[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   13.184063] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   17.894947] random: sshd: uninitialized urandom read (32 bytes read)
[   18.118711] random: sshd: uninitialized urandom read (32 bytes read)
[   18.769224] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.47' (ECDSA) to the list of known hosts.
[   24.442600] random: sshd: uninitialized urandom read (32 bytes read)
2018/08/27 02:44:48 fuzzer started
[   25.690387] random: cc1: uninitialized urandom read (8 bytes read)
2018/08/27 02:44:50 dialing manager at 10.128.0.26:38095
2018/08/27 02:44:55 syscalls: 1
2018/08/27 02:44:55 code coverage: enabled
2018/08/27 02:44:55 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/08/27 02:44:55 setuid sandbox: enabled
2018/08/27 02:44:55 namespace sandbox: enabled
2018/08/27 02:44:55 fault injection: CONFIG_FAULT_INJECTION is not enabled
2018/08/27 02:44:55 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/08/27 02:44:55 net packed injection: enabled
2018/08/27 02:44:55 net device setup: enabled
[   33.641102] random: crng init done
INIT: Id "2" respawning too fast: disabled for 5 minutes
INIT: Id "3" respawning too fast: disabled for 5 minutes
INIT: Id "5" respawning too fast: disabled for 5 minutes
INIT: Id "4" respawning too fast: disabled for 5 minutes
INIT: Id "1" respawning too fast: disabled for 5 minutes
02:46:20 executing program 0:
r0 = socket$inet6(0xa, 0x2000000802, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000f68000)={@loopback, 0x800, 0x0, 0xff, 0x1}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@loopback, 0x800, 0x2}, 0x20)

02:46:20 executing program 1:
r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000080)='/dev/md0\x00', 0x24080, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sequencer\x00', 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000440))
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000009d80)={&(0x7f0000000140)=@kern={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000009cc0), 0x0, 0x0, 0x0, 0x8000}, 0x0)

02:46:20 executing program 2:
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ppp\x00', 0x0, 0x0)
ioctl$EVIOCGPROP(r0, 0x4004743d, &(0x7f0000000040)=""/246)

02:46:20 executing program 7:
r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180))
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu\x00', 0x200002, 0x0)
r2 = openat$cgroup_int(r1, &(0x7f0000000040)='cpuset.mems\x00', 0x2, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000080), 0x12)
write$cgroup_subtree(r2, &(0x7f0000000080)=ANY=[@ANYBLOB='/0'], 0x2)

02:46:20 executing program 4:
r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180))
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu\x00', 0x200002, 0x0)
r2 = openat$cgroup_int(r1, &(0x7f0000000040)='cpuset.mems\x00', 0x2, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000080)=ANY=[@ANYBLOB=',,'], 0x2)

02:46:20 executing program 5:
socketpair$inet6_tcp(0xa, 0x1, 0x0, &(0x7f0000000040))
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
openat(r0, &(0x7f0000000200)='./file0\x00', 0x20042, 0x80)

02:46:20 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000b6dfc8)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)={0x2, 0x400000000000003, 0x0, 0x3, 0x13, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @rand_addr}}}, @sadb_address={0x5, 0x9, 0xffffff80, 0x0, 0x0, @in6}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x7, 0xffffff02}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast2}}]}, 0x98}}, 0x0)

02:46:20 executing program 6:
pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RSTATFS(r0, &(0x7f0000000100)={0x43, 0x9, 0x0, {0x4, 0x3, 0x0, 0x0, 0x0, 0x0, 0x9}}, 0x43)
ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f00000000c0))
fcntl$setflags(r0, 0x2, 0x0)
write$P9_RCREATE(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x73, 0x2, {{0x0, 0x0, 0x2}}}, 0x18)

