[ 37.434381][ T26] audit: type=1800 audit(1554672109.281:26): pid=7641 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 37.473845][ T26] audit: type=1800 audit(1554672109.291:27): pid=7641 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 37.494469][ T26] audit: type=1800 audit(1554672109.291:28): pid=7641 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 38.160322][ T26] audit: type=1800 audit(1554672110.031:29): pid=7641 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.84' (ECDSA) to the list of known hosts. 2019/04/07 21:22:01 fuzzer started 2019/04/07 21:22:04 dialing manager at 10.128.0.26:34543 2019/04/07 21:22:04 syscalls: 2408 2019/04/07 21:22:04 code coverage: enabled 2019/04/07 21:22:04 comparison tracing: enabled 2019/04/07 21:22:04 extra coverage: extra coverage is not supported by the kernel 2019/04/07 21:22:04 setuid sandbox: enabled 2019/04/07 21:22:04 namespace sandbox: enabled 2019/04/07 21:22:04 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/07 21:22:04 fault injection: enabled 2019/04/07 21:22:04 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/07 21:22:04 net packet injection: enabled 2019/04/07 21:22:04 net device setup: enabled 21:24:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4010aef5, &(0x7f00000001c0)={0x74, 0x0, [0x8122000]}) syzkaller login: [ 182.968970][ T7805] IPVS: ftp: loaded support on port[0] = 21 [ 183.068341][ T7805] chnl_net:caif_netlink_parms(): no params data found 21:24:15 executing program 1: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="e5dda312801f1a2ef0cde54767bad5dca5623b75802ccb25b3b6e0bd80303ec1b42af115ebaefda095ed153fa770cb62e4f1167b11cb60644851251d7283ef952a9bec791f0e99d1d6128c83399fcad4d39b332210d7b12a25e7e52c5d5fc69073ed26b319118a1b3c71275a3e43788c4512eb714b528aa6d9e01d31809f529841152af726b80b0fde3333b9ad7e56c9088df0a6e82529c222fd6a261e1597a81d72468a32168f475466499bcbbb38dd27a2f8123ffcd4173e47c8fc5be0a30c20e5d4ef5d86b8fdfeff21a107d82aec20e62d41e28d8e4a35015d02475babdcb87d68baac210b8b172ac6e83ec2d3c99ed94f6a1d11"], 0x1}}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuset.effective_cpus\x00', 0x0, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000002c0)='status\x00B#g9\xc1m\x17\xf9\r\xc2#\"\xc9O\x135 x^\x91\xea\x85\xae\x10|\xc3\x81\x98\x19\xc2cT\v\x1d\xe1\xba \x1em\xe4\xb7ZP\x11P\x91\xee\xd50\xaaH.6YF\x01\xce\xb5\xd1i\xc5\xba\xf4\x1b5\xd8\xa5\xa0\x9a\x82If\x13\xd8`#\x86[W\xef&\x9f\x90\xd3\x04\x96\x9fh}\xf5;a\x1b@\xa4B\x91\xb5\xa8\x82 \x8f\xbb\x83^T\xa4\x13\x10\xa3\xb4\x81\xd5\xbd\xbb\t\x81t)\t\xa6;|\xd1\xa1\x8d@^[\x01\x1b\xfb\xe5\xa4\xd5\xbf)\x94G\xe4\xc0\xddKc\xa3g!\x1c\x00x#\x8bP\x9daA\x00\xd3:U\x84\xaa;<\xb9\xb9\x9en_\x84q\x92\x94\xd4\x1b\'\x11|G\xfbO++\xe4u\xeb%\xd5\x01\x00\x00\x00\xcf\x84\"\xca\xdeW\f\b{\x03\xf6\xb1\x81\x8b\xc9pw\xdb#') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) setgroups(0x442, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0]) sendfile(r1, r0, 0x0, 0x1) [ 183.115849][ T7805] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.123399][ T7805] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.138895][ T7805] device bridge_slave_0 entered promiscuous mode [ 183.165025][ T7805] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.172173][ T7805] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.180848][ T7805] device bridge_slave_1 entered promiscuous mode [ 183.209643][ T7805] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 183.221139][ T7805] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 183.241316][ T7808] IPVS: ftp: loaded support on port[0] = 21 [ 183.263944][ T7805] team0: Port device team_slave_0 added [ 183.287588][ T7805] team0: Port device team_slave_1 added 21:24:15 executing program 2: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r0, r3, &(0x7f0000016000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) [ 183.358167][ T7805] device hsr_slave_0 entered promiscuous mode [ 183.404554][ T7805] device hsr_slave_1 entered promiscuous mode 21:24:15 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000180)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0xffffffffffffffb2, &(0x7f0000000040)) [ 183.591297][ T7810] IPVS: ftp: loaded support on port[0] = 21 [ 183.624560][ T7805] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.631775][ T7805] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.639547][ T7805] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.646656][ T7805] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.743024][ T7813] IPVS: ftp: loaded support on port[0] = 21 [ 183.750956][ T7808] chnl_net:caif_netlink_parms(): no params data found 21:24:15 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket(0x8, 0x0, 0x0) [ 183.895935][ T7805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 183.914636][ T7808] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.921727][ T7808] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.934042][ T7808] device bridge_slave_0 entered promiscuous mode [ 183.998406][ T7805] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.005403][ T7808] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.012457][ T7808] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.021026][ T7808] device bridge_slave_1 entered promiscuous mode [ 184.028823][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 184.051580][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.060687][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.071922][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready 21:24:16 executing program 5: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x5, 0xff, 0x409, 0x20000000000003, 0x0, 0x0}, 0x2c) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000100)={r0, &(0x7f0000000080), 0x0}, 0x18) [ 184.139229][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 184.148686][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.155810][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.166147][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 184.174933][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.181991][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.230425][ T7810] chnl_net:caif_netlink_parms(): no params data found [ 184.251908][ T7808] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 184.262798][ T7808] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 184.271720][ T7817] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 184.280704][ T7817] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.289608][ T7817] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 184.299510][ T7817] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 184.308130][ T7817] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 184.350230][ T7816] IPVS: ftp: loaded support on port[0] = 21 [ 184.375878][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 184.384142][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 184.398195][ T7805] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 184.402138][ T7822] IPVS: ftp: loaded support on port[0] = 21 [ 184.409845][ T7805] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 184.432708][ T7808] team0: Port device team_slave_0 added [ 184.441107][ T7808] team0: Port device team_slave_1 added [ 184.452628][ T7817] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 184.461105][ T7817] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 184.476547][ T7813] chnl_net:caif_netlink_parms(): no params data found [ 184.492615][ T7810] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.499967][ T7810] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.508535][ T7810] device bridge_slave_0 entered promiscuous mode [ 184.517340][ T7810] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.525180][ T7810] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.532715][ T7810] device bridge_slave_1 entered promiscuous mode [ 184.626381][ T7808] device hsr_slave_0 entered promiscuous mode [ 184.684795][ T7808] device hsr_slave_1 entered promiscuous mode [ 184.738243][ T7810] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 184.753363][ T7810] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 184.767921][ T7805] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 184.796374][ T7813] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.803439][ T7813] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.811734][ T7813] device bridge_slave_0 entered promiscuous mode [ 184.823733][ T7813] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.831015][ T7813] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.839891][ T7813] device bridge_slave_1 entered promiscuous mode [ 184.891068][ T7810] team0: Port device team_slave_0 added [ 184.910249][ T7813] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 184.923404][ T7813] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 184.942312][ T7810] team0: Port device team_slave_1 added [ 184.992556][ T7826] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 184.999909][ T7813] team0: Port device team_slave_0 added 21:24:16 executing program 0: bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f0000000180)='./bus\x00', 0x4000, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) write$FUSE_INIT(r1, &(0x7f0000000240)={0x50, 0xfffffffffffffffe, 0x3, {0x7, 0x1d, 0x7, 0x2, 0x6eb, 0x1, 0x80000000, 0x5}}, 0x50) ioctl$DRM_IOCTL_IRQ_BUSID(r1, 0xc0106403, 0x0) [ 185.049251][ T7810] device hsr_slave_0 entered promiscuous mode [ 185.104538][ T7810] device hsr_slave_1 entered promiscuous mode [ 185.145611][ T26] kauditd_printk_skb: 1 callbacks suppressed [ 185.145628][ T26] audit: type=1804 audit(1554672257.021:31): pid=7831 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir007711276/syzkaller.uLudND/1/bus" dev="sda1" ino=16519 res=1 [ 185.177489][ C0] hrtimer: interrupt took 35321 ns [ 185.177923][ T26] audit: type=1800 audit(1554672257.021:32): pid=7831 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16519 res=0 [ 185.217399][ T7813] team0: Port device team_slave_1 added [ 185.218618][ T26] audit: type=1804 audit(1554672257.091:33): pid=7830 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir007711276/syzkaller.uLudND/1/bus" dev="sda1" ino=16519 res=1 21:24:17 executing program 0: r0 = socket(0xa, 0x3, 0x8) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'bridge0\x00\x00\x00\x02k\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000100)={'bridge0\x00', 0x1}) [ 185.338085][ T7813] device hsr_slave_0 entered promiscuous mode [ 185.344609][ T26] audit: type=1804 audit(1554672257.211:34): pid=7832 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir007711276/syzkaller.uLudND/1/bus" dev="sda1" ino=16519 res=1 [ 185.368894][ T26] audit: type=1800 audit(1554672257.211:35): pid=7832 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16519 res=0 [ 185.414708][ T7813] device hsr_slave_1 entered promiscuous mode [ 185.511146][ T7836] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.518730][ T7836] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.576159][ T7838] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.583325][ T7838] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.590789][ T7838] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.597914][ T7838] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.687030][ T7836] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.694278][ T7836] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.758268][ T7816] chnl_net:caif_netlink_parms(): no params data found [ 185.773476][ T7838] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.780649][ T7838] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.788073][ T7838] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.795206][ T7838] bridge0: port 1(bridge_slave_0) entered forwarding state 21:24:17 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x8}, 0x37a) sendmsg$nl_route(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001a0025050000001f1d130a7b0fc8b9eead35bae6a5000000000009fffff30200000000000000"], 0x1}}, 0x0) 21:24:17 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") clone(0x8000000000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x36) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xfffffffffffffff9, 0x0, 0xfa}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) [ 185.943630][ T7808] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.005606][ T7808] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.016582][ T7816] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.023772][ T7816] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.032420][ T7816] device bridge_slave_0 entered promiscuous mode [ 186.041179][ T7822] chnl_net:caif_netlink_parms(): no params data found [ 186.051022][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 186.059741][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 186.077453][ T7816] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.084667][ T7816] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.092257][ T7816] device bridge_slave_1 entered promiscuous mode [ 186.103165][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.112246][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.120810][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.127893][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.136025][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.144661][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 186.152937][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.160018][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.168068][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 186.177477][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.208437][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 186.226470][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.235758][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.262274][ T7810] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.273263][ T7813] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.280491][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 