[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 20.814154] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 24.903087] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available) [ 25.206506] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available) [ 26.111236] random: sshd: uninitialized urandom read (32 bytes read, 81 bits of entropy available) Warning: Permanently added '10.128.10.18' (ECDSA) to the list of known hosts. [ 31.760885] random: sshd: uninitialized urandom read (32 bytes read, 87 bits of entropy available) 2018/08/29 01:32:47 fuzzer started [ 33.144714] random: cc1: uninitialized urandom read (8 bytes read, 89 bits of entropy available) 2018/08/29 01:32:50 dialing manager at 10.128.0.26:34473 2018/08/29 01:32:51 syscalls: 1 2018/08/29 01:32:51 code coverage: enabled 2018/08/29 01:32:51 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/08/29 01:32:51 setuid sandbox: enabled 2018/08/29 01:32:51 namespace sandbox: enabled 2018/08/29 01:32:51 fault injection: CONFIG_FAULT_INJECTION is not enabled 2018/08/29 01:32:51 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/08/29 01:32:51 net packed injection: enabled 2018/08/29 01:32:51 net device setup: enabled [ 36.267717] random: nonblocking pool is initialized 01:33:26 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) sendfile(r1, r1, &(0x7f0000000040)=0xfff, 0x100008000) 01:33:26 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000001c0)="0a5cc80700315f85715070") sendto$inet6(r0, &(0x7f0000000280), 0x0, 0x0, &(0x7f0000000100)={0xa, 0x4e24}, 0x1c) 01:33:26 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85715070") syz_emit_ethernet(0x1, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff08004500005800000000002f9078ac14ffaaffffffffb400880b000000000000880000008600100000000100000000000000080022eb000000002000040002000200000000000000000008006558000000002a95ed681ab08617fe0100008000000000762567ca4e6b690b297e2759a1343af761b3c2000000000000000062eefc4cdbad398764ea15710c383013e3ed95d9bd2177cbab629b9aaf41"], 0x0) 01:33:26 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f000014f000)={&(0x7f00003c7ff4), 0xc, &(0x7f0000bd7000)={&(0x7f00000001c0)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@rand_addr, @in6=@ipv4={[], [], @local={0xac, 0x14, 0xffffffffffffffff}}}, {@in6, 0x0, 0x33}, @in=@broadcast, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_auth={0x48, 0x1, {{'md5\x00'}}}]}, 0x138}}, 0x0) 01:33:26 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, &(0x7f0000000080)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4, 0x0, &(0x7f00000000c0)=[@enter_looper], 0x1, 0x0, &(0x7f0000000700)='+'}) dup2(r1, 0xffffffffffffffff) 01:33:26 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FICLONE(r0, 0x40049409, r0) 01:33:26 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000140)={'team0\x00', 0x0}) r2 = socket(0x10, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f00000002c0)={'team0\x00'}) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f00000003c0)={@local={0xfe, 0x80, [0x0, 0x2b8]}, 0x0, r1}) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={@ipv4, 0x0, r1}) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000100)={"7465616d300000ffffffc000", 0xc201}) 01:33:26 executing program 6: r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/arp\x00') readv(r0, &(0x7f0000000280)=[{&(0x7f0000000180)=""/149, 0x95}], 0x1) [ 70.438341] IPVS: Creating netns size=2552 id=1 [ 70.605356] IPVS: Creating netns size=2552 id=2 [ 70.709700] IPVS: Creating netns size=2552 id=3 [ 70.795400] IPVS: Creating netns size=2552 id=4 [ 70.908360] IPVS: Creating netns size=2552 id=5 [ 71.049482] IPVS: Creating netns size=2552 id=6 [ 71.249050] IPVS: Creating netns size=2552 id=7 [ 71.532582] IPVS: Creating netns size=2552 id=8 [ 71.752016] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 71.760912] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 71.808953] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 71.817347] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 72.183329] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 72.250527] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 72.259343] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 