[ 33.604271][ T26] audit: type=1800 audit(1554699576.192:27): pid=7405 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 33.629585][ T26] audit: type=1800 audit(1554699576.192:28): pid=7405 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 34.492190][ T26] audit: type=1800 audit(1554699577.152:29): pid=7405 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 34.512644][ T26] audit: type=1800 audit(1554699577.152:30): pid=7405 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.222' (ECDSA) to the list of known hosts. 2019/04/08 04:59:52 fuzzer started 2019/04/08 04:59:56 dialing manager at 10.128.0.26:34543 2019/04/08 04:59:56 syscalls: 2408 2019/04/08 04:59:56 code coverage: enabled 2019/04/08 04:59:56 comparison tracing: enabled 2019/04/08 04:59:56 extra coverage: extra coverage is not supported by the kernel 2019/04/08 04:59:56 setuid sandbox: enabled 2019/04/08 04:59:56 namespace sandbox: enabled 2019/04/08 04:59:56 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/08 04:59:56 fault injection: enabled 2019/04/08 04:59:56 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/08 04:59:56 net packet injection: enabled 2019/04/08 04:59:56 net device setup: enabled 05:01:57 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x0, 0x101002) write$evdev(r0, &(0x7f0000000000)=[{{0x0, 0x7530}}], 0xfe72) syzkaller login: [ 174.614761][ T7571] IPVS: ftp: loaded support on port[0] = 21 05:01:57 executing program 1: syz_mount_image$ntfs(&(0x7f0000000040)='ntfs\x00', &(0x7f00000000c0)='./bus\x00', 0x9, 0x0, 0x0, 0x0, 0x0) [ 174.723894][ T7571] chnl_net:caif_netlink_parms(): no params data found [ 174.787748][ T7571] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.819929][ T7571] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.828294][ T7571] device bridge_slave_0 entered promiscuous mode [ 174.852236][ T7571] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.859400][ T7571] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.867972][ T7571] device bridge_slave_1 entered promiscuous mode [ 174.893094][ T7571] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 174.904508][ T7571] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 174.928317][ T7571] team0: Port device team_slave_0 added [ 174.937636][ T7571] team0: Port device team_slave_1 added 05:01:57 executing program 2: syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/ptmx\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) write(r1, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000340)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 174.940336][ T7575] IPVS: ftp: loaded support on port[0] = 21 [ 175.002460][ T7571] device hsr_slave_0 entered promiscuous mode 05:01:57 executing program 3: perf_event_open(&(0x7f0000000340)={0x0, 0x70, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x0, 0x101002) write$evdev(r0, &(0x7f0000000000)=[{{0x0, 0x7530}}], 0xfe72) [ 175.100097][ T7571] device hsr_slave_1 entered promiscuous mode [ 175.158636][ T7571] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.165959][ T7571] bridge0: port 2(bridge_slave_1) entered forwarding state [ 175.173917][ T7571] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.181055][ T7571] bridge0: port 1(bridge_slave_0) entered forwarding state [ 175.237844][ T7577] IPVS: ftp: loaded support on port[0] = 21 [ 175.263611][ T7579] IPVS: ftp: loaded support on port[0] = 21 [ 175.371693][ T7571] 8021q: adding VLAN 0 to HW filter on device bond0 05:01:58 executing program 4: r0 = syz_open_dev$video(&(0x7f00000000c0)='/dev/video#\x00', 0x6, 0x0) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000040)={0x0, 0x1, 0x0, [], &(0x7f0000000000)={0xf0f041, 0x0, [], @p_u8=0x0}}) [ 175.455918][ T7575] chnl_net:caif_netlink_parms(): no params data found [ 175.473362][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 175.504908][ T2989] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.541291][ T2989] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.562241][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 175.591593][ T7577] chnl_net:caif_netlink_parms(): no params data found [ 175.605230][ T7571] 8021q: adding VLAN 0 to HW filter on device team0 [ 175.637464][ T7585] IPVS: ftp: loaded support on port[0] = 21 [ 175.705277][ T7579] chnl_net:caif_netlink_parms(): no params data found [ 175.733455][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 175.742528][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.749694][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 175.772340][ T7575] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.779424][ T7575] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.791819][ T7575] device bridge_slave_0 entered promiscuous mode 05:01:58 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') sendmsg$TIPC_CMD_SET_NETID(0xffffffffffffffff, 0x0, 0x4000) connect$inet6(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, 0x0) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(0xffffffffffffffff, 0x4010ae74, &(0x7f0000000040)={0x5f, 0x84e, 0xe1}) ioctl$SG_GET_ACCESS_COUNT(0xffffffffffffffff, 0x2289, &(0x7f00000001c0)) getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000300), &(0x7f0000000340)=0x8) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000380)=@assoc_value={0x0, 0x6}, &(0x7f00000003c0)=0x8) socket$can_raw(0x1d, 0x3, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x30, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b67, 0x0) unshare(0x40000000) [ 175.818421][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 175.827722][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 175.838805][ T2989] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.845919][ T2989] bridge0: port 2(bridge_slave_1) entered forwarding state [ 175.864345][ T7575] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.872605][ T7575] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.883995][ T7575] device bridge_slave_1 entered promiscuous mode [ 175.907184][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 175.917908][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 175.956524][ T7579] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.963899][ T7579] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.971992][ T7579] device bridge_slave_0 entered promiscuous mode [ 175.979099][ T7577] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.986908][ T7577] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.995004][ T7577] device bridge_slave_0 entered promiscuous mode [ 176.009679][ T7590] IPVS: ftp: loaded support on port[0] = 21 [ 176.010341][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 176.024350][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 176.032715][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 176.041832][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 176.050158][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 176.060281][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 176.068417][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 176.076921][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 176.085126][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 176.097834][ T7579] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.105584][ T7579] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.115181][ T7579] device bridge_slave_1 entered promiscuous mode [ 176.122223][ T7577] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.130083][ T7577] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.137633][ T7577] device bridge_slave_1 entered promiscuous mode [ 176.150758][ T7571] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 176.162609][ T7575] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 176.174152][ T7575] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 176.198880][ T7579] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 176.214239][ T7577] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 176.249509][ T7575] team0: Port device team_slave_0 added [ 176.256772][ T7579] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 176.267712][ T7577] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 176.287231][ T7577] team0: Port device team_slave_0 added [ 176.308318][ T7575] team0: Port device team_slave_1 added [ 176.319946][ T7577] team0: Port device team_slave_1 added [ 176.327169][ T7571] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 176.346415][ T7585] chnl_net:caif_netlink_parms(): no params data found [ 176.361521][ T7579] team0: Port device team_slave_0 added [ 176.368793][ T7579] team0: Port device team_slave_1 added [ 176.452368][ T7575] device hsr_slave_0 entered promiscuous mode [ 176.481082][ C0] hrtimer: interrupt took 33452 ns [ 176.502733][ T7575] device hsr_slave_1 entered promiscuous mode [ 176.602397][ T7579] device hsr_slave_0 entered promiscuous mode [ 176.650175][ T7579] device hsr_slave_1 entered promiscuous mode 05:01:59 executing program 0: ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x602000, 0x3) 05:01:59 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) sendmmsg(r0, &(0x7f0000004380)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=[{0xc, 0x194}], 0xc}}], 0x1, 0x20000090) 05:01:59 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000700)='./file1\x00', 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000280)='./file0\x00') mkdir(&(0x7f0000000700)='./file1\x00', 0x0) mknod$loop(&(0x7f0000000200)='./file1/file0\x00', 0x0, 0xffffffffffffffff) [ 176.755809][ T7577] device hsr_slave_0 entered promiscuous mode [ 176.810289][ T7577] device hsr_slave_1 entered promiscuous mode 05:01:59 executing program 0: eventfd(0x0) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={0x1, 0x28, &(0x7f0000000140)}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000), 0x1f7) socketpair$unix(0x1, 0x0, 0x0, 0x0) setxattr$security_smack_entry(0x0, 0x0, 0x0, 0x0, 0x0) exit(0x0) mlockall(0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) syz_open_dev$evdev(0x0, 0x0, 0x0) [ 176.870738][ T7606] overlayfs: filesystem on './file0' not supported as upperdir [ 176.888323][ T7585] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.897000][ T7585] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.905193][ T7585] device bridge_slave_0 entered promiscuous mode [ 176.915382][ T7585] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.926789][ T7585] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.934682][ T7585] device bridge_slave_1 entered promiscuous mode [ 177.027806][ T7585] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 177.038352][ T7585] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 177.099020][ T7575] 8021q: adding VLAN 0 to HW filter on device bond0 [ 177.114387][ T7590] chnl_net:caif_netlink_parms(): no params data found [ 177.131518][ T7585] team0: Port device team_slave_0 added [ 177.140812][ T7579] 8021q: adding VLAN 0 to HW filter on device bond0 [ 177.154193][ T7575] 8021q: adding VLAN 0 to HW filter on device team0 [ 177.171541][ T7585] team0: Port device team_slave_1 added [ 177.179379][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 177.192792][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 177.234077][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 177.245688][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 177.257126][ T7574] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.264276][ T7574] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.275461][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 177.284092][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 177.292592][ T7574] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.299626][ T7574] bridge0: port 2(bridge_slave_1) entered forwarding state [ 177.307265][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 177.316929][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 177.324929][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 177.332645][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 177.392624][ T7585] device hsr_slave_0 entered promiscuous mode [ 177.440159][ T7585] device hsr_slave_1 entered promiscuous mode [ 177.507264][ T7579] 8021q: adding VLAN 0 to HW filter on device team0 [ 177.514842][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 177.526451][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 177.535491][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 177.544124][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 177.553055][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 177.561708][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 177.570055][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 177.578160][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 177.586610][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 177.596437][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 177.604853][ T7590] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.612360][ T7590] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.620045][ T7590] device bridge_slave_0 entered promiscuous mode [ 177.628875][ T7577] 8021q: adding VLAN 0 to HW filter on device bond0 [ 177.636829][ T7575] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 177.660937][ T7590] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.669295][ T7590] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.678169][ T7590] device bridge_slave_1 entered promiscuous mode [ 177.700760][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 177.709229][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 177.717723][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.724803][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.732438][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 177.741070][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 177.749310][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.756388][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 177.764069][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 177.772791][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 177.781501][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 177.790055][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 177.798376][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 177.806918][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 177.815243][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 177.823639][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 177.832467][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 177.840449][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 177.861240][ T7579] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 177.873949][ T7579] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 177.893896][ T7590] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 177.904550][ T7590] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 177.938656][ T7580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 177.953360][ T7580] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 05:02:00 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f0000000500)='./file0\x00', 0x0, 0x2005, 0x0) [ 177.987906][ T7577] 8021q: adding VLAN 0 to HW filter on device team0 [ 178.000428][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 178.008646][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 05:02:00 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) mmap(&(0x7f00008da000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$BLKIOOPT(0xffffffffffffffff, 0x1279, 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000100)={0x0, r0, 0x0, 0x4, 0xfff}) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) fcntl$setstatus(r1, 0x4, 0x44000) setsockopt$inet_udp_encap(r1, 0x11, 0x64, 0x0, 0x0) io_setup(0x4ed4, &(0x7f0000000200)=0x0) setsockopt$IP_VS_SO_SET_TIMEOUT(0xffffffffffffffff, 0x0, 0x48a, 0x0, 0x0) ftruncate(0xffffffffffffffff, 0xbb1) io_submit(r2, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}]) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, 0x0) [ 178.033948][ T7590] team0: Port device team_slave_0 added [ 178.052424][ T7575] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 178.062403][ T7579] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 178.080072][ T7590] team0: Port device team_slave_1 added [ 178.146195][ T7624] ntfs: (device loop1): ntfs_fill_super(): Unable to determine device size. [ 178.158243][ T7590] device hsr_slave_0 entered promiscuous mode [ 178.200268][ T7590] device hsr_slave_1 entered promiscuous mode [ 178.218183][ T7624] ntfs: (device loop1): ntfs_fill_super(): Unable to determine device size. 05:02:00 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) mmap(&(0x7f00008da000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$BLKIOOPT(0xffffffffffffffff, 0x1279, 0x0) r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x0, 0x4, 0xfff}) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) setsockopt$inet_udp_encap(r0, 0x11, 0x64, 0x0, 0x0) io_setup(0x4ed4, &(0x7f0000000200)=0x0) setsockopt$IP_VS_SO_SET_TIMEOUT(0xffffffffffffffff, 0x0, 0x48a, 0x0, 0x0) ftruncate(0xffffffffffffffff, 0x0) io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, 0x0) [ 178.246572][ T7585] 8021q: adding VLAN 0 to HW filter on device bond0 [ 178.257170][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 178.293824][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 178.306444][ T7574] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.313589][ T7574] bridge0: port 1(bridge_slave_0) entered forwarding state [ 178.336223][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 178.353851][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 178.364413][ T7574] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.371536][ T7574] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.388610][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 05:02:01 executing program 0: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prctl$PR_SET_FPEMU(0xa, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x1000000040c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x105802, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000080)={0x0}) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000100)={r2}) write$9p(r0, &(0x7f0000000800)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb9693dd6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b804bfe70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c4491508afb541ed9b2c81fc95c06706235f383e31cf662c95b1e49cfd94871e22720a41535756e419b271276941692bd023dd9ca8bec4f7db1e5c00d8b3be7b8e826a6aadd001edd0dfeb00f8048442b5c48456fd642e629dcb2ff55592665ff491cd832672ce4d999da186db2c3a1f8b6b1f7d3750d7cdb3097954e6e14fb2183ad662c63d4ce8b82dc2487f0fe2ea2827b53a7c6dcced878d2fb29c1d3ff583570e7bc172d1a5c716e0447cb08ce3c468ffdf975da372f3f3eb455aaf5822bc04a51b6cad24a2331369df81c123b009a2381b42e9aeb077f621608d81c12a5f5c6c295d74afd4dd5c051296be0b54c70bf899b347c36bff62f313079983409d7f9cf1242c917985c1b5d0736fe21f8514f63d0369a374c42da40bd5140bc3e602d00c3cb4f8e621863ab47422778d67d72de34753fd72cef80649a1548e4e8dcbcffe4054cc9d8a1f922623a75904cbdaacde768131e587269a4a99d82f7009c1b8ab79aa232a2fd45ad71b60fca627576ba979fa6a87525884b08d721a21400fb1f950b96ead82f408cc4388d3b78fb456616429a520656d5e5a876fd04748498902c86f58d45f4c1b3919eb846a00edf07e7a830bf723e4774f085f15534dd3b5246c0c0970b5ad7bb39b30b156a9430378c5b0aab1261c78d72ac301cd552d5e8dd4b642ec1dc0672745d593bb26d095b5b23576e3cfd6ab580f6e09419d0f0c64250fafaa3759aa1888da48d89c3f7c9454b0b3d0ab40445f5bed4493ef43ab08f31b1345ac4ffd94ad79c9eee53904ed6f572817153190d2e6863f2e39356bb99926419fd314341a536b7e76cae60bf7750a4c29e3f4c7f005530b1d4ee0e25b93b76fcc1108222f0b00de52cf4100e97adfd7b9db1370586ba27e1e183299be00d0df8439c380edf2f79deb441eac59b814b04accdff5e17f02046139f91f0332661676ff506e575f0cb2850bcc9f8666f6d1f69f8f4271cb804a79fccd7016f049d1a494c46a527c437fa0be6d51ec7543d9bd7a2f016194ebe3c99080a6c9b5119863dfe865f8e60cae29f50b67dbfaa0a3c9794d73034485ca1613344c572783db3dfab01b28089c51cda99cefa4c1c881a29e229f04c7e0fd04dc425ae8417852e6e31520c6207e9d4e35285feef2a2cb8a3bceb08a166fa4284a516362621e2c06731a442791f1db063a32cf1f005c914102c7273cb4d7ab1bf567d72f230783d2ea99c43a60e8729132441ee6c5362c33f9b613f84417c3c5549f4e3d9e73c6f83f16c8e57ae22fe5f54515e111fe43ad7c400d214281452bb6141cecad84b23a695f061988d906d03be5d89584634b9e9d9a9b072f8e7cbb47c47719318a2001cafa665dd2c82672d16877ea115bd023fc1975f7c59664bfb06f66a1a5e3f05cb283fb45ea67a2727ee6e10bf35b31fdd03d43ec67b753f6737e0d2f4a5275031595878cefc8f0ca", 0x600) sendfile(r0, r1, 0x0, 0x10000) lgetxattr(&(0x7f0000000240)='./file0/file0\x00', &(0x7f0000000280)=@random={'osx.', 'system\x00'}, &(0x7f0000000400)=""/149, 0x95) socket$nl_xfrm(0x10, 0x3, 0x6) write$FUSE_INTERRUPT(r0, &(0x7f0000000140)={0x10, 0xfffffffffffffff5}, 0x10) getsockopt$inet_sctp_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, &(0x7f0000000180)={0x1, [0x6]}, &(0x7f00000001c0)=0x6) [ 178.418053][ T7585] 8021q: adding VLAN 0 to HW filter on device team0 [ 178.433378][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 178.452787][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 178.501025][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 178.506146][ T26] audit: type=1800 audit(1554699721.162:31): pid=7642 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=16533 res=0 [ 178.514455][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 178.571742][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 178.586171][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 178.594943][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 178.608347][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 178.638270][ T7577] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 178.648889][ T7577] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 178.663206][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 178.671206][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 178.679431][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 178.688414][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 178.697533][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 178.706438][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.714933][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 178.722986][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 178.732044][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 178.741426][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.748525][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.756611][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 178.765227][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 178.773761][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 178.783006][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 178.791714][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 178.817460][ T7580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 178.826689][ T7580] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 178.836773][ T7580] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 178.845921][ T7580] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 178.864416][ T7585] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 178.876237][ T7585] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 178.893918][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 178.903398][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 178.912841][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 178.922718][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 178.931587][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 178.942166][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 178.951005][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 178.989944][ T7585] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 179.005895][ T7590] 8021q: adding VLAN 0 to HW filter on device bond0 [ 179.017638][ T7577] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 179.039734][ T7590] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.054532][ T7580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 179.062859][ T7580] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 179.071484][ T7580] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 179.080808][ T7580] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 179.089324][ T7580] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.096448][ T7580] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.155683][ T7649] vivid-001: disconnect [ 179.160368][ T7580] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 179.168593][ T7580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.180626][ T7648] vivid-001: reconnect [ 179.181947][ T7580] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.201642][ T7580] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.208717][ T7580] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.211514][ T7580] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 179.228814][ T7580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 179.239465][ T7580] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 179.250308][ T7580] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 179.258873][ T7580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 179.267990][ T7580] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 179.282317][ T7590] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 179.293986][ T7590] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 179.305971][ T26] audit: type=1800 audit(1554699721.962:32): pid=7645 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=16533 res=0 [ 179.326414][ T7580] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 179.327051][ T7580] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 179.342734][ T7580] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 179.352214][ T7580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 179.361520][ T7580] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 179.373161][ T7580] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 179.397317][ T7590] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 179.499990][ C1] sched: DL replenish lagged too much [ 179.546348][ T7660] IPVS: ftp: loaded support on port[0] = 21 05:02:02 executing program 2: syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/ptmx\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) write(r1, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000340)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 05:02:02 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) mmap(&(0x7f00008da000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$BLKIOOPT(0xffffffffffffffff, 0x1279, 0x0) r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x0, 0x4, 0xfff}) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) setsockopt$inet_udp_encap(r0, 0x11, 0x64, 0x0, 0x0) io_setup(0x4ed4, &(0x7f0000000200)=0x0) setsockopt$IP_VS_SO_SET_TIMEOUT(0xffffffffffffffff, 0x0, 0x48a, 0x0, 