[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   14.156431] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   17.667881] random: sshd: uninitialized urandom read (32 bytes read)
[   18.014771] random: sshd: uninitialized urandom read (32 bytes read)
[   18.725154] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.17' (ECDSA) to the list of known hosts.
[   24.270908] random: sshd: uninitialized urandom read (32 bytes read)
2018/08/26 02:02:49 fuzzer started
[   25.590644] random: cc1: uninitialized urandom read (8 bytes read)
2018/08/26 02:02:52 dialing manager at 10.128.0.26:40967
2018/08/26 02:02:57 syscalls: 1
2018/08/26 02:02:57 code coverage: enabled
2018/08/26 02:02:57 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/08/26 02:02:57 setuid sandbox: enabled
2018/08/26 02:02:57 namespace sandbox: enabled
2018/08/26 02:02:57 fault injection: CONFIG_FAULT_INJECTION is not enabled
2018/08/26 02:02:57 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/08/26 02:02:57 net packed injection: enabled
2018/08/26 02:02:57 net device setup: enabled
[   33.601452] random: crng init done

INIT: Id "2" respawning too fast: disabled for 5 minutes

INIT: Id "1" respawning too fast: disabled for 5 minutes

INIT: Id "4" respawning too fast: disabled for 5 minutes

INIT: Id "5" respawning too fast: disabled for 5 minutes

INIT: Id "3" respawning too fast: disabled for 5 minutes

INIT: Id "6" respawning too fast: disabled for 5 minutes
02:04:29 executing program 0:
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/icmp6\x00')
preadv(r0, &(0x7f0000000100), 0x361, 0x10400003)

02:04:29 executing program 2:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f00000003c0)=@broute={'broute\x00', 0x20, 0x1, 0x16c, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000440], 0x2, &(0x7f0000000000), &(0x7f0000000440)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x11, 0x0, 0x0, 'veth0_to_bridge\x00', 'irlan0\x00', 'bridge_slave_1\x00', 'ip6_vti0\x00', @empty, [], @local, [], 0xac, 0xac, 0xdc, [@limit={'limit\x00', 0x18, {{0xffff, 0x401}}}]}}, @common=@dnat={'dnat\x00', 0xc, {{@random="f1703c27a536"}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xfffffffffffffffc}]}, 0x1f8)

02:04:29 executing program 7:
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000000440)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000cecffc), 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)

02:04:29 executing program 3:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @local, 0x2000000008}, 0x1c)
set_robust_list(&(0x7f0000000380)={&(0x7f0000000140), 0x5, &(0x7f0000000340)}, 0x18)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4e1f, 0x0, @ipv4={[], [], @loopback}}, 0x1c)
sendmmsg(r0, &(0x7f00000002c0), 0x400000000000027, 0x0)

02:04:29 executing program 4:
r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ion\x00', 0x0, 0x0)
ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000240)={0x800, 0x1})
ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x200000, 0x25})

02:04:29 executing program 5:
r0 = socket(0xa, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'veth0_to_bridge\x00', <r1=>0x0})
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000080)={@loopback, @empty, @loopback, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, r1})

02:04:29 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000040)="0a5cc80700315f85715070")
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0)
ppoll(&(0x7f00000001c0)=[{r1, 0x80}, {}, {0xffffffffffffffff, 0x400}], 0x3, &(0x7f0000000240), &(0x7f0000000280)={0x1ff}, 0x8)

02:04:29 executing program 1:
syz_emit_ethernet(0x1, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08060006082d00275bea1540518015c0ff00000000aaaaaaaaaa0043e9886bc2b3e9a726d1e29344d2d80e81daca4e96a54335571287996d9b0889c9afcfe9f09eb5c7514f37980858025200f1d94ef67411f328eb9603248982462f5d772b5961fe75465758e42cca495eb3d538b474b71f8b6bd27a999d959791934e7d667d7820cde47d0e87cd31ccca172d3a523ca82d3f7115c22bec6f802b8c6302b7a1279d2a52d6965092119ce68b4c46755a4a00571d2b37288bd777"], &(0x7f0000000100)={0x0, 0x0, [0x20000000]})

