[ 35.095041][ T26] audit: type=1800 audit(1554679868.637:28): pid=7460 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 35.837171][ T26] audit: type=1800 audit(1554679869.427:29): pid=7460 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 35.857958][ T26] audit: type=1800 audit(1554679869.427:30): pid=7460 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 [....] startpar: service(s) returned failure: ssh ...[?25l[?1c7[FAIL8[?25h[?0c failed! Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.27' (ECDSA) to the list of known hosts. 2019/04/07 23:31:16 fuzzer started 2019/04/07 23:31:19 dialing manager at 10.128.0.26:34543 2019/04/07 23:31:19 syscalls: 2408 2019/04/07 23:31:19 code coverage: enabled 2019/04/07 23:31:19 comparison tracing: enabled 2019/04/07 23:31:19 extra coverage: extra coverage is not supported by the kernel 2019/04/07 23:31:19 setuid sandbox: enabled 2019/04/07 23:31:19 namespace sandbox: enabled 2019/04/07 23:31:19 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/07 23:31:19 fault injection: enabled 2019/04/07 23:31:19 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/07 23:31:19 net packet injection: enabled 2019/04/07 23:31:19 net device setup: enabled 23:33:21 executing program 0: r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-monitor\x00', 0x40000, 0x0) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)=0x0) perf_event_open(0x0, r1, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000300)="0adc1f123c123f3188b070") socket$inet6(0xa, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, 0x0, 0x0) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) write$P9_RLERRORu(0xffffffffffffffff, 0x0, 0x0) bind$inet6(r4, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffffff, 0xc008640a, 0x0) ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, 0x0) ioctl$CAPI_REGISTER(0xffffffffffffffff, 0x400c4301, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) setsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, 0x0, 0x0) fcntl$setstatus(r3, 0x4, 0x2800) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) accept(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x50) write$sndseq(0xffffffffffffffff, 0x0, 0x0) ioctl$void(0xffffffffffffffff, 0x0) sendto$inet6(r4, 0x0, 0xfffffffffffffea0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c) splice(r4, 0x0, r3, 0x0, 0x1000000080080003, 0x0) sendto$packet(r4, &(0x7f0000000340), 0xfffffffffffffd4d, 0x57, 0x0, 0x0) syzkaller login: [ 168.080088][ T7649] IPVS: ftp: loaded support on port[0] = 21 23:33:21 executing program 1: rseq(&(0x7f0000000140), 0x20, 0x0, 0x0) syz_execute_func(0x0) [ 168.190364][ T7649] chnl_net:caif_netlink_parms(): no params data found [ 168.273488][ T7649] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.305621][ T7649] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.317047][ T7649] device bridge_slave_0 entered promiscuous mode [ 168.332325][ T7652] IPVS: ftp: loaded support on port[0] = 21 [ 168.339617][ T7649] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.351320][ T7649] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.360803][ T7649] device bridge_slave_1 entered promiscuous mode 23:33:22 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02070009020000000035483b34000001"], 0x10}}, 0x0) [ 168.409992][ T7649] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 168.423213][ T7649] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 168.465746][ T7649] team0: Port device team_slave_0 added [ 168.476479][ T7649] team0: Port device team_slave_1 added [ 168.588498][ T7649] device hsr_slave_0 entered promiscuous mode 23:33:22 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_proto_private(r0, 0x89ef, &(0x7f0000000100)="f6213071c2975ff1d1fc66ded5282fda2bbd691d2dda7b5f1dd857a210c9d56c1de0b2c762dd1f3b87b652a2e2ae2a107b5c7d1bd29846667b02c344b5d5808192d8ef1c1c956f4399b3fcd5e11beea3a62acc1138426ea4e038ea5e73284cb9574de74cd69da93ba0b4eaaf80a5d1ede888a55616bd9bf85ab41c07272bad12345e311177c5e77e208d1c1bd8b0c7263f4e8301ad1a386a0569f20b5ea307f41e099a18d12ad30a153138ee2d599a328948c334a5c5c6d0a894ae8b698b52ee12e9e8de7770d0abe67e1647a502d9bff2fa34d395e98960551bd53f23ccaff67e6bb51e") ioctl$TUNSETSTEERINGEBPF(r1, 0x800454e0, 0x0) getegid() getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3f, &(0x7f0000000000)=""/55, 0x0) unshare(0x40000000) [ 168.634993][ T7649] device hsr_slave_1 entered promiscuous mode [ 168.704088][ T7655] IPVS: ftp: loaded support on port[0] = 21 [ 168.721004][ T7652] chnl_net:caif_netlink_parms(): no params data found [ 168.752031][ T7649] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.759363][ T7649] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.767285][ T7649] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.774378][ T7649] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.828079][ T7657] IPVS: ftp: loaded support on port[0] = 21 23:33:22 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) perf_event_open(&(0x7f000001d000)={0x8000000000001, 0x118, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendto$inet(r1, 0x0, 0x0, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000440)='veth1\x00\x00\x00\x00\xff\xff\xff\xff\xff\xef\x00', 0x40c392f5) r2 = dup2(r1, r1) sendmsg$alg(r2, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)=[{&(0x7f0000000000)="a7", 0x1}], 0x1}, 0x8005) sendto$inet(r1, &(0x7f0000000000), 0xfffffdef, 0xc0, 0x0, 0x0) getgid() [ 168.891694][ T7652] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.904016][ T7652] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.922743][ T7652] device bridge_slave_0 entered promiscuous mode [ 168.952879][ T7649] 8021q: adding VLAN 0 to HW filter on device bond0 [ 168.966612][ T7652] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.973706][ T7652] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.996476][ T7652] device bridge_slave_1 entered promiscuous mode [ 169.043193][ T7652] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 169.069842][ T7649] 8021q: adding VLAN 0 to HW filter on device team0 23:33:22 executing program 5: mkdir(&(0x7f0000000180)='./file0\x00', 0x0) r0 = creat(&(0x7f0000000200)='./file0/bus\x00', 0x0) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1}) fcntl$lock(r0, 0x6, &(0x7f0000000140)={0x2, 0x0, 0x100000001, 0x100000001}) [ 169.089262][ T7660] IPVS: ftp: loaded support on port[0] = 21 [ 169.097992][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 169.109169][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 169.138166][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.150461][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 169.167105][ T7652] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 169.210727][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 169.221578][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.228686][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 169.249852][ T7652] team0: Port device team_slave_0 added [ 169.268731][ T7663] IPVS: ftp: loaded support on port[0] = 21 [ 169.275324][ T251] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 169.284057][ T251] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 169.292580][ T251] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.299665][ T251] bridge0: port 2(bridge_slave_1) entered forwarding state [ 169.312319][ T7652] team0: Port device team_slave_1 added [ 169.331065][ T7659] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 169.345011][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 169.353620][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 169.363451][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 169.379399][ T251] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 169.406137][ T7655] chnl_net:caif_netlink_parms(): no params data found [ 169.459861][ T7659] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 169.470772][ T7659] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 169.567821][ T7652] device hsr_slave_0 entered promiscuous mode [ 169.606449][ T7652] device hsr_slave_1 entered promiscuous mode [ 169.655473][ T7657] chnl_net:caif_netlink_parms(): no params data found [ 169.664357][ T7655] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.672218][ T7655] bridge0: port 1(bridge_slave_0) entered disabled state [ 169.680067][ T7655] device bridge_slave_0 entered promiscuous mode [ 169.687668][ T7655] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.696319][ T7655] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.703935][ T7655] device bridge_slave_1 entered promiscuous mode [ 169.723376][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 169.732837][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 169.741640][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 169.750085][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 169.766952][ T7655] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 169.779377][ T7649] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 169.803278][ T7655] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 169.891830][ T7655] team0: Port device team_slave_0 added [ 169.900102][ T7657] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.908509][ T7657] bridge0: port 1(bridge_slave_0) entered