[ 36.858265][ T25] audit: type=1800 audit(1554702081.703:26): pid=7597 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 36.887684][ T25] audit: type=1800 audit(1554702081.703:27): pid=7597 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 36.920680][ T25] audit: type=1800 audit(1554702081.713:28): pid=7597 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 37.747911][ T25] audit: type=1800 audit(1554702082.633:29): pid=7597 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.20' (ECDSA) to the list of known hosts. 2019/04/08 05:41:33 fuzzer started 2019/04/08 05:41:36 dialing manager at 10.128.0.26:34543 2019/04/08 05:41:36 syscalls: 2408 2019/04/08 05:41:36 code coverage: enabled 2019/04/08 05:41:36 comparison tracing: enabled 2019/04/08 05:41:36 extra coverage: extra coverage is not supported by the kernel 2019/04/08 05:41:36 setuid sandbox: enabled 2019/04/08 05:41:36 namespace sandbox: enabled 2019/04/08 05:41:36 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/08 05:41:36 fault injection: enabled 2019/04/08 05:41:36 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/08 05:41:36 net packet injection: enabled 2019/04/08 05:41:36 net device setup: enabled 05:43:54 executing program 0: syzkaller login: [ 189.468118][ T7763] IPVS: ftp: loaded support on port[0] = 21 05:43:54 executing program 1: [ 189.592102][ T7763] chnl_net:caif_netlink_parms(): no params data found [ 189.685368][ T7763] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.703120][ T7763] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.711294][ T7763] device bridge_slave_0 entered promiscuous mode [ 189.720895][ T7763] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.728597][ T7763] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.736930][ T7763] device bridge_slave_1 entered promiscuous mode [ 189.762799][ T7766] IPVS: ftp: loaded support on port[0] = 21 [ 189.771616][ T7763] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.787900][ T7763] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.827184][ T7763] team0: Port device team_slave_0 added 05:43:54 executing program 2: [ 189.845470][ T7763] team0: Port device team_slave_1 added [ 189.977500][ T7763] device hsr_slave_0 entered promiscuous mode 05:43:54 executing program 3: [ 190.054924][ T7763] device hsr_slave_1 entered promiscuous mode [ 190.150594][ T7769] IPVS: ftp: loaded support on port[0] = 21 [ 190.171089][ T7763] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.178419][ T7763] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.186272][ T7763] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.193402][ T7763] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.216830][ T7766] chnl_net:caif_netlink_parms(): no params data found [ 190.244732][ T7772] IPVS: ftp: loaded support on port[0] = 21 [ 190.326289][ T7766] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.333923][ T7766] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.341819][ T7766] device bridge_slave_0 entered promiscuous mode [ 190.366180][ T7766] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.373830][ T7766] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.382449][ T7766] device bridge_slave_1 entered promiscuous mode 05:43:55 executing program 4: [ 190.421276][ T7766] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 190.473884][ T7766] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 190.534791][ T7763] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.561164][ T7772] chnl_net:caif_netlink_parms(): no params data found [ 190.617025][ T7763] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.641571][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 190.653018][ T17] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.675680][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.687844][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 190.702586][ T7766] team0: Port device team_slave_0 added [ 190.735081][ T7775] IPVS: ftp: loaded support on port[0] = 21 [ 190.756923][ T7766] team0: Port device team_slave_1 added [ 190.762842][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.772124][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.781430][ T2990] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.788582][ T2990] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.801233][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.810257][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.822073][ T2990] bridge0: port 2(bridge_slave_1) entered blocking state 05:43:55 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pkey_alloc(0x0, 0x0) [ 190.829177][ T2990] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.842418][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 190.851337][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.889249][ T7772] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.899915][ T7772] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.909414][ T7772] device bridge_slave_0 entered promiscuous mode [ 190.927886][ T7769] chnl_net:caif_netlink_parms(): no params data found [ 190.937754][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 190.950297][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.961547][ T7772] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.968744][ T7772] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.977728][ T7772] device bridge_slave_1 entered promiscuous mode [ 191.036269][ T7766] device hsr_slave_0 entered promiscuous mode [ 191.093305][ T7766] device hsr_slave_1 entered promiscuous mode [ 191.151224][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 191.160463][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 191.170544][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.192587][ T7772] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 191.207400][ T7782] IPVS: ftp: loaded support on port[0] = 21 [ 191.214693][ T7772] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 191.261603][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 191.270198][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 191.278638][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 191.286953][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 191.305542][ T7763] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 191.322443][ T7772] team0: Port device team_slave_0 added [ 191.329624][ T7772] team0: Port device team_slave_1 added [ 191.373503][ T7769] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.380577][ T7769] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.389117][ T7769] device bridge_slave_0 entered promiscuous mode [ 191.399780][ T7769] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.407425][ T7769] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.416945][ T7769] device bridge_slave_1 entered promiscuous mode [ 191.486089][ T7772] device hsr_slave_0 entered promiscuous mode [ 191.543324][ T7772] device hsr_slave_1 entered promiscuous mode [ 191.640097][ T7769] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 191.663376][ T7769] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 191.682170][ T7763] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 191.763768][ T7769] team0: Port device team_slave_0 added [ 191.770627][ T7769] team0: Port device team_slave_1 added 05:43:56 executing program 0: r0 = getpgrp(0xffffffffffffffff) prctl$PR_SET_PTRACER(0x59616d61, r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x4000003102041ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() futex(&(0x7f0000000140)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x2f) write$P9_RREAD(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="053fd6a35c7e566fc75de4836006000f80d2c54dd77915f35f0e3c62e38ce663e864bcc3618f0bfb9396ab4f297e19db2b511fee03035751aa"], 0x39) ptrace$cont(0x18, r2, 0x0, 0x0) ptrace$setregs(0xd, r2, 0x0, &(0x7f00000000c0)) ptrace$cont(0x7, r2, 0x0, 0x0) [ 191.876349][ T7775] chnl_net:caif_netlink_parms(): no params data found [ 191.934887][ T7769] device hsr_slave_0 entered promiscuous mode [ 191.973377][ T7769] device hsr_slave_1 entered promiscuous mode 05:43:56 executing program 0: clone(0x202, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(0x0, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000540)=""/11, 0x485) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) clone(0x3102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_execute_func(&(0x7f0000000380)="410f01f964ff0941c326f2410ff03a2e0fc3223e46d8731266420fe2c340ff4b00c442019dcc6f") r1 = creat(&(0x7f0000000140)='./file1\x00', 0x8) r2 = dup2(r0, r1) execve(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0) ioctl$EVIOCGREP(r2, 0x80084503, &(0x7f0000000580)=""/4096) open$dir(0x0, 0x0, 0x0) [ 192.030303][ T7782] chnl_net:caif_netlink_parms(): no params data found [ 192.119356][ T7766] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.147722][ T7775] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.155726][ T7775] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.164435][ T7775] device bridge_slave_0 entered promiscuous mode [ 192.171994][ T7775] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.179301][ T7775] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.188631][ T7775] device bridge_slave_1 entered promiscuous mode [ 192.211602][ T7766] 8021q: adding VLAN 0 to HW filter on device team0 05:43:57 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000100)=""/11, 0x7) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r1, &(0x7f0000000080), 0x1c) r2 = dup2(r1, r1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet6_IPV6_ADDRFORM(r1, 0x29, 0x1, &(0x7f0000000040), 0x4) dup2(r0, r1) ioctl$EVIOCGSND(r2, 0x8040451a, 0x0) [ 192.245557][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.253558][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.281345][ T7772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.323319][ T7775] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 192.333639][ T7775] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 192.357459][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.365337][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.379179][ T7782] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.386806][ T7782] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.395100][ T7782] device bridge_slave_0 entered promiscuous mode [ 192.404094][ T7775] team0: Port device team_slave_0 added [ 192.412268][ T7772] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.421227][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.436085][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.445647][ T2990] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.452705][ T2990] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.460952][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.480218][ T7782] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.488376][ T7782] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.503780][ T7782] device bridge_slave_1 entered promiscuous mode [ 192.512227][ T7775] team0: Port device team_slave_1 added 05:43:57 executing program 0: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$unix(r1, 0x0, 0x0, 0x0, 0x0, 0x0) bind$unix(r0, &(0x7f0000000080)=@file={0x1, './file0\x00'}, 0x6e) connect$unix(r0, &(0x7f00000bc000)=@abs, 0x8) setsockopt$sock_timeval(r1, 0x1, 0x15, &(0x7f0000000000)={0x0, 0x2710}, 0x10) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) connect$unix(r0, &(0x7f00003de000)=@file={0x1, './file0\x00'}, 0xa) connect$unix(r0, &(0x7f0000681000)=@abs, 0x8) [ 192.537124][ T7769] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.561940][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.578508][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.587631][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.594764][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.602363][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.611354][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.619733][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.626822][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.634469][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.643064][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.651323][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.658428][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.665943][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 