186.289208][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 186.297766][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 186.308441][ T7816] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 186.323659][ T7816] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 186.340175][ T7810] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.368381][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 186.377478][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 186.386041][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 186.394792][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 186.402833][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 186.411366][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 186.426078][ T7822] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.433151][ T7822] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.441320][ T7822] device bridge_slave_0 entered promiscuous mode [ 186.457627][ T7816] team0: Port device team_slave_0 added [ 186.463984][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.472629][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.481145][ T3484] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.488220][ T3484] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.496127][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.504719][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 186.512975][ T3484] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.520074][ T3484] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.528582][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.538596][ T7808] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 186.553025][ T7822] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.560669][ T7822] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.568802][ T7822] device bridge_slave_1 entered promiscuous mode [ 186.579266][ T7816] team0: Port device team_slave_1 added [ 186.589020][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 186.596767][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 186.604387][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 186.623214][ T7810] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 186.633791][ T7810] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 186.654464][ T7813] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.672393][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 186.683620][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.692393][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.700941][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 186.710192][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 186.718973][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 186.727383][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 186.736069][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 186.744392][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 186.752446][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.761716][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.770291][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.777729][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.786157][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 186.794048][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 186.802014][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.816499][ T7822] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 186.876704][ T7816] device hsr_slave_0 entered promiscuous mode [ 186.914676][ T7816] device hsr_slave_1 entered promiscuous mode [ 186.963360][ T7808] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 186.972065][ T7822] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 186.997444][ T7822] team0: Port device team_slave_0 added [ 187.004304][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 187.012744][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.022245][ T2990] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.029341][ T2990] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.037024][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 187.049956][ T7810] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 187.077642][ T7822] team0: Port device team_slave_1 added [ 187.106499][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 21:24:19 executing program 1: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000180)='/dev/full\x00', 0x80040, 0x0) ioctl$EVIOCGABS0(r0, 0x80184540, &(0x7f0000000880)=""/212) socket$bt_cmtp(0x1f, 0x3, 0x5) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000000)=0xfffffffffffffc51) r1 = socket$kcm(0x29, 0x2, 0x0) recvmsg$kcm(r1, 0x0, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000012c0)={0x51, 0x0, 0x0, {0x8, 0x5}, {0x5}, @period={0x5c, 0x649, 0x2a9, 0xfffffffffffffffd, 0x7, {0xffffffffffffff7f, 0x3, 0x517, 0x8d}, 0x0, 0x0}}) ioctl$TIOCMBIC(0xffffffffffffffff, 0x5417, &(0x7f0000000080)=0x3) fcntl$lock(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0xfffffffffffffe30, 0xfa00, {0x4, &(0x7f0000000400)={0xffffffffffffffff}, 0x13f, 0xb}}, 0xffffffffffffff63) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(0xffffffffffffffff, &(0x7f0000000480)={0x4, 0x8, 0xfa00, {r2}}, 0x10) write$FUSE_WRITE(0xffffffffffffffff, 0x0, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, 0x0) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x20601, 0x0) syz_genetlink_get_family_id$ipvs(0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r3, 0x84, 0x1a, &(0x7f00000007c0)={0x0, 0x82, "0b790e5ed80eb70b7375f16c643c40ff41fffbeddcb93e4910bb7524fa75fc3bd5de1c6b07ecd47ab622181cd982308a3673d2481abfa98030c3472734ca4adb1a65ccfbcee11d673b0ee4fa8c05b7dd636e055b5d8032cc31c53717721265a10a8ce6e6aaaaff352ea45b03093038b3e90c2829aff4f05a415df9ba4fbd5ee9caad"}, 0x0) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f00000000c0)={0x0, 0x97d}, 0x0) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000540)={&(0x7f0000000680)={0x90, 0x0, 0x200, 0x0, 0x25dfdbfb, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_SOCKETS={0x3c, 0x7, [{0x8, 0x1, r3}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8, 0x1, r3}]}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0xffff}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SOCKETS={0x14, 0x7, [{0x8, 0x1, r3}, {0x8, 0x1, r3}]}, @NBD_ATTR_SOCKETS={0xc, 0x7, [{0x8, 0x1, r3}]}]}, 0x90}}, 0x1) close(r3) name_to_handle_at(r3, 0x0, 0x0, 0x0, 0x0) [ 187.163069][ T7813] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 187.184876][ T7813] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 187.203529][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 187.233089][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 187.263089][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 187.283797][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 187.292933][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 187.301998][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 187.316995][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 187.325975][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 21:24:19 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x1, 0x0, @ipv4={[], [], @loopback}}, 0x1c) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) 21:24:19 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9) r0 = socket(0x11, 0x802, 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'team0\x00\n\x00L\xff\xff\xff\xc3`\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000240)={'team0\x00\xfd\xff\xff\xff\xc0\x00\x03\x00\x02\xff', 0x4bfd}) [ 187.397225][ T7822] device hsr_slave_0 entered promiscuous mode [ 187.425663][ T7822] device hsr_slave_1 entered promiscuous mode [ 187.476658][ T7876] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7876 [ 187.486419][ T7876] caller is ip6_finish_output+0x335/0xdc0 [ 187.492163][ T7876] CPU: 0 PID: 7876 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 187.501186][ T7876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 187.505044][ T7813] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 187.511239][ T7876] Call Trace: [ 187.511278][ T7876] dump_stack+0x172/0x1f0 [ 187.511305][ T7876] __this_cpu_preempt_check+0x246/0x270 [ 187.521356][ T7876] ip6_finish_output+0x335/0xdc0 [ 187.521380][ T7876] ip6_output+0x235/0x7f0 [ 187.521399][ T7876] ? ip6_finish_output+0xdc0/0xdc0 [ 187.521421][ T7876] ? ip6_fragment+0x3980/0x3980 [ 187.550448][ T7876] ? kasan_check_read+0x11/0x20 [ 187.550472][ T7876] ip6_xmit+0xe41/0x20c0 [ 187.550499][ T7876] ? ip6_finish_output2+0x2550/0x2550 [ 187.550529][ T7876] ? mark_held_locks+0xf0/0xf0 [ 187.550546][ T7876] ? ip6_setup_cork+0x1870/0x1870 [ 187.550573][ T7876] sctp_v6_xmit+0x313/0x660 [ 187.550594][ T7876] sctp_packet_transmit+0x1bc4/0x36f0 [ 187.559879][ T7876] ? sctp_packet_config+0xfe0/0xfe0 [ 187.559901][ T7876] ? sctp_packet_append_chunk+0x946/0xda0 [ 187.559916][ T7876] ? sctp_outq_select_transport+0x21a/0x790 [ 187.559937][ T7876] sctp_outq_flush_ctrl.constprop.0+0x6d4/0xd50 [ 187.587797][ T7877] device team0 entered promiscuous mode [ 187.590169][ T7876] ? sctp_prsctp_prune_sent.isra.0+0x820/0x820 [ 187.590186][ T7876] ? lock_downgrade+0x880/0x880 [ 187.590209][ T7876] ? add_timer+0x400/0x930 [ 187.590223][ T7876] ? find_held_lock+0x35/0x130 [ 187.590246][ T7876] ? add_timer+0x41e/0x930 [ 187.596421][ T7877] device team_slave_0 entered promiscuous mode [ 187.601865][ T7876] sctp_outq_flush+0xe8/0x2780 [ 187.601880][ T7876] ? mark_held_locks+0xa4/0xf0 [ 187.601898][ T7876] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 187.601913][ T7876] ? add_timer+0x41e/0x930 [ 187.601927][ T7876] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 187.601947][ T7876] ? lockdep_hardirqs_on+0x418/0x5d0 [ 187.609232][ T7877] device team_slave_1 entered promiscuous mode [ 187.613707][ T7876] ? trace_hardirqs_on+0x67/0x230 [ 187.613728][ T7876] ? __sctp_outq_teardown+0xc60/0xc60 [ 187.613754][ T7876] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 187.613767][ T7876] ? sctp_outq_tail+0x68c/0x930 [ 187.613788][ T7876] sctp_outq_uncork+0x6c/0x80 [ 187.664159][ T7876] sctp_do_sm+0x2575/0x5770 [ 187.664179][ T7876] ? sctp_hash_transport+0xdb1/0x18d0 [ 187.664205][ T7876] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 187.664222][ T7876] ? __local_bh_enable_ip+0x15a/0x270 [ 187.664240][ T7876] ? lock_downgrade+0x880/0x880 [ 187.664254][ T7876] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 187.664273][ T7876] ? kasan_check_read+0x11/0x20 [ 187.664295][ T7876] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 187.675463][ T7876] ? sctp_hash_transport+0x10b/0x18d0 [ 187.675500][ T7876] ? memcpy+0x46/0x50 [ 187.675515][ T7876] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 187.675531][ T7876] ? sctp_assoc_set_primary+0x274/0x310 [ 187.675551][ T7876] sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 187.675571][ T7876] __sctp_connect+0x8cd/0xce0 [ 187.675597][ T7876] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 187.745682][ T7876] ? __local_bh_enable_ip+0x15a/0x270 [ 187.745701][ T7876] ? lockdep_hardirqs_on+0x418/0x5d0 [ 187.745717][ T7876] ? lock_sock_nested+0x9a/0x120 [ 187.745733][ T7876] ? trace_hardirqs_on+0x67/0x230 [ 187.745752][ T7876] ? __local_bh_enable_ip+0x15a/0x270 [ 187.745774][ T7876] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 187.757471][ T7876] sctp_inet_connect+0x2a2/0x350 [ 187.757493][ T7876] __sys_connect+0x266/0x330 [ 187.757510][ T7876] ? __ia32_sys_accept+0xb0/0xb0 [ 187.757526][ T7876] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 187.757546][ T7876] ? put_timespec64+0xda/0x140 [ 187.846461][ T7876] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 187.857504][ T7876] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 187.862973][ T7876] ? do_syscall_64+0x26/0x610 [ 187.867653][ T7876] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 187.873725][ T7876] ? do_syscall_64+0x26/0x610 [ 187.878421][ T7876] __x64_sys_connect+0x73/0xb0 [ 187.883192][ T7876] do_syscall_64+0x103/0x610 [ 187.887883][ T7876] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 187.893774][ T7876] RIP: 0033:0x4582b9 [ 187.897670][ T7876] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 187.917274][ T7876] RSP: 002b:00007fe2106fcc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a 21:24:19 executing program 3: unshare(0x105) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x1, 0x31, 0xffffffffffffffff, 0x0) r0 = socket(0x848000000015, 0x805, 0x0) getsockopt(r0, 0x114, 0x5, &(0x7f0000000140)=""/13, &(0x7f0000000000)=0xd) 21:24:19 executing program 3: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) munlock(&(0x7f0000fff000/0x1000)=nil, 0x1000) [ 187.925685][ T7876] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 187.934087][ T7876] RDX: 000000000000001c RSI: 0000000020000200 RDI: 0000000000000003 [ 187.942063][ T7876] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 187.950226][ T7876] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe2106fd6d4 [ 187.958211][ T7876] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff [ 187.993476][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 188.021476][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 188.033921][ T7875] device team0 left promiscuous mode 21:24:19 executing program 3: socket$inet6(0xa, 0x3, 0x2) ioctl(0xffffffffffffffff, 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000640)='/dev/net/tun\x00', 0x0, 0x0) openat$vcs(0xffffffffffffff9c, 0x0, 0x8200000, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f00000007c0), 0x4) r0 = mq_open(&(0x7f0000000380)='!selinuxselinux\x00', 0x0, 0x0, &(0x7f0000000040)={0x0, 0x1}) mq_timedreceive(r0, &(0x7f0000000340)=""/24, 0x18, 0x0, 0x0) [ 188.041359][ T7875] device team_slave_0 left promiscuous mode [ 188.053363][ T7875] device team_slave_1 left promiscuous mode [ 188.229733][ T7892] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7892 [ 188.239481][ T7892] caller is