[ 48.010281][ T27] audit: type=1800 audit(1554698870.415:26): pid=7785 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 48.039401][ T27] audit: type=1800 audit(1554698870.425:27): pid=7785 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 48.074899][ T27] audit: type=1800 audit(1554698870.425:28): pid=7785 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 49.034886][ T27] audit: type=1800 audit(1554698871.465:29): pid=7785 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.142' (ECDSA) to the list of known hosts. 2019/04/08 04:48:00 fuzzer started 2019/04/08 04:48:03 dialing manager at 10.128.0.26:34543 2019/04/08 04:48:03 syscalls: 2408 2019/04/08 04:48:03 code coverage: enabled 2019/04/08 04:48:03 comparison tracing: enabled 2019/04/08 04:48:03 extra coverage: extra coverage is not supported by the kernel 2019/04/08 04:48:03 setuid sandbox: enabled 2019/04/08 04:48:03 namespace sandbox: enabled 2019/04/08 04:48:03 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/08 04:48:03 fault injection: enabled 2019/04/08 04:48:03 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/08 04:48:03 net packet injection: enabled 2019/04/08 04:48:03 net device setup: enabled 04:50:18 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xf7c, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x0) syzkaller login: [ 196.655716][ T7949] IPVS: ftp: loaded support on port[0] = 21 04:50:19 executing program 1: creat(0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) creat(&(0x7f0000000200)='./file0\x00', 0x0) clock_gettime(0x0, &(0x7f0000000140)) clone(0x802102001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x4000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='nfs\x00', 0x0, &(0x7f0000000000)) [ 196.763023][ T7949] chnl_net:caif_netlink_parms(): no params data found [ 196.813205][ T7949] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.835433][ T7949] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.856066][ T7949] device bridge_slave_0 entered promiscuous mode [ 196.876435][ T7949] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.883616][ T7949] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.907332][ T7949] device bridge_slave_1 entered promiscuous mode [ 196.953097][ T7949] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 196.970241][ T7952] IPVS: ftp: loaded support on port[0] = 21 [ 196.978475][ T7949] bond0: Enslaving bond_slave_1 as an active interface with an up link 04:50:19 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) r1 = open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0) renameat2(r1, &(0x7f00000001c0)='./file0\x00', r1, &(0x7f0000000100)='./file1/file0\x00', 0x2) [ 197.039142][ T7949] team0: Port device team_slave_0 added [ 197.048879][ T7949] team0: Port device team_slave_1 added [ 197.148416][ T7949] device hsr_slave_0 entered promiscuous mode [ 197.175733][ T7949] device hsr_slave_1 entered promiscuous mode [ 197.277387][ T7949] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.284639][ T7949] bridge0: port 2(bridge_slave_1) entered forwarding state [ 197.292783][ T7949] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.299932][ T7949] bridge0: port 1(bridge_slave_0) entered forwarding state [ 197.318499][ T7954] IPVS: ftp: loaded support on port[0] = 21 [ 197.358878][ T7952] chnl_net:caif_netlink_parms(): no params data found 04:50:19 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xf7c, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x0) [ 197.399623][ T7949] 8021q: adding VLAN 0 to HW filter on device bond0 [ 197.469477][ T7949] 8021q: adding VLAN 0 to HW filter on device team0 [ 197.498092][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 197.511046][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.535340][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.544384][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 197.611571][ T7959] IPVS: ftp: loaded support on port[0] = 21 [ 197.618852][ T7952] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.626573][ T7952] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.634949][ T7952] device bridge_slave_0 entered promiscuous mode [ 197.648325][ T7952] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.656135][ T7952] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.664131][ T7952] device bridge_slave_1 entered promiscuous mode [ 197.688094][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 197.698659][ T7958] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.705822][ T7958] bridge0: port 1(bridge_slave_0) entered forwarding state [ 197.729390][ T7954] chnl_net:caif_netlink_parms(): no params data found [ 197.746831][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 197.756108][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.763186][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 197.775556][ T7952] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 197.820767][ T7952] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 197.841597][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 04:50:20 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000001440)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r2, 0x0, 0xfffffffffffffcfc, 0x20000005, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) shutdown(r2, 0x1) r3 = accept4(r1, 0x0, 0x0, 0x0) dup2(r0, r3) [ 197.874075][ T7952] team0: Port device team_slave_0 added [ 197.900059][ T7952] team0: Port device team_slave_1 added [ 197.928459][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 197.957756][ T7954] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.964851][ T7954] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.976979][ T7954] device bridge_slave_0 entered promiscuous mode [ 197.985044][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 197.998257][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 198.008531][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 198.019856][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 198.044231][ T7954] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.059003][ T7954] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.068546][ T7954] device bridge_slave_1 entered promiscuous mode [ 198.104300][ T7954] bond0: Enslaving bond_slave_0 as an active interface with an up link 04:50:20 executing program 5: openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x40201, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0) pipe(&(0x7f0000000240)) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f00000002c0)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) [ 198.158527][ T7952] device hsr_slave_0 entered promiscuous mode [ 198.226364][ T7952] device hsr_slave_1 entered promiscuous mode [ 198.269493][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 198.278766][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 198.290594][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 198.301148][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 198.313228][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 198.327276][ T7949] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 198.336874][ T7954] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 198.364289][ T7954] team0: Port device team_slave_0 added [ 198.371703][ T7965] IPVS: ftp: loaded support on port[0] = 21 [ 198.379261][ T7963] IPVS: ftp: loaded support on port[0] = 21 [ 198.408318][ T7954] team0: Port device team_slave_1 added [ 198.538647][ T7954] device hsr_slave_0 entered promiscuous mode [ 198.575897][ T7954] device hsr_slave_1 entered promiscuous mode [ 198.629977][ T7949] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 198.638736][ T7959] chnl_net:caif_netlink_parms(): no params data found [ 198.737329][ T7954] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.744518][ T7954] bridge0: port 2(bridge_slave_1) entered forwarding state [ 198.752061][ T7954] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.759257][ T7954] bridge0: port 1(bridge_slave_0) entered forwarding state [ 198.797703][ T7958] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.812414][ T7958] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.922163][ T7959] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.930420][ T7959] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.942363][ T7959] device bridge_slave_0 entered promiscuous mode [ 198.943441][ C0] hrtimer: interrupt took 163304 ns [ 198.972943][ T7959] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.999002][ T7959] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.021205][ T7959] device bridge_slave_1 entered promiscuous mode [ 199.114955][ T7965] chnl_net:caif_netlink_parms(): no params data found 04:50:21 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f010000001d88b070") syz_emit_ethernet(0x1, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd60b40900003c3b0002024300600000000000ffffe000000200000000000000000000000000000001850090780007040060b680fa0000000000000000000000000302ffffffffffff00f8057401bbf2a14a1d000000000000000000ffffac14ffbb"], 0x0) [ 199.260638][ T7959] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 199.318120][ T7954] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.349957][ T7959] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 199.365920][ T7952] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.431215][ T7963] chnl_net:caif_netlink_parms(): no params data found [ 199.475973][ T7959] team0: Port device team_slave_0 added [ 199.482278][ T7965] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.490253][ T7965] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.500227][ T7965] device bridge_slave_0 entered promiscuous mode 04:50:21 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adcb67d3c123f3188b070") syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr, @multicast1}, @icmp=@address_reply={0x3}}}}}, 0x0) [ 199.536306][ T7952] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.545426][ T7959] team0: Port device team_slave_1 added [ 199.560598][ T2922] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.576091][ T2922] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.587342][ T2922] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.595437][ T2922] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.605075][ T7965] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.612436][ T7965] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.621560][ T7965] device bridge_slave_1 entered promiscuous mode 04:50:22 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) recvmmsg(0xffffffffffffffff, &(0x7f0000003840)=[{{0x0, 0x0, &(0x7f0000002b80)=[{&(0x7f0000000280)=""/190, 0xbe}], 0x100000000000021c}}], 0x1, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='personality\x00') preadv(r1, &(0x7f00000017c0), 0x1d0, 0x0) [ 199.663274][ T7954] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.738594][ T7959] device hsr_slave_0 entered promiscuous mode [ 199.776185][ T7959] device hsr_slave_1 entered promiscuous mode [ 199.818150][ T7965] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 199.830119][ T7965] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 199.841000][ T7963] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.848516][ T7963] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.856863][ T7963] device bridge_slave_0 entered promiscuous mode [ 199.865347][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 199.874006][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 199.882922][ T2899] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.890038][ T2899] bridge0: port 1(bridge_slave_0) entered forwarding state [ 199.904391][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 199.912534][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 199.924536][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 199.933077][ T2899] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.940182][ T2899] bridge0: port 2(bridge_slave_1) entered forwarding state [ 199.949814][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 199.970901][ T7965] team0: Port device team_slave_0 added [ 199.979365][ T7963] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.986649][ T7963] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.994649][ T7963] device bridge_slave_1 entered promiscuous mode 04:50:22 executing program 0: r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000300)={0x0, 0x0, 0x9, 0x9}) [ 200.028331][ T7965] team0: Port device team_slave_1 added 04:50:22 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendto$inet(r1, 0x0, 0x0, 0x0, 0x0, 0x0) connect(r1, &(0x7f00000000c0)=@un=@file={0x0, './file0\x00'}, 0x80) [ 200.072248][ T7989] EXT4-fs warning (device sda1): ext4_group_add:1643: No reserved GDT blocks, can't resize [ 200.090235][ T7956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 200.106442][ T7956] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 200.130365][ T7956] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.137564][ T7956] bridge0: port 1(bridge_slave_0) entered forwarding state [ 200.146384][ T7956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 200.155165][ T7956] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 200.163925][ T7956] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.171107][ T7956] bridge0: port 2(bridge_slave_1) entered forwarding state [ 200.179848][ T7956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 200.188609][ T7956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 200.197736][ T7956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 200.206737][ T7956] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 200.215599][ T7956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 200.224196][ T7956] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 200.233378][ T7956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 200.242382][ T7956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 200.252055][ T7956] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 200.261289][ T7956] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 200.269325][ T7956] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 200.286517][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 200.296677][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 200.305624][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 200.314236][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 200.322960][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 200.331845][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 200.344318][ T7963] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 200.363044][ T7952] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 200.381911][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 200.391318][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 200.399807][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 200.409163][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 200.428040][ T7954] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 04:50:22 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = mq_open(&(0x7f00000002c0)='\\\xf7\xa0\xcc\x16H-o\x007\xe6\xb3\x1a\x8eiz\xdd06P\xd4\x88\x00s\xefu\xdfa\x01y\xde\xc26\xaa\x04\xe9F\x87y\xba\a\x00\x00\x00\x00\x00\x00\x005\x98U\xb4\x9b\x88\x9b\xb5\xe4\x9b5\x8ey:oz\xf5\'f\xd6\xfe\x93\xca\x06r\xac\x1b\x8a\x87\xcafw\xd5\"\x0f\xb7|\xb6\x13\xb3\xdb\x91\x04\xd1j\xa1\xcal\xc7jt\xe7\xbdK\xdcR&u{\x03\xf8[\x01\x03$Wl@\xc1\xc8e\\s\x9f\xc1\xa6\x8d\xf5\xe2\xbc\xb6\xe5\xedF\xc8(\x9eH\xeau\xe7\x85\xeb]d\x97\xcd#;\x10\xb9\x182\xcf^1v|\x1cA\x9dFF\xcd\x88?%', 0x0, 0x0, 0x0) mq_getsetattr(r2, &(0x7f0000738fc0), &(0x7f0000356000)) [ 200.438117][ T7963] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 200.497036][ T7997] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 200.567939][ T7965] device hsr_slave_0 entered promiscuous mode [ 200.606310][ T7965] device hsr_slave_1 entered promiscuous mode [ 200.647647][ T7963] team0: Port device team_slave_0 added [ 200.662164][ T7952] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 200.679531][ T7963] team0: Port device team_slave_1 added 04:50:23 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = memfd_create(&(0x7f0000000300)='\x80C\x8d\x7fZ\xc7Gc\xab\xfb', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r1, 0x400, 0x1) fcntl$setown(r1, 0x8, 0x0) execveat(r1, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) 04:50:23 executing program 1: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = memfd_create(&(0x7f00000002c0)='\x00'/10, 0x0) write$binfmt_elf32(r0, &(0x7f0000000480)=ANY=[@ANYBLOB="7f454c46"], 0x4) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) [ 200.818253][ T7963] device hsr_slave_0 entered promiscuous mode [ 200.852580][ T8010] IPVS: ftp: loaded support on port[0] = 21 [ 200.859411][ T7963] device hsr_slave_1 entered promiscuous mode [ 200.918515][ T7954] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 200.947441][ T7959] 8021q: adding VLAN 0 to HW filter on device bond0 04:50:23 executing program 2: r0 = socket(0x40000000015, 0x5, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") ppoll(&(0x7f0000000080)=[{r0, 0x2200}, {0xffffffffffffffff, 0x100}, {r0, 0x2}, {r0}], 0x4, &(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f0000000140)={0xd67e}, 0x8) [ 201.037060][ T7959] 8021q: adding VLAN 0 to HW filter on device team0 [ 201.065189][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 201.076108][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 201.115010][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 201.137917][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 201.147953][ T2899] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.155004][ T2899] bridge0: port 1(bridge_slave_0) entered forwarding state [ 201.172205][ T7965] 8021q: adding VLAN 0 to HW filter on device bond0 [ 201.184888][ T8027] IPVS: ftp: loaded support on port[0] = 21 [ 201.210402][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 201.219270][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 201.233610][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 201.242071][ T7958] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.249253][ T7958] bridge0: port 2(bridge_slave_1) entered forwarding state [ 201.269143][ T7965] 8021q: adding VLAN 0 to HW filter on device team0 [ 201.291486][ T7956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 201.303928][ T7956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 201.314429][ T7956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 201.365008][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 201.376143][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 201.384650][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.391787][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 201.399755][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 201.409037][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 201.422047][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 201.430924][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 201.440714][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 201.481526][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 201.490040][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 201.499336][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 201.508247][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 201.516967][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.524616][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 201.532577][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 201.541849][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 201.550680][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 201.559185][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 201.590981][ T7959] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 201.607032][ T7959] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 201.630828][ T7963] 8021q: adding VLAN 0 to HW filter on device bond0 [ 201.641762][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 201.653811][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 201.666965][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 201.676254][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 201.684867][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 201.693750][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 201.703531][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 201.738525][ T7963] 8021q: adding VLAN 0 to HW filter on device team0 [ 201.752067][ T7959] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 201.759715][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 201.767995][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 201.781263][ T7965] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 201.792149][ T7965] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 201.810908][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 201.820692][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 201.829728][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 201.838799][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 201.847424][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 201.856646][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 201.865843][ T7958] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.872888][ T7958] bridge0: port 1(bridge_slave_0) entered forwarding state [ 201.881309][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 201.889838][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 201.958940][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 201.974230][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 201.989757][ T7958] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.996893][ T7958] bridge0: port 2(bridge_slave_1) entered forwarding state 04:50:24 executing program 3: r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000009400)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x5}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) recvmsg(r0, &(0x7f0000002bc0)={0x0, 0x0, &(0x7f0000002b40)=[{0x0}, {&(0x7f0000001b40)=""/4096, 0x1000}], 0x2}, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0) shutdown(r0, 0x0) [ 202.004624][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 202.013879][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 202.025903][ T7965] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 202.043937][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 202.080923][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 202.111656][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 202.120269][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 202.136655][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 202.146706][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 202.155186][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 202.176739][ T7963] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 202.196338][ T7963] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 202.210838][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 202.222691][ T7958] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 202.297084][ T7963] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 202.362464][ T8045] check_preemption_disabled: 1 callbacks suppressed [ 202.362701][ T8045] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8045 [ 202.379272][ T8045] caller is ip6_finish_output+0x335/0xdc0 [ 202.385032][ T8045] CPU: 0 PID: 8045 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 202.394060][ T8045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 202.404141][ T8045] Call Trace: [ 202.407484][ T8045] dump_stack+0x172/0x1f0 [ 202.411871][ T8045] __this_cpu_preempt_check+0x246/0x270 [ 202.417446][ T8045] ip6_finish_output+0x335/0xdc0 [ 202.422522][ T8045] ip6_output+0x235/0x7f0 [ 202.426886][ T8045] ? ip6_finish_output+0xdc0/0xdc0 [ 202.432166][ T8045] ? ip6_fragment+0x3980/0x3980 [ 202.437135][ T8045] ip6_xmit+0xe41/0x20c0 [ 202.441419][ T8045] ? ip6_finish_output2+0x2550/0x2550 [ 202.446832][ T8045] ? mark_held_locks+0xf0/0xf0 [ 202.451613][ T8045] ? ip6_setup_cork+0x1870/0x1870 [ 202.456709][ T8045] inet6_csk_xmit+0x2fb/0x5d0 [ 202.461398][ T8045] ? inet6_csk_update_pmtu+0x190/0x190 [ 202.466872][ T8045] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.473244][ T8045] ? csum_ipv6_magic+0x20/0x80 [ 202.478046][ T8045] __tcp_transmit_skb+0x1a32/0x3750 [ 202.483535][ T8045] ? __tcp_select_window+0x8b0/0x8b0 [ 202.488861][ T8045] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.495127][ T8045] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 202.500612][ T8045] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 202.506892][ T8045] tcp_connect+0x1e47/0x4280 [ 202.511599][ T8045] ? tcp_push_one+0x110/0x110 [ 202.516310][ T8045] ? secure_tcpv6_ts_off+0x24f/0x360 [ 202.521609][ T8045] ? secure_dccpv6_sequence_number+0x280/0x280 [ 202.527768][ T8045] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.534022][ T8045] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.540270][ T8045] ? prandom_u32_state+0x13/0x180 [ 202.545304][ T8045] tcp_v6_connect+0x150b/0x20a0 [ 202.550365][ T8045] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 202.555758][ T8045] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 202.561070][ T8045] ? find_held_lock+0x35/0x130 [ 202.565948][ T8045] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 202.571610][ T8045] __inet_stream_connect+0x83f/0xea0 [ 202.576914][ T8045] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 202.582218][ T8045] ? __inet_stream_connect+0x83f/0xea0 [ 202.587711][ T8045] ? inet_dgram_connect+0x2e0/0x2e0 [ 202.592929][ T8045] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 202.598338][ T8045] ? rcu_read_lock_sched_held+0x110/0x130 [ 202.604098][ T8045] ? kmem_cache_alloc_trace+0x354/0x760 [ 202.609731][ T8045] ? __lock_acquire+0x548/0x3fb0 [ 202.614698][ T8045] tcp_sendmsg_locked+0x231f/0x37f0 [ 202.619914][ T8045] ? mark_held_locks+0xf0/0xf0 [ 202.624792][ T8045] ? mark_held_locks+0xa4/0xf0 [ 202.629693][ T8045] ? tcp_sendpage+0x60/0x60 [ 202.634222][ T8045] ? lock_sock_nested+0x9a/0x120 [ 202.639187][ T8045] ? trace_hardirqs_on+0x67/0x230 [ 202.644227][ T8045] ? lock_sock_nested+0x9a/0x120 [ 202.649274][ T8045] ? __local_bh_enable_ip+0x15a/0x270 [ 202.654685][ T8045] tcp_sendmsg+0x30/0x50 [ 202.658935][ T8045] inet_sendmsg+0x147/0x5e0 [ 202.663442][ T8045] ? ipip_gro_receive+0x100/0x100 [ 202.668593][ T8045] sock_sendmsg+0xdd/0x130 [ 202.673017][ T8045] __sys_sendto+0x262/0x380 [ 202.677541][ T8045] ? __ia32_sys_getpeername+0xb0/0xb0 [ 202.682938][ T8045] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 202.689229][ T8045] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 202.694699][ T8045] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 202.700166][ T8045] ? do_syscall_64+0x26/0x610 [ 202.704856][ T8045] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.710940][ T8045] __x64_sys_sendto+0xe1/0x1a0 [ 202.715718][ T8045] do_syscall_64+0x103/0x610 [ 202.720337][ T8045] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.726242][ T8045] RIP: 0033:0x4582b9 [ 202.730146][ T8045] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 202.749769][ T8045] RSP: 002b:00007fbab4c53c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 202.758200][ T8045] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 202.766191][ T8045] RDX: fffffffffffffcfc RSI: 0000000000000000 RDI: 0000000000000006 [ 202.774365][ T8045] RBP: 000000000073bf00 R08: 000000002031e000 R09: 000000000000001c [ 202.782446][ T8045] R10: 0000000020000005 R11: 0000000000000246 R12: 00007fbab4c546d4 [ 202.790519][ T8045] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 202.823928][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 202.838198][ T8046] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8046 [ 202.847785][ T8046] caller is ip6_finish_output+0x335/0xdc0 [ 202.853537][ T8046] CPU: 0 PID: 8046 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 202.862835][ T8046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 202.872995][ T8046] Call Trace: [ 202.876312][ T8046] dump_stack+0x172/0x1f0 [ 202.880850][ T8046] __this_cpu_preempt_check+0x246/0x270 [ 202.886526][ T8046] ip6_finish_output+0x335/0xdc0 [ 202.891494][ T8046] ip6_output+0x235/0x7f0 [ 202.895852][ T8046] ? ip6_finish_output+0xdc0/0xdc0 [ 202.901002][ T8046] ? ip6_fragment+0x3980/0x3980 [ 202.905886][ T8046] ip6_xmit+0xe41/0x20c0 [ 202.910160][ T8046] ? ip6_finish_output2+0x2550/0x2550 [ 202.915594][ T8046] ? mark_held_locks+0xf0/0xf0 [ 202.920402][ T8046] ? ip6_setup_cork+0x1870/0x1870 [ 202.925473][ T8046] inet6_csk_xmit+0x2fb/0x5d0 [ 202.930205][ T8046] ? inet6_csk_update_pmtu+0x190/0x190 [ 202.935694][ T8046] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.941968][ T8046] ? csum_ipv6_magic+0x20/0x80 [ 202.946764][ T8046] __tcp_transmit_skb+0x1a32/0x3750 [ 202.952018][ T8046] ? __tcp_select_window+0x8b0/0x8b0 [ 202.957323][ T8046] ? lockdep_hardirqs_on+0x418/0x5d0 [ 202.962745][ T8046] ? trace_hardirqs_on+0x67/0x230 [ 202.967885][ T8046] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 202.973635][ T8046] tcp_write_xmit+0xe39/0x5660 [ 202.978424][ T8046] ? tcp_established_options+0x29d/0x4d0 [ 202.984141][ T8046] __tcp_push_pending_frames+0xb4/0x350 [ 202.989753][ T8046] tcp_send_fin+0x149/0xbb0 [ 202.994318][ T8046] tcp_shutdown+0x107/0x130 [ 202.998869][ T8046] ? tcp_set_state+0x7e0/0x7e0 [ 203.003663][ T8046] inet_shutdown+0x1bd/0x3d0 [ 203.008304][ T8046] __sys_shutdown+0x117/0x1d0 [ 203.012999][ T8046] ? __ia32_sys_getsockopt+0x150/0x150 [ 203.018486][ T8046] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 203.023966][ T8046] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 203.029445][ T8046] ? do_syscall_64+0x26/0x610 [ 203.034143][ T8046] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 203.040241][ T8046] ? do_syscall_64+0x26/0x610 [ 203.044940][ T8046] ? lockdep_hardirqs_on+0x418/0x5d0 [ 203.050282][ T8046] __x64_sys_shutdown+0x54/0x80 [ 203.055181][ T8046] do_syscall_64+0x103/0x610 [ 203.059792][ T8046] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 203.065707][ T8046] RIP: 0033:0x4582b9 [ 203.069706][ T8046] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 203.092961][ T8046] RSP: 002b:00007fbab4c32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000030 [ 203.101424][ T8046] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00000000004582b9 [ 203.109434][ T8046] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000006 [ 203.117507][ T8046] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 203.125490][ T8046] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbab4c336d4 [ 203.133568][ T8046] R13: 00000000004c6581 R14: 00000000004dbb70 R15: 00000000ffffffff [ 203.171836][ T8045] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8045 [ 203.181953][ T8045] caller is ip6_finish_output+0x335/0xdc0 [ 203.187802][ T8045] CPU: 0 PID: 8045 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 203.196935][ T8045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 203.207009][ T8045] Call Trace: [ 203.210325][ T8045] dump_stack+0x172/0x1f0 [ 203.214690][ T8045] __this_cpu_preempt_check+0x246/0x270 [ 203.220257][ T8045] ip6_finish_output+0x335/0xdc0 [ 203.228622][ T8045] ip6_output+0x235/0x7f0 [ 203.232976][ T8045] ? ip6_finish_output+0xdc0/0xdc0 [ 203.238115][ T8045] ? ip6_fragment+0x3980/0x3980 [ 203.243009][ T8045] ip6_xmit+0xe41/0x20c0 [ 203.247296][ T8045] ? ip6_finish_output2+0x2550/0x2550 [ 203.252685][ T8045] ? mark_held_locks+0xf0/0xf0 [ 203.257482][ T8045] ? ip6_setup_cork+0x1870/0x1870 [ 203.262521][ T8045] ? inet6_csk_route_socket+0x715/0xf40 [ 203.268089][ T8045] inet6_csk_xmit+0x2fb/0x5d0 [ 203.272807][ T8045] ? inet6_csk_update_pmtu+0x190/0x190 [ 