192.674671][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 192.683375][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 192.691761][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.754811][ T7775] device hsr_slave_0 entered promiscuous mode [ 192.793321][ T7775] device hsr_slave_1 entered promiscuous mode [ 192.839181][ T7772] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 192.850967][ T7772] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 192.880792][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.890088][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 192.900897][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 192.909546][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 192.918433][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 192.927220][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 192.935692][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 192.944935][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 192.953225][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 192.961273][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 192.969987][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 192.979127][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.987520][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 192.996110][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 193.004637][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 193.012822][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 193.022387][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 193.030029][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 193.052011][ T7782] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 193.063708][ T7782] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 193.084407][ T7769] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.097159][ T7772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.111309][ T7766] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 193.122345][ T7766] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 193.137089][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 193.148149][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.156018][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 193.164967][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 193.173370][ T2990] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.180428][ T2990] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.188214][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 193.196698][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 193.224659][ T7782] team0: Port device team_slave_0 added 05:43:58 executing program 3: r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000140)={0x18, 0x0, {0x6, @dev={[], 0x1c}, 'bridge0\x00'}}, 0x1e) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") sendmmsg(r0, &(0x7f000000d180), 0x4000000000000eb, 0x0) [ 193.248420][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 193.263810][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 193.272452][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 193.281563][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.288695][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.303451][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 193.312653][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 193.321640][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 193.330801][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 193.339340][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 193.348183][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 193.372454][ T7766] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.382706][ T7782] team0: Port device team_slave_1 added 05:43:58 executing program 0: pipe2(&(0x7f0000000240)={0xffffffffffffffff}, 0x4000) ioctl$PPPIOCGFLAGS(r0, 0x8004745a, &(0x7f0000000440)) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = syz_open_dev$vcsn(0x0, 0x81, 0x40000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f00000001c0)=[{0x2}], 0x1) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz0\x00', 0x200002, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000003c0)={0x0, 0x0, 0x0}, &(0x7f0000000400)=0x10) ioctl$VIDIOC_QUERY_EXT_CTRL(0xffffffffffffffff, 0xc0e85667, &(0x7f0000000280)={0x80000000, 0x107, "97f47fc724c336cd71174084c0ba038ce92b6d5f28cf42fa79d26e7693dc5500", 0x1, 0xff, 0x8a, 0x7fffffff, 0x135, 0x1, 0x6, 0x1, [0x0, 0x9, 0x7f]}) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, &(0x7f00000000c0), &(0x7f0000000100)=0x4) ioctl$SNDRV_TIMER_IOCTL_STATUS(r1, 0x80605414, &(0x7f0000000480)=""/61) wait4(0x0, 0x0, 0x40000007, 0x0) ioctl$DRM_IOCTL_SET_VERSION(0xffffffffffffffff, 0xc0106407, 0x0) ioctl$SIOCGETLINKNAME(0xffffffffffffffff, 0x89e0, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/snapshot\x00', 0x80001, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000500)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x3c, 0x54, 0x7, {"7ebb4e2d6d898c1b1880255dcd52092ff7c13840c1aa180ee12fac86e46c04823539a922adcd2c4e7bdf2325846cece55313e1efa785a88a09"}}, {0x0, "b6a977394b807457c350bed1d46affeb97004cd0afc8431205f9aa4325f80b935bc9c8ed8513a744049fe31352470e1b42be02c184fc7357f26e93a4348ca32e156d99d52db4a4669e4e8108e5651703572e2fbb5db255f4ee6b125b490a76c4d503453927486e03f5e03ccf30a9923e87a1590f74e81896fa1fc4080ad23f18b9b1d38166991642f69bb4a52cbe4cff7545ad4d34203531da5e2dddc0a187fe2d2148b008cc7e61ef3adc8d548940c75fa7c60275d3e7a270d6edcff48a03d7538adf54f067eca109a0829a4f3a1f79e66c154d3348d8a3c5bbe386ecb2bd660bffd488e1bb612c5485b0bc098eb5c6236a"}}, 0x0, 0x148, 0x0, 0x1}, 0x20) [ 193.402555][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 193.423820][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 193.432092][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 193.441825][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 193.450525][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 05:43:58 executing program 3: fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x80) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) ioctl$SG_GET_PACK_ID(0xffffffffffffffff, 0x227c, 0x0) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffff9c, 0x84, 0x18, 0x0, &(0x7f0000000100)) getsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000140)=@assoc_value={0x0, 0x800}, &(0x7f0000000180)=0x8) sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000cc0)}, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ipddp0\x00', 0x21}) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') getdents(r0, &(0x7f0000000040)=""/46, 0x2e) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x5, 0x0, &(0x7f0000000740)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x89f1, &(0x7f0000000080)='ip6tnl0\x00') perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x0, 0x0, 0x0, 0x0, 0x1, 0xfb, &(0x7f00000002c0)=""/251, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) dup2(0xffffffffffffffff, r2) [ 193.475514][ T7769] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 193.538319][ T7769] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.552130][ C1] hrtimer: interrupt took 54900 ns 05:43:58 executing program 1: [ 193.661978][ T7782] device hsr_slave_0 entered promiscuous mode [ 193.693942][ T7782] device hsr_slave_1 entered promiscuous mode [ 193.858222][ T7775] 8021q: adding VLAN 0 to HW filter on device bond0 05:43:58 executing program 2: 05:43:58 executing program 1: [ 193.935782][ T7777] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 193.954341][ T7777] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 194.015786][ T7775] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.098784][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 194.114174][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 194.122607][ T7779] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.129724][ T7779] bridge0: port 1(bridge_slave_0) entered forwarding state [ 194.138771][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 194.139274][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 194.139617][ T7779] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.139660][ T7779] bridge0: port 2(bridge_slave_1) entered forwarding state [ 194.140039][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 194.158933][ T7782] 8021q: adding VLAN 0 to HW filter on device bond0 [ 194.192266][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 194.200585][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 194.209968][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 194.219530][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 194.231582][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 194.240382][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 194.248954][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 194.257238][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 194.267072][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 194.275138][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 194.283716][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 194.301222][ T7782] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.313618][ T7775] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 194.321466][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 194.329868][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 194.349110][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 194.358142][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 194.367400][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.374510][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 194.382162][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 194.390785][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 194.399161][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.406233][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 194.413938][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 194.422666][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 194.435420][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 194.454721][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 194.464697][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 194.473447][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 194.481823][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 194.490466][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 194.498850][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 194.507264][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 194.518930][ T7782] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 194.530491][ T7782] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 194.543953][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 194.552312][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 194.564024][ T7775] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 194.621657][ T7782] 8021q: adding VLAN 0 to HW filter on device batadv0 05:43:59 executing program 4: 05:43:59 executing program 5: 05:43:59 executing program 3: 05:43:59 executing program 2: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) read(r0, &(0x7f0000000000)=""/58, 0x3a) ioctl$int_in(r0, 0x800000c0045006, &(0x7f0000000040)) read(0xffffffffffffffff, 0x0, 0x0) 05:43:59 executing program 1: fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) io_destroy(0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000240)=@abs={0x0, 0x0, 0x4e24}, 0x6e, 0x0}], 0x1, 0x80) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$SG_GET_PACK_ID(0xffffffffffffffff, 0x227c, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000080)='/dev/snd/pcmC#D#p\x00', 0x4, 0x802) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffff9c, 0x84, 0x18, &(0x7f00000000c0)={0x0, 0x100000000}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, &(0x7f0000000180)) sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000cc0)}, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ipddp0\x00', 0x21}) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') getdents(r1, &(0x7f0000000040)=""/46, 0x2e) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x5, 0x0, &(0x7f0000000740)={0xffffffffffffffff, 0xffffffffffffffff}) getgid() ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x89f1, &(0x7f0000000080)='ip6tnl0\x00') ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(0xffffffffffffffff, 0xc0045520, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x0, 0x0, 0x0, 0x1, 0xfb, &(0x7f00000002c0)=""/251, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) r4 = socket$kcm(0x29, 0x5, 0x0) dup2(r4, r3) 05:43:59 executing program 0: pipe2(&(0x7f0000000240)={0xffffffffffffffff}, 0x4000) ioctl$PPPIOCGFLAGS(r0, 0x8004745a, &(0x7f0000000440)) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = syz_open_dev$vcsn(0x0, 0x81, 0x40000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f00000001c0)=[{0x2}], 0x1) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz0\x00', 0x200002, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000003c0)={0x0, 0x0, 0x0}, &(0x7f0000000400)=0x10) ioctl$VIDIOC_QUERY_EXT_CTRL(0xffffffffffffffff, 0xc0e85667, &(0x7f0000000280)={0x80000000, 0x107, "97f47fc724c336cd71174084c0ba038ce92b6d5f28cf42fa79d26e7693dc5500", 0x1, 0xff, 0x8a, 0x7fffffff, 0x135, 0x1, 0x6, 0x1, [0x0, 0x9, 0x7f]}) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, &(0x7f00000000c0), &(0x7f0000000100)=0x4) ioctl$SNDRV_TIMER_IOCTL_STATUS(r1, 0x80605414, &(0x7f0000000480)=""/61) wait4(0x0, 0x0, 0x40000007, 0x0) ioctl$DRM_IOCTL_SET_VERSION(0xffffffffffffffff, 0xc0106407, 0x0) ioctl$SIOCGETLINKNAME(0xffffffffffffffff, 0x89e0, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/snapshot\x00', 0x80001, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000500)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x3c, 0x54, 0x7, {"7ebb4e2d6d898c1b1880255dcd52092ff7c13840c1aa180ee12fac86e46c04823539a922adcd2c4e7bdf2325846cece55313e1efa785a88a09"}}, {0x0, "b6a977394b807457c350bed1d46affeb97004cd0afc8431205f9aa4325f80b935bc9c8ed8513a744049fe31352470e1b42be02c184fc7357f26e93a4348ca32e156d99d52db4a4669e4e8108e5651703572e2fbb5db255f4ee6b125b490a76c4d503453927486e03f5e03ccf30a9923e87a1590f74e81896fa1fc4080ad23f18b9b1d38166991642f69bb4a52cbe4cff7545ad4d34203531da5e2dddc0a187fe2d2148b008cc7e61ef3adc8d548940c75fa7c60275d3e7a270d6edcff48a03d7538adf54f067eca109a0829a4f3a1f79e66c154d3348d8a3c5bbe386ecb2bd660bffd488e1bb612c5485b0bc098eb5c6236a"}}, 0x0, 0x148, 0x0, 0x1}, 0x20) 05:43:59 executing program 4: 05:43:59 executing program 3: 05:43:59 executing program 5: 05:43:59 executing program 4: 05:43:59 executing program 3: 05:43:59 executing program 5: 05:43:59 executing program 4: 05:44:00 executing program 5: 05:44:00 executing program 3: 05:44:00 executing program 2: 05:44:00 executing program 1: 05:44:00 executing program 5: 05:44:00 executing program 4: 05:44:00 executing program 3: 05:44:00 executing program 2: 05:44:00 executing program 0: pipe2(&(0x7f0000000240)={0xffffffffffffffff}, 0x4000) ioctl$PPPIOCGFLAGS(r0, 0x8004745a, &(0x7f0000000440)) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = syz_open_dev$vcsn(0x0, 0x81, 0x40000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f00000001c0)=[{0x2}], 0x1) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz0\x00', 0x200002, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000003c0)={0x0, 0x0, 0x0}, &(0x7f0000000400)=0x10) ioctl$VIDIOC_QUERY_EXT_CTRL(0xffffffffffffffff, 0xc0e85667, &(0x7f0000000280)={0x80000000, 0x107, "97f47fc724c336cd71174084c0ba038ce92b6d5f28cf42fa79d26e7693dc5500", 0x1, 0xff, 0x8a, 0x7fffffff, 0x135, 0x1, 0x6, 0x1, [0x0, 0x9, 0x7f]}) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, &(0x7f00000000c0), &(0x7f0000000100)=0x4) ioctl$SNDRV_TIMER_IOCTL_STATUS(r1, 0x80605414, &(0x7f0000000480)=""/61) wait4(0x0, 0x0, 0x40000007, 0x0) ioctl$DRM_IOCTL_SET_VERSION(0xffffffffffffffff, 0xc0106407, 0x0) ioctl$SIOCGETLINKNAME(0xffffffffffffffff, 0x89e0, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/snapshot\x00', 0x80001, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000500)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x3c, 0x54, 0x7, {"7ebb4e2d6d898c1b1880255dcd52092ff7c13840c1aa180ee12fac86e46c04823539a922adcd2c4e7bdf2325846cece55313e1efa785a88a09"}}, {0x0, "b6a977394b807457c350bed1d46affeb97004cd0afc8431205f9aa4325f80b935bc9c8ed8513a744049fe31352470e1b42be02c184fc7357f26e93a4348ca32e156d99d52db4a4669e4e8108e5651703572e2fbb5db255f4ee6b125b490a76c4d503453927486e03f5e03ccf30a9923e87a1590f74e81896fa1fc4080ad23f18b9b1d38166991642f69bb4a52cbe4cff7545ad4d34203531da5e2dddc0a187fe2d2148b008cc7e61ef3adc8d548940c75fa7c60275d3e7a270d6edcff48a03d7538adf54f067eca109a0829a4f3a1f79e66c154d3348d8a3c5bbe386ecb2bd660bffd488e1bb612c5485b0bc098eb5c6236a"}}, 0x0, 0x148, 0x0, 0x1}, 0x20) 05:44:00 executing program 1: 05:44:00 executing program 4: 05:44:00 executing program 5: 05:44:00 executing program 2: 05:44:00 executing program 3: 05:44:00 executing program 1: 05:44:00 executing program 4: 05:44:00 executing program 2: 05:44:00 executing program 3: 05:44:00 executing program 2: 05:44:00 executing program 5: 05:44:01 executing program 0: pipe2(&(0x7f0000000240)={0xffffffffffffffff}, 0x4000) ioctl$PPPIOCGFLAGS(r0, 0x8004745a, &(0x7f0000000440)) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = syz_open_dev$vcsn(0x0, 0x81, 0x40000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f00000001c0)=[{0x2}], 0x1) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz0\x00', 0x200002, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000003c0)={0x0, 0x0, 0x0}, &(0x7f0000000400)=0x10) ioctl$VIDIOC_QUERY_EXT_CTRL(0xffffffffffffffff, 0xc0e85667, &(0x7f0000000280)={0x80000000, 0x107, "97f47fc724c336cd71174084c0ba038ce92b6d5f28cf42fa79d26e7693dc5500", 0x1, 0xff, 0x8a, 0x7fffffff, 0x135, 0x1, 0x6, 0x1, [0x0, 0x9, 0x7f]}) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, &(0x7f00000000c0), &(0x7f0000000100)=0x4) ioctl$SNDRV_TIMER_IOCTL_STATUS(r1, 0x80605414, &(0x7f0000000480)=""/61) wait4(0x0, 0x0, 0x40000007, 0x0) ioctl$DRM_IOCTL_SET_VERSION(0xffffffffffffffff, 0xc0106407, 0x0) ioctl$SIOCGETLINKNAME(0xffffffffffffffff, 0x89e0, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/snapshot\x00', 0x80001, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000500)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x3c, 0x54, 0x7, {"7ebb4e2d6d898c1b1880255dcd52092ff7c13840c1aa180ee12fac86e46c04823539a922adcd2c4e7bdf2325846cece55313e1efa785a88a09"}}, {0x0, "b6a977394b807457c350bed1d46affeb97004cd0afc8431205f9aa4325f80b935bc9c8ed8513a744049fe31352470e1b42be02c184fc7357f26e93a4348ca32e156d99d52db4a4669e4e8108e5651703572e2fbb5db255f4ee6b125b490a76c4d503453927486e03f5e03ccf30a9923e87a1590f74e81896fa1fc4080ad23f18b9b1d38166991642f69bb4a52cbe4cff7545ad4d34203531da5e2dddc0a187fe2d2148b008cc7e61ef3adc8d548940c75fa7c60275d3e7a270d6edcff48a03d7538adf54f067eca109a0829a4f3a1f79e66c154d3348d8a3c5bbe386ecb2bd660bffd488e1bb612c5485b0bc098eb5c6236a"}}, 0x0, 0x148, 0x0, 0x1}, 0x20) 05:44:01 executing program 4: 05:44:01 executing program 1: 05:44:01 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x10, 0x2, 0x0) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="24000000250007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 05:44:01 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa69c, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$audion(0x0, 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x0, 0x0) msgget$private(0x0, 0x0) ioctl$KDSIGACCEPT(0xffffffffffffffff, 0x4b4e, 0x0) fcntl$setlease(r0, 0x400, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x30b) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0xfffffffffffef, 0x13012, r1, 0x0) 05:44:01 executing program 5: 05:44:01 executing program 5: 05:44:01 executing program 4: [ 196.260144][ T7930] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:44:01 executing program 1: 05:44:01 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in=@loopback, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa, 0x80}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@broadcast, 0x0, 0xff}, 0x0, @in=@empty}}, 0xe8) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0xffd8) 05:44:01 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x10, 0x2, 0x0) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="24000000250007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 05:44:01 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) r1 = socket(0x840000000002, 0x3, 0xff) connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x0, &(0x7f0000000040), 0x2}}], 0xd3, 0x1ffffffe) [ 196.572254][ T7956] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:44:01 executing program 0: r0 = socket$kcm(0x2, 0x3, 0x84) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f0000000140)=@in={0x2, 0x0, @dev}, 0x80, 0x0}, 0x8000) sendmsg(r0, &(0x7f00000001c0)={&(0x7f0000000040)=@un=@abs, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000300)="2e00c3c6726261a1ae130204084e", 0xe}], 0x1}, 0x0) 05:44:01 executing program 1: pipe(&(0x7f00000000c0)) pipe2(&(0x7f0000000680), 0x0) pipe(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x10000014c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x1e9, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x1000000000000}, &(0x7f0000000200), &(0x7f0000000300)={&(0x7f0000000080), 0x8}) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 05:44:01 executing program 2: mlockall(0x1) clone(0x1ffffffffffffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) 05:44:01 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa69c, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$audion(0x0, 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x0, 0x0) msgget$private(0x0, 0x0) ioctl$KDSIGACCEPT(0xffffffffffffffff, 0x4b4e, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x30b) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0xfffffffffffef, 0x13012, r0, 0x0) 05:44:01 executing program 4: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) geteuid() getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(0xffffffffffffffff, 0x84, 0xc, &(0x7f0000000100), 0x0) fstat(0xffffffffffffffff, 0x0) setxattr$system_posix_acl(0x0, 0x0, &(0x7f0000000b00)={{}, {0x1, 0x2}, [{}, {}], {}, [{0x8, 0x1}, {}], {0x10, 0x2}}, 0x44, 0x3) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1\x00']) chdir(0x0) 05:44:01 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x10, 0x2, 0x0) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="24000000250007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 196.921821][ T7968] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:44:01 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0xfec0000000000000, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0xfeffffff00000000]}, 0x1}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) [ 197.007827][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 197.014076][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 197.033231][ T7975] raw_sendmsg: syz-executor.0 forgot to set AF_INET. Fix it! 05:44:02 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001500)={0x40000000a, 0x1b9, 0x800, 0x100000001}, 0x3c) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000000c0)={r0, &(0x7f0000000040)}, 0x10) 05:44:02 executing program 0: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x3, @dev}, 0x80, 0x0}, 0x0) r0 = socket$kcm(0x11, 0x2, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0x2, &(0x7f00000000c0), 0x3b1) 05:44:02 executing program 5: madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) get_mempolicy(0x0, 0x0, 0x0, &(0x7f00007e2000/0x7000)=nil, 0x3) [ 197.209277][ T7972] overlayfs: filesystem on './file0' not supported as upperdir 05:44:02 executing program 4: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) geteuid() getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(0xffffffffffffffff, 0x84, 0xc, &(0x7f0000000100), 0x0) fstat(0xffffffffffffffff, 0x0) setxattr$system_posix_acl(0x0, 0x0, &(0x7f0000000b00)={{}, {0x1, 0x2}, [{}, {}], {}, [{0x8, 0x1}, {}], {0x10, 0x2}}, 0x44, 0x3) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1\x00']) chdir(0x0) 05:44:02 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0xfec0000000000000, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0xfeffffff00000000]}, 0x1}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) 05:44:02 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070") syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 197.512588][ T8000] FAT-fs (loop5): bogus number of reserved sectors [ 197.568370][ T8000] FAT-fs (loop5): Can't find a valid FAT filesystem [ 197.668308][ T8005] FAT-fs (loop5): bogus