ip6_finish_output+0x335/0xdc0 [ 188.245321][ T7892] CPU: 1 PID: 7892 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 188.254366][ T7892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 188.264423][ T7892] Call Trace: [ 188.267728][ T7892] dump_stack+0x172/0x1f0 [ 188.272160][ T7892] __this_cpu_preempt_check+0x246/0x270 [ 188.277721][ T7892] ip6_finish_output+0x335/0xdc0 [ 188.282692][ T7892] ip6_output+0x235/0x7f0 [ 188.287133][ T7892] ? ip6_finish_output+0xdc0/0xdc0 [ 188.292254][ T7892] ? ip6_fragment+0x3980/0x3980 [ 188.297120][ T7892] ? kasan_check_read+0x11/0x20 [ 188.301979][ T7892] ip6_xmit+0xe41/0x20c0 [ 188.306239][ T7892] ? ip6_finish_output2+0x2550/0x2550 [ 188.311620][ T7892] ? mark_held_locks+0xf0/0xf0 [ 188.316399][ T7892] ? ip6_setup_cork+0x1870/0x1870 [ 188.321451][ T7892] sctp_v6_xmit+0x313/0x660 [ 188.325976][ T7892] sctp_packet_transmit+0x1bc4/0x36f0 [ 188.331380][ T7892] ? sctp_packet_config+0xfe0/0xfe0 [ 188.336613][ T7892] ? sctp_packet_append_chunk+0x946/0xda0 [ 188.342344][ T7892] ? sctp_outq_select_transport+0x21a/0x790 [ 188.348258][ T7892] sctp_outq_flush_ctrl.constprop.0+0x6d4/0xd50 [ 188.354526][ T7892] ? sctp_prsctp_prune_sent.isra.0+0x820/0x820 [ 188.360712][ T7892] ? lock_downgrade+0x880/0x880 [ 188.365579][ T7892] ? add_timer+0x400/0x930 [ 188.370024][ T7892] ? find_held_lock+0x35/0x130 [ 188.374793][ T7892] ? add_timer+0x41e/0x930 [ 188.379224][ T7892] sctp_outq_flush+0xe8/0x2780 [ 188.383990][ T7892] ? mark_held_locks+0xa4/0xf0 [ 188.388772][ T7892] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 188.394588][ T7892] ? add_timer+0x41e/0x930 [ 188.399011][ T7892] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 188.404837][ T7892] ? lockdep_hardirqs_on+0x418/0x5d0 [ 188.410126][ T7892] ? trace_hardirqs_on+0x67/0x230 [ 188.415162][ T7892] ? __sctp_outq_teardown+0xc60/0xc60 [ 188.420558][ T7892] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 188.426823][ T7892] ? sctp_outq_tail+0x68c/0x930 [ 188.431771][ T7892] sctp_outq_uncork+0x6c/0x80 [ 188.436460][ T7892] sctp_do_sm+0x2575/0x5770 [ 188.440975][ T7892] ? sctp_hash_transport+0xdb1/0x18d0 [ 188.446368][ T7892] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 188.453054][ T7892] ? __local_bh_enable_ip+0x15a/0x270 [ 188.458459][ T7892] ? lock_downgrade+0x880/0x880 [ 188.463320][ T7892] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 188.469578][ T7892] ? kasan_check_read+0x11/0x20 [ 188.474441][ T7892] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 188.480719][ T7892] ? sctp_hash_transport+0x10b/0x18d0 [ 188.486119][ T7892] ? memcpy+0x46/0x50 [ 188.490125][ T7892] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 188.496375][ T7892] ? sctp_assoc_set_primary+0x274/0x310 [ 188.501934][ T7892] sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 188.507659][ T7892] __sctp_connect+0x8cd/0xce0 [ 188.512537][ T7892] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 188.518095][ T7892] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 188.524457][ T7892] ? sctp_get_port+0x10e/0x180 [ 188.529232][ T7892] ? sctp_get_port_local+0x16e0/0x16e0 [ 188.534707][ T7892] ? __local_bh_enable_ip+0x15a/0x270 [ 188.540095][ T7892] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 188.546092][ T7892] sctp_inet_connect+0x2a2/0x350 [ 188.551054][ T7892] __sys_connect+0x266/0x330 [ 188.555674][ T7892] ? __ia32_sys_accept+0xb0/0xb0 [ 188.560618][ T7892] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 188.566873][ T7892] ? put_timespec64+0xda/0x140 [ 188.571658][ T7892] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 188.577134][ T7892] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 188.582596][ T7892] ? do_syscall_64+0x26/0x610 [ 188.587280][ T7892] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 188.593356][ T7892] ? do_syscall_64+0x26/0x610 [ 188.598052][ T7892] __x64_sys_connect+0x73/0xb0 [ 188.602917][ T7892] do_syscall_64+0x103/0x610 [ 188.607524][ T7892] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 188.613418][ T7892] RIP: 0033:0x4582b9 [ 188.617318][ T7892] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 188.636934][ T7892] RSP: 002b:00007fe2106dbc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 188.645356][ T7892] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 188.653338][ T7892] RDX: 000000000000001c RSI: 0000000020000200 RDI: 0000000000000005 [ 188.661318][ T7892] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 188.669297][ T7892] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe2106dc6d4 [ 188.677275][ T7892] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff [ 188.732146][ T7816] 8021q: adding VLAN 0 to HW filter on device bond0 [ 188.778662][ T7816] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.796401][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 188.804129][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 188.844844][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 188.853706][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 188.876029][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.883108][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.891711][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 188.900406][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 188.909725][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.916826][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.924519][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 188.933952][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 188.952597][ T7822] 8021q: adding VLAN 0 to HW filter on device bond0 [ 188.988899][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 189.002321][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 189.011808][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 189.022176][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 189.035933][ T7817] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 189.047846][ T7817] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.056923][ T7817] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 189.065324][ T7817] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 189.073375][ T7817] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 189.081675][ T7817] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 189.093076][ T7816] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 189.105821][ T7822] 8021q: adding VLAN 0 to HW filter on device team0 [ 189.114443][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 189.126407][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 189.134070][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.142789][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.151414][ T2990] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.158605][ T2990] bridge0: port 1(bridge_slave_0) entered forwarding state [ 189.177477][ T7816] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 189.185420][ T7823] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 189.193150][ T7823] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 189.201877][ T7823] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 189.210644][ T7823] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.217730][ T7823] bridge0: port 2(bridge_slave_1) entered forwarding state [ 189.237682][ T7817] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 189.246665][ T7817] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 189.266919][ T7823] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 189.275936][ T7823] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 189.284792][ T7823] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 189.293113][ T7823] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.301800][ T7823] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 189.310366][ T7823] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 189.319051][ T7823] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 189.327728][ T7823] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 189.338049][ T7823] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 189.348405][ T7822] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 189.397386][ T7822] 8021q: adding VLAN 0 to HW filter on device batadv0 21:24:21 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80003, 0x1) openat$pfkey(0xffffffffffffff9c, 0x0, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendmmsg(r0, &(0x7f0000000c40)=[{{0x0, 0x0, &(0x7f00000009c0)}}], 0x1, 0x0) 21:24:21 executing program 3: r0 = socket$inet6(0xa, 0x80003, 0x1) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendmmsg(r0, &(0x7f0000000c40)=[{{0x0, 0xc000002000000000, &(0x7f00000009c0), 0x102, &(0x7f00000000c0)}}], 0x40000000000026a, 0x0) 21:24:21 executing program 2: openat$full(0xffffffffffffff9c, &(0x7f0000000180)='/dev/full\x00', 0x80040, 0x0) ioctl$EVIOCGABS0(0xffffffffffffffff, 0x80184540, 0x0) socket$bt_cmtp(0x1f, 0x3, 0x5) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000000)=0xfffffffffffffc51) r0 = socket$kcm(0x29, 0x2, 0x0) recvmsg$kcm(r0, 0x0, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000012c0)={0x51, 0x0, 0x0, {0x8, 0x5}, {0x5}, @period={0x5c, 0x649, 0x2a9, 0xfffffffffffffffd, 0x7, {0xffffffffffffff7f, 0x3, 0x517, 0x8d}, 0x0, 0x0}}) ioctl$TIOCMBIC(0xffffffffffffffff, 0x5417, &(0x7f0000000080)=0x3) fcntl$lock(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(0xffffffffffffffff, &(0x7f0000000480)={0x4, 0x8}, 0x10) ioctl$VIDIOC_SUBDEV_S_SELECTION(0xffffffffffffffff, 0xc040563e, &(0x7f0000000100)={0x0, 0x0, 0x103, 0x6, {0x9, 0x10001, 0x9, 0x7}}) write$FUSE_WRITE(0xffffffffffffffff, 0x0, 0x0) openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x20601, 0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, &(0x7f00000007c0)={0x0}, 0x0) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f00000000c0)={r2, 0x97d}, &(0x7f0000000140)=0x8) r3 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) fcntl$getownex(r3, 0x10, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$FUSE_CREATE_OPEN(r1, &(0x7f00000005c0)={0xa0, 0x0, 0x5, {{0x5, 0x0, 0x0, 0x0, 0x0, 0xfff, {0x5, 0x0, 0x807c, 0x6, 0x0, 0x2, 0x0, 0x0, 0xcb1}}}}, 0xa0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000740)={[{0x5, 0x401, 0x0, 0x0, 0x8, 0x41ce, 0x2be, 0x0, 0xc3f9, 0x7, 0x6, 0x401, 0x6}, {0xffff, 0x7e, 0x1, 0x7fffffff, 0x7, 0xffffffff, 0x0, 0x1, 0x4, 0x0, 0x1, 0x0, 0x9}, {0x2a9c, 0x101, 0x251, 0x8000, 0x1, 0xda0, 0xc49, 0x9, 0x5, 0xffff, 0x0, 0x2, 0x3}]}) r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000500)='nbd\x00') sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000540)={&(0x7f0000000680)={0x44, r4, 0x200, 0x70bd27, 0x25dfdbfb, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc}, @NBD_ATTR_TIMEOUT={0xc}, @NBD_ATTR_SERVER_FLAGS={0xc}, @NBD_ATTR_SERVER_FLAGS={0xc}]}, 0x44}}, 0x0) close(0xffffffffffffffff) 21:24:21 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9) r0 = socket(0x11, 0x802, 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'team0\x00\n\x00L\xff\xff\xff\xc3`\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000240)={'team0\x00\xfd\xff\xff\xff\xc0\x00\x03\x00\x02\xff', 0x4bfd}) 21:24:21 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000003fe8)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$inet6_opts(r2, 0x29, 0x4, 0x0, 0x0) close(r2) close(r1) 21:24:21 executing program 5: sched_setattr(0x0, 0x0, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={[], 0x0, 0xbd, 0x279d}) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) [ 189.525901][ T7908] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7908 [ 189.535715][ T7908] caller is ip6_finish_output+0x335/0xdc0 [ 189.541475][ T7908] CPU: 0 PID: 7908 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 189.550523][ T7908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 189.550539][ T7908] Call Trace: [ 189.550566][ T7908] dump_stack+0x172/0x1f0 [ 189.550593][ T7908] __this_cpu_preempt_check+0x246/0x270 [ 189.550615][ T7908] ip6_finish_output+0x335/0xdc0 [ 189.550638][ T7908] ip6_output+0x235/0x7f0 [ 189.550658][ T7908] ? ip6_finish_output+0xdc0/0xdc0 [ 189.550677][ T7908] ? ip6_fragment+0x3980/0x3980 [ 189.550694][ T7908] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 189.550713][ T7908] ip6_local_out+0xc4/0x1b0 [ 189.550733][ T7908] ip6_send_skb+0xbb/0x350 [ 189.550757][ T7908] ip6_push_pending_frames+0xc8/0xf0 [ 189.550777][ T7908] rawv6_sendmsg+0x299c/0x35e0 [ 189.550803][ T7908] ? rawv6_getsockopt+0x150/0x150 [ 189.550820][ T7908] ? aa_profile_af_perm+0x320/0x320 [ 189.563220][ T7916] device team0 entered promiscuous mode [ 189.564285][ T7908] ? _copy_from_user+0xdd/0x150 [ 189.564305][ T7908] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 189.564323][ T7908] ? rw_copy_check_uvector+0x2a6/0x330 [ 189.564349][ T7908] ? ___might_sleep+0x163/0x280 [ 189.564368][ T7908] ? __might_sleep+0x95/0x190 [ 189.564397][ T7908] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 189.568911][ T7916] device team_slave_0 entered promiscuous mode [ 189.574253][ T7908] inet_sendmsg+0x147/0x5e0 [ 189.574269][ T7908] ? rawv6_getsockopt+0x150/0x150 [ 189.574280][ T7908] ? inet_sendmsg+0x147/0x5e0 [ 189.574294][ T7908] ? ipip_gro_receive+0x100/0x100 [ 189.574312][ T7908] sock_sendmsg+0xdd/0x130 [ 189.574330][ T7908] ___sys_sendmsg+0x3e2/0x930 [ 189.574349][ T7908] ? copy_msghdr_from_user+0x430/0x430 [ 189.574370][ T7908] ? lock_downgrade+0x880/0x880 [ 189.574395][ T7908] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 189.585065][ T7916] device team_slave_1 entered promiscuous mode [ 189.588741][ T7908] ? kasan_check_read+0x11/0x20 [ 189.588763][ T7908] ? __fget+0x381/0x550 [ 189.588784][ T7908] ? ksys_dup3+0x3e0/0x3e0 [ 189.588805][ T7908] ? find_held_lock+0x35/0x130 [ 189.603684][ T7908] ? __fget_light+0x1a9/0x230 [ 189.623119][ T7908] ? __fdget+0x1b/0x20 [ 189.623136][ T7908] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 189.623154][ T7908] ? sockfd_lookup_light+0xcb/0x180 [ 189.623170][ T7908] __sys_sendmmsg+0x1bf/0x4d0 [ 189.623189][ T7908] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 189.632776][ T7916] 8021q: adding VLAN 0 to HW filter on device team0 21:24:21 executing program 2: futex(&(0x7f000000cffc)=0x4, 0xb, 0x4, &(0x7f0000000240)={0x77359400}, &(0x7f0000048000), 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r0, 0x16) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) [ 189.633923][ T7908] ? _copy_to_user+0xc9/0x120 [ 189.633944][ T7908] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 189.633958][ T7908] ? put_timespec64+0xda/0x140 [ 189.633974][ T7908] ? nsecs_to_jiffies+0x30/0x30 [ 189.634001][ T7908] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 189.680732][ T7908] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 189.680750][ T7908] ? do_syscall_64+0x26/0x610 [ 189.680766][ T7908] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.680787][ T7908] ? do_syscall_64+0x26/0x610 [ 189.722232][ T7908] __x64_sys_sendmmsg+0x9d/0x100 [ 189.722254][ T7908] do_syscall_64+0x103/0x610 [ 189.722274][ T7908] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.722293][ T7908] RIP: 0033:0x4582b9 [ 189.722307][ T7908] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 189.722314][ T7908] RSP: 002b:00007f5c0c2a4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 189.722327][ T7908] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 189.770761][ T7908] RDX: 040000000000026a RSI: 0000000020000c40 RDI: 0000000000000003 [ 189.792986][ T7908] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 189.792996][ T7908] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5c0c2a56d4 [ 189.793005][ T7908] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 189.925791][ T7924] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/7924 [ 189.936169][ T7924] caller is ip6_finish_output+0x335/0xdc0 [ 189.937553][ T7908] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7908 [ 189.942032][ T7924] CPU: 0 PID: 7924 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 189.951351][ T7908] caller is ip6_finish_output+0x335/0xdc0 [ 189.960480][ T7924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 189.960486][ T7924] Call Trace: [ 189.960508][ T7924] dump_stack+0x172/0x1f0 [ 189.960530][ T7924] __this_cpu_preempt_check+0x246/0x270 [ 189.960555][ T7924] ip6_finish_output+0x335/0xdc0 [ 189.994383][ T7924] ip6_output+0x235/0x7f0 [ 189.998723][ T7924] ? ip6_finish_output+0xdc0/0xdc0 [ 190.003844][ T7924] ? ip6_fragment+0x3980/0x3980 [ 190.008701][ T7924] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 190.014258][ T7924] ip6_local_out+0xc4/0x1b0 [ 190.018764][ T7924] ip6_send_skb+0xbb/0x350 [ 190.023188][ T7924] ip6_push_pending_frames+0xc8/0xf0 [ 190.028477][ T7924] rawv6_sendmsg+0x299c/0x35e0 [ 190.033254][ T7924] ? rawv6_getsockopt+0x150/0x150 [ 190.038276][ T7924] ? aa_profile_af_perm+0x320/0x320 [ 190.043476][ T7924] ? find_held_lock+0x35/0x130 [ 190.048248][ T7924] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.054486][ T7924] ? rw_copy_check_uvector+0x2a6/0x330 [ 190.059945][ T7924] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.065413][ T7924] ? lockdep_hardirqs_on+0x418/0x5d0 [ 190.070719][ T7924] ? ___might_sleep+0x163/0x280 [ 190.075570][ T7924] ? __might_sleep+0x95/0x190 [ 190.080262][ T7924] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 190.085809][ T7924] inet_sendmsg+0x147/0x5e0 [ 190.090316][ T7924] ? rawv6_getsockopt+0x150/0x150 [ 190.095336][ T7924] ? inet_sendmsg+0x147/0x5e0 [ 190.100015][ T7924] ? ipip_gro_receive+0x100/0x100 [ 190.105038][ T7924] sock_sendmsg+0xdd/0x130 [ 190.109459][ T7924] ___sys_sendmsg+0x3e2/0x930 [ 190.114142][ T7924] ? copy_msghdr_from_user+0x430/0x430 [ 190.119604][ T7924] ? lock_downgrade+0x880/0x880 [ 190.124463][ T7924] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 190.130707][ T7924] ? kasan_check_read+0x11/0x20 [ 190.135564][ T7924] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.141023][ T7924] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.146478][ T7924] ? lockdep_hardirqs_on+0x418/0x5d0 [ 190.151766][ T7924] ? retint_kernel+0x2d/0x2d [ 190.156361][ T7924] ? trace_hardirqs_on_caller+0x6a/0x220 [ 190.161997][ T7924] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.167460][ T7924] ? retint_kernel+0x2d/0x2d [ 190.172057][ T7924] ? __sys_sendmmsg+0x15f/0x4d0 [ 190.176927][ T7924] __sys_sendmmsg+0x1bf/0x4d0 [ 190.181611][ T7924] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 190.186635][ T7924] ? lockdep_hardirqs_on+0x418/0x5d0 [ 190.191920][ T7924] ? trace_hardirqs_on+0x67/0x230 [ 190.198081][ T7924] ? __switch_to_asm+0x40/0x70 [ 190.202857][ T7924] ? __schedule+0x81f/0x1cc0 [ 190.207443][ T7924] ? put_timespec64+0xda/0x140 [ 190.212238][ T7924] ? __sched_text_start+0x8/0x8 [ 190.217094][ T7924] ? prepare_exit_to_usermode+0x279/0x2e0 [ 190.222900][ T7924] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.228367][ T7924] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.233824][ T7924] ? do_syscall_64+0x26/0x610 [ 190.238531][ T7924] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.244598][ T7924] ? do_syscall_64+0x26/0x610 [ 190.249277][ T7924] __x64_sys_sendmmsg+0x9d/0x100 [ 190.254216][ T7924] do_syscall_64+0x103/0x610 [ 190.258817][ T7924] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.264710][ T7924] RIP: 0033:0x4582b9 [ 190.268620][ T7924] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 190.288217][ T7924] RSP: 002b:00007f52ccde2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 190.297058][ T7924] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 190.305029][ T7924] RDX: 0000000000000001 RSI: 0000000020000c40 RDI: 0000000000000004 [ 190.312994][ T7924] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 190.320991][ T7924] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f52ccde36d4 21:24:22 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) sendmsg(r0, &(0x7f0000003dc0)={0x0, 0x0, 0x0}, 0x0) [ 190.328977][ T7924] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 190.337058][ T7908] CPU: 1 PID: 7908 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 190.346114][ T7908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 190.356164][ T7908] Call Trace: [ 190.359495][ T7908] dump_stack+0x172/0x1f0 [ 190.363849][ T7908] __this_cpu_preempt_check+0x246/0x270 [ 190.369409][ T7908] ip6_finish_output+0x335/0xdc0 [ 190.374361][ T7908] ip6_output+0x235/0x7f0 [ 190.378699][ T7908] ? ip6_finish_output+0xdc0/0xdc0 [ 190.383829][ T7908] ? ip6_fragment+0x3980/0x3980 [ 190.388698][ T7908] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 190.388720][ T7908] ip6_local_out+0xc4/0x1b0 [ 190.388741][ T7908] ip6_send_skb+0xbb/0x350 [ 190.388765][ T7908] ip6_push_pending_frames+0xc8/0xf0 [ 190.408557][ T7908] rawv6_sendmsg+0x299c/0x35e0 [ 190.413348][ T7908] ? rawv6_getsockopt+0x150/0x150 [ 190.418383][ T7908] ? aa_profile_af_perm+0x320/0x320 [ 190.423578][ T7908] ? find_held_lock+0x35/0x130 [ 190.428348][ T7908] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.434600][ T7908] ? rw_copy_check_uvector+0x2a6/0x330 [ 190.440076][ T7908] ? ___might_sleep+0x163/0x280 [ 190.444929][ T7908] ? __might_sleep+0x95/0x190 [ 190.449616][ T7908] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 190.455163][ T7908] inet_sendmsg+0x147/0x5e0 [ 190.459663][ T7908] ? rawv6_getsockopt+0x150/0x150 [ 190.464690][ T7908] ? inet_sendmsg+0x147/0x5e0 [ 190.469379][ T7908] ? ipip_gro_receive+0x100/0x100 [ 190.474422][ T7908] sock_sendmsg+0xdd/0x130 [ 190.478839][ T7908] ___sys_sendmsg+0x3e2/0x930 [ 190.483524][ T7908] ? copy_msghdr_from_user+0x430/0x430 [ 190.488989][ T7908] ? __lock_acquire+0x548/0x3fb0 [ 190.493924][ T7908] ? lock_downgrade+0x880/0x880 [ 190.498777][ T7908] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 190.505020][ T7908] ? kasan_check_read+0x11/0x20 [ 190.509870][ T7908] ? __might_fault+0x12b/0x1e0 [ 190.514629][ T7908] ? find_held_lock+0x35/0x130 [ 190.519396][ T7908] ? __might_fault+0x12b/0x1e0 [ 190.524170][ T7908] ? lock_downgrade+0x880/0x880 [ 190.529043][ T7908] ? ___might_sleep+0x163/0x280 [ 190.533902][ T7908] __sys_sendmmsg+0x1bf/0x4d0 [ 190.538585][ T7908] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 190.543616][ T7908] ? _copy_to_user+0xc9/0x120 [ 190.548302][ T7908] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.554627][ T7908] ? put_timespec64+0xda/0x140 [ 190.559566][ T7908] ? nsecs_to_jiffies+0x30/0x30 [ 190.564429][ T7908] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.569891][ T7908] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.575348][ T7908] ? do_syscall_64+0x26/0x610 [ 190.580019][ T7908] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.586084][ T7908] ? do_syscall_64+0x26/0x610 [ 190.590768][ T7908] __x64_sys_sendmmsg+0x9d/0x100 [ 190.595706][ T7908] do_syscall_64+0x103/0x610 [ 190.600296][ T7908] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.606197][ T7908] RIP: 0033:0x4582b9 [ 190.610109][ T7908] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 190.629712][ T7908] RSP: 002b:00007f5c0c2a4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 190.638121][ T7908] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 190.646096][ T7908] RDX: 040000000000026a RSI: 0000000020000c40 RDI: 0000000000000003 [ 190.654066][ T7908] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 190.662032][ T7908] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5c0c2a56d4 [ 190.670009][ T7908] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 190.693807][ T7936] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/7936 [ 190.703186][ T7936] caller is ip6_finish_output+0x335/0xdc0 [ 190.708989][ T7936] CPU: 1 PID: 7936 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 190.718191][ T7936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 190.728343][ T7936] Call Trace: [ 190.731653][ T7936] dump_stack+0x172/0x1f0 [ 190.736000][ T7936] __this_cpu_preempt_check+0x246/0x270 [ 190.741555][ T7936] ip6_finish_output+0x335/0xdc0 [ 190.746503][ T7936] ip6_output+0x235/0x7f0 [ 190.750845][ T7936] ? ip6_finish_output+0xdc0/0xdc0 [ 190.755971][ T7936] ? ip6_fragment+0x3980/0x3980 [ 190.760826][ T7936] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 190.766377][ T7936] ip6_local_out+0xc4/0x1b0 [ 190.770890][ T7936] ip6_send_skb+0xbb/0x350 [ 190.775307][ T7936] ip6_push_pending_frames+0xc8/0xf0 [ 190.780595][ T7936] rawv6_sendmsg+0x299c/0x35e0 [ 190.785374][ T7936] ? rawv6_getsockopt+0x150/0x150 [ 190.790487][ T7936] ? aa_profile_af_perm+0x320/0x320 [ 190.795701][ T7936] ? find_held_lock+0x35/0x130 [ 190.800472][ T7936] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.806754][ T7936] ? rw_copy_check_uvector+0x2a6/0x330 [ 190.812242][ T7936] ? ___might_sleep+0x163/0x280 [ 190.817098][ T7936] ? __might_sleep+0x95/0x190 [ 190.822672][ T7936] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 190.828231][ T7936] inet_sendmsg+0x147/0x5e0 [ 190.832744][ T7936] ? rawv6_getsockopt+0x150/0x150 [ 190.837766][ T7936] ? inet_sendmsg+0x147/0x5e0 [ 190.842441][ T7936] ? ipip_gro_receive+0x100/0x100 [ 190.847475][ T7936] sock_sendmsg+0xdd/0x130 [ 190.851892][ T7936] ___sys_sendmsg+0x3e2/0x930 [ 190.856576][ T7936] ? copy_msghdr_from_user+0x430/0x430 [ 190.862034][ T7936] ? lock_downgrade+0x880/0x880 [ 190.866884][ T7936] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 190.873129][ T7936] ? kasan_check_read+0x11/0x20 [ 190.877985][ T7936] ? __fget+0x381/0x550 [ 190.882152][ T7936] ? ksys_dup3+0x3e0/0x3e0 [ 190.886578][ T7936] ? __fget_light+0x1a9/0x230 [ 190.891252][ T7936] ? __fdget+0x1b/0x20 [ 190.895321][ T7936] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.901564][ T7936] ? sockfd_lookup_light+0xcb/0x180 [ 190.906770][ T7936] __sys_sendmmsg+0x1bf/0x4d0 [ 190.911629][ T7936] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 190.916668][ T7936] ? _copy_to_user+0xc9/0x120 [ 190.921357][ T7936] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.927599][ T7936] ? put_timespec64+0xda/0x140 [ 190.932824][ T7936] ? nsecs_to_jiffies+0x30/0x30 [ 190.937699][ T7936] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.943155][ T7936] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.948608][ T7936] ? do_syscall_64+0x26/0x610 [ 190.953484][ T7936] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.959556][ T7936] ? do_syscall_64+0x26/0x610 [ 190.964232][ T7936] __x64_sys_sendmmsg+0x9d/0x100 [ 190.969259][ T7936] do_syscall_64+0x103/0x610 [ 190.973854][ T7936] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.979746][ T7936] RIP: 0033:0x4582b9 [ 190.983638][ T7936] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 191.003238][ T7936] RSP: 002b:00007f52ccda0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 191.011654][ T7936] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 191.019629][ T7936] RDX: 0000000000000001 RSI: 0000000020000c40 RDI: 0000000000000006 [ 191.027593][ T7936] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 191.035561][ T7936] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f52ccda16d4 21:24:22 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x8000000000000001, 0x0, &(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe2000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f0000000500)=0x3001) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 191.043537][ T7936] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff 21:24:22 executing program 0: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='setgroups\x00') preadv(r1, &(0x7f00000017c0), 0x3da, 0x0) 21:24:23 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f00000000c0)={'team_slave_1\x00', @random="01003a1e2410"}) 21:24:23 executing program 0: socket$inet6(0xa, 0x10000000003, 0x6) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") syz_emit_ethernet(0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="5bdfac2350131e70d7fc1b17f2577002dfdd5d6d00002000000000"], 0x0) [ 191.189007][ T7948] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7948 [ 191.198447][ T7948] caller is ip6_finish_output+0x335/0xdc0 [ 