72.411005] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 72.419382] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 72.491626] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 72.698405] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 72.760382] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 72.778802] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 72.849082] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 72.885081] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 72.896529] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 72.912789] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 72.987152] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 73.048857] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 73.091640] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 73.172735] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 73.182401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 73.288413] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 73.296339] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 73.351887] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 73.374446] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 73.444730] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 73.459751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 73.475582] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 73.487951] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 73.506475] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 73.525492] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 73.552254] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 73.589544] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 73.637628] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 73.649128] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 73.755220] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 73.771428] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 73.842977] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 73.851369] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 74.012574] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 74.030038] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 74.049990] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 74.110217] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 74.167803] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 74.177574] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 74.257842] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 74.292867] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 74.350638] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 74.368332] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 74.396374] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 74.404780] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 74.467401] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 74.488762] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 74.511985] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 74.535939] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 74.564975] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 74.610172] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 74.694000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 74.786719] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 75.015210] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 75.072644] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 75.203508] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 75.248050] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 77.776897] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 77.876494] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 78.094984] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 78.117467] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 78.196175] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 78.478755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 78.609132] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 78.889048] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 78.917961] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.028701] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 79.183140] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.269419] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 79.394507] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.525728] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 79.563678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.826806] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 01:33:36 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85715070") r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000180)='/dev/urandom\x00', 0x0, 0x0) ioctl$RNDADDENTROPY(r1, 0x40085203, &(0x7f0000000280)=ANY=[@ANYBLOB="000c01000000000000"]) 01:33:36 executing program 3: 01:33:36 executing program 3: 01:33:36 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000140)="2f65786500e1ffffff0409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f02acc7edbcd7a071fbbc7864c3cf7318e89c6e97ca49e2523f8d54c646dd47000000000000000000000082c8ed780fc8de13aac81a5393802cac9b30bd34f4b1aa91950e3321095ed1dc0609f379617d65d54e4900f041cf05b8b29c725e548eba7414e6686d0e4d0e354ffbecf9b6cb56df37daad793393cdf96d60c334d7dee99d58bb98ec8fbae88509abe32fd44239abb4ccf659f55c76c288ae1d12b8aef689f19c39d9cdd8a249969185b3f229a48ef301365dc6762a1967eb3241f49796f3f6ceb28fd1833071281f0d81aee58fc8a61050486d5641c3dfc84c25baa2b3712cb8251267e70159894f6dd8f293e8cd44ea35ca1c52f1c165b6391d779405fabfaf835c2928c61282a10cfee523c694139d9b158c8ac9c2068deae9563a8661cef5dfb87149694d3b000cd5cc727f52139996dd2f575b0af9cc013f275d3651") flistxattr(r0, &(0x7f00000002c0)=""/138, 0x8a) 01:33:36 executing program 0: r0 = inotify_init() readv(r0, &(0x7f00000006c0)=[{&(0x7f0000000140)=""/6, 0x10}], 0x286) creat(&(0x7f00000000c0)='./file0\x00', 0x0) inotify_add_watch(r0, &(0x7f0000000000)='./file0\x00', 0x2a) creat(&(0x7f0000000040)='./file0\x00', 0x0) 01:33:36 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f000051cff6)='/dev/ptmx\x00', 0x0, 0x0) gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000029000)) readv(0xffffffffffffffff, &(0x7f0000dcdff0), 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000b28000)) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000300)=0x2) fcntl$setsig(0xffffffffffffffff, 0xa, 0x0) poll(&(0x7f0000b2c000), 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) fcntl$setown(0xffffffffffffffff, 0x8, 0x0) tkill(0x0, 0x0) 01:33:36 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000140)={'team0\x00', 0x0}) r2 = socket(0x10, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f00000002c0)={'team0\x00'}) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f00000003c0)={@local}) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={@ipv4, 0x0, r1}) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000100)={"7465616d300000ffffffc000", 0xc201}) 01:33:36 executing program 3: r0 = perf_event_open(&(0x7f0000000100)={0x2000000005, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(r0, &(0x7f0000000000)=""/177, 0xb1) 01:33:36 executing program 0: r0 = socket$inet(0x2, 0x1000000003, 0x88) sendmmsg(r0, &(0x7f0000006780)=[{{&(0x7f0000000340)=@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x19}}, 0x80, &(0x7f00000000c0), 0x0, &(0x7f0000000940)}}, {{&(0x7f0000000100)=@l2, 0x80}}], 0x2, 0x0) 01:33:36 executing program 3: 01:33:37 executing program 1: 01:33:37 executing program 2: 01:33:37 executing program 7: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x2, &(0x7f000039a000)=[{0x1c}, {0x6}]}, 0x10) sendmmsg(r0, &(0x7f0000005600)=[{{&(0x7f0000002980)=@hci, 0x80, &(0x7f0000005200), 0x0, &(0x7f0000005bc0)}}], 0x1, 0x0) 01:33:37 executing program 3: 01:33:37 executing program 4: 01:33:37 executing program 0: 01:33:37 executing program 1: 01:33:37 executing program 2: 01:33:37 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)={0x2, 0x9, 0x0, 0x0, 0x2}, 0x10}}, 0x0) 01:33:37 executing program 6: r0 = socket$inet6(0xa, 0x2000000802, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000f68000)={@mcast1, 0x800, 0x0, 0xff, 0x1}, 0x20) 01:33:37 executing program 2: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot\x00', 0x20601, 0x0) clock_gettime(0x0, &(0x7f0000000240)) write$P9_RSTAT(r0, &(0x7f0000000280)=ANY=[], 