[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 20.067193] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.898892] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available) [ 26.310992] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available) [ 27.190101] random: sshd: uninitialized urandom read (32 bytes read, 75 bits of entropy available) Warning: Permanently added '10.128.10.38' (ECDSA) to the list of known hosts. [ 32.848003] random: sshd: uninitialized urandom read (32 bytes read, 82 bits of entropy available) 2018/08/29 10:04:47 fuzzer started [ 34.039585] random: cc1: uninitialized urandom read (8 bytes read, 84 bits of entropy available) 2018/08/29 10:04:49 dialing manager at 10.128.0.26:38441 2018/08/29 10:04:51 syscalls: 1 2018/08/29 10:04:51 code coverage: enabled 2018/08/29 10:04:51 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/08/29 10:04:51 setuid sandbox: enabled 2018/08/29 10:04:51 namespace sandbox: enabled 2018/08/29 10:04:51 fault injection: CONFIG_FAULT_INJECTION is not enabled 2018/08/29 10:04:51 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/08/29 10:04:51 net packed injection: enabled 2018/08/29 10:04:51 net device setup: enabled [ 37.515169] random: nonblocking pool is initialized 10:05:25 executing program 0: timer_create(0x0, &(0x7f0000000180), &(0x7f0000044000)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000300)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r0, 0x6, 0x2, &(0x7f0000000340)=0x800000001ff, 0x10000038f) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22}, 0x1c) getsockopt$IP_VS_SO_GET_SERVICES(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000440)=""/86, &(0x7f0000000140)=0x56) listen(r0, 0xfffffffdffffffff) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, &(0x7f0000000040), 0x26fc, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000, 0x0, 0x48000000]}, 0x5}, 0x1c) 10:05:25 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x400000000000002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"0000000000000000000000000200", 0x12}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f00000000c0), 0xc, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="030000000000000008001b00000000007f42603ba8c44b53a8946d17ca8f2829fdf2ea579b3bfcbbb4090b5503bd1266ae3ce29816a81fd77346cda95be83dd066a0d388cbc068eac17fe30b1632a68b8e007105d796a207b890a9b76d026c0aa520fd20999a3e5cfaef8008e39a58d490139740cb6265d1b1e4dd75817acf4e332c8d7ddc8167b9d61a833bf920c33405103d64335d6a453f251a17e47cc0b418cd2cad19b0da102b3ead70ebbf8e87041e8dc7488ab5f82b67e3ed4936bd0058e6d55edabd2320029dfb6d3a159846441c850779d23352eb46f572d98102ad150f32cd051b43c268d7e5516f5a78b24c7375b0f5790a375637cd48ad8401cf3c98ffe8bf5d19a6f683fb79fdb6e320"], 0x1}}, 0x0) write$binfmt_aout(r0, &(0x7f0000000280), 0x20) 10:05:25 executing program 3: ioctl$VT_GETSTATE(0xffffffffffffffff, 0x5603, &(0x7f0000000040)={0x0, 0x8}) r0 = gettid() timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) getrandom(&(0x7f0000000480)=""/217, 0xfffffffffffffefb, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, &(0x7f0000040000)) setpgid(r0, r0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x1a040, 0x0) tkill(r0, 0x1000000000016) 10:05:25 executing program 5: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioprio_get$pid(0x3, 0x0) 10:05:25 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000280)='cpu.weight.nice\x00', 0x2, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r1, &(0x7f0000000000), 0x12) 10:05:25 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x805, 0x0) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) 10:05:25 executing program 7: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000001000)=""/246) 10:05:25 executing program 6: syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='fdinfo/3\x00') r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="0a5cc80700315f85715070") perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) get_robust_list(0x0, &(0x7f0000000200)=&(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)}}, &(0x7f0000000240)=0x18) [ 