[  123.700500] IPVS: Creating netns size=2536 id=1
[  123.770139] IPVS: Creating netns size=2536 id=2
[  123.883780] IPVS: Creating netns size=2536 id=3
[  123.926473] IPVS: Creating netns size=2536 id=4
[  123.980399] IPVS: Creating netns size=2536 id=5
[  124.038914] IPVS: Creating netns size=2536 id=6
[  124.089848] IPVS: Creating netns size=2536 id=7
[  124.168220] IPVS: Creating netns size=2536 id=8
[  124.663643] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  124.714394] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  124.753671] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  124.772833] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  124.970593] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  125.024303] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  125.045840] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  125.101859] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  125.122656] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  125.151548] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  125.159683] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  125.171510] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  125.202435] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  125.246742] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  125.262719] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  125.290850] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  125.332331] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  125.354016] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  125.409668] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  125.443302] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  125.493628] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  125.520325] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  125.535441] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  125.561873] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  125.572193] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  125.580617] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  125.599546] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  125.638861] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  125.655617] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  125.670352] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  125.689562] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  125.697657] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  125.718768] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  125.729483] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  125.737812] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  125.747291] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  125.769775] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  125.777316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  125.785807] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  125.793449] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  125.801921] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  125.809619] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  125.834758] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  125.847528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  125.861639] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  125.870380] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  125.905815] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  125.974901] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  125.983695] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  126.005657] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  126.036713] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  126.070882] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  126.071424] ip (4523) used greatest stack depth: 24376 bytes left
[  126.098232] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  126.111670] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  126.120371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  126.127906] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  126.152207] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  126.164275] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  126.175042] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  126.196452] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  126.210444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  126.218028] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  126.225777] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  126.234322] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  126.248282] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  126.257146] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  126.275369] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  126.293375] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  126.306741] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  126.332713] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  126.342469] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  126.357946] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  126.371082] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  126.378940] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  126.394844] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  126.403074] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  126.412188] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  126.419623] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  126.427301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  126.446291] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  126.464659] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  126.485786] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  126.503686] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  126.516318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  126.535982] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  126.550167] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  126.557681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  126.579367] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  126.593520] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  126.605432] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  126.619611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  126.632193] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  126.640534] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  126.674685] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  126.703950] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  126.715308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  130.357728] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  130.381954] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  130.596153] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  130.610462] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  130.617399] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  130.643429] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  130.654307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  130.666043] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  130.706862] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  130.739061] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  130.800982] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  130.919885] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  130.929981] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  130.936730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  130.956853] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  130.972546] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  130.986453] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  131.009497] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  131.024866] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  131.036780] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  131.048198] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  131.107730] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  131.232272] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  131.240516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  131.247294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  131.320101] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  131.385206] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  131.398163] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  131.406535] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  131.530019] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  131.536226] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  131.546387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
02:04:37 executing program 0:
r0 = socket$inet_tcp(0x2, 0x3, 0x6)
ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000680)={0x0, {0x2, 0x0, @multicast2}, {}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)='ip_vti0\x00'})

02:04:37 executing program 2:

02:04:37 executing program 2:

02:04:37 executing program 0:

02:04:37 executing program 2:

02:04:37 executing program 0:
syz_emit_ethernet(0x1, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6050a09c00082b00fe8000000000000000000000000000bbfe8000000000000000007bce08b8181403b10000000890787c1b1f3ecce39006000000000000005cf71e39467905c308214d578cb7f089ae17ed886ea569a5f5ccdf194517027aa6d85ba2706d036facca21cfcf43679442529b0eb55c23d99d1da2fda9c1c5170b0bcb9e0dc2c709a38ef1b92df2157326a218829496d85c47f5a51a5c14897ce3c58e3c4c395580f599236d167186b14a10015eb43ee52ff45a3b536739b8266f3022976afb027d47224710016d5486e34013782ee3251d13d93fd5a4694f255be6f1371389e94766e4486de9c269a0fe4107eb9fcbd96b36e6a2f525031d8334f302032c7935002b578bd30f8533095dd342b3f07c96f28632"], &(0x7f0000000080))

02:04:37 executing program 2:
socket$key(0xf, 0x3, 0x2)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000140)=0x74, 0x4)
socket$inet6(0xa, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10)
sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a)
recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000280)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x53c}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x102)

02:04:38 executing program 0:
r0 = socket(0x10, 0x100000003, 0x0)
clock_gettime(0x0, &(0x7f00000001c0))
sendmsg$nl_generic(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001a00010200000000000000000000f6cc"], 0x1}}, 0x0)

02:04:38 executing program 0:
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x40040, 0x0)

02:04:38 executing program 0:

02:04:38 executing program 7:

02:04:38 executing program 3:

02:04:38 executing program 0:

02:04:38 executing program 5:

02:04:38 executing program 6:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x20000004e20}, 0x1c)
recvmmsg(r1, &(0x7f0000003800)=[{{&(0x7f0000000600)=@nfc_llcp, 0x80, &(0x7f00000006c0)=[{&(0x7f0000000680)=""/17, 0x11}], 0x1, &(0x7f0000000b40)=""/210, 0xd2}}], 0x1, 0x0, &(0x7f00000045c0)={0x77359400})
syz_emit_ethernet(0x437, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "c22df7", 0x401, 0x11, 0x0, @dev, @local, {[], @dccp={{0x0, 0x4e20, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}, "2b00b32def4f1142b6793bb530f9b20e90aa25d5c2b9431efd840a07c1922833b2c789aefbbaee9f63cbab38a8acfb8dba0595ecb683e74ea2bc44a7aee9c52e18ca01c06a5c354712b8b1ff75f45ba55a3487c83849023d37e037d2d3e3e842e9ba099e9ed8775d1173d8e78335aa65d58f54c1d78d4fce897cfefa24b7f268f90be76c7f4e1bfe4d84a869353e931c3732afea55697618a1318ecb657b34172b93fd59d7988d43630cf81e976a0ea01fd8b2547ab593bc605c985f56664b84ed3c9f90ffb666e030c794e2d2d5070af38d83dc275da88cfe6910b2ded59f6c418af5d247237eceb14857c1d7c3ee32e729d9793040f8f4e432eb875a89fe31cbed117f0e76643797169fba3dac3f377d145ce97980ba626da7a279e698a9e040a22d63c535f0ee06adb59e9e06ad7295e6601f3a5fe9b581975993c6c775734212bccb26288d42a672c965d40e80d0e1908f04425a60a08241378ec7ff88315de073b64c5f9647e51732be34988e0948f12e6c560bedbece811bca501d4389dbfe20e4df5160cd7324c0670c7b3e8980b061e31b1c8461d6f7a63f9e9fd24326924c076e01631a0b9703a6106accfaa064075fa1f16e16c5171b6a324e8642b2ab76618b824110c312ab12d9f65d6a980634a6a7cba8bf89e01a91259f446232476a1c490982636b78d1300befab1a2f6e8261e07336c5692db37bb7d3cebf4a942b62f2fa6cceb7e488aa02b2e52c6f82bd3792845fff41cce52e0469d14821ce11491864860c11421a92dae3152eb23106a0c679d2b1f0a9809b56abdcf893f9531508f24e64ec911fd8e8b3c8fd2291f1a7b910222c38533d4caadac9acd194be7e53549c1719bdf668887a0e19db83b5356f8f7d93cbef1ef3505dcc40d0d2a02a2745ab518979b9c3774babfe8e70ead767c7a00289b8cc6e51d1a957548270cb3f5064961a88f61b34f9442d78ae5a8551713f9afb4269d689f9adb6b4a902a637184f7f899efe9fa0ddb45cd1076c4eeeda51ca8dc20dcfc9cc5f56768073b3f4c2c9f543324a4fd0b8bc7b95e232bf85bf222394fa4336ab4007d7ad2dc85afa6eb79ad2624c4be6c674ee98fce9a51786b7cc2b5044de114d36d2690e13bcedf96590c7d5aeb8040b74c4d6a5aa38a7c1f0857522f4f968795056b9a7034dc3444784f9486b575e44dec3216d72845500e63297d7197961e7e593ea3411001d1d47ba42d70e7af8e91246c02d7e37ff0eb60abebc37dd00315b4fbb09e77a6b5f7e8441818ebcfafecf622731f1db8a11fa2de8e30d808bedbfee104b3b1100f5094675521da07dd2a28be7e486b325a0f0e6d75116be1bbc2aa20deb64a6e4e7b824b12d009e6f1802f5a8e31559b125d71d00a5684fbde4668f5af1eb4ca04fa7c4ef4d2a194b0856e007"}}}}}}, &(0x7f0000001780))
sendto$inet6(r1, &(0x7f0000000300), 0x0, 0x0, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c)

02:04:38 executing program 4:

02:04:38 executing program 7:

02:04:38 executing program 0:

02:04:38 executing program 5:
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$key(0xf, 0x3, 0x2)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @local, 0x3000000008}, 0x1c)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c)

02:04:38 executing program 3:
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$inet6_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f0000000040), 0x4)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080))
tkill(r1, 0x1000000000016)

02:04:38 executing program 1:
r0 = socket$key(0xf, 0x3, 0x2)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$key(r0, &(0x7f0000000040)={0x2000000000000000, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x2, 0x3, 0x200000000000000, 0x9, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x50}, 0x1, 0x0, 0x0, 0xe0000001}, 0x0)

02:04:38 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TCSETA(r0, 0x5406, &(0x7f00000000c0))
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000080)=0x61)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000140)={0xffffffffffffffff})

[  132.989090] hrtimer: interrupt took 48911 ns
02:04:38 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
accept4(0xffffffffffffffff, &(0x7f00000000c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, &(0x7f0000000140)=0x80, 0x0)
ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000000)={'ip6gre0\x00', 0x80000000})

02:04:38 executing program 7:
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @broadcast, [], {@ipv6={0x86dd, {0x8848000000000000, 0x6, "d8652b", 0x14, 0x21, 0x0, @local, @local, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, &(0x7f0000000000)={0x0, 0x3, [0x0, 0xaf2]})

02:04:38 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={&(0x7f0000000180), 0xc, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000019000100000000000000000002200000ff03e5000000000008000b00bc000000080001007f000001"], 0x1}, 0x1, 0x0, 0x0, 0x4007}, 0x80000004000000)

02:04:38 executing program 4:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$inet6_mreq(r0, 0x29, 0x15, &(0x7f0000000100)={@mcast1}, &(0x7f0000000140)=0x14)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0xfffffffffffffffe, @remote, 0x3}, 0x1c)
r1 = socket$l2tp(0x18, 0x1, 0x1)
connect$l2tp(r1, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26)
sendmmsg(r1, &(0x7f0000005fc0), 0x80000000000006a, 0x0)
setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="6c02033b000000000000dd8effffffffffff000000000000"], 0x1)
socketpair(0x13, 0x4, 0x8, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$BLKTRACETEARDOWN(r2, 0x1276, 0x0)

02:04:38 executing program 5:
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@local, @link_local, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @remote, @local}, @igmp={0x0, 0x0, 0x0, @multicast1}}}}}, &(0x7f0000000080))

02:04:38 executing program 3:
socket$key(0xf, 0x3, 0x2)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000140)=0x74, 0x4)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="0a5cc80700315f85715070")
bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10)
sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a)
recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000280)=@nfc, 0x80, &(0x7f00000001c0), 0x0, &(0x7f0000000200)=""/20, 0x14}, 0x0)

02:04:38 executing program 6:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000140)=0x78, 0x4)
bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10)
sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10)
recvmsg(r0, &(0x7f00000000c0)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f0000000000)=[{&(0x7f0000003ac0)=""/4096, 0xfdbf}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100)
shutdown(r1, 0x1)
recvmmsg(r1, &(0x7f0000002d00)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000340)=""/4096, 0x1000}], 0x1, 0x0, 0x0, 0x4}, 0x4}], 0x1, 0x100, 0x0)

02:04:38 executing program 1:
r0 = socket$key(0xf, 0x3, 0x2)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$key(r0, &(0x7f0000000040)={0x2000000000000000, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x2, 0x3, 0x200000000000000, 0x9, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x50}, 0x1, 0x0, 0x0, 0xe0000001}, 0x0)

02:04:38 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f000001bfc8)={&(0x7f00000000c0)={0x10, 0x4800000000000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="000000000000000008001b00000000000800110000000000"], 0x1}}, 0x0)

02:04:38 executing program 7:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000180)=0x3, 0x4)
sendto$inet6(r0, &(0x7f00000002c0)="820300000700000000000000fff55b4202938207d9fb3780398d5375000000007929301ee616d5c01843e065900854417e2bf3f8110f118d0000f55dc62600009b00b47645004bae1356642490a7b5fc88046ae20000000000000000000053", 0x5f, 0x0, &(0x7f0000000100)={0xa, 0x200810800, 0x20000000004, @local}, 0x1c)

02:04:38 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'team0\x00'})
recvmsg(r0, &(0x7f0000000180)={&(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, <r1=>0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x80, &(0x7f0000000080), 0x0, &(0x7f0000000100)=""/122, 0x7a}, 0x0)
close(r1)
socketpair$unix(0x1, 0x8000000005, 0x0, &(0x7f0000000200))
sendmsg$netlink(r1, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)}, 0x0)

02:04:38 executing program 1:
r0 = syz_open_dev$sndtimer(&(0x7f0000000140)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0xc0f85403)

02:04:38 executing program 5:

02:04:38 executing program 1:
r0 = syz_open_dev$sndtimer(&(0x7f0000000140)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0xc0f85403)

02:04:39 executing program 5:

02:04:39 executing program 2:
exit(0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
write$binfmt_elf32(r0, &(0x7f0000000000)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x0, 0x80000001}, [{}]}, 0x58)

02:04:39 executing program 7:
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r1 = socket$inet6(0xa, 0x1000000000003, 0x5)
ioctl(r1, 0x8000000008912, &(0x7f00000000c0)="0a5cc80700315f85715070")
listen(r0, 0xffffffffffffff7f)
r2 = socket$netlink(0x10, 0x3, 0x4)
writev(r2, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84470080ffe0064e230f00000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x48}], 0x1)

02:04:39 executing program 5:
r0 = socket$inet(0x10, 0x3, 0x0)
syz_emit_ethernet(0x1, &(0x7f00000000c0)=ANY=[@ANYBLOB="0180c20200000000200000e1596530f9c5d786dd60c498e000100000fe80f8ff00000000000100339577a07900000000aa"], &(0x7f00000001c0))
ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', @ifru_data=&(0x7f00000000c0)="a325d3c91116bf66fed2b246a94500aa6593352d29be1746fd84168b6ef37b32"})

02:04:39 executing program 1:
r0 = syz_open_dev$sndtimer(&(0x7f0000000140)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0xc0f85403)

[  133.500098] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7000 comm=syz-executor2
02:04:39 executing program 4:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$inet6_mreq(r0, 0x29, 0x15, &(0x7f0000000100)={@mcast1}, &(0x7f0000000140)=0x14)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0xfffffffffffffffe, @remote, 0x3}, 0x1c)
r1 = socket$l2tp(0x18, 0x1, 0x1)
connect$l2tp(r1, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26)
sendmmsg(r1, &(0x7f0000005fc0), 0x80000000000006a, 0x0)
setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="6c02033b000000000000dd8effffffffffff000000000000"], 0x1)
socketpair(0x13, 0x4, 0x8, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$BLKTRACETEARDOWN(r2, 0x1276, 0x0)

02:04:39 executing program 1:
r0 = syz_open_dev$sndtimer(&(0x7f0000000140)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0xc0f85403)

[  133.659159] BUG: sleeping function called from invalid context at net/core/sock.c:2502
[  133.667250] in_atomic(): 1, irqs_disabled(): 0, pid: 6947, name: syz-executor3
[  133.674648] 1 lock held by syz-executor3/6947:
[  133.679405]  #0:  (rcu_callback){......}, at: [<ffffffff81289ace>] rcu_process_callbacks+0x98e/0x12b0
[  133.689336] Preemption disabled at:[  133.692770] [<ffffffff83a0848d>] __do_softirq+0xdd/0x940
[  133.698235] CPU: 1 PID: 6947 Comm: syz-executor3 Not tainted 4.9.124-g09eb2ba #31
[  133.705846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  133.715179]  ffff8801db307cd8 ffffffff81eb95e9 ffffffff83a0848d 0000000000000000
[  133.723202]  0000000000000100 ffff880197ad4800 ffff880197ad4800 ffff8801db307d10
[  133.731225]  ffffffff81426851 ffff880197ad4800 ffffffff840f88a0 00000000000009c6
[  133.739237] Call Trace:
[  133.741807]  <IRQ> [  133.743852]  [<ffffffff81eb95e9>] dump_stack+0xc1/0x128
[  133.749220]  [<ffffffff83a0848d>] ? __do_softirq+0xdd/0x940
[  133.754920]  [<ffffffff81426851>] ___might_sleep.cold.123+0x1bc/0x1f5
[  133.761485]  [<ffffffff811bd9a5>] __might_sleep+0x95/0x1a0
[  133.767106]  [<ffffffff81238076>] ? trace_hardirqs_on_caller+0x266/0x590
[  133.773942]  [<ffffffff8302b774>] lock_sock_nested+0x34/0x120
[  133.779819]  [<ffffffff83428dd9>] inet_shutdown+0x69/0x360
[  133.785420]  [<ffffffff836cb6a0>] ? pppol2tp_recvmsg+0x280/0x280
[  133.791554]  [<ffffffff836cb740>] pppol2tp_session_close+0xa0/0xe0
[  133.797854]  [<ffffffff836c4f71>] l2tp_tunnel_closeall+0x231/0x350
[  133.804198]  [<ffffffff836c57f2>] l2tp_tunnel_destruct+0x2f2/0x590
[  133.810607]  [<ffffffff836c56aa>] ? l2tp_tunnel_destruct+0x1aa/0x590
[  133.817080]  [<ffffffff836c5500>] ? l2tp_tunnel_del_work+0x470/0x470
[  133.823548]  [<ffffffff830281f5>] __sk_destruct+0x55/0x590
[  133.829655]  [<ffffffff812899ee>] rcu_process_callbacks+0x8ae/0x12b0
[  133.836123]  [<ffffffff81289ace>] ? rcu_process_callbacks+0x98e/0x12b0
[  133.842813]  [<ffffffff830281a0>] ? sock_set_timeout+0x210/0x210
[  133.848946]  [<ffffffff83a085c0>] __do_softirq+0x210/0x940
[  133.854562]  [<ffffffff8114d554>] irq_exit+0x114/0x150
[  133.859831]  [<ffffffff83a071a1>] smp_apic_timer_interrupt+0x81/0xa0
[  133.866297]  [<ffffffff83a03330>] apic_timer_interrupt+0xa0/0xb0
[  133.872420]  <EOI> [  133.874552] 
[  133.876211] =================================
[  133.880692] [ INFO: inconsistent lock state ]
[  133.885180] 4.9.124-g09eb2ba #31 Tainted: G        W      
[  133.890792] ---------------------------------
[  133.895276] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
[  133.901407] syz-executor3/6947 [HC0[0]:SC1[3]:HE1:SE0] takes:
[  133.907488]  (sk_lock-AF_PPPOX){+.?.+.}, at: [<ffffffff83428dd9>] inet_shutdown+0x69/0x360
{SOFTIRQ-ON-W} state was registered at:
[  133.919951]   mark_held_locks+0xc7/0x130
[  133.924005]   trace_hardirqs_on_caller+0x38b/0x590
[  133.928911]   trace_hardirqs_on+0xd/0x10
[  133.932947]   __local_bh_enable_ip+0x6a/0xd0
[  133.937346]   lock_sock_nested+0xdc/0x120
[  133.941490]   pppol2tp_connect+0xd9/0x18f0
[  133.945711]   SYSC_connect+0x1b8/0x300
[  133.949572]   SyS_connect+0x24/0x30
[  133.953182]   do_syscall_64+0x1a6/0x490
[  133.957147]   entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[  133.962326] irq event stamp: 4544
[  133.965765] hardirqs last  enabled at (4544): [<ffffffff83a02369>] restore_regs_and_iret+0x0/0x1d
[  133.974757] hardirqs last disabled at (4543): [<ffffffff83a0332b>] apic_timer_interrupt+0x9b/0xb0
[  133.983744] softirqs last  enabled at (0): [<ffffffff81130b22>] copy_process.part.51+0x1172/0x6330
[  133.992829] softirqs last disabled at (4387): [<ffffffff8114d554>] irq_exit+0x114/0x150
[  134.001071] 
[  134.001071] other info that might help us debug this:
[  134.007722]  Possible unsafe locking scenario:
[  134.007722] 
[  134.013762]        CPU0
[  134.016329]        ----
[  134.018883]   lock(sk_lock-AF_PPPOX);
[  134.022905]   <Interrupt>
[  134.025652]     lock(sk_lock-AF_PPPOX);
[  134.029845] 
[  134.029845]  *** DEADLOCK ***
[  134.029845] 
[  134.035879] 1 lock held by syz-executor3/6947:
[  134.040432]  #0:  (rcu_callback){......}, at: [<ffffffff81289ace>] rcu_process_callbacks+0x98e/0x12b0
[  134.050252] 
[  134.050252] stack backtrace:
[  134.054724] CPU: 1 PID: 6947 Comm: syz-executor3 Tainted: G        W       4.9.124-g09eb2ba #31
[  134.063530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  134.072881]  ffff8801db307a58 ffffffff81eb95e9 ffff880197ad4800 ffffffff855f94e0
[  134.080921]  ffff880197ad50f0 ffff880197ad5110 0000000000000000 ffff8801db307ac8
[  134.088934]  ffffffff81429ccd 0000000000000003 0000000000000001 ffff880100000000
[  134.096957] Call Trace:
[  134.099519]  <IRQ> [  134.101593]  [<ffffffff81eb95e9>] dump_stack+0xc1/0x128
[  134.106966]  [<ffffffff81429ccd>] print_usage_bug.cold.57+0x327/0x421
[  134.113521]  [<ffffffff8107ba56>] ? save_stack_trace+0x16/0x20
[  134.119477]  [<ffffffff81237726>] mark_lock+0xcc6/0x1280
[  134.124913]  [<ffffffff81236050>] ? check_usage_backwards+0x2e0/0x2e0
[  134.131478]  [<ffffffff812390f0>] __lock_acquire+0xd40/0x4070
[  134.137340]  [<ffffffff812383b0>] ? trace_hardirqs_on+0x10/0x10
[  134.143374]  [<ffffffff81f2106b>] ? check_preemption_disabled+0x3b/0x170
[  134.150191]  [<ffffffff83a02369>] ? retint_kernel+0x2d/0x2d
[  134.155887]  [<ffffffff8123ce90>] lock_acquire+0x130/0x3e0
[  134.161507]  [<ffffffff83428dd9>] ? inet_shutdown+0x69/0x360
[  134.167286]  [<ffffffff8302b806>] lock_sock_nested+0xc6/0x120
[  134.173146]  [<ffffffff83428dd9>] ? inet_shutdown+0x69/0x360
[  134.178942]  [<ffffffff83428dd9>] inet_shutdown+0x69/0x360
[  134.184556]  [<ffffffff836cb6a0>] ? pppol2tp_recvmsg+0x280/0x280
[  134.190692]  [<ffffffff836cb740>] pppol2tp_session_close+0xa0/0xe0
[  134.196999]  [<ffffffff836c4f71>] l2tp_tunnel_closeall+0x231/0x350
[  134.203308]  [<ffffffff836c57f2>] l2tp_tunnel_destruct+0x2f2/0x590
[  134.209609]  [<ffffffff836c56aa>] ? l2tp_tunnel_destruct+0x1aa/0x590
[  134.216091]  [<ffffffff836c5500>] ? l2tp_tunnel_del_work+0x470/0x470
[  134.222578]  [<ffffffff830281f5>] __sk_destruct+0x55/0x590
[  134.228182]  [<ffffffff812899ee>] rcu_process_callbacks+0x8ae/0x12b0
[  134.234648]  [<ffffffff81289ace>] ? rcu_process_callbacks+0x98e/0x12b0
[  134.241289]  [<ffffffff830281a0>] ? sock_set_timeout+0x210/0x210
[  134.247416]  [<ffffffff83a085c0>] __do_softirq+0x210/0x940
[  134.253027]  [<ffffffff8114d554>] irq_exit+0x114/0x150
[  134.258288]  [<ffffffff83a071a1>] smp_apic_timer_interrupt+0x81/0xa0
[  134.264767]  [<ffffffff83a03330>] apic_timer_interrupt+0xa0/0xb0
[  134.270881]  <EOI> [  134.272969] ==================================================================
[  134.280347] BUG: KASAN: use-after-free in inet_shutdown+0x2dc/0x360
[  134.286735] Read of size 4 at addr ffff8801b7650cc0 by task syz-executor3/6947
[  134.293150] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7032 comm=syz-executor2
[  134.305936] 
[  134.307569] CPU: 1 PID: 6947 Comm: syz-executor3 Tainted: G        W       4.9.124-g09eb2ba #31
[  134.316400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  134.325730]  ffff8801db307cf8 ffffffff81eb95e9 ffffea0006dd9400 ffff8801b7650cc0
[  134.333740]  0000000000000000 ffff8801b7650cc0 ffff8801d4572f58 ffff8801db307d30
[  134.341793]  ffffffff8156c35e ffff8801b7650cc0 0000000000000004 0000000000000000
[  134.349786] Call Trace:
[  134.352366]  <IRQ> [  134.354418]  [<ffffffff81eb95e9>] dump_stack+0xc1/0x128
[  134.359777]  [<ffffffff8156c35e>] print_address_description+0x6c/0x234
[  134.366417]  [<ffffffff8156c768>] kasan_report.cold.6+0x242/0x2fe
[  134.372625]  [<ffffffff8342904c>] ? inet_shutdown+0x2dc/0x360
[  134.378485]  [<ffffffff8153fad4>] __asan_report_load4_noabort+0x14/0x20
[  134.385216]  [<ffffffff8342904c>] inet_shutdown+0x2dc/0x360
[  134.390902]  [<ffffffff836cb6a0>] ? pppol2tp_recvmsg+0x280/0x280
[  134.397024]  [<ffffffff836cb740>] pppol2tp_session_close+0xa0/0xe0
[  134.403321]  [<ffffffff836c4f71>] l2tp_tunnel_closeall+0x231/0x350
[  134.409618]  [<ffffffff836c57f2>] l2tp_tunnel_destruct+0x2f2/0x590
[  134.415910]  [<ffffffff836c56aa>] ? l2tp_tunnel_destruct+0x1aa/0x590
[  134.422380]  [<ffffffff836c5500>] ? l2tp_tunnel_del_work+0x470/0x470
[  134.428851]  [<ffffffff830281f5>] __sk_destruct+0x55/0x590
[  134.434455]  [<ffffffff812899ee>] rcu_process_callbacks+0x8ae/0x12b0
[  134.440925]  [<ffffffff81289ace>] ? rcu_process_callbacks+0x98e/0x12b0
[  134.447569]  [<ffffffff830281a0>] ? sock_set_timeout+0x210/0x210
[  134.453696]  [<ffffffff83a085c0>] __do_softirq+0x210/0x940
[  134.459300]  [<ffffffff8114d554>] irq_exit+0x114/0x150
[  134.464552]  [<ffffffff83a071a1>] smp_apic_timer_interrupt+0x81/0xa0
[  134.471025]  [<ffffffff83a03330>] apic_timer_interrupt+0xa0/0xb0
[  134.477151]  <EOI> [  134.479190] 
[  134.480812] Allocated by task 7023:
[  134.484418]  save_stack_trace+0x16/0x20
[  134.488370]  save_stack+0x43/0xd0
[  134.491797]  kasan_kmalloc+0xc7/0xe0
[  134.495579]  kasan_slab_alloc+0x12/0x20
[  134.499532]  kmem_cache_alloc+0xbe/0x290
[  134.503570]  sock_alloc_inode+0x1d/0x260
[  134.507620]  alloc_inode+0x63/0x180
[  134.511223]  new_inode_pseudo+0x17/0xe0
[  134.515177]  sock_alloc+0x41/0x280
[  134.518704]  __sock_create+0x8d/0x5f0
[  134.522488]  SyS_socket+0xf0/0x1b0
[  134.526003]  do_syscall_64+0x1a6/0x490
[  134.529867]  entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[  134.534942] 
[  134.536542] Freed by task 7021:
[  134.539795]  save_stack_trace+0x16/0x20
[  134.543745]  save_stack+0x43/0xd0
[  134.547172]  kasan_slab_free+0x72/0xc0
[  134.551035]  kmem_cache_free+0xbe/0x310
[  134.554992]  sock_destroy_inode+0x56/0x70
[  134.559116]  destroy_inode+0xc5/0x120
[  134.562890]  evict+0x32b/0x4f0
[  134.566111]  iput+0x371/0x900
[  134.569198]  dentry_unlink_inode+0x277/0x330
[  134.573585]  __dentry_kill+0x280/0x4c0
[  134.577452]  dput.part.29+0x5cf/0x7b0
[  134.581238]  dput+0x1f/0x30
[  134.584148]  __fput+0x42f/0x700
[  134.587405]  ____fput+0x15/0x20
[  134.590660]  task_work_run+0x10c/0x180
[  134.594521]  exit_to_usermode_loop+0xfc/0x120
[  134.598990]  do_syscall_64+0x364/0x490
[  134.602867]  entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[  134.607940] 
[  134.609541] The buggy address belongs to the object at ffff8801b7650cc0
[  134.609541]  which belongs to the cache sock_inode_cache of size 960
[  134.622608] The buggy address is located 0 bytes inside of
[  134.622608]  960-byte region [ffff8801b7650cc0, ffff8801b7651080)
[  134.634281] The buggy address belongs to the page:
[  134.639203] page:ffffea0006dd9400 count:1 mapcount:0 mapping:          (null) index:0xffff8801b7651100 compound_mapcount: 0
[  134.650686] flags: 0x8000000000004080(slab|head)
[  134.655412] page dumped because: kasan: bad access detected
[  134.661094] 
[  134.662696] Memory state around the buggy address:
[  134.667597]  ffff8801b7650b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  134.674933]  ffff8801b7650c00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  134.682268] >ffff8801b7650c80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  134.689599]                                            ^
[  134.695024]  ffff8801b7650d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  134.702356]  ffff8801b7650d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  134.709685] ==================================================================
[  134.717072] Kernel panic - not syncing: panic_on_warn set ...
[  134.717072] 
[  134.724425] CPU: 1 PID: 6947 Comm: syz-executor3 Tainted: G    B   W       4.9.124-g09eb2ba #31
[  134.733233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  134.742562]  ffff8801db307c58 ffffffff81eb95e9 ffffffff843c828b 00000000ffffffff
[  134.750590]  0000000000000000 0000000000000001 ffff8801d4572f58 ffff8801db307d18
[  134.758591]  ffffffff81423eb5 0000000041b58ab3 ffffffff843bb8e8 ffffffff81423cf6
[  134.766630] Call Trace:
[  134.769188]  <IRQ> [  134.771232]  [<ffffffff81eb95e9>] dump_stack+0xc1/0x128
[  134.776597]  [<ffffffff81423eb5>] panic+0x1bf/0x3bc
[  134.781605]  [<ffffffff81423cf6>] ? add_taint.cold.6+0x16/0x16
[  134.787560]  [<ffffffff8156c27b>] kasan_end_report+0x47/0x4f
[  134.793337]  [<ffffffff8156c59c>] kasan_report.cold.6+0x76/0x2fe
[  134.799460]  [<ffffffff8342904c>] ? inet_shutdown+0x2dc/0x360
[  134.805320]  [<ffffffff8153fad4>] __asan_report_load4_noabort+0x14/0x20
[  134.812055]  [<ffffffff8342904c>] inet_shutdown+0x2dc/0x360
[  134.817747]  [<ffffffff836cb6a0>] ? pppol2tp_recvmsg+0x280/0x280
[  134.823868]  [<ffffffff836cb740>] pppol2tp_session_close+0xa0/0xe0
[  134.830160]  [<ffffffff836c4f71>] l2tp_tunnel_closeall+0x231/0x350
[  134.836456]  [<ffffffff836c57f2>] l2tp_tunnel_destruct+0x2f2/0x590
[  134.842757]  [<ffffffff836c56aa>] ? l2tp_tunnel_destruct+0x1aa/0x590
[  134.849240]  [<ffffffff836c5500>] ? l2tp_tunnel_del_work+0x470/0x470
[  134.855709]  [<ffffffff830281f5>] __sk_destruct+0x55/0x590
[  134.861313]  [<ffffffff812899ee>] rcu_process_callbacks+0x8ae/0x12b0
[  134.867780]  [<ffffffff81289ace>] ? rcu_process_callbacks+0x98e/0x12b0
[  134.874425]  [<ffffffff830281a0>] ? sock_set_timeout+0x210/0x210
[  134.880549]  [<ffffffff83a085c0>] __do_softirq+0x210/0x940
[  134.886152]  [<ffffffff8114d554>] irq_exit+0x114/0x150
[  134.891423]  [<ffffffff83a071a1>] smp_apic_timer_interrupt+0x81/0xa0
[  134.897889]  [<ffffffff83a03330>] apic_timer_interrupt+0xa0/0xb0
[  134.904005]  <EOI> [  134.906369] Dumping ftrace buffer:
[  134.909912]    (ftrace buffer empty)
[  134.913593] Kernel Offset: disabled
[  134.917191] Rebooting in 86400 seconds..