Warning: Permanently added '10.128.10.49' (ECDSA) to the list of known hosts. 2019/04/08 06:10:25 fuzzer started 2019/04/08 06:10:28 dialing manager at 10.128.0.26:34543 2019/04/08 06:10:28 syscalls: 2408 2019/04/08 06:10:28 code coverage: enabled 2019/04/08 06:10:28 comparison tracing: enabled 2019/04/08 06:10:28 extra coverage: extra coverage is not supported by the kernel 2019/04/08 06:10:28 setuid sandbox: enabled 2019/04/08 06:10:28 namespace sandbox: enabled 2019/04/08 06:10:28 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/08 06:10:28 fault injection: enabled 2019/04/08 06:10:28 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/08 06:10:28 net packet injection: enabled 2019/04/08 06:10:28 net device setup: enabled 06:12:44 executing program 0: socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x40000000000000, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) rmdir(&(0x7f00000002c0)='./file0\x00') sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) openat$rfkill(0xffffffffffffff9c, 0x0, 0x40, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x76, 0x0, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, @perf_bp={0x0}, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) sched_setattr(0x0, 0x0, 0x0) ioctl$KVM_GET_API_VERSION(0xffffffffffffffff, 0xae00, 0x0) ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, &(0x7f0000000180)={0x0, 0x0}) ioctl$PIO_UNISCRNMAP(0xffffffffffffffff, 0x4b6a, 0x0) r2 = openat$full(0xffffffffffffff9c, 0x0, 0x440002, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) capset(&(0x7f0000000040)={0x399f1736}, 0x0) ioctl$UI_SET_KEYBIT(0xffffffffffffffff, 0x40045565, 0x0) read(r1, &(0x7f0000000140)=""/5, 0x5) r3 = creat(&(0x7f0000000280)='./file0\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x8200003) bind$vsock_stream(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @host}, 0x10) sync_file_range(r0, 0x800000000000007f, 0x0, 0x1) ioctl$KVM_ASSIGN_SET_INTX_MASK(0xffffffffffffffff, 0x4040aea4, 0x0) fstat(0xffffffffffffffff, 0x0) getuid() getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000400)={{{@in=@initdev, @in6=@dev}}, {{@in6=@mcast1}, 0x0, @in=@multicast1}}, &(0x7f0000000500)=0xe8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000640)) lstat(&(0x7f0000000680)='./file0/file0\x00', &(0x7f00000006c0)) getresgid(&(0x7f0000000800), &(0x7f0000000840), &(0x7f0000000880)) fstat(0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) [ 201.118857][ T7613] IPVS: ftp: loaded support on port[0] = 21 06:12:44 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000003c0)="0adc1f123c123f3188b070") r1 = socket$nl_generic(0xa, 0x3, 0x10) setsockopt$netlink_NETLINK_RX_RING(r1, 0x29, 0x22, &(0x7f0000000340)={0x1, 0x20000020000, 0x80000001}, 0x10) [ 201.214661][ T7613] chnl_net:caif_netlink_parms(): no params data found [ 201.280358][ T7613] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.288479][ T7613] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.296825][ T7613] device bridge_slave_0 entered promiscuous mode [ 201.308315][ T7613] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.315570][ T7613] bridge0: port 2(bridge_slave_1) entered disabled state [ 201.338931][ T7613] device bridge_slave_1 entered promiscuous mode [ 201.374489][ T7613] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 201.391732][ T7616] IPVS: ftp: loaded support on port[0] = 21 [ 201.399836][ T7613] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 201.428512][ T7613] team0: Port device team_slave_0 added [ 201.436725][ T7613] team0: Port device team_slave_1 added 06:12:44 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$sock_ifreq(r0, 0x8990, &(0x7f0000000140)={'bond0\x00\x00\x00T\x00\x00\x00\x00\x01\x00', @ifru_names='bond0\x00'}) [ 201.499849][ T7613] device hsr_slave_0 entered promiscuous mode [ 201.537653][ T7613] device hsr_slave_1 entered promiscuous mode 06:12:44 executing program 3: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$setstatus(r1, 0x4, 0x800) sendto$inet6(r1, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4), 0x1c) splice(r1, 0x0, r0, 0x0, 0x1000000000000003, 0x0) [ 201.626509][ T7613] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.633832][ T7613] bridge0: port 2(bridge_slave_1) entered forwarding state [ 201.641855][ T7613] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.649160][ T7613] bridge0: port 1(bridge_slave_0) entered forwarding state [ 201.686456][ T7618] IPVS: ftp: loaded support on port[0] = 21 [ 201.851944][ T7616] chnl_net:caif_netlink_parms(): no params data found [ 201.883235][ T7613] 8021q: adding VLAN 0 to HW filter on device bond0 [ 201.924086][ T7616] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.932732][ T7616] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.942526][ T7616] device bridge_slave_0 entered promiscuous mode [ 201.954686][ T7621] IPVS: ftp: loaded support on port[0] = 21 [ 201.956410][ T7613] 8021q: adding VLAN 0 to HW filter on device team0 06:12:45 executing program 4: [ 201.971208][ T3485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 201.991353][ T3485] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.010521][ T3485] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.029149][ T3485] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 202.048286][ T7616] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.055393][ T7616] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.078129][ T7616] device bridge_slave_1 entered promiscuous mode [ 202.124611][ T3485] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 202.148492][ T3485] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.155591][ T3485] bridge0: port 1(bridge_slave_0) entered forwarding state [ 202.194742][ T7622] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 202.204567][ T7622] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.211710][ T7622] bridge0: port 2(bridge_slave_1) entered forwarding state [ 202.223233][ T7622] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 202.233350][ T7622] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 202.259343][ T7616] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 202.283221][ T7625] IPVS: ftp: loaded support on port[0] = 21 06:12:45 executing program 5: [ 202.316866][ T7616] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 202.342584][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 202.352201][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 202.362960][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 202.372101][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 202.390814][ T7613] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 202.405939][ T7613] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 202.434236][ T3485] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 202.443345][ T3485] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 202.457099][ T7628] IPVS: ftp: loaded support on port[0] = 21 [ 202.475698][ T7618] chnl_net:caif_netlink_parms(): no params data found [ 202.493195][ T7616] team0: Port device team_slave_0 added [ 202.502210][ T7616] team0: Port device team_slave_1 added [ 202.575292][ T7618] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.582772][ T7618] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.592714][ T7618] device bridge_slave_0 entered promiscuous mode [ 202.601652][ T7618] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.608842][ T7618] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.616710][ T7618] device bridge_slave_1 entered promiscuous mode [ 202.640966][ T7621] chnl_net:caif_netlink_parms(): no params data found [ 202.660572][ T7618] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 202.673174][ T7618] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 202.730344][ T7616] device hsr_slave_0 entered promiscuous mode [ 202.789853][ T7616] device hsr_slave_1 entered promiscuous mode [ 202.852768][ T7613] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 202.922211][ T7618] team0: Port device team_slave_0 added [ 202.936786][ T7618] team0: Port device team_slave_1 added [ 202.954395][ T7621] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.962765][ T7621] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.981317][ T7621] device bridge_slave_0 entered promiscuous mode [ 202.990803][ T7621] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.998582][ T7621] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.006408][ T7621] device bridge_slave_1 entered promiscuous mode [ 203.053273][ C0] hrtimer: interrupt took 49463 ns [ 203.070167][ T7618] device hsr_slave_0 entered promiscuous mode 06:12:46 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x8001000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000380)={0x26, 'hash\x00', 0x0, 0x0, 'sha224\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) write$binfmt_script(r2, &(0x7f0000000280)=ANY=[], 0xfffffffc) sendto(r4, &(0x7f0000000080)="86", 0x1, 0xc010, 0x0, 0x0) splice(r1, 0x0, r4, 0x0, 0x20000000002, 0x0) [ 203.119946][ T7618] device hsr_slave_1 entered promiscuous mode [ 203.181083][ T7625] chnl_net:caif_netlink_parms(): no params data found [ 203.191999][ T7621] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 203.231788][ T7621] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 203.266746][ T7616] 8021q: adding VLAN 0 to HW filter on device bond0 [ 203.299843][ T7621] team0: Port device team_slave_0 added [ 203.335853][ T7625] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.343525][ T7625] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.351718][ T7625] device bridge_slave_0 entered promiscuous mode [ 203.362775][ T7621] team0: Port device team_slave_1 added [ 203.379880][ T7625] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.387684][ T7625] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.395731][ T7625] device bridge_slave_1 entered promiscuous mode [ 203.416327][ T7628] chnl_net:caif_netlink_parms(): no params data found [ 203.453567][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 203.462354][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 203.506228][ T7616] 8021q: adding VLAN 0 to HW filter on device team0 [ 203.516868][ T7625] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 203.535777][ T7618] 8021q: adding VLAN 0 to HW filter on device bond0 [ 203.579942][ T7621] device hsr_slave_0 entered promiscuous mode [ 203.607775][ T7621] device hsr_slave_1 entered promiscuous mode 06:12:46 executing program 0: r0 = shmget(0xffffffffffffffff, 0x2000, 0x0, &(0x7f0000ffb000/0x2000)=nil) setuid(0xee01) shmctl$IPC_STAT(r0, 0x2, 0x0) [ 203.693012][ T7625] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 203.716240][ T7625] team0: Port device team_slave_0 added [ 203.724792][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready 06:12:47 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet_mreqn(r1, 0x0, 0x20, &(0x7f0000000080)={@multicast1, @local}, 0xc) [ 203.741295][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 203.768868][ T2990] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.775993][ T2990] bridge0: port 1(bridge_slave_0) entered forwarding state [ 203.791040][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 203.806596][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 203.815920][ T2990] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.823251][ T2990] bridge0: port 2(bridge_slave_1) entered forwarding state [ 203.842728][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 203.855292][ T7628] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.862427][ T7628] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.870975][ T7628] device bridge_slave_0 entered promiscuous mode [ 203.883864][ T7625] team0: Port device team_slave_1 added [ 203.906677][ T3485] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 203.915728][ T3485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 203.924157][ T3485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 203.933720][ T3485] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 203.943385][ T7628] bridge0: port 2(bridge_slave_1) entered blocking state 06:12:47 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64) clone(0x1a02100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_execute_func(&(0x7f00000006c0)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dcc6f") write$binfmt_elf64(0xffffffffffffffff, 0x0, 0xfffffd87) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000880)={{0x0, 0x1c9c380}, {0x0, 0x989680}}, 0x0) rt_sigtimedwait(&(0x7f0000000500), 0x0, 0x0, 0x8) tkill(r2, 0x1000000000015) setsockopt$inet6_tcp_buf(r0, 0x6, 0x21, &(0x7f0000000100)="e64dac24c81c6cd68b397d72e144b4baf351418f9dec2f830ac0a2345bb73fd4d2e5f3826c92f79bfe69e0c3", 0x2c) [ 203.950787][ T7628] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.959455][ T7628] device bridge_slave_1 entered promiscuous mode [ 203.981133][ T7628] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 204.040437][ T7625] device hsr_slave_0 entered promiscuous mode [ 204.078048][ T7625] device hsr_slave_1 entered promiscuous mode [ 204.119319][ T7618] 8021q: adding VLAN 0 to HW filter on device team0 [ 204.139142][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 204.152186][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 204.162453][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 204.174172][ T7628] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 204.206979][ T7616] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 204.218018][ T7616] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 204.231848][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 204.246712][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 204.256078][ T2990] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.263263][ T2990] bridge0: port 1(bridge_slave_0) entered forwarding state [ 204.276794][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 204.285723][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 204.300461][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 204.311994][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready 06:12:47 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, &(0x7f0000000280), 0x0, 0x20000004, 0x0, 0x0) r2 = accept4$inet(r0, &(0x7f0000000000)={0x2, 0x0, @loopback}, &(0x7f0000000100)=0x10, 0x0) write$P9_RREMOVE(r2, &(0x7f0000000040)={0x7, 0x7b, 0x2}, 0x7) [ 204.320885][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 204.329883][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 204.390447][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 204.399006][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 204.406874][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 204.416333][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 204.425238][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.432550][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 204.440733][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 204.449646][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 204.460652][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 204.472967][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 204.481584][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 204.490595][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 204.500251][ T7628] team0: Port device team_slave_0 added [ 204.506921][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 204.521155][ T7616] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 204.533784][ T7618] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 204.545556][ T7618] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 204.562269][ T7628] team0: Port device team_slave_1 added [ 204.582227][ T7630] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 204.593465][ T7630] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 204.602053][ T7630] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 204.610773][ T7630] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 204.680940][ T7628] device hsr_slave_0 entered promiscuous mode [ 204.727708][ T7628] device hsr_slave_1 entered promiscuous mode [ 204.767606][ T7630] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 204.779457][ T7618] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 204.796929][ T7621] 8021q: adding VLAN 0 to HW filter on device bond0 06:12:48 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) r1 = dup2(r0, r0) read(r0, &(0x7f0000000540)=""/11, 0x485) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000480)=0x100000001, 0x4) connect$inet6(r2, &(0x7f0000000080), 0x1c) r3 = dup2(r2, r2) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000440), 0x131f64) syz_execute_func(&(0x7f0000000040)="410f01f964ff0941c3c4a2c997583e46d8731266420fe2e346dc64c0e83e0f1110c442019dcc6f") clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendto$unix(r3, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCGKEY(r1, 0x80404518, 0x0) [ 204.836389][ T7621] 8021q: adding VLAN 0 to HW filter on device team0 [ 204.874735][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 204.891884][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 204.924999][ T7625] 8021q: adding VLAN 0 to HW filter on device bond0 [ 204.934075][ T7677] bond0: cannot enslave bond to itself. 06:12:48 executing program 2: syz_open_dev$sndtimer(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000140)='/dev/null\x00', 0x200400, 0x0) getsockopt$EBT_SO_GET_INIT_ENTRIES(0xffffffffffffffff, 0x0, 0x83, &(0x7f00000003c0)={'nat\x00', 0x0, 0x4, 0x85, [], 0x1, &(0x7f00000001c0)=[{}], &(0x7f0000000300)=""/133}, &(0x7f0000000280)=0x78) r1 = memfd_create(&(0x7f00000005c0)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\x94a\xac', 0x3) add_key$user(&(0x7f0000000180)='user\x00', &(0x7f0000000200)={'syz', 0x0}, &(0x7f0000000a80)="ddcb000c8bb9e28470b2bb48d2bfa1606553bfef4aa6d86f7ac43acd46320c163b5cc0048d0141965b145270b20ee18eefe3c6f9edba31a1a75490d3f9ec39bce81dd778fdf14af4f1c255317d4d67220fecb49faaabeabe76c189908637aaa8c7957f29206ce643c23a91d55b65605e00fb38398a02f572f79af57651c98ecd549f0dd0561638aef2ec9cc055c15a42880f17256d6bd1f69bed97834158b6d6044b86608be986ad49539c1bd7f6ccbb51ff2751de4bd8c978dadac899ce899e9ac5c8c2f96a03611eaa4b8caec2a25333051372f8c50c60863cff300c90", 0xde, 0xfffffffffffffffd) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000b80)={{{@in=@dev}}, {{@in=@local}, 0x0, @in6=@mcast2}}, &(0x7f0000000480)=0xe8) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000001100)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0xc0}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000800}, 0x20040004) write$binfmt_misc(r1, &(0x7f0000000540)=ANY=[@ANYRES32], 0xfffffda2) fcntl$addseals(r1, 0x409, 0xa) [ 204.961553][ T7630] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 204.982235][ T7630] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 205.011616][ T7630] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.022655][ T7630] bridge0: port 1(bridge_slave_0) entered forwarding state 06:12:48 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x3, 0xc) sendmsg(r1, &(0x7f000001d000)={0x0, 0x0, &(0x7f0000024000)=[{&(0x7f0000000100)="24000000100007031dff22946fa2830020200a0009000300001d85687f0000000400ff7e28000000000a43ba5d806055b6fdd80b40000000140001000029ec2400020cd37e99d69cda45a95e", 0x4c}], 0x1}, 0x0) [ 205.075666][ T7628] 8021q: adding VLAN 0 to HW filter on device bond0 [ 205.113354][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 205.127055][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 205.143171][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 205.160367][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.167683][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.175596][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 205.184619][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 205.195088][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 205.206448][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 06:12:48 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet(0x10, 0x2, 0x0) sendmsg(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000040)="24000000250007031dfffd946f610500070000000500000000000000f1ffffff0400ff7e280000001100ffffba16a0aa1c09000000000008a3cd692a000012000000000000eff24d82ff01a4", 0x4c}], 0x1}, 0x0) [ 205.221143][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 205.232260][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 205.242496][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 205.259547][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 205.272923][ T7625] 8021q: adding VLAN 0 to HW filter on device team0 [ 205.300470][ T7621] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 205.320584][ T7621] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 205.331780][ T7630] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 205.348431][ T7630] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 205.356574][ T7630] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 205.370678][ T7630] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 205.380184][ T7630] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 205.394067][ T7628] 8021q: adding VLAN 0 to HW filter on device team0 [ 205.415834][ T7630] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 205.425699][ T7630] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 205.436952][ T7630] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 205.449306][ T7630] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 205.464176][ T7630] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.473131][ T7630] bridge0: port 1(bridge_slave_0) entered forwarding state [ 205.483497][ T7630] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 205.497640][ T7630] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 205.506478][ T7630] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.521085][ T7630] bridge0: port 1(bridge_slave_0) entered forwarding state [ 205.533912][ T7696] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 205.564579][ T7621] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 205.585906][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 205.601562][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 205.614701][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 205.623626][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 205.633095][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.642499][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.651796][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 205.662426][ T7701] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 205.690178][ T7630] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 205.724506][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 205.747966][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 205.756507][ T2990] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.763653][ T2990] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.766897][ T7706] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7706 [ 205.772766][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 205.780924][ T7706] caller is ip6_finish_output+0x335/0xdc0 [ 205.780947][ T7706] CPU: 1 PID: 7706 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 205.780956][ T7706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 205.780962][ T7706] Call Trace: [ 205.780995][ T7706] dump_stack+0x172/0x1f0 [ 205.781021][ T7706] __this_cpu_preempt_check+0x246/0x270 [ 205.781039][ T7706] ip6_finish_output+0x335/0xdc0 [ 205.781058][ T7706] ip6_output+0x235/0x7f0 [ 205.781075][ T7706] ? ip6_finish_output+0xdc0/0xdc0 [ 205.781093][ T7706] ? ip6_fragment+0x3980/0x3980 [ 205.781109][ T7706] ? __ffs_func_bind_do_descs+0x898/0x8e0 [ 205.781128][ T7706] ip6_xmit+0xe41/0x20c0 [ 205.781150][ T7706] ? ip6_finish_output2+0x2550/0x2550 [ 205.781167][ T7706] ? mark_held_locks+0xf0/0xf0 [ 205.781186][ T7706] ? ip6_setup_cork+0x1870/0x1870 [ 205.781210][ T7706] ? __ffs_func_bind_do_descs+0x840/0x8e0 [ 205.781229][ T7706] inet6_csk_xmit+0x2fb/0x5d0 [ 205.781243][ T7706] ? inet6_csk_update_pmtu+0x190/0x190 [ 205.781256][ T7706] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 205.781273][ T7706] ? csum_ipv6_magic+0x20/0x80 [ 205.781293][ T7706] __tcp_transmit_skb+0x1a32/0x3750 [ 205.781317][ T7706] ? __tcp_select_window+0x8b0/0x8b0 [ 205.781337][ T7706] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 205.781352][ T7706] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 205.781367][ T7706] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 205.781384][ T7706] tcp_connect+0x1e47/0x4280 [ 205.781410][ T7706] ? tcp_push_one+0x110/0x110 [ 205.781424][ T7706] ? secure_tcpv6_ts_off+0x24f/0x360 [ 205.781445][ T7706] ? secure_dccpv6_sequence_number+0x280/0x280 [ 205.809748][ T7625] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 205.814477][ T7706] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 205.817814][ T7625] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 205.822169][ T7706] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 205.840487][ T7625] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 205.842082][ T7706] ? prandom_u32_state+0x13/0x180 [ 205.855708][ T7706] tcp_v6_connect+0x150b/0x20a0 [ 205.855729][ T7706] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 205.855745][ T7706] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 205.855772][ T7706] ? find_held_lock+0x35/0x130 [ 205.930445][ T7706] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 205.930468][ T7706] __inet_stream_connect+0x83f/0xea0 [ 205.930488][ T7706] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 205.930499][ T7706] ? __inet_stream_connect+0x83f/0xea0 [ 205.930518][ T7706] ? inet_dgram_connect+0x2e0/0x2e0 [ 205.930533][ T7706] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 205.930547][ T7706] ? rcu_read_lock_sched_held+0x110/0x130 [ 205.930561][ T7706] ? kmem_cache_alloc_trace+0x354/0x760 [ 205.930573][ T7706] ? __lock_acquire+0x548/0x3fb0 [ 205.930591][ T7706] tcp_sendmsg_locked+0x231f/0x37f0 [ 205.940018][ T7706] ? mark_held_locks+0xf0/0xf0 [ 205.940035][ T7706] ? mark_held_locks+0xa4/0xf0 [ 205.940053][ T7706] ? tcp_sendpage+0x60/0x60 [ 205.940067][ T7706] ? lock_sock_nested+0x9a/0x120 [ 205.940086][ T7706] ? trace_hardirqs_on+0x67/0x230 [ 206.095117][ T7706] ? lock_sock_nested+0x9a/0x120 [ 206.100151][ T7706] ? __local_bh_enable_ip+0x15a/0x270 [ 206.105522][ T7706] tcp_sendmsg+0x30/0x50 [ 206.109798][ T7706] inet_sendmsg+0x147/0x5e0 [ 206.114489][ T7706] ? ipip_gro_receive+0x100/0x100 [ 206.120298][ T7706] sock_sendmsg+0xdd/0x130 [ 206.124720][ T7706] __sys_sendto+0x262/0x380 [ 206.129328][ T7706] ? __ia32_sys_getpeername+0xb0/0xb0 [ 206.134700][ T7706] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 206.141632][ T7706] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 206.147183][ T7706] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 206.152633][ T7706] ? do_syscall_64+0x26/0x610 [ 206.157304][ T7706] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 206.163366][ T7706] __x64_sys_sendto+0xe1/0x1a0 [ 206.168131][ T7706] do_syscall_64+0x103/0x610 [ 206.172715][ T7706] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 206.178592][ T7706] RIP: 0033:0x4582b9 [ 206.182491][ T7706] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 206.202960][ T7706] RSP: 002b:00007f850c651c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 206.211423][ T7706] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 206.219529][ T7706] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 206.227507][ T7706] RBP: 000000000073bf00 R08: 0000000020b63fe4 R09: 000000000000001c [ 206.235465][ T7706] R10: 0000000020000001 R11: 0000000000000246 R12: 00007f850c6526d4 [ 206.243448][ T7706] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 206.263690][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 206.265088][ T7706] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7706 [ 206.278450][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 206.281258][ T7706] caller is ip6_finish_output+0x335/0xdc0 [ 206.294850][ T7706] CPU: 1 PID: 7706 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 206.296183][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 206.303961][ T7706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 206.303967][ T7706] Call Trace: [ 206.303997][ T7706] dump_stack+0x172/0x1f0 [ 206.304020][ T7706] __this_cpu_preempt_check+0x246/0x270 [ 206.304040][ T7706] ip6_finish_output+0x335/0xdc0 [ 206.304060][ T7706] ip6_output+0x235/0x7f0 [ 206.313340][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 206.322112][ T7706] ? ip6_finish_output+0xdc0/0xdc0 [ 206.322131][ T7706] ? ip6_fragment+0x3980/0x3980 [ 206.322153][ T7706] ip6_xmit+0xe41/0x20c0 [ 206.327029][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 206.329775][ T7706] ? ip6_finish_output2+0x2550/0x2550 [ 206.329795][ T7706] ? mark_held_locks+0xf0/0xf0 [ 206.329814][ T7706] ? ip6_setup_cork+0x1870/0x1870 [ 206.337026][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 206.340301][ T7706] inet6_csk_xmit+0x2fb/0x5d0 [ 206.340317][ T7706] ? inet6_csk_update_pmtu+0x190/0x190 [ 206.340337][ T7706] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 206.346161][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 206.352451][ T7706] ? csum_ipv6_magic+0x20/0x80 [ 206.352476][ T7706] __tcp_transmit_skb+0x1a32/0x3750 [ 206.352500][ T7706] ? __tcp_select_window+0x8b0/0x8b0 [ 206.359222][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 206.362438][ T7706] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 206.367742][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 206.374528][ T7706] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 206.374546][ T7706] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 206.374563][ T7706] tcp_connect+0x1e47/0x4280 [ 206.380717][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 206.384810][ T7706] ? tcp_push_one+0x110/0x110 [ 206.384832][ T7706] ? secure_tcpv6_ts_off+0x24f/0x360 [ 206.390975][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 206.397721][ T7706] ? secure_dccpv6_sequence_number+0x280/0x280 [ 206.397743][ T7706] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 206.397756][ T7706] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 206.397770][ T7706] ? prandom_u32_state+0x13/0x180 [ 206.397791][ T7706] tcp_v6_connect+0x150b/0x20a0 [ 206.404431][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 206.407916][ T7706] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 206.407947][ T7706] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 206.407961][ T7706] ? __switch_to_asm+0x34/0x70 [ 206.407978][ T7706] ? __switch_to_asm+0x40/0x70 [ 206.415056][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 206.422088][ T7706] ? find_held_lock+0x35/0x130 [ 206.422106][ T7706] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 206.422132][ T7706] __inet_stream_connect+0x83f/0xea0 [ 206.428998][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 206.432078][ T7706] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 206.438294][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 206.445400][ T7706] ? __inet_stream_connect+0x83f/0xea0 [ 206.445423][ T7706] ? inet_dgram_connect+0x2e0/0x2e0 [ 206.456359][ T7628] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 206.459527][ T7706] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 206.459544][ T7706] ? rcu_read_lock_sched_held+0x110/0x130 [ 206.459562][ T7706] ? kmem_cache_alloc_trace+0x354/0x760 [ 206.459581][ T7706] ? __lock_acquire+0x548/0x3fb0 [ 206.467443][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 206.471485][ T7706] tcp_sendmsg_locked+0x231f/0x37f0 [ 206.471505][ T7706] ? mark_held_locks+0xf0/0xf0 [ 206.477470][ T7630] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 206.484054][ T7706] ? mark_held_locks+0xa4/0xf0 [ 206.484076][ T7706] ? tcp_sendpage+0x60/0x60 [ 206.490123][ T7630] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 206.494025][ T7706] ? lock_sock_nested+0x9a/0x120 [ 206.503004][ T7630] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 206.507854][ T7706] ? trace_hardirqs_on+0x67/0x230 [ 206.507872][ T7706] ? lock_sock_nested+0x9a/0x120 [ 206.507893][ T7706] ? __local_bh_enable_ip+0x15a/0x270 [ 206.515687][ T7630] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 206.520498][ T7706] tcp_sendmsg+0x30/0x50 [ 206.520514][ T7706] inet_sendmsg+0x147/0x5e0 [ 206.520530][ T7706] ? ipip_gro_receive+0x100/0x100 [ 206.526943][ T7630] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 206.530373][ T7706] sock_sendmsg+0xdd/0x130 [ 206.530393][ T7706] __sys_sendto+0x262/0x380 [ 206.530413][ T7706] ? __ia32_sys_getpeername+0xb0/0xb0 [ 206.549311][ T7628] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 206.553597][ T7706] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 206.553625][ T7706] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 206.566077][ T7706] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 206.566090][ T7706] ? do_syscall_64+0x26/0x610 [ 206.566112][ T7706] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 206.616351][ T7706] __x64_sys_sendto+0xe1/0x1a0 [ 206.643367][ T7706] do_syscall_64+0x103/0x610 [ 206.643395][ T7706] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 206.810354][ T7706] RIP: 0033:0x4582b9 [ 206.814254][ T7706] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 206.833854][ T7706] RSP: 002b:00007f850c651c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 206.842294][ T7706] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 06:12:50 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x15d, &(0x7f0000000080)={&(0x7f0000000300)={0x28, 0x29, 0x82d, 0x0, 0x0, {0x3}, [@typed={0x14, 0x1, @ipv6=@local}]}, 0x28}}, 0x0) 06:12:50 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64) clone(0x1a02100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_execute_func(&(0x7f00000006c0)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dcc6f") write$binfmt_elf64(r0, 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000880)={{0x0, 0x1c9c380}, {0x0, 0x989680}}, 0x0) rt_sigtimedwait(&(0x7f0000000500), 0x0, 0x0, 0x8) tkill(r2, 0x1000000000015) getsockopt$inet_mreqn(r1, 0x0, 0x0, 0x0, &(0x7f00000001c0)) 06:12:50 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) r1 = dup2(r0, r0) read(r0, &(0x7f0000000540)=""/11, 0x485) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000480)=0x100000001, 0x4) connect$inet6(r2, &(0x7f0000000080), 0x1c) r3 = dup2(r2, r2) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000440), 0x131f64) syz_execute_func(&(0x7f0000000040)="410f01f964ff0941c3c4a2c997583e46d8731266420fe2e346dc64c0e83e0f1110c442019dcc6f") clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendto$unix(r3, 0x0, 0xffffffffffffffd6, 0x20003ffc, &(0x7f0000000000)=@abs={0x1}, 0x6e) ioctl$TUNSETGROUP(r1, 0x400454ce, 0x0) 06:12:50 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) r1 = dup2(r0, r0) read(r0, &(0x7f0000000540)=""/11, 0x485) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000480)=0x100000001, 0x4) connect$inet6(r2, &(0x7f0000000080), 0x1c) r3 = dup2(r2, r2) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000440), 0x131f64) syz_execute_func(&(0x7f0000000040)="410f01f964ff0941c3c4a2c997583e46d8731266420fe2e346dc64c0e83e0f1110c442019dcc6f") clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendto$unix(r3, 0x0, 0xffffffffffffffd6, 0x20003ffc, &(0x7f0000000000)=@abs, 0x6e) ioctl$EVIOCGKEY(r1, 0x80404518, 0x0) 06:12:50 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000100)={'team_slave_1\x00', &(0x7f0000000700)=ANY=[@ANYBLOB='>']}) close(r1) close(r0) 06:12:50 executing program 5: r0 = socket$inet(0x2, 0x80001, 0x84) sendmsg(r0, &(0x7f0000000780)={&(0x7f0000000200)=@un=@file={0x0, './file0\x00'}, 0x80, 0x0}, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000006000)=@in={0x2, 0x0, @loopback}, 0x80, 0x0}, 0x0) [ 206.850396][ T7706] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 206.858385][ T7706] RBP: 000000000073bf00 R08: 0000000020b63fe4 R09: 000000000000001c [ 206.866357][ T7706] R10: 0000000020000001 R11: 0000000000000246 R12: 00007f850c6526d4 [ 206.874318][ T7706] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff 06:12:50 executing program 5: r0 = creat(&(0x7f0000000240)='./bus\x00', 0x400000000000) execveat(r0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000300)=[&(0x7f0000000140)='trusted.overlay.redirect\x00', &(0x7f0000000180)='trusted.overlay.redirect\x00', 0x0, &(0x7f0000000200)='trusted.overlay.redirect\x00'], &(0x7f0000000380)=[&(0x7f0000000340)='\x00'], 0x0) seccomp(0x1, 0x0, &(0x7f0000000100)={0x0, 0x0}) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x800000000040, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0xdb, &(0x7f00000000c0)=0x9) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x2, 0x2000000000000000) bind(r1, &(0x7f0000000100)=@in={0x2, 0x4e20}, 0x80) sendto$inet(r1, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r1, &(0x7f00000004c0)=[{{&(0x7f0000000400)=@ethernet={0x0, @dev}, 0x0, &(0x7f0000000480)}}], 0x6fdaec, 0x22, 0x0) [ 206.981788][ T7725] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 207.015943][ T7725] netlink: 'syz-executor.3': attribute type 1 has an invalid length. 06:12:50 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x15d, &(0x7f0000000080)={&(0x7f0000000300)={0x28, 0x29, 0x82d, 0x0, 0x0, {0x3}, [@typed={0x14, 0x1, @ipv6=@local}]}, 0x28}}, 0x0) [ 207.090709][ T7735] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 06:12:50 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000100)={'team_slave_1\x00', &(0x7f0000000700)=ANY=[@ANYBLOB='>']}) close(r1) close(r0) [ 207.202687][ T7743] netlink: 'syz-executor.3': attribute type 1 has an invalid length. 06:12:50 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000080)={[], 0x0, 0x241}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000340)={0x1, 0x0, @pic={0x0, 0x302b, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}}) 06:12:50 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x15d, &(0x7f0000000080)={&(0x7f0000000300)={0x28, 0x29, 0x82d, 0x0, 0x0, {0x3}, [@typed={0x14, 0x1, @ipv6=@local}]}, 0x28}}, 0x0) 06:12:50 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000100)={'team_slave_1\x00', &(0x7f0000000700)=ANY=[@ANYBLOB='>']}) close(r1) close(r0) 06:12:50 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_GET(r1, 0x0, 0x0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)={0x28, r2, 0x1, 0x0, 0x0, {0x4}, [@TIPC_NLA_BEARER={0x14, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz0\x00'}]}]}, 0x28}}, 0x40) [ 207.390916][ T7751] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 207.424792][ T7754] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 06:12:50 executing program 2: setrlimit(0x8, &(0x7f0000000040)={0xa, 0x91}) r0 = syz_open_pts(0xffffffffffffffff, 0x0) close(r0) r1 = syz_open_pts(0xffffffffffffffff, 0x0) dup2(r0, r1) write(r0, 0x0, 0x0) 06:12:50 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x15d, &(0x7f0000000080)={&(0x7f0000000300)={0x28, 0x29, 0x82d, 0x0, 0x0, {0x3}, [@typed={0x14, 0x1, @ipv6=@local}]}, 0x28}}, 0x0) 06:12:50 executing program 1: 06:12:50 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000100)={'team_slave_1\x00', &(0x7f0000000700)=ANY=[@ANYBLOB='>']}) close(r1) close(r0) 06:12:50 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000080)={[], 0x0, 0x241}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000340)={0x1, 0x0, @pic={0x0, 0x302b, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x5}}) 06:12:50 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000080)={[], 0x0, 0x241}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000340)={0x1, 0x0, @pic={0x0, 0x302b, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x5}}) [ 207.651148][ T7776] netlink: 'syz-executor.3': attribute type 1 has an invalid length. 06:12:51 executing program 1: r0 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000280)={0x0, 0x7}, 0x8) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, 0x0, 0x0) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)='*', 0x1}], 0x1}, 0x0) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000400), 0x4) 06:12:51 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x15d, &(0x7f0000000080)={&(0x7f0000000300)={0x28, 0x29, 0x82d, 0x0, 0x0, {0x3}, [@typed={0x14, 0x1, @ipv6=@local}]}, 0x28}}, 0x0) 06:12:51 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4309(aegis128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="ee2c3b", 0x3) 06:12:51 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000100)={'team_slave_1\x00', &(0x7f0000000700)=ANY=[@ANYBLOB='>']}) close(r1) 06:12:51 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x15d, &(0x7f0000000080)={&(0x7f0000000300)={0x28, 0x29, 0x82d, 0x0, 0x0, {0x3}, [@typed={0x14, 0x1, @ipv6=@local}]}, 0x28}}, 0x0) 06:12:51 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'streebog256-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000007b40)=[{{0x0, 0x0, 0x0}}], 0x4000000000000b3, 0x0) socket$netlink(0x10, 0x3, 0x0) 06:12:51 executing program 1: 06:12:51 executing program 0: 06:12:51 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x15d, &(0x7f0000000080)={&(0x7f0000000300)={0x28, 0x29, 0x82d, 0x0, 0x0, {0x3}, [@typed={0x14, 0x1, @ipv6=@local}]}, 0x28}}, 0x0) 06:12:51 executing program 5: 06:12:51 executing program 1: 06:12:51 executing program 0: 06:12:51 executing program 5: 06:12:51 executing program 3: socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x15d, &(0x7f0000000080)={&(0x7f0000000300)={0x28, 0x29, 0x82d, 0x0, 0x0, {0x3}, [@typed={0x14, 0x1, @ipv6=@local}]}, 0x28}}, 0x0) 06:12:51 executing program 0: 06:12:52 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000100)={'team_slave_1\x00', &(0x7f0000000700)=ANY=[@ANYBLOB='>']}) close(r1) 06:12:52 executing program 2: 06:12:52 executing program 1: 06:12:52 executing program 3: socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x15d, &(0x7f0000000080)={&(0x7f0000000300)={0x28, 0x29, 0x82d, 0x0, 0x0, {0x3}, [@typed={0x14, 0x1, @ipv6=@local}]}, 0x28}}, 0x0) 06:12:52 executing program 5: 06:12:52 executing program 0: 06:12:52 executing program 1: 06:12:52 executing program 3: socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x15d, &(0x7f0000000080)={&(0x7f0000000300)={0x28, 0x29, 0x82d, 0x0, 0x0, {0x3}, [@typed={0x14, 0x1, @ipv6=@local}]}, 0x28}}, 0x0) 06:12:52 executing program 5: 06:12:52 executing program 2: 06:12:52 executing program 0: 06:12:52 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, 0x0, 0x0) 06:12:52 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000100)={'team_slave_1\x00', &(0x7f0000000700)=ANY=[@ANYBLOB='>']}) close(r1) 06:12:52 executing program 1: 06:12:52 executing program 0: 06:12:52 executing program 5: 06:12:52 executing program 2: 06:12:52 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, 0x0, 0x0) 06:12:52 executing program 5: 06:12:52 executing program 0: 06:12:53 executing program 2: 06:12:53 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, 0x0, 0x0) 06:12:53 executing program 1: 06:12:53 executing program 0: 06:12:53 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000100)={'team_slave_1\x00', &(0x7f0000000700)=ANY=[@ANYBLOB='>']}) close(r0) 06:12:53 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") r1 = socket$inet(0x2, 0x3, 0x19) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e24, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x8}, 0x1c) sendmmsg(r2, &(0x7f0000000240), 0x5c3, 0x0) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x23, &(0x7f0000000000)={{{@in=@multicast2, @in=@multicast1}}, {{@in6}, 0x0, @in6=@loopback}}, 0xe8) 06:12:53 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) 06:12:53 executing program 2: socketpair$unix(0x1, 0x400000001, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d6000/0x1000)=nil) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='environ\x00') preadv(r1, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0x0) 06:12:53 executing program 1: 06:12:53 executing program 0: 06:12:53 executing program 1: 06:12:53 executing program 0: 06:12:53 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) 06:12:53 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000100)={'team_slave_1\x00', &(0x7f0000000700)=ANY=[@ANYBLOB='>']}) close(r0) 06:12:53 executing program 0: socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, 0x0) r0 = gettid() lgetxattr(0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) write$P9_RSTAT(0xffffffffffffffff, 0x0, 0x338) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) fstat(0xffffffffffffffff, 0x0) getuid() getresuid(0x0, 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) mount$9p_rdma(&(0x7f0000000040)='127.0.0.1\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x20000c, 0x0) tkill(r0, 0x1000000000016) 06:12:53 executing program 1: pipe2(&(0x7f0000000080)={0xffffffffffffffff}, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0xffffffffffffffcc) close(r0) fcntl$addseals(0xffffffffffffffff, 0x409, 0x0) socketpair$unix(0x1, 0x4000000000000005, 0x0, &(0x7f0000000140)) modify_ldt$write(0x1, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000040)=[@sack_perm], 0x1) 06:12:54 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) 06:12:54 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @random="32cae4783d32"}, 0x14) syz_emit_ethernet(0x1, &(0x7f00000015c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0000f2cd000086dd6050a09c00081100fe800000000000000000bbfe8000000000000000000000109f79fd647f00004e20000890780000000000"], 0x0) 06:12:54 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000100)={'team_slave_1\x00', &(0x7f0000000700)=ANY=[@ANYBLOB='>']}) close(r0) 06:12:54 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(camellia-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="d3abc7990d535c9e70bc111c8eff7f0000", 0x11) 06:12:54 executing program 2: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x20032600) socket$inet_icmp_raw(0x2, 0x3, 0x1) 06:12:54 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x5, 0x0) write$uinput_user_dev(r0, &(0x7f0000000400)={'syz1\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) 06:12:54 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 06:12:54 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) [ 211.132193][ T7955] input: syz1 as /devices/virtual/input/input5 06:12:54 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000100)={'team_slave_1\x00', &(0x7f0000000700)=ANY=[@ANYBLOB='>']}) close(r1) close(r0) 06:12:54 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) [ 211.218355][ T7955] input: syz1 as /devices/virtual/input/input6 06:12:54 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCSCTTY(0xffffffffffffffff, 0x540e, 0x2) chroot(&(0x7f0000000140)='./file0\x00') r0 = syz_open_procfs(0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x2, 0xb, 0x7fffffff, 0x3, 0x3, 0x0, 0x70bd2b, 0x25dfdbfd, [@sadb_x_nat_t_port={0x1, 0x0, 0x4e23}]}, 0x18}}, 0x40000) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000600)) r2 = syz_open_pts(r1, 0x0) write$binfmt_aout(r1, &(0x7f0000000240)=ANY=[], 0x35b) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000040)={0x17}) 06:12:54 executing program 0: openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0) memfd_create(&(0x7f0000000440)='\\trusted\x00', 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001540)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') write$P9_RLINK(r0, &(0x7f00000000c0)={0x7, 0x47, 0x2}, 0x7) preadv(r0, &(0x7f00000017c0), 0x1d0, 0x0) 06:12:54 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000300)='sched\x00') write$FUSE_INIT(r1, &(0x7f0000000340)={0x50}, 0x50) 06:12:54 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x15d, &(0x7f0000000080)={&(0x7f0000000300)={0x28, 0x0, 0x82d, 0x0, 0x0, {0x3}, [@typed={0x14, 0x1, @ipv6=@local}]}, 0x28}}, 0x0) 06:12:54 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000100)={'team_slave_1\x00', &(0x7f0000000700)=ANY=[@ANYBLOB='>']}) close(r1) close(r0) 06:12:54 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) preadv(r1, &(0x7f0000000900)=[{&(0x7f00000006c0)=""/25, 0x19}, {&(0x7f0000000700)=""/229, 0xe5}], 0x2, 0x0) 06:12:54 executing program 2: r0 = socket(0x1, 0x1, 0x0) setsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r1 = gettid() setsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, 0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0xb7b2b1f1af53168e) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) tkill(r1, 0x1000000000016) 06:12:54 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, 0x0) r2 = dup2(r0, r1) setsockopt$inet6_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x29, 0x2d, 0x0, 0x0) gettid() lgetxattr(0x0, 0x0, 0x0, 0x0) timer_create(0x0, 0x0, 0x0) write$P9_RSTAT(0xffffffffffffffff, 0x0, 0x338) ioctl$sock_TIOCINQ(r2, 0x541b, &(0x7f00000000c0)) fstat(0xffffffffffffffff, 0x0) getsockopt$EBT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x0) tkill(0x0, 0x0) 06:12:54 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x15d, &(0x7f0000000080)={&(0x7f0000000300)={0x28, 0x0, 0x82d, 0x0, 0x0, {0x3}, [@typed={0x14, 0x1, @ipv6=@local}]}, 0x28}}, 0x0) 06:12:54 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000100)={'team_slave_1\x00', &(0x7f0000000700)=ANY=[@ANYBLOB='>']}) close(r1) close(r0) 06:12:54 executing program 5: mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x1, 0x0) ioctl$KVM_DEASSIGN_DEV_IRQ(r0, 0x4040ae75, 0x0) r2 = dup(r1) syz_open_dev$radio(&(0x7f0000000480)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000000)={0x0, 0x2000000013}) ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000000400)) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCPKT(r3, 0x5420, 0x0) openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x0, 0x0) 06:12:54 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x15d, &(0x7f0000000080)={&(0x7f0000000300)={0x28, 0x0, 0x82d, 0x0, 0x0, {0x3}, [@typed={0x14, 0x1, @ipv6=@local}]}, 0x28}}, 0x0) 06:12:55 executing program 1: pipe(&(0x7f0000000540)) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x1, 0x0) ioctl$KVM_DEASSIGN_DEV_IRQ(r0, 0x4040ae75, 0x0) r2 = dup(r1) syz_open_dev$radio(&(0x7f0000000480)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000200)={0x0, 0x200, 0x8000, 0x8}, 0x0) setsockopt$inet_sctp_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000000)={0x0, 0x2000000013}) perf_event_open(&(0x7f0000000180)={0x2, 0xffffff8f, 0x3e8, 0x0, 0x0, 0x88d4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x290040, 0x0) 06:12:55 executing program 0: pipe(0x0) r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x1, 0x0) r1 = dup(r0) ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000400)) 06:12:55 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCSCTTY(0xffffffffffffffff, 0x540e, 0x2) chroot(&(0x7f0000000140)='./file0\x00') r0 = syz_open_procfs(0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) sendmsg$key(r0, 0x0, 0x40000) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000600)) r2 = syz_open_pts(r1, 0x0) write$binfmt_aout(r1, &(0x7f0000000240)=ANY=[], 0x35b) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000040)={0x17}) 06:12:55 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x15d, &(0x7f0000000080)={&(0x7f0000000300)={0x28, 0x29, 0x0, 0x0, 0x0, {0x3}, [@typed={0x14, 0x1, @ipv6=@local}]}, 0x28}}, 0x0) 06:12:55 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000013e95), 0x4) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000100)={'team_slave_1\x00', &(0x7f0000000700)=ANY=[@ANYBLOB='>']}) close(r1) close(r0) 06:12:55 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x80000000001) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000200)='/dev/null\x00', 0x0, 0x0) ioctl$TIOCSCTTY(0xffffffffffffffff, 0x540e, 0x2) fcntl$getown(0xffffffffffffffff, 0x9) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x8000000000006, 0x0) accept$unix(r0, 0x0, &(0x7f0000000180)) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000600)) r2 = syz_open_pts(r1, 0x0) write$binfmt_aout(r1, &(0x7f0000000240)=ANY=[], 0x35b) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000040)={0x17}) 06:12:55 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x15d, &(0x7f0000000080)={&(0x7f0000000300)={0x28, 0x29, 0x0, 0x0, 0x0, {0x3}, [@typed={0x14, 0x1, @ipv6=@local}]}, 0x28}}, 0x0) 06:12:55 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000013e95), 0x4) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000100)={'team_slave_1\x00', &(0x7f0000000700)=ANY=[@ANYBLOB='>']}) close(r1) close(r0) 06:12:55 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x15d, &(0x7f0000000080)={&(0x7f0000000300)={0x28, 0x29, 0x0, 0x0, 0x0, {0x3}, [@typed={0x14, 0x1, @ipv6=@local}]}, 0x28}}, 0x0) 06:12:55 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCSCTTY(0xffffffffffffffff, 0x540e, 0x2) chroot(&(0x7f0000000140)='./file0\x00') r0 = syz_open_procfs(0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) sendmsg$key(r0, 0x0, 0x40000) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000600)) r2 = syz_open_pts(r1, 0x0) write$binfmt_aout(r1, &(0x7f0000000240)=ANY=[], 0x35b) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000040)={0x17}) 06:12:55 executing program 5: mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x1, 0x0) ioctl$KVM_DEASSIGN_DEV_IRQ(r0, 0x4040ae75, 0x0) r2 = dup(r1) syz_open_dev$radio(&(0x7f0000000480)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000000)={0x0, 0x2000000013}) ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000000400)) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCPKT(r3, 0x5420, 0x0) openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x0, 0x0) 06:12:55 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600)) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000080)={0x9}) 06:12:55 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r1 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)=ANY=[@ANYBLOB="140000002700010b000000000000000002b7d759"], 0x1}}, 0x0) 06:12:55 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000013e95), 0x4) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000100)={'team_slave_1\x00', &(0x7f0000000700)=ANY=[@ANYBLOB='>']}) close(r1) close(r0) 06:12:55 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000000100)=0x1, 0xfb) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) bind$packet(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) bind$inet(r0, &(0x7f0000738ff0)={0x2, 0x4e21, @multicast1}, 0x10) setsockopt$sock_void(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21}, 0x10) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0) socket$tipc(0x1e, 0x0, 0x0) getsockopt$bt_BT_SNDMTU(0xffffffffffffffff, 0x112, 0xc, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, 0x0, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000040)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000700)={0x0, 0x40000007fff, 0x80000001}, 0x14) shutdown(r0, 0x1) 06:12:55 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x15d, &(0x7f0000000080)={&(0x7f0000000300)={0x28, 0x29, 0x82d, 0x0, 0x0, {}, [@typed={0x14, 0x1, @ipv6=@local}]}, 0x28}}, 0x0) 06:12:55 executing program 0: r0 = socket$inet6_dccp(0xa, 0x6, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'ip6_vti0\x00', 0x2000}) r2 = socket$inet6(0xa, 0x1000000007ffe, 0x20) ioctl(r0, 0x8910, &(0x7f0000000080)="15") mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup.net/syz1\'', 0x1ff) r3 = accept$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @multicast2}, &(0x7f0000000980)=0xffffffffffffff35) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r2, 0x84, 0xf, &(0x7f0000000a40)={0x0, @in6={{0xa, 0x4e20, 0x3, @remote, 0x40}}, 0x0, 0x8, 0x169, 0x3}, &(0x7f0000000b00)=0x98) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r3, 0x84, 0x6c, &(0x7f0000001d00)=ANY=[@ANYBLOB="a200000041554d665548ea93db898eb0d860217b94481c525651d3047e2b06a0647333ea593242a818900bba5ebb0baca9b42181431a6d79562f50bef99bfc552155ddf2c495033c6df8877e43be1e63428101dc7bca9e8c8b7c064acde716ef1ea49a46b7a0d6934222e6033a1a21d6e1d4d5b548b556600ee502ae7965831a771f008dd11ca1ed1013de64e696fe19c3644407002ae09ebefd5ff9ed58918fba454f7dc4c24c07dd0965000796144478bca5086a8b3eb08821b197a9ba5b5d3764643e967c130300a7dcb50368ae856817298f73f4d48d4dd32f37eb25c8d3735462411049356b02845fdec3dcad82f8c9499e9550923d321ab4a9da79b89d7c50e7f4cbbdf9f11fa66b7baf21ad6300a5354c9b12482f4e208b7a01efb755d6bc118f77d34e437164ee0299f48252bbaeb5395cbf3165e3eebf57681cd139caf7f2f0a5933260e47ced233f1271ae4ac44db45252b27d7f71cc2050e3eb69ca8dc03385782a7fc904c16296ed73a431a10daeb97c61a752bdbb2af1cfa880817f9ce4abef1804eefb8f005a4b950db46815c985a21a2adee14496c6d7973b2dc0ff67f4de91d46676a4fe43abaad06d537b7dac74fe160c7e2fdd839fcbeaeeb412d859ece0eb9ef8937abcdf9f1e28df82ef1b0001160454fc6587ad59a5be3ee0c41be025f03c99373676350edcb910a95a57d07854aaf214a571ae29329800244e5d3a544e9636907f8ed97b8d9999cd0ea2c4a5570159771d83c4529a8b02d573e419c9d17a69e8b199d24d3224141f27b048672b6e6f7efa544a42453e67cd30178b687199d465282de7f46e5ef25dbd236d4196501cdb3df169dd43f32ccfdec0fed348cce72bd69ebca4e9bed7486dbdaa9147cc65f330b248080450efca600533e621ff9e97c9d3b315ab2eb92ecd99eb782d378760f8d021956e2019a3c112974e8b5cc92cdc9a066d7eb422a0047c7ad825a2b2055b10b2797744f583e8d3e7dd72f0ff2b62128c7b52b6656d8d8cfaf774ad2b88b9e70ab218ff131dfc0bf718e4c41ce1a2d9e02794929c5fa00000000000000000000000000000000000f8"], 0x0) setsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, &(0x7f0000001c40), 0x4) syz_genetlink_get_family_id$fou(&(0x7f00000009c0)='fou\x00') pipe(&(0x7f0000000a00)={0xffffffffffffffff, 0xffffffffffffffff}) clock_gettime(0x4, &(0x7f00000004c0)) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000100)=@pppoe={0x18, 0x0, {0x0, @local}}, 0x80, &(0x7f0000002c40)=[{&(0x7f0000000680)=""/200, 0xc8}, {&(0x7f0000000580)=""/183, 0xb7}, {&(0x7f0000000800)=""/190, 0xbe}, {&(0x7f0000000b80)=""/143, 0x8f}, {&(0x7f0000000c40)=""/4096, 0x1000}], 0x5}, 0x0) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r5, 0x28, 0x6, &(0x7f0000000380), 0x10) ioctl$FS_IOC_RESVSP(r4, 0x40305828, &(0x7f00000002c0)={0x0, 0x7, 0x8, 0x40003}) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memor\x85\x0f#\a\x00\x00\x00s\x00', 0x26e1, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000780)={0x0, 'dummy0\x00'}, 0x18) setsockopt$IP_VS_SO_SET_ADDDEST(r5, 0x0, 0x487, &(0x7f00000008c0)={{0x67, @dev={0xac, 0x14, 0x14, 0x1e}, 0x4e21, 0x0, 'wrr\x00', 0x6, 0x4, 0x2}, {@loopback, 0x4e22, 0x2000, 0x7, 0xde, 0x80000001}}, 0x44) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net/syz1\x00', 0x200002, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000280)={0x0, &(0x7f0000000200)}, 0x10) ioctl$FS_IOC_FSGETXATTR(r6, 0x801c581f, &(0x7f0000000480)={0x2000008, 0x2, 0x6, 0x803, 0x7}) ioctl$sock_inet_tcp_SIOCOUTQ(r6, 0x5411, &(0x7f0000000940)) read(r4, &(0x7f0000000640), 0x0) accept(r3, &(0x7f0000001c80)=@sco, &(0x7f0000000b40)=0x80) close(r4) getpeername(r0, &(0x7f00000001c0)=@pptp, &(0x7f0000000400)=0x80) ioctl$FS_IOC_RESVSP(r6, 0x40305828, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x40000002, 0xc00000000000000}) 06:12:55 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x15d, &(0x7f0000000080)={&(0x7f0000000300)={0x28, 0x29, 0x82d, 0x0, 0x0, {}, [@typed={0x14, 0x1, @ipv6=@local}]}, 0x28}}, 0x0) 06:12:55 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") syz_init_net_socket$ax25(0x3, 0x3, 0x0) 06:12:55 executing program 5: mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x1, 0x0) ioctl$KVM_DEASSIGN_DEV_IRQ(r0, 0x4040ae75, 0x0) r2 = dup(r1) syz_open_dev$radio(&(0x7f0000000480)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000000)={0x0, 0x2000000013}) ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000000400)) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCPKT(r3, 0x5420, 0x0) openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x0, 0x0) 06:12:55 executing program 1: pipe(&(0x7f0000000540)) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x1, 0x0) ioctl$KVM_DEASSIGN_DEV_IRQ(r0, 0x4040ae75, 0x0) r2 = dup(r1) syz_open_dev$radio(&(0x7f0000000480)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000200)={0x0, 0x200, 0x8000, 0x8}, 0x0) setsockopt$inet_sctp_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000000)={0x0, 0x2000000013}) ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000000400)) perf_event_open(&(0x7f0000000180)={0x2, 0xffffff8f, 0x3e8, 0x0, 0x0, 0x88d4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCPKT(r3, 0x5420, &(0x7f0000000040)) openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x290040, 0x0) 06:12:55 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x15d, &(0x7f0000000080)={&(0x7f0000000300)={0x28, 0x29, 0x82d, 0x0, 0x0, {}, [@typed={0x14, 0x1, @ipv6=@local}]}, 0x28}}, 0x0) 06:12:56 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x14, 0x29, 0x82d, 0x0, 0x0, {0x3}}, 0x14}}, 0x0) 06:12:56 executing program 5: mkdir(&(0x7f0000000480)='./file0\x00', 0x0) mount(&(0x7f0000000000)=@loop={'/dev/loop'}, 0x0, &(0x7f0000000080)='msdos\x00', 0x800000, &(0x7f00000000c0)='nfs\x00') 06:12:56 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x14, 0x29, 0x82d, 0x0, 0x0, {0x3}}, 0x14}}, 0x0) 06:12:56 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000100)={'team_slave_1\x00', &(0x7f0000000700)=ANY=[@ANYBLOB='>']}) close(r1) close(r0) 06:12:56 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000001240)="2e0000002800813ee45ae087185082cf0124b0eba06ec40000230000000008000f0000000000000051894dd65b2f", 0x2e}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000001240)="2e0000002800813ee45ae087185082cf0400b0eba06ec4000023000500000800000000000000000051894dd65b2f", 0x2e}], 0x1}, 0x0) 06:12:56 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x14, 0x29, 0x82d, 0x0, 0x0, {0x3}}, 0x14}}, 0x0) 06:12:56 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x2000001000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r1, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r1, 0x7) r2 = socket$inet6_sctp(0xa, 0x800000000000001, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r2, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) r3 = socket$netlink(0x10, 0x3, 0x200000000000004) writev(r3, &(0x7f0000000000)=[{&(0x7f0000001600)="480000001400190d09004beafd0d8c560a8447000bffe0064e230f00000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x48}], 0x1) 06:12:56 executing program 1: r0 = socket(0xa, 0x40000000002, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'nat\x00', 0x19, 0x1, 0x208, [0x200001c0, 0x0, 0x0, 0x200001f0, 0x200003d0], 0x0, 0x0, &(0x7f00000001c0)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x3, 0x0, 0x0, 'bridge0\x00', 'nlmon0\x00', 'lapb0\x00', 'vcan0\x00', @broadcast, [], @empty, [], 0xc0, 0x140, 0x178, [@ipvs={'ipvs\x00', 0x28, {{@ipv6=@dev={0xfe, 0x80, [], 0x1e}, [0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff], 0x4e23, 0x3a, 0x4, 0x4e22, 0x4, 0x1}}}]}, [@arpreply={'arpreply\x00', 0x10, {{@local, 0xfffffffffffffffc}}}, @common=@RATEEST={'RATEEST\x00', 0x20, {{'syz0\x00', 0xfb1, 0x7f, 0x81}}}]}, @arpreply={'arpreply\x00', 0x10, {{@empty, 0xffffffffffffffff}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x280) 06:12:56 executing program 2: r0 = socket$pppoe(0x18, 0x1, 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") connect$pppoe(r1, &(0x7f00000000c0)={0x18, 0x0, {0x100003, @local, 'ip6_vti0\x00'}}, 0x1e) connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0xfffffffffffffffc, @local, 'ip_vti0\x00'}}, 0x1e) ioctl$PPPOEIOCSFWD(r0, 0x4008b100, &(0x7f0000000040)={0x18, 0x0, {0x400000000000003, @local, 'ip6_vti0\x00'}}) 06:12:56 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x15d, &(0x7f0000000080)={&(0x7f0000000300)={0x28, 0x29, 0x82d, 0x0, 0x0, {0x3}, [@typed={0x14, 0x0, @ipv6=@local}]}, 0x28}}, 0x0) [ 213.095469][ T8154] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. [ 213.145230][ T8154] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. 06:12:56 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000003c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x7, 0x0, "daf2c82ef0a4a7fc37bd440c2ea6593f9e24d66405bb48bcfa18288ee8607032d55e3c40da1ab81fef5b37f7d17e608c345d496f6975ffe9d2166bb2e38910798fc7454ae92070dbaa7e5e92da221017"}, 0x3c) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000ad7000)={0x1, &(0x7f0000acbff8)=[{0x6, 0x0, 0x0, 0x6}]}, 0x10) clock_gettime(0x0, 0x0) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x40004e22}, 0x1c) r1 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_udp_encap(r1, 0x11, 0x64, &(0x7f0000000100)=0x1, 0x4) ioctl(0xffffffffffffffff, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0xfdaa) r2 = accept(0xffffffffffffffff, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ZERO(0xffffffffffffffff, 0x0, 0x48f, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000003040)={0x13, 0x4, &(0x7f00000005c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x4a}]}, &(0x7f0000000600)='GPL\x00', 0x4, 0xd7, &(0x7f0000000640)=""/215}, 0x48) sendto$inet6(r0, 0x0, 0x0, 0x200408d4, &(0x7f0000000380)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ADD(r2, &(0x7f0000000200)={&(0x7f0000000080), 0xc, 0x0}, 0x0) bind$rds(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) socket$inet6_sctp(0xa, 0x0, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, 0x0, 0x0) ioctl(r3, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") setsockopt$inet6_MRT6_DEL_MFC(0xffffffffffffffff, 0x29, 0xcd, 0x0, 0x0) socket$rds(0x15, 0x5, 0x0) ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0) write$binfmt_script(r0, &(0x7f00000005c0)=ANY=[@ANYBLOB="020010bf4df85210f5c1ba55bec016cc6b9753a8d94878ede34ae4585cbe94a300040000000000000a1230e71d6de7a15653a2aa044d486a675da8a2f9b947968661e0b549a6228b9049868c201775fc0c137cd0ab89bfd0fd7fca6d7ecda777ef83efd4a8a4c93bb68221c57755a616e2f9e0f5cbd64e81021beda550179640d9d6bb9cd9017c62b93354ed73557f0583068696aed1fcaf7eb872079120dd32c286f6046ca818740968bb6dd92c59453cf1d2ab295fa24a5864d3aa0e877be2805ab63663b713298a20ae55e9715a78b9e0a592ad00d8e84405d19a29ba6355d84c9e7d2cd69f9a38e1b7097698d1ecb76409000000ff062d86859a8f619158099dfb75c7bdad3a2e13e8388d421eae777b2114b212a26c78003431df22aed4e09aace8bf5f88fdd06b2f8d4a94bc21840fd75bad806b2c6e655b44a2bbaf9dcf07d7b55824bda34d67ab4ba461ce24e4cb3a41fe4da536691b4d7100000000000000"], 0x163) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000300)={0x1, 0x8001}, 0x8) close(r0) 06:12:56 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000738ff0)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21}, 0x10) [ 213.232206][ T8170] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. [ 213.264734][ T8173] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/8173 [ 213.274225][ T8173] caller is ip6_finish_output+0x335/0xdc0 [ 213.280050][ T8173] CPU: 0 PID: 8173 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 213.289077][ T8173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 213.299144][ T8173] Call Trace: [ 213.302477][ T8173] dump_stack+0x172/0x1f0 [ 213.306844][ T8173] __this_cpu_preempt_check+0x246/0x270 [ 213.312410][ T8173] ip6_finish_output+0x335/0xdc0 [ 213.317370][ T8173] ip6_output+0x235/0x7f0 [ 213.321709][ T8173] ? ip6_finish_output+0xdc0/0xdc0 [ 213.326845][ T8173] ? ip6_fragment+0x3980/0x3980 [ 213.331709][ T8173] ? kasan_check_read+0x11/0x20 [ 213.336567][ T8173] ip6_xmit+0xe41/0x20c0 [ 213.340828][ T8173] ? ip6_finish_output2+0x2550/0x2550 [ 213.346209][ T8173] ? mark_held_locks+0xf0/0xf0 [ 213.350987][ T8173] ? ip6_setup_cork+0x1870/0x1870 [ 213.356033][ T8173] sctp_v6_xmit+0x313/0x660 [ 213.360554][ T8173] sctp_packet_transmit+0x1bc4/0x36f0 [ 213.365942][ T8173] ? sctp_packet_config+0xfe0/0xfe0 [ 213.371235][ T8173] ? sctp_packet_append_chunk+0x946/0xda0 [ 213.376961][ T8173] ? sctp_outq_select_transport+0x21a/0x790 [ 213.382863][ T8173] sctp_outq_flush_ctrl.constprop.0+0x6d4/0xd50 [ 213.389200][ T8173] ? sctp_prsctp_prune_sent.isra.0+0x820/0x820 [ 213.395369][ T8173] ? lock_downgrade+0x880/0x880 [ 213.400225][ T8173] ? add_timer+0x400/0x930 [ 213.404644][ T8173] ? find_held_lock+0x35/0x130 [ 213.409411][ T8173] ? add_timer+0x41e/0x930 [ 213.413840][ T8173] sctp_outq_flush+0xe8/0x2780 [ 213.418604][ T8173] ? mark_held_locks+0xa4/0xf0 [ 213.423377][ T8173] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 213.429183][ T8173] ? add_timer+0x41e/0x930 [ 213.433619][ T8173] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 213.439448][ T8173] ? lockdep_hardirqs_on+0x418/0x5d0 [ 213.444750][ T8173] ? trace_hardirqs_on+0x67/0x230 [ 213.449790][ T8173] ? __sctp_outq_teardown+0xc60/0xc60 [ 213.455174][ T8173] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 213.461414][ T8173] ? sctp_outq_tail+0x68c/0x930 [ 213.466258][ T8173] sctp_outq_uncork+0x6c/0x80 [ 213.470931][ T8173] sctp_do_sm+0x2575/0x5770 [ 213.475426][ T8173] ? sctp_hash_transport+0xdb1/0x18d0 [ 213.480794][ T8173] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 213.487461][ T8173] ? __local_bh_enable_ip+0x15a/0x270 [ 213.492952][ T8173] ? lock_downgrade+0x880/0x880 [ 213.497796][ T8173] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 213.504031][ T8173] ? kasan_check_read+0x11/0x20 [ 213.508972][ T8173] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 213.515202][ T8173] ? sctp_hash_transport+0x10b/0x18d0 [ 213.520576][ T8173] ? memcpy+0x46/0x50 [ 213.524569][ T8173] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 213.530803][ T8173] ? sctp_assoc_set_primary+0x274/0x310 [ 213.536416][ T8173] sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 213.541791][ T8173] __sctp_connect+0x8cd/0xce0 [ 213.546481][ T8173] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 213.552021][ T8173] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 213.558246][ T8173] ? _copy_from_user+0xdd/0x150 [ 213.563082][ T8173] ? security_sctp_bind_connect+0x99/0xd0 [ 213.568786][ T8173] __sctp_setsockopt_connectx+0x133/0x1a0 [ 213.574489][ T8173] sctp_setsockopt+0x15db/0x6fe0 [ 213.579413][ T8173] ? sctp_setsockopt_paddr_thresholds+0x540/0x540 [ 213.585902][ T8173] ? kasan_check_read+0x11/0x20 [ 213.591368][ T8173] ? ___might_sleep+0x163/0x280 [ 213.596206][ T8173] ? __might_sleep+0x95/0x190 [ 213.600868][ T8173] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 213.606483][ T8173] ? aa_sk_perm+0x288/0x880 [ 213.610974][ T8173] ? aa_sock_opt_perm.isra.0+0xa1/0x130 [ 213.616506][ T8173] sock_common_setsockopt+0x9a/0xe0 [ 213.621692][ T8173] __sys_setsockopt+0x180/0x280 [ 213.626544][ T8173] ? kernel_accept+0x310/0x310 [ 213.631304][ T8173] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 213.636752][ T8173] ? do_syscall_64+0x26/0x610 [ 213.641415][ T8173] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 213.647479][ T8173] ? do_syscall_64+0x26/0x610 [ 213.652148][ T8173] __x64_sys_setsockopt+0xbe/0x150 [ 213.657246][ T8173] do_syscall_64+0x103/0x610 [ 213.661824][ T8173] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 213.667701][ T8173] RIP: 0033:0x4582b9 [ 213.671580][ T8173] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 213.691782][ T8173] RSP: 002b:00007efe8e581c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 213.700180][ T8173] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004582b9 [ 213.708136][ T8173] RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000005 [ 213.716091][ T8173] RBP: 000000000073bfa0 R08: 000000000000001c R09: 0000000000000000 [ 213.724136][ T8173] R10: 000000002055bfe4 R11: 0000000000000246 R12: 00007efe8e5826d4 06:12:56 executing program 2: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af14, &(0x7f0000000040)) 06:12:57 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000100)={'team_slave_1\x00', &(0x7f0000000700)=ANY=[@ANYBLOB='>']}) close(r1) close(r0) 06:12:57 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x15d, &(0x7f0000000080)={&(0x7f0000000300)={0x28, 0x29, 0x82d, 0x0, 0x0, {0x3}, [@typed={0x14, 0x0, @ipv6=@local}]}, 0x28}}, 0x0) [ 213.732097][ T8173] R13: 00000000004cd198 R14: 00000000004dafa0 R15: 00000000ffffffff 06:12:57 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000001240)="2e0000002800813ee45ae087185082cf0124b0eba06ec40000230000000008000f0000000000000051894dd65b2f", 0x2e}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000001240)="2e0000002800813ee45ae087185082cf0400b0eba06ec4000023000500000800000000000000000051894dd65b2f", 0x2e}], 0x1}, 0x0) [ 213.871446][ T8196] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. [ 213.882526][ T8194] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/8194 [ 213.892133][ T8194] caller is ip6_finish_output+0x335/0xdc0 [ 213.897929][ T8194] CPU: 1 PID: 8194 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 213.903530][ T8200] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. 06:12:57 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x15d, &(0x7f0000000080)={&(0x7f0000000300)={0x28, 0x29, 0x82d, 0x0, 0x0, {0x3}, [@typed={0x14, 0x0, @ipv6=@local}]}, 0x28}}, 0x0) 06:12:57 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000100)={'team_slave_1\x00', &(0x7f0000000700)=ANY=[@ANYBLOB='>']}) close(r1) close(r0) [ 213.906952][ T8194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 213.906960][ T8194] Call Trace: [ 213.906991][ T8194] dump_stack+0x172/0x1f0 [ 213.907016][ T8194] __this_cpu_preempt_check+0x246/0x270 [ 213.939574][ T8194] ip6_finish_output+0x335/0xdc0 [ 213.944537][ T8194] ip6_output+0x235/0x7f0 [ 213.948877][ T8194] ? ip6_finish_output+0xdc0/0xdc0 [ 213.948895][ T8194] ? ip6_fragment+0x3980/0x3980 [ 213.948915][ T8194] ip6_xmit+0xe41/0x20c0 [ 213.948938][ T8194] ? ip6_finish_output2+0x2550/0x2550 [ 213.968478][ T8194] ? mark_held_locks+0xf0/0xf0 [ 213.973279][ T8194] ? ip6_setup_cork+0x1870/0x1870 [ 213.978354][ T8194] inet6_csk_xmit+0x2fb/0x5d0 [ 213.983047][ T8194] ? inet6_csk_update_pmtu+0x190/0x190 [ 213.983070][ T8194] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 213.983094][ T8194] ? csum_ipv6_magic+0x20/0x80 [ 213.999542][ T8194] __tcp_transmit_skb+0x1a32/0x3750 [ 214.004767][ T8194] ? __tcp_select_window+0x8b0/0x8b0 [ 214.010087][ T8194] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 214.016327][ T8194] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 214.022334][ T8194] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 214.022357][ T8194] tcp_connect+0x1e47/0x4280 [ 214.022385][ T8194] ? tcp_push_one+0x110/0x110 [ 214.037879][ T8194] ? secure_tcpv6_ts_off+0x24f/0x360 [ 214.043185][ T8194] ? secure_dccpv6_sequence_number+0x280/0x280 [ 214.049433][ T8194] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 214.049449][ T8194] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 214.049464][ T8194] ? prandom_u32_state+0x13/0x180 [ 214.049484][ T8194] tcp_v6_connect+0x150b/0x20a0 [ 214.049501][ T8194] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 214.049519][ T8194] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 214.049535][ T8194] ? find_held_lock+0x35/0x130 [ 214.049556][ T8194] ? find_held_lock+0x35/0x130 [ 214.049574][ T8194] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 214.049608][ T8194] __inet_stream_connect+0x83f/0xea0 [ 214.049625][ T8194] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 214.067111][ T8194] ? __inet_stream_connect+0x83f/0xea0 [ 214.067137][ T8194] ? inet_dgram_connect+0x2e0/0x2e0 [ 214.067154][ T8194] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 214.067174][ T8194] ? rcu_read_lock_sched_held+0x110/0x130 [ 214.077389][ T8194] ? kmem_cache_alloc_trace+0x354/0x760 [ 214.077406][ T8194] ? __lock_acquire+0x548/0x3fb0 [ 214.077419][ T8194] ? do_raw_spin_lock+0x12a/0x2e0 [ 214.077435][ T8194] ? rwlock_bug.part.0+0x90/0x90 [ 214.077457][ T8194] tcp_sendmsg_locked+0x231f/0x37f0 [ 214.077471][ T8194] ? mark_held_locks+0xf0/0xf0 [ 214.077488][ T8194] ? mark_held_locks+0xa4/0xf0 [ 214.077506][ T8194] ? tcp_sendpage+0x60/0x60 [ 214.077521][ T8194] ? lock_sock_nested+0x9a/0x120 [ 214.077541][ T8194] ? trace_hardirqs_on+0x67/0x230 [ 214.130047][ T8173] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/8173 [ 214.130175][ T8194] ? lock_sock_nested+0x9a/0x120 [ 214.135775][ T8173] caller is ip6_finish_output+0x335/0xdc0 [ 214.140620][ T8194] ? __local_bh_enable_ip+0x15a/0x270 [ 214.140641][ T8194] tcp_sendmsg+0x30/0x50 [ 214.140656][ T8194] inet_sendmsg+0x147/0x5e0 [ 214.140667][ T8194] ? ipip_gro_receive+0x100/0x100 [ 214.140683][ T8194] sock_sendmsg+0xdd/0x130 [ 214.140700][ T8194] __sys_sendto+0x262/0x380 [ 214.140718][ T8194] ? __ia32_sys_getpeername+0xb0/0xb0 [ 214.140744][ T8194] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 214.140768][ T8194] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 214.140780][ T8194] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 214.140793][ T8194] ? do_syscall_64+0x26/0x610 [ 214.140809][ T8194] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 214.140828][ T8194] __x64_sys_sendto+0xe1/0x1a0 [ 214.140842][ T8194] do_syscall_64+0x103/0x610 [ 214.140857][ T8194] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 214.140869][ T8194] RIP: 0033:0x4582b9 [ 214.140885][ T8194] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 214.140892][ T8194] RSP: 002b:00007f5b6db59c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 214.140904][ T8194] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 214.140912][ T8194] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 214.140919][ T8194] RBP: 000000000073c040 R08: 0000000020000380 R09: 000000000000001c [ 214.140927][ T8194] R10: 00000000200408d4 R11: 0000000000000246 R12: 00007f5b6db5a6d4 [ 214.140934][ T8194] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 214.150718][ T8194] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/8194 [ 214.151024][ T8173] CPU: 0 PID: 8173 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 214.156204][ T8194] caller is ip6_finish_output+0x335/0xdc0 [ 214.160884][ T8173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 214.160889][ T8173] Call Trace: [ 214.160910][ T8173] dump_stack+0x172/0x1f0 [ 214.160934][ T8173] __this_cpu_preempt_check+0x246/0x270 [ 214.160952][ T8173] ip6_finish_output+0x335/0xdc0 [ 214.400329][ T8173] ip6_output+0x235/0x7f0 [ 214.404684][ T8173] ? ip6_finish_output+0xdc0/0xdc0 [ 214.409794][ T8173] ? ip6_fragment+0x3980/0x3980 [ 214.414646][ T8173] ? kasan_check_read+0x11/0x20 [ 214.419500][ T8173] ip6_xmit+0xe41/0x20c0 [ 214.423780][ T8173] ? ip6_finish_output2+0x2550/0x2550 [ 214.429263][ T8173] ? mark_held_locks+0xf0/0xf0 [ 214.434026][ T8173] ? ip6_setup_cork+0x1870/0x1870 [ 214.439063][ T8173] sctp_v6_xmit+0x313/0x660 [ 214.443567][ T8173] sctp_packet_transmit+0x1bc4/0x36f0 [ 214.448951][ T8173] ? sctp_packet_config+0xfe0/0xfe0 [ 214.454162][ T8173] ? kmem_cache_alloc_node_trace+0x352/0x720 [ 214.460135][ T8173] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 214.466373][ T8173] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 214.472112][ T8173] sctp_outq_flush+0x2b8/0x2780 [ 214.476966][ T8173] ? sctp_chunkify+0x4b/0x290 [ 214.481644][ T8173] ? __sctp_outq_teardown+0xc60/0xc60 [ 214.487019][ T8173] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 214.493281][ T8173] ? sctp_outq_tail+0x68c/0x930 [ 214.498128][ T8173] sctp_outq_uncork+0x6c/0x80 [ 214.502804][ T8173] sctp_do_sm+0x2575/0x5770 [ 214.507311][ T8173] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 214.513988][ T8173] ? add_lock_to_list.isra.0+0x1cd/0x3a0 [ 214.519612][ T8173] ? save_trace+0xe0/0x290 [ 214.524381][ T8173] ? sctp_assoc_bh_rcv+0x2fc/0x660 [ 214.529581][ T8173] ? find_held_lock+0x35/0x130 [ 214.534428][ T8173] ? sctp_assoc_bh_rcv+0x2fc/0x660 [ 214.539554][ T8173] ? trace_hardirqs_on+0x67/0x230 [ 214.544591][ T8173] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 214.550313][ T8173] ? ktime_get+0x208/0x300 [ 214.554725][ T8173] sctp_assoc_bh_rcv+0x343/0x660 [ 214.559662][ T8173] sctp_inq_push+0x1ea/0x290 [ 214.564252][ T8173] sctp_backlog_rcv+0x196/0xbe0 [ 214.569100][ T8173] ? __local_bh_enable_ip+0x15a/0x270 [ 214.574467][ T8173] ? _raw_spin_unlock_bh+0x31/0x40 [ 214.579579][ T8173] ? __local_bh_enable_ip+0x15a/0x270 [ 214.584954][ T8173] ? sctp_hash_obj+0x600/0x600 [ 214.589723][ T8173] ? __release_sock+0xca/0x3a0 [ 214.594487][ T8173] ? __local_bh_enable_ip+0x15a/0x270 [ 214.599859][ T8173] __release_sock+0x12e/0x3a0 [ 214.604630][ T8173] release_sock+0x59/0x1c0 [ 214.609057][ T8173] sctp_wait_for_connect+0x316/0x540 [ 214.614351][ T8173] ? sctp_get_port+0x180/0x180 [ 214.619110][ T8173] ? memcpy+0x46/0x50 [ 214.623085][ T8173] ? finish_wait+0x260/0x260 [ 214.627675][ T8173] ? sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 214.633221][ T8173] __sctp_connect+0xac2/0xce0 [ 214.637904][ T8173] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 214.643467][ T8173] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 214.649700][ T8173] ? _copy_from_user+0xdd/0x150 [ 214.654554][ T8173] ? security_sctp_bind_connect+0x99/0xd0 [ 214.660274][ T8173] __sctp_setsockopt_connectx+0x133/0x1a0 [ 214.665991][ T8173] sctp_setsockopt+0x15db/0x6fe0 [ 214.671213][ T8173] ? sctp_setsockopt_paddr_thresholds+0x540/0x540 [ 214.677624][ T8173] ? kasan_check_read+0x11/0x20 [ 214.682486][ T8173] ? ___might_sleep+0x163/0x280 [ 214.687339][ T8173] ? __might_sleep+0x95/0x190 [ 214.692012][ T8173] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 214.697982][ T8173] ? aa_sk_perm+0x288/0x880 [ 214.702488][ T8173] ? aa_sock_opt_perm.isra.0+0xa1/0x130 [ 214.708040][ T8173] sock_common_setsockopt+0x9a/0xe0 [ 214.713237][ T8173] __sys_setsockopt+0x180/0x280 [ 214.718082][ T8173] ? kernel_accept+0x310/0x310 [ 214.722844][ T8173] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 214.728295][ T8173] ? do_syscall_64+0x26/0x610 [ 214.732968][ T8173] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 214.739032][ T8173] ? do_syscall_64+0x26/0x610 [ 214.743794][ T8173] __x64_sys_setsockopt+0xbe/0x150 [ 214.748901][ T8173] do_syscall_64+0x103/0x610 [ 214.753517][ T8173] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 214.759405][ T8173] RIP: 0033:0x4582b9 [ 214.763311][ T8173] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 214.782908][ T8173] RSP: 002b:00007efe8e581c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 214.791334][ T8173] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004582b9 [ 214.799297][ T8173] RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000005 [ 214.807263][ T8173] RBP: 000000000073bfa0 R08: 000000000000001c R09: 0000000000000000 [ 214.815401][ T8173] R10: 000000002055bfe4 R11: 0000000000000246 R12: 00007efe8e5826d4 [ 214.823363][ T8173] R13: 00000000004cd198 R14: 00000000004dafa0 R15: 00000000ffffffff [ 214.831357][ T8194] CPU: 1 PID: 8194 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 214.840392][ T8194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 214.850439][ T8194] Call Trace: [ 214.853734][ T8194] dump_stack+0x172/0x1f0 [ 214.858063][ T8194] __this_cpu_preempt_check+0x246/0x270 [ 214.863599][ T8194] ip6_finish_output+0x335/0xdc0 [ 214.868526][ T8194] ip6_output+0x235/0x7f0 [ 214.872844][ T8194] ? ip6_finish_output+0xdc0/0xdc0 [ 214.877943][ T8194] ? ip6_fragment+0x3980/0x3980 [ 214.882784][ T8194] ip6_xmit+0xe41/0x20c0 [ 214.887021][ T8194] ? ip6_finish_output2+0x2550/0x2550 [ 214.892378][ T8194] ? mark_held_locks+0xf0/0xf0 [ 214.897151][ T8194] ? ip6_setup_cork+0x1870/0x1870 [ 214.902188][ T8194] inet6_csk_xmit+0x2fb/0x5d0 [ 214.906850][ T8194] ? inet6_csk_update_pmtu+0x190/0x190 [ 214.912295][ T8194] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 214.918701][ T8194] ? csum_ipv6_magic+0x20/0x80 [ 214.923455][ T8194] __tcp_transmit_skb+0x1a32/0x3750 [ 214.928639][ T8194] ? memcpy+0x46/0x50 [ 214.932612][ T8194] ? __tcp_select_window+0x8b0/0x8b0 [ 214.937887][ T8194] ? tcp_rbtree_insert+0x188/0x200 [ 214.942986][ T8194] tcp_send_synack+0x4b0/0x15b0 [ 214.947828][ T8194] ? tcp_send_active_reset+0x8e0/0x8e0 [ 214.953277][ T8194] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 214.959497][ T8194] ? tcp_sync_mss+0x2ee/0xa30 [ 214.964160][ T8194] tcp_rcv_state_process+0x225d/0x4d93 [ 214.969615][ T8194] ? tcp_finish_connect+0x510/0x510 [ 214.974797][ T8194] ? __lock_acquire+0x548/0x3fb0 [ 214.979733][ T8194] ? trace_hardirqs_on+0x67/0x230 [ 214.984749][ T8194] ? __release_sock+0xca/0x3a0 [ 214.989499][ T8194] ? find_held_lock+0x35/0x130 [ 214.994254][ T8194] ? mark_held_locks+0xa4/0xf0 [ 214.999013][ T8194] ? __local_bh_enable_ip+0x15a/0x270 [ 215.004368][ T8194] ? _raw_spin_unlock_bh+0x31/0x40 [ 215.009462][ T8194] ? __local_bh_enable_ip+0x15a/0x270 [ 215.014829][ T8194] tcp_v6_do_rcv+0x7da/0x12c0 [ 215.022013][ T8194] ? tcp_v6_do_rcv+0x7da/0x12c0 [ 215.026859][ T8194] __release_sock+0x12e/0x3a0 [ 215.031540][ T8194] release_sock+0x59/0x1c0 [ 215.035944][ T8194] tcp_sendmsg+0x3b/0x50 [ 215.040181][ T8194] inet_sendmsg+0x147/0x5e0 [ 215.044665][ T8194] ? ipip_gro_receive+0x100/0x100 [ 215.049691][ T8194] sock_sendmsg+0xdd/0x130 [ 215.054098][ T8194] __sys_sendto+0x262/0x380 [ 215.058601][ T8194] ? __ia32_sys_getpeername+0xb0/0xb0 [ 215.063973][ T8194] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 215.070206][ T8194] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 215.075651][ T8194] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 215.081105][ T8194] ? do_syscall_64+0x26/0x610 [ 215.085769][ T8194] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 215.091822][ T8194] __x64_sys_sendto+0xe1/0x1a0 [ 215.096574][ T8194] do_syscall_64+0x103/0x610 [ 215.101179][ T8194] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 215.107145][ T8194] RIP: 0033:0x4582b9 [ 215.111032][ T8194] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 215.130641][ T8194] RSP: 002b:00007f5b6db59c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 215.139053][ T8194] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 215.147017][ T8194] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 215.154990][ T8194] RBP: 000000000073c040 R08: 0000000020000380 R09: 000000000000001c [ 215.163033][ T8194] R10: 00000000200408d4 R11: 0000000000000246 R12: 00007f5b6db5a6d4 [ 215.170990][ T8194] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 215.226080][ T8194] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/8194 [ 215.235746][ T8194] caller is ip6_finish_output+0x335/0xdc0 [ 215.241535][ T8194] CPU: 1 PID: 8194 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 215.250823][ T8194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 215.260911][ T8194] Call Trace: [ 215.260937][ T8194] dump_stack+0x172/0x1f0 [ 215.260968][ T8194] __this_cpu_preempt_check+0x246/0x270 [ 215.268557][ T8194] ip6_finish_output+0x335/0xdc0 [ 215.268575][ T8194] ip6_output+0x235/0x7f0 [ 215.268591][ T8194] ? ip6_finish_output+0xdc0/0xdc0 [ 215.268608][ T8194] ? ip6_fragment+0x3980/0x3980 [ 215.268627][ T8194] ip6_xmit+0xe41/0x20c0 [ 215.268650][ T8194] ? ip6_finish_output2+0x2550/0x2550 [ 215.302986][ T8194] ? mark_held_locks+0xf0/0xf0 [ 215.307874][ T8194] ? ip6_setup_cork+0x1870/0x1870 [ 215.312937][ T8194] inet6_csk_xmit+0x2fb/0x5d0 [ 215.317651][ T8194] ? inet6_csk_update_pmtu+0x190/0x190 [ 215.323123][ T8194] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 215.329405][ T8194] ? csum_ipv6_magic+0x20/0x80 [ 215.334212][ T8194] __tcp_transmit_skb+0x1a32/0x3750 [ 215.339452][ T8194] ? __tcp_select_window+0x8b0/0x8b0 [ 215.344760][ T8194] ? tcp_mstamp_refresh+0x16/0xa0 [ 215.349892][ T8194] __tcp_send_ack.part.0+0x3c6/0x5b0 [ 215.355185][ T8194] tcp_send_ack+0x88/0xa0 [ 215.359508][ T8194] tcp_send_challenge_ack.isra.0+0x250/0x300 [ 215.365482][ T8194] tcp_validate_incoming+0x55e/0x1660 [ 215.370849][ T8194] tcp_rcv_state_process+0xb6b/0x4d93 [ 215.376214][ T8194] ? tcp_finish_connect+0x510/0x510 [ 215.381402][ T8194] ? __release_sock+0xca/0x3a0 [ 215.386170][ T8194] ? find_held_lock+0x35/0x130 [ 215.390932][ T8194] ? mark_held_locks+0xa4/0xf0 [ 215.395703][ T8194] ? __local_bh_enable_ip+0x15a/0x270 [ 215.401059][ T8194] ? _raw_spin_unlock_bh+0x31/0x40 [ 215.406158][ T8194] ? __local_bh_enable_ip+0x15a/0x270 [ 215.411531][ T8194] tcp_v6_do_rcv+0x7da/0x12c0 [ 215.416207][ T8194] ? tcp_v6_do_rcv+0x7da/0x12c0 [ 215.421067][ T8194] __release_sock+0x12e/0x3a0 [ 215.425734][ T8194] release_sock+0x59/0x1c0 [ 215.430167][ T8194] tcp_sendmsg+0x3b/0x50 [ 215.434397][ T8194] inet_sendmsg+0x147/0x5e0 [ 215.438902][ T8194] ? ipip_gro_receive+0x100/0x100 [ 215.443917][ T8194] sock_sendmsg+0xdd/0x130 [ 215.448365][ T8194] __sys_sendto+0x262/0x380 [ 215.452870][ T8194] ? __ia32_sys_getpeername+0xb0/0xb0 [ 215.458264][ T8194] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 215.464513][ T8194] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 215.470238][ T8194] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 215.475679][ T8194] ? do_syscall_64+0x26/0x610 [ 215.480348][ T8194] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 215.486420][ T8194] __x64_sys_sendto+0xe1/0x1a0 [ 215.491182][ T8194] do_syscall_64+0x103/0x610 [ 215.495762][ T8194] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 215.501638][ T8194] RIP: 0033:0x4582b9 [ 215.505534][ T8194] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 215.525131][ T8194] RSP: 002b:00007f5b6db59c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 215.533527][ T8194] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 215.541482][ T8194] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 215.549454][ T8194] RBP: 000000000073c040 R08: 0000000020000380 R09: 000000000000001c [ 215.557412][ T8194] R10: 00000000200408d4 R11: 0000000000000246 R12: 00007f5b6db5a6d4 [ 215.565368][ T8194] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 215.578836][ T8167] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/8167 [ 215.588577][ T8167] caller is ip6_finish_output+0x335/0xdc0 [ 215.593156][ T8184] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/8184 [ 215.594341][ T8167] CPU: 0 PID: 8167 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 215.603691][ T8184] caller is ip6_finish_output+0x335/0xdc0 [ 215.612588][ T8167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 215.612595][ T8167] Call Trace: [ 215.612625][ T8167] dump_stack+0x172/0x1f0 [ 215.612648][ T8167] __this_cpu_preempt_check+0x246/0x270 [ 215.612666][ T8167] ip6_finish_output+0x335/0xdc0 [ 215.612687][ T8167] ip6_output+0x235/0x7f0 [ 215.650819][ T8167] ? ip6_finish_output+0xdc0/0xdc0 [ 215.655929][ T8167] ? ip6_fragment+0x3980/0x3980 [ 215.660776][ T8167] ? kasan_check_read+0x11/0x20 [ 215.665627][ T8167] ip6_xmit+0xe41/0x20c0 [ 215.669875][ T8167] ? ip6_finish_output2+0x2550/0x2550 [ 215.675242][ T8167] ? mark_held_locks+0xf0/0xf0 [ 215.680027][ T8167] ? ip6_setup_cork+0x1870/0x1870 [ 215.685061][ T8167] sctp_v6_xmit+0x313/0x660 [ 215.689569][ T8167] sctp_packet_transmit+0x1bc4/0x36f0 [ 215.694953][ T8167] ? sctp_packet_config+0xfe0/0xfe0 [ 215.700238][ T8167] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 215.706055][ T8167] ? del_timer+0xcd/0x120 [ 215.710394][ T8167] sctp_outq_flush+0x2b8/0x2780 [ 215.715240][ T8167] ? mark_held_locks+0xa4/0xf0 [ 215.719996][ T8167] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 215.725802][ T8167] ? del_timer+0xcd/0x120 [ 215.730138][ T8167] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 215.735944][ T8167] ? __sctp_outq_teardown+0xc60/0xc60 [ 215.741313][ T8167] ? del_timer+0xd2/0x120 [ 215.745636][ T8167] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 215.751878][ T8167] ? sctp_outq_tail+0x68c/0x930 [ 215.756725][ T8167] sctp_outq_uncork+0x6c/0x80 [ 215.761402][ T8167] sctp_do_sm+0x2575/0x5770 [ 215.765900][ T8167] ? is_dynamic_key+0x1c0/0x1c0 [ 215.770751][ T8167] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940