[ 36.873000][ T26] audit: type=1800 audit(1554696241.028:28): pid=7526 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 37.816304][ T26] audit: type=1800 audit(1554696242.038:29): pid=7526 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 37.837048][ T26] audit: type=1800 audit(1554696242.038:30): pid=7526 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 [....] startpar: service(s) returned failure: ssh ...[?25l[?1c7[FAIL8[?25h[?0c failed! Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.197' (ECDSA) to the list of known hosts. 2019/04/08 04:04:21 fuzzer started 2019/04/08 04:04:24 dialing manager at 10.128.0.26:34543 2019/04/08 04:04:24 syscalls: 2408 2019/04/08 04:04:24 code coverage: enabled 2019/04/08 04:04:24 comparison tracing: enabled 2019/04/08 04:04:24 extra coverage: extra coverage is not supported by the kernel 2019/04/08 04:04:24 setuid sandbox: enabled 2019/04/08 04:04:24 namespace sandbox: enabled 2019/04/08 04:04:24 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/08 04:04:24 fault injection: enabled 2019/04/08 04:04:24 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/08 04:04:24 net packet injection: enabled 2019/04/08 04:04:24 net device setup: enabled 04:06:26 executing program 0: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0xa01ffff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) ptrace(0x4206, r0) wait4(r0, 0x0, 0x60000000, 0x0) tkill(r1, 0x9) syzkaller login: [ 182.436536][ T7715] IPVS: ftp: loaded support on port[0] = 21 04:06:26 executing program 1: r0 = socket(0x15, 0x80005, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r2, r3, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0xfffffffffffffffd, 0x72, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, &(0x7f0000000040)) getsockopt(r0, 0x200000000114, 0x2710, 0x0, &(0x7f00000000c0)) [ 182.569739][ T7715] chnl_net:caif_netlink_parms(): no params data found [ 182.626840][ T7715] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.635553][ T7715] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.645562][ T7715] device bridge_slave_0 entered promiscuous mode [ 182.655298][ T7715] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.662593][ T7715] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.671030][ T7715] device bridge_slave_1 entered promiscuous mode [ 182.694431][ T7715] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.695256][ T7718] IPVS: ftp: loaded support on port[0] = 21 [ 182.709098][ T7715] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 182.731524][ T7715] team0: Port device team_slave_0 added [ 182.742154][ T7715] team0: Port device team_slave_1 added 04:06:27 executing program 2: r0 = getpgrp(0xffffffffffffffff) sched_setaffinity(r0, 0x8, &(0x7f0000000340)=0xa000080000000005) [ 182.855212][ T7715] device hsr_slave_0 entered promiscuous mode [ 182.892957][ T7715] device hsr_slave_1 entered promiscuous mode 04:06:27 executing program 3: r0 = socket$inet(0x10, 0x400000000002, 0x0) sendmsg(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000080)="4c0000001200ff09fffefd856fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 182.947379][ T7720] IPVS: ftp: loaded support on port[0] = 21 [ 182.974332][ T7715] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.981828][ T7715] bridge0: port 2(bridge_slave_1) entered forwarding state [ 182.990467][ T7715] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.998276][ T7715] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.165367][ T7724] IPVS: ftp: loaded support on port[0] = 21 [ 183.177646][ T7718] chnl_net:caif_netlink_parms(): no params data found 04:06:27 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'authencesn(wp512-generic,ctr-camellia-aesni-avx2)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="0400211c", 0x4) [ 183.290671][ T7715] 8021q: adding VLAN 0 to HW filter on device bond0 [ 183.318371][ T7718] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.330828][ T7718] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.338959][ T7718] device bridge_slave_0 entered promiscuous mode [ 183.361327][ T7715] 8021q: adding VLAN 0 to HW filter on device team0 [ 183.374980][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 183.388602][ T22] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.424013][ T22] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.438962][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 183.455915][ T7718] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.465663][ T7718] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.474041][ T7718] device bridge_slave_1 entered promiscuous mode [ 183.506634][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.518018][ T7729] IPVS: ftp: loaded support on port[0] = 21 04:06:27 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)={0xdc, r1, 0x306, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x40, 0x1, [@IPVS_SVC_ATTR_PORT={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PROTOCOL={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x87}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@dev={0xac, 0x14, 0x14, 0xa}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}]}]}, 0xdc}}, 0x20000000) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) r2 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, 0x0) [ 183.525867][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.533190][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.549571][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.561368][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.568652][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.578928][ T7720] chnl_net:caif_netlink_parms(): no params data found [ 183.611378][ T7715] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 183.626662][ T7715] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 183.647704][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.659198][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.668260][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 183.677285][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 183.686130][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 183.693904][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 183.738990][ T7718] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 183.762250][ T7731] IPVS: ftp: loaded support on port[0] = 21 [ 183.771416][ T7718] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 183.815075][ T7718] team0: Port device team_slave_0 added [ 183.835696][ T7724] chnl_net:caif_netlink_parms(): no params data found [ 183.849054][ T7718] team0: Port device team_slave_1 added [ 183.880379][ T7720] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.887591][ T7720] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.895725][ T7720] device bridge_slave_0 entered promiscuous mode [ 183.904920][ T7720] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.912067][ T7720] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.924796][ T7720] device bridge_slave_1 entered promiscuous mode [ 183.995406][ T7718] device hsr_slave_0 entered promiscuous mode [ 184.072477][ T7718] device hsr_slave_1 entered promiscuous mode [ 184.155384][ T7715] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 184.196501][ T7724] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.204506][ T7724] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.212869][ T7724] device bridge_slave_0 entered promiscuous mode [ 184.220760][ T7724] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.228216][ T7724] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.236122][ T7724] device bridge_slave_1 entered promiscuous mode [ 184.248315][ T7720] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 184.260259][ T7720] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 184.273613][ T7729] chnl_net:caif_netlink_parms(): no params data found [ 184.360451][ T7724] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 184.384224][ T7720] team0: Port device team_slave_0 added [ 184.409221][ T7724] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 184.419386][ T7720] team0: Port device team_slave_1 added [ 184.436545][ T7731] chnl_net:caif_netlink_parms(): no params data found [ 184.460105][ T7729] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.467846][ T7729] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.479363][ T7729] device bridge_slave_0 entered promiscuous mode [ 184.489805][ T7729] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.497048][ T7729] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.504899][ T7729] device bridge_slave_1 entered promiscuous mode [ 184.519022][ T7724] team0: Port device team_slave_0 added [ 184.529500][ T7724] team0: Port device team_slave_1 added 04:06:28 executing program 0: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0xa01ffff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) ptrace(0x4206, r0) wait4(r0, 0x0, 0x60000000, 0x0) tkill(r1, 0x9) [ 184.589574][ T7720] device hsr_slave_0 entered promiscuous mode [ 184.632845][ T7720] device hsr_slave_1 entered promiscuous mode 04:06:29 executing program 0: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0xa01ffff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) ptrace(0x4206, r0) wait4(r0, 0x0, 0x60000000, 0x0) tkill(r1, 0x9) [ 184.734730][ T7724] device hsr_slave_0 entered promiscuous mode [ 184.792039][ T7724] device hsr_slave_1 entered promiscuous mode [ 184.837973][ T7729] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 184.869884][ T7729] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 184.890490][ T7729] team0: Port device team_slave_0 added [ 184.898228][ T7731] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.910692][ T7731] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.922034][ T7731] device bridge_slave_0 entered promiscuous mode [ 184.930578][ T7731] bridge0: port 2(bridge_slave_1) entered blocking state 04:06:29 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x0, 0x0) [ 184.937895][ T7731] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.945897][ T7731] device bridge_slave_1 entered promiscuous mode [ 184.963513][ T7729] team0: Port device team_slave_1 added [ 184.981218][ T7718] 8021q: adding VLAN 0 to HW filter on device bond0 [ 185.054005][ T7729] device hsr_slave_0 entered promiscuous mode [ 185.092017][ T7729] device hsr_slave_1 entered promiscuous mode [ 185.128179][ T7718] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.137783][ T7731] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 185.149389][ T7731] bond0: Enslaving bond_slave_1 as an active interface with an up link 04:06:29 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070") r1 = syz_open_dev$usb(&(0x7f0000000080)='/dev/bus/usb/00#/00#\x00', 0x40000fffffd, 0x42) ioctl$FS_IOC_FSGETXATTR(r1, 0x8038550a, &(0x7f0000000040)={0x2, 0x0, 0x80, 0x0, 0x400000, 0x7ff0bdbe}) [ 185.173822][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 185.182596][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 185.215088][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 185.224336][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 185.233229][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.240275][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.248857][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 185.257552][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 185.266449][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.273559][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.281220][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 185.317356][ T7767] vhci_hcd: default hub control req: 7f45 v464c i0002 l769 04:06:29 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'streebog256\x00'}, 0x58) r1 = accept4$alg(r0, 0x0, 0x0, 0x80000) sendmmsg$alg(r1, &(0x7f0000000c80), 0x4924924924921ae, 0x0) [ 185.339124][ T7724] 8021q: adding VLAN 0 to HW filter on device bond0 [ 185.346995][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 185.356474][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 185.367706][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 185.386080][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 185.396462][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 185.410210][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 185.438521][ T7718] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 185.449447][ T7718] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 185.468374][ T7731] team0: Port device team_slave_0 added [ 185.479656][ T7720] 8021q: adding VLAN 0 to HW filter on device bond0 04:06:29 executing program 0: syz_emit_ethernet(0x1, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaa00000000000000ff02000000000000000000000000000100004e20004d9078e29607149378d33e1db1c7ca6417643936c77aa3f7fac33b04020068236862531934ecb1c373d66fe4e24d1fcafff87429e50b32881721afab69cc3784fbd95167cffa788fdd64aa499454f97b357717697da25eb38423a07de8e21a7db04e2070491e2b1e31ab1948c726914bbd3b2c233f4f12652e4007999d2853d10e98f0be7c0fe255d26b396c1d9c66e3bd4ed62ff05dc6757e9305fae452a7e92134197b6d0c47eb9fafcbfbf60c810f4c9b0fd247d85c474c6e86023961d3dc85c89b594e932c3719b1eb53c537c4a23844de24830a50663ddcfe5f85f0a27bf242f3ed08380ceae9afd7048934454889714ea18703"], 0x0) [ 185.499144][ T7724] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.507477][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 185.516615][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 185.526220][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 185.536583][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready 04:06:29 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = inotify_init1(0x0) r2 = open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getdents(r2, 0x0, 0x0) dup2(r1, r2) [ 185.554373][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 185.562865][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 185.572696][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 185.590069][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 185.607509][ T7731] team0: Port device team_slave_1 added [ 185.653589][ T7731] device hsr_slave_0 entered promiscuous mode [ 185.703128][ T7731] device hsr_slave_1 entered promiscuous mode [ 185.774255][ T7718] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 185.794508][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 185.803497][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 185.812311][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.819673][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.827561][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 185.836683][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 185.845580][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.852707][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.860420][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 185.869912][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 185.879039][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 185.899274][ T7729] 8021q: adding VLAN 0 to HW filter on device bond0 [ 185.910125][ T7720] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.936872][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 185.950226][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 185.969043][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 185.982780][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 185.992123][ T7725] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.999310][ T7725] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.007360][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.016578][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 186.025280][ T7725] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.033041][ T7725] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.050085][ T7729] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.068580][ T7734] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.077640][ T7734] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 186.086087][ T7734] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 186.095788][ T7734] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.105171][ T7734] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.114178][ T7734] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 186.123588][ T7734] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 04:06:30 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_GET_DAEMON(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x14, r1, 0x321, 0x0, 0x0, {0x4}}, 0x14}}, 0x0) [ 186.132735][ T7734] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 186.154680][ T7724] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 186.170669][ T7724] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 186.194202][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 186.203099][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 186.212557][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 186.221188][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 186.230600][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 186.239793][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 186.268657][ T7724] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 186.277070][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.287090][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.296673][ T7725] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.304563][ T7725] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.312678][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.321421][ T7725] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 186.330633][ T7725] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.337731][ T7725] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.364411][ T7720] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 186.388057][ T7795] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 186.396909][ T7795] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 186.405816][ T7720] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 186.421188][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.429584][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 186.438655][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 186.447283][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.456218][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.465383][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 186.474713][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 186.483398][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 186.492153][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 186.500598][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 186.509574][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 186.518181][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 186.527602][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 186.535563][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 186.552424][ T7795] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 186.561457][ T7795] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 186.575533][ T7722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.586588][ T7722] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.596049][ T7722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 186.612377][ T7722] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 186.620892][ T7722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 186.629646][ T7722] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 186.638069][ T7722] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 186.649885][ T7729] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 186.662211][ T7729] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 186.681280][ T7731] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.688726][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 186.697555][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 186.723931][ T7729] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 186.743673][ T7720] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 186.770025][ T7731] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.780084][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 186.789369][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 186.815614][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.832612][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.843265][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.850337][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.859748][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.868670][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 186.877312][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.884614][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.893010][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 186.907572][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 186.917243][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.927539][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.944283][ T7731] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 186.955255][ T7731] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network 04:06:31 executing program 2: socket$inet6(0xa, 0x1, 0x8010000000000084) syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x3, 0x2) socket$vsock_stream(0x28, 0x1, 0x0) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x800000000000000}, 0x0, 0x0, &(0x7f0000000200), 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 04:06:31 executing program 1: bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x18}, 0x2c) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xb, 0x7f, 0x7, 0x5, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r0, &(0x7f0000000080), 0x0}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000140)={r0, &(0x7f00000000c0)}, 0x10) 04:06:31 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_GET_DAEMON(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x14, r1, 0x321, 0x0, 0x0, {0x4}}, 0x14}}, 0x0) [ 186.968695][ T7734] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.981509][ T7734] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 187.003516][ T7734] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 187.012484][ T7734] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 187.021097][ T7734] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 187.029768][ T7734] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 187.063172][ T7734] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 187.077782][ T7734] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 187.087124][ T7734] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 187.133903][ T7731] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 187.143572][ C0] hrtimer: interrupt took 33106 ns 04:06:31 executing program 4: keyctl$KEYCTL_PKEY_DECRYPT(0x1a, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f00000001c0)='devtmpfs\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x80000008) 04:06:31 executing program 3: socket$inet6(0xa, 0x1, 0x0) syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) socket$vsock_stream(0x28, 0x1, 0x0) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x8, 0x0, 0x800000000000000}, 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 04:06:31 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000140)='maps\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) preadv(r0, &(0x7f0000000080)=[{&(0x7f00000002c0)=""/169, 0x11}], 0x1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000500)='map_files\x00') fchdir(r2) quotactl(0x2080000201, &(0x7f0000000100)='./file1\x00', 0x0, &(0x7f00000002c0)) 04:06:31 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000003c0)) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="cd6f"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000440)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:06:32 executing program 2: ppoll(&(0x7f0000000140)=[{0xffffffffffffffff, 0x200}, {0xffffffffffffffff, 0x40}, {0xffffffffffffffff, 0x4202}, {0xffffffffffffffff, 0x2000}, {0xffffffffffffffff, 0x8000}, {}], 0x6, &(0x7f0000000240)={0x77359400}, &(0x7f00000002c0)={0x3}, 0x2) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000540)='/dev/zero\x00', 0x24000, 0x0) syz_open_pts(r0, 0x80800) ioctl$KDSKBMETA(r0, 0x4b63, &(0x7f0000000100)=0x8) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xed}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) rmdir(&(0x7f0000000b80)='./bus\x00') socket$inet6(0xa, 0x800, 0xffffffff) ptrace$pokeuser(0x6, 0x0, 0xa, 0x1000) r2 = syz_open_procfs(0x0, &(0x7f0000000c40)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd8\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7') sendfile(r1, r2, &(0x7f00000000c0)=0x202, 0xdd) 04:06:32 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)={0xdc, r1, 0x306, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x40, 0x1, [@IPVS_SVC_ATTR_PORT={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PROTOCOL={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x87}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@dev={0xac, 0x14, 0x14, 0xa}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}]}]}, 0xdc}}, 0x20000000) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) r2 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, 0x0) [ 187.799412][ T7841] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 04:06:32 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="cd6f"]) setxattr$trusted_overlay_upper(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='trusted.overlay.upper\x00', 0x0, 0x0, 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000440)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:06:32 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) clone(0x2102001ff4, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=@nullb='.u\n:d]:.,[:\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, 0x0) 04:06:32 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4309(morus1280-generic)\x00'}, 0x58) bind$alg(r0, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha512\x00'}, 0x58) [ 188.040512][ T7861] 9pnet_virtio: no channels available for device .u [ 188.040512][ T7861] :d]:.,[: 04:06:32 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'streebog256\x00'}, 0x58) r1 = accept4$alg(r0, 0x0, 0x0, 0x80000) sendmmsg$alg(r1, &(0x7f0000000c80), 0x4924924924921ae, 0x0) 04:06:32 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r2, 0xc004743e, &(0x7f0000000140)=""/246) ppoll(&(0x7f0000000000)=[{r2}, {r1, 0xc4}, {r1}], 0x3, 0x0, 0x0, 0x0) 04:06:32 executing program 4: seccomp(0x1, 0x1, &(0x7f0000028ff0)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x407ffffffd}]}) seccomp(0x1, 0x0, &(0x7f0000001980)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xfffffffffffffffd}]}) seccomp(0x1, 0x1000000000000001, &(0x7f0000000080)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0xff7fffffffffffff}]}) 04:06:32 executing program 2: r0 = gettid() clone(0x4000003102041ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() futex(&(0x7f0000000140)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r0, 0x10) write$P9_RREAD(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="052fc754020b45625661b76a4e1ba69faf75d5e13617c2667f08418889206e2d5c9dfba56e91360600d056b009134a657c000000000400dac7"], 0x39) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f00000000c0)) ptrace$cont(0x7, r1, 0x0, 0x0) [ 188.299280][ T26] audit: type=1326 audit(1554696392.518:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7881 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45b11a code=0xffff0000 [ 188.447834][ T26] audit: type=1326 audit(1554696392.568:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7881 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45b11a code=0xffff0000 [ 188.504879][ T26] audit: type=1326 audit(1554696392.608:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7881 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45b11a code=0xffff0000 04:06:32 executing program 3: socket$inet6(0xa, 0x1, 0x0) syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) socket$vsock_stream(0x28, 0x1, 0x0) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x8, 0x0, 0x800000000000000}, 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 04:06:32 executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f0000000500)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) llistxattr(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) 04:06:32 executing program 0: socket$xdp(0x2c, 0x3, 0x0) openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0xfffffffffffffffc, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x100, 0x0) getsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000080), &(0x7f00000000c0)=0x4) openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x3, 0x2, 0xc1b) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000480)='/dev/sequencer\x00', 0x7fff, 0x0) ioctl$KVM_S390_INTERRUPT_CPU(r1, 0x4010ae94, &(0x7f0000000500)={0x8, 0x0, 0x7}) r2 = socket$inet(0x10, 0x3, 0xc) r3 = syz_open_dev$dmmidi(0x0, 0x6, 0x10000) ioctl$KVM_RUN(r1, 0xae80, 0x0) setsockopt$inet6_dccp_int(r3, 0x21, 0x0, &(0x7f0000000300)=0x67, 0x4) select(0x40, &(0x7f00000001c0)={0x200, 0x6, 0x4, 0x10001, 0x6, 0x0, 0x7, 0x8}, &(0x7f0000000200)={0x200, 0x0, 0x7, 0x0, 0x7, 0x0, 0x0, 0x10000}, &(0x7f0000000240)={0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x20, 0xfffffffffffffff9}, &(0x7f0000000280)={0x77359400}) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000680)=0x0) r5 = fcntl$getown(0xffffffffffffffff, 0x9) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) setsockopt$sock_attach_bpf(r7, 0x10f, 0x87, &(0x7f0000000700), 0x4) kcmp(r4, r5, 0x0, r2, r1) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00') sendmsg$TIPC_CMD_SET_NODE_ADDR(r6, &(0x7f00000004c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2040000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x24, r8, 0x104, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x8001, 0x0, {0x8, 0x11, 0x1}}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x4040000}, 0x4040) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000580), &(0x7f00000005c0)=0xc) mount$fuseblk(&(0x7f0000000380)='/dev/loop0\x00', &(0x7f00000003c0)='\x00', &(0x7f0000000400)='fuseblk\x00', 0x1000030, &(0x7f0000000740)=ANY=[@ANYBLOB="fcf168e5e6e2c65b232cdebe600c5eae2c973f3078303030303030ce7ff57d8c5c3f7d00531d04f61dd102801229e6c66f4f8d7a90b1c30a1130a2923f4f039b35ceed142fdae030c0924cb80459895ea0fee14b529900f8ffff463b2fd746154d3aba00"/113]) sendmsg(r2, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="24000000070a07031dfffd946fa2830020200a0009000100001d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x4000)=nil, 0x4000}, &(0x7f0000000540)=0x109) getrandom(&(0x7f0000000040)=""/153, 0xfffffffffffffe4b, 0x4000000003) recvfrom$unix(r2, &(0x7f0000000380), 0x0, 0x20, 0x0, 0x0) getsockopt$inet_mreqn(r3, 0x0, 0x20, &(0x7f0000000ac0)={@multicast2}, &(0x7f0000000a80)=0x6) 04:06:32 executing program 4: r0 = socket(0x40000000015, 0x5, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000340)={&(0x7f0000000280), 0xc, &(0x7f0000000300)={&(0x7f00000006c0)={0x150, r2, 0x306, 0x70bd2d, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_SERVICE={0x2c, 0x1, [@IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PROTOCOL={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x87}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@dev={0xac, 0x14, 0x14, 0xa}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}]}, @IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_DAEMON={0x70, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'nr0\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x4}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x6}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast1}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x9}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast2}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'hwsim0\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x10001}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}]}, @IPVS_CMD_ATTR_SERVICE={0x24, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}]}, 0x150}, 0x1, 0x0, 0x0, 0x10}, 0x20000000) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) pipe2(0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) r3 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x0, 0x0, 0x70bd2a, 0x25dfdbfb, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x40400c0) setsockopt$RDS_CONG_MONITOR(r0, 0x114, 0x6, &(0x7f0000000000)=0x1, 0x4) poll(&(0x7f0000000540)=[{r0}], 0x2000000000000068, 0x0) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000240)='/dev/cachefiles\x00', 0x40001, 0x0) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x0, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f0000000040)=0x2a, 0x4) ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000000200)={'ip6erspan0\x00', {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x25}}}) 04:06:32 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) capset(&(0x7f00001b4ff8)={0x19980330}, &(0x7f000077ffe8)) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f0000001e80)=[{{&(0x7f00000002c0)=@in={0x2, 0x4e21, @broadcast}, 0x80, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000070000006a07181700320800"], 0x18}}], 0x1, 0x0) sendmmsg(r0, &(0x7f0000000440), 0x7be86bbb7a0f557, 0x0) 04:06:32 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)={0xdc, r1, 0x306, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x40, 0x1, [@IPVS_SVC_ATTR_PORT={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PROTOCOL={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x87}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@dev={0xac, 0x14, 0x14, 0xa}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}]}]}, 0xdc}}, 0x20000000) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) r2 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, 0x0) [ 188.759644][ T7907] capability: warning: `syz-executor.1' uses 32-bit capabilities (legacy support in use) [ 188.860917][ T7907] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7907 [ 188.870452][ T7907] caller is ip6_finish_output+0x335/0xdc0 [ 188.876374][ T7907] CPU: 1 PID: 7907 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 188.885405][ T7907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 188.895566][ T7907] Call Trace: [ 188.898885][ T7907] dump_stack+0x172/0x1f0 [ 188.903373][ T7907] __this_cpu_preempt_check+0x246/0x270 [ 188.908964][ T7907] ip6_finish_output+0x335/0xdc0 [ 188.913923][ T7907] ip6_output+0x235/0x7f0 [ 188.918281][ T7907] ? ip6_finish_output+0xdc0/0xdc0 [ 188.923414][ T7907] ? ip6_fragment+0x3980/0x3980 [ 188.928287][ T7907] ? ip_reply_glue_bits+0xc0/0xc0 [ 188.933327][ T7907] ip6_local_out+0xc4/0x1b0 [ 188.937846][ T7907] ip6_send_skb+0xbb/0x350 [ 188.942285][ T7907] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 188.947750][ T7907] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 188.953601][ T7907] udpv6_sendmsg+0x21e3/0x28d0 [ 188.958380][ T7907] ? ip_reply_glue_bits+0xc0/0xc0 [ 188.963425][ T7907] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 188.969548][ T7907] ? aa_profile_af_perm+0x320/0x320 [ 188.974773][ T7907] ? __might_fault+0x12b/0x1e0 [ 188.979548][ T7907] ? find_held_lock+0x35/0x130 [ 188.984339][ T7907] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 188.990603][ T7907] ? rw_copy_check_uvector+0x2a6/0x330 [ 188.996107][ T7907] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 189.001665][ T7907] inet_sendmsg+0x147/0x5e0 [ 189.006186][ T7907] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 189.012268][ T7907] ? inet_sendmsg+0x147/0x5e0 [ 189.016948][ T7907] ? ipip_gro_receive+0x100/0x100 [ 189.021990][ T7907] sock_sendmsg+0xdd/0x130 [ 189.026419][ T7907] ___sys_sendmsg+0x3e2/0x930 [ 189.031352][ T7907] ? copy_msghdr_from_user+0x430/0x430 [ 189.036933][ T7907] ? lock_downgrade+0x880/0x880 [ 189.042128][ T7907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 189.048363][ T7907] ? kasan_check_read+0x11/0x20 [ 189.053242][ T7907] ? __fget+0x381/0x550 [ 189.057747][ T7907] ? ksys_dup3+0x3e0/0x3e0 [ 189.062254][ T7907] ? __fget_light+0x1a9/0x230 [ 189.067024][ T7907] ? __fdget+0x1b/0x20 [ 189.071096][ T7907] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 189.077426][ T7907] ? sockfd_lookup_light+0xcb/0x180 [ 189.087957][ T7907] __sys_sendmmsg+0x1bf/0x4d0 [ 189.092756][ T7907] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 189.097963][ T7907] ? _copy_to_user+0xc9/0x120 [ 189.102746][ T7907] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 189.109814][ T7907] ? put_timespec64+0xda/0x140 [ 189.114662][ T7907] ? nsecs_to_jiffies+0x30/0x30 [ 189.119800][ T7907] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 189.125579][ T7907] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 189.131054][ T7907] ? do_syscall_64+0x26/0x610 [ 189.135750][ T7907] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.141815][ T7907] ? do_syscall_64+0x26/0x610 [ 189.146490][ T7907] __x64_sys_sendmmsg+0x9d/0x100 [ 189.151425][ T7907] do_syscall_64+0x103/0x610 [ 189.156011][ T7907] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.162002][ T7907] RIP: 0033:0x4582b9 [ 189.165890][ T7907] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 189.185944][ T7907] RSP: 002b:00007f0d95f41c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 189.194357][ T7907] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 189.202322][ T7907] RDX: 07be86bbb7a0f557 RSI: 0000000020000440 RDI: 0000000000000003 [ 189.210284][ T7907] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 189.218257][ T7907] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0d95f426d4 [ 189.226338][ T7907] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 189.589101][ T7907] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7907 [ 189.598935][ T7907] caller is sk_mc_loop+0x1d/0x210 [ 189.604045][ T7907] CPU: 0 PID: 7907 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 189.613257][ T7907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 189.623530][ T7907] Call Trace: [ 189.626823][ T7907] dump_stack+0x172/0x1f0 [ 189.626852][ T7907] __this_cpu_preempt_check+0x246/0x270 [ 189.638204][ T7907] sk_mc_loop+0x1d/0x210 [ 189.642451][ T7907] ip6_finish_output2+0x17a5/0x2550 [ 189.647682][ T7907] ? find_held_lock+0x35/0x130 [ 189.652555][ T7907] ? ip6_mtu+0x2e6/0x460 [ 189.656826][ T7907] ? ip6_forward_finish+0x580/0x580 [ 189.656842][ T7907] ? lock_downgrade+0x880/0x880 [ 189.656862][ T7907] ? rcu_read_unlock_special+0xf3/0x210 [ 189.672882][ T7907] ip6_finish_output+0x614/0xdc0 [ 189.677825][ T7907] ? ip6_finish_output+0x614/0xdc0 [ 189.682945][ T7907] ip6_output+0x235/0x7f0 [ 189.687371][ T7907] ? ip6_finish_output+0xdc0/0xdc0 [ 189.692496][ T7907] ? ip6_fragment+0x3980/0x3980 [ 189.697376][ T7907] ? ip_reply_glue_bits+0xc0/0xc0 [ 189.697401][ T7907] ip6_local_out+0xc4/0x1b0 [ 189.706911][ T7907] ip6_send_skb+0xbb/0x350 [ 189.711459][ T7907] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 189.716935][ T7907] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 189.722679][ T7907] udpv6_sendmsg+0x21e3/0x28d0 [ 189.727450][ T7907] ? ip_reply_glue_bits+0xc0/0xc0 [ 189.732535][ T7907] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 189.732555][ T7907] ? aa_profile_af_perm+0x320/0x320 [ 189.732570][ T7907] ? __might_fault+0x12b/0x1e0 [ 189.732583][ T7907] ? find_held_lock+0x35/0x130 [ 189.732602][ T7907] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 189.732615][ T7907] ? rw_copy_check_uvector+0x2a6/0x330 [ 189.732651][ T7907] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 189.732670][ T7907] inet_sendmsg+0x147/0x5e0 [ 189.732682][ T7907] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 189.732690][ T7907] ? inet_sendmsg+0x147/0x5e0 [ 189.732702][ T7907] ? ipip_gro_receive+0x100/0x100 [ 189.748801][ T7907] sock_sendmsg+0xdd/0x130 [ 189.748820][ T7907] ___sys_sendmsg+0x3e2/0x930 [ 189.800002][ T7907] ? copy_msghdr_from_user+0x430/0x430 [ 189.805481][ T7907] ? lock_downgrade+0x880/0x880 [ 189.810349][ T7907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 189.816607][ T7907] ? kasan_check_read+0x11/0x20 [ 189.821618][ T7907] ? __fget+0x381/0x550 [ 189.825829][ T7907] ? ksys_dup3+0x3e0/0x3e0 [ 189.830263][ T7907] ? __fget_light+0x1a9/0x230 [ 189.834933][ T7907] ? __fdget+0x1b/0x20 [ 189.839022][ T7907] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 189.845255][ T7907] ? sockfd_lookup_light+0xcb/0x180 [ 189.850446][ T7907] __sys_sendmmsg+0x1bf/0x4d0 [ 189.855110][ T7907] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 189.860132][ T7907] ? _copy_to_user+0xc9/0x120 [ 189.864884][ T7907] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 189.871106][ T7907] ? put_timespec64+0xda/0x140 [ 189.875866][ T7907] ? nsecs_to_jiffies+0x30/0x30 [ 189.880706][ T7907] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 189.886144][ T7907] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 189.891677][ T7907] ? do_syscall_64+0x26/0x610 [ 189.896350][ T7907] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.902501][ T7907] ? do_syscall_64+0x26/0x610 [ 189.907174][ T7907] __x64_sys_sendmmsg+0x9d/0x100 [ 189.912271][ T7907] do_syscall_64+0x103/0x610 [ 189.921665][ T7907] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.927545][ T7907] RIP: 0033:0x4582b9 [ 189.931428][ T7907] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 189.951097][ T7907] RSP: 002b:00007f0d95f41c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 189.959504][ T7907] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 189.967568][ T7907] RDX: 07be86bbb7a0f557 RSI: 0000000020000440 RDI: 0000000000000003 [ 189.975521][ T7907] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 04:06:33 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)={0xdc, r1, 0x306, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x40, 0x1, [@IPVS_SVC_ATTR_PORT={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PROTOCOL={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x87}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@dev={0xac, 0x14, 0x14, 0xa}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}]}]}, 0xdc}}, 0x20000000) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) r2 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, 0x0) 04:06:34 executing program 4: r0 = socket(0x40000000015, 0x5, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000340)={&(0x7f0000000280), 0xc, &(0x7f0000000300)={&(0x7f00000006c0)={0x150, r2, 0x306, 0x70bd2d, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_SERVICE={0x2c, 0x1, [@IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PROTOCOL={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x87}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@dev={0xac, 0x14, 0x14, 0xa}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}]}, @IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_DAEMON={0x70, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'nr0\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x4}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x6}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast1}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x9}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast2}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'hwsim0\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x10001}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}]}, @IPVS_CMD_ATTR_SERVICE={0x24, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}]}, 0x150}, 0x1, 0x0, 0x0, 0x10}, 0x20000000) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) pipe2(0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) r3 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x0, 0x0, 0x70bd2a, 0x25dfdbfb, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x40400c0) setsockopt$RDS_CONG_MONITOR(r0, 0x114, 0x6, &(0x7f0000000000)=0x1, 0x4) poll(&(0x7f0000000540)=[{r0}], 0x2000000000000068, 0x0) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000240)='/dev/cachefiles\x00', 0x40001, 0x0) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x0, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f0000000040)=0x2a, 0x4) ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000000200)={'ip6erspan0\x00', {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x25}}}) 04:06:34 executing program 2: sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x2}, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) r1 = creat(&(0x7f0000001c00)='./file0\x00', 0x0) fallocate(r1, 0x0, 0x0, 0x2000002) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fallocate(r0, 0x0, 0x0, 0x110001) fstat(0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, r1}) [ 189.983908][ T7907] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0d95f426d4 [ 189.991863][ T7907] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 190.050756][ T7907] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7907 [ 190.060656][ T7907] caller is ip6_finish_output+0x335/0xdc0 [ 190.066565][ T7907] CPU: 0 PID: 7907 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 190.075591][ T7907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 190.085839][ T7907] Call Trace: [ 190.089128][ T7907] dump_stack+0x172/0x1f0 [ 190.093484][ T7907] __this_cpu_preempt_check+0x246/0x270 [ 190.099241][ T7907] ip6_finish_output+0x335/0xdc0 [ 190.104197][ T7907] ip6_output+0x235/0x7f0 [ 190.108602][ T7907] ? ip6_finish_output+0xdc0/0xdc0 [ 190.113723][ T7907] ? ip6_fragment+0x3980/0x3980 [ 190.118734][ T7907] ? ip_reply_glue_bits+0xc0/0xc0 [ 190.123837][ T7907] ip6_local_out+0xc4/0x1b0 [ 190.128445][ T7907] ip6_send_skb+0xbb/0x350 [ 190.132881][ T7907] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 190.138332][ T7907] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 190.144078][ T7907] udpv6_sendmsg+0x21e3/0x28d0 [ 190.148918][ T7907] ? ip_reply_glue_bits+0xc0/0xc0 [ 190.153931][ T7907] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 190.159935][ T7907] ? aa_profile_af_perm+0x320/0x320 [ 190.165207][ T7907] ? __might_fault+0x12b/0x1e0 [ 190.169960][ T7907] ? find_held_lock+0x35/0x130 [ 190.174711][ T7907] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.181124][ T7907] ? rw_copy_check_uvector+0x2a6/0x330 [ 190.186588][ T7907] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 190.192120][ T7907] inet_sendmsg+0x147/0x5e0 [ 190.196611][ T7907] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 190.202582][ T7907] ? inet_sendmsg+0x147/0x5e0 [ 190.207427][ T7907] ? ipip_gro_receive+0x100/0x100 [ 190.212549][ T7907] sock_sendmsg+0xdd/0x130 [ 190.216952][ T7907] ___sys_sendmsg+0x3e2/0x930 [ 190.221632][ T7907] ? copy_msghdr_from_user+0x430/0x430 [ 190.227261][ T7907] ? __lock_acquire+0x548/0x3fb0 [ 190.232189][ T7907] ? lock_downgrade+0x880/0x880 [ 190.237045][ T7907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 190.243272][ T7907] ? kasan_check_read+0x11/0x20 [ 190.248196][ T7907] ? __might_fault+0x12b/0x1e0 [ 190.253137][ T7907] ? find_held_lock+0x35/0x130 [ 190.257885][ T7907] ? __might_fault+0x12b/0x1e0 [ 190.262642][ T7907] ? lock_downgrade+0x880/0x880 [ 190.267569][ T7907] ? ___might_sleep+0x163/0x280 [ 190.272406][ T7907] __sys_sendmmsg+0x1bf/0x4d0 [ 190.277169][ T7907] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 190.282190][ T7907] ? _copy_to_user+0xc9/0x120 [ 190.286852][ T7907] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.293526][ T7907] ? put_timespec64+0xda/0x140 [ 190.298358][ T7907] ? nsecs_to_jiffies+0x30/0x30 [ 190.303200][ T7907] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.308650][ T7907] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.314095][ T7907] ? do_syscall_64+0x26/0x610 [ 190.318774][ T7907] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.324953][ T7907] ? do_syscall_64+0x26/0x610 [ 190.329706][ T7907] __x64_sys_sendmmsg+0x9d/0x100 [ 190.334649][ T7907] do_syscall_64+0x103/0x610 [ 190.339227][ T7907] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.345111][ T7907] RIP: 0033:0x4582b9 [ 190.348992][ T7907] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 190.368749][ T7907] RSP: 002b:00007f0d95f41c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 190.377142][ T7907] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 190.385185][ T7907] RDX: 07be86bbb7a0f557 RSI: 0000000020000440 RDI: 0000000000000003 [ 190.393323][ T7907] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 04:06:34 executing program 3: socket$inet_udplite(0x2, 0x2, 0x88) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = socket$l2tp(0x18, 0x1, 0x1) setsockopt$l2tp_PPPOL2TP_SO_RECVSEQ(r1, 0x111, 0x2, 0x1, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x200, 0x4) pipe(0x0) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, 0x0, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_GET_INFO(0xffffffffffffffff, 0x0, 0x0) bind$netrom(0xffffffffffffffff, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000140)="0adc1f023c123f3188a070") unshare(0x40003fc) r2 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) getsockopt$ax25_int(r2, 0x101, 0x5, &(0x7f0000000100), 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000002c0)='yeah\x00', 0x5) connect$caif(0xffffffffffffffff, 0x0, 0x0) bind$inet(r0, &(0x7f00000003c0)={0x2, 0x200000000004e23}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) ioctl$SIOCGSTAMPNS(0xffffffffffffffff, 0x8907, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x3f, &(0x7f0000000100)=0x3, 0x4) socket$caif_stream(0x25, 0x1, 0x0) recvmsg(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1}, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 04:06:34 executing program 0: socket$xdp(0x2c, 0x3, 0x0) openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0xfffffffffffffffc, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x100, 0x0) getsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000080), &(0x7f00000000c0)=0x4) openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x3, 0x2, 0xc1b) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000480)='/dev/sequencer\x00', 0x7fff, 0x0) ioctl$KVM_S390_INTERRUPT_CPU(r1, 0x4010ae94, &(0x7f0000000500)={0x8, 0x0, 0x7}) r2 = socket$inet(0x10, 0x3, 0xc) r3 = syz_open_dev$dmmidi(0x0, 0x6, 0x10000) ioctl$KVM_RUN(r1, 0xae80, 0x0) setsockopt$inet6_dccp_int(r3, 0x21, 0x0, &(0x7f0000000300)=0x67, 0x4) select(0x40, &(0x7f00000001c0)={0x200, 0x6, 0x4, 0x10001, 0x6, 0x0, 0x7, 0x8}, &(0x7f0000000200)={0x200, 0x0, 0x7, 0x0, 0x7, 0x0, 0x0, 0x10000}, &(0x7f0000000240)={0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x20, 0xfffffffffffffff9}, &(0x7f0000000280)={0x77359400}) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000680)=0x0) r5 = fcntl$getown(0xffffffffffffffff, 0x9) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) setsockopt$sock_attach_bpf(r7, 0x10f, 0x87, &(0x7f0000000700), 0x4) kcmp(r4, r5, 0x0, r2, r1) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00') sendmsg$TIPC_CMD_SET_NODE_ADDR(r6, &(0x7f00000004c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2040000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x24, r8, 0x104, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x8001, 0x0, {0x8, 0x11, 0x1}}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x4040000}, 0x4040) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000580), &(0x7f00000005c0)=0xc) mount$fuseblk(&(0x7f0000000380)='/dev/loop0\x00', &(0x7f00000003c0)='\x00', &(0x7f0000000400)='fuseblk\x00', 0x1000030, &(0x7f0000000740)=ANY=[@ANYBLOB="fcf168e5e6e2c65b232cdebe600c5eae2c973f3078303030303030ce7ff57d8c5c3f7d00531d04f61dd102801229e6c66f4f8d7a90b1c30a1130a2923f4f039b35ceed142fdae030c0924cb80459895ea0fee14b529900f8ffff463b2fd746154d3aba00"/113]) sendmsg(r2, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="24000000070a07031dfffd946fa2830020200a0009000100001d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x4000)=nil, 0x4000}, &(0x7f0000000540)=0x109) getrandom(&(0x7f0000000040)=""/153, 0xfffffffffffffe4b, 0x4000000003) recvfrom$unix(r2, &(0x7f0000000380), 0x0, 0x20, 0x0, 0x0) getsockopt$inet_mreqn(r3, 0x0, 0x20, &(0x7f0000000ac0)={@multicast2}, &(0x7f0000000a80)=0x6) [ 190.401537][ T7907] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0d95f426d4 [ 190.409512][ T7907] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 190.573064][ T7907] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7907 [ 190.582743][ T7907] caller is sk_mc_loop+0x1d/0x210 [ 190.587882][ T7907] CPU: 1 PID: 7907 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 190.597079][ T7907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 190.607499][ T7907] Call Trace: [ 190.610817][ T7907] dump_stack+0x172/0x1f0 [ 190.615180][ T7907] __this_cpu_preempt_check+0x246/0x270 [ 190.620885][ T7907] sk_mc_loop+0x1d/0x210 [ 190.625200][ T7907] ip6_finish_output2+0x17a5/0x2550 [ 190.630521][ T7907] ? find_held_lock+0x35/0x130 [ 190.635434][ T7907] ? ip6_mtu+0x2e6/0x460 [ 190.640664][ T7907] ? ip6_forward_finish+0x580/0x580 [ 190.646055][ T7907] ? lock_downgrade+0x880/0x880 [ 190.650927][ T7907] ? rcu_read_unlock_special+0xf3/0x210 [ 190.656783][ T7907] ip6_finish_output+0x614/0xdc0 [ 190.661819][ T7907] ? ip6_finish_output+0x614/0xdc0 [ 190.666947][ T7907] ip6_output+0x235/0x7f0 [ 190.671294][ T7907] ? ip6_finish_output+0xdc0/0xdc0 [ 190.676459][ T7907] ? ip6_fragment+0x3980/0x3980 [ 190.681412][ T7907] ? ip_reply_glue_bits+0xc0/0xc0 [ 190.686577][ T7907] ip6_local_out+0xc4/0x1b0 [ 190.691186][ T7907] ip6_send_skb+0xbb/0x350 [ 190.695737][ T7907] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 190.701290][ T7907] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 190.707031][ T7907] udpv6_sendmsg+0x21e3/0x28d0 [ 190.711985][ T7907] ? ip_reply_glue_bits+0xc0/0xc0 [ 190.717025][ T7907] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 190.723116][ T7907] ? aa_profile_af_perm+0x320/0x320 [ 190.728510][ T7907] ? __might_fault+0x12b/0x1e0 [ 190.733283][ T7907] ? find_held_lock+0x35/0x130 [ 190.738157][ T7907] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.745056][ T7907] ? rw_copy_check_uvector+0x2a6/0x330 [ 190.750568][ T7907] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 190.756406][ T7907] inet_sendmsg+0x147/0x5e0 [ 190.761112][ T7907] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 190.767099][ T7907] ? inet_sendmsg+0x147/0x5e0 [ 190.771999][ T7907] ? ipip_gro_receive+0x100/0x100 [ 190.777324][ T7907] sock_sendmsg+0xdd/0x130 [ 190.781754][ T7907] ___sys_sendmsg+0x3e2/0x930 [ 190.786453][ T7907] ? copy_msghdr_from_user+0x430/0x430 [ 190.792217][ T7907] ? __lock_acquire+0x548/0x3fb0 [ 190.797163][ T7907] ? lock_downgrade+0x880/0x880 [ 190.802111][ T7907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 190.808558][ T7907] ? kasan_check_read+0x11/0x20 [ 190.813532][ T7907] ? __might_fault+0x12b/0x1e0 [ 190.818426][ T7907] ? find_held_lock+0x35/0x130 [ 190.823293][ T7907] ? __might_fault+0x12b/0x1e0 [ 190.828180][ T7907] ? lock_downgrade+0x880/0x880 [ 190.833330][ T7907] ? ___might_sleep+0x163/0x280 [ 190.838283][ T7907] __sys_sendmmsg+0x1bf/0x4d0 [ 190.842979][ T7907] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 190.848041][ T7907] ? _copy_to_user+0xc9/0x120 [ 190.852769][ T7907] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.859200][ T7907] ? put_timespec64+0xda/0x140 [ 190.864354][ T7907] ? nsecs_to_jiffies+0x30/0x30 04:06:35 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) sendmsg$TIPC_NL_NET_SET(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000c00)=ANY=[@ANYBLOB], 0x1}}, 0x0) recvmmsg(r1, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000001600)=[{&(0x7f0000001540)=""/165, 0x620}], 0x1}}], 0x1, 0x0, 0x0) [ 190.869413][ T7907] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.875156][ T7907] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.880641][ T7907] ? do_syscall_64+0x26/0x610 [ 190.885454][ T7907] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.891627][ T7907] ? do_syscall_64+0x26/0x610 [ 190.896425][ T7907] __x64_sys_sendmmsg+0x9d/0x100 [ 190.901492][ T7907] do_syscall_64+0x103/0x610 [ 190.906108][ T7907] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.912031][ T7907] RIP: 0033:0x4582b9 [ 190.915958][ T7907] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 190.936089][ T7907] RSP: 002b:00007f0d95f41c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 190.944876][ T7907] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 190.953167][ T7907] RDX: 07be86bbb7a0f557 RSI: 0000000020000440 RDI: 0000000000000003 [ 190.961151][ T7907] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 190.969132][ T7907] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0d95f426d4 [ 190.977135][ T7907] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff 04:06:35 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)={0xdc, r1, 0x306, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x40, 0x1, [@IPVS_SVC_ATTR_PORT={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PROTOCOL={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x87}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@dev={0xac, 0x14, 0x14, 0xa}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}]}]}, 0xdc}}, 0x20000000) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) r2 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') [ 191.101982][ T7907] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7907 [ 191.111622][ T7907] caller is ip6_finish_output+0x335/0xdc0 [ 191.117507][ T7907] CPU: 0 PID: 7907 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 191.126610][ T7907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 191.136659][ T7907] Call Trace: [ 191.139952][ T7907] dump_stack+0x172/0x1f0 [ 191.144296][ T7907] __this_cpu_preempt_check+0x246/0x270 [ 191.149851][ T7907] ip6_finish_output+0x335/0xdc0 [ 191.154801][ T7907] ip6_output+0x235/0x7f0 [ 191.159135][ T7907] ? ip6_finish_output+0xdc0/0xdc0 [ 191.164268][ T7907] ? ip6_fragment+0x3980/0x3980 [ 191.169122][ T7907] ? ip_reply_glue_bits+0xc0/0xc0 [ 191.174158][ T7907] ip6_local_out+0xc4/0x1b0 [ 191.178663][ T7907] ip6_send_skb+0xbb/0x350 [ 191.183257][ T7907] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 191.188723][ T7907] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 191.194449][ T7907] udpv6_sendmsg+0x21e3/0x28d0 [ 191.199335][ T7907] ? ip_reply_glue_bits+0xc0/0xc0 [ 191.204371][ T7907] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 191.210455][ T7907] ? aa_profile_af_perm+0x320/0x320 [ 191.215654][ T7907] ? __might_fault+0x12b/0x1e0 [ 191.220415][ T7907] ? find_held_lock+0x35/0x130 [ 191.225183][ T7907] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.231511][ T7907] ? rw_copy_check_uvector+0x2a6/0x330 [ 191.237022][ T7907] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 191.242573][ T7907] inet_sendmsg+0x147/0x5e0 [ 191.247086][ T7907] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 191.253068][ T7907] ? inet_sendmsg+0x147/0x5e0 [ 191.257744][ T7907] ? ipip_gro_receive+0x100/0x100 [ 191.262769][ T7907] sock_sendmsg+0xdd/0x130 [ 191.267195][ T7907] ___sys_sendmsg+0x3e2/0x930 [ 191.271884][ T7907] ? copy_msghdr_from_user+0x430/0x430 [ 191.277344][ T7907] ? __lock_acquire+0x548/0x3fb0 [ 191.282302][ T7907] ? lock_downgrade+0x880/0x880 [ 191.287165][ T7907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.293423][ T7907] ? kasan_check_read+0x11/0x20 [ 191.298414][ T7907] ? __might_fault+0x12b/0x1e0 [ 191.303191][ T7907] ? find_held_lock+0x35/0x130 [ 191.307966][ T7907] ? __might_fault+0x12b/0x1e0 [ 191.312756][ T7907] ? lock_downgrade+0x880/0x880 [ 191.317625][ T7907] ? ___might_sleep+0x163/0x280 [ 191.322488][ T7907] __sys_sendmmsg+0x1bf/0x4d0 [ 191.327202][ T7907] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 191.332247][ T7907] ? _copy_to_user+0xc9/0x120 [ 191.337019][ T7907] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.343259][ T7907] ? put_timespec64+0xda/0x140 [ 191.348048][ T7907] ? nsecs_to_jiffies+0x30/0x30 [ 191.352909][ T7907] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 191.358474][ T7907] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 191.364117][ T7907] ? do_syscall_64+0x26/0x610 [ 191.368803][ T7907] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.374879][ T7907] ? do_syscall_64+0x26/0x610 [ 191.379736][ T7907] __x64_sys_sendmmsg+0x9d/0x100 [ 191.384772][ T7907] do_syscall_64+0x103/0x610 [ 191.389373][ T7907] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.395267][ T7907] RIP: 0033:0x4582b9 [ 191.399198][ T7907] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 191.418902][ T7907] RSP: 002b:00007f0d95f41c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 191.427333][ T7907] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 191.427341][ T7907] RDX: 07be86bbb7a0f557 RSI: 0000000020000440 RDI: 0000000000000003 [ 191.427349][ T7907] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 191.427363][ T7907] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0d95f426d4 [ 191.427371][ T7907] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 191.486813][ T7907] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7907 [ 191.496711][ T7907] caller is sk_mc_loop+0x1d/0x210 04:06:35 executing program 4: r0 = socket(0x40000000015, 0x5, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000340)={&(0x7f0000000280), 0xc, &(0x7f0000000300)={&(0x7f00000006c0)={0x150, r2, 0x306, 0x70bd2d, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_SERVICE={0x2c, 0x1, [@IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PROTOCOL={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x87}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@dev={0xac, 0x14, 0x14, 0xa}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}]}, @IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_DAEMON={0x70, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'nr0\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x4}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x6}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast1}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x9}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast2}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'hwsim0\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x10001}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}]}, @IPVS_CMD_ATTR_SERVICE={0x24, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}]}, 0x150}, 0x1, 0x0, 0x0, 0x10}, 0x20000000) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) pipe2(0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) r3 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x0, 0x0, 0x70bd2a, 0x25dfdbfb, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x40400c0) setsockopt$RDS_CONG_MONITOR(r0, 0x114, 0x6, &(0x7f0000000000)=0x1, 0x4) poll(&(0x7f0000000540)=[{r0}], 0x2000000000000068, 0x0) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000240)='/dev/cachefiles\x00', 0x40001, 0x0) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x0, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f0000000040)=0x2a, 0x4) ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000000200)={'ip6erspan0\x00', {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x25}}}) 04:06:35 executing program 2: sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x2}, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) r1 = creat(&(0x7f0000001c00)='./file0\x00', 0x0) fallocate(r1, 0x0, 0x0, 0x2000002) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fallocate(r0, 0x0, 0x0, 0x110001) fstat(0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, r1}) [ 191.501924][ T7907] CPU: 1 PID: 7907 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 191.510957][ T7907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 191.521035][ T7907] Call Trace: [ 191.524539][ T7907] dump_stack+0x172/0x1f0 [ 191.528966][ T7907] __this_cpu_preempt_check+0x246/0x270 [ 191.534834][ T7907] sk_mc_loop+0x1d/0x210 [ 191.539090][ T7907] ip6_finish_output2+0x17a5/0x2550 [ 191.544466][ T7907] ? find_held_lock+0x35/0x130 [ 191.549312][ T7907] ? ip6_mtu+0x2e6/0x460 [ 191.553583][ T7907] ? ip6_forward_finish+0x580/0x580 [ 191.558874][ T7907] ? lock_downgrade+0x880/0x880 [ 191.563712][ T7907] ? rcu_read_unlock_special+0xf3/0x210 [ 191.569263][ T7907] ip6_finish_output+0x614/0xdc0 [ 191.574369][ T7907] ? ip6_finish_output+0x614/0xdc0 [ 191.579641][ T7907] ip6_output+0x235/0x7f0 [ 191.583957][ T7907] ? ip6_finish_output+0xdc0/0xdc0 [ 191.589063][ T7907] ? ip6_fragment+0x3980/0x3980 [ 191.594047][ T7907] ? ip_reply_glue_bits+0xc0/0xc0 [ 191.599062][ T7907] ip6_local_out+0xc4/0x1b0 [ 191.603577][ T7907] ip6_send_skb+0xbb/0x350 [ 191.608181][ T7907] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 191.613711][ T7907] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 191.619421][ T7907] udpv6_sendmsg+0x21e3/0x28d0 [ 191.624271][ T7907] ? ip_reply_glue_bits+0xc0/0xc0 [ 191.629283][ T7907] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 191.635274][ T7907] ? aa_profile_af_perm+0x320/0x320 [ 191.640458][ T7907] ? __might_fault+0x12b/0x1e0 [ 191.645381][ T7907] ? find_held_lock+0x35/0x130 [ 191.650131][ T7907] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.656470][ T7907] ? rw_copy_check_uvector+0x2a6/0x330 [ 191.661940][ T7907] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 191.667472][ T7907] inet_sendmsg+0x147/0x5e0 [ 191.672069][ T7907] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 191.678030][ T7907] ? inet_sendmsg+0x147/0x5e0 [ 191.682810][ T7907] ? ipip_gro_receive+0x100/0x100 [ 191.687887][ T7907] sock_sendmsg+0xdd/0x130 [ 191.692308][ T7907] ___sys_sendmsg+0x3e2/0x930 [ 191.696979][ T7907] ? copy_msghdr_from_user+0x430/0x430 [ 191.702513][ T7907] ? __lock_acquire+0x548/0x3fb0 [ 191.707434][ T7907] ? lock_downgrade+0x880/0x880 [ 191.712472][ T7907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.718702][ T7907] ? kasan_check_read+0x11/0x20 [ 191.723541][ T7907] ? __might_fault+0x12b/0x1e0 [ 191.728310][ T7907] ? find_held_lock+0x35/0x130 [ 191.733066][ T7907] ? __might_fault+0x12b/0x1e0 [ 191.737819][ T7907] ? lock_downgrade+0x880/0x880 [ 191.742676][ T7907] ? ___might_sleep+0x163/0x280 [ 191.747617][ T7907] __sys_sendmmsg+0x1bf/0x4d0 [ 191.752281][ T7907] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 191.757385][ T7907] ? _copy_to_user+0xc9/0x120 [ 191.762135][ T7907] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.768369][ T7907] ? put_timespec64+0xda/0x140 [ 191.773115][ T7907] ? nsecs_to_jiffies+0x30/0x30 [ 191.777976][ T7907] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 191.783424][ T7907] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 191.789153][ T7907] ? do_syscall_64+0x26/0x610 [ 191.793826][ T7907] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.799875][ T7907] ? do_syscall_64+0x26/0x610 [ 191.804546][ T7907] __x64_sys_sendmmsg+0x9d/0x100 [ 191.809469][ T7907] do_syscall_64+0x103/0x610 [ 191.814065][ T7907] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.819987][ T7907] RIP: 0033:0x4582b9 [ 191.823870][ T7907] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 191.843546][ T7907] RSP: 002b:00007f0d95f41c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 191.852081][ T7907] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 191.860036][ T7907] RDX: 07be86bbb7a0f557 RSI: 0000000020000440 RDI: 0000000000000003 [ 191.868710][ T7907] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 191.876842][ T7907] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0d95f426d4 [ 191.884797][ T7907] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff 04:06:36 executing program 0: r0 = socket(0xa, 0x3, 0x1) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000000)={0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00pI\x00', 0x8}, 0xfffffffffffffe0d) ioctl(r0, 0x8916, &(0x7f0000000000)) ioctl(r0, 0x8918, &(0x7f0000000000)) [ 192.025668][ T7907] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7907 [ 192.035107][ T7907] caller is ip6_finish_output+0x335/0xdc0 [ 192.040854][ T7907] CPU: 0 PID: 7907 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 192.049902][ T7907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 192.063278][ T7907] Call Trace: [ 192.066943][ T7907] dump_stack+0x172/0x1f0 [ 192.071367][ T7907] __this_cpu_preempt_check+0x246/0x270 [ 192.077115][ T7907] ip6_finish_output+0x335/0xdc0 [ 192.082063][ T7907] ip6_output+0x235/0x7f0 [ 192.086412][ T7907] ? ip6_finish_output+0xdc0/0xdc0 [ 192.091639][ T7907] ? ip6_fragment+0x3980/0x3980 [ 192.096490][ T7907] ? ip_reply_glue_bits+0xc0/0xc0 [ 192.101650][ T7907] ip6_local_out+0xc4/0x1b0 [ 192.106338][ T7907] ip6_send_skb+0xbb/0x350 [ 192.111052][ T7907] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 192.116685][ T7907] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 192.122714][ T7907] udpv6_sendmsg+0x21e3/0x28d0 [ 192.127482][ T7907] ? ip_reply_glue_bits+0xc0/0xc0 [ 192.132690][ T7907] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 192.138675][ T7907] ? aa_profile_af_perm+0x320/0x320 [ 192.143986][ T7907] ? __might_fault+0x12b/0x1e0 [ 192.149360][ T7907] ? find_held_lock+0x35/0x130 [ 192.154126][ T7907] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.160542][ T7907] ? rw_copy_check_uvector+0x2a6/0x330 [ 192.166313][ T7907] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 192.171957][ T7907] inet_sendmsg+0x147/0x5e0 [ 192.176648][ T7907] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 192.182911][ T7907] ? inet_sendmsg+0x147/0x5e0 [ 192.187692][ T7907] ? ipip_gro_receive+0x100/0x100 [ 192.192736][ T7907] sock_sendmsg+0xdd/0x130 [ 192.197266][ T7907] ___sys_sendmsg+0x3e2/0x930 [ 192.202055][ T7907] ? copy_msghdr_from_user+0x430/0x430 [ 192.208620][ T7907] ? __lock_acquire+0x548/0x3fb0 [ 192.213558][ T7907] ? lock_downgrade+0x880/0x880 [ 192.218405][ T7907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.224737][ T7907] ? kasan_check_read+0x11/0x20 [ 192.229710][ T7907] ? __might_fault+0x12b/0x1e0 [ 192.234856][ T7907] ? find_held_lock+0x35/0x130 [ 192.239804][ T7907] ? __might_fault+0x12b/0x1e0 [ 192.244558][ T7907] ? lock_downgrade+0x880/0x880 [ 192.249455][ T7907] ? ___might_sleep+0x163/0x280 [ 192.254302][ T7907] __sys_sendmmsg+0x1bf/0x4d0 [ 192.258981][ T7907] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 192.264023][ T7907] ? _copy_to_user+0xc9/0x120 [ 192.268777][ T7907] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.275112][ T7907] ? put_timespec64+0xda/0x140 [ 192.280043][ T7907] ? nsecs_to_jiffies+0x30/0x30 [ 192.284894][ T7907] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.290625][ T7907] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.296067][ T7907] ? do_syscall_64+0x26/0x610 [ 192.300750][ T7907] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.306899][ T7907] ? do_syscall_64+0x26/0x610 [ 192.311564][ T7907] __x64_sys_sendmmsg+0x9d/0x100 [ 192.316662][ T7907] do_syscall_64+0x103/0x610 [ 192.321411][ T7907] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.327347][ T7907] RIP: 0033:0x4582b9 [ 192.331230][ T7907] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 192.351134][ T7907] RSP: 002b:00007f0d95f41c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 192.359720][ T7907] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 192.367762][ T7907] RDX: 07be86bbb7a0f557 RSI: 0000000020000440 RDI: 0000000000000003 [ 192.375890][ T7907] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 192.383951][ T7907] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0d95f426d4 [ 192.391905][ T7907] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff 04:06:36 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="cd6f"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000440)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:06:36 executing program 2: r0 = gettid() ioctl$PPPIOCSMRRU(0xffffffffffffffff, 0x4004743b, 0x0) clone(0x4000003102041ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() futex(&(0x7f0000000140)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r0, 0x10) write$P9_RREAD(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="052fc754c3151776498856e8c60bc3eb7c020b45625661b76a4e1ba69faf7570ec523ca67775d5418889206e2d5c9df1daffff360600d056b0"], 0x39) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f00000000c0)) ptrace$cont(0x18, r1, 0x0, 0x0) 04:06:36 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0x21, 0x0, &(0x7f0000000240)) 04:06:36 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffffffffffd) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) 04:06:36 executing program 0: r0 = socket$unix(0x1, 0x1, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) bind$unix(r1, &(0x7f0000000580)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) socket$unix(0x1, 0x0, 0x0) listen(r1, 0x0) fstat(0xffffffffffffffff, 0x0) r2 = accept4(r1, 0x0, 0x0, 0x0) connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0x7, &(0x7f0000000040)={0x7fff}, 0x10) 04:06:36 executing program 2: syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0xfb) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000100)={'bond0\x00'}) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000040)={0x0, 0x9}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000140)={r1, 0x1}, &(0x7f0000000180)=0x8) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f00000000c0)={'bond0\x00', 0x800000000008a03}) 04:06:37 executing program 4: r0 = socket(0x40000000015, 0x5, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000340)={&(0x7f0000000280), 0xc, &(0x7f0000000300)={&(0x7f00000006c0)={0x150, r2, 0x306, 0x70bd2d, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_SERVICE={0x2c, 0x1, [@IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PROTOCOL={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x87}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@dev={0xac, 0x14, 0x14, 0xa}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}]}, @IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_DAEMON={0x70, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'nr0\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x4}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x6}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast1}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x9}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast2}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'hwsim0\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x10001}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}]}, @IPVS_CMD_ATTR_SERVICE={0x24, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}]}, 0x150}, 0x1, 0x0, 0x0, 0x10}, 0x20000000) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) pipe2(0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) r3 = fcntl$dupfd(r1, 0x0, r1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x0, 0x0, 0x70bd2a, 0x25dfdbfb, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x40400c0) setsockopt$RDS_CONG_MONITOR(r0, 0x114, 0x6, &(0x7f0000000000)=0x1, 0x4) poll(&(0x7f0000000540)=[{r0}], 0x2000000000000068, 0x0) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000240)='/dev/cachefiles\x00', 0x40001, 0x0) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x0, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f0000000040)=0x2a, 0x4) ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000000200)={'ip6erspan0\x00', {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x25}}}) 04:06:37 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x21, &(0x7f0000013e95), 0x4) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000080), 0xc) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) 04:06:37 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0x21, 0x0, &(0x7f0000000240)) 04:06:37 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)={0xdc, r1, 0x306, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x40, 0x1, [@IPVS_SVC_ATTR_PORT={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PROTOCOL={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x87}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@dev={0xac, 0x14, 0x14, 0xa}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}]}]}, 0xdc}}, 0x20000000) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) r2 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') 04:06:37 executing program 0: sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x2}, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) r1 = creat(&(0x7f0000001c00)='./file0\x00', 0x0) fallocate(r1, 0x0, 0x0, 0x2000002) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fallocate(r0, 0x0, 0x0, 0x110001) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, r1}) 04:06:37 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x1}], 0x100000c7, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/ip6_flowlabel\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000269, 0x10400003) write$selinux_attr(r0, &(0x7f00000000c0)='system_u:object_r:dpkg_var_lib_t:s0\x00', 0x24) getpgrp(0xffffffffffffffff) fcntl$setownex(0xffffffffffffffff, 0xf, 0x0) r1 = getpgrp(0x0) sched_setscheduler(r1, 0x0, 0x0) getegid() ioctl$sock_SIOCGSKNS(0xffffffffffffffff, 0x894c, 0x0) 04:06:37 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0x21, 0x0, &(0x7f0000000240)) 04:06:37 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0x21, 0x0, &(0x7f0000000240)) 04:06:38 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @link_local, [{}], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x0, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 04:06:38 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0x21, 0x0, &(0x7f0000000240)) 04:06:38 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)={0xdc, r1, 0x306, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x40, 0x1, [@IPVS_SVC_ATTR_PORT={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PROTOCOL={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x87}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@dev={0xac, 0x14, 0x14, 0xa}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}]}]}, 0xdc}}, 0x20000000) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) r2 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') [ 194.118537][ T8020] 8021q: adding VLAN 0 to HW filter on device bond0 04:06:38 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000340)={{{@in=@local, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in6}}, 0x0) setsockopt$packet_drop_memb(0xffffffffffffffff, 0x107, 0x2, &(0x7f0000000180)={r0, 0x1, 0xffffffffffffffd7}, 0x10) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/igmp\x00') sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, &(0x7f0000000540)}, 0x0) openat$vcs(0xffffffffffffff9c, 0x0, 0x240601, 0x0) preadv(r1, &(0x7f00000017c0), 0x1fe, 0x400000000000) 04:06:38 executing program 0: sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x2}, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) r1 = creat(&(0x7f0000001c00)='./file0\x00', 0x0) fallocate(r1, 0x0, 0x0, 0x2000002) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fallocate(r0, 0x0, 0x0, 0x110001) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, r1}) 04:06:38 executing program 4: syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) socket$pppoe(0x18, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/ptmx\x00', 0x0, 0x0) syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f0000000340), 0x41395527) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffdd8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_ifreq(r1, 0x8991, &(0x7f0000000140)={'bond0\x00\x16@\xea\xff\xff\x80\x00\x00\x02\xff', @ifru_names='bond_slave_1\x00'}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, 0x0) 04:06:38 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0x21, 0x0, &(0x7f0000000240)) 04:06:38 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x1}], 0x100000c7, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/ip6_flowlabel\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000269, 0x10400003) write$selinux_attr(r0, &(0x7f00000000c0)='system_u:object_r:dpkg_var_lib_t:s0\x00', 0x24) getpgrp(0xffffffffffffffff) fcntl$setownex(0xffffffffffffffff, 0xf, 0x0) r1 = getpgrp(0x0) sched_setscheduler(r1, 0x0, 0x0) getegid() ioctl$sock_SIOCGSKNS(0xffffffffffffffff, 0x894c, 0x0) [ 194.302607][ T8047] 8021q: adding VLAN 0 to HW filter on device bond0 [ 194.604755][ T8081] bond0: Releasing backup interface bond_slave_1 04:06:38 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0x21, 0x0, &(0x7f0000000240)) 04:06:38 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x21, 0x0, &(0x7f0000000240)) 04:06:39 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r1 = syz_open_dev$video4linux(&(0x7f0000000000)='/dev/v4l-subdev#\x00', 0x0, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r3, 0x0, 0xca, &(0x7f0000000000)=0x10001, 0x10) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000140)={{{@in6}}, {{@in=@loopback}, 0x0, @in6=@initdev}}, &(0x7f0000000040)=0xe8) dup3(r0, r1, 0x0) 04:06:39 executing program 0: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$inet_sctp(r0, &(0x7f00000007c0)={&(0x7f0000000180)=@in={0x2, 0x0, @loopback}, 0x10, &(0x7f0000000640), 0x141, &(0x7f0000000240)=[@prinfo={0x18}], 0x18}, 0x0) 04:06:39 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)={0xdc, r1, 0x306, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x40, 0x1, [@IPVS_SVC_ATTR_PORT={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PROTOCOL={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x87}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@dev={0xac, 0x14, 0x14, 0xa}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}]}]}, 0xdc}}, 0x20000000) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) r2 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, 0x0) 04:06:39 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x21, 0x0, &(0x7f0000000240)) 04:06:39 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)={0xdc, r1, 0x306, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x40, 0x1, [@IPVS_SVC_ATTR_PORT={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PROTOCOL={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x87}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@dev={0xac, 0x14, 0x14, 0xa}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}]}]}, 0xdc}}, 0x20000000) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) r2 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, 0x0) 04:06:39 executing program 2: 04:06:39 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x21, 0x0, &(0x7f0000000240)) 04:06:39 executing program 1: socket$inet6(0xa, 0x1, 0x8010000000000084) socket$inet_smc(0x2b, 0x1, 0x0) write$P9_RREADLINK(0xffffffffffffffff, 0x0, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x101000, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x39) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000340)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x800000000000000}, 0x0, 0x0, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 04:06:39 executing program 0: 04:06:39 executing program 4: 04:06:39 executing program 4: 04:06:39 executing program 0: 04:06:39 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0x21, 0x0, &(0x7f0000000240)) 04:06:39 executing program 2: 04:06:39 executing program 0: 04:06:39 executing program 4: 04:06:40 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)={0xdc, r1, 0x306, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x40, 0x1, [@IPVS_SVC_ATTR_PORT={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PROTOCOL={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x87}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@dev={0xac, 0x14, 0x14, 0xa}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}]}]}, 0xdc}}, 0x20000000) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) r2 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, 0x0) 04:06:40 executing program 0: 04:06:40 executing program 2: 04:06:40 executing program 1: 04:06:40 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0x21, 0x0, &(0x7f0000000240)) 04:06:40 executing program 4: 04:06:40 executing program 0: 04:06:40 executing program 2: 04:06:40 executing program 0: 04:06:40 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0x21, 0x0, &(0x7f0000000240)) 04:06:40 executing program 4: 04:06:40 executing program 2: 04:06:40 executing program 4: 04:06:40 executing program 0: 04:06:40 executing program 2: 04:06:40 executing program 1: 04:06:40 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0x21, 0x0, &(0x7f0000000240)) 04:06:40 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)={0xdc, r1, 0x306, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x40, 0x1, [@IPVS_SVC_ATTR_PORT={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PROTOCOL={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x87}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@dev={0xac, 0x14, 0x14, 0xa}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}]}]}, 0xdc}}, 0x20000000) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) r2 = fcntl$dupfd(r0, 0x0, r0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, 0x0) 04:06:40 executing program 1: 04:06:40 executing program 0: 04:06:40 executing program 2: 04:06:40 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="020d0000100000000000000000000000030006000000000002000000e00000010000000000000000080012000200020000010000000000003000000003030000ff3f567b0000000000000000000000000000000000000001ac1414bb000000000000000000000000030005000000000002000000e00000010000000000000000"], 0x80}}, 0x0) 04:06:40 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0x21, 0x0, &(0x7f0000000240)) 04:06:40 executing program 1: r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000100)={0x0, 0x3}) 04:06:40 executing program 2: 04:06:41 executing program 0: 04:06:41 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0x21, 0x0, &(0x7f0000000240)) 04:06:41 executing program 2: 04:06:41 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)={0xdc, r1, 0x306, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x40, 0x1, [@IPVS_SVC_ATTR_PORT={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PROTOCOL={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x87}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@dev={0xac, 0x14, 0x14, 0xa}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}]}]}, 0xdc}}, 0x20000000) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) r2 = fcntl$dupfd(r0, 0x0, r0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, 0x0) 04:06:41 executing program 1: 04:06:41 executing program 4: socket$inet6(0xa, 0x1, 0x8010000000000084) socket$inet_smc(0x2b, 0x1, 0x0) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10) lstat(0x0, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x0, 0x0) lstat(0x0, 0x0) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000340)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 04:06:41 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000040)={0x10004, 0x0, 0x2, r2, 0x3}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000100)={0x0, 0x0, 0x2, r2, 0x3}) 04:06:41 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0xfffffffffffffd5a) recvmsg(r0, &(0x7f00000007c0)={&(0x7f0000000040)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, 0x80, 0x0}, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) dup3(r1, r2, 0x0) write$P9_RATTACH(0xffffffffffffffff, 0x0, 0x0) readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) ioctl$sock_inet6_udp_SIOCOUTQ(r2, 0x5411, &(0x7f0000000000)) 04:06:41 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x0) syz_execute_func(&(0x7f00000004c0)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e3baba0f111010c1585e5c2b71660f3a42ab06b5") setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000180)={0x0, 0x7530}, 0x10) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) clone(0x3102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = dup(r0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote}, 0x1c) sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0}}, 0x0) 04:06:41 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0x21, 0x0, &(0x7f0000000240)) 04:06:41 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)={0xdc, r1, 0x306, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x40, 0x1, [@IPVS_SVC_ATTR_PORT={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PROTOCOL={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x87}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@dev={0xac, 0x14, 0x14, 0xa}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}]}]}, 0xdc}}, 0x20000000) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) r2 = fcntl$dupfd(r0, 0x0, r0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, 0x0) [ 197.129436][ T8230] check_preemption_disabled: 203 callbacks suppressed [ 197.129458][ T8230] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/8230 [ 197.146030][ T8230] caller is ip6_finish_output+0x335/0xdc0 [ 197.146060][ T8230] CPU: 1 PID: 8230 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 197.146069][ T8230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.146075][ T8230] Call Trace: [ 197.146095][ T8230] dump_stack+0x172/0x1f0 [ 197.146119][ T8230] __this_cpu_preempt_check+0x246/0x270 [ 197.146137][ T8230] ip6_finish_output+0x335/0xdc0 [ 197.146159][ T8230] ip6_output+0x235/0x7f0 [ 197.146179][ T8230] ? ip6_finish_output+0xdc0/0xdc0 [ 197.146201][ T8230] ? ip6_fragment+0x3980/0x3980 [ 197.171496][ T8230] ip6_xmit+0xe41/0x20c0 [ 197.171523][ T8230] ? ip6_finish_output2+0x2550/0x2550 [ 197.213905][ T8230] ? mark_held_locks+0xf0/0xf0 [ 197.218669][ T8230] ? ip6_setup_cork+0x1870/0x1870 [ 197.223789][ T8230] inet6_csk_xmit+0x2fb/0x5d0 [ 197.228614][ T8230] ? inet6_csk_update_pmtu+0x190/0x190 [ 197.234065][ T8230] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 197.240312][ T8230] ? csum_ipv6_magic+0x20/0x80 [ 197.245156][ T8230] __tcp_transmit_skb+0x1a32/0x3750 [ 197.250350][ T8230] ? tcp_connect+0x1184/0x4280 [ 197.255120][ T8230] ? __tcp_select_window+0x8b0/0x8b0 [ 197.260389][ T8230] ? lockdep_hardirqs_on+0x418/0x5d0 [ 197.265661][ T8230] ? trace_hardirqs_on+0x67/0x230 [ 197.270672][ T8230] ? tcp_rbtree_insert+0x188/0x200 [ 197.275868][ T8230] tcp_connect+0x2e18/0x4280 [ 197.280450][ T8230] ? tcp_push_one+0x110/0x110 [ 197.285126][ T8230] ? secure_tcpv6_ts_off+0x24f/0x360 [ 197.290515][ T8230] ? secure_dccpv6_sequence_number+0x280/0x280 [ 197.296685][ T8230] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 197.303011][ T8230] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 197.309329][ T8230] ? prandom_u32_state+0x13/0x180 [ 197.314451][ T8230] tcp_v6_connect+0x150b/0x20a0 [ 197.319550][ T8230] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 197.325793][ T8230] __inet_stream_connect+0x83f/0xea0 [ 197.331064][ T8230] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 197.336346][ T8230] ? __inet_stream_connect+0x83f/0xea0 [ 197.341901][ T8230] ? mark_held_locks+0xa4/0xf0 [ 197.346688][ T8230] ? inet_dgram_connect+0x2e0/0x2e0 [ 197.352578][ T8230] ? lock_sock_nested+0x9a/0x120 [ 197.357715][ T8230] ? trace_hardirqs_on+0x67/0x230 [ 197.362752][ T8230] ? lock_sock_nested+0x9a/0x120 [ 197.368168][ T8230] ? __local_bh_enable_ip+0x15a/0x270 [ 197.373796][ T8230] inet_stream_connect+0x58/0xa0 [ 197.378838][ T8230] __sys_connect+0x266/0x330 [ 197.383416][ T8230] ? __ia32_sys_accept+0xb0/0xb0 [ 197.388336][ T8230] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.394735][ T8230] ? put_timespec64+0xda/0x140 [ 197.399497][ T8230] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.404941][ T8230] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.410488][ T8230] ? do_syscall_64+0x26/0x610 [ 197.415336][ T8230] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.421496][ T8230] ? do_syscall_64+0x26/0x610 [ 197.426174][ T8230] __x64_sys_connect+0x73/0xb0 [ 197.431012][ T8230] do_syscall_64+0x103/0x610 [ 197.435763][ T8230] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.441741][ T8230] RIP: 0033:0x4582b9 [ 197.445623][ T8230] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 197.465384][ T8230] RSP: 002b:00007f8a99511c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a 04:06:41 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0x21, 0x0, &(0x7f0000000240)) [ 197.473868][ T8230] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 197.481832][ T8230] RDX: 000000000000001c RSI: 0000000020000000 RDI: 0000000000000003 [ 197.489797][ T8230] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 197.497849][ T8230] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8a995125d4 [ 197.505999][ T8230] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff 04:06:41 executing program 0: syz_execute_func(&(0x7f00000002c0)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e3baba0f111010c15e5c2b71660f3a42ab06b5") clone(0x84007ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r1, 0x0) dup2(r2, r1) mknod(&(0x7f0000000000)='./file0\x00', 0x1042, 0x0) execve(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) ptrace(0x10, r0) creat(&(0x7f0000000140)='./file0\x00', 0x0) ioctl$PIO_FONT(r2, 0x4b61, 0x0) ptrace(0x11, r0) 04:06:41 executing program 2: r0 = syz_open_dev$dri(&(0x7f0000001080)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f0000000100)) r1 = gettid() preadv(r0, &(0x7f00000008c0)=[{&(0x7f00000007c0)=""/254, 0xfe}], 0x1, 0x0) timer_create(0x0, &(0x7f00000018c0)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/vcs\x00', 0x0, 0x0) dup2(r2, r0) tkill(r1, 0x15) 04:06:41 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0x21, 0x0, &(0x7f0000000240)) 04:06:41 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0x21, 0x0, &(0x7f0000000240)) 04:06:42 executing program 2: keyctl$KEYCTL_PKEY_DECRYPT(0x1a, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f00000001c0)='devtmpfs\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x80000008) 04:06:42 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000100)) 04:06:42 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)={0xdc, r1, 0x306, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x40, 0x1, [@IPVS_SVC_ATTR_PORT={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PROTOCOL={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x87}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@dev={0xac, 0x14, 0x14, 0xa}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}]}]}, 0xdc}}, 0x20000000) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, 0x0) 04:06:42 executing program 1: socket$inet6(0xa, 0x1, 0x8010000000000084) syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) syz_open_dev$dmmidi(0x0, 0x9, 0x200) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x5, &(0x7f0000000100)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x8, 0x0, 0x800000000000000}, 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 04:06:42 executing program 3: socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x21, 0x0, &(0x7f0000000240)) 04:06:42 executing program 2: keyctl$KEYCTL_PKEY_DECRYPT(0x1a, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f00000001c0)='devtmpfs\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x80000008) 04:06:42 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)={0xdc, r1, 0x306, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x40, 0x1, [@IPVS_SVC_ATTR_PORT={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PROTOCOL={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x87}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@dev={0xac, 0x14, 0x14, 0xa}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}]}]}, 0xdc}}, 0x20000000) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, 0x0) 04:06:42 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000100)) 04:06:42 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x6}, 0x4) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) 04:06:42 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)={0xdc, r1, 0x306, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x40, 0x1, [@IPVS_SVC_ATTR_PORT={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PROTOCOL={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x87}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@dev={0xac, 0x14, 0x14, 0xa}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}]}]}, 0xdc}}, 0x20000000) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, 0x0) 04:06:42 executing program 3: socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x21, 0x0, &(0x7f0000000240)) 04:06:42 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000100)) 04:06:42 executing program 2: keyctl$KEYCTL_PKEY_DECRYPT(0x1a, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f00000001c0)='devtmpfs\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x80000008) 04:06:42 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)={0xdc, r1, 0x306, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x40, 0x1, [@IPVS_SVC_ATTR_PORT={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PROTOCOL={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x87}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@dev={0xac, 0x14, 0x14, 0xa}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}]}]}, 0xdc}}, 0x20000000) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) r2 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, 0x0) 04:06:42 executing program 2: keyctl$KEYCTL_PKEY_DECRYPT(0x1a, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f00000001c0)='devtmpfs\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x80000008) 04:06:42 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000100)) 04:06:42 executing program 1: socket$inet6(0xa, 0x1, 0x8010000000000084) syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) syz_open_dev$dmmidi(0x0, 0x9, 0x200) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x5, &(0x7f0000000100)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x8, 0x0, 0x800000000000000}, 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 04:06:42 executing program 3: socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x21, 0x0, &(0x7f0000000240)) 04:06:42 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$kcm(0x10, 0x1000000000000002, 0x0) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000100)="2300000052008152915a655067d7aee4050c0000136017edcaa30000000000008b1832", 0x23}], 0x1}, 0x0) recvmsg$kcm(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) 04:06:43 executing program 2: keyctl$KEYCTL_PKEY_DECRYPT(0x1a, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f00000001c0)='devtmpfs\x00', 0x0, 0x0) fcntl$notify(0xffffffffffffffff, 0x402, 0x80000008) 04:06:43 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000100))