203.278279][ T8045] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 203.284638][ T8045] ? csum_ipv6_magic+0x20/0x80 [ 203.289430][ T8045] __tcp_transmit_skb+0x1a32/0x3750 [ 203.294680][ T8045] ? __tcp_select_window+0x8b0/0x8b0 [ 203.299980][ T8045] ? lockdep_hardirqs_on+0x418/0x5d0 [ 203.305301][ T8045] ? trace_hardirqs_on+0x67/0x230 [ 203.310373][ T8045] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 203.316114][ T8045] tcp_write_xmit+0xe39/0x5660 [ 203.320979][ T8045] ? tcp_established_options+0x29d/0x4d0 [ 203.326650][ T8045] __tcp_push_pending_frames+0xb4/0x350 [ 203.332218][ T8045] tcp_send_fin+0x149/0xbb0 [ 203.336827][ T8045] tcp_close+0xddf/0x10c0 [ 203.341171][ T8045] ? sock_fasync+0x101/0x160 [ 203.345869][ T8045] inet_release+0x105/0x1f0 [ 203.350416][ T8045] inet6_release+0x53/0x80 [ 203.354876][ T8045] __sock_release+0xd3/0x2b0 [ 203.359738][ T8045] ? __sock_release+0x2b0/0x2b0 [ 203.364606][ T8045] sock_close+0x1b/0x30 [ 203.368804][ T8045] __fput+0x2e5/0x8d0 [ 203.372803][ T8045] ____fput+0x16/0x20 [ 203.376806][ T8045] task_work_run+0x14a/0x1c0 [ 203.381446][ T8045] exit_to_usermode_loop+0x273/0x2c0 [ 203.386768][ T8045] do_syscall_64+0x52d/0x610 [ 203.391407][ T8045] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 203.397345][ T8045] RIP: 0033:0x4582b9 [ 203.401369][ T8045] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 203.421262][ T8045] RSP: 002b:00007fbab4c53c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000021 [ 203.429922][ T8045] RAX: 0000000000000007 RBX: 0000000000000002 RCX: 00000000004582b9 [ 203.438108][ T8045] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000004 [ 203.446128][ T8045] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 203.454121][ T8045] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbab4c546d4 [ 203.462213][ T8045] R13: 00000000004be777 R14: 00000000004cf3f0 R15: 00000000ffffffff [ 203.484784][ T8046] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8046 [ 203.494242][ T8046] caller is ip6_finish_output+0x335/0xdc0 [ 203.500648][ T8046] CPU: 0 PID: 8046 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 203.509738][ T8046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 203.519809][ T8046] Call Trace: [ 203.523130][ T8046] dump_stack+0x172/0x1f0 [ 203.527492][ T8046] __this_cpu_preempt_check+0x246/0x270 [ 203.533261][ T8046] ip6_finish_output+0x335/0xdc0 [ 203.538237][ T8046] ip6_output+0x235/0x7f0 [ 203.542638][ T8046] ? ip6_finish_output+0xdc0/0xdc0 [ 203.547799][ T8046] ? ip6_fragment+0x3980/0x3980 [ 203.552676][ T8046] ip6_xmit+0xe41/0x20c0 [ 203.557035][ T8046] ? ip6_finish_output2+0x2550/0x2550 [ 203.562791][ T8046] ? mark_held_locks+0xf0/0xf0 [ 203.567575][ T8046] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 203.573854][ T8046] ? ip6_setup_cork+0x1870/0x1870 [ 203.578895][ T8046] ? inet6_csk_route_socket+0x715/0xf40 [ 203.584472][ T8046] inet6_csk_xmit+0x2fb/0x5d0 [ 203.589172][ T8046] ? inet6_csk_update_pmtu+0x190/0x190 [ 203.594649][ T8046] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 203.601105][ T8046] ? csum_ipv6_magic+0x20/0x80 [ 203.605900][ T8046] __tcp_transmit_skb+0x1a32/0x3750 [ 203.611222][ T8046] ? __tcp_select_window+0x8b0/0x8b0 [ 203.616695][ T8046] __tcp_send_ack.part.0+0x3c6/0x5b0 [ 203.622004][ T8046] tcp_send_ack+0x88/0xa0 [ 203.626375][ T8046] tcp_fin+0x672/0x940 [ 203.630630][ T8046] tcp_data_queue+0x1768/0x4840 [ 203.635511][ T8046] ? find_held_lock+0x35/0x130 [ 203.640306][ T8046] ? tcp_send_rcvq+0x500/0x500 [ 203.645112][ T8046] ? tcp_xmit_recovery.part.0+0x130/0x130 [ 203.650857][ T8046] ? kasan_check_read+0x11/0x20 [ 203.655733][ T8046] tcp_rcv_state_process+0xd84/0x4d93 [ 203.661136][ T8046] ? tcp_finish_connect+0x510/0x510 [ 203.666572][ T8046] ? __release_sock+0xca/0x3a0 [ 203.671446][ T8046] ? find_held_lock+0x35/0x130 [ 203.676237][ T8046] ? mark_held_locks+0xa4/0xf0 [ 203.681031][ T8046] ? __local_bh_enable_ip+0x15a/0x270 [ 203.686439][ T8046] ? _raw_spin_unlock_bh+0x31/0x40 [ 203.691571][ T8046] ? __local_bh_enable_ip+0x15a/0x270 [ 203.696983][ T8046] tcp_v6_do_rcv+0x7da/0x12c0 [ 203.702022][ T8046] ? tcp_v6_do_rcv+0x7da/0x12c0 [ 203.706897][ T8046] __release_sock+0x12e/0x3a0 [ 203.711601][ T8046] release_sock+0x59/0x1c0 [ 203.716222][ T8046] ? tcp_set_state+0x7e0/0x7e0 [ 203.721094][ T8046] inet_shutdown+0x1fd/0x3d0 [ 203.725708][ T8046] __sys_shutdown+0x117/0x1d0 [ 203.730698][ T8046] ? __ia32_sys_getsockopt+0x150/0x150 [ 203.736180][ T8046] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 203.741688][ T8046] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 203.747344][ T8046] ? do_syscall_64+0x26/0x610 [ 203.752049][ T8046] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 203.758137][ T8046] ? do_syscall_64+0x26/0x610 [ 203.762837][ T8046] ? lockdep_hardirqs_on+0x418/0x5d0 [ 203.768148][ T8046] __x64_sys_shutdown+0x54/0x80 [ 203.773024][ T8046] do_syscall_64+0x103/0x610 [ 203.777651][ T8046] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 203.783559][ T8046] RIP: 0033:0x4582b9 [ 203.787493][ T8046] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 203.807203][ T8046] RSP: 002b:00007fbab4c32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000030 [ 203.815645][ T8046] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00000000004582b9 [ 203.823638][ T8046] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000006 [ 203.831634][ T8046] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 203.839638][ T8046] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbab4c336d4 [ 203.847841][ T8046] R13: 00000000004c6581 R14: 00000000004dbb70 R15: 00000000ffffffff 04:50:26 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffff9c, 0x84, 0xa, &(0x7f0000000080)={0xd1e, 0xad4, 0x800d, 0x2, 0x7fff, 0x7eb, 0x8, 0xfaf, 0x0}, &(0x7f00000000c0)=0x20) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000001c0)={r2, 0xa0, &(0x7f0000000100)=[@in6={0xa, 0x4e22, 0x0, @loopback}, @in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x26}}, @in6={0xa, 0x4e24, 0x40, @mcast1, 0x6}, @in6={0xa, 0x3ff, 0xf538, @ipv4={[], [], @loopback}}, @in6={0xa, 0x4e22, 0x6, @loopback, 0x9}, @in={0x2, 0x4e20, @multicast1}, @in={0x2, 0x4e21, @local}]}, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22}, 0x18) listen(r1, 0x0) syz_open_dev$audion(0x0, 0x0, 0x0) getsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, 0x0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) close(r0) accept4(r1, 0x0, 0x0, 0x0) close(r0) 04:50:26 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") syz_emit_ethernet(0x1, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaa202070000000086dd60b4090000302f0002000000000000000000ffffe0000002ff02000000000000000000000000000187199078000929000000000000000203ffffffffffff0bad0622c50404fd00"/102], 0x0) 04:50:26 executing program 3: clone(0x1000000000011, &(0x7f00000000c0), 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x100000e, &(0x7f0000000000)) 04:50:26 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) dup2(r0, r1) 04:50:26 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4005}) openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) r1 = socket$kcm(0x29, 0x5, 0x0) ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000080)=0x7e) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd'}]}, 0xfdef) [ 203.999080][ T8061] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8061 [ 204.008961][ T8061] caller is ip6_finish_output+0x335/0xdc0 [ 204.014805][ T8061] CPU: 0 PID: 8061 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 204.023836][ T8061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 204.034060][ T8061] Call Trace: [ 204.037406][ T8061] dump_stack+0x172/0x1f0 [ 204.041813][ T8061] __this_cpu_preempt_check+0x246/0x270 [ 204.047406][ T8061] ip6_finish_output+0x335/0xdc0 [ 204.052390][ T8061] ip6_output+0x235/0x7f0 [ 204.056750][ T8061] ? ip6_finish_output+0xdc0/0xdc0 [ 204.061891][ T8061] ? ip6_fragment+0x3980/0x3980 [ 204.066766][ T8061] ip6_xmit+0xe41/0x20c0 [ 204.071045][ T8061] ? ip6_finish_output2+0x2550/0x2550 [ 204.076444][ T8061] ? mark_held_locks+0xf0/0xf0 [ 204.081258][ T8061] ? ip6_setup_cork+0x1870/0x1870 [ 204.086316][ T8061] inet6_csk_xmit+0x2fb/0x5d0 [ 204.091167][ T8061] ? inet6_csk_update_pmtu+0x190/0x190 [ 204.096637][ T8061] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.103003][ T8061] ? csum_ipv6_magic+0x20/0x80 [ 204.107796][ T8061] __tcp_transmit_skb+0x1a32/0x3750 [ 204.113025][ T8061] ? __tcp_select_window+0x8b0/0x8b0 [ 204.118339][ T8061] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.124626][ T8061] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 204.130101][ T8061] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 204.136407][ T8061] tcp_connect+0x1e47/0x4280 [ 204.141017][ T8061] ? tcp_push_one+0x110/0x110 [ 204.145716][ T8061] ? secure_tcpv6_ts_off+0x24f/0x360 [ 204.151008][ T8061] ? secure_dccpv6_sequence_number+0x280/0x280 [ 204.157171][ T8061] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.163431][ T8061] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.169683][ T8061] ? prandom_u32_state+0x13/0x180 [ 204.174729][ T8061] tcp_v6_connect+0x150b/0x20a0 [ 204.179599][ T8061] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 204.184994][ T8061] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 204.190297][ T8061] ? __switch_to_asm+0x34/0x70 [ 204.195073][ T8061] ? __switch_to_asm+0x40/0x70 04:50:26 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f0000000180)={&(0x7f0000000080)=[0x0, 0x0], 0x2, 0x2, 0x0, 0x1000, 0x8, 0x7ea, {0x5, 0x17a, 0x0, 0x3, 0x5, 0x40, 0x0, 0x3, 0xce, 0x8, 0x7f, 0xffffffffdc3a908a, 0x641c, 0x20, "9c3a812734e9cdaeca3fa1ae4bdfa65b1b31c11f506b641e8f5c3cbcfa9b8c15"}}) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001540)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='stack\x00') preadv(r0, &(0x7f00000017c0), 0x199, 0x0) 04:50:26 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c12a41d88b070") syz_emit_ethernet(0x1, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd60b409ffff0000000202430060000000000039feffffe0000002ff020000000000000000000000000001850090780007040060b680fa0000000000000000000000000302ffffffffffff00000000000000000000ffffac14ffbbd1bacf06afcb592d91eec688fc3092fd9a5a3013ee4aaf4ccbc65e937cf18b978ae9635115ad92e0a73348c4ee88c003b8a3554a9bc82f71"], 0x0) [ 204.199868][ T8061] ? find_held_lock+0x35/0x130 [ 204.204651][ T8061] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 204.210317][ T8061] __inet_stream_connect+0x83f/0xea0 [ 204.215631][ T8061] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 204.220947][ T8061] ? __inet_stream_connect+0x83f/0xea0 [ 204.220979][ T8061] ? inet_dgram_connect+0x2e0/0x2e0 [ 204.220992][ T8061] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 204.221003][ T8061] ? rcu_read_lock_sched_held+0x110/0x130 [ 204.221016][ T8061] ? kmem_cache_alloc_trace+0x354/0x760 [ 204.221026][ T8061] ? __lock_acquire+0x548/0x3fb0 [ 204.221038][ T8061] tcp_sendmsg_locked+0x231f/0x37f0 [ 204.221049][ T8061] ? mark_held_locks+0xf0/0xf0 [ 204.221060][ T8061] ? mark_held_locks+0xa4/0xf0 [ 204.221070][ T8061] ? tcp_sendpage+0x60/0x60 [ 204.221081][ T8061] ? lock_sock_nested+0x9a/0x120 [ 204.221091][ T8061] ? trace_hardirqs_on+0x67/0x230 [ 204.221099][ T8061] ? lock_sock_nested+0x9a/0x120 [ 204.221110][ T8061] ? __local_bh_enable_ip+0x15a/0x270 [ 204.221122][ T8061] tcp_sendmsg+0x30/0x50 04:50:26 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f00000001c0)) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 204.221130][ T8061] inet_sendmsg+0x147/0x5e0 [ 204.221137][ T8061] ? ipip_gro_receive+0x100/0x100 [ 204.221148][ T8061] sock_sendmsg+0xdd/0x130 [ 204.221158][ T8061] __sys_sendto+0x262/0x380 [ 204.221169][ T8061] ? __ia32_sys_getpeername+0xb0/0xb0 [ 204.221198][ T8061] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 204.221223][ T8061] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.221235][ T8061] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.221248][ T8061] ? do_syscall_64+0x26/0x610 [ 204.221264][ T8061] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.221282][ T8061] __x64_sys_sendto+0xe1/0x1a0 [ 204.221309][ T8061] do_syscall_64+0x103/0x610 [ 204.221324][ T8061] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.221335][ T8061] RIP: 0033:0x4582b9 [ 204.221360][ T8061] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 204.221367][ T8061] RSP: 002b:00007fbab4c53c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 204.221379][ T8061] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 204.221386][ T8061] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 204.221392][ T8061] RBP: 000000000073bf00 R08: 0000000020000040 R09: 000000000000001c [ 204.221399][ T8061] R10: 0000000020000003 R11: 0000000000000246 R12: 00007fbab4c546d4 [ 204.221405][ T8061] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 204.228848][ T8060] device nr0 entered promiscuous mode [ 204.298584][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 204.402947][ T8061] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8061 [ 204.468982][ T8061] caller is ip6_finish_output+0x335/0xdc0 [ 204.474722][ T8061] CPU: 0 PID: 8061 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 204.483751][ T8061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 204.493825][ T8061] Call Trace: [ 204.497146][ T8061] dump_stack+0x172/0x1f0 [ 204.501504][ T8061] __this_cpu_preempt_check+0x246/0x270 [ 204.507093][ T8061] ip6_finish_output+0x335/0xdc0 [ 204.512062][ T8061] ip6_output+0x235/0x7f0 [ 204.516417][ T8061] ? ip6_finish_output+0xdc0/0xdc0 [ 204.521569][ T8061] ? ip6_fragment+0x3980/0x3980 [ 204.526442][ T8061] ip6_xmit+0xe41/0x20c0 [ 204.530713][ T8061] ? ip6_finish_output2+0x2550/0x2550 [ 204.536210][ T8061] ? mark_held_locks+0xf0/0xf0 [ 204.541065][ T8061] ? ip6_setup_cork+0x1870/0x1870 [ 204.546309][ T8061] ? inet6_csk_route_socket+0x715/0xf40 [ 204.551890][ T8061] inet6_csk_xmit+0x2fb/0x5d0 [ 204.556613][ T8061] ? inet6_csk_update_pmtu+0x190/0x190 [ 204.562118][ T8061] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.568389][ T8061] ? csum_ipv6_magic+0x20/0x80 [ 204.573300][ T8061] __tcp_transmit_skb+0x1a32/0x3750 [ 204.578642][ T8061] ? __tcp_select_window+0x8b0/0x8b0 [ 204.583945][ T8061] ? lockdep_hardirqs_on+0x418/0x5d0 [ 204.589246][ T8061] ? trace_hardirqs_on+0x67/0x230 [ 204.594387][ T8061] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 204.600123][ T8061] tcp_write_xmit+0xe39/0x5660 [ 204.600140][ T8061] ? tcp_established_options+0x29d/0x4d0 [ 204.600174][ T8061] __tcp_push_pending_frames+0xb4/0x350 [ 204.600191][ T8061] tcp_send_fin+0x149/0xbb0 [ 204.600215][ T8061] tcp_close+0xddf/0x10c0 [ 204.620975][ T8061] ? ip_mc_drop_socket+0x211/0x270 [ 204.620994][ T8061] ? __sock_release+0x89/0x2b0 [ 204.621016][ T8061] inet_release+0x105/0x1f0 [ 204.621036][ T8061] inet6_release+0x53/0x80 [ 204.621057][ T8061] __sock_release+0xd3/0x2b0 [ 204.649302][ T8061] ? __sock_release+0x2b0/0x2b0 [ 204.654164][ T8061] sock_close+0x1b/0x30 [ 204.654179][ T8061] __fput+0x2e5/0x8d0 [ 204.654199][ T8061] ____fput+0x16/0x20 [ 204.654218][ T8061] task_work_run+0x14a/0x1c0 [ 204.654241][ T8061] exit_to_usermode_loop+0x273/0x2c0 [ 204.654259][ T8061] do_syscall_64+0x52d/0x610 [ 204.654281][ T8061] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.687166][ T8061] RIP: 0033:0x4582b9 [ 204.691078][ T8061] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 204.710787][ T8061] RSP: 002b:00007fbab4c53c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 204.710803][ T8061] RAX: 0000000000000000 RBX: 0000000000000006 RCX: 00000000004582b9 [ 204.710809][ T8061] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 204.710816][ T8061] RBP: 000000000073bf00 R08: 0000000020000040 R09: 000000000000001c [ 204.710823][ T8061] R10: 0000000020000003 R11: 0000000000000246 R12: 00007fbab4c546d4 [ 204.710830][ T8061] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 204.781435][ T8072] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8072 [ 204.791133][ T8072] caller is ip6_finish_output+0x335/0xdc0 [ 204.796947][ T8072] CPU: 1 PID: 8072 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 204.805982][ T8072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 204.816071][ T8072] Call Trace: [ 204.819465][ T8072] dump_stack+0x172/0x1f0 [ 204.823815][ T8072] __this_cpu_preempt_check+0x246/0x270 [ 204.829387][ T8072] ip6_finish_output+0x335/0xdc0 [ 204.834342][ T8072] ip6_output+0x235/0x7f0 [ 204.838800][ T8072] ? ip6_finish_output+0xdc0/0xdc0 [ 204.843948][ T8072] ? ip6_fragment+0x3980/0x3980 [ 204.848834][ T8072] ip6_xmit+0xe41/0x20c0 [ 204.853097][ T8072] ? ip6_finish_output2+0x2550/0x2550 [ 204.858479][ T8072] ? mark_held_locks+0xf0/0xf0 [ 204.863282][ T8072] ? ip6_setup_cork+0x1870/0x1870 [ 204.868399][ T8072] inet6_csk_xmit+0x2fb/0x5d0 [ 204.873087][ T8072] ? inet6_csk_update_pmtu+0x190/0x190 [ 204.878768][ T8072] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.885202][ T8072] ? csum_ipv6_magic+0x20/0x80 [ 204.889981][ T8072] __tcp_transmit_skb+0x1a32/0x3750 [ 204.895202][ T8072] ? __tcp_select_window+0x8b0/0x8b0 [ 204.900520][ T8072] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.906861][ T8072] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 204.912330][ T8072] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 204.918599][ T8072] tcp_connect+0x1e47/0x4280 [ 204.923317][ T8072] ? tcp_push_one+0x110/0x110 [ 204.928015][ T8072] ? secure_tcpv6_ts_off+0x24f/0x360 [ 204.933399][ T8072] ? secure_dccpv6_sequence_number+0x280/0x280 [ 204.939582][ T8072] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.945851][ T8072] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.952127][ T8072] ? prandom_u32_state+0x13/0x180 [ 204.957178][ T8072] tcp_v6_connect+0x150b/0x20a0 [ 204.962038][ T8072] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 204.967446][ T8072] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 204.972739][ T8072] ? __switch_to_asm+0x34/0x70 [ 204.977528][ T8072] ? __switch_to_asm+0x40/0x70 [ 204.982488][ T8072] ? find_held_lock+0x35/0x130 [ 204.987288][ T8072] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 204.992941][ T8072] __inet_stream_connect+0x83f/0xea0 [ 204.998631][ T8072] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 205.004036][ T8072] ? __inet_stream_connect+0x83f/0xea0 [ 205.009513][ T8072] ? inet_dgram_connect+0x2e0/0x2e0 [ 205.014829][ T8072] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 205.020303][ T8072] ? rcu_read_lock_sched_held+0x110/0x130 [ 205.049470][ T8072] ? kmem_cache_alloc_trace+0x354/0x760 [ 205.058047][ T8072] ? __lock_acquire+0x548/0x3fb0 [ 205.063396][ T8072] tcp_sendmsg_locked+0x231f/0x37f0 [ 205.068633][ T8072] ? mark_held_locks+0xf0/0xf0 [ 205.073439][ T8072] ? mark_held_locks+0xa4/0xf0 [ 205.078229][ T8072] ? tcp_sendpage+0x60/0x60 [ 205.082928][ T8072] ? lock_sock_nested+0x9a/0x120 [ 205.087885][ T8072] ? trace_hardirqs_on+0x67/0x230 [ 205.095841][ T8072] ? lock_sock_nested+0x9a/0x120 [ 205.106018][ T8072] ? __local_bh_enable_ip+0x15a/0x270 [ 205.124595][ T8072] tcp_sendmsg+0x30/0x50 [ 205.129999][ T8072] inet_sendmsg+0x147/0x5e0 [ 205.135745][ T8072] ? ipip_gro_receive+0x100/0x100 [ 205.142358][ T8072] sock_sendmsg+0xdd/0x130 [ 205.147241][ T8072] __sys_sendto+0x262/0x380 [ 205.152144][ T8072] ? __ia32_sys_getpeername+0xb0/0xb0 [ 205.160759][ T8072] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 205.170531][ T8072] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 205.177905][ T8072] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 205.184113][ T8072] ? do_syscall_64+0x26/0x610 [ 205.190063][ T8072] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.192322][ T8058] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8058 [ 205.197066][ T8072] __x64_sys_sendto+0xe1/0x1a0 [ 205.197090][ T8072] do_syscall_64+0x103/0x610 [ 205.197121][ T8072] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.213619][ T8058] caller is ip6_finish_output+0x335/0xdc0 [ 205.219115][ T8072] RIP: 0033:0x4582b9 [ 205.219134][ T8072] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 205.219140][ T8072] RSP: 002b:00007fbab4c11c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 205.219152][ T8072] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 205.219159][ T8072] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 205.219166][ T8072] RBP: 000000000073c040 R08: 0000000020000040 R09: 000000000000001c [ 205.219180][ T8072] R10: 0000000020000003 R11: 0000000000000246 R12: 00007fbab4c126d4 [ 205.219188][ T8072] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 205.238449][ T8072] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8072 [ 205.241399][ T8058] CPU: 0 PID: 8058 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 205.241408][ T8058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 205.241414][ T8058] Call Trace: [ 205.241443][ T8058] dump_stack+0x172/0x1f0 [ 205.241469][ T8058] __this_cpu_preempt_check+0x246/0x270 [ 205.245484][ T8072] caller is ip6_finish_output+0x335/0xdc0 [ 205.265083][ T8058] ip6_finish_output+0x335/0xdc0 [ 205.265103][ T8058] ip6_output+0x235/0x7f0 [ 205.265118][ T8058] ? ip6_finish_output+0xdc0/0xdc0 [ 205.265135][ T8058] ? ip6_fragment+0x3980/0x3980 [ 205.265154][ T8058] ip6_xmit+0xe41/0x20c0 [ 205.265175][ T8058] ? ip6_finish_output2+0x2550/0x2550 [ 205.265191][ T8058] ? mark_held_locks+0xf0/0xf0 [ 205.265207][ T8058] ? ip6_setup_cork+0x1870/0x1870 [ 205.265224][ T8058] ? inet6_csk_route_socket+0x715/0xf40 [ 205.265250][ T8058] inet6_csk_xmit+0x2fb/0x5d0 [ 205.265263][ T8058] ? inet6_csk_update_pmtu+0x190/0x190 [ 205.265279][ T8058] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 205.265300][ T8058] ? csum_ipv6_magic+0x20/0x80 [ 205.265323][ T8058] __tcp_transmit_skb+0x1a32/0x3750 [ 205.265344][ T8058] ? __tcp_select_window+0x8b0/0x8b0 [ 205.265365][ T8058] ? lockdep_hardirqs_on+0x418/0x5d0 [ 205.265380][ T8058] ? trace_hardirqs_on+0x67/0x230 [ 205.265396][ T8058] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 205.265410][ T8058] tcp_write_xmit+0xe39/0x5660 [ 205.265422][ T8058] ? tcp_established_options+0x29d/0x4d0 [ 205.265449][ T8058] __tcp_push_pending_frames+0xb4/0x350 [ 205.265465][ T8058] tcp_send_fin+0x149/0xbb0 [ 205.265484][ T8058] tcp_close+0xddf/0x10c0 [ 205.265501][ T8058] ? sock_fasync+0x101/0x160 [ 205.265520][ T8058] inet_release+0x105/0x1f0 [ 205.265544][ T8058] inet6_release+0x53/0x80 [ 205.493453][ T8058] __sock_release+0xd3/0x2b0 [ 205.498068][ T8058] ? __sock_release+0x2b0/0x2b0 [ 205.503090][ T8058] sock_close+0x1b/0x30 [ 205.507281][ T8058] __fput+0x2e5/0x8d0 [ 205.511289][ T8058] ____fput+0x16/0x20 [ 205.515273][ T8058] task_work_run+0x14a/0x1c0 [ 205.519876][ T8058] exit_to_usermode_loop+0x273/0x2c0 [ 205.525259][ T8058] do_syscall_64+0x52d/0x610 [ 205.529872][ T8058] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.535873][ T8058] RIP: 0033:0x412071 [ 205.539772][ T8058] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 e4 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 205.559645][ T8058] RSP: 002b:00007ffd3f16bcc0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 205.568075][ T8058] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000412071 [ 205.576055][ T8058] RDX: 0000000000000000 RSI: 0000000000741388 RDI: 0000000000000003 [ 205.584387][ T8058] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000031ca6 [ 205.592471][ T8058] R10: 0000000000741378 R11: 0000000000000293 R12: 0000000000000001 [ 205.600461][ T8058] R13: 00007ffd3f16bd00 R14: 0000000000000000 R15: 00007ffd3f16bd10 [ 205.608729][ T8072] CPU: 1 PID: 8072 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 205.617765][ T8072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 205.627940][ T8072] Call Trace: [ 205.631265][ T8072] dump_stack+0x172/0x1f0 [ 205.635616][ T8072] __this_cpu_preempt_check+0x246/0x270 [ 205.635639][ T8072] ip6_finish_output+0x335/0xdc0 [ 205.635660][ T8072] ip6_output+0x235/0x7f0 [ 205.635678][ T8072] ? ip6_finish_output+0xdc0/0xdc0 [ 205.635701][ T8072] ? ip6_fragment+0x3980/0x3980 [ 205.660938][ T8072] ip6_xmit+0xe41/0x20c0 [ 205.665246][ T8072] ? ip6_finish_output2+0x2550/0x2550 [ 205.670769][ T8072] ? mark_held_locks+0xf0/0xf0 [ 205.675683][ T8072] ? ip6_setup_cork+0x1870/0x1870 [ 205.680782][ T8072] ? inet6_csk_route_socket+0x715/0xf40 [ 205.686340][ T8072] inet6_csk_xmit+0x2fb/0x5d0 [ 205.691119][ T8072] ? inet6_csk_update_pmtu+0x190/0x190 [ 205.696597][ T8072] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 205.702868][ T8072] ? csum_ipv6_magic+0x20/0x80 [ 205.707638][ T8072] __tcp_transmit_skb+0x1a32/0x3750 [ 205.712854][ T8072] ? __tcp_select_window+0x8b0/0x8b0 [ 205.718136][ T8072] ? lockdep_hardirqs_on+0x418/0x5d0 [ 205.723778][ T8072] ? trace_hardirqs_on+0x67/0x230 [ 205.728810][ T8072] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 205.734524][ T8072] tcp_write_xmit+0xe39/0x5660 [ 205.739382][ T8072] ? tcp_established_options+0x29d/0x4d0 [ 205.745020][ T8072] __tcp_push_pending_frames+0xb4/0x350 [ 205.750574][ T8072] tcp_send_fin+0x149/0xbb0 [ 205.755159][ T8072] tcp_close+0xddf/0x10c0 [ 205.759513][ T8072] ? ip_mc_drop_socket+0x211/0x270 [ 205.764624][ T8072] ? __sock_release+0x89/0x2b0 [ 205.769423][ T8072] inet_release+0x105/0x1f0 [ 205.773951][ T8072] inet6_release+0x53/0x80 [ 205.778395][ T8072] __sock_release+0xd3/0x2b0 [ 205.782985][ T8072] ? __sock_release+0x2b0/0x2b0 [ 205.787821][ T8072] sock_close+0x1b/0x30 [ 205.791971][ T8072] __fput+0x2e5/0x8d0 [ 205.795959][ T8072] ____fput+0x16/0x20 [ 205.799945][ T8072] task_work_run+0x14a/0x1c0 [ 205.804884][ T8072] exit_to_usermode_loop+0x273/0x2c0 [ 205.810247][ T8072] do_syscall_64+0x52d/0x610 [ 205.814865][ T8072] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.820775][ T8072] RIP: 0033:0x4582b9 [ 205.824858][ T8072] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 205.844713][ T8072] RSP: 002b:00007fbab4c11c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 205.853119][ T8072] RAX: 0000000000000000 RBX: 0000000000000006 RCX: 00000000004582b9 [ 205.861109][ T8072] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 205.869098][ T8072] RBP: 000000000073c040 R08: 0000000020000040 R09: 000000000000001c [ 205.877210][ T8072] R10: 0000000020000003 R11: 0000000000000246 R12: 00007fbab4c126d4 [ 205.885225][ T8072] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff 04:50:28 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) 04:50:28 executing program 1: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) lseek(r0, 0x0, 0x0) 04:50:28 executing program 3: r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) writev(r0, &(0x7f00000017c0)=[{&(0x7f0000001840)="14", 0x1}], 0x1) 04:50:28 executing program 2: r0 = openat$dsp(0xffffffffffffff9c, 0x0, 0x2000, 0x0) getsockopt$netrom_NETROM_N2(0xffffffffffffffff, 0x103, 0x3, 0x0, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB='\a\x00'/24], 0x18, 0x7}, 0x0) name_to_handle_at(r0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000800)={0x11, 0x800, "0eaa689543d9425ab8"}, 0x0, 0x400) 04:50:28 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4005}) openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) r1 = socket$kcm(0x29, 0x5, 0x0) ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000080)=0x7e) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd'}]}, 0xfdef) 04:50:28 executing program 4: socket$packet(0x11, 0x3, 0x300) r0 = socket$netlink(0x10, 0x3, 0x4) write(r0, &(0x7f0000000000)="2700000014000f3f00000000120f0a00110001001f750800390099ed4f05000000000000000000", 0x27) recvmmsg(r0, &(0x7f0000003e40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 04:50:28 executing program 2: openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000180)='/dev/mISDNtimer\x00', 0xc840, 0x0) 04:50:28 executing program 4: socket$packet(0x11, 0x3, 0x300) r0 = socket$netlink(0x10, 0x3, 0x4) write(r0, &(0x7f0000000000)="2700000014000f3f00000000120f0a00110001001f750800390099ed4f05000000000000000000", 0x27) recvmmsg(r0, &(0x7f0000003e40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 04:50:28 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xf7c, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_TIOCOUTQ(r0, 0x5411, &(0x7f0000000000)) [ 206.337272][ T8098] device nr0 entered promiscuous mode 04:50:28 executing program 1: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) lseek(r0, 0x0, 0x0) 04:50:28 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xf7c, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000300)) 04:50:29 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x30, 0x0, 0x0, 0x117) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) add_key$user(0x0, 0x0, &(0x7f0000000280)="26b3fb039a0c45bc2b2382ea2b89af0f16d8a52ae52319b2eb8cb5713a1ee86b02f2dc944f85b21de0501e975b4a9093059080adafa8057ba667a344604ba3d432358ad72ad04b83f8f33ad7a8b56220e74ec224c1a5a3e9b7964805a9800ccafa8ccabcc2458a6eb8d1dfb05d88b2ac07b473cd29908d7d5ad4207062ee6ded56776a508e0dc5abdb5248cc4b59cf744f8c297c3012b69466a393e4b789ec19fdb08a76f429348abb2e2cfb966126128bfaa418e29bc4c5e8aaafd27b8fa33502cd1b02a380355e2dd1d449fd232ae2bce6ba45938ce746db438abe30ff7485d21a14822e9c7901f9817bcb718927c64433581870afb3482113369a630e2c0be8033f76acab6ad858289fdd0511c645320b71eb1c6e10e63615da3523543080b66a50df18c1fcfaf5ce3b18f14f05eda6bb4c9674d5ce89a8a65709d78fc8517c95fdaaf5f847c8afbab6af93b03ee8a7d3e7a29a19667ab9e5ea111de94edbf980ce6c27d7deddf77992132509b08abf8aecc0dee95a0b31281c7aae89d9df8de403d7a840043d4dba5a7f76fb0cd177444878a692d3d156d08068c261244da8e7d31b8e5029b104638961ded3461eb6bc9946012dfd1f0e0791830dc49bf5aed78e31acf26b7cc750257099ad1ca4695395eaf851d1300bb72e7f6dcf631ee7feea089ac11e5ea3d848e528db653021bed26b935bec62d3245dd13741b1aa4a32b41c6cc73c8b42a54720cbb996f8c50a1570444f83cca4cf1f78f8c7b597d1728b53e1dd9067a76494ca646be66dbef39e6405903eeabc53c94ad9819dc27e88b9cbffd0f7d91776722ba2c50e30f58c697d665762088b751fa1a6c96d659ca3d782afdfd6919d3cd0159bcdf865b49faab490418aca6aadebcd320d75b27c9c1f3c4590073a5b50bf78c43f1dde6f0d92b380aebcaaa5f0febacb19d03f06021c7249f115cbc591a8281e24820b9c6b0b95c1313ae0484d6933e1ea9d40ab81785b8b8b9cb5f1edb8ee0cbf71a2aa22a5b7c23a6fc550e7c1875e079a731cd3a324f7befcac8254837ad93d44b2aa117b1a1b5156850237bd006f14f463e0ac34c794c7e6a8900020f4325e533da5ee4a97b8308d2536f277c2b06eee98c6e10cb9f17aadb19d79191c9c23aa727d8bb71ee0c9246baa3122c4cad9f1b888d376cd017f91386b381f3bd30048e1f6d6a12a7bb31918ec4d11d53aced1f73434031629d030bb312a5224b26d0fa0700d8ef3f1c0c50da77771f36acc4dafcf057fc3758c3b7f98a5c5dd1c38fb1c6ec93294111419b0e0b35a97078d9199746db887abc7776b655b9f926a0a027813eea5b68baf6cceb1afa3c5126c007b8c6ad8336d9f0f315ada618e3d91745dcb97415745e596cede0d676777e59efe87adf94ef8c777bc7faa6737836bd812b8644c4ab7cb8f527d02bd46dbfe8bec997e2c096b44035ae98c989bd4b532ab1f7af236f592e7f5b022832db8cd5402143320f78924ad54765b62116fcd1358eb5ccb050ac2aab968ccf886ebff429271689451e0ff27c843f3174b9f2f0a12765a3e0929eee2655dc90a567c84aa9213aaf30df1b83f5bbd336edc8fd0c7960249a54765ac9cd58b51a34bec6704e012fb6070d181276c713b42d65f503a0ca36e698553b477f8d262ef9e5fb9fb7aa42794316408ed312653dffc5c16be8625ddea1edf0ed002e184fd465cd86f9e1cea71559661400a0a81c53e930bd2b41b361e6875f76a79de45a8939cb244f1f9ebd487e84d1ff21e9d852ca695c40d0c1a6079fcb4721dad7e65325153aadf14d4d7953ccc9754e3252bdb6b5e0a2758a513ed3aa5254ba852bf798671f6de2c98d67dc19148d8e269108fec2970fe24b9ebe331f8e9fd3b37e3c0190a40302b8f81c3c3066f2d0deb47d2c430b2eca3ec82afa3368429ff01f3865f9493eabfab22d3d1109673667dbd3db5d0c250805e42ab3e7edd754d35f61e4b7e688d780e0297c1125d3a4ea46d3f6e97d9826cc91a4039f5ecd19e94000caf5009c2e0193b6a04e5ece231f19dc29fa79af15045510fe57d21da7e38291acb2d0df2bb29f314ee10ca022d33a9afb46b78dfababde62155c6ee7817c75300be1baa1ba9afa94f5b176021ea423c4cc98cfb2ba2c7fe59c01fdffa678358dba372e387ac4a20c417420d7794d10cf3d53ccbecdba8b6344a89b480486eb3e486