0x0) 01:33:37 executing program 0: 01:33:37 executing program 4: 01:33:37 executing program 3: 01:33:37 executing program 1: 01:33:37 executing program 6: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6(0xa, 0x1, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000002000)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) setsockopt$inet_mreqsrc(r1, 0x0, 0x2000000000000004, &(0x7f0000013ff4)={@remote, @rand_addr}, 0x6) close(r1) socket$inet6(0xa, 0x1000000000002, 0x0) dup3(r1, r2, 0x0) 01:33:37 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85715070") socket$inet6(0xa, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000000)='IPVS\x00') sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000e80)={&(0x7f0000000040), 0xc, &(0x7f0000000e40)={&(0x7f0000000080)={0x20, r2, 0x30f, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0xc, 0x1, [@IPVS_SVC_ATTR_AF={0x8}]}]}, 0x20}}, 0x0) 01:33:37 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x0, 0x3ef, 0x0, 0x14, 0x0, 0x0, 0x1ac, 0x0, 0x2, 0x0, 0x5]}, 0x33}) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f0000000080)={@ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x17}}}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000100)={0x2, 0x4e23, @broadcast}, 0x10) signalfd(r1, &(0x7f0000000140), 0x8) sendto$inet(r2, &(0x7f0000000080), 0x0, 0x20000801, &(0x7f0000000080)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x10) vmsplice(r0, &(0x7f0000002680), 0x0, 0x0) setsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000140), 0x0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)="766574683100000000ffffffffffef00", 0x10) sendto$inet(r2, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) socket$inet_tcp(0x2, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)="2f65786500000000000409004bddd9de91be10eeaf000ee9a90f798058439ed554fa07424ada75af1f02ac06edbcd7a071fb35331ce39c5a00000000") openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x0, 0x0) 01:33:37 executing program 7: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x856, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f00000000c0)={0x9, {{0x2, 0x0, @multicast1}}}, 0x88) openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x0, 0x0) 01:33:37 executing program 5: syz_emit_ethernet(0x230, &(0x7f0000007000)={@local, @random="cf2bb43c40b8", [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x222, 0x0, 0x4788, 0x0, 0x6, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}, @multicast1}, @tcp={{0x0, 0x0, 0x42424242, 0x42424242, 0x0, 0x0, 0x7ffff}}}}}}, 0x0) 01:33:37 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6(0xa, 0x3, 0x3) ioctl(r1, 0x1000008912, &(0x7f0000000280)="0a5c2d0252806285717070") r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) listen(r2, 0x0) sendto$inet6(r0, &(0x7f0000f6f000), 0x0, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) r3 = socket$inet(0x10, 0x2, 0x4) sendmsg(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000008000)="4c0000001200ff095ffefd956fa283b724a6008c00000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:33:37 executing program 1: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000600)=""/222, 0xde}], 0x1) r1 = inotify_init() readv(r1, &(0x7f00000006c0)=[{&(0x7f0000000140)=""/6, 0x10}], 0x286) creat(&(0x7f00000000c0)='./file0\x00', 0x0) inotify_add_watch(r1, &(0x7f0000000000)='./file0\x00', 0x2a) creat(&(0x7f0000000040)='./file0\x00', 0x0) 01:33:37 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = open$dir(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x8000000c) fcntl$setown(r0, 0x8, 0x0) symlinkat(&(0x7f0000003700)='./file0\x00', r0, &(0x7f0000000440)='./file0\x00') 01:33:37 executing program 5: 01:33:37 executing program 7: 01:33:37 executing program 6: [ 81.778561] TCP: request_sock_TCPv6: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. 