[   36.612239][   T26] audit: type=1800 audit(1554688591.850:27): pid=7573 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   36.643367][   T26] audit: type=1800 audit(1554688591.860:28): pid=7573 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.
[   37.329640][   T26] audit: type=1800 audit(1554688592.630:29): pid=7573 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   37.356649][   T26] audit: type=1800 audit(1554688592.630:30): pid=7573 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.52' (ECDSA) to the list of known hosts.
2019/04/08 01:56:51 fuzzer started
2019/04/08 01:56:53 dialing manager at 10.128.0.26:34543
2019/04/08 01:56:54 syscalls: 2408
2019/04/08 01:56:54 code coverage: enabled
2019/04/08 01:56:54 comparison tracing: enabled
2019/04/08 01:56:54 extra coverage: extra coverage is not supported by the kernel
2019/04/08 01:56:54 setuid sandbox: enabled
2019/04/08 01:56:54 namespace sandbox: enabled
2019/04/08 01:56:54 Android sandbox: /sys/fs/selinux/policy does not exist
2019/04/08 01:56:54 fault injection: enabled
2019/04/08 01:56:54 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/04/08 01:56:54 net packet injection: enabled
2019/04/08 01:56:54 net device setup: enabled
01:59:02 executing program 0:

syzkaller login: [  187.422144][ T7739] IPVS: ftp: loaded support on port[0] = 21
01:59:02 executing program 1:

[  187.528665][ T7739] chnl_net:caif_netlink_parms(): no params data found
[  187.615895][ T7739] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.631227][ T7739] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.651736][ T7739] device bridge_slave_0 entered promiscuous mode
[  187.667471][ T7742] IPVS: ftp: loaded support on port[0] = 21
[  187.674284][ T7739] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.687107][ T7739] bridge0: port 2(bridge_slave_1) entered disabled state
[  187.695367][ T7739] device bridge_slave_1 entered promiscuous mode
01:59:03 executing program 2:

[  187.745983][ T7739] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  187.764628][ T7739] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  187.844429][ T7739] team0: Port device team_slave_0 added
[  187.867788][ T7739] team0: Port device team_slave_1 added
[  187.887353][ T7742] chnl_net:caif_netlink_parms(): no params data found
01:59:03 executing program 3:

[  187.954139][ T7739] device hsr_slave_0 entered promiscuous mode
[  188.111532][ T7739] device hsr_slave_1 entered promiscuous mode
01:59:03 executing program 4:

[  188.216004][ T7745] IPVS: ftp: loaded support on port[0] = 21
[  188.216077][ T7747] IPVS: ftp: loaded support on port[0] = 21
[  188.289503][ T7739] bridge0: port 2(bridge_slave_1) entered blocking state
[  188.296781][ T7739] bridge0: port 2(bridge_slave_1) entered forwarding state
[  188.304665][ T7739] bridge0: port 1(bridge_slave_0) entered blocking state
[  188.311767][ T7739] bridge0: port 1(bridge_slave_0) entered forwarding state
[  188.368554][ T7742] bridge0: port 1(bridge_slave_0) entered blocking state
[  188.384763][ T7742] bridge0: port 1(bridge_slave_0) entered disabled state
[  188.393872][ T7742] device bridge_slave_0 entered promiscuous mode
01:59:03 executing program 5:

[  188.432204][ T7742] bridge0: port 2(bridge_slave_1) entered blocking state
[  188.439311][ T7742] bridge0: port 2(bridge_slave_1) entered disabled state
[  188.451633][ T7750] IPVS: ftp: loaded support on port[0] = 21
[  188.467441][ T7742] device bridge_slave_1 entered promiscuous mode
[  188.563624][ T7742] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  188.578172][ T7742] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  188.597162][    T5] bridge0: port 1(bridge_slave_0) entered disabled state
[  188.615900][    T5] bridge0: port 2(bridge_slave_1) entered disabled state
[  188.650866][ T7742] team0: Port device team_slave_0 added
[  188.657977][ T7742] team0: Port device team_slave_1 added
[  188.703500][ T7739] 8021q: adding VLAN 0 to HW filter on device bond0
[  188.727769][ T7753] IPVS: ftp: loaded support on port[0] = 21
[  188.803213][ T7742] device hsr_slave_0 entered promiscuous mode
[  188.860675][ T7742] device hsr_slave_1 entered promiscuous mode
[  188.923831][ T7745] chnl_net:caif_netlink_parms(): no params data found
[  188.994332][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  189.002889][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  189.012988][ T7739] 8021q: adding VLAN 0 to HW filter on device team0
[  189.059005][ T7747] chnl_net:caif_netlink_parms(): no params data found
[  189.072570][ T7745] bridge0: port 1(bridge_slave_0) entered blocking state
[  189.079634][ T7745] bridge0: port 1(bridge_slave_0) entered disabled state
[  189.087870][ T7745] device bridge_slave_0 entered promiscuous mode
[  189.097565][ T7745] bridge0: port 2(bridge_slave_1) entered blocking state
[  189.104864][ T7745] bridge0: port 2(bridge_slave_1) entered disabled state
[  189.112930][ T7745] device bridge_slave_1 entered promiscuous mode
[  189.161874][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  189.170831][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  189.179172][ T7752] bridge0: port 1(bridge_slave_0) entered blocking state
[  189.186332][ T7752] bridge0: port 1(bridge_slave_0) entered forwarding state
[  189.199592][ T7750] chnl_net:caif_netlink_parms(): no params data found
[  189.243446][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  189.253275][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  189.268178][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[  189.275497][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[  189.302132][ T7747] bridge0: port 1(bridge_slave_0) entered blocking state
[  189.309320][ T7747] bridge0: port 1(bridge_slave_0) entered disabled state
[  189.317960][ T7747] device bridge_slave_0 entered promiscuous mode
[  189.325719][ T7747] bridge0: port 2(bridge_slave_1) entered blocking state
[  189.332900][ T7747] bridge0: port 2(bridge_slave_1) entered disabled state
[  189.340862][ T7747] device bridge_slave_1 entered promiscuous mode
[  189.349703][ T7745] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  189.384079][ T7745] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  189.405725][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  189.423438][ T7750] bridge0: port 1(bridge_slave_0) entered blocking state
[  189.430929][ T7750] bridge0: port 1(bridge_slave_0) entered disabled state
[  189.438592][ T7750] device bridge_slave_0 entered promiscuous mode
[  189.457337][ T7745] team0: Port device team_slave_0 added
[  189.476492][ T7747] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  189.486017][ T7750] bridge0: port 2(bridge_slave_1) entered blocking state
[  189.493898][ T7750] bridge0: port 2(bridge_slave_1) entered disabled state
[  189.501867][ T7750] device bridge_slave_1 entered promiscuous mode
[  189.515528][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  189.525268][ T7745] team0: Port device team_slave_1 added
[  189.546007][ T7747] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  189.585258][ T7750] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  189.599618][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  189.608264][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  189.616754][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  189.625441][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  189.634164][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  189.642648][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  189.651375][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  189.697519][ T7747] team0: Port device team_slave_0 added
[  189.704825][ T7750] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  189.722937][ T7739] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  189.735416][ T7739] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  189.748717][ T7753] chnl_net:caif_netlink_parms(): no params data found
[  189.763408][ T7747] team0: Port device team_slave_1 added
[  189.782997][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  189.791544][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  189.833420][ T7745] device hsr_slave_0 entered promiscuous mode
[  189.910852][ T7745] device hsr_slave_1 entered promiscuous mode
[  190.053295][ T7747] device hsr_slave_0 entered promiscuous mode
[  190.090831][ T7747] device hsr_slave_1 entered promiscuous mode
[  190.152015][ T7750] team0: Port device team_slave_0 added
[  190.163054][ T7742] 8021q: adding VLAN 0 to HW filter on device bond0
[  190.173146][ T7753] bridge0: port 1(bridge_slave_0) entered blocking state
[  190.183381][ T7753] bridge0: port 1(bridge_slave_0) entered disabled state
[  190.191340][ T7753] device bridge_slave_0 entered promiscuous mode
[  190.199247][ T7753] bridge0: port 2(bridge_slave_1) entered blocking state
[  190.206741][ T7753] bridge0: port 2(bridge_slave_1) entered disabled state
[  190.215416][ T7753] device bridge_slave_1 entered promiscuous mode
[  190.224581][ T7750] team0: Port device team_slave_1 added
[  190.234934][ T7739] 8021q: adding VLAN 0 to HW filter on device batadv0
[  190.267335][ T7753] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  190.294511][ T7753] bond0: Enslaving bond_slave_1 as an active interface with an up link
01:59:05 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = socket$inet6(0xa, 0x3, 0xff)
dup2(r0, r1)

[  190.334022][ T7742] 8021q: adding VLAN 0 to HW filter on device team0
[  190.348084][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  190.356075][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  190.462963][ T7750] device hsr_slave_0 entered promiscuous mode
[  190.500814][ T7750] device hsr_slave_1 entered promiscuous mode
[  190.571598][ T7753] team0: Port device team_slave_0 added
[  190.578838][ T7753] team0: Port device team_slave_1 added
[  190.586294][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  190.596091][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  190.604581][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[  190.611702][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[  190.693755][ T7753] device hsr_slave_0 entered promiscuous mode
[  190.731061][ T7753] device hsr_slave_1 entered promiscuous mode
[  190.774400][ T7749] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  190.782728][ T7749] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  190.791860][ T7749] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  190.800667][ T7749] bridge0: port 2(bridge_slave_1) entered blocking state
[  190.807770][ T7749] bridge0: port 2(bridge_slave_1) entered forwarding state
01:59:06 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vsock\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r3, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe93)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r4, 0x2000021000008912, &(0x7f0000000180)="0adc1f123c123f3188b070")

[  190.828697][ T7745] 8021q: adding VLAN 0 to HW filter on device bond0
[  190.868142][ T7769] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[  190.901267][ T7769] Unknown ioctl 1075883590
[  190.905830][ T7769] Unknown ioctl 1075883590
[  190.906168][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  190.910549][ T7769] Unknown ioctl 1075883590
[  190.919390][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  190.931395][ T7769] Unknown ioctl 1075883590
[  190.935966][ T7769] Unknown ioctl 1075883590
[  190.940590][ T7769] Unknown ioctl 1075883590
[  190.945139][ T7769] Unknown ioctl 1075883590
[  190.949627][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  190.951390][ T7769] Unknown ioctl 1075883590
[  190.962440][ T7769] Unknown ioctl 1075883590
[  190.964858][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  190.967019][ T7769] Unknown ioctl 1075883590
[  190.979385][ T7769] Unknown ioctl 1075883590
[  190.980133][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  190.985981][ T7769] Unknown ioctl 1075883590
[  190.993533][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  190.996587][ T7769] Unknown ioctl 1075883590
[  191.018384][ T7745] 8021q: adding VLAN 0 to HW filter on device team0
[  191.025446][ T7769] Unknown ioctl 1075883590
[  191.029162][ T7747] 8021q: adding VLAN 0 to HW filter on device bond0
[  191.029895][ T7769] Unknown ioctl 1075883590
[  191.044989][ T7769] Unknown ioctl 1075883590
[  191.049545][ T7769] Unknown ioctl 1075883590
[  191.054251][ T7769] Unknown ioctl 1075883590
[  191.059000][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  191.066902][ T7769] Unknown ioctl 1075883590
[  191.071638][ T7769] Unknown ioctl 1075883590
[  191.071967][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  191.076103][ T7769] Unknown ioctl 1075883590
[  191.076112][ T7769] Unknown ioctl 1075883590
[  191.076119][ T7769] Unknown ioctl 1075883590
[  191.076128][ T7769] Unknown ioctl 1075883590
[  191.076135][ T7769] Unknown ioctl 1075883590
[  191.094884][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  191.106549][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  191.119587][ T7770] Unknown ioctl 1075883590
[  191.127143][ T7770] Unknown ioctl 1075883590
[  191.127449][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  191.132109][ T7770] Unknown ioctl 1075883590
[  191.145176][ T7770] Unknown ioctl 1075883590
[  191.146653][ T7758] bridge0: port 1(bridge_slave_0) entered blocking state
[  191.149725][ T7770] Unknown ioctl 1075883590
[  191.156768][ T7758] bridge0: port 1(bridge_slave_0) entered forwarding state
[  191.157652][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  191.162512][ T7770] Unknown ioctl 1075883590
[  191.170877][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  191.178637][ T7770] Unknown ioctl 1075883590
[  191.186449][ T7758] bridge0: port 2(bridge_slave_1) entered blocking state
[  191.190414][ T7770] Unknown ioctl 1075883590
[  191.194443][ T7758] bridge0: port 2(bridge_slave_1) entered forwarding state
[  191.202464][ T7770] Unknown ioctl 1075883590
[  191.206573][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  191.219736][ T7770] Unknown ioctl 1075883590
[  191.247064][ T7742] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  191.263837][ T7742] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  191.270459][ T7770] Unknown ioctl 1075883590
[  191.279428][ T7770] Unknown ioctl 1075883590
[  191.291736][ T7770] Unknown ioctl 1075883590
01:59:06 executing program 0:
clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
wait4(0x0, 0x0, 0x80000000, 0x0)
exit_group(0x0)
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uhid\x00', 0x802, 0x0)
write$UHID_CREATE(r0, &(0x7f00000002c0)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000001c0)=""/219, 0xdb}, 0x120)
write$UHID_INPUT2(r0, &(0x7f0000000040), 0x6)

[  191.301015][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  191.309072][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  191.324222][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  191.336610][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
01:59:06 executing program 0:
syz_open_dev$dri(&(0x7f0000001080)='/dev/dri/card#\x00', 0x0, 0x0)
r0 = gettid()
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
setsockopt$bt_BT_FLUSHABLE(r1, 0x112, 0x8, &(0x7f0000000000)=0x1, 0x4)
timer_create(0x0, &(0x7f00000018c0)={0x0, 0x12}, &(0x7f0000000040))
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r0, 0x15)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00')
sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x78, r2, 0x2, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x44, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}, 0x6}}, {0x14, 0x2, @in={0x2, 0x4e21, @rand_addr=0x2}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x100}]}, @TIPC_NLA_LINK={0x20, 0x4, [@TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfce}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x4805}, 0x800)

[  191.347942][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  191.357629][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  191.369173][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  191.385423][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  191.394395][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  191.408243][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  191.417862][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  191.438921][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  191.441764][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.464826][ T7747] 8021q: adding VLAN 0 to HW filter on device team0
[  191.483413][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.495022][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.503702][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
01:59:06 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, 0x0, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f00000001c0)={0x2, 0xd, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x2, 0x0, 0x0, 0x0, {0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@loopback, @in=@remote}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x80}}, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)

[  191.506736][ T7742] 8021q: adding VLAN 0 to HW filter on device batadv0
[  191.512365][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.526450][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.529655][ T7745] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  191.551075][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  191.568642][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.580748][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.588362][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.593463][ T7753] 8021q: adding VLAN 0 to HW filter on device bond0
[  191.599271][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.608703][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  191.610797][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.618934][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  191.627565][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.639314][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  191.644861][    C0] hrtimer: interrupt took 36649 ns
[  191.647899][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  191.659988][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  191.664314][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.674524][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  191.678636][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.695369][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.702968][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.709766][ T7753] 8021q: adding VLAN 0 to HW filter on device team0
[  191.717131][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.724649][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.732745][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.740160][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.748342][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.755850][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.763575][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.771348][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.773508][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  191.779007][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.798411][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
01:59:07 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'team_slave_1\x00', 0x4fff})

01:59:07 executing program 1:
syz_mount_image$nfs(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x202000, 0x0)

[  191.826404][ T7758] bridge0: port 1(bridge_slave_0) entered blocking state
[  191.830486][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.834263][ T7758] bridge0: port 1(bridge_slave_0) entered forwarding state
[  191.846298][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.869247][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.885306][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.894745][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  191.902131][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.902153][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.902172][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.902193][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.902222][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.902242][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.902261][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.902281][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.902300][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.902320][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.902339][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.902366][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.916980][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  191.917384][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.932866][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.946920][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  191.948247][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.963103][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.976358][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  191.978336][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  191.986113][ T7758] bridge0: port 2(bridge_slave_1) entered blocking state
[  191.993323][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.000311][ T7758] bridge0: port 2(bridge_slave_1) entered forwarding state
[  192.006234][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  192.014559][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.023655][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  192.026118][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.040720][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  192.047401][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.060816][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  192.071743][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  192.076778][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.090410][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  192.110046][ T7745] 8021q: adding VLAN 0 to HW filter on device batadv0
[  192.115278][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.139462][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.153181][ T7750] 8021q: adding VLAN 0 to HW filter on device bond0
[  192.159358][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.166203][ T7747] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  192.168222][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.184650][ T7747] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  192.200570][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.222194][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  192.235182][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.239715][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  192.243601][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.257249][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  192.259453][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.268140][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  192.275319][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.275341][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.275361][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.275381][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.275400][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.275421][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.275441][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.275460][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.275480][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.275539][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.289937][ T7759] bridge0: port 1(bridge_slave_0) entered blocking state
[  192.298419][ T7759] bridge0: port 1(bridge_slave_0) entered forwarding state
[  192.306427][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.319221][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  192.328734][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  192.335586][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.350644][ T7759] bridge0: port 2(bridge_slave_1) entered blocking state
[  192.358630][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.365011][ T7759] bridge0: port 2(bridge_slave_1) entered forwarding state
[  192.371004][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  192.373495][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.387749][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  192.389761][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.401189][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  192.428832][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.452363][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
01:59:07 executing program 1:
socketpair$unix(0x1, 0x800000000000001, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = epoll_create1(0x0)
fsetxattr$trusted_overlay_nlink(0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffdbe, 0x0)
dup3(r0, r1, 0x0)
write$P9_RWRITE(0xffffffffffffffff, 0x0, 0x0)
setsockopt(r1, 0x0, 0x0, 0x0, 0x0)

[  192.476471][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.496356][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.502704][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  192.507799][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.519439][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.550519][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.564075][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.572835][ T7750] 8021q: adding VLAN 0 to HW filter on device team0
[  192.589674][ T7753] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
01:59:07 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net\x00\xab\xd4\xf0\xdd\xa4\xf5\x7f\xd0\x97\xe1\x9e\xaf\xfb\xf8\xac\xc5D?$p\x819P\xed\xb1\x01T\xb7s\x1a\xba\xacfK\xed\xa4\x01bG\xc5q\xaa\xfa\xe8\r\x00\tu\xbc\x8em!\xdau\xf1;\xd7\x8a\x9a\xbfJ$ 0\x17\x9a\v\xc6\xf3m\x9d\xfa\xc9\xcalo\xa6')
fstat(r0, &(0x7f00000000c0))

[  192.606001][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.637358][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.661934][ T7753] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  192.680283][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.687694][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.702761][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.705475][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  192.710167][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.720012][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  192.733755][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  192.734547][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.749417][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.757591][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.758402][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  192.765378][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.779913][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.783115][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  192.788110][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.800683][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  192.802372][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.810632][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  192.818307][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.831348][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  192.833176][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.846541][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  192.848550][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.857351][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  192.865133][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.878256][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  192.879797][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.888128][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  192.895817][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.909883][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  192.910268][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.922528][ T7747] 8021q: adding VLAN 0 to HW filter on device batadv0
[  192.935997][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.943749][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.947860][ T7753] 8021q: adding VLAN 0 to HW filter on device batadv0
[  192.951504][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.965779][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  192.965798][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.979274][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  192.980844][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.980865][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.980886][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.980907][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.980927][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.980958][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.980979][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.980999][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.981017][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  192.988632][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  192.996295][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.009645][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  193.011530][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.018756][ T7759] bridge0: port 1(bridge_slave_0) entered blocking state
[  193.026292][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.033182][ T7759] bridge0: port 1(bridge_slave_0) entered forwarding state
[  193.041189][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
01:59:08 executing program 3:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x3f00000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000, 0x1d36030000000000]}, @empty, @loopback})
ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, 0x0)
ioctl$EVIOCGKEY(0xffffffffffffffff, 0x80404518, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000740)={{{@in=@local, @in=@multicast2}}, {{@in=@remote}, 0x0, @in6=@mcast1}}, &(0x7f0000000840)=0xe8)
setresuid(0x0, 0xee01, 0x0)
write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000080)=ANY=[], 0x0)

[  193.071696][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.094291][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.120510][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  193.167472][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  193.169052][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.188039][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.196260][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.200149][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  193.205491][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.220293][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.224901][ T7759] bridge0: port 2(bridge_slave_1) entered blocking state
[  193.228436][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.234780][ T7759] bridge0: port 2(bridge_slave_1) entered forwarding state
[  193.235235][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  193.243648][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.252017][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  193.265870][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.292005][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.305083][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  193.315799][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.320831][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  193.330460][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.344689][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  193.360567][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  193.360753][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.369233][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  193.404436][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.405838][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  193.420130][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.423508][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  193.435301][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.441606][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  193.443130][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.458363][ T7750] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  193.459218][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.470607][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  193.473755][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.490928][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.498395][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.504116][ T7750] 8021q: adding VLAN 0 to HW filter on device batadv0
[  193.511145][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.520587][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.528323][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.536421][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.543981][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.551768][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.559246][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.567256][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.575175][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.583110][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.590986][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.598497][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
01:59:08 executing program 4:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d)
bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
write$binfmt_elf64(r0, &(0x7f0000001380)=ANY=[@ANYBLOB="7f454c4600000000000000000000000000003e00000000000000000000000000400000000000000000000000000000000000000000003800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000034e40d010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002f839a95000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f95c9d0ec9fb42d92d471cbe500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000068cf59650ca7"], 0x3d1)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4)
sendto$inet(r0, &(0x7f0000000f40)="03f4a2c970de1d9c3776a9481255ced5dbc57fe63cd931916a02bae17f7850aea473b1c2395dcc0f572febcadeb7fa0f2ee9dc78ccc69169ccfc0bf46dbaba25f3f5a75b77654c0cb9989ea026da080991348232bc2541328a29ec7e06942980144d2ae1b8811ef7af232c4bcb7d89d1aafda6e27d68ed8047debe4f6acdb39851142538045af7a37276d45101a908acd7e6586aaa477a1ed765207d078f", 0x9e, 0x0, 0x0, 0x0)

01:59:08 executing program 1:
futex(&(0x7f0000000040), 0x5, 0x0, 0x0, &(0x7f0000000180), 0x32ffffff)

01:59:08 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000140)='smaps_rollup\x00')
mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000000)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x42400)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000000)={@mcast2, 0x3, 0x0, 0x0, 0x8, 0x0, 0xffff}, 0x20)
bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0)
pread64(r2, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000100)={0x0, [0x0, 0x500000000000000]})
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000740)={{0x7f, 0x45, 0x4c, 0x46, 0x200, 0x0, 0x0, 0x10000, 0x0, 0x3, 0x3e, 0x0, 0x26f, 0x40, 0x96, 0x7cdf, 0x80000001, 0x38, 0x2, 0x0, 0x0, 0xf8}, [{0x6, 0x0, 0x101, 0xcf4, 0x7, 0xfffffffffffffffc, 0x12, 0x1}], "c36636bff591868e0e1f991a80bf5948bcee8e988ea091a8ead47ebf4c78d1ee2c1e509435ee8d5bca5d76adc851b93e"}, 0xa8)
fstat(0xffffffffffffffff, 0x0)
fcntl$setpipe(r2, 0x407, 0x401)
getresuid(0x0, &(0x7f0000000400), 0x0)
dup2(r0, r3)

01:59:08 executing program 2:
r0 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x1, 0x1000000031, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r0, 0x40bc5311, &(0x7f00000000c0)={0x0, 0x0, 'c\xfa\xa4\xe5\x9c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 0x0, "90c221442d02e7fe", "7f45f6e2d603e413ae8c4acb78a4d968b6f81b4260ddeee95680720e6ca4f77c"})

01:59:08 executing program 5:
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a})

01:59:08 executing program 3:
seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xffffffff}]})
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
chown(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)

[  193.617272][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.632852][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.643905][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.703610][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.749990][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.765495][   T26] audit: type=1326 audit(1554688749.070:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7828 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45b11a code=0xffff0000
[  193.802687][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
01:59:09 executing program 1:
r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0xfa3)
r1 = socket$kcm(0xa, 0x40122000000003, 0x11)
setsockopt$sock_attach_bpf(r1, 0x29, 0x24, 0x0, 0xf3233b94a6b988d)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, &(0x7f0000000240)=ANY=[])
bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x48)
gettid()
socketpair(0x1, 0x1, 0x0, &(0x7f0000000140)={<r2=>0x0, <r3=>0x0})
write$cgroup_int(r3, &(0x7f0000000980), 0xffffff4d)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
recvmsg$kcm(r2, &(0x7f0000000200)={&(0x7f0000000040)=@ax25, 0x2, &(0x7f0000000000)=[{&(0x7f0000000080)=""/151, 0xffffff77}], 0x1, &(0x7f00000001c0)=""/17, 0xffda}, 0x3f00)

01:59:09 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
fcntl$lock(r0, 0x7, &(0x7f0000002000)={0x1})
fcntl$lock(r0, 0x7, &(0x7f0000010000)={0x0, 0x0, 0x0, 0x4192})

[  193.852329][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.860113][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.890341][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
01:59:09 executing program 4:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000140)="0adc1f123c123f3188b070")
mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000540)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
dup3(r2, r0, 0x0)

[  193.911579][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.949129][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.964986][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.980704][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.988671][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  193.996590][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.004603][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
01:59:09 executing program 2:
recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x2b7, 0x0}}], 0x53, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f0000000040)={@remote}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f0000000140)={@remote={0xfe, 0x80, [], 0xffffffffffffffff}}, 0x20)
r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00')
preadv(r1, &(0x7f00000017c0), 0x3a8, 0x0)

[  194.038399][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.068223][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.094378][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.119671][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.145959][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.174004][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
01:59:09 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0)
syz_open_dev$swradio(0x0, 0xffffffffffffffff, 0x2)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7)
ioctl$TCFLSH(r0, 0x8910, 0x70a000)

[  194.192239][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.208758][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.224499][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.246798][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.266912][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.288864][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.299367][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.307067][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.314769][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.322616][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.331457][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.339147][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.348485][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.356159][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.363872][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.371454][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.380043][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.387815][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.395352][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.402939][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.410674][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.418099][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.425605][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.433066][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.440596][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.448181][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.455657][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.463156][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.470628][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.478050][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.486395][   T26] audit: type=1326 audit(1554688749.800:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7828 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45b11a code=0xffff0000
[  194.509181][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.516723][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.524239][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.531817][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.539393][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
01:59:09 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uhid\x00', 0x2, 0x0)
write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f00000000c0)=""/11, 0xb}, 0x120)

[  194.546869][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.554324][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.561777][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.569164][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.577086][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.584767][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.600350][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.617875][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.626286][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  194.634655][ T7749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
01:59:09 executing program 3:
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a})
dup2(r0, r2)

[  194.646629][ T7749] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  194.715569][ T7865] sp0: Synchronizing with TNC
01:59:10 executing program 4:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x72, 0x4)
bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000340)="206305edd00e5af621f142dbd62e7f2ea21e48c0be80fedb5a38eb8019e294a82910f72aba408eae12780f7da3a210c7d63a5f57c8c68d963f33b214cf9b9ee7afe2e54c2f761bd096ccdca5b1576f58261991c86acb7037bc30f28bc70aa6e9b012a2340ecd63da8fbe9564b37355d54cc6819be9262afbf1dd2b61dd2f4ebcb750137f5b3eb5ab72393af8d0908867874049b896f3fd352af32f004846342c47a0a5228faf0f8bd16d85654995a6ce054063f2ab82e6e9c140cf24fa18e5d08a67f2fd4fcccfe298cbfd153004cea2030fede44324f739202c2454ca2d8521be4cbe2daa2f7d13b3da3e235ce13a204d3a7e108e7aef1a937bbd2f15c347da13a5229327bdce3a7da375bd5341495768ba4dc3c160d1158d456a890bbf044a054ebae3ca4759fd2112a6b059c5a01c8aee3464306280ad6e375ea62a1cdf1bb672f96b280ff579f7d0acf072d613f13066b9c7d5f0b54dc983e180d5d08b2030160d6b50934bf47ff2be67b2a5530d0a6cccb280afae865867b7e6f4422466ff9fc051a07eff8a3880e432d3a643689f3de4bc7f6fc64941bda01609b58f6e694d37af7fd69662ae36923bd482de6693c97e23a319ed201b9697a67487dbbbdf83ba72b439eae7efc34c1a3d9a56d64b1584f0f7ff57167c0f86d8c78a0e1e431a938b1592064cb3054ad4b298d88953388fbfdb4c0abde466659bda384e17dbabffc2aa7be2ed64b901be8f8ee5fb5ec323fe3b5085ac21a33f6213d62ff1ad2bd0b3e3f1a16a8d64bb800b02301d6d414cd25b4d6ea8cbf7ea65e3a854bafe4189bba3321834180f0194eb1c81b17014f35e056200cf7d26678739b1623454365389d52fe7d63e0b5fb8af55ff2d3f78d6cbec4e6ea62c6a73d749474d7d1e029686f20f5dc1ff67e55a890409fba15ff689172d153ebeeb94b4ce728df34a858914339b3f5c161e63526e790eb588fb15a17af00e5293a1c15a457b6b8e7935fd8df006f37cdfb0fb4b19c95d2782611ea398de34dbc51b25294a8b570e275e94df2eadabca4fb608576850f2965e8dd22a7e12c83140e305931ae6c41f2af95a1f6febd8dc2b6accaf30800653573f9eab449065a32d34defcd6755f706351c172cb0b321e771eb96f67e17932009a0f13d8da2ac197b1b886ad9023ee6a2b6ff601d96021820a1a47471ec9a2f57d511735924dacafd63f175833f7955692a81a1cd39d7e73f2e3bac98308caeea2f915e9a745741ca8956b78b4a0047bf95ca113454c8fb8d21acc9cea63d76b5367c7e873bdccf85d0e0f776820bf6e9bca1e980da60c0f6adc078ae163bd59044c5f04e8e809e0f79f3922f9993ecc95666634c6e48d45520974ff998976fb45e87e3d9f8d4ce49797ef8d3e2f5dc742b2be2298696d5ca94df9cf8ef4f74c0b1b144ef4f7ec88f0cd120cf7be5ce3963c520014757767d31fda15f94d58e8a91cfe395c0bf372c21140360b3ce6d611b152e42e7854677a4f1b962d4caa85e742b8722321ae2efef681fa75ffbc4c942525a6de27dec6e1856b1f861a7727f9eb4b430c964587e7a5f47f9535a44df53f", 0x463, 0x0, 0x0, 0x0)

[  194.763730][ T7866] sp1: Synchronizing with TNC
01:59:10 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f0000000140)='/dev/snd/controlC#\x00', 0x7e0e7b3, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r0, 0xc4c85512, &(0x7f0000000180)={{0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0})

01:59:10 executing program 1:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
getsockopt$bt_hci(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0))
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getpgid(0xffffffffffffffff)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000044ff8)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
bind$unix(r1, &(0x7f0000000080)=@file={0x1, './file0\x00'}, 0x6e)
connect$unix(r1, &(0x7f00000bc000)=@abs, 0x8)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x80, 0x0)
connect$unix(r1, &(0x7f0000681000)=@abs, 0x8)
r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r3)
r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0)
write$binfmt_aout(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="0000000000000000000008000000000000000000001c3adde6863809aa0000004e2311a4a1027777bf4059f358dc1ab73301ad9a85afe827389338a0ddbe9f63e90900000000000000d94fcadcb572c54f42bb8c0d7de02d9bf774a2d8fa246a1f22796dbb1c"], 0x66)
perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe)
ioctl$RTC_ALM_READ(0xffffffffffffffff, 0x80247008, 0x0)
ioctl$RTC_PIE_OFF(r3, 0x7006)
mkdir(&(0x7f0000001540)='./file0\x00', 0x0)
getsockname$inet(r4, &(0x7f0000000240)={0x2, 0x0, @multicast1}, &(0x7f0000000300)=0x10)

01:59:10 executing program 3:
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KDSKBMODE(0xffffffffffffffff, 0x4b45, 0x0)
write$P9_RUNLINKAT(0xffffffffffffffff, 0x0, 0x0)
io_setup(0x0, 0x0)
io_submit(0x0, 0x0, 0x0)
write$P9_RREAD(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000002bc0)='/dev/urandom\x00', 0x202, 0x0)
write$P9_RCREATE(r0, 0x0, 0x0)

01:59:10 executing program 5:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070")
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uhid\x00', 0x2, 0x0)
write$UHID_CREATE(r1, &(0x7f0000001080)={0x0, 'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f00000000c0)=""/11, 0xb}, 0x120)
read(r1, &(0x7f00000003c0)=""/169, 0xa9)

01:59:10 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10)

01:59:10 executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
getsockopt$bt_hci(r0, 0x0, 0x3, &(0x7f0000000040)=""/117, &(0x7f00000000c0)=0x75)
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getpgid(0xffffffffffffffff)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000044ff8)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
bind$unix(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r1, &(0x7f00000bc000)=@abs, 0x8)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x80, 0x0)
connect$unix(r1, &(0x7f00003de000)=@file={0x1, './file0\x00'}, 0xa)
r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r3)
r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0)
write$binfmt_aout(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="0000000000000000000008000000000000000000001c3adde6863809aa0000004e2311a4a1027777bf4059f358dc1ab73301ad9a85afe827389338a0ddbe9f63e90900000000000000d94fcadcb572c54f42bb8c0d7de02d9bf774a2d8fa246a1f22796dbb1ceeb7bd4300"/116], 0x74)
perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe)
ioctl$RTC_ALM_READ(r3, 0x80247008, 0x0)
ioctl$RTC_PIE_OFF(r3, 0x7006)
mkdir(&(0x7f0000001540)='./file0\x00', 0x0)

01:59:10 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0)
syz_open_dev$swradio(0x0, 0xffffffffffffffff, 0x2)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7)
ioctl$TCFLSH(r0, 0x8910, 0x70a000)

[  195.228278][ T7749] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
01:59:10 executing program 3:
sched_setaffinity(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x800)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00')
sendfile(r1, r2, 0x0, 0x50000000000443)
ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)

[  195.276904][ T7749] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
01:59:10 executing program 2:
r0 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x80011, r0, 0x0)
syz_emit_ethernet(0x1, &(0x7f0000000100)=ANY=[@ANYBLOB="ffffffffffff0180c200000086dd60766051003018fffe8000000000000000000000000000ffff020000000000000000000000000001860090780814050060c5961e00000000ff010000000000000503000004000001ff020000000000000000000000000001368bf4d4785399e5404a6eb0503c00c3aa546c65149b7b0fa6b718b35b433ef4318fd5724be93485a9811359c82a226e6b62c6786366e8b5331be30adf488a29f81c0a47ebb6b636a9d5b47fa12e61c7914d49432045caa5cf63ba7ed179d34dc16b36a268ed715f0e6084923c35a77c25ce850d254e2a9b1100e1706a316a646137c3437afb2a10fcaf992d423df7c6b997cf0460852ce5ed5bd7ac52c35544db2c32a303698f65c1bad5e465875ebedbf36bc3250d356d1ff37bc77e583ce46bdd80e661792fe20dd3ea352c64acf1e836d59630d95b299855d0e201d152f6e9922d8d5e42f3d44f025c07c237"], 0x0)

[  195.345355][ T7749] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  195.378097][ T7933] sp0: Synchronizing with TNC
[  195.412426][ T7749] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  195.503853][ T7749] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  195.574744][ T7749] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  195.638567][ T7749] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  195.711686][ T7749] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  195.781322][ T7749] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  195.829923][ T7929] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 17)
[  195.847535][ T7749] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  195.889206][ T7929] FAT-fs (loop4): Filesystem has been set read-only
[  195.897707][ T7749] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  195.925817][ T7929] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 17)
[  195.975708][ T7749] hid-generic 0000:0000:0000.0002: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz1
01:59:11 executing program 3:
sched_setaffinity(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x800)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00')
sendfile(r1, r2, 0x0, 0x50000000000443)
ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)

[  196.024767][ T7758] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  196.047135][ T7929] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 17)
[  196.057163][ T7758] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  196.082662][ T7929] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 17)
01:59:11 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x76, 0x4)
bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10)
sendto$inet(r1, 0x0, 0x3a9, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
write$binfmt_elf64(r1, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0x7fce)

01:59:11 executing program 1:
seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xffffffff}]})
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
chdir(&(0x7f0000000040)='./file0\x00')

[  196.128040][ T7758] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
01:59:11 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0)
syz_open_dev$swradio(0x0, 0xffffffffffffffff, 0x2)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7)
ioctl$TCFLSH(r0, 0x8910, 0x70a000)

[  196.217071][ T7758] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  196.217479][ T7961] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 17)
[  196.258775][ T7758] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  196.283490][ T7961] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 17)
[  196.321435][ T7929] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 17)
[  196.333212][ T7758] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
01:59:11 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
syz_emit_ethernet(0x3e, &(0x7f0000000180)={@link_local, @empty, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev}, @icmp=@parameter_prob={0x24, 0x4, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @dev}}}}}}, 0x0)

01:59:11 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x200000000, 0x1, &(0x7f0000000140)=[{&(0x7f0000000340)="eb3c906d6b66732e66617400020401c46400000000f8a6", 0x17}], 0x0, 0x0)
r0 = socket$inet(0x2, 0x20000000000a, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc5f123c123f319bd070")
statfs(&(0x7f0000000800)='./file0\x00', &(0x7f0000000240)=""/102)

[  196.395056][   T26] audit: type=1326 audit(1554688751.700:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7983 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45b11a code=0xffff0000
[  196.398733][ T7758] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  196.452832][ T7929] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 17)
[  196.475516][ T7982] sp0: Synchronizing with TNC
[  196.536092][ T7995] syz-executor.2 uses obsolete (PF_INET,SOCK_PACKET)
[  196.552192][ T7758] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  196.577100][ T7758] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  196.602293][ T7758] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  196.670152][ T7758] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  196.719909][ T7758] hid-generic 0000:0000:0000.0003: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz1
01:59:12 executing program 5:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000300)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x7f, 0x400200007fe, &(0x7f0000000080)={0x2, 0x10084e23, @local}, 0x10)
sendmmsg(r0, &(0x7f0000006340)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002fc0)=[{0x10, 0x1}], 0x10}}], 0x1, 0x0)

01:59:12 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
semget$private(0x0, 0x0, 0xffffffffffffffff)
openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
semctl$GETPID(0x0, 0x0, 0xb, 0x0)
setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, 0x0, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f00000001c0)={0x2, 0xd, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x2, 0x0, 0x0, 0x0, {0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@loopback, @in=@remote}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x80}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000040)={@local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @remote}, @icmp=@timestamp_reply}}}}, 0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)

01:59:12 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0)
syz_open_dev$swradio(0x0, 0xffffffffffffffff, 0x2)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7)
ioctl$TCFLSH(r0, 0x8910, 0x70a000)

01:59:12 executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
getsockopt$bt_hci(r0, 0x0, 0x3, &(0x7f0000000040)=""/117, &(0x7f00000000c0)=0x75)
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getpgid(0xffffffffffffffff)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000044ff8)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
bind$unix(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r1, &(0x7f00000bc000)=@abs, 0x8)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x80, 0x0)
connect$unix(r1, &(0x7f00003de000)=@file={0x1, './file0\x00'}, 0xa)
r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r3)
r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0)
write$binfmt_aout(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="0000000000000000000008000000000000000000001c3adde6863809aa0000004e2311a4a1027777bf4059f358dc1ab73301ad9a85afe827389338a0ddbe9f63e90900000000000000d94fcadcb572c54f42bb8c0d7de02d9bf774a2d8fa246a1f22796dbb1ceeb7bd4300"/116], 0x74)
perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe)
ioctl$RTC_ALM_READ(r3, 0x80247008, 0x0)
ioctl$RTC_PIE_OFF(r3, 0x7006)
mkdir(&(0x7f0000001540)='./file0\x00', 0x0)

01:59:12 executing program 2:
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f00000001c0)={0x2, 0xd, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}, @sadb_x_policy={0x8, 0x12, 0x4, 0x0, 0x0, 0x0, 0x0, {0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@loopback, @in=@remote}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x80}}, 0x0)

[  197.057661][ T8018] sp0: Synchronizing with TNC
01:59:12 executing program 5:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000000)={'security\x00'}, &(0x7f0000000080)=0x54)

01:59:12 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
semget$private(0x0, 0x0, 0xffffffffffffffff)
openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
semctl$GETPID(0x0, 0x0, 0xb, 0x0)
setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, 0x0, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f00000001c0)={0x2, 0xd, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x2, 0x0, 0x0, 0x0, {0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@loopback, @in=@remote}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x80}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000040)={@local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @remote}, @icmp=@timestamp_reply}}}}, 0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)

[  197.184959][   T26] audit: type=1326 audit(1554688752.490:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7983 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45b11a code=0xffff0000
01:59:12 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
semget$private(0x0, 0x0, 0xffffffffffffffff)
openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
semctl$GETPID(0x0, 0x0, 0xb, 0x0)
setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, 0x0, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f00000001c0)={0x2, 0xd, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x2, 0x0, 0x0, 0x0, {0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@loopback, @in=@remote}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x80}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000040)={@local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @remote}, @icmp=@timestamp_reply}}}}, 0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)

01:59:12 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0)
syz_open_dev$swradio(0x0, 0xffffffffffffffff, 0x2)
ioctl$TCFLSH(r0, 0x8910, 0x70a000)

[  197.337829][ T8038] IPVS: ftp: loaded support on port[0] = 21
01:59:12 executing program 2:
creat(&(0x7f0000000100)='./bus\x00', 0x0)
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = open(&(0x7f0000000780)='./bus\x00', 0x14102e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x4002011, r0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, &(0x7f000000a000))

01:59:12 executing program 3:
r0 = socket(0x2000080000000010, 0x80802, 0x0)
write(r0, &(0x7f0000000140)="2400000058001ffaff07f404012304000a1ff51108000100028100020800028001000000", 0x24)

01:59:12 executing program 2:
r0 = socket$kcm(0xa, 0x2, 0x73)
r1 = dup(r0)
sendto$isdn(r1, 0x0, 0x0, 0x0, 0x0, 0x0)

01:59:13 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0)
syz_open_dev$swradio(0x0, 0xffffffffffffffff, 0x2)
ioctl$TCFLSH(r0, 0x8910, 0x70a000)

01:59:13 executing program 1:

01:59:13 executing program 3:
r0 = socket(0x2000080000000010, 0x80802, 0x0)
write(r0, &(0x7f0000000140)="2400000058001ffaff07f404012304000a1ff51108000100028100020800028001000000", 0x24)

01:59:13 executing program 4:

01:59:13 executing program 2:

[  198.236408][ T8038] IPVS: ftp: loaded support on port[0] = 21
01:59:13 executing program 5:

01:59:13 executing program 1:

01:59:13 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0)
syz_open_dev$swradio(0x0, 0xffffffffffffffff, 0x2)
ioctl$TCFLSH(r0, 0x8910, 0x70a000)

01:59:13 executing program 3:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d)
bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3)
write$binfmt_elf64(r0, &(0x7f0000001380)=ANY=[@ANYBLOB="7f454c4600000000000000000000000000003e00000000000000000000000000400000000000000000000000000000000000000000003800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000034e40d0100"/520], 0x208)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080), 0x4)
sendto$inet(r0, &(0x7f0000000f40)="03f4a2c970de1d9c3776a9481255ced5dbc57fe63cd931916a02bae17f7850aea473b1c2395dcc0f572febcadeb7fa0f2ee9dc78ccc69169ccfc0bf46dbaba25f3f5a75b77654c0cb9989ea026da080991348232bc2541328a29ec7e06942980144d2ae1b8811ef7af232c4bcb7d89d1aafda6e27d68ed8047debe4f6acdb39851142538045af7a37276d45101a908acd7e6586aaa477a1ed765207d078f68d3f09646ebb175b64f48673bab39a740b280f8876953befe1c9eb8b1494786cdda1a87dbce11989c23041ee130", 0xcc, 0x0, 0x0, 0x0)

01:59:13 executing program 2:
openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x208000, 0x0)
creat(&(0x7f0000000340)='./file0\x00', 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xa00000400, 0xffffbffeffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='nfs\x00', 0x0, &(0x7f000000a000))

01:59:13 executing program 4:

01:59:13 executing program 4:

01:59:13 executing program 1:

01:59:13 executing program 5:

01:59:13 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7)
ioctl$TCFLSH(r0, 0x8910, 0x70a000)

[  198.445086][ T2629] rpcbind: RPC call returned error 22
01:59:13 executing program 4:

01:59:13 executing program 1:

[  198.517582][  T141] rpcbind: RPC call returned error 22
01:59:13 executing program 3:

01:59:13 executing program 5:

01:59:13 executing program 2:

[  198.582191][ T8112] sp0: Synchronizing with TNC
01:59:13 executing program 4:

01:59:14 executing program 1:

01:59:14 executing program 3:

01:59:14 executing program 0:
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x7)
ioctl$TCFLSH(0xffffffffffffffff, 0x8910, 0x70a000)

01:59:14 executing program 2:

01:59:14 executing program 4:

01:59:14 executing program 5:

01:59:14 executing program 1:

01:59:14 executing program 3:

01:59:14 executing program 2:

01:59:14 executing program 0:
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x7)
ioctl$TCFLSH(0xffffffffffffffff, 0x8910, 0x70a000)

01:59:14 executing program 5:

01:59:14 executing program 4:

01:59:14 executing program 1:

01:59:14 executing program 3:

01:59:14 executing program 2:

01:59:14 executing program 4:

01:59:14 executing program 5:

01:59:14 executing program 0:
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x7)
ioctl$TCFLSH(0xffffffffffffffff, 0x8910, 0x70a000)

01:59:14 executing program 1:

01:59:14 executing program 3:

01:59:14 executing program 2:

01:59:14 executing program 3:

01:59:14 executing program 4:

01:59:14 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7)
ioctl$TCFLSH(r0, 0x8910, 0x70a000)

01:59:14 executing program 5:

01:59:14 executing program 1:

01:59:14 executing program 2:

01:59:15 executing program 3:

01:59:15 executing program 5:

01:59:15 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7)
ioctl$TCFLSH(r0, 0x8910, 0x70a000)

01:59:15 executing program 4:

01:59:15 executing program 1:

01:59:15 executing program 2:

01:59:15 executing program 3:

01:59:15 executing program 5:

01:59:15 executing program 4:

01:59:15 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7)
ioctl$TCFLSH(r0, 0x8910, 0x70a000)

01:59:15 executing program 5:

01:59:15 executing program 2:

01:59:15 executing program 1:

01:59:15 executing program 3:

01:59:15 executing program 4:

01:59:15 executing program 2:

01:59:15 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x7)
ioctl$TCFLSH(r0, 0x8910, 0x70a000)

01:59:15 executing program 3:

01:59:15 executing program 1:

01:59:15 executing program 4:

01:59:15 executing program 5:

01:59:15 executing program 2:

01:59:15 executing program 3:

01:59:15 executing program 1:

01:59:15 executing program 4:

01:59:15 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x7)
ioctl$TCFLSH(r0, 0x8910, 0x70a000)

01:59:15 executing program 3:

01:59:16 executing program 5:

01:59:16 executing program 2:

01:59:16 executing program 4:

01:59:16 executing program 3:
r0 = syz_open_dev$video4linux(&(0x7f0000000000)='/dev/v4l-subdev#\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0485619, &(0x7f00000000c0))

01:59:16 executing program 1:
r0 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x1, 0x1000000031, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r0, 0xc0bc5351, &(0x7f0000000000)={0x0, 0x0, 'client1\x00', 0x0, "3e45c69b5ee5b5d2", "e34dc5b89c496aa15f2c8be326739b2f48e58c54c822a21e8fbfd19f2daa096c"})

01:59:16 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x7)
ioctl$TCFLSH(r0, 0x8910, 0x70a000)

01:59:16 executing program 2:

01:59:16 executing program 4:

01:59:16 executing program 5:

01:59:16 executing program 3:

01:59:16 executing program 1:

01:59:16 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
ioctl$TCFLSH(r0, 0x8910, 0x70a000)

01:59:16 executing program 2:

01:59:16 executing program 5:

01:59:16 executing program 4:

01:59:16 executing program 3:

01:59:16 executing program 1:

01:59:16 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
ioctl$TCFLSH(r0, 0x8910, 0x70a000)

01:59:16 executing program 5:

01:59:16 executing program 4:

01:59:16 executing program 2:

01:59:16 executing program 3:

01:59:16 executing program 5:

01:59:16 executing program 1:

01:59:16 executing program 4:

01:59:16 executing program 2:

01:59:16 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
ioctl$TCFLSH(r0, 0x8910, 0x70a000)

01:59:16 executing program 3:

01:59:16 executing program 4:

01:59:16 executing program 1:

01:59:16 executing program 5:

01:59:16 executing program 2:

01:59:16 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040))
ioctl$TCFLSH(r0, 0x8910, 0x70a000)

01:59:17 executing program 3:

01:59:17 executing program 4:

01:59:17 executing program 2:

01:59:17 executing program 1:

01:59:17 executing program 5:

01:59:17 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040))
ioctl$TCFLSH(r0, 0x8910, 0x70a000)

01:59:17 executing program 3:

01:59:17 executing program 1:

01:59:17 executing program 4:

01:59:17 executing program 5:

01:59:17 executing program 2:

01:59:17 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040))
ioctl$TCFLSH(r0, 0x8910, 0x70a000)

01:59:17 executing program 5:

01:59:17 executing program 4:

01:59:17 executing program 1:

01:59:17 executing program 3:

01:59:17 executing program 2:

01:59:17 executing program 5:

01:59:17 executing program 4:

01:59:17 executing program 3:

01:59:17 executing program 5:

01:59:17 executing program 1:

01:59:17 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7)
ioctl$TCFLSH(0xffffffffffffffff, 0x8910, 0x70a000)

01:59:17 executing program 4:

01:59:17 executing program 2:

01:59:17 executing program 3:

[  202.431262][ T8373] sp0: Synchronizing with TNC
01:59:17 executing program 1:

01:59:17 executing program 5:

01:59:17 executing program 2:

01:59:17 executing program 4:

01:59:17 executing program 3:

01:59:17 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7)
ioctl$TCFLSH(0xffffffffffffffff, 0x8910, 0x70a000)

01:59:18 executing program 2:

01:59:18 executing program 1:

01:59:18 executing program 5:

01:59:18 executing program 4:

01:59:18 executing program 3:

[  202.843598][ T8409] sp0: Synchronizing with TNC
01:59:18 executing program 2:

01:59:18 executing program 5:

01:59:18 executing program 4:

01:59:18 executing program 1:

01:59:18 executing program 3:

01:59:18 executing program 2:

01:59:18 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7)
ioctl$TCFLSH(0xffffffffffffffff, 0x8910, 0x70a000)

01:59:18 executing program 4:

01:59:18 executing program 5:

01:59:18 executing program 1:

01:59:18 executing program 2:

01:59:18 executing program 3:

01:59:18 executing program 4:

01:59:18 executing program 5:

01:59:18 executing program 3:

01:59:18 executing program 1:

01:59:18 executing program 2:

01:59:18 executing program 4:

01:59:18 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7)
ioctl$TCFLSH(r0, 0x8910, 0x0)

01:59:18 executing program 3:

01:59:18 executing program 5:

01:59:18 executing program 2:

01:59:19 executing program 1:
recvmmsg(0xffffffffffffffff, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000080)=""/115, 0x73}], 0x1, 0x0, 0xfe79}}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='cmdline\x00')
preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0)

01:59:19 executing program 4:

01:59:19 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7)
ioctl$TCFLSH(r0, 0x8910, 0x0)

01:59:19 executing program 3:

01:59:19 executing program 2:

01:59:19 executing program 5:

01:59:19 executing program 4:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000580)={'nr0\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00', 0x801})
ioctl$TUNSETNOCSUM(r0, 0x400454c8, 0x0)

01:59:19 executing program 5:
r0 = socket$inet(0x2, 0x2, 0x8000002200000088)
sendto$inet(r0, 0x0, 0x0, 0x8084, &(0x7f0000000000)={0x2, 0x4e20}, 0x10)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
setsockopt$inet_udp_int(r0, 0x11, 0xa, &(0x7f0000000600), 0x4)
capset(0x0, 0x0)
r2 = open(0x0, 0x202c1, 0x0)
fallocate(r2, 0xffffffffffffffff, 0x4, 0x100000000)
symlinkat(&(0x7f0000000140)='./file0\x00', r2, &(0x7f0000000280)='./file0\x00')
fsetxattr$security_ima(r2, &(0x7f0000000040)='security.ima\x00', 0x0, 0x0, 0x0)
write$UHID_SET_REPORT_REPLY(r2, &(0x7f0000000180)={0xe, 0x5, 0x0, 0x3ff, 0x58, "d2d5435addd345db3983523af266c0e9305c6b0069e45e0341f40bd98138045097650ce4bc35db222a144a7b46f7c13b6bc6841810a79215835d415b8996bbeaafa7e214ab1dbf51498c421dc62bc054e196338c83af9f5a"}, 0x64)
ioctl$TIOCCONS(0xffffffffffffffff, 0x541d)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_PORTS(r2, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r4, 0x400, 0x70bd2a, 0x25dfdbfe}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x40001)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$nl_generic(r3, &(0x7f0000001400)={0x0, 0x4c00007e, &(0x7f00000013c0)={&(0x7f0000000100)={0x14, 0x17, 0x101, 0x0, 0x0, {0x4}}, 0x14}}, 0x0)

01:59:19 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
flistxattr(r0, &(0x7f0000000180)=""/143, 0x8f)
write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25)

01:59:19 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7)
ioctl$TCFLSH(r0, 0x8910, 0x0)

01:59:19 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
write$cgroup_pid(r1, &(0x7f0000000080), 0xdc0f8a25)

01:59:19 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket(0xa, 0x3, 0x8)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x541b, &(0x7f0000000180)={'bridge0\x00\x00\x00\x02k\x00'})

01:59:19 executing program 4:
r0 = syz_open_dev$sndseq(0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write$binfmt_elf64(r1, &(0x7f0000000040)=ANY=[], 0xfffffe4b)
recvmsg(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=""/55, 0x37}, 0x1)
pkey_alloc(0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x78)
syz_open_dev$evdev(0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f0000002bc0)=[{{0x0, 0xffffffffffffff74, &(0x7f0000002b00), 0x0, &(0x7f0000000080)=""/62, 0x3e}}], 0x20a, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, 0x0)

01:59:19 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
flistxattr(r0, &(0x7f0000000180)=""/143, 0x8f)
write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25)

[  204.401397][ T8512] sp0: Synchronizing with TNC
01:59:19 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
flistxattr(r0, &(0x7f0000000180)=""/143, 0x8f)
write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25)

01:59:20 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
write$cgroup_pid(r1, &(0x7f0000000080), 0xdc0f8a25)

01:59:20 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sndseq(&(0x7f0000000180)='/dev/snd/seq\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[], 0xfffffe4b)
recvmsg(0xffffffffffffffff, 0x0, 0x1)
pkey_alloc(0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x78)
fsetxattr$security_evm(0xffffffffffffffff, &(0x7f0000000280)='security.evm\x00', &(0x7f00000003c0)=ANY=[], 0x0, 0xfffffffffffffffe)
syz_open_dev$evdev(0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0xffffffffffffff74, &(0x7f0000002b00), 0x0, &(0x7f0000000080)=""/62, 0x3e}}], 0x20a, 0x0, 0x0)
clone(0x10020000, &(0x7f0000000200), 0x0, 0x0, 0x0)

01:59:20 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
flistxattr(r0, &(0x7f0000000180)=""/143, 0x8f)
write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25)

01:59:20 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
writev(r0, &(0x7f0000000000)=[{&(0x7f0000ae6fc7)="390000001100094701bb61e1c3050001070000000400000045efffff08009b0019001a000f000000220001071c06000004e9ff0004000d0005", 0x39}], 0x1)

01:59:20 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x21000008912, &(0x7f0000000240)="0adc1f123c123f3188b070")
clone(0x7ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)

01:59:20 executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000690000)={0x1c, 0x5001, 0x207, 0x1, 0x0, 0x0, {}, [@nested={0x8, 0x1, [@generic="06"]}]}, 0x1c}}, 0x24004000)

01:59:20 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
flistxattr(r0, &(0x7f0000000180)=""/143, 0x8f)
write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25)

01:59:20 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="da00000000000000693c8275000000009500000000000000"], 0x0, 0x1, 0xc3, &(0x7f0000000240)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70)

01:59:20 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
write$cgroup_pid(r1, &(0x7f0000000080), 0xdc0f8a25)

01:59:20 executing program 4:
socketpair$unix(0x1, 0x400000000005, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x910, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = socket(0x40000000002, 0x3, 0x2)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000140)='syz_tun\x00\x84\xa7\xb9\x9f\xc0|s\"', 0x19a)
sendto$unix(r1, 0x0, 0x0, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x6e)
readv(r1, &(0x7f0000000000)=[{&(0x7f0000000200)=""/175, 0xaf}], 0x1)
ioctl$SIOCGSTAMPNS(r1, 0x8907, &(0x7f00000001c0))

01:59:20 executing program 3:
syz_emit_ethernet(0x36, &(0x7f0000000080)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, @local={0xac, 0x34}}, @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0)

01:59:20 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25)

01:59:20 executing program 0:
r0 = socket$inet6(0xa, 0x3, 0x6)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
getsockopt$inet6_int(r0, 0x29, 0x11, &(0x7f0000534000), &(0x7f0000000180)=0x4)

01:59:20 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
write$cgroup_pid(r1, &(0x7f0000000080), 0xdc0f8a25)