191.204279][ T7948] CPU: 1 PID: 7948 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 191.213319][ T7948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 191.223392][ T7948] Call Trace: [ 191.226730][ T7948] dump_stack+0x172/0x1f0 [ 191.231083][ T7948] __this_cpu_preempt_check+0x246/0x270 21:24:23 executing program 0: pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) clone(0x1000001000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u='version=9p2000.u'}]}}) [ 191.236650][ T7948] ip6_finish_output+0x335/0xdc0 [ 191.241606][ T7948] ip6_output+0x235/0x7f0 [ 191.245946][ T7948] ? ip6_finish_output+0xdc0/0xdc0 [ 191.251074][ T7948] ? ip6_fragment+0x3980/0x3980 [ 191.255939][ T7948] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 191.261504][ T7948] ip6_local_out+0xc4/0x1b0 [ 191.266034][ T7948] ip6_send_skb+0xbb/0x350 [ 191.270464][ T7948] ip6_push_pending_frames+0xc8/0xf0 [ 191.275789][ T7948] rawv6_sendmsg+0x299c/0x35e0 [ 191.280565][ T7948] ? rawv6_getsockopt+0x150/0x150 [ 191.285589][ T7948] ? aa_profile_af_perm+0x320/0x320 [ 191.290792][ T7948] ? _copy_from_user+0xdd/0x150 [ 191.295651][ T7948] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 191.301423][ T7948] ? rw_copy_check_uvector+0x2a6/0x330 [ 191.306889][ T7948] ? ___might_sleep+0x163/0x280 [ 191.311742][ T7948] ? __might_sleep+0x95/0x190 [ 191.316526][ T7948] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 191.322083][ T7948] inet_sendmsg+0x147/0x5e0 [ 191.326591][ T7948] ? rawv6_getsockopt+0x150/0x150 [ 191.331608][ T7948] ? inet_sendmsg+0x147/0x5e0 [ 191.336280][ T7948] ? ipip_gro_receive+0x100/0x100 [ 191.341304][ T7948] sock_sendmsg+0xdd/0x130 [ 191.345816][ T7948] ___sys_sendmsg+0x3e2/0x930 [ 191.350492][ T7948] ? copy_msghdr_from_user+0x430/0x430 [ 191.355961][ T7948] ? lock_downgrade+0x880/0x880 [ 191.360816][ T7948] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.367073][ T7948] ? kasan_check_read+0x11/0x20 [ 191.371932][ T7948] ? __fget+0x381/0x550 [ 191.376109][ T7948] ? ksys_dup3+0x3e0/0x3e0 [ 191.380533][ T7948] ? find_held_lock+0x35/0x130 [ 191.385302][ T7948] ? kcov_ioctl+0x53/0x200 [ 191.389824][ T7948] ? __fget_light+0x1a9/0x230 [ 191.394499][ T7948] ? __fdget+0x1b/0x20 [ 191.398577][ T7948] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.404833][ T7948] ? sockfd_lookup_light+0xcb/0x180 [ 191.410205][ T7948] __sys_sendmmsg+0x1bf/0x4d0 [ 191.414889][ T7948] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 191.419925][ T7948] ? _copy_to_user+0xc9/0x120 [ 191.424616][ T7948] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.430856][ T7948] ? put_timespec64+0xda/0x140 [ 191.435638][ T7948] ? nsecs_to_jiffies+0x30/0x30 [ 191.440846][ T7948] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 191.446319][ T7948] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 191.451785][ T7948] ? do_syscall_64+0x26/0x610 [ 191.456485][ T7948] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.462555][ T7948] ? do_syscall_64+0x26/0x610 [ 191.467237][ T7948] __x64_sys_sendmmsg+0x9d/0x100 [ 191.472184][ T7948] do_syscall_64+0x103/0x610 [ 191.476780][ T7948] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.482758][ T7948] RIP: 0033:0x4582b9 [ 191.486657][ T7948] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 191.506344][ T7948] RSP: 002b:00007f5c0c262c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 191.514750][ T7948] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 191.522717][ T7948] RDX: 040000000000026a RSI: 0000000020000c40 RDI: 0000000000000004 [ 191.530707][ T7948] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 191.538729][ T7948] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5c0c2636d4 [ 191.546695][ T7948] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 191.561734][ T7908] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7908 [ 191.571233][ T7908] caller is ip6_finish_output+0x335/0xdc0 [ 191.577035][ T7908] CPU: 0 PID: 7908 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 191.586203][ T7908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 191.593419][ T7948] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7948 [ 191.596609][ T7908] Call Trace: [ 191.596634][ T7908] dump_stack+0x172/0x1f0 [ 191.596657][ T7908] __this_cpu_preempt_check+0x246/0x270 [ 191.596677][ T7908] ip6_finish_output+0x335/0xdc0 [ 191.596699][ T7908] ip6_output+0x235/0x7f0 [ 191.606040][ T7948] caller is ip6_finish_output+0x335/0xdc0 [ 191.609276][ T7908] ? ip6_finish_output+0xdc0/0xdc0 [ 191.639389][ T7908] ? ip6_fragment+0x3980/0x3980 [ 191.644250][ T7908] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 191.649800][ T7908] ip6_local_out+0xc4/0x1b0 [ 191.654319][ T7908] ip6_send_skb+0xbb/0x350 [ 191.658741][ T7908] ip6_push_pending_frames+0xc8/0xf0 [ 191.664026][ T7908] rawv6_sendmsg+0x299c/0x35e0 [ 191.668818][ T7908] ? rawv6_getsockopt+0x150/0x150 [ 191.674024][ T7908] ? aa_profile_af_perm+0x320/0x320 [ 191.679227][ T7908] ? find_held_lock+0x35/0x130 [ 191.683997][ T7908] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.690249][ T7908] ? rw_copy_check_uvector+0x2a6/0x330 [ 191.695720][ T7908] ? ___might_sleep+0x163/0x280 [ 191.700666][ T7908] ? __might_sleep+0x95/0x190 [ 191.705359][ T7908] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 191.710999][ T7908] inet_sendmsg+0x147/0x5e0 [ 191.715502][ T7908] ? rawv6_getsockopt+0x150/0x150 [ 191.720522][ T7908] ? inet_sendmsg+0x147/0x5e0 [ 191.725205][ T7908] ? ipip_gro_receive+0x100/0x100 [ 191.730234][ T7908] sock_sendmsg+0xdd/0x130 [ 191.734653][ T7908] ___sys_sendmsg+0x3e2/0x930 [ 191.739334][ T7908] ? copy_msghdr_from_user+0x430/0x430 [ 191.744798][ T7908] ? __lock_acquire+0x548/0x3fb0 [ 191.749741][ T7908] ? lock_downgrade+0x880/0x880 [ 191.754700][ T7908] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.760945][ T7908] ? kasan_check_read+0x11/0x20 [ 191.765798][ T7908] ? __might_fault+0x12b/0x1e0 [ 191.770563][ T7908] ? find_held_lock+0x35/0x130 [ 191.775346][ T7908] ? __might_fault+0x12b/0x1e0 [ 191.780121][ T7908] ? lock_downgrade+0x880/0x880 [ 191.785240][ T7908] ? ___might_sleep+0x163/0x280 [ 191.790113][ T7908] __sys_sendmmsg+0x1bf/0x4d0 [ 191.794805][ T7908] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 191.800046][ T7908] ? _copy_to_user+0xc9/0x120 [ 191.804732][ T7908] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.810975][ T7908] ? put_timespec64+0xda/0x140 [ 191.815745][ T7908] ? nsecs_to_jiffies+0x30/0x30 [ 191.820697][ T7908] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 191.826217][ T7908] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 191.831680][ T7908] ? do_syscall_64+0x26/0x610 [ 191.836366][ T7908] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.842442][ T7908] ? do_syscall_64+0x26/0x610 [ 191.847130][ T7908] __x64_sys_sendmmsg+0x9d/0x100 [ 191.852075][ T7908] do_syscall_64+0x103/0x610 [ 191.856687][ T7908] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.862578][ T7908] RIP: 0033:0x4582b9 [ 191.866477][ T7908] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 191.886170][ T7908] RSP: 002b:00007f5c0c2a4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 191.894668][ T7908] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 191.903299][ T7908] RDX: 040000000000026a RSI: 0000000020000c40 RDI: 0000000000000003 [ 191.911265][ T7908] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 191.919249][ T7908] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5c0c2a56d4 [ 191.927226][ T7908] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 191.935737][ T7948] CPU: 1 PID: 7948 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 191.944765][ T7948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 191.944771][ T7948] Call Trace: [ 191.944795][ T7948] dump_stack+0x172/0x1f0 [ 191.944817][ T7948] __this_cpu_preempt_check+0x246/0x270 [ 191.944837][ T7948] ip6_finish_output+0x335/0xdc0 [ 191.944859][ T7948] ip6_output+0x235/0x7f0 [ 191.977419][ T7948] ? ip6_finish_output+0xdc0/0xdc0 [ 191.982635][ T7948] ? ip6_fragment+0x3980/0x3980 [ 191.987501][ T7948] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 191.987533][ T7948] ip6_local_out+0xc4/0x1b0 [ 191.987553][ T7948] ip6_send_skb+0xbb/0x350 [ 191.987573][ T7948] ip6_push_pending_frames+0xc8/0xf0 [ 191.987591][ T7948] rawv6_sendmsg+0x299c/0x35e0 [ 191.987615][ T7948] ? rawv6_getsockopt+0x150/0x150 [ 191.987633][ T7948] ? aa_profile_af_perm+0x320/0x320 [ 191.987662][ T7948] ? find_held_lock+0x35/0x130 [ 192.012194][ T7948] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.012213][ T7948] ? rw_copy_check_uvector+0x2a6/0x330 [ 192.012240][ T7948] ? ___might_sleep+0x163/0x280 [ 192.012260][ T7948] ? __might_sleep+0x95/0x190 [ 192.022650][ T7948] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 192.022670][ T7948] inet_sendmsg+0x147/0x5e0 [ 192.022693][ T7948] ? rawv6_getsockopt+0x150/0x150 [ 192.054162][ T7948] ? inet_sendmsg+0x147/0x5e0 [ 192.054178][ T7948] ? ipip_gro_receive+0x100/0x100 [ 192.054197][ T7948] sock_sendmsg+0xdd/0x130 [ 192.054215][ T7948] ___sys_sendmsg+0x3e2/0x930 [ 192.054234][ T7948] ? copy_msghdr_from_user+0x430/0x430 [ 192.054262][ T7948] ? __lock_acquire+0x548/0x3fb0 [ 192.068468][ T7948] ? lock_downgrade+0x880/0x880 [ 192.068485][ T7948] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.068505][ T7948] ? kasan_check_read+0x11/0x20 [ 192.068525][ T7948] ? __might_fault+0x12b/0x1e0 [ 192.068544][ T7948] ? find_held_lock+0x35/0x130 [ 192.077960][ T7948] ? __might_fault+0x12b/0x1e0 [ 192.077983][ T7948] ? lock_downgrade+0x880/0x880 [ 192.078007][ T7948] ? ___might_sleep+0x163/0x280 [ 192.078027][ T7948] __sys_sendmmsg+0x1bf/0x4d0 [ 192.093088][ T7948] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 192.113765][ T7948] ? _copy_to_user+0xc9/0x120 [ 192.113787][ T7948] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.113812][ T7948] ? put_timespec64+0xda/0x140 [ 192.123360][ T7948] ? nsecs_to_jiffies+0x30/0x30 [ 192.123387][ T7948] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.123412][ T7948] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.174103][ T7948] ? do_syscall_64+0x26/0x610 [ 192.178786][ T7948] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.184846][ T7948] ? do_syscall_64+0x26/0x610 [ 192.189522][ T7948] __x64_sys_sendmmsg+0x9d/0x100 [ 192.194467][ T7948] do_syscall_64+0x103/0x610 [ 192.199094][ T7948] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.204984][ T7948] RIP: 0033:0x4582b9 [ 192.208881][ T7948] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 192.228486][ T7948] RSP: 002b:00007f5c0c262c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 192.236894][ T7948] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 192.244888][ T7948] RDX: 040000000000026a RSI: 0000000020000c40 RDI: 0000000000000004 [ 192.252853][ T7948] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 192.260914][ T7948] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5c0c2636d4 [ 192.268877][ T7948] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 192.330200][ T7908] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7908 [ 192.339747][ T7908] caller is ip6_finish_output+0x335/0xdc0 [ 192.345724][ T7908] CPU: 0 PID: 7908 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 192.354747][ T7908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 192.364808][ T7908] Call Trace: [ 192.364840][ T7908] dump_stack+0x172/0x1f0 [ 192.364864][ T7908] __this_cpu_preempt_check+0x246/0x270 [ 192.378357][ T7908] ip6_finish_output+0x335/0xdc0 [ 192.383485][ T7908] ip6_output+0x235/0x7f0 [ 192.387841][ T7908] ? ip6_finish_output+0xdc0/0xdc0 [ 192.392954][ T7908] ? ip6_fragment+0x3980/0x3980 [ 192.397805][ T7908] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 192.403359][ T7908] ip6_local_out+0xc4/0x1b0 [ 192.407866][ T7908] ip6_send_skb+0xbb/0x350 [ 192.412286][ T7908] ip6_push_pending_frames+0xc8/0xf0 [ 192.417570][ T7908] rawv6_sendmsg+0x299c/0x35e0 [ 192.422345][ T7908] ? rawv6_getsockopt+0x150/0x150 [ 192.427373][ T7908] ? aa_profile_af_perm+0x320/0x320 [ 192.432580][ T7908] ? find_held_lock+0x35/0x130 [ 192.437527][ T7908] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.443771][ T7908] ? rw_copy_check_uvector+0x2a6/0x330 [ 192.449242][ T7908] ? ___might_sleep+0x163/0x280 [ 192.454098][ T7908] ? __might_sleep+0x95/0x190 [ 192.458786][ T7908] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 192.464338][ T7908] inet_sendmsg+0x147/0x5e0 [ 192.468855][ T7908] ? rawv6_getsockopt+0x150/0x150 [ 192.473901][ T7908] ? inet_sendmsg+0x147/0x5e0 [ 192.478581][ T7908] ? ipip_gro_receive+0x100/0x100 [ 192.483605][ T7908] sock_sendmsg+0xdd/0x130 [ 192.488025][ T7908] ___sys_sendmsg+0x3e2/0x930 [ 192.492704][ T7908] ? copy_msghdr_from_user+0x430/0x430 [ 192.498166][ T7908] ? __lock_acquire+0x548/0x3fb0 [ 192.503103][ T7908] ? lock_downgrade+0x880/0x880 [ 192.507952][ T7908] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.514201][ T7908] ? kasan_check_read+0x11/0x20 [ 192.519054][ T7908] ? __might_fault+0x12b/0x1e0 [ 192.523823][ T7908] ? find_held_lock+0x35/0x130 [ 192.528591][ T7908] ? __might_fault+0x12b/0x1e0 [ 192.533373][ T7908] ? lock_downgrade+0x880/0x880 [ 192.538325][ T7908] ? ___might_sleep+0x163/0x280 [ 192.543175][ T7908] __sys_sendmmsg+0x1bf/0x4d0 [ 192.547941][ T7908] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 192.553064][ T7908] ? _copy_to_user+0xc9/0x120 [ 192.557746][ T7908] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.563999][ T7908] ? put_timespec64+0xda/0x140 [ 192.568764][ T7908] ? nsecs_to_jiffies+0x30/0x30 [ 192.573815][ T7908] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.579280][ T7908] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.584743][ T7908] ? do_syscall_64+0x26/0x610 [ 192.589427][ T7908] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.595495][ T7908] ? do_syscall_64+0x26/0x610 [ 192.600177][ T7908] __x64_sys_sendmmsg+0x9d/0x100 [ 192.605115][ T7908] do_syscall_64+0x103/0x610 [ 192.609705][ T7908] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.615596][ T7908] RIP: 0033:0x4582b9 [ 192.619514][ T7908] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 192.639138][ T7908] RSP: 002b:00007f5c0c2a4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 192.647588][ T7908] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 192.655642][ T7908] RDX: 040000000000026a RSI: 0000000020000c40 RDI: 0000000000000003 [ 192.663611][ T7908] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 192.671580][ T7908] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5c0c2a56d4 [ 192.679560][ T7908] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 192.717849][ T7948] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7948 [ 192.727341][ T7948] caller is ip6_finish_output+0x335/0xdc0 [ 192.733073][ T7948] CPU: 1 PID: 7948 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 192.742089][ T7948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 192.752140][ T7948] Call Trace: [ 192.755442][ T7948] dump_stack+0x172/0x1f0 [ 192.759783][ T7948] __this_cpu_preempt_check+0x246/0x270 [ 192.765339][ T7948] ip6_finish_output+0x335/0xdc0 [ 192.770280][ T7948] ip6_output+0x235/0x7f0 [ 192.774619][ T7948] ? ip6_finish_output+0xdc0/0xdc0 [ 192.779731][ T7948] ? ip6_fragment+0x3980/0x3980 [ 192.784584][ T7948] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 192.790151][ T7948] ip6_local_out+0xc4/0x1b0 [ 192.794661][ T7948] ip6_send_skb+0xbb/0x350 [ 192.799086][ T7948] ip6_push_pending_frames+0xc8/0xf0 [ 192.804372][ T7948] rawv6_sendmsg+0x299c/0x35e0 [ 192.809152][ T7948] ? rawv6_getsockopt+0x150/0x150 [ 192.814357][ T7948] ? aa_profile_af_perm+0x320/0x320 [ 192.819567][ T7948] ? find_held_lock+0x35/0x130 [ 192.824987][ T7948] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.831225][ T7948] ? rw_copy_check_uvector+0x2a6/0x330 [ 192.836718][ T7948] ? ___might_sleep+0x163/0x280 [ 192.841582][ T7948] ? __might_sleep+0x95/0x190 [ 192.846280][ T7948] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 192.851827][ T7948] inet_sendmsg+0x147/0x5e0 [ 192.856596][ T7948] ? rawv6_getsockopt+0x150/0x150 [ 192.861618][ T7948] ? inet_sendmsg+0x147/0x5e0 [ 192.866390][ T7948] ? ipip_gro_receive+0x100/0x100 [ 192.871413][ T7948] sock_sendmsg+0xdd/0x130 [ 192.875835][ T7948] ___sys_sendmsg+0x3e2/0x930 [ 192.880530][ T7948] ? copy_msghdr_from_user+0x430/0x430 [ 192.885989][ T7948] ? __lock_acquire+0x548/0x3fb0 [ 192.890921][ T7948] ? lock_downgrade+0x880/0x880 [ 192.895768][ T7948] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.902071][ T7948] ? kasan_check_read+0x11/0x20 [ 192.907011][ T7948] ? __might_fault+0x12b/0x1e0 [ 192.911790][ T7948] ? find_held_lock+0x35/0x130 [ 192.916574][ T7948] ? __might_fault+0x12b/0x1e0 [ 192.921364][ T7948] ? lock_downgrade+0x880/0x880 [ 192.926228][ T7948] ? ___might_sleep+0x163/0x280 [ 192.931604][ T7948] __sys_sendmmsg+0x1bf/0x4d0 [ 192.936288][ T7948] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 192.941321][ T7948] ? _copy_to_user+0xc9/0x120 [ 192.946010][ T7948] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.952251][ T7948] ? put_timespec64+0xda/0x140 [ 192.957016][ T7948] ? nsecs_to_jiffies+0x30/0x30 [ 192.961876][ T7948] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.967339][ T7948] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.972798][ T7948] ? do_syscall_64+0x26/0x610 [ 192.977481][ T7948] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.983557][ T7948] ? do_syscall_64+0x26/0x610 [ 192.988259][ T7948] __x64_sys_sendmmsg+0x9d/0x100 [ 192.993289][ T7948] do_syscall_64+0x103/0x610 [ 192.997937][ T7948] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.003824][ T7948] RIP: 0033:0x4582b9 [ 193.007727][ T7948] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 193.027335][ T7948] RSP: 002b:00007f5c0c262c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 193.035746][ T7948] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 193.043803][ T7948] RDX: 040000000000026a RSI: 0000000020000c40 RDI: 0000000000000004 [ 193.051783][ T7948] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 193.059759][ T7948] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5c0c2636d4 [ 193.067731][ T7948] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 193.093067][ T7908] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7908 [ 193.102655][ T7908] caller is ip6_finish_output+0x335/0xdc0 [ 193.102676][ T7908] CPU: 0 PID: 7908 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 193.117560][ T7908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 193.117566][ T7908] Call Trace: [ 193.117589][ T7908] dump_stack+0x172/0x1f0 [ 193.117613][ T7908] __this_cpu_preempt_check+0x246/0x270 [ 193.117633][ T7908] ip6_finish_output+0x335/0xdc0 [ 193.117655][ T7908] ip6_output+0x235/0x7f0 [ 193.131012][ T7908] ? ip6_finish_output+0xdc0/0xdc0 [ 193.131033][ T7908] ? ip6_fragment+0x3980/0x3980 [ 193.131055][ T7908] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 193.140908][ T7908] ip6_local_out+0xc4/0x1b0 [ 193.140930][ T7908] ip6_send_skb+0xbb/0x350 [ 193.140951][ T7908] ip6_push_pending_frames+0xc8/0xf0 [ 193.150191][ T7908] rawv6_sendmsg+0x299c/0x35e0 [ 193.150224][ T7908] ? rawv6_getsockopt+0x150/0x150 [ 193.189657][ T7908] ? aa_profile_af_perm+0x320/0x320 [ 193.194862][ T7908] ? find_held_lock+0x35/0x130 [ 193.199628][ T7908] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 193.205954][ T7908] ? rw_copy_check_uvector+0x2a6/0x330 [ 193.211424][ T7908] ? ___might_sleep+0x163/0x280 [ 193.216278][ T7908] ? __might_sleep+0x95/0x190 [ 193.220966][ T7908] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 193.226513][ T7908] inet_sendmsg+0x147/0x5e0 [ 193.231021][ T7908] ? rawv6_getsockopt+0x150/0x150 [ 193.236040][ T7908] ? inet_sendmsg+0x147/0x5e0 [ 193.240715][ T7908] ? ipip_gro_receive+0x100/0x100 [ 193.245739][ T7908] sock_sendmsg+0xdd/0x130 [ 193.250161][ T7908] ___sys_sendmsg+0x3e2/0x930 [ 193.254854][ T7908] ? copy_msghdr_from_user+0x430/0x430 [ 193.260430][ T7908] ? __lock_acquire+0x548/0x3fb0 [ 193.265364][ T7908] ? lock_downgrade+0x880/0x880 [ 193.270211][ T7908] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.276460][ T7908] ? kasan_check_read+0x11/0x20 [ 193.281309][ T7908] ? __might_fault+0x12b/0x1e0 [ 193.286096][ T7908] ? find_held_lock+0x35/0x130 [ 193.290874][ T7908] ? __might_fault+0x12b/0x1e0 [ 193.295647][ T7908] ? lock_downgrade+0x880/0x880 [ 193.300503][ T7908] ? ___might_sleep+0x163/0x280 [ 193.305379][ T7908] __sys_sendmmsg+0x1bf/0x4d0 [ 193.310319][ T7908] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 193.315355][ T7908] ? _copy_to_user+0xc9/0x120 [ 193.320036][ T7908] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 193.326274][ T7908] ? put_timespec64+0xda/0x140 [ 193.331031][ T7908] ? nsecs_to_jiffies+0x30/0x30 [ 193.335890][ T7908] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 193.341349][ T7908] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 193.346833][ T7908] ? do_syscall_64+0x26/0x610 [ 193.351507][ T7908] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.357573][ T7908] ? do_syscall_64+0x26/0x610 [ 193.362249][ T7908] __x64_sys_sendmmsg+0x9d/0x100 [ 193.367193][ T7908] do_syscall_64+0x103/0x610 [ 193.371963][ T7908] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.377856][ T7908] RIP: 0033:0x4582b9 [ 193.381748][ T7908] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 193.401356][ T7908] RSP: 002b:00007f5c0c2a4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 193.409770][ T7908] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 193.417740][ T7908] RDX: 040000000000026a RSI: 0000000020000c40 RDI: 0000000000000003 [ 193.425704][ T7908] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 193.433670][ T7908] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5c0c2a56d4 [ 193.441637][ T7908] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 193.450314][ T7948] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7948 [ 193.460732][ T7948] caller is ip6_finish_output+0x335/0xdc0 [ 193.466510][ T7948] CPU: 1 PID: 7948 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 193.475711][ T7948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 193.485943][ T7948] Call Trace: [ 193.489248][ T7948] dump_stack+0x172/0x1f0 [ 193.493602][ T7948] __this_cpu_preempt_check+0x246/0x270 [ 193.499155][ T7948] ip6_finish_output+0x335/0xdc0 [ 193.504096][ T7948] ip6_output+0x235/0x7f0 [ 193.508429][ T7948] ? ip6_finish_output+0xdc0/0xdc0 [ 193.513538][ T7948] ? ip6_fragment+0x3980/0x3980 [ 193.518388][ T7948] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 193.523946][ T7948] ip6_local_out+0xc4/0x1b0 [ 193.528452][ T7948] ip6_send_skb+0xbb/0x350 [ 193.532872][ T7948] ip6_push_pending_frames+0xc8/0xf0 [ 193.538188][ T7948] rawv6_sendmsg+0x299c/0x35e0 [ 193.542992][ T7948] ? rawv6_getsockopt+0x150/0x150 [ 193.548018][ T7948] ? aa_profile_af_perm+0x320/0x320 [ 193.553217][ T7948] ? find_held_lock+0x35/0x130 [ 193.557980][ T7948] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 193.564225][ T7948] ? rw_copy_check_uvector+0x2a6/0x330 [ 193.569690][ T7948] ? ___might_sleep+0x163/0x280 [ 193.574551][ T7948] ? __might_sleep+0x95/0x190 [ 193.579241][ T7948] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 193.584792][ T7948] inet_sendmsg+0x147/0x5e0 [ 193.589296][ T7948] ? rawv6_getsockopt+0x150/0x150 [ 193.594331][ T7948] ? inet_sendmsg+0x147/0x5e0 [ 193.594771][ T7908] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7908 [ 193.599015][ T7948] ? ipip_gro_receive+0x100/0x100 [ 193.599035][ T7948] sock_sendmsg+0xdd/0x130 [ 193.599053][ T7948] ___sys_sendmsg+0x3e2/0x930 [ 193.599075][ T7948] ? copy_msghdr_from_user+0x430/0x430 [ 193.608420][ T7908] caller is ip6_finish_output+0x335/0xdc0 [ 193.613369][ T7948] ? __lock_acquire+0x548/0x3fb0 [ 193.638484][ T7948] ? lock_downgrade+0x880/0x880 [ 193.643361][ T7948] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.649607][ T7948] ? kasan_check_read+0x11/0x20 [ 193.654465][ T7948] ? __might_fault+0x12b/0x1e0 [ 193.659230][ T7948] ? find_held_lock+0x35/0x130 [ 193.663995][ T7948] ? __might_fault+0x12b/0x1e0 [ 193.668763][ T7948] ? lock_downgrade+0x880/0x880 [ 193.673620][ T7948] ? ___might_sleep+0x163/0x280 [ 193.678474][ T7948] __sys_sendmmsg+0x1bf/0x4d0 [ 193.683166][ T7948] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 193.688219][ T7948] ? _copy_to_user+0xc9/0x120 [ 193.692901][ T7948] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 193.699140][ T7948] ? put_timespec64+0xda/0x140 [ 193.703903][ T7948] ? nsecs_to_jiffies+0x30/0x30 [ 193.708762][ T7948] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 193.714222][ T7948] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 193.719690][ T7948] ? do_syscall_64+0x26/0x610 [ 193.724389][ T7948] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.730463][ T7948] ? do_syscall_64+0x26/0x610 [ 193.735144][ T7948] __x64_sys_sendmmsg+0x9d/0x100 [ 193.740280][ T7948] do_syscall_64+0x103/0x610 [ 193.744875][ T7948] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.750763][ T7948] RIP: 0033:0x4582b9 [ 193.754661][ T7948] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 193.774269][ T7948] RSP: 002b:00007f5c0c262c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 193.782678][ T7948] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 193.790737][ T7948] RDX: 040000000000026a RSI: 0000000020000c40 RDI: 0000000000000004 [ 193.798710][ T7948] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 193.806684][ T7948] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5c0c2636d4 [ 193.814661][ T7948] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 193.822666][ T7908] CPU: 0 PID: 7908 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 193.831699][ T7908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 193.841844][ T7908] Call Trace: [ 193.849049][ T7908] dump_stack+0x172/0x1f0 [ 193.853411][ T7908] __this_cpu_preempt_check+0x246/0x270 [ 193.858958][ T7908] ip6_finish_output+0x335/0xdc0 [ 193.863926][ T7908] ip6_output+0x235/0x7f0 [ 193.868264][ T7908] ? ip6_finish_output+0xdc0/0xdc0 [ 193.873386][ T7908] ? ip6_fragment+0x3980/0x3980 [ 193.878243][ T7908] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 193.883808][ T7908] ip6_local_out+0xc4/0x1b0 [ 193.888338][ T7908] ip6_send_skb+0xbb/0x350 [ 193.892757][ T7908] ip6_push_pending_frames+0xc8/0xf0 [ 193.898060][ T7908] rawv6_sendmsg+0x299c/0x35e0 [ 193.902853][ T7908] ? rawv6_getsockopt+0x150/0x150 [ 193.907874][ T7908] ? aa_profile_af_perm+0x320/0x320 [ 193.913073][ T7908] ? find_held_lock+0x35/0x130 [ 193.917839][ T7908] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 193.924075][ T7908] ? rw_copy_check_uvector+0x2a6/0x330 [ 193.930002][ T7908] ? ___might_sleep+0x163/0x280 [ 193.934866][ T7908] ? __might_sleep+0x95/0x190 [ 193.939556][ T7908] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 193.945103][ T7908] inet_sendmsg+0x147/0x5e0 [ 193.949606][ T7908] ? rawv6_getsockopt+0x150/0x150 [ 193.954623][ T7908] ? inet_sendmsg+0x147/0x5e0 [ 193.959294][ T7908] ? ipip_gro_receive+0x100/0x100 [ 193.964424][ T7908] sock_sendmsg+0xdd/0x130 [ 193.968858][ T7908] ___sys_sendmsg+0x3e2/0x930 [ 193.973708][ T7908] ? copy_msghdr_from_user+0x430/0x430 [ 193.979347][ T7908] ? __lock_acquire+0x548/0x3fb0 [ 193.984288][ T7908] ? lock_downgrade+0x880/0x880 [ 193.989139][ T7908] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.995388][ T7908] ? kasan_check_read+0x11/0x20 [ 194.000240][ T7908] ? __might_fault+0x12b/0x1e0 [ 194.005090][ T7908] ? find_held_lock+0x35/0x130 [ 194.009856][ T7908] ? __might_fault+0x12b/0x1e0 [ 194.015161][ T7908] ? lock_downgrade+0x880/0x880 [ 194.020017][ T7908] ? ___might_sleep+0x163/0x280 [ 194.024874][ T7908] __sys_sendmmsg+0x1bf/0x4d0 [ 194.029557][ T7908] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 194.034596][ T7908] ? _copy_to_user+0xc9/0x120 [ 194.039273][ T7908] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.045515][ T7908] ? put_timespec64+0xda/0x140 [ 194.050275][ T7908] ? nsecs_to_jiffies+0x30/0x30 [ 194.055154][ T7908] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.060612][ T7908] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.066069][ T7908] ? do_syscall_64+0x26/0x610 [ 194.070744][ T7908] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.076812][ T7908] ? do_syscall_64+0x26/0x610 [ 194.081496][ T7908] __x64_sys_sendmmsg+0x9d/0x100 [ 194.086441][ T7908] do_syscall_64+0x103/0x610 [ 194.091031][ T7908] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.096932][ T7908] RIP: 0033:0x4582b9 [ 194.100821][ T7908] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 194.120426][ T7908] RSP: 002b:00007f5c0c2a4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 194.128841][ T7908] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 194.136809][ T7908] RDX: 040000000000026a RSI: 0000000020000c40 RDI: 0000000000000003 [ 194.144777][ T7908] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 194.152746][ T7908] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5c0c2a56d4 [ 194.160718][ T7908] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 194.186623][ T7908] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7908 [ 194.196338][ T7908] caller is ip6_finish_output+0x335/0xdc0 [ 194.202097][ T7908] CPU: 0 PID: 7908 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 194.211117][ T7908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.221163][ T7908] Call Trace: [ 194.224456][ T7908] dump_stack+0x172/0x1f0 [ 194.228879][ T7908] __this_cpu_preempt_check+0x246/0x270 [ 194.234443][ T7908] ip6_finish_output+0x335/0xdc0 [ 194.239387][ T7908] ip6_output+0x235/0x7f0 [ 194.243731][ T7908] ? ip6_finish_output+0xdc0/0xdc0 [ 194.248850][ T7908] ? ip6_fragment+0x3980/0x3980 [ 194.253710][ T7908] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 194.259259][ T7908] ip6_local_out+0xc4/0x1b0 [ 194.263763][ T7908] ip6_send_skb+0xbb/0x350 [ 194.268180][ T7908] ip6_push_pending_frames+0xc8/0xf0 [ 194.273473][ T7908] rawv6_sendmsg+0x299c/0x35e0 [ 194.278249][ T7908] ? rawv6_getsockopt+0x150/0x150 [ 194.283268][ T7908] ? aa_profile_af_perm+0x320/0x320 [ 194.288468][ T7908] ? find_held_lock+0x35/0x130 [ 194.293231][ T7908] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.299475][ T7908] ? rw_copy_check_uvector+0x2a6/0x330 [ 194.304946][ T7908] ? ___might_sleep+0x163/0x280 [ 194.309796][ T7908] ? __might_sleep+0x95/0x190 [ 194.314593][ T7908] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 194.320319][ T7908] inet_sendmsg+0x147/0x5e0 [ 194.324820][ T7908] ? rawv6_getsockopt+0x150/0x150 [ 194.329850][ T7908] ? inet_sendmsg+0x147/0x5e0 [ 194.334529][ T7908] ? ipip_gro_receive+0x100/0x100 [ 194.339988][ T7908] sock_sendmsg+0xdd/0x130 [ 194.344405][ T7908] ___sys_sendmsg+0x3e2/0x930 [ 194.349090][ T7908] ? copy_msghdr_from_user+0x430/0x430 [ 194.354552][ T7908] ? __lock_acquire+0x548/0x3fb0 [ 194.359493][ T7908] ? lock_downgrade+0x880/0x880 [ 194.364351][ T7908] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.370594][ T7908] ? kasan_check_read+0x11/0x20 [ 194.375447][ T7908] ? __might_fault+0x12b/0x1e0 [ 194.380294][ T7908] ? find_held_lock+0x35/0x130 [ 194.385053][ T7908] ? __might_fault+0x12b/0x1e0 [ 194.389821][ T7908] ? lock_downgrade+0x880/0x880 [ 194.394689][ T7908] ? ___might_sleep+0x163/0x280 [ 194.399545][ T7908] __sys_sendmmsg+0x1bf/0x4d0 [ 194.404227][ T7908] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 194.409266][ T7908] ? _copy_to_user+0xc9/0x120 [ 194.413961][ T7908] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.420210][ T7908] ? put_timespec64+0xda/0x140 [ 194.424976][ T7908] ? nsecs_to_jiffies+0x30/0x30 [ 194.429840][ T7908] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.435301][ T7908] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.440759][ T7908] ? do_syscall_64+0x26/0x610 [ 194.445439][ T7908] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.451588][ T7908] ? do_syscall_64+0x26/0x610 [ 194.456274][ T7908] __x64_sys_sendmmsg+0x9d/0x100 [ 194.461220][ T7908] do_syscall_64+0x103/0x610 [ 194.465812][ T7908] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.471711][ T7908] RIP: 0033:0x4582b9 [ 194.475604][ T7908] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 194.495296][ T7908] RSP: 002b:00007f5c0c2a4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 194.503708][ T7908] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 194.511672][ T7908] RDX: 040000000000026a RSI: 0000000020000c40 RDI: 0000000000000003 [ 194.519639][ T7908] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 194.527696][ T7908] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5c0c2a56d4 [ 194.535662][ T7908] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff 21:24:26 executing program 3: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000180)='/dev/full\x00', 0x80040, 0x0) ioctl$EVIOCGABS0(r0, 0x80184540, &(0x7f0000000880)=""/212) socket$bt_cmtp(0x1f, 0x3, 0x5) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000000)=0xfffffffffffffc51) r1 = socket$kcm(0x29, 0x2, 0x0) recvmsg$kcm(r1, 0x0, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000012c0)={0x51, 0x0, 0x0, {0x8, 0x5}, {0x5}, @period={0x5c, 0x649, 0x2a9, 0xfffffffffffffffd, 0x7, {0xffffffffffffff7f, 0x0, 0x517, 0x8d}, 0x0, 0x0}}) ioctl$TIOCMBIC(0xffffffffffffffff, 0x5417, &(0x7f0000000080)=0x3) fcntl$lock(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0xfffffffffffffe30, 0xfa00, {0x4, &(0x7f0000000400)={0xffffffffffffffff}, 0x13f, 0xb}}, 0xffffffffffffff63) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(0xffffffffffffffff, &(0x7f0000000480)={0x4, 0x8, 0xfa00, {r2}}, 0x10) ioctl$VIDIOC_SUBDEV_S_SELECTION(0xffffffffffffffff, 0xc040563e, &(0x7f0000000100)={0x0, 0x0, 0x103, 0x6, {0x9, 0x10001, 0x9, 0x7}}) write$FUSE_WRITE(0xffffffffffffffff, 0x0, 0x0) openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, 0x0) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x20601, 0x0) syz_genetlink_get_family_id$ipvs(0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r3, 0x84, 0x1a, &(0x7f00000007c0)={0x0, 0x82, "0b790e5ed80eb70b7375f16c643c40ff41fffbeddcb93e4910bb7524fa75fc3bd5de1c6b07ecd47ab622181cd982308a3673d2481abfa98030c3472734ca4adb1a65ccfbcee11d673b0ee4fa8c05b7dd636e055b5d8032cc31c53717721265a10a8ce6e6aaaaff352ea45b03093038b3e90c2829aff4f05a415df9ba4fbd5ee9caad"}, 0x0) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f00000000c0)={r4, 0x97d}, &(0x7f0000000140)=0x8) r5 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) fcntl$getownex(r5, 0x10, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$FUSE_CREATE_OPEN(r3, &(0x7f00000005c0)={0xa0, 0x0, 0x5, {{0x5, 0x0, 0x0, 0x0, 0x0, 0xfff, {0x5, 0x0, 0x807c, 0x6, 0x0, 0x2, 0x0, 0x0, 0xcb1}}}}, 0xa0) ioctl$KVM_SET_PIT(r3, 0x8048ae66, &(0x7f0000000740)={[{0x5, 0x401, 0x0, 0x0, 0x8, 0x41ce, 0x2be, 0x0, 0xc3f9, 0x7, 0x6, 0x401, 0x6}, {0xffff, 0x7e, 0x1, 0x7fffffff, 0x7, 0xffffffff, 0x0, 0x1, 0x4, 0x7e9, 0x1, 0x10001, 0x9}, {0x2a9c, 0x101, 0x251, 0x8000, 0x0, 0xda0, 0xc49, 0x9, 0x5, 0x0, 0x7, 0x2, 0x3}]}) syz_genetlink_get_family_id$nbd(&(0x7f0000000500)='nbd\x00') sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, 0x0}, 0x1) close(r3) name_to_handle_at(r3, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000280)={0xb0, 0x1, "fc986259ec80d7a44f1d6130719db3ca887682dd64939bf7398162b69f29716ae55eae36385f0e4c136804c15aaf3b493fdf30ebacbe3f24f1639b28e95266ad28f0aab75d9bedd99a723b21e65d7db64ab9975aa415cf533b9046f8c3585048914d158a65652045cf5cf6fa6158fcd7509397c1d9fc8c2478d18f16628bf7bef8d38b15040287f429550063532d73b3271cd563bfb7b4490a53d67afad7e073003ca2401b1f2002"}, 0x0, 0x0) 21:24:26 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000180)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(0xffffffffffffffff, 0x40505330, &(0x7f0000000040)={{}, {0x0, 0x3}, 0x2000005, 0x3}) ioctl(r0, 0xffffffffffffffb2, &(0x7f0000000040)) 21:24:26 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0x4) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000356000)=0x1, 0x4) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmsg$nl_netfilter(r0, &(0x7f0000002580)={0x0, 0x0, &(0x7f0000002540)={&(0x7f0000001240)={0x14}, 0x14}, 0x1, 0x0, 0x0, 0x24000044}, 0x1) 21:24:26 executing program 2: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000180)='/dev/full\x00', 0x80040, 0x0) ioctl$EVIOCGABS0(r0, 0x80184540, &(0x7f0000000880)=""/212) socket$bt_cmtp(0x1f, 0x3, 0x5) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000000)=0xfffffffffffffc51) r1 = socket$kcm(0x29, 0x2, 0x0) recvmsg$kcm(r1, 0x0, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000012c0)={0x51, 0x0, 0x0, {0x0, 0x5}, {0x5}, @period={0x5c, 0x649, 0x0, 0xfffffffffffffffd, 0x7, {0xffffffffffffff7f, 0x3, 0x0, 0x8d}, 0x0, 0x0}}) ioctl$TIOCMBIC(0xffffffffffffffff, 0x5417, &(0x7f0000000080)=0x3) fcntl$lock(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x13f, 0xb}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(0xffffffffffffffff, &(0x7f0000000480)={0x4, 0x8}, 0x10) ioctl$VIDIOC_SUBDEV_S_SELECTION(0xffffffffffffffff, 0xc040563e, &(0x7f0000000100)={0x0, 0x0, 0x103, 0x6, {0x9, 0x10001, 0x9}}) write$FUSE_WRITE(0xffffffffffffffff, 0x0, 0x0) openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, 0x0) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x20601, 0x0) syz_genetlink_get_family_id$ipvs(0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r2, 0x84, 0x1a, &(0x7f00000007c0)={0x0, 0x81, "0b790e5ed80eb70b7375f16c643c40ff41fffbeddcb93e4910bb7524fa75fc3bd5de1c6b07ecd47ab622181cd982308a3673d2481abfa98030c3472734ca4adb1a65ccfbcee11d673b0ee4fa8c05b7dd636e055b5d8032cc31c53717721265a10a8ce6e6aaaaff352ea45b03093038b3e90c2829aff4f05a415df9ba4fbd5ee9ca"}, 0x0) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f00000000c0)={r3, 0x97d}, &(0x7f0000000140)=0x8) r4 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) fcntl$getownex(r4, 0x10, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_PIT(r2, 0x8048ae66, &(0x7f0000000740)={[{0x5, 0x401, 0x0, 0x0, 0x0, 0x41ce, 0x0, 0x0, 0xc3f9, 0x7, 0x6, 0x401, 0x6}, {0xffff, 0x7e, 0x1, 0x7fffffff, 0x7, 0xffffffff, 0x0, 0x1, 0x4, 0x7e9, 0x1, 0x10001, 0x9}, {0x2a9c, 0x0, 0x0, 0x8000, 0x1, 0x0, 0xc49, 0x9, 0x5, 0xffff, 0x7, 0x2, 0x3}]}) syz_genetlink_get_family_id$nbd(&(0x7f0000000500)='nbd\x00') close(r2) 21:24:26 executing program 0: pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) clone(0x1000001000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u='version=9p2000.u'}]}}) 21:24:26 executing program 5: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f00000000c0)=@nat={'nat\x00', 0x19, 0x2, 0x138, [0x20000380, 0x0, 0x0, 0x20000528, 0x20000600], 0x0, 0x0, &(0x7f0000000380)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff, 0x1, [{{{0x3, 0x0, 0x0, 'netdevsim0\x00', 'veth1\x00', 'bond_slave_0\x00', 'yam0\x00', @broadcast, [], @dev, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@link_local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x1b0) 21:24:26 executing program 5: openat$full(0xffffffffffffff9c, 0x0, 0x80040, 0x0) socket$bt_cmtp(0x1f, 0x3, 0x5) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000000)=0xfffffffffffffc51) r0 = socket$kcm(0x29, 0x2, 0x0) recvmsg$kcm(r0, 0x0, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000012c0)={0x51, 0x0, 0x0, {0x8, 0x5}, {0x5}, @period={0x5c, 0x649, 0x2a9, 0xfffffffffffffffd, 0x7, {0xffffffffffffff7f, 0x3, 0x517, 0x8d}, 0x0, 0x0}}) ioctl$TIOCMBIC(0xffffffffffffffff, 0x5417, &(0x7f0000000080)=0x3) fcntl$lock(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(0xffffffffffffffff, &(0x7f0000000480)={0x4, 0x8}, 0x10) ioctl$VIDIOC_SUBDEV_S_SELECTION(0xffffffffffffffff, 0xc040563e, &(0x7f0000000100)={0x0, 0x0, 0x103, 0x6, {0x0, 0x10001, 0x9, 0x7}}) write$FUSE_WRITE(0xffffffffffffffff, 0x0, 0x0) openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x20601, 0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, &(0x7f00000007c0)={0x0, 0x80, "0b790e5ed80eb70b7375f16c643c40ff41fffbeddcb93e4910bb7524fa75fc3bd5de1c6b07ecd47ab622181cd982308a3673d2481abfa98030c3472734ca4adb1a65ccfbcee11d673b0ee4fa8c05b7dd636e055b5d8032cc31c53717721265a10a8ce6e6aaaaff352ea45b03093038b3e90c2829aff4f05a415df9ba4fbd5ee9"}, 0x0) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$FUSE_CREATE_OPEN(r1, &(0x7f00000005c0)={0xa0, 0x0, 0x0, {{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x807c, 0x6, 0x0, 0x2, 0x0, 0x0, 0xcb1}}}}, 0xa0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f00000004c0), 0xc, 0x0}, 0x1) close(r1) 21:24:26 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000800)={{{@in, @in6=@ipv4={[], [], @dev}, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {0x0, 0x6}, 0x1, 0x0, 0x0, 0x1}, {{@in6=@local}, 0x0, @in, 0x0, 0x0, 0x0, 0xffffffffffffffff}}, 0xe8) 21:24:26 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000003fe8)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$inet6_opts(r2, 0x29, 0x11, 0x0, 0x0) close(r2) close(r1) 21:24:26 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key$keyring(&(0x7f0000000380)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffff9) r0 = socket(0x11, 0x802, 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'team0\x00\n\x00L\xff\xff\xff\xc3`\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000240)={'team0\x00\xfd\xff\xff\xff\xc0\x00\x03\x00\x02\xff', 0x4bfd}) 21:24:26 executing program 3: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000180)='/dev/full\x00', 0x80040, 0x0) ioctl$EVIOCGABS0(r0, 0x80184540, &(0x7f0000000880)=""/212) socket$bt_cmtp(0x1f, 0x3, 0x5) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000000)=0xfffffffffffffc51) r1 = socket$kcm(0x29, 0x2, 0x0) recvmsg$kcm(r1, 0x0, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000012c0)={0x51, 0x0, 0x0, {0x8, 0x5}, {0x5}, @period={0x5c, 0x649, 0x2a9, 0xfffffffffffffffd, 0x7, {0xffffffffffffff7f, 0x0, 0x517, 0x8d}, 0x0, 0x0}}) ioctl$TIOCMBIC(0xffffffffffffffff, 0x5417, &(0x7f0000000080)=0x3) fcntl$lock(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0xfffffffffffffe30, 0xfa00, {0x4, &(0x7f0000000400)={0xffffffffffffffff}, 