[ 36.612239][ T26] audit: type=1800 audit(1554688591.850:27): pid=7573 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 36.643367][ T26] audit: type=1800 audit(1554688591.860:28): pid=7573 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 37.329640][ T26] audit: type=1800 audit(1554688592.630:29): pid=7573 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 37.356649][ T26] audit: type=1800 audit(1554688592.630:30): pid=7573 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.52' (ECDSA) to the list of known hosts. 2019/04/08 01:56:51 fuzzer started 2019/04/08 01:56:53 dialing manager at 10.128.0.26:34543 2019/04/08 01:56:54 syscalls: 2408 2019/04/08 01:56:54 code coverage: enabled 2019/04/08 01:56:54 comparison tracing: enabled 2019/04/08 01:56:54 extra coverage: extra coverage is not supported by the kernel 2019/04/08 01:56:54 setuid sandbox: enabled 2019/04/08 01:56:54 namespace sandbox: enabled 2019/04/08 01:56:54 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/08 01:56:54 fault injection: enabled 2019/04/08 01:56:54 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/08 01:56:54 net packet injection: enabled 2019/04/08 01:56:54 net device setup: enabled 01:59:02 executing program 0: syzkaller login: [ 187.422144][ T7739] IPVS: ftp: loaded support on port[0] = 21 01:59:02 executing program 1: [ 187.528665][ T7739] chnl_net:caif_netlink_parms(): no params data found [ 187.615895][ T7739] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.631227][ T7739] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.651736][ T7739] device bridge_slave_0 entered promiscuous mode [ 187.667471][ T7742] IPVS: ftp: loaded support on port[0] = 21 [ 187.674284][ T7739] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.687107][ T7739] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.695367][ T7739] device bridge_slave_1 entered promiscuous mode 01:59:03 executing program 2: [ 187.745983][ T7739] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 187.764628][ T7739] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 187.844429][ T7739] team0: Port device team_slave_0 added [ 187.867788][ T7739] team0: Port device team_slave_1 added [ 187.887353][ T7742] chnl_net:caif_netlink_parms(): no params data found 01:59:03 executing program 3: [ 187.954139][ T7739] device hsr_slave_0 entered promiscuous mode [ 188.111532][ T7739] device hsr_slave_1 entered promiscuous mode 01:59:03 executing program 4: [ 188.216004][ T7745] IPVS: ftp: loaded support on port[0] = 21 [ 188.216077][ T7747] IPVS: ftp: loaded support on port[0] = 21 [ 188.289503][ T7739] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.296781][ T7739] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.304665][ T7739] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.311767][ T7739] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.368554][ T7742] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.384763][ T7742] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.393872][ T7742] device bridge_slave_0 entered promiscuous mode 01:59:03 executing program 5: [ 188.432204][ T7742] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.439311][ T7742] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.451633][ T7750] IPVS: ftp: loaded support on port[0] = 21 [ 188.467441][ T7742] device bridge_slave_1 entered promiscuous mode [ 188.563624][ T7742] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 188.578172][ T7742] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 188.597162][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.615900][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.650866][ T7742] team0: Port device team_slave_0 added [ 188.657977][ T7742] team0: Port device team_slave_1 added [ 188.703500][ T7739] 8021q: adding VLAN 0 to HW filter on device bond0 [ 188.727769][ T7753] IPVS: ftp: loaded support on port[0] = 21 [ 188.803213][ T7742] device hsr_slave_0 entered promiscuous mode [ 188.860675][ T7742] device hsr_slave_1 entered promiscuous mode [ 188.923831][ T7745] chnl_net:caif_netlink_parms(): no params data found [ 188.994332][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 189.002889][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 189.012988][ T7739] 8021q: adding VLAN 0 to HW filter on device team0 [ 189.059005][ T7747] chnl_net:caif_netlink_parms(): no params data found [ 189.072570][ T7745] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.079634][ T7745] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.087870][ T7745] device bridge_slave_0 entered promiscuous mode [ 189.097565][ T7745] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.104864][ T7745] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.112930][ T7745] device bridge_slave_1 entered promiscuous mode [ 189.161874][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.170831][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.179172][ T7752] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.186332][ T7752] bridge0: port 1(bridge_slave_0) entered forwarding state [ 189.199592][ T7750] chnl_net:caif_netlink_parms(): no params data found [ 189.243446][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 189.253275][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 189.268178][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.275497][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 189.302132][ T7747] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.309320][ T7747] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.317960][ T7747] device bridge_slave_0 entered promiscuous mode [ 189.325719][ T7747] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.332900][ T7747] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.340862][ T7747] device bridge_slave_1 entered promiscuous mode [ 189.349703][ T7745] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.384079][ T7745] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.405725][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 189.423438][ T7750] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.430929][ T7750] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.438592][ T7750] device bridge_slave_0 entered promiscuous mode [ 189.457337][ T7745] team0: Port device team_slave_0 added [ 189.476492][ T7747] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.486017][ T7750] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.493898][ T7750] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.501867][ T7750] device bridge_slave_1 entered promiscuous mode [ 189.515528][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 189.525268][ T7745] team0: Port device team_slave_1 added [ 189.546007][ T7747] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.585258][ T7750] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.599618][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 189.608264][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 189.616754][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 189.625441][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.634164][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 189.642648][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 189.651375][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 189.697519][ T7747] team0: Port device team_slave_0 added [ 189.704825][ T7750] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.722937][ T7739] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 189.735416][ T7739] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 189.748717][ T7753] chnl_net:caif_netlink_parms(): no params data found [ 189.763408][ T7747] team0: Port device team_slave_1 added [ 189.782997][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 189.791544][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 189.833420][ T7745] device hsr_slave_0 entered promiscuous mode [ 189.910852][ T7745] device hsr_slave_1 entered promiscuous mode [ 190.053295][ T7747] device hsr_slave_0 entered promiscuous mode [ 190.090831][ T7747] device hsr_slave_1 entered promiscuous mode [ 190.152015][ T7750] team0: Port device team_slave_0 added [ 190.163054][ T7742] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.173146][ T7753] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.183381][ T7753] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.191340][ T7753] device bridge_slave_0 entered promiscuous mode [ 190.199247][ T7753] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.206741][ T7753] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.215416][ T7753] device bridge_slave_1 entered promiscuous mode [ 190.224581][ T7750] team0: Port device team_slave_1 added [ 190.234934][ T7739] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 190.267335][ T7753] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 190.294511][ T7753] bond0: Enslaving bond_slave_1 as an active interface with an up link 01:59:05 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x3, 0xff) dup2(r0, r1) [ 190.334022][ T7742] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.348084][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 190.356075][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 190.462963][ T7750] device hsr_slave_0 entered promiscuous mode [ 190.500814][ T7750] device hsr_slave_1 entered promiscuous mode [ 190.571598][ T7753] team0: Port device team_slave_0 added [ 190.578838][ T7753] team0: Port device team_slave_1 added [ 190.586294][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.596091][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.604581][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.611702][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.693755][ T7753] device hsr_slave_0 entered promiscuous mode [ 190.731061][ T7753] device hsr_slave_1 entered promiscuous mode [ 190.774400][ T7749] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 190.782728][ T7749] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.791860][ T7749] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.800667][ T7749] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.807770][ T7749] bridge0: port 2(bridge_slave_1) entered forwarding state 01:59:06 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop-control\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) close(r0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vsock\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r0, r3, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe93) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x2000021000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") [ 190.828697][ T7745] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.868142][ T7769] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 190.901267][ T7769] Unknown ioctl 1075883590 [ 190.905830][ T7769] Unknown ioctl 1075883590 [ 190.906168][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 190.910549][ T7769] Unknown ioctl 1075883590 [ 190.919390][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.931395][ T7769] Unknown ioctl 1075883590 [ 190.935966][ T7769] Unknown ioctl 1075883590 [ 190.940590][ T7769] Unknown ioctl 1075883590 [ 190.945139][ T7769] Unknown ioctl 1075883590 [ 190.949627][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 190.951390][ T7769] Unknown ioctl 1075883590 [ 190.962440][ T7769] Unknown ioctl 1075883590 [ 190.964858][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.967019][ T7769] Unknown ioctl 1075883590 [ 190.979385][ T7769] Unknown ioctl 1075883590 [ 190.980133][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 190.985981][ T7769] Unknown ioctl 1075883590 [ 190.993533][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.996587][ T7769] Unknown ioctl 1075883590 [ 191.018384][ T7745] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.025446][ T7769] Unknown ioctl 1075883590 [ 191.029162][ T7747] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.029895][ T7769] Unknown ioctl 1075883590 [ 191.044989][ T7769] Unknown ioctl 1075883590 [ 191.049545][ T7769] Unknown ioctl 1075883590 [ 191.054251][ T7769] Unknown ioctl 1075883590 [ 191.059000][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 191.066902][ T7769] Unknown ioctl 1075883590 [ 191.071638][ T7769] Unknown ioctl 1075883590 [ 191.071967][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 191.076103][ T7769] Unknown ioctl 1075883590 [ 191.076112][ T7769] Unknown ioctl 1075883590 [ 191.076119][ T7769] Unknown ioctl 1075883590 [ 191.076128][ T7769] Unknown ioctl 1075883590 [ 191.076135][ T7769] Unknown ioctl 1075883590 [ 191.094884][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.106549][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.119587][ T7770] Unknown ioctl 1075883590 [ 191.127143][ T7770] Unknown ioctl 1075883590 [ 191.127449][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.132109][ T7770] Unknown ioctl 1075883590 [ 191.145176][ T7770] Unknown ioctl 1075883590 [ 191.146653][ T7758] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.149725][ T7770] Unknown ioctl 1075883590 [ 191.156768][ T7758] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.157652][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.162512][ T7770] Unknown ioctl 1075883590 [ 191.170877][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.178637][ T7770] Unknown ioctl 1075883590 [ 191.186449][ T7758] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.190414][ T7770] Unknown ioctl 1075883590 [ 191.194443][ T7758] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.202464][ T7770] Unknown ioctl 1075883590 [ 191.206573][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 191.219736][ T7770] Unknown ioctl 1075883590 [ 191.247064][ T7742] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 191.263837][ T7742] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 191.270459][ T7770] Unknown ioctl 1075883590 [ 191.279428][ T7770] Unknown ioctl 1075883590 [ 191.291736][ T7770] Unknown ioctl 1075883590 01:59:06 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) exit_group(0x0) r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uhid\x00', 0x802, 0x0) write$UHID_CREATE(r0, &(0x7f00000002c0)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000001c0)=""/219, 0xdb}, 0x120) write$UHID_INPUT2(r0, &(0x7f0000000040), 0x6) [ 191.301015][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 191.309072][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 191.324222][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 191.336610][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready 01:59:06 executing program 0: syz_open_dev$dri(&(0x7f0000001080)='/dev/dri/card#\x00', 0x0, 0x0) r0 = gettid() r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_BT_FLUSHABLE(r1, 0x112, 0x8, &(0x7f0000000000)=0x1, 0x4) timer_create(0x0, &(0x7f00000018c0)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r0, 0x15) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x78, r2, 0x2, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x44, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}, 0x6}}, {0x14, 0x2, @in={0x2, 0x4e21, @rand_addr=0x2}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x100}]}, @TIPC_NLA_LINK={0x20, 0x4, [@TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfce}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x4805}, 0x800) [ 191.347942][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 191.357629][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 191.369173][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 191.385423][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 191.394395][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 191.408243][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.417862][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 191.438921][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 191.441764][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.464826][ T7747] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.483413][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.495022][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.503702][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 01:59:06 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, 0x0, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f00000001c0)={0x2, 0xd, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x2, 0x0, 0x0, 0x0, {0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@loopback, @in=@remote}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x80}}, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) [ 191.506736][ T7742] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 191.512365][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.526450][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.529655][ T7745] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 191.551075][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 191.568642][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.580748][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.588362][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.593463][ T7753] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.599271][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.608703][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 191.610797][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.618934][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 191.627565][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.639314][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 191.644861][ C0] hrtimer: interrupt took 36649 ns [ 191.647899][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.659988][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 191.664314][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.674524][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 191.678636][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.695369][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.702968][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.709766][ T7753] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.717131][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.724649][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.732745][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.740160][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.748342][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.755850][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.763575][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.771348][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.773508][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.779007][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.798411][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready 01:59:07 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'team_slave_1\x00', 0x4fff}) 01:59:07 executing program 1: syz_mount_image$nfs(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x202000, 0x0) [ 191.826404][ T7758] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.830486][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.834263][ T7758] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.846298][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.869247][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.885306][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.894745][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 191.902131][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.902153][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.902172][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.902193][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.902222][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.902242][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.902261][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.902281][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.902300][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.902320][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.902339][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.902366][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.916980][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.917384][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.932866][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.946920][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.948247][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.963103][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.976358][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.978336][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 191.986113][ T7758] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.993323][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.000311][ T7758] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.006234][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 192.014559][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.023655][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 192.026118][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.040720][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 192.047401][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.060816][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.071743][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 192.076778][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.090410][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 192.110046][ T7745] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 192.115278][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.139462][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.153181][ T7750] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.159358][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.166203][ T7747] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 192.168222][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.184650][ T7747] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 192.200570][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.222194][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.235182][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.239715][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 192.243601][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.257249][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.259453][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.268140][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.275319][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.275341][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.275361][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.275381][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.275400][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.275421][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.275441][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.275460][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.275480][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.275539][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.289937][ T7759] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.298419][ T7759] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.306427][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.319221][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.328734][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.335586][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.350644][ T7759] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.358630][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.365011][ T7759] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.371004][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 192.373495][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.387749][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 192.389761][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.401189][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 192.428832][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.452363][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready 01:59:07 executing program 1: socketpair$unix(0x1, 0x800000000000001, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = epoll_create1(0x0) fsetxattr$trusted_overlay_nlink(0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffdbe, 0x0) dup3(r0, r1, 0x0) write$P9_RWRITE(0xffffffffffffffff, 0x0, 0x0) setsockopt(r1, 0x0, 0x0, 0x0, 0x0) [ 192.476471][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.496356][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.502704][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 192.507799][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.519439][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.550519][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.564075][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.572835][ T7750] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.589674][ T7753] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network 01:59:07 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net\x00\xab\xd4\xf0\xdd\xa4\xf5\x7f\xd0\x97\xe1\x9e\xaf\xfb\xf8\xac\xc5D?$p\x819P\xed\xb1\x01T\xb7s\x1a\xba\xacfK\xed\xa4\x01bG\xc5q\xaa\xfa\xe8\r\x00\tu\xbc\x8em!\xdau\xf1;\xd7\x8a\x9a\xbfJ$ 0\x17\x9a\v\xc6\xf3m\x9d\xfa\xc9\xcalo\xa6') fstat(r0, &(0x7f00000000c0)) [ 192.606001][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.637358][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.661934][ T7753] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 192.680283][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.687694][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.702761][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.705475][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.710167][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.720012][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 192.733755][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 192.734547][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.749417][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.757591][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.758402][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.765378][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.779913][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.783115][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.788110][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.800683][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 192.802372][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.810632][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.818307][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.831348][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 192.833176][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.846541][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 192.848550][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.857351][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 192.865133][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.878256][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 192.879797][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.888128][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 192.895817][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.909883][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 192.910268][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.922528][ T7747] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 192.935997][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.943749][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.947860][ T7753] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 192.951504][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.965779][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 192.965798][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.979274][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 192.980844][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.980865][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.980886][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.980907][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.980927][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.980958][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.980979][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.980999][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.981017][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.988632][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.996295][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.009645][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 193.011530][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.018756][ T7759] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.026292][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.033182][ T7759] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.041189][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 01:59:08 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x3f00000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000, 0x1d36030000000000]}, @empty, @loopback}) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, 0x0) ioctl$EVIOCGKEY(0xffffffffffffffff, 0x80404518, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000740)={{{@in=@local, @in=@multicast2}}, {{@in=@remote}, 0x0, @in6=@mcast1}}, &(0x7f0000000840)=0xe8) setresuid(0x0, 0xee01, 0x0) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000080)=ANY=[], 0x0) [ 193.071696][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.094291][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.120510][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 193.167472][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 193.169052][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.188039][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.196260][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.200149][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 193.205491][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.220293][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.224901][ T7759] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.228436][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.234780][ T7759] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.235235][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 193.243648][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.252017][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 193.265870][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.292005][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.305083][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 193.315799][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.320831][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 193.330460][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.344689][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 193.360567][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 193.360753][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.369233][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 193.404436][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.405838][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 193.420130][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.423508][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 193.435301][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.441606][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 193.443130][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.458363][ T7750] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 193.459218][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.470607][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 193.473755][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.490928][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.498395][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.504116][ T7750] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.511145][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.520587][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.528323][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.536421][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.543981][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.551768][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.559246][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.567256][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.575175][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.583110][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.590986][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.598497][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 01:59:08 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write$binfmt_elf64(r0, &(0x7f0000001380)=ANY=[@ANYBLOB="7f454c4600000000000000000000000000003e00000000000000000000000000400000000000000000000000000000000000000000003800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000034e40d010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002f839a95000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f95c9d0ec9fb42d92d471cbe500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000068cf59650ca7"], 0x3d1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) sendto$inet(r0, &(0x7f0000000f40)="03f4a2c970de1d9c3776a9481255ced5dbc57fe63cd931916a02bae17f7850aea473b1c2395dcc0f572febcadeb7fa0f2ee9dc78ccc69169ccfc0bf46dbaba25f3f5a75b77654c0cb9989ea026da080991348232bc2541328a29ec7e06942980144d2ae1b8811ef7af232c4bcb7d89d1aafda6e27d68ed8047debe4f6acdb39851142538045af7a37276d45101a908acd7e6586aaa477a1ed765207d078f", 0x9e, 0x0, 0x0, 0x0) 01:59:08 executing program 1: futex(&(0x7f0000000040), 0x5, 0x0, 0x0, &(0x7f0000000180), 0x32ffffff) 01:59:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000140)='smaps_rollup\x00') mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x42400) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000000)={@mcast2, 0x3, 0x0, 0x0, 0x8, 0x0, 0xffff}, 0x20) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) pread64(r2, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000100)={0x0, [0x0, 0x500000000000000]}) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) write$binfmt_elf64(r1, &(0x7f0000000740)={{0x7f, 0x45, 0x4c, 0x46, 0x200, 0x0, 0x0, 0x10000, 0x0, 0x3, 0x3e, 0x0, 0x26f, 0x40, 0x96, 0x7cdf, 0x80000001, 0x38, 0x2, 0x0, 0x0, 0xf8}, [{0x6, 0x0, 0x101, 0xcf4, 0x7, 0xfffffffffffffffc, 0x12, 0x1}], "c36636bff591868e0e1f991a80bf5948bcee8e988ea091a8ead47ebf4c78d1ee2c1e509435ee8d5bca5d76adc851b93e"}, 0xa8) fstat(0xffffffffffffffff, 0x0) fcntl$setpipe(r2, 0x407, 0x401) getresuid(0x0, &(0x7f0000000400), 0x0) dup2(r0, r3) 01:59:08 executing program 2: r0 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x1, 0x1000000031, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r0, 0x40bc5311, &(0x7f00000000c0)={0x0, 0x0, 'c\xfa\xa4\xe5\x9c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 0x0, "90c221442d02e7fe", "7f45f6e2d603e413ae8c4acb78a4d968b6f81b4260ddeee95680720e6ca4f77c"}) 01:59:08 executing program 5: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) 01:59:08 executing program 3: seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xffffffff}]}) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) chown(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) [ 193.617272][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.632852][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.643905][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.703610][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.749990][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.765495][ T26] audit: type=1326 audit(1554688749.070:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7828 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45b11a code=0xffff0000 [ 193.802687][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 01:59:09 executing program 1: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0xfa3) r1 = socket$kcm(0xa, 0x40122000000003, 0x11) setsockopt$sock_attach_bpf(r1, 0x29, 0x24, 0x0, 0xf3233b94a6b988d) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, &(0x7f0000000240)=ANY=[]) bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x48) gettid() socketpair(0x1, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) write$cgroup_int(r3, &(0x7f0000000980), 0xffffff4d) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmsg$kcm(r2, &(0x7f0000000200)={&(0x7f0000000040)=@ax25, 0x2, &(0x7f0000000000)=[{&(0x7f0000000080)=""/151, 0xffffff77}], 0x1, &(0x7f00000001c0)=""/17, 0xffda}, 0x3f00) 01:59:09 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r0, 0x7, &(0x7f0000002000)={0x1}) fcntl$lock(r0, 0x7, &(0x7f0000010000)={0x0, 0x0, 0x0, 0x4192}) [ 193.852329][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.860113][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.890341][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 01:59:09 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="0adc1f123c123f3188b070") mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000540)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r0, 0x0) [ 193.911579][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.949129][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.964986][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.980704][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.988671][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.996590][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.004603][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 01:59:09 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x2b7, 0x0}}], 0x53, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f0000000040)={@remote}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f0000000140)={@remote={0xfe, 0x80, [], 0xffffffffffffffff}}, 0x20) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00') preadv(r1, &(0x7f00000017c0), 0x3a8, 0x0) [ 194.038399][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.068223][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.094378][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.119671][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.145959][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.174004][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 01:59:09 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) syz_open_dev$swradio(0x0, 0xffffffffffffffff, 0x2) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7) ioctl$TCFLSH(r0, 0x8910, 0x70a000) [ 194.192239][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.208758][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.224499][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.246798][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.266912][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.288864][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.299367][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.307067][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.314769][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.322616][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.331457][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.339147][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.348485][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.356159][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.363872][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.371454][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.380043][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.387815][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.395352][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.402939][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.410674][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.418099][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.425605][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.433066][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.440596][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.448181][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.455657][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.463156][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.470628][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.478050][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.486395][ T26] audit: type=1326 audit(1554688749.800:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7828 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45b11a