71.523505] IPVS: Creating netns size=2552 id=1 [ 71.585332] IPVS: Creating netns size=2552 id=2 [ 71.667338] IPVS: Creating netns size=2552 id=3 [ 71.780648] IPVS: Creating netns size=2552 id=4 [ 71.932093] IPVS: Creating netns size=2552 id=5 [ 72.077408] IPVS: Creating netns size=2552 id=6 [ 72.288789] IPVS: Creating netns size=2552 id=7 [ 72.462917] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 72.515026] IPVS: Creating netns size=2552 id=8 [ 72.585723] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 72.857818] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 72.897589] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 72.931247] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 72.989472] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 73.010943] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 73.035547] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 73.438997] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 73.494232] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 73.504246] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 73.543017] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 73.586123] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 73.598572] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 73.640931] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 73.819566] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 73.940268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 73.966878] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 73.981311] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 73.993628] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 74.006921] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 74.056179] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 74.065739] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 74.076189] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 74.090278] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 74.109641] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 74.149123] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 74.195322] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 74.304635] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 74.317778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 74.334690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 74.464141] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 74.476409] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 74.498481] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 74.558878] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 74.571754] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 74.674076] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 74.689728] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 74.761971] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 74.774548] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 74.845901] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 74.898276] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 74.957114] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 75.025862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 75.079286] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 75.125879] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 75.144309] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 75.259378] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 75.287123] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 75.307847] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 75.349696] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 75.361702] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 75.391459] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 75.508936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 75.520675] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 75.531297] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 75.586111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 75.615528] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 75.692188] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 75.749436] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 75.809583] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 75.814896] ip (4518) used greatest stack depth: 23520 bytes left [ 75.942116] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 76.025342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 76.110156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 78.802287] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 79.081358] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 79.114025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.185232] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 79.356467] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 79.396173] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.448021] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.623348] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 79.703108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.892184] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 79.926052] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 80.181652] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 80.217710] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 80.358280] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 80.640623] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 80.679516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 10:05:36 executing program 3: perf_event_open(&(0x7f0000aaa000)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) modify_ldt$write2(0x11, &(0x7f0000c8cff7), 0x10) 10:05:36 executing program 3: 10:05:36 executing program 0: 10:05:36 executing program 1: 10:05:36 executing program 3: 10:05:36 executing program 0: 10:05:36 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000040)='cpuset.mem_exclusive\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000080), 0x12) 10:05:36 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85715070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f00000000c0)='cgroup2\x00', 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0//ile0\x00', 0x0) r1 = inotify_init() inotify_add_watch(r1, &(0x7f0000000080)='./file0\x00', 0x4000200) rmdir(&(0x7f0000000600)='./file0//ile0\x00') 10:05:36 executing program 0: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6_vti0\x00'}) mknod$loop(&(0x7f0000001100)='./file0\x00', 0x0, 0xffffffffffffffff) openat$dir(0xffffffffffffff9c, &(0x7f0000001780)='./file0\x00', 0x8000, 0x18) 10:05:36 executing program 1: 10:05:36 executing program 1: 10:05:36 executing program 5: 10:05:36 executing program 0: 10:05:37 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001540)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f0000002900)}}], 0x1, 0x0, &(0x7f0000003280)) r0 = syz_open_procfs(0x0, &(0x7f0000000280)='net/psched\x00') preadv(r0, &(0x7f00000017c0), 0x1c4, 0x0) 10:05:37 executing program 7: 10:05:37 executing program 3: 10:05:37 executing program 1: 10:05:37 executing program 4: 10:05:37 executing program 0: 10:05:37 executing program 5: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x856, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) modify_ldt$write2(0x11, &(0x7f0000c8cff7), 0x10) modify_ldt$read(0x0, &(0x7f0000000000)=""/131, 0x755a856d1deebb76) 10:05:37 executing program 2: 10:05:37 executing program 6: 10:05:37 executing program 1: 10:05:37 executing program 3: 10:05:37 executing program 2: 10:05:37 executing program 0: 10:05:37 executing program 4: 10:05:37 executing program 1: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0a5c2d0252806285717070") r1 = socket$inet6(0xa, 0x2000000802, 0x0) sendmsg(r1, &(0x7f0000000000)={&(0x7f0000000100)=@in6={0xa, 0x4e24, 0x0, @dev}, 0x80, &(0x7f0000000180), 0x0, &(0x7f0000000200)}, 0x0) 10:05:37 executing program 6: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001540)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f0000002900)}}], 0x1, 0x0, &(0x7f0000003280)) r0 = syz_open_procfs(0x0, &(0x7f0000000740)='net/ip_vs_stats\x00') preadv(r0, &(0x7f00000017c0), 0x1c4, 0x0) 10:05:37 executing program 7: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x857, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xa) write(r0, &(0x7f00000000c0)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) 10:05:37 executing program 0: r0 = memfd_create(&(0x7f0000000140)='md5sumbdev.vmnet1lo\x00', 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) r1 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000280)="2f65786500000000000409004bddd9de91be10eebf000e0e281ab42fb897c0d554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a984237d092ef1c00b517026f8bd7f2b0436a4c40960ab3f6bc482809f6bd82caa34799193b35445293b992ab5e44573eef5fd0f423a5cfb386f9cc996c6effde7e603fdeab448671b63bec6e9395aabab4d045f1ad982a2a897fafa710be9e681f3c6a45db03d9e6cb58fbec3d8397005f17d6f7afa102ded1837bcb805600000000000000000000") pread64(r2, &(0x7f0000000080), 0xff7c, 0x0) execveat(r1, &(0x7f0000000000)='\x00', &(0x7f00000003c0), &(0x7f0000000500), 0x1000) 10:05:37 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001540)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f0000002900)}}], 0x1, 0x0, &(0x7f0000003280)) r0 = syz_open_procfs(0x0, &(0x7f0000000280)='net/psched\x00') preadv(r0, &(0x7f00000017c0), 0x1c4, 0x0) 10:05:37 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000280)='/dev/rfkill\x00', 0x0, 0x0) ioctl$RNDADDTOENTCNT(r0, 0x40045201, &(0x7f00000000c0)) ioctl$KDGKBMODE(0xffffffffffffffff, 0x4b44, &(0x7f0000000000)) ioctl$RNDADDTOENTCNT(r0, 0x40045201, &(0x7f0000000080)) 10:05:37 executing program 2: sendmsg$key(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="f6aaffff40"], 0x5}}, 0x0) r0 = socket$inet(0x2, 0x100000000000003, 0x2) setsockopt$inet_int(r0, 0x1f00000000000000, 0xd2, &(0x7f0000000000), 0x3c) 10:05:37 executing program 3: pipe2$9p(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000480)={0xb, 0x29, 0x1}, 0xb) write$P9_RWRITE(0xffffffffffffffff, &(0x7f0000000400)={0xb}, 0xb) write$P9_RLOCK(r0, &(0x7f00000000c0)={0x8, 0x35, 0x1}, 0x8) 10:05:37 executing program 1: 10:05:37 executing program 6: 10:05:37 executing program 5: 10:05:37 executing program 7: 10:05:37 executing program 1: 10:05:37 executing program 2: 10:05:37 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001540)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f0000002900)}}], 0x1, 0x0, &(0x7f0000003280)) getgid() stat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') preadv(r1, &(0x7f00000017c0), 0x1c4, 0x0) 10:05:37 executing program 6: mkdir(&(0x7f0000000740)='./file0\x00', 0x0) mount(&(0x7f00000000c0)='A::2:e:\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='ceph\x00', 0x0, &(0x7f00000007c0)) 10:05:37 executing program 3: perf_event_open(&(0x7f000025c000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) timer_create(0x2, &(0x7f0000000880)={0x0, 0x0, 0x1, @thr={&(0x7f0000000580), &(0x7f0000000680)}}, &(0x7f00000002c0)) 10:05:37 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x3400f}, 0xc, &(0x7f0000000100)={&(0x7f0000000000)={0x18, 0x31, 0x829, 0x0, 0x0, {0x2}, [@nested={0x4}]}, 0x18}}, 0x0) 10:05:37 executing program 0: r0 = memfd_create(&(0x7f0000000140)='md5sumbdev.vmnet1lo\x00', 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) r1 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000280)="2f65786500000000000409004bddd9de91be10eebf000e0e281ab42fb897c0d554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a984237d092ef1c00b517026f8bd7f2b0436a4c40960ab3f6bc482809f6bd82caa34799193b35445293b992ab5e44573eef5fd0f423a5cfb386f9cc996c6effde7e603fdeab448671b63bec6e9395aabab4d045f1ad982a2a897fafa710be9e681f3c6a45db03d9e6cb58fbec3d8397005f17d6f7afa102ded1837bcb805600000000000000000000") pread64(r2, &(0x7f0000000080), 0xff7c, 0x0) execveat(r1, &(0x7f0000000000)='\x00', &(0x7f00000003c0), &(0x7f0000000500), 0x1000) 10:05:37 executing program 1: mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='devpts\x00', 0x0, 0x0) umount2(&(0x7f00000000c0)='./file0\x00', 0x0) 10:05:37 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000d65000)={&(0x7f00000000c0), 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x7, 0xffffffffffffffff}, 0x14}}, 0x0) 10:05:37 executing program 3: perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x6, 0x108000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='projid_map\x00') sendfile(r1, r0, &(0x7f0000000040), 0x8000) 10:05:37 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001540)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f0000002900)}}], 0x1, 0x0, &(0x7f0000003280)) r0 = getgid() stat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)) stat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(r0, 0x0, r1) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') preadv(r2, &(0x7f00000017c0), 0x1c4, 0x0) listen(0xffffffffffffffff, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x0, 0x0) 10:05:37 executing program 7: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001540)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f0000002900)}}], 0x1, 0x0, &(0x7f0000003280)) r0 = getgid() stat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(r0, r1, r2) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') preadv(r3, &(0x7f00000017c0), 0x1c4, 0x0) listen(0xffffffffffffffff, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x0, 0x0) 10:05:37 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000280)='cpu.weight.nice\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0xf1) socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000000c0)="18d1d5464bfddc633a393a57720a5cc80700315f85") write$cgroup_int(r1, &(0x7f0000000000)=0x1, 0x12) 10:05:37 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x6) writev(r0, &(0x7f0000000100)=[{&(0x7f00000003c0)="580000001400192340834b80040d8c560a069fffffff81004e220000040058000b4824ca944f64009400050028925aa8000000000000008000f0fffeffff09000000fff5dd00000010000100000c0900fcff0000040e05a5", 0x58}], 0x1) 10:05:37 executing program 0: r0 = memfd_create(&(0x7f0000000140)='md5sumbdev.vmnet1lo\x00', 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) r1 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000280)="2f65786500000000000409004bddd9de91be10eebf000e0e281ab42fb897c0d554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a984237d092ef1c00b517026f8bd7f2b0436a4c40960ab3f6bc482809f6bd82caa34799193b35445293b992ab5e44573eef5fd0f423a5cfb386f9cc996c6effde7e603fdeab448671b63bec6e9395aabab4d045f1ad982a2a897fafa710be9e681f3c6a45db03d9e6cb58fbec3d8397005f17d6f7afa102ded1837bcb805600000000000000000000") pread64(r2, &(0x7f0000000080), 0xff7c, 0x0) execveat(r1, &(0x7f0000000000)='\x00', &(0x7f00000003c0), &(0x7f0000000500), 0x1000) 10:05:37 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000f61000)={0xffffffffffffffff}, 0x0) fcntl$setstatus(r0, 0x4, 0x6003) 10:05:37 executing program 1: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000000), 0xc, &(0x7f0000000300)={&(0x7f00000009c0)={0x14, 0x26, 0x5, 0x0, 0x0, {0x3}}, 0x14}}, 0x0) 10:05:37 executing program 1: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x856, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r0, &(0x7f0000000040)={&(0x7f0000beb000)=@abs, 0x6e, &(0x7f000000d000), 0x0, &(0x7f00000000c0)=ANY=[@ANYRES32], 0x4}, 0x0) 10:05:37 executing program 0: r0 = memfd_create(&(0x7f0000000140)='md5sumbdev.vmnet1lo\x00', 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) r1 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000280)="2f65786500000000000409004bddd9de91be10eebf000e0e281ab42fb897c0d554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a984237d092ef1c00b517026f8bd7f2b0436a4c40960ab3f6bc482809f6bd82caa34799193b35445293b992ab5e44573eef5fd0f423a5cfb386f9cc996c6effde7e603fdeab448671b63bec6e9395aabab4d045f1ad982a2a897fafa710be9e681f3c6a45db03d9e6cb58fbec3d8397005f17d6f7afa102ded1837bcb805600000000000000000000") pread64(r2, &(0x7f0000000080), 0xff7c, 0x0) execveat(r1, &(0x7f0000000000)='\x00', &(0x7f00000003c0), &(0x7f0000000500), 0x1000) 10:05:37 executing program 7: getrusage(0x40000004000000, &(0x7f00000015c0)) 10:05:37 executing program 5: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000140)='./file0//ile0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) rename(&(0x7f0000000000)='./file0//ile0/file0\x00', &(0x7f0000000040)='./file0//ile0\x00') 10:05:37 executing program 2: r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000440)='ns/cgroup\x00') fcntl$setownex(r0, 0xf, &(0x7f0000000540)) 10:05:37 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @remote}, 0x10) r1 = socket(0xa, 0x1, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000000040)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_int(r0, 0x0, 0x0, &(0x7f0000000240), 0x4) 10:05:37 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='team_slave_0\x00', 0x10) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e24, 0x0, @ipv4={[], [], @dev}}, 0x1c) sendmmsg(r0, &(0x7f00000002c0), 0x4cc, 0x20007ffc) 10:05:37 executing program 6: r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}}, 0x1c) sendmmsg(r1, &(0x7f0000005fc0), 0x4000000000000c2, 0x0) 10:05:37 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f00000001c0)=0x1, 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000480)='syz_tun\x00', 0x10) sendto$inet6(r0, &(0x7f0000000000)="15", 0x1, 0x200408d6, &(0x7f00000011c0)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) 10:05:37 executing program 7: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000140)='./file0//ile0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000380)='./file0//ile0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000100), 0x12) 10:05:37 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, "e91f7189591e9233614b00"}, 0xc) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000080)=@file={0x1, "e91f7189591e9233614b00"}, 0x6e) connect$unix(r1, &(0x7f0000000000)=@file={0x1, "e91f7189591e9233614b00"}, 0x6e) openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) accept4$unix(r1, &(0x7f000046f000)=@abs, &(0x7f0000937000)=0x6e, 0x0) 10:05:38 executing program 4: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rtc0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$RTC_AIE_ON(r0, 0x80287010) [ 83.325862] ================================================================== [ 83.333289] BUG: KASAN: slab-out-of-bounds in ip6_xmit+0x177c/0x1a00 [ 83.339795] Read of size 8 at addr ffff8800b50e1c98 by task syz-executor6/6109 [ 83.347147] [ 83.348813] CPU: 1 PID: 6109 Comm: syz-executor6 Not tainted 4.4.153-g5e24b4e #26 [ 83.356427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 83.365778] 0000000000000000 315958401a4aaef7 ffff8801be137548 ffffffff81e162ed 10:05:38 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x8912, &(0x7f0000000000)="0a5cc80700315f85715070") ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x15, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x006V\x00'], 0x0, 0x0, &(0x7f00000003c0)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 10:05:38 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d0252926285717070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x8, &(0x7f0000000000)=0xffffffffffffffff, 0x223) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f00000002c0)={0xffffffffffffffbe, 0x1000000000004}, 0x8) listen(r2, 0x0) sendto$inet6(r1, &(0x7f0000000300), 0x0, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x4e22}, 0x1c) close(r1) [ 83.373873] ffffea0002d43840 ffff8800b50e1c98 0000000000000000 ffff8800b50e1c98 [ 83.381922] 0000000000001000 ffff8801be137580 ffffffff8151b4d9 ffff8800b50e1c98 [ 83.389991] Call Trace: [ 83.392595] [] dump_stack+0xc1/0x124 [ 83.397994] [] print_address_description+0x6c/0x216 [ 83.404655] [] kasan_report.cold.7+0x175/0x2f7 [ 83.410953] [] ? ip6_xmit+0x177c/0x1a00 [ 83.416580] [] __asan_report_load8_noabort+0x14/0x20 10:05:38 executing program 2: syz_emit_ethernet(0x1, &(0x7f0000000480)=ANY=[@ANYBLOB="0180c200000000000000000086dd60770ea900100000fe8000000000000000000000000000000000000000000000000000000000000000000000c20190780022c66c001ed62e"], &(0x7f0000000100)) 10:05:38 executing program 4: r0 = socket$inet6(0xa, 0x803, 0x2000000003) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0a5c2d0252926285717070") r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000340)={&(0x7f0000000000), 0xc, &(0x7f0000000300)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x721, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}, @IFLA_NET_NS_FD={0x8}]}, 0x50}}, 0x0) [ 83.423332] [] ip6_xmit+0x177c/0x1a00 [ 83.428784] [] ? kasan_slab_free+0x72/0xc0 [ 83.434660] [] ? kfree+0xf4/0x310 [ 83.439764] [] ? pskb_expand_head+0x683/0x970 [ 83.445901] [] ? ip6_finish_output2+0x1ca0/0x1ca0 [ 83.452385] [] ? __lock_is_held+0xa2/0xf0 [ 83.458176] [] ? ipv4_dst_check+0x111/0x160 [ 83.464144] [] ? __sk_dst_check+0x114/0x270 [ 83.470111] [] inet6_csk_xmit+0x245/0x490 [ 83.475924] [] ? inet6_csk_xmit+0xff/0x490 [ 83.481808] [] ? inet6_csk_update_pmtu+0x160/0x160 [ 83.488416] [] ? udp6_set_csum+0xd3/0xa70 [ 83.494206] [] l2tp_xmit_skb+0xb9c/0xe80 [ 83.499920] [] pppol2tp_sendmsg+0x4e0/0x7d0 [ 83.505894] [] ? selinux_socket_sendmsg+0x3f/0x50 [ 83.507043] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 10:05:38 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, "e91f7189591e9233614b00"}, 0xc) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000080)=@file={0x1, "e91f7189591e9233614b00"}, 0x6e) connect$unix(r1, &(0x7f0000000000)=@file={0x1, "e91f7189591e9233614b00"}, 0x6e) openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) accept4$unix(r1, &(0x7f000046f000)=@abs, &(0x7f0000937000)=0x6e, 0x0) [ 83.508800] binder: release 6129:6134 transaction 2 out, still active [ 83.510826] binder: undelivered TRANSACTION_COMPLETE [ 83.534344] [] ? pppol2tp_release+0x310/0x310 [ 83.536367] binder_alloc: binder_alloc_mmap_handler: 6129 20001000-20004000 already mapped failed -16 [ 83.536647] binder: BINDER_SET_CONTEXT_MGR already set [ 83.536655] binder: 6129:6134 ioctl 40046207 0 returned -16 [ 83.536819] binder_alloc: 6129: binder_alloc_buf, no vma [ 83.536863] binder: 6129:6139 transaction failed 29189/-3, size 0-0 line 3137 [ 83.538019] binder: send failed reply for transaction 2, target dead [ 83.579913] [] sock_sendmsg+0xcc/0x110 [ 83.585435] [] ___sys_sendmsg+0x441/0x880 [ 83.591217] [] ? copy_msghdr_from_user+0x550/0x550 [ 83.597797] [] ? __fget+0x148/0x3b0 [ 83.603072] [] ? __fget+0x16f/0x3b0 [ 83.608331] [] ? __fget+0x47/0x3b0 [ 83.613516] [] ? __fget_light+0x9f/0x1f0 [ 83.619210] [] ? __fdget+0x18/0x20 [ 83.624386] [] ? sockfd_lookup_light+0xb6/0x160 [ 83.630688] [] __sys_sendmmsg+0x1d4/0x2e0 [ 83.636467] [] ? SyS_sendmsg+0x50/0x50 [ 83.641996] [] ? ip6_datagram_connect+0x3a/0x50 [ 83.648299] [] ? inet_dgram_connect+0x11e/0x200 [ 83.654602] [] ? fput+0x20/0x150 [ 83.659598] [] ? SYSC_connect+0x22a/0x300 [ 83.665384] [] ? SYSC_bind+0x280/0x280 [ 83.670909] [] ? compat_SyS_futex+0x1e1/0x2f0 [ 83.677051] [] ? compat_SyS_get_robust_list+0x310/0x310 [ 83.684050] [] ? SyS_socket+0x121/0x1b0 [ 83.689659] [] ? move_addr_to_kernel+0x50/0x50 [ 83.695888] [] compat_SyS_sendmmsg+0x32/0x40 [ 83.702108] [] ? compat_SyS_sendmsg+0x40/0x40 [ 83.708239] [] do_fast_syscall_32+0x324/0x8b0 [ 83.714400] [] sysenter_flags_fixed+0xd/0x1a [ 83.720434] [ 83.722044] Allocated by task 0: [ 83.725385] (stack is not available) [ 83.729089] [ 83.730699] Freed by task 0: [ 83.733692] (stack is not available) [ 83.737378] [ 83.738993] The buggy address belongs to the object at ffff8800b50e1c80 [ 83.738993] which belongs to the cache ip_dst_cache of size 208 [ 83.751989] The buggy address is located 24 bytes inside of [ 83.751989] 208-byte region [ffff8800b50e1c80, ffff8800b50e1d50) [ 83.763758] The buggy address belongs to the page: [ 85.691386] PANIC: double fault, error_code: 0x0 [ 85.696172] CPU: 1 PID: 6109 Comm: syz-executor6 Not tainted 4.4.153-g5e24b4e #26 [ 85.703772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 85.713112] task: ffff8800b0d96000 task.stack: ffff8801be130000 [ 85.719146] RIP: 0010:[] [] dump_page_badflags+0x1a/0x70 [ 85.727929] RSP: 0018:ffff8800fffffff8 EFLAGS: 00010092 [ 85.733356] RAX: 0000000000040000 RBX: ffffea0002d43840 RCX: ffffc90005c88000 [ 85.740606] RDX: 0000000000000000 RSI: ffffffff83aaae60 RDI: ffffea0002d43840 [ 85.747883] RBP: ffff880100000028 R08: 0000000000000001 R09: 0000000000000000 [ 85.755150] R10: 0000000000000001 R11: ffffffff858f0274 R12: 0000000000000000 [ 85.762424] R13: ffffffff83aaae60 R14: ffff8800b50e1c80 R15: ffff8800b50e1d50 [ 85.769673] FS: 0000000000000000(0000) GS:ffff8801db300000(0063) knlGS:00000000f5778b40 [ 85.777878] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 85.783758] CR2: ffff8800ffffffe8 CR3: 00000001d379d000 CR4: 00000000001606f0 [ 85.791015] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 85.798268] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 85.805520] Stack: [ 85.807673] BUG: unable to handle kernel paging request at ffff8800fffffff8 [ 85.815015] IP: [] show_stack_log_lvl.cold.1+0x73/0x12e [ 85.822083] PGD 6330067 PUD 0 [ 85.825517] Thread overran stack, or stack corrupted [ 85.830597] Oops: 0000 [#1] PREEMPT SMP KASAN [ 85.835601] Dumping ftrace buffer: [ 85.839118] (ftrace buffer empty) [ 85.842822] Modules linked in: [ 85.846139] CPU: 1 PID: 6109 Comm: syz-executor6 Not tainted 4.4.153-g5e24b4e #26 [ 85.853740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 85.863081] task: ffff8800b0d96000 task.stack: ffff8801be130000 [ 85.869120] RIP: 0010:[] [] show_stack_log_lvl.cold.1+0x73/0x12e [ 85.878604] RSP: 0018:ffff8801db30ce68 EFLAGS: 00010046 [ 85.884049] RAX: ffff880100000000 RBX: 0000000000000000 RCX: ffff8801db307fc0 [ 85.891301] RDX: ffff8800fffffff8 RSI: ffffffff81e75e5b RDI: ffffffff83c15580 [ 85.898550] RBP: ffff8801db30cec0 R08: ffff8801db2fffc0 R09: 0000000000000000 [ 85.905804] R10: 0000000000000001 R11: ffffffff858f0254 R12: ffffffff841dca7c [ 85.913071] R13: ffff8801db30cf58 R14: 0000000000000000 R15: ffffffff841dca6a [ 85.920324] FS: 0000000000000000(0000) GS:ffff8801db300000(0063) knlGS:00000000f5778b40 [ 85.928532] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 85.934396] CR2: ffff8800fffffff8 CR3: 00000001d379d000 CR4: 00000000001606f0 [ 85.941648] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 85.948897] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 85.956160] Stack: [ 85.958293] ffffffff841dca7c ffff8800b0d96000 315958401a4aaef7 0000000000000001 [ 85.966345] ffff880100000000 ffff8800fffffff8 ffff8801db30cf58 ffff8800fffffff8 [ 85.974418] 0000000000000040 ffff8800fffffff8 ffff8800b50e1d50 ffff8801db30cf00 [ 85.982448] Call Trace: [ 85.985011] <#DF> [ 85.987064] [] show_regs.cold.2+0xa0/0x124 [ 85.993247] [] df_debug+0x1c/0x2d [ 85.998340] [] do_double_fault+0x113/0x230 [ 86.004210] [] double_fault+0x2d/0x40 [ 86.009647] [] ? dump_page_badflags+0x1a/0x70 [ 86.015772] <> [ 86.017988] Code: 3c 90 2f 00 48 8b 55 c8 48 8b 4d c0 4c 8b 45 b8 44 8b 4d b4 48 8d 42 08 41 f6 c1 03 48 89 45 c8 75 6a 45 85 c9 0f 85 8a 00 00 00 <48> 8b 12 4c 89 e6 48 c7 c7 72 ca 1d 84 44 89 4d b4 4c 89 45 b8 [ 86.046290] RIP [] show_stack_log_lvl.cold.1+0x73/0x12e [ 86.053410] RSP [ 86.057018] CR2: ffff8800fffffff8 [ 86.060453] ---[ end trace 992742787ea1d36b ]--- [ 86.065189] Kernel panic - not syncing: Fatal exception in interrupt [ 86.072021] Dumping ftrace buffer: [ 86.075557] (ftrace buffer empty) [ 86.079242] Kernel Offset: disabled [ 86.082843] Rebooting in 86400 seconds..