[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 39.263143][ T26] audit: type=1800 audit(1554677430.795:25): pid=7725 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 39.311246][ T26] audit: type=1800 audit(1554677430.795:26): pid=7725 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 39.352173][ T26] audit: type=1800 audit(1554677430.795:27): pid=7725 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.25' (ECDSA) to the list of known hosts. 2019/04/07 22:50:38 fuzzer started 2019/04/07 22:50:41 dialing manager at 10.128.0.26:34543 2019/04/07 22:50:42 syscalls: 2408 2019/04/07 22:50:42 code coverage: enabled 2019/04/07 22:50:42 comparison tracing: enabled 2019/04/07 22:50:42 extra coverage: extra coverage is not supported by the kernel 2019/04/07 22:50:42 setuid sandbox: enabled 2019/04/07 22:50:42 namespace sandbox: enabled 2019/04/07 22:50:42 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/07 22:50:42 fault injection: enabled 2019/04/07 22:50:42 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/07 22:50:42 net packet injection: enabled 2019/04/07 22:50:42 net device setup: enabled 22:53:03 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070") mkdir(&(0x7f0000000340)='./control\x00', 0x0) syz_mount_image$msdos(&(0x7f0000000000)='msdos\x00', &(0x7f0000000040)='./control/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syzkaller login: [ 191.875918][ T7889] IPVS: ftp: loaded support on port[0] = 21 22:53:03 executing program 1: syz_open_dev$usb(0x0, 0x0, 0x0) setrlimit(0x0, 0x0) r0 = openat$md(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/md0\x00', 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$loop(&(0x7f00000005c0)='/dev/loop#\x00', 0x2, 0x0) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r0) [ 191.985451][ T7889] chnl_net:caif_netlink_parms(): no params data found [ 192.065157][ T7889] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.073504][ T7889] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.083112][ T7889] device bridge_slave_0 entered promiscuous mode [ 192.092683][ T7889] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.099846][ T7889] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.131541][ T7889] device bridge_slave_1 entered promiscuous mode [ 192.154793][ T7889] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 192.167009][ T7889] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 192.189053][ T7892] IPVS: ftp: loaded support on port[0] = 21 [ 192.201839][ T7889] team0: Port device team_slave_0 added [ 192.224585][ T7889] team0: Port device team_slave_1 added 22:53:03 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000100)="460f300f07c483614804ee08440f20c03506000000440f22c0c402f93473230f09f20f013cb9b805000000b9c00000000f01d90fc728c4c1f9e79f2e000000", 0x3f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) [ 192.314139][ T7889] device hsr_slave_0 entered promiscuous mode [ 192.371088][ T7889] device hsr_slave_1 entered promiscuous mode [ 192.444477][ T7889] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.451961][ T7889] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.459959][ T7889] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.467114][ T7889] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.477714][ T7894] IPVS: ftp: loaded support on port[0] = 21 22:53:04 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000180)=0xe) ppoll(&(0x7f0000000380)=[{r0}], 0x1, &(0x7f00000003c0), 0x0, 0x0) [ 192.578331][ T7892] chnl_net:caif_netlink_parms(): no params data found [ 192.729173][ T7889] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.738276][ T7892] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.746477][ T7892] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.755246][ T7892] device bridge_slave_0 entered promiscuous mode [ 192.785642][ T7897] IPVS: ftp: loaded support on port[0] = 21 [ 192.801598][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.813933][ T2989] bridge0: port 1(bridge_slave_0) entered disabled state 22:53:04 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = semget$private(0x0, 0x20000000103, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0xfffffffffffefffc}], 0x1) semop(r1, &(0x7f0000000000)=[{0x0, 0x101}], 0x2) [ 192.838989][ T2989] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.849613][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 192.866020][ T7892] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.876227][ T7892] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.892450][ T7892] device bridge_slave_1 entered promiscuous mode [ 192.946627][ T7889] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.979390][ T7892] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 193.004686][ T7894] chnl_net:caif_netlink_parms(): no params data found [ 193.053041][ T7892] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 193.069555][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 193.079837][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 193.092159][ T2989] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.099319][ T2989] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.107641][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 193.117044][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 193.126135][ T2989] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.133328][ T2989] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.141542][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 22:53:04 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffda, 0x0, 0x0, 0x56b) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 193.150919][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 193.159764][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 193.169153][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 193.221821][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 193.232263][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 193.241797][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 193.254565][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 193.263498][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 193.291381][ T7902] IPVS: ftp: loaded support on port[0] = 21 [ 193.299435][ T7892] team0: Port device team_slave_0 added [ 193.319931][ T7889] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 193.321628][ T7904] IPVS: ftp: loaded support on port[0] = 21 [ 193.337369][ T7889] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 193.359285][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 193.367785][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 193.380438][ T7892] team0: Port device team_slave_1 added [ 193.473508][ T7892] device hsr_slave_0 entered promiscuous mode [ 193.540708][ T7892] device hsr_slave_1 entered promiscuous mode [ 193.621223][ T7894] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.628356][ T7894] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.636718][ T7894] device bridge_slave_0 entered promiscuous mode [ 193.644630][ T7894] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.651824][ T7894] bridge0: port 2(bridge_slave_1) entered disabled state [ 193.659586][ T7894] device bridge_slave_1 entered promiscuous mode [ 193.724730][ T7894] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 193.741734][ T7889] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.786114][ T7894] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 193.852378][ T7894] team0: Port device team_slave_0 added [ 193.901892][ T7894] team0: Port device team_slave_1 added [ 193.925218][ T7910] FAT-fs (loop0): bogus number of reserved sectors [ 193.945461][ T7910] FAT-fs (loop0): Can't find a valid FAT filesystem [ 194.012499][ T7894] device hsr_slave_0 entered promiscuous mode [ 194.051064][ T7894] device hsr_slave_1 entered promiscuous mode 22:53:05 executing program 0: syz_execute_func(&(0x7f00000006c0)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dcc6f") clone(0x200003182001ff2, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet6(0xa, 0x1, 0x1000000) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000540)={0xffffffffffffffff}) tee(r1, r0, 0x5, 0x0) [ 194.104574][ T7897] chnl_net:caif_netlink_parms(): no params data found [ 194.119464][ T7904] chnl_net:caif_netlink_parms(): no params data found 22:53:05 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) io_setup(0x3, &(0x7f0000000000)=0x0) io_submit(r1, 0x2, &(0x7f0000001940)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x1, r0, &(0x7f0000000080)="b750a40e57d534009a064b474c2a97fce8a803017e92a01e7d8f9318b2dcc06126e82f573ba08f4db519c1970167da68af9d1eb2b5fec28269dfd2178f1d38cdfe4183e51d52bd74a8bb2a0f24b6e41fee8a372faea2e1965bc62b0bc48f959c48995bdcf61541cd66980c03034e3bf86719512c7781a2bfb696", 0x7a, 0x100000000}, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x7, 0x0, r0, 0x0, 0x0, 0x3}]) [ 194.181716][ T7902] chnl_net:caif_netlink_parms(): no params data found [ 194.290859][ T7897] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.299314][ T7897] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.307396][ T7897] device bridge_slave_0 entered promiscuous mode [ 194.322722][ T7897] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.329852][ T7897] bridge0: port 2(bridge_slave_1) entered disabled state 22:53:05 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x3, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r1, 0x84, 0x13, &(0x7f0000000040), 0x4) close(r1) close(r0) [ 194.337943][ T7897] device bridge_slave_1 entered promiscuous mode [ 194.397580][ T7897] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 194.409314][ T7897] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 194.435716][ T7904] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.443024][ T7904] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.451276][ T7904] device bridge_slave_0 entered promiscuous mode [ 194.475377][ T7897] team0: Port device team_slave_0 added [ 194.491861][ T7904] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.499012][ T7904] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.507279][ T7904] device bridge_slave_1 entered promiscuous mode [ 194.525178][ T7897] team0: Port device team_slave_1 added [ 194.535815][ T7892] 8021q: adding VLAN 0 to HW filter on device bond0 [ 194.543085][ T7902] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.550159][ T7902] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.558118][ T7902] device bridge_slave_0 entered promiscuous mode [ 194.578618][ T7904] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 194.596435][ T7902] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.605004][ T7902] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.613920][ T7902] device bridge_slave_1 entered promiscuous mode 22:53:06 executing program 0: pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf64(r1, &(0x7f0000000200)=ANY=[], 0xfffffde0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null-generic\x00'}, 0x58) add_key(0x0, &(0x7f0000000040)={'syz'}, 0x0, 0x0, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x0) add_key(&(0x7f0000000540)='id_resolver\x00', &(0x7f0000000580)={'syz', 0x1}, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r3, 0x0, 0x20000000003, 0x0) [ 194.653263][ T7904] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 194.684861][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 194.698107][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 194.707411][ T7892] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.716827][ T7902] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 194.773346][ T7897] device hsr_slave_0 entered promiscuous mode [ 194.792463][ C0] hrtimer: interrupt took 44941 ns [ 194.820760][ T7897] device hsr_slave_1 entered promiscuous mode [ 194.886524][ T7894] 8021q: adding VLAN 0 to HW filter on device bond0 [ 194.907762][ T7902] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 194.929562][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 194.947319][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 194.956119][ T2989] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.963272][ T2989] bridge0: port 1(bridge_slave_0) entered forwarding state [ 194.971565][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 194.982837][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 194.991463][ T2989] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.998552][ T2989] bridge0: port 2(bridge_slave_1) entered forwarding state [ 195.007055][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 195.024663][ T7904] team0: Port device team_slave_0 added [ 195.052631][ T7904] team0: Port device team_slave_1 added [ 195.065921][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 195.089450][ T7902] team0: Port device team_slave_0 added 22:53:06 executing program 0: pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf64(r1, &(0x7f0000000200)=ANY=[], 0xfffffde0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null-generic\x00'}, 0x58) add_key(0x0, &(0x7f0000000040)={'syz'}, 0x0, 0x0, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x0) add_key(&(0x7f0000000540)='id_resolver\x00', &(0x7f0000000580)={'syz', 0x1}, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r3, 0x0, 0x20000000003, 0x0) [ 195.163257][ T7904] device hsr_slave_0 entered promiscuous mode [ 195.200881][ T7904] device hsr_slave_1 entered promiscuous mode [ 195.243115][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 195.253344][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 195.261673][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 195.283319][ T7902] team0: Port device team_slave_1 added [ 195.291624][ T7894] 8021q: adding VLAN 0 to HW filter on device team0 [ 195.308032][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 195.318149][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 195.327959][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 195.391056][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 195.401480][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 195.410200][ T7899] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.417358][ T7899] bridge0: port 1(bridge_slave_0) entered forwarding state [ 195.426844][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 195.437437][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 195.452150][ T7899] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.459251][ T7899] bridge0: port 2(bridge_slave_1) entered forwarding state [ 195.473048][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 22:53:07 executing program 0: pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf64(r1, &(0x7f0000000200)=ANY=[], 0xfffffde0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null-generic\x00'}, 0x58) add_key(0x0, &(0x7f0000000040)={'syz'}, 0x0, 0x0, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x0) add_key(&(0x7f0000000540)='id_resolver\x00', &(0x7f0000000580)={'syz', 0x1}, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r3, 0x0, 0x20000000003, 0x0) [ 195.484659][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 195.497374][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 195.509356][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 195.538825][ T7894] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 195.551141][ T7894] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 195.603432][ T7902] device hsr_slave_0 entered promiscuous mode [ 195.650770][ T7902] device hsr_slave_1 entered promiscuous mode [ 195.701804][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 195.713147][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 195.722239][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 195.738301][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 195.747494][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 195.762258][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 195.775754][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 195.785311][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready 22:53:07 executing program 0: pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf64(r1, &(0x7f0000000200)=ANY=[], 0xfffffde0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null-generic\x00'}, 0x58) add_key(0x0, &(0x7f0000000040)={'syz'}, 0x0, 0x0, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x0) add_key(&(0x7f0000000540)='id_resolver\x00', &(0x7f0000000580)={'syz', 0x1}, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r3, 0x0, 0x20000000003, 0x0) [ 195.799496][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 195.809112][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 195.823799][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 195.836096][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 195.847304][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 195.867049][ T7892] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 195.883651][ T7892] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 195.903712][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 195.913400][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 195.937397][ T7897] 8021q: adding VLAN 0 to HW filter on device bond0 [ 195.953597][ T7894] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 195.976699][ T7892] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 196.045959][ T7897] 8021q: adding VLAN 0 to HW filter on device team0 [ 196.093177][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 196.115031][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 196.124426][ T7960] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 196.171705][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 196.219993][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 196.247964][ T2989] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.255168][ T2989] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.283390][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 196.292573][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 196.301774][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 196.313814][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.320966][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state 22:53:07 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) r1 = socket$inet_dccp(0x2, 0x6, 0x0) listen(r0, 0x6) setsockopt(r1, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10) sendmmsg(r1, &(0x7f0000005700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) [ 196.329922][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 196.368314][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 196.385991][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 196.411655][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 196.454080][ T7904] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.468012][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 22:53:08 executing program 2: openat$md(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/md0\x00', 0x0, 0x0) socket$kcm(0x11, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timer_create(0x7, 0x0, &(0x7f0000000400)) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@dstopts, 0x8) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000005fc0), 0x8000000000000fc, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 196.494347][ T7902] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.519989][ T7904] 8021q: adding VLAN 0 to HW filter on device team0 [ 196.536317][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 196.551336][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 196.559987][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 196.599036][ T7974] check_preemption_disabled: 3 callbacks suppressed [ 196.599060][ T7974] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7974 [ 196.615182][ T7974] caller is ip6_finish_output+0x335/0xdc0 [ 196.621037][ T7974] CPU: 1 PID: 7974 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 196.629031][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 196.630085][ T7974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 196.647365][ T7974] Call Trace: [ 196.650700][ T7974] dump_stack+0x172/0x1f0 [ 196.655068][ T7974] __this_cpu_preempt_check+0x246/0x270 [ 196.660634][ T7974] ip6_finish_output+0x335/0xdc0 [ 196.661024][ T7897] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 196.665592][ T7974] ip6_output+0x235/0x7f0 [ 196.680276][ T7974] ? ip6_finish_output+0xdc0/0xdc0 [ 196.685448][ T7974] ? ip6_fragment+0x3980/0x3980 [ 196.690328][ T7974] ? ip_reply_glue_bits+0xc0/0xc0 [ 196.695388][ T7974] ip6_local_out+0xc4/0x1b0 [ 196.699947][ T7974] ip6_send_skb+0xbb/0x350 [ 196.703791][ T7897] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 196.704391][ T7974] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 196.720192][ T7974] udpv6_sendmsg+0x21e3/0x28d0 [ 196.725006][ T7974] ? ip_reply_glue_bits+0xc0/0xc0 [ 196.730087][ T7974] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 196.736155][ T7974] ? aa_profile_af_perm+0x320/0x320 [ 196.741479][ T7974] ? __might_fault+0x12b/0x1e0 [ 196.746278][ T7974] ? find_held_lock+0x35/0x130 [ 196.751065][ T7974] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 196.757341][ T7974] ? rw_copy_check_uvector+0x2a6/0x330 [ 196.757624][ T7902] 8021q: adding VLAN 0 to HW filter on device team0 [ 196.762875][ T7974] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 196.762894][ T7974] inet_sendmsg+0x147/0x5e0 [ 196.762910][ T7974] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 196.762929][ T7974] ? inet_sendmsg+0x147/0x5e0 [ 196.762942][ T7974] ? ipip_gro_receive+0x100/0x100 [ 196.762959][ T7974] sock_sendmsg+0xdd/0x130 [ 196.762975][ T7974] ___sys_sendmsg+0x3e2/0x930 [ 196.762999][ T7974] ? copy_msghdr_from_user+0x430/0x430 [ 196.809983][ T7974] ? lock_downgrade+0x880/0x880 [ 196.814850][ T7974] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 196.821110][ T7974] ? kasan_check_read+0x11/0x20 [ 196.825998][ T7974] ? __fget+0x381/0x550 [ 196.830276][ T7974] ? ksys_dup3+0x3e0/0x3e0 [ 196.834754][ T7974] ? __fget_light+0x1a9/0x230 [ 196.839463][ T7974] ? __fdget+0x1b/0x20 [ 196.843554][ T7974] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 196.849830][ T7974] ? sockfd_lookup_light+0xcb/0x180 [ 196.855089][ T7974] __sys_sendmmsg+0x1bf/0x4d0 [ 196.859882][ T7974] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 196.864949][ T7974] ? _copy_to_user+0xc9/0x120 [ 196.869677][ T7974] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 196.875954][ T7974] ? put_timespec64+0xda/0x140 [ 196.880757][ T7974] ? nsecs_to_jiffies+0x30/0x30 [ 196.885665][ T7974] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 196.891153][ T7974] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 196.896642][ T7974] ? do_syscall_64+0x26/0x610 [ 196.901351][ T7974] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.907457][ T7974] ? do_syscall_64+0x26/0x610 [ 196.912158][ T7974] __x64_sys_sendmmsg+0x9d/0x100 [ 196.917108][ T7974] do_syscall_64+0x103/0x610 [ 196.917455][ T7902] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 196.921721][ T7974] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.921736][ T7974] RIP: 0033:0x4582b9 [ 196.921751][ T7974] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 196.921759][ T7974] RSP: 002b:00007feed8798c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 196.921773][ T7974] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 196.921781][ T7974] RDX: 08000000000000fc RSI: 0000000020005fc0 RDI: 0000000000000004 [ 196.921789][ T7974] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 196.921797][ T7974] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feed87996d4 [ 196.921806][ T7974] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 197.012996][ T7974] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7974 [ 197.022388][ T7974] caller is ip6_finish_output+0x335/0xdc0 [ 197.028140][ T7974] CPU: 1 PID: 7974 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 197.037196][ T7974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.047280][ T7974] Call Trace: [ 197.049511][ T7902] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 197.050596][ T7974] dump_stack+0x172/0x1f0 [ 197.050623][ T7974] __this_cpu_preempt_check+0x246/0x270 [ 197.050646][ T7974] ip6_finish_output+0x335/0xdc0 [ 197.050667][ T7974] ip6_output+0x235/0x7f0 [ 197.050686][ T7974] ? ip6_finish_output+0xdc0/0xdc0 [ 197.050706][ T7974] ? ip6_fragment+0x3980/0x3980 [ 197.050729][ T7974] ? ip_reply_glue_bits+0xc0/0xc0 [ 197.095134][ T7974] ip6_local_out+0xc4/0x1b0 [ 197.099675][ T7974] ip6_send_skb+0xbb/0x350 [ 197.104100][ T7974] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 197.109585][ T7974] udpv6_sendmsg+0x21e3/0x28d0 [ 197.114373][ T7974] ? ip_reply_glue_bits+0xc0/0xc0 [ 197.119388][ T7974] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 197.125374][ T7974] ? aa_profile_af_perm+0x320/0x320 [ 197.130600][ T7974] ? __might_fault+0x12b/0x1e0 [ 197.135407][ T7974] ? find_held_lock+0x35/0x130 [ 197.140182][ T7974] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.146448][ T7974] ? rw_copy_check_uvector+0x2a6/0x330 [ 197.151964][ T7974] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 197.157542][ T7974] inet_sendmsg+0x147/0x5e0 [ 197.162066][ T7974] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 197.168055][ T7974] ? inet_sendmsg+0x147/0x5e0 [ 197.172729][ T7974] ? ipip_gro_receive+0x100/0x100 [ 197.177755][ T7974] sock_sendmsg+0xdd/0x130 [ 197.182591][ T7974] ___sys_sendmsg+0x3e2/0x930 [ 197.187316][ T7974] ? copy_msghdr_from_user+0x430/0x430 [ 197.192791][ T7974] ? __lock_acquire+0x548/0x3fb0 [ 197.197830][ T7974] ? lock_downgrade+0x880/0x880 [ 197.202703][ T7974] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 197.208976][ T7974] ? kasan_check_read+0x11/0x20 [ 197.213818][ T7974] ? __might_fault+0x12b/0x1e0 [ 197.218577][ T7974] ? find_held_lock+0x35/0x130 [ 197.223361][ T7974] ? __might_fault+0x12b/0x1e0 [ 197.228140][ T7974] ? lock_downgrade+0x880/0x880 [ 197.233008][ T7974] ? ___might_sleep+0x163/0x280 [ 197.237868][ T7974] __sys_sendmmsg+0x1bf/0x4d0 [ 197.242573][ T7974] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 197.247677][ T7974] ? _copy_to_user+0xc9/0x120 [ 197.252396][ T7974] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.258686][ T7974] ? put_timespec64+0xda/0x140 [ 197.263464][ T7974] ? nsecs_to_jiffies+0x30/0x30 [ 197.268329][ T7974] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.273806][ T7974] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.279326][ T7974] ? do_syscall_64+0x26/0x610 [ 197.284126][ T7974] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.290222][ T7974] ? do_syscall_64+0x26/0x610 [ 197.294959][ T7974] __x64_sys_sendmmsg+0x9d/0x100 [ 197.299955][ T7974] do_syscall_64+0x103/0x610 [ 197.304586][ T7974] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.310484][ T7974] RIP: 0033:0x4582b9 [ 197.314378][ T7974] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 197.334005][ T7974] RSP: 002b:00007feed8798c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 197.342438][ T7974] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 197.350428][ T7974] RDX: 08000000000000fc RSI: 0000000020005fc0 RDI: 0000000000000004 [ 197.358509][ T7974] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 197.366504][ T7974] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feed87996d4 [ 197.374501][ T7974] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 197.393276][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 197.404540][ T7974] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7974 [ 197.414259][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 197.414949][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 197.423601][ T7974] caller is ip6_finish_output+0x335/0xdc0 [ 197.423628][ T7974] CPU: 1 PID: 7974 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 197.423648][ T7974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.432813][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 197.437220][ T7974] Call Trace: [ 197.447758][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 197.456366][ T7974] dump_stack+0x172/0x1f0 [ 197.456390][ T7974] __this_cpu_preempt_check+0x246/0x270 [ 197.456421][ T7974] ip6_finish_output+0x335/0xdc0 [ 197.456442][ T7974] ip6_output+0x235/0x7f0 [ 197.456459][ T7974] ? ip6_finish_output+0xdc0/0xdc0 [ 197.456477][ T7974] ? ip6_fragment+0x3980/0x3980 [ 197.456494][ T7974] ? ip_reply_glue_bits+0xc0/0xc0 [ 197.456519][ T7974] ip6_local_out+0xc4/0x1b0 [ 197.479370][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 197.484651][ T7974] ip6_send_skb+0xbb/0x350 [ 197.484674][ T7974] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 197.484695][ T7974] udpv6_sendmsg+0x21e3/0x28d0 [ 197.484712][ T7974] ? ip_reply_glue_bits+0xc0/0xc0 [ 197.484733][ T7974] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 197.484756][ T7974] ? aa_profile_af_perm+0x320/0x320 [ 197.484781][ T7974] ? __might_fault+0x12b/0x1e0 [ 197.492323][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 197.494077][ T7974] ? find_held_lock+0x35/0x130 [ 197.499848][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 197.504101][ T7974] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.504120][ T7974] ? rw_copy_check_uvector+0x2a6/0x330 [ 197.504161][ T7974] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 197.504178][ T7974] inet_sendmsg+0x147/0x5e0 [ 197.504195][ T7974] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 197.504206][ T7974] ? inet_sendmsg+0x147/0x5e0 [ 197.504228][ T7974] ? ipip_gro_receive+0x100/0x100 [ 197.516998][ T7976] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7976 [ 197.521079][ T7974] sock_sendmsg+0xdd/0x130 [ 197.521099][ T7974] ___sys_sendmsg+0x3e2/0x930 [ 197.521118][ T7974] ? copy_msghdr_from_user+0x430/0x430 [ 197.521138][ T7974] ? __lock_acquire+0x548/0x3fb0 [ 197.521151][ T7974] ? lock_downgrade+0x880/0x880 [ 197.521168][ T7974] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 197.521189][ T7974] ? kasan_check_read+0x11/0x20 [ 197.521211][ T7974] ? __might_fault+0x12b/0x1e0 [ 197.521226][ T7974] ? find_held_lock+0x35/0x130 [ 197.521241][ T7974] ? __might_fault+0x12b/0x1e0 [ 197.521263][ T7974] ? lock_downgrade+0x880/0x880 [ 197.521290][ T7974] ? ___might_sleep+0x163/0x280 [ 197.521308][ T7974] __sys_sendmmsg+0x1bf/0x4d0 [ 197.521328][ T7974] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 197.521358][ T7974] ? _copy_to_user+0xc9/0x120 [ 197.521377][ T7974] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.521393][ T7974] ? put_timespec64+0xda/0x140 [ 197.521417][ T7974] ? nsecs_to_jiffies+0x30/0x30 [ 197.521444][ T7974] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.521461][ T7974] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.521478][ T7974] ? do_syscall_64+0x26/0x610 [ 197.521497][ T7974] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.521512][ T7974] ? do_syscall_64+0x26/0x610 [ 197.521531][ T7974] __x64_sys_sendmmsg+0x9d/0x100 [ 197.521551][ T7974] do_syscall_64+0x103/0x610 [ 197.521571][ T7974] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.521584][ T7974] RIP: 0033:0x4582b9 [ 197.521601][ T7974] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 197.521610][ T7974] RSP: 002b:00007feed8798c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 197.521625][ T7974] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 197.521634][ T7974] RDX: 08000000000000fc RSI: 0000000020005fc0 RDI: 0000000000000004 [ 197.521644][ T7974] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 197.521653][ T7974] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feed87996d4 [ 197.521663][ T7974] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 197.536954][ T7974] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7974 [ 197.538955][ T7976] caller is ip6_finish_output+0x335/0xdc0 [ 197.544198][ T7974] caller is ip6_finish_output+0x335/0xdc0 [ 197.550100][ T7976] CPU: 0 PID: 7976 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 197.860459][ T7976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.870544][ T7976] Call Trace: [ 197.873864][ T7976] dump_stack+0x172/0x1f0 [ 197.878245][ T7976] __this_cpu_preempt_check+0x246/0x270 [ 197.883838][ T7976] ip6_finish_output+0x335/0xdc0 [ 197.888788][ T7976] ? rcu_read_unlock_special+0xf3/0x210 [ 197.894359][ T7976] ip6_output+0x235/0x7f0 [ 197.898707][ T7976] ? ip6_finish_output+0xdc0/0xdc0 [ 197.903834][ T7976] ? trace_hardirqs_on_caller+0x6a/0x220 [ 197.909493][ T7976] ? ip6_fragment+0x3980/0x3980 [ 197.914354][ T7976] ip6_local_out+0xc4/0x1b0 [ 197.918879][ T7976] ip6_send_skb+0xbb/0x350 [ 197.923309][ T7976] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 197.928800][ T7976] udpv6_sendmsg+0x21e3/0x28d0 [ 197.933605][ T7976] ? ip_reply_glue_bits+0xc0/0xc0 [ 197.938647][ T7976] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 197.944671][ T7976] ? trace_hardirqs_on_caller+0x6a/0x220 [ 197.950328][ T7976] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.955810][ T7976] ? aa_profile_af_perm+0x320/0x320 [ 197.961022][ T7976] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.966494][ T7976] ? retint_kernel+0x2d/0x2d [ 197.971135][ T7976] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 197.976718][ T7976] inet_sendmsg+0x147/0x5e0 [ 197.981242][ T7976] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 197.987261][ T7976] ? inet_sendmsg+0x147/0x5e0 [ 197.991952][ T7976] ? ipip_gro_receive+0x100/0x100 [ 197.997036][ T7976] sock_sendmsg+0xdd/0x130 [ 198.001484][ T7976] ___sys_sendmsg+0x3e2/0x930 [ 198.006189][ T7976] ? copy_msghdr_from_user+0x430/0x430 [ 198.011670][ T7976] ? lock_downgrade+0x880/0x880 [ 198.016522][ T7976] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 198.022784][ T7976] ? kasan_check_read+0x11/0x20 [ 198.027680][ T7976] ? __fget+0x381/0x550 [ 198.031853][ T7976] ? ksys_dup3+0x3e0/0x3e0 [ 198.036288][ T7976] ? __fget_light+0x1a9/0x230 [ 198.040974][ T7976] ? __fdget+0x1b/0x20 [ 198.045058][ T7976] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.051337][ T7976] ? sockfd_lookup_light+0xcb/0x180 [ 198.056549][ T7976] __sys_sendmmsg+0x1bf/0x4d0 [ 198.061234][ T7976] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 198.066293][ T7976] ? trace_hardirqs_on_caller+0x6a/0x220 [ 198.071963][ T7976] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.077476][ T7976] ? retint_kernel+0x2d/0x2d [ 198.082121][ T7976] __x64_sys_sendmmsg+0x9d/0x100 [ 198.087108][ T7976] do_syscall_64+0x103/0x610 [ 198.091710][ T7976] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.097642][ T7976] RIP: 0033:0x4582b9 [ 198.101588][ T7976] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 198.121212][ T7976] RSP: 002b:00007feed8756c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 198.129770][ T7976] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 198.137849][ T7976] RDX: 08000000000000fc RSI: 0000000020005fc0 RDI: 0000000000000007 [ 198.145840][ T7976] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 198.153834][ T7976] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feed87576d4 [ 198.162010][ T7976] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 198.170027][ T7974] CPU: 1 PID: 7974 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 198.172962][ T7899] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.179084][ T7974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 198.179104][ T7974] Call Trace: [ 198.186338][ T7899] bridge0: port 1(bridge_slave_0) entered forwarding state [ 198.196349][ T7974] dump_stack+0x172/0x1f0 [ 198.196373][ T7974] __this_cpu_preempt_check+0x246/0x270 [ 198.196395][ T7974] ip6_finish_output+0x335/0xdc0 [ 198.196429][ T7974] ip6_output+0x235/0x7f0 [ 198.200401][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 198.206957][ T7974] ? ip6_finish_output+0xdc0/0xdc0 [ 198.206979][ T7974] ? ip6_fragment+0x3980/0x3980 [ 198.207004][ T7974] ? ip_reply_glue_bits+0xc0/0xc0 [ 198.212391][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 198.216889][ T7974] ip6_local_out+0xc4/0x1b0 [ 198.222347][ T7899] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.226283][ T7974] ip6_send_skb+0xbb/0x350 [ 198.234489][ T7899] bridge0: port 2(bridge_slave_1) entered forwarding state [ 198.239542][ T7974] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 198.245036][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 198.249469][ T7974] udpv6_sendmsg+0x21e3/0x28d0 [ 198.258631][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 198.262108][ T7974] ? ip_reply_glue_bits+0xc0/0xc0 [ 198.262135][ T7974] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 198.262156][ T7974] ? aa_profile_af_perm+0x320/0x320 [ 198.262173][ T7974] ? __might_fault+0x12b/0x1e0 [ 198.262188][ T7974] ? find_held_lock+0x35/0x130 [ 198.262205][ T7974] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.262238][ T7974] ? rw_copy_check_uvector+0x2a6/0x330 [ 198.271456][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 198.273757][ T7974] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 198.282051][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 198.286519][ T7974] inet_sendmsg+0x147/0x5e0 [ 198.295336][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 198.299267][ T7974] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 198.319811][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 198.324043][ T7974] ? inet_sendmsg+0x147/0x5e0 [ 198.324061][ T7974] ? ipip_gro_receive+0x100/0x100 [ 198.324079][ T7974] sock_sendmsg+0xdd/0x130 [ 198.324097][ T7974] ___sys_sendmsg+0x3e2/0x930 [ 198.324115][ T7974] ? copy_msghdr_from_user+0x430/0x430 [ 198.324135][ T7974] ? __lock_acquire+0x548/0x3fb0 [ 198.324147][ T7974] ? lock_downgrade+0x880/0x880 [ 198.324162][ T7974] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 198.324191][ T7974] ? kasan_check_read+0x11/0x20 [ 198.334131][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 198.340159][ T7974] ? __might_fault+0x12b/0x1e0 [ 198.347488][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 198.353599][ T7974] ? find_held_lock+0x35/0x130 [ 198.353616][ T7974] ? __might_fault+0x12b/0x1e0 [ 198.353635][ T7974] ? lock_downgrade+0x880/0x880 [ 198.353657][ T7974] ? ___might_sleep+0x163/0x280 [ 198.353672][ T7974] __sys_sendmmsg+0x1bf/0x4d0 [ 198.353690][ T7974] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 198.353713][ T7974] ? _copy_to_user+0xc9/0x120 [ 198.353730][ T7974] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.353745][ T7974] ? put_timespec64+0xda/0x140 [ 198.353758][ T7974] ? nsecs_to_jiffies+0x30/0x30 [ 198.353782][ T7974] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.353795][ T7974] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.353810][ T7974] ? do_syscall_64+0x26/0x610 [ 198.353825][ T7974] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.353838][ T7974] ? do_syscall_64+0x26/0x610 [ 198.353854][ T7974] __x64_sys_sendmmsg+0x9d/0x100 [ 198.353868][ T7974] do_syscall_64+0x103/0x610 [ 198.353883][ T7974] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.353895][ T7974] RIP: 0033:0x4582b9 [ 198.353910][ T7974] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 198.353917][ T7974] RSP: 002b:00007feed8798c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 198.353939][ T7974] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 198.353946][ T7974] RDX: 08000000000000fc RSI: 0000000020005fc0 RDI: 0000000000000004 [ 198.353952][ T7974] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 198.353959][ T7974] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feed87996d4 [ 198.353965][ T7974] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 198.368721][ T7974] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7974 [ 198.379029][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 198.380656][ T7974] caller is ip6_finish_output+0x335/0xdc0 [ 198.380680][ T7974] CPU: 1 PID: 7974 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 198.387436][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 198.394487][ T7974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 198.394494][ T7974] Call Trace: [ 198.394526][ T7974] dump_stack+0x172/0x1f0 [ 198.394548][ T7974] __this_cpu_preempt_check+0x246/0x270 [ 198.394568][ T7974] ip6_finish_output+0x335/0xdc0 [ 198.394588][ T7974] ip6_output+0x235/0x7f0 [ 198.394607][ T7974] ? ip6_finish_output+0xdc0/0xdc0 [ 198.394628][ T7974] ? ip6_fragment+0x3980/0x3980 [ 198.394645][ T7974] ? ip_reply_glue_bits+0xc0/0xc0 [ 198.394666][ T7974] ip6_local_out+0xc4/0x1b0 [ 198.394690][ T7974] ip6_send_skb+0xbb/0x350 [ 198.429868][ T7902] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 198.435107][ T7974] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 198.435131][ T7974] udpv6_sendmsg+0x21e3/0x28d0 [ 198.435149][ T7974] ? ip_reply_glue_bits+0xc0/0xc0 [ 198.435169][ T7974] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 198.435191][ T7974] ? aa_profile_af_perm+0x320/0x320 [ 198.435207][ T7974] ? __might_fault+0x12b/0x1e0 [ 198.435221][ T7974] ? find_held_lock+0x35/0x130 [ 198.435238][ T7974] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.435256][ T7974] ? rw_copy_check_uvector+0x2a6/0x330 [ 198.435299][ T7974] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 198.435318][ T7974] inet_sendmsg+0x147/0x5e0 [ 198.435330][ T7974] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 198.435340][ T7974] ? inet_sendmsg+0x147/0x5e0 [ 198.435352][ T7974] ? ipip_gro_receive+0x100/0x100 [ 198.435370][ T7974] sock_sendmsg+0xdd/0x130 [ 198.435385][ T7974] ___sys_sendmsg+0x3e2/0x930 [ 198.435403][ T7974] ? copy_msghdr_from_user+0x430/0x430 [ 198.435439][ T7974] ? __lock_acquire+0x548/0x3fb0 [ 198.435462][ T7974] ? lock_downgrade+0x880/0x880 [ 198.448155][ T7974] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 198.479998][ T7974] ? kasan_check_read+0x11/0x20 [ 198.480017][ T7974] ? __might_fault+0x12b/0x1e0 [ 198.480031][ T7974] ? find_held_lock+0x35/0x130 [ 198.480041][ T7974] ? __might_fault+0x12b/0x1e0 [ 198.480058][ T7974] ? lock_downgrade+0x880/0x880 [ 198.480080][ T7974] ? ___might_sleep+0x163/0x280 [ 198.490176][ T7974] __sys_sendmmsg+0x1bf/0x4d0 [ 198.490207][ T7974] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 198.500754][ T7976] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7976 [ 198.501160][ T7974] ? _copy_to_user+0xc9/0x120 [ 198.506097][ T7976] caller is ip6_finish_output+0x335/0xdc0 [ 198.510880][ T7974] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.510895][ T7974] ? put_timespec64+0xda/0x140 [ 198.510909][ T7974] ? nsecs_to_jiffies+0x30/0x30 [ 198.510941][ T7974] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.510957][ T7974] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.510972][ T7974] ? do_syscall_64+0x26/0x610 [ 198.510988][ T7974] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.511002][ T7974] ? do_syscall_64+0x26/0x610 [ 198.511025][ T7974] __x64_sys_sendmmsg+0x9d/0x100 [ 198.937166][ T7974] do_syscall_64+0x103/0x610 [ 198.941784][ T7974] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.947703][ T7974] RIP: 0033:0x4582b9 [ 198.951616][ T7974] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 198.971234][ T7974] RSP: 002b:00007feed8798c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 198.979757][ T7974] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 198.987755][ T7974] RDX: 08000000000000fc RSI: 0000000020005fc0 RDI: 0000000000000004 [ 198.995749][ T7974] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 199.003743][ T7974] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feed87996d4 [ 199.011735][ T7974] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 199.020021][ T7976] CPU: 0 PID: 7976 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 199.029082][ T7976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.039156][ T7976] Call Trace: [ 199.042488][ T7976] dump_stack+0x172/0x1f0 [ 199.046845][ T7976] __this_cpu_preempt_check+0x246/0x270 [ 199.052434][ T7976] ip6_finish_output+0x335/0xdc0 [ 199.057406][ T7976] ip6_output+0x235/0x7f0 [ 199.061778][ T7976] ? ip6_finish_output+0xdc0/0xdc0 [ 199.066920][ T7976] ? ip6_fragment+0x3980/0x3980 [ 199.071833][ T7976] ? ip_reply_glue_bits+0xc0/0xc0 [ 199.076901][ T7976] ip6_local_out+0xc4/0x1b0 [ 199.079150][ T7904] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 199.081527][ T7976] ip6_send_skb+0xbb/0x350 [ 199.081549][ T7976] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 199.081580][ T7976] udpv6_sendmsg+0x21e3/0x28d0 [ 199.097779][ T7904] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 199.101814][ T7976] ? ip_reply_glue_bits+0xc0/0xc0 [ 199.101840][ T7976] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 199.101863][ T7976] ? aa_profile_af_perm+0x320/0x320 [ 199.101878][ T7976] ? __might_fault+0x12b/0x1e0 [ 199.101894][ T7976] ? find_held_lock+0x35/0x130 [ 199.101920][ T7976] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.122435][ T7904] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 199.128035][ T7976] ? rw_copy_check_uvector+0x2a6/0x330 [ 199.128091][ T7976] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 199.138107][ T7976] inet_sendmsg+0x147/0x5e0 [ 199.138127][ T7976] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 199.138139][ T7976] ? inet_sendmsg+0x147/0x5e0 [ 199.138160][ T7976] ? ipip_gro_receive+0x100/0x100 [ 199.187167][ T7976] sock_sendmsg+0xdd/0x130 [ 199.191603][ T7976] ___sys_sendmsg+0x3e2/0x930 [ 199.191623][ T7976] ? copy_msghdr_from_user+0x430/0x430 [ 199.191643][ T7976] ? __lock_acquire+0x548/0x3fb0 [ 199.191654][ T7976] ? lock_downgrade+0x880/0x880 [ 199.191680][ T7976] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.210773][ T7974] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7974 [ 199.211612][ T7976] ? kasan_check_read+0x11/0x20 [ 199.211634][ T7976] ? __might_fault+0x12b/0x1e0 [ 199.217877][ T7974] caller is ip6_finish_output+0x335/0xdc0 [ 199.227242][ T7976] ? find_held_lock+0x35/0x130 [ 199.227259][ T7976] ? __might_fault+0x12b/0x1e0 [ 199.227278][ T7976] ? lock_downgrade+0x880/0x880 [ 199.227300][ T7976] ? ___might_sleep+0x163/0x280 [ 199.227317][ T7976] __sys_sendmmsg+0x1bf/0x4d0 [ 199.227339][ T7976] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 199.271777][ T7976] ? trace_hardirqs_on_caller+0x6a/0x220 [ 199.277446][ T7976] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.282969][ T7976] ? retint_kernel+0x2d/0x2d [ 199.287590][ T7976] __x64_sys_sendmmsg+0x9d/0x100 [ 199.292566][ T7976] do_syscall_64+0x103/0x610 [ 199.297186][ T7976] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.303111][ T7976] RIP: 0033:0x4582b9 [ 199.307006][ T7976] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.326631][ T7976] RSP: 002b:00007feed8756c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 199.335070][ T7976] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 199.343053][ T7976] RDX: 08000000000000fc RSI: 0000000020005fc0 RDI: 0000000000000007 [ 199.351048][ T7976] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 199.359120][ T7976] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feed87576d4 [ 199.367114][ T7976] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 199.375139][ T7974] CPU: 1 PID: 7974 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 199.381640][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 199.384212][ T7974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.384240][ T7974] Call Trace: [ 199.404279][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 199.404772][ T7974] dump_stack+0x172/0x1f0 [ 199.416487][ T7974] __this_cpu_preempt_check+0x246/0x270 [ 199.421090][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 199.422542][ T7974] ip6_finish_output+0x335/0xdc0 [ 199.434714][ T7974] ip6_output+0x235/0x7f0 [ 199.436235][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 199.439068][ T7974] ? ip6_finish_output+0xdc0/0xdc0 [ 199.447057][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 199.451352][ T7974] ? ip6_fragment+0x3980/0x3980 [ 199.451371][ T7974] ? ip_reply_glue_bits+0xc0/0xc0 [ 199.451402][ T7974] ip6_local_out+0xc4/0x1b0 [ 199.451434][ T7974] ip6_send_skb+0xbb/0x350 [ 199.451456][ T7974] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 199.451489][ T7974] udpv6_sendmsg+0x21e3/0x28d0 [ 199.451504][ T7974] ? ip_reply_glue_bits+0xc0/0xc0 [ 199.451524][ T7974] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 199.451545][ T7974] ? aa_profile_af_perm+0x320/0x320 [ 199.451561][ T7974] ? __might_fault+0x12b/0x1e0 [ 199.451575][ T7974] ? find_held_lock+0x35/0x130 [ 199.451592][ T7974] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.451608][ T7974] ? rw_copy_check_uvector+0x2a6/0x330 [ 199.451648][ T7974] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 199.451663][ T7974] inet_sendmsg+0x147/0x5e0 [ 199.451675][ T7974] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 199.451685][ T7974] ? inet_sendmsg+0x147/0x5e0 [ 199.451698][ T7974] ? ipip_gro_receive+0x100/0x100 [ 199.451715][ T7974] sock_sendmsg+0xdd/0x130 [ 199.451733][ T7974] ___sys_sendmsg+0x3e2/0x930 [ 199.451752][ T7974] ? copy_msghdr_from_user+0x430/0x430 [ 199.451770][ T7974] ? __lock_acquire+0x548/0x3fb0 [ 199.451782][ T7974] ? lock_downgrade+0x880/0x880 [ 199.451795][ T7974] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.451816][ T7974] ? kasan_check_read+0x11/0x20 [ 199.451835][ T7974] ? __might_fault+0x12b/0x1e0 [ 199.451850][ T7974] ? find_held_lock+0x35/0x130 [ 199.451865][ T7974] ? __might_fault+0x12b/0x1e0 [ 199.451887][ T7974] ? lock_downgrade+0x880/0x880 [ 199.451912][ T7974] ? ___might_sleep+0x163/0x280 [ 199.451938][ T7974] __sys_sendmmsg+0x1bf/0x4d0 [ 199.451971][ T7974] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 199.451998][ T7974] ? _copy_to_user+0xc9/0x120 [ 199.452014][ T7974] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.452028][ T7974] ? put_timespec64+0xda/0x140 [ 199.452051][ T7974] ? nsecs_to_jiffies+0x30/0x30 [ 199.467881][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 199.470040][ T7974] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.475296][ T7899] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.479030][ T7974] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.484598][ T7899] bridge0: port 1(bridge_slave_0) entered forwarding state [ 199.489271][ T7974] ? do_syscall_64+0x26/0x610 [ 199.509499][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 199.510235][ T7974] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.510254][ T7974] ? do_syscall_64+0x26/0x610 [ 199.510276][ T7974] __x64_sys_sendmmsg+0x9d/0x100 [ 199.527840][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 199.532293][ T7974] do_syscall_64+0x103/0x610 [ 199.532315][ T7974] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.532326][ T7974] RIP: 0033:0x4582b9 [ 199.532342][ T7974] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.532348][ T7974] RSP: 002b:00007feed8798c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 199.532361][ T7974] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 199.532369][ T7974] RDX: 08000000000000fc RSI: 0000000020005fc0 RDI: 0000000000000004 [ 199.532376][ T7974] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 199.532384][ T7974] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feed87996d4 [ 199.532392][ T7974] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 199.581900][ T7974] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7974 [ 199.589924][ T7899] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.593618][ T7974] caller is ip6_finish_output+0x335/0xdc0 [ 199.598408][ T7899] bridge0: port 2(bridge_slave_1) entered forwarding state [ 199.603226][ T7974] CPU: 1 PID: 7974 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 199.614956][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 199.617679][ T7974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.617685][ T7974] Call Trace: [ 199.617714][ T7974] dump_stack+0x172/0x1f0 [ 199.617740][ T7974] __this_cpu_preempt_check+0x246/0x270 [ 199.617766][ T7974] ip6_finish_output+0x335/0xdc0 [ 199.625342][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 199.627488][ T7974] ip6_output+0x235/0x7f0 [ 199.627511][ T7974] ? ip6_finish_output+0xdc0/0xdc0 [ 199.627535][ T7974] ? ip6_fragment+0x3980/0x3980 [ 199.644020][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 199.651503][ T7974] ? ip_reply_glue_bits+0xc0/0xc0 [ 199.651525][ T7974] ip6_local_out+0xc4/0x1b0 [ 199.651548][ T7974] ip6_send_skb+0xbb/0x350 [ 199.651569][ T7974] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 199.651590][ T7974] udpv6_sendmsg+0x21e3/0x28d0 [ 199.651604][ T7974] ? ip_reply_glue_bits+0xc0/0xc0 [ 199.651624][ T7974] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 199.651646][ T7974] ? aa_profile_af_perm+0x320/0x320 [ 199.651664][ T7974] ? __might_fault+0x12b/0x1e0 [ 199.651679][ T7974] ? find_held_lock+0x35/0x130 [ 199.651695][ T7974] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.651711][ T7974] ? rw_copy_check_uvector+0x2a6/0x330 [ 199.651753][ T7974] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 199.651771][ T7974] inet_sendmsg+0x147/0x5e0 [ 199.651782][ T7974] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 199.651792][ T7974] ? inet_sendmsg+0x147/0x5e0 [ 199.651804][ T7974] ? ipip_gro_receive+0x100/0x100 [ 199.651820][ T7974] sock_sendmsg+0xdd/0x130 [ 199.651835][ T7974] ___sys_sendmsg+0x3e2/0x930 [ 199.651851][ T7974] ? copy_msghdr_from_user+0x430/0x430 [ 199.651867][ T7974] ? __lock_acquire+0x548/0x3fb0 [ 199.651880][ T7974] ? lock_downgrade+0x880/0x880 [ 199.651893][ T7974] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.651920][ T7974] ? kasan_check_read+0x11/0x20 [ 199.664740][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 199.669886][ T7974] ? __might_fault+0x12b/0x1e0 [ 199.669906][ T7974] ? find_held_lock+0x35/0x130 [ 199.669933][ T7974] ? __might_fault+0x12b/0x1e0 [ 199.684419][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 199.689905][ T7974] ? lock_downgrade+0x880/0x880 [ 199.689938][ T7974] ? ___might_sleep+0x163/0x280 [ 199.689957][ T7974] __sys_sendmmsg+0x1bf/0x4d0 [ 199.689977][ T7974] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 199.690004][ T7974] ? _copy_to_user+0xc9/0x120 [ 199.699770][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 199.700783][ T7974] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.700800][ T7974] ? put_timespec64+0xda/0x140 [ 199.700814][ T7974] ? nsecs_to_jiffies+0x30/0x30 [ 199.700840][ T7974] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.700857][ T7974] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.700872][ T7974] ? do_syscall_64+0x26/0x610 [ 199.700889][ T7974] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.700912][ T7974] ? do_syscall_64+0x26/0x610 [ 199.713474][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 199.713859][ T7974] __x64_sys_sendmmsg+0x9d/0x100 [ 199.719209][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 199.724351][ T7974] do_syscall_64+0x103/0x610 [ 199.724374][ T7974] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.724388][ T7974] RIP: 0033:0x4582b9 [ 199.724405][ T7974] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.724413][ T7974] RSP: 002b:00007feed8798c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 199.724427][ T7974] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 199.724436][ T7974] RDX: 08000000000000fc RSI: 0000000020005fc0 RDI: 0000000000000004 [ 199.724444][ T7974] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 199.724451][ T7974] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feed87996d4 [ 199.724459][ T7974] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 199.733194][ T7974] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7974 [ 199.755012][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 199.756760][ T7974] caller is ip6_finish_output+0x335/0xdc0 [ 199.766828][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 199.772909][ T7974] CPU: 1 PID: 7974 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 199.772919][ T7974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.772932][ T7974] Call Trace: [ 199.772961][ T7974] dump_stack+0x172/0x1f0 [ 199.772986][ T7974] __this_cpu_preempt_check+0x246/0x270 [ 199.773016][ T7974] ip6_finish_output+0x335/0xdc0 [ 199.788487][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 199.789021][ T7974] ip6_output+0x235/0x7f0 [ 200.313981][ T7974] ? ip6_finish_output+0xdc0/0xdc0 [ 200.319139][ T7974] ? ip6_fragment+0x3980/0x3980 [ 200.324025][ T7974] ? ip_reply_glue_bits+0xc0/0xc0 [ 200.329087][ T7974] ip6_local_out+0xc4/0x1b0 [ 200.333654][ T7974] ip6_send_skb+0xbb/0x350 [ 200.338100][ T7974] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 200.343606][ T7974] udpv6_sendmsg+0x21e3/0x28d0 [ 200.348414][ T7974] ? ip_reply_glue_bits+0xc0/0xc0 [ 200.353497][ T7974] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 200.359514][ T7974] ? aa_profile_af_perm+0x320/0x320 [ 200.364725][ T7974] ? __might_fault+0x12b/0x1e0 [ 200.369509][ T7974] ? find_held_lock+0x35/0x130 [ 200.374334][ T7974] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.380726][ T7974] ? rw_copy_check_uvector+0x2a6/0x330 [ 200.386258][ T7974] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 200.391818][ T7974] inet_sendmsg+0x147/0x5e0 [ 200.396336][ T7974] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 200.402335][ T7974] ? inet_sendmsg+0x147/0x5e0 [ 200.407031][ T7974] ? ipip_gro_receive+0x100/0x100 [ 200.412068][ T7974] sock_sendmsg+0xdd/0x130 [ 200.416489][ T7974] ___sys_sendmsg+0x3e2/0x930 [ 200.421178][ T7974] ? copy_msghdr_from_user+0x430/0x430 [ 200.426659][ T7974] ? __lock_acquire+0x548/0x3fb0 [ 200.431612][ T7974] ? lock_downgrade+0x880/0x880 [ 200.436479][ T7974] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 200.442737][ T7974] ? kasan_check_read+0x11/0x20 [ 200.447646][ T7974] ? __might_fault+0x12b/0x1e0 [ 200.452443][ T7974] ? find_held_lock+0x35/0x130 [ 200.457227][ T7974] ? __might_fault+0x12b/0x1e0 [ 200.462008][ T7974] ? lock_downgrade+0x880/0x880 [ 200.466869][ T7974] ? ___might_sleep+0x163/0x280 [ 200.471739][ T7974] __sys_sendmmsg+0x1bf/0x4d0 [ 200.476468][ T7974] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 200.481546][ T7974] ? _copy_to_user+0xc9/0x120 [ 200.486352][ T7974] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.492617][ T7974] ? put_timespec64+0xda/0x140 [ 200.497407][ T7974] ? nsecs_to_jiffies+0x30/0x30 [ 200.502307][ T7974] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.507794][ T7974] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.513274][ T7974] ? do_syscall_64+0x26/0x610 [ 200.517964][ T7974] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.524060][ T7974] ? do_syscall_64+0x26/0x610 [ 200.528749][ T7974] __x64_sys_sendmmsg+0x9d/0x100 [ 200.533720][ T7974] do_syscall_64+0x103/0x610 [ 200.538342][ T7974] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.544253][ T7974] RIP: 0033:0x4582b9 [ 200.548179][ T7974] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 200.567804][ T7974] RSP: 002b:00007feed8798c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 200.576234][ T7974] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 200.584242][ T7974] RDX: 08000000000000fc RSI: 0000000020005fc0 RDI: 0000000000000004 [ 200.592259][ T7974] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 200.600267][ T7974] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feed87996d4 [ 200.608258][ T7974] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 200.631750][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 200.639910][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 200.655409][ T7897] 8021q: adding VLAN 0 to HW filter on device batadv0 22:53:12 executing program 3: syz_mount_image$btrfs(&(0x7f00000024c0)='btrfs\x00', &(0x7f0000002500)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 22:53:12 executing program 1: flistxattr(0xffffffffffffffff, &(0x7f00000000c0)=""/9, 0x9) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5) ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f00000001c0)={0x10001, 0x568f, 0xfffffffffffffffd, 0x8, 0x18, 0x3, 0x7ff, 0x0, 0x8, 0x7, 0x9865}) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(0xffffffffffffffff, 0x40485404, &(0x7f0000000140)={{0xffffffffffffffff, 0x1, 0x6, 0x1, 0x2}, 0x1, 0x101}) futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, &(0x7f0000048000), 0x0) prctl$PR_GET_FPEXC(0xb, 0x0) syz_genetlink_get_family_id$tipc2(0x0) clock_gettime(0x1, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000500)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8c4', 0x2761, 0x0) write$cgroup_pid(r0, &(0x7f0000000080), 0xfffffe38) r1 = perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x660c, 0x0) write$P9_RSTAT(r0, 0x0, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000280)) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x80000000002172, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000120000/0x3000)=nil, 0x3000, 0x2000, 0x0, &(0x7f0000ffc000/0x2000)=nil) syz_open_procfs(0x0, &(0x7f0000001100)='numa_maps\x00') dup(0xffffffffffffffff) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0xffffffffffffffff, 0x4002091, r1, 0x0) ioctl$DRM_IOCTL_CONTROL(0xffffffffffffffff, 0x40086414, &(0x7f0000000340)={0x2, 0x3f}) ioctl$TIOCSLCKTRMIOS(0xffffffffffffffff, 0x5457, &(0x7f0000000200)) request_key(&(0x7f0000000380)='id_resolver\x00', 0x0, 0x0, 0xfffffffffffffffa) add_key$user(&(0x7f0000000680)='user\x00', &(0x7f0000000240)={'syz', 0x0}, &(0x7f00000002c0)="44ddb9421ebbfd90dc3cdfd5ebcfa4bbaecdf0e9ceade6216ef75ddc224b4f89c7c70940168dca009c2bd8e0b75761acf03435919d1b5f19864f30ff4415313623", 0x41, 0x0) 22:53:12 executing program 0: pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf64(r1, &(0x7f0000000200)=ANY=[], 0xfffffde0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null-generic\x00'}, 0x58) add_key(0x0, &(0x7f0000000040)={'syz'}, 0x0, 0x0, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x0) add_key(&(0x7f0000000540)='id_resolver\x00', &(0x7f0000000580)={'syz', 0x1}, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x20000000003, 0x0) 22:53:12 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0x3, 0x2) ioctl$TIOCSLCKTRMIOS(r2, 0x5457, &(0x7f0000000080)) openat$vfio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vfio/vfio\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r0) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x80, 0x0) 22:53:12 executing program 4: sendmmsg(0xffffffffffffffff, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=[{0x10}], 0x10}}], 0x1, 0x0) r0 = socket$inet(0x2, 0x3, 0x81) sendmmsg(r0, &(0x7f00000038c0)=[{{&(0x7f0000000040)=@nl=@unspec, 0x80, &(0x7f0000000100), 0x0, &(0x7f0000000380)}}, {{&(0x7f0000000400)=@in={0x2, 0x0, @local}, 0x80, &(0x7f0000000240), 0x0, &(0x7f0000000480), 0x1400}}], 0x2, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) 22:53:12 executing program 2: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x40042409, 0xffffffffffffffff) [ 200.925421][ T8007] raw_sendmsg: syz-executor.4 forgot to set AF_INET. Fix it! 22:53:12 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) rt_sigqueueinfo(r0, 0x0, 0x0) 22:53:12 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x3, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r1, 0x84, 0x11, 0x0, 0x0) close(r1) close(r0) 22:53:12 executing program 5: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000000), 0x0, &(0x7f0000000180)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) wait4(0x0, 0x0, 0x40000001, 0x0) 22:53:12 executing program 3: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) exit(0x0) r1 = dup2(r0, r0) write$P9_RGETLOCK(r1, 0x0, 0x0) 22:53:12 executing program 5: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x3, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r1, 0x84, 0x10, 0x0, 0x0) close(r1) close(r0) 22:53:12 executing program 2: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sync() r0 = syz_open_dev$vbi(0x0, 0xffffffffffffffff, 0x2) getsockname$unix(r0, 0x0, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000002c0)=""/246) r2 = memfd_create(&(0x7f0000000280)='^\x00', 0x0) pwritev(r2, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) sendfile(r1, r2, 0x0, 0x102002700) syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x0, 0x2000) 22:53:12 executing program 4: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) exit(0x0) syz_execute_func(&(0x7f0000000080)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dcc6f") sendfile(r0, r0, 0x0, 0xffff) 22:53:13 executing program 1: sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000440)='/proc/capi/capi20ncci\x00', 0x0, 0x0) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r0) 22:53:13 executing program 0: pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf64(r1, &(0x7f0000000200)=ANY=[], 0xfffffde0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null-generic\x00'}, 0x58) add_key(0x0, &(0x7f0000000040)={'syz'}, 0x0, 0x0, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x0) add_key(&(0x7f0000000540)='id_resolver\x00', &(0x7f0000000580)={'syz', 0x1}, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x20000000003, 0x0) 22:53:13 executing program 5: r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1, 0x0) ioctl$int_in(r0, 0x80000080044df9, &(0x7f0000000100)) 22:53:13 executing program 2: madvise(&(0x7f00001a2000/0xc00000)=nil, 0xc00000, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x4000, 0x0) preadv(r0, &(0x7f0000000040)=[{&(0x7f0000000400)=""/4096, 0xffc00}], 0x1, 0x0) 22:53:13 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="13000000320081aee4050cecdb4cb9040a485e", 0x13}], 0x1}, 0x0) 22:53:13 executing program 2: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) mmap(&(0x7f0000077000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000077000/0x3000)=nil, 0x3000}, &(0x7f0000000080)=0x10) 22:53:13 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) exit(0x0) syz_execute_func(&(0x7f0000000080)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dcc6f") r1 = dup2(r0, r0) write$P9_RLOPEN(r1, 0x0, 0x0) 22:53:13 executing program 3: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) clock_gettime(0x2, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000080)=ANY=[@ANYBLOB="0387a17f2c7e053c1c00"], 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000200), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000000), 0x0, &(0x7f0000000180)={0x0, 0x1c9c380}, 0x8) ioctl$TIOCGETD(r1, 0x5424, 0x0) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) r3 = perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r3, 0x2405, 0xffffffffffffffff) ptrace(0x10, 0x0) wait4(0x0, 0x0, 0x2000000a, &(0x7f0000000a40)) wait4(r2, &(0x7f0000000540), 0x0, 0x0) 22:53:13 executing program 5: openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$vnet(0xffffffffffffffff, 0x0, 0x0) pipe2(&(0x7f0000000000), 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040), 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) setsockopt$inet_sctp6_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, &(0x7f0000000380)=ANY=[@ANYBLOB="0400730038d7f1"], 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 22:53:13 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x3, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r1, 0x84, 0xc, &(0x7f0000000040), 0x4) close(r1) close(r0) 22:53:13 executing program 4: clone(0x200003182001ff2, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet6(0xa, 0x0, 0x0) 22:53:13 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000280)={0x7b, 0x0, [0x4b564d03, 0x1]}) ioctl$KVM_INTERRUPT(r3, 0x4004ae86, &(0x7f0000000100)) 22:53:13 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="020a040007000000ebff0fdf333f220005001a00050000000005d972d0eac686598d0800ff7f00eb55c2991ea038687d7c01b3060002000000"], 0x39}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x20, 0x0) 22:53:13 executing program 0: pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf64(r1, &(0x7f0000000200)=ANY=[], 0xfffffde0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null-generic\x00'}, 0x58) add_key(0x0, &(0x7f0000000040)={'syz'}, 0x0, 0x0, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x0) add_key(&(0x7f0000000540)='id_resolver\x00', &(0x7f0000000580)={'syz', 0x1}, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x20000000003, 0x0) 22:53:14 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 0x20000005401}) 22:53:14 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) setsockopt$IP_VS_SO_SET_EDIT(0xffffffffffffffff, 0x0, 0x483, 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0) mmap(&(0x7f0000077000/0x4000)=nil, 0x4000, 0x1000000, 0x12, r1, 0x0) connect$inet(r1, &(0x7f00000004c0)={0x2, 0x4e20, @empty}, 0x10) syz_genetlink_get_family_id$team(0x0) accept$packet(0xffffffffffffffff, 0x0, 0x0) accept4$packet(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) accept(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000077000/0x3000)=nil, 0x3000}, &(0x7f0000000080)=0x10) 22:53:14 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000280)={0x7b, 0x0, [0x4b564d03, 0x1]}) ioctl$KVM_INTERRUPT(r3, 0x4004ae86, &(0x7f0000000100)) 22:53:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x4c, 0x0, &(0x7f0000000700)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000480)=[@flat={0x73622a85}], 0x0}, 0x2}}], 0x0, 0x0, 0x0}) [ 202.655649][ T8142] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 202.731579][ T8146] binder: 8145:8146 transaction failed 29189/-22, size 24-0 line 2995 [ 202.774522][ T7899] binder: undelivered TRANSACTION_ERROR: 29189 22:53:14 executing program 1: r0 = socket$unix(0x1, 0x1, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x1d) r1 = socket$unix(0x1, 0x1, 0x0) fsetxattr$security_smack_entry(0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffd2c, 0x0) bind$unix(r1, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) getgid() listen(r1, 0x0) accept(0xffffffffffffffff, 0x0, 0x0) r2 = accept4$unix(r1, 0x0, 0x0, 0x0) connect$unix(r0, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) lstat(0x0, 0x0) lstat(0x0, 0x0) stat(0x0, 0x0) setresuid(0x0, 0x0, 0x0) write(r2, 0x0, 0x0) 22:53:14 executing program 5: write$vnet(0xffffffffffffffff, &(0x7f00000000c0)={0x1, {0x0, 0x0, 0x0, 0x0, 0x4000000000000007}}, 0x321) pipe2(&(0x7f0000000000), 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040), 0xc, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) setsockopt$inet_sctp6_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, &(0x7f0000000380)=ANY=[@ANYBLOB="0400730038d7f1"], 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 