code=0xffff0000 [ 194.509181][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.516723][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.524239][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.531817][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.539393][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 01:59:09 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uhid\x00', 0x2, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f00000000c0)=""/11, 0xb}, 0x120) [ 194.546869][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.554324][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.561777][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.569164][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.577086][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.584767][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.600350][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.617875][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.626286][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 194.634655][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 01:59:09 executing program 3: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) dup2(r0, r2) [ 194.646629][ T7749] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 194.715569][ T7865] sp0: Synchronizing with TNC 01:59:10 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x72, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f0000000340)="206305edd00e5af621f142dbd62e7f2ea21e48c0be80fedb5a38eb8019e294a82910f72aba408eae12780f7da3a210c7d63a5f57c8c68d963f33b214cf9b9ee7afe2e54c2f761bd096ccdca5b1576f58261991c86acb7037bc30f28bc70aa6e9b012a2340ecd63da8fbe9564b37355d54cc6819be9262afbf1dd2b61dd2f4ebcb750137f5b3eb5ab72393af8d0908867874049b896f3fd352af32f004846342c47a0a5228faf0f8bd16d85654995a6ce054063f2ab82e6e9c140cf24fa18e5d08a67f2fd4fcccfe298cbfd153004cea2030fede44324f739202c2454ca2d8521be4cbe2daa2f7d13b3da3e235ce13a204d3a7e108e7aef1a937bbd2f15c347da13a5229327bdce3a7da375bd5341495768ba4dc3c160d1158d456a890bbf044a054ebae3ca4759fd2112a6b059c5a01c8aee3464306280ad6e375ea62a1cdf1bb672f96b280ff579f7d0acf072d613f13066b9c7d5f0b54dc983e180d5d08b2030160d6b50934bf47ff2be67b2a5530d0a6cccb280afae865867b7e6f4422466ff9fc051a07eff8a3880e432d3a643689f3de4bc7f6fc64941bda01609b58f6e694d37af7fd69662ae36923bd482de6693c97e23a319ed201b9697a67487dbbbdf83ba72b439eae7efc34c1a3d9a56d64b1584f0f7ff57167c0f86d8c78a0e1e431a938b1592064cb3054ad4b298d88953388fbfdb4c0abde466659bda384e17dbabffc2aa7be2ed64b901be8f8ee5fb5ec323fe3b5085ac21a33f6213d62ff1ad2bd0b3e3f1a16a8d64bb800b02301d6d414cd25b4d6ea8cbf7ea65e3a854bafe4189bba3321834180f0194eb1c81b17014f35e056200cf7d26678739b1623454365389d52fe7d63e0b5fb8af55ff2d3f78d6cbec4e6ea62c6a73d749474d7d1e029686f20f5dc1ff67e55a890409fba15ff689172d153ebeeb94b4ce728df34a858914339b3f5c161e63526e790eb588fb15a17af00e5293a1c15a457b6b8e7935fd8df006f37cdfb0fb4b19c95d2782611ea398de34dbc51b25294a8b570e275e94df2eadabca4fb608576850f2965e8dd22a7e12c83140e305931ae6c41f2af95a1f6febd8dc2b6accaf30800653573f9eab449065a32d34defcd6755f706351c172cb0b321e771eb96f67e17932009a0f13d8da2ac197b1b886ad9023ee6a2b6ff601d96021820a1a47471ec9a2f57d511735924dacafd63f175833f7955692a81a1cd39d7e73f2e3bac98308caeea2f915e9a745741ca8956b78b4a0047bf95ca113454c8fb8d21acc9cea63d76b5367c7e873bdccf85d0e0f776820bf6e9bca1e980da60c0f6adc078ae163bd59044c5f04e8e809e0f79f3922f9993ecc95666634c6e48d45520974ff998976fb45e87e3d9f8d4ce49797ef8d3e2f5dc742b2be2298696d5ca94df9cf8ef4f74c0b1b144ef4f7ec88f0cd120cf7be5ce3963c520014757767d31fda15f94d58e8a91cfe395c0bf372c21140360b3ce6d611b152e42e7854677a4f1b962d4caa85e742b8722321ae2efef681fa75ffbc4c942525a6de27dec6e1856b1f861a7727f9eb4b430c964587e7a5f47f9535a44df53f", 0x463, 0x0, 0x0, 0x0) [ 194.763730][ T7866] sp1: Synchronizing with TNC 01:59:10 executing program 5: r0 = syz_open_dev$sndctrl(&(0x7f0000000140)='/dev/snd/controlC#\x00', 0x7e0e7b3, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r0, 0xc4c85512, &(0x7f0000000180)={{0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) 01:59:10 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) getsockopt$bt_hci(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgid(0xffffffffffffffff) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000044ff8)={0xffffffffffffffff, 0xffffffffffffffff}) bind$unix(r1, &(0x7f0000000080)=@file={0x1, './file0\x00'}, 0x6e) connect$unix(r1, &(0x7f00000bc000)=@abs, 0x8) sendmmsg$unix(r2, &(0x7f00000bd000), 0x80, 0x0) connect$unix(r1, &(0x7f0000681000)=@abs, 0x8) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$binfmt_aout(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="0000000000000000000008000000000000000000001c3adde6863809aa0000004e2311a4a1027777bf4059f358dc1ab73301ad9a85afe827389338a0ddbe9f63e90900000000000000d94fcadcb572c54f42bb8c0d7de02d9bf774a2d8fa246a1f22796dbb1c"], 0x66) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) ioctl$RTC_ALM_READ(0xffffffffffffffff, 0x80247008, 0x0) ioctl$RTC_PIE_OFF(r3, 0x7006) mkdir(&(0x7f0000001540)='./file0\x00', 0x0) getsockname$inet(r4, &(0x7f0000000240)={0x2, 0x0, @multicast1}, &(0x7f0000000300)=0x10) 01:59:10 executing program 3: openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KDSKBMODE(0xffffffffffffffff, 0x4b45, 0x0) write$P9_RUNLINKAT(0xffffffffffffffff, 0x0, 0x0) io_setup(0x0, 0x0) io_submit(0x0, 0x0, 0x0) write$P9_RREAD(0xffffffffffffffff, 0x0, 0x0) r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000002bc0)='/dev/urandom\x00', 0x202, 0x0) write$P9_RCREATE(r0, 0x0, 0x0) 01:59:10 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uhid\x00', 0x2, 0x0) write$UHID_CREATE(r1, &(0x7f0000001080)={0x0, 'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f00000000c0)=""/11, 0xb}, 0x120) read(r1, &(0x7f00000003c0)=""/169, 0xa9) 01:59:10 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10) 01:59:10 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) getsockopt$bt_hci(r0, 0x0, 0x3, &(0x7f0000000040)=""/117, &(0x7f00000000c0)=0x75) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgid(0xffffffffffffffff) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000044ff8)={0xffffffffffffffff, 0xffffffffffffffff}) bind$unix(0xffffffffffffffff, 0x0, 0x0) connect$unix(r1, &(0x7f00000bc000)=@abs, 0x8) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x80, 0x0) connect$unix(r1, &(0x7f00003de000)=@file={0x1, './file0\x00'}, 0xa) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$binfmt_aout(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="0000000000000000000008000000000000000000001c3adde6863809aa0000004e2311a4a1027777bf4059f358dc1ab73301ad9a85afe827389338a0ddbe9f63e90900000000000000d94fcadcb572c54f42bb8c0d7de02d9bf774a2d8fa246a1f22796dbb1ceeb7bd4300"/116], 0x74) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) ioctl$RTC_ALM_READ(r3, 0x80247008, 0x0) ioctl$RTC_PIE_OFF(r3, 0x7006) mkdir(&(0x7f0000001540)='./file0\x00', 0x0) 01:59:10 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) syz_open_dev$swradio(0x0, 0xffffffffffffffff, 0x2) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7) ioctl$TCFLSH(r0, 0x8910, 0x70a000) [ 195.228278][ T7749] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 01:59:10 executing program 3: sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x800) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') sendfile(r1, r2, 0x0, 0x50000000000443) ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 195.276904][ T7749] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 01:59:10 executing program 2: r0 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x80011, r0, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000100)=ANY=[@ANYBLOB="ffffffffffff0180c200000086dd60766051003018fffe8000000000000000000000000000ffff020000000000000000000000000001860090780814050060c5961e00000000ff010000000000000503000004000001ff020000000000000000000000000001368bf4d4785399e5404a6eb0503c00c3aa546c65149b7b0fa6b718b35b433ef4318fd5724be93485a9811359c82a226e6b62c6786366e8b5331be30adf488a29f81c0a47ebb6b636a9d5b47fa12e61c7914d49432045caa5cf63ba7ed179d34dc16b36a268ed715f0e6084923c35a77c25ce850d254e2a9b1100e1706a316a646137c3437afb2a10fcaf992d423df7c6b997cf0460852ce5ed5bd7ac52c35544db2c32a303698f65c1bad5e465875ebedbf36bc3250d356d1ff37bc77e583ce46bdd80e661792fe20dd3ea352c64acf1e836d59630d95b299855d0e201d152f6e9922d8d5e42f3d44f025c07c237"], 0x0) [ 195.345355][ T7749] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 195.378097][ T7933] sp0: Synchronizing with TNC [ 195.412426][ T7749] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 195.503853][ T7749] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 195.574744][ T7749] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 195.638567][ T7749] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 195.711686][ T7749] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 195.781322][ T7749] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 195.829923][ T7929] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 195.847535][ T7749] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 195.889206][ T7929] FAT-fs (loop4): Filesystem has been set read-only [ 195.897707][ T7749] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 195.925817][ T7929] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 17) [ 195.975708][ T7749] hid-generic 0000:0000:0000.0002: hidraw1: HID v0.00 Device [syz1] on syz1 01:59:11 executing program 3: sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x800) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') sendfile(r1, r2, 0x0, 0x50000000000443) ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 196.024767][ T7758] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 196.047135][ T7929] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 196.057163][ T7758] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 196.082662][ T7929] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 17) 01:59:11 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x76, 0x4) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r1, 0x0, 0x3a9, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write$binfmt_elf64(r1, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0x7fce) 01:59:11 executing program 1: seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xffffffff}]}) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) chdir(&(0x7f0000000040)='./file0\x00') [ 196.128040][ T7758] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 01:59:11 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) syz_open_dev$swradio(0x0, 0xffffffffffffffff, 0x2) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7) ioctl$TCFLSH(r0, 0x8910, 0x70a000) [ 196.217071][ T7758] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 196.217479][ T7961] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 196.258775][ T7758] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 196.283490][ T7961] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 17) [ 196.321435][ T7929] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 196.333212][ T7758] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 01:59:11 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") syz_emit_ethernet(0x3e, &(0x7f0000000180)={@link_local, @empty, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev}, @icmp=@parameter_prob={0x24, 0x4, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @dev}}}}}}, 0x0) 01:59:11 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x200000000, 0x1, &(0x7f0000000140)=[{&(0x7f0000000340)="eb3c906d6b66732e66617400020401c46400000000f8a6", 0x17}], 0x0, 0x0) r0 = socket$inet(0x2, 0x20000000000a, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc5f123c123f319bd070") statfs(&(0x7f0000000800)='./file0\x00', &(0x7f0000000240)=""/102) [ 196.395056][ T26] audit: type=1326 audit(1554688751.700:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7983 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45b11a code=0xffff0000 [ 196.398733][ T7758] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 196.452832][ T7929] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 17) [ 196.475516][ T7982] sp0: Synchronizing with TNC [ 196.536092][ T7995] syz-executor.2 uses obsolete (PF_INET,SOCK_PACKET) [ 196.552192][ T7758] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 196.577100][ T7758] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 196.602293][ T7758] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 196.670152][ T7758] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 196.719909][ T7758] hid-generic 0000:0000:0000.0003: hidraw1: HID v0.00 Device [syz1] on syz1 01:59:12 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000300)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x7f, 0x400200007fe, &(0x7f0000000080)={0x2, 0x10084e23, @local}, 0x10) sendmmsg(r0, &(0x7f0000006340)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002fc0)=[{0x10, 0x1}], 0x10}}], 0x1, 0x0) 01:59:12 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) semget$private(0x0, 0x0, 0xffffffffffffffff) openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0) semctl$GETPID(0x0, 0x0, 0xb, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, 0x0, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f00000001c0)={0x2, 0xd, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x2, 0x0, 0x0, 0x0, {0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@loopback, @in=@remote}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x80}}, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000040)={@local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @remote}, @icmp=@timestamp_reply}}}}, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) 01:59:12 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) syz_open_dev$swradio(0x0, 0xffffffffffffffff, 0x2) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7) ioctl$TCFLSH(r0, 0x8910, 0x70a000) 01:59:12 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) getsockopt$bt_hci(r0, 0x0, 0x3, &(0x7f0000000040)=""/117, &(0x7f00000000c0)=0x75) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgid(0xffffffffffffffff) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000044ff8)={0xffffffffffffffff, 0xffffffffffffffff}) bind$unix(0xffffffffffffffff, 0x0, 0x0) connect$unix(r1, &(0x7f00000bc000)=@abs, 0x8) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x80, 0x0) connect$unix(r1, &(0x7f00003de000)=@file={0x1, './file0\x00'}, 0xa) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$binfmt_aout(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="0000000000000000000008000000000000000000001c3adde6863809aa0000004e2311a4a1027777bf4059f358dc1ab73301ad9a85afe827389338a0ddbe9f63e90900000000000000d94fcadcb572c54f42bb8c0d7de02d9bf774a2d8fa246a1f22796dbb1ceeb7bd4300"/116], 0x74) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) ioctl$RTC_ALM_READ(r3, 0x80247008, 0x0) ioctl$RTC_PIE_OFF(r3, 0x7006) mkdir(&(0x7f0000001540)='./file0\x00', 0x0) 01:59:12 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f00000001c0)={0x2, 0xd, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}, @sadb_x_policy={0x8, 0x12, 0x4, 0x0, 0x0, 0x0, 0x0, {0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@loopback, @in=@remote}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x80}}, 0x0) [ 197.057661][ T8018] sp0: Synchronizing with TNC 01:59:12 executing program 5: unshare(0x40000000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000000)={'security\x00'}, &(0x7f0000000080)=0x54) 01:59:12 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) semget$private(0x0, 0x0, 0xffffffffffffffff) openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0) semctl$GETPID(0x0, 0x0, 0xb, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, 0x0, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f00000001c0)={0x2, 0xd, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x2, 0x0, 0x0, 0x0, {0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@loopback, @in=@remote}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x80}}, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000040)={@local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @remote}, @icmp=@timestamp_reply}}}}, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) [ 197.184959][ T26] audit: type=1326 audit(1554688752.490:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7983 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45b11a code=0xffff0000 01:59:12 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) semget$private(0x0, 0x0, 0xffffffffffffffff) openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0) semctl$GETPID(0x0, 0x0, 0xb, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, 0x0, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f00000001c0)={0x2, 0xd, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x2, 0x0, 0x0, 0x0, {0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@loopback, @in=@remote}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x80}}, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000040)={@local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @remote}, @icmp=@timestamp_reply}}}}, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) 01:59:12 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) syz_open_dev$swradio(0x0, 0xffffffffffffffff, 0x2) ioctl$TCFLSH(r0, 0x8910, 0x70a000) [ 197.337829][ T8038] IPVS: ftp: loaded support on port[0] = 21 01:59:12 executing program 2: creat(&(0x7f0000000100)='./bus\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000780)='./bus\x00', 0x14102e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x4002011, r0, 0x0) mount(0x0, 0x0, 0x0, 0x0, &(0x7f000000a000)) 01:59:12 executing program 3: r0 = socket(0x2000080000000010, 0x80802, 0x0) write(r0, &(0x7f0000000140)="2400000058001ffaff07f404012304000a1ff51108000100028100020800028001000000", 0x24) 01:59:12 executing program 2: r0 = socket$kcm(0xa, 0x2, 0x73) r1 = dup(r0) sendto$isdn(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 01:59:13 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) syz_open_dev$swradio(0x0, 0xffffffffffffffff, 0x2) ioctl$TCFLSH(r0, 0x8910, 0x70a000) 01:59:13 executing program 1: 01:59:13 executing program 3: r0 = socket(0x2000080000000010, 0x80802, 0x0) write(r0, &(0x7f0000000140)="2400000058001ffaff07f404012304000a1ff51108000100028100020800028001000000", 0x24) 01:59:13 executing program 4: 01:59:13 executing program 2: [ 198.236408][ T8038] IPVS: ftp: loaded support on port[0] = 21 01:59:13 executing program 5: 01:59:13 executing program 1: 01:59:13 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) syz_open_dev$swradio(0x0, 0xffffffffffffffff, 0x2) ioctl$TCFLSH(r0, 0x8910, 0x70a000) 01:59:13 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) write$binfmt_elf64(r0, &(0x7f0000001380)=ANY=[@ANYBLOB="7f454c4600000000000000000000000000003e00000000000000000000000000400000000000000000000000000000000000000000003800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000034e40d0100"/520], 0x208) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080), 0x4) sendto$inet(r0, &(0x7f0000000f40)="03f4a2c970de1d9c3776a9481255ced5dbc57fe63cd931916a02bae17f7850aea473b1c2395dcc0f572febcadeb7fa0f2ee9dc78ccc69169ccfc0bf46dbaba25f3f5a75b77654c0cb9989ea026da080991348232bc2541328a29ec7e06942980144d2ae1b8811ef7af232c4bcb7d89d1aafda6e27d68ed8047debe4f6acdb39851142538045af7a37276d45101a908acd7e6586aaa477a1ed765207d078f68d3f09646ebb175b64f48673bab39a740b280f8876953befe1c9eb8b1494786cdda1a87dbce11989c23041ee130", 0xcc, 0x0, 0x0, 0x0) 01:59:13 executing program 2: openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x208000, 0x0) creat(&(0x7f0000000340)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xa00000400, 0xffffbffeffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='nfs\x00', 0x0, &(0x7f000000a000)) 01:59:13 executing program 4: 01:59:13 executing program 4: 01:59:13 executing program 1: 01:59:13 executing program 5: 01:59:13 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7) ioctl$TCFLSH(r0, 0x8910, 0x70a000) [ 198.445086][ T2629] rpcbind: RPC call returned error 22 01:59:13 executing program 4: 01:59:13 executing program 1: [ 198.517582][ T141] rpcbind: RPC call returned error 22 01:59:13 executing program 3: 01:59:13 executing program 5: 01:59:13 executing program 2: [ 198.582191][ T8112] sp0: Synchronizing with TNC 01:59:13 executing program 4: 01:59:14 executing program 1: 01:59:14 executing program 3: 01:59:14 executing program 0: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x7) ioctl$TCFLSH(0xffffffffffffffff, 0x8910, 0x70a000) 01:59:14 executing program 2: 01:59:14 executing program 4: 01:59:14 executing program 5: 01:59:14 executing program 1: 01:59:14 executing program 3: 01:59:14 executing program 2: 01:59:14 executing program 0: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x7) ioctl$TCFLSH(0xffffffffffffffff, 0x8910, 0x70a000) 01:59:14 executing program 5: 01:59:14 executing program 4: 01:59:14 executing program 1: 01:59:14 executing program 3: 01:59:14 executing program 2: 01:59:14 executing program 4: 01:59:14 executing program 5: 01:59:14 executing program 0: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x7) ioctl$TCFLSH(0xffffffffffffffff, 0x8910, 0x70a000) 01:59:14 executing program 1: 01:59:14 executing program 3: 01:59:14 executing program 2: 01:59:14 executing program 3: 01:59:14 executing program 4: 01:59:14 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7) ioctl$TCFLSH(r0, 0x8910, 0x70a000) 01:59:14 executing program 5: 01:59:14 executing program 1: 01:59:14 executing program 2: 01:59:15 executing program 3: 01:59:15 executing program 5: 01:59:15 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7) ioctl$TCFLSH(r0, 0x8910, 0x70a000) 01:59:15 executing program 4: 01:59:15 executing program 1: 01:59:15 executing program 2: 01:59:15 executing program 3: 01:59:15 executing program 5: 01:59:15 executing program 4: 01:59:15 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7) ioctl$TCFLSH(r0, 0x8910, 0x70a000) 01:59:15 executing program 5: 01:59:15 executing program 2: 01:59:15 executing program 1: 01:59:15 executing program 3: 01:59:15 executing program 4: 01:59:15 executing program 2: 01:59:15 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x7) ioctl$TCFLSH(r0, 0x8910, 0x70a000) 01:59:15 executing program 3: 01:59:15 executing program 1: 01:59:15 executing program 4: 01:59:15 executing program 5: 01:59:15 executing program 2: 01:59:15 executing program 3: 01:59:15 executing program 1: 01:59:15 executing program 4: 01:59:15 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x7) ioctl$TCFLSH(r0, 0x8910, 0x70a000) 01:59:15 executing program 3: 01:59:16 executing program 5: 01:59:16 executing program 2: 01:59:16 executing program 4: 01:59:16 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f0000000000)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0485619, &(0x7f00000000c0)) 01:59:16 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x1, 0x1000000031, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r0, 0xc0bc5351, &(0x7f0000000000)={0x0, 0x0, 'client1\x00', 0x0, "3e45c69b5ee5b5d2", "e34dc5b89c496aa15f2c8be326739b2f48e58c54c822a21e8fbfd19f2daa096c"}) 01:59:16 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x7) ioctl$TCFLSH(r0, 0x8910, 0x70a000) 01:59:16 executing program 2: 01:59:16 executing program 4: 01:59:16 executing program 5: 01:59:16 executing program 3: 01:59:16 executing program 1: 01:59:16 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$TCFLSH(r0, 0x8910, 0x70a000) 01:59:16 executing program 2: 01:59:16 executing program 5: 01:59:16 executing program 4: 01:59:16 executing program 3: 01:59:16 executing program 1: 01:59:16 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$TCFLSH(r0, 0x8910, 0x70a000) 01:59:16 executing program 5: 01:59:16 executing program 4: 01:59:16 executing program 2: 01:59:16 executing program 3: 01:59:16 executing program 5: 01:59:16 executing program 1: 01:59:16 executing program 4: 01:59:16 executing program 2: 01:59:16 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$TCFLSH(r0, 0x8910, 0x70a000) 01:59:16 executing program 3: 01:59:16 executing program 4: 01:59:16 executing program 1: 01:59:16 executing program 5: 01:59:16 executing program 2: 01:59:16 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)) ioctl$TCFLSH(r0, 0x8910, 0x70a000) 01:59:17 executing program 3: 01:59:17 executing program 4: 01:59:17 executing program 2: 01:59:17 executing program 1: 01:59:17 executing program 5: 01:59:17 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)) ioctl$TCFLSH(r0, 0x8910, 0x70a000) 01:59:17 executing program 3: 01:59:17 executing program 1: 01:59:17 executing program 4: 01:59:17 executing program 5: 01:59:17 executing program 2: 01:59:17 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)) ioctl$TCFLSH(r0, 0x8910, 0x70a000) 01:59:17 executing program 5: 01:59:17 executing program 4: 01:59:17 executing program 1: 01:59:17 executing program 3: 01:59:17 executing program 2: 01:59:17 executing program 5: 01:59:17 executing program 4: 01:59:17 executing program 3: 01:59:17 executing program 5: 01:59:17 executing program 1: 01:59:17 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7) ioctl$TCFLSH(0xffffffffffffffff, 0x8910, 0x70a000) 01:59:17 executing program 4: 01:59:17 executing program 2: 01:59:17 executing program 3: [ 202.431262][ T8373] sp0: Synchronizing with TNC 01:59:17 executing program 1: 01:59:17 executing program 5: 01:59:17 executing program 2: 01:59:17 executing program 4: 01:59:17 executing program 3: 01:59:17 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7) ioctl$TCFLSH(0xffffffffffffffff, 0x8910, 0x70a000) 01:59:18 executing program 2: 01:59:18 executing program 1: 01:59:18 executing program 5: 01:59:18 executing program 4: 01:59:18 executing program 3: [ 202.843598][ T8409] sp0: Synchronizing with TNC 01:59:18 executing program 2: 01:59:18 executing program 5: 01:59:18 executing program 4: 01:59:18 executing program 1: 01:59:18 executing program 3: 01:59:18 executing program 2: 01:59:18 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7) ioctl$TCFLSH(0xffffffffffffffff, 0x8910, 0x70a000) 01:59:18 executing program 4: 01:59:18 executing program 5: 01:59:18 executing program 1: 01:59:18 executing program 2: 01:59:18 executing program 3: 01:59:18 executing program 4: 01:59:18 executing program 5: 01:59:18 executing program 3: 01:59:18 executing program 1: 01:59:18 executing program 2: 01:59:18 executing program 4: 01:59:18 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7) ioctl$TCFLSH(r0, 0x8910, 0x0) 01:59:18 executing program 3: 01:59:18 executing program 5: 01:59:18 executing program 2: 01:59:19 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000080)=""/115, 0x73}], 0x1, 0x0, 0xfe79}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='cmdline\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) 01:59:19 executing program 4: 01:59:19 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7) ioctl$TCFLSH(r0, 0x8910, 0x0) 01:59:19 executing program 3: 01:59:19 executing program 2: 01:59:19 executing program 5: 01:59:19 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000580)={'nr0\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00', 0x801}) ioctl$TUNSETNOCSUM(r0, 0x400454c8, 0x0) 01:59:19 executing program 5: r0 = socket$inet(0x2, 0x2, 0x8000002200000088) sendto$inet(r0, 0x0, 0x0, 0x8084, &(0x7f0000000000)={0x2, 0x4e20}, 0x10) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$inet_udp_int(r0, 0x11, 0xa, &(0x7f0000000600), 0x4) capset(0x0, 0x0) r2 = open(0x0, 0x202c1, 0x0) fallocate(r2, 0xffffffffffffffff, 0x4, 0x100000000) symlinkat(&(0x7f0000000140)='./file0\x00', r2, &(0x7f0000000280)='./file0\x00') fsetxattr$security_ima(r2, &(0x7f0000000040)='security.ima\x00', 0x0, 0x0, 0x0) write$UHID_SET_REPORT_REPLY(r2, &(0x7f0000000180)={0xe, 0x5, 0x0, 0x3ff, 0x58, "d2d5435addd345db3983523af266c0e9305c6b0069e45e0341f40bd98138045097650ce4bc35db222a144a7b46f7c13b6bc6841810a79215835d415b8996bbeaafa7e214ab1dbf51498c421dc62bc054e196338c83af9f5a"}, 0x64) ioctl$TIOCCONS(0xffffffffffffffff, 0x541d) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_PORTS(r2, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r4, 0x400, 0x70bd2a, 0x25dfdbfe}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x40001) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r3, &(0x7f0000001400)={0x0, 0x4c00007e, &(0x7f00000013c0)={&(0x7f0000000100)={0x14, 0x17, 0x101, 0x0, 0x0, {0x4}}, 0x14}}, 0x0) 01:59:19 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) flistxattr(r0, &(0x7f0000000180)=""/143, 0x8f) write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25) 01:59:19 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7) ioctl$TCFLSH(r0, 0x8910, 0x0) 01:59:19 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) write$cgroup_pid(r1, &(0x7f0000000080), 0xdc0f8a25) 01:59:19 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x3, 0x8) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x541b, &(0x7f0000000180)={'bridge0\x00\x00\x00\x02k\x00'}) 01:59:19 executing program 4: r0 = syz_open_dev$sndseq(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf64(r1, &(0x7f0000000040)=ANY=[], 0xfffffe4b) recvmsg(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=""/55, 0x37}, 0x1) pkey_alloc(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x78) syz_open_dev$evdev(0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f0000002bc0)=[{{0x0, 0xffffffffffffff74, &(0x7f0000002b00), 0x0, &(0x7f0000000080)=""/62, 0x3e}}], 0x20a, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, 0x0) 01:59:19 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) flistxattr(r0, &(0x7f0000000180)=""/143, 0x8f) write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25) [ 204.401397][ T8512] sp0: Synchronizing with TNC 01:59:19 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) flistxattr(r0, &(0x7f0000000180)=""/143, 0x8f) write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25) 01:59:20 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) write$cgroup_pid(r1, &(0x7f0000000080), 0xdc0f8a25) 01:59:20 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndseq(&(0x7f0000000180)='/dev/snd/seq\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[], 0xfffffe4b) recvmsg(0xffffffffffffffff, 0x0, 0x1) pkey_alloc(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x78) fsetxattr$security_evm(0xffffffffffffffff, &(0x7f0000000280)='security.evm\x00', &(0x7f00000003c0)=ANY=[], 0x0, 0xfffffffffffffffe) syz_open_dev$evdev(0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0xffffffffffffff74, &(0x7f0000002b00), 0x0, &(0x7f0000000080)=""/62, 0x3e}}], 0x20a, 0x0, 0x0) clone(0x10020000, &(0x7f0000000200), 0x0, 0x0, 0x0) 01:59:20 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) flistxattr(r0, &(0x7f0000000180)=""/143, 0x8f) write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25) 01:59:20 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f0000ae6fc7)="390000001100094701bb61e1c3050001070000000400000045efffff08009b0019001a000f000000220001071c06000004e9ff0004000d0005", 0x39}], 0x1) 01:59:20 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x21000008912, &(0x7f0000000240)="0adc1f123c123f3188b070") clone(0x7ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 01:59:20 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000690000)={0x1c, 0x5001, 0x207, 0x1, 0x0, 0x0, {}, [@nested={0x8, 0x1, [@generic="06"]}]}, 0x1c}}, 0x24004000) 01:59:20 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) flistxattr(r0, &(0x7f0000000180)=""/143, 0x8f) write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25) 01:59:20 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="da00000000000000693c8275000000009500000000000000"], 0x0, 0x1, 0xc3, &(0x7f0000000240)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) 01:59:20 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) write$cgroup_pid(r1, &(0x7f0000000080), 0xdc0f8a25) 01:59:20 executing program 4: socketpair$unix(0x1, 0x400000000005, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x910, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000140)='syz_tun\x00\x84\xa7\xb9\x9f\xc0|s\"', 0x19a) sendto$unix(r1, 0x0, 0x0, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x6e) readv(r1, &(0x7f0000000000)=[{&(0x7f0000000200)=""/175, 0xaf}], 0x1) ioctl$SIOCGSTAMPNS(r1, 0x8907, &(0x7f00000001c0)) 01:59:20 executing program 3: syz_emit_ethernet(0x36, &(0x7f0000000080)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, @local={0xac, 0x34}}, @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) 01:59:20 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25) 01:59:20 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x6) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockopt$inet6_int(r0, 0x29, 0x11, &(0x7f0000534000), &(0x7f0000000180)=0x4) 01:59:20 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) write$cgroup_pid(r1, &(0x7f0000000080), 0xdc0f8a25) [ 205.376039][ T8585] raw_sendmsg: syz-executor.4 forgot to set AF_INET. Fix it! [ 205.397311][ T8585] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8585 [ 205.411260][ T8585] caller is sk_mc_loop+0x1d/0x210 [ 205.416363][ T8585] CPU: 0 PID: 8585 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 205.425434][ T8585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 205.425492][ T8585] Call Trace: [ 205.425569][ T8585] dump_stack+0x172/0x1f0 [ 205.443231][ T8585] __this_cpu_preempt_check+0x246/0x270 [ 205.448800][ T8585] sk_mc_loop+0x1d/0x210 [ 205.453062][ T8585] ip_mc_output+0x2ef/0xf70 [ 205.453090][ T8585] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 205.462728][ T8585] ? __ip_make_skb+0xf15/0x1820 [ 205.462746][ T8585] ? ip_append_data.part.0+0x170/0x170 [ 205.462760][ T8585] ? dst_release+0x62/0xb0 [ 205.462775][ T8585] ? __ip_make_skb+0xf93/0x1820 [ 205.462795][ T8585] ip_local_out+0xc4/0x1b0 [ 205.486890][ T8585] ip_send_skb+0x42/0xf0 [ 205.491158][ T8585] ip_push_pending_frames+0x64/0x80 [ 205.496381][ T8585] raw_sendmsg+0x1e6d/0x2f20 [ 205.501010][ T8585] ? compat_raw_getsockopt+0x100/0x100 [ 205.506490][ T8585] ? tomoyo_check_inet_address+0x321/0x700 [ 205.512329][ T8585] ? __fget+0x35a/0x550 [ 205.516539][ T8585] ? ___might_sleep+0x163/0x280 [ 205.521434][ T8585] ? __might_sleep+0x95/0x190 [ 205.526141][ T8585] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 205.531801][ T8585] ? aa_sk_perm+0x288/0x880 [ 205.536326][ T8585] ? lock_downgrade+0x880/0x880 [ 205.541206][ T8585] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 205.546810][ T8585] inet_sendmsg+0x147/0x5e0 [ 205.551334][ T8585] ? compat_raw_getsockopt+0x100/0x100 [ 205.556818][ T8585] ? inet_sendmsg+0x147/0x5e0 [ 205.561725][ T8585] ? ipip_gro_receive+0x100/0x100 [ 205.566786][ T8585] sock_sendmsg+0xdd/0x130 [ 205.571257][ T8585] __sys_sendto+0x262/0x380 [ 205.575792][ T8585] ? __ia32_sys_getpeername+0xb0/0xb0 [ 205.581275][ T8585] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 205.587576][ T8585] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 205.593053][ T8585] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 205.598538][ T8585] ? do_syscall_64+0x26/0x610 [ 205.603260][ T8585] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.609346][ T8585] __x64_sys_sendto+0xe1/0x1a0 [ 205.614140][ T8585] do_syscall_64+0x103/0x610 [ 205.618736][ T8585] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.624636][ T8585] RIP: 0033:0x4582b9 [ 205.628557][ T8585] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 205.648176][ T8585] RSP: 002b:00007f72b7dd1c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 205.656605][ T8585] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 205.664580][ T8585] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 205.672572][ T8585] RBP: 000000000073bf00 R08: 0000000020000d00 R09: 000000000000006e [ 205.680542][ T8585] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f72b7dd26d4 [ 205.688549][ T8585] R13: 00000000004c5a1a R14: 00000000004d9dd0 R15: 00000000ffffffff [ 205.704678][ T8591] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8591 [ 205.714452][ T8591] caller is sk_mc_loop+0x1d/0x210 [ 205.719519][ T8591] CPU: 1 PID: 8591 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 205.728539][ T8591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 205.738611][ T8591] Call Trace: [ 205.741925][ T8591] dump_stack+0x172/0x1f0 [ 205.746301][ T8591] __this_cpu_preempt_check+0x246/0x270 [ 205.751876][ T8591] sk_mc_loop+0x1d/0x210 [ 205.756137][ T8591] ip_mc_output+0x2ef/0xf70 [ 205.760660][ T8591] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 205.765797][ T8591] ? __ip_make_skb+0xf15/0x1820 [ 205.770674][ T8591] ? ip_append_data.part.0+0x170/0x170 [ 205.776166][ T8591] ? dst_release+0x62/0xb0 [ 205.781083][ T8591] ? __ip_make_skb+0xf93/0x1820 [ 205.785966][ T8591] ip_local_out+0xc4/0x1b0 [ 205.790404][ T8591] ip_send_skb+0x42/0xf0 [ 205.794688][ T8591] ip_push_pending_frames+0x64/0x80 [ 205.799914][ T8591] raw_sendmsg+0x1e6d/0x2f20 [ 205.804542][ T8591] ? compat_raw_getsockopt+0x100/0x100 [ 205.810028][ T8591] ? tomoyo_check_inet_address+0x321/0x700 [ 205.815862][ T8591] ? __fget+0x35a/0x550 [ 205.820059][ T8591] ? ___might_sleep+0x163/0x280 [ 205.824958][ T8591] ? __might_sleep+0x95/0x190 [ 205.829682][ T8591] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 205.835344][ T8591] ? aa_sk_perm+0x288/0x880 [ 205.839861][ T8591] ? lock_downgrade+0x880/0x880 [ 205.844743][ T8591] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 205.850325][ T8591] inet_sendmsg+0x147/0x5e0 [ 205.854927][ T8591] ? compat_raw_getsockopt+0x100/0x100 [ 205.860394][ T8591] ? inet_sendmsg+0x147/0x5e0 [ 205.865077][ T8591] ? ipip_gro_receive+0x100/0x100 [ 205.870116][ T8591] sock_sendmsg+0xdd/0x130 [ 205.874544][ T8591] __sys_sendto+0x262/0x380 [ 205.879059][ T8591] ? __ia32_sys_getpeername+0xb0/0xb0 [ 205.884924][ T8591] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 205.891202][ T8591] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 205.896681][ T8591] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 205.902169][ T8591] ? do_syscall_64+0x26/0x610 [ 205.906962][ T8591] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.913061][ T8591] __x64_sys_sendto+0xe1/0x1a0 [ 205.917862][ T8591] do_syscall_64+0x103/0x610 [ 205.922476][ T8591] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.928385][ T8591] RIP: 0033:0x4582b9 [ 205.932296][ T8591] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 205.951934][ T8591] RSP: 002b:00007f72b7db0c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 205.960370][ T8591] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 205.968361][ T8591] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 205.976348][ T8591] RBP: 000000000073bfa0 R08: 0000000020000d00 R09: 000000000000006e [ 205.984817][ T8591] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f72b7db16d4 [ 205.992893][ T8591] R13: 00000000004c5a1a R14: 00000000004d9dd0 R15: 00000000ffffffff 01:59:21 executing program 0: futex(&(0x7f000000cffc)=0x100000000000004, 0x0, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc)=0x1, 0x4, 0x1, 0x0, &(0x7f000044b000), 0x1) 01:59:21 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) bind(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="4b010fcec278548172c5c3113c6f22fdd4649afac5f93dc2fb3a"], 0x1) 01:59:21 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000080), 0xdc0f8a25) 01:59:21 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000080), 0xdc0f8a25) 01:59:21 executing program 4: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0) pwrite64(r0, &(0x7f000003bfff)='/', 0x1, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r0, 0x0) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') setxattr(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)=@known='user.syz\x00', 0x0, 0x0, 0x0) 01:59:21 executing program 5: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) pread64(r0, 0x0, 0x0, 0x4b) 01:59:21 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000080), 0xdc0f8a25) 01:59:21 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc)=0x1, 0x4, 0x1, 0x0, &(0x7f000044b000), 0x1) 01:59:21 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000080), 0xdc0f8a25) 01:59:21 executing program 5: r0 = gettid() setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) accept4$inet(r1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x1c4) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, 0x0) ioctl$KDGKBMETA(0xffffffffffffffff, 0x4b62, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(0xffffffffffffffff, 0x891b, 0x0) getuid() write$P9_RREADLINK(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x16) 01:59:21 executing program 4: r0 = gettid() getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) getsockopt$IPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) shutdown(0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) ioctl$sock_inet_tcp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) setitimer(0x0, 0x0, 0x0) ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, 0x0) setsockopt$netlink_NETLINK_PKTINFO(0xffffffffffffffff, 0x10e, 0x3, 0x0, 0x0) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, 0x0, 0x0, 0x0) tkill(r0, 0x1000000000016) 01:59:21 executing program 0: r0 = gettid() setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608) r2 = fcntl$dupfd(r1, 0x0, r1) ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x1c4) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, 0x0, 0x0) setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) getuid() ioctl$KDSIGACCEPT(0xffffffffffffffff, 0x4b4e, 0x0) setsockopt$IP_VS_SO_SET_EDIT(r2, 0x0, 0x483, &(0x7f0000000280)={0x0, @remote, 0x0, 0x0, 'sed\x00'}, 0x2c) tkill(r0, 0x16) 01:59:21 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000080), 0xdc0f8a25) [ 206.435774][ T8627] syz-executor.4 calls setitimer() with new_value NULL pointer. Misfeature support will be removed 01:59:21 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket(0x1e, 0x1, 0x0) getsockopt(r1, 0x800000010f, 0x81, &(0x7f00004ad000), &(0x7f0000a3c000)=0xfffffffffffffc40) 01:59:21 executing program 3: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f0000000340)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") listen(r0, 0x4) r2 = socket$inet6(0xa, 0x6, 0x0) ioctl$int_in(r2, 0x5452, &(0x7f0000000000)=0x10000) connect$inet6(r2, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) 01:59:21 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000080), 0xdc0f8a25) 01:59:21 executing program 0: syz_mount_image$ext4(&(0x7f00000003c0)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 01:59:21 executing program 4: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) stat(0x0, 0x0) close(r0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) read$eventfd(0xffffffffffffffff, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) setsockopt$IP_VS_SO_SET_DELDEST(0xffffffffffffffff, 0x0, 0x488, 0x0, 0x0) setsockopt$inet_group_source_req(r0, 0x0, 0x0, 0x0, 0x0) 01:59:21 executing program 2: r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25) 01:59:22 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r1, 0x0, 0x400000a77, 0x0) write$binfmt_elf64(r4, &(0x7f00000000c0)=ANY=[@ANYRESHEX=0x0], 0xe681f134) close(r2) [ 206.685766][ T8649] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [ 206.702087][ T8648] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8648 [ 206.712275][ T8648] caller is ip6_finish_output+0x335/0xdc0 [ 206.718026][ T8648] CPU: 1 PID: 8648 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 01:59:22 executing program 4: unshare(0x20400) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) r1 = dup(r0) ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000100)) 01:59:22 executing program 1: syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25) 01:59:22 executing program 2: r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25) [ 206.727064][ T8648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 206.737138][ T8648] Call Trace: [ 206.740459][ T8648] dump_stack+0x172/0x1f0 [ 206.744813][ T8648] __this_cpu_preempt_check+0x246/0x270 [ 206.750382][ T8648] ip6_finish_output+0x335/0xdc0 [ 206.755345][ T8648] ip6_output+0x235/0x7f0 [ 206.759699][ T8648] ? ip6_finish_output+0xdc0/0xdc0 [ 206.764843][ T8648] ? ip6_fragment+0x3980/0x3980 [ 206.769735][ T8648] ip6_xmit+0xe41/0x20c0 [ 206.774016][ T8648] ? ip6_finish_output2+0x2550/0x2550 [ 206.779408][ T8648] ? mark_held_locks+0xf0/0xf0 [ 206.784196][ T8648] ? ip6_setup_cork+0x1870/0x1870 [ 206.789241][ T8648] inet6_csk_xmit+0x2fb/0x5d0 [ 206.793929][ T8648] ? inet6_csk_update_pmtu+0x190/0x190 [ 206.799417][ T8648] ? dccp_v6_send_check+0x2a0/0x3e0 [ 206.804675][ T8648] dccp_transmit_skb+0xca5/0x12c0 [ 206.809805][ T8648] dccp_connect+0x31d/0x620 [ 206.814335][ T8648] dccp_v6_connect+0xdaa/0x1990 [ 206.819313][ T8648] ? dccp_v6_init_sock+0xa0/0xa0 [ 206.824313][ T8648] __inet_stream_connect+0x83f/0xea0 [ 206.829612][ T8648] ? dccp_v6_init_sock+0xa0/0xa0 [ 206.834582][ T8648] ? __inet_stream_connect+0x83f/0xea0 [ 206.840063][ T8648] ? mark_held_locks+0xa4/0xf0 [ 206.844837][ T8648] ? inet_dgram_connect+0x2e0/0x2e0 [ 206.850041][ T8648] ? lock_sock_nested+0x9a/0x120 [ 206.854999][ T8648] ? trace_hardirqs_on+0x67/0x230 [ 206.860063][ T8648] ? lock_sock_nested+0x9a/0x120 [ 206.865013][ T8648] ? __local_bh_enable_ip+0x15a/0x270 [ 206.870450][ T8648] inet_stream_connect+0x58/0xa0 [ 206.875417][ T8648] __sys_connect+0x266/0x330 [ 206.880027][ T8648] ? __ia32_sys_accept+0xb0/0xb0 [ 206.884969][ T8648] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 206.891209][ T8648] ? put_timespec64+0xda/0x140 [ 206.896021][ T8648] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 206.901487][ T8648] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 206.906956][ T8648] ? do_syscall_64+0x26/0x610 [ 206.911628][ T8648] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 206.917687][ T8648] ? do_syscall_64+0x26/0x610 [ 206.922388][ T8648] __x64_sys_connect+0x73/0xb0 [ 206.927183][ T8648] do_syscall_64+0x103/0x610 [ 206.931778][ T8648] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 206.937678][ T8648] RIP: 0033:0x4582b9 [ 206.941580][ T8648] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 206.961186][ T8648] RSP: 002b:00007fabff3f9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 206.969734][ T8648] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 206.977738][ T8648] RDX: 000000000000001c RSI: 0000000020419000 RDI: 0000000000000005 [ 206.985992][ T8648] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 206.994008][ T8648] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fabff3fa6d4 [ 207.001983][ T8648] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff [ 207.024801][ T8648] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8648 [ 207.034343][ T8648] caller is ip6_finish_output+0x335/0xdc0 [ 207.040093][ T8648] CPU: 1 PID: 8648 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 207.049107][ T8648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 207.059161][ T8648] Call Trace: [ 207.062458][ T8648] dump_stack+0x172/0x1f0 [ 207.066801][ T8648] __this_cpu_preempt_check+0x246/0x270 [ 207.072357][ T8648] ip6_finish_output+0x335/0xdc0 [ 207.077331][ T8648] ip6_output+0x235/0x7f0 [ 207.081672][ T8648] ? ip6_finish_output+0xdc0/0xdc0 [ 207.086807][ T8648] ? ip6_fragment+0x3980/0x3980 [ 207.091672][ T8648] ip6_xmit+0xe41/0x20c0 [ 207.095919][ T8648] ? ip6_finish_output2+0x2550/0x2550 [ 207.101310][ T8648] ? mark_held_locks+0xf0/0xf0 [ 207.106102][ T8648] ? ip6_setup_cork+0x1870/0x1870 [ 207.111136][ T8648] ? inet6_csk_route_socket+0x715/0xf40 [ 207.116715][ T8648] inet6_csk_xmit+0x2fb/0x5d0 [ 207.121418][ T8648] ? inet6_csk_update_pmtu+0x190/0x190 [ 207.126877][ T8648] ? dccp_v6_send_check+0x2a0/0x3e0 [ 207.132067][ T8648] dccp_transmit_skb+0xca5/0x12c0 [ 207.137089][ T8648] dccp_send_ack+0x1d7/0x360 [ 207.141694][ T8648] dccp_rcv_state_process+0x1376/0x1935 [ 207.147244][ T8648] dccp_v6_do_rcv+0x269/0xbf0 [ 207.151943][ T8648] __release_sock+0x12e/0x3a0 [ 207.156646][ T8648] release_sock+0x59/0x1c0 [ 207.161080][ T8648] __inet_stream_connect+0x59f/0xea0 [ 207.166472][ T8648] ? inet_dgram_connect+0x2e0/0x2e0 [ 207.171700][ T8648] ? lock_sock_nested+0x9a/0x120 [ 207.176750][ T8648] ? do_wait_intr_irq+0x2b0/0x2b0 [ 207.181812][ T8648] ? __local_bh_enable_ip+0x15a/0x270 [ 207.187202][ T8648] inet_stream_connect+0x58/0xa0 [ 207.192148][ T8648] __sys_connect+0x266/0x330 [ 207.196741][ T8648] ? __ia32_sys_accept+0xb0/0xb0 [ 207.201671][ T8648] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 207.207905][ T8648] ? put_timespec64+0xda/0x140 [ 207.212684][ T8648] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 207.218163][ T8648] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 207.223620][ T8648] ? do_syscall_64+0x26/0x610 [ 207.228316][ T8648] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 207.234394][ T8648] ? do_syscall_64+0x26/0x610 [ 207.239088][ T8648] __x64_sys_connect+0x73/0xb0 [ 207.243851][ T8648] do_syscall_64+0x103/0x610 [ 207.248441][ T8648] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 207.254335][ T8648] RIP: 0033:0x4582b9 [ 207.258275][ T8648] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 207.286737][ T8648] RSP: 002b:00007fabff3f9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 207.295170][ T8648] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 207.303201][ T8648] RDX: 000000000000001c RSI: 0000000020419000 RDI: 0000000000000005 [ 207.311293][ T8648] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 207.319367][ T8648] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fabff3fa6d4 [ 207.327447][ T8648] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff [ 207.383597][ T8649] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [ 207.397856][ T8648] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8648 [ 207.407862][ T8648] caller is ip6_finish_output+0x335/0xdc0 [ 207.407904][ T8648] CPU: 1 PID: 8648 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 207.407915][ T8648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 207.407920][ T8648] Call Trace: [ 207.407946][ T8648] dump_stack+0x172/0x1f0 [ 207.407988][ T8648] __this_cpu_preempt_check+0x246/0x270 [ 207.446176][ T8648] ip6_finish_output+0x335/0xdc0 [ 207.446200][ T8648] ip6_output+0x235/0x7f0 [ 207.446219][ T8648] ? ip6_finish_output+0xdc0/0xdc0 [ 207.446248][ T8648] ? ip6_fragment+0x3980/0x3980 [ 207.465585][ T8648] ip6_xmit+0xe41/0x20c0 01:59:22 executing program 3: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f0000000340)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") listen(r0, 0x4) r2 = socket$inet6(0xa, 0x6, 0x0) ioctl$int_in(r2, 0x5452, &(0x7f0000000000)=0x10000) connect$inet6(r2, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) 01:59:22 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000f3eff0)=[@in={0x2, 0x0, @local={0xac, 0x2c0, 0xffffffffffffffff}}]}, &(0x7f00000001c0)=0x6ac) shutdown(r0, 0x2000000000000002) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000200)={0x0, @in={{0x2, 0x0, @remote}}}, 0x0) 01:59:22 executing program 4: unshare(0x20400) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) r1 = dup(r0) ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000100)) [ 207.465612][ T8648] ? ip6_finish_output2+0x2550/0x2550 [ 207.465629][ T8648] ? mark_held_locks+0xf0/0xf0 [ 207.465645][ T8648] ? ip6_setup_cork+0x1870/0x1870 01:59:22 executing program 5: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000080)={0x0, @in={{0x2, 0x0, @empty}}}, 0x0) [ 207.465671][ T8648] inet6_csk_xmit+0x2fb/0x5d0 [ 207.465687][ T8648] ? inet6_csk_update_pmtu+0x190/0x190 [ 207.465728][ T8648] ? dccp_v6_send_check+0x2a0/0x3e0 [ 207.465747][ T8648] dccp_transmit_skb+0xca5/0x12c0 [ 207.465766][ T8648] dccp_connect+0x31d/0x620 [ 207.465785][ T8648] dccp_v6_connect+0xdaa/0x1990 [ 207.465807][ T8648] ? dccp_v6_init_sock+0xa0/0xa0 [ 207.465844][ T8648] __inet_stream_connect+0x83f/0xea0 [ 207.465860][ T8648] ? dccp_v6_init_sock+0xa0/0xa0 01:59:23 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000300)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r1, 0x0, 0x7f, 0x400200007fe, &(0x7f0000000080)={0x2, 0x10084e23, @local}, 0x10) write$binfmt_elf64(r1, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0x120001644) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='yeah\x00', 0x5) recvmsg(r1, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x7ffff000}], 0x1, &(0x7f0000000200)=""/20, 0xc2b}, 0x0) [ 207.465876][ T8648] ? __inet_stream_connect+0x83f/0xea0 [ 207.465891][ T8648] ? mark_held_locks+0xa4/0xf0 [ 207.465911][ T8648] ? inet_dgram_connect+0x2e0/0x2e0 [ 207.465927][ T8648] ? lock_sock_nested+0x9a/0x120 [ 207.465942][ T8648] ? trace_hardirqs_on+0x67/0x230 [ 207.465969][ T8648] ? lock_sock_nested+0x9a/0x120 [ 207.465986][ T8648] ? __local_bh_enable_ip+0x15a/0x270 [ 207.466008][ T8648] inet_stream_connect+0x58/0xa0 [ 207.466030][ T8648] __sys_connect+0x266/0x330 [ 207.466047][ T8648] ? __ia32_sys_accept+0xb0/0xb0 [ 207.466063][ T8648] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 207.466077][ T8648] ? put_timespec64+0xda/0x140 [ 207.466105][ T8648] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 207.466121][ T8648] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 207.466138][ T8648] ? do_syscall_64+0x26/0x610 [ 207.466154][ T8648] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 207.466168][ T8648] ? do_syscall_64+0x26/0x610 [ 207.466189][ T8648] __x64_sys_connect+0x73/0xb0 [ 207.466206][ T8648] do_syscall_64+0x103/0x610 [ 207.466223][ T8648] entry_SYSCALL_64_after_hwframe+0x49/0xbe 01:59:23 executing program 0: socket$inet_udplite(0x2, 0x2, 0x88) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x0, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fe, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) r1 = dup2(r0, 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB], 0x1}}, 0x44801) sendmsg$FOU_CMD_DEL(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000800)=ANY=[]) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uhid\x00', 0x2, 0x0) write$P9_RWSTAT(0xffffffffffffffff, 0x0, 0x0) write$UHID_CREATE(r3, &(0x7f0000001080)={0x0, 'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f00000000c0)=""/11, 0xb}, 0x120) read(r3, &(0x7f0000000a40)=""/169, 0xffffffffffffff48) recvmmsg(0xffffffffffffffff, &(0x7f0000000940)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=""/136, 0x88}, 0xbf}, {{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000540)=""/17, 0x11}, {&(0x7f0000000580)=""/225, 0xe1}, {&(0x7f0000000780)=""/17, 0x11}, {&(0x7f00000007c0)=""/4, 0x4}, {&(0x7f0000000800)}], 0x5, &(0x7f00000008c0)=""/91, 0x5b}, 0x3}], 0x2, 0x40, &(0x7f00000009c0)) r4 = accept4(r2, 0x0, &(0x7f0000000100), 0x0) getsockopt$bt_BT_CHANNEL_POLICY(r4, 0x112, 0xa, &(0x7f0000000800)=0x9, &(0x7f0000000a00)=0x4) getsockopt$TIPC_IMPORTANCE(r4, 0x10f, 0x7f, &(0x7f0000000140), &(0x7f0000000180)=0x4) dup2(r2, r3) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) ioctl$KVM_GET_VCPU_EVENTS(0xffffffffffffffff, 0x8040ae9f, &(0x7f0000000040)) [ 207.466236][ T8648] RIP: 0033:0x4582b9 [ 207.466252][ T8648] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 207.466260][ T8648] RSP: 002b:00007fabff3f9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 207.466275][ T8648] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 207.466283][ T8648] RDX: 000000000000001c RSI: 0000000020419000 RDI: 0000000000000008 01:59:23 executing program 2: r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25) [ 207.466292][ T8648] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 207.466302][ T8648] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fabff3fa6d4 [ 207.466310][ T8648] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff [ 207.639144][ T8682] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8682 [ 207.639179][ T8682] caller is ip6_finish_output+0x335/0xdc0 [ 207.639201][ T8682] CPU: 0 PID: 8682 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 207.639224][ T8682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 207.639230][ T8682] Call Trace: [ 207.639264][ T8682] dump_stack+0x172/0x1f0 [ 207.639292][ T8682] __this_cpu_preempt_check+0x246/0x270 [ 207.639312][ T8682] ip6_finish_output+0x335/0xdc0 [ 207.639347][ T8682] ip6_output+0x235/0x7f0 [ 207.639374][ T8682] ? ip6_finish_output+0xdc0/0xdc0 [ 207.639400][ T8682] ? ip6_fragment+0x3980/0x3980 [ 207.639432][ T8682] ip6_xmit+0xe41/0x20c0 [ 207.639459][ T8682] ? ip6_finish_output2+0x2550/0x2550 [ 207.639480][ T8682] ? mark_held_locks+0xf0/0xf0 [ 207.639501][ T8682] ? ip6_setup_cork+0x1870/0x1870 [ 207.639539][ T8682] inet6_csk_xmit+0x2fb/0x5d0 [ 207.639571][ T8682] ? inet6_csk_update_pmtu+0x190/0x190 [ 207.639604][ T8682] ? dccp_v6_send_check+0x2a0/0x3e0 [ 207.639636][ T8682] dccp_transmit_skb+0xca5/0x12c0 [ 207.639659][ T8682] dccp_connect+0x31d/0x620 [ 207.639680][ T8682] dccp_v6_connect+0xdaa/0x1990 [ 207.639706][ T8682] ? dccp_v6_init_sock+0xa0/0xa0 [ 207.639752][ T8682] __inet_stream_connect+0x83f/0xea0 [ 207.639769][ T8682] ? dccp_v6_init_sock+0xa0/0xa0 [ 207.639791][ T8682] ? __inet_stream_connect+0x83f/0xea0 [ 207.639809][ T8682] ? mark_held_locks+0xa4/0xf0 [ 207.639832][ T8682] ? inet_dgram_connect+0x2e0/0x2e0 [ 207.639851][ T8682] ? lock_sock_nested+0x9a/0x120 [ 207.639871][ T8682] ? trace_hardirqs_on+0x67/0x230 [ 207.639888][ T8682] ? lock_sock_nested+0x9a/0x120 [ 207.639909][ T8682] ? __local_bh_enable_ip+0x15a/0x270 [ 207.639936][ T8682] inet_stream_connect+0x58/0xa0 [ 207.639973][ T8682] __sys_connect+0x266/0x330 [ 207.639994][ T8682] ? __ia32_sys_accept+0xb0/0xb0 [ 207.640011][ T8682] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 207.640026][ T8682] ? put_timespec64+0xda/0x140 [ 207.640058][ T8682] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 207.640074][ T8682] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 207.640088][ T8682] ? do_syscall_64+0x26/0x610 [ 207.640103][ T8682] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 207.640120][ T8682] ? do_syscall_64+0x26/0x610 [ 207.640142][ T8682] __x64_sys_connect+0x73/0xb0 [ 207.640161][ T8682] do_syscall_64+0x103/0x610 [ 207.640183][ T8682] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 207.640196][ T8682] RIP: 0033:0x4582b9 [ 207.640221][ T8682] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 207.640231][ T8682] RSP: 002b:00007fabff3f9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 207.640246][ T8682] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 207.640257][ T8682] RDX: 000000000000001c RSI: 0000000020419000 RDI: 0000000000000005 [ 207.640266][ T8682] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 207.640277][ T8682] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fabff3fa6d4 [ 207.640287][ T8682] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff [ 207.671512][ T8682] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8682 [ 207.705461][ T8682] caller is ip6_finish_output+0x335/0xdc0 [ 207.705480][ T8682] CPU: 1 PID: 8682 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 207.705489][ T8682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 207.705495][ T8682] Call Trace: [ 207.705517][ T8682] dump_stack+0x172/0x1f0 [ 207.705543][ T8682] __this_cpu_preempt_check+0x246/0x270 [ 207.798518][ T8682] ip6_finish_output+0x335/0xdc0 [ 207.847288][ T8682] ip6_output+0x235/0x7f0 [ 207.895294][ T8682] ? ip6_finish_output+0xdc0/0xdc0 [ 207.895317][ T8682] ? ip6_fragment+0x3980/0x3980 [ 207.895340][ T8682] ip6_xmit+0xe41/0x20c0 [ 207.895366][ T8682] ? ip6_finish_output2+0x2550/0x2550 [ 207.895383][ T8682] ? mark_held_locks+0xf0/0xf0 [ 207.895401][ T8682] ? ip6_setup_cork+0x1870/0x1870 [ 207.895417][ T8682] ? inet6_csk_route_socket+0x715/0xf40 [ 207.895455][ T8682] inet6_csk_xmit+0x2fb/0x5d0 [ 207.947938][ T8682] ? inet6_csk_update_pmtu+0x190/0x190 [ 207.947980][ T8682] ? dccp_v6_send_check+0x2a0/0x3e0 [ 207.948000][ T8682] dccp_transmit_skb+0xca5/0x12c0 [ 207.948022][ T8682] dccp_send_ack+0x1d7/0x360 [ 207.948044][ T8682] dccp_rcv_state_process+0x1376/0x1935 [ 207.948064][ T8682] dccp_v6_do_rcv+0x269/0xbf0 [ 207.948089][ T8682] __release_sock+0x12e/0x3a0 [ 208.311666][ T8682] release_sock+0x59/0x1c0 [ 208.311689][ T8682] __inet_stream_connect+0x59f/0xea0 [ 208.311720][ T8682] ? inet_dgram_connect+0x2e0/0x2e0 [ 208.311735][ T8682] ? lock_sock_nested+0x9a/0x120 [ 208.311752][ T8682] ? do_wait_intr_irq+0x2b0/0x2b0 [ 208.311771][ T8682] ? __local_bh_enable_ip+0x15a/0x270 [ 208.311797][ T8682] inet_stream_connect+0x58/0xa0 [ 208.347388][ T8682] __sys_connect+0x266/0x330 01:59:23 executing program 2: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25) [ 208.347413][ T8682] ? __ia32_sys_accept+0xb0/0xb0 [ 208.356944][ T8682] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 208.363231][ T8682] ? put_timespec64+0xda/0x140 [ 208.368013][ T8682] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 208.373499][ T8682] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 208.379483][ T8682] ? do_syscall_64+0x26/0x610 [ 208.384168][ T8682] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 208.390241][ T8682] ? do_syscall_64+0x26/0x610 [ 208.394934][ T8682] __x64_sys_connect+0x73/0xb0 [ 208.399723][ T8682] do_syscall_64+0x103/0x610 [ 208.399747][ T8682] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 208.399759][ T8682] RIP: 0033:0x4582b9 [ 208.399775][ T8682] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 208.399783][ T8682] RSP: 002b:00007fabff3f9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 208.410256][ T8682] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 01:59:23 executing program 4: unshare(0x20400) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) r1 = dup(r0) ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000100)) 01:59:23 executing program 2: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25) [ 208.410266][ T8682] RDX: 000000000000001c RSI: 0000000020419000 RDI: 0000000000000005 [ 208.410275][ T8682] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 208.410284][ T8682] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fabff3fa6d4 [ 208.410293][ T8682] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff 01:59:23 executing program 1: syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25) 01:59:23 executing program 3: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f0000000340)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") listen(r0, 0x4) r2 = socket$inet6(0xa, 0x6, 0x0) ioctl$int_in(r2, 0x5452, &(0x7f0000000000)=0x10000) connect$inet6(r2, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) 01:59:23 executing program 4: unshare(0x20400) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) r1 = dup(r0) ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000100)) 01:59:23 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) connect$unix(r2, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) sendmsg$TIPC_CMD_DISABLE_BEARER(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, 0x0, 0x0, 0x0, 0x0, {{}, 0x0, 0x4102, 0x0, {0x10, 0x13, @udp='udp:syz0\x00'}}}, 0x2c}}, 0x8000) 01:59:23 executing program 2: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25) 01:59:23 executing program 1: syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25) 01:59:24 executing program 4: unshare(0x20400) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) dup(r0) [ 208.661152][ T22] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 208.668633][ T22] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 208.714147][ T22] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 208.745169][ T22] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 208.769975][ T22] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 208.788294][ T22] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 208.814788][ T8729] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8729 [ 208.824332][ T8729] caller is ip6_finish_output+0x335/0xdc0 [ 208.824354][ T8729] CPU: 0 PID: 8729 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 208.824363][ T8729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 208.824379][ T8729] Call Trace: [ 208.837859][ T22] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 208.839147][ T8729] dump_stack+0x172/0x1f0 [ 208.839174][ T8729] __this_cpu_preempt_check+0x246/0x270 [ 208.839205][ T8729] ip6_finish_output+0x335/0xdc0 [ 208.869795][ T8729] ip6_output+0x235/0x7f0 [ 208.869816][ T8729] ? ip6_finish_output+0xdc0/0xdc0 [ 208.869838][ T8729] ? ip6_fragment+0x3980/0x3980 [ 208.869860][ T8729] ip6_xmit+0xe41/0x20c0 [ 208.869884][ T8729] ? ip6_finish_output2+0x2550/0x2550 [ 208.885305][ T22] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 208.889095][ T8729] ? mark_held_locks+0xf0/0xf0 [ 208.889121][ T8729] ? ip6_setup_cork+0x1870/0x1870 [ 208.889157][ T8729] inet6_csk_xmit+0x2fb/0x5d0 [ 208.889177][ T8729] ? inet6_csk_update_pmtu+0x190/0x190 [ 208.914508][ T22] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 208.915912][ T8729] ? dccp_v6_send_check+0x2a0/0x3e0 [ 208.915934][ T8729] dccp_transmit_skb+0xca5/0x12c0 [ 208.915967][ T8729] dccp_connect+0x31d/0x620 [ 208.915988][ T8729] dccp_v6_connect+0xdaa/0x1990 [ 208.953555][ T8729] ? dccp_v6_init_sock+0xa0/0xa0 [ 208.954611][ T22] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 208.958525][ T8729] __inet_stream_connect+0x83f/0xea0 [ 208.958544][ T8729] ? dccp_v6_init_sock+0xa0/0xa0 [ 208.958560][ T8729] ? __inet_stream_connect+0x83f/0xea0 [ 208.958578][ T8729] ? mark_held_locks+0xa4/0xf0 [ 208.958599][ T8729] ? inet_dgram_connect+0x2e0/0x2e0 [ 208.991633][ T8729] ? lock_sock_nested+0x9a/0x120 [ 208.996593][ T8729] ? trace_hardirqs_on+0x67/0x230 [ 209.001640][ T8729] ? lock_sock_nested+0x9a/0x120 [ 209.006599][ T8729] ? __local_bh_enable_ip+0x15a/0x270 [ 209.011999][ T8729] inet_stream_connect+0x58/0xa0 [ 209.016971][ T8729] __sys_connect+0x266/0x330 [ 209.021587][ T8729] ? __ia32_sys_accept+0xb0/0xb0 [ 209.026550][ T8729] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 209.028796][ T22] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 209.032814][ T8729] ? put_timespec64+0xda/0x140 [ 209.032844][ T8729] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 209.032860][ T8729] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 209.032875][ T8729] ? do_syscall_64+0x26/0x610 [ 209.032891][ T8729] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 209.032902][ T8729] ? do_syscall_64+0x26/0x610 [ 209.032925][ T8729] __x64_sys_connect+0x73/0xb0 [ 209.032941][ T8729] do_syscall_64+0x103/0x610 [ 209.032967][ T8729] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 209.032979][ T8729] RIP: 0033:0x4582b9 [ 209.032994][ T8729] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 209.033011][ T8729] RSP: 002b:00007fabff3d8c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 209.110178][ T8729] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 209.110187][ T8729] RDX: 000000000000001c RSI: 0000000020419000 RDI: 0000000000000004 [ 209.110194][ T8729] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 209.110201][ T8729] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fabff3d96d4 [ 209.110215][ T8729] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff [ 209.269172][ T22] hid-generic 0000:0000:0000.0004: hidraw1: HID v0.00 Device [syz1] on syz1 01:59:24 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000280)="0adc1f123c12a41d88b070") r1 = socket$inet(0x2, 0x3, 0x19) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x23, &(0x7f0000000000)={{{@in=@multicast2, @in=@multicast1}}, {{@in6}, 0x0, @in6=@loopback}}, 0xe8) setsockopt$sock_linger(r1, 0x1, 0x23, &(0x7f0000000100)={0x1}, 0x8) 01:59:24 executing program 1: mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25) 01:59:24 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25) 01:59:24 executing program 4: unshare(0x20400) syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) 01:59:24 executing program 3: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f0000000340)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") listen(r0, 0x4) r2 = socket$inet6(0xa, 0x6, 0x0) ioctl$int_in(r2, 0x5452, &(0x7f0000000000)=0x10000) connect$inet6(r2, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) 01:59:24 executing program 5: bind$isdn_base(0xffffffffffffffff, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'rmd128\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f00000004c0), 0x49249249249274a, 0x0) [ 209.427102][ T8751] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8751 [ 209.436553][ T8751] caller is ip6_finish_output+0x335/0xdc0 [ 209.436580][ T8751] CPU: 0 PID: 8751 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 209.451374][ T8751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 209.451381][ T8751] Call Trace: [ 209.451412][ T8751] dump_stack+0x172/0x1f0 [ 209.451438][ T8751] __this_cpu_preempt_check+0x246/0x270 01:59:24 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25) [ 209.451459][ T8751] ip6_finish_output+0x335/0xdc0 [ 209.451481][ T8751] ip6_output+0x235/0x7f0 [ 209.451501][ T8751] ? ip6_finish_output+0xdc0/0xdc0 [ 209.451521][ T8751] ? ip6_fragment+0x3980/0x3980 [ 209.451545][ T8751] ip6_xmit+0xe41/0x20c0 [ 209.451572][ T8751] ? ip6_finish_output2+0x2550/0x2550 [ 209.451589][ T8751] ? mark_held_locks+0xf0/0xf0 [ 209.451609][ T8751] ? ip6_setup_cork+0x1870/0x1870 [ 209.451645][ T8751] inet6_csk_xmit+0x2fb/0x5d0 [ 209.451662][ T8751] ? inet6_csk_update_pmtu+0x190/0x190 [ 209.451692][ T8751] ? dccp_v6_send_check+0x2a0/0x3e0 [ 209.451712][ T8751] dccp_transmit_skb+0xca5/0x12c0 [ 209.451733][ T8751] dccp_connect+0x31d/0x620 [ 209.451752][ T8751] dccp_v6_connect+0xdaa/0x1990 [ 209.451775][ T8751] ? dccp_v6_init_sock+0xa0/0xa0 [ 209.451815][ T8751] __inet_stream_connect+0x83f/0xea0 [ 209.451830][ T8751] ? dccp_v6_init_sock+0xa0/0xa0 [ 209.451845][ T8751] ? __inet_stream_connect+0x83f/0xea0 [ 209.451861][ T8751] ? mark_held_locks+0xa4/0xf0 [ 209.451882][ T8751] ? inet_dgram_connect+0x2e0/0x2e0 [ 209.451898][ T8751] ? lock_sock_nested+0x9a/0x120 [ 209.451914][ T8751] ? trace_hardirqs_on+0x67/0x230 [ 209.451928][ T8751] ? lock_sock_nested+0x9a/0x120 [ 209.451946][ T8751] ? __local_bh_enable_ip+0x15a/0x270 [ 209.451978][ T8751] inet_stream_connect+0x58/0xa0 [ 209.451997][ T8751] __sys_connect+0x266/0x330 [ 209.452014][ T8751] ? __ia32_sys_accept+0xb0/0xb0 [ 209.452029][ T8751] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 209.452044][ T8751] ? put_timespec64+0xda/0x140 [ 209.452072][ T8751] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 209.452087][ T8751] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 209.452102][ T8751] ? do_syscall_64+0x26/0x610 [ 209.452118][ T8751] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 209.452132][ T8751] ? do_syscall_64+0x26/0x610 [ 209.452153][ T8751] __x64_sys_connect+0x73/0xb0 [ 209.452170][ T8751] do_syscall_64+0x103/0x610 [ 209.452188][ T8751] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 209.452201][ T8751] RIP: 0033:0x4582b9 01:59:25 executing program 5: mknod(&(0x7f0000000100)='./bus\x00', 0x810c, 0x46485d43) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) syz_extract_tcp_res(0x0, 0x0, 0x0) 01:59:25 executing program 4: unshare(0x20400) 01:59:25 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getrandom(0x0, 0xfffffe84, 0x0) getpeername(r0, &(0x7f0000000000)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, &(0x7f0000000080)=0x3007faa8) prctl$PR_SET_SECUREBITS(0x1c, 0x0) dup2(r1, r2) pipe2(0x0, 0x0) ioctl$sock_TIOCOUTQ(r2, 0x5411, &(0x7f00000000c0)) [ 209.452225][ T8751] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 209.452233][ T8751] RSP: 002b:00007fabff3f9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 209.475512][ T8751] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 209.514125][ T8751] RDX: 000000000000001c RSI: 0000000020419000 RDI: 0000000000000005 [ 209.709849][ T8751] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 01:59:25 executing program 4: unshare(0x0) [ 209.709858][ T8751] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fabff3fa6d4 [ 209.709877][ T8751] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff 01:59:25 executing program 3: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f0000000340)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") listen(r0, 0x4) r2 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r2, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) [ 209.749707][ T8751] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8751 [ 209.749735][ T8751] caller is ip6_finish_output+0x335/0xdc0 01:59:25 executing program 5: r0 = openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/attr/current\x00', 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x800000000009031, r0, 0x0) memfd_create(0x0, 0x0) ioctl$VIDIOC_ENUMOUTPUT(0xffffffffffffffff, 0xc0485630, &(0x7f0000000040)={0x80000001, "0e369ff9421890bc5962293a2cc1cf05b4979e7fe2288d2844a9a0f8f1189c53", 0x0, 0x0, 0x1}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f00000004c0)={0xff, 0x0, 'client1\x00', 0xffffffff80000000, "8e1dab5396394d11", "caa7cbc0620746d197359dc07eff020622786bb0c1b92a1f8f4bc7db00b46f86", 0x100, 0x1}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000400)='/dev/nullb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x13, r1, 0x0) [ 209.749751][ T8751] CPU: 0 PID: 8751 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 209.749758][ T8751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 209.749763][ T8751] Call Trace: [ 209.749784][ T8751] dump_stack+0x172/0x1f0 [ 209.749807][ T8751] __this_cpu_preempt_check+0x246/0x270 [ 209.749824][ T8751] ip6_finish_output+0x335/0xdc0 [ 209.749843][ T8751] ip6_output+0x235/0x7f0 [ 209.749859][ T8751] ? ip6_finish_output+0xdc0/0xdc0 [ 209.749879][ T8751] ? ip6_fragment+0x3980/0x3980 [ 209.749902][ T8751] ip6_xmit+0xe41/0x20c0 [ 209.749923][ T8751] ? ip6_finish_output2+0x2550/0x2550 [ 209.749940][ T8751] ? mark_held_locks+0xf0/0xf0 [ 209.749973][ T8751] ? ip6_setup_cork+0x1870/0x1870 [ 209.749993][ T8751] ? inet6_csk_route_socket+0x715/0xf40 [ 209.750019][ T8751] inet6_csk_xmit+0x2fb/0x5d0 [ 209.750034][ T8751] ? inet6_csk_update_pmtu+0x190/0x190 [ 209.750063][ T8751] ? dccp_v6_send_check+0x2a0/0x3e0 [ 209.750082][ T8751] dccp_transmit_skb+0xca5/0x12c0 [ 209.750102][ T8751] dccp_send_ack+0x1d7/0x360 [ 209.750122][ T8751] dccp_rcv_state_process+0x1376/0x1935 [ 209.750142][ T8751] dccp_v6_do_rcv+0x269/0xbf0 [ 209.750165][ T8751] __release_sock+0x12e/0x3a0 [ 209.750193][ T8751] release_sock+0x59/0x1c0 [ 209.750217][ T8751] __inet_stream_connect+0x59f/0xea0 [ 209.750240][ T8751] ? inet_dgram_connect+0x2e0/0x2e0 [ 209.750254][ T8751] ? lock_sock_nested+0x9a/0x120 [ 209.750269][ T8751] ? do_wait_intr_irq+0x2b0/0x2b0 [ 209.750287][ T8751] ? __local_bh_enable_ip+0x15a/0x270 [ 209.750308][ T8751] inet_stream_connect+0x58/0xa0 [ 209.750329][ T8751] __sys_connect+0x266/0x330 [ 209.750345][ T8751] ? __ia32_sys_accept+0xb0/0xb0 [ 209.750359][ T8751] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 209.750374][ T8751] ? put_timespec64+0xda/0x140 [ 209.750401][ T8751] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 209.750415][ T8751] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 209.750430][ T8751] ? do_syscall_64+0x26/0x610 [ 209.750444][ T8751] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 209.750456][ T8751] ? do_syscall_64+0x26/0x610 [ 209.750474][ T8751] __x64_sys_connect+0x73/0xb0 [ 209.750491][ T8751] do_syscall_64+0x103/0x610 [ 209.750509][ T8751] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 209.750520][ T8751] RIP: 0033:0x4582b9 [ 209.750536][ T8751] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 209.750544][ T8751] RSP: 002b:00007fabff3f9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 209.750559][ T8751] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 209.750568][ T8751] RDX: 000000000000001c RSI: 0000000020419000 RDI: 0000000000000005 01:59:25 executing program 1: mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25) 01:59:25 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r0, 0x5) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) 01:59:25 executing program 4: unshare(0x0) 01:59:25 executing program 3: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f0000000340)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") listen(r0, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) 01:59:25 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25) [ 209.750576][ T8751] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 209.750584][ T8751] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fabff3fa6d4 [ 209.750593][ T8751] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff 01:59:25 executing program 4: unshare(0x0) [ 210.605025][ T8801] check_preemption_disabled: 2 callbacks suppressed [ 210.605040][ T8801] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/8801 [ 210.621183][ T8801] caller is ip6_finish_output+0x335/0xdc0 [ 210.626946][ T8801] CPU: 0 PID: 8801 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 210.635993][ T8801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 210.646056][ T8801] Call Trace: [ 210.649373][ T8801] dump_stack+0x172/0x1f0 [ 210.653757][ T8801] __this_cpu_preempt_check+0x246/0x270 [ 210.659315][ T8801] ip6_finish_output+0x335/0xdc0 [ 210.664264][ T8801] ip6_output+0x235/0x7f0 [ 210.668610][ T8801] ? ip6_finish_output+0xdc0/0xdc0 [ 210.673756][ T8801] ? ip6_fragment+0x3980/0x3980 [ 210.678621][ T8801] ? kasan_check_read+0x11/0x20 [ 210.683505][ T8801] ip6_xmit+0xe41/0x20c0 [ 210.687769][ T8801] ? ip6_finish_output2+0x2550/0x2550 [ 210.693152][ T8801] ? mark_held_locks+0xf0/0xf0 [ 210.697928][ T8801] ? ip6_setup_cork+0x1870/0x1870 01:59:26 executing program 4: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x0, 0x0) close(r0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000140)={0x4, 0x8, 0x9, {0x0, 0x1c9c380}, 0xffffffff, 0x400}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = socket$caif_stream(0x25, 0x1, 0x3) pwritev(r1, &(0x7f00000000c0)=[{&(0x7f0000000380)="e9ecef4869c631f5637c931e7edc6bf08ff1c966e7de252bed037099b7640538321008c318367e254a1f30718c65e556165f560c4464bfec755a2dee0c769bc7cb657626e133d523194e65fb121ac869c5f603dc8fe59dbd59abd35b00c164079a4e6e6c81d7aca1d0df09753d8a586c19bff985eabd5156667de1b621ebcae1e4e1f884cc79dc52203d7b049f07c86d86250ac56d4461abdd314901b9a0e00c19a019d0d244", 0xa6}], 0x1, 0x0) r2 = socket(0x11, 0x802, 0x0) openat$sequencer2(0xffffffffffffff9c, 0x0, 0x2000, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000000)={'team0\x00\n\x00L\xff\xff\xff\xc3`\x00'}) lsetxattr$security_ima(&(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='security.ima\x00', 0x0, 0x0, 0x0) [ 210.702998][ T8801] sctp_v6_xmit+0x313/0x660 [ 210.707524][ T8801] sctp_packet_transmit+0x1bc4/0x36f0 [ 210.712928][ T8801] ? sctp_packet_config+0xfe0/0xfe0 [ 210.718179][ T8801] ? sctp_packet_append_chunk+0x946/0xda0 [ 210.723913][ T8801] ? sctp_outq_select_transport+0x21a/0x790 [ 210.729824][ T8801] sctp_outq_flush_ctrl.constprop.0+0x6d4/0xd50 [ 210.736076][ T8801] ? sctp_prsctp_prune_sent.isra.0+0x820/0x820 [ 210.742250][ T8801] ? lock_downgrade+0x880/0x880 [ 210.747115][ T8801] ? add_timer+0x400/0x930 [ 210.751562][ T8801] ? find_held_lock+0x35/0x130 [ 210.756956][ T8801] ? add_timer+0x41e/0x930 [ 210.761406][ T8801] sctp_outq_flush+0xe8/0x2780 [ 210.766178][ T8801] ? mark_held_locks+0xa4/0xf0 [ 210.770965][ T8801] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 210.776803][ T8801] ? add_timer+0x41e/0x930 [ 210.781231][ T8801] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 210.787050][ T8801] ? lockdep_hardirqs_on+0x418/0x5d0 [ 210.792364][ T8801] ? trace_hardirqs_on+0x67/0x230 [ 210.797397][ T8801] ? __sctp_outq_teardown+0xc60/0xc60 [ 210.802792][ T8801] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 210.809057][ T8801] ? sctp_outq_tail+0x68c/0x930 [ 210.813935][ T8801] sctp_outq_uncork+0x6c/0x80 [ 210.818637][ T8801] sctp_do_sm+0x2575/0x5770 [ 210.823166][ T8801] ? sctp_hash_transport+0xdb1/0x18d0 [ 210.828557][ T8801] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 210.835243][ T8801] ? __local_bh_enable_ip+0x15a/0x270 [ 210.840638][ T8801] ? lock_downgrade+0x880/0x880 [ 210.845513][ T8801] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 210.851801][ T8801] ? kasan_check_read+0x11/0x20 [ 210.856652][ T8801] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 210.862893][ T8801] ? sctp_hash_transport+0x10b/0x18d0 [ 210.868284][ T8801] ? memcpy+0x46/0x50 [ 210.872265][ T8801] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 210.878503][ T8801] ? sctp_assoc_set_primary+0x274/0x310 [ 210.884071][ T8801] sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 210.889447][ T8801] __sctp_connect+0x8cd/0xce0 [ 210.894132][ T8801] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 210.899702][ T8801] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 210.905964][ T8801] ? _copy_from_user+0xdd/0x150 [ 210.910819][ T8801] ? security_sctp_bind_connect+0x99/0xd0 [ 210.916588][ T8801] __sctp_setsockopt_connectx+0x133/0x1a0 [ 210.922422][ T8801] sctp_setsockopt+0x15db/0x6fe0 [ 210.927383][ T8801] ? sctp_setsockopt_paddr_thresholds+0x540/0x540 [ 210.933812][ T8801] ? kasan_check_read+0x11/0x20 [ 210.938670][ T8801] ? ___might_sleep+0x163/0x280 [ 210.943523][ T8801] ? __might_sleep+0x95/0x190 [ 210.948202][ T8801] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 210.953837][ T8801] ? aa_sk_perm+0x288/0x880 [ 210.958346][ T8801] ? aa_sock_opt_perm.isra.0+0xa1/0x130 [ 210.963896][ T8801] sock_common_setsockopt+0x9a/0xe0 [ 210.969098][ T8801] __sys_setsockopt+0x180/0x280 [ 210.973957][ T8801] ? kernel_accept+0x310/0x310 [ 210.978724][ T8801] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 210.984182][ T8801] ? do_syscall_64+0x26/0x610 [ 210.988866][ T8801] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 210.994931][ T8801] ? do_syscall_64+0x26/0x610 [ 210.999637][ T8801] __x64_sys_setsockopt+0xbe/0x150 [ 211.004840][ T8801] do_syscall_64+0x103/0x610 [ 211.009434][ T8801] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 211.015336][ T8801] RIP: 0033:0x4582b9 [ 211.019262][ T8801] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 211.038866][ T8801] RSP: 002b:00007ff9ab31bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 211.047289][ T8801] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004582b9 [ 211.055260][ T8801] RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000005 [ 211.063240][ T8801] RBP: 000000000073bfa0 R08: 000000000000001c R09: 0000000000000000 [ 211.071214][ T8801] R10: 000000002055bfe4 R11: 0000000000000246 R12: 00007ff9ab31c6d4 [ 211.079199][ T8801] R13: 00000000004cd198 R14: 00000000004dafa0 R15: 00000000ffffffff 01:59:26 executing program 1: mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25) 01:59:26 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25) [ 211.216335][ T8801] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/8801 [ 211.225904][ T8801] caller is ip6_finish_output+0x335/0xdc0 [ 211.231796][ T8801] CPU: 0 PID: 8801 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 211.240814][ T8801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 211.250901][ T8801] Call Trace: [ 211.254207][ T8801] dump_stack+0x172/0x1f0 [ 211.258562][ T8801] __this_cpu_preempt_check+0x246/0x270 [ 211.264147][ T8801] ip6_finish_output+0x335/0xdc0 [ 211.264170][ T8801] ip6_output+0x235/0x7f0 [ 211.273448][ T8801] ? ip6_finish_output+0xdc0/0xdc0 [ 211.273469][ T8801] ? ip6_fragment+0x3980/0x3980 [ 211.273490][ T8801] ? kasan_check_read+0x11/0x20 [ 211.273508][ T8801] ip6_xmit+0xe41/0x20c0 [ 211.273533][ T8801] ? ip6_finish_output2+0x2550/0x2550 [ 211.273550][ T8801] ? mark_held_locks+0xf0/0xf0 [ 211.273568][ T8801] ? ip6_setup_cork+0x1870/0x1870 [ 211.273601][ T8801] sctp_v6_xmit+0x313/0x660 01:59:26 executing program 1: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) write$cgroup_pid(r1, &(0x7f0000000080), 0xdc0f8a25) [ 211.273624][ T8801] sctp_packet_transmit+0x1bc4/0x36f0 [ 211.273658][ T8801] ? sctp_packet_config+0xfe0/0xfe0 [ 211.273673][ T8801] ? kmem_cache_alloc_node_trace+0x352/0x720 [ 211.273689][ T8801] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 211.273708][ T8801] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 211.273724][ T8801] sctp_outq_flush+0x2b8/0x2780 [ 211.273744][ T8801] ? sctp_chunkify+0x4b/0x290 [ 211.273766][ T8801] ? __sctp_outq_teardown+0xc60/0xc60 [ 211.273788][ T8801] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 211.273800][ T8801] ? sctp_outq_tail+0x68c/0x930 [ 211.273818][ T8801] sctp_outq_uncork+0x6c/0x80 [ 211.273833][ T8801] sctp_do_sm+0x2575/0x5770 [ 211.273859][ T8801] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 211.273876][ T8801] ? add_lock_to_list.isra.0+0x1cd/0x3a0 [ 211.273887][ T8801] ? save_trace+0xe0/0x290 [ 211.273910][ T8801] ? sctp_assoc_bh_rcv+0x2fc/0x660 [ 211.273924][ T8801] ? find_held_lock+0x35/0x130 [ 211.273940][ T8801] ? sctp_assoc_bh_rcv+0x2fc/0x660 [ 211.273981][ T8801] ? trace_hardirqs_on+0x67/0x230 [ 211.273998][ T8801] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 211.274012][ T8801] ? ktime_get+0x208/0x300 [ 211.274032][ T8801] sctp_assoc_bh_rcv+0x343/0x660 [ 211.274057][ T8801] sctp_inq_push+0x1ea/0x290 [ 211.274076][ T8801] sctp_backlog_rcv+0x196/0xbe0 [ 211.274091][ T8801] ? __local_bh_enable_ip+0x15a/0x270 [ 211.274105][ T8801] ? _raw_spin_unlock_bh+0x31/0x40 [ 211.274117][ T8801] ? __local_bh_enable_ip+0x15a/0x270 [ 211.274135][ T8801] ? sctp_hash_obj+0x600/0x600 [ 211.274152][ T8801] ? __release_sock+0xca/0x3a0 [ 211.274168][ T8801] ? __local_bh_enable_ip+0x15a/0x270 [ 211.274189][ T8801] __release_sock+0x12e/0x3a0 [ 211.357640][ T8792] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/8792 [ 211.362683][ T8801] release_sock+0x59/0x1c0 [ 211.362722][ T8801] sctp_wait_for_connect+0x316/0x540 [ 211.362751][ T8801] ? sctp_get_port+0x180/0x180 [ 211.362784][ T8801] ? memcpy+0x46/0x50 [ 211.362826][ T8801] ? finish_wait+0x260/0x260 [ 211.367707][ T8792] caller is ip6_finish_output+0x335/0xdc0 [ 211.372347][ T8801] ? sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 211.372366][ T8801] __sctp_connect+0xac2/0xce0 [ 211.372390][ T8801] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 211.372422][ T8801] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 211.533283][ T8801] ? _copy_from_user+0xdd/0x150 [ 211.533305][ T8801] ? security_sctp_bind_connect+0x99/0xd0 [ 211.533328][ T8801] __sctp_setsockopt_connectx+0x133/0x1a0 [ 211.533349][ T8801] sctp_setsockopt+0x15db/0x6fe0 [ 211.533370][ T8801] ? sctp_setsockopt_paddr_thresholds+0x540/0x540 [ 211.533390][ T8801] ? kasan_check_read+0x11/0x20 [ 211.533412][ T8801] ? ___might_sleep+0x163/0x280 [ 211.533430][ T8801] ? __might_sleep+0x95/0x190 [ 211.533449][ T8801] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 211.533464][ T8801] ? aa_sk_perm+0x288/0x880 [ 211.533488][ T8801] ? aa_sock_opt_perm.isra.0+0xa1/0x130 [ 211.533509][ T8801] sock_common_setsockopt+0x9a/0xe0 [ 211.533530][ T8801] __sys_setsockopt+0x180/0x280 [ 211.533548][ T8801] ? kernel_accept+0x310/0x310 [ 211.533570][ T8801] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 211.533586][ T8801] ? do_syscall_64+0x26/0x610 [ 211.533602][ T8801] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 211.533616][ T8801] ? do_syscall_64+0x26/0x610 [ 211.533638][ T8801] __x64_sys_setsockopt+0xbe/0x150 [ 211.533656][ T8801] do_syscall_64+0x103/0x610 [ 211.533675][ T8801] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 211.533687][ T8801] RIP: 0033:0x4582b9 [ 211.533703][ T8801] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 211.533711][ T8801] RSP: 002b:00007ff9ab31bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 211.533726][ T8801] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004582b9 [ 211.533734][ T8801] RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000005 [ 211.533744][ T8801] RBP: 000000000073bfa0 R08: 000000000000001c R09: 0000000000000000 [ 211.533753][ T8801] R10: 000000002055bfe4 R11: 0000000000000246 R12: 00007ff9ab31c6d4 [ 211.533762][ T8801] R13: 00000000004cd198 R14: 00000000004dafa0 R15: 00000000ffffffff 01:59:27 executing program 5: write$P9_RLERROR(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="b4175c65394176579d076a0291a9891e62a86c4b0cb800aa529522cd94eb"], 0x1e) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x246) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0xfffd}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x30, 0x0, 0x0, 0x117) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:59:27 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000280)="0adc1f123c12a41d88b070") r1 = socket$inet(0x2, 0x3, 0x19) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x23, &(0x7f0000000000)={{{@in=@multicast2, @in=@multicast1}}, {{@in6}, 0x0, @in6=@loopback}}, 0xe8) dup2(r0, r1) [ 211.533795][ T8792] CPU: 1 PID: 8792 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 211.533803][ T8792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 211.533808][ T8792] Call Trace: [ 211.533828][ T8792] dump_stack+0x172/0x1f0 [ 211.533847][ T8792] __this_cpu_preempt_check+0x246/0x270 [ 211.533867][ T8792] ip6_finish_output+0x335/0xdc0 [ 211.533886][ T8792] ip6_output+0x235/0x7f0 [ 211.533903][ T8792] ? ip6_finish_output+0xdc0/0xdc0 [ 211.533920][ T8792] ? ip6_fragment+0x3980/0x3980 [ 211.533937][ T8792] ? kasan_check_read+0x11/0x20 [ 211.533966][ T8792] ip6_xmit+0xe41/0x20c0 [ 211.533989][ T8792] ? ip6_finish_output2+0x2550/0x2550 [ 211.534004][ T8792] ? mark_held_locks+0xf0/0xf0 [ 211.534024][ T8792] ? ip6_setup_cork+0x1870/0x1870 [ 211.534060][ T8792] sctp_v6_xmit+0x313/0x660 [ 211.534082][ T8792] sctp_packet_transmit+0x1bc4/0x36f0 [ 211.534130][ T8792] ? sctp_packet_config+0xfe0/0xfe0 [ 211.534150][ T8792] ? sctp_packet_append_chunk+0x946/0xda0 [ 211.534166][ T8792] ? sctp_outq_select_transport+0x21a/0x790 [ 211.534187][ T8792] sctp_outq_flush_ctrl.constprop.0+0x6d4/0xd50 [ 211.534210][ T8792] ? sctp_prsctp_prune_sent.isra.0+0x820/0x820 [ 211.534223][ T8792] ? lock_downgrade+0x880/0x880 [ 211.534246][ T8792] ? add_timer+0x400/0x930 [ 211.534261][ T8792] ? find_held_lock+0x35/0x130 [ 211.534277][ T8792] ? add_timer+0x41e/0x930 [ 211.534295][ T8792] sctp_outq_flush+0xe8/0x2780 [ 211.534308][ T8792] ? mark_held_locks+0xa4/0xf0 [ 211.534323][ T8792] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 211.534337][ T8792] ? add_timer+0x41e/0x930 [ 211.534351][ T8792] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 211.534366][ T8792] ? lockdep_hardirqs_on+0x418/0x5d0 [ 211.534384][ T8792] ? trace_hardirqs_on+0x67/0x230 [ 211.534402][ T8792] ? __sctp_outq_teardown+0xc60/0xc60 [ 211.534428][ T8792] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 211.534441][ T8792] ? sctp_outq_tail+0x68c/0x930 [ 211.534458][ T8792] sctp_outq_uncork+0x6c/0x80 [ 211.534474][ T8792] sctp_do_sm+0x2575/0x5770 [ 211.534491][ T8792] ? sctp_hash_transport+0xdb1/0x18d0 [ 211.534515][ T8792] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 211.534531][ T8792] ? __local_bh_enable_ip+0x15a/0x270 [ 211.534548][ T8792] ? lock_downgrade+0x880/0x880 [ 211.534562][ T8792] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 211.534581][ T8792] ? kasan_check_read+0x11/0x20 [ 211.534599][ T8792] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 211.534615][ T8792] ? sctp_hash_transport+0x10b/0x18d0 [ 211.534649][ T8792] ? memcpy+0x46/0x50 [ 211.534665][ T8792] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 211.534680][ T8792] ? sctp_assoc_set_primary+0x274/0x310 [ 211.534701][ T8792] sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 211.534726][ T8792] __sctp_connect+0x8cd/0xce0 [ 211.534751][ T8792] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 211.534771][ T8792] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 211.534782][ T8792] ? _copy_from_user+0xdd/0x150 [ 211.534797][ T8792] ? security_sctp_bind_connect+0x99/0xd0 [ 211.534813][ T8792] __sctp_setsockopt_connectx+0x133/0x1a0 [ 211.534829][ T8792] sctp_setsockopt+0x15db/0x6fe0 [ 211.534847][ T8792] ? sctp_setsockopt_paddr_thresholds+0x540/0x540 [ 211.534861][ T8792] ? kasan_check_read+0x11/0x20 [ 211.534875][ T8792] ? ___might_sleep+0x163/0x280 [ 211.534890][ T8792] ? __might_sleep+0x95/0x190 [ 211.534905][ T8792] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 211.534916][ T8792] ? aa_sk_perm+0x288/0x880 [ 211.534935][ T8792] ? aa_sock_opt_perm.isra.0+0xa1/0x130 [ 211.534964][ T8792] sock_common_setsockopt+0x9a/0xe0 [ 211.534981][ T8792] __sys_setsockopt+0x180/0x280 [ 211.534998][ T8792] ? kernel_accept+0x310/0x310 [ 211.535015][ T8792] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 211.535028][ T8792] ? do_syscall_64+0x26/0x610 [ 211.535040][ T8792] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 211.535052][ T8792] ? do_syscall_64+0x26/0x610 [ 211.535071][ T8792] __x64_sys_setsockopt+0xbe/0x150 [ 211.535088][ T8792] do_syscall_64+0x103/0x610 [ 211.535103][ T8792] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 211.535114][ T8792] RIP: 0033:0x4582b9 01:59:27 executing program 3: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f0000000340)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") listen(r0, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) [ 211.535127][ T8792] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 211.535135][ T8792] RSP: 002b:00007ff9ab33cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 211.535147][ T8792] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004582b9 [ 211.535156][ T8792] RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000008 [ 211.535163][ T8792] RBP: 000000000073bf00 R08: 000000000000001c R09: 0000000000000000 [ 211.535171][ T8792] R10: 000000002055bfe4 R11: 0000000000000246 R12: 00007ff9ab33d6d4 [ 211.535179][ T8792] R13: 00000000004cd198 R14: 00000000004dafa0 R15: 00000000ffffffff 01:59:27 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r0, 0x5) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) 01:59:27 executing program 3: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f0000000340)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") listen(r0, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) 01:59:27 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25) 01:59:27 executing program 1: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) write$cgroup_pid(r1, &(0x7f0000000080), 0xdc0f8a25) 01:59:27 executing program 4: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x0, 0x0) close(r0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000140)={0x4, 0x8, 0x9, {0x0, 0x1c9c380}, 0xffffffff, 0x400}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = socket$caif_stream(0x25, 0x1, 0x3) pwritev(r1, &(0x7f00000000c0)=[{&(0x7f0000000380)="e9ecef4869c631f5637c931e7edc6bf08ff1c966e7de252bed037099b7640538321008c318367e254a1f30718c65e556165f560c4464bfec755a2dee0c769bc7cb657626e133d523194e65fb121ac869c5f603dc8fe59dbd59abd35b00c164079a4e6e6c81d7aca1d0df09753d8a586c19bff985eabd5156667de1b621ebcae1e4e1f884cc79dc52203d7b049f07c86d86250ac56d4461abdd314901b9a0e00c19a019d0d244", 0xa6}], 0x1, 0x0) r2 = socket(0x11, 0x802, 0x0) openat$sequencer2(0xffffffffffffff9c, 0x0, 0x2000, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000000)={'team0\x00\n\x00L\xff\xff\xff\xc3`\x00'}) lsetxattr$security_ima(&(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='security.ima\x00', 0x0, 0x0, 0x0) 01:59:27 executing program 3: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f0000000340)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r2 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r2, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) 01:59:27 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25) 01:59:27 executing program 1: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) write$cgroup_pid(r1, &(0x7f0000000080), 0xdc0f8a25) [ 212.554004][ T8859] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8859 [ 212.563582][ T8859] caller is ip6_finish_output+0x335/0xdc0 [ 212.569338][ T8859] CPU: 1 PID: 8859 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 212.578371][ T8859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 212.588444][ T8859] Call Trace: [ 212.591774][ T8859] dump_stack+0x172/0x1f0 [ 212.596140][ T8859] __this_cpu_preempt_check+0x246/0x270 [ 212.601727][ T8859] ip6_finish_output+0x335/0xdc0 [ 212.606701][ T8859] ip6_output+0x235/0x7f0 [ 212.606732][ T8859] ? ip6_finish_output+0xdc0/0xdc0 [ 212.616192][ T8859] ? ip6_fragment+0x3980/0x3980 [ 212.616232][ T8859] ip6_xmit+0xe41/0x20c0 [ 212.625343][ T8859] ? ip6_finish_output2+0x2550/0x2550 [ 212.630746][ T8859] ? mark_held_locks+0xf0/0xf0 [ 212.635538][ T8859] ? ip6_setup_cork+0x1870/0x1870 [ 212.640598][ T8859] inet6_csk_xmit+0x2fb/0x5d0 [ 212.645412][ T8859] ? inet6_csk_update_pmtu+0x190/0x190 [ 212.650923][ T8859] ? dccp_v6_send_check+0x2a0/0x3e0 [ 212.656154][ T8859] dccp_transmit_skb+0xca5/0x12c0 [ 212.661225][ T8859] dccp_connect+0x31d/0x620 [ 212.665758][ T8859] dccp_v6_connect+0xdaa/0x1990 [ 212.670643][ T8859] ? dccp_v6_init_sock+0xa0/0xa0 [ 212.675622][ T8859] __inet_stream_connect+0x83f/0xea0 [ 212.680921][ T8859] ? dccp_v6_init_sock+0xa0/0xa0 [ 212.685882][ T8859] ? __inet_stream_connect+0x83f/0xea0 [ 212.691357][ T8859] ? mark_held_locks+0xa4/0xf0 [ 212.696160][ T8859] ? inet_dgram_connect+0x2e0/0x2e0 [ 212.701372][ T8859] ? lock_sock_nested+0x9a/0x120 [ 212.706325][ T8859] ? trace_hardirqs_on+0x67/0x230 [ 212.711359][ T8859] ? lock_sock_nested+0x9a/0x120 [ 212.716316][ T8859] ? __local_bh_enable_ip+0x15a/0x270 [ 212.722140][ T8859] inet_stream_connect+0x58/0xa0 [ 212.727113][ T8859] __sys_connect+0x266/0x330 [ 212.731722][ T8859] ? __ia32_sys_accept+0xb0/0xb0 [ 212.736669][ T8859] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 212.742920][ T8859] ? put_timespec64+0xda/0x140 [ 212.747723][ T8859] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 212.753198][ T8859] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 212.758678][ T8859] ? do_syscall_64+0x26/0x610 [ 212.763374][ T8859] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 212.769455][ T8859] ? do_syscall_64+0x26/0x610 [ 212.774163][ T8859] __x64_sys_connect+0x73/0xb0 [ 212.778958][ T8859] do_syscall_64+0x103/0x610 [ 212.783656][ T8859] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 212.789557][ T8859] RIP: 0033:0x4582b9 [ 212.793458][ T8859] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 212.813070][ T8859] RSP: 002b:00007fabff3f9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 212.821959][ T8859] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 212.829966][ T8859] RDX: 000000000000001c RSI: 0000000020419000 RDI: 0000000000000005 [ 212.837968][ T8859] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 212.845966][ T8859] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fabff3fa6d4 [ 212.853960][ T8859] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff 01:59:28 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25) 01:59:28 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc67a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3d5, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r0, 0x5) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) 01:59:28 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r0, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) write$cgroup_pid(r1, &(0x7f0000000080), 0xdc0f8a25) [ 212.942230][ T8853] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/8853 [ 212.951725][ T8853] caller is ip6_finish_output+0x335/0xdc0 [ 212.957481][ T8853] CPU: 1 PID: 8853 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 212.966535][ T8853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 212.966542][ T8853] Call Trace: [ 212.966572][ T8853] dump_stack+0x172/0x1f0 [ 212.966600][ T8853] __this_cpu_preempt_check+0x246/0x270 [ 212.966621][ T8853] ip6_finish_output+0x335/0xdc0 [ 212.966646][ T8853] ip6_output+0x235/0x7f0 [ 212.966667][ T8853] ? ip6_finish_output+0xdc0/0xdc0 [ 212.966690][ T8853] ? ip6_fragment+0x3980/0x3980 [ 212.966719][ T8853] ? kasan_check_read+0x11/0x20 [ 212.966741][ T8853] ip6_xmit+0xe41/0x20c0 01:59:28 executing program 3: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f0000000340)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r2 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r2, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) [ 212.966769][ T8853] ? ip6_finish_output2+0x2550/0x2550 01:59:28 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$inet_sctp(0x2, 0x3, 0x84) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x1000001, 0x10, 0xffffffffffffffff, 0x0) fcntl$F_SET_RW_HINT(r1, 0x40c, &(0x7f0000000440)) 01:59:28 executing program 4: shmget(0xffffffffffffffff, 0x2000, 0x0, &(0x7f0000ffe000/0x2000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0xa000000200000000, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000343ff8)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 212.966789][ T8853] ? mark_held_locks+0xf0/0xf0 [ 212.966811][ T8853] ? ip6_setup_cork+0x1870/0x1870 01:59:28 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc67a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3d5, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r0, 0x5) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) 01:59:28 executing program 3: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f0000000340)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r2 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r2, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) [ 212.966845][ T8853] sctp_v6_xmit+0x313/0x660 [ 212.966868][ T8853] sctp_packet_transmit+0x1bc4/0x36f0 [ 212.966905][ T8853] ? sctp_packet_config+0xfe0/0xfe0 [ 212.966925][ T8853] ? sctp_packet_append_chunk+0x946/0xda0 [ 212.966940][ T8853] ? sctp_outq_select_transport+0x21a/0x790 01:59:28 executing program 0: ioctl$RTC_ALM_READ(0xffffffffffffffff, 0x80247008, 0x0) sched_setaffinity(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xfffffffffffffffe) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0xa000000200000000, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000343ff8)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 212.966975][ T8853] sctp_outq_flush_ctrl.constprop.0+0x6d4/0xd50 [ 212.967000][ T8853] ? sctp_prsctp_prune_sent.isra.0+0x820/0x820 [ 212.967015][ T8853] ? lock_downgrade+0x880/0x880 [ 212.967040][ T8853] ? add_timer+0x400/0x930 [ 212.967056][ T8853] ? find_held_lock+0x35/0x130 [ 212.967074][ T8853] ? add_timer+0x41e/0x930 [ 212.967092][ T8853] sctp_outq_flush+0xe8/0x2780 [ 212.967105][ T8853] ? mark_held_locks+0xa4/0xf0 [ 212.967120][ T8853] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 01:59:28 executing program 3: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f0000000340)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) socket$inet_udplite(0x2, 0x2, 0x88) listen(r0, 0x4) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) [ 212.967133][ T8853] ? add_timer+0x41e/0x930 [ 212.967146][ T8853] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 212.967161][ T8853] ? lockdep_hardirqs_on+0x418/0x5d0 [ 212.967179][ T8853] ? trace_hardirqs_on+0x67/0x230 [ 212.967196][ T8853] ? __sctp_outq_teardown+0xc60/0xc60 [ 212.967221][ T8853] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 212.967234][ T8853] ? sctp_outq_tail+0x68c/0x930 [ 212.967251][ T8853] sctp_outq_uncork+0x6c/0x80 [ 212.967266][ T8853] sctp_do_sm+0x2575/0x5770 [ 212.967282][ T8853] ? sctp_hash_transport+0xdb1/0x18d0 01:59:29 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502) write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25) [ 212.967305][ T8853] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 212.967322][ T8853] ? __local_bh_enable_ip+0x15a/0x270 [ 212.967339][ T8853] ? lock_downgrade+0x880/0x880 [ 212.967353][ T8853] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 212.967371][ T8853] ? kasan_check_read+0x11/0x20 [ 212.967389][ T8853] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 212.967405][ T8853] ? sctp_hash_transport+0x10b/0x18d0 [ 212.967438][ T8853] ? memcpy+0x46/0x50 [ 212.967453][ T8853] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 01:59:29 executing program 3: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f0000000340)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) socket$inet_udplite(0x2, 0x2, 0x88) listen(r0, 0x4) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) [ 212.967468][ T8853] ? sctp_assoc_set_primary+0x274/0x310 [ 212.967489][ T8853] sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 212.967508][ T8853] __sctp_connect+0x8cd/0xce0 [ 212.967532][ T8853] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 212.967555][ T8853] ? _copy_from_user+0xe9/0x150 [ 212.967573][ T8853] ? security_sctp_bind_connect+0x99/0xd0 [ 212.967594][ T8853] __sctp_setsockopt_connectx+0x133/0x1a0 [ 212.967612][ T8853] sctp_setsockopt+0x15db/0x6fe0 [ 212.967633][ T8853] ? sctp_setsockopt_paddr_thresholds+0x540/0x540 [ 212.967647][ T8853] ? retint_kernel+0x2d/0x2d [ 212.967668][ T8853] ? ___might_sleep+0x163/0x280 [ 212.967685][ T8853] ? __might_sleep+0x95/0x190 [ 212.967704][ T8853] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 212.967726][ T8853] ? aa_sk_perm+0x288/0x880 [ 212.967750][ T8853] ? aa_sock_opt_perm.isra.0+0xa1/0x130 [ 212.967771][ T8853] sock_common_setsockopt+0x9a/0xe0 [ 212.967792][ T8853] __sys_setsockopt+0x180/0x280 [ 212.967810][ T8853] ? kernel_accept+0x310/0x310 [ 212.967840][ T8853] __x64_sys_setsockopt+0xbe/0x150 [ 212.967855][ T8853] ? __ia32_sys_recv+0x100/0x100 [ 212.967874][ T8853] do_syscall_64+0x103/0x610 [ 212.967892][ T8853] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 212.967904][ T8853] RIP: 0033:0x4582b9 [ 212.967919][ T8853] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 212.967928][ T8853] RSP: 002b:00007ff9ab33cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 212.967942][ T8853] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004582b9 [ 212.967961][ T8853] RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000005 [ 212.967970][ T8853] RBP: 000000000073bf00 R08: 000000000000001c R09: 0000000000000000 [ 212.967979][ T8853] R10: 000000002055bfe4 R11: 0000000000000246 R12: 00007ff9ab33d6d4 [ 212.967988][ T8853] R13: 00000000004cd198 R14: 00000000004dafa0 R15: 00000000ffffffff [ 213.072397][ T8872] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/8872 [ 213.072479][ T8872] caller is ip6_finish_output+0x335/0xdc0 [ 213.072550][ T8872] CPU: 1 PID: 8872 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 213.072560][ T8872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 213.072566][ T8872] Call Trace: [ 213.072588][ T8872] dump_stack+0x172/0x1f0 [ 213.072616][ T8872] __this_cpu_preempt_check+0x246/0x270 [ 213.072638][ T8872] ip6_finish_output+0x335/0xdc0 [ 213.072664][ T8872] ip6_output+0x235/0x7f0 [ 213.072685][ T8872] ? ip6_finish_output+0xdc0/0xdc0 [ 213.072714][ T8872] ? ip6_fragment+0x3980/0x3980 [ 213.072741][ T8872] ? kasan_check_read+0x11/0x20 [ 213.072764][ T8872] ip6_xmit+0xe41/0x20c0 [ 213.072783][ T8872] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 213.072813][ T8872] ? ip6_finish_output2+0x2550/0x2550 [ 213.072831][ T8872] ? mark_held_locks+0xf0/0xf0 [ 213.072846][ T8872] ? lockdep_hardirqs_on+0x418/0x5d0 [ 213.072866][ T8872] ? ip6_setup_cork+0x1870/0x1870 [ 213.072905][ T8872] sctp_v6_xmit+0x313/0x660 [ 213.072932][ T8872] sctp_packet_transmit+0x1bc4/0x36f0 [ 213.072984][ T8872] ? sctp_packet_config+0xfe0/0xfe0 [ 213.073005][ T8872] ? sctp_packet_append_chunk+0x93e/0xda0 [ 213.073026][ T8872] ? sctp_packet_append_chunk+0x946/0xda0 [ 213.073052][ T8872] sctp_outq_flush_ctrl.constprop.0+0x6d4/0xd50 [ 213.073076][ T8872] ? sctp_prsctp_prune_sent.isra.0+0x820/0x820 [ 213.073092][ T8872] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 213.073123][ T8872] ? mark_held_locks+0xa4/0xf0 [ 213.073144][ T8872] sctp_outq_flush+0xe8/0x2780 [ 213.073160][ T8872] ? retint_kernel+0x2d/0x2d [ 213.073180][ T8872] ? trace_hardirqs_on_caller+0x6a/0x220 [ 213.073201][ T8872] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 213.073222][ T8872] ? __sctp_outq_teardown+0xc60/0xc60 [ 213.073255][ T8872] sctp_outq_uncork+0x6c/0x80 [ 213.073274][ T8872] sctp_do_sm+0x2575/0x5770 [ 213.073293][ T8872] ? sctp_hash_transport+0xdb1/0x18d0 [ 213.073321][ T8872] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 213.073340][ T8872] ? __local_bh_enable_ip+0x15a/0x270 [ 213.073361][ T8872] ? mark_held_locks+0xa4/0xf0 [ 213.073378][ T8872] ? trace_hardirqs_on_thunk+0x1a/0x1c 01:59:29 executing program 5: r0 = syz_open_dev$usb(&(0x7f0000000100)='/dev/bus/usb/00#/00#\x00', 0xe, 0x1) socket$inet6(0xa, 0x1, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_BIND(r0, 0x0, 0x0) socketpair$unix(0x1, 0x400000001, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000280)) pselect6(0x40, &(0x7f00000000c0)={0x8, 0x0, 0x800000000000000}, 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), 0x0) [ 213.073395][ T8872] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 213.073411][ T8872] ? lockdep_hardirqs_on+0x418/0x5d0 [ 213.073426][ T8872] ? retint_kernel+0x2d/0x2d [ 213.073443][ T8872] ? trace_hardirqs_on_caller+0x6a/0x220 [ 213.073460][ T8872] ? sctp_hash_transport+0x10b/0x18d0 [ 213.073481][ T8872] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 213.073525][ T8872] sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 213.073547][ T8872] __sctp_connect+0x8cd/0xce0 [ 213.073574][ T8872] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 01:59:29 executing program 5: r0 = semget$private(0x0, 0xc, 0x0) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000080)=[0x200]) semop(r0, &(0x7f0000000100), 0x2d) semctl$GETZCNT(r0, 0x3, 0xf, 0x0) [ 213.073602][ T8872] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 213.073618][ T8872] ? _copy_from_user+0xdd/0x150 [ 213.073640][ T8872] ? security_sctp_bind_connect+0x99/0xd0 [ 213.073664][ T8872] __sctp_setsockopt_connectx+0x133/0x1a0 [ 213.073686][ T8872] sctp_setsockopt+0x15db/0x6fe0 [ 213.073702][ T8872] ? retint_kernel+0x2d/0x2d [ 213.073731][ T8872] ? sctp_setsockopt_paddr_thresholds+0x540/0x540 [ 213.073750][ T8872] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 213.073773][ T8872] ? ___might_sleep+0x163/0x280 [ 213.073791][ T8872] ? __might_sleep+0x95/0x190 [ 213.073812][ T8872] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 213.073827][ T8872] ? aa_sk_perm+0x288/0x880 [ 213.073842][ T8872] ? aa_sock_opt_perm.isra.0+0x1b/0x130 [ 213.073867][ T8872] ? aa_sock_opt_perm.isra.0+0xa1/0x130 [ 213.073890][ T8872] sock_common_setsockopt+0x9a/0xe0 [ 213.073914][ T8872] __sys_setsockopt+0x180/0x280 [ 213.073934][ T8872] ? kernel_accept+0x310/0x310 [ 213.073977][ T8872] __x64_sys_setsockopt+0xbe/0x150 [ 213.073996][ T8872] ? do_syscall_64+0xfe/0x610 [ 213.074015][ T8872] do_syscall_64+0x103/0x610 [ 213.074036][ T8872] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 213.074049][ T8872] RIP: 0033:0x4582b9 [ 213.074068][ T8872] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 213.074077][ T8872] RSP: 002b:00007f4ee86eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 213.074095][ T8872] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004582b9 [ 213.074105][ T8872] RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000005 [ 213.074115][ T8872] RBP: 000000000073bf00 R08: 000000000000001c R09: 0000000000000000 [ 213.074125][ T8872] R10: 000000002055bfe4 R11: 0000000000000246 R12: 00007f4ee86ef6d4 [ 213.074136][ T8872] R13: 00000000004cd198 R14: 00000000004dafa0 R15: 00000000ffffffff [ 213.171424][ T8853] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/8853 [ 213.171494][ T8853] caller is ip6_finish_output+0x335/0xdc0 [ 213.171535][ T8853] CPU: 0 PID: 8853 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 213.171550][ T8853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 213.171562][ T8853] Call Trace: [ 213.171586][ T8853] dump_stack+0x172/0x1f0 [ 213.171611][ T8853] __this_cpu_preempt_check+0x246/0x270 [ 213.171633][ T8853] ip6_finish_output+0x335/0xdc0 [ 213.171664][ T8853] ip6_output+0x235/0x7f0 [ 213.171685][ T8853] ? ip6_finish_output+0xdc0/0xdc0 [ 213.171706][ T8853] ? retint_kernel+0x2d/0x2d [ 213.171734][ T8853] ? ip6_fragment+0x3980/0x3980 [ 213.171759][ T8853] ? ip6_xmit+0xdf6/0x20c0 [ 213.171779][ T8853] ? ip6_xmit+0xe04/0x20c0 [ 213.171800][ T8853] ip6_xmit+0xe41/0x20c0 [ 213.171831][ T8853] ? ip6_finish_output2+0x2550/0x2550 [ 213.171859][ T8853] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 213.171880][ T8853] ? ip6_setup_cork+0x1870/0x1870 [ 213.171899][ T8853] ? retint_kernel+0x2d/0x2d [ 213.171933][ T8853] sctp_v6_xmit+0x313/0x660 [ 213.171968][ T8853] sctp_packet_transmit+0x1bc4/0x36f0 [ 213.172011][ T8853] ? sctp_packet_config+0xfe0/0xfe0 [ 213.172048][ T8853] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 213.172077][ T8853] ? retint_kernel+0x2d/0x2d [ 213.172100][ T8853] ? trace_hardirqs_on_caller+0x6a/0x220 [ 213.172127][ T8853] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 213.172156][ T8853] sctp_outq_flush+0x2b8/0x2780 [ 213.172178][ T8853] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 213.172200][ T8853] ? lockdep_hardirqs_on+0x418/0x5d0 [ 213.172228][ T8853] ? retint_kernel+0x2d/0x2d [ 213.172248][ T8853] ? trace_hardirqs_on_caller+0x6a/0x220 [ 213.172278][ T8853] ? __sctp_outq_teardown+0xc60/0xc60 [ 213.172309][ T8853] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 213.172328][ T8853] ? sctp_outq_tail+0x68c/0x930 [ 213.172346][ T8853] sctp_outq_uncork+0x6c/0x80 [ 213.172366][ T8853] sctp_do_sm+0x2575/0x5770 [ 213.172398][ T8853] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 213.172415][ T8853] ? mark_held_locks+0xa4/0xf0 [ 213.172428][ T8853] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 213.172439][ T8853] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 213.172450][ T8853] ? lockdep_hardirqs_on+0x418/0x5d0 [ 213.172462][ T8853] ? retint_kernel+0x2d/0x2d [ 213.172476][ T8853] ? trace_hardirqs_on_caller+0x6a/0x220 [ 213.172493][ T8853] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 213.172521][ T8853] ? ktime_get+0x12e/0x300 [ 213.172533][ T8853] ? ktime_get+0x133/0x300 [ 213.172546][ T8853] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 213.172558][ T8853] ? ktime_get+0x208/0x300 [ 213.172576][ T8853] sctp_assoc_bh_rcv+0x343/0x660 [ 213.172597][ T8853] sctp_inq_push+0x1ea/0x290 [ 213.172615][ T8853] sctp_backlog_rcv+0x196/0xbe0 [ 213.172636][ T8853] ? sctp_hash_obj+0x600/0x600 [ 213.172669][ T8853] __release_sock+0x12e/0x3a0 [ 213.172699][ T8853] release_sock+0x59/0x1c0 [ 213.172728][ T8853] sctp_wait_for_connect+0x316/0x540 [ 213.172749][ T8853] ? sctp_get_port+0x180/0x180 [ 213.172773][ T8853] ? memcpy+0x46/0x50 [ 213.172794][ T8853] ? finish_wait+0x260/0x260 [ 213.172816][ T8853] ? sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 213.172836][ T8853] __sctp_connect+0xac2/0xce0 [ 213.172867][ T8853] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 213.172897][ T8853] ? _copy_from_user+0xe9/0x150 [ 213.172921][ T8853] ? security_sctp_bind_connect+0x99/0xd0 [ 213.172942][ T8853] __sctp_setsockopt_connectx+0x133/0x1a0 [ 213.172974][ T8853] sctp_setsockopt+0x15db/0x6fe0 [ 213.172996][ T8853] ? sctp_setsockopt_paddr_thresholds+0x540/0x540 [ 213.173015][ T8853] ? retint_kernel+0x2d/0x2d [ 213.173037][ T8853] ? ___might_sleep+0x163/0x280 [ 213.173057][ T8853] ? __might_sleep+0x95/0x190 [ 213.173078][ T8853] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 213.173099][ T8853] ? aa_sk_perm+0x288/0x880 [ 213.173158][ T8853] ? aa_sock_opt_perm.isra.0+0xa1/0x130 [ 213.173178][ T8853] sock_common_setsockopt+0x9a/0xe0 [ 213.173214][ T8853] __sys_setsockopt+0x180/0x280 [ 213.173253][ T8853] ? kernel_accept+0x310/0x310 [ 213.173304][ T8853] __x64_sys_setsockopt+0xbe/0x150 [ 213.173325][ T8853] ? __ia32_sys_recv+0x100/0x100 [ 213.173351][ T8853] do_syscall_64+0x103/0x610 [ 213.173372][ T8853] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 213.173390][ T8853] RIP: 0033:0x4582b9 [ 213.173410][ T8853] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 213.173425][ T8853] RSP: 002b:00007ff9ab33cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 213.173454][ T8853] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004582b9 [ 213.173483][ T8853] RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000005 [ 213.173499][ T8853] RBP: 000000000073bf00 R08: 000000000000001c R09: 0000000000000000 [ 213.173516][ T8853] R10: 000000002055bfe4 R11: 0000000000000246 R12: 00007ff9ab33d6d4 [ 213.173550][ T8853] R13: 00000000004cd198 R14: 00000000004dafa0 R15: 00000000ffffffff [ 213.183549][ T8872] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/8872 [ 213.183633][ T8872] caller is ip6_finish_output+0x335/0xdc0 [ 213.183705][ T8872] CPU: 1 PID: 8872 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 213.183721][ T8872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 213.183727][ T8872] Call Trace: [ 213.183750][ T8872] dump_stack+0x172/0x1f0 [ 213.183777][ T8872] __this_cpu_preempt_check+0x246/0x270 [ 213.183798][ T8872] ip6_finish_output+0x335/0xdc0 [ 213.183823][ T8872] ip6_output+0x235/0x7f0 [ 213.183844][ T8872] ? ip6_finish_output+0xdc0/0xdc0 [ 213.183861][ T8872] ? retint_kernel+0x2d/0x2d [ 213.183882][ T8872] ? ip6_fragment+0x3980/0x3980 [ 213.183903][ T8872] ? ip6_xmit+0x1204/0x20c0 [ 213.183923][ T8872] ip6_xmit+0xe41/0x20c0 [ 213.183962][ T8872] ? ip6_finish_output2+0x2550/0x2550 [ 213.183983][ T8872] ? mark_held_locks+0xf0/0xf0 [ 213.184006][ T8872] ? ip6_setup_cork+0x1870/0x1870 [ 213.184043][ T8872] sctp_v6_xmit+0x313/0x660 [ 213.184071][ T8872] sctp_packet_transmit+0x1bc4/0x36f0 [ 213.184110][ T8872] ? sctp_packet_config+0xfe0/0xfe0 [ 213.184127][ T8872] ? sctp_sched_dequeue_common+0x340/0x340 [ 213.184143][ T8872] ? sctp_outq_flush+0xb62/0x2780 [ 213.184162][ T8872] ? __sanitizer_cov_trace_pc+0x1/0x50 [ 213.184184][ T8872] sctp_outq_flush+0x2b8/0x2780 [ 213.184201][ T8872] ? retint_kernel+0x2d/0x2d [ 213.184227][ T8872] ? __sctp_outq_teardown+0xc60/0xc60 [ 213.184256][ T8872] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 213.184270][ T8872] ? sctp_outq_tail+0x68c/0x930 [ 213.184290][ T8872] sctp_outq_uncork+0x6c/0x80 [ 213.184307][ T8872] sctp_do_sm+0x2575/0x5770 [ 213.184335][ T8872] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 213.184352][ T8872] ? mark_held_locks+0xa4/0xf0 [ 213.184370][ T8872] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 213.184387][ T8872] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 213.184405][ T8872] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 213.184421][ T8872] ? lockdep_hardirqs_on+0x418/0x5d0 [ 213.184443][ T8872] ? sctp_assoc_bh_rcv+0x2fc/0x660 [ 213.184459][ T8872] ? find_held_lock+0x35/0x130 [ 213.184477][ T8872] ? sctp_assoc_bh_rcv+0x2fc/0x660 [ 213.184510][ T8872] ? trace_hardirqs_on+0x67/0x230 [ 213.184530][ T8872] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 213.184544][ T8872] ? ktime_get+0x208/0x300 [ 213.184564][ T8872] sctp_assoc_bh_rcv+0x343/0x660 [ 213.184591][ T8872] sctp_inq_push+0x1ea/0x290 [ 213.184613][ T8872] sctp_backlog_rcv+0x196/0xbe0 [ 213.184630][ T8872] ? __release_sock+0xca/0x3a0 [ 213.184653][ T8872] ? sctp_hash_obj+0x600/0x600 [ 213.184671][ T8872] ? __local_bh_enable_ip+0x18e/0x270 [ 213.184693][ T8872] __release_sock+0x12e/0x3a0 [ 213.184727][ T8872] release_sock+0x59/0x1c0 [ 213.184747][ T8872] sctp_wait_for_connect+0x316/0x540 [ 213.184772][ T8872] ? sctp_get_port+0x180/0x180 [ 213.184790][ T8872] ? finish_wait+0x260/0x260 [ 213.184814][ T8872] ? sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 213.184836][ T8872] __sctp_connect+0xac2/0xce0 [ 213.184862][ T8872] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 213.184887][ T8872] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 213.184901][ T8872] ? _copy_from_user+0xdd/0x150 [ 213.184922][ T8872] ? security_sctp_bind_connect+0x99/0xd0 [ 213.184943][ T8872] __sctp_setsockopt_connectx+0x133/0x1a0 [ 213.184974][ T8872] sctp_setsockopt+0x15db/0x6fe0 [ 213.184990][ T8872] ? retint_kernel+0x2d/0x2d [ 213.185012][ T8872] ? sctp_setsockopt_paddr_thresholds+0x540/0x540 [ 213.185040][ T8872] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 213.185063][ T8872] ? ___might_sleep+0x163/0x280 [ 213.185083][ T8872] ? __might_sleep+0x95/0x190 [ 213.185105][ T8872] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 213.185120][ T8872] ? aa_sk_perm+0x288/0x880 [ 213.185139][ T8872] ? aa_sock_opt_perm.isra.0+0x1b/0x130 [ 213.185162][ T8872] ? aa_sock_opt_perm.isra.0+0xa1/0x130 [ 213.185184][ T8872] sock_common_setsockopt+0x9a/0xe0 [ 213.185207][ T8872] __sys_setsockopt+0x180/0x280 [ 213.185226][ T8872] ? kernel_accept+0x310/0x310 [ 213.185259][ T8872] __x64_sys_setsockopt+0xbe/0x150 [ 213.185278][ T8872] ? do_syscall_64+0xfe/0x610 [ 213.185296][ T8872] do_syscall_64+0x103/0x610 [ 213.185317][ T8872] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 213.185329][ T8872] RIP: 0033:0x4582b9 [ 213.185349][ T8872] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 213.185358][ T8872] RSP: 002b:00007f4ee86eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 213.185374][ T8872] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004582b9 [ 213.185384][ T8872] RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000005 [ 213.185393][ T8872] RBP: 000000000073bf00 R08: 000000000000001c R09: 0000000000000000 [ 213.185403][ T8872] R10: 000000002055bfe4 R11: 0000000000000246 R12: 00007f4ee86ef6d4 [ 213.185411][ T8872] R13: 00000000004cd198 R14: 00000000004dafa0 R15: 00000000ffffffff [ 213.365530][ T8871] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/8871 [ 213.365601][ T8871] caller is ip6_finish_output+0x335/0xdc0 [ 213.365618][ T8871] CPU: 1 PID: 8871 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 213.365626][ T8871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 213.365631][ T8871] Call Trace: [ 213.365651][ T8871] dump_stack+0x172/0x1f0 [ 213.365676][ T8871] __this_cpu_preempt_check+0x246/0x270 [ 213.365695][ T8871] ip6_finish_output+0x335/0xdc0 [ 213.365724][ T8871] ip6_output+0x235/0x7f0 [ 213.365744][ T8871] ? ip6_finish_output+0xdc0/0xdc0 [ 213.365764][ T8871] ? ip6_fragment+0x3980/0x3980 [ 213.365786][ T8871] ? kasan_check_read+0x11/0x20 [ 213.365805][ T8871] ip6_xmit+0xe41/0x20c0 [ 213.365831][ T8871] ? ip6_finish_output2+0x2550/0x2550 [ 213.365849][ T8871] ? mark_held_locks+0xf0/0xf0 [ 213.365868][ T8871] ? ip6_setup_cork+0x1870/0x1870 [ 213.365902][ T8871] sctp_v6_xmit+0x313/0x660