[ 36.897075][ T26] audit: type=1800 audit(1554670524.529:27): pid=7395 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 36.918791][ T26] audit: type=1800 audit(1554670524.529:28): pid=7395 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 37.658179][ T26] audit: type=1800 audit(1554670525.359:29): pid=7395 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 37.678722][ T26] audit: type=1800 audit(1554670525.359:30): pid=7395 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.5' (ECDSA) to the list of known hosts. 2019/04/07 20:55:41 fuzzer started 2019/04/07 20:55:44 dialing manager at 10.128.0.26:34543 2019/04/07 20:55:44 syscalls: 2408 2019/04/07 20:55:44 code coverage: enabled 2019/04/07 20:55:44 comparison tracing: enabled 2019/04/07 20:55:44 extra coverage: extra coverage is not supported by the kernel 2019/04/07 20:55:44 setuid sandbox: enabled 2019/04/07 20:55:44 namespace sandbox: enabled 2019/04/07 20:55:44 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/07 20:55:44 fault injection: enabled 2019/04/07 20:55:44 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/07 20:55:44 net packet injection: enabled 2019/04/07 20:55:44 net device setup: enabled 20:57:46 executing program 0: syzkaller login: [ 179.168871][ T7560] IPVS: ftp: loaded support on port[0] = 21 20:57:47 executing program 1: [ 179.267710][ T7560] chnl_net:caif_netlink_parms(): no params data found [ 179.335352][ T7560] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.358582][ T7560] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.379855][ T7560] device bridge_slave_0 entered promiscuous mode [ 179.398486][ T7560] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.405670][ T7560] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.417989][ T7560] device bridge_slave_1 entered promiscuous mode [ 179.453431][ T7560] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 179.469451][ T7560] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 179.479192][ T7563] IPVS: ftp: loaded support on port[0] = 21 20:57:47 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x0, 0x0, 0x0) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) r1 = socket$packet(0x11, 0xa, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff00c}, {0x80000006}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES16=0x0], 0x2) [ 179.522791][ T7560] team0: Port device team_slave_0 added [ 179.544032][ T7560] team0: Port device team_slave_1 added [ 179.610553][ T7560] device hsr_slave_0 entered promiscuous mode 20:57:47 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0}, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000180)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000280)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(0xffffffffffffffff) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) name_to_handle_at(r0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000380)={0x8f, 0x0, "9f724b4b0a23542cb9aaa3a25c20c8b970798f09aa7f88c34e0037e243d02b96faa25671913cc9612884605c123871f05645291f55121d681d908ff2b2814f75748a6b7de42d9f6a9bf31851ff8862b6cb85f250cc2e3a8f46796773f73b25dd017b0c0c53117df3745b3b70a06f97b6aa8cced95cb1610a3a4ad087ff71eae08640c9256ab70f"}, 0x0, 0x1400) r2 = perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fstatfs(r0, &(0x7f0000000300)=""/50) sendfile(0xffffffffffffffff, r1, 0x0, 0x8080fffffffe) getsockopt$packet_int(r2, 0x107, 0xc, 0x0, 0x0) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vcs\x00', 0x0, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, 0x0) write$cgroup_type(r1, &(0x7f00000002c0)='threaded\x00', 0x9) write$P9_ROPEN(r3, &(0x7f0000000000)={0x18, 0x71, 0x0, {{0x80, 0x3, 0x3}, 0x5}}, 0x18) [ 179.658910][ T7560] device hsr_slave_1 entered promiscuous mode [ 179.810951][ T7565] IPVS: ftp: loaded support on port[0] = 21 [ 179.834754][ T7560] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.835955][ T7568] IPVS: ftp: loaded support on port[0] = 21 [ 179.842050][ T7560] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.855979][ T7560] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.863117][ T7560] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.873968][ T7563] chnl_net:caif_netlink_parms(): no params data found [ 179.989204][ T7563] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.996493][ T7563] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.006791][ T7563] device bridge_slave_0 entered promiscuous mode [ 180.021505][ T7563] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.029892][ T7563] bridge0: port 2(bridge_slave_1) entered disabled state 20:57:47 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) r1 = socket$packet(0x11, 0xa, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff00c}, {0x80000006}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 180.040201][ T7563] device bridge_slave_1 entered promiscuous mode [ 180.089811][ T7563] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 180.109624][ T7563] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 180.188810][ T7560] 8021q: adding VLAN 0 to HW filter on device bond0 [ 180.232833][ T7563] team0: Port device team_slave_0 added 20:57:48 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000180)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000280)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(0xffffffffffffffff) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) fstatfs(r0, &(0x7f0000000300)=""/50) write$cgroup_type(r1, &(0x7f00000002c0)='threaded\x00', 0x9) [ 180.286769][ T7563] team0: Port device team_slave_1 added [ 180.299595][ T7560] 8021q: adding VLAN 0 to HW filter on device team0 [ 180.308937][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 180.320971][ T17] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.340208][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.351918][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 180.366678][ T7565] chnl_net:caif_netlink_parms(): no params data found [ 180.392225][ T7572] IPVS: ftp: loaded support on port[0] = 21 [ 180.408628][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 180.420004][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 180.430453][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.437595][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 180.449225][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 180.477309][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 180.485802][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.493147][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 180.501389][ T7568] chnl_net:caif_netlink_parms(): no params data found [ 180.550699][ T7569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 180.610656][ T7563] device hsr_slave_0 entered promiscuous mode [ 180.658134][ T7563] device hsr_slave_1 entered promiscuous mode [ 180.713325][ T7576] IPVS: ftp: loaded support on port[0] = 21 [ 180.759115][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 180.768566][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 180.778395][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 180.787089][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 180.803706][ T7565] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.811080][ T7565] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.819449][ T7565] device bridge_slave_0 entered promiscuous mode [ 180.830095][ T7565] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.837157][ T7565] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.845445][ T7565] device bridge_slave_1 entered promiscuous mode [ 180.865988][ T7568] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.873267][ T7568] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.881137][ T7568] device bridge_slave_0 entered promiscuous mode [ 180.905186][ T7565] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 180.915401][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 180.924583][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.934399][ T7568] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.941711][ T7568] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.949928][ T7568] device bridge_slave_1 entered promiscuous mode [ 180.977026][ T7565] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.002934][ T7560] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 181.014118][ T7560] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 181.025674][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 181.034213][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 181.043122][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 181.051609][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 181.064767][ T7568] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.077369][ T7568] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.086362][ T7572] chnl_net:caif_netlink_parms(): no params data found [ 181.110285][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 181.124491][ T7565] team0: Port device team_slave_0 added [ 181.141794][ T7568] team0: Port device team_slave_0 added [ 181.155804][ T7560] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 181.168280][ T7565] team0: Port device team_slave_1 added [ 181.181627][ T7568] team0: Port device team_slave_1 added [ 181.202395][ T7572] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.210533][ T7572] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.219330][ T7572] device bridge_slave_0 entered promiscuous mode [ 181.227054][ T7572] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.234688][ T7572] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.242767][ T7572] device bridge_slave_1 entered promiscuous mode [ 181.290369][ T7568] device hsr_slave_0 entered promiscuous mode [ 181.328195][ T7568] device hsr_slave_1 entered promiscuous mode 20:57:49 executing program 0: r0 = getpid() connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x20000000006}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='maps\x00') sendfile(0xffffffffffffffff, r1, 0x0, 0x8005) sched_setscheduler(r0, 0x5, &(0x7f0000000040)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) read$eventfd(0xffffffffffffffff, &(0x7f0000000400), 0x8) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f00005befdc)) getsockopt$inet_sctp_SCTP_STATUS(r2, 0x84, 0xe, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000280)='SEG6\x00') ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x0) ioctl$DRM_IOCTL_GET_CTX(0xffffffffffffffff, 0xc0086423, 0x0) r3 = syz_open_pts(r2, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000300)=0x14) request_key(&(0x7f00000000c0)='cifs.idmap\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000140)='/dev/ptmx\x00', 0xfffffffffffffff8) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000001c0)=0xa000000) [ 181.475419][ T7572] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.506309][ T7563] 8021q: adding VLAN 0 to HW filter on device bond0 [ 181.530849][ T7565] device hsr_slave_0 entered promiscuous mode [ 181.598662][ T7565] device hsr_slave_1 entered promiscuous mode [ 181.652319][ T7572] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.669232][ T7572] team0: Port device team_slave_0 added [ 181.701142][ C0] hrtimer: interrupt took 30225 ns [ 181.744325][ T7572] team0: Port device team_slave_1 added [ 181.773501][ T7568] 8021q: adding VLAN 0 to HW filter on device bond0 20:57:49 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000140)=0x78, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10) recvmsg(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1}, 0x0) write$binfmt_elf64(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c4600250000050000000000000003003e00060000002c010000000000004000000000000000e1000000000000000500000087003800020002000700ea000200007001000000ea0a000000000000f7ffffffffffffff00000000ffffffff00000000000000000100000001000400010000000000000001000070040000000500000000000000000000000000000005000000000000000100000001000000ff0f00000000000000fcfffffffffffff423273d395b5dfe49a633eb0eb0263328129db30c89d614ca312379424593d1149401363a977a2b10bc8394762bab422771360aa38dc889b26829f721e3098b0f80c2f4ee55bcf0df04911af0a6a16e0ab5b5bb1e2227df0cb7b403be567ea3b9adef738dd4b7efbd9e56dfc0dc488a064d4ad246d477bc8fedb6c1fbcd09469e544a6ac9afa9987b94c8d1209a41a79416931a8f43bd761418a2c47221a2a4d6bee2592cd6eab8fa3ac582965b48d68fb1dde708c9901874b0f1628c0adf0dc15872d102a327edf073a52942892de4cc87c25e76cde841dd1e09db3f59955450018b682981af9bf3133a11fbf7915b41105bd663e6f7116777b3cb43f260d25a06d22119ca7674f7d9eeb496cccae5ea73758600072b6f0c2a040000002001cb0000fbc132be60c8b0bf6ac0a892b355685d62cb7077a1e889c359d7bfc544111c6ca232e6c62461b4da2655c793ea650e593a0b8f085567b065536d649fea6d4e202255fc1a0dedba780af208b0457ed33958cfd97c0155f59b06d997423bb3b6f3d5e01c8b74030434cacb0e508ef261aff03a72021b6011f6ff05f6070f0bcb7d75cbf1668562cd6599dcf1eac792c47370ac83b2730215d9955f6fa81f59d3209fbaf52f41f8c413432d976fe6eb3ae98661de6250e09bcf7b82d0492b349ca022abe346a443d41aa83ba7d2ed5193dda7e9c78769b1430e5a171e12e0fa1d057e1aef4b856ab0f2dabc8b207f09d78e1f83461ccac0b2558732ea70d369973971d2c6d94081f33308b1e4b27a2ce6f45838809407045aa63b07372728d2aabbb752eb506219d82564c7323f73bfc2260fd95e5e8eeca550b29adcca477de69469764858d7aa3ab8afd99e883c43dacae12ac88e7fea5a99df90755e5caf59185794ed6419a22fe36d9070ed6558b090cb871914491e2a135047b729107896b784bf87c941f7b993033898b993c83b8bcec93aed20e900921e8c8e65939b23a0f84c837a71633aad5664665e7f89839258d1477a2e8fceaa9280b9c9dc53b5ed4bd907c3948f04ac1eff961bf3040ae0faed3985bccc355506dfcd52907750828fc988e60aec5b577af9769cebc8d6e87a826826f8362c84fe7ec9e6d3cc39c1b6b6b9005eaaf0d9037fa576757018d3f60fbab576284cd734f48b0e4b3e70a4b8143dc67e94c1090b7376eec330f5995c4b3a119646b4a953cf0669d6e52264827bbbae2c7565529a68f46f5e1a23137059867d0192caf6b22e2d74f8fbe12a139bc90a0d12b6acc0a106ba4fc2baf87c254bb54083ffffff7f63dbc82581cec688136c617847b1a3b6c0c331af00086cae971610587c4683d5f1b0dd68b8a419f581f0387cc9d1a435e329a0595d73a4489b1ea23c331ca752bfd46de13f0ee26e7e2e9b11dd7151883ac8112c0ba049070bcf00881cc0a37395f1a102cddda4b0b903b0233461e70254e6a75b9c29c02fce51b630d5cd58867e5f8e5b47fdb2fb53e0b9485f1079ddb39d7b3ef5d8d37be9a08714575e454274581a8ad758ba53da32d2c893e8a40de0febf31f84016558a9db7c53dec27895d69fa1a34e4b5b856f4d0974a9dd4031e28632a245b921a576f1a19f47d7ba08e9ca94a7ae46c89b379d90e0dfdcffb790586d920ea79f94af735aa51695dfe0c9c73a44b277e877b473b43f5c3a960d7c5e22678ab3f7cf46bdf23cbbd31df613827f8e23f7b2c71be25eab7dbd56f7b426b78f8e5afe72366ffcd05c29b92ad591e35a19df805a2b8819b87a13109c19ea941e9b9f6ee1c47708870abfda2debce7eae0f356bc896a5a207f6bc3ed4186117e1ae9b061d3a9a94520a6df99fd700c6fc3b82467a1257c2040dd34b2fb30c032224e6b864900f93168e387edaeeedaebf8b7b40d4caaa97c85229e63770ced3382013fd11010d0ee46333666aaec98aacc511c92be9e55eee400c74ab4614552624ad88f5d63b6f87e85826ee7cf6f15418f9712c6d07f36a54f097d9bc48b3035ae569af4753e7831dc520fe4726d0c96d0cb7b45e5ca5002884d38ed8e8ead8d4a7da76f9bcfda48fd27345bec7dd4356ef7b11a0cd3113bd9c581e7e647eddd060553fd6e9194bc07ffc5ca9eb6e9ce36aa545ac0f6e242e381282522481668f05909a69db9c8f417ce2406fb727c11fa8ed3ec6f097fed51414f32860700000000000000060d97539c1215ad15f4f24e9921c3fc46c8e566a6aa0fe836f4fb616d5b871cbdc9cb27e00245bb2291f767d4c581387a63022c727026043c0180a848edd1c3fffff21c3fe0b11c65caca8941959536882277e3dc9e61da52527a24e2d79a367a80b33b24f1ca184d56ad13194867d7a0a424977b5f256a4643460a03007ccf2abb042c6a8f357ee967298f4ee68fa10d82aeec9c63884f43927692db04bfa6651a630ff1"], 0x76c) shutdown(r0, 0x1) [ 181.793588][ T7563] 8021q: adding VLAN 0 to HW filter on device team0 20:57:49 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) r1 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gre0\x00', 0x10) setsockopt$inet_mreq(r0, 0x0, 0x20, &(0x7f0000000040)={@broadcast, @local}, 0x8) [ 181.910462][ T7577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 181.929093][ T7577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 181.945607][ T7568] 8021q: adding VLAN 0 to HW filter on device team0 20:57:49 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000140)=0x78, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10) recvmsg(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1}, 0x100) write$binfmt_elf64(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c4600250000050000000000000003003e00060000002c010000000000004000000000000000e1000000000000000500000087003800020002000700ea000200007001000000ea0a000000000000f7ffffffffffffff00000000ffffffff00000000000000000100000001000400010000000000000001000070040000000500000000000000000000000000000005000000000000000100000001000000ff0f00000000000000fcfffffffffffff423273d395b5dfe49a633eb0eb0263328129db30c89d614ca312379424593d1149401363a977a2b10bc8394762bab422771360aa38dc889b26829f721e3098b0f80c2f4ee55bcf0df04911af0a6a16e0ab5b5bb1e2227df0cb7b403be567ea3b9adef738dd4b7efbd9e56dfc0dc488a064d4ad246d477bc8f"], 0x129) shutdown(r0, 0x1) [ 182.000250][ T7572] device hsr_slave_0 entered promiscuous mode [ 182.028009][ T7572] device hsr_slave_1 entered promiscuous mode [ 182.100847][ T7577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 182.112371][ T7577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 182.122765][ T7577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 182.135089][ T7577] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready 20:57:49 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00') sendfile(r0, r0, &(0x7f0000b58000)=0x1964, 0xfffd) 20:57:49 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00', 0x20, 0x3, 0x2e8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000480], 0x0, 0x0, &(0x7f0000000480)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x15, 0x16, 0x601a, 'ip6gretap0\x00', 'gretap0\x00', 'tunl0\x00', 'vlan0\x00', @empty, [0xff, 0xff, 0x0, 0xff, 0xff], @random="c86792943679", [0xff, 0xff, 0x0, 0xff, 0xff, 0xff], 0x70, 0x70, 0x1a0}}, @common=@SECMARK={'SECMARK\x00', 0x108, {{0x1, 0x8, '/sbin/dhclient\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'ip6erspan0\x00', 'bridge_slave_0\x00', 'bridge_slave_0\x00', 'bcsh0\x00', @remote, [], @link_local, [], 0x70, 0x70, 0xb8}}, @common=@RATEEST={'RATEEST\x00', 0x20, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x3, 0xffffffffffffffff}]}, 0x360) [ 182.147116][ T7577] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.154248][ T7577] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.164860][ T7577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 182.174138][ T7577] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 182.186726][ T7577] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.193876][ T7577] bridge0: port 2(bridge_slave_1) entered forwarding state 20:57:49 executing program 0: r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x8, 0x200000) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000040)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read$eventfd(0xffffffffffffffff, &(0x7f0000000400), 0x8) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f00005befdc)) getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, 0x0, 0x0) r4 = syz_open_pts(r3, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000300)=0x14) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, 0x0) [ 182.223449][ T7576] chnl_net:caif_netlink_parms(): no params data found [ 182.268058][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 182.287375][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 182.296628][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 182.305589][ T2918] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.313144][ T2918] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.326886][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 182.335745][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 182.344346][ T2918] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.351421][ T2918] bridge0: port 2(bridge_slave_1) entered forwarding state [ 182.359587][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 182.368340][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 182.426171][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 182.479439][ T7591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 182.493051][ T7591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 182.502493][ T7591] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.513860][ T7591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 182.526076][ T7591] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 182.541648][ T7591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 182.552400][ T7591] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 182.561299][ T7591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 182.570099][ T7591] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 182.579161][ T7591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 182.588794][ T7591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 182.598536][ T7591] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.695018][ T7565] 8021q: adding VLAN 0 to HW filter on device bond0 [ 182.709410][ T7563] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 182.729438][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 182.737428][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 182.752014][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 182.764056][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 182.776768][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 182.793166][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 182.805502][ T7568] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 182.823690][ T7568] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 182.847884][ T7576] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.854993][ T7576] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.863688][ T7576] device bridge_slave_0 entered promiscuous mode [ 182.881657][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 182.892362][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 182.901568][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 182.910280][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 182.923525][ T7565] 8021q: adding VLAN 0 to HW filter on device team0 [ 182.932169][ T7576] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.939863][ T7576] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.949095][ T7576] device bridge_slave_1 entered promiscuous mode [ 182.966431][ T7568] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 182.981675][ T7563] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 182.994077][ T7576] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 183.013334][ T7572] 8021q: adding VLAN 0 to HW filter on device bond0 [ 183.022758][ T7576] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 183.041810][ T7576] team0: Port device team_slave_0 added [ 183.063170][ T7576] team0: Port device team_slave_1 added [ 183.071189][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.080965][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.089703][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.096746][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.104534][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.113716][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.122269][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.129538][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.137195][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 183.146164][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 20:57:50 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="ab553fec", 0x4) r2 = accept$alg(r1, 0x0, 0x0) r3 = dup2(r2, r2) write$FUSE_POLL(r3, &(0x7f0000000340)={0x18}, 0x18) recvmmsg(r2, &(0x7f0000004ec0)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=""/84, 0x7ffff000}], 0x1}}], 0x1, 0x0, 0x0) [ 183.161975][ T7572] 8021q: adding VLAN 0 to HW filter on device team0 [ 183.205160][ T7569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 183.219468][ T7569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 183.227424][ T7569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 183.236909][ T7569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 183.246003][ T7569] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.255015][ T7569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 183.264326][ T7569] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.273050][ T7569] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 183.304708][ T7569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 183.323645][ T7569] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 183.333009][ T7569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 183.348448][ T7569] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 183.357139][ T7569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.366068][ T7569] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.375103][ T7569] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.382410][ T7569] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.391105][ T7569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.399936][ T7569] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.415718][ T7569] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.423010][ T7569] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.437295][ T7569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 183.446186][ T7569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 183.461007][ T7569] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 183.530212][ T7576] device hsr_slave_0 entered promiscuous mode [ 183.568621][ T7576] device hsr_slave_1 entered promiscuous mode [ 183.609839][ T7565] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 183.623405][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 183.631961][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.650815][ T7572] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 183.661254][ T7572] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 183.676000][ T7572] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 183.692926][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 183.701398][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 183.710533][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.722943][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 183.731607][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 183.740425][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 183.748959][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 183.757694][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 183.824749][ T7576] 8021q: adding VLAN 0 to HW filter on device bond0 [ 183.843402][ T7576] 8021q: adding VLAN 0 to HW filter on device team0 [ 183.865225][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 183.882110][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 183.912514][ T7577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.921582][ T7577] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.930198][ T7577] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.937317][ T7577] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.945527][ T7577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.958452][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 183.965021][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 183.975120][ T7577] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.983598][ T7577] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.990811][ T7577] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.002225][ T7577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 20:57:51 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000440)='/dev/sequencer\x00', 0x800020000000001, 0x0) write$sndseq(r1, &(0x7f0000000200)=[{0x80ffffff, 0xc, 0x0, 0x0, @tick, {}, {}, @addr}], 0x30) 20:57:51 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000019c0)=""/61, 0x3d}}], 0x1, 0x0, 0x0) readv(r1, &(0x7f00000002c0), 0x1a5) [ 184.012836][ T7577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 184.029006][ T7577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 184.038058][ T7577] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.047004][ T7577] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 184.055379][ T7577] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 184.078040][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 184.083961][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 184.091154][ T7569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 184.129462][ T7569] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 184.172019][ T7576] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 184.198485][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 184.204882][ C0] protocol 88fb is buggy, dev hsr_slave_1 20:57:51 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f00000000c0)=[{0x6}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @loopback}, 0x10) recvmsg(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)}, 0x100) socketpair$unix(0x1, 0x400000000000001, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) shutdown(r0, 0x1) [ 184.217459][ T7576] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 184.255638][ T7569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 184.277328][ T7569] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 184.294548][ T7569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 184.303485][ T7569] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 184.312870][ T7569] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 184.329214][ T7576] 8021q: adding VLAN 0 to HW filter on device batadv0 20:57:52 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000440)='/dev/sequencer\x00', 0x800020000000001, 0x0) write$sndseq(r1, &(0x7f0000000200)=[{0x80ffffff, 0xb, 0x0, 0x0, @tick, {}, {}, @addr}], 0x30) 20:57:52 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket(0x0, 0x0, 0x0) setsockopt$inet_mreq(r0, 0x0, 0x2, &(0x7f0000000040)={@broadcast, @local}, 0x8) 20:57:52 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x201, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") write$UHID_SET_REPORT_REPLY(r0, &(0x7f0000002240), 