22:53:14 executing program 4: r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000080)) ioctl$int_in(r0, 0x800000c0045009, &(0x7f00000000c0)=0xffffffffc) 22:53:14 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) r1 = socket$inet_dccp(0x2, 0x6, 0x0) listen(r0, 0x6) connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10) sendmmsg(r1, &(0x7f0000000040)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[{0x10}], 0x10}}], 0x1, 0x0) 22:53:14 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000280)={0x7b, 0x0, [0x4b564d03, 0x1]}) ioctl$KVM_INTERRUPT(r3, 0x4004ae86, &(0x7f0000000100)) 22:53:14 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) dup2(r1, r2) 22:53:14 executing program 4: r0 = syz_open_dev$usbmon(&(0x7f0000000340)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r0, 0x9201, 0x0) 22:53:14 executing program 0: pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf64(r1, &(0x7f0000000200)=ANY=[], 0xfffffde0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null-generic\x00'}, 0x58) add_key(0x0, &(0x7f0000000040)={'syz'}, 0x0, 0x0, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x0) add_key(&(0x7f0000000540)='id_resolver\x00', &(0x7f0000000580)={'syz', 0x1}, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r3, 0x0, 0x20000000003, 0x0) 22:53:14 executing program 1: sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x1) r0 = perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x1) close(r0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xde8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, 0x0) 22:53:14 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @rand_addr="46cb6f493ab31ff6f741dccfc3f1d23f"}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f0000001e80)=[{{&(0x7f00000002c0)=@in={0x2, 0x4e21, @broadcast}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000070000000000031900320800"], 0x18}}], 0x1, 0x0) sendmmsg(r0, &(0x7f0000000440), 0x400000000000211, 0x810) 22:53:14 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$rds(r1, &(0x7f0000001f00)={0x0, 0x0, 0x0}, 0x0) 22:53:14 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000280)={0x7b, 0x0, [0x4b564d03, 0x1]}) ioctl$KVM_INTERRUPT(r3, 0x4004ae86, &(0x7f0000000100)) 22:53:14 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x163882) timer_settime(0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) dup2(r0, r1) 22:53:15 executing program 4: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) exit(0x0) syz_execute_func(&(0x7f0000000080)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dcc6f") r1 = dup2(r0, r0) write$P9_RREAD(r1, 0x0, 0x0) 22:53:15 executing program 2: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sync() syz_open_dev$vbi(0x0, 0xffffffffffffffff, 0x2) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) r1 = memfd_create(&(0x7f0000000280)='^\x00', 0x0) pwritev(r1, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) sendfile(r0, r1, 0x0, 0x102002700) syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x0, 0x2000) 22:53:15 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000000100)=0x1, 0xfb) connect$inet(r0, &(0x7f0000000180), 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000040), 0x4) 22:53:15 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_INTERRUPT(r3, 0x4004ae86, &(0x7f0000000100)) 22:53:15 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) 22:53:15 executing program 5: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = inotify_init1(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000240)=""/148, 0x94}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='fdinfo/3\x00\xbf\xf8\r\xf4\xa3d\xe5\x92f9\xe1\xd4\xa1\xa4\xe0\x98\xeb\x03\xdbD\xfa^pU\xdd\xc2\xf4\xf9Z\xb7/\x92q\x80W]\xe5\xbc\xd4f\x87\xd7\x0fDU\x12\xd5\x8f\x82|\x9d\xa0}!6\xad\xb6q$\x8d\x1c\xa8S\xf8\x92}c\x8a\xe1C\a\xeb\x93\xd6\xb6.m\xee\x10\x16\xe5\xd4\x18O\x87\xe2\x95@x\xfa \x15\xbbZ5E\xf4\xfc\x15\xb4\x1b~\xee\xa9\x1c\xf8\xf0\x18\xda\xfcL\xc9\x96\x9fi\\') preadv(r1, &(0x7f0000000480), 0x1000000000000237, 0x0) inotify_add_watch(r0, &(0x7f0000000100)='./file0\x00', 0x4000000080000003) 22:53:15 executing program 0: pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf64(r1, &(0x7f0000000200)=ANY=[], 0xfffffde0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null-generic\x00'}, 0x58) add_key(0x0, &(0x7f0000000040)={'syz'}, 0x0, 0x0, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x0) add_key(&(0x7f0000000540)='id_resolver\x00', &(0x7f0000000580)={'syz', 0x1}, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r3, 0x0, 0x20000000003, 0x0) 22:53:16 executing program 1: sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x1) r0 = perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x1) close(r0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xde8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, 0x0) 22:53:16 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_INTERRUPT(r3, 0x4004ae86, &(0x7f0000000100)) 22:53:16 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001300ffff000000000000000005000000ae2eddd43f21f8f53dfffd3650b8e379bfb8bb04b0f75616886eb8f5f704847f02f0d51e0000000000000016c60f501263d20c0fbb090371d3971d6e39b10701dc0b9b8a87f240bc0eac9c339a0e49c6fd25eb9ef18742b1a959154ce6ceb5ef56c9dcf2246df6d6735bc0f64475a8c969cdb3e296102c9c4c9336d31ab793c0"], 0x1}}, 0x0) 22:53:16 executing program 5: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = inotify_init1(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000240)=""/148, 0x94}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='fdinfo/3\x00\xbf\xf8\r\xf4\xa3d\xe5\x92f9\xe1\xd4\xa1\xa4\xe0\x98\xeb\x03\xdbD\xfa^pU\xdd\xc2\xf4\xf9Z\xb7/\x92q\x80W]\xe5\xbc\xd4f\x87\xd7\x0fDU\x12\xd5\x8f\x82|\x9d\xa0}!6\xad\xb6q$\x8d\x1c\xa8S\xf8\x92}c\x8a\xe1C\a\xeb\x93\xd6\xb6.m\xee\x10\x16\xe5\xd4\x18O\x87\xe2\x95@x\xfa \x15\xbbZ5E\xf4\xfc\x15\xb4\x1b~\xee\xa9\x1c\xf8\xf0\x18\xda\xfcL\xc9\x96\x9fi\\') preadv(r1, &(0x7f0000000480), 0x1000000000000237, 0x0) inotify_add_watch(r0, &(0x7f0000000100)='./file0\x00', 0x4000000080000003) 22:53:16 executing program 4: 22:53:16 executing program 4: 22:53:16 executing program 0: pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf64(r1, &(0x7f0000000200)=ANY=[], 0xfffffde0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null-generic\x00'}, 0x58) add_key(0x0, &(0x7f0000000040)={'syz'}, 0x0, 0x0, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x0) add_key(&(0x7f0000000540)='id_resolver\x00', &(0x7f0000000580)={'syz', 0x1}, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r3, 0x0, 0x20000000003, 0x0) 22:53:16 executing program 4: 22:53:16 executing program 2: 22:53:16 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_INTERRUPT(r3, 0x4004ae86, &(0x7f0000000100)) 22:53:16 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) r1 = open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000000c0)) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000680)=ANY=[@ANYBLOB]) ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f00000001c0)=0x6) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x9}}, 0x0) 22:53:16 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000240)) close(r2) [ 205.320879][ T26] kauditd_printk_skb: 494 callbacks suppressed [ 205.320896][ T26] audit: type=1804 audit(1554677596.845:31): pid=8276 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir021934764/syzkaller.nx29V2/14/bus" dev="sda1" ino=16531 res=1 [ 205.426195][ T26] audit: type=1804 audit(1554677596.915:32): pid=8273 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir021934764/syzkaller.nx29V2/14/bus" dev="sda1" ino=16531 res=1 [ 205.489059][ T26] audit: type=1804 audit(1554677596.915:33): pid=8276 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir021934764/syzkaller.nx29V2/14/bus" dev="sda1" ino=16531 res=1 [ 205.524058][ T26] audit: type=1804 audit(1554677596.915:34): pid=8273 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir021934764/syzkaller.nx29V2/14/bus" dev="sda1" ino=16531 res=1 22:53:17 executing program 1: 22:53:17 executing program 2: 22:53:17 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000280)={0x7b, 0x0, [0x4b564d03, 0x1]}) ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000100)) 22:53:17 executing program 5: 22:53:17 executing program 4: 22:53:17 executing program 5: 22:53:17 executing program 0: pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf64(r1, &(0x7f0000000200)=ANY=[], 0xfffffde0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null-generic\x00'}, 0x58) add_key(0x0, &(0x7f0000000040)={'syz'}, 0x0, 0x0, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x0) add_key(&(0x7f0000000540)='id_resolver\x00', &(0x7f0000000580)={'syz', 0x1}, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r3, 0x0, 0x20000000003, 0x0) 22:53:17 executing program 4: 22:53:17 executing program 1: 22:53:17 executing program 2: 22:53:17 executing program 5: 22:53:17 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000280)={0x7b, 0x0, [0x4b564d03, 0x1]}) ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000100)) 22:53:17 executing program 1: 22:53:17 executing program 5: 22:53:17 executing program 2: 22:53:17 executing program 4: 22:53:17 executing program 5: 22:53:17 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000280)={0x7b, 0x0, [0x4b564d03, 0x1]}) ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000100)) 22:53:18 executing program 0: pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf64(r1, &(0x7f0000000200)=ANY=[], 0xfffffde0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null-generic\x00'}, 0x58) add_key(0x0, &(0x7f0000000040)={'syz'}, 0x0, 0x0, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x0) add_key(&(0x7f0000000540)='id_resolver\x00', &(0x7f0000000580)={'syz', 0x1}, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r3, 0x0, 0x20000000003, 0x0) 22:53:18 executing program 1: 22:53:18 executing program 4: 22:53:18 executing program 2: 22:53:18 executing program 5: 22:53:18 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000280)={0x7b, 0x0, [0x4b564d03, 0x1]}) ioctl$KVM_INTERRUPT(r3, 0x4004ae86, &(0x7f0000000100))