01:33:37 executing program 5: 01:33:37 executing program 2: mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x1, 0x31, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000140), 0x0) 01:33:37 executing program 7: r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote, 0x6}, 0x5d) 01:33:37 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x2000ff0f, &(0x7f0000e68000)={0x2, 0x4004e23, @local, [0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8dffffff]}, 0x10) shutdown(r1, 0x1) add_key$keyring(&(0x7f0000000840)='keyring\x00', &(0x7f0000000a40), 0x0, 0x0, 0xfffffffffffffff8) ioctl$SCSI_IOCTL_START_UNIT(0xffffffffffffffff, 0x5) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) 01:33:37 executing program 3: syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @link_local, [], {@ipv4={0x800, {{0x689, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={0xac, 0x223}, @local, {[@lsrr={0x83, 0x7, 0x5ef, [@multicast1]}, @ssrr={0x89, 0x3}]}}, @igmp={0x0, 0x0, 0x0, @broadcast}}}}}, &(0x7f00000002c0)) 01:33:37 executing program 4: 01:33:37 executing program 6: 01:33:38 executing program 6: 01:33:38 executing program 7: 01:33:38 executing program 4: 01:33:38 executing program 3: 01:33:38 executing program 2: 01:33:38 executing program 0: 01:33:38 executing program 5: 01:33:38 executing program 4: 01:33:38 executing program 5: 01:33:38 executing program 6: 01:33:38 executing program 3: 01:33:38 executing program 2: 01:33:38 executing program 1: 01:33:38 executing program 0: 01:33:38 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000000000)) 01:33:38 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sysfs$3(0x3) 01:33:38 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x0, 0x3ef, 0x0, 0x14, 0x0, 0x0, 0x1ac, 0x0, 0x2, 0x0, 0x5]}}) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f0000000080)={@ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x17}}}) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000080), 0x0, 0x20000801, &(0x7f0000000080)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x10) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000140), 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)="766574683100000000ffffffffffef00", 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) syz_open_procfs(0x0, &(0x7f0000000000)="2f65786500000000000409004bddd9de91be10eeaf000ee9a90f798058439ed554fa07424ada75af1f02ac06edbcd7a071fb35331ce39c5a00000000") fsetxattr(0xffffffffffffffff, &(0x7f0000000280)=@known='user.syz\x00', &(0x7f00000002c0)='\x00', 0x398, 0x0) 01:33:38 executing program 3: 01:33:38 executing program 6: 01:33:38 executing program 2: 01:33:38 executing program 1: r0 = socket(0x1000100000010, 0x2, 0x0) write(r0, &(0x7f00000001c0)="1f0000001e0007f1fff5ff0200000000000000005307a33d6c390836be381b44c7872ccf1b75b6d04d9ee74af0c4c6665dff0fbd9f34a4248ba1eb2da0245474f3cebca1df7edf05f6761b7f7208d9733b5bf3b7b8e6fe3f719e23fda1f80613d3fde170d5c5cd05a6572ac29e4b2380c772f69ae5b0c14902545ab7f6726d7055199c9045d7dc6790ae75b4c488bd0ec557010591b02313bd951b5d47d97a04be0c7e29d80a481018014986dd0698a35579e0d64317f791a021de9301c1362a2c80889bb7c32cc2b0022366890fd5784f40175f48d1cb16c5b728f239ab023fa3b50a30615836a2938254ae85c2", 0xee) 01:33:38 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000200)={&(0x7f0000000040), 0xc, &(0x7f0000013ff1)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000280005000000000000000000010000007b6c6e660200000096e630b9d19f9dc34e05000000000000009494f75f447912f098cc1feb4d90ee1036fcdde765665d0fe48fd609458cef736bbd7ba5743c13813613e94fa99d81b9d001c1d0da92e5d80e6277d2706d866839a2f76d6b4d8939663a4eb5b13e631b692cde2b"], 0x1}}, 0x0) 01:33:38 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="0a5cc80700315f85715070") perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setns(0xffffffffffffffff, 0x44020000) 01:33:38 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x4e20, @multicast2}, 0x10) sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2]}, 0x10) ioctl(r0, 0x8912, &(0x7f0000000000)="8a5c010700315f85715070") 01:33:38 executing program 3: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="020d000010000000000000ffffffff00030006000202000002000000e000000100000000000000000800120002000200000000007d220000180000000303000000000300000000000000001f03000000160000000301000000000000000000000000000000000000030005000000000002000000e00000010000000000000000"], 0x80}}, 0x0) 01:33:38 executing program 6: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f00005fafd2)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) 