0xc) write$UHID_INPUT(r0, &(0x7f00000001c0)={0x8, "54890c0bccfe88f89f9cdfd46009282848da435d17113e7637b44dcc40837278b0ffc65b3ad4df7d2e878b039a19a1b507bd9fcf4607fe6445b5b618fd235ab75b2d31a4068c91fdb847305c0b439fa675d4da4857e2c82a8537b26825ac392c7a508447cc86b2ad5bbf10b5f9403897c849511f7e701ee4eb983d1aa1e9cfa35171ca11166a9630e163fdaf862046d54afe62b21e810ea2e57dcf85a40cb9d6d97bb0d1d15cccabf1c1d4667875290b17713d93b6b69aec08fbf56035bd488fe68742539f2b4f91966297269ae008bec750c72cc6134421f0a366aaf3b9a76272a5e06365061cf8d4eca3a5c9ba1ee59e57377022f0a6d88fd37a87459822b613888a496cf4a5875ee36dc5655ba78db6c514790803f93682393c4b06266ab96f4af4576b2a6f4817faa32ae8d1584624d6be2e23a10bd96874721fd273f053494664802f6fce9220d5e40ceaf3c42a5c5858a5181722b8caf0e44e1c3783aef961e44a3303beee6a309120c3c6e46eb7d893c72240ef09caad704f92bd561276ffb668cfec1cac8b89b26c4da7e9335f512403c3b101579c9895803a519eb965dc4b4ee3d6ff958ee93439727ac86796b13a47c06eafd7061dc73e688a80a17323251a5a4815c69e48a7f4b740fae88b5f83315f0890ecaacc2aba306191d448bc0eb1516a86969217bfc976ad17dcb38b6b51dc613b20c984d2e65d0cb6aecbf197334cd0c2a5f5cdabaa755e9014b21a4927255d58d304f8c2b6d7a69fb7eb84aec3ef65af2cc315ed807c251763a6e7879540607e897dd2a11d9b8bca67f3c3b6fb3ee43a9d042b4b3abed9fd74a16c64323211b1632d866a4c97e85e18b3696424a3a00fc155aac44557445fcb893cbffc5b7179f6a2b8fcd1a3353e946d7d33cd9b02bd1d9055b10a6834725dd016cefc70ce51616242a2b090a75f446091f52a9055afb99fccf5a0c4daf8138d3f24a331ac0085cc405259e6aba642b81bf906ce731c0b9616d3c17ea02249eac443a38a792d015edb6349dd87e34b5956719a9bf638714fa77bb1da7737dbd3ab6f2c325f0d6b13619d63d62f84f057635c3dada90c2de19dea4b5b8717ce2009844de9e6bdcba1ea2ee168bdee769cf56de95275efee369b1f5c97df646608b3b175d634879fd02abfe13a24878a08874aed9b5c59527521786ad7b97069be2a33d9ece4bcca717eb391d2e08f10fd2bb6d126d79910479b4ccfa83e7615dec7e36d279dd792fb91f6cb6bc1fecf167d932a26cbb991f046e2e4a2fb7b626b2cac576fa7dc25910375847e5987bba43597fd6c3f617136464e8ca455d2bc9db9360d42b20e7aaa831b11d74788f275728957a6ef9a6bb55d60151fca195e1b4be31c46bd7de6b90665667ed5b39948a12d1390a726b98b1148b0f0c6ba439c7e5a354c9c4dd50ae428b60378309cb81efa530232f49b54479b0fde9e971ba292ab1dab5d80134ba9db52d5dc288af14523df96ffad5b1348dee62263a679d62026cdf1e36199ba60554fbe28b3ad23176502df5cca19b78ff4358f52013a1674d9274ed77d22d64808d6778d673c5a565d7faaae8ab1981c2928f062f5422b4652db2f7faa9d090952237647f662998d8bd2d3d7c99ba7e81173f08324a4b69d13d48ba455376491637e706d626f252127ea3ba945e051dd3d335d7bcd29280967ca0f1ea28ef8a193e675026d852502dedaae517463246fc972563713112e356ee5c920e63d23b12e034a5e5f87dc4e197e1e03da0d3b6a11ce9af03383b0179e9de1e10888fb2dc1d858500b1bd492a8eb8afb56eca1ff85ed91fb8cbedbdcc22bff03b8c1dca7a181bb85e150379b987990c869162a1f6a5af3f825134f35e9ae59c4010c367792bc6d06af00d048bbc2c42954b14136112fc6f504865892439862edc7de7b55f2ca651342599e73b186d05b045ebfc193635d8e5c8745dfa3476667792b9bc7fe92e5ded99237992fa5501e6de0392966e902daaeff164b0262075a7699c666ca4c98780e2d2c018bae31e5f7ca59dcfc3b37e0d7219959fb13cff774b65f046f1014ec8ccb54deda8ea1a92fea2945703b24ec184c4d0870067786e46ff41b3a34345406298fc26095b083b1d6830696d1ffc6c1cab388a68825fa286c11b1ef8f2822acd7b847150adc43533ece4aba652d2a0ca9d40ba0ea9e98750170bd105d3419ed02306433691b996e6d1e3dbcc04cd5e3fc9c1ab7de360dae221d9085e82fa6916eb57c497a557f7d8c1d7f28828328494b7e2a7d075f11ff5f966aec14a8f791bca552e646cb57881c261765d169fd2fe5eb49905de4516f50079b14694086194dcd69bf3a4614c38d737aad20f58b58b0b25e672089b2b828418e782412b688d1167b4ee2bfd1742e28ba9c599e99b224a20528d986ae07ce1361b273c99e1d3177f7d9a5c259a90cd3882c6073092eb811a7ba090e4c4738f47b69e6821b4eb2d9d9db43dd41218b58068f2bb859f9bdc7a296eb3a05ba1568e784063f6135e6ebdb73e1326adb794a4ee54d0bf54bd5e0201125297fd14be0613030689bb031abb3e54e3c12fc9a7039306795482b1c379f4afd8901d7921f4d41071eab5cbf4bb599d6e1101bea8d2f5f20d9622a4185531a2b5b5d0778b9df5780d38e431ede26150702b5fea15e1c577e1035b56c98687ee549831865c3c79920564a4d678183c221254d67996f71f50761669a6883b61718fe4720fa0505371b26a48b28f86d202b4add64fa5e52be3f19163de0645914b1cf87b0ef831b85016de1f25197548cf9348a0cc790a6c50f02252562111b3e3f0d3c8444d4d11b123e4c9b6651414d0b287c2c80615a656cc1311b65fddc3be29e54dae8f2235227a3c68726be5251c8d031d014f26422bbe71682cf40e7ef43d9a6213a7dba5ef93998c1a0b3bbafb3ce586afb91519d551c80e7fe391bb95dd52082f1b6ab6e64bb9c71bbde9734fa803bd75a98b51e40cedf751048f13ebfd10a7d2c9b7cbe8742863ae3899a5ef76eae9cd6c3744585abdf37182a7e11b3a078b76f5e6f798c98fe37e6d1ccd1997fb8f037a28088e5f63946ea813861f82ed46f8529f45a24adf3d44fe4cc316c977cd43d792d88ba4370f00a5375747f3d4a3dfb644b676737abd3e3334aa0df0858a4d706e8eceeff9dc6de9a28b2714aa3da1463a41006961b73f3cbd0558553d0caf8bf81f2109e96fd4ec4b862d6bee0a46d0fda7e7723490232e04bbffbb4128203a38e7cf0c156eb292be72bd876d800e375a4d8ec5a0448fac7198cb19c82b3f4c2aa1ad1036850d2486ec4bdff16905e77fa381f716b32c1d7145f979ef7acdbf845d626beb559385e75836e003b5140421dbc5da104c661ebbbd3702aac84c77b80c9ca7d8e5b1a039bbf877740fa7c38f3a4ad205c10e3cb0fcd4dc69d1327a88ed60ed4c31a6f861cc95b9a564a0f84e388a79052f9929f1b0f43094abefcb488143487d83559a3fff88cca9ff48e1cd0ae5b49878fce30697d77353beb9b17bbc9789cec186c4bb130e96221bd679f9f0843394c0447615d49d7beb23d4a8658ab726c3084f6aae3e954cd74cacffef79c19b52abff5bce5e3adb422da03c0cd1a988e602a678cf4fc8e826402051f2890ead1b3a7827eb8e1606283a0908a3bb4da1180675915065999ee21c787c6debc581e9fcea1139679ed392c96f2b8dd66f9508cd0309d13f7fdeb79df9efe4a6c7aed46db178ab03d54a0d14f44a465d8a47324d30748dafeac174be60282d97903623e2f0fd6b34e8edfe13c8bcdd549c02e085a4aff856da26e498ec9d216f392aa457ff906ba164a9772b1e3c5a223568705634183dedae04d87765979731057bbc1bbbef402f6663b6775b8026155593b81a0b94c411d1ef0ecaa490b90486176d4d3e9381d4bafa252585fe82785fe7d80368680c35677ac2e37673ee17d5965407f69c3db5080d0a2b143fc87b1df8aa534126a316520f7f11d3f4f2834514361445db12cd305e7263b09ee0c178f87989242ab302a2b043d9703349a414bf68473332a6b8bad6ab81a8609b8ee5bef1bed935a766c37cdde9aa5cd3755894353bfb07c5c0eab106e7c822d7b3b2dd0d87007ffb688b42ca0b5c5e87d5133a9bc1e9b20d58c9b2ecb40a9ac9cab7c6cb210777d9a714ea47040b48605f5ba2b61c9325f5e1c0c991a25860ea93db147037edd6e8a291785e8b2f3008100c55a4e674ffc564e058cd24ff1da433d8de617dcbe59b4896da735e4aeaca60f76b64b646cc91a8fe3bb031453d8e29f1c25904359060278e505ec62dd4270ce15517612d6a18f0660c26a2becf0531504319a9a2368bb671b1fc530ce14abe3fa671974647be8a89b5ce38d34fb18a0d13e5bcd900fe1153626a48edaa9f74f51dc8cdff3a0f408e8de41871d5bdf0dad7b7a7b1d1713c059213488197da5d2a485ae11a9783e23215aa8e15a73e7cfe3ea6dba4ba578eb911012749cabbd650de1785beebfe017eb37cc303f019d5862b3101534a17a6e7bbcf552068769f4ca1b3b54240df788ab7a3b63f891ecff4647fb916746565c088579b923d17b232af8221b098eacdec9e8d42c5758d92674e92e55af2afb02665073d4d1cb53469fcb1526b272a842694fe3c1b283f5673e7e119664f136bcfd2d4acce76acb744962a5894a141c4c0f58b6d0278066c7561bb5b796b57c7054e738c3a45f00aad1c6ec598e255e22a282957d32306a041e7b07d2c1a698069887072c98c5437a17a6114506ad5a91b8897f0477022ef5ccd1131260b7f66cb41716a9c6fed83972eefbe43ff8679490fbd37885a02f855c4ab9c17cdadd5e1a1278e73083a83913452ecb6c77797ed2b74b1c62a8c34deda673ba061ee90c1b28cfcf65da42e84fe72644409f2d27d834d77c5bbe76c4e4e609ceae9a7a2e558914e03030e676429a06ac0dc455026d7702fce69f0da9f40268291bc016600b6a9e9a15d5a90ccf3008c97684b6973131901c816d77d0b352db8da44de3f6e7da8f9747b879b093a04844f5c20e42561852d0db90a77dbb4de083f8d53e34d2f80baad1a9802b21a48204b4ec0381fc26362a9de89d8d91e8a2abb342afccc9d866432ad940e0bb6ae0739bdb367cc29c9c5a057a645fa0a7ea6b4b09254096a4eb5c46e7d1434743e3eab4f0bd572e1e4202991914dd6a0d881e4cfb6082b3562ba18c30842aec75be1e3c648378bbfda0ade349247a776e12bfdb4e8dafa5774526c559f7142a7a86675bfa27d2ea5db0ec2b45e8f064c963445b546086490dbcf0fa01901a4993f7b347ecbe9b88fe6b6f541800ca60b055515286b0e6127feb9ea7a4051b8b6c5d56e9fbd70197d79bde9bb32d0cc0e0463d6bf0f33153278496a4ea6241eceea6009b9bd58e70223e882934b7bff88e31af8a4c1f17c8d0d176a257b4d275de69ea11a4b3081da7246303aad0f51550fa312eb0ef6ad270fa07f6f12f3d58a70f551d5c85191bad9a18c71f407e5fcc004465d29833aa0c6883c5d1efaec14631357f685534994d7513dcadaf275efdfa799f3060113f67e2e7629ac4e5a356671644ab1e030448d45ed2f735a2a5f44880c5d56b1c00c22a397226c43b2089b4196c35df4538247bbd28f34fc4e53d8ce61e5266dbea000677eb047e5ade5faea23cc3e8f0821c8542902a86ed640354748e254bd8ae00e69cf3fc51130f8f7bc1c9cb05829d5d9b4e476bf2f2c1ff276475d308f22a66a701b8de9b7cf4e72587dd", 0x1000}, 0x200011c6) 20:57:52 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) close(r1) openat$cgroup_ro(r0, &(0x7f0000000000)='cpu.stat\x00', 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000019c0)=""/61, 0x3d}}], 0x1, 0x0, 0x0) readv(r1, &(0x7f00000002c0), 0x1a5) 20:57:52 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket(0x0, 0x0, 0x0) setsockopt$inet_mreq(r0, 0x0, 0x21, &(0x7f0000000040)={@broadcast, @local}, 0x8) 20:57:52 executing program 4: syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000040)='./file0\x00', 0xa00000000000000, 0x0, 0x0, 0x0, &(0x7f00000012c0)=ANY=[]) 20:57:52 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000440)='/dev/sequencer\x00', 0x800020000000001, 0x0) write$binfmt_elf32(r1, &(0x7f0000000480)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x20, 0x2, 0xffffffffffffffff}, [{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}], "", [[]]}, 0x158) 20:57:52 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000140)=0x78, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10) recvmsg(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1}, 0x0) write$binfmt_elf64(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c4600250000050000000000000003003e00060000002c010000000000004000000000000000e1000000000000000500000087003800020002000700ea000200007001000000ea0a000000000000f7ffffffffffffff00000000ffffffff00000000000000000100000001000400010000000000000001000070040000000500000000000000000000000000000005000000000000000100000001000000ff0f00000000000000fcfffffffffffff423273d395b5dfe49a633eb0eb0263328129db30c89d614ca312379424593d1149401363a977a2b10bc8394762bab422771360aa38dc889b26829f721e3098b0f80c2f4ee55bcf0df04911af0a6a16e0ab5b5bb1e2227df0cb7b403be567ea3b9adef738dd4b7efbd9e56dfc0dc488a064d4ad246d477bc8fedb6c1fbcd09469e544a6ac9afa9987b94c8d1209a41a79416931a8f43bd761418a2c47221a2a4d6bee2592cd6eab8fa3ac582965b48d68fb1dde708c9901874b0f1628c0adf0dc15872d102a327edf073a52942892de4cc87c25e76cde841dd1e09db3f59955450018b682981af9bf3133a11fbf7915b41105bd663e6f7116777b3cb43f260d25a06d22119ca7674f7d9eeb496cccae5ea73758600072b6f0c2a040000002001cb0000fbc132be60c8b0bf6ac0a892b355685d62cb7077a1e889c359d7bfc544111c6ca232e6c62461b4da2655c793ea650e593a0b8f085567b065536d649fea6d4e202255fc1a0dedba780af208b0457ed33958cfd97c0155f59b06d997423bb3b6f3d5e01c8b74030434cacb0e508ef261aff03a72021b6011f6ff05f6070f0bcb7d75cbf1668562cd6599dcf1eac792c47370ac83b2730215d9955f6fa81f59d3209fbaf52f41f8c413432d976fe6eb3ae98661de6250e09bcf7b82d0492b349ca022abe346a443d41aa83ba7d2ed5193dda7e9c78769b1430e5a171e12e0fa1d057e1aef4b856ab0f2dabc8b207f09d78e1f83461ccac0b2558732ea70d369973971d2c6d94081f33308b1e4b27a2ce6f45838809407045aa63b07372728d2aabbb752eb506219d82564c7323f73bfc2260fd95e5e8eeca550b29adcca477de69469764858d7aa3ab8afd99e883c43dacae12ac88e7fea5a99df90755e5caf59185794ed6419a22fe36d9070ed6558b090cb871914491e2a135047b729107896b784bf87c941f7b993033898b993c83b8bcec93aed20e900921e8c8e65939b23a0f84c837a71633aad5664665e7f89839258d1477a2e8fceaa9280b9c9dc53b5ed4bd907c3948f04ac1eff961bf3040ae0faed3985bccc355506dfcd52907750828fc988e60aec5b577af9769cebc8d6e87a826826f8362c84fe7ec9e6d3cc39c1b6b6b9005eaaf0d9037fa576757018d3f60fbab576284cd734f48b0e4b3e70a4b8143dc67e94c1090b7376eec330f5995c4b3a119646b4a953cf0669d6e52264827bbbae2c7565529a68f46f5e1a23137059867d0192caf6b22e2d74f8fbe12a139bc90a0d12b6acc0a106ba4fc2baf87c254bb54083ffffff7f63dbc82581cec688136c617847b1a3b6c0c331af00086cae971610587c4683d5f1b0dd68b8a419f581f0387cc9d1a435e329a0595d73a4489b1ea23c331ca752bfd46de13f0ee26e7e2e9b11dd7151883ac8112c0ba049070bcf00881cc0a37395f1a102cddda4b0b903b0233461e70254e6a75b9c29c02fce51b630d5cd58867e5f8e5b47fdb2fb53e0b9485f1079ddb39d7b3ef5d8d37be9a08714575e454274581a8ad758ba53da32d2c893e8a40de0febf31f84016558a9db7c53dec27895d69fa1a34e4b5b856f4d0974a9dd4031e28632a245b921a576f1a19f47d7ba08e9ca94a7ae46c89b379d90e0dfdcffb790586d920ea79f94af735aa51695dfe0c9c73a44b277e877b473b43f5c3a960d7c5e22678ab3f7cf46bdf23cbbd31df613827f8e23f7b2c71be25eab7dbd56f7b426b78f8e5afe72366ffcd05c29b92ad591e35a19df805a2b8819b87a13109c19ea941e9b9f6ee1c47708870abfda2debce7eae0f356bc896a5a207f6bc3ed4186117e1ae9b061d3a9a94520a6df99fd700c6fc3b82467a1257c2040dd34b2fb30c032224e6b864900f93168e387edaeeedaebf8b7b40d4caaa97c85229e63770ced3382013fd11010d0ee46333666aaec98aacc511c92be9e55eee400c74ab4614552624ad88f5d63b6f87e85826ee7cf6f15418f9712c6d07f36a54f097d9bc48b3035ae569af4753e7831dc520fe4726d0c96d0cb7b45e5ca5002884d38ed8e8ead8d4a7da76f9bcfda48fd27345bec7dd4356ef7b11a0cd3113bd9c581e7e647eddd060553fd6e9194bc07ffc5ca9eb6e9ce36aa545ac0f6e242e381282522481668f05909a69db9c8f417ce2406fb727c11fa8ed3ec6f097fed51414f32860700000000000000060d97539c1215ad15f4f24e9921c3fc46c8e566a6aa0fe836f4fb616d5b871cbdc9cb27e00245bb2291f767d4c581387a63022c727026043c0180a848edd1c3fffff21c3fe0b11c65caca8941959536882277e3dc9e61da52527a24e2d79a367a80b33b24f1ca184d56ad13"], 0x733) socketpair$unix(0x1, 0x400000000000001, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) shutdown(r0, 0x1) [ 184.573569][ T7687] ntfs: (device loop4): read_ntfs_boot_sector(): Primary boot sector is invalid. [ 184.608451][ T7687] ntfs: (device loop4): read_ntfs_boot_sector(): Mount option errors=recover not used. Aborting without trying to recover. 20:57:52 executing program 0: r0 = getpid() r1 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x20000000006}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='maps\x00') sendfile(0xffffffffffffffff, r2, 0x0, 0x8005) sched_setscheduler(r0, 0x5, &(0x7f0000000040)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) read$eventfd(0xffffffffffffffff, &(0x7f0000000400), 0x8) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f00005befdc)) getsockopt$inet_sctp_SCTP_STATUS(r3, 0x84, 0xe, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000280)='SEG6\x00') ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x0) ioctl$DRM_IOCTL_GET_CTX(0xffffffffffffffff, 0xc0086423, 0x0) r4 = syz_open_pts(r3, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000300)=0x14) request_key(&(0x7f00000000c0)='cifs.idmap\x00', &(0x7f0000000100)={'syz'}, 0x0, 0xfffffffffffffff8) getpeername$llc(0xffffffffffffffff, &(0x7f0000000240)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000002c0)=0x10) r5 = syz_open_dev$media(&(0x7f0000000180)='/dev/media#\x00', 0x80000000, 0x2) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r5, 0xc0045516, &(0x7f00000001c0)=0xa000000) 20:57:52 executing program 5: r0 = syz_open_dev$sndctrl(&(0x7f0000001200)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc4c85512, &(0x7f0000000080)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz0\x00', 0x0}) [ 184.672906][ T7687] ntfs: (device loop4): ntfs_fill_super(): Not an NTFS volume. 20:57:52 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x3, 0x8) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000180)={'bridge0\x00\x00\x00\x02k\x00'}) 20:57:52 executing program 5: r0 = syz_open_dev$sndctrl(&(0x7f0000001200)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc4c85513, &(0x7f0000000080)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz0\x00', 0x0}) [ 184.805313][ T7687] ntfs: (device loop4): read_ntfs_boot_sector(): Primary boot sector is invalid. [ 184.866894][ T7725] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.874716][ T7725] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.890248][ T7687] ntfs: (device loop4): read_ntfs_boot_sector(): Mount option errors=recover not used. Aborting without trying to recover. 20:57:52 executing program 4: perf_event_open(&(0x7f0000000680)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0xb}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 20:57:52 executing program 2: mknod(&(0x7f0000000000)='./bus\x00', 0x8001, 0x86128) pipe(&(0x7f0000000080)={0xffffffffffffffff}) accept$unix(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="030000008d25000900000000000000b3b16f05eb5ad35a0520000023"], 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x2, 0x0) write(r1, &(0x7f0000000040)="220e228901001c067ebc74a7c686cf801bf1fa48f4445ed5", 0x18) pwritev(r1, &(0x7f00000002c0)=[{&(0x7f0000000180), 0xff03}], 0x100000000000005e, 0x0) [ 184.916911][ T7687] ntfs: (device loop4): ntfs_fill_super(): Not an NTFS volume. 20:57:52 executing program 5: r0 = syz_open_dev$sndctrl(&(0x7f0000001200)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc4c85513, &(0x7f0000000080)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz0\x00', 0x0}) 20:57:53 executing program 1: syz_execute_func(&(0x7f00000003c0)="410f01f964ff090f01d941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dccc4a180c6d100") r0 = socket$inet6(0xa, 0x1, 0x0) clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f00000001c0)={0x0, 0x7530}, 0x10) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = dup(r0) write$P9_RAUTH(r1, 0x0, 0x0) 20:57:53 executing program 5: r0 = syz_open_dev$sndctrl(&(0x7f0000001200)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc4c85513, &(0x7f0000000080)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz0\x00', 0x0}) 20:57:53 executing program 2: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000240)='/dev/snapshot\x00', 0x0, 0x0) r0 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000000)) 20:57:53 executing program 4: syz_execute_func(&(0x7f0000000000)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e38c2e77170ecb11551067420f0ddb0ecb1155106f") clone(0x200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = creat(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x40) r3 = dup2(r1, r2) execve(&(0x7f0000000000)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) open$dir(&(0x7f0000000180)='./file0\x00', 0x80000841, 0x0) clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000580)='./file0/file0\x00', 0x0, 0x0) sendmsg$TEAM_CMD_NOOP(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000006740)={0x0}}, 0x0) 20:57:53 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x3, 0x8) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000180)={'bridge0\x00\x00\x00\x02k\x00'}) 20:57:53 executing program 0: r0 = getpid() r1 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x20000000006}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='maps\x00') sendfile(0xffffffffffffffff, r2, 0x0, 0x8005) sched_setscheduler(r0, 0x5, &(0x7f0000000040)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) read$eventfd(0xffffffffffffffff, &(0x7f0000000400), 0x8) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f00005befdc)) getsockopt$inet_sctp_SCTP_STATUS(r3, 0x84, 0xe, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000280)='SEG6\x00') ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x0) ioctl$DRM_IOCTL_GET_CTX(0xffffffffffffffff, 0xc0086423, 0x0) r4 = syz_open_pts(r3, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000300)=0x14) request_key(&(0x7f00000000c0)='cifs.idmap\x00', &(0x7f0000000100)={'syz'}, 0x0, 0xfffffffffffffff8) getpeername$llc(0xffffffffffffffff, &(0x7f0000000240)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000002c0)=0x10) r5 = syz_open_dev$media(&(0x7f0000000180)='/dev/media#\x00', 0x80000000, 0x2) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r5, 0xc0045516, &(0x7f00000001c0)=0xa000000) 20:57:53 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0xd, 0x4, &(0x7f0000346fc8)=ANY=[@ANYBLOB="1800000000000000000000000000000061128000000000009500000000000000"], 0x0, 0x1, 0xfb, &(0x7f00001a7f05)=""/251, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) [ 185.572553][ T7769] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7769 [ 185.582558][ T7769] caller is ip6_finish_output+0x335/0xdc0 [ 185.588359][ T7769] CPU: 1 PID: 7769 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 185.597394][ T7769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 185.607462][ T7769] Call Trace: [ 185.610772][ T7769] dump_stack+0x172/0x1f0 [ 185.615245][ T7769] __this_cpu_preempt_check+0x246/0x270 20:57:53 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="20000000180081000000000000000000050000000c0003000600000000000000"], 0x1}}, 0x0) [ 185.620817][ T7769] ip6_finish_output+0x335/0xdc0 [ 185.625786][ T7769] ip6_output+0x235/0x7f0 [ 185.630231][ T7769] ? ip6_finish_output+0xdc0/0xdc0 [ 185.635454][ T7769] ? ip6_fragment+0x3980/0x3980 [ 185.640334][ T7769] ip6_xmit+0xe41/0x20c0 [ 185.644768][ T7769] ? ip6_finish_output2+0x2550/0x2550 [ 185.650152][ T7769] ? mark_held_locks+0xf0/0xf0 [ 185.654933][ T7769] ? ip6_setup_cork+0x1870/0x1870 [ 185.659991][ T7769] inet6_csk_xmit+0x2fb/0x5d0 [ 185.664686][ T7769] ? inet6_csk_update_pmtu+0x190/0x190 [ 185.670174][ T7769] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.676522][ T7769] ? csum_ipv6_magic+0x20/0x80 [ 185.681434][ T7769] __tcp_transmit_skb+0x1a32/0x3750 [ 185.681460][ T7769] ? tcp_connect+0x1184/0x4280 [ 185.681485][ T7769] ? __tcp_select_window+0x8b0/0x8b0 [ 185.681496][ T7769] ? lockdep_hardirqs_on+0x418/0x5d0 [ 185.681510][ T7769] ? trace_hardirqs_on+0x67/0x230 [ 185.681525][ T7769] ? tcp_rbtree_insert+0x188/0x200 [ 185.681538][ T7769] tcp_connect+0x2e18/0x4280 [ 185.681557][ T7769] ? tcp_push_one+0x110/0x110 [ 185.681571][ T7769] ? secure_tcpv6_ts_off+0x24f/0x360 [ 185.681584][ T7769] ? secure_dccpv6_sequence_number+0x280/0x280 [ 185.681595][ T7769] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.681608][ T7769] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.691782][ T7769] ? prandom_u32_state+0x13/0x180 [ 185.691800][ T7769] tcp_v6_connect+0x150b/0x20a0 [ 185.691818][ T7769] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 185.691854][ T7769] __inet_stream_connect+0x83f/0xea0 [ 185.691865][ T7769] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 185.691875][ T7769] ? __inet_stream_connect+0x83f/0xea0 [ 185.691893][ T7769] ? mark_held_locks+0xa4/0xf0 [ 185.782186][ T7769] ? inet_dgram_connect+0x2e0/0x2e0 [ 185.787408][ T7769] ? lock_sock_nested+0x9a/0x120 [ 185.792363][ T7769] ? trace_hardirqs_on+0x67/0x230 [ 185.797399][ T7769] ? lock_sock_nested+0x9a/0x120 [ 185.802353][ T7769] ? __local_bh_enable_ip+0x15a/0x270 [ 185.807864][ T7769] inet_stream_connect+0x58/0xa0 [ 185.812825][ T7769] __sys_connect+0x266/0x330 [ 185.817431][ T7769] ? __ia32_sys_accept+0xb0/0xb0 20:57:53 executing program 2: ioctl$VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, &(0x7f0000000080)) bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f00005befdc)) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) ioctl$DRM_IOCTL_GET_CTX(0xffffffffffffffff, 0xc0086423, 0x0) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000300)=0x1) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f0000000100)={0x0, @reserved}) mkdir(&(0x7f0000000240)='./file0\x00', 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) [ 185.822403][ T7769] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 185.828828][ T7769] ? put_timespec64+0xda/0x140 [ 185.833707][ T7769] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.839358][ T7769] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.844898][ T7769] ? do_syscall_64+0x26/0x610 [ 185.849571][ T7769] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.849583][ T7769] ? do_syscall_64+0x26/0x610 [ 185.849605][ T7769] __x64_sys_connect+0x73/0xb0 [ 185.849620][ T7769] do_syscall_64+0x103/0x610 [ 185.849635][ T7769] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.849645][ T7769] RIP: 0033:0x4582b9 [ 185.849660][ T7769] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 185.849666][ T7769] RSP: 002b:00007fc3a7d86c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 185.907988][ T7769] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 185.916058][ T7769] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000003 20:57:53 executing program 5: perf_event_open$cgroup(&(0x7f0000000240)={0x7, 0x70, 0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x2020, 0x4, 0x1, 0x9f, 0x7, 0x6, 0x2, 0x0, 0x80, 0xec4, 0xffffffff, 0x1f, 0x0, 0xfffffffffffffffc, 0x6, 0x4, 0x0, 0x91e, 0x0, 0x162, 0x80, 0x100, 0x28, 0xffff, 0x101, 0x8001, 0x3, 0x8, 0x1ff, 0x2, 0x0, 0x40, 0x4, @perf_bp={0x0, 0x4}, 0x0, 0x20, 0x7, 0x2, 0x8, 0x3, 0x6bf}, 0xffffffffffffff9c, 0x1, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89b0, 0x0) gettid() perf_event_open$cgroup(0x0, 0xffffffffffffff9c, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8c4', 0x2761, 0x0) write$cgroup_pid(r0, &(0x7f0000000100), 0xda4fff08) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000200)={0x0}, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x660c, 0x5fc) [ 185.924056][ T7769] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 185.932040][ T7769] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc3a7d875d4 [ 185.940145][ T7769] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff 20:57:53 executing program 4: ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0206434, 0x0) r0 = open(0x0, 0x0, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x4) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_elf64(r1, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) add_key(0x0, &(0x7f0000000440)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r1, 0x40a85321, &(0x7f0000000340)={{0x0, 0x5}, 'port0\x00', 0x2, 0x1020, 0x100000000, 0x8001, 0x20, 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x1f}) ioctl$VIDIOC_OVERLAY(r0, 0x4004560e, &(0x7f0000000040)) 20:57:54 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x3, 0x8) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000180)={'bridge0\x00\x00\x00\x02k\x00'}) [ 186.505050][ T7811] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7811 [ 186.514715][ T7811] caller is ip6_finish_output+0x335/0xdc0 [ 186.520512][ T7811] CPU: 0 PID: 7811 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 186.529534][ T7811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 186.539696][ T7811] Call Trace: [ 186.543014][ T7811] dump_stack+0x172/0x1f0 [ 186.547361][ T7811] __this_cpu_preempt_check+0x246/0x270 [ 186.552931][ T7811] ip6_finish_output+0x335/0xdc0 [ 186.557894][ T7811] ip6_output+0x235/0x7f0 [ 186.562367][ T7811] ? ip6_finish_output+0xdc0/0xdc0 [ 186.567499][ T7811] ? ip6_fragment+0x3980/0x3980 [ 186.572371][ T7811] ip6_xmit+0xe41/0x20c0 [ 186.576656][ T7811] ? ip6_finish_output2+0x2550/0x2550 [ 186.582043][ T7811] ? mark_held_locks+0xf0/0xf0 [ 186.586825][ T7811] ? ip6_setup_cork+0x1870/0x1870 [ 186.591877][ T7811] inet6_csk_xmit+0x2fb/0x5d0 [ 186.596566][ T7811] ? inet6_csk_update_pmtu+0x190/0x190 [ 186.602125][ T7811] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 186.608381][ T7811] ? csum_ipv6_magic+0x20/0x80 [ 186.613170][ T7811] __tcp_transmit_skb+0x1a32/0x3750 [ 186.618390][ T7811] ? tcp_connect+0x1184/0x4280 [ 186.623178][ T7811] ? __tcp_select_window+0x8b0/0x8b0 [ 186.628594][ T7811] ? lockdep_hardirqs_on+0x418/0x5d0 [ 186.633912][ T7811] ? trace_hardirqs_on+0x67/0x230 [ 186.638960][ T7811] ? tcp_rbtree_insert+0x188/0x200 [ 186.644085][ T7811] tcp_connect+0x2e18/0x4280 [ 186.648697][ T7811] ? tcp_push_one+0x110/0x110 [ 186.653388][ T7811] ? secure_tcpv6_ts_off+0x24f/0x360 [ 186.658697][ T7811] ? secure_dccpv6_sequence_number+0x280/0x280 [ 186.664862][ T7811] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 186.671165][ T7811] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 186.677420][ T7811] ? prandom_u32_state+0x13/0x180 [ 186.682461][ T7811] tcp_v6_connect+0x150b/0x20a0 [ 186.687335][ T7811] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 186.692674][ T7811] __inet_stream_connect+0x83f/0xea0 [ 186.697972][ T7811] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 186.703269][ T7811] ? __inet_stream_connect+0x83f/0xea0 [ 186.708763][ T7811] ? mark_held_locks+0xa4/0xf0 [ 186.713549][ T7811] ? inet_dgram_connect+0x2e0/0x2e0 [ 186.718766][ T7811] ? lock_sock_nested+0x9a/0x120 [ 186.723982][ T7811] ? trace_hardirqs_on+0x67/0x230 [ 186.729023][ T7811] ? lock_sock_nested+0x9a/0x120 [ 186.733986][ T7811] ? __local_bh_enable_ip+0x15a/0x270 [ 186.739389][ T7811] inet_stream_connect+0x58/0xa0 [ 186.744343][ T7811] __sys_connect+0x266/0x330 [ 186.748950][ T7811] ? __ia32_sys_accept+0xb0/0xb0 [ 186.753901][ T7811] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 186.760155][ T7811] ? put_timespec64+0xda/0x140 [ 186.764948][ T7811] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.770508][ T7811] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.776051][ T7811] ? do_syscall_64+0x26/0x610 [ 186.780843][ T7811] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 186.786928][ T7811] ? do_syscall_64+0x26/0x610 [ 186.791642][ T7811] __x64_sys_connect+0x73/0xb0 [ 186.796438][ T7811] do_syscall_64+0x103/0x610 [ 186.801072][ T7811] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 186.806970][ T7811] RIP: 0033:0x4582b9 [ 186.810872][ T7811] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 186.830580][ T7811] RSP: 002b:00007fc3a7d65c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 186.839022][ T7811] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 186.847015][ T7811] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000005 [ 186.854996][ T7811] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 186.862982][ T7811] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc3a7d666d4 [ 186.870962][ T7811] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff 20:57:55 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000cc0)=@filter={'filter\x00', 0xe, 0x7, 0x63c, [0x0, 0x20000d40, 0x20000f74, 0x20001514], 0x0, 0x0, &(0x7f0000000d40)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x2, [{{{0x11, 0x61, 0x887f, 'bridge_slave_0\x00', 'batadv0\x00', 'lo\x00', 'veth1_to_bond\x00', @dev={[], 0x1b}, [0xff, 0xff, 0xff, 0x0, 0x0, 0xff], @empty, [0xff, 0x0, 0x0, 0xff, 0xff], 0xa4, 0xa4, 0xcc, [@cluster={'cluster\x00', 0x10, {{0x5, 0x6, 0x76}}}]}}, @common=@AUDIT={'AUDIT\x00', 0x4}}, {{{0xd, 0x61, 0x88f7, 'irlan0\x00', 'team_slave_0\x00', 'veth1_to_bridge\x00', 'rose0\x00', @broadcast, [0x0, 0x0, 0xff, 0xff, 0x0, 0xff], @local, [0x0, 0xff, 0xff, 0xff, 0xff, 0xff], 0xe0, 0x110, 0x138, [@mark_m={'mark_m\x00', 0xc, {{0xffff, 0xcb32, 0x0, 0x3}}}, @ip={'ip\x00', 0x1c, {{@broadcast, @dev={0xac, 0x14, 0x14, 0x1a}, 0xffffff00, 0xff0000ff, 0x6, 0x16, 0x20, 0x24, 0x4e23, 0x4e20, 0x4e21, 0x4e24}}}]}, [@common=@dnat={'dnat\x00', 0xc, {{@empty, 0x10}}}]}, @common=@CONNSECMARK={'CONNSECMARK\x00', 0x4, {{0x1}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff, 0x1, [{{{0xb, 0x30, 0x6000, 'teql0\x00', 'veth0_to_bridge\x00', 'syz_tun\x00', 'veth0_to_hsr\x00', @random="acc1042c0940", [0x0, 0xff, 0xff, 0xff, 0xff, 0xcae4be6554bc0098], @broadcast, [0x0, 0xff, 0xff, 0x0, 0xff, 0xff], 0x70, 0x1c4, 0x2f0}, [@common=@SECMARK={'SECMARK\x00', 0x108, {{0x1, 0x5, 'system_u:object_r:hald_var_lib_t:s0\x00'}}}, @common=@NFQUEUE0={'NFQUEUE\x00', 0x4, {{0x6}}}]}, @common=@SECMARK={'SECMARK\x00', 0x108, {{0x1, 0x1, 'system_u:object_r:var_log_t:s0\x00'}}}}]}, {0x0, '\x00', 0x6, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'nr0\x00', 'syzkaller1\x00', 'ip6erspan0\x00', 'bcsh0\x00', @local, [], @remote, [], 0x70, 0x70, 0xb8}}, @common=@log={'log\x00', 0x24, {{0x0, "2911d234141d35ec8bff741d11f98ce2f5ea8b6ee95c4edd99fbeb55dea0"}}}}]}]}, 0x700) 20:57:55 executing program 2: ioctl$VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, &(0x7f0000000080)) bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f00005befdc)) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) ioctl$DRM_IOCTL_GET_CTX(0xffffffffffffffff, 0xc0086423, 0x0) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000300)=0x1) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f0000000100)={0x0, @reserved}) mkdir(&(0x7f0000000240)='./file0\x00', 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) 20:57:55 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000cc0)=@filter={'filter\x00', 0xe, 0x7, 0x360, [0x0, 0x20000d40, 0x20000f74, 0x20001514], 0x0, 0x0, &(0x7f0000000d40)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x61, 0x887f, 'bridge_slave_0\x00', 'batadv0\x00', 'lo\x00', 'veth1_to_bond\x00', @dev={[], 0x1b}, [0xff, 0xff, 0xff, 0x0, 0x0, 0xff], @empty, [0xff, 0x0, 0x0, 0xff, 0xff], 0xa4, 0xa4, 0xcc, [@cluster={'cluster\x00', 0x10, {{0x5, 0x6, 0x76}}}]}}, @common=@AUDIT={'AUDIT\x00', 0x4}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff, 0x1, [{{{0x15, 0x0, 0x0, '\x00', 'nr0\x00', 'vxcan1\x00', 'bridge0\x00', @local, [], @link_local, [], 0x194, 0x194, 0x204, [@comment={'comment\x00', 0x100}]}}, @common=@nflog={'nflog\x00', 0x4c, {{0x3, 0xfffffffffffffcf6, 0x2836, 0x0, 0x0, "6ceca5b14df162f9b19b859901f66b0b93f55ec52f1d7274a1f5f04568c69c23c87e3e9d270e4f3bf1303ae14cf0645d06ea30446b0c0a73429e8d7f44c463a9"}}}}]}, {0x0, '\x00', 0x6, 0xffffffffffffffff}]}, 0x3f0) 20:57:55 executing program 5: perf_event_open$cgroup(&(0x7f0000000240)={0x7, 0x70, 0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x2020, 0x4, 0x1, 0x9f, 0x7, 0x6, 0x2, 0x0, 0x80, 0xec4, 0xffffffff, 0x1f, 0x0, 0xfffffffffffffffc, 0x6, 0x4, 0x0, 0x91e, 0x0, 0x162, 0x80, 0x100, 0x28, 0xffff, 0x101, 0x8001, 0x3, 0x8, 0x1ff, 0x2, 0x0, 0x40, 0x4, @perf_bp={0x0, 0x4}, 0x0, 0x20, 0x7, 0x2, 0x8, 0x3, 0x6bf}, 0xffffffffffffff9c, 0x1, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89b0, 0x0) gettid() perf_event_open$cgroup(0x0, 0xffffffffffffff9c, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8c4', 0x2761, 0x0) write$cgroup_pid(r0, &(0x7f0000000100), 0xda4fff08) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000200)={0x0}, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x660c, 0x5fc) 20:57:55 executing program 4: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x1) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00'}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5334, &(0x7f00000001c0)={0xf48b, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0xffffff76) 20:57:55 executing program 0: r0 = getpid() r1 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x20000000006}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='maps\x00') sendfile(0xffffffffffffffff, r2, 0x0, 0x8005) sched_setscheduler(r0, 0x5, &(0x7f0000000040)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) read$eventfd(0xffffffffffffffff, &(0x7f0000000400), 0x8) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f00005befdc)) getsockopt$inet_sctp_SCTP_STATUS(r3, 0x84, 0xe, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000280)='SEG6\x00') ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x0) ioctl$DRM_IOCTL_GET_CTX(0xffffffffffffffff, 0xc0086423, 0x0) r4 = syz_open_pts(r3, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000300)=0x14) request_key(&(0x7f00000000c0)='cifs.idmap\x00', &(0x7f0000000100)={'syz'}, 0x0, 0xfffffffffffffff8) getpeername$llc(0xffffffffffffffff, &(0x7f0000000240)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000002c0)=0x10) r5 = syz_open_dev$media(&(0x7f0000000180)='/dev/media#\x00', 0x80000000, 0x2) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r5, 0xc0045516, &(0x7f00000001c0)=0xa000000) 20:57:55 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000080)={0x8}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=@ipv4_getrule={0x20, 0x22, 0x66fff0ff082787fb, 0x0, 0x0, {0x2, 0x0, 0x94}}, 0x20}}, 0x0) 20:57:55 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000180)={&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ff6000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ff2000/0x4000)=nil, &(0x7f0000ff4000/0x2000)=nil, &(0x7f0000ff7000/0x2000)=nil, &(0x7f0000fe1000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000feb000/0x1000)=nil, &(0x7f00000000c0)="f58cb5e62ab6c894ae51de7862600c8921d1161bb28641b3c55f9516128bdedb61bb4260c285a7a4d04c7d24daf177549c41", 0x32}, 0x68) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000)) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000280)={{}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 20:57:55 executing program 3: socketpair(0x1, 0x20020000000001, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) fcntl$notify(r0, 0x0, 0x0) openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$P9_RWALK(0xffffffffffffffff, 0x0, 0xffffffffffffff5b) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff) r1 = gettid() write$P9_RFSYNC(0xffffffffffffffff, 0x0, 0xffffffffffffffd7) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) fstatfs(0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) flock(0xffffffffffffffff, 0x0) write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_inet6_udp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) tkill(r1, 0x1000000000016) [ 187.875175][ T7859] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 20:57:55 executing program 4: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) getgroups(0x0, 0x0) 20:57:55 executing program 3: socketpair$unix(0x1, 0x8000000000001, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) getpid() fcntl$getown(0xffffffffffffffff, 0x9) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) 20:57:55 executing program 2: ioctl$VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, &(0x7f0000000080)) bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f00005befdc)) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) ioctl$DRM_IOCTL_GET_CTX(0xffffffffffffffff, 0xc0086423, 0x0) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000300)=0x1) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f0000000100)={0x0, @reserved}) mkdir(&(0x7f0000000240)='./file0\x00', 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) 20:57:56 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000cc0)=@filter={'filter\x00', 0xe, 0x7, 0x63c, [0x0, 0x20000d40, 0x20000f74, 0x20001514], 0x0, 0x0, &(0x7f0000000d40)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x2, [{{{0x11, 0x61, 0x887f, 'bridge_slave_0\x00', 'batadv0\x00', 'lo\x00', 'veth1_to_bond\x00', @dev={[], 0x1b}, [0xff, 0xff, 0xff, 0x0, 0x0, 0xff], @empty, [0xff, 0x0, 0x0, 0xff, 0xff], 0xa4, 0xa4, 0xcc, [@cluster={'cluster\x00', 0x10, {{0x5, 0x6, 0x76}}}]}}, @common=@AUDIT={'AUDIT\x00', 0x4}}, {{{0xd, 0x61, 0x88f7, 'irlan0\x00', 'team_slave_0\x00', 'veth1_to_bridge\x00', 'rose0\x00', @broadcast, [0x0, 0x0, 0xff, 0xff, 0x0, 0xff], @local, [0x0, 0xff, 0xff, 0xff, 0xff, 0xff], 0xe0, 0x110, 0x138, [@mark_m={'mark_m\x00', 0xc, {{0xffff, 0xcb32, 0x0, 0x3}}}, @ip={'ip\x00', 0x1c, {{@broadcast, @dev={0xac, 0x14, 0x14, 0x1a}, 0xffffff00, 0xff0000ff, 0x6, 0x16, 0x20, 0x24, 0x4e23, 0x4e20, 0x4e21, 0x4e24}}}]}, [@common=@dnat={'dnat\x00', 0xc, {{@empty, 0x10}}}]}, @common=@CONNSECMARK={'CONNSECMARK\x00', 0x4, {{0x1}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff, 0x1, [{{{0xb, 0x30, 0x6000, 'teql0\x00', 'veth0_to_bridge\x00', 'syz_tun\x00', 'veth0_to_hsr\x00', @random="acc1042c0940", [0x0, 0xff, 0xff, 0xff, 0xff, 0xcae4be6554bc0098], @broadcast, [0x0, 0xff, 0xff, 0x0, 0xff, 0xff], 0x70, 0x1c4, 0x2f0}, [@common=@SECMARK={'SECMARK\x00', 0x108, {{0x1, 0x5, 'system_u:object_r:hald_var_lib_t:s0\x00'}}}, @common=@NFQUEUE0={'NFQUEUE\x00', 0x4, {{0x6}}}]}, @common=@SECMARK={'SECMARK\x00', 0x108, {{0x1, 0x1, 'system_u:object_r:var_log_t:s0\x00'}}}}]}, {0x0, '\x00', 0x6, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'nr0\x00', 'syzkaller1\x00', 'ip6erspan0\x00', 'bcsh0\x00', @local, [], @remote, [0x0, 0xff, 0xff, 0xff, 0xff], 0x70, 0x70, 0xb8}}, @common=@log={'log\x00', 0x24, {{0x0, "2911d234141d35ec8bff741d11f98ce2f5ea8b6ee95c4edd99fbeb55dea0"}}}}]}]}, 0x700) 20:57:56 executing program 1: socket$kcm(0x29, 0x2, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/kcm\x00\b\x00') preadv(r0, &(0x7f0000001580)=[{&(0x7f0000000200)=""/224, 0xe0}], 0x1, 0x0) 20:57:56 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x6000000000000000, 0x80, &(0x7f0000001340)=@nat={'nat\x1d\xff\n?\x00\x00\\\x8f\x02\x00\x00\x00\x00\x00\\\x8f\x02\x00\x00\x00\x00\x00\x007\x00', 0x19, 0x1, 0x90, [0x20000080, 0x2000000000000000, 0x0, 0x200000b0, 0x20000220], 0x0, 0x0, &(0x7f0000000080)=[{0x0, '\x00\x00\x00\x00\x00`\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x1}]}, 0x108) 20:57:56 executing program 5: socketpair$unix(0x1, 0x8000000000001, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0xfff7fffffffffffd) ftruncate(r1, 0x0) 20:57:56 executing program 4: r0 = openat$mixer(0xffffffffffffff9c, 0x0, 0x800, 0x0) ioctl$KDMKTONE(0xffffffffffffffff, 0x4b30, 0x3) connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0) write$tun(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000003c0)={0x0, @multicast1, @remote}, 0xc) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$FUSE_LSEEK(r0, &(0x7f00000000c0)={0x18, 0x0, 0x8, {0x8}}, 0x18) r1 = socket$nl_generic(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc) sysfs$1(0x1, &(0x7f0000000100)='\x00') sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)={0x14, 0x22, 0x1, 0x0, 0x0, {0x4}}, 0x14}}, 0x0) 20:57:56 executing program 0: openat$uinput(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uinput\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='fd/3\x00') 20:57:56 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x0, 0x0) connect$inet6(r1, &(0x7f0000000380)={0xa, 0x4e24, 0x0, @ipv4={[], [], @loopback}}, 0x1c) socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0) 20:57:56 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = dup(r0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @empty}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='net/udp6\x00') sendfile(r0, r2, 0x0, 0x1000003) 20:57:56 executing program 4: syz_open_dev$dspn(0x0, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f00005befdc)) getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, 0x0, 0x0) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000300)=0x14) 20:57:56 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) r1 = dup(r0) write$FUSE_ATTR(r1, &(0x7f0000000200)={0x78}, 0x78) ioctl$SG_IO(r1, 0x2285, &(0x7f0000000700)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x2, 0x0}, &(0x7f0000000500)="1da7894c8a06", 0x0, 0x0, 0x0, 0x0, 0x0}) 20:57:56 executing program 2: r0 = getpid() syz_open_procfs(0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8005) sched_setscheduler(r0, 0x5, &(0x7f0000000040)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) read$eventfd(0xffffffffffffffff, 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f00005befdc)) syz_genetlink_get_family_id$SEG6(&(0x7f0000000280)='SEG6\x00') ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000300)=0x14) syz_open_dev$media(&(0x7f0000000180)='/dev/media#\x00', 0x0, 0x2) 20:57:56 executing program 5: request_key(&(0x7f00000003c0)='rxrpc_s\x00', &(0x7f0000000400)={'syz'}, 0x0, 0xfffffffffffffffb) 20:57:56 executing program 0: r0 = memfd_create(&(0x7f0000000000)='\xac\x00\x00', 0x4) ftruncate(r0, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) 20:57:57 executing program 3: r0 = socket$inet6(0x1c, 0x10000005, 0x0) getsockopt$inet6_int(r0, 0x29, 0xb, 0x0, 0x0) 20:57:57 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0xa, &(0x7f0000000000)=0x1c00, 0xfe6a) 20:57:57 executing program 0: r0 = socket(0x2, 0x2, 0x0) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x97) 20:57:57 executing program 3: r0 = socket(0x2, 0x2, 0x0) connect$unix(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="82022e2f66296c653000"], 0x1) sendto$inet(r0, 0x0, 0x0, 0x100000000000000c, 0x0, 0x97) 20:57:57 executing program 4: r0 = getpgrp(0xffffffffffffffff) setpgid(0x0, r0) 20:57:58 executing program 1: r0 = socket$inet6_udp(0x1c, 0x2, 0x0) r1 = fcntl$dupfd(r0, 0x3, 0xffffffffffffffff) execve(0x0, 0x0, &(0x7f00000004c0)=[&(0x7f0000000400)='\x00', &(0x7f0000000440)='\x00']) writev(r1, &(0x7f0000000100), 0x100000000000005d) 20:57:58 executing program 3: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) getsockname$inet6(r0, 0x0, &(0x7f0000000080)) 20:57:58 executing program 0: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x3, 0x19) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @local}, 0xf5) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x23, &(0x7f0000000000)={{{@in=@multicast2, @in=@multicast1}}, {{@in6}, 0x0, @in6=@loopback}}, 0xe8) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000140)={@multicast2, @local, 0x0, 0x2, [@rand_addr, @empty]}, 0x18) 20:57:58 executing program 5: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x3, 0x19) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @local}, 0xf5) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x23, &(0x7f0000000000)={{{@in=@multicast2, @in=@multicast1}}, {{@in6}, 0x0, @in6=@loopback}}, 0xe8) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000140)={@multicast2, @local, 0x0, 0x2, [@rand_addr, @empty]}, 0x18) setsockopt$inet_mreqn(r0, 0x0, 0x25, &(0x7f0000000200)={@multicast2, @local}, 0xc) 20:57:58 executing program 4: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\b', 0x8001}) ioctl$sock_ifreq(r0, 0x8923, &(0x7f0000000080)={'eql\x00\x00\x00\x10\x00\x00\xff\xff\xff\xe1\xff\xe9\x00', @ifru_ivalue=0x10e8}) 20:57:58 executing program 2: socketpair(0x1, 0x20020000000001, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) fcntl$notify(r0, 0x0, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, 0x0, 0x0) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff) r1 = gettid() write$P9_RFSYNC(0xffffffffffffffff, 0x0, 0xffffffffffffffd7) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) fstatfs(0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) flock(0xffffffffffffffff, 0x0) write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_inet6_udp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) tkill(r1, 0x1000000000016) [ 190.357282][ T8014] è: renamed from eql 20:57:58 executing program 3: r0 = socket$inet6_udp(0x1c, 0x2, 0x0) r1 = fcntl$dupfd(r0, 0x3, 0xffffffffffffffff) execve(0x0, 0x0, &(0x7f00000004c0)=[&(0x7f0000000400)='\x00', &(0x7f0000000440)='\x00']) writev(r1, 0x0, 0x0) writev(r1, &(0x7f0000000100), 0x100000000000005d) 20:57:58 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f000000a000)={0x0, 0x0, &(0x7f0000012000)={&(0x7f0000000000)=@newlink={0x20, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, r1}}, 0x20}}, 0x0) 20:57:58 executing program 2: r0 = add_key$user(&(0x7f0000000440)='user\x00', &(0x7f00000006c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000180)='user\x00', &(0x7f00000001c0)={'syz', 0x3}, &(0x7f0000000340)='\b', 0x1, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000000)={r1, r0, r1}, &(0x7f0000000700)=""/243, 0x356, &(0x7f0000000040)={&(0x7f0000000580)={'poly1305-simd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00'}, &(0x7f0000000180)}) 20:57:58 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") syz_open_dev$sndseq(&(0x7f0000000280)='/dev/snd/seq\x00', 0x0, 0x26080) 20:57:58 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000000)=ANY=[@ANYBLOB="000000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300"/129], 0x1) 20:57:58 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x1}}, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) recvfrom$unix(r2, 0x0, 0x0, 0x22, 0x0, 0x0) 20:57:58 executing program 3: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) read$eventfd(r0, 0x0, 0x0) 20:57:58 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000400)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}}) 20:57:58 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000240)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha384\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f0000006880)=[{{&(0x7f0000000000)=@ipx, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/36, 0xf}, {&(0x7f00000017c0)=""/4096, 0x1000}], 0x2, &(0x7f0000000600)=""/154, 0x9a}}], 0xf, 0x0, 0x0) 20:57:58 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="71e67a15cdf0319fa22748f9a91c66b3", 0x10) setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x0) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_GET_MAX_PORTS(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c}, 0x1c}}, 0x0) recvmmsg(r1, &(0x7f0000006880)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/36, 0x24}], 0x1}}], 0x1, 0x0, 0x0) 20:57:58 executing program 5: r0 = socket$kcm(0xa, 0x2, 0x73) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r0, 0x0, r1) sendmsg$NBD_CMD_STATUS(r2, &(0x7f0000000240)={&(0x7f0000000040), 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x4) 20:57:58 executing program 2: r0 = syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000400)={0x6}) 20:57:58 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@ipv4_newroute={0x24, 0x18, 0x101, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, [@RTA_GATEWAY={0x8, 0x5, @dev={0xac, 0x14, 0x9}}]}, 0x24}}, 0x0) 20:57:58 executing program 1: syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='fd/3\x00') 20:57:58 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-generic\x00'}, 0x58) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f0000006880)=[{{&(0x7f0000000000)=@ipx, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/36, 0xf}, {&(0x7f00000017c0)=""/4096, 0x1000}], 0x2, &(0x7f0000000600)=""/154, 0x9a}}], 0xf, 0x0, 0x0) 20:57:58 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000140)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000100)="71e67a15cdf0319fa22748f9a91c66b3", 0x10) setsockopt$ALG_SET_AEAD_AUTHSIZE(r1, 0x117, 0x5, 0x0, 0x0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c}, 0x1c}}, 0x0) recvmmsg(r2, &(0x7f0000006880)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/36, 0x24}], 0x1}}], 0x1, 0x0, 0x0) 20:57:58 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000000c0)='bridge0\x00', 0x10) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) [ 191.017220][ T8103] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8103 [ 191.027459][ T8103] caller is sk_mc_loop+0x1d/0x210 [ 191.032688][ T8103] CPU: 1 PID: 8103 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 191.041803][ T8103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 191.052037][ T8103] Call Trace: [ 191.055345][ T8103] dump_stack+0x172/0x1f0 [ 191.059693][ T8103] __this_cpu_preempt_check+0x246/0x270 [ 191.059720][ T8103] sk_mc_loop+0x1d/0x210 [ 191.069490][ T8103] ip_mc_output+0x2ef/0xf70 [ 191.069508][ T8103] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 191.069524][ T8103] ? ip_append_data.part.0+0x170/0x170 [ 191.069535][ T8103] ? ip_make_skb+0x1b1/0x2c0 [ 191.069547][ T8103] ? ip_reply_glue_bits+0xc0/0xc0 [ 191.069561][ T8103] ip_local_out+0xc4/0x1b0 [ 191.069576][ T8103] ip_send_skb+0x42/0xf0 [ 191.069591][ T8103] udp_send_skb.isra.0+0x6b2/0x1180 [ 191.069605][ T8103] ? xfrm_lookup_route+0x5b/0x1f0 [ 191.069625][ T8103] udp_sendmsg+0x1dfd/0x2820 [ 191.069643][ T8103] ? __lock_acquire+0x548/0x3fb0 [ 191.103336][ T8103] ? ip_reply_glue_bits+0xc0/0xc0 [ 191.103356][ T8103] ? udp4_lib_lookup_skb+0x440/0x440 [ 191.103373][ T8103] ? __might_fault+0x12b/0x1e0 [ 191.128370][ T8103] ? find_held_lock+0x35/0x130 [ 191.128404][ T8103] ? __might_sleep+0x95/0x190 [ 191.128421][ T8103] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 191.128435][ T8103] ? aa_sk_perm+0x288/0x880 [ 191.128455][ T8103] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 191.128473][ T8103] inet_sendmsg+0x147/0x5e0 [ 191.128487][ T8103] ? udp4_lib_lookup_skb+0x440/0x440 [ 191.128502][ T8103] ? inet_sendmsg+0x147/0x5e0 [ 191.178117][ T8103] ? ipip_gro_receive+0x100/0x100 [ 191.178134][ T8103] sock_sendmsg+0xdd/0x130 [ 191.178150][ T8103] ___sys_sendmsg+0x3e2/0x930 [ 191.178167][ T8103] ? copy_msghdr_from_user+0x430/0x430 [ 191.178194][ T8103] ? lock_downgrade+0x880/0x880 [ 191.178209][ T8103] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.178226][ T8103] ? kasan_check_read+0x11/0x20 [ 191.178242][ T8103] ? __fget+0x381/0x550 [ 191.178261][ T8103] ? ksys_dup3+0x3e0/0x3e0 [ 191.178282][ T8103] ? __fget_light+0x1a9/0x230 [ 191.187795][ T8103] ? __fdget+0x1b/0x20 [ 191.187809][ T8103] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.187824][ T8103] ? sockfd_lookup_light+0xcb/0x180 [ 191.187839][ T8103] __sys_sendmmsg+0x1bf/0x4d0 [ 191.187856][ T8103] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 191.187881][ T8103] ? _copy_to_user+0xc9/0x120 [ 191.187897][ T8103] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.187914][ T8103] ? put_timespec64+0xda/0x140 [ 191.268106][ T8103] ? nsecs_to_jiffies+0x30/0x30 [ 191.272976][ T8103] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 191.278792][ T8103] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 191.284337][ T8103] ? do_syscall_64+0x26/0x610 [ 191.289020][ T8103] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.295090][ T8103] ? do_syscall_64+0x26/0x610 [ 191.300117][ T8103] __x64_sys_sendmmsg+0x9d/0x100 [ 191.305140][ T8103] do_syscall_64+0x103/0x610 [ 191.309753][ T8103] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.315813][ T8103] RIP: 0033:0x4582b9 [ 191.319716][ T8103] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 191.339410][ T8103] RSP: 002b:00007f6144f37c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 191.347950][ T8103] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 191.355917][ T8103] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 191.363994][ T8103] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 191.371966][ T8103] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6144f386d4 [ 191.380125][ T8103] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 191.391967][ T8103] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8103 [ 191.402314][ T8103] caller is sk_mc_loop+0x1d/0x210 [ 191.407681][ T8103] CPU: 0 PID: 8103 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 191.416705][ T8103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 191.427019][ T8103] Call Trace: [ 191.430329][ T8103] dump_stack+0x172/0x1f0 [ 191.434674][ T8103] __this_cpu_preempt_check+0x246/0x270 [ 191.440417][ T8103] sk_mc_loop+0x1d/0x210 [ 191.444667][ T8103] ip_mc_output+0x2ef/0xf70 [ 191.449198][ T8103] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 191.454349][ T8103] ? ip_append_data.part.0+0x170/0x170 [ 191.460035][ T8103] ? ip_make_skb+0x1b1/0x2c0 [ 191.466808][ T8103] ? ip_reply_glue_bits+0xc0/0xc0 [ 191.471850][ T8103] ip_local_out+0xc4/0x1b0 [ 191.476284][ T8103] ip_send_skb+0x42/0xf0 [ 191.480618][ T8103] udp_send_skb.isra.0+0x6b2/0x1180 [ 191.485841][ T8103] ? xfrm_lookup_route+0x5b/0x1f0 [ 191.490990][ T8103] udp_sendmsg+0x1dfd/0x2820 [ 191.495626][ T8103] ? __lock_acquire+0x548/0x3fb0 [ 191.500565][ T8103] ? ip_reply_glue_bits+0xc0/0xc0 [ 191.505581][ T8103] ? udp4_lib_lookup_skb+0x440/0x440 [ 191.510853][ T8103] ? __might_fault+0x12b/0x1e0 [ 191.515778][ T8103] ? find_held_lock+0x35/0x130 [ 191.520555][ T8103] ? __might_sleep+0x95/0x190 [ 191.525344][ T8103] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 191.530962][ T8103] ? aa_sk_perm+0x288/0x880 [ 191.535809][ T8103] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 191.541362][ T8103] inet_sendmsg+0x147/0x5e0 [ 191.546024][ T8103] ? udp4_lib_lookup_skb+0x440/0x440 [ 191.551291][ T8103] ? inet_sendmsg+0x147/0x5e0 [ 191.555959][ T8103] ? ipip_gro_receive+0x100/0x100 [ 191.560971][ T8103] sock_sendmsg+0xdd/0x130 [ 191.565463][ T8103] ___sys_sendmsg+0x3e2/0x930 [ 191.570128][ T8103] ? copy_msghdr_from_user+0x430/0x430 [ 191.575580][ T8103] ? __lock_acquire+0x548/0x3fb0 [ 191.580501][ T8103] ? lock_downgrade+0x880/0x880 [ 191.585337][ T8103] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.591616][ T8103] ? kasan_check_read+0x11/0x20 [ 191.596456][ T8103] ? __might_fault+0x12b/0x1e0 [ 191.601204][ T8103] ? find_held_lock+0x35/0x130 [ 191.605953][ T8103] ? __might_fault+0x12b/0x1e0 [ 191.610716][ T8103] ? lock_downgrade+0x880/0x880 [ 191.615562][ T8103] ? ___might_sleep+0x163/0x280 [ 191.620518][ T8103] __sys_sendmmsg+0x1bf/0x4d0 [ 191.625209][ T8103] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 191.630227][ T8103] ? _copy_to_user+0xc9/0x120 [ 191.634980][ T8103] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.641221][ T8103] ? put_timespec64+0xda/0x140 [ 191.646056][ T8103] ? nsecs_to_jiffies+0x30/0x30 [ 191.650899][ T8103] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 191.656429][ T8103] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 191.661874][ T8103] ? do_syscall_64+0x26/0x610 [ 191.666534][ T8103] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.672671][ T8103] ? do_syscall_64+0x26/0x610 [ 191.677333][ T8103] __x64_sys_sendmmsg+0x9d/0x100 [ 191.682345][ T8103] do_syscall_64+0x103/0x610 [ 191.686923][ T8103] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.692814][ T8103] RIP: 0033:0x4582b9 [ 191.696695][ T8103] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 20:57:59 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000180)={&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ff6000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ff2000/0x4000)=nil, &(0x7f0000ff4000/0x2000)=nil, &(0x7f0000ff7000/0x2000)=nil, &(0x7f0000fe1000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000feb000/0x1000)=nil, &(0x7f00000000c0)="f5", 0x1}, 0x68) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000200), &(0x7f0000000280)=0x4) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000040)) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f0000000240)=0x2ffd) ioctl$KVM_RUN(r3, 0xae80, 0x0) 20:57:59 executing program 3: syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0xffffffffffffffba, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_dev$sndpcmp(0x0, 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x10, 0xffffffffffffffff, 0x0) pipe2(&(0x7f00000000c0), 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='fd/3\x00') timer_create(0x0, &(0x7f0000044000)={0x0, 0x200000012}, &(0x7f0000044000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x0, 0x3, 0x8) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000180)={'bridge0\x00\x00\x00\x02k\x00'}) 20:57:59 executing program 2: r0 = socket$kcm(0xa, 0x2, 0x73) setsockopt$TIPC_GROUP_LEAVE(r0, 0x10f, 0x88) 20:57:59 executing program 1: ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0206434, 0x0) r0 = open(0x0, 0x0, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x4) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_elf64(r1, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r1, 0x40a85321, &(0x7f0000000340)={{0x0, 0x5}, 'port0\x00', 0x2, 0x1020, 0x100000000, 0x8001, 0x20, 0x40, 0xffffffffffffffff, 0x0, 0x5, 0x1f}) ioctl$VIDIOC_OVERLAY(r0, 0x4004560e, &(0x7f0000000040)) 20:57:59 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x10, 0x2, 0x0) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000180)="240000001e0007021dfffd946f610500070200001f00000000000f00421ba3a20400ff7e", 0x24}], 0x1}, 0x0) [ 191.716284][ T8103] RSP: 002b:00007f6144f37c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 191.724691][ T8103] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 191.732644][ T8103] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 191.740685][ T8103] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 191.748847][ T8103] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6144f386d4 [ 191.756975][ T8103] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 191.776194][ T8103] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8103 [ 191.785636][ T8103] caller is sk_mc_loop+0x1d/0x210 [ 191.790744][ T8103] CPU: 1 PID: 8103 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 191.799766][ T8103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 191.809923][ T8103] Call Trace: [ 191.813214][ T8103] dump_stack+0x172/0x1f0 [ 191.817606][ T8103] __this_cpu_preempt_check+0x246/0x270 [ 191.823227][ T8103] sk_mc_loop+0x1d/0x210 [ 191.827468][ T8103] ip_mc_output+0x2ef/0xf70 [ 191.831957][ T8103] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 191.837057][ T8103] ? ip_append_data.part.0+0x170/0x170 [ 191.842500][ T8103] ? ip_make_skb+0x1b1/0x2c0 [ 191.847072][ T8103] ? ip_reply_glue_bits+0xc0/0xc0 [ 191.852084][ T8103] ip_local_out+0xc4/0x1b0 [ 191.856488][ T8103] ip_send_skb+0x42/0xf0 [ 191.860806][ T8103] udp_send_skb.isra.0+0x6b2/0x1180 [ 191.865987][ T8103] ? xfrm_lookup_route+0x5b/0x1f0 [ 191.871003][ T8103] udp_sendmsg+0x1dfd/0x2820 [ 191.875583][ T8103] ? __lock_acquire+0x548/0x3fb0 [ 191.880509][ T8103] ? ip_reply_glue_bits+0xc0/0xc0 [ 191.885522][ T8103] ? udp4_lib_lookup_skb+0x440/0x440 [ 191.890812][ T8103] ? __might_fault+0x12b/0x1e0 [ 191.895560][ T8103] ? find_held_lock+0x35/0x130 [ 191.900329][ T8103] ? __might_sleep+0x95/0x190 [ 191.905007][ T8103] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 191.910623][ T8103] ? aa_sk_perm+0x288/0x880 [ 191.915128][ T8103] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 191.920665][ T8103] inet_sendmsg+0x147/0x5e0 [ 191.925240][ T8103] ? udp4_lib_lookup_skb+0x440/0x440 [ 191.930514][ T8103] ? inet_sendmsg+0x147/0x5e0 [ 191.935196][ T8103] ? ipip_gro_receive+0x100/0x100 [ 191.940220][ T8103] sock_sendmsg+0xdd/0x130 [ 191.944640][ T8103] ___sys_sendmsg+0x3e2/0x930 [ 191.949305][ T8103] ? copy_msghdr_from_user+0x430/0x430 [ 191.954835][ T8103] ? __lock_acquire+0x548/0x3fb0 [ 191.959849][ T8103] ? lock_downgrade+0x880/0x880 [ 191.964879][ T8103] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.971107][ T8103] ? kasan_check_read+0x11/0x20 [ 191.975951][ T8103] ? __might_fault+0x12b/0x1e0 [ 191.980701][ T8103] ? find_held_lock+0x35/0x130 [ 191.985448][ T8103] ? __might_fault+0x12b/0x1e0 [ 191.990202][ T8103] ? lock_downgrade+0x880/0x880 [ 191.995141][ T8103] ? ___might_sleep+0x163/0x280 [ 191.999998][ T8103] __sys_sendmmsg+0x1bf/0x4d0 [ 192.004768][ T8103] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 192.009786][ T8103] ? _copy_to_user+0xc9/0x120 [ 192.014448][ T8103] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.020758][ T8103] ? put_timespec64+0xda/0x140 [ 192.025504][ T8103] ? nsecs_to_jiffies+0x30/0x30 [ 192.030343][ T8103] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.035875][ T8103] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.041333][ T8103] ? do_syscall_64+0x26/0x610 [ 192.046281][ T8103] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.052334][ T8103] ? do_syscall_64+0x26/0x610 [ 192.056997][ T8103] __x64_sys_sendmmsg+0x9d/0x100 [ 192.061921][ T8103] do_syscall_64+0x103/0x610 [ 192.066516][ T8103] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.072388][ T8103] RIP: 0033:0x4582b9 [ 192.076269][ T8103] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 192.096033][ T8103] RSP: 002b:00007f6144f37c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 192.104433][ T8103] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 192.112391][ T8103] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 20:57:59 executing program 5: r0 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r0, 0x0) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r1, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r1, 0x5) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = accept4(r1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r2, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r3, 0x84, 0x73, &(0x7f0000000300)={0x0, 0x0, 0x30, 0x7fffffff, 0x1}, &(0x7f0000000340)=0x18) ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f00000000c0)={@ipv4={[], [], @loopback}, @empty, @ipv4={[], [], @broadcast}, 0x5, 0x401, 0xb88, 0x400, 0x1, 0x45000002}) [ 192.120356][ T8103] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 192.128313][ T8103] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6144f386d4 [ 192.136393][ T8103] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 192.263064][ T8103] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8103 [ 192.272655][ T8103] caller is sk_mc_loop+0x1d/0x210 [ 192.277727][ T8103] CPU: 1 PID: 8103 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 192.286762][ T8103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 192.296818][ T8103] Call Trace: [ 192.300109][ T8103] dump_stack+0x172/0x1f0 [ 192.304451][ T8103] __this_cpu_preempt_check+0x246/0x270 [ 192.309991][ T8103] sk_mc_loop+0x1d/0x210 [ 192.314220][ T8103] ip_mc_output+0x2ef/0xf70 [ 192.318912][ T8103] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 192.324141][ T8103] ? ip_append_data.part.0+0x170/0x170 [ 192.329611][ T8103] ? ip_make_skb+0x1b1/0x2c0 [ 192.334194][ T8103] ? ip_reply_glue_bits+0xc0/0xc0 [ 192.339215][ T8103] ip_local_out+0xc4/0x1b0 [ 192.343623][ T8103] ip_send_skb+0x42/0xf0 [ 192.347866][ T8103] udp_send_skb.isra.0+0x6b2/0x1180 [ 192.353048][ T8103] ? xfrm_lookup_route+0x5b/0x1f0 [ 192.358089][ T8103] udp_sendmsg+0x1dfd/0x2820 [ 192.362759][ T8103] ? __lock_acquire+0x548/0x3fb0 [ 192.367682][ T8103] ? ip_reply_glue_bits+0xc0/0xc0 [ 192.372694][ T8103] ? udp4_lib_lookup_skb+0x440/0x440 [ 192.377973][ T8103] ? __might_fault+0x12b/0x1e0 [ 192.382720][ T8103] ? find_held_lock+0x35/0x130 [ 192.387492][ T8103] ? __might_sleep+0x95/0x190 [ 192.392156][ T8103] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 192.397773][ T8103] ? aa_sk_perm+0x288/0x880 [ 192.402353][ T8103] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 192.407893][ T8103] inet_sendmsg+0x147/0x5e0 [ 192.412434][ T8103] ? udp4_lib_lookup_skb+0x440/0x440 [ 192.417699][ T8103] ? inet_sendmsg+0x147/0x5e0 [ 192.422356][ T8103] ? ipip_gro_receive+0x100/0x100 [ 192.427380][ T8103] sock_sendmsg+0xdd/0x130 [ 192.431786][ T8103] ___sys_sendmsg+0x3e2/0x930 [ 192.436553][ T8103] ? copy_msghdr_from_user+0x430/0x430 [ 192.442100][ T8103] ? __lock_acquire+0x548/0x3fb0 [ 192.447019][ T8103] ? lock_downgrade+0x880/0x880 [ 192.452031][ T8103] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.458261][ T8103] ? kasan_check_read+0x11/0x20 [ 192.463111][ T8103] ? __might_fault+0x12b/0x1e0 [ 192.467943][ T8103] ? find_held_lock+0x35/0x130 [ 192.472690][ T8103] ? __might_fault+0x12b/0x1e0 [ 192.477443][ T8103] ? lock_downgrade+0x880/0x880 [ 192.482630][ T8103] ? ___might_sleep+0x163/0x280 [ 192.487480][ T8103] __sys_sendmmsg+0x1bf/0x4d0 [ 192.492144][ T8103] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 192.497267][ T8103] ? _copy_to_user+0xc9/0x120 [ 192.501931][ T8103] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.508239][ T8103] ? put_timespec64+0xda/0x140 [ 192.513095][ T8103] ? nsecs_to_jiffies+0x30/0x30 [ 192.517961][ T8103] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.523405][ T8103] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.528850][ T8103] ? do_syscall_64+0x26/0x610 [ 192.533511][ T8103] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.539580][ T8103] ? do_syscall_64+0x26/0x610 [ 192.544263][ T8103] __x64_sys_sendmmsg+0x9d/0x100 [ 192.549185][ T8103] do_syscall_64+0x103/0x610 [ 192.553758][ T8103] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.559642][ T8103] RIP: 0033:0x4582b9 [ 192.563610][ T8103] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 192.583409][ T8103] RSP: 002b:00007f6144f37c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 192.591806][ T8103] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 192.599849][ T8103] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 192.607804][ T8103] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 192.615760][ T8103] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6144f386d4 [ 192.623734][ T8103] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 192.643337][ T8103] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8103 [ 192.652829][ T8103] caller is sk_mc_loop+0x1d/0x210 [ 192.657937][ T8103] CPU: 0 PID: 8103 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 192.657944][ T8103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 192.657949][ T8103] Call Trace: [ 192.657968][ T8103] dump_stack+0x172/0x1f0 [ 192.657991][ T8103] __this_cpu_preempt_check+0x246/0x270 [ 192.658006][ T8103] sk_mc_loop+0x1d/0x210 [ 192.658022][ T8103] ip_mc_output+0x2ef/0xf70 [ 192.658040][ T8103] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 192.658075][ T8103] ? ip_append_data.part.0+0x170/0x170 [ 192.690267][ T8103] ? ip_make_skb+0x1b1/0x2c0 [ 192.714213][ T8103] ? ip_reply_glue_bits+0xc0/0xc0 [ 192.719257][ T8103] ip_local_out+0xc4/0x1b0 [ 192.723675][ T8103] ip_send_skb+0x42/0xf0 [ 192.727945][ T8103] udp_send_skb.isra.0+0x6b2/0x1180 [ 192.733158][ T8103] ? xfrm_lookup_route+0x5b/0x1f0 [ 192.738197][ T8103] udp_sendmsg+0x1dfd/0x2820 [ 192.742779][ T8103] ? __lock_acquire+0x548/0x3fb0 [ 192.747789][ T8103] ? ip_reply_glue_bits+0xc0/0xc0 [ 192.752802][ T8103] ? udp4_lib_lookup_skb+0x440/0x440 [ 192.758159][ T8103] ? __might_fault+0x12b/0x1e0 [ 192.762993][ T8103] ? find_held_lock+0x35/0x130 [ 192.767763][ T8103] ? __might_sleep+0x95/0x190 [ 192.772647][ T8103] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 192.778274][ T8103] ? aa_sk_perm+0x288/0x880 [ 192.782766][ T8103] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 192.788305][ T8103] inet_sendmsg+0x147/0x5e0 [ 192.792789][ T8103] ? udp4_lib_lookup_skb+0x440/0x440 [ 192.798068][ T8103] ? inet_sendmsg+0x147/0x5e0 [ 192.802730][ T8103] ? ipip_gro_receive+0x100/0x100 [ 192.807739][ T8103] sock_sendmsg+0xdd/0x130 [ 192.812140][ T8103] ___sys_sendmsg+0x3e2/0x930 [ 192.816806][ T8103] ? copy_msghdr_from_user+0x430/0x430 [ 192.822259][ T8103] ? __lock_acquire+0x548/0x3fb0 [ 192.827305][ T8103] ? lock_downgrade+0x880/0x880 [ 192.832332][ T8103] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.838566][ T8103] ? kasan_check_read+0x11/0x20 [ 192.843499][ T8103] ? __might_fault+0x12b/0x1e0 [ 192.848245][ T8103] ? find_held_lock+0x35/0x130 [ 192.852995][ T8103] ? __might_fault+0x12b/0x1e0 [ 192.857745][ T8103] ? lock_downgrade+0x880/0x880 [ 192.862585][ T8103] ? ___might_sleep+0x163/0x280 [ 192.867419][ T8103] __sys_sendmmsg+0x1bf/0x4d0 [ 192.872098][ T8103] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 192.877113][ T8103] ? _copy_to_user+0xc9/0x120 [ 192.881780][ T8103] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.888100][ T8103] ? put_timespec64+0xda/0x140 [ 192.892848][ T8103] ? nsecs_to_jiffies+0x30/0x30 [ 192.897692][ T8103] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.903135][ T8103] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.908584][ T8103] ? do_syscall_64+0x26/0x610 [ 192.913247][ T8103] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.919314][ T8103] ? do_syscall_64+0x26/0x610 [ 192.923976][ T8103] __x64_sys_sendmmsg+0x9d/0x100 [ 192.928901][ T8103] do_syscall_64+0x103/0x610 [ 192.933478][ T8103] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.939372][ T8103] RIP: 0033:0x4582b9 [ 192.943266][ T8103] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 20:58:00 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000140)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x58) accept$packet(r1, &(0x7f0000000340), 0x0) 20:58:00 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000140)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x58) accept$packet(r1, &(0x7f0000000340), 0x0) 20:58:00 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uinput\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) poll(&(0x7f0000000200)=[{r0, 0xc0}, {r0, 0x10}, {r0}, {r0}], 0x4, 0x0) syz_open_procfs(0x0, 0x0) syz_open_dev$usbmon(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) userfaultfd(0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='fd/3\x00') timer_create(0x0, 0x0, &(0x7f0000044000)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket(0xa, 0x3, 0x8) [ 192.962942][ T8103] RSP: 002b:00007f6144f37c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 192.971339][ T8103] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 192.979400][ T8103] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 192.987455][ T8103] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 192.995434][ T8103] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6144f386d4 [ 193.003487][ T8103] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff 20:58:00 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x2000001000008912, &(0x7f00000000c0)="0ada08394d053f3188b070") mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) syz_init_net_socket$netrom(0x6, 0x5, 0x0) r1 = socket$inet_sctp(0x2, 0x800000000000001, 0x84) sendto$inet(r1, &(0x7f0000a34fff)='H', 0x1, 0x0, 0x0, 0x0) sendto$inet(r1, &(0x7f000026cfff)="c6", 0x1, 0x0, 0x0, 0x0) shutdown(r1, 0x1) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6, 0x0, 0x10001, 0x0, 0x0, 0x46}, 0x98) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000004c0)={0x0, @in, 0x0, 0x0, 0x0, 0x0, 0x34}, 0x98) setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000100)={0x0, 0x0, 0x4}, 0xb) readv(r1, &(0x7f0000000280)=[{&(0x7f0000000140)=""/24, 0x18}], 0x1) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x98) 20:58:00 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000140)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x58) accept$packet(r1, &(0x7f0000000340), 0x0) [ 193.161563][ T8103] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8103 [ 193.171276][ T8103] caller is sk_mc_loop+0x1d/0x210 [ 193.176317][ T8103] CPU: 1 PID: 8103 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 193.185436][ T8103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 193.195497][ T8103] Call Trace: [ 193.198901][ T8103] dump_stack+0x172/0x1f0 [ 193.203389][ T8103] __this_cpu_preempt_check+0x246/0x270 [ 193.208954][ T8103] sk_mc_loop+0x1d/0x210 [ 193.213332][ T8103] ip_mc_output+0x2ef/0xf70 [ 193.217984][ T8103] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 193.223126][ T8103] ? ip_append_data.part.0+0x170/0x170 [ 193.228598][ T8103] ? ip_make_skb+0x1b1/0x2c0 [ 193.233194][ T8103] ? ip_reply_glue_bits+0xc0/0xc0 [ 193.233214][ T8103] ip_local_out+0xc4/0x1b0 [ 193.233229][ T8103] ip_send_skb+0x42/0xf0 [ 193.233248][ T8103] udp_send_skb.isra.0+0x6b2/0x1180 [ 193.247004][ T8103] udp_sendmsg+0x1dfd/0x2820 [ 193.247021][ T8103] ? __lock_acquire+0x548/0x3fb0 [ 193.247043][ T8103] ? ip_reply_glue_bits+0xc0/0xc0 [ 193.266865][ T8103] ? udp4_lib_lookup_skb+0x440/0x440 [ 193.272220][ T8103] ? __might_fault+0x12b/0x1e0 [ 193.277008][ T8103] ? find_held_lock+0x35/0x130 [ 193.281922][ T8103] ? __might_sleep+0x95/0x190 [ 193.286620][ T8103] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 193.286635][ T8103] ? aa_sk_perm+0x288/0x880 [ 193.286657][ T8103] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 193.286681][ T8103] inet_sendmsg+0x147/0x5e0 [ 193.296995][ T8103] ? udp4_lib_lookup_skb+0x440/0x440 [ 193.297009][ T8103] ? inet_sendmsg+0x147/0x5e0 [ 193.297023][ T8103] ? ipip_gro_receive+0x100/0x100 [ 193.297040][ T8103] sock_sendmsg+0xdd/0x130 [ 193.297061][ T8103] ___sys_sendmsg+0x3e2/0x930 [ 193.331100][ T8103] ? copy_msghdr_from_user+0x430/0x430 [ 193.336651][ T8103] ? __lock_acquire+0x548/0x3fb0 [ 193.341577][ T8103] ? lock_downgrade+0x880/0x880 [ 193.346416][ T8103] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.352650][ T8103] ? kasan_check_read+0x11/0x20 [ 193.357493][ T8103] ? __might_fault+0x12b/0x1e0 [ 193.362256][ T8103] ? find_held_lock+0x35/0x130 [ 193.367014][ T8103] ? __might_fault+0x12b/0x1e0 [ 193.371790][ T8103] ? lock_downgrade+0x880/0x880 [ 193.376634][ T8103] ? ___might_sleep+0x163/0x280 [ 193.381734][ T8103] __sys_sendmmsg+0x1bf/0x4d0 [ 193.386401][ T8103] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 193.391591][ T8103] ? _copy_to_user+0xc9/0x120 [ 193.396290][ T8103] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 193.402524][ T8103] ? put_timespec64+0xda/0x140 [ 193.407284][ T8103] ? nsecs_to_jiffies+0x30/0x30 [ 193.412234][ T8103] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 193.417765][ T8103] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 193.423212][ T8103] ? do_syscall_64+0x26/0x610 [ 193.427872][ T8103] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.433920][ T8103] ? do_syscall_64+0x26/0x610 [ 193.438589][ T8103] __x64_sys_sendmmsg+0x9d/0x100 [ 193.443772][ T8103] do_syscall_64+0x103/0x610 [ 193.448438][ T8103] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.454312][ T8103] RIP: 0033:0x4582b9 [ 193.458208][ T8103] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 193.478190][ T8103] RSP: 002b:00007f6144f37c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 193.487201][ T8103] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 193.495168][ T8103] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 193.503214][ T8103] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 193.511198][ T8103] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6144f386d4 [ 193.519162][ T8103] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 193.553856][ T8103] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8103 [ 193.563407][ T8103] caller is sk_mc_loop+0x1d/0x210 [ 193.568527][ T8103] CPU: 1 PID: 8103 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 193.568542][ T8103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 193.587703][ T8103] Call Trace: [ 193.587726][ T8103] dump_stack+0x172/0x1f0 [ 193.587747][ T8103] __this_cpu_preempt_check+0x246/0x270 [ 193.587762][ T8103] sk_mc_loop+0x1d/0x210 [ 193.587777][ T8103] ip_mc_output+0x2ef/0xf70 [ 193.587792][ T8103] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 193.587808][ T8103] ? ip_append_data.part.0+0x170/0x170 [ 193.587826][ T8103] ? ip_make_skb+0x1b1/0x2c0 [ 193.605337][ T8103] ? ip_reply_glue_bits+0xc0/0xc0 [ 193.605356][ T8103] ip_local_out+0xc4/0x1b0 [ 193.620597][ T8103] ip_send_skb+0x42/0xf0 [ 193.638839][ T8103] udp_send_skb.isra.0+0x6b2/0x1180 [ 193.644053][ T8103] ? xfrm_lookup_route+0x5b/0x1f0 [ 193.649099][ T8103] udp_sendmsg+0x1dfd/0x2820 [ 193.653710][ T8103] ? __lock_acquire+0x548/0x3fb0 [ 193.658656][ T8103] ? ip_reply_glue_bits+0xc0/0xc0 [ 193.663689][ T8103] ? udp4_lib_lookup_skb+0x440/0x440 [ 193.668978][ T8103] ? __might_fault+0x12b/0x1e0 [ 193.673742][ T8103] ? find_held_lock+0x35/0x130 [ 193.678537][ T8103] ? __might_sleep+0x95/0x190 [ 193.683329][ T8103] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 193.688960][ T8103] ? aa_sk_perm+0x288/0x880 [ 193.693931][ T8103] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 193.699477][ T8103] inet_sendmsg+0x147/0x5e0 [ 193.704057][ T8103] ? udp4_lib_lookup_skb+0x440/0x440 [ 193.709340][ T8103] ? inet_sendmsg+0x147/0x5e0 [ 193.714013][ T8103] ? ipip_gro_receive+0x100/0x100 [ 193.719135][ T8103] sock_sendmsg+0xdd/0x130 [ 193.723551][ T8103] ___sys_sendmsg+0x3e2/0x930 [ 193.728231][ T8103] ? copy_msghdr_from_user+0x430/0x430 [ 193.733688][ T8103] ? __lock_acquire+0x548/0x3fb0 [ 193.738809][ T8103] ? lock_downgrade+0x880/0x880 [ 193.743651][ T8103] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.750096][ T8103] ? kasan_check_read+0x11/0x20 [ 193.755123][ T8103] ? __might_fault+0x12b/0x1e0 [ 193.759974][ T8103] ? find_held_lock+0x35/0x130 [ 193.764756][ T8103] ? __might_fault+0x12b/0x1e0 [ 193.769534][ T8103] ? lock_downgrade+0x880/0x880 [ 193.774386][ T8103] ? ___might_sleep+0x163/0x280 [ 193.779226][ T8103] __sys_sendmmsg+0x1bf/0x4d0 [ 193.784032][ T8103] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 193.789073][ T8103] ? _copy_to_user+0xc9/0x120 [ 193.794190][ T8103] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 193.801235][ T8103] ? put_timespec64+0xda/0x140 [ 193.806023][ T8103] ? nsecs_to_jiffies+0x30/0x30 [ 193.810901][ T8103] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 193.816380][ T8103] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 193.821879][ T8103] ? do_syscall_64+0x26/0x610 [ 193.826655][ T8103] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.832711][ T8103] ? do_syscall_64+0x26/0x610 [ 193.837499][ T8103] __x64_sys_sendmmsg+0x9d/0x100 [ 193.842450][ T8103] do_syscall_64+0x103/0x610 [ 193.847180][ T8103] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.853061][ T8103] RIP: 0033:0x4582b9 [ 193.856963][ T8103] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 193.876652][ T8103] RSP: 002b:00007f6144f37c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 193.885056][ T8103] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 193.893136][ T8103] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 193.901382][ T8103] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 193.909356][ T8103] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6144f386d4 [ 193.917431][ T8103] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 193.927323][ T8103] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8103 [ 193.937101][ T8103] caller is sk_mc_loop+0x1d/0x210 [ 193.942420][ T8103] CPU: 0 PID: 8103 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 193.951878][ T8103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 193.962020][ T8103] Call Trace: [ 193.965402][ T8103] dump_stack+0x172/0x1f0 [ 193.969824][ T8103] __this_cpu_preempt_check+0x246/0x270 [ 193.975419][ T8103] sk_mc_loop+0x1d/0x210 [ 193.979761][ T8103] ip_mc_output+0x2ef/0xf70 [ 193.984267][ T8103] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 193.989470][ T8103] ? ip_append_data.part.0+0x170/0x170 [ 193.994935][ T8103] ? ip_make_skb+0x1b1/0x2c0 [ 193.999531][ T8103] ? ip_reply_glue_bits+0xc0/0xc0 [ 194.004863][ T8103] ip_local_out+0xc4/0x1b0 [ 194.009623][ T8103] ip_send_skb+0x42/0xf0 [ 194.013966][ T8103] udp_send_skb.isra.0+0x6b2/0x1180 [ 194.020138][ T8103] ? xfrm_lookup_route+0x5b/0x1f0 [ 194.025181][ T8103] udp_sendmsg+0x1dfd/0x2820 [ 194.030030][ T8103] ? __lock_acquire+0x548/0x3fb0 [ 194.035022][ T8103] ? ip_reply_glue_bits+0xc0/0xc0 [ 194.040057][ T8103] ? udp4_lib_lookup_skb+0x440/0x440 [ 194.045347][ T8103] ? __might_fault+0x12b/0x1e0 [ 194.050283][ T8103] ? find_held_lock+0x35/0x130 [ 194.055052][ T8103] ? __might_sleep+0x95/0x190 [ 194.059725][ T8103] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 194.065376][ T8103] ? aa_sk_perm+0x288/0x880 [ 194.069884][ T8103] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 194.075422][ T8103] inet_sendmsg+0x147/0x5e0 [ 194.080040][ T8103] ? udp4_lib_lookup_skb+0x440/0x440 [ 194.085334][ T8103] ? inet_sendmsg+0x147/0x5e0 [ 194.090013][ T8103] ? ipip_gro_receive+0x100/0x100 [ 194.095024][ T8103] sock_sendmsg+0xdd/0x130 [ 194.099434][ T8103] ___sys_sendmsg+0x3e2/0x930 [ 194.104105][ T8103] ? copy_msghdr_from_user+0x430/0x430 [ 194.109844][ T8103] ? __lock_acquire+0x548/0x3fb0 [ 194.114779][ T8103] ? lock_downgrade+0x880/0x880 [ 194.119620][ T8103] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.125939][ T8103] ? kasan_check_read+0x11/0x20 [ 194.130824][ T8103] ? __might_fault+0x12b/0x1e0 [ 194.135577][ T8103] ? find_held_lock+0x35/0x130 [ 194.140339][ T8103] ? __might_fault+0x12b/0x1e0 [ 194.145094][ T8103] ? lock_downgrade+0x880/0x880 [ 194.150150][ T8103] ? ___might_sleep+0x163/0x280 [ 194.155003][ T8103] __sys_sendmmsg+0x1bf/0x4d0 [ 194.159673][ T8103] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 194.164794][ T8103] ? _copy_to_user+0xc9/0x120 [ 194.169488][ T8103] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.175724][ T8103] ? put_timespec64+0xda/0x140 [ 194.180480][ T8103] ? nsecs_to_jiffies+0x30/0x30 [ 194.185323][ T8103] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.190799][ T8103] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.196244][ T8103] ? do_syscall_64+0x26/0x610 [ 194.200917][ T8103] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.207102][ T8103] ? do_syscall_64+0x26/0x610 [ 194.211769][ T8103] __x64_sys_sendmmsg+0x9d/0x100 [ 194.217478][ T8103] do_syscall_64+0x103/0x610 [ 194.222160][ T8103] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.228132][ T8103] RIP: 0033:0x4582b9 [ 194.232165][ T8103] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 194.253522][ T8103] RSP: 002b:00007f6144f37c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 194.261958][ T8103] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 194.270247][ T8103] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 194.278209][ T8103] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 194.286198][ T8103] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6144f386d4 [ 194.294355][ T8103] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 194.304859][ T8103] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8103 [ 194.314264][ T8103] caller is sk_mc_loop+0x1d/0x210 [ 194.319633][ T8103] CPU: 0 PID: 8103 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 194.329005][ T8103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.339148][ T8103] Call Trace: [ 194.342466][ T8103] dump_stack+0x172/0x1f0 [ 194.346794][ T8103] __this_cpu_preempt_check+0x246/0x270 [ 194.352387][ T8103] sk_mc_loop+0x1d/0x210 [ 194.356650][ T8103] ip_mc_output+0x2ef/0xf70 [ 194.361173][ T8103] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 194.366309][ T8103] ? ip_append_data.part.0+0x170/0x170 [ 194.372004][ T8103] ? ip_make_skb+0x1b1/0x2c0 [ 194.376586][ T8103] ? ip_reply_glue_bits+0xc0/0xc0 [ 194.381608][ T8103] ip_local_out+0xc4/0x1b0 [ 194.386194][ T8103] ip_send_skb+0x42/0xf0 [ 194.390428][ T8103] udp_send_skb.isra.0+0x6b2/0x1180 [ 194.395635][ T8103] ? xfrm_lookup_route+0x5b/0x1f0 [ 194.400654][ T8103] udp_sendmsg+0x1dfd/0x2820 [ 194.405225][ T8103] ? __lock_acquire+0x548/0x3fb0 [ 194.410166][ T8103] ? ip_reply_glue_bits+0xc0/0xc0 [ 194.422944][ T8103] ? udp4_lib_lookup_skb+0x440/0x440 [ 194.428371][ T8103] ? __might_fault+0x12b/0x1e0 [ 194.439376][ T8103] ? find_held_lock+0x35/0x130 [ 194.444161][ T8103] ? __might_sleep+0x95/0x190 [ 194.448833][ T8103] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 194.454465][ T8103] ? aa_sk_perm+0x288/0x880 [ 194.459057][ T8103] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 194.464592][ T8103] inet_sendmsg+0x147/0x5e0 [ 194.469084][ T8103] ? udp4_lib_lookup_skb+0x440/0x440 [ 194.474350][ T8103] ? inet_sendmsg+0x147/0x5e0 [ 194.484087][ T8103] ? ipip_gro_receive+0x100/0x100 [ 194.489128][ T8103] sock_sendmsg+0xdd/0x130 [ 194.493552][ T8103] ___sys_sendmsg+0x3e2/0x930 [ 194.498232][ T8103] ? copy_msghdr_from_user+0x430/0x430 [ 194.503791][ T8103] ? __lock_acquire+0x548/0x3fb0 [ 194.508716][ T8103] ? lock_downgrade+0x880/0x880 [ 194.513569][ T8103] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.519945][ T8103] ? kasan_check_read+0x11/0x20 [ 194.524805][ T8103] ? __might_fault+0x12b/0x1e0 [ 194.529578][ T8103] ? find_held_lock+0x35/0x130 [ 194.534328][ T8103] ? __might_fault+0x12b/0x1e0 [ 194.539121][ T8103] ? lock_downgrade+0x880/0x880 [ 194.543968][ T8103] ? ___might_sleep+0x163/0x280 [ 194.548803][ T8103] __sys_sendmmsg+0x1bf/0x4d0 [ 194.553463][ T8103] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 194.558477][ T8103] ? _copy_to_user+0xc9/0x120 [ 194.563136][ T8103] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.569382][ T8103] ? put_timespec64+0xda/0x140 [ 194.574144][ T8103] ? nsecs_to_jiffies+0x30/0x30 [ 194.578983][ T8103] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.584425][ T8103] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.589874][ T8103] ? do_syscall_64+0x26/0x610 [ 194.594559][ T8103] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.600612][ T8103] ? do_syscall_64+0x26/0x610 [ 194.605675][ T8103] __x64_sys_sendmmsg+0x9d/0x100 [ 194.610604][ T8103] do_syscall_64+0x103/0x610 [ 194.615197][ T8103] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.621166][ T8103] RIP: 0033:0x4582b9 [ 194.625047][ T8103] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 194.644828][ T8103] RSP: 002b:00007f6144f37c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 194.653235][ T8103] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 194.661284][ T8103] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 194.669335][ T8103] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 194.677331][ T8103] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6144f386d4 [ 194.685391][ T8103] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 194.694189][ T8103] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8103 [ 194.703596][ T8103] caller is sk_mc_loop+0x1d/0x210 [ 194.708818][ T8103] CPU: 0 PID: 8103 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 194.717861][ T8103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.728010][ T8103] Call Trace: [ 194.731302][ T8103] dump_stack+0x172/0x1f0 [ 194.735640][ T8103] __this_cpu_preempt_check+0x246/0x270 [ 194.741308][ T8103] sk_mc_loop+0x1d/0x210 [ 194.745557][ T8103] ip_mc_output+0x2ef/0xf70 [ 194.750052][ T8103] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 194.755179][ T8103] ? ip_append_data.part.0+0x170/0x170 [ 194.760627][ T8103] ? ip_make_skb+0x1b1/0x2c0 [ 194.765209][ T8103] ? ip_reply_glue_bits+0xc0/0xc0 [ 194.770225][ T8103] ip_local_out+0xc4/0x1b0 [ 194.774715][ T8103] ip_send_skb+0x42/0xf0 [ 194.778947][ T8103] udp_send_skb.isra.0+0x6b2/0x1180 [ 194.784223][ T8103] ? xfrm_lookup_route+0x5b/0x1f0 [ 194.789237][ T8103] udp_sendmsg+0x1dfd/0x2820 [ 194.793937][ T8103] ? __lock_acquire+0x548/0x3fb0 [ 194.798878][ T8103] ? ip_reply_glue_bits+0xc0/0xc0 [ 194.803962][ T8103] ? udp4_lib_lookup_skb+0x440/0x440 [ 194.809246][ T8103] ? __might_fault+0x12b/0x1e0 [ 194.814032][ T8103] ? find_held_lock+0x35/0x130 [ 194.818792][ T8103] ? __might_sleep+0x95/0x190 [ 194.823454][ T8103] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 194.829092][ T8103] ? aa_sk_perm+0x288/0x880 [ 194.833595][ T8103] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 194.839216][ T8103] inet_sendmsg+0x147/0x5e0 [ 194.843712][ T8103] ? udp4_lib_lookup_skb+0x440/0x440 [ 194.849002][ T8103] ? inet_sendmsg+0x147/0x5e0 [ 194.853672][ T8103] ? ipip_gro_receive+0x100/0x100 [ 194.858707][ T8103] sock_sendmsg+0xdd/0x130 [ 194.863110][ T8103] ___sys_sendmsg+0x3e2/0x930 [ 194.867911][ T8103] ? copy_msghdr_from_user+0x430/0x430 [ 194.873388][ T8103] ? __lock_acquire+0x548/0x3fb0 [ 194.878319][ T8103] ? lock_downgrade+0x880/0x880 [ 194.883175][ T8103] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.889445][ T8103] ? kasan_check_read+0x11/0x20 [ 194.894291][ T8103] ? __might_fault+0x12b/0x1e0 [ 194.899290][ T8103] ? find_held_lock+0x35/0x130 [ 194.904393][ T8103] ? __might_fault+0x12b/0x1e0 [ 194.909768][ T8103] ? lock_downgrade+0x880/0x880 [ 194.914746][ T8103] ? ___might_sleep+0x163/0x280 [ 194.919593][ T8103] __sys_sendmmsg+0x1bf/0x4d0 [ 194.924287][ T8103] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 194.929306][ T8103] ? _copy_to_user+0xc9/0x120 [ 194.933976][ T8103] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.940244][ T8103] ? put_timespec64+0xda/0x140 [ 194.944998][ T8103] ? nsecs_to_jiffies+0x30/0x30 [ 194.949934][ T8103] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.955582][ T8103] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.961050][ T8103] ? do_syscall_64+0x26/0x610 [ 194.965728][ T8103] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.971785][ T8103] ? do_syscall_64+0x26/0x610 [ 194.976449][ T8103] __x64_sys_sendmmsg+0x9d/0x100 [ 194.981388][ T8103] do_syscall_64+0x103/0x610 [ 194.985971][ T8103] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.991916][ T8103] RIP: 0033:0x4582b9 [ 194.995797][ T8103] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 195.015816][ T8103] RSP: 002b:00007f6144f37c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 195.024259][ T8103] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 195.032220][ T8103] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 195.040398][ T8103] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 195.048362][ T8103] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6144f386d4 20:58:02 executing program 4: syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000002740)={0xa, 0x0, 0x0, @dev, 0x4}, 0x79) sendmmsg(r0, &(0x7f0000000200), 0x400000000000084, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x1}, 0x0) 20:58:02 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x2000001000008912, &(0x7f00000000c0)="0ada08394d053f3188b070") r1 = socket$inet_sctp(0x2, 0x800000000000001, 0x84) sendto$inet(r1, &(0x7f0000a34fff)='H', 0x1, 0x0, 0x0, 0x0) sendto$inet(r1, &(0x7f000026cfff)="c6", 0x1, 0x0, 0x0, 0x0) shutdown(r1, 0x1) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6, 0x0, 0x10001, 0x0, 0x0, 0x46}, 0x98) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000004c0)={0x0, @in, 0x0, 0x0, 0x0, 0x0, 0x34}, 0x98) 20:58:02 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070") r1 = socket$pppoe(0x18, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) connect$pppoe(r1, &(0x7f0000000080)={0x18, 0x0, {0x4, @dev={[], 0xa}, 'lo\x00'}}, 0x1e) ioctl$PPPIOCGCHAN(r1, 0x80047437, &(0x7f0000000200)) sendmmsg(r1, &(0x7f00000000c0)=[{{&(0x7f0000002980)=@rc, 0x80, &(0x7f00000003c0), 0x0, &(0x7f0000000100)}}], 0x69, 0x0) 20:58:02 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(r0) ioctl$PERF_EVENT_IOC_REFRESH(r2, 0x5411, 0x70a000) 20:58:02 executing program 5: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x284) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000580)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x90) 20:58:02 executing program 1: syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='fd/3\x00') [ 195.056326][ T8103] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff 20:58:02 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) r1 = getpid() r2 = syz_open_dev$vcsa(0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_DEL(r2, 0x2, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000002740)={0xa, 0x0, 0x0, @dev, 0x4}, 0x79) sendmmsg(r3, &(0x7f0000000200), 0x400000000000084, 0xd) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) sched_setattr(r1, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x1}, 0x0) 20:58:02 executing program 5: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) r1 = getpid() r2 = syz_open_dev$vcsa(0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_DEL(r2, 0x2, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000002740)={0xa, 0x0, 0x0, @dev, 0x4}, 0x79) sendmmsg(r3, &(0x7f0000000200), 0x400000000000084, 0xd) setsockopt$inet6_opts(r3, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) ioctl$PERF_EVENT_IOC_REFRESH(r2, 0x2402, 0x8) sched_setattr(r1, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x1}, 0x0) 20:58:02 executing program 2: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) finit_module(r0, 0x0, 0x0) 20:58:02 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070") r1 = socket$pppoe(0x18, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) connect$pppoe(r1, &(0x7f0000000080)={0x18, 0x0, {0x4, @dev={[], 0xa}, 'lo\x00'}}, 0x1e) ioctl$PPPIOCGCHAN(r1, 0x80047437, &(0x7f0000000200)) sendmmsg(r1, &(0x7f00000000c0)=[{{&(0x7f0000002980)=@rc, 0x80, &(0x7f00000003c0), 0x0, &(0x7f0000000100)}}], 0x69, 0x0) 20:58:03 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) r1 = getpid() r2 = syz_open_dev$vcsa(0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_DEL(r2, 0x2, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000002740)={0xa, 0x0, 0x0, @dev, 0x4}, 0x79) sendmmsg(r3, &(0x7f0000000200), 0x400000000000084, 0xd) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) ioctl$PERF_EVENT_IOC_REFRESH(r2, 0x2402, 0x8) sched_setattr(r1, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x1}, 0x0) 20:58:03 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070") r1 = socket$pppoe(0x18, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) connect$pppoe(r1, &(0x7f0000000080)={0x18, 0x0, {0x4, @dev={[], 0xa}, 'lo\x00'}}, 0x1e) ioctl$PPPIOCGCHAN(r1, 0x80047437, &(0x7f0000000200)) sendmmsg(r1, &(0x7f00000000c0)=[{{&(0x7f0000002980)=@rc, 0x80, &(0x7f00000003c0), 0x0, &(0x7f0000000100)}}], 0x69, 0x0)