[ 38.277365][ T26] audit: type=1800 audit(1554698055.958:25): pid=7716 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 38.300699][ T26] audit: type=1800 audit(1554698055.958:26): pid=7716 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 38.300725][ T26] audit: type=1800 audit(1554698055.958:27): pid=7716 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 38.300755][ T26] audit: type=1800 audit(1554698055.958:28): pid=7716 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.32' (ECDSA) to the list of known hosts. 2019/04/08 04:34:27 fuzzer started 2019/04/08 04:34:30 dialing manager at 10.128.0.26:34543 2019/04/08 04:34:30 syscalls: 2408 2019/04/08 04:34:30 code coverage: enabled 2019/04/08 04:34:30 comparison tracing: enabled 2019/04/08 04:34:30 extra coverage: extra coverage is not supported by the kernel 2019/04/08 04:34:30 setuid sandbox: enabled 2019/04/08 04:34:30 namespace sandbox: enabled 2019/04/08 04:34:30 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/08 04:34:30 fault injection: enabled 2019/04/08 04:34:30 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/08 04:34:30 net packet injection: enabled 2019/04/08 04:34:30 net device setup: enabled 04:36:41 executing program 0: syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/ptmx\x00', 0x0, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syzkaller login: [ 183.710246][ T7880] IPVS: ftp: loaded support on port[0] = 21 04:36:41 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000280)={0x1000000efffffff, 0xe00000000000000, &(0x7f0000000240)={&(0x7f0000000500)=ANY=[@ANYBLOB="020d000510000000000000d3000000f803000600252000000200046ac00200010000ff0001000000080012000200030000000000fa0000003000000002030000050000c6a8000000020000000008000092ab000000000001020014bb00200000ffffffde00000000030005000020000002000100df0000210008000002000000"], 0x80}}, 0x0) [ 183.810014][ T7880] chnl_net:caif_netlink_parms(): no params data found [ 183.865793][ T7880] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.886530][ T7880] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.917877][ T7880] device bridge_slave_0 entered promiscuous mode [ 183.927114][ T7880] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.934352][ T7880] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.945510][ T7880] device bridge_slave_1 entered promiscuous mode [ 183.974387][ T7883] IPVS: ftp: loaded support on port[0] = 21 [ 183.987090][ T7880] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 183.999350][ T7880] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 184.047612][ T7880] team0: Port device team_slave_0 added [ 184.064703][ T7880] team0: Port device team_slave_1 added 04:36:41 executing program 2: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @netrom, @netrom, @rose, @rose]}, 0x48) listen(r0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) pipe(0x0) ioctl$sock_SIOCBRADDBR(r1, 0x89a0, 0x0) connect$netrom(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000007d00)='IPVS\x00') ioctl$sock_SIOCBRDELBR(r1, 0x89a1, &(0x7f0000000b00)='bcsf0\x00\x00\x00\x00\x00\x00h\x11\x05\x00') syz_genetlink_get_family_id$team(0x0) accept(0xffffffffffffffff, 0x0, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) write$binfmt_aout(r0, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) [ 184.189264][ T7880] device hsr_slave_0 entered promiscuous mode [ 184.226974][ T7880] device hsr_slave_1 entered promiscuous mode 04:36:41 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x12, r0, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$bt_BT_VOICE(r1, 0x112, 0xb, &(0x7f0000000300), 0x2) [ 184.354313][ T7886] IPVS: ftp: loaded support on port[0] = 21 [ 184.365404][ T7883] chnl_net:caif_netlink_parms(): no params data found [ 184.401038][ T7880] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.408328][ T7880] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.416048][ T7880] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.423197][ T7880] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.561070][ T7888] IPVS: ftp: loaded support on port[0] = 21 [ 184.583063][ T7883] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.590575][ T7883] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.598953][ T7883] device bridge_slave_0 entered promiscuous mode 04:36:42 executing program 4: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) ioctl$PPPIOCSFLAGS(r0, 0x40047459, &(0x7f0000000000)=0x600210) r1 = memfd_create(&(0x7f0000000140)='^\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(r1, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) sendfile(r0, r1, 0x0, 0x102002700) [ 184.613060][ T7880] 8021q: adding VLAN 0 to HW filter on device bond0 [ 184.685777][ T7883] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.706529][ T7883] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.714418][ T7883] device bridge_slave_1 entered promiscuous mode [ 184.731557][ T7880] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.759324][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 184.783255][ T3484] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.793521][ T3484] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.802063][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 184.849854][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 184.861105][ T3484] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.868243][ T3484] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.878396][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 184.887042][ T3484] bridge0: port 2(bridge_slave_1) entered blocking state 04:36:42 executing program 5: r0 = memfd_create(&(0x7f0000000000)='proc.wlan0ppp0keyring\x00', 0x0) fallocate(r0, 0x3, 0x0, 0x2) [ 184.894117][ T3484] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.907047][ T7886] chnl_net:caif_netlink_parms(): no params data found [ 184.930808][ T7883] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 184.932791][ T7892] IPVS: ftp: loaded support on port[0] = 21 [ 184.944389][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 184.984381][ T7883] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 185.010782][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 185.034434][ T7883] team0: Port device team_slave_0 added [ 185.080691][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 185.089847][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 185.098554][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 185.112783][ T7883] team0: Port device team_slave_1 added [ 185.133890][ T7880] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 185.134965][ T7895] IPVS: ftp: loaded support on port[0] = 21 [ 185.148225][ T7880] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 185.164450][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 185.173151][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 185.182103][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 185.190470][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 185.199057][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 185.207374][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 185.215551][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 185.308737][ T7883] device hsr_slave_0 entered promiscuous mode [ 185.356846][ T7883] device hsr_slave_1 entered promiscuous mode [ 185.433216][ T7886] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.440700][ T7886] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.448711][ T7886] device bridge_slave_0 entered promiscuous mode [ 185.458602][ T7886] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.465666][ T7886] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.473558][ T7886] device bridge_slave_1 entered promiscuous mode [ 185.528057][ T7880] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 185.561190][ T7886] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 185.574345][ T7886] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 185.606230][ T7886] team0: Port device team_slave_0 added [ 185.630286][ T7888] chnl_net:caif_netlink_parms(): no params data found [ 185.647899][ T7886] team0: Port device team_slave_1 added [ 185.772128][ T7895] chnl_net:caif_netlink_parms(): no params data found [ 185.858732][ T7886] device hsr_slave_0 entered promiscuous mode [ 185.896966][ T7886] device hsr_slave_1 entered promiscuous mode [ 185.933715][ T7892] chnl_net:caif_netlink_parms(): no params data found [ 185.988994][ T7888] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.996071][ T7888] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.005342][ T7888] device bridge_slave_0 entered promiscuous mode [ 186.015096][ T7888] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.022725][ T7888] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.030599][ T7888] device bridge_slave_1 entered promiscuous mode [ 186.084714][ T7895] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.097762][ T7895] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.105383][ T7895] device bridge_slave_0 entered promiscuous mode [ 186.114222][ T7895] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.121372][ T7895] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.129344][ T7895] device bridge_slave_1 entered promiscuous mode [ 186.139397][ T7892] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.147933][ T7892] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.155575][ T7892] device bridge_slave_0 entered promiscuous mode [ 186.164355][ T7888] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 186.174327][ T7888] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 186.200579][ T7895] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 186.210101][ T7892] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.217347][ T7892] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.224924][ T7892] device bridge_slave_1 entered promiscuous mode [ 186.249210][ T7895] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 186.271701][ T7895] team0: Port device team_slave_0 added [ 186.292380][ T7888] team0: Port device team_slave_0 added [ 186.301144][ T7883] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.309874][ T7895] team0: Port device team_slave_1 added [ 186.324351][ T7892] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 186.334424][ T7888] team0: Port device team_slave_1 added [ 186.356887][ T7892] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 186.381764][ T7883] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.428194][ T7895] device hsr_slave_0 entered promiscuous mode [ 186.467456][ T7895] device hsr_slave_1 entered promiscuous mode 04:36:44 executing program 0: 04:36:44 executing program 0: [ 186.550146][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 186.563413][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 186.583653][ T7892] team0: Port device team_slave_0 added 04:36:44 executing program 0: 04:36:44 executing program 0: 04:36:44 executing program 0: [ 186.629622][ T7888] device hsr_slave_0 entered promiscuous mode [ 186.667034][ T7888] device hsr_slave_1 entered promiscuous mode 04:36:44 executing program 0: 04:36:44 executing program 0: [ 186.726889][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.748194][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.762877][ T2989] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.769980][ T2989] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.781934][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.797164][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 186.805518][ T2989] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.812647][ T2989] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.821102][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.830722][ T7892] team0: Port device team_slave_1 added [ 186.919637][ T7892] device hsr_slave_0 entered promiscuous mode [ 186.956958][ T7892] device hsr_slave_1 entered promiscuous mode [ 187.001135][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 187.024054][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 187.035024][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 187.043654][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 187.052222][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 187.060982][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 187.075931][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 187.128725][ T7888] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.142483][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 187.151150][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 187.159456][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 187.167906][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 187.183983][ T7886] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.194244][ T7883] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 187.221548][ T7888] 8021q: adding VLAN 0 to HW filter on device team0 [ 187.232016][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.240685][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.269770][ T7895] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.279833][ T7883] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 187.287854][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 187.296280][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 187.304913][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.312184][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.320464][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.328425][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.336568][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.366903][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 187.376284][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.396238][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.403360][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.414558][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 187.425001][ T7886] 8021q: adding VLAN 0 to HW filter on device team0 [ 187.443030][ T7896] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 187.454866][ T7896] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 187.464020][ T7896] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.471100][ T7896] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.481376][ T7896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 04:36:45 executing program 1: [ 187.490065][ T7896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 187.498981][ T7896] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.507661][ T7896] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.514726][ T7896] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.523401][ T7896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.532922][ T7896] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.553503][ T7892] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.577888][ T7895] 8021q: adding VLAN 0 to HW filter on device team0 [ 187.601453][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.614780][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 187.624014][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 187.635926][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 187.646298][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 187.655183][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 187.663771][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 187.672168][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 187.680724][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 187.688958][ T2989] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.695982][ T2989] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.703559][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 187.711994][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 187.720631][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 187.729060][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 187.737542][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 187.745902][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 187.754695][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 187.762546][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.770463][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 187.792698][ T7886] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 187.804430][ T7886] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 187.821178][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 187.830837][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 187.839479][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 187.848432][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.856862][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.863904][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.871684][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 187.880175][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 187.888974][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 187.897849][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 187.906027][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 187.914361][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 187.923632][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 187.941156][ T7888] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 