[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   13.948046] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.205218] random: sshd: uninitialized urandom read (32 bytes read)
[   18.614427] random: sshd: uninitialized urandom read (32 bytes read)
[   19.317059] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.62' (ECDSA) to the list of known hosts.
[   24.918884] random: sshd: uninitialized urandom read (32 bytes read)
2018/08/28 10:23:54 fuzzer started
[   26.134726] random: cc1: uninitialized urandom read (8 bytes read)
2018/08/28 10:23:56 dialing manager at 10.128.0.26:38051
2018/08/28 10:23:58 syscalls: 1
2018/08/28 10:23:58 code coverage: enabled
2018/08/28 10:23:58 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/08/28 10:23:58 setuid sandbox: enabled
2018/08/28 10:23:58 namespace sandbox: enabled
2018/08/28 10:23:58 fault injection: CONFIG_FAULT_INJECTION is not enabled
2018/08/28 10:23:58 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/08/28 10:23:58 net packed injection: enabled
2018/08/28 10:23:58 net device setup: enabled
[   29.947756] random: crng init done
10:24:29 executing program 3:
mkdir(&(0x7f0000000640)='./file0\x00', 0x0)
sched_setattr(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000001c0))
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
add_key$user(&(0x7f0000000140)='user\x00', &(0x7f0000000180)={0x73, 0x79, 0x7a, 0x1}, &(0x7f0000000200), 0x0, 0xfffffffffffffff9)
r0 = socket(0x10, 0x802, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f00000002c0)={"7465616d30000000887925569000"})
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000100)={"7465616d300000ffffffc000", 0x4bfd})
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)

10:24:29 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
ioctl$KDGKBLED(r1, 0xc074510c, &(0x7f0000a07fff))

10:24:29 executing program 7:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/net/tun\x00', 0x2, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={"0000000000000000000000000200", 0x5002})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f00000000c0), 0xc, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="030000000000000008001b0000000000"], 0x1}}, 0x0)
write$binfmt_aout(r0, &(0x7f0000000e80)=ANY=[@ANYBLOB="000000b7bf23a443f7466300230000000000"], 0x12)
openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/avc/hash_stats\x00', 0x0, 0x0)

10:24:29 executing program 4:
mkdir(&(0x7f0000000640)='./file0\x00', 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sched_setattr(0x0, &(0x7f0000000000)={0x0, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000001c0))
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
add_key$user(&(0x7f0000000140)='user\x00', &(0x7f0000000180), &(0x7f0000000200), 0x0, 0xfffffffffffffff9)
ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000))
r0 = socket(0x10, 0x802, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f00000002c0)={"7465616d30000000887925569000"})
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000100)={"7465616d300000ffffffc000", 0x4bfd})

10:24:29 executing program 1:
write(0xffffffffffffffff, &(0x7f0000000040), 0x0)
write(0xffffffffffffffff, &(0x7f00000003c0), 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
ioctl$SNDRV_TIMER_IOCTL_PAUSE(0xffffffffffffffff, 0x54a3)
ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000380))
clone(0xbd319029ddd0a11b, &(0x7f00000006c0), &(0x7f0000000200), &(0x7f0000000040), &(0x7f0000000080))
add_key(&(0x7f0000000100)='syzkaller\x00', &(0x7f0000000180), &(0x7f0000000480), 0x0, 0xfffffffffffffffa)

10:24:29 executing program 2:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu\x00', 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0)
r2 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r2, 0x8912, &(0x7f0000000040)="0a5cc80700315f85715070")
flistxattr(r1, &(0x7f0000000000)=""/99, 0xcf6d03acc0a91eab)

10:24:29 executing program 6:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c)
r1 = socket$l2tp(0x18, 0x1, 0x1)
connect$l2tp(r1, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}}, 0x1c)
sendmmsg(r1, &(0x7f0000005840)=[{{&(0x7f00000002c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, 0x80, &(0x7f0000001540), 0x0, &(0x7f0000001580)}}], 0x1, 0x0)

10:24:29 executing program 5:
lsetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000faffe7)=@known='system.posix_acl_default\x00', &(0x7f00001cffec)="020000000100f6ffffff00000200000000000000", 0x14, 0x0)
r0 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_int(r0, 0x1f00000000000000, 0xd2, &(0x7f0000000000), 0x3c)