disabled state [ 169.917037][ T7657] device bridge_slave_0 entered promiscuous mode [ 169.926280][ T7657] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.933328][ T7657] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.941039][ T7657] device bridge_slave_1 entered promiscuous mode [ 169.948490][ T7663] chnl_net:caif_netlink_parms(): no params data found [ 169.963948][ T7655] team0: Port device team_slave_1 added [ 169.993634][ T7660] chnl_net:caif_netlink_parms(): no params data found [ 170.013595][ T7657] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 170.029729][ T7657] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 170.090038][ T7655] device hsr_slave_0 entered promiscuous mode [ 170.125067][ T7655] device hsr_slave_1 entered promiscuous mode [ 170.202601][ T7649] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 170.220698][ T7663] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.228566][ T7663] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.239628][ T7663] device bridge_slave_0 entered promiscuous mode [ 170.250787][ T7663] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.258668][ T7663] bridge0: port 2(bridge_slave_1) entered disabled state [ 170.267149][ T7663] device bridge_slave_1 entered promiscuous mode [ 170.276498][ T7652] 8021q: adding VLAN 0 to HW filter on device bond0 [ 170.302524][ T7657] team0: Port device team_slave_0 added [ 170.309818][ T7657] team0: Port device team_slave_1 added [ 170.332660][ T7663] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 170.356749][ T7663] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 170.373107][ T7652] 8021q: adding VLAN 0 to HW filter on device team0 [ 170.380832][ T7660] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.388428][ T7660] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.396306][ T7660] device bridge_slave_0 entered promiscuous mode [ 170.403798][ T7660] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.411062][ T7660] bridge0: port 2(bridge_slave_1) entered disabled state [ 170.419280][ T7660] device bridge_slave_1 entered promiscuous mode [ 170.440697][ T7672] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7672 [ 170.450223][ T7672] caller is ip6_finish_output+0x335/0xdc0 [ 170.456305][ T7672] CPU: 0 PID: 7672 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 170.465388][ T7672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 170.475468][ T7672] Call Trace: [ 170.478775][ T7672] dump_stack+0x172/0x1f0 [ 170.483110][ T7672] __this_cpu_preempt_check+0x246/0x270 [ 170.488681][ T7672] ip6_finish_output+0x335/0xdc0 [ 170.493637][ T7672] ip6_output+0x235/0x7f0 [ 170.497976][ T7672] ? ip6_finish_output+0xdc0/0xdc0 [ 170.503095][ T7672] ? ip6_fragment+0x3980/0x3980 [ 170.507948][ T7672] ip6_xmit+0xe41/0x20c0 [ 170.512214][ T7672] ? ip6_finish_output2+0x2550/0x2550 [ 170.517594][ T7672] ? mark_held_locks+0xf0/0xf0 [ 170.522349][ T7672] ? ip6_setup_cork+0x1870/0x1870 [ 170.527499][ T7672] inet6_csk_xmit+0x2fb/0x5d0 [ 170.532177][ T7672] ? inet6_csk_update_pmtu+0x190/0x190 [ 170.537634][ T7672] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 170.543859][ T7672] ? csum_ipv6_magic+0x20/0x80 [ 170.548635][ T7672] __tcp_transmit_skb+0x1a32/0x3750 [ 170.553832][ T7672] ? __tcp_select_window+0x8b0/0x8b0 [ 170.559241][ T7672] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 170.565496][ T7672] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 170.570960][ T7672] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 170.577184][ T7672] tcp_connect+0x1e47/0x4280 [ 170.581767][ T7672] ? tcp_push_one+0x110/0x110 [ 170.586460][ T7672] ? secure_tcpv6_ts_off+0x24f/0x360 [ 170.591742][ T7672] ? secure_dccpv6_sequence_number+0x280/0x280 [ 170.597877][ T7672] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 170.604110][ T7672] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 170.610345][ T7672] ? prandom_u32_state+0x13/0x180 [ 170.615386][ T7672] tcp_v6_connect+0x150b/0x20a0 [ 170.620229][ T7672] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 170.625619][ T7672] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 170.630898][ T7672] ? __switch_to_asm+0x34/0x70 [ 170.635640][ T7672] ? __switch_to_asm+0x40/0x70 [ 170.640395][ T7672] ? find_held_lock+0x35/0x130 [ 170.645148][ T7672] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 170.650780][ T7672] __inet_stream_connect+0x83f/0xea0 [ 170.656064][ T7672] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 170.661339][ T7672] ? __inet_stream_connect+0x83f/0xea0 [ 170.666801][ T7672] ? inet_dgram_connect+0x2e0/0x2e0 [ 170.672005][ T7672] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 170.677363][ T7672] ? rcu_read_lock_sched_held+0x110/0x130 [ 170.683069][ T7672] ? kmem_cache_alloc_trace+0x354/0x760 [ 170.688616][ T7672] ? __lock_acquire+0x548/0x3fb0 [ 170.693578][ T7672] tcp_sendmsg_locked+0x231f/0x37f0 [ 170.698865][ T7672] ? mark_held_locks+0xf0/0xf0 [ 170.704494][ T7672] ? mark_held_locks+0xa4/0xf0 [ 170.709261][ T7672] ? tcp_sendpage+0x60/0x60 [ 170.713781][ T7672] ? lock_sock_nested+0x9a/0x120 [ 170.718703][ T7672] ? trace_hardirqs_on+0x67/0x230 [ 170.723711][ T7672] ? lock_sock_nested+0x9a/0x120 [ 170.728649][ T7672] ? __local_bh_enable_ip+0x15a/0x270 [ 170.734114][ T7672] tcp_sendmsg+0x30/0x50 [ 170.738341][ T7672] inet_sendmsg+0x147/0x5e0 [ 170.742824][ T7672] ? ipip_gro_receive+0x100/0x100 [ 170.747846][ T7672] sock_sendmsg+0xdd/0x130 [ 170.752289][ T7672] __sys_sendto+0x262/0x380 [ 170.756781][ T7672] ? __ia32_sys_getpeername+0xb0/0xb0 [ 170.762167][ T7672] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 170.768416][ T7672] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 170.773974][ T7672] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 170.779432][ T7672] ? do_syscall_64+0x26/0x610 [ 170.784102][ T7672] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 170.790185][ T7672] __x64_sys_sendto+0xe1/0x1a0 [ 170.794943][ T7672] do_syscall_64+0x103/0x610 [ 170.799517][ T7672] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 170.805398][ T7672] RIP: 0033:0x4582b9 [ 170.809296][ T7672] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 170.828900][ T7672] RSP: 002b:00007f52dc527c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 170.837325][ T7672] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 170.845308][ T7672] RDX: fffffffffffffea0 RSI: 0000000000000000 RDI: 0000000000000007 [ 170.853294][ T7672] RBP: 000000000073bfa0 R08: 0000000020000040 R09: 000000000000001c [ 170.861366][ T7672] R10: 0000000020000001 R11: 0000000000000246 R12: 00007f52dc5286d4 [ 170.869503][ T7672] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 170.880218][ T7672] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7672 [ 170.889615][ T7672] caller is ip6_finish_output+0x335/0xdc0 [ 170.895527][ T7672] CPU: 0 PID: 7672 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 170.904537][ T7672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 170.914598][ T7672] Call Trace: [ 170.917886][ T7672] dump_stack+0x172/0x1f0 [ 170.922222][ T7672] __this_cpu_preempt_check+0x246/0x270 [ 170.927860][ T7672] ip6_finish_output+0x335/0xdc0 [ 170.932825][ T7672] ip6_output+0x235/0x7f0 [ 170.937148][ T7672] ? ip6_finish_output+0xdc0/0xdc0 [ 170.942244][ T7672] ? ip6_fragment+0x3980/0x3980 [ 170.947106][ T7672] ip6_xmit+0xe41/0x20c0 [ 170.951456][ T7672] ? ip6_finish_output2+0x2550/0x2550 [ 170.956822][ T7672] ? mark_held_locks+0xf0/0xf0 [ 170.961571][ T7672] ? ip6_setup_cork+0x1870/0x1870 [ 170.966882][ T7672] inet6_csk_xmit+0x2fb/0x5d0 [ 170.971816][ T7672] ? inet6_csk_update_pmtu+0x190/0x190 [ 170.977259][ T7672] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 170.983592][ T7672] ? csum_ipv6_magic+0x20/0x80 [ 170.988367][ T7672] __tcp_transmit_skb+0x1a32/0x3750 [ 170.993565][ T7672] ? memcpy+0x46/0x50 [ 170.997582][ T7672] ? __tcp_select_window+0x8b0/0x8b0 [ 171.002941][ T7672] ? tcp_rbtree_insert+0x188/0x200 [ 171.008047][ T7672] tcp_send_synack+0x4b0/0x15b0 [ 171.012917][ T7672] ? tcp_send_active_reset+0x8e0/0x8e0 [ 171.018376][ T7672] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 171.024610][ T7672] ? tcp_sync_mss+0x2ee/0xa30 [ 171.029290][ T7672] tcp_rcv_state_process+0x225d/0x4d93 [ 171.034780][ T7672] ? tcp_finish_connect+0x510/0x510 [ 171.039975][ T7672] ? __release_sock+0xca/0x3a0 [ 171.044743][ T7672] ? find_held_lock+0x35/0x130 [ 171.049511][ T7672] ? mark_held_locks+0xa4/0xf0 [ 171.054272][ T7672] ? __local_bh_enable_ip+0x15a/0x270 [ 171.059623][ T7672] ? _raw_spin_unlock_bh+0x31/0x40 [ 171.064815][ T7672] ? __local_bh_enable_ip+0x15a/0x270 [ 171.070179][ T7672] tcp_v6_do_rcv+0x7da/0x12c0 [ 171.074837][ T7672] ? tcp_v6_do_rcv+0x7da/0x12c0 [ 171.079673][ T7672] __release_sock+0x12e/0x3a0 [ 171.084333][ T7672] release_sock+0x59/0x1c0 [ 171.088747][ T7672] __inet_stream_connect+0x59f/0xea0 [ 171.094025][ T7672] ? inet_dgram_connect+0x2e0/0x2e0 [ 171.099212][ T7672] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 171.104584][ T7672] ? do_wait_intr_irq+0x2b0/0x2b0 [ 171.110380][ T7672] ? __lock_acquire+0x548/0x3fb0 [ 171.115398][ T7672] tcp_sendmsg_locked+0x231f/0x37f0 [ 171.120607][ T7672] ? mark_held_locks+0xf0/0xf0 [ 171.125369][ T7672] ? mark_held_locks+0xa4/0xf0 [ 171.130136][ T7672] ? tcp_sendpage+0x60/0x60 [ 171.134640][ T7672] ? lock_sock_nested+0x9a/0x120 [ 171.139596][ T7672] ? trace_hardirqs_on+0x67/0x230 [ 171.144881][ T7672] ? lock_sock_nested+0x9a/0x120 [ 171.149822][ T7672] ? __local_bh_enable_ip+0x15a/0x270 [ 171.155204][ T7672] tcp_sendmsg+0x30/0x50 [ 171.159543][ T7672] inet_sendmsg+0x147/0x5e0 [ 171.164070][ T7672] ? ipip_gro_receive+0x100/0x100 [ 171.169102][ T7672] sock_sendmsg+0xdd/0x130 [ 171.173617][ T7672] __sys_sendto+0x262/0x380 [ 171.178219][ T7672] ? __ia32_sys_getpeername+0xb0/0xb0 [ 171.179196][ T7678] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7678 [ 171.183726][ T7672] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 171.183753][ T7672] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 171.193518][ T7678] caller is ip6_finish_output+0x335/0xdc0 [ 171.199621][ T7672] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 171.199635][ T7672] ? do_syscall_64+0x26/0x610 [ 171.199651][ T7672] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 171.199671][ T7672] __x64_sys_sendto+0xe1/0x1a0 [ 171.199690][ T7672] do_syscall_64+0x103/0x610 [ 171.237058][ T7672] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 171.243377][ T7672] RIP: 0033:0x4582b9 [ 171.247365][ T7672] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 171.266979][ T7672] RSP: 002b:00007f52dc527c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 171.275396][ T7672] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 171.283360][ T7672] RDX: fffffffffffffea0 RSI: 0000000000000000 RDI: 0000000000000007 [ 171.291320][ T7672] RBP: 000000000073bfa0 R08: 0000000020000040 R09: 000000000000001c [ 171.299280][ T7672] R10: 0000000020000001 R11: 0000000000000246 R12: 00007f52dc5286d4 [ 171.307266][ T7672] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 171.315249][ T7678] CPU: 1 PID: 7678 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 171.325320][ T7678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 171.325325][ T7678] Call Trace: [ 171.325348][ T7678] dump_stack+0x172/0x1f0 [ 171.325373][ T7678] __this_cpu_preempt_check+0x246/0x270 [ 171.343708][ T7678] ip6_finish_output+0x335/0xdc0 [ 171.354145][ T7678] ip6_output+0x235/0x7f0 [ 171.358475][ T7678] ? ip6_finish_output+0xdc0/0xdc0 [ 171.358494][ T7678] ? ip6_fragment+0x3980/0x3980 [ 171.358510][ T7678] ? nfc_hci_connect_gate+0x208/0x4e0 [ 171.358529][ T7678] ip6_xmit+0xe41/0x20c0 [ 171.368557][ T7678] ? ip6_finish_output2+0x2550/0x2550 [ 171.368575][ T7678] ? mark_held_locks+0xf0/0xf0 [ 171.368594][ T7678] ? ip6_setup_cork+0x1870/0x1870 [ 171.378781][ T7678] ? nfc_hci_connect_gate+0x1b0/0x4e0 [ 171.378801][ T7678] inet6_csk_xmit+0x2fb/0x5d0 [ 171.378819][ T7678] ? inet6_csk_update_pmtu+0x190/0x190 [ 171.388906][ T7678] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 171.388929][ T7678] ? csum_ipv6_magic+0x20/0x80 [ 171.388953][ T7678] __tcp_transmit_skb+0x1a32/0x3750 [ 171.399318][ T7678] ? __tcp_select_window+0x8b0/0x8b0 [ 171.399336][ T7678] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 171.399357][ T7678] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 171.409627][ T7678] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 171.409645][ T7678] tcp_connect+0x1e47/0x4280 [ 171.409671][ T7678] ? tcp_push_one+0x110/0x110 [ 171.420643][ T7678] ? secure_tcpv6_ts_off+0x24f/0x360 [ 171.431170][ T7678] ? secure_dccpv6_sequence_number+0x280/0x280 [ 171.442924][ T7678] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 171.453716][ T7678] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 171.458729][ T7657] device hsr_slave_0 entered promiscuous mode [ 171.463635][ T7678] ? prandom_u32_state+0x13/0x180 [ 171.471273][ T7672] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7672 [ 171.475993][ T7678] tcp_v6_connect+0x150b/0x20a0 [ 171.476011][ T7678] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 171.476028][ T7678] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 171.476042][ T7678] ? __switch_to_asm+0x34/0x70 [ 171.476054][ T7678] ? __switch_to_asm+0x40/0x70 [ 171.476083][ T7678] ? find_held_lock+0x35/0x130 [ 171.476102][ T7678] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 171.476123][ T7678] __inet_stream_connect+0x83f/0xea0 [ 171.476140][ T7678] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 171.484821][ T7672] caller is ip6_finish_output+0x335/0xdc0 [ 171.490842][ T7678] ? __inet_stream_connect+0x83f/0xea0 [ 171.563818][ T7678] ? inet_dgram_connect+0x2e0/0x2e0 [ 171.569038][ T7678] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 171.574409][ T7678] ? rcu_read_lock_sched_held+0x110/0x130 [ 171.580645][ T7678] ? kmem_cache_alloc_trace+0x354/0x760 [ 171.586443][ T7678] ? __lock_acquire+0x548/0x3fb0 [ 171.595359][ T7678] tcp_sendmsg_locked+0x231f/0x37f0 [ 171.600556][ T7678] ? mark_held_locks+0xf0/0xf0 [ 171.605318][ T7678] ? mark_held_locks+0xa4/0xf0 [ 171.610074][ T7678] ? tcp_sendpage+0x60/0x60 [ 171.614571][ T7678] ? lock_sock_nested+0x9a/0x120 [ 171.619499][ T7678] ? trace_hardirqs_on+0x67/0x230 [ 171.624524][ T7678] ? lock_sock_nested+0x9a/0x120 [ 171.629459][ T7678] ? __local_bh_enable_ip+0x15a/0x270 [ 171.634827][ T7678] tcp_sendmsg+0x30/0x50 [ 171.639063][ T7678] inet_sendmsg+0x147/0x5e0 [ 171.643565][ T7678] ? ipip_gro_receive+0x100/0x100 [ 171.648670][ T7678] sock_sendmsg+0xdd/0x130 [ 171.653083][ T7678] __sys_sendto+0x262/0x380 [ 171.657580][ T7678] ? __ia32_sys_getpeername+0xb0/0xb0 [ 171.663222][ T7678] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 171.669639][ T7678] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 171.675092][ T7678] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 171.680803][ T7678] ? do_syscall_64+0x26/0x610 [ 171.685469][ T7678] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 171.691535][ T7678] __x64_sys_sendto+0xe1/0x1a0 [ 171.696297][ T7678] do_syscall_64+0x103/0x610 [ 171.700885][ T7678] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 171.706768][ T7678] RIP: 0033:0x4582b9 [ 171.710660][ T7678] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 171.731776][ T7678] RSP: 002b:00007f52dc4a3c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 171.740184][ T7678] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 171.748146][ T7678] RDX: fffffffffffffea0 RSI: 0000000000000000 RDI: 000000000000000c [ 171.756110][ T7678] RBP: 000000000073c220 R08: 0000000020000040 R09: 000000000000001c [ 171.764076][ T7678] R10: 0000000020000001 R11: 0000000000000246 R12: 00007f52dc4a46d4 [ 171.772039][ T7678] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 171.780025][ T7672] CPU: 0 PID: 7672 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 171.789044][ T7672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 171.799083][ T7672] Call Trace: [ 171.802447][ T7672] dump_stack+0x172/0x1f0 [ 171.806766][ T7672] __this_cpu_preempt_check+0x246/0x270 [ 171.812304][ T7672] ip6_finish_output+0x335/0xdc0 [ 171.817233][ T7672] ip6_output+0x235/0x7f0 [ 171.821547][ T7672] ? ip6_finish_output+0xdc0/0xdc0 [ 171.826641][ T7672] ? ip6_fragment+0x3980/0x3980 [ 171.831512][ T7672] ip6_xmit+0xe41/0x20c0 [ 171.835754][ T7672] ? ip6_finish_output2+0x2550/0x2550 [ 171.841125][ T7672] ? mark_held_locks+0xf0/0xf0 [ 171.845875][ T7672] ? ip6_setup_cork+0x1870/0x1870 [ 171.850895][ T7672] inet6_csk_xmit+0x2fb/0x5d0 [ 171.855554][ T7672] ? inet6_csk_update_pmtu+0x190/0x190 [ 171.860990][ T7672] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 171.867223][ T7672] ? csum_ipv6_magic+0x20/0x80 [ 171.871971][ T7672] __tcp_transmit_skb+0x1a32/0x3750 [ 171.877159][ T7672] ? __tcp_select_window+0x8b0/0x8b0 [ 171.882426][ T7672] ? tcp_mstamp_refresh+0x16/0xa0 [ 171.887450][ T7672] __tcp_send_ack.part.0+0x3c6/0x5b0 [ 171.892715][ T7672] tcp_send_ack+0x88/0xa0 [ 171.897036][ T7672] tcp_send_challenge_ack.isra.0+0x250/0x300 [ 171.902998][ T7672] tcp_validate_incoming+0x55e/0x1660 [ 171.908356][ T7672] tcp_rcv_state_process+0xb6b/0x4d93 [ 171.913710][ T7672] ? tcp_finish_connect+0x510/0x510 [ 171.918891][ T7672] ? __release_sock+0xca/0x3a0 [ 171.923661][ T7672] ? find_held_lock+0x35/0x130 [ 171.928417][ T7672] ? mark_held_locks+0xa4/0xf0 [ 171.933260][ T7672] ? __local_bh_enable_ip+0x15a/0x270 [ 171.938702][ T7672] ? _raw_spin_unlock_bh+0x31/0x40 [ 171.943803][ T7672] ? __local_bh_enable_ip+0x15a/0x270 [ 171.949164][ T7672] tcp_v6_do_rcv+0x7da/0x12c0 [ 171.953844][ T7672] ? tcp_v6_do_rcv+0x7da/0x12c0 [ 171.958769][ T7672] __release_sock+0x12e/0x3a0 [ 171.963447][ T7672] release_sock+0x59/0x1c0 [ 171.967854][ T7672] __inet_stream_connect+0x59f/0xea0 [ 171.973133][ T7672] ? inet_dgram_connect+0x2e0/0x2e0 [ 171.978313][ T7672] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 171.983687][ T7672] ? do_wait_intr_irq+0x2b0/0x2b0 [ 171.988694][ T7672] ? __lock_acquire+0x548/0x3fb0 [ 171.993614][ T7672] tcp_sendmsg_locked+0x231f/0x37f0 [ 171.998792][ T7672] ? mark_held_locks+0xf0/0xf0 [ 172.003549][ T7672] ? mark_held_locks+0xa4/0xf0 [ 172.008299][ T7672] ? tcp_sendpage+0x60/0x60 [ 172.012783][ T7672] ? lock_sock_nested+0x9a/0x120 [ 172.017704][ T7672] ? trace_hardirqs_on+0x67/0x230 [ 172.022709][ T7672] ? lock_sock_nested+0x9a/0x120 [ 172.027630][ T7672] ? __local_bh_enable_ip+0x15a/0x270 [ 172.032990][ T7672] tcp_sendmsg+0x30/0x50 [ 172.037222][ T7672] inet_sendmsg+0x147/0x5e0 [ 172.041704][ T7672] ? ipip_gro_receive+0x100/0x100 [ 172.046707][ T7672] sock_sendmsg+0xdd/0x130 [ 172.051103][ T7672] __sys_sendto+0x262/0x380 [ 172.055601][ T7672] ? __ia32_sys_getpeername+0xb0/0xb0 [ 172.060962][ T7672] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 172.067195][ T7672] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 172.072636][ T7672] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 172.078079][ T7672] ? do_syscall_64+0x26/0x610 [ 172.082738][ T7672] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 172.088911][ T7672] __x64_sys_sendto+0xe1/0x1a0 [ 172.093661][ T7672] do_syscall_64+0x103/0x610 [ 172.098241][ T7672] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 172.104222][ T7672] RIP: 0033:0x4582b9 [ 172.108096][ T7672] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 172.127682][ T7672] RSP: 002b:00007f52dc527c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 172.136074][ T7672] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 172.144031][ T7672] RDX: fffffffffffffea0 RSI: 0000000000000000 RDI: 0000000000000007 [ 172.151987][ T7672] RBP: 000000000073bfa0 R08: 0000000020000040 R09: 000000000000001c [ 172.159951][ T7672] R10: 0000000020000001 R11: 0000000000000246 R12: 00007f52dc5286d4 [ 172.167906][ T7672] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 172.177244][ T7657] device hsr_slave_1 entered promiscuous mode [ 172.188035][ T7676] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7676 [ 172.197544][ T7676] caller is ip6_finish_output+0x335/0xdc0 [ 172.203275][ T7676] CPU: 1 PID: 7676 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 172.212289][ T7676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 172.222327][ T7676] Call Trace: [ 172.225615][ T7676] dump_stack+0x172/0x1f0 [ 172.229930][ T7676] __this_cpu_preempt_check+0x246/0x270 [ 172.235465][ T7676] ip6_finish_output+0x335/0xdc0 [ 172.240381][ T7676] ip6_output+0x235/0x7f0 [ 172.244690][ T7676] ? ip6_finish_output+0xdc0/0xdc0 [ 172.249777][ T7676] ? ip6_fragment+0x3980/0x3980 [ 172.254620][ T7676] ip6_xmit+0xe41/0x20c0 [ 172.258867][ T7676] ? ip6_finish_output2+0x2550/0x2550 [ 172.264219][ T7676] ? mark_held_locks+0xf0/0xf0 [ 172.268975][ T7676] ? ip6_setup_cork+0x1870/0x1870 [ 172.273989][ T7676] inet6_csk_xmit+0x2fb/0x5d0 [ 172.278644][ T7676] ? inet6_csk_update_pmtu+0x190/0x190 [ 172.284096][ T7676] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 172.290351][ T7676] ? csum_ipv6_magic+0x20/0x80 [ 172.295097][ T7676] __tcp_transmit_skb+0x1a32/0x3750 [ 172.300299][ T7676] ? __tcp_select_window+0x8b0/0x8b0 [ 172.305561][ T7676] ? lockdep_hardirqs_on+0x418/0x5d0 [ 172.310819][ T7676] ? trace_hardirqs_on+0x67/0x230 [ 172.315822][ T7676] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 172.321522][ T7676] tcp_write_xmit+0xe39/0x5660 [ 172.326271][ T7676] ? __might_fault+0x12b/0x1e0 [ 172.331020][ T7676] __tcp_push_pending_frames+0xb4/0x350 [ 172.336569][ T7676] tcp_push+0x4cd/0x6c0 [ 172.340703][ T7676] ? __check_object_size+0x3d/0x42f [ 172.345879][ T7676] tcp_sendmsg_locked+0x15eb/0x37f0 [ 172.351135][ T7676] ? tcp_sendpage+0x60/0x60 [ 172.355630][ T7676] ? trace_hardirqs_on+0x67/0x230 [ 172.360652][ T7676] ? lock_sock_nested+0x9a/0x120 [ 172.365571][ T7676] ? __local_bh_enable_ip+0x15a/0x270 [ 172.370922][ T7676] tcp_sendmsg+0x30/0x50 [ 172.375144][ T7676] inet_sendmsg+0x147/0x5e0 [ 172.379619][ T7676] ? ipip_gro_receive+0x100/0x100 [ 172.384623][ T7676] sock_sendmsg+0xdd/0x130 [ 172.389017][ T7676] __sys_sendto+0x262/0x380 [ 172.393497][ T7676] ? __ia32_sys_getpeername+0xb0/0xb0 [ 172.398865][ T7676] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 172.405090][ T7676] ? put_timespec64+0xda/0x140 [ 172.409847][ T7676] ? nsecs_to_jiffies+0x30/0x30 [ 172.414690][ T7676] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 172.420217][ T7676] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 172.425654][ T7676] ? do_syscall_64+0x26/0x610 [ 172.430396][ T7676] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 172.436460][ T7676] __x64_sys_sendto+0xe1/0x1a0 [ 172.441222][ T7676] do_syscall_64+0x103/0x610 [ 172.445809][ T7676] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 172.451678][ T7676] RIP: 0033:0x4582b9 [ 172.455552][ T7676] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 172.475149][ T7676] RSP: 002b:00007f52dc4e5c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 172.483542][ T7676] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 172.491753][ T7676] RDX: fffffffffffffd4d RSI: 0000000020000340 RDI: 0000000000000007 [ 172.499716][ T7676] RBP: 000000000073c0e0 R08: 0000000000000000 R09: 0000000000000000 [ 172.507682][ T7676] R10: 0000000000000057 R11: 0000000000000246 R12: 00007f52dc4e66d4 [ 172.515658][ T7676] R13: 00000000004c59f3 R14: 00000000004d9d88 R15: 00000000ffffffff [ 172.526637][ T7676] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7676 [ 172.536041][ T7676] caller is ip6_finish_output+0x335/0xdc0 [ 172.541751][ T7676] CPU: 0 PID: 7676 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 172.550744][ T7676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 172.560780][ T7676] Call Trace: [ 172.564115][ T7676] dump_stack+0x172/0x1f0 [ 172.568458][ T7676] __this_cpu_preempt_check+0x246/0x270 [ 172.574002][ T7676] ip6_finish_output+0x335/0xdc0 [ 172.578927][ T7676] ip6_output+0x235/0x7f0 [ 172.583238][ T7676] ? ip6_finish_output+0xdc0/0xdc0 [ 172.588350][ T7676] ? ip6_fragment+0x3980/0x3980 [ 172.593194][ T7676] ip6_xmit+0xe41/0x20c0 [ 172.597467][ T7676] ? ip6_finish_output2+0x2550/0x2550 [ 172.602835][ T7676] ? mark_held_locks+0xf0/0xf0 [ 172.607609][ T7676] ? ip6_setup_cork+0x1870/0x1870 [ 172.612637][ T7676] inet6_csk_xmit+0x2fb/0x5d0 [ 172.617300][ T7676] ? inet6_csk_update_pmtu+0x190/0x190 [ 172.622741][ T7676] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 172.628977][ T7676] ? csum_ipv6_magic+0x20/0x80 [ 172.633746][ T7676] __tcp_transmit_skb+0x1a32/0x3750 [ 172.638930][ T7676] ? __tcp_select_window+0x8b0/0x8b0 [ 172.644191][ T7676] ? tcp_rearm_rto.part.0+0x1e0/0x390 [ 172.649547][ T7676] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 172.655262][ T7676] tcp_write_xmit+0xe39/0x5660 [ 172.660029][ T7676] ? __might_fault+0x12b/0x1e0 [ 172.664805][ T7676] __tcp_push_pending_frames+0xb4/0x350 [ 172.670343][ T7676] tcp_push+0x4cd/0x6c0 [ 172.674481][ T7676] ? __check_object_size+0x3d/0x42f [ 172.679663][ T7676] tcp_sendmsg_locked+0x15eb/0x37f0 [ 172.684879][ T7676] ? tcp_sendpage+0x60/0x60 [ 172.689376][ T7676] ? trace_hardirqs_on+0x67/0x230 [ 172.694402][ T7676] ? lock_sock_nested+0x9a/0x120 [ 172.699347][ T7676] ? __local_bh_enable_ip+0x15a/0x270 [ 172.704718][ T7676] tcp_sendmsg+0x30/0x50 [ 172.708950][ T7676] inet_sendmsg+0x147/0x5e0 [ 172.713438][ T7676] ? ipip_gro_receive+0x100/0x100 [ 172.718460][ T7676] sock_sendmsg+0xdd/0x130 [ 172.722857][ T7676] __sys_sendto+0x262/0x380 [ 172.727355][ T7676] ? __ia32_sys_getpeername+0xb0/0xb0 [ 172.732726][ T7676] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 172.738947][ T7676] ? put_timespec64+0xda/0x140 [ 172.743701][ T7676] ? nsecs_to_jiffies+0x30/0x30 [ 172.748552][ T7676] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 172.754033][ T7676] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 172.759561][ T7676] ? do_syscall_64+0x26/0x610 [ 172.764315][ T7676] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 172.770371][ T7676] __x64_sys_sendto+0xe1/0x1a0 [ 172.775120][ T7676] do_syscall_64+0x103/0x610 [ 172.779692][ T7676] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 172.785656][ T7676] RIP: 0033:0x4582b9 [ 172.789552][ T7676] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 172.809151][ T7676] RSP: 002b:00007f52dc4e5c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 172.817542][ T7676] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 172.825505][ T7676] RDX: fffffffffffffd4d RSI: 0000000020000340 RDI: 0000000000000007 [ 172.833469][ T7676] RBP: 000000000073c0e0 R08: 0000000000000000 R09: 0000000000000000 [ 172.841425][ T7676] R10: 0000000000000057 R11: 0000000000000246 R12: 00007f52dc4e66d4 [ 172.849382][ T7676] R13: 00000000004c59f3 R14: 00000000004d9d88 R15: 00000000ffffffff [ 172.861806][ T7676] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7676 [ 172.871327][ T7676] caller is ip6_finish_output+0x335/0xdc0 [ 172.877223][ T7676] CPU: 1 PID: 7676 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 172.886248][ T7676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 172.896348][ T7676] Call Trace: [ 172.899630][ T7676] dump_stack+0x172/0x1f0 [ 172.903947][ T7676] __this_cpu_preempt_check+0x246/0x270 [ 172.909498][ T7676] ip6_finish_output+0x335/0xdc0 [ 172.914425][ T7676] ip6_output+0x235/0x7f0 [ 172.918735][ T7676] ? ip6_finish_output+0xdc0/0xdc0 [ 172.923828][ T7676] ? ip6_fragment+0x3980/0x3980 [ 172.928660][ T7676] ip6_xmit+0xe41/0x20c0 [ 172.932884][ T7676] ? ip6_finish_output2+0x2550/0x2550 [ 172.938249][ T7676] ? mark_held_locks+0xf0/0xf0 [ 172.942994][ T7676] ? ip6_setup_cork+0x1870/0x1870 [ 172.948000][ T7676] ? inet6_csk_route_socket+0x715/0xf40 [ 172.953531][ T7676] inet6_csk_xmit+0x2fb/0x5d0 [ 172.958187][ T7676] ? inet6_csk_update_pmtu+0x190/0x190 [ 172.963626][ T7676] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 172.969851][ T7676] ? csum_ipv6_magic+0x20/0x80 [ 172.974602][ T7676] __tcp_transmit_skb+0x1a32/0x3750 [ 172.979782][ T7676] ? __tcp_select_window+0x8b0/0x8b0 [ 172.985056][ T7676] __tcp_send_ack.part.0+0x3c6/0x5b0 [ 172.990339][ T7676] tcp_send_ack+0x88/0xa0 [ 172.994649][ T7676] __tcp_ack_snd_check+0x165/0x8d0 [ 172.999759][ T7676] tcp_rcv_established+0x9ed/0x1fb0 [ 173.004941][ T7676] ? find_held_lock+0x35/0x130 [ 173.009691][ T7676] ? tcp_data_queue+0x4840/0x4840 [ 173.014695][ T7676] ? __local_bh_enable_ip+0x15a/0x270 [ 173.020078][ T7676] ? _raw_spin_unlock_bh+0x31/0x40 [ 173.025167][ T7676] ? __local_bh_enable_ip+0x15a/0x270 [ 173.030520][ T7676] ? lockdep_hardirqs_on+0x418/0x5d0 [ 173.035803][ T7676] tcp_v6_do_rcv+0x421/0x12c0 [ 173.040478][ T7676] __release_sock+0x12e/0x3a0 [ 173.045150][ T7676] release_sock+0x59/0x1c0 [ 173.049571][ T7676] tcp_sendmsg+0x3b/0x50 [ 173.053811][ T7676] inet_sendmsg+0x147/0x5e0 [ 173.058294][ T7676] ? ipip_gro_receive+0x100/0x100 [ 173.063328][ T7676] sock_sendmsg+0xdd/0x130 [ 173.067729][ T7676] __sys_sendto+0x262/0x380 [ 173.072215][ T7676] ? __ia32_sys_getpeername+0xb0/0xb0 [ 173.077583][ T7676] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 173.083798][ T7676] ? put_timespec64+0xda/0x140 [ 173.088541][ T7676] ? nsecs_to_jiffies+0x30/0x30 [ 173.093389][ T7676] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 173.098830][ T7676] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 173.104267][ T7676] ? do_syscall_64+0x26/0x610 [ 173.108943][ T7676] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 173.114997][ T7676] __x64_sys_sendto+0xe1/0x1a0 [ 173.119744][ T7676] do_syscall_64+0x103/0x610 [ 173.124317][ T7676] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 173.130203][ T7676] RIP: 0033:0x4582b9 [ 173.134088][ T7676] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 173.153680][ T7676] RSP: 002b:00007f52dc4e5c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 173.162160][ T7676] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 173.170126][ T7676] RDX: fffffffffffffd4d RSI: 0000000020000340 RDI: 0000000000000007 [ 173.178081][ T7676] RBP: 000000000073c0e0 R08: 0000000000000000 R09: 0000000000000000 [ 173.186044][ T7676] R10: 0000000000000057 R11: 0000000000000246 R12: 00007f52dc4e66d4 [ 173.194099][ T7676] R13: 00000000004c59f3 R14: 00000000004d9d88 R15: 00000000ffffffff [ 173.205168][ T251] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 173.212856][ T251] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 173.232397][ T7663] team0: Port device team_slave_0 added [ 173.239995][ T7663] team0: Port device team_slave_1 added [ 173.267080][ T7660] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 173.301407][ T7677] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7677 [ 173.310900][ T7677] caller is ip6_finish_output+0x335/0xdc0 [ 173.318266][ T7677] CPU: 1 PID: 7677 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 173.327281][ T7677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 173.337318][ T7677] Call Trace: [ 173.340603][ T7677] dump_stack+0x172/0x1f0 [ 173.344922][ T7677] __this_cpu_preempt_check+0x246/0x270 [ 173.350474][ T7677] ip6_finish_output+0x335/0xdc0 [ 173.355421][ T7677] ip6_output+0x235/0x7f0 [ 173.359747][ T7677] ? ip6_finish_output+0xdc0/0xdc0 [ 173.364838][ T7677] ? ip6_fragment+0x3980/0x3980 [ 173.369691][ T7677] ip6_xmit+0xe41/0x20c0 [ 173.373920][ T7677] ? ip6_finish_output2+0x2550/0x2550 [ 173.379272][ T7677] ? mark_held_locks+0xf0/0xf0 [ 173.384034][ T7677] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 173.390273][ T7677] ? ip6_setup_cork+0x1870/0x1870 [ 173.395292][ T7677] ? inet6_csk_route_socket+0x715/0xf40 [ 173.400845][ T7677] inet6_csk_xmit+0x2fb/0x5d0 [ 173.405504][ T7677] ? inet6_csk_update_pmtu+0x190/0x190 [ 173.410946][ T7677] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 173.417188][ T7677] ? csum_ipv6_magic+0x20/0x80 [ 173.421941][ T7677] __tcp_transmit_skb+0x1a32/0x3750 [ 173.427140][ T7677] ? __tcp_select_window+0x8b0/0x8b0 [ 173.432415][ T7677] ? lockdep_hardirqs_on+0x418/0x5d0 [ 173.437709][ T7677] ? trace_hardirqs_on+0x67/0x230 [ 173.442724][ T7677] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 173.448423][ T7677] ? ktime_get+0x208/0x300 [ 173.452831][ T7677] tcp_send_active_reset+0x43a/0x8e0 [ 173.458113][ T7677] tcp_close+0xbb1/0x10c0 [ 173.462436][ T7677] ? sock_fasync+0x100/0x160 [ 173.467021][ T7677] inet_release+0x105/0x1f0 [ 173.471522][ T7677] inet6_release+0x53/0x80 [ 173.475939][ T7677] __sock_release+0xd3/0x2b0 [ 173.480525][ T7677] ? __sock_release+0x2b0/0x2b0 [ 173.485356][ T7677] sock_close+0x1b/0x30 [ 173.489489][ T7677] __fput+0x2e5/0x8d0 [ 173.493497][ T7677] ____fput+0x16/0x20 [ 173.497461][ T7677] task_work_run+0x14a/0x1c0 [ 173.502030][ T7677] do_exit+0x90a/0x2fa0 [ 173.506162][ T7677] ? get_signal+0x331/0x1d50 [ 173.510730][ T7677] ? mm_update_next_owner+0x640/0x640 [ 173.516080][ T7677] ? kasan_check_write+0x14/0x20 [ 173.520993][ T7677] ? _raw_spin_unlock_irq+0x28/0x90 [ 173.526171][ T7677] ? get_signal+0x331/0x1d50 [ 173.530760][ T7677] ? _raw_spin_unlock_irq+0x28/0x90 [ 173.535956][ T7677] do_group_exit+0x135/0x370 [ 173.540539][ T7677] get_signal+0x399/0x1d50 [ 173.544947][ T7677] ? dlci_ioctl_set+0x40/0x40 [ 173.549604][ T7677] ? do_vfs_ioctl+0x120/0x1390 [ 173.554351][ T7677] do_signal+0x87/0x1940 [ 173.558568][ T7677] ? ioctl_preallocate+0x210/0x210 [ 173.564892][ T7677] ? __fget+0x381/0x550 [ 173.569030][ T7677] ? setup_sigcontext+0x7d0/0x7d0 [ 173.574030][ T7677] ? ksys_dup3+0x3e0/0x3e0 [ 173.578425][ T7677] ? nsecs_to_jiffies+0x30/0x30 [ 173.583254][ T7677] ? exit_to_usermode_loop+0x43/0x2c0 [ 173.588600][ T7677] ? do_syscall_64+0x52d/0x610 [ 173.593343][ T7677] ? exit_to_usermode_loop+0x43/0x2c0 [ 173.598712][ T7677] ? lockdep_hardirqs_on+0x418/0x5d0 [ 173.603981][ T7677] ? trace_hardirqs_on+0x67/0x230 [ 173.609007][ T7677] exit_to_usermode_loop+0x244/0x2c0 [ 173.614274][ T7677] do_syscall_64+0x52d/0x610 [ 173.618842][ T7677] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 173.624708][ T7677] RIP: 0033:0x4582b9 [ 173.628583][ T7677] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 23:33:27 executing program 0: [ 173.648161][ T7677] RSP: 002b:00007f52dc4c4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 173.656555][ T7677] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00000000004582b9 [ 173.664501][ T7677] RDX: 0000000020000300 RSI: 0000001000008912 RDI: 0000000000000009 [ 173.672461][ T7677] RBP: 000000000073c180 R08: 0000000000000000 R09: 0000000000000000 [ 173.680429][ T7677] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f52dc4c56d4 [ 173.688380][ T7677] R13: 00000000004bf42a R14: 00000000004d11c0 R15: 00000000ffffffff 23:33:27 executing program 0: 23:33:27 executing program 0: 23:33:27 executing program 0: [ 173.717304][ T7663] device hsr_slave_0 entered promiscuous mode [ 173.755302][ T7663] device hsr_slave_1 entered promiscuous mode 23:33:27 executing program 0: [ 173.807404][ T251] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 173.833483][ T251] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 173.842652][ T251] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.849799][ T251] bridge0: port 1(bridge_slave_0) entered forwarding state 23:33:27 executing program 0: 23:33:27 executing program 0: [ 173.864538][ T251] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 173.874370][ T251] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 173.901610][ T251] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.908770][ T251] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.920367][ T251] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 173.929337][ T251] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 173.938174][ T251] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 173.948172][ T251] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 173.958068][ T7660] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 173.987607][ T7665] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 173.998814][ T7665] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 174.008074][ T7665] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 174.016774][ T7665] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 174.025791][ T7665] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 174.033996][ T7665] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 174.048565][ T7665] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 174.056899][ T7665] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 174.077109][ T7660] team0: Port device team_slave_0 added [ 174.083895][ T7660] team0: Port device team_slave_1 added [ 174.091574][ T7652] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 174.133700][ T7655] 8021q: adding VLAN 0 to HW filter on device bond0 [ 174.197355][ T7660] device hsr_slave_0 entered promiscuous mode [ 174.235131][ T7660] device hsr_slave_1 entered promiscuous mode [ 174.287456][ T7663] 8021q: adding VLAN 0 to HW filter on device