01:33:38 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={&(0x7f0000000280), 0xc, &(0x7f0000000000)={&(0x7f00000002c0)={0x14, 0x27, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x14}}, 0x0) 01:33:38 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x0, 0x3ef, 0x0, 0x14, 0x0, 0x0, 0x1ac, 0x0, 0x2, 0x0, 0x5]}, 0x33}) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000080), 0x0, 0x20000801, &(0x7f0000000080)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x10) setsockopt$inet_opts(r0, 0x0, 0x0, &(0x7f0000000140), 0x0) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) fsetxattr(0xffffffffffffffff, &(0x7f0000000280)=@known='user.syz\x00', &(0x7f00000002c0)='\x00', 0x398, 0x0) 01:33:38 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f0000000500)=[{{&(0x7f0000000080)=@un=@abs, 0x80, &(0x7f0000000280), 0x0, &(0x7f00000002c0)=[{0x10, 0x0, 0x2}], 0x10}}], 0x1, 0x0) 01:33:38 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000001c0)="0a5cc80700315f85715070") r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r2 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r2, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x0, @multicast2}, 0x4}}, 0x26) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}}, 0x1c) sendmmsg(r2, &(0x7f0000005fc0), 0x80000000000006a, 0x0) socket$packet(0x11, 0x3, 0x300) close(0xffffffffffffffff) 01:33:38 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_open_procfs(0x0, &(0x7f00000002c0)='syscall\x00') ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) connect$inet(r0, &(0x7f0000000240)={0x2, 0x0, @loopback}, 0x10) r1 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f0000000100)={0x1, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @dev}}}, 0x108) setsockopt$inet_int(r0, 0x0, 0x4, &(0x7f00000002c0), 0x1b) 01:33:38 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85715070") r1 = socket$netlink(0x10, 0x3, 0x8000000004) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) sendto$inet6(r2, &(0x7f0000000180)="9334379edc6112c280270134d43be945b4e83edb53285889e9c6bf8f1b55984dcd4c758e0b5a71cdc303da62c76d49d1af9f127aac25d58aae99b0f4eab337d6f3b0f01fe26733e83f77128aa0bc79d0e7d045302d8554f068baa2fd854d338f1c7fb8b42740db1688ce7be8a957525df37fac3914530da0111e5b4e95ebb183ee0a3f", 0x83, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) writev(r1, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560a067fffffff81004e220000000058000b4824ca944f64009400050028925aa8000000000000008000f0fffeffff09000000fff5dd00000010000100000c0900fcff0000040e05a5", 0x58}], 0x1) [ 82.579133] ================================================================== [ 82.586563] BUG: KASAN: slab-out-of-bounds in ip6_xmit+0x177c/0x1a00 [ 82.593778] Read of size 8 at addr ffff8801d3d55158 by task syz-executor0/6194 [ 82.601130] [ 82.602793] CPU: 1 PID: 6194 Comm: syz-executor0 Not tainted 4.4.153-g5e24b4e #26 [ 82.610409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.619778] 0000000000000000 36ac068e7208e816 ffff8800a1797548 ffffffff81e162ed [ 82.627857] ffffea00074f5540 ffff8801d3d55158 0000000000000000 ffff8801d3d55158 [ 82.635937] 0000000000001000 ffff8800a1797580 ffffffff8151b4d9 ffff8801d3d55158 [ 82.644017] Call Trace: [ 82.646602] [] dump_stack+0xc1/0x124 [ 82.652055] [] print_address_description+0x6c/0x216 [ 82.659065] [] kasan_report.cold.7+0x175/0x2f7 [ 82.665303] [] ? ip6_xmit+0x177c/0x1a00 [ 82.670929] [] __asan_report_load8_noabort+0x14/0x20 [ 82.677682] [] ip6_xmit+0x177c/0x1a00 [ 82.683136] [] ? kasan_slab_free+0x72/0xc0 [ 82.689025] [] ? kfree+0xf4/0x310 [ 82.694132] [] ? pskb_expand_head+0x683/0x970 [ 82.701062] [] ? ip6_finish_output2+0x1ca0/0x1ca0 [ 82.707555] [] ? __lock_is_held+0xa2/0xf0 [ 82.713352] [] ? ipv4_dst_check+0x111/0x160 [ 82.719409] [] ? __sk_dst_check+0x114/0x270 01:33:38 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000000080)=0x1, 0x4) connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @remote}, 0x10) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000000)={0x1, 0x1}, 0x8) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x13, &(0x7f0000000040), 0x14) close(r0) 01:33:38 executing program 7: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x0, 0x3ef, 0x0, 0x14, 0x0, 0x0, 0x1ac, 0x0, 0x2, 0x0, 0x5]}, 0x33}) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f0000000080)={@ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x17}}}) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @broadcast}, 0x10) signalfd(0xffffffffffffffff, &(0x7f0000000140), 0x8) sendto$inet(r0, &(0x7f0000000080), 0x0, 0x20000801, &(0x7f0000000080)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x10) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000140), 0x0) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) fsetxattr(0xffffffffffffffff, &(0x7f0000000280)=@known='user.syz\x00', &(0x7f00000002c0)='\x00', 0x398, 0x0) 01:33:38 executing program 4: socket$nl_netfilter(0x10, 0x3, 0xc) r0 = syz_open_procfs(0x0, &(0x7f0000000000)="2f65786500000000000409004bddd9de91be10eeaf000ee9a90f798058439ed554fa07424ada75af1f02ac06edbcd7a071fb35331ce39c5a00000000") fsetxattr(r0, &(0x7f0000000280)=@known='user.syz\x00', &(0x7f00000002c0)='\x00', 0x398, 0x0) 01:33:38 executing program 3: socket$packet(0x11, 0x3, 0x300) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x2000ff0f, &(0x7f0000e68000)={0x2, 0x4004e23, @local, [0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x8dffffff]}, 0x10) shutdown(r1, 0x1) ioctl$fiemap(r0, 0xc020660b, &(0x7f0000000080)=ANY=[@ANYBLOB="25d7ef9301e6eb0ef5da872012de974acbbe2df43c24d358d62952a77c0868eb2a7adf4c7a77620300515f000000000000000000000000"]) setsockopt$inet6_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x29, 0x2d, &(0x7f0000000180)={0x0, {{0xa, 0x4e21, 0x0, @ipv4}}}, 0x88) ioctl$SCSI_IOCTL_START_UNIT(0xffffffffffffffff, 0x5) munlockall() setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040), 0x10) [ 82.725399] [] inet6_csk_xmit+0x245/0x490 [ 82.731208] [] ? inet6_csk_xmit+0xff/0x490 [ 82.737137] [] ? inet6_csk_update_pmtu+0x160/0x160 [ 82.743722] [] ? udp6_set_csum+0xd3/0xa70 [ 82.749525] [] l2tp_xmit_skb+0xb9c/0xe80 [ 82.757237] [] pppol2tp_sendmsg+0x4e0/0x7d0 [ 82.763207] [] ? selinux_socket_sendmsg+0x3f/0x50 [ 82.769704] [] ? pppol2tp_release+0x310/0x310 01:33:38 executing program 4: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x71}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f00000000c0)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) ptrace(0x4207, r1) ptrace$setsig(0x4203, r1, 0x0, &(0x7f0000000040)) [ 82.775855] [] sock_sendmsg+0xcc/0x110 [ 82.781393] [] ___sys_sendmsg+0x441/0x880 [ 82.787717] [] ? copy_msghdr_from_user+0x550/0x550 [ 82.794306] [] ? __fget+0x148/0x3b0 [ 82.799615] [] ? __fget+0x16f/0x3b0 [ 82.805011] [] ? __fget+0x47/0x3b0 [ 82.810200] [] ? __fget_light+0x9f/0x1f0 [ 82.815907] [] ? __fdget+0x18/0x20 [ 82.821097] [] ? sockfd_lookup_light+0xb6/0x160 [ 82.827430] [] __sys_sendmmsg+0x1d4/0x2e0 [ 82.833234] [] ? SyS_sendmsg+0x50/0x50 [ 82.838769] [] ? ip6_datagram_connect+0x3a/0x50 [ 82.845087] [] ? inet_dgram_connect+0x11e/0x200 [ 82.851403] [] ? fput+0x20/0x150 [ 82.856433] [] ? SYSC_connect+0x22a/0x300 [ 82.862255] [] ? SYSC_bind+0x280/0x280 [ 82.867795] [] ? compat_SyS_futex+0x1e1/0x2f0 01:33:38 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = syz_open_procfs(0x0, &(0x7f0000000000)="2f65786500000000000409004bddd9de91be10eeaf000ee9a90f798058439ed554fa07424ada75af1f02ac06edbcd7a071fb35331ce39c5a00000000") fsetxattr(r0, &(0x7f0000000280)=@known='user.syz\x00', &(0x7f00000002c0)='\x00', 0x398, 0x0) 01:33:38 executing program 7: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x0, 0x3ef, 0x0, 0x14, 0x0, 0x0, 0x1ac, 0x0, 0x2, 0x0, 0x5]}, 0x33}) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f0000000080)={@ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x17}}}) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @broadcast}, 0x10) signalfd(0xffffffffffffffff, &(0x7f0000000140), 0x8) sendto$inet(r0, &(0x7f0000000080), 0x0, 0x20000801, &(0x7f0000000080)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x10) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000140), 0x0) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) fsetxattr(0xffffffffffffffff, &(0x7f0000000280)=@known='user.syz\x00', &(0x7f00000002c0)='\x00', 0x398, 0x0) [ 82.873935] [] ? compat_SyS_get_robust_list+0x310/0x310 [ 