[   60.233825] IPVS: Creating netns size=2536 id=1
[   60.283352] IPVS: Creating netns size=2536 id=2
[   60.333401] IPVS: Creating netns size=2536 id=3
[   60.365344] IPVS: Creating netns size=2536 id=4
[   60.419642] IPVS: Creating netns size=2536 id=5
[   60.453914] IPVS: Creating netns size=2536 id=6
[   60.505043] IPVS: Creating netns size=2536 id=7
[   60.568250] IPVS: Creating netns size=2536 id=8
[   61.119335] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   61.180515] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   61.277129] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   61.294710] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   61.326033] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   61.369479] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   61.423456] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   61.441662] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   61.459800] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   61.483614] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   61.508193] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   61.535330] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   61.542944] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   61.621175] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   61.658059] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   61.679892] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   61.714236] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   61.729014] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   61.740946] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   61.761485] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   61.771325] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   61.789486] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   61.807373] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   61.825981] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   61.833980] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   61.842510] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   61.852560] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   61.907342] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   61.948642] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   62.002487] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   62.023881] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   62.031990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   62.040906] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   62.048931] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   62.064630] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   62.079326] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   62.093464] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   62.100998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   62.111031] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   62.121851] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   62.132655] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   62.144755] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   62.165777] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   62.188004] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   62.198587] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   62.208648] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   62.238625] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   62.246104] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   62.259308] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   62.268596] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   62.277770] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   62.286177] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   62.302218] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   62.313427] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   62.327185] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   62.337773] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   62.348561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   62.369455] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   62.383658] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   62.392098] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   62.407587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   62.417047] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   62.424713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   62.441414] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   62.452906] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   62.464370] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   62.471992] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   62.480992] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   62.488917] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   62.502520] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   62.515940] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   62.523159] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   62.530677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   62.544229] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   62.552095] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   62.565414] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   62.576101] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   62.583974] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   62.592397] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   62.600238] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   62.614511] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   62.626031] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   62.643221] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   62.655924] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   62.666413] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   62.676191] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   62.687015] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   62.698717] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   62.712035] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   62.723430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   62.743568] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   62.751268] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   62.759168] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   62.768229] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   62.783620] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   62.791091] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   65.327881] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   65.474115] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   65.534417] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   65.545653] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   65.591802] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   65.604333] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   65.614014] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   65.620975] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   65.725970] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   65.732498] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   65.745132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   65.753268] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   65.763929] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   65.770638] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   65.795066] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   65.838843] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   65.850169] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   65.857485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   65.871863] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   65.879470] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   65.896211] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   65.902955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   65.922527] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   66.045783] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   66.052073] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   66.063416] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   66.081260] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   66.105614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   66.112333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   66.190631] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   66.209002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   66.219014] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
10:24:36 executing program 3:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={"6c6f0000000002d68900", <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f00000000c0), 0xc, &(0x7f0000000180)={&(0x7f0000000040)=@ipv6_newaddr={0x2c, 0x14, 0x101, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r1}, [@IFA_ADDRESS={0x14, 0x1, @loopback}]}, 0x2c}}, 0x0)

10:24:36 executing program 3:

10:24:36 executing program 3:

10:24:36 executing program 1:

10:24:36 executing program 3:

10:24:36 executing program 1:

10:24:36 executing program 7:

10:24:36 executing program 3:

10:24:36 executing program 7:

10:24:37 executing program 0:
r0 = socket(0x400000000010, 0x3, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85715070")
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000500)={&(0x7f0000000440), 0xc, &(0x7f00000004c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00'], 0x1}}, 0x0)

10:24:37 executing program 1:

10:24:37 executing program 4:

10:24:37 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000200)="0a5cc80700315f85715070")
ioctl$SG_IO(r0, 0x2285, &(0x7f00000001c0)={0x400000053, 0x0, 0x6, 0x0, @scatter={0x0, 0xfffffff, &(0x7f00000004c0)}, &(0x7f0000000140)="482e27f215c6", &(0x7f0000000600)=""/4096, 0x0, 0x0, 0x0, &(0x7f0000000080)})

10:24:37 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
capset(&(0x7f00001e8ff8)={0x19980330}, &(0x7f0000032fe8))
setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000140)=ANY=[@ANYBLOB="66696c746572000000000000000000000000000000000000000000000000000007000000040000007c04000058020000580200005802000098030000980300009803000004000000", @ANYPTR=&(0x7f0000000000)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000de731ec5b25aad826f00000000000000000000000000000000000000000000000000000000000000000000"], @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0004001000000000000000000000000000000000000000000000000000050006d616e676c65000000000000000000000000000000000000000000000000aaaaaaaaaabb0000000000000000000000000000000000000000000000000000000000000000000000000000000000007f000001ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000069726c616e30000000000000000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0001801000000000000000000000000000000000000000000000000000028004d41524b00000000000000000000000000000000000000000000000000020000000000000000ffffffffe0000001000000000000000008d9c37cec310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000677265300000000000000000000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0004001000000000000000000000000000000000000000000000000000050006d616e676c650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e4000000000000000000000000000000000000000000000000002400000000000000000000000000000000000000000000000000000000000000feffffff"], 0x4c8)

[   67.581016] kasan: CONFIG_KASAN_INLINE enabled
[   67.585652] kasan: GPF could be caused by NULL-ptr deref or user memory access
[   67.593039] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[   67.599265] Dumping ftrace buffer:
[   67.602797]    (ftrace buffer empty)
[   67.606512] Modules linked in:[   67.609238] capability: warning: `syz-executor2' uses 32-bit capabilities (legacy support in use)
[   67.618563] CPU: 0 PID: 6005 Comm: syz-executor6 Not tainted 4.9.124-g09eb2ba #35
[   67.626176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   67.635525] task: ffff8801a5b6b000 task.stack: ffff8801a5500000
[   67.641557] RIP: 0010:[<ffffffff8356164d>]  [<ffffffff8356164d>] ip6_xmit+0xb2d/0x1b80
[   67.649754] RSP: 0018:ffff8801a55075d0  EFLAGS: 00010246
[   67.655224] RAX: dffffc0000000000 RBX: ffff8801cb275500 RCX: ffffc900088ee000
[   67.662471] RDX: ffff8801cb275578 RSI: ffffffff83561613 RDI: ffff8801c090d818
[   67.669733] RBP: ffff8801a55077e8 R08: ffff8801a5b6b8e8 R09: 0000000000000000
[   67.676980] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801c19f4000
[   67.684228] R13: ffff8801c2d8dfe6 R14: 000000000000001b R15: 0000000000000040
[   67.691480] FS:  0000000000000000(0000) GS:ffff8801db200000(0063) knlGS:00000000f571eb40
[   67.699684] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   67.705541] CR2: 0000000033921000 CR3: 00000001da2f8000 CR4: 00000000001606f0
[   67.712788] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   67.720035] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   67.727367] Stack:
[   67.729492]  ffffffff8153f4a2 ffffffff8153c8ab ffffffff8303637b ffffffff8304364f
[   67.737485]  0000001000000001 0000000000000000 1ffff10034aa0ec8 ffff8801cb2755c8
[   67.745493]  ffff8801cb275558 ffff8801cb275578 ffff8801b7810000 ffff8801a7090000
[   67.753524] Call Trace:
[   67.756097]  [<ffffffff8153f4a2>] ? kasan_slab_free+0x72/0xc0
[   67.761966]  [<ffffffff8153c8ab>] ? kfree+0xfb/0x310
[   67.767069]  [<ffffffff8303637b>] ? skb_free_head+0x8b/0xb0
[   67.772773]  [<ffffffff8304364f>] ? pskb_expand_head+0x45f/0x930
[   67.778899]  [<ffffffff83560b20>] ? ip6_finish_output2+0x1d00/0x1d00
[   67.785383]  [<ffffffff812383b0>] ? trace_hardirqs_on+0x10/0x10
[   67.791416]  [<ffffffff812324e2>] ? __lock_is_held+0xa2/0xf0
[   67.797188]  [<ffffffff83311cd1>] ? ipv4_dst_check+0x111/0x160
[   67.803134]  [<ffffffff8302ab24>] ? __sk_dst_check+0x114/0x240
[   67.809098]  [<ffffffff836275ec>] inet6_csk_xmit+0x27c/0x4d0
[   67.814879]  [<ffffffff8362746f>] ? inet6_csk_xmit+0xff/0x4d0
[   67.820754]  [<ffffffff83627370>] ? inet6_csk_update_pmtu+0x160/0x160
[   67.827315]  [<ffffffff81f2106b>] ? check_preemption_disabled+0x3b/0x170
[   67.834134]  [<ffffffff836c42e5>] l2tp_xmit_skb+0xc45/0xf30
[   67.839820]  [<ffffffff836cf8b0>] pppol2tp_sendmsg+0x4e0/0x790
[   67.845782]  [<ffffffff81d17caf>] ? selinux_socket_sendmsg+0x3f/0x50
[   67.852251]  [<ffffffff836cf3d0>] ? pppol2tp_release+0x2e0/0x2e0
[   67.858371]  [<ffffffff8301e0ac>] sock_sendmsg+0xcc/0x110
[   67.863890]  [<ffffffff8301f8ca>] ___sys_sendmsg+0x47a/0x840
[   67.869672]  [<ffffffff8301f450>] ? copy_msghdr_from_user+0x560/0x560
[   67.876229]  [<ffffffff812d5fa6>] ? futex_wake+0x146/0x450
[   67.882104]  [<ffffffff812383b0>] ? trace_hardirqs_on+0x10/0x10
[   67.888145]  [<ffffffff81f2106b>] ? check_preemption_disabled+0x3b/0x170
[   67.894962]  [<ffffffff815da38a>] ? __fget+0x20a/0x3b0
[   67.900214]  [<ffffffff815da6d9>] ? __fget_light+0x169/0x1f0
[   67.906072]  [<ffffffff815da778>] ? __fdget+0x18/0x20
[   67.911236]  [<ffffffff83021f0c>] __sys_sendmmsg+0x23c/0x3d0
[   67.917010]  [<ffffffff83021cd0>] ? SyS_sendmsg+0x50/0x50
[   67.922523]  [<ffffffff8361acda>] ? ip6_datagram_connect+0x3a/0x50
[   67.928820]  [<ffffffff8342953e>] ? inet_dgram_connect+0x11e/0x200
[   67.935129]  [<ffffffff8157c7a2>] ? fput+0xd2/0x140
[   67.940125]  [<ffffffff8301eaaa>] ? SYSC_connect+0x22a/0x300
[   67.945913]  [<ffffffff8301e880>] ? SYSC_bind+0x280/0x280
[   67.951430]  [<ffffffff812dc171>] ? compat_SyS_futex+0x1e1/0x2f0
[   67.957560]  [<ffffffff812dbf90>] ? compat_SyS_get_robust_list+0x310/0x310
[   67.964562]  [<ffffffff83020a31>] ? SyS_socket+0x121/0x1b0
[   67.970164]  [<ffffffff83020910>] ? move_addr_to_kernel+0x50/0x50
[   67.976375]  [<ffffffff83123802>] compat_SyS_sendmmsg+0x32/0x40
[   67.982410]  [<ffffffff831237d0>] ? compat_SyS_sendmsg+0x40/0x40
[   67.988531]  [<ffffffff81006da7>] do_fast_syscall_32+0x2f7/0x870
[   67.994653]  [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[   68.001295]  [<ffffffff83a030d0>] entry_SYSENTER_compat+0x90/0xa2
[   68.007498] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 55 0e 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 54 24 48 4d 8b a4 24 18 03 00 00 <65> 49 ff 44 24 28 48 c1 ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f 
[   68.034708] RIP  [<ffffffff8356164d>] ip6_xmit+0xb2d/0x1b80
[   68.040521]  RSP <ffff8801a55075d0>
[   68.044186] ---[ end trace fe39b076eff608b5 ]---
[   68.048938] Kernel panic - not syncing: Fatal exception in interrupt
[   68.055806] Dumping ftrace buffer:
[   68.059333]    (ftrace buffer empty)
[   68.063020] Kernel Offset: disabled
[   68.066618] Rebooting in 86400 seconds..