[ 38.826359][ T26] audit: type=1800 audit(1554689129.764:25): pid=7757 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 38.852780][ T26] audit: type=1800 audit(1554689129.764:26): pid=7757 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 38.887503][ T26] audit: type=1800 audit(1554689129.764:27): pid=7757 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] startpar: service(s) returned failure: ssh ...[?25l[?1c7[FAIL8[?25h[?0c failed! Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.8' (ECDSA) to the list of known hosts. 2019/04/08 02:05:39 fuzzer started 2019/04/08 02:05:41 dialing manager at 10.128.0.26:34543 2019/04/08 02:05:42 syscalls: 2408 2019/04/08 02:05:42 code coverage: enabled 2019/04/08 02:05:42 comparison tracing: enabled 2019/04/08 02:05:42 extra coverage: extra coverage is not supported by the kernel 2019/04/08 02:05:42 setuid sandbox: enabled 2019/04/08 02:05:42 namespace sandbox: enabled 2019/04/08 02:05:42 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/08 02:05:42 fault injection: enabled 2019/04/08 02:05:42 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/08 02:05:42 net packet injection: enabled 2019/04/08 02:05:42 net device setup: enabled 02:07:54 executing program 0: syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000681000)=@abs, 0x8) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$binfmt_aout(r1, &(0x7f0000000580)=ANY=[@ANYBLOB="0000000000000000000008000000000000000000001c3adde6863809aa0000004e2311a4a1027777bf4059f358dc1ab73301ad9a85afe827389338a0ddbe9f63e90900000000000000d94fcadcb572c54f42bb8c0d7de02d9bf7"], 0x5a) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) ioctl$RTC_ALM_READ(0xffffffffffffffff, 0x80247008, 0x0) ioctl$RTC_PIE_OFF(r0, 0x7006) syzkaller login: [ 183.722356][ T7944] IPVS: ftp: loaded support on port[0] = 21 02:07:54 executing program 1: socketpair(0x1, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) write$cgroup_int(r1, &(0x7f0000000980), 0xffffff4d) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmsg$kcm(r0, &(0x7f0000000200)={&(0x7f0000000040)=@ax25, 0x2, &(0x7f0000000000)=[{&(0x7f0000000080)=""/151, 0xffffff77}], 0x1, &(0x7f00000001c0)=""/17, 0xffda}, 0x3f00) ioctl$sock_kcm_SIOCKCMUNATTACH(r1, 0x5452, &(0x7f0000000280)) [ 183.830707][ T7944] chnl_net:caif_netlink_parms(): no params data found [ 183.908413][ T7944] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.932934][ T7944] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.942322][ T7944] device bridge_slave_0 entered promiscuous mode [ 183.954010][ T7944] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.961242][ T7944] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.971147][ T7944] device bridge_slave_1 entered promiscuous mode [ 183.999760][ T7944] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 184.012312][ T7944] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 184.045833][ T7944] team0: Port device team_slave_0 added [ 184.056861][ T7947] IPVS: ftp: loaded support on port[0] = 21 [ 184.064746][ T7944] team0: Port device team_slave_1 added 02:07:55 executing program 2: r0 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x400806e, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) sendto$inet6(r0, &(0x7f0000001440)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e5d37149eb0f4a333726cf6d5b7647306559155f1c69d6bfd145b83576f2df4d85f271fd4119db923e2412c66dd954eb59dddc7e1fd286a83971b2ba1c63b4f99702cf91f3d1ecffb8ae189c79b403805e83650c251a564942896f205640c23b0cf51fe9bd931f54a343794710a9cd53cef20938edddb2bfa3cac9597410be0aacbb8f9d314abd999ba396521b6c10bec7bc9d0745a80299342f5cf89eb9d94044258fbb18cec1cdbbc016a773d3ae41e3e30248e716fd0873d31454902cbe7dcf7d644dfadc255d99652b5ed5a5b1a75e3ad49cf80178678402e4fd99e3200119d3a755d009889b2e6138f81dc02eedcc353aceb2f7781aea08aa91be7e1e2416ba3d555b1f2237f68c5d7dcfcb1b917c292a35d6d7e7cf2cb1dd6dba5a50ce55c4638d7d38cb7afd8da02f281ab69392bc6531eb03eb97c1d075e3342c244861d04bcad8991b8f588e48ad7fe218d2f5e604bb31c59241245b485210fe418af3d6377b59d5ab128497efeced38cc5036b1f34cb89674b5179219f34b9e8e1849695d7c23cce77eb8f038ef9f2cd69d1c9e2d6b46610adbadbdad857a77f59d38cb5120709716b87c52a48de249b231d7e39985b8b58094c0d7b4c6d1671a8ff9d2daaca94df2adcff6420077df0ddbc66d00b141ffc6e28bed09a19056e52a905a72c99a04af56b22da83135808ba2bfe87a39753447e78500d16bdad52d97df73d4852a79e7ec6910701b712cfd58c62b3ade86cf6ff0cd78719fa1ae81640381cb33f4f6b03c913e820cf9eb9b5cf7df9c878596c9ac9444cad118673fe339b4b7287b310ecff4742bfea2612d79d418293f0dfe14bc819c466473438ad71ea3b1386d17a9038b1f5a9285481500f84f4c7eabbf2eb071a101c69cce8e7495bda4c28a4e88f6a258abf58579c290eeb742b2678daab3ecc8c2bf97d89e89472901e254dd63ca7d918f8a7523161e29b28f64b0df1a7bb4a17d0ad734c321623e246bb0b5aaa08e8e7ac42b74ba83c70a8ca80068400be6adc3f4b01ba1050b54e6e4cf72fb567fbd27b74b2bfa7b7cabc6938851c13c6df7d5aaca79afd89b5e925379b959c7929ddfa3399695343f435772d70e5cfa3550377d23f50011ad5657e94c464cd43eb85496fd3b03bcb2d9278ceb432194d9893ffa747dfe85309874737a2ff34bf8c89f15da7cc0853434117d744e30360b38ef1a063f9ee506f048e9980054e6c5c5688d04ece6067ac55bccc9a7773a2c4e21c039d153622130faff9fd675d64ad7284bd011b9b224713a721b4b731cf342357642a1a0bb846f5be443b7e72e9825b5f3a078c6ae09e4512dd93a5be1af13a49e6a33938509d3557aecf2356ac2329871b662a99cf3fd2486b064e7e6f90c1f8d632186a8bda338b02d45da4ea9041d42a23f40b93346dddc473a9f1a3d9f0285b7e48cbb87bc34d44b090a5e2aaf4764a10a44168f1719eff0b0d9bc1ce07750af4c21d0c67eae0799e91328c8b14869e4edd255a41735a2b1818aa9d3b271ba757af010ae6dbad89aa0d8f5b6f8ef3917adcedf247ebffcf9ade407dfb50948aa97077a195b5f6eeff443be20f383aa8ebbb4b0f2e888cb7cde9ec09177f4576576f088430e4a61d352607113ce7118f2d00", 0x55f, 0xc001, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet6(r0, &(0x7f0000000040)="c5cbdeda579d85f4a014ee69", 0xc, 0x0, 0x0, 0x0) [ 184.185598][ T7944] device hsr_slave_0 entered promiscuous mode [ 184.233127][ T7944] device hsr_slave_1 entered promiscuous mode [ 184.305418][ T7949] IPVS: ftp: loaded support on port[0] = 21 [ 184.315683][ T7944] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.323046][ T7944] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.331030][ T7944] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.338236][ T7944] bridge0: port 1(bridge_slave_0) entered forwarding state 02:07:55 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000002c0)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006ed"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000000000008f03"]) [ 184.403637][ T7947] chnl_net:caif_netlink_parms(): no params data found [ 184.516336][ T7944] 8021q: adding VLAN 0 to HW filter on device bond0 [ 184.564486][ T7950] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 184.580188][ T7950] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.600177][ T7950] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.609712][ T7950] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 184.640192][ T7944] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.661686][ T7953] IPVS: ftp: loaded support on port[0] = 21 02:07:55 executing program 4: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) epoll_create1(0x0) pipe(&(0x7f00000003c0)) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee67, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000340)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) clock_gettime(0x0, &(0x7f0000000240)) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, 0x0, &(0x7f0000000300)={&(0x7f0000000080), 0x8}) [ 184.691333][ T7947] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.701405][ T7947] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.710789][ T7947] device bridge_slave_0 entered promiscuous mode [ 184.779398][ T7950] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 184.795478][ T7950] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.802606][ T7950] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.835086][ T7950] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 184.855793][ T7950] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.862994][ T7950] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.884975][ T7947] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.892104][ T7947] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.923703][ T7947] device bridge_slave_1 entered promiscuous mode [ 184.945074][ T7947] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 184.964039][ T7947] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 184.980436][ T7949] chnl_net:caif_netlink_parms(): no params data found 02:07:55 executing program 5: capset(&(0x7f0000a31000)={0x19980330}, &(0x7f00009b3000)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7) [ 185.006693][ T7950] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 185.026554][ T7957] IPVS: ftp: loaded support on port[0] = 21 [ 185.068653][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 185.081893][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 185.098051][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 185.107338][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 185.116777][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 185.125534][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 185.139956][ T7947] team0: Port device team_slave_0 added [ 185.147959][ T7947] team0: Port device team_slave_1 added [ 185.167626][ T7950] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 185.176084][ T7950] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 185.184962][ T7950] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 185.215293][ T7959] IPVS: ftp: loaded support on port[0] = 21 [ 185.226200][ T7944] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 185.335896][ T7947] device hsr_slave_0 entered promiscuous mode [ 185.393310][ T7947] device hsr_slave_1 entered promiscuous mode [ 185.466280][ T7949] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.474356][ T7949] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.482228][ T7949] device bridge_slave_0 entered promiscuous mode [ 185.491447][ T7949] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.498748][ T7949] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.506983][ T7949] device bridge_slave_1 entered promiscuous mode [ 185.543650][ T7953] chnl_net:caif_netlink_parms(): no params data found [ 185.566661][ T7944] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 185.589899][ T7949] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 185.602071][ T7949] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 185.726015][ T7949] team0: Port device team_slave_0 added [ 185.759036][ T7949] team0: Port device team_slave_1 added [ 185.775416][ T7953] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.782555][ T7953] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.795320][ T7953] device bridge_slave_0 entered promiscuous mode [ 185.891943][ T7953] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.902990][ T7953] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.911078][ T7953] device bridge_slave_1 entered promiscuous mode [ 185.948722][ T7968] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 185.958537][ T7968] FAT-fs (loop0): Filesystem has been set read-only [ 185.960657][ T7947] 8021q: adding VLAN 0 to HW filter on device bond0 [ 185.969686][ T7968] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17) [ 185.992905][ C0] hrtimer: interrupt took 27145 ns 02:07:57 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000100)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_MODESET_CTL(r0, 0x40086408, &(0x7f00000000c0)) [ 186.010424][ T7971] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 186.022206][ T7949] device hsr_slave_0 entered promiscuous mode [ 186.030119][ T7971] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17) [ 186.038590][ T7968] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 186.047472][ T7968] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17) [ 186.075250][ T7949] device hsr_slave_1 entered promiscuous mode 02:07:57 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000100)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000040)={0x0, 0x0, r0}) [ 186.133098][ T7959] chnl_net:caif_netlink_parms(): no params data found 02:07:57 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000139ff0)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="d2", 0x1}], 0x1}, 0x0) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 186.193531][ T7957] chnl_net:caif_netlink_parms(): no params data found [ 186.224584][ T7953] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 186.241244][ T7953] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 186.257818][ T7950] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 186.268708][ T7950] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 186.300636][ T7947] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.313444][ T7953] team0: Port device team_slave_0 added [ 186.340948][ T7953] team0: Port device team_slave_1 added [ 186.347055][ T7959] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.354482][ T7959] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.362150][ T7959] device bridge_slave_0 entered promiscuous mode [ 186.370407][ T7959] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.377667][ T7959] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.385824][ T7959] device bridge_slave_1 entered promiscuous mode [ 186.474734][ T7953] device hsr_slave_0 entered promiscuous mode [ 186.533066][ T7953] device hsr_slave_1 entered promiscuous mode [ 186.594884][ T7959] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 186.626391][ T2996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.635441][ T2996] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.644168][ T2996] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.651242][ T2996] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.659037][ T2996] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.668556][ T2996] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 186.677158][ T2996] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.684288][ T2996] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.691966][ T2996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 186.700795][ T2996] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 186.709461][ T2996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.718184][ T2996] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.727059][ T2996] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 186.735706][ T2996] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 186.746561][ T2996] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.755016][ T2996] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 186.764489][ T7959] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 186.778192][ T7957] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.786410][ T7957] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.794482][ T7957] device bridge_slave_0 entered promiscuous mode [ 186.805688][ T7957] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.812871][ T7957] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.820966][ T7957] device bridge_slave_1 entered promiscuous mode [ 186.845490][ T7957] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 186.855696][ T7957] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 186.880122][ T7959] team0: Port device team_slave_0 added [ 186.887995][ T7959] team0: Port device team_slave_1 added [ 186.901821][ T7957] team0: Port device team_slave_0 added [ 186.911021][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 186.919770][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 186.995249][ T7959] device hsr_slave_0 entered promiscuous mode [ 187.033045][ T7959] device hsr_slave_1 entered promiscuous mode 02:07:58 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getpeername(0xffffffffffffffff, 0x0, 0x0) r2 = gettid() ioctl$FS_IOC_GET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x400c6615, 0x0) dup3(r0, r1, 0x0) write$P9_RREADLINK(0xffffffffffffffff, 0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) getpgrp(0x0) link(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file0\x00') sendto$unix(r1, &(0x7f0000000080)="fffb1867bf5b10988406ae934e02c6cb853c9e56f71458ce13f65c10d19ab5eea5c78a8320007ccfd3e8c49df67cb9ab6296a6835663280d07475c016e920279fca969ab62185ef3159d093cb963026804b7eae4ed910c012b1020e81ca7a84f726d2074c483346f67c2e286043f9f2ea3f716432ff16355da0407cd6a5240183315a3fd3516889c6992a41e1156f142a2ea8b801c72eedc660d8310ebb89b91235e0bed45823fd4e5a3496d29a08c07b7604e570c95c9", 0xb7, 0x0, 0x0, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b67, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) tkill(r2, 0x1000000000016) [ 187.080419][ T7957] team0: Port device team_slave_1 added 02:07:58 executing program 0: r0 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000002180)={'sit0\x00', 0x0}) bind$packet(r0, &(0x7f0000000080)={0x11, 0x0, r1}, 0x14) write(r0, 0x0, 0x3a2) [ 187.126815][ T7950] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 187.143077][ T7950] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 187.160684][ T7949] 8021q: adding VLAN 0 to HW filter on device bond0 02:07:58 executing program 0: r0 = epoll_create1(0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rtc\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)) [ 187.246483][ T7957] device hsr_slave_0 entered promiscuous mode 02:07:58 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000140)='smaps_rollup\x00') mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x42400) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000000)={@mcast2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x20) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) pread64(r2, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000100)={0x0, [0x0, 0x500000000000000]}) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) write$binfmt_elf64(r1, &(0x7f0000000740)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x3, 0x0, 0x0, 0x26f, 0x40, 0x0, 0x0, 0x80000001, 0x38, 0x2, 0x0, 0x6, 0xf8}, [{0x6, 0x0, 0x101, 0xcf4, 0x7, 0xfffffffffffffffc, 0x12, 0x1}], "c36636bff591868e0e1f991a80bf5948bcee8e988ea091a8ead47ebf4c78d1ee2c1e509435ee8d5bca5d76adc851b93eac44285e7f2caf197442d6d936ea9984966c3a6b016b2768a6a8bbeb70f813f3b660ad9a015ec77ee1c5"}, 0xd2) fstat(0xffffffffffffffff, 0x0) fcntl$setpipe(r2, 0x407, 0x401) getresuid(0x0, &(0x7f0000000400), 0x0) dup2(r0, r3) [ 187.293435][ T7957] device hsr_slave_1 entered promiscuous mode [ 187.359796][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.367801][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.383730][ T7949] 8021q: adding VLAN 0 to HW filter on device team0 [ 187.406408][ T7947] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 187.454649][ T7959] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.496237][ T7950] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 187.518988][ T7950] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 187.551273][ T7950] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.558510][ T7950] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.560261][ T7998] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 187.576087][ T7950] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 187.596079][ T7950] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.608870][ T7950] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.616109][ T7950] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.631035][ T7950] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 187.675243][ T7953] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.709268][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.717649][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 187.736544][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 187.759341][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 187.776643][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.794718][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.808540][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 187.820314][ T7959] 8021q: adding VLAN 0 to HW filter on device team0 [ 187.850928][ T7949] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 187.897564][ T7949] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 187.927449][ T7950] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 187.941335][ T7950] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 187.960371][ T7950] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 187.978684][ T7950] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 187.987930][ T7950] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 187.999545][ T7950] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 188.041061][ T7957] 8021q: adding VLAN 0 to HW filter on device bond0 [ 188.069096][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 188.078963][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 188.088296][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 188.097733][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.104907][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.112594][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 188.121322][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 188.129756][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.136891][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.145114][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 188.158061][ T7953] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.170236][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 188.179674][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 188.187681][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 188.195882][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 188.215073][ T7949] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 188.228330][ T7959] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 188.239409][ T7959] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 188.252387][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 188.261750][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 188.270336][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.277564][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.285509][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 188.294124][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 188.302492][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.309630][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.317617][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 188.325794][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 188.333754][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 188.342424][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 188.351071][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 188.360068][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 188.368789][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 188.377375][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 188.386495][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 188.395518][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 188.407780][ T7957] 8021q: adding VLAN 0 to HW filter on device team0 02:07:59 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000100)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_GEM_OPEN(r0, 0xc010640b, &(0x7f0000000040)) [ 188.442529][ T7959] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 188.458642][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 188.468488][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 188.484876][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 188.537998][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 188.555063][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 188.573939][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 188.585423][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 188.594244][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.601303][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.608901][ T8017] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 188.609169][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 188.634927][ T8017] check_preemption_disabled: 3 callbacks suppressed [ 188.634950][ T8017] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/8017 [ 188.636610][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 188.642631][ T8017] caller is ip6_finish_output+0x335/0xdc0 [ 188.653229][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.660476][ T8017] CPU: 0 PID: 8017 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 188.666031][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.672934][ T8017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 188.672942][ T8017] Call Trace: [ 188.672973][ T8017] dump_stack+0x172/0x1f0 [ 188.672994][ T8017] __this_cpu_preempt_check+0x246/0x270 [ 188.673015][ T8017] ip6_finish_output+0x335/0xdc0 [ 188.673039][ T8017] ip6_output+0x235/0x7f0 [ 188.683159][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 188.689487][ T8017] ? ip6_finish_output+0xdc0/0xdc0 [ 188.704889][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 188.707215][ T8017] ? ip6_fragment+0x3980/0x3980 [ 188.707252][ T8017] ip6_local_out+0xc4/0x1b0 [ 188.718779][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 188.722118][ T8017] ip6_send_skb+0xbb/0x350 [ 188.722146][ T8017] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 188.738627][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 188.743252][ T8017] udp_v6_push_pending_frames+0x295/0x3b0 [ 188.743269][ T8017] ? udp_v6_send_skb.isra.0+0x14f0/0x14f0 [ 188.743291][ T8017] ? ip_reply_glue_bits+0xc0/0xc0 [ 188.743312][ T8017] udpv6_sendmsg+0x1b18/0x28d0 [ 188.743325][ T8017] ? ip_reply_glue_bits+0xc0/0xc0 [ 188.743345][ T8017] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 188.743367][ T8017] ? aa_profile_af_perm+0x320/0x320 [ 188.743392][ T8017] ? __fget+0x35a/0x550 [ 188.749734][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 188.752782][ T8017] ? find_held_lock+0x35/0x130 [ 188.752801][ T8017] ? __fget+0x35a/0x550 [ 188.752821][ T8017] ? lock_downgrade+0x880/0x880 [ 188.752857][ T8017] ? ___might_sleep+0x163/0x280 [ 188.752875][ T8017] ? __might_sleep+0x95/0x190 [ 188.752893][ T8017] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 188.752908][ T8017] ? aa_sk_perm+0x288/0x880 [ 188.752931][ T8017] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 188.752950][ T8017] inet_sendmsg+0x147/0x5e0 [ 188.752974][ T8017] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 188.767338][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 188.770798][ T8017] ? inet_sendmsg+0x147/0x5e0 [ 188.787978][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 188.790062][ T8017] ? ipip_gro_receive+0x100/0x100 [ 188.790082][ T8017] sock_sendmsg+0xdd/0x130 [ 188.790109][ T8017] __sys_sendto+0x262/0x380 [ 188.797048][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 188.799943][ T8017] ? __ia32_sys_getpeername+0xb0/0xb0 [ 188.799984][ T8017] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 188.821509][ T7957] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 188.828274][ T8017] ? put_timespec64+0xda/0x140 [ 188.828289][ T8017] ? nsecs_to_jiffies+0x30/0x30 [ 188.828311][ T8017] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 188.828325][ T8017] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 188.828339][ T8017] ? do_syscall_64+0x26/0x610 [ 188.828353][ T8017] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 188.828374][ T8017] __x64_sys_sendto+0xe1/0x1a0 [ 188.828394][ T8017] do_syscall_64+0x103/0x610 [ 188.828414][ T8017] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 188.828425][ T8017] RIP: 0033:0x4582b9 [ 188.828441][ T8017] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 188.828449][ T8017] RSP: 002b:00007f65b9709c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 188.828465][ T8017] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 188.828473][ T8017] RDX: 000000000000000c RSI: 0000000020000040 RDI: 0000000000000003 [ 188.828481][ T8017] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 188.828489][ T8017] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f65b970a6d4 [ 188.828496][ T8017] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 188.836070][ T8017] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/8017 [ 188.839632][ T7957] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 188.843063][ T8017] caller is sk_mc_loop+0x1d/0x210 [ 188.899590][ T8017] CPU: 0 PID: 8017 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 188.899599][ T8017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 188.899604][ T8017] Call Trace: [ 188.899633][ T8017] dump_stack+0x172/0x1f0 [ 188.921510][ T8017] __this_cpu_preempt_check+0x246/0x270 [ 188.921539][ T8017] sk_mc_loop+0x1d/0x210 [ 188.931456][ T7957] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 188.933191][ T8017] ip6_finish_output2+0x17a5/0x2550 [ 188.933207][ T8017] ? find_held_lock+0x35/0x130 [ 188.933223][ T8017] ? ip6_mtu+0x2e6/0x460 [ 188.933240][ T8017] ? ip6_forward_finish+0x580/0x580 [ 188.933255][ T8017] ? lock_downgrade+0x880/0x880 [ 188.933274][ T8017] ? rcu_read_unlock_special+0xf3/0x210 [ 188.933297][ T8017] ip6_finish_output+0x614/0xdc0 [ 188.933321][ T8017] ? ip6_finish_output+0x614/0xdc0 [ 188.948094][ T8019] capability: warning: `syz-executor.5' uses 32-bit capabilities (legacy support in use) [ 188.948918][ T8017] ip6_output+0x235/0x7f0 [ 188.964723][ T8017] ? ip6_finish_output+0xdc0/0xdc0 [ 188.964744][ T8017] ? ip6_fragment+0x3980/0x3980 [ 188.964767][ T8017] ip6_local_out+0xc4/0x1b0 [ 188.964787][ T8017] ip6_send_skb+0xbb/0x350 [ 188.964807][ T8017] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 188.964830][ T8017] udp_v6_push_pending_frames+0x295/0x3b0 [ 188.964854][ T8017] ? udp_v6_send_skb.isra.0+0x14f0/0x14f0 [ 188.964879][ T8017] ? ip_reply_glue_bits+0xc0/0xc0 [ 188.964896][ T8017] udpv6_sendmsg+0x1b18/0x28d0 [ 188.964920][ T8017] ? ip_reply_glue_bits+0xc0/0xc0 [ 189.014481][ T8017] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 189.014504][ T8017] ? aa_profile_af_perm+0x320/0x320 [ 189.014519][ T8017] ? __fget+0x35a/0x550 [ 189.014534][ T8017] ? find_held_lock+0x35/0x130 [ 189.014546][ T8017] ? __fget+0x35a/0x550 [ 189.014566][ T8017] ? lock_downgrade+0x880/0x880 [ 189.014585][ T8017] ? ___might_sleep+0x163/0x280 [ 189.014601][ T8017] ? __might_sleep+0x95/0x190 [ 189.014619][ T8017] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 189.014630][ T8017] ? aa_sk_perm+0x288/0x880 [ 189.014652][ T8017] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 189.014672][ T8017] inet_sendmsg+0x147/0x5e0 [ 189.014687][ T8017] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 189.014699][ T8017] ? inet_sendmsg+0x147/0x5e0 [ 189.014714][ T8017] ? ipip_gro_receive+0x100/0x100 [ 189.014733][ T8017] sock_sendmsg+0xdd/0x130 [ 189.014754][ T8017] __sys_sendto+0x262/0x380 [ 189.014774][ T8017] ? __ia32_sys_getpeername+0xb0/0xb0 [ 189.014808][ T8017] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 189.014823][ T8017] ? put_timespec64+0xda/0x140 [ 189.014837][ T8017] ? nsecs_to_jiffies+0x30/0x30 [ 189.014873][ T8017] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 189.014889][ T8017] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 189.014903][ T8017] ? do_syscall_64+0x26/0x610 [ 189.014918][ T8017] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.014934][ T8017] __x64_sys_sendto+0xe1/0x1a0 [ 189.014948][ T8017] do_syscall_64+0x103/0x610 [ 189.014963][ T8017] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.014987][ T8017] RIP: 0033:0x4582b9 [ 189.015004][ T8017] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 189.047548][ T8017] RSP: 002b:00007f65b9709c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 189.047565][ T8017] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 189.047572][ T8017] RDX: 000000000000000c RSI: 0000000020000040 RDI: 0000000000000003 [ 189.047579][ T8017] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 189.047586][ T8017] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f65b970a6d4 [ 189.047594][ T8017] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 189.462603][ T8020] sp0: Synchronizing with TNC [ 189.479745][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 189.488012][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 189.502927][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 189.512098][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 189.533937][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 189.542949][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.551605][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 189.560454][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 189.569169][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 189.577819][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 02:08:00 executing program 2: openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(0xffffffffffffffff, 0x80045530, 0x0) r0 = open(0x0, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000007c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, 0x0, 0x0) ioctl$VIDIOC_DBG_S_REGISTER(r0, 0x4038564f, &(0x7f00000001c0)={{0x0, @addr=0x7ff}, 0x8, 0x4, 0x7}) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) socket$packet(0x11, 0xa, 0x300) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) ioctl$SG_GET_REQUEST_TABLE(0xffffffffffffffff, 0x2286, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0) bind$xdp(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_elf64(r1, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) socketpair$unix(0x1, 0x200000005, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 189.586380][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 189.595361][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 189.604149][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 189.612218][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 189.714670][ T7953] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 189.763034][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 189.769047][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 189.785267][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 189.791122][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 189.822949][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 189.828800][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 189.870427][ T7953] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 189.903006][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 189.908851][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 189.942993][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 189.948858][ C1] protocol 88fb is buggy, dev hsr_slave_1 02:08:01 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000700)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PDEATHSIG(0x1, 0x0) 02:08:01 executing program 4: r0 = socket$rds(0x15, 0x5, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) bind$rds(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$rds(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f00000002c0)=[@mask_cswp={0x58, 0x114, 0x9, {{}, &(0x7f0000000e80), 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f}}], 0x58}, 0x0) 02:08:01 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) getsockopt$bt_hci(r0, 0x0, 0x3, &(0x7f0000000040)=""/117, &(0x7f00000000c0)=0x75) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgid(0xffffffffffffffff) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000044ff8)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000bc000)=@abs, 0x8) sendmmsg$unix(r2, &(0x7f00000bd000), 0x80, 0x0) connect$unix(r1, &(0x7f00003de000)=@file={0x1, './file0\x00'}, 0xa) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$binfmt_aout(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="0000000000000000000008000000000000000000001c3adde6960000000000004e2311a4a1027777389338a0dd8d24f7f2ceb393be9f63e90900000000000000d94fcadcb572c54f42a18c0d7d462d9bf774a2d8fa246a1f22796dbb1ceeb7bd4300000000000002000000"], 0x6b) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) ioctl$RTC_ALM_READ(r3, 0x80247008, 0x0) ioctl$RTC_PIE_OFF(r3, 0x7006) 02:08:01 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000700)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_MCE_KILL(0x26, 0x1, 0x0) 02:08:01 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000100)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000080)) 02:08:01 executing program 2: r0 = syz_open_dev$dri(&(0x7f0000000100)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_GET_STATS(r0, 0x80f86406, &(0x7f0000000040)=""/86) 02:08:01 executing program 3: recvmmsg(0xffffffffffffffff, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f0000002580)=[{&(0x7f00000012c0)=""/115, 0x73}], 0x1}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='sessionid\x00') preadv(r0, &(0x7f0000000480), 0x100000000000029c, 0x0) 02:08:01 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=@getstats={0x1c, 0x43, 0x301, 0x0, 0x0, {0xa}}, 0x1c}}, 0x0) 02:08:01 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000100)='/dev/dri/card#\x00', 0x0, 