[  205.376039][ T8585] raw_sendmsg: syz-executor.4 forgot to set AF_INET. Fix it!
[  205.397311][ T8585] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8585
[  205.411260][ T8585] caller is sk_mc_loop+0x1d/0x210
[  205.416363][ T8585] CPU: 0 PID: 8585 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19
[  205.425434][ T8585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  205.425492][ T8585] Call Trace:
[  205.425569][ T8585]  dump_stack+0x172/0x1f0
[  205.443231][ T8585]  __this_cpu_preempt_check+0x246/0x270
[  205.448800][ T8585]  sk_mc_loop+0x1d/0x210
[  205.453062][ T8585]  ip_mc_output+0x2ef/0xf70
[  205.453090][ T8585]  ? __ip_queue_xmit+0x1bf0/0x1bf0
[  205.462728][ T8585]  ? __ip_make_skb+0xf15/0x1820
[  205.462746][ T8585]  ? ip_append_data.part.0+0x170/0x170
[  205.462760][ T8585]  ? dst_release+0x62/0xb0
[  205.462775][ T8585]  ? __ip_make_skb+0xf93/0x1820
[  205.462795][ T8585]  ip_local_out+0xc4/0x1b0
[  205.486890][ T8585]  ip_send_skb+0x42/0xf0
[  205.491158][ T8585]  ip_push_pending_frames+0x64/0x80
[  205.496381][ T8585]  raw_sendmsg+0x1e6d/0x2f20
[  205.501010][ T8585]  ? compat_raw_getsockopt+0x100/0x100
[  205.506490][ T8585]  ? tomoyo_check_inet_address+0x321/0x700
[  205.512329][ T8585]  ? __fget+0x35a/0x550
[  205.516539][ T8585]  ? ___might_sleep+0x163/0x280
[  205.521434][ T8585]  ? __might_sleep+0x95/0x190
[  205.526141][ T8585]  ? debug_lockdep_rcu_enabled+0x71/0xa0
[  205.531801][ T8585]  ? aa_sk_perm+0x288/0x880
[  205.536326][ T8585]  ? lock_downgrade+0x880/0x880
[  205.541206][ T8585]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  205.546810][ T8585]  inet_sendmsg+0x147/0x5e0
[  205.551334][ T8585]  ? compat_raw_getsockopt+0x100/0x100
[  205.556818][ T8585]  ? inet_sendmsg+0x147/0x5e0
[  205.561725][ T8585]  ? ipip_gro_receive+0x100/0x100
[  205.566786][ T8585]  sock_sendmsg+0xdd/0x130
[  205.571257][ T8585]  __sys_sendto+0x262/0x380
[  205.575792][ T8585]  ? __ia32_sys_getpeername+0xb0/0xb0
[  205.581275][ T8585]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  205.587576][ T8585]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  205.593053][ T8585]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  205.598538][ T8585]  ? do_syscall_64+0x26/0x610
[  205.603260][ T8585]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  205.609346][ T8585]  __x64_sys_sendto+0xe1/0x1a0
[  205.614140][ T8585]  do_syscall_64+0x103/0x610
[  205.618736][ T8585]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  205.624636][ T8585] RIP: 0033:0x4582b9
[  205.628557][ T8585] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  205.648176][ T8585] RSP: 002b:00007f72b7dd1c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  205.656605][ T8585] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9
[  205.664580][ T8585] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[  205.672572][ T8585] RBP: 000000000073bf00 R08: 0000000020000d00 R09: 000000000000006e
[  205.680542][ T8585] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f72b7dd26d4
[  205.688549][ T8585] R13: 00000000004c5a1a R14: 00000000004d9dd0 R15: 00000000ffffffff
[  205.704678][ T8591] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8591
[  205.714452][ T8591] caller is sk_mc_loop+0x1d/0x210
[  205.719519][ T8591] CPU: 1 PID: 8591 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19
[  205.728539][ T8591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  205.738611][ T8591] Call Trace:
[  205.741925][ T8591]  dump_stack+0x172/0x1f0
[  205.746301][ T8591]  __this_cpu_preempt_check+0x246/0x270
[  205.751876][ T8591]  sk_mc_loop+0x1d/0x210
[  205.756137][ T8591]  ip_mc_output+0x2ef/0xf70
[  205.760660][ T8591]  ? __ip_queue_xmit+0x1bf0/0x1bf0
[  205.765797][ T8591]  ? __ip_make_skb+0xf15/0x1820
[  205.770674][ T8591]  ? ip_append_data.part.0+0x170/0x170
[  205.776166][ T8591]  ? dst_release+0x62/0xb0
[  205.781083][ T8591]  ? __ip_make_skb+0xf93/0x1820
[  205.785966][ T8591]  ip_local_out+0xc4/0x1b0
[  205.790404][ T8591]  ip_send_skb+0x42/0xf0
[  205.794688][ T8591]  ip_push_pending_frames+0x64/0x80
[  205.799914][ T8591]  raw_sendmsg+0x1e6d/0x2f20
[  205.804542][ T8591]  ? compat_raw_getsockopt+0x100/0x100
[  205.810028][ T8591]  ? tomoyo_check_inet_address+0x321/0x700
[  205.815862][ T8591]  ? __fget+0x35a/0x550
[  205.820059][ T8591]  ? ___might_sleep+0x163/0x280
[  205.824958][ T8591]  ? __might_sleep+0x95/0x190
[  205.829682][ T8591]  ? debug_lockdep_rcu_enabled+0x71/0xa0
[  205.835344][ T8591]  ? aa_sk_perm+0x288/0x880
[  205.839861][ T8591]  ? lock_downgrade+0x880/0x880
[  205.844743][ T8591]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  205.850325][ T8591]  inet_sendmsg+0x147/0x5e0
[  205.854927][ T8591]  ? compat_raw_getsockopt+0x100/0x100
[  205.860394][ T8591]  ? inet_sendmsg+0x147/0x5e0
[  205.865077][ T8591]  ? ipip_gro_receive+0x100/0x100
[  205.870116][ T8591]  sock_sendmsg+0xdd/0x130
[  205.874544][ T8591]  __sys_sendto+0x262/0x380
[  205.879059][ T8591]  ? __ia32_sys_getpeername+0xb0/0xb0
[  205.884924][ T8591]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  205.891202][ T8591]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  205.896681][ T8591]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  205.902169][ T8591]  ? do_syscall_64+0x26/0x610
[  205.906962][ T8591]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  205.913061][ T8591]  __x64_sys_sendto+0xe1/0x1a0
[  205.917862][ T8591]  do_syscall_64+0x103/0x610
[  205.922476][ T8591]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  205.928385][ T8591] RIP: 0033:0x4582b9
[  205.932296][ T8591] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  205.951934][ T8591] RSP: 002b:00007f72b7db0c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  205.960370][ T8591] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9
[  205.968361][ T8591] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[  205.976348][ T8591] RBP: 000000000073bfa0 R08: 0000000020000d00 R09: 000000000000006e
[  205.984817][ T8591] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f72b7db16d4
[  205.992893][ T8591] R13: 00000000004c5a1a R14: 00000000004d9dd0 R15: 00000000ffffffff
01:59:21 executing program 0:
futex(&(0x7f000000cffc)=0x100000000000004, 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x4, 0x1, 0x0, &(0x7f000044b000), 0x1)

01:59:21 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
bind(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="4b010fcec278548172c5c3113c6f22fdd4649afac5f93dc2fb3a"], 0x1)

01:59:21 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000080), 0xdc0f8a25)

01:59:21 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000080), 0xdc0f8a25)

01:59:21 executing program 4:
r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0)
pwrite64(r0, &(0x7f000003bfff)='/', 0x1, 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r0, 0x0)
symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00')
setxattr(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)=@known='user.syz\x00', 0x0, 0x0, 0x0)

01:59:21 executing program 5:
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0)
pread64(r0, 0x0, 0x0, 0x4b)

01:59:21 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000080), 0xdc0f8a25)

01:59:21 executing program 3:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x4, 0x1, 0x0, &(0x7f000044b000), 0x1)

01:59:21 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000080), 0xdc0f8a25)

01:59:21 executing program 5:
r0 = gettid()
setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
accept4$inet(r1, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x1c4)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0)
ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, 0x0)
ioctl$KDGKBMETA(0xffffffffffffffff, 0x4b62, 0x0)
ioctl$sock_inet_SIOCGIFNETMASK(0xffffffffffffffff, 0x891b, 0x0)
getuid()
write$P9_RREADLINK(0xffffffffffffffff, 0x0, 0x0)
tkill(r0, 0x16)

01:59:21 executing program 4:
r0 = gettid()
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
shutdown(0xffffffffffffffff, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0)
ioctl$sock_inet_tcp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0)
setitimer(0x0, 0x0, 0x0)
ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, 0x0)
setsockopt$netlink_NETLINK_PKTINFO(0xffffffffffffffff, 0x10e, 0x3, 0x0, 0x0)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, 0x0, 0x0, 0x0)
tkill(r0, 0x1000000000016)

01:59:21 executing program 0:
r0 = gettid()
setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608)
r2 = fcntl$dupfd(r1, 0x0, r1)
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x1c4)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, 0x0, 0x0)
setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
getuid()
ioctl$KDSIGACCEPT(0xffffffffffffffff, 0x4b4e, 0x0)
setsockopt$IP_VS_SO_SET_EDIT(r2, 0x0, 0x483, &(0x7f0000000280)={0x0, @remote, 0x0, 0x0, 'sed\x00'}, 0x2c)
tkill(r0, 0x16)

01:59:21 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000080), 0xdc0f8a25)

[  206.435774][ T8627] syz-executor.4 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
01:59:21 executing program 5:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = socket(0x1e, 0x1, 0x0)
getsockopt(r1, 0x800000010f, 0x81, &(0x7f00004ad000), &(0x7f0000a3c000)=0xfffffffffffffc40)

01:59:21 executing program 3:
r0 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r0, &(0x7f0000000340)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
listen(r0, 0x4)
r2 = socket$inet6(0xa, 0x6, 0x0)
ioctl$int_in(r2, 0x5452, &(0x7f0000000000)=0x10000)
connect$inet6(r2, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)

01:59:21 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000080), 0xdc0f8a25)

01:59:21 executing program 0:
syz_mount_image$ext4(&(0x7f00000003c0)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)

01:59:21 executing program 4:
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
stat(0x0, 0x0)
close(r0)
ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
read$eventfd(0xffffffffffffffff, 0x0, 0x0)
fstat(0xffffffffffffffff, 0x0)
setsockopt$IP_VS_SO_SET_DELDEST(0xffffffffffffffff, 0x0, 0x488, 0x0, 0x0)
setsockopt$inet_group_source_req(r0, 0x0, 0x0, 0x0, 0x0)

01:59:21 executing program 2:
r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25)

01:59:22 executing program 5:
r0 = getpid()
sched_setattr(r0, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
splice(r3, 0x0, r1, 0x0, 0x400000a77, 0x0)
write$binfmt_elf64(r4, &(0x7f00000000c0)=ANY=[@ANYRESHEX=0x0], 0xe681f134)
close(r2)

[  206.685766][ T8649] EXT4-fs (loop0): VFS: Can't find ext4 filesystem
[  206.702087][ T8648] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8648
[  206.712275][ T8648] caller is ip6_finish_output+0x335/0xdc0
[  206.718026][ T8648] CPU: 1 PID: 8648 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19
01:59:22 executing program 4:
unshare(0x20400)
r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0)
r1 = dup(r0)
ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000100))

01:59:22 executing program 1:
syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25)

01:59:22 executing program 2:
r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25)

[  206.727064][ T8648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  206.737138][ T8648] Call Trace:
[  206.740459][ T8648]  dump_stack+0x172/0x1f0
[  206.744813][ T8648]  __this_cpu_preempt_check+0x246/0x270
[  206.750382][ T8648]  ip6_finish_output+0x335/0xdc0
[  206.755345][ T8648]  ip6_output+0x235/0x7f0
[  206.759699][ T8648]  ? ip6_finish_output+0xdc0/0xdc0
[  206.764843][ T8648]  ? ip6_fragment+0x3980/0x3980
[  206.769735][ T8648]  ip6_xmit+0xe41/0x20c0
[  206.774016][ T8648]  ? ip6_finish_output2+0x2550/0x2550
[  206.779408][ T8648]  ? mark_held_locks+0xf0/0xf0
[  206.784196][ T8648]  ? ip6_setup_cork+0x1870/0x1870
[  206.789241][ T8648]  inet6_csk_xmit+0x2fb/0x5d0
[  206.793929][ T8648]  ? inet6_csk_update_pmtu+0x190/0x190
[  206.799417][ T8648]  ? dccp_v6_send_check+0x2a0/0x3e0
[  206.804675][ T8648]  dccp_transmit_skb+0xca5/0x12c0
[  206.809805][ T8648]  dccp_connect+0x31d/0x620
[  206.814335][ T8648]  dccp_v6_connect+0xdaa/0x1990
[  206.819313][ T8648]  ? dccp_v6_init_sock+0xa0/0xa0
[  206.824313][ T8648]  __inet_stream_connect+0x83f/0xea0
[  206.829612][ T8648]  ? dccp_v6_init_sock+0xa0/0xa0
[  206.834582][ T8648]  ? __inet_stream_connect+0x83f/0xea0
[  206.840063][ T8648]  ? mark_held_locks+0xa4/0xf0
[  206.844837][ T8648]  ? inet_dgram_connect+0x2e0/0x2e0
[  206.850041][ T8648]  ? lock_sock_nested+0x9a/0x120
[  206.854999][ T8648]  ? trace_hardirqs_on+0x67/0x230
[  206.860063][ T8648]  ? lock_sock_nested+0x9a/0x120
[  206.865013][ T8648]  ? __local_bh_enable_ip+0x15a/0x270
[  206.870450][ T8648]  inet_stream_connect+0x58/0xa0
[  206.875417][ T8648]  __sys_connect+0x266/0x330
[  206.880027][ T8648]  ? __ia32_sys_accept+0xb0/0xb0
[  206.884969][ T8648]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  206.891209][ T8648]  ? put_timespec64+0xda/0x140
[  206.896021][ T8648]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  206.901487][ T8648]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  206.906956][ T8648]  ? do_syscall_64+0x26/0x610
[  206.911628][ T8648]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  206.917687][ T8648]  ? do_syscall_64+0x26/0x610
[  206.922388][ T8648]  __x64_sys_connect+0x73/0xb0
[  206.927183][ T8648]  do_syscall_64+0x103/0x610
[  206.931778][ T8648]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  206.937678][ T8648] RIP: 0033:0x4582b9
[  206.941580][ T8648] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  206.961186][ T8648] RSP: 002b:00007fabff3f9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  206.969734][ T8648] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9
[  206.977738][ T8648] RDX: 000000000000001c RSI: 0000000020419000 RDI: 0000000000000005
[  206.985992][ T8648] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  206.994008][ T8648] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fabff3fa6d4
[  207.001983][ T8648] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff
[  207.024801][ T8648] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8648
[  207.034343][ T8648] caller is ip6_finish_output+0x335/0xdc0
[  207.040093][ T8648] CPU: 1 PID: 8648 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19
[  207.049107][ T8648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  207.059161][ T8648] Call Trace:
[  207.062458][ T8648]  dump_stack+0x172/0x1f0
[  207.066801][ T8648]  __this_cpu_preempt_check+0x246/0x270
[  207.072357][ T8648]  ip6_finish_output+0x335/0xdc0
[  207.077331][ T8648]  ip6_output+0x235/0x7f0
[  207.081672][ T8648]  ? ip6_finish_output+0xdc0/0xdc0
[  207.086807][ T8648]  ? ip6_fragment+0x3980/0x3980
[  207.091672][ T8648]  ip6_xmit+0xe41/0x20c0
[  207.095919][ T8648]  ? ip6_finish_output2+0x2550/0x2550
[  207.101310][ T8648]  ? mark_held_locks+0xf0/0xf0
[  207.106102][ T8648]  ? ip6_setup_cork+0x1870/0x1870
[  207.111136][ T8648]  ? inet6_csk_route_socket+0x715/0xf40
[  207.116715][ T8648]  inet6_csk_xmit+0x2fb/0x5d0
[  207.121418][ T8648]  ? inet6_csk_update_pmtu+0x190/0x190
[  207.126877][ T8648]  ? dccp_v6_send_check+0x2a0/0x3e0
[  207.132067][ T8648]  dccp_transmit_skb+0xca5/0x12c0
[  207.137089][ T8648]  dccp_send_ack+0x1d7/0x360
[  207.141694][ T8648]  dccp_rcv_state_process+0x1376/0x1935
[  207.147244][ T8648]  dccp_v6_do_rcv+0x269/0xbf0
[  207.151943][ T8648]  __release_sock+0x12e/0x3a0
[  207.156646][ T8648]  release_sock+0x59/0x1c0
[  207.161080][ T8648]  __inet_stream_connect+0x59f/0xea0
[  207.166472][ T8648]  ? inet_dgram_connect+0x2e0/0x2e0
[  207.171700][ T8648]  ? lock_sock_nested+0x9a/0x120
[  207.176750][ T8648]  ? do_wait_intr_irq+0x2b0/0x2b0
[  207.181812][ T8648]  ? __local_bh_enable_ip+0x15a/0x270
[  207.187202][ T8648]  inet_stream_connect+0x58/0xa0
[  207.192148][ T8648]  __sys_connect+0x266/0x330
[  207.196741][ T8648]  ? __ia32_sys_accept+0xb0/0xb0
[  207.201671][ T8648]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  207.207905][ T8648]  ? put_timespec64+0xda/0x140
[  207.212684][ T8648]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  207.218163][ T8648]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  207.223620][ T8648]  ? do_syscall_64+0x26/0x610
[  207.228316][ T8648]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  207.234394][ T8648]  ? do_syscall_64+0x26/0x610
[  207.239088][ T8648]  __x64_sys_connect+0x73/0xb0
[  207.243851][ T8648]  do_syscall_64+0x103/0x610
[  207.248441][ T8648]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  207.254335][ T8648] RIP: 0033:0x4582b9
[  207.258275][ T8648] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  207.286737][ T8648] RSP: 002b:00007fabff3f9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  207.295170][ T8648] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9
[  207.303201][ T8648] RDX: 000000000000001c RSI: 0000000020419000 RDI: 0000000000000005
[  207.311293][ T8648] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  207.319367][ T8648] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fabff3fa6d4
[  207.327447][ T8648] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff
[  207.383597][ T8649] EXT4-fs (loop0): VFS: Can't find ext4 filesystem
[  207.397856][ T8648] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8648
[  207.407862][ T8648] caller is ip6_finish_output+0x335/0xdc0
[  207.407904][ T8648] CPU: 1 PID: 8648 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19
[  207.407915][ T8648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  207.407920][ T8648] Call Trace:
[  207.407946][ T8648]  dump_stack+0x172/0x1f0
[  207.407988][ T8648]  __this_cpu_preempt_check+0x246/0x270
[  207.446176][ T8648]  ip6_finish_output+0x335/0xdc0
[  207.446200][ T8648]  ip6_output+0x235/0x7f0
[  207.446219][ T8648]  ? ip6_finish_output+0xdc0/0xdc0
[  207.446248][ T8648]  ? ip6_fragment+0x3980/0x3980
[  207.465585][ T8648]  ip6_xmit+0xe41/0x20c0
01:59:22 executing program 3:
r0 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r0, &(0x7f0000000340)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
listen(r0, 0x4)
r2 = socket$inet6(0xa, 0x6, 0x0)
ioctl$int_in(r2, 0x5452, &(0x7f0000000000)=0x10000)
connect$inet6(r2, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)

01:59:22 executing program 0:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000f3eff0)=[@in={0x2, 0x0, @local={0xac, 0x2c0, 0xffffffffffffffff}}]}, &(0x7f00000001c0)=0x6ac)
shutdown(r0, 0x2000000000000002)
getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000200)={0x0, @in={{0x2, 0x0, @remote}}}, 0x0)

01:59:22 executing program 4:
unshare(0x20400)
r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0)
r1 = dup(r0)
ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000100))

[  207.465612][ T8648]  ? ip6_finish_output2+0x2550/0x2550
[  207.465629][ T8648]  ? mark_held_locks+0xf0/0xf0
[  207.465645][ T8648]  ? ip6_setup_cork+0x1870/0x1870
01:59:22 executing program 5:
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000080)={0x0, @in={{0x2, 0x0, @empty}}}, 0x0)

[  207.465671][ T8648]  inet6_csk_xmit+0x2fb/0x5d0
[  207.465687][ T8648]  ? inet6_csk_update_pmtu+0x190/0x190
[  207.465728][ T8648]  ? dccp_v6_send_check+0x2a0/0x3e0
[  207.465747][ T8648]  dccp_transmit_skb+0xca5/0x12c0
[  207.465766][ T8648]  dccp_connect+0x31d/0x620
[  207.465785][ T8648]  dccp_v6_connect+0xdaa/0x1990
[  207.465807][ T8648]  ? dccp_v6_init_sock+0xa0/0xa0
[  207.465844][ T8648]  __inet_stream_connect+0x83f/0xea0
[  207.465860][ T8648]  ? dccp_v6_init_sock+0xa0/0xa0
01:59:23 executing program 5:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070")
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r1, &(0x7f0000000300)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r1, 0x0, 0x7f, 0x400200007fe, &(0x7f0000000080)={0x2, 0x10084e23, @local}, 0x10)
write$binfmt_elf64(r1, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0x120001644)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='yeah\x00', 0x5)
recvmsg(r1, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x7ffff000}], 0x1, &(0x7f0000000200)=""/20, 0xc2b}, 0x0)

[  207.465876][ T8648]  ? __inet_stream_connect+0x83f/0xea0
[  207.465891][ T8648]  ? mark_held_locks+0xa4/0xf0
[  207.465911][ T8648]  ? inet_dgram_connect+0x2e0/0x2e0
[  207.465927][ T8648]  ? lock_sock_nested+0x9a/0x120
[  207.465942][ T8648]  ? trace_hardirqs_on+0x67/0x230
[  207.465969][ T8648]  ? lock_sock_nested+0x9a/0x120
[  207.465986][ T8648]  ? __local_bh_enable_ip+0x15a/0x270
[  207.466008][ T8648]  inet_stream_connect+0x58/0xa0
[  207.466030][ T8648]  __sys_connect+0x266/0x330
[  207.466047][ T8648]  ? __ia32_sys_accept+0xb0/0xb0
[  207.466063][ T8648]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  207.466077][ T8648]  ? put_timespec64+0xda/0x140
[  207.466105][ T8648]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  207.466121][ T8648]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  207.466138][ T8648]  ? do_syscall_64+0x26/0x610
[  207.466154][ T8648]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  207.466168][ T8648]  ? do_syscall_64+0x26/0x610
[  207.466189][ T8648]  __x64_sys_connect+0x73/0xb0
[  207.466206][ T8648]  do_syscall_64+0x103/0x610
[  207.466223][ T8648]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
01:59:23 executing program 0:
socket$inet_udplite(0x2, 0x2, 0x88)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fe, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
r1 = dup2(r0, 0xffffffffffffffff)
sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB], 0x1}}, 0x44801)
sendmsg$FOU_CMD_DEL(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000800)=ANY=[])
r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uhid\x00', 0x2, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, 0x0, 0x0)
write$UHID_CREATE(r3, &(0x7f0000001080)={0x0, 'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f00000000c0)=""/11, 0xb}, 0x120)
read(r3, &(0x7f0000000a40)=""/169, 0xffffffffffffff48)
recvmmsg(0xffffffffffffffff, &(0x7f0000000940)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=""/136, 0x88}, 0xbf}, {{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000540)=""/17, 0x11}, {&(0x7f0000000580)=""/225, 0xe1}, {&(0x7f0000000780)=""/17, 0x11}, {&(0x7f00000007c0)=""/4, 0x4}, {&(0x7f0000000800)}], 0x5, &(0x7f00000008c0)=""/91, 0x5b}, 0x3}], 0x2, 0x40, &(0x7f00000009c0))
r4 = accept4(r2, 0x0, &(0x7f0000000100), 0x0)
getsockopt$bt_BT_CHANNEL_POLICY(r4, 0x112, 0xa, &(0x7f0000000800)=0x9, &(0x7f0000000a00)=0x4)
getsockopt$TIPC_IMPORTANCE(r4, 0x10f, 0x7f, &(0x7f0000000140), &(0x7f0000000180)=0x4)
dup2(r2, r3)
perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
ioctl$KVM_GET_VCPU_EVENTS(0xffffffffffffffff, 0x8040ae9f, &(0x7f0000000040))

[  207.466236][ T8648] RIP: 0033:0x4582b9
[  207.466252][ T8648] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  207.466260][ T8648] RSP: 002b:00007fabff3f9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  207.466275][ T8648] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9
[  207.466283][ T8648] RDX: 000000000000001c RSI: 0000000020419000 RDI: 0000000000000008
01:59:23 executing program 2:
r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25)

[  207.466292][ T8648] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  207.466302][ T8648] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fabff3fa6d4
[  207.466310][ T8648] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff
[  207.639144][ T8682] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8682
[  207.639179][ T8682] caller is ip6_finish_output+0x335/0xdc0
[  207.639201][ T8682] CPU: 0 PID: 8682 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19
[  207.639224][ T8682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  207.639230][ T8682] Call Trace:
[  207.639264][ T8682]  dump_stack+0x172/0x1f0
[  207.639292][ T8682]  __this_cpu_preempt_check+0x246/0x270
[  207.639312][ T8682]  ip6_finish_output+0x335/0xdc0
[  207.639347][ T8682]  ip6_output+0x235/0x7f0
[  207.639374][ T8682]  ? ip6_finish_output+0xdc0/0xdc0
[  207.639400][ T8682]  ? ip6_fragment+0x3980/0x3980
[  207.639432][ T8682]  ip6_xmit+0xe41/0x20c0
[  207.639459][ T8682]  ? ip6_finish_output2+0x2550/0x2550
[  207.639480][ T8682]  ? mark_held_locks+0xf0/0xf0
[  207.639501][ T8682]  ? ip6_setup_cork+0x1870/0x1870
[  207.639539][ T8682]  inet6_csk_xmit+0x2fb/0x5d0
[  207.639571][ T8682]  ? inet6_csk_update_pmtu+0x190/0x190
[  207.639604][ T8682]  ? dccp_v6_send_check+0x2a0/0x3e0
[  207.639636][ T8682]  dccp_transmit_skb+0xca5/0x12c0
[  207.639659][ T8682]  dccp_connect+0x31d/0x620
[  207.639680][ T8682]  dccp_v6_connect+0xdaa/0x1990
[  207.639706][ T8682]  ? dccp_v6_init_sock+0xa0/0xa0
[  207.639752][ T8682]  __inet_stream_connect+0x83f/0xea0
[  207.639769][ T8682]  ? dccp_v6_init_sock+0xa0/0xa0
[  207.639791][ T8682]  ? __inet_stream_connect+0x83f/0xea0
[  207.639809][ T8682]  ? mark_held_locks+0xa4/0xf0
[  207.639832][ T8682]  ? inet_dgram_connect+0x2e0/0x2e0
[  207.639851][ T8682]  ? lock_sock_nested+0x9a/0x120
[  207.639871][ T8682]  ? trace_hardirqs_on+0x67/0x230
[  207.639888][ T8682]  ? lock_sock_nested+0x9a/0x120
[  207.639909][ T8682]  ? __local_bh_enable_ip+0x15a/0x270
[  207.639936][ T8682]  inet_stream_connect+0x58/0xa0
[  207.639973][ T8682]  __sys_connect+0x266/0x330
[  207.639994][ T8682]  ? __ia32_sys_accept+0xb0/0xb0
[  207.640011][ T8682]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  207.640026][ T8682]  ? put_timespec64+0xda/0x140
[  207.640058][ T8682]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  207.640074][ T8682]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  207.640088][ T8682]  ? do_syscall_64+0x26/0x610
[  207.640103][ T8682]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  207.640120][ T8682]  ? do_syscall_64+0x26/0x610
[  207.640142][ T8682]  __x64_sys_connect+0x73/0xb0
[  207.640161][ T8682]  do_syscall_64+0x103/0x610
[  207.640183][ T8682]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  207.640196][ T8682] RIP: 0033:0x4582b9
[  207.640221][ T8682] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  207.640231][ T8682] RSP: 002b:00007fabff3f9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  207.640246][ T8682] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9
[  207.640257][ T8682] RDX: 000000000000001c RSI: 0000000020419000 RDI: 0000000000000005
[  207.640266][ T8682] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  207.640277][ T8682] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fabff3fa6d4
[  207.640287][ T8682] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff
[  207.671512][ T8682] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8682
[  207.705461][ T8682] caller is ip6_finish_output+0x335/0xdc0
[  207.705480][ T8682] CPU: 1 PID: 8682 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19
[  207.705489][ T8682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  207.705495][ T8682] Call Trace:
[  207.705517][ T8682]  dump_stack+0x172/0x1f0
[  207.705543][ T8682]  __this_cpu_preempt_check+0x246/0x270
[  207.798518][ T8682]  ip6_finish_output+0x335/0xdc0
[  207.847288][ T8682]  ip6_output+0x235/0x7f0
[  207.895294][ T8682]  ? ip6_finish_output+0xdc0/0xdc0
[  207.895317][ T8682]  ? ip6_fragment+0x3980/0x3980
[  207.895340][ T8682]  ip6_xmit+0xe41/0x20c0
[  207.895366][ T8682]  ? ip6_finish_output2+0x2550/0x2550
[  207.895383][ T8682]  ? mark_held_locks+0xf0/0xf0
[  207.895401][ T8682]  ? ip6_setup_cork+0x1870/0x1870
[  207.895417][ T8682]  ? inet6_csk_route_socket+0x715/0xf40
[  207.895455][ T8682]  inet6_csk_xmit+0x2fb/0x5d0
[  207.947938][ T8682]  ? inet6_csk_update_pmtu+0x190/0x190
[  207.947980][ T8682]  ? dccp_v6_send_check+0x2a0/0x3e0
[  207.948000][ T8682]  dccp_transmit_skb+0xca5/0x12c0
[  207.948022][ T8682]  dccp_send_ack+0x1d7/0x360
[  207.948044][ T8682]  dccp_rcv_state_process+0x1376/0x1935
[  207.948064][ T8682]  dccp_v6_do_rcv+0x269/0xbf0
[  207.948089][ T8682]  __release_sock+0x12e/0x3a0
[  208.311666][ T8682]  release_sock+0x59/0x1c0
[  208.311689][ T8682]  __inet_stream_connect+0x59f/0xea0
[  208.311720][ T8682]  ? inet_dgram_connect+0x2e0/0x2e0
[  208.311735][ T8682]  ? lock_sock_nested+0x9a/0x120
[  208.311752][ T8682]  ? do_wait_intr_irq+0x2b0/0x2b0
[  208.311771][ T8682]  ? __local_bh_enable_ip+0x15a/0x270
[  208.311797][ T8682]  inet_stream_connect+0x58/0xa0
[  208.347388][ T8682]  __sys_connect+0x266/0x330
01:59:23 executing program 2:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25)

[  208.347413][ T8682]  ? __ia32_sys_accept+0xb0/0xb0
[  208.356944][ T8682]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  208.363231][ T8682]  ? put_timespec64+0xda/0x140
[  208.368013][ T8682]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  208.373499][ T8682]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  208.379483][ T8682]  ? do_syscall_64+0x26/0x610
[  208.384168][ T8682]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  208.390241][ T8682]  ? do_syscall_64+0x26/0x610
[  208.394934][ T8682]  __x64_sys_connect+0x73/0xb0
[  208.399723][ T8682]  do_syscall_64+0x103/0x610
[  208.399747][ T8682]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  208.399759][ T8682] RIP: 0033:0x4582b9
[  208.399775][ T8682] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  208.399783][ T8682] RSP: 002b:00007fabff3f9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  208.410256][ T8682] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9
01:59:23 executing program 4:
unshare(0x20400)
r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0)
r1 = dup(r0)
ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000100))

01:59:23 executing program 2:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25)

[  208.410266][ T8682] RDX: 000000000000001c RSI: 0000000020419000 RDI: 0000000000000005
[  208.410275][ T8682] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  208.410284][ T8682] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fabff3fa6d4
[  208.410293][ T8682] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff
01:59:23 executing program 1:
syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25)

01:59:23 executing program 3:
r0 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r0, &(0x7f0000000340)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
listen(r0, 0x4)
r2 = socket$inet6(0xa, 0x6, 0x0)
ioctl$int_in(r2, 0x5452, &(0x7f0000000000)=0x10000)
connect$inet6(r2, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)

01:59:23 executing program 4:
unshare(0x20400)
r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0)
r1 = dup(r0)
ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000100))

01:59:23 executing program 5:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070")
pipe(&(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e)
close(r2)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4)
connect$inet6(r3, &(0x7f0000000140), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000100), 0x28)
splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0)
connect$unix(r2, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e)
sendmsg$TIPC_CMD_DISABLE_BEARER(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, 0x0, 0x0, 0x0, 0x0, {{}, 0x0, 0x4102, 0x0, {0x10, 0x13, @udp='udp:syz0\x00'}}}, 0x2c}}, 0x8000)

01:59:23 executing program 2:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25)

01:59:23 executing program 1:
syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25)

01:59:24 executing program 4:
unshare(0x20400)
r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0)
dup(r0)

[  208.661152][   T22] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  208.668633][   T22] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  208.714147][   T22] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  208.745169][   T22] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  208.769975][   T22] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  208.788294][   T22] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  208.814788][ T8729] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8729
[  208.824332][ T8729] caller is ip6_finish_output+0x335/0xdc0
[  208.824354][ T8729] CPU: 0 PID: 8729 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19
[  208.824363][ T8729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  208.824379][ T8729] Call Trace:
[  208.837859][   T22] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  208.839147][ T8729]  dump_stack+0x172/0x1f0
[  208.839174][ T8729]  __this_cpu_preempt_check+0x246/0x270
[  208.839205][ T8729]  ip6_finish_output+0x335/0xdc0
[  208.869795][ T8729]  ip6_output+0x235/0x7f0
[  208.869816][ T8729]  ? ip6_finish_output+0xdc0/0xdc0
[  208.869838][ T8729]  ? ip6_fragment+0x3980/0x3980
[  208.869860][ T8729]  ip6_xmit+0xe41/0x20c0
[  208.869884][ T8729]  ? ip6_finish_output2+0x2550/0x2550
[  208.885305][   T22] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  208.889095][ T8729]  ? mark_held_locks+0xf0/0xf0
[  208.889121][ T8729]  ? ip6_setup_cork+0x1870/0x1870
[  208.889157][ T8729]  inet6_csk_xmit+0x2fb/0x5d0
[  208.889177][ T8729]  ? inet6_csk_update_pmtu+0x190/0x190
[  208.914508][   T22] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  208.915912][ T8729]  ? dccp_v6_send_check+0x2a0/0x3e0
[  208.915934][ T8729]  dccp_transmit_skb+0xca5/0x12c0
[  208.915967][ T8729]  dccp_connect+0x31d/0x620
[  208.915988][ T8729]  dccp_v6_connect+0xdaa/0x1990
[  208.953555][ T8729]  ? dccp_v6_init_sock+0xa0/0xa0
[  208.954611][   T22] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  208.958525][ T8729]  __inet_stream_connect+0x83f/0xea0
[  208.958544][ T8729]  ? dccp_v6_init_sock+0xa0/0xa0
[  208.958560][ T8729]  ? __inet_stream_connect+0x83f/0xea0
[  208.958578][ T8729]  ? mark_held_locks+0xa4/0xf0
[  208.958599][ T8729]  ? inet_dgram_connect+0x2e0/0x2e0
[  208.991633][ T8729]  ? lock_sock_nested+0x9a/0x120
[  208.996593][ T8729]  ? trace_hardirqs_on+0x67/0x230
[  209.001640][ T8729]  ? lock_sock_nested+0x9a/0x120
[  209.006599][ T8729]  ? __local_bh_enable_ip+0x15a/0x270
[  209.011999][ T8729]  inet_stream_connect+0x58/0xa0
[  209.016971][ T8729]  __sys_connect+0x266/0x330
[  209.021587][ T8729]  ? __ia32_sys_accept+0xb0/0xb0
[  209.026550][ T8729]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  209.028796][   T22] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  209.032814][ T8729]  ? put_timespec64+0xda/0x140
[  209.032844][ T8729]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  209.032860][ T8729]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  209.032875][ T8729]  ? do_syscall_64+0x26/0x610
[  209.032891][ T8729]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  209.032902][ T8729]  ? do_syscall_64+0x26/0x610
[  209.032925][ T8729]  __x64_sys_connect+0x73/0xb0
[  209.032941][ T8729]  do_syscall_64+0x103/0x610
[  209.032967][ T8729]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  209.032979][ T8729] RIP: 0033:0x4582b9
[  209.032994][ T8729] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  209.033011][ T8729] RSP: 002b:00007fabff3d8c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  209.110178][ T8729] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9
[  209.110187][ T8729] RDX: 000000000000001c RSI: 0000000020419000 RDI: 0000000000000004
[  209.110194][ T8729] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[  209.110201][ T8729] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fabff3d96d4
[  209.110215][ T8729] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff
[  209.269172][   T22] hid-generic 0000:0000:0000.0004: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz1
01:59:24 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000280)="0adc1f123c12a41d88b070")
r1 = socket$inet(0x2, 0x3, 0x19)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x23, &(0x7f0000000000)={{{@in=@multicast2, @in=@multicast1}}, {{@in6}, 0x0, @in6=@loopback}}, 0xe8)
setsockopt$sock_linger(r1, 0x1, 0x23, &(0x7f0000000100)={0x1}, 0x8)

01:59:24 executing program 1:
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25)

01:59:24 executing program 2:
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25)

01:59:24 executing program 4:
unshare(0x20400)
syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0)

01:59:24 executing program 3:
r0 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r0, &(0x7f0000000340)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
listen(r0, 0x4)
r2 = socket$inet6(0xa, 0x6, 0x0)
ioctl$int_in(r2, 0x5452, &(0x7f0000000000)=0x10000)
connect$inet6(r2, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)

01:59:24 executing program 5:
bind$isdn_base(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'rmd128\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f00000004c0), 0x49249249249274a, 0x0)

[  209.427102][ T8751] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8751
[  209.436553][ T8751] caller is ip6_finish_output+0x335/0xdc0
[  209.436580][ T8751] CPU: 0 PID: 8751 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19
[  209.451374][ T8751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  209.451381][ T8751] Call Trace:
[  209.451412][ T8751]  dump_stack+0x172/0x1f0
[  209.451438][ T8751]  __this_cpu_preempt_check+0x246/0x270
01:59:24 executing program 2:
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25)

[  209.451459][ T8751]  ip6_finish_output+0x335/0xdc0
[  209.451481][ T8751]  ip6_output+0x235/0x7f0
[  209.451501][ T8751]  ? ip6_finish_output+0xdc0/0xdc0
[  209.451521][ T8751]  ? ip6_fragment+0x3980/0x3980
[  209.451545][ T8751]  ip6_xmit+0xe41/0x20c0
[  209.451572][ T8751]  ? ip6_finish_output2+0x2550/0x2550
[  209.451589][ T8751]  ? mark_held_locks+0xf0/0xf0
[  209.451609][ T8751]  ? ip6_setup_cork+0x1870/0x1870
[  209.451645][ T8751]  inet6_csk_xmit+0x2fb/0x5d0
[  209.451662][ T8751]  ? inet6_csk_update_pmtu+0x190/0x190
[  209.451692][ T8751]  ? dccp_v6_send_check+0x2a0/0x3e0
[  209.451712][ T8751]  dccp_transmit_skb+0xca5/0x12c0
[  209.451733][ T8751]  dccp_connect+0x31d/0x620
[  209.451752][ T8751]  dccp_v6_connect+0xdaa/0x1990
[  209.451775][ T8751]  ? dccp_v6_init_sock+0xa0/0xa0
[  209.451815][ T8751]  __inet_stream_connect+0x83f/0xea0
[  209.451830][ T8751]  ? dccp_v6_init_sock+0xa0/0xa0
[  209.451845][ T8751]  ? __inet_stream_connect+0x83f/0xea0
[  209.451861][ T8751]  ? mark_held_locks+0xa4/0xf0
[  209.451882][ T8751]  ? inet_dgram_connect+0x2e0/0x2e0
[  209.451898][ T8751]  ? lock_sock_nested+0x9a/0x120
[  209.451914][ T8751]  ? trace_hardirqs_on+0x67/0x230
[  209.451928][ T8751]  ? lock_sock_nested+0x9a/0x120
[  209.451946][ T8751]  ? __local_bh_enable_ip+0x15a/0x270
[  209.451978][ T8751]  inet_stream_connect+0x58/0xa0
[  209.451997][ T8751]  __sys_connect+0x266/0x330
[  209.452014][ T8751]  ? __ia32_sys_accept+0xb0/0xb0
[  209.452029][ T8751]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  209.452044][ T8751]  ? put_timespec64+0xda/0x140
[  209.452072][ T8751]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  209.452087][ T8751]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  209.452102][ T8751]  ? do_syscall_64+0x26/0x610
[  209.452118][ T8751]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  209.452132][ T8751]  ? do_syscall_64+0x26/0x610
[  209.452153][ T8751]  __x64_sys_connect+0x73/0xb0
[  209.452170][ T8751]  do_syscall_64+0x103/0x610
[  209.452188][ T8751]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  209.452201][ T8751] RIP: 0033:0x4582b9
01:59:25 executing program 5:
mknod(&(0x7f0000000100)='./bus\x00', 0x810c, 0x46485d43)
open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0)
syz_extract_tcp_res(0x0, 0x0, 0x0)

01:59:25 executing program 4:
unshare(0x20400)

