fb99"], 0x7a) setsockopt$inet_int(r0, 0x0, 0x400000000032, &(0x7f0000000240)=0x1800003, 0x4) 15:36:50 executing program 2: 15:36:50 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000700)='./bus\x00', 0x0) write$binfmt_misc(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="7719f0d7006e431d0935f8dd1f25aa"], 0x4) truncate(&(0x7f0000000300)='./bus\x00', 0x100000) r2 = open(&(0x7f0000000000)='./bus\x00', 0x26880, 0x0) lseek(r1, 0x0, 0x2) sendfile(r1, r2, &(0x7f0000000040), 0x8000fffffffe) r3 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r3, 0x1200, &(0x7f00000000c0)="0a5cc80700315f85715070") sendmmsg(0xffffffffffffffff, &(0x7f000000ac80), 0x400021b, 0x0) creat(&(0x7f0000000280)='./bus\x00', 0x0) 15:36:50 executing program 2: r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/checkreqprot\x00', 0x480, 0x0) write$P9_RLERRORu(r0, &(0x7f0000000080)={0x1a, 0x7, 0x1, {{0xd, '/dev/usbmon#\x00'}, 0x80000001}}, 0x1a) r1 = getpgrp(0x0) r2 = gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f000053b000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f) fcntl$setown(r3, 0x8, r1) fcntl$setsig(r3, 0xa, 0x12) r5 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r5, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000100)={@in={{0x2, 0x4e22, @remote}}, 0x2, 0x8, 0xff, "b8286f1761fcf53a8faaa203f30accc9d41ba34a7c91810edef7ac66934a6b83c617bd9b0a2239827a845b270c0914e4bce3a56a0db382a2b3f77827ea1bb9fbe507bd8ce5e810884c2d7fbb21cef9e4"}, 0xd8) r6 = syz_open_dev$usbmon(&(0x7f0000fd0ff3)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r6, 0x40189206, &(0x7f0000ddd000)) poll(&(0x7f0000b28fe0)=[{r4}], 0x1, 0xfffffffffffffff8) openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs\x00', 0x650040, 0x0) dup3(r3, r4, 0x0) keyctl$session_to_parent(0x12) tkill(r2, 0x16) times(&(0x7f0000000000)) 15:36:50 executing program 1: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ion\x00', 0x0, 0x0) ioctl(r0, 0x7, &(0x7f0000000280)) r1 = accept4$packet(r0, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000040)=0x14, 0x80000) ioctl$sock_SIOCGIFBR(r1, 0x8940, &(0x7f0000000140)=@get={0x1, &(0x7f0000000080)=""/163, 0x670}) 15:36:50 executing program 7: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)="2f70726f632f342f76734c636f6e6e5f726575a45990e1ca18736d6f6465000000090000000000000000e58f71290000", 0x2, 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0x1e, &(0x7f0000000100)=""/240, &(0x7f0000000000)=0xffffffffffffffa1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KDGKBMODE(r0, 0x4b44, &(0x7f0000000200)) [ 87.832329] kasan: CONFIG_KASAN_INLINE enabled [ 87.836957] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 87.844345] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 87.850582] Dumping ftrace buffer: [ 87.854125] (ftrace buffer empty) [ 87.857827] Modules linked in: [ 87.861159] CPU: 0 PID: 5830 Comm: syz-executor3 Not tainted 4.9.124-g09eb2ba #83 [ 87.868772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 87.878123] task: ffff8801cdbc3000 task.stack: ffff8801a3c48000 [ 87.884168] RIP: 0010:[] [] ip6_xmit+0xb2d/0x1b80 [ 