82.880940] [] ? SyS_socket+0x121/0x1b0 [ 82.886562] [] ? move_addr_to_kernel+0x50/0x50 [ 82.892800] [] compat_SyS_sendmmsg+0x32/0x40 [ 82.898864] [] ? compat_SyS_sendmsg+0x40/0x40 [ 82.905007] [] do_fast_syscall_32+0x324/0x8b0 [ 82.911148] [] sysenter_flags_fixed+0xd/0x1a [ 82.917194] [ 82.918811] Allocated by task 0: [ 82.922175] (stack is not available) [ 82.925879] [ 82.927495] Freed by task 0: [ 82.930499] (stack is not available) [ 82.934199] [ 82.935826] The buggy address belongs to the object at ffff8801d3d55140 [ 82.935826] which belongs to the cache ip_dst_cache of size 208 [ 82.948579] The buggy address is located 24 bytes inside of [ 82.948579] 208-byte region [ffff8801d3d55140, ffff8801d3d55210) [ 82.960360] The buggy address belongs to the page: [ 82.971599] kasan: CONFIG_KASAN_INLINE enabled [ 82.976025] kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN [ 82.988964] Dumping ftrace buffer: [ 82.992499] (ftrace buffer empty) [ 82.996202] Modules linked in: [ 82.999527] CPU: 0 PID: 6227 Comm: syz-executor7 Not tainted 4.4.153-g5e24b4e #26 [ 83.007158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 83.016516] task: ffff8801ce180000 task.stack: ffff8801ba800000 [ 83.022593] RIP: 0010:[] [] rb_erase+0x4f4/0x1cb0 [ 83.030971] RSP: 0018:ffff8801db207cf8 EFLAGS: 00010082 [ 83.036414] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: ffff8801db219cc8 [ 83.043690] RDX: ffffed003b6432f2 RSI: ffff8801db219790 RDI: 0000000000000000 [ 83.050954] RBP: ffff8801db207d40 R08: ffffffff85356280 R09: 0000000000000001 [ 83.058219] R10: 0000000000000000 R11: ffff8801ce180000 R12: ffff8801db219cc0 [ 83.065496] R13: ffff8801d3d55210 R14: ffff8801db219cc1 R15: ffff8801d3d55220 [ 83.072765] FS: 0000000000000000(0000) GS:ffff8801db200000(0063) knlGS:00000000f5781b40 [ 83.080993] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 83.086873] CR2: 000000002c824000 CR3: 00000000ae013000 CR4: 00000000001606f0 [ 83.094147] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 83.101425] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 83.108711] Stack: [ 83.110867] ffffed003b6432f2 ffff8801db219cc8 ffff8801db219790 0000000000000000 [ 83.118945] ffff8801c2c1fd28 ffff8801db219790 ffff8801db219798 0000000000000000 [ 83.127023] 0000000000000000 ffff8801db207d70 ffffffff81e33f48 ffffffff844bec20 [ 83.135147] Call Trace: [ 83.137722] [ 83.139781] [] timerqueue_del+0x78/0x170 [ 83.145790] [] __remove_hrtimer+0x8e/0x250 [ 83.151680] [] __hrtimer_run_queues+0x2dd/0x1000 [ 83.158111] [] ? retrigger_next_event+0x1c0/0x1c0 [ 83.164608] [] ? kvm_clock_read+0x23/0x40 [ 83.170415] [] ? kvm_clock_get_cycles+0x9/0x10 [ 83.176645] [] ? hrtimer_interrupt+0x12d/0x430 [ 83.182878] [] hrtimer_interrupt+0x1b1/0x430 [ 83.188943] [] local_apic_timer_interrupt+0x74/0xa0 [ 83.195610] [] smp_apic_timer_interrupt+0x7c/0xa0 [ 83.202108] [] apic_timer_interrupt+0xa0/0xb0 [ 83.208244] [ 83.210309] [] ? check_preemption_disabled+0x1c/0x170 [ 83.217456] [] ? audit_kill_trees+0x140/0x140 [ 83.223608] [] ? check_preemption_disabled+0x36/0x170 [ 83.230473] [] debug_smp_processor_id+0x1c/0x20 [ 83.236819] [] rcu_lockdep_current_cpu_online+0x3c/0x140 [ 83.243941] [] rcu_read_lock_held+0x90/0xc0 [ 83.249915] [] __fget+0x295/0x3b0 [ 83.255024] [] ? __fget+0x47/0x3b0 [ 83.260210] [] fget+0x18/0x20 [ 83.264962] [] sockfd_lookup+0x18/0x150 [ 83.270582] [] compat_SyS_setsockopt+0x91/0x2a0 [ 83.276929] [] ? scm_detach_fds_compat+0x3b0/0x3b0 [ 83.283519] [] ? do_fast_syscall_32+0xdb/0x8b0 [ 83.289758] [] ? scm_detach_fds_compat+0x3b0/0x3b0 [ 83.296350] [] do_fast_syscall_32+0x324/0x8b0 [ 83.302508] [] sysenter_flags_fixed+0xd/0x1a [ 83.308561] Code: 14 00 00 4c 89 ff 49 89 44 24 08 48 c1 ef 03 80 3c 1f 00 0f 85 7c 14 00 00 48 89 c7 4d 89 e6 4d 89 65 10 48 c1 ef 03 49 83 ce 01 <80> 3c 1f 00 0f 85 8d 14 00 00 4c 89 e7 4c 89 30 48 c1 ef 03 80 [ 83.336572] RIP [] rb_erase+0x4f4/0x1cb0 [ 83.342455] RSP [ 83.346084] ---[ end trace b68c08501f183e02 ]--- [ 83.350862] Kernel panic - not syncing: Fatal exception in interrupt [ 84.485741] Shutting down cpus with NMI [ 84.490327] Dumping ftrace buffer: [ 84.493853] (ftrace buffer empty) [ 84.497540] Kernel Offset: disabled [ 84.501139] Rebooting in 86400 seconds..