bda969230d8818d4ad6802609e1fc0bfbcec2766eef1c63585f26e64ad088758a28f8ab1d08e4aaa9b569a8a36e672bf11cf89577d9388f5359ec30ca3223d04f1d4c6bcff5eef4a6916eb5979cc73b923fb365b2e11765b9054795e9ab760b09d2d683a155cbcfebd353d1af4766eb5fd654ea44140d596ccbc507472b593fb0294bea011bfa4060bd30c4b5dfa03cb963801d1f236459e74b49ac3b481a474a39ae9c435343c724d9df0eec15b8ea93c40f3c607059c08be55553d07e9617b94c8adb0c1bafe43cc8e023c452d48146ee5d0f23204e486ca949650e43827ec71274da4f5ee3ed8a322452857591a379bd531665e2811a1176015c76946ca7acf1e8a93e0f21c485b2a6cacac57e491a20f5ccb1994e78f7c3b5c6ce9d7eaf50ecc8ad4af6d769824a7ec46c76761d399834120b9705981cc763e70dd5bfbad6d030cd6c0d150526a83d125ca69d81da7775f17fbd30931af139c17411223932706c4b3b30a3a8ae92e7b0a57997a07b08f6906f8487c4b9e90f8ab47060702c8f02e36b08d813c89ad9b14e19ef89f19dcc376db0bf31c48abc31b83b3f34cfa4222c3ff3f474ef5ab1c76978feea099aba0cdeef91c2a5992715050b603653213d1e3ff7326b1dc633f9c010ed2df13bb854f54d54a5d10d677524d002258a09ce774a8e2534344fdb3a03d1e22919b863b92c5f43610f64b15c7b9f40bfb16b787c0a79d191e514a335062548d81f8c9d9387a1247d336d34233ffad16004bcda90c7458effeefae25ae99369177e03a7f42c2f92d96682f0f6f9f931ae4b7213f8b417d879b9f340b0f8dd131387949eeb58cf51bda06eadc3fd9aef085b7009a5ca004a7b6a9a1842a3711d1e08f4e6da3b5893fb08d47831802def22c873b31398532f317a2391b2f91c9b528c252479bca3972b6db5cba4e371ea3fa63d089c2d5ba565c2333f54ce8077d274830ad50d5759ae7a36f09b72df8407bde01e5c62a9bf7d95f86ad65c6cf7c00da80b81334c519f37e3ce7a241a509d563c26b96fef8db56201d21c55c40dbc880b27ee9aafe70c7f7efb17831d182c62c855a70d6f26673bee739e71348ad483c0a8d9ed633a5d773a6774b39c3c0124aa67a9ae368661461490f875147c174e61cbfeb1168efaa8375ff09d6b12312af2ddf753101d1c0c8bd4766c8a9daa6b9f8978db3632eaefbb50b6446584c0046f3eddfb7994d670473877897ce40a29503dbb3e1878423e1f60e6df21206d0ad0a130d113c115468798e5a8f74b28bbfc86bfab9dec4bf8dd0a9f88b8d77223bdf29086d1a8bdd3aac8284b80f2c4b61c2f885a5defbf57fcf5b466f1b9aa43e0ce4605b100074061e795140a7fff0fb3708de0ea6e7966a4831f46bddc234f0f8b76890b601a3911951d9414a3413b2373946a2f2151401f338b5894f9dd60ab3767e18f24d76730466590810822c71dd533979f32cc01620478aad26bdef5c0dfe8d11fcf5824aa342884a0c92d3dddfe5df603dc576fad89b5c9783906211dd9168cd64ac34a847263c280942bea8dac095696712c81bee75016ac494e16e41c93f2adc818fe93f056dc8c3da44ca102c57f1ff6c743a46a78725adde8c604e10500cd17673d2179497a49399f70b2c5cd6064ed2897377d92dedaa5969bcef53ad78316a63f398d037c9bcc5e07c1a94a60d88f492c806dc5c23a894e35c0c2fa88a4d8595a6f3e9825840fc19e2abb0a9e98ad08dcb99367c3032d4873c3c709e10f1be89cf8567c3be20f6948748948192036cdcf05b6798e7e534a7f44c0a0f01094e3858074020bd0676d606b8045be3b3d9e0e57cbb9441489c503e57937dd561cc8c56c3860e4a19278860041123422be073bf2255942d43e206963976e4d83b93e5941cade79d634c211480c73c574e2c942459bf680dbadf7f43f34b9797dfead1bf45c5984a081cd0fbfbd09f72c0a3f536607a3f2188e624eb44bb1fc05803ddcd49de08cee722b4a9102921b8fc8c09e9d1217b58c7b63914ea918de7d80f9b36cade91d7c8410362447d1700a6e06618fefd268015bd1cd459ea4c4f4afff9065f8f742a644b39f727b011201e71779ba561eba46f11a92405b8c1d60aef38f749e3b5f0f2ce845f98372a7cd5b14c5a798de35125432273a050f19c2de0a77982d01f981420a66afcc1afedfcfecdf7a34dbf3c57aab4d2fb186f6be427dfff5ede0c3c413997873735a224bd0836c488b7f1dc1c4e2871176cb1d953df818d10fb96de6167944dcf8029d6ed5f95e8ccd237372b4956d49afed02e94b49fa88aa2b7789fd7415c972cb59ab49ff0f1f6d062bf07f768deea78f29c6842eea878f8c44bc46cb3f4d1241b4d85cefea65896658c6f5944923a78f68655212441100d4974ab865f03e57ffaf50a902b79bbcc39666ca9bf552b73a7e39226c9951e5cb5fa6a5a873cf0a1dc4babcf2a3fbdd6b521f8e0ab780777cce2a682438f304d068f3e562cc580ebbf00a88462a0d067d1504a5c7b73a345af6be739a4d53aa147a02715bf3d18565e8a90b0a8be55ef03c83cf78cb28a954bfd638295b1e125a5f028719d509394f1ea3c71e36925db1e4f10d875d407d55693d336c7cc3c5c7622d2b0d57105990eb54630dfdce4a9e37c13196bd047de81232515a79d28ed8f3dae01400ee8e6d293f8759a0c541ef3f014e005a8e01502275740e6b488052a7be680577cf00dcb1e8cdc0210fe1d26182ddb02fd7bb5fc46d17b531b543033d8c8807dc55966d034b2f9457", 0xdd6, 0xfffffffffffffffe) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 206.558944][ T8119] EXT4-fs warning (device sda1): ext4_group_add:1643: No reserved GDT blocks, can't resize [ 206.636425][ T8127] EXT4-fs warning (device sda1): ext4_group_add:1643: No reserved GDT blocks, can't resize 04:50:29 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xf7c, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) msgrcv(0x0, &(0x7f0000000ac0)={0x0, ""/185}, 0xc1, 0x0, 0x3800) 04:50:29 executing program 4: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x9) lseek(r0, 0x0, 0x0) 04:50:29 executing program 1: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) lseek(r0, 0x0, 0x0) 04:50:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adcb67d3c123f3188b070") socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr, @multicast1}, @icmp=@address_reply={0x3}}}}}, 0x0) 04:50:29 executing program 5: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xee6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) 04:50:29 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x4) write(r0, &(0x7f0000000000)="2700000014000f3f03150000120f0a00110400001f750800390099ed4f05000000000000000000", 0x27) 04:50:29 executing program 1: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) lseek(r0, 0x0, 0x0) 04:50:29 executing program 4: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x9) lseek(r0, 0x0, 0x0) 04:50:29 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x30, 0x0, 0x0, 0x117) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) add_key$user(0x0, 0x0, &(0x7f0000000280)="26b3fb039a0c45bc2b2382ea2b89af0f16d8a52ae52319b2eb8cb5713a1ee86b02f2dc944f85b21de0501e975b4a9093059080adafa8057ba667a344604ba3d432358ad72ad04b83f8f33ad7a8b56220e74ec224c1a5a3e9b7964805a9800ccafa8ccabcc2458a6eb8d1dfb05d88b2ac07b473cd29908d7d5ad4207062ee6ded56776a508e0dc5abdb5248cc4b59cf744f8c297c3012b69466a393e4b789ec19fdb08a76f429348abb2e2cfb966126128bfaa418e29bc4c5e8aaafd27b8fa33502cd1b02a380355e2dd1d449fd232ae2bce6ba45938ce746db438abe30ff7485d21a14822e9c7901f9817bcb718927c64433581870afb3482113369a630e2c0be8033f76acab6ad858289fdd0511c645320b71eb1c6e10e63615da3523543080b66a50df18c1fcfaf5ce3b18f14f05eda6bb4c9674d5ce89a8a65709d78fc8517c95fdaaf5f847c8afbab6af93b03ee8a7d3e7a29a19667ab9e5ea111de94edbf980ce6c27d7deddf77992132509b08abf8aecc0dee95a0b31281c7aae89d9df8de403d7a840043d4dba5a7f76fb0cd177444878a692d3d156d08068c261244da8e7d31b8e5029b104638961ded3461eb6bc9946012dfd1f0e0791830dc49bf5aed78e31acf26b7cc750257099ad1ca4695395eaf851d1300bb72e7f6dcf631ee7feea089ac11e5ea3d848e528db653021bed26b935bec62d3245dd13741b1aa4a32b41c6cc73c8b42a54720cbb996f8c50a1570444f83cca4cf1f78f8c7b597d1728b53e1dd9067a76494ca646be66dbef39e6405903eeabc53c94ad9819dc27e88b9cbffd0f7d91776722ba2c50e30f58c697d665762088b751fa1a6c96d659ca3d782afdfd6919d3cd0159bcdf865b49faab490418aca6aadebcd320d75b27c9c1f3c4590073a5b50bf78c43f1dde6f0d92b380aebcaaa5f0febacb19d03f06021c7249f115cbc591a8281e24820b9c6b0b95c1313ae0484d6933e1ea9d40ab81785b8b8b9cb5f1edb8ee0cbf71a2aa22a5b7c23a6fc550e7c1875e079a731cd3a324f7befcac8254837ad93d44b2aa117b1a1b5156850237bd006f14f463e0ac34c794c7e6a8900020f4325e533da5ee4a97b8308d2536f277c2b06eee98c6e10cb9f17aadb19d79191c9c23aa727d8bb71ee0c9246baa3122c4cad9f1b888d376cd017f91386b381f3bd30048e1f6d6a12a7bb31918ec4d11d53aced1f73434031629d030bb312a5224b26d0fa0700d8ef3f1c0c50da77771f36acc4dafcf057fc3758c3b7f98a5c5dd1c38fb1c6ec93294111419b0e0b35a97078d9199746db887abc7776b655b9f926a0a027813eea5b68baf6cceb1afa3c5126c007b8c6ad8336d9f0f315ada618e3d91745dcb97415745e596cede0d676777e59efe87adf94ef8c777bc7faa6737836bd812b8644c4ab7cb8f527d02bd46dbfe8bec997e2c096b44035ae98c989bd4b532ab1f7af236f592e7f5b022832db8cd5402143320f78924ad54765b62116fcd1358eb5ccb050ac2aab968ccf886ebff429271689451e0ff27c843f3174b9f2f0a12765a3e0929eee2655dc90a567c84aa9213aaf30df1b83f5bbd336edc8fd0c7960249a54765ac9cd58b51a34bec6704e012fb6070d181276c713b42d65f503a0ca36e698553b477f8d262ef9e5fb9fb7aa42794316408ed312653dffc5c16be8625ddea1edf0ed002e184fd465cd86f9e1cea71559661400a0a81c53e930bd2b41b361e6875f76a79de45a8939cb244f1f9ebd487e84d1ff21e9d852ca695c40d0c1a6079fcb4721dad7e65325153aadf14d4d7953ccc9754e3252bdb6b5e0a2758a513ed3aa5254ba852bf798671f6de2c98d67dc19148d8e269108fec2970fe24b9ebe331f8e9fd3b37e3c0190a40302b8f81c3c3066f2d0deb47d2c430b2eca3ec82afa3368429ff01f3865f9493eabfab22d3d1109673667dbd3db5d0c250805e42ab3e7edd754d35f61e4b7e688d780e0297c1125d3a4ea46d3f6e97d9826cc91a4039f5ecd19e94000caf5009c2e0193b6a04e5ece231f19dc29fa79af15045510fe57d21da7e38291acb2d0df2bb29f314ee10ca022d33a9afb46b78dfababde62155c6ee7817c75300be1baa1ba9afa94f5b176021ea423c4cc98cfb2ba2c7fe59c01fdffa678358dba372e387ac4a20c417420d7794d10cf3d53ccbecdba8b6344a89b480486eb3e486bda969230d8818d4ad6802609e1fc0bfbcec2766eef1c63585f26e64ad088758a28f8ab1d08e4aaa9b569a8a36e672bf11cf89577d9388f5359ec30ca3223d04f1d4c6bcff5eef4a6916eb5979cc73b923fb365b2e11765b9054795e9ab760b09d2d683a155cbcfebd353d1af4766eb5fd654ea44140d596ccbc507472b593fb0294bea011bfa4060bd30c4b5dfa03cb963801d1f236459e74b49ac3b481a474a39ae9c435343c724d9df0eec15b8ea93c40f3c607059c08be55553d07e9617b94c8adb0c1bafe43cc8e023c452d48146ee5d0f23204e486ca949650e43827ec71274da4f5ee3ed8a322452857591a379bd531665e2811a1176015c76946ca7acf1e8a93e0f21c485b2a6cacac57e491a20f5ccb1994e78f7c3b5c6ce9d7eaf50ecc8ad4af6d769824a7ec46c76761d399834120b9705981cc763e70dd5bfbad6d030cd6c0d150526a83d125ca69d81da7775f17fbd30931af139c17411223932706c4b3b30a3a8ae92e7b0a57997a07b08f6906f8487c4b9e90f8ab47060702c8f02e36b08d813c89ad9b14e19ef89f19dcc376db0bf31c48abc31b83b3f34cfa4222c3ff3f474ef5ab1c76978feea099aba0cdeef91c2a5992715050b603653213d1e3ff7326b1dc633f9c010ed2df13bb854f54d54a5d10d677524d002258a09ce774a8e2534344fdb3a03d1e22919b863b92c5f43610f64b15c7b9f40bfb16b787c0a79d191e514a335062548d81f8c9d9387a1247d336d34233ffad16004bcda90c7458effeefae25ae99369177e03a7f42c2f92d96682f0f6f9f931ae4b7213f8b417d879b9f340b0f8dd131387949eeb58cf51bda06eadc3fd9aef085b7009a5ca004a7b6a9a1842a3711d1e08f4e6da3b5893fb08d47831802def22c873b31398532f317a2391b2f91c9b528c252479bca3972b6db5cba4e371ea3fa63d089c2d5ba565c2333f54ce8077d274830ad50d5759ae7a36f09b72df8407bde01e5c62a9bf7d95f86ad65c6cf7c00da80b81334c519f37e3ce7a241a509d563c26b96fef8db56201d21c55c40dbc880b27ee9aafe70c7f7efb17831d182c62c855a70d6f26673bee739e71348ad483c0a8d9ed633a5d773a6774b39c3c0124aa67a9ae368661461490f875147c174e61cbfeb1168efaa8375ff09d6b12312af2ddf753101d1c0c8bd4766c8a9daa6b9f8978db3632eaefbb50b6446584c0046f3eddfb7994d670473877897ce40a29503dbb3e1878423e1f60e6df21206d0ad0a130d113c115468798e5a8f74b28bbfc86bfab9dec4bf8dd0a9f88b8d77223bdf29086d1a8bdd3aac8284b80f2c4b61c2f885a5defbf57fcf5b466f1b9aa43e0ce4605b100074061e795140a7fff0