[  117.113892] IPVS: Creating netns size=2536 id=1
[  117.163367] IPVS: Creating netns size=2536 id=2
[  117.200001] IPVS: Creating netns size=2536 id=3
[  117.229493] IPVS: Creating netns size=2536 id=4
[  117.262282] IPVS: Creating netns size=2536 id=5
[  117.321621] IPVS: Creating netns size=2536 id=6
[  117.386539] IPVS: Creating netns size=2536 id=7
[  117.436899] IPVS: Creating netns size=2536 id=8
[  118.011633] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  118.034943] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  118.089892] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  118.106291] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  118.284379] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  118.304283] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  118.324490] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  118.343259] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  118.390241] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  118.405831] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  118.413805] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  118.473304] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  118.500235] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
INIT: Id "6" respawning too fast: disabled for 5 minutes
[  118.527851] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  118.544404] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  118.560063] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  118.573946] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  118.590931] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  118.613692] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  118.665950] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  118.716548] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  118.756556] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  118.764374] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  118.791953] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  118.827929] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  118.843653] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  118.922857] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  118.954126] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  118.972302] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  118.992653] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  119.003535] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  119.014423] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  119.028897] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  119.046764] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  119.055042] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  119.066401] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  119.090076] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  119.102475] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  119.116335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  119.147376] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  119.156493] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  119.164182] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  119.175259] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  119.186955] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  119.203566] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  119.211627] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  119.221694] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  119.247205] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  119.254708] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  119.267197] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  119.279978] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  119.292975] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  119.307043] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  119.314563] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  119.343065] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  119.350694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  119.361044] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  119.369794] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  119.382835] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  119.396361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  119.403944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  119.418383] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  119.432811] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  119.445684] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  119.453645] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  119.463723] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  119.479129] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  119.488001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  119.511186] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  119.518850] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  119.527670] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  119.544671] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  119.556330] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  119.563777] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  119.574693] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  119.587793] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  119.595362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  119.627308] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  119.634484] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  119.650478] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  119.661832] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  119.673368] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  119.686283] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  119.702322] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  119.715847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  119.723509] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  119.732387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  119.741174] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  119.755844] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  119.763413] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  119.772013] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  119.796395] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  119.803972] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  119.820205] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  119.843632] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  119.861044] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  123.621980] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  123.753179] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  123.806099] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  123.817534] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  123.831150] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  123.840229] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  123.848614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  123.871747] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  123.952141] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  124.010934] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  124.019587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  124.027047] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  124.035095] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  124.043238] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  124.051814] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  124.059192] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  124.066422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  124.073144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  124.113723] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  124.136554] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  124.146792] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  124.153556] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  124.175299] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  124.241149] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  124.256074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  124.262874] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  124.355895] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  124.362234] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  124.370270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  124.440398] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  124.457368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  124.464504] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
02:46:29 executing program 5:
r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180))
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu\x00', 0x200002, 0x0)
r2 = openat$cgroup_int(r1, &(0x7f0000000040)='cpuset.mems\x00', 0x2, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000080)=ANY=[@ANYBLOB='/,'], 0x2)

02:46:29 executing program 5:
r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180))
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu\x00', 0x200002, 0x0)
r2 = openat$cgroup_int(r1, &(0x7f0000000040)='cpuset.mems\x00', 0x2, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000080)=ANY=[@ANYBLOB='/'], 0x1)

02:46:29 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
close(0xffffffffffffffff)
r1 = dup(r0)
getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000480)={{{@in6=@remote, @in=@remote}}, {{@in=@multicast1}, 0x0, @in=@remote}}, &(0x7f00000006c0)=0xffffffffffffff7a)

02:46:29 executing program 0:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c)
r1 = socket$l2tp(0x18, 0x1, 0x1)
connect$l2tp(r1, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@local, @in, 0x0, 0x0, 0x0, 0x0, 0x800000000000000a}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@remote, 0x0, 0x2b}, 0x2, @in, 0x0, 0x4}}, 0xe8)
sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0)

02:46:29 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c)
r1 = socket$l2tp(0x18, 0x1, 0x1)
connect$l2tp(r1, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@local, @in, 0x0, 0x0, 0x0, 0x0, 0x800000000000000a}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@rand_addr=0x1, 0x0, 0x2b}, 0x0, @in, 0x0, 0x4}}, 0xe8)
sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0)
socket$netlink(0x10, 0x3, 0x0)

02:46:29 executing program 6:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c)
r1 = socket$l2tp(0x18, 0x1, 0x1)
connect$l2tp(r1, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@local, @in, 0x0, 0x0, 0x0, 0x0, 0x800000000000000a}, {}, {}, 0x0, 0x0, 0x1, 0x94b1ed6762365100}, {{@in=@remote, 0x0, 0x2b}, 0x0, @in, 0x0, 0x4}}, 0xe8)
sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0)

[  125.803034] hrtimer: interrupt took 40187 ns
02:46:29 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000015c0)={'sit0\x00'})
sendmsg$nl_route(r0, &(0x7f000000a000)={&(0x7f0000000080), 0xc, &(0x7f0000012000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="000000000000000010001200080001007769741004000200"], 0x1}}, 0x0)

02:46:29 executing program 1:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x0, 0x1, 0x2, 0x0, 0x3, 0x4}, &(0x7f00000000c0)=0x20)
r1 = socket$l2tp(0x18, 0x1, 0x1)
memfd_create(&(0x7f00000001c0)='bridge_slave_1\x00', 0x0)
connect$l2tp(r1, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@local, @in, 0x0, 0x0, 0x0, 0x0, 0x800000000000000a}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@remote, 0x0, 0x2b}, 0x2, @in, 0x1000000000000, 0x4}}, 0xe8)
sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0)
memfd_create(&(0x7f0000000100)='bridge_slave_1\x00', 0x0)
write$P9_RWALK(0xffffffffffffffff, &(0x7f0000000140)={0x16, 0x6f, 0x2, {0x1, [{}]}}, 0x16)
ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000040)={'bridge_slave_1\x00', 0xfffffffffffffe59})

02:46:29 executing program 4:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c)
r2 = socket$l2tp(0x18, 0x1, 0x1)
connect$l2tp(r2, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f00000000c0)={@dev={0xfe, 0x80, [], 0xf}, 0x1f, 0x2, 0x3, 0x0, 0x7ff}, 0x20)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@local, @in, 0x0, 0x0, 0x0, 0x0, 0x800000000000000a}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@rand_addr=0x1, 0x0, 0x2b}, 0x0, @in, 0x0, 0x4}}, 0xe8)
sendmmsg(r2, &(0x7f0000005fc0), 0x800000000000059, 0x0)

02:46:29 executing program 2:

02:46:30 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c)
r1 = socket$l2tp(0x18, 0x1, 0x1)
connect$l2tp(r1, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@local, @in, 0x0, 0x0, 0x0, 0x0, 0x800000000000000a}, {}, {0x3ff}, 0x0, 0x0, 0x1}, {{@in6=@remote, 0x0, 0x2b}, 0x2, @in, 0x0, 0x4}}, 0xe8)
sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0)

02:46:30 executing program 7:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c)
r1 = socket$l2tp(0x18, 0x1, 0x1)
connect$l2tp(r1, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@local, @in, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x800000000000000a}, {}, {0x3ff}, 0x0, 0x0, 0x1}, {{@in6=@remote, 0x0, 0x2b}, 0x2, @in, 0x0, 0x4}}, 0xe8)
sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0)

02:46:30 executing program 6:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c)
r1 = socket$l2tp(0x18, 0x1, 0x1)
connect$l2tp(r1, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@local, @in, 0x0, 0x0, 0x0, 0x0, 0x800000000000000a}, {}, {}, 0x0, 0x0, 0x1, 0x94b1ed6762365100}, {{@in=@remote, 0x0, 0x2b}, 0x0, @in, 0x0, 0x4}}, 0xe8)
sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0)

[  126.125659] BUG: sleeping function called from invalid context at net/core/sock.c:2502
[  126.133779] in_atomic(): 1, irqs_disabled(): 0, pid: 6863, name: syz-executor5
[  126.141165] 1 lock held by syz-executor5/6863:
[  126.145757]  #0:  (rcu_callback){......}, at: [<ffffffff81289ace>] rcu_process_callbacks+0x98e/0x12b0
[  126.155687] Preemption disabled at:[  126.159139] [<ffffffff83a0848d>] __do_softirq+0xdd/0x940
[  126.164618] CPU: 1 PID: 6863 Comm: syz-executor5 Not tainted 4.9.124-g09eb2ba #31
[  126.172238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  126.181594]  ffff8801db307cd8 ffffffff81eb95e9 ffffffff83a0848d 0000000000000000
[  126.189658]  0000000000000100 ffff8801c9338000 ffff8801c9338000 ffff8801db307d10
[  126.197746]  ffffffff81426851 ffff8801c9338000 ffffffff840f88a0 00000000000009c6
[  126.205852] Call Trace:
[  126.208464]  <IRQ> [  126.210523]  [<ffffffff81eb95e9>] dump_stack+0xc1/0x128
[  126.215922]  [<ffffffff83a0848d>] ? __do_softirq+0xdd/0x940
[  126.221639]  [<ffffffff81426851>] ___might_sleep.cold.123+0x1bc/0x1f5
[  126.228221]  [<ffffffff811bd9a5>] __might_sleep+0x95/0x1a0
[  126.233850]  [<ffffffff81238076>] ? trace_hardirqs_on_caller+0x266/0x590
[  126.240887]  [<ffffffff8302b774>] lock_sock_nested+0x34/0x120
[  126.246775]  [<ffffffff83428dd9>] inet_shutdown+0x69/0x360
[  126.252407]  [<ffffffff836cb6a0>] ? pppol2tp_recvmsg+0x280/0x280
[  126.258557]  [<ffffffff836cb740>] pppol2tp_session_close+0xa0/0xe0
[  126.264890]  [<ffffffff836c4f71>] l2tp_tunnel_closeall+0x231/0x350
02:46:30 executing program 0:
add_key(&(0x7f0000000140)='ceph\x00', &(0x7f0000000080), &(0x7f0000000200)="8a1694f32c9617cd2075c77b74606d2f8aa7525f685607458210661c0330ae39b04fac17a750387907115970ba3f02c604bf44b44a72bf3f8d84872a4567427a162f8770c6bccd7f79945028d64b7457e6f51de42d40cea3117b077e3ae045006a3b38b02f0c037a8c262358436d343f650b4b9e8da09e5536beb89e71bf7fce8f6c4df174419b2b91699034df8f43583510a6fbabcbefe8e0e77a0cc000c6fc9988722b7fb20d9f3291c8280432becb76e8e0b92a3aa4654b573ec8d15352267151ff909100db1c5093f2b3855709347eb18a2aba27cf8e3af204382a3fff2b8c286095d9fc0f0ed116efb08798ab5eea783c330142c9ae8fa6921c5dfcc966cbc5011a2204b4f710f003bbfc58d498b7b0ceeefbc26c17bb61cda50aa8937ebe2cee8ae6e1fb40d48e2d59b6e1f264bb927837c084ffb177d698839adecf9688f4e759a1db8c296532d23aba0a3d10049d322be4a408122814b9d2d2cfee6ddb6954ff861e91ddb4bdebe670bb5eda3ee38001fccee1e915c106dc6cf593e4a1371fd8b78c54bdd7bd3e5d21f91bc6a0e467f704b4abce110606b2696ecd11617ba642b0fcd315e1e57a582e8d369979bc52d22659100b65cce6e5a7970555fc90ce942d24b6efe5bc1a1de9e953259e3bb5565fb443f3c55454141ba1b21a1c63a24f7ca9b4c4db82245991f8e68fbaa408dfac4cc4a7c9ba2956a5eed16513e641166db0b8c9ad3a6ece91fcd060ac74657ff7800ed6b4afd5b75698db259effa6b5c7dcacfd7f4b75375242f3dd43b6ee6e7c93459c0e309d75bc14f0b7c0b9aa57c5b47af68721452dd25c9f3d7da8c6e61a6be1941ccb2834fe6d25c72799915fc2fc712887f0902e3240fe78142dc8bd558d6314ed1adaee171ff50f2aebfa28513448e8fb6f32c01b6fbb97a4e6ec694b76cbe1415ee884c4647332f527542db4d2342462612edcfddec6b3067f5fd3827f9fe590e964b439738da1d4b26d81de29d39d3289242952dbd76a61472f5c35cc79ecae9d5a8cdc69b7e291ec2c2997fadfd55c558833a45ff9e82ac35f4e1b6b9295ac568ee55a58f580182dcf8791baecf73992e32d8863ba474df4a06b5012160421ec024022e42242b2ab04f680d29d5f69a7625a0f60cc5ad6282a60dd976ae7ef84839f77526e8006a34cc76a8ba217b2fde0250e6773da2ffcecac9a8f630a9c1a3ea3299bc26a027ec2e9ebce63f2842087248cd305dc77f5878c222e132c8954959bd7c5bebda503b8af9e", 0x385, 0xffffffffffffffff)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={&(0x7f0000000200), 0xc, &(0x7f0000000080)={&(0x7f0000000500)=@migrate={0xac, 0x21, 0x21, 0x0, 0x0, {{@in=@local}}, [@migrate={0x5c, 0x11, [{@in6=@loopback, @in=@local}, {@in=@broadcast, @in6=@empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa]}}]}]}, 0xac}}, 0x0)

[  126.271213]  [<ffffffff836c57f2>] l2tp_tunnel_destruct+0x2f2/0x590
[  126.277539]  [<ffffffff836c56aa>] ? l2tp_tunnel_destruct+0x1aa/0x590
[  126.284528]  [<ffffffff836c5500>] ? l2tp_tunnel_del_work+0x470/0x470
[  126.291025]  [<ffffffff830281f5>] __sk_destruct+0x55/0x590
[  126.296654]  [<ffffffff812899ee>] rcu_process_callbacks+0x8ae/0x12b0
[  126.303156]  [<ffffffff81289ace>] ? rcu_process_callbacks+0x98e/0x12b0
[  126.309829]  [<ffffffff830281a0>] ? sock_set_timeout+0x210/0x210
[  126.315986]  [<ffffffff83a085c0>] __do_softirq+0x210/0x940
[  126.321621]  [<ffffffff8114d554>] irq_exit+0x114/0x150
[  126.326910]  [<ffffffff83a071a1>] smp_apic_timer_interrupt+0x81/0xa0
[  126.333410]  [<ffffffff83a03330>] apic_timer_interrupt+0xa0/0xb0
[  126.339552]  <EOI> [  126.341619]  [<ffffffff812a4254>] ? __hrtimer_init+0x1a4/0x220
[  126.347622]  [<ffffffff81360d10>] ? __sanitizer_cov_trace_pc+0x20/0x50
[  126.354294]  [<ffffffff812a4254>] __hrtimer_init+0x1a4/0x220
[  126.360097]  [<ffffffff812a8466>] hrtimer_nanosleep+0x156/0x540
[  126.366166]  [<ffffffff812a8310>] ? hrtimer_run_queues+0x1c0/0x1c0
[  126.372491]  [<ffffffff814c2e54>] ? __might_fault+0x114/0x1d0
[  126.378378]  [<ffffffff812a891c>] SyS_nanosleep+0xcc/0x120
[  126.384005]  [<ffffffff812a8850>] ? hrtimer_nanosleep+0x540/0x540
[  126.390241]  [<ffffffff8123819b>] ? trace_hardirqs_on_caller+0x38b/0x590
[  126.397088]  [<ffffffff812a8850>] ? hrtimer_nanosleep+0x540/0x540
[  126.403323]  [<ffffffff81006316>] do_syscall_64+0x1a6/0x490
[  126.409031]  [<ffffffff83a019d3>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[  126.416019] 
[  126.417639] =================================
[  126.422114] [ INFO: inconsistent lock state ]
[  126.426592] 4.9.124-g09eb2ba #31 Tainted: G        W      
[  126.432187] ---------------------------------
[  126.436655] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
[  126.442784] syz-executor5/6863 [HC0[0]:SC1[3]:HE1:SE0] takes:
[  126.448685]  (sk_lock-AF_PPPOX){+.?.+.}, at: [<ffffffff83428dd9>] inet_shutdown+0x69/0x360
{SOFTIRQ-ON-W} state was registered at:
[  126.461728]   mark_held_locks+0xc7/0x130
[  126.465789]   trace_hardirqs_on_caller+0x38b/0x590
[  126.470701]   trace_hardirqs_on+0xd/0x10
[  126.474746]   __local_bh_enable_ip+0x6a/0xd0
[  126.479135]   lock_sock_nested+0xdc/0x120
[  126.483260]   pppol2tp_connect+0xd9/0x18f0
[  126.487489]   SYSC_connect+0x1b8/0x300
[  126.491355]   SyS_connect+0x24/0x30
[  126.494960]   do_syscall_64+0x1a6/0x490
[  126.498918]   entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[  126.504082] irq event stamp: 4350
[  126.507515] hardirqs last  enabled at (4350): [<ffffffff83a02369>] restore_regs_and_iret+0x0/0x1d
[  126.516522] hardirqs last disabled at (4349): [<ffffffff83a022db>] common_interrupt+0x9b/0xa0
[  126.525186] softirqs last  enabled at (0): [<ffffffff81130b22>] copy_process.part.51+0x1172/0x6330
[  126.534280] softirqs last disabled at (4073): [<ffffffff8114d554>] irq_exit+0x114/0x150
[  126.542408] 
[  126.542408] other info that might help us debug this:
[  126.549053]  Possible unsafe locking scenario:
[  126.549053] 
[  126.555119]        CPU0
[  126.557801]        ----
[  126.560358]   lock(sk_lock-AF_PPPOX);
[  126.564379]   <Interrupt>
[  126.567108]     lock(sk_lock-AF_PPPOX);
[  126.571299] 
[  126.571299]  *** DEADLOCK ***
[  126.571299] 
[  126.577336] 1 lock held by syz-executor5/6863:
[  126.581908]  #0:  (rcu_callback){......}, at: [<ffffffff81289ace>] rcu_process_callbacks+0x98e/0x12b0
[  126.591758] 
[  126.591758] stack backtrace:
[  126.596240] CPU: 1 PID: 6863 Comm: syz-executor5 Tainted: G        W       4.9.124-g09eb2ba #31
[  126.605053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  126.614387]  ffff8801db307a58 ffffffff81eb95e9 ffff8801c9338000 ffffffff855f7ef0
[  126.622394]  ffff8801c93388f0 ffff8801c9338910 0000000000000000 ffff8801db307ac8
[  126.630396]  ffffffff81429ccd 0000000000000003 0000000000000001 ffff880100000000
[  126.638391] Call Trace:
[  126.640950]  <IRQ> [  126.642993]  [<ffffffff81eb95e9>] dump_stack+0xc1/0x128
[  126.648356]  [<ffffffff81429ccd>] print_usage_bug.cold.57+0x327/0x421
[  126.654916]  [<ffffffff8107ba56>] ? save_stack_trace+0x16/0x20
[  126.660870]  [<ffffffff81237726>] mark_lock+0xcc6/0x1280
[  126.666316]  [<ffffffff81236050>] ? check_usage_backwards+0x2e0/0x2e0
[  126.672906]  [<ffffffff812390f0>] __lock_acquire+0xd40/0x4070
[  126.678771]  [<ffffffff812383b0>] ? trace_hardirqs_on+0x10/0x10
[  126.684820]  [<ffffffff81f2106b>] ? check_preemption_disabled+0x3b/0x170
[  126.691648]  [<ffffffff83a02369>] ? retint_kernel+0x2d/0x2d
[  126.697360]  [<ffffffff8123ce90>] lock_acquire+0x130/0x3e0
[  126.702968]  [<ffffffff83428dd9>] ? inet_shutdown+0x69/0x360
[  126.708747]  [<ffffffff8302b806>] lock_sock_nested+0xc6/0x120
[  126.714612]  [<ffffffff83428dd9>] ? inet_shutdown+0x69/0x360
[  126.720388]  [<ffffffff83428dd9>] inet_shutdown+0x69/0x360
[  126.725992]  [<ffffffff836cb6a0>] ? pppol2tp_recvmsg+0x280/0x280
[  126.732118]  [<ffffffff836cb740>] pppol2tp_session_close+0xa0/0xe0
[  126.738419]  [<ffffffff836c4f71>] l2tp_tunnel_closeall+0x231/0x350
[  126.744729]  [<ffffffff836c57f2>] l2tp_tunnel_destruct+0x2f2/0x590
[  126.751028]  [<ffffffff836c56aa>] ? l2tp_tunnel_destruct+0x1aa/0x590
[  126.757500]  [<ffffffff836c5500>] ? l2tp_tunnel_del_work+0x470/0x470
[  126.763973]  [<ffffffff830281f5>] __sk_destruct+0x55/0x590
[  126.769580]  [<ffffffff812899ee>] rcu_process_callbacks+0x8ae/0x12b0
[  126.776072]  [<ffffffff81289ace>] ? rcu_process_callbacks+0x98e/0x12b0
[  126.782722]  [<ffffffff830281a0>] ? sock_set_timeout+0x210/0x210
[  126.788848]  [<ffffffff83a085c0>] __do_softirq+0x210/0x940
[  126.794461]  [<ffffffff8114d554>] irq_exit+0x114/0x150
[  126.799721]  [<ffffffff83a071a1>] smp_apic_timer_interrupt+0x81/0xa0
[  126.806194]  [<ffffffff83a03330>] apic_timer_interrupt+0xa0/0xb0
[  126.812312]  <EOI> [  126.814356]  [<ffffffff812a4254>] ? __hrtimer_init+0x1a4/0x220
[  126.820329]  [<ffffffff81360d10>] ? __sanitizer_cov_trace_pc+0x20/0x50
[  126.826975]  [<ffffffff812a4254>] __hrtimer_init+0x1a4/0x220
[  126.832752]  [<ffffffff812a8466>] hrtimer_nanosleep+0x156/0x540
[  126.838788]  [<ffffffff812a8310>] ? hrtimer_run_queues+0x1c0/0x1c0
[  126.845101]  [<ffffffff814c2e54>] ? __might_fault+0x114/0x1d0
[  126.850964]  [<ffffffff812a891c>] SyS_nanosleep+0xcc/0x120
[  126.856564]  [<ffffffff812a8850>] ? hrtimer_nanosleep+0x540/0x540
[  126.862776]  [<ffffffff8123819b>] ? trace_hardirqs_on_caller+0x38b/0x590
[  126.869612]  [<ffffffff812a8850>] ? hrtimer_nanosleep+0x540/0x540
[  126.875827]  [<ffffffff81006316>] do_syscall_64+0x1a6/0x490
[  126.881520]  [<ffffffff83a019d3>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[  126.888473] ==================================================================
[  126.895837] BUG: KASAN: use-after-free in inet_shutdown+0x2dc/0x360
[  126.902227] Read of size 4 at addr ffff8801b76eaa80 by task syz-executor5/6863
[  126.909559] 
[  126.911167] CPU: 1 PID: 6863 Comm: syz-executor5 Tainted: G        W       4.9.124-g09eb2ba #31
[  126.919996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  126.929332]  ffff8801db307cf8 ffffffff81eb95e9 ffffea0006ddba00 ffff8801b76eaa80
[  126.937347]  0000000000000000 ffff8801b76eaa80 ffff8801d07296d8 ffff8801db307d30
[  126.945341]  ffffffff8156c35e ffff8801b76eaa80 0000000000000004 0000000000000000
[  126.953413] Call Trace:
[  126.955972]  <IRQ> [  126.958017]  [<ffffffff81eb95e9>] dump_stack+0xc1/0x128
[  126.963382]  [<ffffffff8156c35e>] print_address_description+0x6c/0x234
[  126.970033]  [<ffffffff8156c768>] kasan_report.cold.6+0x242/0x2fe
[  126.976246]  [<ffffffff8342904c>] ? inet_shutdown+0x2dc/0x360
[  126.982111]  [<ffffffff8153fad4>] __asan_report_load4_noabort+0x14/0x20
[  126.988846]  [<ffffffff8342904c>] inet_shutdown+0x2dc/0x360
[  126.994541]  [<ffffffff836cb6a0>] ? pppol2tp_recvmsg+0x280/0x280
[  127.000667]  [<ffffffff836cb740>] pppol2tp_session_close+0xa0/0xe0
[  127.006970]  [<ffffffff836c4f71>] l2tp_tunnel_closeall+0x231/0x350
[  127.013271]  [<ffffffff836c57f2>] l2tp_tunnel_destruct+0x2f2/0x590
[  127.019592]  [<ffffffff836c56aa>] ? l2tp_tunnel_destruct+0x1aa/0x590
[  127.026068]  [<ffffffff836c5500>] ? l2tp_tunnel_del_work+0x470/0x470
[  127.032554]  [<ffffffff830281f5>] __sk_destruct+0x55/0x590
[  127.038168]  [<ffffffff812899ee>] rcu_process_callbacks+0x8ae/0x12b0
[  127.044660]  [<ffffffff81289ace>] ? rcu_process_callbacks+0x98e/0x12b0
[  127.051307]  [<ffffffff830281a0>] ? sock_set_timeout+0x210/0x210
[  127.057432]  [<ffffffff83a085c0>] __do_softirq+0x210/0x940
[  127.063052]  [<ffffffff8114d554>] irq_exit+0x114/0x150
[  127.068343]  [<ffffffff83a071a1>] smp_apic_timer_interrupt+0x81/0xa0
[  127.074818]  [<ffffffff83a03330>] apic_timer_interrupt+0xa0/0xb0
[  127.080936]  <EOI> [  127.082981]  [<ffffffff812a4254>] ? __hrtimer_init+0x1a4/0x220
[  127.088970]  [<ffffffff81360d10>] ? __sanitizer_cov_trace_pc+0x20/0x50
[  127.095616]  [<ffffffff812a4254>] __hrtimer_init+0x1a4/0x220
[  127.101394]  [<ffffffff812a8466>] hrtimer_nanosleep+0x156/0x540
[  127.107434]  [<ffffffff812a8310>] ? hrtimer_run_queues+0x1c0/0x1c0
[  127.113739]  [<ffffffff814c2e54>] ? __might_fault+0x114/0x1d0
[  127.119623]  [<ffffffff812a891c>] SyS_nanosleep+0xcc/0x120
[  127.125229]  [<ffffffff812a8850>] ? hrtimer_nanosleep+0x540/0x540
[  127.131454]  [<ffffffff8123819b>] ? trace_hardirqs_on_caller+0x38b/0x590
[  127.138291]  [<ffffffff812a8850>] ? hrtimer_nanosleep+0x540/0x540
[  127.144505]  [<ffffffff81006316>] do_syscall_64+0x1a6/0x490
[  127.150196]  [<ffffffff83a019d3>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[  127.157097] 
[  127.158704] Allocated by task 6928:
[  127.162314]  save_stack_trace+0x16/0x20
[  127.166276]  save_stack+0x43/0xd0
[  127.169706]  kasan_kmalloc+0xc7/0xe0
[  127.173397]  kasan_slab_alloc+0x12/0x20
[  127.177349]  kmem_cache_alloc+0xbe/0x290
[  127.181390]  sock_alloc_inode+0x1d/0x260
[  127.185444]  alloc_inode+0x63/0x180
[  127.189050]  new_inode_pseudo+0x17/0xe0
[  127.193004]  sock_alloc+0x41/0x280
[  127.196524]  __sock_create+0x8d/0x5f0
[  127.200299]  SyS_socket+0xf0/0x1b0
[  127.203821]  do_syscall_64+0x1a6/0x490
[  127.207690]  entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[  127.212764] 
[  127.214366] Freed by task 6927:
[  127.217622]  save_stack_trace+0x16/0x20
[  127.221574]  save_stack+0x43/0xd0
[  127.225004]  kasan_slab_free+0x72/0xc0
[  127.228875]  kmem_cache_free+0xbe/0x310
[  127.232845]  sock_destroy_inode+0x56/0x70
[  127.236994]  destroy_inode+0xc5/0x120
[  127.240772]  evict+0x32b/0x4f0
[  127.243943]  iput+0x371/0x900
[  127.247026]  dentry_unlink_inode+0x277/0x330
[  127.251411]  __dentry_kill+0x280/0x4c0
[  127.255275]  dput.part.29+0x5cf/0x7b0
[  127.259052]  dput+0x1f/0x30
[  127.261963]  __fput+0x42f/0x700
[  127.265220]  ____fput+0x15/0x20
[  127.268478]  task_work_run+0x10c/0x180
[  127.272341]  exit_to_usermode_loop+0xfc/0x120
[  127.276811]  do_syscall_64+0x364/0x490
[  127.280675]  entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[  127.285753] 
[  127.287357] The buggy address belongs to the object at ffff8801b76eaa80
[  127.287357]  which belongs to the cache sock_inode_cache of size 960
[  127.300429] The buggy address is located 0 bytes inside of
[  127.300429]  960-byte region [ffff8801b76eaa80, ffff8801b76eae40)
[  127.312112] The buggy address belongs to the page:
[  127.317025] page:ffffea0006ddba00 count:1 mapcount:0 mapping:          (null) index:0xffff8801b76eaec0 compound_mapcount: 0
[  127.328519] flags: 0x8000000000004080(slab|head)
[  127.333249] page dumped because: kasan: bad access detected
[  127.338934] 
[  127.340540] Memory state around the buggy address:
[  127.345451]  ffff8801b76ea980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  127.352789]  ffff8801b76eaa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  127.360127] >ffff8801b76eaa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  127.367469]                    ^
[  127.370819]  ffff8801b76eab00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  127.378157]  ffff8801b76eab80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  127.385493] ==================================================================
[  127.392873] Kernel panic - not syncing: panic_on_warn set ...
[  127.392873] 
[  127.400273] CPU: 1 PID: 6863 Comm: syz-executor5 Tainted: G    B   W       4.9.124-g09eb2ba #31
[  127.409099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  127.418442]  ffff8801db307c58 ffffffff81eb95e9 ffffffff843c828b 00000000ffffffff
[  127.426454]  0000000000000000 0000000000000001 ffff8801d07296d8 ffff8801db307d18
[  127.434484]  ffffffff81423eb5 0000000041b58ab3 ffffffff843bb8e8 ffffffff81423cf6
[  127.442488] Call Trace:
[  127.445051]  <IRQ> [  127.447094]  [<ffffffff81eb95e9>] dump_stack+0xc1/0x128
[  127.452459]  [<ffffffff81423eb5>] panic+0x1bf/0x3bc
[  127.457461]  [<ffffffff81423cf6>] ? add_taint.cold.6+0x16/0x16
[  127.463415]  [<ffffffff8156c27b>] kasan_end_report+0x47/0x4f
[  127.469198]  [<ffffffff8156c59c>] kasan_report.cold.6+0x76/0x2fe
[  127.475342]  [<ffffffff8342904c>] ? inet_shutdown+0x2dc/0x360
[  127.481211]  [<ffffffff8153fad4>] __asan_report_load4_noabort+0x14/0x20
[  127.487953]  [<ffffffff8342904c>] inet_shutdown+0x2dc/0x360
[  127.493650]  [<ffffffff836cb6a0>] ? pppol2tp_recvmsg+0x280/0x280
[  127.499781]  [<ffffffff836cb740>] pppol2tp_session_close+0xa0/0xe0
[  127.506096]  [<ffffffff836c4f71>] l2tp_tunnel_closeall+0x231/0x350
[  127.512413]  [<ffffffff836c57f2>] l2tp_tunnel_destruct+0x2f2/0x590
[  127.518743]  [<ffffffff836c56aa>] ? l2tp_tunnel_destruct+0x1aa/0x590
[  127.525225]  [<ffffffff836c5500>] ? l2tp_tunnel_del_work+0x470/0x470
[  127.531707]  [<ffffffff830281f5>] __sk_destruct+0x55/0x590
[  127.537340]  [<ffffffff812899ee>] rcu_process_callbacks+0x8ae/0x12b0
[  127.543820]  [<ffffffff81289ace>] ? rcu_process_callbacks+0x98e/0x12b0
[  127.550471]  [<ffffffff830281a0>] ? sock_set_timeout+0x210/0x210
[  127.556600]  [<ffffffff83a085c0>] __do_softirq+0x210/0x940
[  127.562209]  [<ffffffff8114d554>] irq_exit+0x114/0x150
[  127.567469]  [<ffffffff83a071a1>] smp_apic_timer_interrupt+0x81/0xa0
[  127.573944]  [<ffffffff83a03330>] apic_timer_interrupt+0xa0/0xb0
[  127.580063]  <EOI> [  127.582106]  [<ffffffff812a4254>] ? __hrtimer_init+0x1a4/0x220
[  127.588076]  [<ffffffff81360d10>] ? __sanitizer_cov_trace_pc+0x20/0x50
[  127.594725]  [<ffffffff812a4254>] __hrtimer_init+0x1a4/0x220
[  127.600503]  [<ffffffff812a8466>] hrtimer_nanosleep+0x156/0x540
[  127.606553]  [<ffffffff812a8310>] ? hrtimer_run_queues+0x1c0/0x1c0
[  127.612859]  [<ffffffff814c2e54>] ? __might_fault+0x114/0x1d0
[  127.618732]  [<ffffffff812a891c>] SyS_nanosleep+0xcc/0x120
[  127.624337]  [<ffffffff812a8850>] ? hrtimer_nanosleep+0x540/0x540
[  127.630559]  [<ffffffff8123819b>] ? trace_hardirqs_on_caller+0x38b/0x590
[  127.637382]  [<ffffffff812a8850>] ? hrtimer_nanosleep+0x540/0x540
[  127.643606]  [<ffffffff81006316>] do_syscall_64+0x1a6/0x490
[  127.649310]  [<ffffffff83a019d3>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[  127.656611] Dumping ftrace buffer:
[  127.660140]    (ftrace buffer empty)
[  127.663827] Kernel Offset: disabled
[  127.667461] Rebooting in 86400 seconds..