01:59:25 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
getrandom(0x0, 0xfffffe84, 0x0)
getpeername(r0, &(0x7f0000000000)=@pppol2tpin6={0x18, 0x1, {0x0, <r2=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, &(0x7f0000000080)=0x3007faa8)
prctl$PR_SET_SECUREBITS(0x1c, 0x0)
dup2(r1, r2)
pipe2(0x0, 0x0)
ioctl$sock_TIOCOUTQ(r2, 0x5411, &(0x7f00000000c0))

[  209.452225][ T8751] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  209.452233][ T8751] RSP: 002b:00007fabff3f9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  209.475512][ T8751] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9
[  209.514125][ T8751] RDX: 000000000000001c RSI: 0000000020419000 RDI: 0000000000000005
[  209.709849][ T8751] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
01:59:25 executing program 4:
unshare(0x0)

[  209.709858][ T8751] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fabff3fa6d4
[  209.709877][ T8751] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff
01:59:25 executing program 3:
r0 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r0, &(0x7f0000000340)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
listen(r0, 0x4)
r2 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(r2, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)

[  209.749707][ T8751] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8751
[  209.749735][ T8751] caller is ip6_finish_output+0x335/0xdc0
01:59:25 executing program 5:
r0 = openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/attr/current\x00', 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x800000000009031, r0, 0x0)
memfd_create(0x0, 0x0)
ioctl$VIDIOC_ENUMOUTPUT(0xffffffffffffffff, 0xc0485630, &(0x7f0000000040)={0x80000001, "0e369ff9421890bc5962293a2cc1cf05b4979e7fe2288d2844a9a0f8f1189c53", 0x0, 0x0, 0x1})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f00000004c0)={0xff, 0x0, 'client1\x00', 0xffffffff80000000, "8e1dab5396394d11", "caa7cbc0620746d197359dc07eff020622786bb0c1b92a1f8f4bc7db00b46f86", 0x100, 0x1})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000400)='/dev/nullb0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x13, r1, 0x0)

[  209.749751][ T8751] CPU: 0 PID: 8751 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19
[  209.749758][ T8751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  209.749763][ T8751] Call Trace:
[  209.749784][ T8751]  dump_stack+0x172/0x1f0
[  209.749807][ T8751]  __this_cpu_preempt_check+0x246/0x270
[  209.749824][ T8751]  ip6_finish_output+0x335/0xdc0
[  209.749843][ T8751]  ip6_output+0x235/0x7f0
[  209.749859][ T8751]  ? ip6_finish_output+0xdc0/0xdc0
[  209.749879][ T8751]  ? ip6_fragment+0x3980/0x3980
[  209.749902][ T8751]  ip6_xmit+0xe41/0x20c0
[  209.749923][ T8751]  ? ip6_finish_output2+0x2550/0x2550
[  209.749940][ T8751]  ? mark_held_locks+0xf0/0xf0
[  209.749973][ T8751]  ? ip6_setup_cork+0x1870/0x1870
[  209.749993][ T8751]  ? inet6_csk_route_socket+0x715/0xf40
[  209.750019][ T8751]  inet6_csk_xmit+0x2fb/0x5d0
[  209.750034][ T8751]  ? inet6_csk_update_pmtu+0x190/0x190
[  209.750063][ T8751]  ? dccp_v6_send_check+0x2a0/0x3e0
[  209.750082][ T8751]  dccp_transmit_skb+0xca5/0x12c0
[  209.750102][ T8751]  dccp_send_ack+0x1d7/0x360
[  209.750122][ T8751]  dccp_rcv_state_process+0x1376/0x1935
[  209.750142][ T8751]  dccp_v6_do_rcv+0x269/0xbf0
[  209.750165][ T8751]  __release_sock+0x12e/0x3a0
[  209.750193][ T8751]  release_sock+0x59/0x1c0
[  209.750217][ T8751]  __inet_stream_connect+0x59f/0xea0
[  209.750240][ T8751]  ? inet_dgram_connect+0x2e0/0x2e0
[  209.750254][ T8751]  ? lock_sock_nested+0x9a/0x120
[  209.750269][ T8751]  ? do_wait_intr_irq+0x2b0/0x2b0
[  209.750287][ T8751]  ? __local_bh_enable_ip+0x15a/0x270
[  209.750308][ T8751]  inet_stream_connect+0x58/0xa0
[  209.750329][ T8751]  __sys_connect+0x266/0x330
[  209.750345][ T8751]  ? __ia32_sys_accept+0xb0/0xb0
[  209.750359][ T8751]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  209.750374][ T8751]  ? put_timespec64+0xda/0x140
[  209.750401][ T8751]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  209.750415][ T8751]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  209.750430][ T8751]  ? do_syscall_64+0x26/0x610
[  209.750444][ T8751]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  209.750456][ T8751]  ? do_syscall_64+0x26/0x610
[  209.750474][ T8751]  __x64_sys_connect+0x73/0xb0
[  209.750491][ T8751]  do_syscall_64+0x103/0x610
[  209.750509][ T8751]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  209.750520][ T8751] RIP: 0033:0x4582b9
[  209.750536][ T8751] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  209.750544][ T8751] RSP: 002b:00007fabff3f9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  209.750559][ T8751] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9
[  209.750568][ T8751] RDX: 000000000000001c RSI: 0000000020419000 RDI: 0000000000000005
01:59:25 executing program 1:
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25)

01:59:25 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
listen(r0, 0x5)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)

01:59:25 executing program 4:
unshare(0x0)

01:59:25 executing program 3:
r0 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r0, &(0x7f0000000340)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
listen(r0, 0x4)
connect$inet6(0xffffffffffffffff, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)

01:59:25 executing program 2:
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25)

[  209.750576][ T8751] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  209.750584][ T8751] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fabff3fa6d4
[  209.750593][ T8751] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff
01:59:25 executing program 4:
unshare(0x0)

[  210.605025][ T8801] check_preemption_disabled: 2 callbacks suppressed
[  210.605040][ T8801] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/8801
[  210.621183][ T8801] caller is ip6_finish_output+0x335/0xdc0
[  210.626946][ T8801] CPU: 0 PID: 8801 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19
[  210.635993][ T8801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  210.646056][ T8801] Call Trace:
[  210.649373][ T8801]  dump_stack+0x172/0x1f0
[  210.653757][ T8801]  __this_cpu_preempt_check+0x246/0x270
[  210.659315][ T8801]  ip6_finish_output+0x335/0xdc0
[  210.664264][ T8801]  ip6_output+0x235/0x7f0
[  210.668610][ T8801]  ? ip6_finish_output+0xdc0/0xdc0
[  210.673756][ T8801]  ? ip6_fragment+0x3980/0x3980
[  210.678621][ T8801]  ? kasan_check_read+0x11/0x20
[  210.683505][ T8801]  ip6_xmit+0xe41/0x20c0
[  210.687769][ T8801]  ? ip6_finish_output2+0x2550/0x2550
[  210.693152][ T8801]  ? mark_held_locks+0xf0/0xf0
[  210.697928][ T8801]  ? ip6_setup_cork+0x1870/0x1870
01:59:26 executing program 4:
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x0, 0x0)
close(r0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000140)={0x4, 0x8, 0x9, {0x0, 0x1c9c380}, 0xffffffff, 0x400})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
r1 = socket$caif_stream(0x25, 0x1, 0x3)
pwritev(r1, &(0x7f00000000c0)=[{&(0x7f0000000380)="e9ecef4869c631f5637c931e7edc6bf08ff1c966e7de252bed037099b7640538321008c318367e254a1f30718c65e556165f560c4464bfec755a2dee0c769bc7cb657626e133d523194e65fb121ac869c5f603dc8fe59dbd59abd35b00c164079a4e6e6c81d7aca1d0df09753d8a586c19bff985eabd5156667de1b621ebcae1e4e1f884cc79dc52203d7b049f07c86d86250ac56d4461abdd314901b9a0e00c19a019d0d244", 0xa6}], 0x1, 0x0)
r2 = socket(0x11, 0x802, 0x0)
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x2000, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000000)={'team0\x00\n\x00L\xff\xff\xff\xc3`\x00'})
lsetxattr$security_ima(&(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='security.ima\x00', 0x0, 0x0, 0x0)

[  210.702998][ T8801]  sctp_v6_xmit+0x313/0x660
[  210.707524][ T8801]  sctp_packet_transmit+0x1bc4/0x36f0
[  210.712928][ T8801]  ? sctp_packet_config+0xfe0/0xfe0
[  210.718179][ T8801]  ? sctp_packet_append_chunk+0x946/0xda0
[  210.723913][ T8801]  ? sctp_outq_select_transport+0x21a/0x790
[  210.729824][ T8801]  sctp_outq_flush_ctrl.constprop.0+0x6d4/0xd50
[  210.736076][ T8801]  ? sctp_prsctp_prune_sent.isra.0+0x820/0x820
[  210.742250][ T8801]  ? lock_downgrade+0x880/0x880
[  210.747115][ T8801]  ? add_timer+0x400/0x930
[  210.751562][ T8801]  ? find_held_lock+0x35/0x130
[  210.756956][ T8801]  ? add_timer+0x41e/0x930
[  210.761406][ T8801]  sctp_outq_flush+0xe8/0x2780
[  210.766178][ T8801]  ? mark_held_locks+0xa4/0xf0
[  210.770965][ T8801]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  210.776803][ T8801]  ? add_timer+0x41e/0x930
[  210.781231][ T8801]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  210.787050][ T8801]  ? lockdep_hardirqs_on+0x418/0x5d0
[  210.792364][ T8801]  ? trace_hardirqs_on+0x67/0x230
[  210.797397][ T8801]  ? __sctp_outq_teardown+0xc60/0xc60
[  210.802792][ T8801]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  210.809057][ T8801]  ? sctp_outq_tail+0x68c/0x930
[  210.813935][ T8801]  sctp_outq_uncork+0x6c/0x80
[  210.818637][ T8801]  sctp_do_sm+0x2575/0x5770
[  210.823166][ T8801]  ? sctp_hash_transport+0xdb1/0x18d0
[  210.828557][ T8801]  ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940
[  210.835243][ T8801]  ? __local_bh_enable_ip+0x15a/0x270
[  210.840638][ T8801]  ? lock_downgrade+0x880/0x880
[  210.845513][ T8801]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  210.851801][ T8801]  ? kasan_check_read+0x11/0x20
[  210.856652][ T8801]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  210.862893][ T8801]  ? sctp_hash_transport+0x10b/0x18d0
[  210.868284][ T8801]  ? memcpy+0x46/0x50
[  210.872265][ T8801]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  210.878503][ T8801]  ? sctp_assoc_set_primary+0x274/0x310
[  210.884071][ T8801]  sctp_primitive_ASSOCIATE+0x9d/0xd0
[  210.889447][ T8801]  __sctp_connect+0x8cd/0xce0
[  210.894132][ T8801]  ? sctp_sendmsg_to_asoc+0x17b0/0x17b0
[  210.899702][ T8801]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  210.905964][ T8801]  ? _copy_from_user+0xdd/0x150
[  210.910819][ T8801]  ? security_sctp_bind_connect+0x99/0xd0
[  210.916588][ T8801]  __sctp_setsockopt_connectx+0x133/0x1a0
[  210.922422][ T8801]  sctp_setsockopt+0x15db/0x6fe0
[  210.927383][ T8801]  ? sctp_setsockopt_paddr_thresholds+0x540/0x540
[  210.933812][ T8801]  ? kasan_check_read+0x11/0x20
[  210.938670][ T8801]  ? ___might_sleep+0x163/0x280
[  210.943523][ T8801]  ? __might_sleep+0x95/0x190
[  210.948202][ T8801]  ? debug_lockdep_rcu_enabled+0x71/0xa0
[  210.953837][ T8801]  ? aa_sk_perm+0x288/0x880
[  210.958346][ T8801]  ? aa_sock_opt_perm.isra.0+0xa1/0x130
[  210.963896][ T8801]  sock_common_setsockopt+0x9a/0xe0
[  210.969098][ T8801]  __sys_setsockopt+0x180/0x280
[  210.973957][ T8801]  ? kernel_accept+0x310/0x310
[  210.978724][ T8801]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  210.984182][ T8801]  ? do_syscall_64+0x26/0x610
[  210.988866][ T8801]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  210.994931][ T8801]  ? do_syscall_64+0x26/0x610
[  210.999637][ T8801]  __x64_sys_setsockopt+0xbe/0x150
[  211.004840][ T8801]  do_syscall_64+0x103/0x610
[  211.009434][ T8801]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  211.015336][ T8801] RIP: 0033:0x4582b9
[  211.019262][ T8801] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  211.038866][ T8801] RSP: 002b:00007ff9ab31bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  211.047289][ T8801] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004582b9
[  211.055260][ T8801] RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000005
[  211.063240][ T8801] RBP: 000000000073bfa0 R08: 000000000000001c R09: 0000000000000000
[  211.071214][ T8801] R10: 000000002055bfe4 R11: 0000000000000246 R12: 00007ff9ab31c6d4
[  211.079199][ T8801] R13: 00000000004cd198 R14: 00000000004dafa0 R15: 00000000ffffffff
01:59:26 executing program 1:
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25)

01:59:26 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25)

[  211.216335][ T8801] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/8801
[  211.225904][ T8801] caller is ip6_finish_output+0x335/0xdc0
[  211.231796][ T8801] CPU: 0 PID: 8801 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19
[  211.240814][ T8801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  211.250901][ T8801] Call Trace:
[  211.254207][ T8801]  dump_stack+0x172/0x1f0
[  211.258562][ T8801]  __this_cpu_preempt_check+0x246/0x270
[  211.264147][ T8801]  ip6_finish_output+0x335/0xdc0
[  211.264170][ T8801]  ip6_output+0x235/0x7f0
[  211.273448][ T8801]  ? ip6_finish_output+0xdc0/0xdc0
[  211.273469][ T8801]  ? ip6_fragment+0x3980/0x3980
[  211.273490][ T8801]  ? kasan_check_read+0x11/0x20
[  211.273508][ T8801]  ip6_xmit+0xe41/0x20c0
[  211.273533][ T8801]  ? ip6_finish_output2+0x2550/0x2550
[  211.273550][ T8801]  ? mark_held_locks+0xf0/0xf0
[  211.273568][ T8801]  ? ip6_setup_cork+0x1870/0x1870
[  211.273601][ T8801]  sctp_v6_xmit+0x313/0x660
01:59:26 executing program 1:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
write$cgroup_pid(r1, &(0x7f0000000080), 0xdc0f8a25)

[  211.273624][ T8801]  sctp_packet_transmit+0x1bc4/0x36f0
[  211.273658][ T8801]  ? sctp_packet_config+0xfe0/0xfe0
[  211.273673][ T8801]  ? kmem_cache_alloc_node_trace+0x352/0x720
[  211.273689][ T8801]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  211.273708][ T8801]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  211.273724][ T8801]  sctp_outq_flush+0x2b8/0x2780
[  211.273744][ T8801]  ? sctp_chunkify+0x4b/0x290
[  211.273766][ T8801]  ? __sctp_outq_teardown+0xc60/0xc60
[  211.273788][ T8801]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  211.273800][ T8801]  ? sctp_outq_tail+0x68c/0x930
[  211.273818][ T8801]  sctp_outq_uncork+0x6c/0x80
[  211.273833][ T8801]  sctp_do_sm+0x2575/0x5770
[  211.273859][ T8801]  ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940
[  211.273876][ T8801]  ? add_lock_to_list.isra.0+0x1cd/0x3a0
[  211.273887][ T8801]  ? save_trace+0xe0/0x290
[  211.273910][ T8801]  ? sctp_assoc_bh_rcv+0x2fc/0x660
[  211.273924][ T8801]  ? find_held_lock+0x35/0x130
[  211.273940][ T8801]  ? sctp_assoc_bh_rcv+0x2fc/0x660
[  211.273981][ T8801]  ? trace_hardirqs_on+0x67/0x230
[  211.273998][ T8801]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  211.274012][ T8801]  ? ktime_get+0x208/0x300
[  211.274032][ T8801]  sctp_assoc_bh_rcv+0x343/0x660
[  211.274057][ T8801]  sctp_inq_push+0x1ea/0x290
[  211.274076][ T8801]  sctp_backlog_rcv+0x196/0xbe0
[  211.274091][ T8801]  ? __local_bh_enable_ip+0x15a/0x270
[  211.274105][ T8801]  ? _raw_spin_unlock_bh+0x31/0x40
[  211.274117][ T8801]  ? __local_bh_enable_ip+0x15a/0x270
[  211.274135][ T8801]  ? sctp_hash_obj+0x600/0x600
[  211.274152][ T8801]  ? __release_sock+0xca/0x3a0
[  211.274168][ T8801]  ? __local_bh_enable_ip+0x15a/0x270
[  211.274189][ T8801]  __release_sock+0x12e/0x3a0
[  211.357640][ T8792] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/8792
[  211.362683][ T8801]  release_sock+0x59/0x1c0
[  211.362722][ T8801]  sctp_wait_for_connect+0x316/0x540
[  211.362751][ T8801]  ? sctp_get_port+0x180/0x180
[  211.362784][ T8801]  ? memcpy+0x46/0x50
[  211.362826][ T8801]  ? finish_wait+0x260/0x260
[  211.367707][ T8792] caller is ip6_finish_output+0x335/0xdc0
[  211.372347][ T8801]  ? sctp_primitive_ASSOCIATE+0x9d/0xd0
[  211.372366][ T8801]  __sctp_connect+0xac2/0xce0
[  211.372390][ T8801]  ? sctp_sendmsg_to_asoc+0x17b0/0x17b0
[  211.372422][ T8801]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  211.533283][ T8801]  ? _copy_from_user+0xdd/0x150
[  211.533305][ T8801]  ? security_sctp_bind_connect+0x99/0xd0
[  211.533328][ T8801]  __sctp_setsockopt_connectx+0x133/0x1a0
[  211.533349][ T8801]  sctp_setsockopt+0x15db/0x6fe0
[  211.533370][ T8801]  ? sctp_setsockopt_paddr_thresholds+0x540/0x540
[  211.533390][ T8801]  ? kasan_check_read+0x11/0x20
[  211.533412][ T8801]  ? ___might_sleep+0x163/0x280
[  211.533430][ T8801]  ? __might_sleep+0x95/0x190
[  211.533449][ T8801]  ? debug_lockdep_rcu_enabled+0x71/0xa0
[  211.533464][ T8801]  ? aa_sk_perm+0x288/0x880
[  211.533488][ T8801]  ? aa_sock_opt_perm.isra.0+0xa1/0x130
[  211.533509][ T8801]  sock_common_setsockopt+0x9a/0xe0
[  211.533530][ T8801]  __sys_setsockopt+0x180/0x280
[  211.533548][ T8801]  ? kernel_accept+0x310/0x310
[  211.533570][ T8801]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  211.533586][ T8801]  ? do_syscall_64+0x26/0x610
[  211.533602][ T8801]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  211.533616][ T8801]  ? do_syscall_64+0x26/0x610
[  211.533638][ T8801]  __x64_sys_setsockopt+0xbe/0x150
[  211.533656][ T8801]  do_syscall_64+0x103/0x610
[  211.533675][ T8801]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  211.533687][ T8801] RIP: 0033:0x4582b9
[  211.533703][ T8801] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  211.533711][ T8801] RSP: 002b:00007ff9ab31bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  211.533726][ T8801] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004582b9
[  211.533734][ T8801] RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000005
[  211.533744][ T8801] RBP: 000000000073bfa0 R08: 000000000000001c R09: 0000000000000000
[  211.533753][ T8801] R10: 000000002055bfe4 R11: 0000000000000246 R12: 00007ff9ab31c6d4
[  211.533762][ T8801] R13: 00000000004cd198 R14: 00000000004dafa0 R15: 00000000ffffffff
01:59:27 executing program 5:
write$P9_RLERROR(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="b4175c65394176579d076a0291a9891e62a86c4b0cb800aa529522cd94eb"], 0x1e)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x246)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0xfffd})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x30, 0x0, 0x0, 0x117)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