number of reserved sectors [ 197.681716][ T8005] FAT-fs (loop5): Can't find a valid FAT filesystem 05:44:02 executing program 1: socket$kcm(0x11, 0xa, 0x300) openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r1 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f00000002c0)=r0, 0x161) sendmsg$kcm(r1, &(0x7f0000003d00)={&(0x7f0000000380)=@un=@file={0x0, './file0\x00'}, 0x80, 0x0}, 0x0) 05:44:02 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x80040200, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x500]}, 0x1}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) 05:44:02 executing program 0: perf_event_open(&(0x7f0000000200)={0x0, 0x52, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x8000000002, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e00000027000502d25a80648c63940d0324fc001000044002000000053582c137153e37090002800af01700d1bd", 0x2e}], 0x1}, 0x0) 05:44:02 executing program 5: socket$kcm(0x11, 0xa, 0x300) openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r1 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f00000002c0)=r0, 0x161) sendmsg$kcm(r1, &(0x7f0000003d00)={&(0x7f0000000380)=@un=@file={0x0, './file0\x00'}, 0x80, 0x0}, 0xfd00) write$cgroup_subtree(r1, 0x0, 0x0) 05:44:02 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0xfec0000000000000, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0xfeffffff00000000]}, 0x1}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) 05:44:02 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0) r1 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f00000002c0)=r0, 0x161) sendmsg$kcm(r1, &(0x7f0000003d00)={&(0x7f0000000380)=@in={0x2, 0x4e23, @multicast1}, 0x80, 0x0}, 0x0) [ 197.963002][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 197.968818][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 197.991166][ T8022] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 198.020222][ T8027] check_preemption_disabled: 1 callbacks suppressed [ 198.020238][ T8027] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8027 [ 198.029765][ T8022] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 198.036449][ T8027] caller is sk_mc_loop+0x1d/0x210 [ 198.036472][ T8027] CPU: 0 PID: 8027 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 198.036497][ T8027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 198.036507][ T8027] Call Trace: [ 198.036532][ T8027] dump_stack+0x172/0x1f0 [ 198.036571][ T8027] __this_cpu_preempt_check+0x246/0x270 [ 198.062618][ T8030] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 198.068719][ T8027] sk_mc_loop+0x1d/0x210 [ 198.068745][ T8027] ip_mc_output+0x2ef/0xf70 [ 198.068777][ T8027] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 198.068806][ T8027] ? ip_append_data.part.0+0x170/0x170 [ 198.085687][ T8030] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 198.090006][ T8027] ? ip_make_skb+0x1b1/0x2c0 [ 198.090028][ T8027] ? ip_reply_glue_bits+0xc0/0xc0 [ 198.090058][ T8027] ip_local_out+0xc4/0x1b0 [ 198.090085][ T8027] ip_send_skb+0x42/0xf0 [ 198.135727][ T8027] udp_send_skb.isra.0+0x6b2/0x1180 [ 198.140944][ T8027] ? xfrm_lookup_route+0x5b/0x1f0 [ 198.146009][ T8027] udp_sendmsg+0x1dfd/0x2820 [ 198.150640][ T8027] ? ip_reply_glue_bits+0xc0/0xc0 [ 198.155708][ T8027] ? udp4_lib_lookup_skb+0x440/0x440 [ 198.161011][ T8027] ? perf_trace_lock+0x334/0x510 [ 198.165983][ T8027] ? reacquire_held_locks+0xfb/0x520 [ 198.171293][ T8027] ? release_sock+0x158/0x1c0 [ 198.176003][ T8027] ? release_sock+0x158/0x1c0 [ 198.180712][ T8027] ? __local_bh_enable_ip+0x15a/0x270 [ 198.186109][ T8027] ? lockdep_hardirqs_on+0x418/0x5d0 [ 198.191416][ T8027] ? release_sock+0x158/0x1c0 [ 198.196112][ T8027] ? trace_hardirqs_on+0x67/0x230 [ 198.201155][ T8027] ? release_sock+0x158/0x1c0 [ 198.205850][ T8027] ? __local_bh_enable_ip+0x15a/0x270 [ 198.211279][ T8027] ? _raw_spin_unlock_bh+0x31/0x40 [ 198.216425][ T8027] inet_sendmsg+0x147/0x5e0 [ 198.220951][ T8027] ? udp4_lib_lookup_skb+0x440/0x440 [ 198.226258][ T8027] ? inet_sendmsg+0x147/0x5e0 [ 198.230956][ T8027] ? ipip_gro_receive+0x100/0x100 [ 198.236016][ T8027] sock_sendmsg+0xdd/0x130 [ 198.240455][ T8027] ___sys_sendmsg+0x806/0x930 [ 198.245171][ T8027] ? copy_msghdr_from_user+0x430/0x430 [ 198.250657][ T8027] ? lock_downgrade+0x880/0x880 [ 198.255533][ T8027] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 198.261815][ T8027] ? kasan_check_read+0x11/0x20 [ 198.266703][ T8027] ? __fget+0x381/0x550 [ 198.270921][ T8027] ? __fget_light+0x1a9/0x230 [ 198.275632][ T8027] ? __fdget+0x1b/0x20 [ 198.279730][ T8027] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.286004][ T8027] __sys_sendmsg+0x105/0x1d0 [ 198.290647][ T8027] ? __ia32_sys_shutdown+0x80/0x80 [ 198.295812][ T8027] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.301295][ T8027] ? do_syscall_64+0x26/0x610 [ 198.305993][ T8027] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.312179][ T8027] ? do_syscall_64+0x26/0x610 [ 198.316888][ T8027] __x64_sys_sendmsg+0x78/0xb0 [ 198.321673][ T8027] do_syscall_64+0x103/0x610 [ 198.326286][ T8027] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.332202][ T8027] RIP: 0033:0x4582b9 [ 198.336109][ T8027] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 198.355727][ T8027] RSP: 002b:00007f4f2e2acc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 198.364150][ T8027] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 05:44:03 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)="1b0000001d0081aee40529b690e10bfbcd0c00000f00fe07f9fd00", 0x1b}], 0x1}, 0x0) 05:44:03 executing program 3: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r1 = dup(r0) setsockopt$bt_rfcomm_RFCOMM_LM(r1, 0x12, 0x3, &(0x7f0000000080)=0x20, 0x319) 05:44:03 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff}) r1 = memfd_create(&(0x7f0000000180)='\x06\x00\x00\x00^\x00\xac\xd8\xfd\xcc\xeeq\xe5\xf5\xcb\x801`\xe48\x85\xa4\xf5\xd0\x1b\\\x04\f\xf8F\\\xb4\xba\x8d\xef\x12d\xee\xa5?\x00kZ\x8b\x19h\xd7|\x14i\r\x18U9\xc1\xd7\x10\xf0G\x12\xa8\xbaa\xb2\x94|%n\x1e+\x9f\xbb\xb8\xac\x81\x8d\x93q\xd4\xd4z\xaaZ\x0f\xaa\xc7\x97#\xe5g l\xd55\x15\xbf\xfc\xf5\x83\xb72\x00Y\x15\x92\xb1\xb6a\xf4\xe9u\xb2\xe7\xeciy\b\xdb\xc7\xf1\x87\xc9\a\x91\x04J\xc8\x0e\xff|J\'Nxr\x00\xbc\xab5\x9b\x85>\x99\xcaz2\xabKI\xdc\xe4\x9f\xa5\xd0\x0ewm\xe7\xccK\xc9\x8b\x8bE\x89\x03\x00\x00\x00}@Ry\xa69^\xdc\x9d\xa0\x04\xdf \aelO7\xf1\xda\xcc\xa2x\xc2\x9a\xf5\x18F\xa0\x80M\xf9,+\xc9\xf7/nt\x9ba\x14\x1b\x18\xdd\x18X\xd2o\x15\x97L\xe6\xb5\xba\xc7\xf2W\n\x7f\x14ZIL:T\x1bd\x19\x8dE\x9c\xb1\xb9JK\x1do\x85\xe9\xa2\xca\x9cd\b\xc8\xbdiQ_L\xb0\xb9 \xf7/F\xfc\'M#,\x84M\xba\xa9\xa2yr\'?f\tb\xdai\xfd\x8c\x9aoj\x84\x03i\x8a|\xf7T;=p\xa2\x98f\xc7\xefu=\x96\xcb\x11\x91\xce\xce\xbev\xaa\xbb\xca\xfa\xa3\xde\xd5\x1f\xd7\x03:12\xf2\xfd\rN\x84=A\xae\x9b3\x81\xa9~\xb7\x80\xd1\xe2\xf6\xf2\xb8\xc9\x8a\xabC\xe2\xec\xb8,j\xe1\xbb\x1b\x1f@', 0x0) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x0, 0x0) fadvise64(r3, 0x0, 0x0, 0x3) 05:44:03 executing program 3: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r1 = dup(r0) setsockopt$bt_rfcomm_RFCOMM_LM(r1, 0x12, 0x3, &(0x7f0000000080)=0x20, 0x319) 05:44:03 executing program 0: [ 198.372129][ T8027] RDX: 0000000000000000 RSI: 0000000020003d00 RDI: 0000000000000005 [ 198.380109][ T8027] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 198.388088][ T8027] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4f2e2ad6d4 [ 198.396066][ T8027] R13: 00000000004c58ba R14: 00000000004d9b78 R15: 00000000ffffffff [ 198.404345][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 198.410145][ C0] protocol 88fb is buggy, dev hsr_slave_1 05:44:03 executing program 1: 05:44:03 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x80040200, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x500]}, 0x1}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) 05:44:03 executing program 0: 05:44:03 executing program 3: 05:44:03 executing program 5: 05:44:03 executing program 0: 05:44:03 executing program 3: 05:44:03 executing program 1: 05:44:03 executing program 4: 05:44:03 executing program 5: 05:44:03 executing program 0: 05:44:03 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x80040200, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x500]}, 0x1}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0x20008844) 05:44:03 executing program 3: 05:44:03 executing program 1: 05:44:03 executing program 5: 05:44:03 executing program 0: 05:44:03 executing program 4: 05:44:03 executing program 5: 05:44:03 executing program 3: 05:44:03 executing program 1: 05:44:03 executing program 0: 05:44:03 executing program 2: 05:44:04 executing program 3: 05:44:04 executing program 4: 05:44:04 executing program 1: 05:44:04 executing program 5: 05:44:04 executing program 0: 05:44:04 executing program 2: 05:44:04 executing program 3: 05:44:04 executing program 1: 05:44:04 executing program 5: 05:44:04 executing program 4: 05:44:04 executing program 5: 05:44:04 executing program 0: 05:44:04 executing program 2: 05:44:04 executing program 1: 05:44:04 executing program 3: 05:44:04 executing program 4: 05:44:04 executing program 5: 05:44:04 executing program 1: 05:44:04 executing program 0: 05:44:04 executing program 2: 05:44:04 executing program 3: 05:44:04 executing program 4: 05:44:04 executing program 5: 05:44:04 executing program 1: 05:44:04 executing program 3: 05:44:04 executing program 0: 05:44:04 executing program 3: 05:44:04 executing program 2: 05:44:04 executing program 4: 05:44:04 executing program 5: 05:44:04 executing program 1: 05:44:04 executing program 0: 05:44:04 executing program 2: 05:44:04 executing program 3: 05:44:04 executing program 5: 05:44:04 executing program 4: 05:44:04 executing program 0: 05:44:04 executing program 1: 05:44:05 executing program 5: 05:44:05 executing program 3: 05:44:05 executing program 2: 05:44:05 executing program 4: 05:44:05 executing program 0: 05:44:05 executing program 1: 05:44:05 executing program 3: 05:44:05 executing program 5: 05:44:05 executing program 2: 05:44:05 executing program 4: 05:44:05 executing program 3: 05:44:05 executing program 1: 05:44:05 executing program 4: 05:44:05 executing program 5: 05:44:05 executing program 0: 05:44:05 executing program 2: 05:44:05 executing program 3: 05:44:05 executing program 1: 05:44:05 executing program 4: 05:44:05 executing program 0: 05:44:05 executing program 5: 05:44:05 executing program 2: 05:44:05 executing program 3: 05:44:05 executing program 1: 05:44:05 executing program 0: 05:44:05 executing program 4: 05:44:05 executing program 3: 05:44:05 executing program 5: 05:44:05 executing program 2: 05:44:05 executing program 1: 05:44:05 executing program 3: 05:44:05 executing program 4: 05:44:05 executing program 2: 05:44:05 executing program 5: 05:44:05 executing program 0: 05:44:05 executing program 1: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000fa8fe4)={0xa, 0x4e23}, 0x1c) connect$inet6(r0, &(0x7f0000966fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000100)={0x6f}, 0x20) r1 = dup(r0) sendto$inet6(r1, &(0x7f0000000200)="99", 0x1, 0x0, 0x0, 0x0) 05:44:05 executing program 5: 05:44:05 executing program 2: 05:44:06 executing program 4: [ 201.133208][ T8224] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/8224 [ 201.142796][ T8224] caller is ip6_finish_output+0x335/0xdc0 [ 201.148631][ T8224] CPU: 0 PID: 8224 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 201.157658][ T8224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 201.167722][ T8224] Call Trace: [ 201.171027][ T8224] dump_stack+0x172/0x1f0 [ 201.175374][ T8224] __this_cpu_preempt_check+0x246/0x270 [ 201.180935][ T8224] ip6_finish_output+0x335/0xdc0 [ 201.185886][ T8224] ip6_output+0x235/0x7f0 [ 201.190234][ T8224] ? ip6_finish_output+0xdc0/0xdc0 [ 201.195361][ T8224] ? ip6_fragment+0x3980/0x3980 [ 201.200221][ T8224] ? kasan_check_read+0x11/0x20 [ 201.205083][ T8224] ip6_xmit+0xe41/0x20c0 [ 201.209346][ T8224] ? ip6_finish_output2+0x2550/0x2550 [ 201.214724][ T8224] ? mark_held_locks+0xf0/0xf0 [ 201.219505][ T8224] ? ip6_setup_cork+0x1870/0x1870 [ 201.224553][ T8224] sctp_v6_xmit+0x313/0x660 [ 201.229077][ T8224] sctp_packet_transmit+0x1bc4/0x36f0 [ 201.234492][ T8224] ? sctp_packet_config+0xfe0/0xfe0 [ 201.239704][ T8224] ? sctp_packet_append_chunk+0x946/0xda0 [ 201.245429][ T8224] ? sctp_outq_select_transport+0x21a/0x790 [ 201.251331][ T8224] sctp_outq_flush_ctrl.constprop.0+0x6d4/0xd50 [ 201.257600][ T8224] ? sctp_prsctp_prune_sent.isra.0+0x820/0x820 [ 201.263761][ T8224] ? lock_downgrade+0x880/0x880 [ 201.263805][ T8224] ? add_timer+0x400/0x930 [ 201.263820][ T8224] ? find_held_lock+0x35/0x130 [ 201.263841][ T8224] ? add_timer+0x41e/0x930 [ 201.263857][ T8224] sctp_outq_flush+0xe8/0x2780 [ 201.263868][ T8224] ? mark_held_locks+0xa4/0xf0 [ 201.263880][ T8224] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 201.263891][ T8224] ? add_timer+0x41e/0x930 [ 201.263902][ T8224] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 201.273282][ T8224] ? lockdep_hardirqs_on+0x418/0x5d0 [ 201.273300][ T8224] ? trace_hardirqs_on+0x67/0x230 [ 201.273318][ T8224] ? __sctp_outq_teardown+0xc60/0xc60 [ 201.273343][ T8224] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 201.273355][ T8224] ? sctp_outq_tail+0x68c/0x930 [ 201.273375][ T8224] sctp_outq_uncork+0x6c/0x80 [ 201.339355][ T8224] sctp_do_sm+0x2575/0x5770 [ 201.343871][ T8224] ? sctp_hash_transport+0xdb1/0x18d0 [ 201.349265][ T8224] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 201.355945][ T8224] ? __local_bh_enable_ip+0x15a/0x270 [ 201.361330][ T8224] ? lock_downgrade+0x880/0x880 [ 201.366190][ T8224] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 201.372445][ T8224] ? kasan_check_read+0x11/0x20 [ 201.377319][ T8224] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 201.383562][ T8224] ? sctp_hash_transport+0x10b/0x18d0 [ 201.383604][ T8224] ? memcpy+0x46/0x50 [ 201.392938][ T8224] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 201.399184][ T8224] ? sctp_assoc_set_primary+0x274/0x310 [ 201.399208][ T8224] sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 201.399228][ T8224] __sctp_connect+0x8cd/0xce0 [ 201.399252][ T8224] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 201.420361][ T8224] ? __local_bh_enable_ip+0x15a/0x270 [ 201.425776][ T8224] ? lockdep_hardirqs_on+0x418/0x5d0 [ 201.431515][ T8224] ? lock_sock_nested+0x9a/0x120 [ 201.436462][ T8224] ? trace_hardirqs_on+0x67/0x230 [ 201.441524][ T8224] ? __local_bh_enable_ip+0x15a/0x270 [ 201.446908][ T8224] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 201.452815][ T8224] sctp_inet_connect+0x2a2/0x350 [ 201.458295][ T8224] __sys_connect+0x266/0x330 [ 201.462901][ T8224] ? __ia32_sys_accept+0xb0/0xb0 [ 201.467847][ T8224] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 201.474103][ T8224] ? put_timespec64+0xda/0x140 [ 201.478888][ T8224] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 201.484351][ T8224] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 201.489824][ T8224] ? do_syscall_64+0x26/0x610 [ 201.494521][ T8224] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 201.500598][ T8224] ? do_syscall_64+0x26/0x610 [ 201.505286][ T8224] __x64_sys_connect+0x73/0xb0 [ 201.510079][ T8224] do_syscall_64+0x103/0x610 [ 201.514681][ T8224] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 201.520582][ T8224] RIP: 0033:0x4582b9 [ 201.524496][ T8224] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 201.544100][ T8224] RSP: 002b:00007fe6b063ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 201.552510][ T8224] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 201.560471][ T8224] RDX: 000000000000001c RSI: 0000000020966fe4 RDI: 0000000000000003 [ 201.568444][ T8224] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 201.576413][ T8224] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe6b063f6d4 05:44:06 executing program 3: 05:44:06 executing program 0: 05:44:06 executing program 0: 05:44:06 executing program 4: 05:44:06 executing program 3: syz_execute_func(&(0x7f0000001900)="410f01f964ff090f01d941c3470f28b00008000066420fe2e33e0b1147c442019dcc84906178c6d100") r0 = socket$inet(0x2, 0x1, 0x0) r1 = dup(r0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @remote}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000002c0)=0x200, 0x4) connect$inet(r0, &(0x7f0000000780)={0x2, 0x4e23}, 0x10) r2 = dup2(r0, r0) sendto$inet(r1, &(0x7f0000000200)="96", 0x1, 0x0, 0x0, 0x0) recvfrom(r1, 0x0, 0x0, 0x2000, 0x0, 0x0) sendmsg$TIPC_CMD_SET_NETID(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 05:44:06 executing program 0: clone(0x4000003102041ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() futex(&(0x7f0000000140)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2f) write$P9_RREAD(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="053fd7a35c7e566fc75de4836006000f80d2c54dd77915f35f0e3c62e38ce663e864bcc3618f0bfb9396ab4f297e19db2b511fee03035751aa"], 0x39) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f00000000c0)) ptrace$cont(0x7, r0, 0x0, 0x0) 05:44:06 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000080)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[@ANYPTR64], 0x8) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) unlink(&(0x7f0000000240)='./bus\x00') sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) creat(&(0x7f0000000100)='./file0\x00', 0x0) 05:44:06 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x4, 0x40001) ppoll(&(0x7f0000000080)=[{r1}, {r0, 0x182}], 0x2, 0x0, 0x0, 0x0) [ 201.584380][ T8224] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff [ 201.675828][ T8224] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/8224 [ 201.685365][ T8224] caller is ip6_finish_output+0x335/0xdc0 [ 201.691102][ T8224] CPU: 0 PID: 8224 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 201.700120][ T8224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 201.710177][ T8224] Call Trace: [ 201.713493][ T8224] dump_stack+0x172/0x1f0 [ 201.717833][ T8224] __this_cpu_preempt_check+0x246/0x270 [ 201.723389][ T8224] ip6_finish_output+0x335/0xdc0 [ 201.728328][ T8224] ip6_output+0x235/0x7f0 [ 201.732656][ T8224] ? ip6_finish_output+0xdc0/0xdc0 [ 201.737770][ T8224] ? ip6_fragment+0x3980/0x3980 [ 201.742618][ T8224] ? kasan_check_read+0x11/0x20 [ 201.747484][ T8224] ip6_xmit+0xe41/0x20c0 [ 201.751735][ T8224] ? ip6_finish_output2+0x2550/0x2550 [ 201.757119][ T8224] ? mark_held_locks+0xf0/0xf0 [ 201.761891][ T8224] ? ip6_setup_cork+0x1870/0x1870 [ 201.766923][ T8224] ? netlbl_unlabel_staticlist_gen.isra.0+0x290/0x8b0 [ 201.773686][ T8224] sctp_v6_xmit+0x313/0x660 [ 201.778190][ T8224] sctp_packet_transmit+0x1bc4/0x36f0 [ 201.783583][ T8224] ? sctp_packet_config+0xfe0/0xfe0 [ 201.788782][ T8224] ? sctp_packet_append_chunk+0x946/0xda0 [ 201.794502][ T8224] ? sctp_outq_select_transport+0x21a/0x790 [ 201.800397][ T8224] sctp_outq_flush_ctrl.constprop.0+0x6d4/0xd50 [ 201.806661][ T8224] ? sctp_make_init_ack+0x95c/0xdb0 [ 201.811859][ T8224] ? sctp_prsctp_prune_sent.isra.0+0x820/0x820 [ 201.818019][ T8224] ? sctp_make_init+0xd10/0xd10 [ 201.822868][ T8224] ? sctp_verify_init+0x14a0/0x14a0 [ 201.828065][ T8224] sctp_outq_flush+0xe8/0x2780 [ 201.832833][ T8224] ? sctp_assoc_set_bind_addr_from_ep+0x168/0x1c0 [ 201.839251][ T8224] ? sctp_sf_do_unexpected_init.isra.0+0x19e/0x1350 [ 201.853648][ T8224] ? __sctp_outq_teardown+0xc60/0xc60 [ 201.859019][ T8224] ? sctp_sm_lookup_event+0x134/0x48d [ 201.864391][ T8224] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 201.870625][ T8224] ? sctp_outq_tail+0x68c/0x930 [ 201.875472][ T8224] sctp_outq_uncork+0x6c/0x80 [ 201.880156][ T8224] sctp_do_sm+0x418d/0x5770 [ 201.884666][ T8224] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 201.891337][ T8224] ? sctp_prsctp_prune_sent.isra.0+0x820/0x820 [ 201.897498][ T8224] ? lock_downgrade+0x880/0x880 [ 201.902356][ T8224] ? sctp_assoc_bh_rcv+0x2fc/0x660 [ 201.907462][ T8224] ? find_held_lock+0x35/0x130 [ 201.912230][ T8224] ? sctp_assoc_bh_rcv+0x2fc/0x660 [ 201.917345][ T8224] ? mark_held_locks+0xa4/0xf0 [ 201.922110][ T8224] ? trace_hardirqs_on+0x67/0x230 [ 201.927135][ T8224] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 201.932845][ T8224] ? ktime_get+0x208/0x300 [ 201.937262][ T8224] sctp_assoc_bh_rcv+0x343/0x660 [ 201.942206][ T8224] sctp_inq_push+0x1ea/0x290 [ 201.946796][ T8224] sctp_backlog_rcv+0x196/0xbe0 [ 201.951644][ T8224] ? __local_bh_enable_ip+0x15a/0x270 [ 201.957011][ T8224] ? _raw_spin_unlock_bh+0x31/0x40 [ 201.962134][ T8224] ? __local_bh_enable_ip+0x15a/0x270 [ 201.967925][ T8224] ? sctp_hash_obj+0x600/0x600 [ 201.972683][ T8224] ? __release_sock+0xca/0x3a0 [ 201.977447][ T8224] ? __local_bh_enable_ip+0x15a/0x270 [ 201.982825][ T8224] __release_sock+0x12e/0x3a0 [ 201.987518][ T8224] release_sock+0x59/0x1c0 [ 201.991939][ T8224] sctp_wait_for_connect+0x316/0x540 [ 201.997227][ T8224] ? sctp_get_port+0x180/0x180 [ 202.002003][ T8224] ? memcpy+0x46/0x50 [ 202.005985][ T8224] ? finish_wait+0x260/0x260 [ 202.010579][ T8224] ? sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 202.016126][ T8224] __sctp_connect+0xac2/0xce0 [ 202.020810][ T8224] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 202.026348][ T8224] ? __local_bh_enable_ip+0x15a/0x270 [ 202.031712][ T8224] ? lockdep_hardirqs_on+0x418/0x5d0 [ 202.036992][ T8224] ? trace_hardirqs_on+0x67/0x230 [ 202.042012][ T8224] ? __local_bh_enable_ip+0x15a/0x270 [ 202.047380][ T8224] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 202.053271][ T8224] sctp_inet_connect+0x2a2/0x350 [ 202.058211][ T8224] __sys_connect+0x266/0x330 [ 202.062803][ T8224] ? __ia32_sys_accept+0xb0/0xb0 [ 202.067742][ T8224] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 202.073976][ T8224] ? put_timespec64+0xda/0x140 [ 202.078848][ T8224] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 202.084304][ T8224] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 202.089758][ T8224] ? do_syscall_64+0x26/0x610 [ 202.094445][ T8224] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.100516][ T8224] ? do_syscall_64+0x26/0x610 [ 202.105215][ T8224] __x64_sys_connect+0x73/0xb0 [ 202.109980][ T8224] do_syscall_64+0x103/0x610 [ 202.114658][ T8224] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.120544][ T8224] RIP: 0033:0x4582b9 [ 202.124439][ T8224] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 202.144044][ T8224] RSP: 002b:00007fe6b063ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 202.152460][ T8224] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 202.160432][ T8224] RDX: 000000000000001c RSI: 0000000020966fe4 RDI: 0000000000000003 [ 202.168395][ T8224] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 202.176375][ T8224] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe6b063f6d4 [ 202.184341][ T8224] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff [ 202.231008][ T8224] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/8224 [ 202.240626][ T8224] caller is ip6_finish_output+0x335/0xdc0 [ 202.246418][ T8224] CPU: 1 PID: 8224 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 202.255452][ T8224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 202.265539][ T8224] Call Trace: [ 202.268843][ T8224] dump_stack+0x172/0x1f0 [ 202.273177][ T8224] __this_cpu_preempt_check+0x246/0x270 [ 202.278722][ T8224] ip6_finish_output+0x335/0xdc0 [ 202.283665][ T8224] ip6_output+0x235/0x7f0 [ 202.287995][ T8224] ? ip6_finish_output+0xdc0/0xdc0 [ 202.293114][ T8224] ? ip6_fragment+0x3980/0x3980 [ 202.297966][ T8224] ? kasan_check_read+0x11/0x20 [ 202.302817][ T8224] ip6_xmit+0xe41/0x20c0 [ 202.307067][ T8224] ? ip6_finish_output2+0x2550/0x2550 [ 202.312442][ T8224] ? mark_held_locks+0xf0/0xf0 [ 202.317213][ T8224] ? ip6_setup_cork+0x1870/0x1870 [ 202.322252][ T8224] sctp_v6_xmit+0x313/0x660 [ 202.326761][ T8224] sctp_packet_transmit+0x1bc4/0x36f0 [ 202.332151][ T8224] ? sctp_packet_config+0xfe0/0xfe0 [ 202.337348][ T8224] ? kmem_cache_alloc_node_trace+0x352/0x720 [ 202.343321][ T8224] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 202.349571][ T8224] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 202.355289][ T8224] sctp_outq_flush+0x2b8/0x2780 [ 202.360138][ T8224] ? sctp_chunkify+0x4b/0x290 [ 202.364818][ T8224] ? __sctp_outq_teardown+0xc60/0xc60 [ 202.370193][ T8224] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 202.376428][ T8224] ? sctp_outq_tail+0x68c/0x930 [ 202.381273][ T8224] sctp_outq_uncork+0x6c/0x80 [ 202.385953][ T8224] sctp_do_sm+0x2575/0x5770 [ 202.390455][ T8224] ? do_syscall_64+0x103/0x610 [ 202.395224][ T8224] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.401314][ T8224] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 202.407986][ T8224] ? lock_downgrade+0x880/0x880 [ 202.412839][ T8224] ? sctp_assoc_bh_rcv+0x2fc/0x660 [ 202.417945][ T8224] ? find_held_lock+0x35/0x130 [ 202.422707][ T8224] ? sctp_assoc_bh_rcv+0x2fc/0x660 [ 202.427831][ T8224] ? trace_hardirqs_on+0x67/0x230 [ 202.432849][ T8224] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 202.438564][ T8224] ? ktime_get+0x208/0x300 [ 202.442982][ T8224] sctp_assoc_bh_rcv+0x343/0x660 [ 202.447937][ T8224] sctp_inq_push+0x1ea/0x290 [ 202.452529][ T8224] sctp_backlog_rcv+0x196/0xbe0 [ 202.457374][ T8224] ? __local_bh_enable_ip+0x15a/0x270 [ 202.462738][ T8224] ? _raw_spin_unlock_bh+0x31/0x40 [ 202.467842][ T8224] ? __local_bh_enable_ip+0x15a/0x270 [ 202.473214][ T8224] ? sctp_hash_obj+0x600/0x600 [ 202.477972][ T8224] ? __release_sock+0xca/0x3a0 [ 202.482738][ T8224] ? __local_bh_enable_ip+0x15a/0x270 [ 202.488112][ T8224] __release_sock+0x12e/0x3a0 [ 202.492793][ T8224] release_sock+0x59/0x1c0 [ 202.497208][ T8224] sctp_wait_for_connect+0x316/0x540 [ 202.502500][ T8224] ? sctp_get_port+0x180/0x180 [ 202.507260][ T8224] ? memcpy+0x46/0x50 [ 202.511235][ T8224] ? finish_wait+0x260/0x260 [ 202.515826][ T8224] ? sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 202.521369][ T8224] __sctp_connect+0xac2/0xce0 [ 202.526052][ T8224] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 202.531601][ T8224] ? __local_bh_enable_ip+0x15a/0x270 [ 202.536969][ T8224] ? lockdep_hardirqs_on+0x418/0x5d0 [ 202.542251][ T8224] ? trace_hardirqs_on+0x67/0x230 [ 202.547278][ T8224] ? __local_bh_enable_ip+0x15a/0x270 [ 202.552646][ T8224] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 202.558538][ T8224] sctp_inet_connect+0x2a2/0x350 [ 202.563487][ T8224] __sys_connect+0x266/0x330 [ 202.568091][ T8224] ? __ia32_sys_accept+0xb0/0xb0 [ 202.573020][ T8224] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 202.579250][ T8224] ? put_timespec64+0xda/0x140 [ 202.584022][ T8224] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 202.589472][ T8224] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 202.594962][ T8224] ? do_syscall_64+0x26/0x610 [ 202.599632][ T8224] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.605690][ T8224] ? do_syscall_64+0x26/0x610 [ 202.610370][ T8224] __x64_sys_connect+0x73/0xb0 [ 202.615128][ T8224] do_syscall_64+0x103/0x610 [ 202.619753][ T8224] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.625639][ T8224] RIP: 0033:0x4582b9 [ 202.629528][ T8224] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 202.649145][ T8224] RSP: 002b:00007fe6b063ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 202.657554][ T8224] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 202.665520][ T8224] RDX: 000000000000001c RSI: 0000000020966fe4 RDI: 0000000000000003 [ 202.673494][ T8224] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 202.681464][ T8224] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe6b063f6d4 [ 202.689440][ T8224] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff [ 202.707673][ T8224] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/8224 [ 202.717339][ T8224] caller is ip6_finish_output+0x335/0xdc0 [ 202.723128][ T8224] CPU: 0 PID: 8224 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 202.732149][ T8224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 202.742202][ T8224] Call Trace: [ 202.745519][ T8224] dump_stack+0x172/0x1f0 [ 202.749865][ T8224] __this_cpu_preempt_check+0x246/0x270 [ 202.755422][ T8224] ip6_finish_output+0x335/0xdc0 [ 202.760373][ T8224] ip6_output+0x235/0x7f0 [ 202.764713][ T8224] ? ip6_finish_output+0xdc0/0xdc0 [ 202.769836][ T8224] ? ip6_fragment+0x3980/0x3980 [ 202.774700][ T8224] ? kasan_check_read+0x11/0x20 [ 202.779563][ T8224] ip6_xmit+0xe41/0x20c0 [ 202.783834][ T8224] ? ip6_finish_output2+0x2550/0x2550 [ 202.789252][ T8224] ? mark_held_locks+0xf0/0xf0 [ 202.794002][ T8224] ? ip6_setup_cork+0x1870/0x1870 [ 202.799019][ T8224] sctp_v6_xmit+0x313/0x660 [ 202.803516][ T8224] sctp_packet_transmit+0x1bc4/0x36f0 [ 202.808990][ T8224] ? sctp_packet_config+0xfe0/0xfe0 [ 202.814182][ T8224] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 202.819849][ T8262] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/8262 [ 202.819899][ T8224] sctp_outq_flush+0x2b8/0x2780 [ 202.829235][ T8262] caller is ip6_finish_output+0x335/0xdc0 [ 202.834005][ T8224] ? kfree_skbmem+0xc5/0x150 [ 202.834022][ T8224] ? kfree_skbmem+0xc5/0x150 [ 202.834036][ T8224] ? kfree_skbmem+0xc5/0x150 [ 202.834056][ T8224] ? sctp_ulpevent_free+0x362/0x4e0 [ 202.858793][ T8224] ? rcu_read_lock_sched_held+0x110/0x130 [ 202.864520][ T8224] ? __sctp_outq_teardown+0xc60/0xc60 [ 202.870357][ T8224] ? sctp_ulpevent_free+0x362/0x4e0 [ 202.875559][ T8224] ? sctp_ulpq_tail_event+0x116/0xbe0 [ 202.880960][ T8224] sctp_outq_uncork+0x6c/0x80 [ 202.885638][ T8224] sctp_do_sm+0x370/0x5770 [ 202.890051][ T8224] ? do_syscall_64+0x103/0x610 [ 202.894810][ T8224] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.900888][ T8224] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 202.907559][ T8224] ? lock_downgrade+0x880/0x880 [ 202.912420][ T8224] ? sctp_assoc_bh_rcv+0x2fc/0x660 [ 202.917527][ T8224] ? find_held_lock+0x35/0x130 [ 202.922292][ T8224] ? sctp_assoc_bh_rcv+0x2fc/0x660 [ 202.927415][ T8224] ? trace_hardirqs_on+0x67/0x230 [ 202.932441][ T8224] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 202.938161][ T8224] ? ktime_get+0x208/0x300 [ 202.942588][ T8224] sctp_assoc_bh_rcv+0x343/0x660 [ 202.947534][ T8224] sctp_inq_push+0x1ea/0x290 [ 202.952141][ T8224] sctp_backlog_rcv+0x196/0xbe0 [ 202.956988][ T8224] ? __local_bh_enable_ip+0x15a/0x270 [ 202.962355][ T8224] ? _raw_spin_unlock_bh+0x31/0x40 [ 202.967464][ T8224] ? __local_bh_enable_ip+0x15a/0x270 [ 202.972848][ T8224] ? sctp_hash_obj+0x600/0x600 [ 202.978336][ T8224] ? __release_sock+0xca/0x3a0 [ 202.983102][ T8224] ? __local_bh_enable_ip+0x15a/0x270 [ 202.988486][ T8224] __release_sock+0x12e/0x3a0 [ 202.993170][ T8224] release_sock+0x59/0x1c0 [ 202.997597][ T8224] sctp_wait_for_connect+0x316/0x540 [ 203.002884][ T8224] ? sctp_get_port+0x180/0x180 [ 203.007652][ T8224] ? memcpy+0x46/0x50 [ 203.011631][ T8224] ? finish_wait+0x260/0x260 [ 203.016226][ T8224] ? sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 203.021775][ T8224] __sctp_connect+0xac2/0xce0 [ 203.026464][ T8224] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 203.032016][ T8224] ? __local_bh_enable_ip+0x15a/0x270 [ 203.037385][ T8224] ? lockdep_hardirqs_on+0x418/0x5d0 [ 203.042665][ T8224] ? trace_hardirqs_on+0x67/0x230 [ 203.047693][ T8224] ? __local_bh_enable_ip+0x15a/0x270 [ 203.053062][ T8224] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 203.058957][ T8224] sctp_inet_connect+0x2a2/0x350 [ 203.063901][ T8224] __sys_connect+0x266/0x330 [ 203.068501][ T8224] ? __ia32_sys_accept+0xb0/0xb0 [ 203.073439][ T8224] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 203.079698][ T8224] ? put_timespec64+0xda/0x140 [ 203.084469][ T8224] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 203.089935][ T8224] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 203.095392][ T8224] ? do_syscall_64+0x26/0x610 [ 203.100064][ T8224] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 203.106126][ T8224] ? do_syscall_64+0x26/0x610 [ 203.110810][ T8224] __x64_sys_connect+0x73/0xb0 [ 203.115580][ T8224] do_syscall_64+0x103/0x610 [ 203.120172][ T8224] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 203.126058][ T8224] RIP: 0033:0x4582b9 [ 203.129952][ T8224] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 203.149553][ T8224] RSP: 002b:00007fe6b063ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 203.157983][ T8224] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 203.165959][ T8224] RDX: 000000000000001c RSI: 0000000020966fe4 RDI: 0000000000000003 [ 203.173924][ T8224] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 203.181889][ T8224] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe6b063f6d4 [ 203.189867][ T8224] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff [ 203.197892][ T8262] CPU: 1 PID: 8262 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 203.206928][ T8262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 203.216973][ T8262] Call Trace: [ 203.220260][ T8262] dump_stack+0x172/0x1f0 [ 203.224598][ T8262] __this_cpu_preempt_check+0x246/0x270 [ 203.230146][ T8262] ip6_finish_output+0x335/0xdc0 [ 203.235104][ T8262] ip6_output+0x235/0x7f0 [ 203.239433][ T8262] ? ip6_finish_output+0xdc0/0xdc0 [ 203.244548][ T8262] ? ip6_fragment+0x3980/0x3980 [ 203.249401][ T8262] ? kasan_check_read+0x11/0x20 [ 203.254252][ T8262] ip6_xmit+0xe41/0x20c0 [ 203.258508][ T8262] ? ip6_finish_output2+0x2550/0x2550 [ 203.263882][ T8262] ? mark_held_locks+0xf0/0xf0 [ 203.268642][ T8262] ? ip6_setup_cork+0x1870/0x1870 [ 203.273679][ T8262] sctp_v6_xmit+0x313/0x660 [ 203.278187][ T8262] sctp_packet_transmit+0x1bc4/0x36f0 [ 203.283577][ T8262] ? sctp_packet_config+0xfe0/0xfe0 [ 203.288792][ T8262] ? sctp_packet_append_chunk+0x946/0xda0 [ 203.294599][ T8262] ? sctp_outq_select_transport+0x21a/0x790 [ 203.300504][ T8262] sctp_outq_flush_ctrl.constprop.0+0x6d4/0xd50 [ 203.306751][ T8262] ? sctp_prsctp_prune_sent.isra.0+0x820/0x820 [ 203.312897][ T8262] ? lock_downgrade+0x880/0x880 [ 203.317758][ T8262] ? add_timer+0x400/0x930 [ 203.322170][ T8262] ? find_held_lock+0x35/0x130 [ 203.326934][ T8262] ? add_timer+0x41e/0x930 [ 203.331371][ T8262] sctp_outq_flush+0xe8/0x2780 [ 203.336154][ T8262] ? mark_held_locks+0xa4/0xf0 [ 203.340911][ T8262] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 203.346727][ T8262] ? add_timer+0x41e/0x930 [ 203.351136][ T8262] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 203.356937][ T8262] ? lockdep_hardirqs_on+0x418/0x5d0 [ 203.362215][ T8262] ? trace_hardirqs_on+0x67/0x230 [ 203.367247][ T8262] ? __sctp_outq_teardown+0xc60/0xc60 [ 203.372621][ T8262] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 203.378855][ T8262] ? sctp_outq_tail+0x68c/0x930 [ 203.383702][ T8262] sctp_outq_uncork+0x6c/0x80 [ 203.388374][ T8262] sctp_do_sm+0x2575/0x5770 [ 203.392872][ T8262] ? sctp_hash_transport+0xdb1/0x18d0 [ 203.398247][ T8262] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 203.404923][ T8262] ? __local_bh_enable_ip+0x15a/0x270 [ 203.410304][ T8262] ? lock_downgrade+0x880/0x880 [ 203.415151][ T8262] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 203.421395][ T8262] ? kasan_check_read+0x11/0x20 [ 203.426244][ T8262] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 203.432488][ T8262] ? sctp_hash_transport+0x10b/0x18d0 [ 203.437879][ T8262] ? memcpy+0x46/0x50 [ 203.441857][ T8262] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 203.448098][ T8262] ? sctp_assoc_set_primary+0x274/0x310 [ 203.453649][ T8262] sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 203.459019][ T8262] __sctp_connect+0x8cd/0xce0 [ 203.463700][ T8262] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 203.469246][ T8262] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 203.475486][ T8262] ? sctp_get_port+0x10e/0x180 [ 203.480247][ T8262] ? sctp_get_port_local+0x16e0/0x16e0 [ 203.485707][ T8262] ? __local_bh_enable_ip+0x15a/0x270 [ 203.491083][ T8262] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 203.496997][ T8262] sctp_inet_connect+0x2a2/0x350 [ 203.501950][ T8262] __sys_connect+0x266/0x330 [ 203.506547][ T8262] ? __ia32_sys_accept+0xb0/0xb0 [ 203.511491][ T8262] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 203.517731][ T8262] ? put_timespec64+0xda/0x140 [ 203.522511][ T8262] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 203.527970][ T8262] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 203.533425][ T8262] ? do_syscall_64+0x26/0x610 [ 203.538101][ T8262] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 203.544165][ T8262] ? do_syscall_64+0x26/0x610 [ 203.548845][ T8262] __x64_sys_connect+0x73/0xb0 [ 203.553610][ T8262] do_syscall_64+0x103/0x610 [ 203.558200][ T8262] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 203.564087][ T8262] RIP: 0033:0x4582b9 [ 203.568003][ T8262] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 203.587598][ T8262] RSP: 002b:00007fe6b05bac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 203.596004][ T8262] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 203.603967][ T8262] RDX: 000000000000001c RSI: 0000000020966fe4 RDI: 0000000000000005 [ 203.611946][ T8262] RBP: 000000000073c180 R08: 0000000000000000 R09: 0000000000000000 [ 203.619911][ T8262] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe6b05bb6d4 [ 203.627878][ T8262] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff [ 203.641267][ T8222] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/8222 [ 203.650954][ T8222] caller is ip6_finish_output+0x335/0xdc0 [ 203.656779][ T8222] CPU: 1 PID: 8222 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 203.665794][ T8222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 203.675846][ T8222] Call Trace: [ 203.679139][ T8222] dump_stack+0x172/0x1f0 [ 203.683471][ T8222] __this_cpu_preempt_check+0x246/0x270 [ 203.689030][ T8222] ip6_finish_output+0x335/0xdc0 [ 203.693972][ T8222] ip6_output+0x235/0x7f0 [ 203.698300][ T8222] ? ip6_finish_output+0xdc0/0xdc0 [ 203.703411][ T8222] ? ip6_fragment+0x3980/0x3980 [ 203.708259][ T8222] ? kasan_check_read+0x11/0x20 [ 203.713118][ T8222] ip6_xmit+0xe41/0x20c0 [ 203.717368][ T8222] ? ip6_finish_output2+0x2550/0x2550 [ 203.722735][ T8222] ? mark_held_locks+0xf0/0xf0 [ 203.727507][ T8222] ? ip6_setup_cork+0x1870/0x1870 [ 203.732550][ T8222] sctp_v6_xmit+0x313/0x660 [ 203.737056][ T8222] sctp_packet_transmit+0x1bc4/0x36f0 [ 203.742448][ T8222] ? sctp_packet_config+0xfe0/0xfe0 [ 203.747653][ T8222] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 203.753456][ T8222] ? del_timer+0xcd/0x120 [ 203.757792][ T8222] sctp_outq_flush+0x2b8/0x2780 [ 203.762645][ T8222] ? mark_held_locks+0xa4/0xf0 [ 203.767405][ T8222] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 203.773464][ T8222] ? del_timer+0xcd/0x120 [ 203.777799][ T8222] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 203.783604][ T8222] ? __sctp_outq_teardown+0xc60/0xc60 [ 203.788975][ T8222] ? del_timer+0xd2/0x120 [ 203.793304][ T8222] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 203.799539][ T8222] ? sctp_outq_tail+0x68c/0x930 [ 203.804474][ T8222] sctp_outq_uncork+0x6c/0x80 [ 203.809158][ T8222] sctp_do_sm+0x2575/0x5770 [ 203.813658][ T8222] ? is_dynamic_key+0x1c0/0x1c0 [ 203.818517][ T8222] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 203.825181][ T8222] ? __lock_acquire+0x548/0x3fb0 [ 203.830122][ T8222] ? skb_dequeue+0x12e/0x180 [ 203.834706][ T8222] ? find_held_lock+0x35/0x130 [ 203.839465][ T8222] ? skb_dequeue+0x12e/0x180 [ 203.844078][ T8222] ? trace_hardirqs_on+0x67/0x230 [ 203.849099][ T8222] ? kasan_check_read+0x11/0x20 [ 203.854034][ T8222] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 203.859841][ T8222] sctp_primitive_SHUTDOWN+0xa0/0xd0 [ 203.865127][ T8222] sctp_close+0x445/0x860 [ 203.869454][ T8222] ? sctp_init_sock+0x1360/0x1360 [ 203.874494][ T8222] ? ip_mc_drop_socket+0x211/0x270 [ 203.879599][ T8222] ? __sock_release+0x89/0x2b0 [ 203.884370][ T8222] inet_release+0x105/0x1f0 [ 203.888873][ T8222] inet6_release+0x53/0x80 [ 203.893286][ T8222] __sock_release+0xd3/0x2b0 [ 203.897873][ T8222] ? __sock_release+0x2b0/0x2b0 [ 203.902716][ T8222] sock_close+0x1b/0x30 [ 203.906864][ T8222] __fput+0x2e5/0x8d0 [ 203.910847][ T8222] ____fput+0x16/0x20 [ 203.914825][ T8222] task_work_run+0x14a/0x1c0 [ 203.919415][ T8222] exit_to_usermode_loop+0x273/0x2c0 [ 203.924701][ T8222] do_syscall_64+0x52d/0x610 [ 203.929290][ T8222] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 203.935174][ T8222] RIP: 0033:0x412071 [ 203.939061][ T8222] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 e4 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 203.958682][ T8222] RSP: 002b:00007ffc63cdfb20 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 203.967091][ T8222] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000412071 [ 203.975056][ T8222] RDX: 0000000000000000 RSI: 0000000000740658 RDI: 0000000000000004 [ 203.983468][ T8222] RBP: 0000000000000000 R08: 0000000000740650 R09: 0000000000031168 [ 203.991443][ T8222] R10: 00007ffc63cdfa40 R11: 0000000000000293 R12: 0000000000000001 [ 203.999418][ T8222] R13: 00007ffc63cdfb60 R14: 0000000000000000 R15: 00007ffc63cdfb70 [ 204.012345][ T8222] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/8222 [ 204.021731][ T8222] caller is ip6_finish_output+0x335/0xdc0 [ 204.027532][ T8222] CPU: 0 PID: 8222 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 204.036554][ T8222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 204.046607][ T8222] Call Trace: [ 204.049880][ T8222] dump_stack+0x172/0x1f0 [ 204.054196][ T8222] __this_cpu_preempt_check+0x246/0x270 [ 204.059730][ T8222] ip6_finish_output+0x335/0xdc0 [ 204.064651][ T8222] ip6_output+0x235/0x7f0 [ 204.068981][ T8222] ? ip6_finish_output+0xdc0/0xdc0 [ 204.074116][ T8222] ? ip6_fragment+0x3980/0x3980 [ 204.078961][ T8222] ? kasan_check_read+0x11/0x20 [ 204.083793][ T8222] ip6_xmit+0xe41/0x20c0 [ 204.088016][ T8222] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.094065][ T8222] ? ip6_finish_output2+0x2550/0x2550 [ 204.099431][ T8222] ? mark_held_locks+0xf0/0xf0 [ 204.104230][ T8222] ? ip6_setup_cork+0x1870/0x1870 [ 204.109261][ T8222] sctp_v6_xmit+0x313/0x660 [ 204.113750][ T8222] sctp_packet_transmit+0x1bc4/0x36f0 [ 204.119110][ T8222] ? sctp_packet_config+0xfe0/0xfe0 [ 204.124285][ T8222] ? lockdep_hardirqs_on+0x418/0x5d0 [ 204.129551][ T8222] ? trace_hardirqs_on+0x67/0x230 [ 204.134557][ T8222] ? kasan_check_read+0x11/0x20 [ 204.139389][ T8222] sctp_outq_flush+0x2b8/0x2780 [ 204.144232][ T8222] ? debug_object_destroy+0x220/0x220 [ 204.149588][ T8222] ? lockdep_hardirqs_on+0x418/0x5d0 [ 204.154868][ T8222] ? trace_hardirqs_on+0x67/0x230 [ 204.159909][ T8222] ? kasan_check_read+0x11/0x20 [ 204.164755][ T8222] ? __sctp_outq_teardown+0xc60/0xc60 [ 204.170107][ T8222] ? del_timer+0xd2/0x120 [ 204.174416][ T8222] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 204.180631][ T8222] ? sctp_outq_tail+0x68c/0x930 [ 204.185462][ T8222] sctp_outq_uncork+0x6c/0x80 [ 204.190127][ T8222] sctp_do_sm+0x2575/0x5770 [ 204.194612][ T8222] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 204.201265][ T8222] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 204.207047][ T8222] ? del_timer+0xcd/0x120 [ 204.211370][ T8222] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 204.217157][ T8222] ? sctp_assoc_bh_rcv+0x2fc/0x660 [ 204.222244][ T8222] ? find_held_lock+0x35/0x130 [ 204.226982][ T8222] ? sctp_assoc_bh_rcv+0x2fc/0x660 [ 204.232078][ T8222] ? trace_hardirqs_on+0x67/0x230 [ 204.237081][ T8222] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 204.242774][ T8222] ? ktime_get+0x208/0x300 [ 204.247172][ T8222] sctp_assoc_bh_rcv+0x343/0x660 [ 204.252113][ T8222] sctp_inq_push+0x1ea/0x290 [ 204.256685][ T8222] sctp_backlog_rcv+0x196/0xbe0 [ 204.261509][ T8222] ? __local_bh_enable_ip+0x15a/0x270 [ 204.266857][ T8222] ? _raw_spin_unlock_bh+0x31/0x40 [ 204.271945][ T8222] ? __local_bh_enable_ip+0x15a/0x270 [ 204.277298][ T8222] ? sctp_hash_obj+0x600/0x600 [ 204.282035][ T8222] ? __release_sock+0xca/0x3a0 [ 204.286775][ T8222] ? __local_bh_enable_ip+0x15a/0x270 [ 204.292122][ T8222] __release_sock+0x12e/0x3a0 [ 204.296781][ T8222] release_sock+0x59/0x1c0 [ 204.301173][ T8222] sctp_close+0x4a4/0x860 [ 204.305486][ T8222] ? sctp_init_sock+0x1360/0x1360 [ 204.310497][ T8222] ? ip_mc_drop_socket+0x211/0x270 [ 204.315589][ T8222] ? __sock_release+0x89/0x2b0 [ 204.320330][ T8222] inet_release+0x105/0x1f0 [ 204.324814][ T8222] inet6_release+0x53/0x80 [ 204.329210][ T8222] __sock_release+0xd3/0x2b0 [ 204.333776][ T8222] ? __sock_release+0x2b0/0x2b0 [ 204.338607][ T8222] sock_close+0x1b/0x30 [ 204.342738][ T8222] __fput+0x2e5/0x8d0 [ 204.346701][ T8222] ____fput+0x16/0x20 [ 204.350662][ T8222] task_work_run+0x14a/0x1c0 [ 204.355266][ T8222] exit_to_usermode_loop+0x273/0x2c0 [ 204.360527][ T8222] do_syscall_64+0x52d/0x610 [ 204.365103][ T8222] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.370969][ T8222] RIP: 0033:0x412071 [ 204.374842][ T8222] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 e4 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 204.394438][ T8222] RSP: 002b:00007ffc63cdfb20 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 204.402826][ T8222] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000412071 [ 204.410774][ T8222] RDX: 0000000000000000 RSI: 0000000000740658 RDI: 0000000000000004 [ 204.418722][ T8222] RBP: 0000000000000000 R08: 0000000000740650 R09: 0000000000031168 [ 204.426685][ T8222] R10: 00007ffc63cdfa40 R11: 0000000000000293 R12: 0000000000000001 [ 204.434634][ T8222] R13: 00007ffc63cdfb60 R14: 0000000000000000 R15: 00007ffc63cdfb70 [ 204.446501][ T8222] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/8222 [ 204.455855][ T8222] caller is ip6_finish_output+0x335/0xdc0 [ 204.461615][ T8222] CPU: 0 PID: 8222 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 204.470624][ T8222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 204.480655][ T8222] Call Trace: [ 204.483926][ T8222] dump_stack+0x172/0x1f0 [ 204.488237][ T8222] __this_cpu_preempt_check+0x246/0x270 [ 204.493764][ T8222] ip6_finish_output+0x335/0xdc0 [ 204.498685][ T8222] ip6_output+0x235/0x7f0 [ 204.502997][ T8222] ? ip6_finish_output+0xdc0/0xdc0 [ 204.508086][ T8222] ? ip6_fragment+0x3980/0x3980 [ 204.512930][ T8222] ? kasan_check_read+0x11/0x20 [ 204.517773][ T8222] ip6_xmit+0xe41/0x20c0 [ 204.521992][ T8222] ? do_syscall_64+0x52d/0x610 [ 204.526737][ T8222] ? ip6_finish_output2+0x2550/0x2550 [ 204.532085][ T8222] ? mark_held_locks+0xf0/0xf0 [ 204.536853][ T8222] ? ip6_setup_cork+0x1870/0x1870 [ 204.541863][ T8222] sctp_v6_xmit+0x313/0x660 [ 204.546351][ T8222] sctp_packet_transmit+0x1bc4/0x36f0 [ 204.551722][ T8222] ? sctp_packet_config+0xfe0/0xfe0 [ 204.556901][ T8222] ? sctp_packet_append_chunk+0x946/0xda0 [ 204.562593][ T8222] ? sctp_outq_select_transport+0x21a/0x790 [ 204.568485][ T8222] sctp_outq_flush_ctrl.constprop.0+0x6d4/0xd50 [ 204.574707][ T8222] ? sctp_prsctp_prune_sent.isra.0+0x820/0x820 [ 204.580839][ T8222] ? __lock_acquire+0x548/0x3fb0 [ 204.585753][ T8222] ? del_timer+0xcd/0x120 [ 204.590062][ T8222] sctp_outq_flush+0xe8/0x2780 [ 204.594808][ T8222] ? sock_def_wakeup+0x160/0x280 [ 204.599720][ T8222] ? find_held_lock+0x35/0x130 [ 204.604460][ T8222] ? sock_def_wakeup+0x160/0x280 [ 204.609380][ T8222] ? __sctp_outq_teardown+0xc60/0xc60 [ 204.614732][ T8222] ? lock_downgrade+0x880/0x880 [ 204.619600][ T8222] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.625827][ T8222] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 204.632042][ T8222] ? sctp_outq_tail+0x68c/0x930 [ 204.636870][ T8222] sctp_outq_uncork+0x6c/0x80 [ 204.641540][ T8222] sctp_do_sm+0x418d/0x5770 [ 204.646019][ T8222] ? __fput+0x2e5/0x8d0 [ 204.650148][ T8222] ? ____fput+0x16/0x20 [ 204.654282][ T8222] ? task_work_run+0x14a/0x1c0 [ 204.659025][ T8222] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 204.665676][ T8222] ? lock_downgrade+0x880/0x880 [ 204.670509][ T8222] ? sctp_assoc_bh_rcv+0x2fc/0x660 [ 204.675599][ T8222] ? find_held_lock+0x35/0x130 [ 204.680340][ T8222] ? sctp_assoc_bh_rcv+0x2fc/0x660 [ 204.685433][ T8222] ? trace_hardirqs_on+0x67/0x230 [ 204.690433][ T8222] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 204.696126][ T8222] ? ktime_get+0x208/0x300 [ 204.700523][ T8222] sctp_assoc_bh_rcv+0x343/0x660 [ 204.705440][ T8222] sctp_inq_push+0x1ea/0x290 [ 204.710004][ T8222] sctp_backlog_rcv+0x196/0xbe0 [ 204.714828][ T8222] ? __local_bh_enable_ip+0x15a/0x270 [ 204.720172][ T8222] ? _raw_spin_unlock_bh+0x31/0x40 [ 204.725255][ T8222] ? __local_bh_enable_ip+0x15a/0x270 [ 204.730622][ T8222] ? sctp_hash_obj+0x600/0x600 [ 204.735380][ T8222] ? __release_sock+0xca/0x3a0 [ 204.740119][ T8222] ? __local_bh_enable_ip+0x15a/0x270 [ 204.745470][ T8222] __release_sock+0x12e/0x3a0 [ 204.750132][ T8222] release_sock+0x59/0x1c0 [ 204.754524][ T8222] sctp_close+0x4a4/0x860 [ 204.758832][ T8222] ? sctp_init_sock+0x1360/0x1360 [ 204.763835][ T8222] ? ip_mc_drop_socket+0x211/0x270 [ 204.768964][ T8222] ? __sock_release+0x89/0x2b0 [ 204.773710][ T8222] inet_release+0x105/0x1f0 [ 204.778212][ T8222] inet6_release+0x53/0x80 [ 204.782604][ T8222] __sock_release+0xd3/0x2b0 [ 204.787172][ T8222] ? __sock_release+0x2b0/0x2b0 [ 204.791995][ T8222] sock_close+0x1b/0x30 [ 204.796124][ T8222] __fput+0x2e5/0x8d0 [ 204.800083][ T8222] ____fput+0x16/0x20 [ 204.804047][ T8222] task_work_run+0x14a/0x1c0 [ 204.808620][ T8222] exit_to_usermode_loop+0x273/0x2c0 [ 204.813884][ T8222] do_syscall_64+0x52d/0x610 [ 204.818453][ T8222] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.824326][ T8222] RIP: 0033:0x412071 [ 204.828200][ T8222] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 e4 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 05:44:09 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'wp256\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r1, r2, 0x0, 0x1000007ffff000) 05:44:09 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0xffffffffffffffff) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mixer\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$VHOST_GET_FEATURES(r1, 0x805c4d65, &(0x7f00000001c0)) ioctl$UI_GET_SYSNAME(r1, 0x8040552c, &(0x7f0000000080)) 05:44:09 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x7, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ubi_ctrl\x00', 0x10000, 0x0) sendmsg$alg(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000140)="e3a664fbb95c7647521a914e679c98971262d59c7e6474740a00de537d10b55724c7bad01760582acd29802f85b9491f92b5f37390bd00e69e8ccfc6ef518c4f4e70802e113ad71be34c956439f62e3641f8328b34dbbcca56e39df11b4af0d475e962f5df9bd069fb61c71674f2a7287ef5ec1a2b0272459ac1312c9e4f844ed38579ba7323066dd6cd11000cdc474b691eb02fec7629ba43725cdd4153be3e74994e99fcd2216cafecde90f800241d937c8a3ecc71e4562353460139722fe2c0da1431d1f77979eb20bd8a62b83997bc", 0xd1}, {&(0x7f0000000700)="7b56c8f8911761b00fdd68207afa62d9d89bfd639618a4d77c5dd5870d34e22e757b21d809b15ccb0c3f673ed7546356714e56d5cf62b1d984f37d7523a66d64c8c30dde775ab658899c579327816eab316d217cf2f6b7105bc13367d32426581df4adc5f2b42a952d8491b96f75c7fb76968de5881260052fbaf645b8d278ea95efa64662166497cc5d9a4a67965d04205c31faec8c98edb8c83e6bc2e5e83e25c3f96a1f5d85d8ac77e94091a21d6e52897fd541e457658cd068bd883c8ced3e479fba6f0a11181b0fd587c0323a210600ddced55394feb6547e923302a8bdca9b471869d38cf33d1b2e2f97a6eccf57ccae9264687e316c616fc33b33c19c927780b1bdadec75c743e9f98b934efaaad382ace868741a9a311c969837e209761fbdac840d1be3851259ec5877897801b45170bbf17736cf1f09f0d1cfc45e03b9b8eba7e3d1a562afab1b69cbd84b08e8b9b012783c4e5b86593c80091f458a6e3f25c466ac9bbe0ea0caaffcb7c4e72bb86be717ec96dedaad76db40ad3515eca7c6f5297634ca9803f5948b70b26d44fcb54a0dd2fcf1182dca34641216797409c0c0cb95be10823a9b07964e7166c056aef018a8cf2996f171fbf77e2d17fba2283206c2f6a60bc8c6100583037663c8d8226fc8ac459f63dbe1a7c75804e316547be0", 0x1e6}, {&(0x7f0000000a80)="18fc517fbe1764804d06f1a62c6bf77d5cbbb0956f4da1391e3bff29c449c0f090578c9e637d2a2b6ccf0bbd7ab6520a1dfa291c03c1b014dd9afc79ceabe53369bef2d01b52a598ec083d811c7f9df560bfea0cb839f3ed8385bfacae7c0d96a4787e4bc487b210b9b27a1d7c4d21970590b9330ae690ebc2139ac89b4799f0d12c7fe372aa14239978521c2363af3caca381c5d8fd8c864d7de9f303fb333acd586a1edb0d4b890e6e619fba2b2b89fdbbce030e9d2fecad78e5e7d8d907cdeee1efbb83e9825b1588fa85646f6760552e3f9b44cc1b528ab799ed32ceb986fb16b0638f1ab05b27fc1fbc35ed1d8662af10ee017226c578f7b72eaac1b0a5dde76b1352001547b303799ef04dcee205bb8d9b3665ac5f39f58fa10c5d3c69cce66c377ef003fbb691eaad336e2b87a200a4a1", 0x134}, {&(0x7f0000000900)="406ed3f9e1b7a2932993af499320ff90f03e24462a25784210baade51c27809bffb82b3e8bdaeb1dcd32470b36f860f365e43073af0fb3545b96c9f5c210f1857fe9082d592d2df5c77e32b4e077503f640292490929aaf4cf7a39afea4192d70ee72c536e978d40a6a4966c499a9d32d3ebecf87e490e33e5dc62a0ffeb03a6868054b75e211e0d9be7e53534d36e8c84134eb4bfe9792730792245d5352a7289145697a448772623a6549a688c81606c9919ab7f1b6fe8648ed1a831789481d3c92b8c8b8bf92a1a076e85bc4da7b6c8c92db35931f176ede6eb15c99848fbf0cc3feead27c4ec055d66619bf51fc4803b23bea7ddab99e82a5b8983798a74a79f1b8e4b9fe077e3215b583489aac440ddc1b12816cbc99a55c0458f1bfa058374941acb51c757cd64549311c2f6596d2541df76fe917b5a06c26ed0d17ca4762f0d9e9a0b9736cf8211749b6886bc62615defa9332ff1dca8fd674f46d824727b3d", 0x163}, {&(0x7f0000000500)="c0d968356e0a40e57740331d21eea6e6d0840794d5e47c029994f2858e701257c60c30d939eafcbdbccbac80eeec85c29f0ed1229dd25c5cfd7e8b840279dc99810903bbeb8a317584aca8b3af80588196f654eaad52174bee808806d69022ff8d04ea71b407a995daaa3c9a88059da85c58af583bbe543f22530bf31e5f098e4da47411db80f8926f609bdb251b1387c7c292335b94c5a20efdd9b41fbe036827d487455d8a8d168af7a395cba3200fc6a34f4ede83323a17c1d1afe45fc138dc9c6237371e5d14227e5d4933728ec3bf22ea82c917230c5710138d38a8d405048522e80037ef8659ef90923e0e39fa5115f0133d9cb6b19525ebd3dee4", 0xfe}], 0x5, &(0x7f0000000680)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x4000050}, 0x40800) write$P9_RREADLINK(r1, &(0x7f00000002c0)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10) ioctl$VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000080)={0x1ff, 0x4000000000000001, 0x0, "2e4b635b0f9ca39b5f35060000000000000000edc7355f45daddc4e2ebe826e2"}) r2 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x7fff, 0x0) getsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000240), &(0x7f0000000280)=0x4) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000000c0)={0x0, r2, 0x0, 0x3}, 0x14) 05:44:09 executing program 2: perf_event_open(&(0x7f0000000240)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) listen(r0, 0x4) 05:44:09 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x204e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0xfffffffffffffc48, 0x400200007fe, &(0x7f0000000080)={0x2, 0x10084e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000300)='nv\x00', 0x3) write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0x120001644) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x7ffff000}], 0x1, &(0x7f0000000200)=""/20, 0x487, 0x1000000}, 0x1500) 05:44:09 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") mkdir(&(0x7f0000000300)='./file0\x00', 0x0) utimes(&(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)={{}, {0x0, 0x7530}}) [ 204.847878][ T8222] RSP: 002b:00007ffc63cdfb20 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 204.856265][ T8222] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000412071 [ 204.864209][ T8222] RDX: 0000000000000000 RSI: 0000000000740658 RDI: 0000000000000004 [ 204.873071][ T8222] RBP: 0000000000000000 R08: 0000000000740650 R09: 0000000000031168 [ 204.881022][ T8222] R10: 00007ffc63cdfa40 R11: 0000000000000293 R12: 0000000000000001 [ 204.888995][ T8222] R13: 00007ffc63cdfb60 R14: 0000000000000000 R15: 00007ffc63cdfb70 05:44:09 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-224\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r1, r2, 0x0, 0x1000007ffff000) accept$alg(r1, 0x0, 0x0) 05:44:09 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x484, &(0x7f00000004c0)={0x6, @local, 0x0, 0x0, 'sh\x00'}, 0x2c) 05:44:10 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'wp256\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r1, r2, 0x0, 0x1000007ffff000) 05:44:10 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(0x0, 0x141042, 0x0) ftruncate(0xffffffffffffffff, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000f40000)='/dev/ptmx\x00', 0x200000000101002, 0x0) readv(r1, &(0x7f00000013c0)=[{&(0x7f00000001c0)=""/4096, 0x1000}], 0x1) sendfile(r1, r0, 0x0, 0x100000002) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180)) 05:44:10 executing program 3: r0 = memfd_create(&(0x7f0000000180)='\x00', 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setown(0xffffffffffffffff, 0x8, 0x0) execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) r1 = socket$inet6(0xa, 0x0, 0x0) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c) sendmmsg(r1, 0x0, 0x0, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f00000000c0)) execveat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)=[&(0x7f0000000140)='\x00', &(0x7f00000001c0)='\x00', 0x0, &(0x7f0000000280)='-system%cgroup^\x00', &(0x7f00000002c0)='/security\x00'], &(0x7f0000000600)=[0x0, &(0x7f0000000380)='\x00', &(0x7f00000003c0)='\x00', &(0x7f0000000400)='\x00', &(0x7f0000000440)='\x00', &(0x7f0000000480)='user\x00', &(0x7f00000004c0)='user./\x00', &(0x7f0000000540)='\x00', &(0x7f00000005c0)='vboxnet0}@em1security-\x00'], 0x400) timer_settime(0x0, 0x0, &(0x7f0000000240)={{}, {0x0, 0x1c9c380}}, 0x0) tkill(r2, 0x1000000000013) 05:44:10 executing program 1: clone(0x3102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0xe) ptrace$cont(0x18, r0, 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 05:44:10 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_TRANSLATE(r2, 0xc018ae85, &(0x7f00000005c0)) 05:44:10 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x2, &(0x7f000001b000)={@multicast2, @loopback, @multicast1}, 0xc) 05:44:10 executing program 1: clone(0x3102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x0, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0xb) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0xfa}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) [ 205.334662][ T8318] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 05:44:10 executing program 0: r0 = socket$unix(0x1, 0x1, 0x0) setpriority(0x0, 0x0, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) bind$unix(r1, &(0x7f0000000040)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) fcntl$getown(0xffffffffffffffff, 0x9) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$nl_route(0x10, 0x3, 0x0) listen(r1, 0x0) fsetxattr$security_selinux(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) restart_syscall() r2 = accept$inet(r1, 0x0, 0x0) semget$private(0x0, 0x0, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(r2, 0x0, 0x41, &(0x7f0000000300)={'filter\x00', 0x2, [{}, {}]}, 0x48) 05:44:10 executing program 5: pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_inet6_udp_SIOCINQ(r0, 0x541b, &(0x7f0000000140)) socket(0x0, 0x0, 0x0) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, 0x0) r1 = gettid() getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, 0x0) fstat(0xffffffffffffffff, 0x0) setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0xb7b2b1f1af531863) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) shmget(0xffffffffffffffff, 0x14000, 0x0, &(0x7f0000feb000/0x14000)=nil) shmctl$SHM_LOCK(0x0, 0xb) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) tkill(r1, 0x1000000000016) 05:44:10 executing program 4: pipe2(0x0, 0x0) ioctl$sock_inet6_udp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000140)) r0 = socket(0x1, 0x1, 0x0) setsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, 0x0) r1 = gettid() getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0xb7b2b1f1af531863) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) shmget(0xffffffffffffffff, 0x14000, 0x0, &(0x7f0000feb000/0x14000)=nil) shmctl$SHM_LOCK(0x0, 0xb) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) tkill(r1, 0x1000000000016) 05:44:10 executing program 1: socket(0x0, 0x0, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) waitid(0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r0 = gettid() getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KDMKTONE(0xffffffffffffffff, 0x4b30, 0x0) ppoll(0x0, 0x1000000000000, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCLINUX6(0xffffffffffffffff, 0x541c, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0xb7b2b1f1af53168e) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) setxattr(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TCGETA(r1, 0x5405, 0x0) tkill(r0, 0x1000000000016) 05:44:10 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000340)={0x0, 0xffffffffffffff9c, 0x0, 0xe, &(0x7f0000000300)='systemtrusted\x00'}, 0x30) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000380)=0x0) syz_open_procfs(r1, &(0x7f0000000000)='cmdline\x00') sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2}, {@in6=@ipv4={[0xfffffff0], [], @broadcast}, 0x0, 0x32}, @in6=@ipv4, {}, {}, {}, 0x0, 0x0, 0x2, 0xd101}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) 05:44:10 executing program 4: r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f0000000000)="1f0000000104ff00fd435463e4af645515b81e0008000100010423dcffdf00", 0x1f) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket(0x10, 0x2, 0xc) write(r2, &(0x7f0000000080)="1f0000000104ff00fd4354c007110000f305030008000100010423dcffdf00", 0x1f) close(r2) 05:44:10 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getdents64(r0, &(0x7f0000000400)=""/4096, 0x1000) [ 205.704756][ T8361] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.4'. [ 205.737609][ T8361] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.4'. [ 205.783470][ T8361] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.4'. [ 205.794830][ T8370] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.4'.