0x0) ftruncate(0xffffffffffffffff, 0x0) io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, 0x0) 05:02:02 executing program 3: getsockopt$bt_sco_SCO_CONNINFO(0xffffffffffffffff, 0x11, 0x2, 0x0, 0x0) add_key(0x0, &(0x7f00000003c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffff8) r0 = syz_open_dev$swradio(&(0x7f0000000140)='/dev/swradio#\x00', 0x0, 0x2) ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffff9c, 0xc008640a, &(0x7f00000002c0)) ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffff9c, 0xc008640a, &(0x7f00000004c0)={0x0}) ioctl$DRM_IOCTL_GEM_OPEN(r0, 0xc010640b, &(0x7f0000000500)={0x0, r1, 0x3}) syz_open_dev$radio(0x0, 0xffffffffffffffff, 0x2) request_key(0x0, &(0x7f0000000b80)={'syz'}, 0x0, 0xfffffffffffffffa) mkdir(&(0x7f00000013c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f00000006c0)) mkdir(&(0x7f0000000540)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, &(0x7f0000000940), 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d909abea03ef71344b294bf3e6dcf0823e2398182392e0dcc7d97e09edef3a19cd9833cbc7153907001455c0eee11e25f0da814dfb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e082b57af46c66e464617c08fc079799815463071cd8d1c3b6c009a30248d43bba58830aa8798c9eac04071f37246964984ed9be3edacbaed5b690fdc314666eff443dadf37d94d178dd714df72360c51f52297614b4f999e8a67460d1dd76c968abaf33acfcba61d6db11e6ae23f42035925cb22e49b627697172d572d9df851d4471ecb89194a685c557fe3ecac5a9ad8f457cc4685a5673c66e7c1"]) chdir(&(0x7f0000000280)='./file0\x00') r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) getsockopt$bt_BT_CHANNEL_POLICY(r3, 0x112, 0xa, 0x0, &(0x7f0000000040)) [ 179.800280][ T7662] IPVS: ftp: loaded support on port[0] = 21 05:02:02 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000080)={0x7b, 0x0, [0xc0000102, 0x8000000000000006], [0xc1]}) 05:02:02 executing program 0: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prctl$PR_SET_FPEMU(0xa, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x1000000040c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x105802, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000080)={0x0}) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000100)={r2}) write$9p(r0, &(0x7f0000000800)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb9693dd6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b804bfe70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c4491508afb541ed9b2c81fc95c06706235f383e31cf662c95b1e49cfd94871e22720a41535756e419b271276941692bd023dd9ca8bec4f7db1e5c00d8b3be7b8e826a6aadd001edd0dfeb00f8048442b5c48456fd642e629dcb2ff55592665ff491cd832672ce4d999da186db2c3a1f8b6b1f7d3750d7cdb3097954e6e14fb2183ad662c63d4ce8b82dc2487f0fe2ea2827b53a7c6dcced878d2fb29c1d3ff583570e7bc172d1a5c716e0447cb08ce3c468ffdf975da372f3f3eb455aaf5822bc04a51b6cad24a2331369df81c123b009a2381b42e9aeb077f621608d81c12a5f5c6c295d74afd4dd5c051296be0b54c70bf899b347c36bff62f313079983409d7f9cf1242c917985c1b5d0736fe21f8514f63d0369a374c42da40bd5140bc3e602d00c3cb4f8e621863ab47422778d67d72de34753fd72cef80649a1548e4e8dcbcffe4054cc9d8a1f922623a75904cbdaacde768131e587269a4a99d82f7009c1b8ab79aa232a2fd45ad71b60fca627576ba979fa6a87525884b08d721a21400fb1f950b96ead82f408cc4388d3b78fb456616429a520656d5e5a876fd04748498902c86f58d45f4c1b3919eb846a00edf07e7a830bf723e4774f085f15534dd3b5246c0c0970b5ad7bb39b30b156a9430378c5b0aab1261c78d72ac301cd552d5e8dd4b642ec1dc0672745d593bb26d095b5b23576e3cfd6ab580f6e09419d0f0c64250fafaa3759aa1888da48d89c3f7c9454b0b3d0ab40445f5bed4493ef43ab08f31b1345ac4ffd94ad79c9eee53904ed6f572817153190d2e6863f2e39356bb99926419fd314341a536b7e76cae60bf7750a4c29e3f4c7f005530b1d4ee0e25b93b76fcc1108222f0b00de52cf4100e97adfd7b9db1370586ba27e1e183299be00d0df8439c380edf2f79deb441eac59b814b04accdff5e17f02046139f91f0332661676ff506e575f0cb2850bcc9f8666f6d1f69f8f4271cb804a79fccd7016f049d1a494c46a527c437fa0be6d51ec7543d9bd7a2f016194ebe3c99080a6c9b5119863dfe865f8e60cae29f50b67dbfaa0a3c9794d73034485ca1613344c572783db3dfab01b28089c51cda99cefa4c1c881a29e229f04c7e0fd04dc425ae8417852e6e31520c6207e9d4e35285feef2a2cb8a3bceb08a166fa4284a516362621e2c06731a442791f1db063a32cf1f005c914102c7273cb4d7ab1bf567d72f230783d2ea99c43a60e8729132441ee6c5362c33f9b613f84417c3c5549f4e3d9e73c6f83f16c8e57ae22fe5f54515e111fe43ad7c400d214281452bb6141cecad84b23a695f061988d906d03be5d89584634b9e9d9a9b072f8e7cbb47c47719318a2001cafa665dd2c82672d16877ea115bd023fc1975f7c59664bfb06f66a1a5e3f05cb283fb45ea67a2727ee6e10bf35b31fdd03d43ec67b753f6737e0d2f4a5275031595878cefc8f0ca", 0x600) sendfile(r0, r1, 0x0, 0x10000) lgetxattr(&(0x7f0000000240)='./file0/file0\x00', &(0x7f0000000280)=@random={'osx.', 'system\x00'}, &(0x7f0000000400)=""/149, 0x95) socket$nl_xfrm(0x10, 0x3, 0x6) write$FUSE_INTERRUPT(r0, &(0x7f0000000140)={0x10, 0xfffffffffffffff5}, 0x10) getsockopt$inet_sctp_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, &(0x7f0000000180)={0x1, [0x6]}, &(0x7f00000001c0)=0x6) 05:02:02 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') sendmsg$TIPC_CMD_SET_NETID(0xffffffffffffffff, 0x0, 0x4000) connect$inet6(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, 0x0) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(0xffffffffffffffff, 0x4010ae74, &(0x7f0000000040)={0x5f, 0x84e, 0xe1}) ioctl$SG_GET_ACCESS_COUNT(0xffffffffffffffff, 0x2289, &(0x7f00000001c0)) getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000300), &(0x7f0000000340)=0x8) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000380)=@assoc_value={0x0, 0x6}, &(0x7f00000003c0)=0x8) socket$can_raw(0x1d, 0x3, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x30, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b67, 0x0) unshare(0x40000000) [ 179.890560][ T7672] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 179.913277][ T26] audit: type=1800 audit(1554699722.572:33): pid=7673 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=16549 res=0 05:02:02 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') sendmsg$TIPC_CMD_SET_NETID(0xffffffffffffffff, 0x0, 0x4000) connect$inet6(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, 0x0) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(0xffffffffffffffff, 0x4010ae74, &(0x7f0000000040)={0x5f, 0x84e, 0xe1}) ioctl$SG_GET_ACCESS_COUNT(0xffffffffffffffff, 0x2289, &(0x7f00000001c0)) getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000300), &(0x7f0000000340)=0x8) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000380)=@assoc_value={0x0, 0x6}, &(0x7f00000003c0)=0x8) socket$can_raw(0x1d, 0x3, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x30, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b67, 0x0) unshare(0x40000000) 05:02:02 executing program 1: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa02, &(0x7f0000007ffc)={&(0x7f0000000000/0x3000)=nil, 0x3000}) 05:02:03 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) close(r0) 05:02:03 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000280)={0x7a, 0x0, [0xc0000102], [0xc1]}) 05:02:03 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = memfd_create(&(0x7f0000000700)='/7\x02\xe8\xa4\xef\x9e\xc8e\xd5n\x89\xeb[<\x18-\x14\x8d8\xbf\xfe\x83\x19\xf3(\xd7y\x14h\xcf(f\x06I:\xa4\xea\xcb\b\x81C\xdd\xcc\x00\x00\x00\x00\xf9\b1h\xbam\xa4x\xb1:\xcf\a\x94Z\x7f\xc8\vy\xf2F\xf4\x9d\n3\xd4\x9a[\xee\xaa\t\xbe\x90\xabU3\xd3[y\xd1d^We\xa9\xcb\x86a\"\xba\xb7\xcd\xcf\x88\x9eqO|\x9f\xcf\r\x86\xf4\x15@\x82w\xa8\\\x8c^a\xbe\x991l\\\x16\xd4\xd53\xdd\x9e\x00\x01:\xac\x14^\xf6\xb6\xb1^\xaa\xfa\x02x\x8aV\x87\xe3\xfb\xef\xd0\xb7({,\xf4\xa2cl`\xdc\xf7\xe2f\xad\xaa>\xd4Ts\x10\xb9V!\x91uGTy\xde$X\xff\xb1\xf3={\xb7\xe65\xb6\x1a\x99q^\xc2\xfc\xb0\xc09\x85\x03\xf1]\xc54;\x8d\x01\xec3#\x8f%5\xef\xfe\xc5\xdb\xd5\xb7\xe0\xdd\xec,rV\x82!\xa0', 0x0) pwritev(r2, &(0x7f0000000380)=[{&(0x7f0000000680)="649dedae939e9f8224cc276521", 0xd}], 0x1, 0x4081806) sendfile(r0, r2, 0x0, 0x20020102000007) pipe(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}) write(r4, &(0x7f00000001c0), 0xfffffef3) clone(0x2502001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write$FUSE_DIRENT(r4, &(0x7f00000005c0)=ANY=[@ANYBLOB="e5826d421d3b7014a2039ff2f9456de65d55d6506eef83613a57508b2529391dd3d49eb97818521687698e01d4112c42d7"], 0x31) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendto$unix(r4, &(0x7f00000000c0)="c70a70390fad69214334d49a467786cc3de7610ec1377dbf82f66b349db8de304bc7073e1f876d73d16d1d0d4d3890e1649b0abc8cf4035daaa1d25a3ae1de", 0x3f, 0x4, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(0x0) recvfrom$unix(r1, &(0x7f0000000040)=""/4, 0xebc3276d6d4b1cd2, 0x100100, &(0x7f0000000100)=@abs, 0x930212) write$UHID_CREATE2(r3, &(0x7f0000000800)={0xb, 'syz1\x00', 'syz0\x00', 'syz0\x00', 0x7a, 0xfffffffffffffff7, 0x100, 0x1, 0x3, 0x200, "592ed8b52a1bda2e6f296753bbe783ae2b20572758357f83fcc707cca8174467a2393a8e63315d6f13a3d52b277a2338a86c9ef642bbe5fe8cfc3ea0849103d57f8d0d37c26db89ca8339eec730417950d4f506906111b70cce34c4778426f8bd711df203bce6bf5d61a6a33d3dcdf29d2cb7a3498b2b320ce78"}, 0x192) ioctl$EVIOCGKEYCODE(r3, 0x80084504, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, &(0x7f0000000f00)) execveat(r3, &(0x7f0000000180)='./file0\x00', &(0x7f0000000340)=[&(0x7f00000001c0)='TIPCv2\x00', &(0x7f0000000200)='/7\x02\xe8\xa4\xef\x9e\xc8e\xd5n\x89\xeb[<\x18-\x14\x8d8\xbf\xfe\x83\x19\xf3(\xd7y\x14h\xcf(f\x06I:\xa4\xea\xcb\b\x81C\xdd\xcc\x00\x00\x00\x00\xf9\b1h\xbam\xa4x\xb1:\xcf\a\x94Z\x7f\xc8\vy\xf2F\xf4\x9d\n3\xd4\x9a[\xee\xaa\t\xbe\x90\xabU3\xd3[y\xd1d^We\xa9\xcb\x86a\"\xba\xb7\xcd\xcf\x88\x9eqO|\x9f\xcf\r\x86\xf4\x15@\x82w\xa8\\\x8c^a\xbe\x991l\\\x16\xd4\xd53\xdd\x9e\x00\x01:\xac\x14^\xf6\xb6\xb1^\xaa\xfa\x02x\x8aV\x87\xe3\xfb\xef\xd0\xb7({,\xf4\xa2cl`\xdc\xf7\xe2f\xad\xaa>\xd4Ts\x10\xb9V!\x91uGTy\xde$X\xff\xb1\xf3={\xb7\xe65\xb6\x1a\x99q^\xc2\xfc\xb0\xc09\x85\x03\xf1]\xc54;\x8d\x01\xec3#\x8f%5\xef\xfe\xc5\xdb\xd5\xb7\xe0\xdd\xec,rV\x82!\xa0', &(0x7f0000000300)='TIPCv2\x00'], &(0x7f0000000640)=[&(0x7f00000003c0)='\\\x00', &(0x7f0000000400)='selinux^&\x00', &(0x7f0000000440)='TIPCv2\x00', &(0x7f00000004c0)='vmnet1$\x00', &(0x7f0000000500)='\x00', &(0x7f0000000540)='[cgroup+\x00', &(0x7f0000000600)='GPL\x00'], 0xc00) fcntl$setstatus(r0, 0x4, 0x2800) 05:02:03 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = memfd_create(&(0x7f0000000700)='/7\x02\xe8\xa4\xef\x9e\xc8e\xd5n\x89\xeb[<\x18-\x14\x8d8\xbf\xfe\x83\x19\xf3(\xd7y\x14h\xcf(f\x06I:\xa4\xea\xcb\b\x81C\xdd\xcc\x00\x00\x00\x00\xf9\b1h\xbam\xa4x\xb1:\xcf\a\x94Z\x7f\xc8\vy\xf2F\xf4\x9d\n3\xd4\x9a[\xee\xaa\t\xbe\x90\xabU3\xd3[y\xd1d^We\xa9\xcb\x86a\"\xba\xb7\xcd\xcf\x88\x9eqO|\x9f\xcf\r\x86\xf4\x15@\x82w\xa8\\\x8c^a\xbe\x991l\\\x16\xd4\xd53\xdd\x9e\x00\x01:\xac\x14^\xf6\xb6\xb1^\xaa\xfa\x02x\x8aV\x87\xe3\xfb\xef\xd0\xb7({,\xf4\xa2cl`\xdc\xf7\xe2f\xad\xaa>\xd4Ts\x10\xb9V!\x91uGTy\xde$X\xff\xb1\xf3={\xb7\xe65\xb6\x1a\x99q^\xc2\xfc\xb0\xc09\x85\x03\xf1]\xc54;\x8d\x01\xec3#\x8f%5\xef\xfe\xc5\xdb\xd5\xb7\xe0\xdd\xec,rV\x82!\xa0', 0x0) pwritev(r2, &(0x7f0000000380)=[{&(0x7f0000000680)="649dedae939e9f8224cc276521", 0xd}], 0x1, 0x4081806) sendfile(r0, r2, 0x0, 0x20020102000007) pipe(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}) write(r4, &(0x7f00000001c0), 0xfffffef3) clone(0x2502001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write$FUSE_DIRENT(r4, &(0x7f00000005c0)=ANY=[@ANYBLOB="e5826d421d3b7014a2039ff2f9456de65d55d6506eef83613a57508b2529391dd3d49eb97818521687698e01d4112c42d7"], 0x31) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendto$unix(r4, &(0x7f00000000c0)="c70a70390fad69214334d49a467786cc3de7610ec1377dbf82f66b349db8de304bc7073e1f876d73d16d1d0d4d3890e1649b0abc8cf4035daaa1d25a3ae1de", 0x3f, 0x4, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(0x0) recvfrom$unix(r1, &(0x7f0000000040)=""/4, 0xebc3276d6d4b1cd2, 0x100100, &(0x7f0000000100)=@abs, 0x930212) openat$zero(0xffffffffffffff9c, &(0x7f0000000480)='/dev/zero\x00', 0x200, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000800)={0xb, 'syz1\x00', 'syz0\x00', 'syz0\x00', 0x7a, 0xfffffffffffffff7, 0x100, 0x1, 0x3, 0x200, "592ed8b52a1bda2e6f296753bbe783ae2b20572758357f83fcc707cca8174467a2393a8e63315d6f13a3d52b277a2338a86c9ef642bbe5fe8cfc3ea0849103d57f8d0d37c26db89ca8339eec730417950d4f506906111b70cce34c4778426f8bd711df203bce6bf5d61a6a33d3dcdf29d2cb7a3498b2b320ce78"}, 0x192) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, &(0x7f0000000f00)) execveat(r3, &(0x7f0000000180)='./file0\x00', &(0x7f0000000340)=[&(0x7f00000001c0)='TIPCv2\x00', &(0x7f0000000200)='/7\x02\xe8\xa4\xef\x9e\xc8e\xd5n\x89\xeb[<\x18-\x14\x8d8\xbf\xfe\x83\x19\xf3(\xd7y\x14h\xcf(f\x06I:\xa4\xea\xcb\b\x81C\xdd\xcc\x00\x00\x00\x00\xf9\b1h\xbam\xa4x\xb1:\xcf\a\x94Z\x7f\xc8\vy\xf2F\xf4\x9d\n3\xd4\x9a[\xee\xaa\t\xbe\x90\xabU3\xd3[y\xd1d^We\xa9\xcb\x86a\"\xba\xb7\xcd\xcf\x88\x9eqO|\x9f\xcf\r\x86\xf4\x15@\x82w\xa8\\\x8c^a\xbe\x991l\\\x16\xd4\xd53\xdd\x9e\x00\x01:\xac\x14^\xf6\xb6\xb1^\xaa\xfa\x02x\x8aV\x87\xe3\xfb\xef\xd0\xb7({,\xf4\xa2cl`\xdc\xf7\xe2f\xad\xaa>\xd4Ts\x10\xb9V!\x91uGTy\xde$X\xff\xb1\xf3={\xb7\xe65\xb6\x1a\x99q^\xc2\xfc\xb0\xc09\x85\x03\xf1]\xc54;\x8d\x01\xec3#\x8f%5\xef\xfe\xc5\xdb\xd5\xb7\xe0\xdd\xec,rV\x82!\xa0', &(0x7f0000000300)='TIPCv2\x00'], &(0x7f0000000640)=[&(0x7f00000003c0)='\\\x00', &(0x7f0000000400)='selinux^&\x00', &(0x7f0000000440)='TIPCv2\x00', &(0x7f00000004c0)='vmnet1$\x00', &(0x7f0000000500)='\x00', &(0x7f0000000540)='[cgroup+\x00', &(0x7f0000000600)='GPL\x00'], 0xc00) fcntl$setstatus(r0, 0x4, 0x2800) 05:02:03 executing program 2: syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/ptmx\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) write(r1, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000340)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 05:02:03 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) fsetxattr$security_selinux(r0, &(0x7f0000000080)='security.selinux\x00', &(0x7f00000000c0)='system_u:object_r:audisp_exec_t:s0\x00', 0x23, 0x0) 05:02:03 executing program 0: r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x0, 0x0) 05:02:03 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000b9aff0)={0x2, 0x4e20}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x400000000008084, &(0x7f0000000040)={0x2, 0x4e20}, 0x10) sendto$inet(r0, &(0x7f00000000c0)="88fb072a", 0x4, 0x20048080, 0x0, 0x0) sendmsg$TIPC_NL_BEARER_DISABLE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000600)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000000)=0x4, 0x4) recvfrom$inet(r0, &(0x7f0000002100)=""/90, 0x5a, 0x3, 0x0, 0x0) [ 181.094058][ T7745] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 05:02:03 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000b9aff0)={0x2, 0x4e20}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x400000000008084, &(0x7f0000000040)={0x2, 0x4e20}, 0x10) sendto$inet(r0, &(0x7f00000000c0)="88fb072a", 0x4, 0x20048080, 0x0, 0x0) sendmsg$TIPC_NL_BEARER_DISABLE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000600)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000000)=0x4, 0x4) recvfrom$inet(r0, &(0x7f0000002100)=""/90, 0x5a, 0x3, 0x0, 0x0) 05:02:05 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') sendmsg$TIPC_CMD_SET_NETID(0xffffffffffffffff, 0x0, 0x4000) connect$inet6(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, 0x0) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(0xffffffffffffffff, 0x4010ae74, &(0x7f0000000040)={0x5f, 0x84e, 0xe1}) ioctl$SG_GET_ACCESS_COUNT(0xffffffffffffffff, 0x2289, &(0x7f00000001c0)) getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000300), &(0x7f0000000340)=0x8) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000380)=@assoc_value={0x0, 0x6}, &(0x7f00000003c0)=0x8) socket$can_raw(0x1d, 0x3, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x30, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b67, 0x0) unshare(0x40000000) 05:02:05 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000b9aff0)={0x2, 0x4e20}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x400000000008084, &(0x7f0000000040)={0x2, 0x4e20}, 0x10) sendto$inet(r0, &(0x7f00000000c0)="88fb072a", 0x4, 0x20048080, 0x0, 0x0) sendmsg$TIPC_NL_BEARER_DISABLE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000600)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000000)=0x4, 0x4) recvfrom$inet(r0, &(0x7f0000002100)=""/90, 0x5a, 0x3, 0x0, 0x0) 05:02:05 executing program 3: semctl$GETPID(0x0, 0x0, 0xb, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x42) ioctl$TCSETS(r0, 0x5402, 0x0) clone(0x2000, &(0x7f0000000240), 0x0, 0xfffffffffffffffd, &(0x7f0000000300)) 05:02:05 executing program 1: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f00000005c0)={0x3, 0x192, 0xfa00, {{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast1}}}, 0xfffffce3) 05:02:05 executing program 2: syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/ptmx\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) write(r1, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000340)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 05:02:05 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sendmmsg(r0, &(0x7f0000000380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4000005) 05:02:05 executing program 4: syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/ptmx\x00', 0x0, 0x0) pipe(&(0x7f0000000100)) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), 0x0) 05:02:05 executing program 3: syz_emit_ethernet(0x36, &(0x7f00000001c0)={@local, @empty, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @rand_addr=0x80000000}, @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) 05:02:05 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$P9_RREAD(0xffffffffffffffff, 0x0, 0x0) sendmsg$key(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x2, 0x3, 0x0, 0x3, 0x9, 0x0, 0x0, 0x0, [@sadb_key={0x2, 0x9, 0x8, 0x0, "e5"}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x48}}, 0x0) 05:02:05 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000b9aff0)={0x2, 0x4e20}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x400000000008084, &(0x7f0000000040)={0x2, 0x4e20}, 0x10) sendto$inet(r0, &(0x7f00000000c0)="88fb072a", 0x4, 0x20048080, 0x0, 0x0) sendmsg$TIPC_NL_BEARER_DISABLE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000600)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000000)=0x4, 0x4) recvfrom$inet(r0, &(0x7f0000002100)=""/90, 0x5a, 0x3, 0x0, 0x0) 05:02:05 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000010c0)=ANY=[@ANYBLOB="140000000301ffffef7f12b685d3901b00000000"], 0x14}}, 0x0) 05:02:05 executing program 3: r0 = socket$inet6(0xa, 0x3, 0xd) recvmmsg(r0, &(0x7f0000000200), 0x38c, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) [ 182.730525][ T7806] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7806 [ 182.740099][ T7806] caller is ip6_finish_output+0x335/0xdc0 [ 182.745824][ T7806] CPU: 1 PID: 7806 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 182.754850][ T7806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 182.764919][ T7806] Call Trace: [ 182.768225][ T7806] dump_stack+0x172/0x1f0 [ 182.772665][ T7806] __this_cpu_preempt_check+0x246/0x270 [ 182.778224][ T7806] ip6_finish_output+0x335/0xdc0 [ 182.783176][ T7806] ip6_output+0x235/0x7f0 [ 182.787513][ T7806] ? ip6_finish_output+0xdc0/0xdc0 [ 182.792618][ T7806] ? ip6_fragment+0x3980/0x3980 [ 182.792647][ T7806] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 182.792666][ T7806] ip6_local_out+0xc4/0x1b0 [ 182.792682][ T7806] ip6_send_skb+0xbb/0x350 [ 182.792701][ T7806] ip6_push_pending_frames+0xc8/0xf0 [ 182.792716][ T7806] rawv6_sendmsg+0x299c/0x35e0 [ 182.792737][ T7806] ? rawv6_getsockopt+0x150/0x150 [ 182.792752][ T7806] ? aa_profile_af_perm+0x320/0x320 [ 182.792771][ T7806] ? find_held_lock+0x35/0x130 [ 182.792786][ T7806] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 182.792803][ T7806] ? rw_copy_check_uvector+0x2a6/0x330 [ 182.792827][ T7806] ? ___might_sleep+0x163/0x280 [ 182.792847][ T7806] ? __might_sleep+0x95/0x190 [ 182.833134][ T7806] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 182.833152][ T7806] inet_sendmsg+0x147/0x5e0 [ 182.833167][ T7806] ? rawv6_getsockopt+0x150/0x150 [ 182.833177][ T7806] ? inet_sendmsg+0x147/0x5e0 [ 182.833189][ T7806] ? ipip_gro_receive+0x100/0x100 [ 182.833206][ T7806] sock_sendmsg+0xdd/0x130 [ 182.833221][ T7806] ___sys_sendmsg+0x3e2/0x930 [ 182.833240][ T7806] ? copy_msghdr_from_user+0x430/0x430 [ 182.869847][ T7806] ? lock_downgrade+0x880/0x880 [ 182.869871][ T7806] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 182.869893][ T7806] ? kasan_check_read+0x11/0x20 [ 182.869910][ T7806] ? __fget+0x381/0x550 [ 182.869929][ T7806] ? ksys_dup3+0x3e0/0x3e0 [ 182.869941][ T7806] ? find_held_lock+0x35/0x130 [ 182.869959][ T7806] ? __fget_light+0x1a9/0x230 [ 182.869972][ T7806] ? __fdget+0x1b/0x20 [ 182.869984][ T7806] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 182.870002][ T7806] ? sockfd_lookup_light+0xcb/0x180 [ 182.870017][ T7806] __sys_sendmmsg+0x1bf/0x4d0 [ 182.870034][ T7806] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 182.870056][ T7806] ? _copy_to_user+0xc9/0x120 [ 182.870076][ T7806] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 182.974994][ T7806] ? put_timespec64+0xda/0x140 [ 182.979760][ T7806] ? nsecs_to_jiffies+0x30/0x30 [ 182.984607][ T7806] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 182.990046][ T7806] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 182.995485][ T7806] ? do_syscall_64+0x26/0x610 [ 183.000142][ T7806] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.006186][ T7806] ? do_syscall_64+0x26/0x610 [ 183.010855][ T7806] __x64_sys_sendmmsg+0x9d/0x100 [ 183.015883][ T7806] do_syscall_64+0x103/0x610 [ 183.020457][ T7806] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.026330][ T7806] RIP: 0033:0x4582b9 [ 183.030214][ T7806] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 183.049805][ T7806] RSP: 002b:00007fbd2a8fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 183.058207][ T7806] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 183.066163][ T7806] RDX: 00000000000004ff RSI: 00000000200092c0 RDI: 0000000000000003 [ 183.074121][ T7806] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 183.082076][ T7806] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbd2a8ff6d4 [ 183.090040][ T7806] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 183.114787][ T7806] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7806 [ 183.124372][ T7806] caller is ip6_finish_output+0x335/0xdc0 [ 183.130146][ T7806] CPU: 0 PID: 7806 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 183.139161][ T7806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 183.149213][ T7806] Call Trace: [ 183.152493][ T7806] dump_stack+0x172/0x1f0 [ 183.156811][ T7806] __this_cpu_preempt_check+0x246/0x270 [ 183.164277][ T7806] ip6_finish_output+0x335/0xdc0 [ 183.169338][ T7806] ip6_output+0x235/0x7f0 [ 183.173743][ T7806] ? ip6_finish_output+0xdc0/0xdc0 [ 183.178878][ T7806] ? ip6_fragment+0x3980/0x3980 [ 183.183711][ T7806] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 183.189254][ T7806] ip6_local_out+0xc4/0x1b0 [ 183.193739][ T7806] ip6_send_skb+0xbb/0x350 [ 183.198165][ T7806] ip6_push_pending_frames+0xc8/0xf0 [ 183.203451][ T7806] rawv6_sendmsg+0x299c/0x35e0 [ 183.208200][ T7806] ? rawv6_getsockopt+0x150/0x150 [ 183.213220][ T7806] ? aa_profile_af_perm+0x320/0x320 [ 183.218400][ T7806] ? find_held_lock+0x35/0x130 [ 183.223326][ T7806] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 183.229561][ T7806] ? rw_copy_check_uvector+0x2a6/0x330 [ 183.235096][ T7806] ? ___might_sleep+0x163/0x280 [ 183.239943][ T7806] ? __might_sleep+0x95/0x190 [ 183.244615][ T7806] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 183.250146][ T7806] inet_sendmsg+0x147/0x5e0 [ 183.254631][ T7806] ? rawv6_getsockopt+0x150/0x150 [ 183.261112][ T7806] ? inet_sendmsg+0x147/0x5e0 [ 183.265865][ T7806] ? ipip_gro_receive+0x100/0x100 [ 183.270870][ T7806] sock_sendmsg+0xdd/0x130 [ 183.275273][ T7806] ___sys_sendmsg+0x3e2/0x930 [ 183.281757][ T7806] ? copy_msghdr_from_user+0x430/0x430 [ 183.287202][ T7806] ? __lock_acquire+0x548/0x3fb0 [ 183.292129][ T7806] ? lock_downgrade+0x880/0x880 [ 183.296965][ T7806] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 183.303188][ T7806] ? kasan_check_read+0x11/0x20 [ 183.308026][ T7806] ? __might_fault+0x12b/0x1e0 [ 183.312769][ T7806] ? find_held_lock+0x35/0x130 [ 183.317521][ T7806] ? __might_fault+0x12b/0x1e0 [ 183.322270][ T7806] ? lock_downgrade+0x880/0x880 [ 183.327107][ T7806] ? ___might_sleep+0x163/0x280 [ 183.331947][ T7806] __sys_sendmmsg+0x1bf/0x4d0 [ 183.336607][ T7806] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 183.341619][ T7806] ? _copy_to_user+0xc9/0x120 [ 183.346280][ T7806] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 183.352501][ T7806] ? put_timespec64+0xda/0x140 [ 183.357248][ T7806] ? nsecs_to_jiffies+0x30/0x30 [ 183.362087][ T7806] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.367525][ T7806] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.372967][ T7806] ? do_syscall_64+0x26/0x610 [ 183.377624][ T7806] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.383756][ T7806] ? do_syscall_64+0x26/0x610 [ 183.388417][ T7806] __x64_sys_sendmmsg+0x9d/0x100 [ 183.393340][ T7806] do_syscall_64+0x103/0x610 [ 183.397934][ T7806] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.403804][ T7806] RIP: 0033:0x4582b9 [ 183.407701][ T7806] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 183.427285][ T7806] RSP: 002b:00007fbd2a8fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 183.435674][ T7806] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 183.443637][ T7806] RDX: 00000000000004ff RSI: 00000000200092c0 RDI: 0000000000000003 [ 183.451589][ T7806] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 183.459550][ T7806] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbd2a8ff6d4 [ 183.467500][ T7806] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 183.480255][ T7806] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7806 [ 183.489754][ T7806] caller is ip6_finish_output+0x335/0xdc0 [ 183.495603][ T7806] CPU: 0 PID: 7806 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 183.504603][ T7806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 183.504609][ T7806] Call Trace: [ 183.504631][ T7806] dump_stack+0x172/0x1f0 [ 183.504655][ T7806] __this_cpu_preempt_check+0x246/0x270 [ 183.504675][ T7806] ip6_finish_output+0x335/0xdc0 [ 183.518191][ T7806] ip6_output+0x235/0x7f0 [ 183.518209][ T7806] ? ip6_finish_output+0xdc0/0xdc0 [ 183.518228][ T7806] ? ip6_fragment+0x3980/0x3980 [ 183.528062][ T7806] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 183.528084][ T7806] ip6_local_out+0xc4/0x1b0 [ 183.528102][ T7806] ip6_send_skb+0xbb/0x350 [ 183.561952][ T7806] ip6_push_pending_frames+0xc8/0xf0 [ 183.567228][ T7806] rawv6_sendmsg+0x299c/0x35e0 [ 183.572155][ T7806] ? rawv6_getsockopt+0x150/0x150 [ 183.578560][ T7806] ? aa_profile_af_perm+0x320/0x320 [ 183.583742][ T7806] ? find_held_lock+0x35/0x130 [ 183.588488][ T7806] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 183.594714][ T7806] ? rw_copy_check_uvector+0x2a6/0x330 [ 183.600182][ T7806] ? ___might_sleep+0x163/0x280 [ 183.605188][ T7806] ? __might_sleep+0x95/0x190 [ 183.609850][ T7806] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 183.615390][ T7806] inet_sendmsg+0x147/0x5e0 [ 183.619876][ T7806] ? rawv6_getsockopt+0x150/0x150 [ 183.624881][ T7806] ? inet_sendmsg+0x147/0x5e0 [ 183.629708][ T7806] ? ipip_gro_receive+0x100/0x100 [ 183.634719][ T7806] sock_sendmsg+0xdd/0x130 [ 183.639145][ T7806] ___sys_sendmsg+0x3e2/0x930 [ 183.643824][ T7806] ? copy_msghdr_from_user+0x430/0x430 [ 183.649262][ T7806] ? __lock_acquire+0x548/0x3fb0 [ 183.654175][ T7806] ? lock_downgrade+0x880/0x880 [ 183.659006][ T7806] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 183.665248][ T7806] ? kasan_check_read+0x11/0x20 [ 183.670371][ T7806] ? __might_fault+0x12b/0x1e0 [ 183.675116][ T7806] ? find_held_lock+0x35/0x130 [ 183.679861][ T7806] ? __might_fault+0x12b/0x1e0 [ 183.684624][ T7806] ? lock_downgrade+0x880/0x880 [ 183.689459][ T7806] ? ___might_sleep+0x163/0x280 [ 183.694288][ T7806] __sys_sendmmsg+0x1bf/0x4d0 [ 183.698947][ T7806] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 183.703955][ T7806] ? _copy_to_user+0xc9/0x120 [ 183.708629][ T7806] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 183.714851][ T7806] ? put_timespec64+0xda/0x140 [ 183.719590][ T7806] ? nsecs_to_jiffies+0x30/0x30 [ 183.724425][ T7806] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.729860][ T7806] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.735380][ T7806] ? do_syscall_64+0x26/0x610 [ 183.740033][ T7806] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.746073][ T7806] ? do_syscall_64+0x26/0x610 [ 183.750745][ T7806] __x64_sys_sendmmsg+0x9d/0x100 [ 183.755667][ T7806] do_syscall_64+0x103/0x610 [ 183.760249][ T7806] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.766126][ T7806] RIP: 0033:0x4582b9 [ 183.770009][ T7806] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 183.789796][ T7806] RSP: 002b:00007fbd2a8fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 183.798196][ T7806] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 183.806172][ T7806] RDX: 00000000000004ff RSI: 00000000200092c0 RDI: 0000000000000003 [ 183.814124][ T7806] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 183.822071][ T7806] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbd2a8ff6d4 [ 183.830036][ T7806] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 183.842522][ T7806] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7806 [ 183.851901][ T7806] caller is ip6_finish_output+0x335/0xdc0 [ 183.857604][ T7806] CPU: 0 PID: 7806 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 183.866612][ T7806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 183.876648][ T7806] Call Trace: [ 183.879921][ T7806] dump_stack+0x172/0x1f0 [ 183.884233][ T7806] __this_cpu_preempt_check+0x246/0x270 [ 183.889851][ T7806] ip6_finish_output+0x335/0xdc0 [ 183.894796][ T7806] ip6_output+0x235/0x7f0 [ 183.899116][ T7806] ? ip6_finish_output+0xdc0/0xdc0 [ 183.904329][ T7806] ? ip6_fragment+0x3980/0x3980 [ 183.909171][ T7806] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 183.914705][ T7806] ip6_local_out+0xc4/0x1b0 [ 183.919280][ T7806] ip6_send_skb+0xbb/0x350 [ 183.923679][ T7806] ip6_push_pending_frames+0xc8/0xf0 [ 183.929118][ T7806] rawv6_sendmsg+0x299c/0x35e0 [ 183.933864][ T7806] ? rawv6_getsockopt+0x150/0x150 [ 183.938868][ T7806] ? aa_profile_af_perm+0x320/0x320 [ 183.944047][ T7806] ? find_held_lock+0x35/0x130 [ 183.948804][ T7806] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 183.955025][ T7806] ? rw_copy_check_uvector+0x2a6/0x330 [ 183.960466][ T7806] ? ___might_sleep+0x163/0x280 [ 183.965297][ T7806] ? __might_sleep+0x95/0x190 [ 183.970085][ T7806] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 183.975611][ T7806] inet_sendmsg+0x147/0x5e0 [ 183.980113][ T7806] ? rawv6_getsockopt+0x150/0x150 [ 183.985116][ T7806] ? inet_sendmsg+0x147/0x5e0 [ 183.989788][ T7806] ? ipip_gro_receive+0x100/0x100 [ 183.994812][ T7806] sock_sendmsg+0xdd/0x130 [ 183.999206][ T7806] ___sys_sendmsg+0x3e2/0x930 [ 184.003865][ T7806] ? copy_msghdr_from_user+0x430/0x430 [ 184.009305][ T7806] ? __lock_acquire+0x548/0x3fb0 [ 184.017133][ T7806] ? lock_downgrade+0x880/0x880 [ 184.021973][ T7806] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 184.028194][ T7806] ? kasan_check_read+0x11/0x20 [ 184.033028][ T7806] ? __might_fault+0x12b/0x1e0 [ 184.037893][ T7806] ? find_held_lock+0x35/0x130 [ 184.042637][ T7806] ? __might_fault+0x12b/0x1e0 [ 184.047383][ T7806] ? lock_downgrade+0x880/0x880 [ 184.052219][ T7806] ? ___might_sleep+0x163/0x280 [ 184.057050][ T7806] __sys_sendmmsg+0x1bf/0x4d0 [ 184.061706][ T7806] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 184.066722][ T7806] ? _copy_to_user+0xc9/0x120 [ 184.071379][ T7806] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 184.077597][ T7806] ? put_timespec64+0xda/0x140 [ 184.082336][ T7806] ? nsecs_to_jiffies+0x30/0x30 [ 184.087170][ T7806] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.092610][ T7806] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.098069][ T7806] ? do_syscall_64+0x26/0x610 [ 184.102729][ T7806] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 184.108780][ T7806] ? do_syscall_64+0x26/0x610 [ 184.113440][ T7806] __x64_sys_sendmmsg+0x9d/0x100 [ 184.118366][ T7806] do_syscall_64+0x103/0x610 [ 184.122946][ T7806] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 184.128820][ T7806] RIP: 0033:0x4582b9 [ 184.132692][ T7806] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 184.152360][ T7806] RSP: 002b:00007fbd2a8fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 184.160771][ T7806] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 184.168740][ T7806] RDX: 00000000000004ff RSI: 00000000200092c0 RDI: 0000000000000003 [ 184.176714][ T7806] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 184.184665][ T7806] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbd2a8ff6d4 [ 184.192629][ T7806] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 184.203414][ T7806] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7806 [ 184.212810][ T7806] caller is ip6_finish_output+0x335/0xdc0 [ 184.218536][ T7806] CPU: 0 PID: 7806 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 184.227536][ T7806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 184.237595][ T7806] Call Trace: [ 184.242260][ T7806] dump_stack+0x172/0x1f0 [ 184.246580][ T7806] __this_cpu_preempt_check+0x246/0x270 [ 184.252130][ T7806] ip6_finish_output+0x335/0xdc0 [ 184.257052][ T7806] ip6_output+0x235/0x7f0 [ 184.261360][ T7806] ? ip6_finish_output+0xdc0/0xdc0 [ 184.266451][ T7806] ? ip6_fragment+0x3980/0x3980 [ 184.271296][ T7806] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 184.276829][ T7806] ip6_local_out+0xc4/0x1b0 [ 184.281315][ T7806] ip6_send_skb+0xbb/0x350 [ 184.285712][ T7806] ip6_push_pending_frames+0xc8/0xf0 [ 184.290979][ T7806] rawv6_sendmsg+0x299c/0x35e0 [ 184.295724][ T7806] ? rawv6_getsockopt+0x150/0x150 [ 184.300746][ T7806] ? aa_profile_af_perm+0x320/0x320 [ 184.305944][ T7806] ? find_held_lock+0x35/0x130 [ 184.310699][ T7806] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 184.317011][ T7806] ? rw_copy_check_uvector+0x2a6/0x330 [ 184.322454][ T7806] ? ___might_sleep+0x163/0x280 [ 184.327297][ T7806] ? __might_sleep+0x95/0x190 [ 184.331961][ T7806] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 184.337485][ T7806] inet_sendmsg+0x147/0x5e0 [ 184.341965][ T7806] ? rawv6_getsockopt+0x150/0x150 [ 184.346966][ T7806] ? inet_sendmsg+0x147/0x5e0 [ 184.351618][ T7806] ? ipip_gro_receive+0x100/0x100 [ 184.356619][ T7806] sock_sendmsg+0xdd/0x130 [ 184.361015][ T7806] ___sys_sendmsg+0x3e2/0x930 [ 184.365671][ T7806] ? copy_msghdr_from_user+0x430/0x430 [ 184.371106][ T7806] ? __lock_acquire+0x548/0x3fb0 [ 184.376022][ T7806] ? lock_downgrade+0x880/0x880 [ 184.380854][ T7806] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 184.387071][ T7806] ? kasan_check_read+0x11/0x20 [ 184.392164][ T7806] ? __might_fault+0x12b/0x1e0 [ 184.396912][ T7806] ? find_held_lock+0x35/0x130 [ 184.401654][ T7806] ? __might_fault+0x12b/0x1e0 [ 184.406402][ T7806] ? lock_downgrade+0x880/0x880 [ 184.411252][ T7806] ? ___might_sleep+0x163/0x280 [ 184.416273][ T7806] __sys_sendmmsg+0x1bf/0x4d0 [ 184.420950][ T7806] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 184.425964][ T7806] ? _copy_to_user+0xc9/0x120 [ 184.430798][ T7806] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 184.437021][ T7806] ? put_timespec64+0xda/0x140 [ 184.441776][ T7806] ? nsecs_to_jiffies+0x30/0x30 [ 184.446611][ T7806] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.452047][ T7806] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.457485][ T7806] ? do_syscall_64+0x26/0x610 [ 184.462139][ T7806] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 184.468180][ T7806] ? do_syscall_64+0x26/0x610 [ 184.472836][ T7806] __x64_sys_sendmmsg+0x9d/0x100 [ 184.478203][ T7806] do_syscall_64+0x103/0x610 [ 184.482778][ T7806] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 184.488646][ T7806] RIP: 0033:0x4582b9 [ 184.492635][ T7806] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 184.512241][ T7806] RSP: 002b:00007fbd2a8fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 184.520645][ T7806] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 184.528598][ T7806] RDX: 00000000000004ff RSI: 00000000200092c0 RDI: 0000000000000003 [ 184.536581][ T7806] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 184.544536][ T7806] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbd2a8ff6d4 [ 184.552506][ T7806] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 184.563463][ T7806] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7806 [ 184.573003][ T7806] caller is ip6_finish_output+0x335/0xdc0 [ 184.573021][ T7806] CPU: 0 PID: 7806 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 184.573030][ T7806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 184.573035][ T7806] Call Trace: [ 184.573054][ T7806] dump_stack+0x172/0x1f0 [ 184.573076][ T7806] __this_cpu_preempt_check+0x246/0x270 [ 184.573094][ T7806] ip6_finish_output+0x335/0xdc0 [ 184.573116][ T7806] ip6_output+0x235/0x7f0 [ 184.573134][ T7806] ? ip6_finish_output+0xdc0/0xdc0 [ 184.573152][ T7806] ? ip6_fragment+0x3980/0x3980 [ 184.573168][ T7806] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 184.573188][ T7806] ip6_local_out+0xc4/0x1b0 [ 184.573207][ T7806] ip6_send_skb+0xbb/0x350 [ 184.573227][ T7806] ip6_push_pending_frames+0xc8/0xf0 [ 184.573244][ T7806] rawv6_sendmsg+0x299c/0x35e0 [ 184.573267][ T7806] ? rawv6_getsockopt+0x150/0x150 [ 184.573283][ T7806] ? aa_profile_af_perm+0x320/0x320 [ 184.573302][ T7806] ? find_held_lock+0x35/0x130 [ 184.573319][ T7806] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 184.573336][ T7806] ? rw_copy_check_uvector+0x2a6/0x330 [ 184.573362][ T7806] ? ___might_sleep+0x163/0x280 [ 184.573378][ T7806] ? __might_sleep+0x95/0x190 [ 184.573407][ T7806] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 184.573424][ T7806] inet_sendmsg+0x147/0x5e0 [ 184.573438][ T7806] ? rawv6_getsockopt+0x150/0x150 [ 184.573448][ T7806] ? inet_sendmsg+0x147/0x5e0 [ 184.573462][ T7806] ? ipip_gro_receive+0x100/0x100 [ 184.573479][ T7806] sock_sendmsg+0xdd/0x130 [ 184.573496][ T7806] ___sys_sendmsg+0x3e2/0x930 [ 184.573514][ T7806] ? copy_msghdr_from_user+0x430/0x430 [ 184.573529][ T7806] ? __lock_acquire+0x548/0x3fb0 [ 184.573540][ T7806] ? lock_downgrade+0x880/0x880 [ 184.573553][ T7806] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 184.573572][ T7806] ? kasan_check_read+0x11/0x20 [ 184.573591][ T7806] ? __might_fault+0x12b/0x1e0 [ 184.573606][ T7806] ? find_held_lock+0x35/0x130 [ 184.573619][ T7806] ? __might_fault+0x12b/0x1e0 [ 184.573640][ T7806] ? lock_downgrade+0x880/0x880 [ 184.573662][ T7806] ? ___might_sleep+0x163/0x280 [ 184.573679][ T7806] __sys_sendmmsg+0x1bf/0x4d0 [ 184.573697][ T7806] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 184.573722][ T7806] ? _copy_to_user+0xc9/0x120 [ 184.573754][ T7806] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 184.573768][ T7806] ? put_timespec64+0xda/0x140 [ 184.573783][ T7806] ? nsecs_to_jiffies+0x30/0x30 [ 184.573807][ T7806] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.573821][ T7806] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.573834][ T7806] ? do_syscall_64+0x26/0x610 [ 184.573848][ T7806] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 184.573861][ T7806] ? do_syscall_64+0x26/0x610 [ 184.573879][ T7806] __x64_sys_sendmmsg+0x9d/0x100 [ 184.573896][ T7806] do_syscall_64+0x103/0x610 [ 184.573914][ T7806] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 184.573925][ T7806] RIP: 0033:0x4582b9 [ 184.573940][ T7806] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 184.573948][ T7806] RSP: 002b:00007fbd2a8fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 184.573962][ T7806] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 184.573970][ T7806] RDX: 00000000000004ff RSI: 00000000200092c0 RDI: 0000000000000003 [ 184.573977][ T7806] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 184.573985][ T7806] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbd2a8ff6d4 [ 184.573994][ T7806] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 184.574179][ T7806] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7806 [ 184.574193][ T7806] caller is ip6_finish_output+0x335/0xdc0 [ 184.617578][ T7806] CPU: 0 PID: 7806 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 184.945601][ T7806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 184.955637][ T7806] Call Trace: [ 184.958915][ T7806] dump_stack+0x172/0x1f0 [ 184.963233][ T7806] __this_cpu_preempt_check+0x246/0x270 [ 184.968765][ T7806] ip6_finish_output+0x335/0xdc0 [ 184.973689][ T7806] ip6_output+0x235/0x7f0 [ 184.978014][ T7806] ? ip6_finish_output+0xdc0/0xdc0 [ 184.983109][ T7806] ? ip6_fragment+0x3980/0x3980 [ 184.987958][ T7806] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 184.993488][ T7806] ip6_local_out+0xc4/0x1b0 [ 184.997977][ T7806] ip6_send_skb+0xbb/0x350 [ 185.002378][ T7806] ip6_push_pending_frames+0xc8/0xf0 [ 185.007647][ T7806] rawv6_sendmsg+0x299c/0x35e0 [ 185.012402][ T7806] ? rawv6_getsockopt+0x150/0x150 [ 185.017407][ T7806] ? aa_profile_af_perm+0x320/0x320 [ 185.022589][ T7806] ? find_held_lock+0x35/0x130 [ 185.027334][ T7806] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 185.033555][ T7806] ? rw_copy_check_uvector+0x2a6/0x330 [ 185.039016][ T7806] ? ___might_sleep+0x163/0x280 [ 185.043848][ T7806] ? __might_sleep+0x95/0x190 [ 185.048532][ T7806] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 185.054061][ T7806] inet_sendmsg+0x147/0x5e0 [ 185.058558][ T7806] ? rawv6_getsockopt+0x150/0x150 [ 185.063564][ T7806] ? inet_sendmsg+0x147/0x5e0 [ 185.068221][ T7806] ? ipip_gro_receive+0x100/0x100 [ 185.073232][ T7806] sock_sendmsg+0xdd/0x130 [ 185.077634][ T7806] ___sys_sendmsg+0x3e2/0x930 [ 185.082296][ T7806] ? copy_msghdr_from_user+0x430/0x430 [ 185.087739][ T7806] ? __lock_acquire+0x548/0x3fb0 [ 185.092657][ T7806] ? lock_downgrade+0x880/0x880 [ 185.097503][ T7806] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.103736][ T7806] ? kasan_check_read+0x11/0x20 [ 185.108571][ T7806] ? __might_fault+0x12b/0x1e0 [ 185.113315][ T7806] ? find_held_lock+0x35/0x130 [ 185.118057][ T7806] ? __might_fault+0x12b/0x1e0 [ 185.122809][ T7806] ? lock_downgrade+0x880/0x880 [ 185.127647][ T7806] ? ___might_sleep+0x163/0x280 [ 185.132479][ T7806] __sys_sendmmsg+0x1bf/0x4d0 [ 185.137139][ T7806] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 185.142151][ T7806] ? _copy_to_user+0xc9/0x120 [ 185.146811][ T7806] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 185.153032][ T7806] ? put_timespec64+0xda/0x140 [ 185.157777][ T7806] ? nsecs_to_jiffies+0x30/0x30 [ 185.162615][ T7806] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.168054][ T7806] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.173494][ T7806] ? do_syscall_64+0x26/0x610 [ 185.178151][ T7806] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.184197][ T7806] ? do_syscall_64+0x26/0x610 [ 185.188859][ T7806] __x64_sys_sendmmsg+0x9d/0x100 [ 185.193782][ T7806] do_syscall_64+0x103/0x610 [ 185.198355][ T7806] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.204228][ T7806] RIP: 0033:0x4582b9 [ 185.208108][ T7806] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 185.227691][ T7806] RSP: 002b:00007fbd2a8fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 185.236099][ T7806] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 185.244056][ T7806] RDX: 00000000000004ff RSI: 00000000200092c0 RDI: 0000000000000003 [ 185.252012][ T7806] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 185.259966][ T7806] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbd2a8ff6d4 [ 185.267919][ T7806] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 185.284619][ T7806] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7806 [ 185.294014][ T7806] caller is ip6_finish_output+0x335/0xdc0 [ 185.299729][ T7806] CPU: 1 PID: 7806 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 185.308725][ T7806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 185.319035][ T7806] Call Trace: [ 185.322326][ T7806] dump_stack+0x172/0x1f0 [ 185.326654][ T7806] __this_cpu_preempt_check+0x246/0x270 [ 185.332192][ T7806] ip6_finish_output+0x335/0xdc0 [ 185.337138][ T7806] ip6_output+0x235/0x7f0 [ 185.341475][ T7806] ? ip6_finish_output+0xdc0/0xdc0 [ 185.346582][ T7806] ? ip6_fragment+0x3980/0x3980 [ 185.351416][ T7806] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 185.356950][ T7806] ip6_local_out+0xc4/0x1b0 [ 185.361452][ T7806] ip6_send_skb+0xbb/0x350 [ 185.365875][ T7806] ip6_push_pending_frames+0xc8/0xf0 [ 185.371833][ T7806] rawv6_sendmsg+0x299c/0x35e0 [ 185.376605][ T7806] ? rawv6_getsockopt+0x150/0x150 [ 185.381621][ T7806] ? aa_profile_af_perm+0x320/0x320 [ 185.386813][ T7806] ? find_held_lock+0x35/0x130 [ 185.391570][ T7806] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 185.397789][ T7806] ? rw_copy_check_uvector+0x2a6/0x330 [ 185.403251][ T7806] ? ___might_sleep+0x163/0x280 [ 185.408093][ T7806] ? __might_sleep+0x95/0x190 [ 185.412755][ T7806] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 185.418980][ T7806] inet_sendmsg+0x147/0x5e0 [ 185.423473][ T7806] ? rawv6_getsockopt+0x150/0x150 [ 185.428505][ T7806] ? inet_sendmsg+0x147/0x5e0 [ 185.433360][ T7806] ? ipip_gro_receive+0x100/0x100 [ 185.438368][ T7806] sock_sendmsg+0xdd/0x130 [ 185.442788][ T7806] ___sys_sendmsg+0x3e2/0x930 [ 185.447455][ T7806] ? copy_msghdr_from_user+0x430/0x430 [ 185.452897][ T7806] ? __lock_acquire+0x548/0x3fb0 [ 185.457810][ T7806] ? lock_downgrade+0x880/0x880 [ 185.462648][ T7806] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.468884][ T7806] ? kasan_check_read+0x11/0x20 [ 185.473725][ T7806] ? __might_fault+0x12b/0x1e0 [ 185.478481][ T7806] ? find_held_lock+0x35/0x130 [ 185.483670][ T7806] ? __might_fault+0x12b/0x1e0 [ 185.488433][ T7806] ? lock_downgrade+0x880/0x880 [ 185.493442][ T7806] ? ___might_sleep+0x163/0x280 [ 185.498282][ T7806] __sys_sendmmsg+0x1bf/0x4d0 [ 185.502956][ T7806] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 185.507989][ T7806] ? _copy_to_user+0xc9/0x120 [ 185.512651][ T7806] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 185.518871][ T7806] ? put_timespec64+0xda/0x140 [ 185.523620][ T7806] ? nsecs_to_jiffies+0x30/0x30 [ 185.528461][ T7806] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.533897][ T7806] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.539332][ T7806] ? do_syscall_64+0x26/0x610 [ 185.543999][ T7806] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.550067][ T7806] ? do_syscall_64+0x26/0x610 [ 185.554739][ T7806] __x64_sys_sendmmsg+0x9d/0x100 [ 185.559661][ T7806] do_syscall_64+0x103/0x610 [ 185.564254][ T7806] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.570131][ T7806] RIP: 0033:0x4582b9 [ 185.574002][ T7806] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 185.593583][ T7806] RSP: 002b:00007fbd2a8fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 185.601987][ T7806] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 185.609947][ T7806] RDX: 00000000000004ff RSI: 00000000200092c0 RDI: 0000000000000003 [ 185.617895][ T7806] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 185.625843][ T7806] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbd2a8ff6d4 [ 185.634069][ T7806] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 185.642783][ T7806] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7806 [ 185.652371][ T7806] caller is ip6_finish_output+0x335/0xdc0 [ 185.658091][ T7806] CPU: 0 PID: 7806 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 185.669093][ T7806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 185.686480][ T7806] Call Trace: [ 185.689763][ T7806] dump_stack+0x172/0x1f0 [ 185.694102][ T7806] __this_cpu_preempt_check+0x246/0x270 [ 185.699627][ T7806] ip6_finish_output+0x335/0xdc0 [ 185.704549][ T7806] ip6_output+0x235/0x7f0 [ 185.708859][ T7806] ? ip6_finish_output+0xdc0/0xdc0 [ 185.713953][ T7806] ? ip6_fragment+0x3980/0x3980 [ 185.718784][ T7806] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 185.724312][ T7806] ip6_local_out+0xc4/0x1b0 [ 185.728795][ T7806] ip6_send_skb+0xbb/0x350 [ 185.733197][ T7806] ip6_push_pending_frames+0xc8/0xf0 [ 185.738460][ T7806] rawv6_sendmsg+0x299c/0x35e0 [ 185.743204][ T7806] ? rawv6_getsockopt+0x150/0x150 [ 185.748211][ T7806] ? aa_profile_af_perm+0x320/0x320 [ 185.753390][ T7806] ? find_held_lock+0x35/0x130 [ 185.758135][ T7806] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 185.764352][ T7806] ? rw_copy_check_uvector+0x2a6/0x330 [ 185.769803][ T7806] ? ___might_sleep+0x163/0x280 [ 185.774632][ T7806] ? __might_sleep+0x95/0x190 [ 185.779299][ T7806] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 185.784824][ T7806] inet_sendmsg+0x147/0x5e0 [ 185.789306][ T7806] ? rawv6_getsockopt+0x150/0x150 [ 185.794307][ T7806] ? inet_sendmsg+0x147/0x5e0 [ 185.799046][ T7806] ? ipip_gro_receive+0x100/0x100 [ 185.804062][ T7806] sock_sendmsg+0xdd/0x130 [ 185.808456][ T7806] ___sys_sendmsg+0x3e2/0x930 [ 185.813111][ T7806] ? copy_msghdr_from_user+0x430/0x430 [ 185.818550][ T7806] ? __lock_acquire+0x548/0x3fb0 [ 185.823462][ T7806] ? lock_downgrade+0x880/0x880 [ 185.828290][ T7806] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.834510][ T7806] ? kasan_check_read+0x11/0x20 [ 185.839341][ T7806] ? __might_fault+0x12b/0x1e0 [ 185.844080][ T7806] ? find_held_lock+0x35/0x130 [ 185.849170][ T7806] ? __might_fault+0x12b/0x1e0 [ 185.853931][ T7806] ? lock_downgrade+0x880/0x880 [ 185.858765][ T7806] ? ___might_sleep+0x163/0x280 [ 185.863592][ T7806] __sys_sendmmsg+0x1bf/0x4d0 [ 185.868249][ T7806] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 185.873259][ T7806] ? _copy_to_user+0xc9/0x120 [ 185.877913][ T7806] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 185.884127][ T7806] ? put_timespec64+0xda/0x140 [ 185.888868][ T7806] ? nsecs_to_jiffies+0x30/0x30 [ 185.893702][ T7806] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.899151][ T7806] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.904592][ T7806] ? do_syscall_64+0x26/0x610 [ 185.909259][ T7806] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.915390][ T7806] ? do_syscall_64+0x26/0x610 [ 185.920046][ T7806] __x64_sys_sendmmsg+0x9d/0x100 [ 185.924960][ T7806] do_syscall_64+0x103/0x610 [ 185.929526][ T7806] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.935396][ T7806] RIP: 0033:0x4582b9 [ 185.939273][ T7806] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 185.958860][ T7806] RSP: 002b:00007fbd2a8fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 185.967248][ T7806] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 185.975213][ T7806] RDX: 00000000000004ff RSI: 00000000200092c0 RDI: 0000000000000003 [ 185.983678][ T7806] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 185.991627][ T7806] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbd2a8ff6d4 [ 185.999599][ T7806] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 186.008408][ T7806] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7806 [ 186.017791][ T7806] caller is ip6_finish_output+0x335/0xdc0 [ 186.023592][ T7806] CPU: 0 PID: 7806 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 186.032612][ T7806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 186.042714][ T7806] Call Trace: [ 186.045991][ T7806] dump_stack+0x172/0x1f0 [ 186.050303][ T7806] __this_cpu_preempt_check+0x246/0x270 [ 186.055830][ T7806] ip6_finish_output+0x335/0xdc0 [ 186.060749][ T7806] ip6_output+0x235/0x7f0 [ 186.065057][ T7806] ? ip6_finish_output+0xdc0/0xdc0 [ 186.070147][ T7806] ? ip6_fragment+0x3980/0x3980 [ 186.074977][ T7806] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 186.080499][ T7806] ip6_local_out+0xc4/0x1b0 [ 186.084979][ T7806] ip6_send_skb+0xbb/0x350 [ 186.089375][ T7806] ip6_push_pending_frames+0xc8/0xf0 [ 186.094637][ T7806] rawv6_sendmsg+0x299c/0x35e0 [ 186.100437][ T7806] ? rawv6_getsockopt+0x150/0x150 [ 186.105443][ T7806] ? aa_profile_af_perm+0x320/0x320 [ 186.110625][ T7806] ? find_held_lock+0x35/0x130 [ 186.115389][ T7806] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 186.124069][ T7806] ? rw_copy_check_uvector+0x2a6/0x330 [ 186.129514][ T7806] ? ___might_sleep+0x163/0x280 [ 186.134341][ T7806] ? __might_sleep+0x95/0x190 [ 186.139003][ T7806] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 186.144549][ T7806] inet_sendmsg+0x147/0x5e0 [ 186.149051][ T7806] ? rawv6_getsockopt+0x150/0x150 [ 186.154051][ T7806] ? inet_sendmsg+0x147/0x5e0 [ 186.158700][ T7806] ? ipip_gro_receive+0x100/0x100 [ 186.163702][ T7806] sock_sendmsg+0xdd/0x130 [ 186.168098][ T7806] ___sys_sendmsg+0x3e2/0x930 [ 186.172765][ T7806] ? copy_msghdr_from_user+0x430/0x430 [ 186.178199][ T7806] ? __lock_acquire+0x548/0x3fb0 [ 186.183111][ T7806] ? lock_downgrade+0x880/0x880 [ 186.187938][ T7806] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 186.194186][ T7806] ? kasan_check_read+0x11/0x20 [ 186.199016][ T7806] ? __might_fault+0x12b/0x1e0 [ 186.203752][ T7806] ? find_held_lock+0x35/0x130 [ 186.208490][ T7806] ? __might_fault+0x12b/0x1e0 [ 186.213234][ T7806] ? lock_downgrade+0x880/0x880 [ 186.218064][ T7806] ? ___might_sleep+0x163/0x280 [ 186.222889][ T7806] __sys_sendmmsg+0x1bf/0x4d0 [ 186.227542][ T7806] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 186.232562][ T7806] ? _copy_to_user+0xc9/0x120 [ 186.237215][ T7806] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 186.243545][ T7806] ? put_timespec64+0xda/0x140 [ 186.248294][ T7806] ? nsecs_to_jiffies+0x30/0x30 [ 186.253151][ T7806] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.258684][ T7806] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.264118][ T7806] ? do_syscall_64+0x26/0x610 [ 186.268858][ T7806] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 186.274988][ T7806] ? do_syscall_64+0x26/0x610 [ 186.279649][ T7806] __x64_sys_sendmmsg+0x9d/0x100 [ 186.284563][ T7806] do_syscall_64+0x103/0x610 [ 186.289129][ T7806] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 186.294996][ T7806] RIP: 0033:0x4582b9 [ 186.298886][ T7806] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 186.318468][ T7806] RSP: 002b:00007fbd2a8fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 186.326856][ T7806] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 186.335080][ T7806] RDX: 00000000000004ff RSI: 00000000200092c0 RDI: 0000000000000003 [ 186.343031][ T7806] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 186.350980][ T7806] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbd2a8ff6d4 [ 186.359158][ T7806] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 186.370791][ T7806] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7806 [ 186.380211][ T7806] caller is ip6_finish_output+0x335/0xdc0 [ 186.385924][ T7806] CPU: 0 PID: 7806 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 186.394939][ T7806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 186.394945][ T7806] Call Trace: [ 186.394964][ T7806] dump_stack+0x172/0x1f0 [ 186.394986][ T7806] __this_cpu_preempt_check+0x246/0x270 [ 186.395004][ T7806] ip6_finish_output+0x335/0xdc0 [ 186.423342][ T7806] ip6_output+0x235/0x7f0 [ 186.427661][ T7806] ? ip6_finish_output+0xdc0/0xdc0 [ 186.432752][ T7806] ? ip6_fragment+0x3980/0x3980 [ 186.437580][ T7806] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 186.443105][ T7806] ip6_local_out+0xc4/0x1b0 [ 186.447590][ T7806] ip6_send_skb+0xbb/0x350 [ 186.451988][ T7806] ip6_push_pending_frames+0xc8/0xf0 [ 186.457251][ T7806] rawv6_sendmsg+0x299c/0x35e0 [ 186.461997][ T7806] ? rawv6_getsockopt+0x150/0x150 [ 186.467000][ T7806] ? aa_profile_af_perm+0x320/0x320 [ 186.472177][ T7806] ? find_held_lock+0x35/0x130 [ 186.476917][ T7806] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 186.483136][ T7806] ? rw_copy_check_uvector+0x2a6/0x330 [ 186.488577][ T7806] ? ___might_sleep+0x163/0x280 [ 186.493406][ T7806] ? __might_sleep+0x95/0x190 [ 186.498065][ T7806] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 186.503589][ T7806] inet_sendmsg+0x147/0x5e0 [ 186.508351][ T7806] ? rawv6_getsockopt+0x150/0x150 [ 186.513367][ T7806] ? inet_sendmsg+0x147/0x5e0 [ 186.518024][ T7806] ? ipip_gro_receive+0x100/0x100 [ 186.523027][ T7806] sock_sendmsg+0xdd/0x130 [ 186.527421][ T7806] ___sys_sendmsg+0x3e2/0x930 [ 186.532079][ T7806] ? copy_msghdr_from_user+0x430/0x430 [ 186.537538][ T7806] ? __lock_acquire+0x548/0x3fb0 [ 186.542544][ T7806] ? lock_downgrade+0x880/0x880 [ 186.548674][ T7806] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 186.554895][ T7806] ? kasan_check_read+0x11/0x20 [ 186.559744][ T7806] ? __might_fault+0x12b/0x1e0 [ 186.564490][ T7806] ? find_held_lock+0x35/0x130 [ 186.569230][ T7806] ? __might_fault+0x12b/0x1e0 [ 186.573971][ T7806] ? lock_downgrade+0x880/0x880 [ 186.578805][ T7806] ? ___might_sleep+0x163/0x280 [ 186.583649][ T7806] __sys_sendmmsg+0x1bf/0x4d0 [ 186.588305][ T7806] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 186.593312][ T7806] ? _copy_to_user+0xc9/0x120 [ 186.597967][ T7806] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 186.604181][ T7806] ? put_timespec64+0xda/0x140 [ 186.608939][ T7806] ? nsecs_to_jiffies+0x30/0x30 [ 186.613790][ T7806] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.619241][ T7806] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.624681][ T7806] ? do_syscall_64+0x26/0x610 [ 186.629333][ T7806] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 186.635377][ T7806] ? do_syscall_64+0x26/0x610 [ 186.640032][ T7806] __x64_sys_sendmmsg+0x9d/0x100 [ 186.644949][ T7806] do_syscall_64+0x103/0x610 [ 186.649702][ T7806] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 186.655574][ T7806] RIP: 0033:0x4582b9 [ 186.659448][ T7806] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 186.679040][ T7806] RSP: 002b:00007fbd2a8fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 186.687428][ T7806] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 186.695375][ T7806] RDX: 00000000000004ff RSI: 00000000200092c0 RDI: 0000000000000003 [ 186.703320][ T7806] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 186.711267][ T7806] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbd2a8ff6d4 [ 186.720225][ T7806] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 186.730109][ T7806] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7806 [ 186.739403][ T7806] caller is ip6_finish_output+0x335/0xdc0 [ 186.745214][ T7806] CPU: 0 PID: 7806 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 186.754221][ T7806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 186.764268][ T7806] Call Trace: [ 186.767539][ T7806] dump_stack+0x172/0x1f0 [ 186.771854][ T7806] __this_cpu_preempt_check+0x246/0x270 [ 186.777415][ T7806] ip6_finish_output+0x335/0xdc0 [ 186.782421][ T7806] ip6_output+0x235/0x7f0 [ 186.786735][ T7806] ? ip6_finish_output+0xdc0/0xdc0 [ 186.791824][ T7806] ? ip6_fragment+0x3980/0x3980 [ 186.796653][ T7806] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 186.802179][ T7806] ip6_local_out+0xc4/0x1b0 [ 186.806659][ T7806] ip6_send_skb+0xbb/0x350 [ 186.811054][ T7806] ip6_push_pending_frames+0xc8/0xf0 [ 186.816315][ T7806] rawv6_sendmsg+0x299c/0x35e0 [ 186.821061][ T7806] ? rawv6_getsockopt+0x150/0x150 [ 186.826063][ T7806] ? aa_profile_af_perm+0x320/0x320 [ 186.831238][ T7806] ? find_held_lock+0x35/0x130 [ 186.835977][ T7806] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 186.842193][ T7806] ? rw_copy_check_uvector+0x2a6/0x330 [ 186.847635][ T7806] ? ___might_sleep+0x163/0x280 [ 186.852463][ T7806] ? __might_sleep+0x95/0x190 [ 186.857973][ T7806] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 186.863735][ T7806] inet_sendmsg+0x147/0x5e0 [ 186.868215][ T7806] ? rawv6_getsockopt+0x150/0x150 [ 186.873233][ T7806] ? inet_sendmsg+0x147/0x5e0 [ 186.877891][ T7806] ? ipip_gro_receive+0x100/0x100 [ 186.882893][ T7806] sock_sendmsg+0xdd/0x130 [ 186.887302][ T7806] ___sys_sendmsg+0x3e2/0x930 [ 186.891973][ T7806] ? copy_msghdr_from_user+0x430/0x430 [ 186.897424][ T7806] ? __lock_acquire+0x548/0x3fb0 [ 186.902338][ T7806] ? lock_downgrade+0x880/0x880 [ 186.907167][ T7806] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 186.913388][ T7806] ? kasan_check_read+0x11/0x20 [ 186.919764][ T7806] ? __might_fault+0x12b/0x1e0 [ 186.924537][ T7806] ? find_held_lock+0x35/0x130 [ 186.929277][ T7806] ? __might_fault+0x12b/0x1e0 [ 186.934110][ T7806] ? lock_downgrade+0x880/0x880 [ 186.939332][ T7806] ? ___might_sleep+0x163/0x280 [ 186.944162][ T7806] __sys_sendmmsg+0x1bf/0x4d0 [ 186.948818][ T7806] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 186.953825][ T7806] ? _copy_to_user+0xc9/0x120 [ 186.958504][ T7806] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 186.964741][ T7806] ? put_timespec64+0xda/0x140 [ 186.969492][ T7806] ? nsecs_to_jiffies+0x30/0x30 [ 186.974326][ T7806] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.979766][ T7806] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.985209][ T7806] ? do_syscall_64+0x26/0x610 [ 186.989865][ T7806] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 186.995906][ T7806] ? do_syscall_64+0x26/0x610 [ 187.000588][ T7806] __x64_sys_sendmmsg+0x9d/0x100 [ 187.005530][ T7806] do_syscall_64+0x103/0x610 [ 187.010113][ T7806] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 187.016116][ T7806] RIP: 0033:0x4582b9 [ 187.020002][ T7806] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 187.039708][ T7806] RSP: 002b:00007fbd2a8fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 187.048097][ T7806] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 187.056059][ T7806] RDX: 00000000000004ff RSI: 00000000200092c0 RDI: 0000000000000003 [ 187.064006][ T7806] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 187.071952][ T7806] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbd2a8ff6d4 [ 187.079899][ T7806] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff 05:02:10 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') sendmsg$TIPC_CMD_SET_NETID(0xffffffffffffffff, 0x0, 0x4000) connect$inet6(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, 0x0) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(0xffffffffffffffff, 0x4010ae74, &(0x7f0000000040)={0x5f, 0x84e, 0xe1}) ioctl$SG_GET_ACCESS_COUNT(0xffffffffffffffff, 0x2289, &(0x7f00000001c0)) getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000300), &(0x7f0000000340)=0x8) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000380)=@assoc_value={0x0, 0x6}, &(0x7f00000003c0)=0x8) socket$can_raw(0x1d, 0x3, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x30, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b67, 0x0) unshare(0x40000000) 05:02:10 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000b9aff0)={0x2, 0x4e20}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x400000000008084, &(0x7f0000000040)={0x2, 0x4e20}, 0x10) sendto$inet(r0, &(0x7f00000000c0)="88fb072a", 0x4, 0x20048080, 0x0, 0x0) sendmsg$TIPC_NL_BEARER_DISABLE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000600)=ANY=[@ANYBLOB], 0x1}}, 0x0) recvfrom$inet(r0, &(0x7f0000002100)=""/90, 0x5a, 0x3, 0x0, 0x0) 05:02:10 executing program 1: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f00000005c0)={0x3, 0x192, 0xfa00, {{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast1}}}, 0xfffffce3) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) dup3(r1, r0, 0x0) 05:02:10 executing program 4: openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000440)='/dev/cachefiles\x00', 0x24100, 0x0) 05:02:10 executing program 2: syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/ptmx\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) write(r0, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000340)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 05:02:10 executing program 3: r0 = openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') sendmsg$TIPC_CMD_SET_NETID(r0, 0x0, 0x4000) connect$inet6(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGPGRP(r1, 0x8904, 0x0) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000040)={0x5f, 0x84e, 0xe1}) ioctl$SG_GET_ACCESS_COUNT(0xffffffffffffffff, 0x2289, &(0x7f00000001c0)) getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000300), &(0x7f0000000340)=0x8) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000380)=@assoc_value, 0x0) socket$can_raw(0x1d, 0x3, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x30, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) ioctl$PIO_UNIMAP(r0, 0x4b67, 0x0) unshare(0x40000000) 05:02:10 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000b9aff0)={0x2, 0x4e20}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x400000000008084, &(0x7f0000000040)={0x2, 0x4e20}, 0x10) sendto$inet(r0, &(0x7f00000000c0)="88fb072a", 0x4, 0x20048080, 0x0, 0x0) sendmsg$TIPC_NL_BEARER_DISABLE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000600)=ANY=[@ANYBLOB], 0x1}}, 0x0) recvfrom$inet(r0, &(0x7f0000002100)=""/90, 0x5a, 0x3, 0x0, 0x0) 05:02:10 executing program 4: r0 = socket$inet6(0xa, 0x4000000000000002, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0xa1}, 0x1c) sendmmsg(r0, &(0x7f00000089c0)=[{{&(0x7f0000000440)=@in={0x2, 0x4e24, @multicast2=0xe00001f4}, 0x80, 0x0}}], 0x1, 0x0) [ 188.253258][ T7820] IPVS: ftp: loaded support on port[0] = 21 [ 188.317017][ T7825] IPVS: ftp: loaded support on port[0] = 21 05:02:11 executing program 1: capset(&(0x7f0000000180)={0x19980330}, &(0x7f00000001c0)) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$DRM_IOCTL_GEM_FLINK(r0, 0xc008640a, 0x0) [ 188.571391][ T7840] IPVS: ftp: loaded support on port[0] = 21 05:02:11 executing program 4: syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/ptmx\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) write(r1, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000340)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 05:02:11 executing program 3: r0 = openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') sendmsg$TIPC_CMD_SET_NETID(r0, 0x0, 0x4000) connect$inet6(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGPGRP(r1, 0x8904, 0x0) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000040)={0x5f, 0x84e, 0xe1}) ioctl$SG_GET_ACCESS_COUNT(0xffffffffffffffff, 0x2289, &(0x7f00000001c0)) getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000300), &(0x7f0000000340)=0x8) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000380)=@assoc_value, 0x0) socket$can_raw(0x1d, 0x3, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x30, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) ioctl$PIO_UNIMAP(r0, 0x4b67, 0x0) unshare(0x40000000) 05:02:11 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000b9aff0)={0x2, 0x4e20}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x400000000008084, &(0x7f0000000040)={0x2, 0x4e20}, 0x10) sendto$inet(r0, &(0x7f00000000c0)="88fb072a", 0x4, 0x20048080, 0x0, 0x0) sendmsg$TIPC_NL_BEARER_DISABLE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000600)=ANY=[@ANYBLOB], 0x1}}, 0x0) recvfrom$inet(r0, &(0x7f0000002100)=""/90, 0x5a, 0x3, 0x0, 0x0) [ 188.641966][ T7843] capability: warning: `syz-executor.1' uses 32-bit capabilities (legacy support in use) 05:02:12 executing program 5: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)="2e0000001d008100100f80ecdb4cb9047ec8650407007400000000fb120011010e000500040019a9060015000000", 0x2e}], 0x1}, 0x0) 05:02:12 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, &(0x7f00000000c0)) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1\x00']) chdir(0x0) link(&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)='./file1\x00') 05:02:12 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000b9aff0)={0x2, 0x4e20}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x400000000008084, &(0x7f0000000040)={0x2, 0x4e20}, 0x10) sendto$inet(r0, &(0x7f00000000c0)="88fb072a", 0x4, 0x20048080, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000000)=0x4, 0x4) recvfrom$inet(r0, &(0x7f0000002100)=""/90, 0x5a, 0x3, 0x0, 0x0) 05:02:12 executing program 2: syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/ptmx\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) write(r0, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000340)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 05:02:12 executing program 4: syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/ptmx\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) write(r1, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000340)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 05:02:12 executing program 3: r0 = openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') sendmsg$TIPC_CMD_SET_NETID(r0, 0x0, 0x4000) connect$inet6(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGPGRP(r1, 0x8904, 0x0) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000040)={0x5f, 0x84e, 0xe1}) ioctl$SG_GET_ACCESS_COUNT(0xffffffffffffffff, 0x2289, &(0x7f00000001c0)) getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000300), &(0x7f0000000340)=0x8) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000380)=@assoc_value, 0x0) socket$can_raw(0x1d, 0x3, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x30, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) ioctl$PIO_UNIMAP(r0, 0x4b67, 0x0) unshare(0x40000000) 05:02:12 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070") clock_gettime(0x2, &(0x7f0000000040)) 05:02:12 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, &(0x7f00000000c0)) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1\x00']) chdir(0x0) link(&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)='./file1\x00') 05:02:13 executing program 5: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000900)={@loopback, 0x76, r0}) syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4004010) perf_event_open$cgroup(&(0x7f00000000c0)={0x0, 0x70, 0x8001, 0x100000001, 0x400, 0x7, 0x0, 0x10000, 0x0, 0x2, 0x5, 0x5, 0xc457, 0x401, 0x17b0, 0x5, 0x4, 0xec02, 0x0, 0x3, 0x0, 0x0, 0x0, 0x9, 0x0, 0x9, 0x9, 0x0, 0x1, 0x6, 0x0, 0x0, 0x8ca6, 0x0, 0x0, 0xfffffffffffffffe, 0x8, 0x80, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x2020, 0xfff, 0x400, 0x0, 0x0, 0x8, 0x7}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r1, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r1, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) ioctl$TIOCLINUX2(0xffffffffffffffff, 0x541c, &(0x7f0000000540)={0x2, 0x4, 0x0, 0x4}) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000200)) r2 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0106434, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, 0x0, &(0x7f0000000180)) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) getsockopt$EBT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x81, &(0x7f0000000280)={'nat\x00', 0x0, 0x3, 0x0, [], 0x5, &(0x7f0000001b00)=[{}, {}, {}, {}, {}], 0x0}, &(0x7f00000003c0)=0x78) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz1\x00'}, 0x45c) [ 190.289451][ T7870] overlayfs: filesystem on './file0' not supported as upperdir 05:02:13 executing program 1: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000900)={@loopback, 0x76, r0}) syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4004010) perf_event_open$cgroup(&(0x7f00000000c0)={0x0, 0x70, 0x8001, 0x100000001, 0x0, 0x7, 0x0, 0x10000, 0x0, 0x2, 0x5, 0x5, 0xc457, 0x401, 0x17b0, 0x5, 0x4, 0xec02, 0x0, 0x3, 0x0, 0x0, 0x0, 0x9, 0x0, 0x9, 0x9, 0x0, 0x1, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x8, 0x80, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x2020, 0xfff, 0x400, 0x0, 0x0, 0x8, 0x7}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r1, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r1, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) ioctl$TIOCLINUX2(0xffffffffffffffff, 0x541c, &(0x7f0000000540)={0x2, 0x4, 0x2, 0x4, 0x0, 0x6}) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000200)) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0106434, 0x0) ioctl$EVIOCGKEY(r2, 0x80404518, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, 0x0, &(0x7f0000000180)) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) getsockopt$EBT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x81, &(0x7f0000000280)={'nat\x00', 0x0, 0x3, 0x0, [], 0x6, &(0x7f0000001b00)=[{}, {}, {}, {}, {}, {}], 0x0}, &(0x7f00000003c0)=0x78) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz1\x00'}, 0x45c) 05:02:13 executing program 5: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000900)={@loopback, 0x76, r0}) syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4004010) perf_event_open$cgroup(&(0x7f00000000c0)={0x0, 0x70, 0x8001, 0x100000001, 0x400, 0x7, 0x0, 0x10000, 0x0, 0x2, 0x5, 0x5, 0xc457, 0x401, 0x17b0, 0x5, 0x4, 0xec02, 0x0, 0x3, 0x0, 0x0, 0x0, 0x9, 0x0, 0x9, 0x9, 0x0, 0x1, 0x6, 0x0, 0x0, 0x8ca6, 0x0, 0x0, 0xfffffffffffffffe, 0x8, 0x80, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x2020, 0xfff, 0x400, 0x0, 0x0, 0x8, 0x7}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r1, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r1, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) ioctl$TIOCLINUX2(0xffffffffffffffff, 0x541c, &(0x7f0000000540)={0x2, 0x4, 0x0, 0x4}) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000200)) r2 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0106434, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, 0x0, &(0x7f0000000180)) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) getsockopt$EBT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x81, &(0x7f0000000280)={'nat\x00', 0x0, 0x3, 0x0, [], 0x5, &(0x7f0000001b00)=[{}, {}, {}, {}, {}], 0x0}, &(0x7f00000003c0)=0x78) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz1\x00'}, 0x45c) 05:02:13 executing program 1: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000900)={@loopback, 0x0, r0}) sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x0) perf_event_open$cgroup(&(0x7f00000000c0)={0x0, 0x70, 0x8001, 0x100000001, 0x400, 0x7, 0x0, 0x10000, 0x0, 0x2, 0x0, 0x5, 0xc457, 0x401, 0x17b0, 0x5, 0x4, 0xec02, 0x100, 0x3, 0x0, 0x0, 0x9, 0x0, 0x0, 0x9, 0x9, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0xfffffffffffffffe, 0x8, 0x80, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x2020, 0xfff, 0x400, 0x0, 0xffffffff, 0x8, 0x7}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r1, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r1, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) ioctl$TIOCLINUX2(0xffffffffffffffff, 0x541c, &(0x7f0000000540)={0x2, 0x4, 0x0, 0x4, 0x0, 0x6}) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000200)) r2 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) getpeername$packet(0xffffffffffffff9c, 0x0, &(0x7f0000000300)) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0106434, 0x0) ioctl$EVIOCGKEY(r2, 0x80404518, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, 0x0, &(0x7f0000000180)) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) getsockopt$EBT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x81, &(0x7f0000000280)={'nat\x00', 0x0, 0x3, 0x0, [], 0x0, 0x0, 0x0}, &(0x7f00000003c0)=0x78) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz1\x00'}, 0x45c) 05:02:13 executing program 2: syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/ptmx\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) write(r0, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000340)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 05:02:13 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000b9aff0)={0x2, 0x4e20}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x400000000008084, &(0x7f0000000040)={0x2, 0x4e20}, 0x10) sendto$inet(r0, &(0x7f00000000c0)="88fb072a", 0x4, 0x20048080, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000000)=0x4, 0x4) recvfrom$inet(r0, &(0x7f0000002100)=""/90, 0x5a, 0x3, 0x0, 0x0) 05:02:13 executing program 5: capset(&(0x7f0000000180)={0x19980330}, &(0x7f00000001c0)) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20ncci\x00', 0x0, 0x0) fsetxattr$security_smack_transmute(r0, &(0x7f00000000c0)='security.SMACK64TRANSMUTE\x00', 0x0, 0x0, 0x0) 05:02:13 executing program 4: syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/ptmx\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) write(r1, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000340)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 05:02:13 executing program 5: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)) syz_genetlink_get_family_id$tipc(0x0) sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4004010) r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) ioctl$TIOCLINUX2(0xffffffffffffffff, 0x541c, &(0x7f0000000540)) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, 0x0) openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) getsockopt$EBT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x81, &(0x7f0000000280)={'nat\x00', 0x0, 0x0, 0x0, [], 0x0, 0x0, 0x0}, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz1\x00'}, 0x45c) 05:02:15 executing program 3: r0 = openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') sendmsg$TIPC_CMD_SET_NETID(r0, 0x0, 0x4000) connect$inet6(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGPGRP(r1, 0x8904, 0x0) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000040)={0x5f, 0x84e, 0xe1}) ioctl$SG_GET_ACCESS_COUNT(0xffffffffffffffff, 0x2289, &(0x7f00000001c0)) getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000300), &(0x7f0000000340)=0x8) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000380)=@assoc_value, 0x0) socket$can_raw(0x1d, 0x3, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x30, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) ioctl$PIO_UNIMAP(r0, 0x4b67, 0x0) unshare(0x40000000) 05:02:15 executing program 1: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000900)={@loopback, 0x76, r0}) sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4004010) perf_event_open$cgroup(&(0x7f00000000c0)={0x0, 0x70, 0x8001, 0x100000001, 0x400, 0x7, 0x0, 0x10000, 0x0, 0x2, 0x5, 0x5, 0xc457, 0x401, 0x17b0, 0x5, 0x4, 0xec02, 0x0, 0x3, 0x0, 0x0, 0x0, 0x9, 0x0, 0x9, 0x9, 0x0, 0x0, 0x6, 0x0, 0x0, 0x8ca6, 0x0, 0x0, 0xfffffffffffffffe, 0x8, 0x80, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x2020, 0xfff, 0x400, 0x0, 0x0, 0x8, 0x7}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) r1 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r1, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r1, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) ioctl$TIOCLINUX2(0xffffffffffffffff, 0x541c, &(0x7f0000000540)={0x2, 0x4, 0x2, 0x4, 0x0, 0x6}) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000200)) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0106434, 0x0) ioctl$EVIOCGKEY(r2, 0x80404518, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, 0x0, &(0x7f0000000180)) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) getsockopt$EBT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x81, &(0x7f0000000280)={'nat\x00', 0x0, 0x3, 0x0, [], 0x6, &(0x7f0000001b00)=[{}, {}, {}, {}, {}, {}], 0x0}, &(0x7f00000003c0)=0x78) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz1\x00'}, 0x45c) 05:02:15 executing program 5: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)) syz_genetlink_get_family_id$tipc(0x0) sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4004010) r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) ioctl$TIOCLINUX2(0xffffffffffffffff, 0x541c, &(0x7f0000000540)) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, 0x0) openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) getsockopt$EBT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x81, &(0x7f0000000280)={'nat\x00', 0x0, 0x0, 0x0, [], 0x0, 0x0, 0x0}, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz1\x00'}, 0x45c) 05:02:15 executing program 2: syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/ptmx\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) write(r1, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 05:02:15 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000b9aff0)={0x2, 0x4e20}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x400000000008084, &(0x7f0000000040)={0x2, 0x4e20}, 0x10) sendto$inet(r0, &(0x7f00000000c0)="88fb072a", 0x4, 0x20048080, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000000)=0x4, 0x4) recvfrom$inet(r0, &(0x7f0000002100)=""/90, 0x5a, 0x3, 0x0, 0x0) 05:02:15 executing program 4: syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/ptmx\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) write(r1, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000340)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 192.706256][ T7953] IPVS: ftp: loaded support on port[0] = 21