01:59:27 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000280)="0adc1f123c12a41d88b070")
r1 = socket$inet(0x2, 0x3, 0x19)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x23, &(0x7f0000000000)={{{@in=@multicast2, @in=@multicast1}}, {{@in6}, 0x0, @in6=@loopback}}, 0xe8)
dup2(r0, r1)

[  211.533795][ T8792] CPU: 1 PID: 8792 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19
[  211.533803][ T8792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  211.533808][ T8792] Call Trace:
[  211.533828][ T8792]  dump_stack+0x172/0x1f0
[  211.533847][ T8792]  __this_cpu_preempt_check+0x246/0x270
[  211.533867][ T8792]  ip6_finish_output+0x335/0xdc0
[  211.533886][ T8792]  ip6_output+0x235/0x7f0
[  211.533903][ T8792]  ? ip6_finish_output+0xdc0/0xdc0
[  211.533920][ T8792]  ? ip6_fragment+0x3980/0x3980
[  211.533937][ T8792]  ? kasan_check_read+0x11/0x20
[  211.533966][ T8792]  ip6_xmit+0xe41/0x20c0
[  211.533989][ T8792]  ? ip6_finish_output2+0x2550/0x2550
[  211.534004][ T8792]  ? mark_held_locks+0xf0/0xf0
[  211.534024][ T8792]  ? ip6_setup_cork+0x1870/0x1870
[  211.534060][ T8792]  sctp_v6_xmit+0x313/0x660
[  211.534082][ T8792]  sctp_packet_transmit+0x1bc4/0x36f0
[  211.534130][ T8792]  ? sctp_packet_config+0xfe0/0xfe0
[  211.534150][ T8792]  ? sctp_packet_append_chunk+0x946/0xda0
[  211.534166][ T8792]  ? sctp_outq_select_transport+0x21a/0x790
[  211.534187][ T8792]  sctp_outq_flush_ctrl.constprop.0+0x6d4/0xd50
[  211.534210][ T8792]  ? sctp_prsctp_prune_sent.isra.0+0x820/0x820
[  211.534223][ T8792]  ? lock_downgrade+0x880/0x880
[  211.534246][ T8792]  ? add_timer+0x400/0x930
[  211.534261][ T8792]  ? find_held_lock+0x35/0x130
[  211.534277][ T8792]  ? add_timer+0x41e/0x930
[  211.534295][ T8792]  sctp_outq_flush+0xe8/0x2780
[  211.534308][ T8792]  ? mark_held_locks+0xa4/0xf0
[  211.534323][ T8792]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  211.534337][ T8792]  ? add_timer+0x41e/0x930
[  211.534351][ T8792]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  211.534366][ T8792]  ? lockdep_hardirqs_on+0x418/0x5d0
[  211.534384][ T8792]  ? trace_hardirqs_on+0x67/0x230
[  211.534402][ T8792]  ? __sctp_outq_teardown+0xc60/0xc60
[  211.534428][ T8792]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  211.534441][ T8792]  ? sctp_outq_tail+0x68c/0x930
[  211.534458][ T8792]  sctp_outq_uncork+0x6c/0x80
[  211.534474][ T8792]  sctp_do_sm+0x2575/0x5770
[  211.534491][ T8792]  ? sctp_hash_transport+0xdb1/0x18d0
[  211.534515][ T8792]  ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940
[  211.534531][ T8792]  ? __local_bh_enable_ip+0x15a/0x270
[  211.534548][ T8792]  ? lock_downgrade+0x880/0x880
[  211.534562][ T8792]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  211.534581][ T8792]  ? kasan_check_read+0x11/0x20
[  211.534599][ T8792]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  211.534615][ T8792]  ? sctp_hash_transport+0x10b/0x18d0
[  211.534649][ T8792]  ? memcpy+0x46/0x50
[  211.534665][ T8792]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  211.534680][ T8792]  ? sctp_assoc_set_primary+0x274/0x310
[  211.534701][ T8792]  sctp_primitive_ASSOCIATE+0x9d/0xd0
[  211.534726][ T8792]  __sctp_connect+0x8cd/0xce0
[  211.534751][ T8792]  ? sctp_sendmsg_to_asoc+0x17b0/0x17b0
[  211.534771][ T8792]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  211.534782][ T8792]  ? _copy_from_user+0xdd/0x150
[  211.534797][ T8792]  ? security_sctp_bind_connect+0x99/0xd0
[  211.534813][ T8792]  __sctp_setsockopt_connectx+0x133/0x1a0
[  211.534829][ T8792]  sctp_setsockopt+0x15db/0x6fe0
[  211.534847][ T8792]  ? sctp_setsockopt_paddr_thresholds+0x540/0x540
[  211.534861][ T8792]  ? kasan_check_read+0x11/0x20
[  211.534875][ T8792]  ? ___might_sleep+0x163/0x280
[  211.534890][ T8792]  ? __might_sleep+0x95/0x190
[  211.534905][ T8792]  ? debug_lockdep_rcu_enabled+0x71/0xa0
[  211.534916][ T8792]  ? aa_sk_perm+0x288/0x880
[  211.534935][ T8792]  ? aa_sock_opt_perm.isra.0+0xa1/0x130
[  211.534964][ T8792]  sock_common_setsockopt+0x9a/0xe0
[  211.534981][ T8792]  __sys_setsockopt+0x180/0x280
[  211.534998][ T8792]  ? kernel_accept+0x310/0x310
[  211.535015][ T8792]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  211.535028][ T8792]  ? do_syscall_64+0x26/0x610
[  211.535040][ T8792]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  211.535052][ T8792]  ? do_syscall_64+0x26/0x610
[  211.535071][ T8792]  __x64_sys_setsockopt+0xbe/0x150
[  211.535088][ T8792]  do_syscall_64+0x103/0x610
[  211.535103][ T8792]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  211.535114][ T8792] RIP: 0033:0x4582b9
01:59:27 executing program 3:
r0 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r0, &(0x7f0000000340)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
listen(r0, 0x4)
connect$inet6(0xffffffffffffffff, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)

[  211.535127][ T8792] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  211.535135][ T8792] RSP: 002b:00007ff9ab33cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  211.535147][ T8792] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004582b9
[  211.535156][ T8792] RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000008
[  211.535163][ T8792] RBP: 000000000073bf00 R08: 000000000000001c R09: 0000000000000000
[  211.535171][ T8792] R10: 000000002055bfe4 R11: 0000000000000246 R12: 00007ff9ab33d6d4
[  211.535179][ T8792] R13: 00000000004cd198 R14: 00000000004dafa0 R15: 00000000ffffffff
01:59:27 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
listen(r0, 0x5)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)

01:59:27 executing program 3:
r0 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r0, &(0x7f0000000340)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
listen(r0, 0x4)
connect$inet6(0xffffffffffffffff, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)

01:59:27 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25)

01:59:27 executing program 1:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
write$cgroup_pid(r1, &(0x7f0000000080), 0xdc0f8a25)

01:59:27 executing program 4:
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x0, 0x0)
close(r0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000140)={0x4, 0x8, 0x9, {0x0, 0x1c9c380}, 0xffffffff, 0x400})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
r1 = socket$caif_stream(0x25, 0x1, 0x3)
pwritev(r1, &(0x7f00000000c0)=[{&(0x7f0000000380)="e9ecef4869c631f5637c931e7edc6bf08ff1c966e7de252bed037099b7640538321008c318367e254a1f30718c65e556165f560c4464bfec755a2dee0c769bc7cb657626e133d523194e65fb121ac869c5f603dc8fe59dbd59abd35b00c164079a4e6e6c81d7aca1d0df09753d8a586c19bff985eabd5156667de1b621ebcae1e4e1f884cc79dc52203d7b049f07c86d86250ac56d4461abdd314901b9a0e00c19a019d0d244", 0xa6}], 0x1, 0x0)
r2 = socket(0x11, 0x802, 0x0)
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x2000, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000000)={'team0\x00\n\x00L\xff\xff\xff\xc3`\x00'})
lsetxattr$security_ima(&(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='security.ima\x00', 0x0, 0x0, 0x0)

01:59:27 executing program 3:
r0 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r0, &(0x7f0000000340)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r2 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(r2, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)

01:59:27 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25)

01:59:27 executing program 1:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
write$cgroup_pid(r1, &(0x7f0000000080), 0xdc0f8a25)

[  212.554004][ T8859] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8859
[  212.563582][ T8859] caller is ip6_finish_output+0x335/0xdc0
[  212.569338][ T8859] CPU: 1 PID: 8859 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19
[  212.578371][ T8859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  212.588444][ T8859] Call Trace:
[  212.591774][ T8859]  dump_stack+0x172/0x1f0
[  212.596140][ T8859]  __this_cpu_preempt_check+0x246/0x270
[  212.601727][ T8859]  ip6_finish_output+0x335/0xdc0
[  212.606701][ T8859]  ip6_output+0x235/0x7f0
[  212.606732][ T8859]  ? ip6_finish_output+0xdc0/0xdc0
[  212.616192][ T8859]  ? ip6_fragment+0x3980/0x3980
[  212.616232][ T8859]  ip6_xmit+0xe41/0x20c0
[  212.625343][ T8859]  ? ip6_finish_output2+0x2550/0x2550
[  212.630746][ T8859]  ? mark_held_locks+0xf0/0xf0
[  212.635538][ T8859]  ? ip6_setup_cork+0x1870/0x1870
[  212.640598][ T8859]  inet6_csk_xmit+0x2fb/0x5d0
[  212.645412][ T8859]  ? inet6_csk_update_pmtu+0x190/0x190
[  212.650923][ T8859]  ? dccp_v6_send_check+0x2a0/0x3e0
[  212.656154][ T8859]  dccp_transmit_skb+0xca5/0x12c0
[  212.661225][ T8859]  dccp_connect+0x31d/0x620
[  212.665758][ T8859]  dccp_v6_connect+0xdaa/0x1990
[  212.670643][ T8859]  ? dccp_v6_init_sock+0xa0/0xa0
[  212.675622][ T8859]  __inet_stream_connect+0x83f/0xea0
[  212.680921][ T8859]  ? dccp_v6_init_sock+0xa0/0xa0
[  212.685882][ T8859]  ? __inet_stream_connect+0x83f/0xea0
[  212.691357][ T8859]  ? mark_held_locks+0xa4/0xf0
[  212.696160][ T8859]  ? inet_dgram_connect+0x2e0/0x2e0
[  212.701372][ T8859]  ? lock_sock_nested+0x9a/0x120
[  212.706325][ T8859]  ? trace_hardirqs_on+0x67/0x230
[  212.711359][ T8859]  ? lock_sock_nested+0x9a/0x120
[  212.716316][ T8859]  ? __local_bh_enable_ip+0x15a/0x270
[  212.722140][ T8859]  inet_stream_connect+0x58/0xa0
[  212.727113][ T8859]  __sys_connect+0x266/0x330
[  212.731722][ T8859]  ? __ia32_sys_accept+0xb0/0xb0
[  212.736669][ T8859]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  212.742920][ T8859]  ? put_timespec64+0xda/0x140
[  212.747723][ T8859]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  212.753198][ T8859]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  212.758678][ T8859]  ? do_syscall_64+0x26/0x610
[  212.763374][ T8859]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  212.769455][ T8859]  ? do_syscall_64+0x26/0x610
[  212.774163][ T8859]  __x64_sys_connect+0x73/0xb0
[  212.778958][ T8859]  do_syscall_64+0x103/0x610
[  212.783656][ T8859]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  212.789557][ T8859] RIP: 0033:0x4582b9
[  212.793458][ T8859] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  212.813070][ T8859] RSP: 002b:00007fabff3f9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  212.821959][ T8859] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9
[  212.829966][ T8859] RDX: 000000000000001c RSI: 0000000020419000 RDI: 0000000000000005
[  212.837968][ T8859] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  212.845966][ T8859] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fabff3fa6d4
[  212.853960][ T8859] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff
01:59:28 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25)

01:59:28 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc67a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3d5, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
listen(r0, 0x5)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)

01:59:28 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000580)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
write$cgroup_pid(r1, &(0x7f0000000080), 0xdc0f8a25)

[  212.942230][ T8853] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/8853
[  212.951725][ T8853] caller is ip6_finish_output+0x335/0xdc0
[  212.957481][ T8853] CPU: 1 PID: 8853 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19
[  212.966535][ T8853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  212.966542][ T8853] Call Trace:
[  212.966572][ T8853]  dump_stack+0x172/0x1f0
[  212.966600][ T8853]  __this_cpu_preempt_check+0x246/0x270
[  212.966621][ T8853]  ip6_finish_output+0x335/0xdc0
[  212.966646][ T8853]  ip6_output+0x235/0x7f0
[  212.966667][ T8853]  ? ip6_finish_output+0xdc0/0xdc0
[  212.966690][ T8853]  ? ip6_fragment+0x3980/0x3980
[  212.966719][ T8853]  ? kasan_check_read+0x11/0x20
[  212.966741][ T8853]  ip6_xmit+0xe41/0x20c0
01:59:28 executing program 3:
r0 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r0, &(0x7f0000000340)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r2 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(r2, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)

[  212.966769][ T8853]  ? ip6_finish_output2+0x2550/0x2550
01:59:28 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = socket$inet_sctp(0x2, 0x3, 0x84)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x1000001, 0x10, 0xffffffffffffffff, 0x0)
fcntl$F_SET_RW_HINT(r1, 0x40c, &(0x7f0000000440))

01:59:28 executing program 4:
shmget(0xffffffffffffffff, 0x2000, 0x0, &(0x7f0000ffe000/0x2000)=nil)
clone(0x0, 0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0xa000000200000000, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mount(0x0, &(0x7f0000343ff8)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000))

[  212.966789][ T8853]  ? mark_held_locks+0xf0/0xf0
[  212.966811][ T8853]  ? ip6_setup_cork+0x1870/0x1870
01:59:28 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc67a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3d5, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
listen(r0, 0x5)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)

01:59:28 executing program 3:
r0 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r0, &(0x7f0000000340)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r2 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(r2, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)

[  212.966845][ T8853]  sctp_v6_xmit+0x313/0x660
[  212.966868][ T8853]  sctp_packet_transmit+0x1bc4/0x36f0
[  212.966905][ T8853]  ? sctp_packet_config+0xfe0/0xfe0
[  212.966925][ T8853]  ? sctp_packet_append_chunk+0x946/0xda0
[  212.966940][ T8853]  ? sctp_outq_select_transport+0x21a/0x790
01:59:28 executing program 0:
ioctl$RTC_ALM_READ(0xffffffffffffffff, 0x80247008, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
accept$unix(0xffffffffffffffff, 0x0, 0x0)
shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xfffffffffffffffe)
perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0xa000000200000000, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mount(0x0, &(0x7f0000343ff8)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000))

[  212.966975][ T8853]  sctp_outq_flush_ctrl.constprop.0+0x6d4/0xd50
[  212.967000][ T8853]  ? sctp_prsctp_prune_sent.isra.0+0x820/0x820
[  212.967015][ T8853]  ? lock_downgrade+0x880/0x880
[  212.967040][ T8853]  ? add_timer+0x400/0x930
[  212.967056][ T8853]  ? find_held_lock+0x35/0x130
[  212.967074][ T8853]  ? add_timer+0x41e/0x930
[  212.967092][ T8853]  sctp_outq_flush+0xe8/0x2780
[  212.967105][ T8853]  ? mark_held_locks+0xa4/0xf0
[  212.967120][ T8853]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
01:59:28 executing program 3:
r0 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r0, &(0x7f0000000340)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
socket$inet_udplite(0x2, 0x2, 0x88)
listen(r0, 0x4)
r1 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(r1, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)

[  212.967133][ T8853]  ? add_timer+0x41e/0x930
[  212.967146][ T8853]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  212.967161][ T8853]  ? lockdep_hardirqs_on+0x418/0x5d0
[  212.967179][ T8853]  ? trace_hardirqs_on+0x67/0x230
[  212.967196][ T8853]  ? __sctp_outq_teardown+0xc60/0xc60
[  212.967221][ T8853]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  212.967234][ T8853]  ? sctp_outq_tail+0x68c/0x930
[  212.967251][ T8853]  sctp_outq_uncork+0x6c/0x80
[  212.967266][ T8853]  sctp_do_sm+0x2575/0x5770
[  212.967282][ T8853]  ? sctp_hash_transport+0xdb1/0x18d0
01:59:29 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1f, 0x502)
write$cgroup_pid(r0, &(0x7f0000000080), 0xdc0f8a25)

[  212.967305][ T8853]  ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940
[  212.967322][ T8853]  ? __local_bh_enable_ip+0x15a/0x270
[  212.967339][ T8853]  ? lock_downgrade+0x880/0x880
[  212.967353][ T8853]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  212.967371][ T8853]  ? kasan_check_read+0x11/0x20
[  212.967389][ T8853]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  212.967405][ T8853]  ? sctp_hash_transport+0x10b/0x18d0
[  212.967438][ T8853]  ? memcpy+0x46/0x50
[  212.967453][ T8853]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
01:59:29 executing program 3:
r0 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r0, &(0x7f0000000340)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
socket$inet_udplite(0x2, 0x2, 0x88)
listen(r0, 0x4)
r1 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(r1, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)

[  212.967468][ T8853]  ? sctp_assoc_set_primary+0x274/0x310
[  212.967489][ T8853]  sctp_primitive_ASSOCIATE+0x9d/0xd0
[  212.967508][ T8853]  __sctp_connect+0x8cd/0xce0
[  212.967532][ T8853]  ? sctp_sendmsg_to_asoc+0x17b0/0x17b0
[  212.967555][ T8853]  ? _copy_from_user+0xe9/0x150
[  212.967573][ T8853]  ? security_sctp_bind_connect+0x99/0xd0
[  212.967594][ T8853]  __sctp_setsockopt_connectx+0x133/0x1a0
[  212.967612][ T8853]  sctp_setsockopt+0x15db/0x6fe0
[  212.967633][ T8853]  ? sctp_setsockopt_paddr_thresholds+0x540/0x540
[  212.967647][ T8853]  ? retint_kernel+0x2d/0x2d
[  212.967668][ T8853]  ? ___might_sleep+0x163/0x280
[  212.967685][ T8853]  ? __might_sleep+0x95/0x190
[  212.967704][ T8853]  ? debug_lockdep_rcu_enabled+0x71/0xa0
[  212.967726][ T8853]  ? aa_sk_perm+0x288/0x880
[  212.967750][ T8853]  ? aa_sock_opt_perm.isra.0+0xa1/0x130
[  212.967771][ T8853]  sock_common_setsockopt+0x9a/0xe0
[  212.967792][ T8853]  __sys_setsockopt+0x180/0x280
[  212.967810][ T8853]  ? kernel_accept+0x310/0x310
[  212.967840][ T8853]  __x64_sys_setsockopt+0xbe/0x150
[  212.967855][ T8853]  ? __ia32_sys_recv+0x100/0x100
[  212.967874][ T8853]  do_syscall_64+0x103/0x610
[  212.967892][ T8853]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  212.967904][ T8853] RIP: 0033:0x4582b9
[  212.967919][ T8853] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  212.967928][ T8853] RSP: 002b:00007ff9ab33cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  212.967942][ T8853] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004582b9
[  212.967961][ T8853] RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000005
[  212.967970][ T8853] RBP: 000000000073bf00 R08: 000000000000001c R09: 0000000000000000
[  212.967979][ T8853] R10: 000000002055bfe4 R11: 0000000000000246 R12: 00007ff9ab33d6d4
[  212.967988][ T8853] R13: 00000000004cd198 R14: 00000000004dafa0 R15: 00000000ffffffff
[  213.072397][ T8872] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/8872
[  213.072479][ T8872] caller is ip6_finish_output+0x335/0xdc0
[  213.072550][ T8872] CPU: 1 PID: 8872 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19
[  213.072560][ T8872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  213.072566][ T8872] Call Trace:
[  213.072588][ T8872]  dump_stack+0x172/0x1f0
[  213.072616][ T8872]  __this_cpu_preempt_check+0x246/0x270
[  213.072638][ T8872]  ip6_finish_output+0x335/0xdc0
[  213.072664][ T8872]  ip6_output+0x235/0x7f0
[  213.072685][ T8872]  ? ip6_finish_output+0xdc0/0xdc0
[  213.072714][ T8872]  ? ip6_fragment+0x3980/0x3980
[  213.072741][ T8872]  ? kasan_check_read+0x11/0x20
[  213.072764][ T8872]  ip6_xmit+0xe41/0x20c0
[  213.072783][ T8872]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  213.072813][ T8872]  ? ip6_finish_output2+0x2550/0x2550
[  213.072831][ T8872]  ? mark_held_locks+0xf0/0xf0
[  213.072846][ T8872]  ? lockdep_hardirqs_on+0x418/0x5d0
[  213.072866][ T8872]  ? ip6_setup_cork+0x1870/0x1870
[  213.072905][ T8872]  sctp_v6_xmit+0x313/0x660
[  213.072932][ T8872]  sctp_packet_transmit+0x1bc4/0x36f0
[  213.072984][ T8872]  ? sctp_packet_config+0xfe0/0xfe0
[  213.073005][ T8872]  ? sctp_packet_append_chunk+0x93e/0xda0
[  213.073026][ T8872]  ? sctp_packet_append_chunk+0x946/0xda0
[  213.073052][ T8872]  sctp_outq_flush_ctrl.constprop.0+0x6d4/0xd50
[  213.073076][ T8872]  ? sctp_prsctp_prune_sent.isra.0+0x820/0x820
[  213.073092][ T8872]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  213.073123][ T8872]  ? mark_held_locks+0xa4/0xf0
[  213.073144][ T8872]  sctp_outq_flush+0xe8/0x2780
[  213.073160][ T8872]  ? retint_kernel+0x2d/0x2d
[  213.073180][ T8872]  ? trace_hardirqs_on_caller+0x6a/0x220
[  213.073201][ T8872]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  213.073222][ T8872]  ? __sctp_outq_teardown+0xc60/0xc60
[  213.073255][ T8872]  sctp_outq_uncork+0x6c/0x80
[  213.073274][ T8872]  sctp_do_sm+0x2575/0x5770
[  213.073293][ T8872]  ? sctp_hash_transport+0xdb1/0x18d0
[  213.073321][ T8872]  ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940
[  213.073340][ T8872]  ? __local_bh_enable_ip+0x15a/0x270
[  213.073361][ T8872]  ? mark_held_locks+0xa4/0xf0
[  213.073378][ T8872]  ? trace_hardirqs_on_thunk+0x1a/0x1c
01:59:29 executing program 5:
r0 = syz_open_dev$usb(&(0x7f0000000100)='/dev/bus/usb/00#/00#\x00', 0xe, 0x1)
socket$inet6(0xa, 0x1, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
write$RDMA_USER_CM_CMD_BIND(r0, 0x0, 0x0)
socketpair$unix(0x1, 0x400000001, 0x0, &(0x7f0000000440)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
pipe(&(0x7f0000000280))
pselect6(0x40, &(0x7f00000000c0)={0x8, 0x0, 0x800000000000000}, 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), 0x0)