0x0) ppoll(&(0x7f0000000040)=[{r0}], 0x1, &(0x7f0000000080)={0x0, 0x1c9c380}, 0x0, 0x0) 02:08:01 executing program 5: mkdir(&(0x7f0000000240)='./control\x00', 0x0) lsetxattr$system_posix_acl(&(0x7f0000000040)='./control\x00', &(0x7f0000000080)='system.posix_acl_default\x00', &(0x7f0000000bc0)={{}, {}, [{}], {}, [{}, {}]}, 0x3c, 0x1) mkdir(&(0x7f0000000000)='./control/file0\x00', 0x0) 02:08:01 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000005540)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000200)) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000000)={0xfffffffffffffffe, 0x4000}) [ 190.712408][ T8076] atomic_op 00000000d4cb6fd2 conn xmit_atomic (null) [ 190.750510][ T8081] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 190.809587][ T8090] atomic_op 0000000051a3d9ce conn xmit_atomic (null) 02:08:01 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000180)={0x2, 0x0, [{0x1}, {0xd, 0xde}]}) 02:08:01 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000700)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) keyctl$instantiate(0xc, 0x0, 0x0, 0x0, 0x0) 02:08:01 executing program 1: r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg(r0, &(0x7f0000004240)=[{{&(0x7f0000001300)=@in6={0xa, 0x4e20, 0x0, @remote, 0x1000}, 0x80, 0x0}}], 0x1, 0x24000004) [ 191.438599][ T8079] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 191.453908][ T8079] FAT-fs (loop0): Filesystem has been set read-only [ 191.464758][ T8079] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17) 02:08:02 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) socketpair$unix(0x1, 0x800000000002, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$TCFLSH(r0, 0x80045438, 0x70a000) 02:08:02 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, &(0x7f0000000180)="3edfdf6567360fae8200400000440f20c0663502000000440f22c0f3a70f0666b9b603000066b8f98a7c5a66ba5e232f580f300f23a2ed64f30f0d960090d1ac0000", 0x42}], 0x1, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000009000/0x18000)=nil, 0x0, 0x0, 0x8, &(0x7f0000000140)=[@cr4, @dstype0={0x6, 0xc}], 0x2) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) 02:08:02 executing program 2: 02:08:02 executing program 1: 02:08:02 executing program 0: 02:08:02 executing program 4: [ 191.500544][ T8079] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 191.510634][ T8079] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17) [ 191.530456][ T8117] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 191.541870][ T8117] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17) 02:08:02 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x8}, 0x37a) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=@getstats={0x1c, 0x1a, 0x301, 0x0, 0x0, {0xa}}, 0x1c}}, 0x0) 02:08:02 executing program 1: r0 = perf_event_open(0x0, 0x0, 0xd, 0xffffffffffffffff, 0x8000000000000000) socket$unix(0x1, 0x1, 0x0) socket$unix(0x1, 0x3, 0x0) bind$unix(0xffffffffffffffff, 0x0, 0x0) listen(0xffffffffffffffff, 0xffffffffffffffec) ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) r1 = syz_open_procfs(0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) utime(0x0, &(0x7f0000000140)) ioctl$FIONREAD(r1, 0x541b, 0x0) setsockopt$netlink_NETLINK_CAP_ACK(0xffffffffffffffff, 0x10e, 0xa, 0x0, 0x0) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) socketpair$unix(0x1, 0x2000000000, 0x0, 0x0) fcntl$lock(r2, 0xfffffffffffffffe, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) write$P9_RGETLOCK(r0, 0x0, 0x0) r4 = socket$inet6(0xa, 0x400000000001, 0x0) r5 = dup(r4) bind$inet6(r4, &(0x7f0000000600)={0xa, 0x4e20, 0x800, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x5e, 0x20000008, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet_tcp_int(r5, 0x6, 0x13, &(0x7f0000000180)=0x1, 0x4) setsockopt$inet_tcp_int(r5, 0x6, 0x18, &(0x7f00000001c0), 0x4) r6 = open(&(0x7f0000000000)='./bus\x00', 0x100000141042, 0x0) ftruncate(r6, 0x10099b7) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000200)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x5}]}, 0x10) sendfile(r4, r6, 0x0, 0x8000fffffffe) connect$unix(r5, &(0x7f0000006780)=@file={0x0, './bus\x00'}, 0x6e) 02:08:02 executing program 4: 02:08:02 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) socketpair$unix(0x1, 0x800000000002, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$TCFLSH(r0, 0x80045438, 0x70a000) 02:08:02 executing program 4: 02:08:02 executing program 0: [ 191.819020][ T8141] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 02:08:02 executing program 2: [ 191.928247][ T8141] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/8141 [ 191.937964][ T8141] caller is ip6_finish_output+0x335/0xdc0 [ 191.945315][ T8141] CPU: 1 PID: 8141 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 191.954383][ T8141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 191.964457][ T8141] Call Trace: [ 191.967771][ T8141] dump_stack+0x172/0x1f0 [ 191.972133][ T8141] __this_cpu_preempt_check+0x246/0x270 [ 191.977722][ T8141] ip6_finish_output+0x335/0xdc0 [ 191.982685][ T8141] ip6_output+0x235/0x7f0 [ 191.987045][ T8141] ? ip6_finish_output+0xdc0/0xdc0 [ 191.992183][ T8141] ? ip6_fragment+0x3980/0x3980 [ 191.997074][ T8141] ip6_xmit+0xe41/0x20c0 [ 192.001350][ T8141] ? ip6_finish_output2+0x2550/0x2550 [ 192.006735][ T8141] ? mark_held_locks+0xf0/0xf0 [ 192.011524][ T8141] ? ip6_setup_cork+0x1870/0x1870 [ 192.016592][ T8141] inet6_csk_xmit+0x2fb/0x5d0 [ 192.021311][ T8141] ? inet6_csk_update_pmtu+0x190/0x190 [ 192.026812][ T8141] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.033103][ T8141] ? csum_ipv6_magic+0x20/0x80 [ 192.033142][ T8141] __tcp_transmit_skb+0x1a32/0x3750 [ 192.033167][ T8141] ? __tcp_select_window+0x8b0/0x8b0 [ 192.033188][ T8141] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.033213][ T8141] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 192.043227][ T8141] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 192.043247][ T8141] tcp_connect+0x1e47/0x4280 [ 192.043272][ T8141] ? tcp_push_one+0x110/0x110 [ 192.043288][ T8141] ? secure_tcpv6_ts_off+0x24f/0x360 [ 192.043304][ T8141] ? secure_dccpv6_sequence_number+0x280/0x280 [ 192.043327][ T8141] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.075853][ T8141] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.087285][ T8141] ? prandom_u32_state+0x13/0x180 [ 192.087306][ T8141] tcp_v6_connect+0x150b/0x20a0 [ 192.087322][ T8141] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 192.087339][ T8141] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 192.087360][ T8141] ? __switch_to_asm+0x34/0x70 02:08:03 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000100)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f0000000140)) 02:08:03 executing program 4: 02:08:03 executing program 2: 02:08:03 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000700)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_CAP_AMBIENT(0x2f, 0x0, 0x0) 02:08:03 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) socketpair$unix(0x1, 0x800000000002, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$TCFLSH(r0, 0x80045438, 0x70a000) [ 192.087381][ T8141] ? __switch_to_asm+0x40/0x70 [ 192.120388][ T8141] ? find_held_lock+0x35/0x130 [ 192.129923][ T8141] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 192.129949][ T8141] __inet_stream_connect+0x83f/0xea0 [ 192.129972][ T8141] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 192.150948][ T8141] ? __inet_stream_connect+0x83f/0xea0 [ 192.156447][ T8141] ? inet_dgram_connect+0x2e0/0x2e0 [ 192.161699][ T8141] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 192.167112][ T8141] ? rcu_read_lock_sched_held+0x110/0x130 [ 192.172884][ T8141] ? kmem_cache_alloc_trace+0x354/0x760 02:08:03 executing program 2: [ 192.178471][ T8141] ? __lock_acquire+0x548/0x3fb0 [ 192.183461][ T8141] tcp_sendmsg_locked+0x231f/0x37f0 [ 192.188699][ T8141] ? mark_held_locks+0xf0/0xf0 [ 192.193496][ T8141] ? mark_held_locks+0xa4/0xf0 [ 192.198304][ T8141] ? tcp_sendpage+0x60/0x60 [ 192.202866][ T8141] ? lock_sock_nested+0x9a/0x120 [ 192.207852][ T8141] ? trace_hardirqs_on+0x67/0x230 [ 192.212914][ T8141] ? lock_sock_nested+0x9a/0x120 [ 192.217894][ T8141] ? __local_bh_enable_ip+0x15a/0x270 [ 192.223300][ T8141] tcp_sendmsg+0x30/0x50 [ 192.227580][ T8141] inet_sendmsg+0x147/0x5e0 [ 192.232117][ T8141] ? ipip_gro_receive+0x100/0x100 [ 192.237167][ T8141] sock_sendmsg+0xdd/0x130 [ 192.237189][ T8141] __sys_sendto+0x262/0x380 [ 192.237209][ T8141] ? __ia32_sys_getpeername+0xb0/0xb0 [ 192.237242][ T8141] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.246177][ T8141] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.246192][ T8141] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.246205][ T8141] ? do_syscall_64+0x26/0x610 [ 192.246219][ T8141] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.246240][ T8141] __x64_sys_sendto+0xe1/0x1a0 [ 192.246262][ T8141] do_syscall_64+0x103/0x610 [ 192.288940][ T8141] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.294869][ T8141] RIP: 0033:0x4582b9 [ 192.294886][ T8141] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 192.294893][ T8141] RSP: 002b:00007f951d5c9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 192.294907][ T8141] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 192.294916][ T8141] RDX: 000000000000005e RSI: 0000000000000000 RDI: 0000000000000007 [ 192.294925][ T8141] RBP: 000000000073bf00 R08: 0000000020000100 R09: 000000000000001c [ 192.294934][ T8141] R10: 0000000020000008 R11: 0000000000000246 R12: 00007f951d5ca6d4 [ 192.294942][ T8141] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 192.368278][ T8141] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/8141 [ 192.377819][ T8141] caller is ip6_finish_output+0x335/0xdc0 [ 192.383653][ T8141] CPU: 1 PID: 8141 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 192.392691][ T8141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 192.402766][ T8141] Call Trace: [ 192.406093][ T8141] dump_stack+0x172/0x1f0 [ 192.410457][ T8141] __this_cpu_preempt_check+0x246/0x270 [ 192.416031][ T8141] ip6_finish_output+0x335/0xdc0 [ 192.421003][ T8141] ip6_output+0x235/0x7f0 [ 192.421023][ T8141] ? ip6_finish_output+0xdc0/0xdc0 [ 192.421043][ T8141] ? ip6_fragment+0x3980/0x3980 [ 192.421065][ T8141] ip6_xmit+0xe41/0x20c0 [ 192.435406][ T8141] ? ip6_finish_output2+0x2550/0x2550 [ 192.435426][ T8141] ? mark_held_locks+0xf0/0xf0 [ 192.435443][ T8141] ? ip6_setup_cork+0x1870/0x1870 [ 192.435480][ T8141] inet6_csk_xmit+0x2fb/0x5d0 [ 192.445144][ T8141] ? inet6_csk_update_pmtu+0x190/0x190 [ 192.445161][ T8141] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.445182][ T8141] ? csum_ipv6_magic+0x20/0x80 [ 192.445206][ T8141] __tcp_transmit_skb+0x1a32/0x3750 [ 192.445232][ T8141] ? memcpy+0x46/0x50 [ 192.455074][ T8141] ? __tcp_select_window+0x8b0/0x8b0 [ 192.455096][ T8141] ? tcp_rbtree_insert+0x188/0x200 [ 192.455112][ T8141] tcp_send_synack+0x4b0/0x15b0 [ 192.455135][ T8141] ? tcp_send_active_reset+0x8e0/0x8e0 [ 192.455156][ T8141] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.455178][ T8141] ? tcp_sync_mss+0x2ee/0xa30 [ 192.465397][ T8141] tcp_rcv_state_process+0x225d/0x4d93 [ 192.465420][ T8141] ? tcp_finish_connect+0x510/0x510 [ 192.465437][ T8141] ? __release_sock+0xca/0x3a0 [ 192.465453][ T8141] ? find_held_lock+0x35/0x130 [ 192.465468][ T8141] ? mark_held_locks+0xa4/0xf0 [ 192.465482][ T8141] ? __local_bh_enable_ip+0x15a/0x270 [ 192.465506][ T8141] ? _raw_spin_unlock_bh+0x31/0x40 [ 192.476568][ T8141] ? __local_bh_enable_ip+0x15a/0x270 [ 192.476592][ T8141] tcp_v6_do_rcv+0x7da/0x12c0 [ 192.476604][ T8141] ? tcp_v6_do_rcv+0x7da/0x12c0 [ 192.476638][ T8141] __release_sock+0x12e/0x3a0 [ 192.485882][ T8141] release_sock+0x59/0x1c0 [ 192.577026][ T8141] __inet_stream_connect+0x59f/0xea0 [ 192.582531][ T8141] ? inet_dgram_connect+0x2e0/0x2e0 [ 192.587751][ T8141] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 192.593196][ T8141] ? do_wait_intr_irq+0x2b0/0x2b0 [ 192.598298][ T8141] ? __lock_acquire+0x548/0x3fb0 [ 192.603252][ T8141] tcp_sendmsg_locked+0x231f/0x37f0 [ 192.609413][ T8141] ? mark_held_locks+0xf0/0xf0 [ 192.614187][ T8141] ? mark_held_locks+0xa4/0xf0 [ 192.618965][ T8141] ? tcp_sendpage+0x60/0x60 [ 192.623484][ T8141] ? lock_sock_nested+0x9a/0x120 [ 192.628440][ T8141] ? trace_hardirqs_on+0x67/0x230 [ 192.633470][ T8141] ? lock_sock_nested+0x9a/0x120 [ 192.638414][ T8141] ? __local_bh_enable_ip+0x15a/0x270 [ 192.643793][ T8141] tcp_sendmsg+0x30/0x50 [ 192.648034][ T8141] inet_sendmsg+0x147/0x5e0 [ 192.652560][ T8141] ? ipip_gro_receive+0x100/0x100 [ 192.657601][ T8141] sock_sendmsg+0xdd/0x130 [ 192.662055][ T8141] __sys_sendto+0x262/0x380 [ 192.666571][ T8141] ? __ia32_sys_getpeername+0xb0/0xb0 [ 192.671977][ T8141] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.678249][ T8141] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.683719][ T8141] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.689189][ T8141] ? do_syscall_64+0x26/0x610 [ 192.693882][ T8141] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.699968][ T8141] __x64_sys_sendto+0xe1/0x1a0 [ 192.704744][ T8141] do_syscall_64+0x103/0x610 [ 192.709349][ T8141] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.715244][ T8141] RIP: 0033:0x4582b9 [ 192.719142][ T8141] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 192.738769][ T8141] RSP: 002b:00007f951d5c9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 192.747204][ T8141] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 192.755202][ T8141] RDX: 000000000000005e RSI: 0000000000000000 RDI: 0000000000000007 [ 192.763183][ T8141] RBP: 000000000073bf00 R08: 0000000020000100 R09: 000000000000001c [ 192.771169][ T8141] R10: 0000000020000008 R11: 0000000000000246 R12: 00007f951d5ca6d4 [ 192.779137][ T8141] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 192.789706][ T8141] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/8141 [ 192.804680][ T8141] caller is ip6_finish_output+0x335/0xdc0 [ 192.810449][ T8141] CPU: 1 PID: 8141 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 192.819466][ T8141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 192.829556][ T8141] Call Trace: [ 192.832861][ T8141] dump_stack+0x172/0x1f0 [ 192.837222][ T8141] __this_cpu_preempt_check+0x246/0x270 [ 192.842814][ T8141] ip6_finish_output+0x335/0xdc0 [ 192.847778][ T8141] ip6_output+0x235/0x7f0 [ 192.852135][ T8141] ? ip6_finish_output+0xdc0/0xdc0 [ 192.857274][ T8141] ? ip6_fragment+0x3980/0x3980 [ 192.862142][ T8141] ip6_xmit+0xe41/0x20c0 [ 192.866418][ T8141] ? ip6_finish_output2+0x2550/0x2550 [ 192.871800][ T8141] ? mark_held_locks+0xf0/0xf0 [ 192.876577][ T8141] ? ip6_setup_cork+0x1870/0x1870 [ 192.881616][ T8141] inet6_csk_xmit+0x2fb/0x5d0 [ 192.886305][ T8141] ? inet6_csk_update_pmtu+0x190/0x190 [ 192.891774][ T8141] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.898027][ T8141] ? csum_ipv6_magic+0x20/0x80 [ 192.902810][ T8141] __tcp_transmit_skb+0x1a32/0x3750 [ 192.908026][ T8141] ? __tcp_select_window+0x8b0/0x8b0 [ 192.913319][ T8141] ? tcp_mstamp_refresh+0x16/0xa0 [ 192.918368][ T8141] __tcp_send_ack.part.0+0x3c6/0x5b0 [ 192.923770][ T8141] tcp_send_ack+0x88/0xa0 [ 192.928127][ T8141] tcp_send_challenge_ack.isra.0+0x250/0x300 [ 192.934124][ T8141] tcp_validate_incoming+0x55e/0x1660 [ 192.939507][ T8141] tcp_rcv_state_process+0xb6b/0x4d93 [ 192.944897][ T8141] ? tcp_finish_connect+0x510/0x510 [ 192.950107][ T8141] ? __release_sock+0xca/0x3a0 [ 192.954876][ T8141] ? find_held_lock+0x35/0x130 [ 192.959661][ T8141] ? mark_held_locks+0xa4/0xf0 [ 192.964434][ T8141] ? __local_bh_enable_ip+0x15a/0x270 [ 192.969806][ T8141] ? _raw_spin_unlock_bh+0x31/0x40 [ 192.974917][ T8141] ? __local_bh_enable_ip+0x15a/0x270 [ 192.980293][ T8141] tcp_v6_do_rcv+0x7da/0x12c0 [ 192.984968][ T8141] ? tcp_v6_do_rcv+0x7da/0x12c0 [ 192.989822][ T8141] __release_sock+0x12e/0x3a0 [ 192.994535][ T8141] release_sock+0x59/0x1c0 [ 192.998959][ T8141] __inet_stream_connect+0x59f/0xea0 [ 193.004274][ T8141] ? inet_dgram_connect+0x2e0/0x2e0 [ 193.009497][ T8141] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 193.014876][ T8141] ? do_wait_intr_irq+0x2b0/0x2b0 [ 193.019904][ T8141] ? __lock_acquire+0x548/0x3fb0 [ 193.024862][ T8141] tcp_sendmsg_locked+0x231f/0x37f0 [ 193.030085][ T8141] ? mark_held_locks+0xf0/0xf0 [ 193.034878][ T8141] ? mark_held_locks+0xa4/0xf0 [ 193.039673][ T8141] ? tcp_sendpage+0x60/0x60 [ 193.044180][ T8141] ? lock_sock_nested+0x9a/0x120 [ 193.049121][ T8141] ? trace_hardirqs_on+0x67/0x230 [ 193.054154][ T8141] ? lock_sock_nested+0x9a/0x120 [ 193.059097][ T8141] ? __local_bh_enable_ip+0x15a/0x270 [ 193.064479][ T8141] tcp_sendmsg+0x30/0x50 [ 193.068727][ T8141] inet_sendmsg+0x147/0x5e0 [ 193.073234][ T8141] ? ipip_gro_receive+0x100/0x100 [ 193.078285][ T8141] sock_sendmsg+0xdd/0x130 [ 193.082725][ T8141] __sys_sendto+0x262/0x380 [ 193.087263][ T8141] ? __ia32_sys_getpeername+0xb0/0xb0 [ 193.092683][ T8141] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 193.098951][ T8141] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 193.104419][ T8141] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 193.109897][ T8141] ? do_syscall_64+0x26/0x610 [ 193.114594][ T8141] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.120669][ T8141] __x64_sys_sendto+0xe1/0x1a0 [ 193.125444][ T8141] do_syscall_64+0x103/0x610 [ 193.130050][ T8141] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.135949][ T8141] RIP: 0033:0x4582b9 [ 193.139843][ T8141] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 193.159470][ T8141] RSP: 002b:00007f951d5c9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 193.167898][ T8141] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 193.175897][ T8141] RDX: 000000000000005e RSI: 0000000000000000 RDI: 0000000000000007 02:08:04 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) socketpair$unix(0x1, 0x800000000002, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$TCFLSH(r0, 0x80045438, 0x70a000) 02:08:04 executing program 0: 02:08:04 executing program 5: 02:08:04 executing program 4: 02:08:04 executing program 1: 02:08:04 executing program 2: [ 193.183870][ T8141] RBP: 000000000073bf00 R08: 0000000020000100 R09: 000000000000001c [ 193.191838][ T8141] R10: 0000000020000008 R11: 0000000000000246 R12: 00007f951d5ca6d4 [ 193.199807][ T8141] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff 02:08:04 executing program 5: 02:08:04 executing program 4: 02:08:04 executing program 2: 02:08:04 executing program 0: 02:08:04 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) socketpair$unix(0x1, 0x800000000002, 0x0, &(0x7f0000000040)) ioctl$TCFLSH(r0, 0x80045438, 0x70a000) 02:08:04 executing program 4: 02:08:04 executing program 5: 02:08:04 executing program 1: 02:08:04 executing program 0: 02:08:04 executing program 2: 02:08:04 executing program 4: 02:08:04 executing program 2: 02:08:04 executing program 5: 02:08:04 executing program 1: 02:08:04 executing program 0: 02:08:04 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) socketpair$unix(0x1, 0x800000000002, 0x0, &(0x7f0000000040)) ioctl$TCFLSH(r0, 0x80045438, 0x70a000) 02:08:04 executing program 5: 02:08:04 executing program 2: 02:08:04 executing program 4: 02:08:04 executing program 1: 02:08:04 executing program 5: 02:08:04 executing program 0: 02:08:04 executing program 2: 02:08:04 executing program 4: 02:08:04 executing program 5: 02:08:04 executing program 1: 02:08:04 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) socketpair$unix(0x1, 0x800000000002, 0x0, &(0x7f0000000040)) ioctl$TCFLSH(r0, 0x80045438, 0x70a000) 02:08:05 executing program 0: 02:08:05 executing program 5: 02:08:05 executing program 4: 02:08:05 executing program 2: 02:08:05 executing program 1: 02:08:05 executing program 0: 02:08:05 executing program 4: 02:08:05 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$TCFLSH(r0, 0x80045438, 0x70a000) 02:08:05 executing program 2: 02:08:05 executing program 5: 02:08:05 executing program 4: 02:08:05 executing program 1: 02:08:05 executing program 0: 02:08:05 executing program 2: 02:08:05 executing program 5: 02:08:05 executing program 4: 02:08:05 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$TCFLSH(r0, 0x80045438, 0x70a000) 02:08:05 executing program 0: 02:08:05 executing program 1: 02:08:05 executing program 2: 02:08:05 executing program 0: 02:08:05 executing program 4: 02:08:05 executing program 5: 02:08:05 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$TCFLSH(r0, 0x80045438, 0x70a000) 02:08:05 executing program 2: 02:08:05 executing program 1: 02:08:05 executing program 4: 02:08:05 executing program 0: 02:08:05 executing program 2: 02:08:05 executing program 5: 02:08:05 executing program 3: socketpair$unix(0x1, 0x800000000002, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$TCFLSH(0xffffffffffffffff, 0x80045438, 0x70a000) 02:08:06 executing program 1: 02:08:06 executing program 0: 02:08:06 executing program 2: 02:08:06 executing program 4: 02:08:06 executing program 5: 02:08:06 executing program 0: 02:08:06 executing program 3: socketpair$unix(0x1, 0x800000000002, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$TCFLSH(0xffffffffffffffff, 0x80045438, 0x70a000) 02:08:06 executing program 2: 02:08:06 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") syz_open_dev$ndb(&(0x7f0000000340)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) 02:08:06 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'aead\x00', 0x0, 0x0, 'morus640-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="71e67a15cdf0319fa22748f9a91c66b3", 0x10) setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x0) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) write$P9_RREMOVE(r2, &(0x7f0000000080)={0x7}, 0x7) recvmmsg(r1, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000017c0)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) 02:08:06 executing program 5: 02:08:06 executing program 2: 02:08:06 executing program 0: 02:08:06 executing program 4: 02:08:06 executing program 3: socketpair$unix(0x1, 0x800000000002, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$TCFLSH(0xffffffffffffffff, 0x80045438, 0x70a000) 02:08:06 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCFLSH(r0, 0x40045431, 0x7fffffffefff) 02:08:06 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r1 = timerfd_create(0x0, 0x0) timerfd_settime(r1, 0x3, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) dup3(r0, r1, 0x0) 02:08:06 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-256-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x16f, 0x0, 0x3f00000000000000}, 0x200056d0, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x16f, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) 02:08:06 executing program 4: capset(&(0x7f0000a31000)={0x19980330}, &(0x7f00009b3000)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5412, 0x0) 02:08:06 executing program 0: r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r1 = getpid() fcntl$lock(r0, 0x26, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, r1}) 02:08:06 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x800000000002, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$TCFLSH(r0, 0x80045438, 0x70a000) 02:08:06 executing program 5: r0 = socket(0x1e, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000340)='/dev/nbd#\x00', 0x0, 0x0) ioctl$NBD_SET_SOCK(r1, 0xab00, r0) ioctl$NBD_SET_SOCK(r1, 0xab00, r0) 02:08:06 executing program 2: perf_event_open(&(0x7f000001d000)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) socket$inet(0x2, 0x0, 0x0) ioctl$sock_inet_tcp_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) 02:08:06 executing program 0: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) syz_emit_ethernet(0x2a, &(0x7f000000a000)={@broadcast=[0xff, 0xe0], @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, 0x0) 02:08:06 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000000000008004"]) [ 195.858369][ T8373] block nbd5: Device being setup by another task 02:08:06 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x800000000002, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$TCFLSH(r0, 0x80045438, 0x70a000) [ 195.909693][ T8370] block nbd5: shutting down sockets 02:08:06 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'aead\x00', 0x0, 0x0, 'morus640-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="71e67a15cdf0319fa22748f9a91c66b3", 0x10) setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x8) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) recvmmsg(r1, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f0000001380)=[{&(0x7f0000000240)=""/69, 0x45}], 0x1}}], 0x1, 0x0, 0x0) 02:08:06 executing program 5: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mkdir(&(0x7f0000001880)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) setxattr$system_posix_acl(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='system.posix_acl_access\x00', &(0x7f0000000680), 0x24, 0x0) 02:08:07 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x800000000002, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$TCFLSH(r0, 0x80045438, 0x70a000) [ 196.255936][ T8401] overlayfs: filesystem on './file0' not supported as upperdir 02:08:07 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000002c0)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r2, 0x4138ae84, &(0x7f0000000140)=ANY=[]) 02:08:07 executing program 2: r0 = socket(0x1e, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000340)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r1, 0xab00, r0) ioctl$NBD_SET_SOCK(r1, 0xab04, r0) 02:08:07 executing program 4: getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000040)=""/117, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f00000bc000)=@abs, 0x8) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) mkdir(&(0x7f0000001540)='./file0\x00', 0x0) 02:08:07 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$TCFLSH(r0, 0x80045438, 0x70a000) 02:08:07 executing program 0: connect(0xffffffffffffffff, 0x0, 0x0) r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) r2 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x20000001}) timerfd_settime(r2, 0x0, &(0x7f0000005000)={{}, {0x0, 0x989680}}, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000021ff4)={0x2001}) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$VIDIOC_G_ENC_INDEX(r3, 0x8818564c, 0x0) write(r4, &(0x7f0000000340), 0x10000014c) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000280)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 02:08:07 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r1 = syz_open_dev$swradio(&(0x7f00000002c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000140)={0x0, 0x9, 0x2000400000001, {0xb, @raw_data="02d48d7c13c4005985a699adb68edb34790fa17b94638dfab88711e889bcf3605f5b07bd7adfa972868049d0ef2023080e42f4ba37474e089aa9acd63fe04e54eb23a0cbdf9a8424b786e4aa90c75680005bf26c4fa5df89789903d5e98d69fc4f6e5f9271631bd98537c4ea85763a01f094a9c1a9f32f665541b4ddf2f346a8d7ae94454bf0523b6b8316dc3c1a5fc07b35ad354fa4797c88ca9d6aaedf306ea9a23b0395ef7f6e83da02018f11cd5b6fb7d8eddec9b9e9e27014d220be0396db614e79ed05bcc8"}}) ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000000)={0x0, 0x7f0, 0x1, {0xb, @pix_mp={0x0, 0x7}}}) [ 196.667551][ T8416] block nbd0: shutting down sockets [ 196.701147][ T8424] block nbd0: Device being setup by another task 02:08:07 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$TCFLSH(r0, 0x80045438, 0x70a000) 02:08:07 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r1 = syz_open_dev$swradio(&(0x7f00000002c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000140)={0x0, 0x9, 0x2000400000001, {0xb, @raw_data="02d48d7c13c4005985a699adb68edb34790fa17b94638dfab88711e889bcf3605f5b07bd7adfa972868049d0ef2023080e42f4ba37474e089aa9acd63fe04e54eb23a0cbdf9a8424b786e4aa90c75680005bf26c4fa5df89789903d5e98d69fc4f6e5f9271631bd98537c4ea85763a01f094a9c1a9f32f665541b4ddf2f346a8d7ae94454bf0523b6b8316dc3c1a5fc07b35ad354fa4797c88ca9d6aaedf306ea9a23b0395ef7f6e83da02018f11cd5b6fb7d8eddec9b9e9e27014d220be0396db614e79ed05bcc8"}}) ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000000)={0x0, 0x7f0, 0x1, {0xb, @pix_mp={0x0, 0x7}}}) 02:08:07 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='smaps_rollup\x00') mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x42400) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000000)={@mcast2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x20) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) pread64(r1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000100)={0x0, [0x0, 0x500000000000000]}) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x401) getresuid(&(0x7f00000003c0), &(0x7f0000000400), 0x0) dup2(r0, r2) 02:08:07 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x2000001000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x1) dup3(r1, r0, 0x0) 02:08:07 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$TCFLSH(r0, 0x80045438, 0x70a000) 02:08:08 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123d123f3188b070") bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xf, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="85100000010000009522e600000000009500000000000000"], 0x0, 0x4, 0x99, &(0x7f0000000000)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) 02:08:08 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r1 = syz_open_dev$swradio(&(0x7f00000002c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000140)={0x0, 0x9, 0x2000400000001, {0xb, @raw_data="02d48d7c13c4005985a699adb68edb34790fa17b94638dfab88711e889bcf3605f5b07bd7adfa972868049d0ef2023080e42f4ba37474e089aa9acd63fe04e54eb23a0cbdf9a8424b786e4aa90c75680005bf26c4fa5df89789903d5e98d69fc4f6e5f9271631bd98537c4ea85763a01f094a9c1a9f32f665541b4ddf2f346a8d7ae94454bf0523b6b8316dc3c1a5fc07b35ad354fa4797c88ca9d6aaedf306ea9a23b0395ef7f6e83da02018f11cd5b6fb7d8eddec9b9e9e27014d220be0396db614e79ed05bcc8"}}) ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000000)={0x0, 0x7f0, 0x1, {0xb, @pix_mp={0x0, 0x7}}}) 02:08:08 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc5f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000380)="310000001200090069000600f403000000000000000000004600010700000054080003c02564030000bd5d58410b8b0b01", 0x31}], 0x1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) close(0xffffffffffffffff) socket(0x840000000002, 0x3, 0x0) 02:08:08 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) socketpair$unix(0x1, 0x800000000002, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$TCFLSH(r0, 0x80045438, 0x70a000) 02:08:08 executing program 1: getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000040)=""/117, &(0x7f00000000c0)=0x75) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgid(0xffffffffffffffff) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f00000bc000)=@abs, 0x8) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x80, 0x0) connect$unix(0xffffffffffffffff, &(0x7f00003de000)=@file={0x1, './file0\x00'}, 0xa) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$binfmt_aout(r1, &(0x7f0000000580)=ANY=[@ANYBLOB="0000000000000000000008000000000000000000001c3adde6960000000000004e2311a4a1027777389338a0dd8d24f7f2ceb393be9f63e90900000000000000d94fcadcb572c54f42a18c0d7d462d9bf774a2d8fa246a1f22796dbb1ceeb7bd4300000000000002000000"], 0x6b) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) ioctl$RTC_ALM_READ(r0, 0x80247008, 0x0) [ 197.290856][ T8464] netlink: 9 bytes leftover after parsing attributes in process `syz-executor.4'. [ 197.363379][ C1] net_ratelimit: 4 callbacks suppressed [ 197.363411][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 197.375764][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 197.439378][ T8470] netlink: 9 bytes leftover after parsing attributes in process `syz-executor.4'. 02:08:08 executing program 0: connect(0xffffffffffffffff, 0x0, 0x0) r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) r2 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x20000001}) timerfd_settime(r2, 0x0, &(0x7f0000005000)={{}, {0x0, 0x989680}}, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000021ff4)={0x2001}) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$VIDIOC_G_ENC_INDEX(r3, 0x8818564c, 0x0) write(r4, &(0x7f0000000340), 0x10000014c) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000280)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 02:08:08 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) socketpair$unix(0x1, 0x800000000002, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$TCFLSH(r0, 0x80045438, 0x70a000) 02:08:08 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r1 = syz_open_dev$swradio(&(0x7f00000002c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000140)={0x0, 0x9, 0x2000400000001, {0xb, @raw_data="02d48d7c13c4005985a699adb68edb34790fa17b94638dfab88711e889bcf3605f5b07bd7adfa972868049d0ef2023080e42f4ba37474e089aa9acd63fe04e54eb23a0cbdf9a8424b786e4aa90c75680005bf26c4fa5df89789903d5e98d69fc4f6e5f9271631bd98537c4ea85763a01f094a9c1a9f32f665541b4ddf2f346a8d7ae94454bf0523b6b8316dc3c1a5fc07b35ad354fa4797c88ca9d6aaedf306ea9a23b0395ef7f6e83da02018f11cd5b6fb7d8eddec9b9e9e27014d220be0396db614e79ed05bcc8"}}) ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000000)={0x0, 0x7f0, 0x1, {0xb, @pix_mp={0x0, 0x7}}}) 02:08:08 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='smaps_rollup\x00') mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x42400) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000000)={@mcast2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x20) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) pread64(r1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000100)={0x0, [0x0, 0x500000000000000]}) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x401) getresuid(&(0x7f00000003c0), &(0x7f0000000400), 0x0) dup2(r0, r2) 02:08:08 executing program 1: r0 = getpid() sched_setattr(r0, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003840)=[{{0x0, 0x0, &(0x7f0000002b80)=[{&(0x7f0000000280)=""/190, 0xbe}], 0x100000000000021c}}], 0x1, 0x0, 0x0) get_robust_list(0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/fib_trie\x00') preadv(r1, &(0x7f00000017c0), 0x1d0, 0x1f000000) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x80000) seccomp(0x1, 0x0, 0x0) dup(0xffffffffffffff9c) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000000780)=""/4096, 0x1000}], 0x1, 0x0) ioctl$RTC_WIE_OFF(r1, 0x7010) flock(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x4, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0}, 0x400, 0x3, 0x10001, 0x0, 0xffffffff}, r0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) getresgid(0x0, 0x0, &(0x7f0000000040)) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) 02:08:08 executing program 4: ioctl$UI_SET_RELBIT(0xffffffffffffffff, 0x40045566, 0x8) r0 = getpid() sched_setattr(r0, &(0x7f00000002c0), 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003840)=[{{0x0, 0x0, &(0x7f0000002b80)=[{&(0x7f0000000280)=""/190, 0xbe}], 0x100000000000021c}}], 0x1, 0x0, 0x0) get_robust_list(0x0, 0x0, &(0x7f0000000580)) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/fib_trie\x00') preadv(r1, &(0x7f00000017c0), 0x1d0, 0x1f000000) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) accept4$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000540), 0x80000) dup(0xffffffffffffff9c) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000000780)=""/4096, 0x1000}, {&(0x7f0000000200)=""/43, 0x2b}, {&(0x7f0000000380)=""/183, 0xb7}], 0x3, 0x0) openat$cgroup(0xffffffffffffffff, &(0x7f0000000640)='syz0\x00', 0x200002, 0x0) ioctl$RTC_WIE_OFF(r1, 0x7010) flock(0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) getsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000180), 0xfffffd50) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) getresgid(&(0x7f0000000100), &(0x7f0000000080), &(0x7f0000000040)) 02:08:08 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) socketpair$unix(0x1, 0x800000000002, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$TCFLSH(r0, 0x80045438, 0x70a000) 02:08:08 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r1 = syz_open_dev$swradio(&(0x7f00000002c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000000)={0x0, 0x7f0, 0x1, {0xb, @pix_mp={0x0, 0x7}}}) 02:08:08 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) socketpair$unix(0x1, 0x800000000002, 0x0, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$TCFLSH(r0, 0x80045438, 0x70a000) 02:08:09 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r1 = syz_open_dev$swradio(&(0x7f00000002c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000000)={0x0, 0x7f0, 0x1, {0xb, @pix_mp={0x0, 0x7}}}) 02:08:09 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) socketpair$unix(0x1, 0x800000000002, 0x0, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$TCFLSH(r0, 0x80045438, 0x70a000) 02:08:09 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='smaps_rollup\x00') mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000000) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) pread64(r1, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000100)={0x0, [0x0, 0x500000000000000]}) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) fcntl$setpipe(r1, 0x407, 0x401) dup2(r0, 0xffffffffffffffff)