187.953862][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 187.963158][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 187.971755][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 187.987642][ T7892] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.007409][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 188.019982][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 188.034133][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 188.043930][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 188.052713][ T2989] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.059816][ T2989] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.068621][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 188.077637][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 188.086172][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 188.102512][ T7886] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 188.119062][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 188.129082][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 188.138260][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 188.146961][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 188.155015][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 188.163789][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 188.172471][ T3484] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.179591][ T3484] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.187324][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 188.218328][ T7892] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 188.234543][ T7892] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 188.247129][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 188.255747][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 188.265093][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 188.274498][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 188.283022][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 188.291267][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 188.299795][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 188.308269][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 188.316489][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 188.324859][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 188.332763][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 188.345532][ T7888] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 188.367786][ T7895] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 188.409513][ T7892] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 188.479569][ T7895] 8021q: adding VLAN 0 to HW filter on device batadv0 04:36:46 executing program 2: 04:36:46 executing program 0: [ 188.630653][ C0] hrtimer: interrupt took 44432 ns 04:36:46 executing program 4: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) ioctl$PPPIOCSFLAGS(r0, 0x40047459, &(0x7f0000000000)=0x600210) r1 = memfd_create(&(0x7f0000000140)='^\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(r1, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) sendfile(r0, r1, 0x0, 0x102002700) 04:36:46 executing program 1: 04:36:46 executing program 5: 04:36:46 executing program 3: 04:36:46 executing program 0: 04:36:46 executing program 2: 04:36:46 executing program 5: 04:36:46 executing program 0: 04:36:46 executing program 3: 04:36:46 executing program 1: 04:36:46 executing program 2: 04:36:46 executing program 0: 04:36:47 executing program 4: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) ioctl$PPPIOCSFLAGS(r0, 0x40047459, &(0x7f0000000000)=0x600210) r1 = memfd_create(&(0x7f0000000140)='^\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(r1, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) sendfile(r0, r1, 0x0, 0x102002700) 04:36:47 executing program 2: 04:36:47 executing program 1: 04:36:47 executing program 5: 04:36:47 executing program 3: 04:36:47 executing program 0: 04:36:47 executing program 2: 04:36:47 executing program 3: 04:36:47 executing program 5: 04:36:47 executing program 0: 04:36:47 executing program 1: 04:36:47 executing program 5: 04:36:47 executing program 4: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) ioctl$PPPIOCSFLAGS(r0, 0x40047459, &(0x7f0000000000)=0x600210) r1 = memfd_create(&(0x7f0000000140)='^\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(r1, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) sendfile(r0, r1, 0x0, 0x102002700) 04:36:47 executing program 2: 04:36:47 executing program 3: 04:36:47 executing program 0: 04:36:47 executing program 1: 04:36:47 executing program 5: 04:36:47 executing program 1: 04:36:47 executing program 5: 04:36:47 executing program 3: 04:36:47 executing program 0: 04:36:47 executing program 2: 04:36:47 executing program 5: 04:36:48 executing program 4: 04:36:48 executing program 3: 04:36:48 executing program 2: 04:36:48 executing program 1: 04:36:48 executing program 0: 04:36:48 executing program 5: 04:36:48 executing program 1: syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/ptmx\x00', 0x0, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) ioctl$sock_SIOCDELDLCI(0xffffffffffffffff, 0x8981, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000340)) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 04:36:48 executing program 5: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x0, 0x0) close(r0) seccomp(0x1, 0xa, &(0x7f0000000100)={0x1, &(0x7f0000000080)=[{0x10200000006}]}) ppoll(&(0x7f0000000040)=[{r0}], 0x1, 0x0, 0x0, 0x0) 04:36:48 executing program 3: mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) userfaultfd(0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x80040, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x80005, 0xfffffffffffffffe) r2 = syz_open_dev$audion(&(0x7f00000003c0)='/dev/audio#\x00', 0xa, 0x200000) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r2, 0xc4c85513, &(0x7f0000000400)={{0x6, 0x7, 0x8, 0x43, 'syz0\x00', 0x7}, 0x1, [0x5f4e6335, 0x6, 0x7, 0x6, 0x8, 0x1, 0x100, 0x9, 0x9, 0x20, 0x1f, 0x7, 0x9, 0xe7e, 0x2, 0x2, 0x7, 0x9069, 0x46, 0x80000000, 0x100, 0x2, 0x1, 0x0, 0x4, 0x7, 0x8, 0x0, 0x100000000, 0x5, 0x5, 0x6, 0x89, 0x4, 0x929, 0x7dfd, 0x7ff, 0x401, 0xe9d, 0x3f, 0x7, 0x4, 0x3, 0x7fffffff, 0x8, 0x3, 0x4, 0x5, 0x6, 0x40, 0x3, 0xb54, 0x80, 0x2, 0xf, 0x1, 0x799, 0x0, 0x4, 0x5, 0xffffffffffff921c, 0x5, 0xe42, 0x8, 0xa29f, 0x5be, 0x8, 0x0, 0x1, 0xf86, 0x100000001, 0x3, 0x7, 0x77, 0x43, 0x10000000005, 0x4, 0x400, 0x7, 0x6, 0x1, 0x19ba, 0x0, 0x5, 0xfffffffffffffe00, 0x4, 0xd2, 0x6, 0xd47, 0x10000, 0x3e, 0x7, 0x8, 0x4, 0x101, 0xfff, 0x7, 0x1, 0x8, 0x5dec, 0xffffffffffffffff, 0x3, 0x5, 0x6, 0x80000001, 0x21b7, 0x81, 0x4, 0x7f, 0x0, 0x8, 0x2, 0x8, 0xff8f, 0xfffffffffffff001, 0x5, 0x8, 0x6, 0x0, 0x9, 0x6, 0xffffffff, 0x6, 0x5, 0xffffffff, 0x1000, 0x666, 0x25e], {0x77359400}}) write$USERIO_CMD_SET_PORT_TYPE(r2, &(0x7f0000000200), 0x2) mq_getsetattr(r2, &(0x7f00000002c0)={0x0, 0x12, 0x3ff, 0x5, 0x4000000062, 0x101, 0x2000001, 0x20}, &(0x7f0000000940)) fcntl$dupfd(r1, 0x0, r1) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0x9) sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000080), 0xc, 0x0}, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000900)={0x0, 0x0}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000340)={r3, 0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000180)='\x12\xd2nodevmime_typecgroup-,\xb5[}:cgroup\x00', 0xffffffffffffffff}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000a40)={r3, r0, 0x0, 0x5, &(0x7f0000000140)='IPVS\x00', r4}, 0x30) syz_open_dev$cec(&(0x7f0000000a00)='/dev/cec#\x00', 0x2, 0x2) ioprio_get$pid(0x3, r5) userfaultfd(0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, &(0x7f0000527ff8), 0x2, 0x0) setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, &(0x7f0000000100)=0x1, 0x4) setsockopt$inet_sctp_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f0000000000)={0x7, 0xd9}, 0x8) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) 04:36:48 executing program 2: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x0, 0x0) close(r0) seccomp(0x1, 0xa, &(0x7f0000000100)={0x1, &(0x7f0000000080)=[{0x10200000006}]}) ppoll(&(0x7f0000000040)=[{r0}], 0x1, 0x0, &(0x7f0000000140)={0x2}, 0x8) 04:36:48 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xa, 0xa, 0x100000000000913, 0x6}, 0x3c) bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x820000, 0x0}, 0x2c) bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) 04:36:48 executing program 4: openat$tun(0xffffffffffffff9c, 0x0, 0x7fff, 0x0) r0 = perf_event_open$cgroup(&(0x7f00000008c0)={0x0, 0x70, 0x1, 0x8, 0x1, 0xd, 0x0, 0x0, 0x6, 0x0, 0x3f8e, 0x2, 0x1f1b, 0x6, 0x70, 0x2, 0xfffffffffffffffe, 0x20, 0x3, 0x6, 0x0, 0xff, 0x8, 0x3f, 0x1, 0x81, 0x1, 0x7fff, 0xfffffffffffffff9, 0x6, 0x0, 0x6, 0x3, 0x4, 0x9, 0x8000, 0x1, 0xfffffffffffffff9, 0x0, 0x3, 0x0, @perf_config_ext={0x9, 0x5}, 0x20400, 0x800, 0xff, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x10, 0x5, 0x10) socketpair(0xe, 0x80005, 0x2, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={r3, r0, 0x0, 0xfffffffffffffdc6, &(0x7f0000000600)='lolo^eth1-ppp1\\vboxnet0\x00', 0x0}, 0x100cc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r3, 0xffffffffffffffff, 0x0, 0x12, &(0x7f0000000340)='systemlo:security\x00', r4}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x100, &(0x7f0000000700)='thr\x81ad:\xe1!(\xfb\xe2Q2\xad\xcf_\xf4q\x13s\xede\x93\xdc\xc6ed\x00\xa4\x87\xe6\xb9\x9aa \xc8\x8c\x9c\xb1\x01\x1aC\x03\x19I\xb2y\xba\x1d\xbfX\xc5\x1fa5\x8b\x0f[=\xcb\xa3\xdb\x03\x89\xf6m\xf3\xf8\x1b\xd6\x83\xef\xc9\xc1(%8{\xc1\xf9L\xder~6\x885\x95&,\x99\x1f=K\x8b\xa5A\xee(+A\x1a\xa5C\xb2\x93T`\xfe\x06\xa2C\x10\xa8m\xfc\xc7\x97U\xb0T\xd5t\xf4\xd8\xf5#\x1d\x84\xccO\x9f\x7fs\xf6\x88_\xaa\xadl\xd8k\xdf<\xed\xdc+l\x9a\xe1\x7f\x8c\xffHY\x1a\x18\xe3@\x85d`9\x8cK\xac\xaa\x12\xafj\x82\xbd\xb2\xb6jx\x9d0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r8, 0x8914, &(0x7f00000004c0)='lJ,M\xa4\x7f\x85\xc2\x91\xce\xea\n{B\x00'/27) r9 = gettid() r10 = perf_event_open(&(0x7f0000000680)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x4365, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x100000000000}, r9, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) socket$kcm(0x2, 0x5, 0x0) sendmsg$kcm(r10, &(0x7f0000000440)={&(0x7f00000001c0)=@x25={0x9, @null=' \x00'}, 0x80, &(0x7f0000000e40)=[{&(0x7f0000000d40)="e32291ff154f7a10b4e4b71d61d931f12f45384e55bd8288580361f54f0c5afff543f5570995cc11e78966623489a7187a7a39184ea686d8507fab24d9e9346f55991ce057cc774834e1e9910310d42bdde644e18df61f17c7f51df4b0ab21754107a007054d2d3385c880e716b9d107fd7ffc896f7f815789e2d8645c15b6d155d8f0045d212491af668c6fbaab6afac75e05582fba0ed69c0417320a3ab0416de5b9ecdfeaf01ba18a5209bb7df3744ab37a20dc97bed6580c3b3c75fefc8c6c9188e69a18e644dac2e8df1b6b5801676dfcc5e9df207d0eae63a3e0eeb414", 0xe0}], 0x1}, 0x4004000) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000400)={&(0x7f0000000300)='./file0\x00', 0x0, 0x10}, 0x10) r11 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000540)=r5, 0x4) setsockopt$sock_attach_bpf(r8, 0x84, 0x4, &(0x7f0000000940)=r11, 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f00000000c0)=0x5, 0x12) r12 = socket$kcm(0xa, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0xd, 0x7, &(0x7f0000000480)=ANY=[@ANYBLOB="e0fe00000010173cc4caf5358accf6349ac3e0000b11a1cea72e9198db367289a5da485792ab071fbfe7b38eb4b5d9e138a02b2b0f070000a1034f"], 0x0, 0x3, 0x0, 0x0, 0x41100, 0x1, [], 0x0, 0x8, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) setsockopt$sock_attach_bpf(r8, 0x1, 0x32, &(0x7f0000000880)=r11, 0xfffffffffffffebf) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000380)={r2}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x12, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x3c) socketpair(0x0, 0x805, 0x1, 0x0) r13 = gettid() perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x3, 0x39, 0x961, 0x8, 0x0, 0x695d, 0x8, 0x2, 0x3, 0x3f, 0x7ff, 0x0, 0x35f, 0x2, 0x5c1, 0x9, 0x5, 0x800, 0x504, 0x100, 0x80000000008, 0xffffffff, 0x80000001, 0x5, 0x8001, 0x20000000b6, 0x800000000000, 0x8, 0x3b2e, 0x188, 0x98a, 0x10001, 0x10001, 0xfff7fffffffffffd, 0xffffffffffffff80, 0xffffffffffffffff, 0x0, 0x87b, 0x5, @perf_bp={&(0x7f0000000240), 0x2}, 0x20, 0x0, 0x832, 0x0, 0x8, 0x3, 0x1}, r13, 0x6, 0xffffffffffffff9c, 0x1) socket$kcm(0x29, 0x7, 0x0) write$cgroup_int(r8, &(0x7f00000003c0)=0x9, 0x12) ioctl$sock_kcm_SIOCKCMCLONE(r12, 0x8936, &(0x7f0000000000)={r7}) [ 190.583442][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 190.583457][ T26] audit: type=1326 audit(1554698208.258:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8045 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45b11a code=0x0 04:36:48 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) add_key$user(&(0x7f0000004f80)='user\x00', &(0x7f0000004fc0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) [ 190.626159][ T26] audit: type=1326 audit(1554698208.298:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8043 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45b11a code=0x0 04:36:48 executing program 3: mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) userfaultfd(0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x80040, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x80005, 0xfffffffffffffffe) r2 = syz_open_dev$audion(&(0x7f00000003c0)='/dev/audio#\x00', 0xa, 0x200000) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r2, 0xc4c85513, &(0x7f0000000400)={{0x6, 0x7, 0x8, 0x43, 'syz0\x00', 0x7}, 0x1, [0x5f4e6335, 0x6, 0x7, 0x6, 0x8, 0x1, 0x100, 0x9, 0x9, 0x20, 0x1f, 0x7, 0x9, 0xe7e, 0x2, 0x2, 0x7, 0x9069, 0x46, 0x80000000, 0x100, 0x2, 0x1, 0x0, 0x4, 0x7, 0x8, 0x0, 0x100000000, 0x5, 0x5, 0x6, 0x89, 0x4, 0x929, 0x7dfd, 0x7ff, 0x401, 0xe9d, 0x3f, 0x7, 0x4, 0x3, 0x7fffffff, 0x8, 0x3, 0x4, 0x5, 0x6, 0x40, 0x3, 0xb54, 0x80, 0x2, 0xf, 0x1, 0x799, 0x0, 0x4, 0x5, 0xffffffffffff921c, 0x5, 0xe42, 0x8, 0xa29f, 0x5be, 0x8, 0x0, 0x1, 0xf86, 0x100000001, 0x3, 0x7, 0x77, 0x43, 0x10000000005, 0x4, 0x400, 0x7, 0x6, 0x1, 0x19ba, 0x0, 0x5, 0xfffffffffffffe00, 0x4, 0xd2, 0x6, 0xd47, 0x10000, 0x3e, 0x7, 0x8, 0x4, 0x101, 0xfff, 0x7, 0x1, 0x8, 0x5dec, 0xffffffffffffffff, 0x3, 0x5, 0x6, 0x80000001, 0x21b7, 0x81, 0x4, 0x7f, 0x0, 0x8, 0x2, 0x8, 0xff8f, 0xfffffffffffff001, 0x5, 0x8, 0x6, 0x0, 0x9, 0x6, 0xffffffff, 0x6, 0x5, 0xffffffff, 0x1000, 0x666, 0x25e], {0x77359400}}) write$USERIO_CMD_SET_PORT_TYPE(r2, &(0x7f0000000200), 0x2) mq_getsetattr(r2, &(0x7f00000002c0)={0x0, 0x12, 0x3ff, 0x5, 0x4000000062, 0x101, 0x2000001, 0x20}, &(0x7f0000000940)) fcntl$dupfd(r1, 0x0, r1) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0x9) sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000080), 0xc, 0x0}, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000900)={0x0, 0x0}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000340)={r3, 0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000180)='\x12\xd2nodevmime_typecgroup-,\xb5[}:cgroup\x00', 0xffffffffffffffff}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000a40)={r3, r0, 0x0, 0x5, &(0x7f0000000140)='IPVS\x00', r4}, 0x30) syz_open_dev$cec(&(0x7f0000000a00)='/dev/cec#\x00', 0x2, 0x2) ioprio_get$pid(0x3, r5) userfaultfd(0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, &(0x7f0000527ff8), 0x2, 0x0) setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, &(0x7f0000000100)=0x1, 0x4) setsockopt$inet_sctp_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f0000000000)={0x7, 0xd9}, 0x8) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) 04:36:48 executing program 0: mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) userfaultfd(0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x80040, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x80005, 0xfffffffffffffffe) r2 = syz_open_dev$audion(&(0x7f00000003c0)='/dev/audio#\x00', 0xa, 0x200000) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r2, 0xc4c85513, &(0x7f0000000400)={{0x6, 0x7, 0x8, 0x43, 'syz0\x00', 0x7}, 0x1, [0x5f4e6335, 0x6, 0x7, 0x6, 0x8, 0x1, 0x100, 0x9, 0x9, 0x20, 0x1f, 0x7, 0x9, 0xe7e, 0x2, 0x2, 0x7, 0x9069, 0x46, 0x80000000, 0x100, 0x2, 0x1, 0x0, 0x4, 0x7, 0x8, 0x0, 0x100000000, 0x5, 0x5, 0x6, 0x89, 0x4, 0x929, 0x7dfd, 0x7ff, 0x401, 0xe9d, 0x3f, 0x7, 0x4, 0x3, 0x7fffffff, 0x8, 0x3, 0x4, 0x5, 0x6, 0x40, 0x3, 0xb54, 0x80, 0x2, 0xf, 0x1, 0x799, 0x0, 0x4, 0x5, 0xffffffffffff921c, 0x5, 0xe42, 0x8, 0xa29f, 0x5be, 0x8, 0x0, 0x1, 0xf86, 0x100000001, 0x3, 0x7, 0x77, 0x43, 0x10000000005, 0x4, 0x400, 0x7, 0x6, 0x1, 0x19ba, 0x0, 0x5, 0xfffffffffffffe00, 0x4, 0xd2, 0x6, 0xd47, 0x10000, 0x3e, 0x7, 0x8, 0x4, 0x101, 0xfff, 0x7, 0x1, 0x8, 0x5dec, 0xffffffffffffffff, 0x3, 0x5, 0x6, 0x80000001, 0x21b7, 0x81, 0x4, 0x7f, 0x0, 0x8, 0x2, 0x8, 0xff8f, 0xfffffffffffff001, 0x5, 0x8, 0x6, 0x0, 0x9, 0x6, 0xffffffff, 0x6, 0x5, 0xffffffff, 0x1000, 0x666, 0x25e], {0x77359400}}) write$USERIO_CMD_SET_PORT_TYPE(r2, &(0x7f0000000200), 0x2) mq_getsetattr(r2, &(0x7f00000002c0)={0x0, 0x12, 0x3ff, 0x5, 0x4000000062, 0x101, 0x2000001, 0x20}, &(0x7f0000000940)) fcntl$dupfd(r1, 0x0, r1) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0x9) sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000080), 0xc, 0x0}, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000900)={0x0, 0x0}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000340)={r3, 0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000180)='\x12\xd2nodevmime_typecgroup-,\xb5[}:cgroup\x00', 0xffffffffffffffff}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000a40)={r3, r0, 0x0, 0x5, &(0x7f0000000140)='IPVS\x00', r4}, 0x30) syz_open_dev$cec(&(0x7f0000000a00)='/dev/cec#\x00', 0x2, 0x2) ioprio_get$pid(0x3, r5) userfaultfd(0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, &(0x7f0000527ff8), 0x2, 0x0) setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, &(0x7f0000000100)=0x1, 0x4) setsockopt$inet_sctp_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f0000000000)={0x7, 0xd9}, 0x8) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) 04:36:48 executing program 4: mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) userfaultfd(0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x80040, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x80005, 0xfffffffffffffffe) r2 = syz_open_dev$audion(&(0x7f00000003c0)='/dev/audio#\x00', 0xa, 0x200000) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r2, 0xc4c85513, &(0x7f0000000400)={{0x6, 0x7, 0x8, 0x43, 'syz0\x00', 0x7}, 0x1, [0x5f4e6335, 0x6, 0x7, 0x6, 0x8, 0x1, 0x100, 0x9, 0x9, 0x20, 0x1f, 0x7, 0x9, 0xe7e, 0x2, 0x2, 0x7, 0x9069, 0x46, 0x80000000, 0x100, 0x2, 0x1, 0x0, 0x4, 0x7, 0x8, 0x0, 0x100000000, 0x5, 0x5, 0x6, 0x89, 0x4, 0x929, 0x7dfd, 0x7ff, 0x401, 0xe9d, 0x3f, 0x7, 0x4, 0x3, 0x7fffffff, 0x8, 0x3, 0x4, 0x5, 0x6, 0x40, 0x3, 0xb54, 0x80, 0x2, 0xf, 0x1, 0x799, 0x0, 0x4, 0x5, 0xffffffffffff921c, 0x5, 0xe42, 0x8, 0xa29f, 0x5be, 0x8, 0x0, 0x1, 0xf86, 0x100000001, 0x3, 0x7, 0x77, 0x43, 0x10000000005, 0x4, 0x400, 0x7, 0x6, 0x1, 0x19ba, 0x0, 0x5, 0xfffffffffffffe00, 0x4, 0xd2, 0x6, 0xd47, 0x10000, 0x3e, 0x7, 0x8, 0x4, 0x101, 0xfff, 0x7, 0x1, 0x8, 0x5dec, 0xffffffffffffffff, 0x3, 0x5, 0x6, 0x80000001, 0x21b7, 0x81, 0x4, 0x7f, 0x0, 0x8, 0x2, 0x8, 0xff8f, 0xfffffffffffff001, 0x5, 0x8, 0x6, 0x0, 0x9, 0x6, 0xffffffff, 0x6, 0x5, 0xffffffff, 0x1000, 0x666, 0x25e], {0x77359400}}) write$USERIO_CMD_SET_PORT_TYPE(r2, &(0x7f0000000200), 0x2) mq_getsetattr(r2, &(0x7f00000002c0)={0x0, 0x12, 0x3ff, 0x5, 0x4000000062, 0x101, 0x2000001, 0x20}, &(0x7f0000000940)) fcntl$dupfd(r1, 0x0, r1) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0x9) sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000080), 0xc, 0x0}, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000900)={0x0, 0x0}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000340)={r3, 0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000180)='\x12\xd2nodevmime_typecgroup-,\xb5[}:cgroup\x00', 0xffffffffffffffff}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000a40)={r3, r0, 0x0, 0x5, &(0x7f0000000140)='IPVS\x00', r4}, 0x30) syz_open_dev$cec(&(0x7f0000000a00)='/dev/cec#\x00', 0x2, 0x2) ioprio_get$pid(0x3, r5) userfaultfd(0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, &(0x7f0000527ff8), 0x2, 0x0) setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, &(0x7f0000000100)=0x1, 0x4) setsockopt$inet_sctp_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f0000000000)={0x7, 0xd9}, 0x8) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) 04:36:48 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x2c) unshare(0x400) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000001c0)={r0, 0x0, 0x0}, 0x18) 04:36:48 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x2, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f00000001c0)=""/114) [ 191.319410][ T26] audit: type=1326 audit(1554698208.998:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8043 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45b11a code=0x0 04:36:49 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000000)={0xd0003}) 04:36:49 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, 0x0}], 0x1, 0x12, 0x0, 0x0) ioctl$TIOCMSET(0xffffffffffffffff, 0x5418, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:36:49 executing program 3: r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) dup2(r1, r0) 04:36:49 executing program 0: pipe(&(0x7f0000000840)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = open(&(0x7f0000000080)='./file0\x00', 0x200, 0xfffffffffffffffc) preadv(0xffffffffffffffff, &(0x7f00000004c0)=[{&(0x7f0000001640)=""/247, 0xffffffcc}], 0x1, 0x0) r2 = open(&(0x7f0000000040)='./file0\x00', 0x611, 0x0) fcntl$setstatus(r2, 0x4, 0x80) pwritev(r2, &(0x7f00000003c0), 0x1000000000000201, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10, r1, 0x0) write(r0, &(0x7f0000000180)="de", 0x1) write(r0, &(0x7f0000000340), 0x10000014c) 04:36:49 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000002640)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7d9288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x2000001000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") recvmmsg(r1, &(0x7f0000008cc0)=[{{0x0, 0xfffffffffffffe06, &(0x7f0000003a40)=[{&(0x7f00000002c0)=""/4096, 0x1000}], 0x1, 0x0, 0x5c}}], 0x1, 0x0, 0x0) 04:36:49 executing program 2: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101802, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000080)=""/246) ioctl$EVIOCGREP(0xffffffffffffffff, 0x40047459, 0x0) write$ppp(r0, &(0x7f0000000340)="2fa7e1d90879d92c0a266afa961872b02aff01a99c589d0e3189123455163c4e1adb050704809f3fdf4ea60e234105d5fb37b5c29826b69fca23f20cc4c65e7baf6b125addbb77704d5f0493857a1e83bdd152e231ddcdcf347fc7cb5c6434c631723756716897c667b53b6bbf437f0c83da5cd4e9d6bdec20fff02f6239016a94491b201cee81a7bfbb53757f159ff4000000e55e709dbd7b11aaf7a7a7a64456ba7183c2b1d9da5eec2bea862640fac00c5eb4193f45ff02134933cff665e7374582baf844917215caa51fbf7aa69a6456601e06eaa6181331a95c89cf8134dbf79370d0cc707580dddd890d358189c4b0944a", 0xf4) [ 191.357792][ T26] audit: type=1326 audit(1554698209.028:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8045 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45b11a code=0x0 04:36:49 executing program 3: mount(0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)='posix_acl_accesswlan0keyring/nodev#*md5sumcgroup\x00') r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101802, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000080)=""/246) write$ppp(r0, &(0x7f0000000300)="86", 0x1) [ 191.468112][ T8109] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 04:36:49 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, 0x0}], 0x1, 0x12, 0x0, 0x0) add_key$user(0x0, 0x0, &(0x7f00000004c0)="08ffae484df95ce2c8984e20df172af3d128444d65922e8389ab5f68abe38211c0c43c0cde9a870ac20fd98b85c973267ac2f1a30534a3b7ce809d45f34bec9b9b115f859de4f74da4f6abe765060e878d806ce6e839fdefbd0aeeae033ee745b6b5b22b7727c3ce51512f8980c1158a3f4cbd0db18bf52da4be7ff54825bd2bbbd97d128bcd08b6c8304ea94e3c2593946f6d0233484a6d40ddf82efde8e1e0fa1cfdde6ef23e86d08a4be149f333104c3ec696cfa2ff0d8c48bfef65a603624f31360ba28bbb39cefa3678ef608e33197ee48e832ef69e009adfd38d4251a61eb5a27ed160a9f3409eb1b412e112013dce14a3cb359be90cfc4252a5d6d94aa7e27536096d07b75b0a21e1e034aeca4d02ff8db7fbfb56754d3f88060932a4c0c19e4b4c566eb6678696b2a33118b73622b90715f720cb3439892947750ea73eef8a26ab61bdbe4ac05bbd6473a80ccb54e6a49f7e62d0a34e2dbd44be2f3684f2f2f6e0398d11f26533a977e7053b919719968a98fcde40d3413b144987f03d76adc41f931d2f2f7073a53a0b55277fcdc47751d5aafada6898da0f01270956ed2c391f372b9f1dc7ebfab35a1bcf054c020c7a24044cf63bf3a5eaf7788aea435e89905c609e15168ba6346497a1676d077099027a900d08c0e6a8b4f3fd29a776e2c59fc276919a387565feeaa77df1a4558b03b9a391de3a55ada093a14e8ee85e29e4e45f0873c3f300197f0071a32d0da473d41b32519e960910b2b85adcb1c720759fcb6aea7ebcce26e641f55f7f283c7db840b6e5a276ca071c82a75c1b1b70659c22a344611ea54fb38f13fcddb5bb33cb25a733c5f3cc50a2b10c799c339efc602b69f26f0cd56eb2015ec93f57890fbd16bc52cddf8df9f8c500cda3f73112a3beee1a5fc604877001b32e19b2f8c24aecafcdb666f127a6f138de53615c49224ff0864ffee11d88b48ac3d415731c26e9a90c76ef389ba0d185b87779343df3559d26c573670081b8d6a7510f14868a045d940cd3cbf18f537ae580923ea1b943c15bb10f23cd47876d97a9aa2b100c035489c9355d46dfe4c47ad01247ca8a892ddcc08448e1b0dfe01524b80029f170a8c8622999047ccf32a8afd0985faca21668ca8df69843cc373f6b35f616139f6549be0bfe1fcd05f697dd5088e571f8df6899b458dc095a50bcffe7500c4ea81fe69606f57e9a5b728832e723c3eb272fc814a5277a1aefb30c06542f9952d678a87a7516071272c3fd148baef8c5249d53047110a5b12ee7b9d4b9ef51ddd7f87843a63b132faef13e55c414b68195ac0a8b1bda9a3471451e82f3e0be19c69e1e4393bd11530da67cbab54f002e184eddb5edd63ed731699e4f0212301c3329de61d9bdeef1be2e846c70a332b5ba75d03a46de21180e213f5dd168e99b93ab5936c0104ad69d759ad0c9e156b029ca40837d907815e531c6874b364c1681c52181ab7bc16c9a233e9eb41560c80787336e968d31a6e43d3a1948d313f0b9abd64e7242ea956d73ae2131d4b88da53a9ebf2309e9c74af79aec6954428902d719bd4754eb7e57e8391a29cb356c571ce2d99720757f0cfe9f95d65af7df1d79ce5f1eb5da3375cc64d427c9ce64bdc1f665499cfc4808d14225510966387c093fc9cf782d28588b02d5451e8c73801c5a97e9f6efa342aacff311f8e0db28c871fd576b7c4b40eae25221ef41ea82b80e2a18026f12b2d7e6d443c40c17ea6a1cbd43e7cf03d8fe0d968014b5ef0b4d89a566612defa4ed47376433ee1e64872b372b6d851251ed74a0b91a8a388c1afa5818de99fe60614aaf43e607405936412fbc19304a9a9da840bb8829a2b4a78a95e9abfc794342754eb33aa065259c93063a871d8520c9bdcd57e98c56b1155ce5713f897203041c584c41e1bce22f04d41c6ae8ce8bc4c8ac3433deccb6de989e062904cb5f6c0cf21b53bda514207f0c729b9c45b1b4ae6f2e36079af585435c55b6f9a66bb4379aca3edd6dca07800163696a023fa0af92ae377a5f18e4a3f321ab828779148be925526d359367b2608d67914a15cbdcb616d5e4070bf1dd1625d2866cfe4df13781ba4218622b3384402015e2d5b0eb72833b8a31b43e6f8dcee998fdea92d3c686d1f18de8839130e07991dce1e2430c4b1bb483ca6f124612c5a1f65870706781773450d7aa5d8e152932a7a5dd1b00ff4314208e37ec2e06faf062b439ecaa52eca55dcc92096452d79cbba7c7aee6f2e5f05bdaf5d6dae55ca02ba65f268f35408420010b4c1df6bc1627e89dd5e63aa3f10b8723b281659580cdff524c13e3814a5f91d8604319c7959fef9d0bc1087b1bc42d478e1599a4418182eccdf6434126c145ccd4b59e404c661919d5686f83cb82a868c6a30b4d31b4f9d98d18e6f0c07d3631a2eb480d2ad96fb22fb5b45abec5517640498002e79d49b461b3110eb50180da50fbccff05fb38632118004f1fffd958907d213d691eb418d53c7be974063bf4073e06fb11f189ed6718e5124572a9421b7a26d01cd386b0d654052cf7dc4c3c6d6ab28f11e2e13bc29157c362b609e5d57691853ce57e8bb25ec40c5bff8aabf52f16d5fdc960c1cf6dbe08dcb0aa55386fc580c741a8eefe1319e00355e2062d02476a6ef2181b00dfaabf79113bfc6364fc90ba7788324d18cc41e34b41c8526f9a95e01a6ba792079c0d23fe071c6d4aee1640d8e164ecbefca9e14060c04ec99db629624a3fb925dfd098d7d7a2b246f528b24f6b367222aa503faeb1ad3de30ef41bbc79c186c14cc5bd775ccecfa8144cd889467ca54a087200d2e5d082b2e41d479952f7248fe918a8ab87c337a6b1c5a571af70fdeb56ddbde906595af4e78b40a8be64aa8474f6488ceadee829ea88828a0614d78c6a5347d9da5ca3a8e2b81b319f6366ec2ae93303cd2953933d38fb0f2fd272444c99dbc4e13d691697a767119569fd359a4f3d0f3df938c318aed3e85b3388553eb095c4343c8619e9565ca923ecfb4a2fcd64cec4f54d3fc7e960c76288838257de1050bc998b798e2e375f54a3324c5ce06172832df6586a8bf894545852e4f4416aef911180c0218bd2e7a0904adea3ec04bb36379a34253ee2d0c271ceee6564f099e323bfa9020b4f9bec401cacc59b5bc6d1642ea2798ec21b0ec5d56a4396254e4fbd11e970aaecc827513daec624362d1a74e61c57269eca851fee67d110daee775b79d6e6fe2cbf8a85d96c6f22606652cdfd6541183f39824b7d917534747fbe8cc930371462f23d35ca8ce72818994f1aa524abc95565e6001677fbdfeab3de1e2420924333347350eb72936b99b41d71bb8b5400c51c296ba6791e0f55780445383fbe2aa05cd5c24c6d6884233f074fb7ade9062ae359fa41007626aab00a3260ffced8cc4203251ada45b9941a36920f1cfeca14b5eb0602f758b7e0ec1d785c0c2d6855585623c610edd0f21545c9814540e9cc7ad69fa363bfa741e7c26439e29e9330fbebc35078aedf762c964788bc39bd82d7cd3959e8eea9e79c8e24d3c93859a92dc3a1cd717766942d6abd0700ffb083cd2c14103957a76497ee693d84d28189e90a3e44cd3769e8b2902aa16efe994d97f5fda783bcaed111138fb00b595dd4b9fb090dc95632acd04d8d35dd7d109ea86ee37fd2fee8fbfe6ad1cd8a42f362a75c0b900090a48a717715c4d6e538b4e3a4703c425051559f0e7865a21694a88380d4ef1b70679b3f56ec6f22c741b4a671ad4fb7c0af5dfd9baaf899650538c946bfe76beaaa2a78d95ec69d37cae8fb1575696674207e7558a0a9a6c366dca91fe93c9d4695c71de6563b75bb0050b08cde7904c183952651cbe26a9c9d92f067d2ead231237506dc0fa301ccff5b93846e45a857bf2f32c521c016eb701dd77a0086b5c9501c6ac9857d3e5530eefd861586c2b2e156253eea7d298bd198235d76f2b4265b639bce899d63c2b5514b5ad82daa322803cbd550d3a4794d343ad811aa6d1e1874a375423129991b78e37fd07350607c80fb8e5f77a58869d8c6faab9145f63415167350ed24b1e1bde7c74a7362106b9202cdf0ecabd412f73f687dddac65b0b7a86c0bdda6ba56ce2acffd66644fe4e65acc201da6362934f1db3b3936e0d949ac1741cfa362ba6a1eca5d37e24bd55e0896fe7e59e16bfe5b4c00e8fdd20dd59ce7132bfda788820514c6625aac9b0ecc631e95fa9f5c5d2672d94be189e5c29d760978cc71c780eceaa8d260f9dcd380393d0e72d998425eb89f498b61ebda66c5d43dbee1ff2608dd7df7de6da93c39e22692aba6aa88", 0xbfe, 0xffffffffffffffff) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:36:49 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, 0x0}], 0x1, 0x12, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) fsetxattr$security_ima(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="3be38e"], 0x1, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:36:49 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0xfffffffffffffffd, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x38, 0x0, 0x0) nanosleep(&(0x7f0000000140)={0x0, 0x1c9c380}, 0x0) ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0x79) r1 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BLKFLSBUF(r1, 0x1261, 0x0) setsockopt$bt_hci_HCI_DATA_DIR(0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f00000002c0)='net/ip_tables_targets\x00') r2 = openat$vcs(0xffffffffffffff9c, 0x0, 0x200000, 0x0) sendto$inet(r2, 0x0, 0xfe5d, 0x84, 0x0, 0x0) r3 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x80000003, 0x8000000004) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000080)={[], 0x0, 0x400, 0x2779}) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, 0x0) socket$inet6(0xa, 0x1, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x1, 0x160) getsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f0000000180)={0x0, @dev}, &(0x7f00000001c0)=0xc) unshare(0x400) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r5 = syz_open_pts(r0, 0x0) read(r5, &(0x7f0000000280)=""/1, 0xfffffece) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x0, 0x0) close(0xffffffffffffffff) 04:36:49 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) 04:36:49 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000080)=""/246) ioctl$PPPIOCSMRU1(r0, 0x40047452, &(0x7f0000000040)) 04:36:49 executing program 5: r0 = syz_open_dev$sndtimer(&(0x7f0000000180)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000040)={{0x1}}) r1 = dup(r0) ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000000)={{0x0, 0x3}}) 04:36:49 executing program 1: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003500)=[{{0x0, 0x0, &(0x7f0000002580)=[{&(0x7f00000012c0)=""/115, 0x73}], 0x1}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/raw6\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) 04:36:49 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x13, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:36:49 executing program 0: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x140, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) semctl$IPC_RMID(0x0, 0x0, 0x10) 04:36:49 executing program 4: pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x1e4) shmget(0xffffffffffffffff, 0x2000, 0x0, &(0x7f0000ffd000/0x2000)=nil) shmctl$SHM_INFO(0x0, 0xe, 0x0) close(r0) fcntl$addseals(0xffffffffffffffff, 0x409, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) lstat(0x0, 0x0) write$P9_RLOPEN(r1, 0x0, 0x0) 04:36:49 executing program 5: accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, 0x0, 0x0) arch_prctl$ARCH_GET_GS(0x1004, 0x0) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) r0 = inotify_init1(0x0) ioctl$PERF_EVENT_IOC_ID(0xffffffffffffffff, 0x80082407, 0x0) ioctl$sock_SIOCSIFBR(0xffffffffffffffff, 0x8941, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000001a40)) 04:36:49 executing program 2: bind$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x0, @multicast1}, 0x125) getpid() sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x0, @loopback}, 0x10) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pread64(r0, &(0x7f0000002640)=""/207, 0xfffffede, 0x0) ioctl$TIOCCONS(0xffffffffffffffff, 0x541d) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0) ftruncate(r1, 0x208200) epoll_create1(0x0) r2 = open(&(0x7f0000000780)='./bus\x00', 0x14102e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r2, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_pts(0xffffffffffffffff, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000001d40)={0x0, 0x0, 0x0}, 0x0) 04:36:49 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0xfffffffffffffffd, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x38, 0x0, 0x0) ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0x79) r1 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BLKFLSBUF(r1, 0x1261, 0x0) setsockopt$bt_hci_HCI_DATA_DIR(0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vcs\x00', 0x200000, 0x0) sendto$inet(r3, 0x0, 0xfe5d, 0x84, 0x0, 0x0) ioctl$DRM_IOCTL_ADD_BUFS(0xffffffffffffffff, 0xc0206416, 0x0) r4 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x80000003, 0x8000000004) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) ioctl$BLKTRACETEARDOWN(r4, 0x1276, 0x0) ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f0000000080)={[], 0x0, 0x400, 0x2779}) perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x8, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, 0x0) socket$inet6(0xa, 0x1, 0x0) ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x1, 0x160) getsockopt$inet_pktinfo(r5, 0x0, 0x8, &(0x7f0000000180)={0x0, @dev}, &(0x7f00000001c0)=0xc) unshare(0x400) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r6 = syz_open_pts(r0, 0x0) read(r6, &(0x7f0000000280)=""/1, 0xfffffece) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x0, 0x0) close(r6) fsetxattr$security_selinux(r2, &(0x7f0000000100)='security.selinux\x00', 0x0, 0x0, 0x3) 04:36:49 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000002000), 0x1000) lstat(&(0x7f00000006c0)='./file0/file0\x00', 0x0) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/71, 0x47}], 0x1) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) 04:36:50 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x800) setsockopt$inet_sctp6_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000000200)=0x7, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) semctl$GETVAL(0x0, 0x4, 0xc, &(0x7f00000000c0)=""/98) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) r2 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r2, 0x114, 0xa, &(0x7f0000000000)={0x1, "8e"}, 0x2) 04:36:50 executing program 0: r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1, 0x0) readv(r0, &(0x7f0000000480)=[{&(0x7f0000000200)=""/218, 0xda}], 0x1) ioctl$int_in(r0, 0x800000c0045002, &(0x7f0000000080)) 04:36:50 executing program 4: mmap(&(0x7f0000000000/0xc1f000)=nil, 0xc1f000, 0x2, 0x71, 0xffffffffffffffff, 0x0) waitid(0x0, 0x0, &(0x7f0000003ff8), 0x0, 0x0) 04:36:50 executing program 4: mmap(&(0x7f0000000000/0xc1f000)=nil, 0xc1f000, 0x2, 0x71, 0xffffffffffffffff, 0x0) waitid(0x0, 0x0, &(0x7f0000003ff8), 0x0, 0x0) 04:36:50 executing program 4: mmap(&(0x7f0000000000/0xc1f000)=nil, 0xc1f000, 0x2, 0x71, 0xffffffffffffffff, 0x0) waitid(0x0, 0x0, &(0x7f0000003ff8), 0x0, 0x0) 04:36:50 executing program 4: mmap(&(0x7f0000000000/0xc1f000)=nil, 0xc1f000, 0x2, 0x71, 0xffffffffffffffff, 0x0) waitid(0x0, 0x0, &(0x7f0000003ff8), 0x0, 0x0) 04:36:50 executing program 4: waitid(0x0, 0x0, &(0x7f0000003ff8), 0x0, 0x0) 04:36:50 executing program 2: syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) write(r1, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000340)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 04:36:50 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000006c0)=0x200, 0x20) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @loopback}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x4) recvmsg(r0, &(0x7f00000005c0)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f0000000740)=[{&(0x7f0000003ac0)=""/4096, 0xd400}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 04:36:50 executing program 4: waitid(0x0, 0x0, &(0x7f0000003ff8), 0x0, 0x0) 04:36:50 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x0, 0x0}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) 04:36:51 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x800) setsockopt$inet_sctp6_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000000200)=0x7, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) semctl$GETVAL(0x0, 0x4, 0xc, &(0x7f00000000c0)=""/98) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) r2 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) 04:36:51 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x800) setsockopt$inet_sctp6_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000000200)=0x7, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) semctl$GETVAL(0x0, 0x4, 0xc, &(0x7f00000000c0)=""/98) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) r2 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r2, 0x114, 0xa, &(0x7f0000000000)={0x1, "8e"}, 0x2) 04:36:51 executing program 4: waitid(0x0, 0x0, &(0x7f0000003ff8), 0x0, 0x0) 04:36:51 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1, 0x0) ioctl$int_in(r0, 0x800000800c5011, &(0x7f0000000080)) 04:36:51 executing program 4: mmap(&(0x7f0000000000/0xc1f000)=nil, 0xc1f000, 0x0, 0x71, 0xffffffffffffffff, 0x0) waitid(0x0, 0x0, &(0x7f0000003ff8), 0x0, 0x0) 04:36:51 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x800) setsockopt$inet_sctp6_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000000200)=0x7, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) semget$private(0x0, 0x0, 0xc2397a187ce34cc2) semctl$GETVAL(0x0, 0x4, 0xc, &(0x7f00000000c0)=""/98) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) r2 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) 04:36:51 executing program 4: mmap(&(0x7f0000000000/0xc1f000)=nil, 0xc1f000, 0x0, 0x71, 0xffffffffffffffff, 0x0) waitid(0x0, 0x0, &(0x7f0000003ff8), 0x0, 0x0) 04:36:51 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000280)='./file0\x00') r0 = open(&(0x7f0000000040)='./file0\x00', 0x200c2, 0x0) sendfile(r0, r0, 0x0, 0xa198) 04:36:52 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070") r1 = syz_open_dev$adsp(&(0x7f0000000280)='/dev/adsp#\x00', 0x6, 0x80) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, &(0x7f00000002c0)="0306848148269bf63ba74bb9880bdad9", 0x10) syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) r2 = socket$inet6(0xa, 0x80002, 0x100000000000088) bind$inet6(r2, &(0x7f0000d85fe4)={0xa, 0x4e23}, 0x1c) r3 = socket$inet6(0xa, 0x802, 0x88) setsockopt$inet6_udp_int(r3, 0x11, 0x100000000a, &(0x7f00000001c0)=0x800000000000003, 0x4) r4 = syz_open_dev$usb(&(0x7f0000000240)='/dev/bus/usb/00#/00#\x00', 0x6, 0x80000) recvfrom$rxrpc(r4, &(0x7f00000005c0)=""/254, 0xfed4, 0x2000, &(0x7f0000000380)=@in6={0x21, 0x4, 0x2, 0x0, {0xa, 0x4e23, 0xb596, @dev={0xfe, 0x80, [], 0x23}, 0x10000}}, 0xffffffffffffffb6) sendto$inet6(r3, 0x0, 0x0, 0x8800, &(0x7f0000000480)={0xa, 0x4e23}, 0x1c) sendto$inet6(r3, &(0x7f0000000d40)="dd", 0x1, 0x0, 0x0, 0x0) read(r2, &(0x7f0000000400)=""/105, 0x69) clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) ppoll(&(0x7f0000000040)=[{r0}], 0x1, &(0x7f0000000140)={r5, r6+30000000}, &(0x7f0000000180)={0x33}, 0x8) ioctl$sock_SIOCSIFBR(r0, 0x8941, &(0x7f0000000200)=@add_del={0x2, &(0x7f0000000000)='rose0\x00'}) 04:36:52 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x800) setsockopt$inet_sctp6_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000000200)=0x7, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) semctl$GETVAL(0x0, 0x4, 0xc, &(0x7f00000000c0)=""/98) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) r2 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) 04:36:52 executing program 4: mmap(&(0x7f0000000000/0xc1f000)=nil, 0xc1f000, 0x0, 0x71, 0xffffffffffffffff, 0x0) waitid(0x0, 0x0, &(0x7f0000003ff8), 0x0, 0x0) [ 194.451585][ T8275] overlayfs: './file0' not a directory [ 194.489546][ T8277] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/8277 [ 194.499454][ T8277] caller is ip6_finish_output+0x335/0xdc0 [ 194.505201][ T8277] CPU: 1 PID: 8277 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 194.514217][ T8277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.526896][ T8277] Call Trace: [ 194.532950][ T8277] dump_stack+0x172/0x1f0 [ 194.540324][ T8277] __this_cpu_preempt_check+0x246/0x270 [ 194.547819][ T8277] ip6_finish_output+0x335/0xdc0 [ 194.552949][ T8277] ip6_output+0x235/0x7f0 [ 194.557290][ T8277] ? ip6_finish_output+0xdc0/0xdc0 [ 194.562578][ T8277] ? __skb_checksum+0x576/0x880 [ 194.567443][ T8277] ? ip6_fragment+0x3980/0x3980 [ 194.572308][ T8277] ip6_local_out+0xc4/0x1b0 [ 194.576817][ T8277] ip6_send_skb+0xbb/0x350 [ 194.581239][ T8277] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 194.586723][ T8277] udp_v6_push_pending_frames+0x295/0x3b0 [ 194.592453][ T8277] ? udp_v6_send_skb.isra.0+0x14f0/0x14f0 [ 194.598180][ T8277] ? udpv6_setsockopt+0xb0/0xb0 [ 194.603063][ T8277] udpv6_sendmsg+0x1b18/0x28d0 [ 194.607834][ T8277] ? udpv6_setsockopt+0xb0/0xb0 [ 194.612695][ T8277] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 194.618689][ T8277] ? aa_profile_af_perm+0x320/0x320 [ 194.623981][ T8277] ? __fget+0x35a/0x550 [ 194.628145][ T8277] ? find_held_lock+0x35/0x130 [ 194.632911][ T8277] ? __fget+0x35a/0x550 [ 194.637074][ T8277] ? lock_downgrade+0x880/0x880 [ 194.641928][ T8277] ? ___might_sleep+0x163/0x280 [ 194.646782][ T8277] ? __might_sleep+0x95/0x190 [ 194.651461][ T8277] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 194.657103][ T8277] ? aa_sk_perm+0x288/0x880 [ 194.661641][ T8277] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 194.667191][ T8277] inet_sendmsg+0x147/0x5e0 [ 194.671691][ T8277] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 194.677668][ T8277] ? inet_sendmsg+0x147/0x5e0 [ 194.682348][ T8277] ? ipip_gro_receive+0x100/0x100 [ 194.687375][ T8277] sock_sendmsg+0xdd/0x130 [ 194.691793][ T8277] __sys_sendto+0x262/0x380 [ 194.696298][ T8277] ? __ia32_sys_getpeername+0xb0/0xb0 [ 194.701683][ T8277] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.707923][ T8277] ? put_timespec64+0xda/0x140 [ 194.712686][ T8277] ? nsecs_to_jiffies+0x30/0x30 [ 194.717545][ T8277] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.723003][ T8277] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.728461][ T8277] ? do_syscall_64+0x26/0x610 [ 194.733156][ T8277] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.739230][ T8277] __x64_sys_sendto+0xe1/0x1a0 [ 194.744000][ T8277] do_syscall_64+0x103/0x610 [ 194.748595][ T8277] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.754496][ T8277] RIP: 0033:0x4582b9 [ 194.758391][ T8277] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 194.778009][ T8277] RSP: 002b:00007f9a3981fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 194.786424][ T8277] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 194.794392][ T8277] RDX: 0000000000000001 RSI: 0000000020000d40 RDI: 0000000000000006 [ 194.802358][ T8277] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 194.810326][ T8277] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9a398206d4 [ 194.818292][ T8277] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff 04:36:52 executing program 1: r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1, 0x0) ioctl$int_in(r0, 0x80000000005015, 0x0) 04:36:52 executing program 4: mmap(&(0x7f0000000000/0xc1f000)=nil, 0xc1f000, 0x2, 0x10, 0xffffffffffffffff, 0x0) waitid(0x0, 0x0, &(0x7f0000003ff8), 0x0, 0x0) 04:36:52 executing program 5: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_HEAP_QUERY(r0, 0xc0184908, &(0x7f0000000140)={0x34, 0x0, &(0x7f00000000c0)}) 04:36:52 executing program 4: mmap(&(0x7f0000000000/0xc1f000)=nil, 0xc1f000, 0x2, 0x10, 0xffffffffffffffff, 0x0) waitid(0x0, 0x0, &(0x7f0000003ff8), 0x0, 0x0) 04:36:52 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000006c0)=0x1ff, 0x5) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) ioctl$GIO_FONTX(r0, 0x4b6b, &(0x7f0000000580)=""/51) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, &(0x7f0000000240)) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000280)={{{@in=@remote, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in=@multicast1}}, &(0x7f0000000380)=0xe8) quotactl(0x200, 0x0, r2, &(0x7f00000003c0)="98d62e520f4ffe5d13993a4485e2b31fbfc332aa6401bf1a435bb9bec8c601ecfabce28be167a2fc304ff05a67b720c7") sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @loopback}, 0x10) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000000c0), 0x2ba) recvmsg(r1, &(0x7f00000005c0)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f0000000740)=[{&(0x7f0000003ac0)=""/4096, 0xd400}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100) write$binfmt_elf64(r1, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) syz_genetlink_get_family_id$SEG6(&(0x7f0000000440)='SEG6\x00') sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, 0x0, 0x40000) ioctl$FIGETBSZ(r1, 0x2, &(0x7f0000000000)) 04:36:52 executing program 3: socketpair$unix(0x1, 0x0, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) clone(0x4000003102041ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() futex(&(0x7f0000000140)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1e) write$P9_RREAD(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="052fc73c7f000000000000000000ef3bc4778002774ba64d60b17495908c89f99e8cf66acff6a238380cd00b0900e3ff05000000004812f9fa"], 0x39) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f00000000c0)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:36:53 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x800) setsockopt$inet_sctp6_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000000200)=0x7, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x1, 0x0) semget$private(0x0, 0x0, 0xc2397a187ce34cc2) semctl$GETVAL(0x0, 0x4, 0xc, &(0x7f00000000c0)=""/98) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) r2 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) 04:36:53 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070") r1 = syz_open_dev$adsp(&(0x7f0000000280)='/dev/adsp#\x00', 0x6, 0x80) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, &(0x7f00000002c0)="0306848148269bf63ba74bb9880bdad9", 0x10) syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) r2 = socket$inet6(0xa, 0x80002, 0x100000000000088) bind$inet6(r2, &(0x7f0000d85fe4)={0xa, 0x4e23}, 0x1c) r3 = socket$inet6(0xa, 0x802, 0x88) setsockopt$inet6_udp_int(r3, 0x11, 0x100000000a, &(0x7f00000001c0)=0x800000000000003, 0x4) r4 = syz_open_dev$usb(&(0x7f0000000240)='/dev/bus/usb/00#/00#\x00', 0x6, 0x80000) recvfrom$rxrpc(r4, &(0x7f00000005c0)=""/254, 0xfed4, 0x2000, &(0x7f0000000380)=@in6={0x21, 0x4, 0x2, 0x0, {0xa, 0x4e23, 0xb596, @dev={0xfe, 0x80, [], 0x23}, 0x10000}}, 0xffffffffffffffb6) sendto$inet6(r3, 0x0, 0x0, 0x8800, &(0x7f0000000480)={0xa, 0x4e23}, 0x1c) sendto$inet6(r3, &(0x7f0000000d40)="dd", 0x1, 0x0, 0x0, 0x0) read(r2, &(0x7f0000000400)=""/105, 0x69) clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) ppoll(&(0x7f0000000040)=[{r0}], 0x1, &(0x7f0000000140)={r5, r6+30000000}, &(0x7f0000000180)={0x33}, 0x8) ioctl$sock_SIOCSIFBR(r0, 0x8941, &(0x7f0000000200)=@add_del={0x2, &(0x7f0000000000)='rose0\x00'}) 04:36:53 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x6, 0x0) write$binfmt_aout(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="48e30ff019a0c78f829b380000001607a90f3d2ed90920515e827507000000162d0000518cdf6d1e4c33bb98394c9f72b500004f363621943b040089cb003b2c040000710e13"], 0x46) ioctl$TCSETS(r1, 0x5402, &(0x7f0000000280)={0x0, 0x5}) 04:36:53 executing program 4: mmap(&(0x7f0000000000/0xc1f000)=nil, 0xc1f000, 0x2, 0x10, 0xffffffffffffffff, 0x0) waitid(0x0, 0x0, &(0x7f0000003ff8), 0x0, 0x0) 04:36:53 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x800) setsockopt$inet_sctp6_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000000200)=0x7, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) semctl$GETVAL(0x0, 0x4, 0xc, &(0x7f00000000c0)=""/98) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) r2 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) [ 195.584131][ T8320] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/8320 [ 195.593772][ T8320] caller is ip6_finish_output+0x335/0xdc0 [ 195.599628][ T8320] CPU: 1 PID: 8320 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 195.608658][ T8320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 195.618730][ T8320] Call Trace: [ 195.622037][ T8320] dump_stack+0x172/0x1f0 [ 195.626380][ T8320] __this_cpu_preempt_check+0x246/0x270 [ 195.631935][ T8320] ip6_finish_output+0x335/0xdc0 [ 195.636886][ T8320] ip6_output+0x235/0x7f0 [ 195.641219][ T8320] ? ip6_finish_output+0xdc0/0xdc0 [ 195.646326][ T8320] ? __skb_checksum+0x576/0x880 [ 195.651180][ T8320] ? ip6_fragment+0x3980/0x3980 [ 195.656040][ T8320] ip6_local_out+0xc4/0x1b0 [ 195.660543][ T8320] ip6_send_skb+0xbb/0x350 [ 195.664973][ T8320] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 195.670446][ T8320] udp_v6_push_pending_frames+0x295/0x3b0 [ 195.676165][ T8320] ? udp_v6_send_skb.isra.0+0x14f0/0x14f0 [ 195.681891][ T8320] ? udpv6_setsockopt+0xb0/0xb0 [ 195.686755][ T8320] udpv6_sendmsg+0x1b18/0x28d0 [ 195.691523][ T8320] ? udpv6_setsockopt+0xb0/0xb0 [ 195.696400][ T8320] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 195.702494][ T8320] ? aa_profile_af_perm+0x320/0x320 [ 195.707720][ T8320] ? __fget+0x35a/0x550 [ 195.711903][ T8320] ? find_held_lock+0x35/0x130 [ 195.717214][ T8320] ? __fget+0x35a/0x550 [ 195.721380][ T8320] ? lock_downgrade+0x880/0x880 [ 195.726237][ T8320] ? ___might_sleep+0x163/0x280 [ 195.731090][ T8320] ? __might_sleep+0x95/0x190 [ 195.735773][ T8320] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 195.741404][ T8320] ? aa_sk_perm+0x288/0x880 [ 195.745914][ T8320] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 195.751462][ T8320] inet_sendmsg+0x147/0x5e0 [ 195.755965][ T8320] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 195.761937][ T8320] ? inet_sendmsg+0x147/0x5e0 [ 195.766622][ T8320] ? ipip_gro_receive+0x100/0x100 [ 195.771653][ T8320] sock_sendmsg+0xdd/0x130 [ 195.776070][ T8320] __sys_sendto+0x262/0x380 [ 195.780588][ T8320] ? __ia32_sys_getpeername+0xb0/0xb0 [ 195.785997][ T8320] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 195.792260][ T8320] ? put_timespec64+0xda/0x140 [ 195.797032][ T8320] ? nsecs_to_jiffies+0x30/0x30 [ 195.801892][ T8320] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 195.807348][ T8320] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 195.812808][ T8320] ? do_syscall_64+0x26/0x610 [ 195.817484][ T8320] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 195.823552][ T8320] __x64_sys_sendto+0xe1/0x1a0 [ 195.828321][ T8320] do_syscall_64+0x103/0x610 [ 195.832914][ T8320] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 195.838808][ T8320] RIP: 0033:0x4582b9 [ 195.842704][ T8320] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 195.862304][ T8320] RSP: 002b:00007f9a3981fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 195.870718][ T8320] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 04:36:53 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x800) setsockopt$inet_sctp6_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000000200)=0x7, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) semget$private(0x0, 0x0, 0xc2397a187ce34cc2) semctl$GETVAL(0x0, 0x4, 0xc, &(0x7f00000000c0)=""/98) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) r2 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r2, 0x114, 0xa, &(0x7f0000000000)={0x1, "8e"}, 0x2) [ 195.878684][ T8320] RDX: 0000000000000001 RSI: 0000000020000d40 RDI: 0000000000000006 [ 195.886651][ T8320] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 195.894624][ T8320] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9a398206d4 [ 195.902592][ T8320] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff 04:36:53 executing program 4: mmap(&(0x7f0000000000/0xc1f000)=nil, 0xc1f000, 0x2, 0x71, 0xffffffffffffffff, 0x0) waitid(0x0, 0x0, 0x0, 0x0, 0x0) 04:36:53 executing program 4: mmap(&(0x7f0000000000/0xc1f000)=nil, 0xc1f000, 0x2, 0x71, 0xffffffffffffffff, 0x0) waitid(0x0, 0x0, 0x0, 0x0, 0x0) 04:36:53 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockname(0xffffffffffffffff, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='hugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000180), 0x12) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x7fffffff}) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000440)={0x0, 0x1000, 0x0, 0x5, 0xfffffffffffffffc}, &(0x7f0000000480)=0x18) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cgroup.events\x00', 0x275a, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000500)=@assoc_value={r2}, 0x0) write$cgroup_int(r3, &(0x7f0000000100)=0x800000, 0xffffffd5) bind$x25(0xffffffffffffffff, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x40}) getsockopt$EBT_SO_GET_INIT_ENTRIES(r0, 0x0, 0x83, &(0x7f00000003c0)={'broute\x00', 0x0, 0x4, 0xb5, [], 0x0, 0x0, &(0x7f0000000300)=""/181}, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000140)={r3, &(0x7f0000000040)="aee6e5bcaaa9692992baafa13085210ba1d2eea3574c9105e1521ffd633f0dbd1278117df7c8814d01480c3f3c5c746acc31fb6bfe", 0x0}, 0x18) 04:36:54 executing program 4: mmap(&(0x7f0000000000/0xc1f000)=nil, 0xc1f000, 0x2, 0x71, 0xffffffffffffffff, 0x0) waitid(0x0, 0x0, 0x0, 0x0, 0x0) 04:36:54 executing program 5: pipe(&(0x7f0000000180)) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) perf_event_open(&(0x7f0000000080)={0x400000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003500)=[{{0x0, 0x0, &(0x7f0000002580)=[{&(0x7f00000012c0)=""/115, 0x73}], 0x1}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/raw6\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x4000000000000000) 04:36:54 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) sendmmsg(r1, &(0x7f0000002c40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000e40)=[{0x18, 0x117, 0x3, "ac"}], 0x18}}], 0x1, 0x40000) 04:36:54 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x800) setsockopt$inet_sctp6_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000000200)=0x7, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) semctl$GETVAL(0x0, 0x4, 0xc, &(0x7f00000000c0)=""/98) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) r2 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) 04:36:54 executing program 4: socket$alg(0x26, 0x5, 0x0) r0 = socket$inet6(0xa, 0x803, 0x20) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000005c0)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000100), 0x4) recvmsg(r1, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0xf012, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100) write$binfmt_elf64(r1, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 04:36:54 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x800) setsockopt$inet_sctp6_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000000200)=0x7, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) semget$private(0x0, 0x0, 0xc2397a187ce34cc2) semctl$GETVAL(0x0, 0x4, 0xc, &(0x7f00000000c0)=""/98) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) r2 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r2, 0x114, 0xa, &(0x7f0000000000)={0x1, "8e"}, 0x2) 04:36:54 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r1, 0x0) r2 = fcntl$dupfd(r0, 0x0, r0) connect$unix(r0, &(0x7f0000000040)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) write$cgroup_type(r2, &(0x7f00000000c0)='threaded\x00', 0x9) 04:36:54 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004540)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002e00)=""/58, 0x3a}}], 0x1, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x1, 0x0) writev(r0, &(0x7f00000023c0), 0x1000000000000252) 04:36:54 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x4000000000000002, &(0x7f0000000040)=0x8, 0x4) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x44e20}, 0x1c) 04:36:54 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x1, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)) preadv(0xffffffffffffffff, &(0x7f00000006c0)=[{&(0x7f00000005c0)=""/148, 0x94}], 0x1, 0x3) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/snmp\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000091, 0x0) 04:36:54 executing program 2: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000140)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_DQEVENT(r0, 0x80885659, 0x0) timer_create(0x0, 0x0, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000001400)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() tkill(r1, 0x14) 04:36:55 executing program 5: syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/ptmx\x00', 0x0, 0x0) openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000280)='/dev/video37\x00', 0x2, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000340)) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 04:36:55 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) preadv(0xffffffffffffffff, &(0x7f00000006c0)=[{&(0x7f00000005c0)=""/148, 0x94}], 0x1, 0x3) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/snmp\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000091, 0x0) 04:36:55 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x800) setsockopt$inet_sctp6_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000000200)=0x7, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) semget$private(0x0, 0x0, 0xc2397a187ce34cc2) semctl$GETVAL(0x0, 0x4, 0xc, &(0x7f00000000c0)=""/98) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) r2 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r2, 0x114, 0xa, &(0x7f0000000000)={0x1, "8e"}, 0x2) 04:36:55 executing program 3: syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/ptmx\x00', 0x0, 0x0) openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000280)='/dev/video37\x00', 0x2, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 04:36:55 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = creat(&(0x7f0000000200)='./bus\x00', 0x0) truncate(&(0x7f00000000c0)='./bus\x00', 0x1000) r2 = open(&(0x7f0000000480)='./bus\x00', 0x0, 0x0) lseek(r1, 0x0, 0x2) sendfile(r1, r2, 0x0, 0x30008) 04:36:55 executing program 4: gettid() ioctl$sock_inet_SIOCGIFADDR(0xffffffffffffffff, 0x8915, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000100)='/dev/full\x00', 0x102, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x0) write$P9_ROPEN(0xffffffffffffffff, 0x0, 0x0) timer_create(0x0, 0x0, 0x0) write$P9_RMKDIR(0xffffffffffffffff, 0x0, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) write$P9_RXATTRCREATE(0xffffffffffffffff, 0x0, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) write$P9_RGETATTR(r0, 0x0, 0x0) [ 197.891925][ T26] audit: type=1804 audit(1554698215.568:35): pid=8422 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir447496995/syzkaller.YmiK38/28/bus" dev="sda1" ino=16630 res=1 04:36:55 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$vhci(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vhci\x00', 0x0) 04:36:55 executing program 4: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket(0x400000000000010, 0x802, 0x0) write(r1, &(0x7f0000000140)="240000001a0099f0003be90000ed190e0208081600d0000000ba0080080001007f196be0", 0x24) [ 197.995453][ T26] audit: type=1804 audit(1554698215.658:36): pid=8425 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir447496995/syzkaller.YmiK38/28/bus" dev="sda1" ino=16630 res=1 04:36:55 executing program 4: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket(0x400000000000010, 0x802, 0x0) write(r1, &(0x7f0000000140)="240000001a0099f0003be90000ed190e0208081600d0000000ba0080080001007f196be0", 0x24) 04:36:55 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x4000001, 0x182) r1 = memfd_create(&(0x7f0000000100)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0) pipe(0x0) write(0xffffffffffffffff, 0x0, 0x0) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x2f, 0x0, 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") sendfile(r0, r0, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) 04:36:55 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x0) writev(r2, &(0x7f0000000100)=[{&(0x7f00000001c0)="928abbaeae7398b5541884218057f595bbf092ff7fc7c4349c0b62fb32a24269b0811fe35d9202a766eaa975b639cec6599c332b125cfa2da06f890635ede8b7523e5a028c0d641e0c5cff430b565bfc633ec16e5dcf88690474fcf51b0f8290f9282f5815cfc0612c171aaf629fa6ec8e1913409e89ef8b47ed500e9c5ad298b4de55aa75470a87bf50cb529470755ac352a0431b56da55e54a12d5f68a3bcebd348d022312094690cb9e6dce54c625591a02451b0fd32539c19492884f2be0333e1f9447534a8b6da3b933c79d3fe6ec9ba2d7dd6da73218f79b1c2b5ab31f4ac8282965195b2a15c623f2aedf9c144ef4279acc08531c65076693b57ae1ae06a71c48fa984861c2fc7017429ef5d8b057c6c1da99d24242b05ea660ffbb232977538079fe6b5ca4b0e47e0be6ce9054144df483f60e1f3bd2029c0f8e95dc9b2f470e09b80776ce283e6304625915ff620760a33a648b0f427622ae25f6ff9e6a81df6585d064d24199c86ef9c547beb6bd14be6d630a3d92b71bbf5daddd57da4ff094bd1377f1033ba8e48c37b805b88e87e4926213e46c39a9d38c151b6a257ac02e2b8ff2465c82c29c0afe48294bcac2e180fcd9cd8b5ab9722782b5f76bfe8690d4e3d0603e52ecfb49a3c33faf5f4e8b36254a70ccd18a8a47b5df63768c2431d973b1c056c2ddc57d57656de6c775d2c7552c51de754ab79805bd03086a9f52bad11bcf45951ae25069b6ab4360e69492ecc4878f15b13e74d4252b47845020850af5b79fc66bfe7a2931d43ef91f19e0f33ec7c814c4dc0fe58f51f6709b78c7ebfae10a371596b7f7eba18c6a2cf9dcaf2d93ad5bcc8a6239eca0ba10b5d33cf0b8a49363f77aa3bab1ef316a01a62ab96d6f343ccb6ab06276c9dd991ba7c014c9f5e7086d548d23077a8b05614d8eebb3e67a0a7095cd448af760bb1a9449b06e70e3b044002f89795a2b94d88fb794946743529ed11e9bf87158a4df91a1e228f0e83bbc59181311cf0bab9d0f80602abdb14cef47cde157a29459d49596bde49a3c1f65fa00a1783104baa77a0c2f59fbd32bb967004c149afae9eb87dc0de5f7f04b439f7dbd5ed8064d86ae25e00bdd63d71d690e309df5cbd8a739de1e5a6840c2dc4e7e5ac1c1cd1e61bdc7b722ec52bcf2c5b19973f9fd675f39750b0904eabbc2a37924348478913da4cbe35101489dec907765fe92bed464c5423d722a04c59d6a803be943667bea4fa57e3269033ac4f735c6e32842b1e40011865e1d54b248b13841b78a16d11d12b6df509cf78317fcea6abe36c1990f1a5405b9dc25de0ed2efe343ecfec05e55f8d5bfb1e7055e6af62e27e3dc0af95d601b66d5000bc097976559af2f6d634cf5ac1fbaa704fa1a07f66beb1efb3f5a22f8512ef959317c7e86e710301b3e66f7a9a251d3e5f3f20f1b0b9eacc5e8d30aff76b67d95c7c36649766064bdca6b83b5da7052a9be6b2133b4cad68dde5a91f640492f4fd3660cd26f4c541964de5e288e273acb4d23045dbd374df2503b31787879af30816f1c170659c1723a268ea15ce77a35735ba836283dee18e4f776e6b3969762803dfa2e1141f3a468f7b207c4013fb503113fa66630c7b79c70599b36d22f6e393e20669b212262cbc4f4504d2631198f5897c893adfbb24ae4fdb0c15ad30d1acef3d50c4aa0ee93ebc982996737f168710cdb83fdfdb3949a46b1795315df7f0124a81e594eddb12416cd8b9a12cb7671f90e2f36494a152461bfa207c31559883d0e70f6f08048ce45d6dfcb3869efffc0097d47cb4bb08717661a850118e5227c897636328454a0679e66ba081c67e65e5fbacf04434f6c4daca6c3ab0f02d67f3302bf76749d5ebabbb4f1961f96a148647503a629aefa9c43c3ca469fc64dc47d8ec2f1f56d5c6a8b744ba5689882bc31b10142acf9163374994c33bdd4f118070e2e8a74c609d881c3176eb4cb8e6d9723dc1a9bde47150c6f05c41b03816c0067344f297564287c87888e2233ebd793609889829b41cffd5538e2f4bd087ccc4c0c3f385715c84eb10af8c09e9234f268ca1f05b4d6283cac9d2cd55ce9adf51fea79e8023a19781a7c8ed9d6b5c808d1600a32dec2aa74ebdf4d5a7dafb3b1994608665dcb04b15b998ada1243f2fc443290009a9cd4ffb204a9473cdfe203f67c0829a1a95cd718028a5f82dc51a46c52412ce1b5bbce7466c6c8b3ff4cb70ee93c689045196d674ec7a6290acdea1e20bbb5cfc0560ce9ad4bc89b15282f74a51fe590a6a43e9597b03a92d669d01b3b87dac8775ce141f2e16d2cffcb329116be0d177dcc0ee4ecf6f128f624cdd2e5bc69cf570018caf366421bd861dde478f57e793c70a434aad1113f08de2a38b426a064a7dda1f537b90f915003deed210ac3a82ae32ce5cf6d554f653fa5093b242330cdfc7ce5486d78fd98c045335c6e88fc66dded3deb522fe79b8f1326e7a216595cd54f4b4aebc718f61b632af3c3d6f6d213f79b1df8dcb31478465e94f8524b5a7bc60c2fa7a5a90619ff47e52124eb631e6e67eaf512b849bb6501f32f9cc4e75ad62a2de10a61a7856ffdba30f250f883466886323c3aad0d7bee5734528cf204bb742a63212f67183ee10fa00384159735d722173ac75b1ea5763ff1cf6ca80dbfc496af955c0e5fe0074dbfdb7a2f15c29b4a0e48538a5e850196590d79652972d190fbf9c8a829268d485959c78a13b4096112fde3643cd6e18aa2a4791680336f7b49975f04856dec2aa993fdcf3251ec9a9f51924e81b4df30cd04dadc9e7d79188c4147686d4dd493b0eb2d084fc09354fd39076b30e4224ef74ccf12734df2020756b1549cf7477610187a81d85dd8d96c1eb3f08a7cfcb3765e18c6d0682f7d11b6e530e0c5539dcd506813a92dd004ef4537ddf882c966ead5fa14a0cb0b93bf51fc653fda4f7bdc32d6de607553b906b7bf29af56d008ed0eb5fa6d6e26b6e1afeced5fa7c1f6be911d90a36054ff04766422635d70710f3ba0591449398169541aa95f15217e699379c97f25c14ff63272aeb2cb32487aa19136fd89296113c248a0426d6f3efeea5292d391c0993725039592484748fe291a1e96fd615529ad130b93b07c006f324b1d5515ca1fb5dc6dc9d4a0a87305720a59b17443ce07cb505d8012cb9e3de582a6ea8269700ab5386b353f3390fd80432d2019b4fa9619116848155d18cd718940b7a7f7c414465f907ed5ab6e1775bf5723cd9492e9fe6fb6ce779d06771e89fbf3b5379cd3601b24d5e90178c0fd1e648f8e763d7deddef8232cde37eee73cd701ddb65ec3a7ed8b7965c1f191358eac2eabbf3e811eaedb8dda4a93dee4e1c8f2098c1f9394c46434bd3cba4809ec9956b08ffca5ad7c7e21aa429295fb9ebec77b342f94229dd50f6008511b2d7bd3a0aa52a35957daf71daf86623bca9a157d66105c9e4d70561b31c5a3908adc574e48bb24ba668c1cd37357e84c823eb1546e207890f10932b10af06dd0dcdb58dc19ac7ab511eacca9dbee684f80a1201c4cbf51175b56afe382a825acb74bac18bc13656ad35d6192c3888deac50a57e12a7bc7f7797d4e3e299fffbc46870a732622415b734be4fd6aff55011445f2a8106734e37b4cf06baea76b0b52fb27786ccec4de1ac98972a97db163ee066d2523e2747685580fdc457ad584befaaf24f4e0bdb574fb8a83c1dcd1090cb7660907852c5d340e3857898dc0f2f6aab13121879dd578c4a42a875b090bb01d95c727b47f42dc8b7501ea102d688f0f3f8ad30ff4819088dcb05edce584f20cdc48f363595b1981894eeeb87471f1c50784a41cf10c8a3acffddd278335ae1b80b7a348bf9a1f88ef7944e56723ecdc52fb8eef89ccaa9b6847d388590149a65a7d9e68a2ad27c09d98db246809e1b69faa46aed2145ffb991d52c0a70fff4a1f3dd9564b8a6d68f0aada0b86b605e3a1554280a5740b8511feba2a0f320763dc203e45d81dc83d1f84a6de04c70c6ef667ecde6f0034d9cc03364ce5518df8e5aae2ddd97a1686fec9a53a7a32a71b2787d91d798e88eda024395d48460dfeb1571cb8f4041404795f2e2ff347c963da349d996f2bcdebddaff59005df7bf29d6768be5bfef19d9a8e2b001c072915ad243d64326c20d4aea1df22ff15a467101c4031d29b6e1c014271506e1a139e3a880832e57809f40f639882965852bab71110c3b085d0ef6f8c3a98708d21477230479fed6d179eaa99bcd67b62c2aba3ce2fbd84ac697faac95025a4867c1d4604d041c2f9871fde4d1f3e6032a3f63405baa24d1f84b516cae2f55132ec569868f8fd11b1178a3c6402c35809f4b6380f75bb10967e3e371bee28fbec0d6040f6ccb9fae90895e6fb730e2d84692d8a43263ef5ca56e3bc4eac5bf99d9d3911a2bd4747acd87819c1513325403dfefc5102a015f20cd62ccac4391a8ece1772d87a5d13674ff902e45e8431088cbc0cea9bd27cea77bd568b57619b57daa36b0a362c9d75c77b0f440cdd630a0d963bd007b1dbb7c430b0f31cb5a6bd0f548c04fdfee74797f89fc31e435a7ad27aa7410d35901a87414c99f159748d0204ebd998ad99294a7519f7e844a321aab60e99e5c6e1caf88c9f94aae93f0b71013576de233f1434463009a535a9969258663a68299cdb7b116ecc0593b051f8ab7ad822abaed75a53b3f4f2662bff4d6c0e3bb0b898303a0603804969e644e547b1c7ffff88ba32e6860ba44729459267ddde5e6e6722aaa62dc220db180e3b09d7d1f1f85255c5f0000e0f536bf8e8bc76eaf908d2b515c822f3cdd8e92a24de533ed2a71520781dd5e7f5d36b21f2ab37b11d527adca56f7ea8c2634c3d768223f8c90bd2b0c344c18dd83db32950c04d4de70fa6b4fcc644b57e870f0a25351d14ed804063a56554ea5164fcb4bcc1aba8bdf103fc4c1158cef2128a23deadae45db7c605d0564f14229f738f080a06b5498f3ac8ac6e40344f7054bcc3758da4cfe1833029ea62e7fb6aaffe372821e76a8b1beae313688a15a1350bd35cde16e6c4da1a5cf8a75064e9ceb030cafbd8b9bd3317fc7c9e0ed8c63f34c47c09d55db9e25afcfe5a0c057c4cca9f08916e18483abf13adcafd63048cea662d86cad202068ee4288f34d01800ebc056f0f92733e18d60bdcbbe2046085574e80256fe70abae93f512c24b626e2dee15cedc8fae23e935fb038c40ff0bf798132a1046a183c83718b6bf1b7f0e7b56a01c54937bed5299480936de8d1db516361620b952ebb7e2c158796e8a4c74c0921861fb502734c3ad13018246bf3cacc2e992605d15953f54ef5b653241a16dfea984a185867d71b5bf049a4c54e1293ebaba18035697305d5280f225b0f59627228e1fed9cff7324f9a4a345d680e37fe871b748ff856a6d0f9a6e4b48d2337dc0fefa3fc6828e71c236760c32aee07f889553934fc7cf4e0c1c8312f849e025659821cbd681e3c6e794baa96cf3eab26fff404c498df386ae6550cdadf", 0xf51}], 0x1) [ 198.146524][ T26] audit: type=1804 audit(1554698215.668:37): pid=8425 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir447496995/syzkaller.YmiK38/28/bus" dev="sda1" ino=16630 res=1 04:36:56 executing program 2: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) bind$rose(r0, &(0x7f00000001c0)=@short={0xb, @dev, @default, 0x1, @rose}, 0x1c) connect$rose(r0, &(0x7f0000000040)=@full={0xb, @remote, @null, 0x6, [@null, @default, @null, @bcast, @null, @netrom]}, 0x40) [ 198.339943][ T8440] print_req_error: I/O error, dev loop5, sector 0 flags 80700 04:36:56 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) ioctl$sock_ifreq(r1, 0x8937, &(0x7f0000000140)={'veth0\x00', @ifru_settings={0x10001, 0x0, @fr=0x0}}) getsockopt$inet_buf(r1, 0x0, 0x29, &(0x7f0000000300)=""/4096, &(0x7f0000000000)=0x1000) 04:36:56 executing program 4: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket(0x400000000000010, 0x802, 0x0) write(r1, &(0x7f0000000140)="240000001a0099f0003be90000ed190e0208081600d0000000ba0080080001007f196be0", 0x24) 04:36:56 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x800) setsockopt$inet_sctp6_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000000200)=0x7, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) semget$private(0x0, 0x0, 0xc2397a187ce34cc2) semctl$GETVAL(0x0, 0x4, 0xc, &(0x7f00000000c0)=""/98) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) r2 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r2, 0x114, 0xa, &(0x7f0000000000)={0x1, "8e"}, 0x2) 04:36:56 executing program 3: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee67, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = timerfd_create(0x0, 0x0) poll(&(0x7f0000000000)=[{r0, 0x5}, {r1}], 0x2, 0xffffffffffff2c7f) 04:36:56 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_MCAST_LEAVE_GROUP(r1, 0x0, 0x2d, 0x0, 0x0) r2 = socket$inet(0x2, 0x1, 0x1c) ioctl(r2, 0x1000008912, &(0x7f00000000c0)) r3 = socket$packet(0x11, 0x0, 0x300) readv(r3, 0x0, 0x0) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r2, 0x84, 0x1b, &(0x7f0000000000), 0x0) setsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0) ioctl$sock_inet_tcp_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$IMGETDEVINFO(0xffffffffffffffff, 0x80044944, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) bind$inet6(r5, &(0x7f0000000440)={0xa, 0x8000002}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, 0x0, 0x0) getsockname$inet6(0xffffffffffffffff, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_SETFSLABEL(0xffffffffffffffff, 0x41009432, 0x0) syz_genetlink_get_family_id$tipc(0x0) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, 0x0, 0x228) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, 0x0, 0x0) splice(r5, 0x0, r4, 0x0, 0x1000000000000003, 0x0) syz_genetlink_get_family_id$tipc2(0x0) syz_genetlink_get_family_id$tipc2(0x0) 04:36:56 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000000000)={'veth0_to_bridge\x00', {0x2, 0x0, @loopback}}) close(r1) writev(0xffffffffffffffff, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) 04:36:56 executing program 4: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket(0x400000000000010, 0x802, 0x0) write(r1, &(0x7f0000000140)="240000001a0099f0003be90000ed190e0208081600d0000000ba0080080001007f196be0", 0x24) 04:36:56 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) ioctl$sock_ifreq(r1, 0x8937, &(0x7f0000000140)={'veth0\x00', @ifru_settings={0x10001, 0x0, @fr=0x0}}) getsockopt$inet_buf(r1, 0x0, 0x29, &(0x7f0000000300)=""/4096, &(0x7f0000000000)=0x1000) 04:36:56 executing program 4: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) write(0xffffffffffffffff, &(0x7f0000000140)="240000001a0099f0003be90000ed190e0208081600d0000000ba0080080001007f196be0", 0x24) [ 198.808466][ T8486] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/8486 [ 198.818216][ T8486] caller is ip6_finish_output+0x335/0xdc0 [ 198.823959][ T8486] CPU: 0 PID: 8486 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 198.833001][ T8486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 198.843077][ T8486] Call Trace: [ 198.846378][ T8486] dump_stack+0x172/0x1f0 [ 198.850736][ T8486] __this_cpu_preempt_check+0x246/0x270 04:36:56 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) ioctl$sock_ifreq(r1, 0x8937, &(0x7f0000000140)={'veth0\x00', @ifru_settings={0x10001, 0x0, @fr=0x0}}) getsockopt$inet_buf(r1, 0x0, 0x29, &(0x7f0000000300)=""/4096, &(0x7f0000000000)=0x1000) [ 198.856295][ T8486] ip6_finish_output+0x335/0xdc0 [ 198.861250][ T8486] ip6_output+0x235/0x7f0 [ 198.865601][ T8486] ? ip6_finish_output+0xdc0/0xdc0 [ 198.870748][ T8486] ? ip6_fragment+0x3980/0x3980 [ 198.875636][ T8486] ip6_xmit+0xe41/0x20c0 [ 198.879901][ T8486] ? ip6_finish_output2+0x2550/0x2550 [ 198.885321][ T8486] ? mark_held_locks+0xf0/0xf0 [ 198.890094][ T8486] ? ip6_setup_cork+0x1870/0x1870 [ 198.895147][ T8486] inet6_csk_xmit+0x2fb/0x5d0 [ 198.899841][ T8486] ? inet6_csk_update_pmtu+0x190/0x190 04:36:56 executing program 0: perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) [ 198.905304][ T8486] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 198.911560][ T8486] ? csum_ipv6_magic+0x20/0x80 [ 198.916345][ T8486] __tcp_transmit_skb+0x1a32/0x3750 [ 198.921566][ T8486] ? __tcp_select_window+0x8b0/0x8b0 [ 198.926873][ T8486] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 198.933124][ T8486] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 198.938594][ T8486] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 198.944860][ T8486] tcp_connect+0x1e47/0x4280 [ 198.949474][ T8486] ? tcp_push_one+0x110/0x110 [ 198.954165][ T8486] ? secure_tcpv6_ts_off+0x24f/0x360 [ 198.959466][ T8486] ? secure_dccpv6_sequence_number+0x280/0x280 [ 198.965645][ T8486] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 198.971899][ T8486] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 198.978995][ T8486] ? prandom_u32_state+0x13/0x180 [ 198.984040][ T8486] tcp_v6_connect+0x150b/0x20a0 [ 198.988893][ T8486] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 198.994277][ T8486] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 198.999562][ T8486] ? __switch_to_asm+0x34/0x70 [ 198.999587][ T8486] ? __switch_to_asm+0x40/0x70 [ 198.999631][ T8486] ? find_held_lock+0x35/0x130 [ 198.999650][ T8486] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 198.999674][ T8486] __inet_stream_connect+0x83f/0xea0 [ 198.999686][ T8486] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 198.999700][ T8486] ? __inet_stream_connect+0x83f/0xea0 [ 199.037730][ T8486] ? inet_dgram_connect+0x2e0/0x2e0 [ 199.042941][ T8486] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 199.052865][ T8486] ? rcu_read_lock_sched_held+0x110/0x130 04:36:56 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) ioctl$sock_ifreq(r1, 0x8937, &(0x7f0000000140)={'veth0\x00', @ifru_settings={0x10001, 0x0, @fr=0x0}}) getsockopt$inet_buf(r1, 0x0, 0x29, &(0x7f0000000300)=""/4096, &(0x7f0000000000)=0x1000) [ 199.052890][ T8486] ? kmem_cache_alloc_trace+0x354/0x760 [ 199.052906][ T8486] ? __lock_acquire+0x548/0x3fb0 [ 199.052932][ T8486] tcp_sendmsg_locked+0x231f/0x37f0 [ 199.052958][ T8486] ? mark_held_locks+0xf0/0xf0 [ 199.079256][ T8486] ? mark_held_locks+0xa4/0xf0 [ 199.084040][ T8486] ? tcp_sendpage+0x60/0x60 [ 199.089044][ T8486] ? lock_sock_nested+0x9a/0x120 [ 199.093989][ T8486] ? trace_hardirqs_on+0x67/0x230 [ 199.099038][ T8486] ? lock_sock_nested+0x9a/0x120 [ 199.103999][ T8486] ? __local_bh_enable_ip+0x15a/0x270 [ 199.109398][ T8486] tcp_sendmsg+0x30/0x50 [ 199.113658][ T8486] inet_sendmsg+0x147/0x5e0 [ 199.118170][ T8486] ? ipip_gro_receive+0x100/0x100 [ 199.123297][ T8486] sock_sendmsg+0xdd/0x130 [ 199.127728][ T8486] __sys_sendto+0x262/0x380 [ 199.132244][ T8486] ? __ia32_sys_getpeername+0xb0/0xb0 [ 199.137660][ T8486] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.143942][ T8486] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.149408][ T8486] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.154880][ T8486] ? do_syscall_64+0x26/0x610 [ 199.159573][ T8486] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.165685][ T8486] __x64_sys_sendto+0xe1/0x1a0 [ 199.170468][ T8486] do_syscall_64+0x103/0x610 [ 199.175099][ T8486] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.180995][ T8486] RIP: 0033:0x4582b9 [ 199.184894][ T8486] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.204508][ T8486] RSP: 002b:00007f9a397fec78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 199.213244][ T8486] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 199.221224][ T8486] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 199.229205][ T8486] RBP: 000000000073bfa0 R08: 0000000020b63fe4 R09: 000000000000001c [ 199.237196][ T8486] R10: 0000000020000001 R11: 0000000000000246 R12: 00007f9a397ff6d4 [ 199.245203][ T8486] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff 04:36:56 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) getsockopt$inet_buf(r1, 0x0, 0x29, &(0x7f0000000300)=""/4096, &(0x7f0000000000)=0x1000) 04:36:57 executing program 3: r0 = gettid() epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f0000001280)={0x0, 0x4000000000000012, 0x0, @thr={0x0, 0x0}}, &(0x7f0000001240)) ppoll(0x0, 0x8, 0x0, 0x0, 0xffffffffffffff33) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) ioctl$KDGETMODE(0xffffffffffffffff, 0x4b3b, 0x0) recvmmsg(r1, &(0x7f0000004000)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000140)=""/87, 0x57}], 0x1}}], 0x1, 0x0, 0x0) tkill(r0, 0x1000000000016) 04:36:57 executing program 1: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) bind$rose(r0, &(0x7f00000001c0)=@short={0xb, @dev, @default, 0x1, @rose}, 0x1c) 04:36:57 executing program 4: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) write(0xffffffffffffffff, &(0x7f0000000140)="240000001a0099f0003be90000ed190e0208081600d0000000ba0080080001007f196be0", 0x24) [ 199.593146][ T8515] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/8515 [ 199.602755][ T8515] caller is ip6_finish_output+0x335/0xdc0 [ 199.608559][ T8515] CPU: 1 PID: 8515 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 199.617598][ T8515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.627787][ T8515] Call Trace: [ 199.631094][ T8515] dump_stack+0x172/0x1f0 [ 199.635461][ T8515] __this_cpu_preempt_check+0x246/0x270 [ 199.641015][ T8515] ip6_finish_output+0x335/0xdc0 [ 199.645959][ T8515] ip6_output+0x235/0x7f0 [ 199.650310][ T8515] ? ip6_finish_output+0xdc0/0xdc0 [ 199.655408][ T8515] ? ip6_fragment+0x3980/0x3980 [ 199.660244][ T8515] ip6_xmit+0xe41/0x20c0 [ 199.664478][ T8515] ? ip6_finish_output2+0x2550/0x2550 [ 199.669863][ T8515] ? mark_held_locks+0xf0/0xf0 [ 199.674638][ T8515] ? ip6_setup_cork+0x1870/0x1870 [ 199.679660][ T8515] inet6_csk_xmit+0x2fb/0x5d0 [ 199.684319][ T8515] ? inet6_csk_update_pmtu+0x190/0x190 [ 199.689763][ T8515] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.695989][ T8515] ? csum_ipv6_magic+0x20/0x80 [ 199.700763][ T8515] __tcp_transmit_skb+0x1a32/0x3750 [ 199.706037][ T8515] ? __tcp_select_window+0x8b0/0x8b0 [ 199.711312][ T8515] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.717641][ T8515] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 199.723100][ T8515] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 199.729327][ T8515] tcp_connect+0x1e47/0x4280 [ 199.733909][ T8515] ? tcp_push_one+0x110/0x110 [ 199.738573][ T8515] ? secure_tcpv6_ts_off+0x24f/0x360 [ 199.743843][ T8515] ? secure_dccpv6_sequence_number+0x280/0x280 [ 199.749979][ T8515] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.756217][ T8515] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.762455][ T8515] ? prandom_u32_state+0x13/0x180 [ 199.767493][ T8515] tcp_v6_connect+0x150b/0x20a0 [ 199.772361][ T8515] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 199.777721][ T8515] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 199.783012][ T8515] ? __switch_to_asm+0x34/0x70 [ 199.787782][ T8515] ? __switch_to_asm+0x40/0x70 [ 199.792538][ T8515] ? find_held_lock+0x35/0x130 [ 199.797299][ T8515] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 199.802940][ T8515] __inet_stream_connect+0x83f/0xea0 [ 199.808222][ T8515] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 199.813494][ T8515] ? __inet_stream_connect+0x83f/0xea0 [ 199.818940][ T8515] ? inet_dgram_connect+0x2e0/0x2e0 [ 199.824131][ T8515] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 199.829492][ T8515] ? rcu_read_lock_sched_held+0x110/0x130 [ 199.835197][ T8515] ? kmem_cache_alloc_trace+0x354/0x760 [ 199.840742][ T8515] ? __lock_acquire+0x548/0x3fb0 [ 199.845679][ T8515] tcp_sendmsg_locked+0x231f/0x37f0 [ 199.850881][ T8515] ? mark_held_locks+0xf0/0xf0 [ 199.855642][ T8515] ? mark_held_locks+0xa4/0xf0 [ 199.860455][ T8515] ? tcp_sendpage+0x60/0x60 [ 199.864944][ T8515] ? lock_sock_nested+0x9a/0x120 [ 199.869866][ T8515] ? trace_hardirqs_on+0x67/0x230 [ 199.874876][ T8515] ? lock_sock_nested+0x9a/0x120 [ 199.879810][ T8515] ? __local_bh_enable_ip+0x15a/0x270 [ 199.885211][ T8515] tcp_sendmsg+0x30/0x50 [ 199.889440][ T8515] inet_sendmsg+0x147/0x5e0 [ 199.894016][ T8515] ? ipip_gro_receive+0x100/0x100 [ 199.899025][ T8515] sock_sendmsg+0xdd/0x130 [ 199.903429][ T8515] __sys_sendto+0x262/0x380 [ 199.907942][ T8515] ? __ia32_sys_getpeername+0xb0/0xb0 [ 199.913309][ T8515] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.919562][ T8515] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.925004][ T8515] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.930445][ T8515] ? do_syscall_64+0x26/0x610 [ 199.935104][ T8515] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.941162][ T8515] __x64_sys_sendto+0xe1/0x1a0 [ 199.945927][ T8515] do_syscall_64+0x103/0x610 [ 199.950530][ T8515] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.956433][ T8515] RIP: 0033:0x4582b9 [ 199.960321][ T8515] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.979912][ T8515] RSP: 002b:00007f9a397ddc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 199.988312][ T8515] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 199.996272][ T8515] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000010 [ 200.004231][ T8515] RBP: 000000000073c040 R08: 0000000020b63fe4 R09: 000000000000001c [ 200.012294][ T8515] R10: 0000000020000001 R11: 0000000000000246 R12: 00007f9a397de6d4 [ 200.020257][ T8515] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 201.723015][ T8469] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/8469 [ 201.732492][ T8469] caller is ip6_finish_output+0x335/0xdc0 [ 201.738409][ T8469] CPU: 0 PID: 8469 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 201.747434][ T8469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 201.757480][ T8469] Call Trace: [ 201.760766][ T8469] dump_stack+0x172/0x1f0 [ 201.765093][ T8469] __this_cpu_preempt_check+0x246/0x270 [ 201.770654][ T8469] ip6_finish_output+0x335/0xdc0 [ 201.775594][ T8469] ip6_output+0x235/0x7f0 [ 201.779920][ T8469] ? ip6_finish_output+0xdc0/0xdc0 [ 201.785015][ T8469] ? ip6_fragment+0x3980/0x3980 [ 201.789854][ T8469] ip6_xmit+0xe41/0x20c0 [ 201.794094][ T8469] ? ip6_finish_output2+0x2550/0x2550 [ 201.799450][ T8469] ? mark_held_locks+0xf0/0xf0 [ 201.804196][ T8469] ? ip6_setup_cork+0x1870/0x1870 [ 201.809395][ T8469] inet6_csk_xmit+0x2fb/0x5d0 [ 201.814070][ T8469] ? inet6_csk_update_pmtu+0x190/0x190 [ 201.819514][ T8469] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 201.825739][ T8469] ? csum_ipv6_magic+0x20/0x80 [ 201.830488][ T8469] __tcp_transmit_skb+0x1a32/0x3750 [ 201.835675][ T8469] ? __tcp_select_window+0x8b0/0x8b0 [ 201.840942][ T8469] ? lockdep_hardirqs_on+0x418/0x5d0 [ 201.846207][ T8469] ? trace_hardirqs_on+0x67/0x230 [ 201.851237][ T8469] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 201.856940][ T8469] tcp_write_xmit+0xe39/0x5660 [ 201.861704][ T8469] ? tcp_established_options+0x29d/0x4d0 [ 201.867325][ T8469] __tcp_push_pending_frames+0xb4/0x350 [ 201.872851][ T8469] tcp_send_fin+0x149/0xbb0 [ 201.877337][ T8469] tcp_close+0xddf/0x10c0 [ 201.881653][ T8469] ? ip_mc_drop_socket+0x211/0x270 [ 201.886842][ T8469] ? __sock_release+0x89/0x2b0 [ 201.891587][ T8469] inet_release+0x105/0x1f0 [ 201.896097][ T8469] inet6_release+0x53/0x80 [ 201.900496][ T8469] __sock_release+0xd3/0x2b0 [ 201.905091][ T8469] ? __sock_release+0x2b0/0x2b0 [ 201.909940][ T8469] sock_close+0x1b/0x30 [ 201.914078][ T8469] __fput+0x2e5/0x8d0 [ 201.918043][ T8469] ____fput+0x16/0x20 [ 201.922006][ T8469] task_work_run+0x14a/0x1c0 [ 201.926614][ T8469] do_exit+0x90a/0x2fa0 [ 201.930766][ T8469] ? get_signal+0x331/0x1d50 [ 201.935339][ T8469] ? mm_update_next_owner+0x640/0x640 [ 201.940699][ T8469] ? kasan_check_write+0x14/0x20 [ 201.945636][ T8469] ? _raw_spin_unlock_irq+0x28/0x90 [ 201.950815][ T8469] ? get_signal+0x331/0x1d50 [ 201.955408][ T8469] ? _raw_spin_unlock_irq+0x28/0x90 [ 201.960589][ T8469] do_group_exit+0x135/0x370 [ 201.965191][ T8469] get_signal+0x399/0x1d50 [ 201.969599][ T8469] ? debug_object_activate+0x2a9/0x470 [ 201.975070][ T8469] ? debug_object_deactivate+0x330/0x330 [ 201.980722][ T8469] do_signal+0x87/0x1940 [ 201.984953][ T8469] ? task_work_run+0x118/0x1c0 [ 201.989728][ T8469] ? kasan_check_write+0x14/0x20 [ 201.994751][ T8469] ? setup_sigcontext+0x7d0/0x7d0 [ 201.999853][ T8469] ? _raw_spin_unlock_irq+0x28/0x90 [ 202.005232][ T8469] ? task_work_run+0x118/0x1c0 [ 202.009993][ T8469] ? _raw_spin_unlock_irq+0x28/0x90 [ 202.015361][ T8469] ? blkcg_maybe_throttle_current+0x5e2/0xfc0 [ 202.021417][ T8469] ? exit_to_usermode_loop+0x43/0x2c0 [ 202.026772][ T8469] ? do_syscall_64+0x52d/0x610 [ 202.031531][ T8469] ? exit_to_usermode_loop+0x43/0x2c0 [ 202.036886][ T8469] ? lockdep_hardirqs_on+0x418/0x5d0 [ 202.042152][ T8469] ? trace_hardirqs_on+0x67/0x230 [ 202.047161][ T8469] exit_to_usermode_loop+0x244/0x2c0 [ 202.052438][ T8469] do_syscall_64+0x52d/0x610 [ 202.057015][ T8469] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.062887][ T8469] RIP: 0033:0x412071 [ 202.066770][ T8469] Code: Bad RIP value. [ 202.070814][ T8469] RSP: 002b:00007fffd5d21da0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 202.079204][ T8469] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 0000000000412071 [ 202.087155][ T8469] RDX: 0000000000000000 RSI: 0000000000740e60 RDI: 0000000000000006 [ 202.095596][ T8469] RBP: 0000000000000000 R08: 0000000000740e58 R09: 0000000000030832 [ 202.103555][ T8469] R10: 00007fffd5d21cc0 R11: 0000000000000293 R12: 0000000000000001 [ 202.111519][ T8469] R13: 00007fffd5d21de0 R14: 0000000000000000 R15: 00007fffd5d21df0 [ 202.120238][ T8469] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/8469 [ 202.129643][ T8469] caller is ip6_finish_output+0x335/0xdc0 [ 202.135378][ T8469] CPU: 0 PID: 8469 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 202.144371][ T8469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 202.154489][ T8469] Call Trace: [ 202.157763][ T8469] dump_stack+0x172/0x1f0 [ 202.162076][ T8469] __this_cpu_preempt_check+0x246/0x270 [ 202.167645][ T8469] ip6_finish_output+0x335/0xdc0 [ 202.172589][ T8469] ip6_output+0x235/0x7f0 [ 202.176937][ T8469] ? ip6_finish_output+0xdc0/0xdc0 [ 202.182032][ T8469] ? ip6_fragment+0x3980/0x3980 [ 202.186864][ T8469] ? __irqentry_text_end+0x471fa/0x1fac62 [ 202.192564][ T8469] ip6_xmit+0xe41/0x20c0 [ 202.196793][ T8469] ? ip6_finish_output2+0x2550/0x2550 [ 202.202639][ T8469] ? mark_held_locks+0xf0/0xf0 [ 202.207388][ T8469] ? ip6_setup_cork+0x1870/0x1870 [ 202.212415][ T8469] ? inet6_csk_route_socket+0x715/0xf40 [ 202.217949][ T8469] ? __irqentry_text_end+0x471a2/0x1fac62 [ 202.223657][ T8469] inet6_csk_xmit+0x2fb/0x5d0 [ 202.228336][ T8469] ? inet6_csk_update_pmtu+0x190/0x190 [ 202.233862][ T8469] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.240095][ T8469] ? csum_ipv6_magic+0x20/0x80 [ 202.244844][ T8469] __tcp_transmit_skb+0x1a32/0x3750 [ 202.250026][ T8469] ? __tcp_select_window+0x8b0/0x8b0 [ 202.255299][ T8469] __tcp_send_ack.part.0+0x3c6/0x5b0 [ 202.260565][ T8469] tcp_send_ack+0x88/0xa0 [ 202.264875][ T8469] tcp_fin+0xe2/0x940 [ 202.268838][ T8469] tcp_data_queue+0x1768/0x4840 [ 202.273684][ T8469] ? ktime_get+0x105/0x300 [ 202.278085][ T8469] ? tcp_send_rcvq+0x500/0x500 [ 202.282827][ T8469] ? tcp_xmit_recovery.part.0+0x130/0x130 [ 202.288545][ T8469] ? tcp_validate_incoming+0x431/0x1660 [ 202.294071][ T8469] tcp_rcv_state_process+0xd84/0x4d93 [ 202.299425][ T8469] ? tcp_finish_connect+0x510/0x510 [ 202.304604][ T8469] ? __release_sock+0xca/0x3a0 [ 202.309358][ T8469] ? find_held_lock+0x35/0x130 [ 202.314101][ T8469] ? mark_held_locks+0xa4/0xf0 [ 202.318844][ T8469] ? __local_bh_enable_ip+0x15a/0x270 [ 202.324194][ T8469] ? _raw_spin_unlock_bh+0x31/0x40 [ 202.329294][ T8469] ? __local_bh_enable_ip+0x15a/0x270 [ 202.334647][ T8469] tcp_v6_do_rcv+0x7da/0x12c0 [ 202.339316][ T8469] ? tcp_v6_do_rcv+0x7da/0x12c0 [ 202.344152][ T8469] __release_sock+0x12e/0x3a0 [ 202.348831][ T8469] tcp_close+0x6b9/0x10c0 [ 202.353143][ T8469] ? ip_mc_drop_socket+0x211/0x270 [ 202.358270][ T8469] ? __sock_release+0x89/0x2b0 [ 202.363017][ T8469] inet_release+0x105/0x1f0 [ 202.367502][ T8469] inet6_release+0x53/0x80 [ 202.371896][ T8469] __sock_release+0xd3/0x2b0 [ 202.376486][ T8469] ? __sock_release+0x2b0/0x2b0 [ 202.381315][ T8469] sock_close+0x1b/0x30 [ 202.385457][ T8469] __fput+0x2e5/0x8d0 [ 202.389426][ T8469] ____fput+0x16/0x20 [ 202.393417][ T8469] task_work_run+0x14a/0x1c0 [ 202.397991][ T8469] do_exit+0x90a/0x2fa0 [ 202.402135][ T8469] ? get_signal+0x331/0x1d50 [ 202.406707][ T8469] ? mm_update_next_owner+0x640/0x640 [ 202.412059][ T8469] ? kasan_check_write+0x14/0x20 [ 202.417000][ T8469] ? _raw_spin_unlock_irq+0x28/0x90 [ 202.422175][ T8469] ? get_signal+0x331/0x1d50 [ 202.426743][ T8469] ? _raw_spin_unlock_irq+0x28/0x90 [ 202.431923][ T8469] do_group_exit+0x135/0x370 [ 202.436496][ T8469] get_signal+0x399/0x1d50 [ 202.440892][ T8469] ? debug_object_activate+0x2a9/0x470 [ 202.446332][ T8469] ? debug_object_deactivate+0x330/0x330 [ 202.451946][ T8469] do_signal+0x87/0x1940 [ 202.456166][ T8469] ? task_work_run+0x118/0x1c0 [ 202.460911][ T8469] ? kasan_check_write+0x14/0x20 [ 202.465826][ T8469] ? setup_sigcontext+0x7d0/0x7d0 [ 202.470829][ T8469] ? _raw_spin_unlock_irq+0x28/0x90 [ 202.476007][ T8469] ? task_work_run+0x118/0x1c0 [ 202.480748][ T8469] ? _raw_spin_unlock_irq+0x28/0x90 [ 202.485932][ T8469] ? blkcg_maybe_throttle_current+0x5e2/0xfc0 [ 202.491984][ T8469] ? exit_to_usermode_loop+0x43/0x2c0 [ 202.497360][ T8469] ? do_syscall_64+0x52d/0x610 [ 202.502104][ T8469] ? exit_to_usermode_loop+0x43/0x2c0 [ 202.507457][ T8469] ? lockdep_hardirqs_on+0x418/0x5d0 [ 202.512720][ T8469] ? trace_hardirqs_on+0x67/0x230 [ 202.517743][ T8469] exit_to_usermode_loop+0x244/0x2c0 [ 202.523007][ T8469] do_syscall_64+0x52d/0x610 [ 202.527576][ T8469] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.533456][ T8469] RIP: 0033:0x412071 [ 202.537464][ T8469] Code: Bad RIP value. [ 202.541510][ T8469] RSP: 002b:00007fffd5d21da0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 202.549902][ T8469] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 0000000000412071 [ 202.557852][ T8469] RDX: 0000000000000000 RSI: 0000000000740e60 RDI: 0000000000000006 [ 202.565797][ T8469] RBP: 0000000000000000 R08: 0000000000740e58 R09: 0000000000030832 04:37:00 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000240)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0x9}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000280)=[{&(0x7f0000000840)="2f619166012412271847e99462745387ba12ee1e76a406842ca862a8bc04b7df330871ba9145872b0285adfd4a8d6fee07038ee0ffd5be701a7b1770ab6978e0264b46954ee84d67f7d1a0934c5bd5f04094133ab4d1971405752f9dacb4d32d6ac2446201855f71d7f9731d2aaff0ca3c5741ddd8927b7acffcbef5c68894711a39ea49daac99c78b222077e714ce6faeb75056ac74fa0e9b31e4185f185a82f814337ec46a2b9f942c519bf9514b97f5bd935b98e74da4d97c6411f8315ee8f1fbb3db968601575cc5dad98145a6e6dfc8e279e72b539cbe4884abb7cb208ed62a5cc7b117b6e4f5f8e8fc98b85424e3d07a537849ec6502de1d18deb07c16a42848a2aeac86dbedf71f54069902594529f292cf8880ef77275024ee9d18303713eead063c960b3bad45c27add14ea39ca1f425344f02d65840be00c777c8b7a8f8b1415c6d354de32cfdfeb5e2c2c10d460045a81a6a5f6164e222559c7c089317f9e71c2e06f4d876e89fe47557023ea897318019960b2143fac59bef3beebcae67be3edbc3886e93ca398e591bd216cb5c3b79863b42796d6e67f7aa9e3ce6345ff128e1c89d78ab7d85417565ca33f9e11872e0f22f4514a2de72749aa06db4bb757ffaed8b87bd1913287e9ca62105172d0c9ec07ca3e4e3700def09b82502d9cf181f055eaec97081ba11708496340d625e67880146df24098eefdcb50394a0089eba3ba9bf63d4b6828a42d79bb97c9c5ae0c2b7639d5d8c5249c579a3a5aadf38b95bdc20b5dc68eb005ffd9bca800431c7e6812e6c78df81435e8997718c2b2848729b1cb08e401d9d6d92104817e34679a199ccc318f2bcac95c8ea13b62286ca8bfece0aab19678e081d27750f64378470c17b0302b8eb527897994a51ab9a02d9ce55f128a3ac9adfbc27aaae650a25ed6b39d5ae70d10c6b808670204ac05005a86c8292341556bea78e29ef9d1a9a222ff0627648c2844c11fe8a1a096e69fe61c686e74dcd7f2860148b9234ad27a7ed577709719c6f804044d592c1e6991782aebb5364cce4d9e52d2a7da10ec8f8c87ce04f62075240f1c7ce2044150850cac6608eb91e385f289e394e3e8d6907d370008367dc71196292d962e4fc60569f05113561d6c0a7c207cb341d84728530647b61591af3fdc2936835918f9017460fae35f464d3919b913ca900b9eea8908cee3e6947def7b026aa7302aba438711bc2037282d240e8680340aeaa85c20e63d05994fafa81895c1255632d98382ba5c72aa09a2a0605398d7f85ea9cd9220f1401e01b655278a4d8ec0ad24f73d09837d4546393dd68c696b5c8652aaf771d5ea4f7c0815f41bf78010bcb118f0aa6e9025ace29967aba85bbaa1304752fb5c15c833cf96de51e8c39d11060a0067111a087dab831971b91111c5811eb90f01d135b0f6b21c0198d2b9682c7667163fa6590d77d2c74ebb8d693250727a5ef693f013db8e8bced49bebe297af49f808913abd679274a67b9f67f73cced0a83f8913340e088ccd4e18a4c3c99c123f9d4fd2b6a9b7883f6a0da83f907916e1523b7b4d431989530414537cae598680451a4b0f39ab69369a346cde37e6b9c1e694e65cc584be49e12d28967f661e2b4303934a54ae82d43dc26873b141966981ea6bbf3e8b39d76b5a897de6d37f5d28d541f8d890772c0bcbc328473e93093b12a8100f96cb77c7cb93c92e1197d81b8681c75c8ae86c6cedc38803be30a0da991edbd36b12fc50c2155acecd2cb20de64f92e0ca5858fccf133f6fddbe9dc1f9281943638c8173bebd17c5dca4813924128a1ce02afea091a4630b4f756d3ea433825238f1afef5b2450d2368fe3cd6a70c7066290d387f7e6be5c1584c068a0ab01b56b96c200a8bdd189b4f9bb5d75d5e182ac5b5f74282891525624e144936f47dab8d404226e4ef8c59d267cea3ecd5ed335a26de7e7fd290c2b9086897b981220cfd496ccc88333e4a0d70bd43db2526641a53afc23066fbed36c65e25895438931d7b95796da627525a2914ce130b8f958444da1fc66276870db4d410f6abfe85392e1d33bf57e6bcf4f502a733ad5341d1c4bacd2b53c264ff8d4ddb4d63070751faa92c2209d0c86788c1385a2c17b33beabd44921bf2861ee1ef32ce806e70855a5e7bc7c3836ace7411a073f61561aeff5edd04410c1bd4d7a6c88a11a9f11fc217fb04e557cfbfae3fd6450151bb9e4990ba9fd55972532ebf8969d405de4b378972408edc95d7d96db711e5685cfdc4fd3116d3fef43c4fa8d9226cb939faef3322e915507ba6c63889ea1e71aa1068f928ca19e6b3ffc1c10da51", 0x67c}], 0x1) sendto$inet(r0, &(0x7f0000000600)="f1c809000000000000008c9bb55fd0b3d22b176c503da3709db7672bc217c2b8a1fe0b795ac0f9701a7d6926ec1b1e20f02b66d9ceb15bb06a9b81869bd0219d5bda478c8208b5f05b3cae351953ce86f4b486fadcfe34c03a6af39d7fb1ba487f6e5ff9c51060f533c44a0cdf0eb027574ae9444aa0f9f8e735b0b12384e8e7cf3ad6f8a0750a0b96a5cb407e10161e9525d9d75ba26a403a7cf0cd330adafe9fa518ebc8b20d733d787a8bab8d734791f325b23a0000253329743331fe82ba85c3f13aa0cb284f3ee7b8d17d0ce20ce7dd7955cc7ce6bf41483228cc3bfb1b6691bb1c4d0f3577395a9cc845a953a5f74470770ef1b67980a5c35996b8af9af43976c4c6a890e4c007000000b20bb5261833b7edb602d9", 0x118, 0x0, 0x0, 0x0) 04:37:00 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) getsockopt$inet_buf(r1, 0x0, 0x29, &(0x7f0000000300)=""/4096, &(0x7f0000000000)=0x1000) 04:37:00 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000400)='/\x00~WM\x00\x030\x80\x90\"\xcf\xde&U]\xc9\xec\xfe\x19t@n\xda\xd3\x83dx-c\xb6a(T\xb9\xe4\x9d\xbd\xca\xefq\x81\x97\xe3~\x87\n0\x8b\x1e:y\x8f\xa7\x88\xa4m0%\xef\x93>Q\x82\x8a\xb6u\x06N*\xdb\xe9\x12d#\xb4\xa7=h\xfb\xe9\x9cm\xb2\xf1`\xd4\x9c\xb6\xcc\xe7l\'(\x9aO\x9d\tsT\xaa\xa5\x86\r#\x83\xdf\x87Rk\xaa\x18M\x90\xbbw)6l\x17\xbc3\xd7e\xe9\xbc/\x88*\x13\xf3\xa9\xc1\xf6\x06`\xbdO\xd2\xfa1\xd2\xc0\xa7u$\"\x89\xbc\xe0b\xd1\r$\xde\xd5@i\x18\xa6k,u\xc4?\xe1\xffE\x8a\xe5\xcd\x9f\xecc\x03\x9b\xa5\xa7\xb6j`\xed\xe5\xcc\xda\xbc~\xe7v`\xef#X\xcc\xdf\xf0\"&\x02\x13\x84\xb0\xc25\xf1\x14\xed\x9a\xde\x92vz\xec\xc2V\xac\xde\xb6\x10\xdfB\xe7\x16\x9f$\x03W\xf75\xae_\xe2\x90\x17\xe5\x1e\'%/H\xb9[\xfb\xbb:\x86U5)\x8b\xdc6\xd7\x1d\xb65\xf4\x1cWw\x1d\xb7z\xea\xff\x88?\xeb=\xc3\xcc$\xbd<\x03n9j\xd3\xaf7\x94PX\x83\x9e\x81\"p\xbc@\x90\x1f\xa6T\xe7\xcc2\x92\xa8/\xc8\f7M\xc0qB\xa1\xc2\xe9\xd3\xe2R\x8eO\xda\xc3+\xca\xef\xe9\x10\xeb\xd3\xb9H\xa3\xbf\xeb\xef_\xa8\xd8$s\xc7\xfb\xf3\xec', 0x0, 0x0) syncfs(0xffffffffffffffff) syncfs(r0) symlinkat(&(0x7f0000000040)='./file0\x00', r0, &(0x7f0000000000)='./file0/file0\x00') 04:37:00 executing program 4: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) write(0xffffffffffffffff, &(0x7f0000000140)="240000001a0099f0003be90000ed190e0208081600d0000000ba0080080001007f196be0", 0x24) 04:37:00 executing program 1: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) write$binfmt_misc(r1, &(0x7f0000000280)=ANY=[@ANYRESOCT], 0x17) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(0xffffffffffffffff) socket$inet(0x2, 0x0, 0x0) bind$inet(r2, &(0x7f00000002c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r2, &(0x7f0000000140)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x1ffe0, 0x0) 04:37:00 executing program 3: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r0, &(0x7f0000000000), 0x1c) [ 202.573743][ T8469] R10: 00007fffd5d21cc0 R11: 0000000000000293 R12: 0000000000000001 [ 202.581692][ T8469] R13: 00007fffd5d21de0 R14: 0000000000000000 R15: 00007fffd5d21df0 04:37:00 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) getsockopt$inet_buf(r1, 0x0, 0x29, &(0x7f0000000300)=""/4096, &(0x7f0000000000)=0x1000) [ 202.663886][ T8544] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/8544 [ 202.673998][ T8544] caller is sk_mc_loop+0x1d/0x210 [ 202.679181][ T8544] CPU: 1 PID: 8544 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 202.688200][ T8544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 202.698254][ T8544] Call Trace: [ 202.698301][ T8544] dump_stack+0x172/0x1f0 [ 202.698328][ T8544] __this_cpu_preempt_check+0x246/0x270 [ 202.711496][ T8544] sk_mc_loop+0x1d/0x210 [ 202.715749][ T8544] ip_mc_output+0x2ef/0xf70 [ 202.720269][ T8544] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 202.725406][ T8544] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.731655][ T8544] ? prandom_u32_state+0x13/0x180 [ 202.736694][ T8544] ? ip_append_data.part.0+0x170/0x170 [ 202.742157][ T8544] ? __ip_make_skb+0xf15/0x1820 [ 202.747012][ T8544] ip_local_out+0xc4/0x1b0 [ 202.751441][ T8544] ip_send_skb+0x42/0xf0 [ 202.755684][ T8544] udp_send_skb.isra.0+0x6b2/0x1180 [ 202.760890][ T8544] udp_push_pending_frames+0x5c/0xf0 [ 202.766177][ T8544] udp_sendpage+0x30c/0x480 [ 202.770685][ T8544] ? udp_sendmsg+0x2820/0x2820 [ 202.775552][ T8544] ? udp_sendmsg+0x2820/0x2820 [ 202.780320][ T8544] inet_sendpage+0x16b/0x630 [ 202.784919][ T8544] kernel_sendpage+0x95/0xf0 [ 202.789503][ T8544] ? inet_sendmsg+0x5e0/0x5e0 [ 202.794181][ T8544] sock_sendpage+0x8b/0xc0 [ 202.798596][ T8544] ? pipe_lock+0x6e/0x80 [ 202.802936][ T8544] pipe_to_sendpage+0x299/0x370 [ 202.807785][ T8544] ? kernel_sendpage+0xf0/0xf0 [ 202.812549][ T8544] ? direct_splice_actor+0x1a0/0x1a0 [ 202.817839][ T8544] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.824075][ T8544] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 202.830149][ T8544] __splice_from_pipe+0x395/0x7d0 [ 202.835171][ T8544] ? direct_splice_actor+0x1a0/0x1a0 [ 202.840462][ T8544] ? direct_splice_actor+0x1a0/0x1a0 [ 202.845742][ T8544] splice_from_pipe+0x108/0x170 [ 202.850596][ T8544] ? splice_shrink_spd+0xd0/0xd0 [ 202.855547][ T8544] ? apparmor_file_permission+0x25/0x30 [ 202.861091][ T8544] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.867339][ T8544] ? security_file_permission+0x94/0x380 [ 202.872979][ T8544] generic_splice_sendpage+0x3c/0x50 [ 202.878259][ T8544] ? splice_from_pipe+0x170/0x170 [ 202.883296][ T8544] do_splice+0x70a/0x13c0 [ 202.887640][ T8544] ? opipe_prep.part.0+0x2d0/0x2d0 [ 202.892755][ T8544] ? __fget_light+0x1a9/0x230 [ 202.897437][ T8544] __x64_sys_splice+0x2c6/0x330 [ 202.902294][ T8544] do_syscall_64+0x103/0x610 [ 202.906884][ T8544] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.912773][ T8544] RIP: 0033:0x4582b9 [ 202.916673][ T8544] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 202.936315][ T8544] RSP: 002b:00007faf0fdb7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 202.944908][ T8544] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 202.952875][ T8544] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 04:37:00 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) 04:37:00 executing program 4: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)) r0 = socket(0x400000000000010, 0x802, 0x0) write(r0, &(0x7f0000000140)="240000001a0099f0003be90000ed190e0208081600d0000000ba0080080001007f196be0", 0x24) [ 202.960932][ T8544] RBP: 000000000073bfa0 R08: 000000000001ffe0 R09: 0000000000000000 [ 202.968903][ T8544] R10: 0000000000000000 R11: 0000000000000246 R12: 00007faf0fdb86d4 [ 202.976872][ T8544] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff 04:37:00 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000240)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0x9}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000280)=[{&(0x7f0000000840)="2f619166012412271847e99462745387ba12ee1e76a406842ca862a8bc04b7df330871ba9145872b0285adfd4a8d6fee07038ee0ffd5be701a7b1770ab6978e0264b46954ee84d67f7d1a0934c5bd5f04094133ab4d1971405752f9dacb4d32d6ac2446201855f71d7f9731d2aaff0ca3c5741ddd8927b7acffcbef5c68894711a39ea49daac99c78b222077e714ce6faeb75056ac74fa0e9b31e4185f185a82f814337ec46a2b9f942c519bf9514b97f5bd935b98e74da4d97c6411f8315ee8f1fbb3db968601575cc5dad98145a6e6dfc8e279e72b539cbe4884abb7cb208ed62a5cc7b117b6e4f5f8e8fc98b85424e3d07a537849ec6502de1d18deb07c16a42848a2aeac86dbedf71f54069902594529f292cf8880ef77275024ee9d18303713eead063c960b3bad45c27add14ea39ca1f425344f02d65840be00c777c8b7a8f8b1415c6d354de32cfdfeb5e2c2c10d460045a81a6a5f6164e222559c7c089317f9e71c2e06f4d876e89fe47557023ea897318019960b2143fac59bef3beebcae67be3edbc3886e93ca398e591bd216cb5c3b79863b42796d6e67f7aa9e3ce6345ff128e1c89d78ab7d85417565ca33f9e11872e0f22f4514a2de72749aa06db4bb757ffaed8b87bd1913287e9ca62105172d0c9ec07ca3e4e3700def09b82502d9cf181f055eaec97081ba11708496340d625e67880146df24098eefdcb50394a0089eba3ba9bf63d4b6828a42d79bb97c9c5ae0c2b7639d5d8c5249c579a3a5aadf38b95bdc20b5dc68eb005ffd9bca800431c7e6812e6c78df81435e8997718c2b2848729b1cb08e401d9d6d92104817e34679a199ccc318f2bcac95c8ea13b62286ca8bfece0aab19678e081d27750f64378470c17b0302b8eb527897994a51ab9a02d9ce55f128a3ac9adfbc27aaae650a25ed6b39d5ae70d10c6b808670204ac05005a86c8292341556bea78e29ef9d1a9a222ff0627648c2844c11fe8a1a096e69fe61c686e74dcd7f2860148b9234ad27a7ed577709719c6f804044d592c1e6991782aebb5364cce4d9e52d2a7da10ec8f8c87ce04f62075240f1c7ce2044150850cac6608eb91e385f289e394e3e8d6907d370008367dc71196292d962e4fc60569f05113561d6c0a7c207cb341d84728530647b61591af3fdc2936835918f9017460fae35f464d3919b913ca900b9eea8908cee3e6947def7b026aa7302aba438711bc2037282d240e8680340aeaa85c20e63d05994fafa81895c1255632d98382ba5c72aa09a2a0605398d7f85ea9cd9220f1401e01b655278a4d8ec0ad24f73d09837d4546393dd68c696b5c8652aaf771d5ea4f7c0815f41bf78010bcb118f0aa6e9025ace29967aba85bbaa1304752fb5c15c833cf96de51e8c39d11060a0067111a087dab831971b91111c5811eb90f01d135b0f6b21c0198d2b9682c7667163fa6590d77d2c74ebb8d693250727a5ef693f013db8e8bced49bebe297af49f808913abd679274a67b9f67f73cced0a83f8913340e088ccd4e18a4c3c99c123f9d4fd2b6a9b7883f6a0da83f907916e1523b7b4d431989530414537cae598680451a4b0f39ab69369a346cde37e6b9c1e694e65cc584be49e12d28967f661e2b4303934a54ae82d43dc26873b141966981ea6bbf3e8b39d76b5a897de6d37f5d28d541f8d890772c0bcbc328473e93093b12a8100f96cb77c7cb93c92e1197d81b8681c75c8ae86c6cedc38803be30a0da991edbd36b12fc50c2155acecd2cb20de64f92e0ca5858fccf133f6fddbe9dc1f9281943638c8173bebd17c5dca4813924128a1ce02afea091a4630b4f756d3ea433825238f1afef5b2450d2368fe3cd6a70c7066290d387f7e6be5c1584c068a0ab01b56b96c200a8bdd189b4f9bb5d75d5e182ac5b5f74282891525624e144936f47dab8d404226e4ef8c59d267cea3ecd5ed335a26de7e7fd290c2b9086897b981220cfd496ccc88333e4a0d70bd43db2526641a53afc23066fbed36c65e25895438931d7b95796da627525a2914ce130b8f958444da1fc66276870db4d410f6abfe85392e1d33bf57e6bcf4f502a733ad5341d1c4bacd2b53c264ff8d4ddb4d63070751faa92c2209d0c86788c1385a2c17b33beabd44921bf2861ee1ef32ce806e70855a5e7bc7c3836ace7411a073f61561aeff5edd04410c1bd4d7a6c88a11a9f11fc217fb04e557cfbfae3fd6450151bb9e4990ba9fd55972532ebf8969d405de4b378972408edc95d7d96db711e5685cfdc4fd3116d3fef43c4fa8d9226cb939faef3322e915507ba6c63889ea1e71aa1068f928ca19e6b3ffc1c10da51", 0x67c}], 0x1) sendto$inet(r0, &(0x7f0000000600)="f1c809000000000000008c9bb55fd0b3d22b176c503da3709db7672bc217c2b8a1fe0b795ac0f9701a7d6926ec1b1e20f02b66d9ceb15bb06a9b81869bd0219d5bda478c8208b5f05b3cae351953ce86f4b486fadcfe34c03a6af39d7fb1ba487f6e5ff9c51060f533c44a0cdf0eb027574ae9444aa0f9f8e735b0b12384e8e7cf3ad6f8a0750a0b96a5cb407e10161e9525d9d75ba26a403a7cf0cd330adafe9fa518ebc8b20d733d787a8bab8d734791f325b23a0000253329743331fe82ba85c3f13aa0cb284f3ee7b8d17d0ce20ce7dd7955cc7ce6bf41483228cc3bfb1b6691bb1c4d0f3577395a9cc845a953a5f74470770ef1b67980a5c35996b8af9af43976c4c6a890e4c007000000b20bb5261833b7edb602d9", 0x118, 0x0, 0x0, 0x0) 04:37:00 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x8937, &(0x7f0000000140)={'veth0\x00', @ifru_settings={0x10001, 0x0, @fr=0x0}}) getsockopt$inet_buf(r1, 0x0, 0x29, &(0x7f0000000300)=""/4096, &(0x7f0000000000)=0x1000) 04:37:00 executing program 4: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)) r0 = socket(0x400000000000010, 0x802, 0x0) write(r0, &(0x7f0000000140)="240000001a0099f0003be90000ed190e0208081600d0000000ba0080080001007f196be0", 0x24) 04:37:00 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xa, 0xa, 0x100000000000913, 0x6}, 0x3c) bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) 04:37:00 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000240)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0x9}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000280)=[{&(0x7f0000000840)="2f619166012412271847e99462745387ba12ee1e76a406842ca862a8bc04b7df330871ba9145872b0285adfd4a8d6fee07038ee0ffd5be701a7b1770ab6978e0264b46954ee84d67f7d1a0934c5bd5f04094133ab4d1971405752f9dacb4d32d6ac2446201855f71d7f9731d2aaff0ca3c5741ddd8927b7acffcbef5c68894711a39ea49daac99c78b222077e714ce6faeb75056ac74fa0e9b31e4185f185a82f814337ec46a2b9f942c519bf9514b97f5bd935b98e74da4d97c6411f8315ee8f1fbb3db968601575cc5dad98145a6e6dfc8e279e72b539cbe4884abb7cb208ed62a5cc7b117b6e4f5f8e8fc98b85424e3d07a537849ec6502de1d18deb07c16a42848a2aeac86dbedf71f54069902594529f292cf8880ef77275024ee9d18303713eead063c960b3bad45c27add14ea39ca1f425344f02d65840be00c777c8b7a8f8b1415c6d354de32cfdfeb5e2c2c10d460045a81a6a5f6164e222559c7c089317f9e71c2e06f4d876e89fe47557023ea897318019960b2143fac59bef3beebcae67be3edbc3886e93ca398e591bd216cb5c3b79863b42796d6e67f7aa9e3ce6345ff128e1c89d78ab7d85417565ca33f9e11872e0f22f4514a2de72749aa06db4bb757ffaed8b87bd1913287e9ca62105172d0c9ec07ca3e4e3700def09b82502d9cf181f055eaec97081ba11708496340d625e67880146df24098eefdcb50394a0089eba3ba9bf63d4b6828a42d79bb97c9c5ae0c2b7639d5d8c5249c579a3a5aadf38b95bdc20b5dc68eb005ffd9bca800431c7e6812e6c78df81435e8997718c2b2848729b1cb08e401d9d6d92104817e34679a199ccc318f2bcac95c8ea13b62286ca8bfece0aab19678e081d27750f64378470c17b0302b8eb527897994a51ab9a02d9ce55f128a3ac9adfbc27aaae650a25ed6b39d5ae70d10c6b808670204ac05005a86c8292341556bea78e29ef9d1a9a222ff0627648c2844c11fe8a1a096e69fe61c686e74dcd7f2860148b9234ad27a7ed577709719c6f804044d592c1e6991782aebb5364cce4d9e52d2a7da10ec8f8c87ce04f62075240f1c7ce2044150850cac6608eb91e385f289e394e3e8d6907d370008367dc71196292d962e4fc60569f05113561d6c0a7c207cb341d84728530647b61591af3fdc2936835918f9017460fae35f464d3919b913ca900b9eea8908cee3e6947def7b026aa7302aba438711bc2037282d240e8680340aeaa85c20e63d05994fafa81895c1255632d98382ba5c72aa09a2a0605398d7f85ea9cd9220f1401e01b655278a4d8ec0ad24f73d09837d4546393dd68c696b5c8652aaf771d5ea4f7c0815f41bf78010bcb118f0aa6e9025ace29967aba85bbaa1304752fb5c15c833cf96de51e8c39d11060a0067111a087dab831971b91111c5811eb90f01d135b0f6b21c0198d2b9682c7667163fa6590d77d2c74ebb8d693250727a5ef693f013db8e8bced49bebe297af49f808913abd679274a67b9f67f73cced0a83f8913340e088ccd4e18a4c3c99c123f9d4fd2b6a9b7883f6a0da83f907916e1523b7b4d431989530414537cae598680451a4b0f39ab69369a346cde37e6b9c1e694e65cc584be49e12d28967f661e2b4303934a54ae82d43dc26873b141966981ea6bbf3e8b39d76b5a897de6d37f5d28d541f8d890772c0bcbc328473e93093b12a8100f96cb77c7cb93c92e1197d81b8681c75c8ae86c6cedc38803be30a0da991edbd36b12fc50c2155acecd2cb20de64f92e0ca5858fccf133f6fddbe9dc1f9281943638c8173bebd17c5dca4813924128a1ce02afea091a4630b4f756d3ea433825238f1afef5b2450d2368fe3cd6a70c7066290d387f7e6be5c1584c068a0ab01b56b96c200a8bdd189b4f9bb5d75d5e182ac5b5f74282891525624e144936f47dab8d404226e4ef8c59d267cea3ecd5ed335a26de7e7fd290c2b9086897b981220cfd496ccc88333e4a0d70bd43db2526641a53afc23066fbed36c65e25895438931d7b95796da627525a2914ce130b8f958444da1fc66276870db4d410f6abfe85392e1d33bf57e6bcf4f502a733ad5341d1c4bacd2b53c264ff8d4ddb4d63070751faa92c2209d0c86788c1385a2c17b33beabd44921bf2861ee1ef32ce806e70855a5e7bc7c3836ace7411a073f61561aeff5edd04410c1bd4d7a6c88a11a9f11fc217fb04e557cfbfae3fd6450151bb9e4990ba9fd55972532ebf8969d405de4b378972408edc95d7d96db711e5685cfdc4fd3116d3fef43c4fa8d9226cb939faef3322e915507ba6c63889ea1e71aa1068f928ca19e6b3ffc1c10da51", 0x67c}], 0x1) sendto$inet(r0, &(0x7f0000000600)="f1c809000000000000008c9bb55fd0b3d22b176c503da3709db7672bc217c2b8a1fe0b795ac0f9701a7d6926ec1b1e20f02b66d9ceb15bb06a9b81869bd0219d5bda478c8208b5f05b3cae351953ce86f4b486fadcfe34c03a6af39d7fb1ba487f6e5ff9c51060f533c44a0cdf0eb027574ae9444aa0f9f8e735b0b12384e8e7cf3ad6f8a0750a0b96a5cb407e10161e9525d9d75ba26a403a7cf0cd330adafe9fa518ebc8b20d733d787a8bab8d734791f325b23a0000253329743331fe82ba85c3f13aa0cb284f3ee7b8d17d0ce20ce7dd7955cc7ce6bf41483228cc3bfb1b6691bb1c4d0f3577395a9cc845a953a5f74470770ef1b67980a5c35996b8af9af43976c4c6a890e4c007000000b20bb5261833b7edb602d9", 0x118, 0x0, 0x0, 0x0) 04:37:00 executing program 1: r0 = syz_open_dev$sndctrl(&(0x7f0000000080)='/dev/snd/controlC#\x00', 0xb, 0x0) modify_ldt$write2(0x11, &(0x7f0000000000)={0x7}, 0x10) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc4c85512, &(0x7f0000000000)=ANY=[]) 04:37:00 executing program 0: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000010000000100000098dc3b74"], 0x10}, 0x0) sendmmsg(r0, &(0x7f0000000040), 0x324fad809d5a9cf, 0x0) 04:37:00 executing program 4: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)) r0 = socket(0x400000000000010, 0x802, 0x0) write(r0, &(0x7f0000000140)="240000001a0099f0003be90000ed190e0208081600d0000000ba0080080001007f196be0", 0x24) 04:37:01 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x8937, &(0x7f0000000140)={'veth0\x00', @ifru_settings={0x10001, 0x0, @fr=0x0}}) getsockopt$inet_buf(r1, 0x0, 0x29, &(0x7f0000000300)=""/4096, &(0x7f0000000000)=0x1000) 04:37:01 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) 04:37:01 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x8937, &(0x7f0000000140)={'veth0\x00', @ifru_settings={0x10001, 0x0, @fr=0x0}}) getsockopt$inet_buf(r1, 0x0, 0x29, &(0x7f0000000300)=""/4096, &(0x7f0000000000)=0x1000) 04:37:01 executing program 4: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = socket(0x400000000000010, 0x802, 0x0) write(r0, &(0x7f0000000140)="240000001a0099f0003be90000ed190e0208081600d0000000ba0080080001007f196be0", 0x24) 04:37:01 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000140)) 04:37:01 executing program 1: r0 = syz_open_dev$sndctrl(&(0x7f0000000080)='/dev/snd/controlC#\x00', 0xb, 0x0) modify_ldt$write2(0x11, &(0x7f0000000000)={0x7}, 0x10) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc4c85512, &(0x7f0000000000)=ANY=[]) 04:37:01 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000240)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0x9}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000280)=[{&(0x7f0000000840)="2f619166012412271847e99462745387ba12ee1e76a406842ca862a8bc04b7df330871ba9145872b0285adfd4a8d6fee07038ee0ffd5be701a7b1770ab6978e0264b46954ee84d67f7d1a0934c5bd5f04094133ab4d1971405752f9dacb4d32d6ac2446201855f71d7f9731d2aaff0ca3c5741ddd8927b7acffcbef5c68894711a39ea49daac99c78b222077e714ce6faeb75056ac74fa0e9b31e4185f185a82f814337ec46a2b9f942c519bf9514b97f5bd935b98e74da4d97c6411f8315ee8f1fbb3db968601575cc5dad98145a6e6dfc8e279e72b539cbe4884abb7cb208ed62a5cc7b117b6e4f5f8e8fc98b85424e3d07a537849ec6502de1d18deb07c16a42848a2aeac86dbedf71f54069902594529f292cf8880ef77275024ee9d18303713eead063c960b3bad45c27add14ea39ca1f425344f02d65840be00c777c8b7a8f8b1415c6d354de32cfdfeb5e2c2c10d460045a81a6a5f6164e222559c7c089317f9e71c2e06f4d876e89fe47557023ea897318019960b2143fac59bef3beebcae67be3edbc3886e93ca398e591bd216cb5c3b79863b42796d6e67f7aa9e3ce6345ff128e1c89d78ab7d85417565ca33f9e11872e0f22f4514a2de72749aa06db4bb757ffaed8b87bd1913287e9ca62105172d0c9ec07ca3e4e3700def09b82502d9cf181f055eaec97081ba11708496340d625e67880146df24098eefdcb50394a0089eba3ba9bf63d4b6828a42d79bb97c9c5ae0c2b7639d5d8c5249c579a3a5aadf38b95bdc20b5dc68eb005ffd9bca800431c7e6812e6c78df81435e8997718c2b2848729b1cb08e401d9d6d92104817e34679a199ccc318f2bcac95c8ea13b62286ca8bfece0aab19678e081d27750f64378470c17b0302b8eb527897994a51ab9a02d9ce55f128a3ac9adfbc27aaae650a25ed6b39d5ae70d10c6b808670204ac05005a86c8292341556bea78e29ef9d1a9a222ff0627648c2844c11fe8a1a096e69fe61c686e74dcd7f2860148b9234ad27a7ed577709719c6f804044d592c1e6991782aebb5364cce4d9e52d2a7da10ec8f8c87ce04f62075240f1c7ce2044150850cac6608eb91e385f289e394e3e8d6907d370008367dc71196292d962e4fc60569f05113561d6c0a7c207cb341d84728530647b61591af3fdc2936835918f9017460fae35f464d3919b913ca900b9eea8908cee3e6947def7b026aa7302aba438711bc2037282d240e8680340aeaa85c20e63d05994fafa81895c1255632d98382ba5c72aa09a2a0605398d7f85ea9cd9220f1401e01b655278a4d8ec0ad24f73d09837d4546393dd68c696b5c8652aaf771d5ea4f7c0815f41bf78010bcb118f0aa6e9025ace29967aba85bbaa1304752fb5c15c833cf96de51e8c39d11060a0067111a087dab831971b91111c5811eb90f01d135b0f6b21c0198d2b9682c7667163fa6590d77d2c74ebb8d693250727a5ef693f013db8e8bced49bebe297af49f808913abd679274a67b9f67f73cced0a83f8913340e088ccd4e18a4c3c99c123f9d4fd2b6a9b7883f6a0da83f907916e1523b7b4d431989530414537cae598680451a4b0f39ab69369a346cde37e6b9c1e694e65cc584be49e12d28967f661e2b4303934a54ae82d43dc26873b141966981ea6bbf3e8b39d76b5a897de6d37f5d28d541f8d890772c0bcbc328473e93093b12a8100f96cb77c7cb93c92e1197d81b8681c75c8ae86c6cedc38803be30a0da991edbd36b12fc50c2155acecd2cb20de64f92e0ca5858fccf133f6fddbe9dc1f9281943638c8173bebd17c5dca4813924128a1ce02afea091a4630b4f756d3ea433825238f1afef5b2450d2368fe3cd6a70c7066290d387f7e6be5c1584c068a0ab01b56b96c200a8bdd189b4f9bb5d75d5e182ac5b5f74282891525624e144936f47dab8d404226e4ef8c59d267cea3ecd5ed335a26de7e7fd290c2b9086897b981220cfd496ccc88333e4a0d70bd43db2526641a53afc23066fbed36c65e25895438931d7b95796da627525a2914ce130b8f958444da1fc66276870db4d410f6abfe85392e1d33bf57e6bcf4f502a733ad5341d1c4bacd2b53c264ff8d4ddb4d63070751faa92c2209d0c86788c1385a2c17b33beabd44921bf2861ee1ef32ce806e70855a5e7bc7c3836ace7411a073f61561aeff5edd04410c1bd4d7a6c88a11a9f11fc217fb04e557cfbfae3fd6450151bb9e4990ba9fd55972532ebf8969d405de4b378972408edc95d7d96db711e5685cfdc4fd3116d3fef43c4fa8d9226cb939faef3322e915507ba6c63889ea1e71aa1068f928ca19e6b3ffc1c10da51", 0x67c}], 0x1) sendto$inet(r0, &(0x7f0000000600)="f1c809000000000000008c9bb55fd0b3d22b176c503da3709db7672bc217c2b8a1fe0b795ac0f9701a7d6926ec1b1e20f02b66d9ceb15bb06a9b81869bd0219d5bda478c8208b5f05b3cae351953ce86f4b486fadcfe34c03a6af39d7fb1ba487f6e5ff9c51060f533c44a0cdf0eb027574ae9444aa0f9f8e735b0b12384e8e7cf3ad6f8a0750a0b96a5cb407e10161e9525d9d75ba26a403a7cf0cd330adafe9fa518ebc8b20d733d787a8bab8d734791f325b23a0000253329743331fe82ba85c3f13aa0cb284f3ee7b8d17d0ce20ce7dd7955cc7ce6bf41483228cc3bfb1b6691bb1c4d0f3577395a9cc845a953a5f74470770ef1b67980a5c35996b8af9af43976c4c6a890e4c007000000b20bb5261833b7edb602d9", 0x118, 0x0, 0x0, 0x0) 04:37:01 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, &(0x7f0000000140)={'veth0\x00', @ifru_settings={0x10001, 0x0, @fr=0x0}}) getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000300)=""/4096, &(0x7f0000000000)=0x1000) [ 203.542314][ T8600] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 04:37:01 executing program 1: r0 = openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') sendmsg$TIPC_CMD_SET_NETID(r0, 0x0, 0x4000) connect$inet6(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGPGRP(r1, 0x8904, 0x0) ioctl$SG_GET_ACCESS_COUNT(0xffffffffffffffff, 0x2289, &(0x7f00000001c0)) getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000300), &(0x7f0000000340)=0x8) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000380)=@assoc_value={0x0, 0x6}, 0x0) socket$can_raw(0x1d, 0x3, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x30, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000540)={0x3, &(0x7f0000000500)=[{0x100000000, 0x1}, {0x9d, 0x3}, {0x1, 0x8000}]}) unshare(0x40000000) 04:37:01 executing program 4: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = socket(0x400000000000010, 0x802, 0x0) write(r0, &(0x7f0000000140)="240000001a0099f0003be90000ed190e0208081600d0000000ba0080080001007f196be0", 0x24) 04:37:01 executing program 3: r0 = add_key$keyring(&(0x7f0000000580)='keyring\x00', &(0x7f00000005c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) keyctl$restrict_keyring(0x1d, r0, 0x0, 0x0) keyctl$restrict_keyring(0x1d, r0, 0x0, 0x0) eventfd(0x0) 04:37:01 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xa, 0xa, 0x100000000000913, 0x6, 0x2}, 0x3c) bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x820000, 0x0}, 0x2c) 04:37:01 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={[{@suiddir='*uiddir'}]}) 04:37:01 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, &(0x7f0000000140)={'veth0\x00', @ifru_settings={0x10001, 0x0, @fr=0x0}}) getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000300)=""/4096, &(0x7f0000000000)=0x1000) 04:37:01 executing program 4: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = socket(0x400000000000010, 0x802, 0x0) write(r0, &(0x7f0000000140)="240000001a0099f0003be90000ed190e0208081600d0000000ba0080080001007f196be0", 0x24) [ 203.808843][ T8629] gfs2: invalid mount option: *uiddir [ 203.814429][ T8629] gfs2: can't parse mount arguments 04:37:01 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000380)='vcan0\x00\x00\x00\x16\x00', 0x10) sendto$inet(r0, &(0x7f0000000080)="4375c9f46c2d99c9e5b8815f2b0cc74ad937837719", 0x15, 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000e80)="8557c848ffeb2c32e1b57eb41e0cb3", 0xf, 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000440)="af", 0x1, 0x4000010, 0x0, 0x0) 04:37:01 executing program 0: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x0, 0x0) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setpipe(r1, 0x407, 0x8000e) splice(r0, 0x0, r2, 0x0, 0x55aa40ba, 0x0) creat(0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 203.882705][ T8635] gfs2: invalid mount option: *uiddir [ 203.916075][ T8635] gfs2: can't parse mount arguments [ 203.950743][ T8617] IPVS: ftp: loaded support on port[0] = 21 04:37:01 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, &(0x7f0000000140)={'veth0\x00', @ifru_settings={0x10001, 0x0, @fr=0x0}}) getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000300)=""/4096, &(0x7f0000000000)=0x1000) 04:37:01 executing program 4: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket(0x400000000000010, 0x802, 0x0) write(r1, &(0x7f0000000140)="240000001a0099f0003be90000ed190e0208081600d0000000ba0080080001007f196be0", 0x24) 04:37:01 executing program 2: r0 = add_key$keyring(&(0x7f0000000580)='keyring\x00', &(0x7f00000005c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) keyctl$restrict_keyring(0x1d, r0, 0x0, 0x0) eventfd(0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)