87.892363] RSP: 0018:ffff8801a3c4f5e0 EFLAGS: 00010246 [ 87.897804] RAX: dffffc0000000000 RBX: ffff8801c4e7e000 RCX: ffffc90001ef1000 [ 87.905069] RDX: ffff8801c4e7e078 RSI: ffffffff83561613 RDI: ffff8801d690d818 [ 87.912335] RBP: ffff8801a3c4f7f8 R08: ffff8801cdbc38e8 R09: 0000000000000000 [ 87.919605] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801cdd7c900 [ 87.926872] R13: ffff8801d9621fe4 R14: 000000000000001b R15: 0000000000000040 [ 87.934135] FS: 00007fb1bcdda700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000 [ 87.942376] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 87.948249] CR2: 00007f0fd2596e70 CR3: 00000001cc511000 CR4: 00000000001606f0 [ 87.955510] Stack: [ 87.957653] 000000000000000c ffff8801a3c4f5f8 ffffffff8107ba56 ffff8801a3c4f638 [ 87.965744] 0000001200000001 0000000000000000 1ffff10034789eca ffff8801c4e7e0c8 [ 87.973799] ffff8801c4e7e058 ffff8801c4e7e078 ffff8801c66fb400 ffff8801a943b380 [ 87.981870] Call Trace: [ 87.984454] [] ? save_stack_trace+0x16/0x20 [ 87.990428] [] ? ip6_finish_output2+0x1d00/0x1d00 [ 87.996919] [] ? trace_hardirqs_on+0x10/0x10 [ 88.002973] [] ? __lock_is_held+0xa2/0xf0 [ 88.008768] [] ? ipv4_dst_check+0x111/0x160 [ 88.014732] [] ? __sk_dst_check+0x114/0x240 [ 88.020696] [] inet6_csk_xmit+0x27c/0x4d0 [ 88.026472] [] ? inet6_csk_xmit+0xff/0x4d0 [ 88.032343] [] ? inet6_csk_update_pmtu+0x160/0x160 [ 88.038919] [] ? check_preemption_disabled+0x3b/0x170 [ 88.045748] [] l2tp_xmit_skb+0xc45/0xf30 [ 88.051437] [] pppol2tp_sendmsg+0x4e0/0x790 [ 88.057392] [] ? selinux_socket_sendmsg+0x3f/0x50 [ 88.063860] [] ? pppol2tp_release+0x2e0/0x2e0 [ 88.069983] [] sock_sendmsg+0xcc/0x110 [ 88.075497] [] ___sys_sendmsg+0x47a/0x840 [ 88.081272] [] ? copy_msghdr_from_user+0x560/0x560 [ 88.087841] [] ? check_preemption_disabled+0x3b/0x170 [ 88.094657] [] ? __fget+0x20a/0x3b0 [ 88.099909] [] ? __fget_light+0x169/0x1f0 [ 88.105683] [] ? __fdget+0x18/0x20 [ 88.110848] [] __sys_sendmmsg+0x161/0x3d0 [ 88.116638] [] ? SyS_sendmsg+0x50/0x50 [ 88.122388] [] ? security_socket_connect+0x8f/0xc0 [ 88.128958] [] ? fput+0xd2/0x140 [ 88.133956] [] ? SYSC_connect+0x22a/0x300 [ 88.139751] [] ? SYSC_bind+0x280/0x280 [ 88.146638] [] ? SyS_futex+0x206/0x310 [ 88.153432] [] ? do_futex+0x17c0/0x17c0 [ 88.159070] [] ? SyS_socket+0x121/0x1b0 [ 88.164680] [] ? move_addr_to_kernel+0x50/0x50 [ 88.170890] [] SyS_sendmmsg+0x35/0x60 [ 88.176767] [] ? __sys_sendmmsg+0x3d0/0x3d0 [ 88.182738] [] do_syscall_64+0x1a6/0x490 [ 88.188425] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 88.195324] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 55 0e 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 54 24 48 4d 8b a4 24 18 03 00 00 <65> 49 ff 44 24 28 48 c1 ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f [ 88.222307] RIP [] ip6_xmit+0xb2d/0x1b80 [ 88.228119] RSP [ 88.231829] ---[ end trace d2b44cdc12245427 ]--- [ 88.236604] Kernel panic - not syncing: Fatal exception in interrupt [ 88.243388] Dumping ftrace buffer: [ 88.246916] (ftrace buffer empty) [ 88.250608] Kernel Offset: disabled [ 88.254211] Rebooting in 86400 seconds..