bond0 [ 174.303251][ T7659] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 174.311310][ T7659] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 174.327141][ T7655] 8021q: adding VLAN 0 to HW filter on device team0 [ 174.348393][ T7663] 8021q: adding VLAN 0 to HW filter on device team0 [ 174.361956][ T7652] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 174.375361][ T7659] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 174.383854][ T7659] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 174.392232][ T7659] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.399315][ T7659] bridge0: port 1(bridge_slave_0) entered forwarding state [ 174.407648][ T7659] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 174.415449][ T7659] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 174.422969][ T7659] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 174.431674][ T7659] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 174.440224][ T7659] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.447325][ T7659] bridge0: port 2(bridge_slave_1) entered forwarding state [ 174.455315][ T7659] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 174.463793][ T7659] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 174.472841][ T7659] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 174.490673][ T7657] 8021q: adding VLAN 0 to HW filter on device bond0 [ 174.500934][ T7665] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 174.509805][ T7665] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 174.518679][ T7665] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.525777][ T7665] bridge0: port 1(bridge_slave_0) entered forwarding state [ 174.533355][ T7665] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 174.546179][ T7665] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 174.557036][ T7665] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 174.564964][ T7665] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 23:33:28 executing program 1: [ 174.595989][ T7657] 8021q: adding VLAN 0 to HW filter on device team0 [ 174.610825][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 174.620518][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 174.629762][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.636883][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 174.650352][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 174.660288][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 174.678374][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 174.687437][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 174.696001][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 174.703771][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 174.712546][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 174.722370][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 174.743427][ T7655] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 174.755208][ T7655] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 174.781392][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 174.790955][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 174.800032][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 174.808855][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 174.817489][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 174.826553][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 174.835001][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 174.843042][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 174.851621][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 174.860015][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.867196][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 174.875056][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 174.883544][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 174.891906][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.898956][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 174.906664][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 174.915353][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 174.923723][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 174.932297][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 174.940659][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 174.949150][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 174.960029][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 174.967671][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 174.975633][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 174.989955][ T7663] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 175.001116][ T7663] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 175.021728][ T7657] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 175.033200][ T7657] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 175.051811][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 175.061727][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 175.070228][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 175.078705][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 175.087204][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 175.095534][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 175.103749][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 175.112376][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 175.120662][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 175.128659][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 175.142651][ T7655] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 175.166422][ T7660] 8021q: adding VLAN 0 to HW filter on device bond0 [ 175.186073][ T7660] 8021q: adding VLAN 0 to HW filter on device team0 [ 175.205246][ T7657] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 175.214939][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 175.222569][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 175.250158][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 175.262428][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 175.271414][ T3486] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.278527][ T3486] bridge0: port 1(bridge_slave_0) entered forwarding state [ 175.287055][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 175.295772][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 175.304144][ T3486] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.311283][ T3486] bridge0: port 2(bridge_slave_1) entered forwarding state [ 175.319375][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 175.345734][ T251] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 175.357840][ T251] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 175.367211][ T251] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 175.377686][ T251] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 175.386340][ T251] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 175.395357][ T251] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 175.403869][ T251] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 175.412530][ T251] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 175.420940][ T251] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 175.429810][ T251] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 175.440052][ T7663] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 175.455346][ T7660] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 175.486944][ T7665] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 175.522301][ T7660] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 175.594600][ C1] hrtimer: interrupt took 46986 ns [ 175.660104][ T7731] IPVS: ftp: loaded support on port[0] = 21 23:33:29 executing program 2: [ 176.010298][ T7773] IPVS: ftp: loaded support on port[0] = 21 23:33:29 executing program 1: 23:33:29 executing program 0: 23:33:29 executing program 5: 23:33:29 executing program 4: 23:33:29 executing program 2: 23:33:29 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_proto_private(r0, 0x89ef, &(0x7f0000000100)="f6213071c2975ff1d1fc66ded5282fda2bbd691d2dda7b5f1dd857a210c9d56c1de0b2c762dd1f3b87b652a2e2ae2a107b5c7d1bd29846667b02c344b5d5808192d8ef1c1c956f4399b3fcd5e11beea3a62acc1138426ea4e038ea5e73284cb9574de74cd69da93ba0b4eaaf80a5d1ede888a55616bd9bf85ab41c07272bad12345e311177c5e77e208d1c1bd8b0c7263f4e8301ad1a386a0569f20b5ea307f41e099a18d12ad30a153138ee2d599a328948c334a5c5c6d0a894ae8b698b52ee12e9e8de7770d0abe67e1647a502d9bff2fa34d395e98960551bd53f23ccaff67e6bb51e") ioctl$TUNSETSTEERINGEBPF(r1, 0x800454e0, 0x0) getegid() getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3f, &(0x7f0000000000)=""/55, 0x0) unshare(0x40000000) 23:33:29 executing program 4: 23:33:29 executing program 0: 23:33:29 executing program 5: 23:33:29 executing program 2: 23:33:29 executing program 0: 23:33:29 executing program 4: 23:33:29 executing program 1: 23:33:29 executing program 2: 23:33:29 executing program 5: 23:33:30 executing program 0: [ 176.406256][ T7791] IPVS: ftp: loaded support on port[0] = 21 23:33:30 executing program 1: 23:33:30 executing program 3: 23:33:30 executing program 5: 23:33:30 executing program 4: 23:33:30 executing program 2: 23:33:30 executing program 0: 23:33:30 executing program 1: 23:33:30 executing program 5: 23:33:30 executing program 0: 23:33:30 executing program 4: 23:33:30 executing program 1: 23:33:30 executing program 2: 23:33:30 executing program 5: 23:33:30 executing program 3: 23:33:30 executing program 1: 23:33:30 executing program 4: 23:33:30 executing program 2: 23:33:30 executing program 0: 23:33:30 executing program 5: 23:33:30 executing program 1: 23:33:30 executing program 3: 23:33:30 executing program 4: 23:33:30 executing program 5: 23:33:30 executing program 2: 23:33:30 executing program 1: 23:33:30 executing program 0: 23:33:30 executing program 4: 23:33:30 executing program 5: 23:33:31 executing program 2: 23:33:31 executing program 3: 23:33:31 executing program 1: 23:33:31 executing program 4: 23:33:31 executing program 5: 23:33:31 executing program 0: 23:33:31 executing program 1: 23:33:31 executing program 3: 23:33:31 executing program 2: 23:33:31 executing program 5: 23:33:31 executing program 1: 23:33:31 executing program 4: 23:33:31 executing program 0: 23:33:31 executing program 3: 23:33:31 executing program 5: 23:33:31 executing program 2: 23:33:31 executing program 4: 23:33:31 executing program 1: 23:33:31 executing program 3: 23:33:31 executing program 5: 23:33:31 executing program 2: 23:33:31 executing program 0: 23:33:31 executing program 3: 23:33:31 executing program 1: 23:33:31 executing program 4: 23:33:31 executing program 3: 23:33:31 executing program 1: 23:33:31 executing program 0: 23:33:31 executing program 5: 23:33:31 executing program 2: 23:33:31 executing program 0: 23:33:31 executing program 4: 23:33:31 executing program 5: 23:33:31 executing program 2: r0 = socket(0x2, 0x3, 0x6) r1 = fcntl$dupfd(r0, 0x0, r0) connect$unix(r0, &(0x7f0000000000)=@file={0xbd5699bc1ec0282, './file0\x00'}, 0x10) write(r1, &(0x7f0000000200)="776902000000000000f8dba3efc27c23903e5395be271b240ad1e1eedc4134a699170e0300e7b6ad6389aad5e97bbf0000000000edf2e01a", 0x38) 23:33:31 executing program 1: 23:33:31 executing program 3: 23:33:32 executing program 4: 23:33:32 executing program 0: 23:33:32 executing program 5: 23:33:32 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100000c7, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/igmp6\x00') preadv(r1, &(0x7f0000000480), 0x10000000000002a1, 0x0) 23:33:32 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000d80)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r2 = epoll_create1(0x0) r3 = syz_open_pts(r0, 0x0) dup2(r1, r0) dup2(r2, r3) 23:33:32 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) stat(&(0x7f00000000c0)='./file0/file0\x00', 0x0) read$FUSE(r0, &(0x7f0000001000), 0x1000) read$FUSE(r0, &(0x7f00000020c0), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) mount$fuse(0x20000000, &(0x7f0000000240)='./file0\x00', 0x0, 0x7a00, 0x0) mount$fuse(0x20000000, &(0x7f0000000080)='./file0\x00', 0x0, 0x7a00, 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x6800, 0x0) write$FUSE_DIRENT(r0, &(0x7f0000000500)={0x10, 0x0, 0x2}, 0x10) 23:33:32 executing program 0: syz_execute_func(&(0x7f0000000100)="f3e100def9575c8ac2c2c9734e424a2664f0ff064a460f3038082e67660e50e94d00c9c9c4625dbae5feabc4aba39ddf4507e50c420fae9972b571112d02") 23:33:32 executing program 4: r0 = socket(0x2, 0x3, 0x6) r1 = fcntl$dupfd(r0, 0x0, r0) connect$unix(r0, &(0x7f0000000000)=@file={0xbd5699bc1ec0282, './file0\x00'}, 0x10) write(r1, &(0x7f0000000200)="776902000000010000f8dba3efc27c23903e5395be271b240ad1e1eedc4134a699170e0300e7b6ad6389aad5e97bbf0000000000edf2e01a", 0x38) 23:33:32 executing program 5: mknod(&(0x7f0000000000)='./bus\x00', 0x2080008002, 0x28aa) r0 = open(&(0x7f0000000400)='./bus\x00', 0x1, 0x0) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000080)="0000000241e2c9dd0c7501dd839f03bda78867d3bf5d8139", 0x18}], 0x1) 23:33:32 executing program 2: r0 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg(r0, &(0x7f0000000080)={&(0x7f00000003c0)=@in={0x2, 0x0, @loopback}, 0x80, 0x0}, 0x20000000) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x3, &(0x7f0000346fc8)=@framed, &(0x7f0000f6bffb)='GPL\x00', 0x1, 0xfb, &(0x7f00000002c0)=""/251}, 0x48) r2 = socket$kcm(0x29, 0x2, 0x0) recvmsg$kcm(r2, &(0x7f0000002340)={0x0, 0x0, 0x0}, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000180)={r0, r1}) sendmsg$kcm(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000140)='Z', 0x1}], 0x1}, 0x0) 23:33:32 executing program 4: r0 = socket$kcm(0x10, 0x20000000000002, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000540)="2300000019003ffe2a46f799e7ce00fe029ac2a001000000fc05007b74c71bf53e8025", 0x23}], 0x1}, 0x0) 23:33:32 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 23:33:32 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x89b0, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000040)=ANY=[@ANYBLOB="00000000000000ba"]}) 23:33:32 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000640)='net\x00') exit(0x0) fstat(r0, &(0x7f0000002d80)) 23:33:32 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00\xc2(t\xf56c\xf71E\x9e\x90\xac\xa4\x19\x7f\xa1\xb8\x02x9\xff0\x7f\x94\xa7\xbeX\xd2\xed\x0e^>@\xaf\x11c\xce19\xf5\xf8\xd3\x19k\x1d\xa5\x99\x89\xb4=\x1b\xde\x88g\xf4\xadi\xef\xbe\x13\xaaU\xdc\xdcw\r\xe1 jy8\n%\xde\x86\xb8ExAkCBp\x18/\x80W.[\r\x13\xc0e\x8f9i\xc5\x95\xca\xd1\xba&?\xe65}\xe9\nl\xb4b\xa7\x9dH\"\xf3\xaa>4\xe9A$\xf9\x04\xeb\xd5\x00\xb7,\x80\x1a\xaf\xbeP\f\xec\xa8\xc1l\xbb\xe9\xc2\x01\xe7\xf4mD\x80m\xc2\xbd|\x06\b\xd2\xc9\xdb\xcb\x83\xb2\xda\xa7\xc5\xf1J\xd2\xf7i\x95\xb7\xc0\xf4nEU.\x0e\x9b\xb6\x87\x13\xd5\xa8\x7f\x16\xc3\xac\x9d,\xa24>9\xa46\x8c\x7f\x00\x00\x00\x00\x00\x00\x00\x04\xf6\x8f\x0e|\xa0|\x8aw\x87\x9f\xec\xebQ\xa2\xf4[3\xdeF\xce\xf2\xb4\xf9H@\xce8\xe4\xf8\xd3\xf0', 0x200002, 0x0) fchdir(r1) r2 = creat(&(0x7f0000000000)='./file1\x00', 0x0) r3 = creat(&(0x7f0000000040)='./file1\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x5) fallocate(r3, 0x3, 0x0, 0x8001) ioctl$FS_IOC_FIEMAP(r3, 0xc020660b, &(0x7f0000000280)={0xffff, 0xfffffffffffffffd}) 23:33:32 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ZERO(0xffffffffffffffff, 0x0, 0x48f, &(0x7f0000000040)={0x0, @multicast2, 0x0, 0x0, 'none\x00'}, 0x2c) setsockopt$IP_VS_SO_SET_ZERO(r0, 0x0, 0x60, &(0x7f0000000000)={0x0, @empty, 0x0, 0x0, 'dh\x00', 0x0, 0x0, 0x1fffffbf}, 0x2c) 23:33:32 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) fallocate(r1, 0x0, 0x40000, 0xfff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fallocate(r0, 0x0, 0x0, 0x110001) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, r1}) 23:33:33 executing program 3: r0 = socket$kcm(0x10, 0x20000000000002, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000540)="1b00000019003ffe2a46f799e7ce00fe029ac2a001000000fc0500", 0x1b}], 0x1}, 0x0) 23:33:33 executing program 0: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x100000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r1, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r2, 0x2401, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0x9) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) 23:33:33 executing program 1: socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x3, 0x8) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'sit0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000180)=0x20, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) 23:33:33 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2e, 0xf}}, &(0x7f0000000000)='syzkaller\x00', 0x1, 0x99, &(0x7f0000000180)=""/153}, 0x48) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000a00)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="c3acc6eb3fde57ae8141342b975d", 0x0, 0x67ea}, 0x28) 23:33:33 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x2000001000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r1 = memfd_create(&(0x7f00000001c0)='b\n\x00\xc7/\xb1!\b(\xbfy\xfe\xfa\xc9\xd3v\xaaT\xb2\xa6\x02\xf1\x9c\x04|\x15\x8d\xb6sxqg\x00\xc0\xfc\xf3&\xe3f\x90\xcb1\x11\xfb\xfa\xdf\xe0p\x02\xe5\xbd0\x9e\x11\xad#\x17\xa5\xcf$R\xa2\xd8E\xc9\x88*\xd1{r\xca\x05\x00\x00\x00\x00\x00\x00\x00\xb0!\xf8WP\x98\\\xa0\x86\xccF\xca\xba\xa2\xae\x01#\xb0=\xecG\xfb\x00\x00\x80>\x00\xdd\xf2\x14\x12@-V\xed\xdaV\xa6\x03\xd5\xa6\x91L;\xe1\x97\xccO\xca\xf5\xccw\xa8\f\xa2\xa9p\xec\x16\xb1\x15:\xee\xcdc\xe4<\xad\xdd\xf8\v\xaf\'a_T\x98\xfd\x8d\x8d\x8e\xbf\xbfTF\xd7\x84\x8et\xeb\xbbBA\x8d\xb6 \x85\xee\xa7\x9f\xc5c)\xc2\x1a\xfb\x90\xf7\xef\x8el\n\xcf\x06\x86\xd9\xc1\xff\xc1\xd1\xc1<\x80\x17\xade\xcb\x14\xb8CkFt\v\xa3\x1d\x1b\xef\xe7A\xb0\xe4\x8bE\x00'/237, 0x4) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1e, 0x4013, r1, 0x0) 23:33:33 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x4, 0x1) pwritev(r1, &(0x7f0000000400)=[{&(0x7f0000000140)="5882ce004c63123b2d09311a060e1a5c3943f7aa01e04fdadeb0911dedc1aea490dce640686ed19c45c1f8802cb156cccd2d01fb38a6b2239a633ce1f21674f99114d9bdf97688efb600432127f1a4ce940f", 0x52}], 0x1, 0x0) 23:33:33 executing program 5: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000011c0)='/dev/dlm-monitor\x00', 0x800fa, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc0205647, &(0x7f0000001180)={0x9b0000, 0x8, 0x100000001, [], &(0x7f00000000c0)={0x9e091f, 0x8001, [], @p_u32=&(0x7f0000000080)=0x3}}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000001200)=0x1a) ioctl$sock_inet_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000140)) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) openat$uinput(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uinput\x00', 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f00000000c0)={@mcast2, 0x81}) sched_setaffinity(0x0, 0x5, &(0x7f0000000580)=0x6) r3 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x10000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000900)=ANY=[@ANYRES16], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) r5 = socket$inet6(0xa, 0x2, 0xfd9) ioctl(r3, 0x10001, &(0x7f0000000100)="153f6234488dd25d766070") socketpair$unix(0x1, 0x1040000000007, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket(0xa, 0x3, 0x8) r8 = syz_open_dev$amidi(&(0x7f0000000480)='/dev/amidi#\x00', 0x9c4, 0x6fffd) ioctl$TIOCGSID(r8, 0x5429, &(0x7f0000000400)=0x0) ioctl$sock_FIOSETOWN(r6, 0x8901, &(0x7f0000000440)=r9) ioctl$sock_inet_SIOCSIFFLAGS(r7, 0x89a2, &(0x7f0000000180)={'bridge0\x00\x00\x01\x00', 0x4}) accept$ax25(r6, &(0x7f0000000780)={{0x3, @null}, [@netrom, @rose, @default, @rose, @netrom, @bcast, @default, @netrom]}, &(0x7f0000000380)=0x48) setsockopt$sock_int(r5, 0x1, 0x20, &(0x7f0000000240), 0x4) ioctl$RTC_WKALM_RD(r8, 0x80287010, &(0x7f0000000280)) setsockopt$IP_VS_SO_SET_DELDEST(r7, 0x0, 0x488, &(0x7f0000000080)={{0x69, @remote, 0x4e24, 0x200000000, 'lblcr\x00', 0x1e, 0x0, 0x13}, {@remote, 0x4e21, 0x7, 0xffff, 0x7f, 0x2}}, 0x44) memfd_create(&(0x7f0000000140)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02\x05\x00\x00\x00\xac', 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r2, 0x29, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="6df3d91f2865000000000000000000000000000000b151fd0000000000000002000000000000000000000075f66ca1e1ffffffffffffff00000000000000000000002dc900f5e79fec0bc09d9b3ae3bf04d5843c74fcde34591d9936607fe6ad42bbda5784f6d0f424ca43a1d67f783be8dbff3fdfd1340a96d8fcc7cbd4f30086112579d01cb0bbae2d65ed2efeb201c46aab7ab09b3c45270d5690a6c6d112c49dec6b98f701"], 0x1) close(r1) dup3(r4, r4, 0x80002) 23:33:33 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x2000001000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r1 = memfd_create(&(0x7f00000001c0)='b\n\x00\xc7/\xb1!\b(\xbfy\xfe\xfa\xc9\xd3v\xaaT\xb2\xa6\x02\xf1\x9c\x04|\x15\x8d\xb6sxqg\x00\xc0\xfc\xf3&\xe3f\x90\xcb1\x11\xfb\xfa\xdf\xe0p\x02\xe5\xbd0\x9e\x11\xad#\x17\xa5\xcf$R\xa2\xd8E\xc9\x88*\xd1{r\xca\x05\x00\x00\x00\x00\x00\x00\x00\xb0!\xf8WP\x98\\\xa0\x86\xccF\xca\xba\xa2\xae\x01#\xb0=\xecG\xfb\x00\x00\x80>\x00\xdd\xf2\x14\x12@-V\xed\xdaV\xa6\x03\xd5\xa6\x91L;\xe1\x97\xccO\xca\xf5\xccw\xa8\f\xa2\xa9p\xec\x16\xb1\x15:\xee\xcdc\xe4<\xad\xdd\xf8\v\xaf\'a_T\x98\xfd\x8d\x8d\x8e\xbf\xbfTF\xd7\x84\x8et\xeb\xbbBA\x8d\xb6 \x85\xee\xa7\x9f\xc5c)\xc2\x1a\xfb\x90\xf7\xef\x8el\n\xcf\x06\x86\xd9\xc1\xff\xc1\xd1\xc1<\x80\x17\xade\xcb\x14\xb8CkFt\v\xa3\x1d\x1b\xef\xe7A\xb0\xe4\x8bE\x00'/237, 0x4) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1e, 0x4013, r1, 0x0) futex(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0x0, 0x0) 23:33:33 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) r1 = dup(r0) write$FUSE_ATTR(r1, &(0x7f0000000200)={0x328}, 0x78) ppoll(&(0x7f00000001c0)=[{r0, 0x40}], 0x1, 0x0, 0x0, 0x0) 23:33:33 executing program 1: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x1ff, 0xc000000100079) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$KVM_SET_CPUID(r0, 0xc0185500, &(0x7f0000000080)=ANY=[@ANYBLOB="2303"]) 23:33:33 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) fallocate(r1, 0x0, 0x40000, 0xfff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fallocate(r0, 0x0, 0x0, 0x110001) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, r1}) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000140)={0x0, @in6={{0xa, 0x0, 0x0, @loopback}}, [0x0, 0x0, 0x5, 0xff, 0x0, 0x200, 0x0, 0x9, 0x1000, 0x0, 0x0, 0x0, 0x10af]}, 0x0) 23:33:33 executing program 2: recvmsg$kcm(0xffffffffffffffff, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000001680)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x801, 0x0) write$sndseq(r0, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xff33) [ 179.785343][ T8023] bridge0: port 3(gretap0) entered blocking state [ 179.859672][ T8023] bridge0: port 3(gretap0) entered disabled state [ 179.922160][ T8050] vhci_hcd: invalid port number 0 23:33:33 executing program 4: perf_event_open$cgroup(0x0, 0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x5, 0x0) ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000200)=0xa7) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000c00)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0xfdef) [ 179.969175][ T8023] device gretap0 entered promiscuous mode [ 180.001761][ T8023] bridge0: port 3(gretap0) entered blocking state [ 180.008765][ T8023] bridge0: port 3(gretap0) entered forwarding state [ 180.128800][ T8058] device nr0 entered promiscuous mode 23:33:33 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) r1 = dup(r0) write$FUSE_ATTR(r1, &(0x7f0000000200)={0x328}, 0x78) ioctl$SG_IO(r1, 0x2275, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, @scatter={0x0, 0x2, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 23:33:33 executing program 0: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000003f40)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002a80)=[{0x78, 0x0, 0x0, "2b0a9adb2466d8d11346485f4dc930837bb8754e06128fdcc2a62fdb984d8e57b32779e9ca04cd61c068dfc95d43f5ea939a56808464fd8dcc920116f1eaafdc4232cfe3bbd6ecaf66e08d9228573bd632dcd40997c0c193ff8e613d8734f1ab1b1325c2926401b0"}], 0x78}, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000001400)='/dev/sequencer\x00', 0x40001, 0x0) write$sndseq(r0, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xff33) 23:33:33 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) fallocate(r1, 0x0, 0x40000, 0xfff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fallocate(r0, 0x0, 0x0, 0x110001) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, r1}) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000140)={0x0, @in6={{0xa, 0x0, 0x0, @loopback}}, [0x0, 0x0, 0x5, 0xff, 0x0, 0x200, 0x0, 0x9, 0x1000, 0x0, 0x0, 0x0, 0x10af]}, 0x0) 23:33:33 executing program 2: r0 = syz_open_dev$swradio(&(0x7f0000000080)='/dev/swradio#\x00', 0x1, 0x2) socket$inet6_tcp(0xa, 0x1, 0x0) epoll_create1(0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x10000014c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f00000002c0)={0x0, 0x0}) pwrite64(r0, &(0x7f0000000400), 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 23:33:33 executing program 5: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000011c0)='/dev/dlm-monitor\x00', 0x800fa, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc0205647, &(0x7f0000001180)={0x9b0000, 0x8, 0x100000001, [], &(0x7f00000000c0)={0x9e091f, 0x8001, [], @p_u32=&(0x7f0000000080)=0x3}}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000001200)=0x1a) ioctl$sock_inet_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000140)) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) openat$uinput(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uinput\x00', 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f00000000c0)={@mcast2, 0x81}) sched_setaffinity(0x0, 0x5, &(0x7f0000000580)=0x6) r3 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x10000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000900)=ANY=[@ANYRES16], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) r5 = socket$inet6(0xa, 0x2, 0xfd9) ioctl(r3, 0x10001, &(0x7f0000000100)="153f6234488dd25d766070") socketpair$unix(0x1, 0x1040000000007, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket(0xa, 0x3, 0x8) r8 = syz_open_dev$amidi(&(0x7f0000000480)='/dev/amidi#\x00', 0x9c4, 0x6fffd) ioctl$TIOCGSID(r8, 0x5429, &(0x7f0000000400)=0x0) ioctl$sock_FIOSETOWN(r6, 0x8901, &(0x7f0000000440)=r9) ioctl$sock_inet_SIOCSIFFLAGS(r7, 0x89a2, &(0x7f0000000180)={'bridge0\x00\x00\x01\x00', 0x4}) accept$ax25(r6, &(0x7f0000000780)={{0x3, @null}, [@netrom, @rose, @default, @rose, @netrom, @bcast, @default, @netrom]}, &(0x7f0000000380)=0x48) setsockopt$sock_int(r5, 0x1, 0x20, &(0x7f0000000240), 0x4) ioctl$RTC_WKALM_RD(r8, 0x80287010, &(0x7f0000000280)) setsockopt$IP_VS_SO_SET_DELDEST(r7, 0x0, 0x488, &(0x7f0000000080)={{0x69, @remote, 0x4e24, 0x200000000, 'lblcr\x00', 0x1e, 0x0, 0x13}, {@remote, 0x4e21, 0x7, 0xffff, 0x7f, 0x2}}, 0x44) memfd_create(&(0x7f0000000140)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02\x05\x00\x00\x00\xac', 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r2, 0x29, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="6df3d91f2865000000000000000000000000000000b151fd0000000000000002000000000000000000000075f66ca1e1ffffffffffffff00000000000000000000002dc900f5e79fec0bc09d9b3ae3bf04d5843c74fcde34591d9936607fe6ad42bbda5784f6d0f424ca43a1d67f783be8dbff3fdfd1340a96d8fcc7cbd4f30086112579d01cb0bbae2d65ed2efeb201c46aab7ab09b3c45270d5690a6c6d112c49dec6b98f701"], 0x1) close(r1) dup3(r4, r4, 0x80002) 23:33:33 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x15, 0x10, 0xc8, 0x0, 0x8}, 0x3c) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000000)={r0, 0x0, 0x0}, 0x18)