[  213.073395][ T8872]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  213.073411][ T8872]  ? lockdep_hardirqs_on+0x418/0x5d0
[  213.073426][ T8872]  ? retint_kernel+0x2d/0x2d
[  213.073443][ T8872]  ? trace_hardirqs_on_caller+0x6a/0x220
[  213.073460][ T8872]  ? sctp_hash_transport+0x10b/0x18d0
[  213.073481][ T8872]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  213.073525][ T8872]  sctp_primitive_ASSOCIATE+0x9d/0xd0
[  213.073547][ T8872]  __sctp_connect+0x8cd/0xce0
[  213.073574][ T8872]  ? sctp_sendmsg_to_asoc+0x17b0/0x17b0
01:59:29 executing program 5:
r0 = semget$private(0x0, 0xc, 0x0)
semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000080)=[0x200])
semop(r0, &(0x7f0000000100), 0x2d)
semctl$GETZCNT(r0, 0x3, 0xf, 0x0)

[  213.073602][ T8872]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  213.073618][ T8872]  ? _copy_from_user+0xdd/0x150
[  213.073640][ T8872]  ? security_sctp_bind_connect+0x99/0xd0
[  213.073664][ T8872]  __sctp_setsockopt_connectx+0x133/0x1a0
[  213.073686][ T8872]  sctp_setsockopt+0x15db/0x6fe0
[  213.073702][ T8872]  ? retint_kernel+0x2d/0x2d
[  213.073731][ T8872]  ? sctp_setsockopt_paddr_thresholds+0x540/0x540
[  213.073750][ T8872]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  213.073773][ T8872]  ? ___might_sleep+0x163/0x280
[  213.073791][ T8872]  ? __might_sleep+0x95/0x190
[  213.073812][ T8872]  ? debug_lockdep_rcu_enabled+0x71/0xa0
[  213.073827][ T8872]  ? aa_sk_perm+0x288/0x880
[  213.073842][ T8872]  ? aa_sock_opt_perm.isra.0+0x1b/0x130
[  213.073867][ T8872]  ? aa_sock_opt_perm.isra.0+0xa1/0x130
[  213.073890][ T8872]  sock_common_setsockopt+0x9a/0xe0
[  213.073914][ T8872]  __sys_setsockopt+0x180/0x280
[  213.073934][ T8872]  ? kernel_accept+0x310/0x310
[  213.073977][ T8872]  __x64_sys_setsockopt+0xbe/0x150
[  213.073996][ T8872]  ? do_syscall_64+0xfe/0x610
[  213.074015][ T8872]  do_syscall_64+0x103/0x610
[  213.074036][ T8872]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  213.074049][ T8872] RIP: 0033:0x4582b9
[  213.074068][ T8872] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  213.074077][ T8872] RSP: 002b:00007f4ee86eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  213.074095][ T8872] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004582b9
[  213.074105][ T8872] RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000005
[  213.074115][ T8872] RBP: 000000000073bf00 R08: 000000000000001c R09: 0000000000000000
[  213.074125][ T8872] R10: 000000002055bfe4 R11: 0000000000000246 R12: 00007f4ee86ef6d4
[  213.074136][ T8872] R13: 00000000004cd198 R14: 00000000004dafa0 R15: 00000000ffffffff
[  213.171424][ T8853] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/8853
[  213.171494][ T8853] caller is ip6_finish_output+0x335/0xdc0
[  213.171535][ T8853] CPU: 0 PID: 8853 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19
[  213.171550][ T8853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  213.171562][ T8853] Call Trace:
[  213.171586][ T8853]  dump_stack+0x172/0x1f0
[  213.171611][ T8853]  __this_cpu_preempt_check+0x246/0x270
[  213.171633][ T8853]  ip6_finish_output+0x335/0xdc0
[  213.171664][ T8853]  ip6_output+0x235/0x7f0
[  213.171685][ T8853]  ? ip6_finish_output+0xdc0/0xdc0
[  213.171706][ T8853]  ? retint_kernel+0x2d/0x2d
[  213.171734][ T8853]  ? ip6_fragment+0x3980/0x3980
[  213.171759][ T8853]  ? ip6_xmit+0xdf6/0x20c0
[  213.171779][ T8853]  ? ip6_xmit+0xe04/0x20c0
[  213.171800][ T8853]  ip6_xmit+0xe41/0x20c0
[  213.171831][ T8853]  ? ip6_finish_output2+0x2550/0x2550
[  213.171859][ T8853]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  213.171880][ T8853]  ? ip6_setup_cork+0x1870/0x1870
[  213.171899][ T8853]  ? retint_kernel+0x2d/0x2d
[  213.171933][ T8853]  sctp_v6_xmit+0x313/0x660
[  213.171968][ T8853]  sctp_packet_transmit+0x1bc4/0x36f0
[  213.172011][ T8853]  ? sctp_packet_config+0xfe0/0xfe0
[  213.172048][ T8853]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  213.172077][ T8853]  ? retint_kernel+0x2d/0x2d
[  213.172100][ T8853]  ? trace_hardirqs_on_caller+0x6a/0x220
[  213.172127][ T8853]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  213.172156][ T8853]  sctp_outq_flush+0x2b8/0x2780
[  213.172178][ T8853]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  213.172200][ T8853]  ? lockdep_hardirqs_on+0x418/0x5d0
[  213.172228][ T8853]  ? retint_kernel+0x2d/0x2d
[  213.172248][ T8853]  ? trace_hardirqs_on_caller+0x6a/0x220
[  213.172278][ T8853]  ? __sctp_outq_teardown+0xc60/0xc60
[  213.172309][ T8853]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  213.172328][ T8853]  ? sctp_outq_tail+0x68c/0x930
[  213.172346][ T8853]  sctp_outq_uncork+0x6c/0x80
[  213.172366][ T8853]  sctp_do_sm+0x2575/0x5770
[  213.172398][ T8853]  ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940
[  213.172415][ T8853]  ? mark_held_locks+0xa4/0xf0
[  213.172428][ T8853]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  213.172439][ T8853]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  213.172450][ T8853]  ? lockdep_hardirqs_on+0x418/0x5d0
[  213.172462][ T8853]  ? retint_kernel+0x2d/0x2d
[  213.172476][ T8853]  ? trace_hardirqs_on_caller+0x6a/0x220
[  213.172493][ T8853]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  213.172521][ T8853]  ? ktime_get+0x12e/0x300
[  213.172533][ T8853]  ? ktime_get+0x133/0x300
[  213.172546][ T8853]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  213.172558][ T8853]  ? ktime_get+0x208/0x300
[  213.172576][ T8853]  sctp_assoc_bh_rcv+0x343/0x660
[  213.172597][ T8853]  sctp_inq_push+0x1ea/0x290
[  213.172615][ T8853]  sctp_backlog_rcv+0x196/0xbe0
[  213.172636][ T8853]  ? sctp_hash_obj+0x600/0x600
[  213.172669][ T8853]  __release_sock+0x12e/0x3a0
[  213.172699][ T8853]  release_sock+0x59/0x1c0
[  213.172728][ T8853]  sctp_wait_for_connect+0x316/0x540
[  213.172749][ T8853]  ? sctp_get_port+0x180/0x180
[  213.172773][ T8853]  ? memcpy+0x46/0x50
[  213.172794][ T8853]  ? finish_wait+0x260/0x260
[  213.172816][ T8853]  ? sctp_primitive_ASSOCIATE+0x9d/0xd0
[  213.172836][ T8853]  __sctp_connect+0xac2/0xce0
[  213.172867][ T8853]  ? sctp_sendmsg_to_asoc+0x17b0/0x17b0
[  213.172897][ T8853]  ? _copy_from_user+0xe9/0x150
[  213.172921][ T8853]  ? security_sctp_bind_connect+0x99/0xd0
[  213.172942][ T8853]  __sctp_setsockopt_connectx+0x133/0x1a0
[  213.172974][ T8853]  sctp_setsockopt+0x15db/0x6fe0
[  213.172996][ T8853]  ? sctp_setsockopt_paddr_thresholds+0x540/0x540
[  213.173015][ T8853]  ? retint_kernel+0x2d/0x2d
[  213.173037][ T8853]  ? ___might_sleep+0x163/0x280
[  213.173057][ T8853]  ? __might_sleep+0x95/0x190
[  213.173078][ T8853]  ? debug_lockdep_rcu_enabled+0x71/0xa0
[  213.173099][ T8853]  ? aa_sk_perm+0x288/0x880
[  213.173158][ T8853]  ? aa_sock_opt_perm.isra.0+0xa1/0x130
[  213.173178][ T8853]  sock_common_setsockopt+0x9a/0xe0
[  213.173214][ T8853]  __sys_setsockopt+0x180/0x280
[  213.173253][ T8853]  ? kernel_accept+0x310/0x310
[  213.173304][ T8853]  __x64_sys_setsockopt+0xbe/0x150
[  213.173325][ T8853]  ? __ia32_sys_recv+0x100/0x100
[  213.173351][ T8853]  do_syscall_64+0x103/0x610
[  213.173372][ T8853]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  213.173390][ T8853] RIP: 0033:0x4582b9
[  213.173410][ T8853] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  213.173425][ T8853] RSP: 002b:00007ff9ab33cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  213.173454][ T8853] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004582b9
[  213.173483][ T8853] RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000005
[  213.173499][ T8853] RBP: 000000000073bf00 R08: 000000000000001c R09: 0000000000000000
[  213.173516][ T8853] R10: 000000002055bfe4 R11: 0000000000000246 R12: 00007ff9ab33d6d4
[  213.173550][ T8853] R13: 00000000004cd198 R14: 00000000004dafa0 R15: 00000000ffffffff
[  213.183549][ T8872] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/8872
[  213.183633][ T8872] caller is ip6_finish_output+0x335/0xdc0
[  213.183705][ T8872] CPU: 1 PID: 8872 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19
[  213.183721][ T8872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  213.183727][ T8872] Call Trace:
[  213.183750][ T8872]  dump_stack+0x172/0x1f0
[  213.183777][ T8872]  __this_cpu_preempt_check+0x246/0x270
[  213.183798][ T8872]  ip6_finish_output+0x335/0xdc0
[  213.183823][ T8872]  ip6_output+0x235/0x7f0
[  213.183844][ T8872]  ? ip6_finish_output+0xdc0/0xdc0
[  213.183861][ T8872]  ? retint_kernel+0x2d/0x2d
[  213.183882][ T8872]  ? ip6_fragment+0x3980/0x3980
[  213.183903][ T8872]  ? ip6_xmit+0x1204/0x20c0
[  213.183923][ T8872]  ip6_xmit+0xe41/0x20c0
[  213.183962][ T8872]  ? ip6_finish_output2+0x2550/0x2550
[  213.183983][ T8872]  ? mark_held_locks+0xf0/0xf0
[  213.184006][ T8872]  ? ip6_setup_cork+0x1870/0x1870
[  213.184043][ T8872]  sctp_v6_xmit+0x313/0x660
[  213.184071][ T8872]  sctp_packet_transmit+0x1bc4/0x36f0
[  213.184110][ T8872]  ? sctp_packet_config+0xfe0/0xfe0
[  213.184127][ T8872]  ? sctp_sched_dequeue_common+0x340/0x340
[  213.184143][ T8872]  ? sctp_outq_flush+0xb62/0x2780
[  213.184162][ T8872]  ? __sanitizer_cov_trace_pc+0x1/0x50
[  213.184184][ T8872]  sctp_outq_flush+0x2b8/0x2780
[  213.184201][ T8872]  ? retint_kernel+0x2d/0x2d
[  213.184227][ T8872]  ? __sctp_outq_teardown+0xc60/0xc60
[  213.184256][ T8872]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  213.184270][ T8872]  ? sctp_outq_tail+0x68c/0x930
[  213.184290][ T8872]  sctp_outq_uncork+0x6c/0x80
[  213.184307][ T8872]  sctp_do_sm+0x2575/0x5770
[  213.184335][ T8872]  ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940
[  213.184352][ T8872]  ? mark_held_locks+0xa4/0xf0
[  213.184370][ T8872]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  213.184387][ T8872]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  213.184405][ T8872]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  213.184421][ T8872]  ? lockdep_hardirqs_on+0x418/0x5d0
[  213.184443][ T8872]  ? sctp_assoc_bh_rcv+0x2fc/0x660
[  213.184459][ T8872]  ? find_held_lock+0x35/0x130
[  213.184477][ T8872]  ? sctp_assoc_bh_rcv+0x2fc/0x660
[  213.184510][ T8872]  ? trace_hardirqs_on+0x67/0x230
[  213.184530][ T8872]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  213.184544][ T8872]  ? ktime_get+0x208/0x300
[  213.184564][ T8872]  sctp_assoc_bh_rcv+0x343/0x660
[  213.184591][ T8872]  sctp_inq_push+0x1ea/0x290
[  213.184613][ T8872]  sctp_backlog_rcv+0x196/0xbe0
[  213.184630][ T8872]  ? __release_sock+0xca/0x3a0
[  213.184653][ T8872]  ? sctp_hash_obj+0x600/0x600
[  213.184671][ T8872]  ? __local_bh_enable_ip+0x18e/0x270
[  213.184693][ T8872]  __release_sock+0x12e/0x3a0
[  213.184727][ T8872]  release_sock+0x59/0x1c0
[  213.184747][ T8872]  sctp_wait_for_connect+0x316/0x540
[  213.184772][ T8872]  ? sctp_get_port+0x180/0x180
[  213.184790][ T8872]  ? finish_wait+0x260/0x260
[  213.184814][ T8872]  ? sctp_primitive_ASSOCIATE+0x9d/0xd0
[  213.184836][ T8872]  __sctp_connect+0xac2/0xce0
[  213.184862][ T8872]  ? sctp_sendmsg_to_asoc+0x17b0/0x17b0
[  213.184887][ T8872]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  213.184901][ T8872]  ? _copy_from_user+0xdd/0x150
[  213.184922][ T8872]  ? security_sctp_bind_connect+0x99/0xd0
[  213.184943][ T8872]  __sctp_setsockopt_connectx+0x133/0x1a0
[  213.184974][ T8872]  sctp_setsockopt+0x15db/0x6fe0
[  213.184990][ T8872]  ? retint_kernel+0x2d/0x2d
[  213.185012][ T8872]  ? sctp_setsockopt_paddr_thresholds+0x540/0x540
[  213.185040][ T8872]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  213.185063][ T8872]  ? ___might_sleep+0x163/0x280
[  213.185083][ T8872]  ? __might_sleep+0x95/0x190
[  213.185105][ T8872]  ? debug_lockdep_rcu_enabled+0x71/0xa0
[  213.185120][ T8872]  ? aa_sk_perm+0x288/0x880
[  213.185139][ T8872]  ? aa_sock_opt_perm.isra.0+0x1b/0x130
[  213.185162][ T8872]  ? aa_sock_opt_perm.isra.0+0xa1/0x130
[  213.185184][ T8872]  sock_common_setsockopt+0x9a/0xe0
[  213.185207][ T8872]  __sys_setsockopt+0x180/0x280
[  213.185226][ T8872]  ? kernel_accept+0x310/0x310
[  213.185259][ T8872]  __x64_sys_setsockopt+0xbe/0x150
[  213.185278][ T8872]  ? do_syscall_64+0xfe/0x610
[  213.185296][ T8872]  do_syscall_64+0x103/0x610
[  213.185317][ T8872]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  213.185329][ T8872] RIP: 0033:0x4582b9
[  213.185349][ T8872] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  213.185358][ T8872] RSP: 002b:00007f4ee86eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  213.185374][ T8872] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004582b9
[  213.185384][ T8872] RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000005
[  213.185393][ T8872] RBP: 000000000073bf00 R08: 000000000000001c R09: 0000000000000000
[  213.185403][ T8872] R10: 000000002055bfe4 R11: 0000000000000246 R12: 00007f4ee86ef6d4
[  213.185411][ T8872] R13: 00000000004cd198 R14: 00000000004dafa0 R15: 00000000ffffffff
[  213.365530][ T8871] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/8871
[  213.365601][ T8871] caller is ip6_finish_output+0x335/0xdc0
[  213.365618][ T8871] CPU: 1 PID: 8871 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19
[  213.365626][ T8871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  213.365631][ T8871] Call Trace:
[  213.365651][ T8871]  dump_stack+0x172/0x1f0
[  213.365676][ T8871]  __this_cpu_preempt_check+0x246/0x270
[  213.365695][ T8871]  ip6_finish_output+0x335/0xdc0
[  213.365724][ T8871]  ip6_output+0x235/0x7f0
[  213.365744][ T8871]  ? ip6_finish_output+0xdc0/0xdc0
[  213.365764][ T8871]  ? ip6_fragment+0x3980/0x3980
[  213.365786][ T8871]  ? kasan_check_read+0x11/0x20
[  213.365805][ T8871]  ip6_xmit+0xe41/0x20c0
[  213.365831][ T8871]  ? ip6_finish_output2+0x2550/0x2550
[  213.365849][ T8871]  ? mark_held_locks+0xf0/0xf0
[  213.365868][ T8871]  ? ip6_setup_cork+0x1870/0x1870
[  213.365902][ T8871]  sctp_v6_xmit+0x313/0x660