0x13f, 0xb}}, 0xffffffffffffff63) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(0xffffffffffffffff, &(0x7f0000000480)={0x4, 0x8, 0xfa00, {r2}}, 0x10) ioctl$VIDIOC_SUBDEV_S_SELECTION(0xffffffffffffffff, 0xc040563e, &(0x7f0000000100)={0x0, 0x0, 0x103, 0x6, {0x9, 0x10001, 0x9, 0x7}}) write$FUSE_WRITE(0xffffffffffffffff, 0x0, 0x0) openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, 0x0) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x20601, 0x0) syz_genetlink_get_family_id$ipvs(0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r3, 0x84, 0x1a, &(0x7f00000007c0)={0x0, 0x82, "0b790e5ed80eb70b7375f16c643c40ff41fffbeddcb93e4910bb7524fa75fc3bd5de1c6b07ecd47ab622181cd982308a3673d2481abfa98030c3472734ca4adb1a65ccfbcee11d673b0ee4fa8c05b7dd636e055b5d8032cc31c53717721265a10a8ce6e6aaaaff352ea45b03093038b3e90c2829aff4f05a415df9ba4fbd5ee9caad"}, 0x0) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f00000000c0)={r4, 0x97d}, &(0x7f0000000140)=0x8) r5 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) fcntl$getownex(r5, 0x10, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$FUSE_CREATE_OPEN(r3, &(0x7f00000005c0)={0xa0, 0x0, 0x5, {{0x5, 0x0, 0x0, 0x0, 0x0, 0xfff, {0x5, 0x0, 0x807c, 0x6, 0x0, 0x2, 0x0, 0x0, 0xcb1}}}}, 0xa0) ioctl$KVM_SET_PIT(r3, 0x8048ae66, &(0x7f0000000740)={[{0x5, 0x401, 0x0, 0x0, 0x8, 0x41ce, 0x2be, 0x0, 0xc3f9, 0x7, 0x6, 0x401, 0x6}, {0xffff, 0x7e, 0x1, 0x7fffffff, 0x7, 0xffffffff, 0x0, 0x1, 0x4, 0x7e9, 0x1, 0x10001, 0x9}, {0x2a9c, 0x101, 0x251, 0x8000, 0x0, 0xda0, 0xc49, 0x9, 0x5, 0x0, 0x7, 0x2, 0x3}]}) syz_genetlink_get_family_id$nbd(&(0x7f0000000500)='nbd\x00') sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, 0x0}, 0x1) close(r3) name_to_handle_at(r3, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000280)={0xb0, 0x1, "fc986259ec80d7a44f1d6130719db3ca887682dd64939bf7398162b69f29716ae55eae36385f0e4c136804c15aaf3b493fdf30ebacbe3f24f1639b28e95266ad28f0aab75d9bedd99a723b21e65d7db64ab9975aa415cf533b9046f8c3585048914d158a65652045cf5cf6fa6158fcd7509397c1d9fc8c2478d18f16628bf7bef8d38b15040287f429550063532d73b3271cd563bfb7b4490a53d67afad7e073003ca2401b1f2002"}, 0x0, 0x0) 21:24:26 executing program 0: pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) clone(0x1000001000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u='version=9p2000.u'}]}}) 21:24:27 executing program 1: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000180)='/dev/full\x00', 0x80040, 0x0) ioctl$EVIOCGABS0(r0, 0x80184540, &(0x7f0000000880)=""/212) socket$bt_cmtp(0x1f, 0x3, 0x5) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000000)=0xfffffffffffffc51) r1 = socket$kcm(0x29, 0x2, 0x0) recvmsg$kcm(r1, 0x0, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000012c0)={0x51, 0x0, 0x0, {0x8, 0x5}, {0x5}, @period={0x5c, 0x649, 0x2a9, 0xfffffffffffffffd, 0x7, {0xffffffffffffff7f, 0x0, 0x517, 0x8d}, 0x0, 0x0}}) ioctl$TIOCMBIC(0xffffffffffffffff, 0x5417, &(0x7f0000000080)=0x3) fcntl$lock(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0xfffffffffffffe30, 0xfa00, {0x4, &(0x7f0000000400)={0xffffffffffffffff}, 0x13f, 0xb}}, 0xffffffffffffff63) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(0xffffffffffffffff, &(0x7f0000000480)={0x4, 0x8, 0xfa00, {r2}}, 0x10) ioctl$VIDIOC_SUBDEV_S_SELECTION(0xffffffffffffffff, 0xc040563e, &(0x7f0000000100)={0x0, 0x0, 0x103, 0x6, {0x9, 0x10001, 0x9, 0x7}}) write$FUSE_WRITE(0xffffffffffffffff, 0x0, 0x0) openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, 0x0) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x20601, 0x0) syz_genetlink_get_family_id$ipvs(0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r3, 0x84, 0x1a, &(0x7f00000007c0)={0x0, 0x82, "0b790e5ed80eb70b7375f16c643c40ff41fffbeddcb93e4910bb7524fa75fc3bd5de1c6b07ecd47ab622181cd982308a3673d2481abfa98030c3472734ca4adb1a65ccfbcee11d673b0ee4fa8c05b7dd636e055b5d8032cc31c53717721265a10a8ce6e6aaaaff352ea45b03093038b3e90c2829aff4f05a415df9ba4fbd5ee9caad"}, 0x0) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f00000000c0)={r4, 0x97d}, &(0x7f0000000140)=0x8) r5 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) fcntl$getownex(r5, 0x10, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$FUSE_CREATE_OPEN(r3, &(0x7f00000005c0)={0xa0, 0x0, 0x5, {{0x5, 0x0, 0x0, 0x0, 0x0, 0xfff, {0x5, 0x0, 0x807c, 0x6, 0x0, 0x2, 0x0, 0x0, 0xcb1}}}}, 0xa0) ioctl$KVM_SET_PIT(r3, 0x8048ae66, &(0x7f0000000740)={[{0x5, 0x401, 0x0, 0x0, 0x8, 0x41ce, 0x2be, 0x0, 0xc3f9, 0x7, 0x6, 0x401, 0x6}, {0xffff, 0x7e, 0x1, 0x7fffffff, 0x7, 0xffffffff, 0x0, 0x1, 0x4, 0x7e9, 0x1, 0x10001, 0x9}, {0x2a9c, 0x101, 0x251, 0x8000, 0x0, 0xda0, 0xc49, 0x9, 0x5, 0x0, 0x7, 0x2, 0x3}]}) syz_genetlink_get_family_id$nbd(&(0x7f0000000500)='nbd\x00') sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, 0x0}, 0x1) close(r3) name_to_handle_at(r3, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000280)={0xb0, 0x1, "fc986259ec80d7a44f1d6130719db3ca887682dd64939bf7398162b69f29716ae55eae36385f0e4c136804c15aaf3b493fdf30ebacbe3f24f1639b28e95266ad28f0aab75d9bedd99a723b21e65d7db64ab9975aa415cf533b9046f8c3585048914d158a65652045cf5cf6fa6158fcd7509397c1d9fc8c2478d18f16628bf7bef8d38b15040287f429550063532d73b3271cd563bfb7b4490a53d67afad7e073003ca2401b1f2002"}, 0x0, 0x0) 21:24:27 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000003fe8)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$inet6_opts(r2, 0x29, 0x11, 0x0, 0x0) close(r2) close(r1) 21:24:27 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003840)=[{{0x0, 0x0, &(0x7f0000002b80)=[{&(0x7f0000000680)=""/190, 0xbe}], 0x1}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/ip_vs\x00') r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$DRM_IOCTL_GET_STATS(0xffffffffffffffff, 0x80f86406, &(0x7f0000000480)=""/162) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, 0xffffffffffffffff) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000003c0)={0x0, 0x5000}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000440)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 21:24:27 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getrandom(&(0x7f0000000000)=""/37, 0x25, 0x0) 21:24:27 executing program 1: openat$full(0xffffffffffffff9c, 0x0, 0x80040, 0x0) socket$bt_cmtp(0x1f, 0x3, 0x5) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000000)=0xfffffffffffffc51) r0 = socket$kcm(0x29, 0x2, 0x0) recvmsg$kcm(r0, 0x0, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000012c0)={0x51, 0x0, 0x0, {0x8, 0x5}, {0x5}, @period={0x5c, 0x649, 0x2a9, 0xfffffffffffffffd, 0x7, {0xffffffffffffff7f, 0x3, 0x517, 0x8d}, 0x0, 0x0}}) ioctl$TIOCMBIC(0xffffffffffffffff, 0x5417, &(0x7f0000000080)=0x3) fcntl$lock(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0xfffffffffffffe30, 0xfa00, {0x4, &(0x7f0000000400)={0xffffffffffffffff}, 0x13f}}, 0xffffffffffffff63) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(0xffffffffffffffff, &(0x7f0000000480)={0x4, 0x8, 0xfa00, {r1}}, 0x10) ioctl$VIDIOC_SUBDEV_S_SELECTION(0xffffffffffffffff, 0xc040563e, &(0x7f0000000100)={0x0, 0x0, 0x103, 0x6, {0x0, 0x10001, 0x9, 0x7}}) write$FUSE_WRITE(0xffffffffffffffff, 0x0, 0x0) openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, 0x0) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x20601, 0x0) syz_genetlink_get_family_id$ipvs(0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r2, 0x84, 0x1a, &(0x7f00000007c0)={0x0, 0x82, "0b790e5ed80eb70b7375f16c643c40ff41fffbeddcb93e4910bb7524fa75fc3bd5de1c6b07ecd47ab622181cd982308a3673d2481abfa98030c3472734ca4adb1a65ccfbcee11d673b0ee4fa8c05b7dd636e055b5d8032cc31c53717721265a10a8ce6e6aaaaff352ea45b03093038b3e90c2829aff4f05a415df9ba4fbd5ee9caad"}, 0x0) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f00000000c0)={r3, 0x97d}, &(0x7f0000000140)=0x8) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$FUSE_CREATE_OPEN(r2, &(0x7f00000005c0)={0xa0, 0x0, 0x5, {{0x5, 0x0, 0x0, 0x0, 0x0, 0xfff, {0x5, 0x0, 0x807c, 0x6, 0x0, 0x2, 0x0, 0x0, 0xcb1}}}}, 0xa0) ioctl$KVM_SET_PIT(r2, 0x8048ae66, &(0x7f0000000740)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x41ce, 0x2be, 0x0, 0xc3f9, 0x7, 0x6, 0x401, 0x6}, {0xffff, 0x0, 0x1, 0x7fffffff, 0x7, 0xffffffff, 0x0, 0x1, 0x4, 0x7e9, 0x1, 0x10001, 0x9}, {0x2a9c, 0x101, 0x251, 0x8000, 0x1, 0xda0, 0xc49, 0x9, 0x5, 0xffff, 0x7, 0x2, 0x3}]}) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x1) close(r2) name_to_handle_at(r2, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000280)={0xb0, 0x1, "fc986259ec80d7a44f1d6130719db3ca887682dd64939bf7398162b69f29716ae55eae36385f0e4c136804c15aaf3b493fdf30ebacbe3f24f1639b28e95266ad28f0aab75d9bedd99a723b21e65d7db64ab9975aa415cf533b9046f8c3585048914d158a65652045cf5cf6fa6158fcd7509397c1d9fc8c2478d18f16628bf7bef8d38b15040287f429550063532d73b3271cd563bfb7b4490a53d67afad7e073003ca2401b1f2002"}, 0x0, 0x0) 21:24:27 executing program 0: pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) clone(0x1000001000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u='version=9p2000.u'}]}}) 21:24:27 executing program 3: sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100000c7, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') preadv(r0, &(0x7f0000000480), 0x100000000000022c, 0x6c00000000000000) 21:24:27 executing program 2: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x1) 21:24:27 executing program 3: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000140)=""/156, 0x9c}, {&(0x7f00000003c0)=""/253, 0xfd}, {&(0x7f0000000580)=""/230, 0xe6}, {&(0x7f00000013c0)=""/4096, 0x1000}], 0x4, 0x0) [ 196.085785][ T8016] device team0 entered promiscuous mode [ 196.091380][ T8016] device team_slave_0 entered promiscuous mode [ 196.103793][ T8016] device team_slave_1 entered promiscuous mode [ 196.111860][ T8016] 8021q: adding VLAN 0 to HW filter on device team0 [ 196.228655][ T8065] device team0 left promiscuous mode [ 196.233969][ T8065] device team_slave_0 left promiscuous mode [ 196.240154][ T8065] device team_slave_1 left promiscuous mode 21:24:28 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key$keyring(&(0x7f0000000380)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffff9) r0 = socket(0x11, 0x802, 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'team0\x00\n\x00L\xff\xff\xff\xc3`\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000240)={'team0\x00\xfd\xff\xff\xff\xc0\x00\x03\x00\x02\xff', 0x4bfd}) 21:24:28 executing program 1: 21:24:28 executing program 0: pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u='version=9p2000.u'}]}}) 21:24:28 executing program 3: 21:24:28 executing program 4: 21:24:28 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f00000002c0)='fd/4\x00') 21:24:28 executing program 4: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) 21:24:28 executing program 3: openat$full(0xffffffffffffff9c, 0x0, 0x80040, 0x0) socket$bt_cmtp(0x1f, 0x3, 0x5) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000000)=0xfffffffffffffc51) socket$kcm(0x29, 0x2, 0x0) recvmsg$kcm(0xffffffffffffffff, 0x0, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000012c0)={0x51, 0x0, 0x0, {0x8, 0x5}, {0x5}, @period={0x5c, 0x649, 0x2a9, 0xfffffffffffffffd, 0x7, {0xffffffffffffff7f, 0x3, 0x517}, 0x0, 0x0}}) ioctl$TIOCMBIC(0xffffffffffffffff, 0x5417, 0x0) fcntl$lock(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(0xffffffffffffffff, &(0x7f0000000480)={0x4, 0x8}, 0x10) ioctl$VIDIOC_SUBDEV_S_SELECTION(0xffffffffffffffff, 0xc040563e, &(0x7f0000000100)={0x0, 0x0, 0x103, 0x6, {0x9, 0x10001, 0x9, 0x7}}) write$FUSE_WRITE(0xffffffffffffffff, 0x0, 0x0) openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, 0x0) r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x20601, 0x0) syz_genetlink_get_family_id$ipvs(0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f00000007c0)={0x0, 0x72, "0b790e5ed80eb70b7375f16c643c40ff41fffbeddcb93e4910bb7524fa75fc3bd5de1c6b07ecd47ab622181cd982308a3673d2481abfa98030c3472734ca4adb1a65ccfbcee11d673b0ee4fa8c05b7dd636e055b5d8032cc31c53717721265a10a8ce6e6aaaaff352ea45b03093038b3e90c"}, 0x0) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f00000000c0)={r1, 0x97d}, &(0x7f0000000140)=0x8) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$FUSE_CREATE_OPEN(r0, &(0x7f00000005c0)={0xa0, 0x0, 0x5, {{0x5, 0x0, 0x0, 0x0, 0x0, 0xfff, {0x5, 0x0, 0x807c, 0x6, 0x0, 0x2, 0x0, 0x0, 0xcb1}}}}, 0xa0) ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f0000000740)={[{0x5, 0x401, 0x0, 0x0, 0x8, 0x0, 0x2be, 0x0, 0x0, 0x0, 0x6, 0x401, 0x6}, {0xffff, 0x7e, 0x1, 0x7fffffff, 0x7, 0x0, 0x0, 0x1, 0x4, 0x7e9, 0x1, 0x10001}, {0x2a9c, 0x101, 0x0, 0x8000, 0x1, 0xda0, 0xc49, 0x9, 0x5, 0xffff, 0x7, 0x2, 0x3}]}) close(r0) name_to_handle_at(0xffffffffffffffff, 0x0, &(0x7f0000000280)={0x8, 0x1}, 0x0, 0x0) 21:24:28 executing program 1: 21:24:28 executing program 2: 21:24:28 executing program 4: [ 196.530205][ T8086] device team0 entered promiscuous mode [ 196.583686][ T8086] device team_slave_0 entered promiscuous mode 21:24:28 executing program 1: [ 196.630320][ T8086] device team_slave_1 entered promiscuous mode [ 196.716375][ T8086] 8021q: adding VLAN 0 to HW filter on device team0 21:24:28 executing program 5: 21:24:28 executing program 4: 21:24:28 executing program 2: 21:24:28 executing program 3: 21:24:28 executing program 0: pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u='version=9p2000.u'}]}}) 21:24:28 executing program 1: 21:24:28 executing program 5: 21:24:28 executing program 4: 21:24:28 executing program 3: 21:24:28 executing program 1: 21:24:28 executing program 2: 21:24:28 executing program 5: 21:24:28 executing program 4: 21:24:28 executing program 3: 21:24:28 executing program 1: 21:24:29 executing program 3: 21:24:29 executing program 0: pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u='version=9p2000.u'}]}}) 21:24:29 executing program 1: 21:24:29 executing program 2: 21:24:29 executing program 4: 21:24:29 executing program 5: 21:24:29 executing program 3: 21:24:29 executing program 2: 21:24:29 executing program 4: 21:24:29 executing program 1: 21:24:29 executing program 5: 21:24:29 executing program 3: