[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   20.871358] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   26.490743] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available)
[   27.034572] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available)
[   27.987916] random: sshd: uninitialized urandom read (32 bytes read, 91 bits of entropy available)
Warning: Permanently added '10.128.0.44' (ECDSA) to the list of known hosts.
[   33.594669] random: sshd: uninitialized urandom read (32 bytes read, 99 bits of entropy available)
2018/08/29 14:24:59 fuzzer started
[   34.912098] random: cc1: uninitialized urandom read (8 bytes read, 101 bits of entropy available)
2018/08/29 14:25:01 dialing manager at 10.128.0.26:43165
2018/08/29 14:25:04 syscalls: 1
2018/08/29 14:25:04 code coverage: enabled
2018/08/29 14:25:04 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/08/29 14:25:04 setuid sandbox: enabled
2018/08/29 14:25:04 namespace sandbox: enabled
2018/08/29 14:25:04 fault injection: CONFIG_FAULT_INJECTION is not enabled
2018/08/29 14:25:04 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/08/29 14:25:04 net packed injection: enabled
2018/08/29 14:25:04 net device setup: enabled
[   39.820707] random: nonblocking pool is initialized
14:25:49 executing program 0:
r0 = syz_open_dev$ndb(&(0x7f00000000c0)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKROGET(r0, 0x125e, &(0x7f0000000080))

14:25:49 executing program 1:
syz_emit_ethernet(0x3e, &(0x7f0000000040)={@local, @link_local={0x5}, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev}, @icmp=@parameter_prob={0x3, 0x5, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x104, 0x0, @local, @dev}}}}}}, &(0x7f0000000000))

14:25:49 executing program 7:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$l2tp(0xffffffffffffffff, &(0x7f0000001200)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e23, @multicast1}, 0x0, 0x2}}, 0x2e)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c)
r1 = socket$l2tp(0x18, 0x1, 0x1)
connect$l2tp(r1, &(0x7f00005fafd2)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast1}}, 0x1c)
sendmmsg(r1, &(0x7f0000005fc0)=[{{&(0x7f0000005680)=@sco, 0x80, &(0x7f0000005b00)}}, {{&(0x7f0000005b80)=@l2, 0x80, &(0x7f0000005c40), 0x1f4, &(0x7f0000005c80), 0x3a00}}], 0x3e8, 0x0)

14:25:49 executing program 2:
r0 = socket$key(0xf, 0x3, 0x2)
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$key(r0, &(0x7f0000b6dfc8)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000100)=ANY=[@ANYBLOB="020a000007000000000000000000000005001a00fe800000000000000000002d7b0000bbfe80000000000000000000000000000000000200"], 0x38}}, 0x0)

14:25:49 executing program 3:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mount(&(0x7f0000018000)='./file0\x00', &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='ramfs\x00', 0x50, &(0x7f000000a000))
r0 = creat(&(0x7f0000df1000)='./file0/bus\x00', 0xbc9dc8fbd81cb4b1)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1})
unshare(0x40600)
r2 = gettid()
write$P9_RSYMLINK(r0, &(0x7f0000000000)={0x14}, 0x14)
timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000fd7000))
timer_settime(0x0, 0x0, &(0x7f0000d07000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x1000000000016)
r3 = creat(&(0x7f00001d3ff4)='./file0/bus\x00', 0x0)
dup2(r3, r0)

14:25:49 executing program 4:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
sendfile(r1, r1, &(0x7f0000000040)=0x2000, 0x9)

14:25:49 executing program 5:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net\x00', 0x200002, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0xd4b9afd)
ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x2})
dup3(r0, r1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
socket$packet(0x11, 0x0, 0x300)
fsync(0xffffffffffffffff)

14:25:49 executing program 6:
exit(0x0)
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = dup(r0)
getsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000000), &(0x7f0000000140)=0x4)
setsockopt$inet6_IPV6_ADDRFORM(r1, 0x29, 0x1, &(0x7f0000000180), 0x4)

[   84.577440] IPVS: Creating netns size=2552 id=1
[   84.666719] IPVS: Creating netns size=2552 id=2
[   84.753837] IPVS: Creating netns size=2552 id=3
[   84.845375] IPVS: Creating netns size=2552 id=4
[   84.976704] IPVS: Creating netns size=2552 id=5
[   85.138916] IPVS: Creating netns size=2552 id=6
[   85.320461] IPVS: Creating netns size=2552 id=7
[   85.571844] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   85.585683] IPVS: Creating netns size=2552 id=8
[   85.648368] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   85.825047] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   85.927824] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   85.939387] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   86.006776] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   86.346218] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   86.433433] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   86.442193] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   86.454860] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   86.544597] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   86.558053] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   86.678068] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   86.694192] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   86.805519] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   86.818833] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   86.863095] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   86.955541] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   86.976323] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   86.998713] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   87.012932] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   87.080354] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   87.094640] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   87.139542] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   87.202025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   87.211444] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   87.354464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   87.397521] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   87.575515] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   87.591464] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   87.658748] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   87.672867] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   87.683606] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   87.695613] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   87.748089] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   87.771990] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   87.840520] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   87.908291] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   87.969256] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   88.007831] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   88.019907] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   88.033856] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   88.072073] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   88.099598] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   88.132877] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   88.183267] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   88.195723] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   88.236633] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   88.298343] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   88.308693] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   88.420304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   88.445217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   88.477630] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   88.520002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   88.554920] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   88.647915] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   88.678372] ip (4577) used greatest stack depth: 23600 bytes left
[   88.688777] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   88.732256] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   88.818813] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   88.910405] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   89.114604] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   89.205790] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   89.332673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   89.455381] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   91.704089] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   91.971481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   92.044596] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   92.376791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   92.518859] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   92.586605] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   92.806811] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   92.848761] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   92.912489] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   93.103948] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   93.143562] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   93.275520] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   93.431521] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   93.584847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   93.859891] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
14:25:59 executing program 1:
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000009c0)='/dev/sequencer\x00', 0x200000, 0x0)
getsockopt$ARPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x63, &(0x7f00000003c0)={"4e45544d41500000000000000000000000000100"}, &(0x7f0000000300)=0x1e)
r1 = socket$inet6(0xa, 0x400000000001, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000001400)={'sit0\x00', &(0x7f00000002c0)=ANY=[@ANYBLOB="0000000000000000000000bf7f00000000000000f75f0000000030b614ca8609e12b0000000000000000"]})
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f000074fffc), 0x348)
r2 = dup(r1)
setsockopt$inet_MCAST_MSFILTER(r2, 0x0, 0x30, &(0x7f0000000500)={0xfff, {{0x2, 0x4e24, @remote}}, 0x1, 0x8, [{{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xf}}}, {{0x2, 0x4e21, @multicast2}}, {{0x2, 0x4e22, @loopback}}, {{0x2, 0x4e24, @multicast2}}, {{0x2, 0x4e22, @broadcast}}, {{0x2, 0x4e24, @broadcast}}, {{0x2, 0x4e22, @multicast1}}, {{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1d}}}]}, 0x490)
setsockopt$inet6_tcp_int(r2, 0x6, 0x20000000000002, &(0x7f00007b1000)=0x81, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
getxattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000180)=@known='security.selinux\x00', &(0x7f00000001c0)=""/126, 0x7e)
ioctl$TUNGETFILTER(r2, 0x800854db, &(0x7f0000000340)=""/20)
write$P9_RREADDIR(r4, &(0x7f0000000400)=ANY=[@ANYBLOB="f5000000290200ff0700000104000000040000000000000004000000000000000105002e2f6275731002000000050000000000000002000029fa16aa4f6bd79d2e2f6275735001000000000000000000000001000000000000000105002e2f627573040200000001000000000000006e7d0000000000000005002e2f627573250300000001000000000000001f00000000000000ff05002e2f6275730802000000030000000000000003000000000000000805002e2f6275730400000000000000000000000007000000000000000636140750677383633000030000000400000000000000fc0e0000000000000605002e2f627573"], 0xf5)
bind$inet6(r1, &(0x7f0000000180)={0xa, 0x80000004e20, 0x3, @loopback, 0x4}, 0x1c)
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000040))
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000140)=0x200, 0x4)
ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000080))
ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f00000000c0))
ioctl$KIOCSOUND(0xffffffffffffffff, 0x4b2f, 0x0)
ioctl$EVIOCGSW(0xffffffffffffffff, 0x8040451b, &(0x7f00000001c0)=""/205)
sendto$inet6(r1, &(0x7f0000000300), 0x0, 0x20004000, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
fcntl$setsig(0xffffffffffffffff, 0xa, 0x0)
r5 = open(&(0x7f0000000380)='./bus\x00', 0x141042, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000a00)='/dev/hwrng\x00', 0xc2603, 0x0)
ftruncate(r5, 0x7fff)
sendfile(r2, r5, &(0x7f0000000100), 0x8000fffffffe)

[   94.181151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
14:25:59 executing program 1:
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x2, 0x0)
write$binfmt_aout(r0, &(0x7f00000001c0)={{0x1cf, 0x81, 0x0, 0x2fc, 0x206, 0x59, 0x8c, 0x5}, "6e95cf231ddda30be172f36d95e071cdbb206fd5128ee83da98b27bc37d705645bc4392693d4e79fbc9a88050d71e6b8f2b0437d74c7e0c1b3abf7eba44df09f1c39a892b44e6ad86c4d06550d991aaf59c7329eeec73a72", [[]]}, 0x178)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_retries\x00', 0x2, 0x0)
getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, &(0x7f0000000100)=""/30, &(0x7f0000000140)=0x1e)
ioctl$EVIOCGUNIQ(r1, 0x80404508, &(0x7f00000000c0)=""/26)
ioctl$int_out(r1, 0x80004523, &(0x7f0000000080))
lseek(r2, 0x0, 0x0)

14:26:00 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
socketpair$inet(0x2, 0x800, 0xabe, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_inet_udp_SIOCINQ(r2, 0x541b, &(0x7f0000000100))
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'bridge0\x00', <r3=>0x0})
setsockopt$inet_mreqn(r1, 0x0, 0x23, &(0x7f0000000240)={@multicast2, @rand_addr=0xe1, r3}, 0xc)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
ioctl$sock_SIOCADDDLCI(r0, 0x8980, &(0x7f0000000080)={'ip6_vti0\x00', 0x6})
r4 = socket$inet(0x2, 0x4800000000000001, 0x0)
bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e23, @dev}, 0x10)
sendto$inet(r4, &(0x7f0000000000), 0x0, 0x200007fe, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10)
sendmmsg(r4, &(0x7f0000001180)=[{{&(0x7f00000001c0)=@sco, 0x80, &(0x7f0000000840)=[{&(0x7f0000001600)="da", 0x1}], 0x1, &(0x7f0000003040)}}], 0x1, 0x0)
close(r4)

14:26:00 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85715070")
mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00')
mount(&(0x7f000000a000)='./file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f000000c000)='ramfs\x00', 0x0, &(0x7f0000000140)="c976701ba51f022a9899fd68ef8d83ff52db8a510a")
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000444000))
mount(&(0x7f0000000240)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000040)='./file0\x00', &(0x7f0000cbeff8)='./file0\x00', &(0x7f00005f7ffa)='ramfs\x00', 0x80000, &(0x7f0000000080))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5010, &(0x7f00000e7000))
rename(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0\x00')
preadv(r1, &(0x7f0000000000)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x1, 0x0)

14:26:00 executing program 2:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0)
r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/mls\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000280)={0x5c, 0x0, &(0x7f0000000140)=[@decrefs={0x40046307, 0x4}, @acquire={0x40046305, 0x3}, @reply_sg={0x40486312, {{0x1, 0x0, 0x1, 0x0, 0x11, 0x0, 0x0, 0x0, 0x30, &(0x7f0000000080), &(0x7f00000000c0)=[0x0, 0x38, 0x58, 0x38, 0x48, 0x68]}, 0x8}}], 0x95, 0x0, &(0x7f00000001c0)="e55a65fc7fd650a4c78f0d3391dcb18168ae65678de86fbe4cf4f0662acf9f3938b1e537fff42e33ba505a93d94eccc1b7c296627f2177b410b010c1ffa512c305fce796bff5fcf6c1b8d072b8a02519a77107ea89393d219abc747602ffa1a9023a3b268330d5cd2dc3f012006931bb1afd9dac38e25bfafd444f16fca6a928bfe7c0535596d6b0b74523fefee1dc4b4161e4e675"})
fchdir(r0)
r2 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0)
sendfile(r0, r0, &(0x7f0000000000), 0x3)
fallocate(r2, 0x1, 0x0, 0x20000000)

14:26:00 executing program 1:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet_buf(r0, 0x0, 0x24, &(0x7f0000005200)="30141417", 0x4)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x200000, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2286, &(0x7f0000000040))

14:26:00 executing program 0:
socket$netlink(0x10, 0x3, 0x5)
r0 = socket$netlink(0x10, 0x3, 0xc)
writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000002031900000007000000068100022b0509000100030100ff3ffe58", 0x1f}], 0x1)

[   95.186637] ==================================================================
[   95.194050] BUG: KASAN: slab-out-of-bounds in ip6_xmit+0x177c/0x1a00
[   95.200634] Read of size 8 at addr ffff8800aeecadd8 by task syz-executor7/5983
[   95.208089] 
[   95.209750] CPU: 0 PID: 5983 Comm: syz-executor7 Not tainted 4.4.153-g5e24b4e #90
[   95.217531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   95.227100]  0000000000000000 2b57909e4fdb930f ffff8801bcd3f5c8 ffffffff81e162ed
[   95.235332]  ffffea0002bbb280 ffff8800aeecadd8 0000000000000000 ffff8800aeecadd8
[   95.243477]  0000000000001200 ffff8801bcd3f600 ffffffff8151b4d9 ffff8800aeecadd8
[   95.251634] Call Trace:
[   95.254241]  [<ffffffff81e162ed>] dump_stack+0xc1/0x124
[   95.259741]  [<ffffffff8151b4d9>] print_address_description+0x6c/0x216
[   95.266417]  [<ffffffff8151b7f8>] kasan_report.cold.7+0x175/0x2f7
[   95.272784]  [<ffffffff834361fc>] ? ip6_xmit+0x177c/0x1a00
[   95.278427]  [<ffffffff814fe784>] __asan_report_load8_noabort+0x14/0x20
[   95.285281]  [<ffffffff834361fc>] ip6_xmit+0x177c/0x1a00
[   95.290743]  [<ffffffff814fe152>] ? kasan_slab_free+0x72/0xc0
[   95.296645]  [<ffffffff814fb6b4>] ? kfree+0xf4/0x310
[   95.301773]  [<ffffffff82f4a6e3>] ? pskb_expand_head+0x683/0x970
[   95.307934]  [<ffffffff83434a80>] ? ip6_finish_output2+0x1ca0/0x1ca0
[   95.314468]  [<ffffffff8122c7a2>] ? __lock_is_held+0xa2/0xf0
[   95.320283]  [<ffffffff831f2581>] ? ipv4_dst_check+0x111/0x160
[   95.326271]  [<ffffffff82f2e764>] ? __sk_dst_check+0x114/0x270
[   95.332266]  [<ffffffff834f63c5>] inet6_csk_xmit+0x245/0x490
[   95.338083]  [<ffffffff834f627f>] ? inet6_csk_xmit+0xff/0x490
[   95.344028]  [<ffffffff834f6180>] ? inet6_csk_update_pmtu+0x160/0x160
[   95.350815]  [<ffffffff83564ab3>] ? udp6_set_csum+0xd3/0xa70
[   95.356643]  [<ffffffff835a5a0c>] l2tp_xmit_skb+0xb9c/0xe80
[   95.362509]  [<ffffffff835b1f60>] pppol2tp_sendmsg+0x4e0/0x7d0
[   95.368495]  [<ffffffff81c7663f>] ? selinux_socket_sendmsg+0x3f/0x50
[   95.375091]  [<ffffffff835b1a80>] ? pppol2tp_release+0x310/0x310
[   95.381249]  [<ffffffff82f2757c>] sock_sendmsg+0xcc/0x110
[   95.386785]  [<ffffffff82f28d41>] ___sys_sendmsg+0x441/0x880
[   95.392717]  [<ffffffff82f28900>] ? copy_msghdr_from_user+0x550/0x550
[   95.399840]  [<ffffffff8157e5b8>] ? __fget+0x148/0x3b0
[   95.405268]  [<ffffffff8157e8ff>] ? __fget_light+0x9f/0x1f0
[   95.411229]  [<ffffffff8157ea68>] ? __fdget+0x18/0x20
[   95.416513]  [<ffffffff82f2b32e>] __sys_sendmmsg+0x12e/0x2e0
[   95.422598]  [<ffffffff82f2b200>] ? SyS_sendmsg+0x50/0x50
[   95.428140]  [<ffffffff834e870a>] ? ip6_datagram_connect+0x3a/0x50
[   95.434543]  [<ffffffff8330335e>] ? inet_dgram_connect+0x11e/0x200
[   95.440864]  [<ffffffff81528560>] ? fput+0x20/0x150
[   95.445881]  [<ffffffff82f27f6a>] ? SYSC_connect+0x22a/0x300
[   95.452088]  [<ffffffff82f27d40>] ? SYSC_bind+0x280/0x280
[   95.457770]  [<ffffffff812d5208>] ? SyS_futex+0x1f8/0x300
[   95.463397]  [<ffffffff812d5010>] ? do_futex+0x17f0/0x17f0
[   95.469021]  [<ffffffff82f29f61>] ? SyS_socket+0x121/0x1b0
[   95.474791]  [<ffffffff82f29e40>] ? move_addr_to_kernel+0x50/0x50
[   95.481154]  [<ffffffff82f2b515>] SyS_sendmmsg+0x35/0x60
[   95.486775]  [<ffffffff838cc865>] entry_SYSCALL_64_fastpath+0x22/0x9e
[   95.493565] 
[   95.495184] Allocated by task 0:
[   95.498535] (stack is not available)
[   95.502233] 
[   95.503872] Freed by task 0:
[   95.507024] (stack is not available)
[   95.510722] 
[   95.512411] The buggy address belongs to the object at ffff8800aeecadc0
[   95.512411]  which belongs to the cache ip_dst_cache of size 208
[   95.525287] The buggy address is located 24 bytes inside of
[   95.525287]  208-byte region [ffff8800aeecadc0, ffff8800aeecae90)
[   95.537063] The buggy address belongs to the page:
[   95.544910] BUG: unable to handle kernel paging request at ffffff70858b4977
[   95.552386] IP: [<ffffffff81c70b1c>] task_has_perm+0xdc/0x330
[   95.558455] PGD 4c0e067 PUD 0 
[   95.562023] Oops: 0000 [#1] PREEMPT SMP KASAN
[   95.567116] Dumping ftrace buffer:
[   95.570661]    (ftrace buffer empty)
[   95.574383] Modules linked in:
[   95.577737] CPU: 1 PID: 3901 Comm: syz-executor7 Not tainted 4.4.153-g5e24b4e #90
[   95.585384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   95.595069] task: ffff8800ac406000 task.stack: ffff8801be138000
[   95.601147] RIP: 0010:[<ffffffff81c70b1c>]  [<ffffffff81c70b1c>] task_has_perm+0xdc/0x330
[   95.609638] RSP: 0018:ffff8801be13fbc0  EFLAGS: 00010246
[   95.615095] RAX: dffffc0000000000 RBX: 0000000000000004 RCX: 0000000000000000
[   95.622378] RDX: 1fffffee10b1692e RSI: ffffffff81c70af2 RDI: ffffff70858b4977
[   95.629710] RBP: ffff8801be13fbe0 R08: ffff8800ac406928 R09: 0000000000000000
[   95.637018] R10: 0000000000000001 R11: ffff8800ac406000 R12: ffffff70858b48ff
[   95.644418] R13: ffff8800ac406000 R14: ffff8801be13fea4 R15: ffff8801be13fea0
[   95.651703] FS:  0000000001069940(0063) GS:ffff8801db300000(0000) knlGS:0000000000000000
[   95.659949] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   95.666007] CR2: ffffff70858b4977 CR3: 00000001be056000 CR4: 00000000001606f0
[   95.673307] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   95.680598] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   95.688613] Stack:
[   95.690777]  ffffffff81c70a40 ffffffff8148fd47 dffffc0000000000 ffffffff8148fd47
[   95.698945]  ffff8801be13fbf8 ffffffff81c70d93 ffffffff84605e80 ffff8801be13fc28
[   95.707118]  ffffffff81c55f83 ffff8801be13fc28 0000000040000005 0000000048dffffc
[   95.715388] Call Trace:
[   95.718023]  [<ffffffff81c70a40>] ? selinux_sb_show_options+0xdc0/0xdc0
[   95.724839]  [<ffffffff8148fd47>] ? shadow_lru_isolate+0x337/0x470
[   95.731182]  [<ffffffff8148fd47>] ? shadow_lru_isolate+0x337/0x470
[   95.737530]  [<ffffffff81c70d93>] selinux_task_wait+0x23/0x30
[   95.743563]  [<ffffffff81c55f83>] security_task_wait+0x73/0xb0
[   95.749574]  [<ffffffff8148fd47>] ? shadow_lru_isolate+0x337/0x470
[   95.756052]  [<ffffffff8113a2a8>] wait_consider_task+0x298/0x35f0
[   95.762319]  [<ffffffff81490227>] ? workingset_activation+0x17/0x50
[   95.768770]  [<ffffffff8113a010>] ? complete_and_exit+0x40/0x40
[   95.775165]  [<ffffffff8113d8cc>] ? do_wait+0x2cc/0xa30
[   95.780605]  [<ffffffff8148fd47>] ? shadow_lru_isolate+0x337/0x470
[   95.787221]  [<ffffffff8113d964>] do_wait+0x364/0xa30
[   95.792444]  [<ffffffff8113d600>] ? wait_consider_task+0x35f0/0x35f0
[   95.799052]  [<ffffffff8113e8db>] SyS_wait4+0x12b/0x1f0
[   95.805183]  [<ffffffff8113e7b0>] ? SyS_waitid+0x2d0/0x2d0
[   95.811453]  [<ffffffff81135fb0>] ? kill_orphaned_pgrp+0x390/0x390
[   95.818372]  [<ffffffff81003044>] ? lockdep_sys_exit_thunk+0x12/0x14
[   95.825126]  [<ffffffff838cc865>] entry_SYSCALL_64_fastpath+0x22/0x9e
[   95.831811] Code: ff 49 8d 7c 24 78 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 42 02 00 00 48 b8 00 00 00 00 00 fc ff df <4d> 8b 64 24 78 49 8d 7c 24 04 48 89 fa 48 c1 ea 03 0f b6 14 02 
[   95.861015] RIP  [<ffffffff81c70b1c>] task_has_perm+0xdc/0x330
[   95.867159]  RSP <ffff8801be13fbc0>
[   95.870930] CR2: ffffff70858b4977
[   95.874425] ---[ end trace e5f0de0f6a315659 ]---
[   95.879194] Kernel panic - not syncing: Fatal exception
[   97.004199] Shutting down cpus with NMI
[   97.008819] Dumping ftrace buffer:
[   97.012344]    (ftrace buffer empty)
[   97.016032] Kernel Offset: disabled
[   97.019659] Rebooting in 86400 seconds..