fb3708de0ea6e7966a4831f46bddc234f0f8b76890b601a3911951d9414a3413b2373946a2f2151401f338b5894f9dd60ab3767e18f24d76730466590810822c71dd533979f32cc01620478aad26bdef5c0dfe8d11fcf5824aa342884a0c92d3dddfe5df603dc576fad89b5c9783906211dd9168cd64ac34a847263c280942bea8dac095696712c81bee75016ac494e16e41c93f2adc818fe93f056dc8c3da44ca102c57f1ff6c743a46a78725adde8c604e10500cd17673d2179497a49399f70b2c5cd6064ed2897377d92dedaa5969bcef53ad78316a63f398d037c9bcc5e07c1a94a60d88f492c806dc5c23a894e35c0c2fa88a4d8595a6f3e9825840fc19e2abb0a9e98ad08dcb99367c3032d4873c3c709e10f1be89cf8567c3be20f6948748948192036cdcf05b6798e7e534a7f44c0a0f01094e3858074020bd0676d606b8045be3b3d9e0e57cbb9441489c503e57937dd561cc8c56c3860e4a19278860041123422be073bf2255942d43e206963976e4d83b93e5941cade79d634c211480c73c574e2c942459bf680dbadf7f43f34b9797dfead1bf45c5984a081cd0fbfbd09f72c0a3f536607a3f2188e624eb44bb1fc05803ddcd49de08cee722b4a9102921b8fc8c09e9d1217b58c7b63914ea918de7d80f9b36cade91d7c8410362447d1700a6e06618fefd268015bd1cd459ea4c4f4afff9065f8f742a644b39f727b011201e71779ba561eba46f11a92405b8c1d60aef38f749e3b5f0f2ce845f98372a7cd5b14c5a798de35125432273a050f19c2de0a77982d01f981420a66afcc1afedfcfecdf7a34dbf3c57aab4d2fb186f6be427dfff5ede0c3c413997873735a224bd0836c488b7f1dc1c4e2871176cb1d953df818d10fb96de6167944dcf8029d6ed5f95e8ccd237372b4956d49afed02e94b49fa88aa2b7789fd7415c972cb59ab49ff0f1f6d062bf07f768deea78f29c6842eea878f8c44bc46cb3f4d1241b4d85cefea65896658c6f5944923a78f68655212441100d4974ab865f03e57ffaf50a902b79bbcc39666ca9bf552b73a7e39226c9951e5cb5fa6a5a873cf0a1dc4babcf2a3fbdd6b521f8e0ab780777cce2a682438f304d068f3e562cc580ebbf00a88462a0d067d1504a5c7b73a345af6be739a4d53aa147a02715bf3d18565e8a90b0a8be55ef03c83cf78cb28a954bfd638295b1e125a5f028719d509394f1ea3c71e36925db1e4f10d875d407d55693d336c7cc3c5c7622d2b0d57105990eb54630dfdce4a9e37c13196bd047de81232515a79d28ed8f3dae01400ee8e6d293f8759a0c541ef3f014e005a8e01502275740e6b488052a7be680577cf00dcb1e8cdc0210fe1d26182ddb02fd7bb5fc46d17b531b543033d8c8807dc55966d034b2f9457", 0xdd6, 0xfffffffffffffffe) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:50:29 executing program 2: r0 = creat(&(0x7f0000000180)='./bus\x00', 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) write$P9_RWALK(r0, &(0x7f00000002c0)={0x9}, 0x9) dup2(r1, r0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) finit_module(r0, 0x0, 0x0) 04:50:29 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0) bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0) fallocate(r1, 0x0, 0x40000, 0xfff) write$FUSE_DIRENT(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="85"], 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fallocate(r0, 0x0, 0x0, 0x110001) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, r1, 0x0, 0x8}) 04:50:29 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c12a41d88b070") syz_emit_ethernet(0x1, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd60b40900003c3b00020243006000003f9667080b774c46e1000000ffffe0000002ff020000000000000000000000000001850090780007040060b680fa0000000000000000000000000302ffffffffffff00000000343294110000ffffac14ffbb040ca2f0cb28cffa96468dc5739272cb63c7f864bbd4e5a701823fd62886ab68b1aa2502b2243f3f3e8c741e7f8b7c8e529bed7b136b21760fa2d0feed4dfbadabdf4b6389dd61ccd1d0f79ca7dafd52dd92b898d25bb5fd337c60acbcb5cdf057e6dfa95cbe190b028965dbb18c472b8199ff8d01862ab9e3ba8e44acc224c2b62a2929ad97b187fb8d589ef1ae7d039f35e4"], 0x0) [ 207.220527][ T27] audit: type=1804 audit(1554699029.655:31): pid=8164 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir930434100/syzkaller.Iox2xX/9/bus" dev="sda1" ino=16553 res=1 04:50:29 executing program 0: clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB='\a\x00'/24], 0x18, 0x7}, 0x0) 04:50:29 executing program 2: r0 = syz_open_dev$dri(&(0x7f0000000240)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000380)) [ 207.376067][ T27] audit: type=1804 audit(1554699029.685:32): pid=8164 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir930434100/syzkaller.Iox2xX/9/bus" dev="sda1" ino=16553 res=1 04:50:29 executing program 1: syz_mount_image$ntfs(&(0x7f0000000040)='ntfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 04:50:29 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xf7c, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) msgsnd(0x0, &(0x7f00000002c0)={0x1}, 0x8, 0x0) 04:50:29 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) ioctl$EXT4_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000040)) write$cgroup_subtree(r1, &(0x7f0000000000)={[{0x0, 'memory'}]}, 0x3ff800) ioctl$void(r0, 0xc0045c78) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x33200) setsockopt$inet_sctp_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) 04:50:30 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4005}) ioctl$TUNSETVNETLE(r0, 0x400454dc, &(0x7f0000000a40)=0x1) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="066386dd79fad34a0af80743c701086742a9f9ad19d3d974c33d28520ab5bba6a058301e93d281a5079343b10c1661a06fb1ba6d265d5997e747d580ae4c409ce8be53967eb620e040816fd81742488bd2d895cf2204f7c4b23a385fedf9046350e68b51654bacb332c28588103218ab12c687c5632f69e51c681af9c0b352d9b8b437c9a16f41bc5cca061c6f3c8d3b85554e2bfd2003f1bc42f759caae0c3492e8c345c3de56739ff771808412a98443af873d75f2ad33a3bf24cea6de0962"], 0xc0) [ 207.536426][ T27] audit: type=1804 audit(1554699029.685:33): pid=8164 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir930434100/syzkaller.Iox2xX/9/bus" dev="sda1" ino=16553 res=1 04:50:30 executing program 2: r0 = syz_open_dev$cec(&(0x7f0000000240)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) ioctl$IOC_PR_PREEMPT(r0, 0x40046109, &(0x7f0000000040)={0x20d0}) [ 207.613016][ T8185] ntfs: (device loop1): ntfs_fill_super(): Unable to determine device size. 04:50:30 executing program 4: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x9) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x440000000002011, r0, 0x0) lseek(r0, 0x0, 0x0) 04:50:30 executing program 5: [ 207.761610][ T8185] ntfs: (device loop1): ntfs_fill_super(): Unable to determine device size. 04:50:30 executing program 5: 04:50:30 executing program 4: 04:50:30 executing program 2: r0 = creat(&(0x7f0000000180)='./bus\x00', 0x0) write$P9_RWALK(r0, &(0x7f00000002c0)={0x9}, 0x9) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) finit_module(r0, 0x0, 0x0) 04:50:30 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000a000/0x18000)=nil, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@cr0={0x0, 0x2}], 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:50:30 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x9) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x440000000002011, r0, 0x0) lseek(r0, 0x0, 0x3) 04:50:30 executing program 5: 04:50:30 executing program 2: 04:50:30 executing program 3: 04:50:30 executing program 4: 04:50:30 executing program 0: 04:50:30 executing program 5: 04:50:30 executing program 2: 04:50:30 executing program 1: 04:50:30 executing program 2: 04:50:30 executing program 5: 04:50:30 executing program 0: 04:50:30 executing program 1: 04:50:30 executing program 4: 04:50:31 executing program 3: 04:50:31 executing program 0: 04:50:31 executing program 5: 04:50:31 executing program 2: 04:50:31 executing program 1: 04:50:31 executing program 4: 04:50:31 executing program 3: 04:50:31 executing program 0: 04:50:31 executing program 5: 04:50:31 executing program 1: 04:50:31 executing program 3: 04:50:31 executing program 2: 04:50:31 executing program 5: 04:50:31 executing program 0: 04:50:31 executing program 4: 04:50:31 executing program 1: 04:50:31 executing program 2: 04:50:31 executing program 5: 04:50:31 executing program 4: 04:50:31 executing program 3: 04:50:31 executing program 0: 04:50:31 executing program 1: 04:50:31 executing program 4: 04:50:31 executing program 5: 04:50:31 executing program 0: 04:50:31 executing program 3: 04:50:31 executing program 1: 04:50:31 executing program 2: 04:50:31 executing program 5: 04:50:31 executing program 0: 04:50:31 executing program 4: 04:50:31 executing program 1: 04:50:32 executing program 3: 04:50:32 executing program 2: 04:50:32 executing program 4: 04:50:32 executing program 5: 04:50:32 executing program 0: 04:50:32 executing program 3: 04:50:32 executing program 2: 04:50:32 executing program 1: 04:50:32 executing program 0: 04:50:32 executing program 4: 04:50:32 executing program 3: 04:50:32 executing program 5: 04:50:32 executing program 0: 04:50:32 executing program 2: 04:50:32 executing program 1: 04:50:32 executing program 5: 04:50:32 executing program 3: 04:50:32 executing program 4: 04:50:32 executing program 2: 04:50:32 executing program 1: 04:50:32 executing program 0: 04:50:32 executing program 5: 04:50:32 executing program 3: 04:50:32 executing program 1: 04:50:32 executing program 4: 04:50:32 executing program 0: 04:50:32 executing program 2: 04:50:32 executing program 3: 04:50:32 executing program 5: 04:50:32 executing program 1: 04:50:32 executing program 4: 04:50:32 executing program 3: 04:50:32 executing program 5: 04:50:33 executing program 2: 04:50:33 executing program 0: 04:50:33 executing program 4: 04:50:33 executing program 2: 04:50:33 executing program 5: 04:50:33 executing program 3: 04:50:33 executing program 1: 04:50:33 executing program 0: 04:50:33 executing program 3: 04:50:33 executing program 5: 04:50:33 executing program 4: 04:50:33 executing program 2: 04:50:33 executing program 1: 04:50:33 executing program 3: 04:50:33 executing program 0: 04:50:33 executing program 4: 04:50:33 executing program 3: 04:50:33 executing program 5: 04:50:33 executing program 2: 04:50:33 executing program 1: 04:50:33 executing program 4: 04:50:33 executing program 3: 04:50:33 executing program 0: 04:50:33 executing program 2: 04:50:33 executing program 5: 04:50:33 executing program 1: 04:50:33 executing program 4: 04:50:33 executing program 3: 04:50:33 executing program 5: 04:50:33 executing program 2: 04:50:33 executing program 0: 04:50:34 executing program 1: 04:50:34 executing program 4: 04:50:34 executing program 3: 04:50:34 executing program 0: 04:50:34 executing program 2: 04:50:34 executing program 5: 04:50:34 executing program 1: 04:50:34 executing program 4: 04:50:34 executing program 5: 04:50:34 executing program 3: 04:50:34 executing program 2: 04:50:34 executing program 1: 04:50:34 executing program 0: 04:50:34 executing program 4: 04:50:34 executing program 3: 04:50:34 executing program 5: 04:50:34 executing program 2: 04:50:34 executing program 1: 04:50:34 executing program 2: 04:50:34 executing program 4: 04:50:34 executing program 3: 04:50:34 executing program 0: 04:50:34 executing program 5: