[ 39.856586][ T26] audit: type=1800 audit(1554674353.296:26): pid=7679 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 39.889172][ T26] audit: type=1800 audit(1554674353.306:27): pid=7679 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 39.911249][ T26] audit: type=1800 audit(1554674353.306:28): pid=7679 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 40.693962][ T26] audit: type=1800 audit(1554674354.156:29): pid=7679 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.37' (ECDSA) to the list of known hosts. 2019/04/07 21:59:24 fuzzer started 2019/04/07 21:59:27 dialing manager at 10.128.0.26:34543 2019/04/07 21:59:27 syscalls: 2408 2019/04/07 21:59:27 code coverage: enabled 2019/04/07 21:59:27 comparison tracing: enabled 2019/04/07 21:59:27 extra coverage: extra coverage is not supported by the kernel 2019/04/07 21:59:27 setuid sandbox: enabled 2019/04/07 21:59:27 namespace sandbox: enabled 2019/04/07 21:59:27 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/07 21:59:27 fault injection: enabled 2019/04/07 21:59:27 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/07 21:59:27 net packet injection: enabled 2019/04/07 21:59:27 net device setup: enabled 22:01:42 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$KVM_HYPERV_EVENTFD(r0, 0x4018aebd, &(0x7f00000000c0)) syzkaller login: [ 188.828105][ T7846] IPVS: ftp: loaded support on port[0] = 21 22:01:42 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) clone(0x40003102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r0, 0x4b47, 0x0) [ 188.937326][ T7846] chnl_net:caif_netlink_parms(): no params data found [ 189.037666][ T7846] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.064716][ T7846] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.073237][ T7846] device bridge_slave_0 entered promiscuous mode [ 189.102012][ T7849] IPVS: ftp: loaded support on port[0] = 21 [ 189.114919][ T7846] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.122121][ T7846] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.131494][ T7846] device bridge_slave_1 entered promiscuous mode [ 189.156269][ T7846] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.172637][ T7846] bond0: Enslaving bond_slave_1 as an active interface with an up link 22:01:42 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f0000002580)=[{&(0x7f00000012c0)=""/115, 0x73}], 0x1}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mountinfo\x00') preadv(r0, &(0x7f0000000480), 0x100000000000029c, 0x6c00) [ 189.233056][ T7846] team0: Port device team_slave_0 added [ 189.251804][ T7846] team0: Port device team_slave_1 added [ 189.398481][ T7846] device hsr_slave_0 entered promiscuous mode 22:01:42 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f0000044000), 0x0) creat(&(0x7f00000000c0)='./bus\x00', 0x0) [ 189.484958][ T7846] device hsr_slave_1 entered promiscuous mode [ 189.531838][ T7849] chnl_net:caif_netlink_parms(): no params data found [ 189.568320][ T7852] IPVS: ftp: loaded support on port[0] = 21 [ 189.637700][ T7846] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.645029][ T7846] bridge0: port 2(bridge_slave_1) entered forwarding state [ 189.652867][ T7846] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.660019][ T7846] bridge0: port 1(bridge_slave_0) entered forwarding state [ 189.685814][ T7849] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.692897][ T7849] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.701789][ T7849] device bridge_slave_0 entered promiscuous mode 22:01:43 executing program 4: set_mempolicy(0x4003, &(0x7f0000000140)=0x6, 0x9) r0 = creat(&(0x7f0000000280)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x44000) perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fallocate(r0, 0x0, 0x0, 0xa6ba0) io_setup(0x40000100000003, &(0x7f0000000200)=0x0) io_submit(r1, 0x653, &(0x7f0000000540)=[&(0x7f00000000c0)={0x804000000000000, 0x0, 0x8, 0x1, 0x90030000000000, r0, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xc00}]) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x5c831, 0xffffffffffffffff, 0x0) [ 189.734405][ T7854] IPVS: ftp: loaded support on port[0] = 21 [ 189.752154][ T7849] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.760168][ T7849] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.775422][ T7849] device bridge_slave_1 entered promiscuous mode [ 189.900191][ T7849] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.930547][ T7849] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 190.023637][ T7846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.042324][ T17] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.056199][ T7857] IPVS: ftp: loaded support on port[0] = 21 [ 190.066885][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.078729][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 190.109737][ T7849] team0: Port device team_slave_0 added 22:01:43 executing program 5: getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x800000000008032, r0, 0x0) close(0xffffffffffffffff) mmap$binder(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000200)='./file0\x00', &(0x7f0000001500)) execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000) setxattr$security_evm(&(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, &(0x7f0000000000)=0x4, 0x2, 0x10000000002) [ 190.125284][ T7846] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.138728][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 190.147703][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 190.163899][ T7849] team0: Port device team_slave_1 added [ 190.182244][ T7852] chnl_net:caif_netlink_parms(): no params data found [ 190.307515][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.316586][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.325005][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.332093][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.407522][ T7849] device hsr_slave_0 entered promiscuous mode [ 190.474939][ T7849] device hsr_slave_1 entered promiscuous mode [ 190.540045][ T7863] IPVS: ftp: loaded support on port[0] = 21 [ 190.556332][ T7852] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.563490][ T7852] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.571533][ T7852] device bridge_slave_0 entered promiscuous mode [ 190.582065][ T7852] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.589922][ T7852] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.598313][ T7852] device bridge_slave_1 entered promiscuous mode [ 190.614979][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.623573][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.632011][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.639075][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.647436][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 190.656056][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.664589][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 190.673048][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.681537][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 190.690015][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.698513][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 190.706595][ T7854] chnl_net:caif_netlink_parms(): no params data found [ 190.736665][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 190.746390][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 190.775008][ T7852] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 190.798492][ T7846] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 190.810109][ T7846] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 190.819653][ T7852] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 190.835610][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 190.843830][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 190.873601][ T7854] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.881375][ T7854] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.889476][ T7854] device bridge_slave_0 entered promiscuous mode [ 190.899431][ T7854] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.906586][ T7854] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.914172][ T7854] device bridge_slave_1 entered promiscuous mode [ 190.958900][ T7846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 190.968148][ T7852] team0: Port device team_slave_0 added [ 190.997398][ T7854] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 191.008041][ T7854] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 191.023880][ T7852] team0: Port device team_slave_1 added [ 191.093447][ T7854] team0: Port device team_slave_0 added [ 191.100849][ T7854] team0: Port device team_slave_1 added 22:01:44 executing program 0: syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) dup2(r1, r0) [ 191.187326][ T7852] device hsr_slave_0 entered promiscuous mode [ 191.225361][ T7852] device hsr_slave_1 entered promiscuous mode [ 191.347760][ T7854] device hsr_slave_0 entered promiscuous mode [ 191.395125][ T7854] device hsr_slave_1 entered promiscuous mode 22:01:44 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='memory.events\x00', 0x7a05, 0x1700) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00\xe7\xce]tcS>\x93-\t/5\xc7\xf7\xd09&\xa3B\xf1\x06\x00\x00~\xb3\x9a\x0esV\x7f6\xba\xf2\xa0\xab\xfa\x1f+\xf8=\"\x1e\x1f\xe7\x8e\xa42\xe2H\xfe\x9f\x92\x9a5\x90G\xbd\x93\x80\x8c\xa3\xcbB\x91K\xa3\xda\xd5\xab\xeb\xd2?G\xaeNN\xd0\xf7\x81,9?\\\x12m\xef\xdci\x8a\x87.)\xab\xadwD\xfa\xef\xd9\xad\x18\x01\x97\x89\xb2\x05d\"\xbaQ\xf3G\x14`\xe9\xe1\xe3\xe8\xcd\x18\x84\x91\x87\xe9h\xac^)5\x94\\\xe0\b\xd4\x83Q\xee\x15q@\xe1\xc2\xdd\xc7\xb8\xfc\x7f4nh\xec\x88\xe9A\x8d\xf4\xac,\t\xfbR\xfbp!\x1a\x86\x1dN\x81\xac\xa8\x98\a,\n\x9dd\x04S\"\x0f\xb5\x1c6\xe1\xb2', 0x7a05, 0x1700) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") pwrite64(r1, &(0x7f0000000200)="4ebefa1e923f1e018b6e53bf4815b78e1f2ef9212b93090c1ff6b35c208d50aef3fd759f995b53dd37c58cf8332b8a6b66575478e02ef0145bf122ba2e2c53a7ec45e375683475a6495f8d7b7a088f5e32dc266569074319bf8c8d3d8007cc92e2ba0d9082c41b63e330f353a3f675a98d2e74a08e38400f7f5eb113a0e25fd90115d57a7acdcab1128cf4f9c719f3f29d460c507f8a2a6594d259217d32eae9be93c6ed17a67ae2e7e689a31fa8449da12fd62bf423cff702b09e6ee1ff0e698b8bb517819eb712ba2b34b54b28b79d9399d920d5a5507e8a85f37060dfe3051f06f8d7cc9b068495ee5d5fcce85410bcd9f91d1f198353ce94b2e03370e43875c1a035bb88fd26fbb5b1252e2056d6b67e2b2f424051a40ad9170e76a81a6ca4f149ff643db76f8f2c1aa8024a6279952027489bbad6479e47ea5ba9e47d8136df398665f6cdfd15e93cfbf2ce1151afe9321ed63fe7100e704b232646fc1e0e936b90cceaaa70225ce71640e10316d2cc637355eddb3c4e16ff1635fa4e65a66eb5ab2cbf9d6f063e05f0e46fcc14bf31eedfb9f33c215fc14946cc6f7493924442e939f71ac4bd3e35e78857f9624c663f3669a47a7146e3249ee3eaaf681f371d515af5b934f9252c7ac2a164bf318fc2b194ee087b2b28ed5e4618c0906fc3f32c43a3b9e08a2e0d509f65a7de909e8c3c535f1d8cb9c236716e5ad709", 0x200, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xfffffcbe) [ 191.473742][ T7857] chnl_net:caif_netlink_parms(): no params data found [ 191.509279][ T7863] chnl_net:caif_netlink_parms(): no params data found [ 191.600257][ T7857] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.607550][ T7857] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.616520][ T7857] device bridge_slave_0 entered promiscuous mode [ 191.630626][ T7857] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.638675][ T7857] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.646775][ T7857] device bridge_slave_1 entered promiscuous mode [ 191.678738][ T7863] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.686043][ T7863] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.693726][ T7863] device bridge_slave_0 entered promiscuous mode [ 191.705367][ T7857] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 191.715882][ T7857] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 191.725723][ T7863] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.732782][ T7863] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.741351][ T7863] device bridge_slave_1 entered promiscuous mode [ 191.755663][ T7849] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.782599][ T7857] team0: Port device team_slave_0 added [ 191.803194][ T7857] team0: Port device team_slave_1 added 22:01:45 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='memory.events\x00', 0x7a05, 0x1700) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xfffffcbe) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000000000, 0x0) [ 191.899177][ T7857] device hsr_slave_0 entered promiscuous mode [ 191.948685][ T7857] device hsr_slave_1 entered promiscuous mode [ 191.993101][ T7863] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 192.018755][ T7849] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.032282][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.040696][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.050833][ T7863] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 192.067585][ T7852] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.106520][ T7863] team0: Port device team_slave_0 added [ 192.112843][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.122409][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.131389][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.138569][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.147966][ T26] kauditd_printk_skb: 1 callbacks suppressed [ 192.147982][ T26] audit: type=1804 audit(1554674505.616:31): pid=7881 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir408653308/syzkaller.fHGsde/3/memory.events" dev="sda1" ino=16519 res=1 [ 192.183301][ T7863] team0: Port device team_slave_1 added [ 192.192677][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.205587][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.214227][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.233253][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.240486][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.248894][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 192.258100][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 192.267405][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 192.276523][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.290239][ T7852] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.310145][ T7849] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 192.322073][ T7849] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 192.387801][ T7863] device hsr_slave_0 entered promiscuous mode [ 192.425995][ T7863] device hsr_slave_1 entered promiscuous mode [ 192.469905][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 192.478610][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.487529][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.495838][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 192.510860][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 192.519890][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 192.528807][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 192.537911][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 192.547447][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 192.567619][ T7854] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.595854][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 192.611645][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.620755][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.624990][ T26] audit: type=1804 audit(1554674506.096:32): pid=7880 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir408653308/syzkaller.fHGsde/3/memory.events" dev="sda1" ino=16519 res=1 [ 192.629483][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.660475][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.668648][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.677761][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.686773][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.693871][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.702160][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 192.711196][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 192.744197][ T7849] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 192.752080][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 22:01:46 executing program 0: sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, 0x0) chown(0x0, 0x0, 0x0) lsetxattr$system_posix_acl(0x0, 0x0, 0x0, 0x0, 0x0) sendmmsg(r0, &(0x7f000000b040)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003100)=[{0x10}], 0x10}}, {{&(0x7f00000032c0)=@nl=@unspec, 0x80, 0x0}, 0x3}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008500)}, 0x9}, {{0x0, 0x0, &(0x7f000000aac0)=[{0x0}, {0x0}], 0x2}, 0xe6a}], 0x4, 0x4000) sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) lstat(&(0x7f0000000600)='./file0/file0\x00', 0x0) [ 192.814997][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.822350][ T26] audit: type=1804 audit(1554674506.286:33): pid=7883 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir408653308/syzkaller.fHGsde/3/memory.events" dev="sda1" ino=16519 res=1 [ 192.861866][ T7887] binder: 7885:7887 ioctl 4b47 0 returned -22 [ 192.869038][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.888636][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 192.902351][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 22:01:46 executing program 1: socket$inet_udplite(0x2, 0x2, 0x88) [ 192.911572][ T7890] binder: 7888:7890 ioctl 4b47 0 returned -22 [ 192.920076][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 192.939843][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 22:01:46 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0x0, 0x0, 0x4, r2, 0x3}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000100)={0x0, 0x0, 0x0, r2, 0x7}) [ 192.958398][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 192.967895][ C0] hrtimer: interrupt took 54649 ns [ 192.992195][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 193.001928][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 193.015328][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 193.027751][ T7902] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 193.048647][ T7854] 8021q: adding VLAN 0 to HW filter on device team0 22:01:46 executing program 0: r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20\x00', 0x800, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000001580)=ANY=[@ANYBLOB="aab7a78579f943fc63ee2d933da04a84f4fd8e5ad3e0884f18b091e3a338f8c61c480943d02fdcda2c3f92400a8dba8fc4535f7bff3a5a6488169bc65c9033c1d9ede7", @ANYRES32=0x0], 0x0) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000001280)={0x0, 0x3, 0x30, 0x1, 0xaf}, &(0x7f00000013c0)=0x18) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f00000000c0)={r1, 0x7ff}, 0x0) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000000)) openat$rtc(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rtc0\x00', 0x0, 0x0) ioctl$VHOST_RESET_OWNER(0xffffffffffffffff, 0xaf02, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x0, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x800000000008032, r3, 0x0) syz_open_procfs(0x0, 0x0) mmap$binder(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) lstat(&(0x7f0000000200)='./file0\x00', &(0x7f0000001500)={0x0, 0x0, 0x0, 0x0, 0x0}) setuid(r4) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000001600)=ANY=[@ANYBLOB="a50a79c67cfd4175c9d07f454c440000000000000000cc717cc000000000000000020000032f08ebb10103000400000000ddff0002c17609485e22d9607217f0de93119681c597b7befc18e970cf4d227c759a2079d335d78fe366f089d3aa9c4d1025cbcf6959dc508cf1b9b7458efeefcdefe6a6012a203847e8e4cbd26c0ff38a93586f2179a93060031c61e3db1ea4a8a5c31d0221fdce4406cd141685f2ac393940a92583c5880ba9b03a22a740dbd6f7ea955cd80607e803047df392eeb272ca936770d9173e8431577fb970068876668755c60d7d891e963ed2652cb11cd443c60b4368f901000000f797ff85cb7fa0412ad50404e817ebb5500545d5abd84f8f276d19e5ee777f4f9a11ff55827e60a6df502f5e6e2f00756bfaffffffffffffff35a389d358adc2b4fdd51df87386f8047db31bd4f7d7bc1fa352c9406a8c901d7770c7d0bdb3342e4f381bd0e0bd77a872363cd5421a30e62d81a4dfae651ae69882044378ea17f33e55a151c0d66f671baa98ff2eb9"], 0x17b) execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, 0x0) lsetxattr$security_ima(0x0, 0x0, 0x0, 0x0, 0x0) shmctl$SHM_UNLOCK(0x0, 0xc) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, &(0x7f0000000000)=0x4, 0x2, 0x10000000002) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001300)={r2, r0, 0x0, 0x9, &(0x7f00000012c0)='/dev/kvm\x00'}, 0x30) prctl$PR_SVE_GET_VL(0x33, 0x1e5ab) ioctl$VT_GETSTATE(r0, 0x5603, &(0x7f0000001340)={0x100, 0x9, 0x71}) ioctl$TIOCGLCKTRMIOS(r0, 0x5456, &(0x7f0000000040)={0x2, 0x55c, 0x1, 0x18c, 0x7, 0x7fffffff, 0x2b, 0x3, 0x8, 0x1, 0x5, 0x3f}) recvfrom$llc(r0, &(0x7f0000000280)=""/4096, 0x1000, 0x20, &(0x7f00000001c0)={0x1a, 0x30e, 0x4, 0x6, 0xac, 0x8, @remote}, 0x10) [ 193.068513][ T7852] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 193.078162][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 193.097004][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 193.119816][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 193.154672][ C1] sched: DL replenish lagged too much [ 193.156322][ T3000] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.169862][ T3000] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.186163][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 22:01:46 executing program 1: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x800, 0x0) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000040)={0x6, r0, 0x1}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000cab000)) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, 0x0, &(0x7f0000000100)) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000200)={0x0, @in6={{0xa, 0x4e22, 0x4, @ipv4={[], [], @rand_addr=0x5}, 0x1}}, 0x598, 0x787f, 0x27e, 0x0, 0x4}, &(0x7f00000002c0)=0x98) lsetxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="10000200000000002000000000000000"], 0x1, 0x0) chdir(&(0x7f0000000340)='./file0\x00') symlink(&(0x7f0000000800)='./file0/file0\x00', &(0x7f00000007c0)='./file0\x00') sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) lstat(&(0x7f0000000600)='./file0/file0\x00', 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000080)=[@in6={0xa, 0x4e22, 0x838, @loopback, 0x4}], 0x1c) ioprio_set$uid(0x0, 0x0, 0x0) [ 193.320050][ T7857] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.411170][ T7854] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 193.439977][ T7854] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 193.548623][ T7852] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.575182][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 193.596701][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 193.617972][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.625337][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.637708][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 193.650997][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 193.662732][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 193.676810][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 193.691710][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 193.702433][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 193.716542][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 193.731109][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 193.742936][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 193.758347][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 193.789471][ T7857] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.801866][ T7855] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 193.812146][ T7855] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 193.820363][ T7855] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 193.828544][ T7855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.846356][ T7854] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.886753][ T7863] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.944332][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 193.959257][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 193.973217][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.980390][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state 22:01:47 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f0000002580)=[{&(0x7f00000012c0)=""/115, 0x73}], 0x1}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mountinfo\x00') preadv(r0, &(0x7f0000000480), 0x100000000000029c, 0x6c00) 22:01:47 executing program 1: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x800, 0x0) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000040)={0x6, r0, 0x1}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000cab000)) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, 0x0, &(0x7f0000000100)) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000200)={0x0, @in6={{0xa, 0x4e22, 0x4, @ipv4={[], [], @rand_addr=0x5}, 0x1}}, 0x598, 0x787f, 0x27e, 0x0, 0x4}, &(0x7f00000002c0)=0x98) lsetxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="10000200000000002000000000000000"], 0x1, 0x0) chdir(&(0x7f0000000340)='./file0\x00') symlink(&(0x7f0000000800)='./file0/file0\x00', &(0x7f00000007c0)='./file0\x00') sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) lstat(&(0x7f0000000600)='./file0/file0\x00', 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000080)=[@in6={0xa, 0x4e22, 0x838, @loopback, 0x4}], 0x1c) ioprio_set$uid(0x0, 0x0, 0x0) [ 194.008150][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 194.017349][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 194.039510][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.046718][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 194.061598][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 194.104310][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 194.120704][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 194.132806][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 194.145070][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 194.153889][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 194.166182][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 194.180121][ T7863] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.194207][ T7857] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 194.218777][ T7857] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 194.232834][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 194.241269][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 194.249539][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 194.257543][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 194.265977][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 194.274358][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 194.282873][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 194.291680][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 194.313147][ T7857] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 194.336665][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 194.346169][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 194.355229][ T3000] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.362369][ T3000] bridge0: port 1(bridge_slave_0) entered forwarding state [ 194.370128][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 194.382343][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 194.390950][ T3000] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.398098][ T3000] bridge0: port 2(bridge_slave_1) entered forwarding state [ 194.406066][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 194.414967][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 194.423553][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 194.432472][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 194.442001][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 194.450248][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 194.476437][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 194.491866][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 194.501039][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 194.509647][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 194.538270][ T7863] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 194.585685][ T7863] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 194.593498][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 194.603303][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 194.623786][ T7863] 8021q: adding VLAN 0 to HW filter on device batadv0 22:01:48 executing program 3: r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20\x00', 0x800, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000001580)=ANY=[@ANYBLOB="aab7a78579f943fc63ee2d933da04a84f4fd8e5ad3e0884f18b091e3a338f8c61c480943d02fdcda2c3f92400a8dba8fc4535f7bff3a5a6488169bc65c9033c1d9ede7", @ANYRES32=0x0], 0x0) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000001280)={0x0, 0x3, 0x30, 0x1, 0xaf}, &(0x7f00000013c0)=0x18) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f00000000c0)={r1, 0x7ff}, 0x0) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000000)) openat$rtc(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rtc0\x00', 0x0, 0x0) ioctl$VHOST_RESET_OWNER(0xffffffffffffffff, 0xaf02, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x0, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x800000000008032, r3, 0x0) syz_open_procfs(0x0, 0x0) mmap$binder(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) lstat(&(0x7f0000000200)='./file0\x00', &(0x7f0000001500)={0x0, 0x0, 0x0, 0x0, 0x0}) setuid(r4) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000001600)=ANY=[@ANYBLOB="a50a79c67cfd4175c9d07f454c440000000000000000cc717cc000000000000000020000032f08ebb10103000400000000ddff0002c17609485e22d9607217f0de93119681c597b7befc18e970cf4d227c759a2079d335d78fe366f089d3aa9c4d1025cbcf6959dc508cf1b9b7458efeefcdefe6a6012a203847e8e4cbd26c0ff38a93586f2179a93060031c61e3db1ea4a8a5c31d0221fdce4406cd141685f2ac393940a92583c5880ba9b03a22a740dbd6f7ea955cd80607e803047df392eeb272ca936770d9173e8431577fb970068876668755c60d7d891e963ed2652cb11cd443c60b4368f901000000f797ff85cb7fa0412ad50404e817ebb5500545d5abd84f8f276d19e5ee777f4f9a11ff55827e60a6df502f5e6e2f00756bfaffffffffffffff35a389d358adc2b4fdd51df87386f8047db31bd4f7d7bc1fa352c9406a8c901d7770c7d0bdb3342e4f381bd0e0bd77a872363cd5421a30e62d81a4dfae651ae69882044378ea17f33e55a151c0d66f671baa98ff2eb9"], 0x17b) execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, 0x0) lsetxattr$security_ima(0x0, 0x0, 0x0, 0x0, 0x0) shmctl$SHM_UNLOCK(0x0, 0xc) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, &(0x7f0000000000)=0x4, 0x2, 0x10000000002) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001300)={r2, r0, 0x0, 0x9, &(0x7f00000012c0)='/dev/kvm\x00'}, 0x30) prctl$PR_SVE_GET_VL(0x33, 0x1e5ab) ioctl$VT_GETSTATE(r0, 0x5603, &(0x7f0000001340)={0x100, 0x9, 0x71}) ioctl$TIOCGLCKTRMIOS(r0, 0x5456, &(0x7f0000000040)={0x2, 0x55c, 0x1, 0x18c, 0x7, 0x7fffffff, 0x2b, 0x3, 0x8, 0x1, 0x5, 0x3f}) recvfrom$llc(r0, &(0x7f0000000280)=""/4096, 0x1000, 0x20, &(0x7f00000001c0)={0x1a, 0x30e, 0x4, 0x6, 0xac, 0x8, @remote}, 0x10) 22:01:48 executing program 0: r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20\x00', 0x800, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000001580)=ANY=[@ANYBLOB="aab7a78579f943fc63ee2d933da04a84f4fd8e5ad3e0884f18b091e3a338f8c61c480943d02fdcda2c3f92400a8dba8fc4535f7bff3a5a6488169bc65c9033c1d9ede7", @ANYRES32=0x0], 0x0) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000001280)={0x0, 0x3, 0x30, 0x1, 0xaf}, &(0x7f00000013c0)=0x18) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f00000000c0)={r1, 0x7ff}, 0x0) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000000)) openat$rtc(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rtc0\x00', 0x0, 0x0) ioctl$VHOST_RESET_OWNER(0xffffffffffffffff, 0xaf02, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x0, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x800000000008032, r3, 0x0) syz_open_procfs(0x0, 0x0) mmap$binder(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) lstat(&(0x7f0000000200)='./file0\x00', &(0x7f0000001500)={0x0, 0x0, 0x0, 0x0, 0x0}) setuid(r4) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000001600)=ANY=[@ANYBLOB="a50a79c67cfd4175c9d07f454c440000000000000000cc717cc000000000000000020000032f08ebb10103000400000000ddff0002c17609485e22d9607217f0de93119681c597b7befc18e970cf4d227c759a2079d335d78fe366f089d3aa9c4d1025cbcf6959dc508cf1b9b7458efeefcdefe6a6012a203847e8e4cbd26c0ff38a93586f2179a93060031c61e3db1ea4a8a5c31d0221fdce4406cd141685f2ac393940a92583c5880ba9b03a22a740dbd6f7ea955cd80607e803047df392eeb272ca936770d9173e8431577fb970068876668755c60d7d891e963ed2652cb11cd443c60b4368f901000000f797ff85cb7fa0412ad50404e817ebb5500545d5abd84f8f276d19e5ee777f4f9a11ff55827e60a6df502f5e6e2f00756bfaffffffffffffff35a389d358adc2b4fdd51df87386f8047db31bd4f7d7bc1fa352c9406a8c901d7770c7d0bdb3342e4f381bd0e0bd77a872363cd5421a30e62d81a4dfae651ae69882044378ea17f33e55a151c0d66f671baa98ff2eb9"], 0x17b) execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, 0x0) lsetxattr$security_ima(0x0, 0x0, 0x0, 0x0, 0x0) shmctl$SHM_UNLOCK(0x0, 0xc) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, &(0x7f0000000000)=0x4, 0x2, 0x10000000002) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001300)={r2, r0, 0x0, 0x9, &(0x7f00000012c0)='/dev/kvm\x00'}, 0x30) prctl$PR_SVE_GET_VL(0x33, 0x1e5ab) ioctl$VT_GETSTATE(r0, 0x5603, &(0x7f0000001340)={0x100, 0x9, 0x71}) ioctl$TIOCGLCKTRMIOS(r0, 0x5456, &(0x7f0000000040)={0x2, 0x55c, 0x1, 0x18c, 0x7, 0x7fffffff, 0x2b, 0x3, 0x8, 0x1, 0x5, 0x3f}) recvfrom$llc(r0, &(0x7f0000000280)=""/4096, 0x1000, 0x20, &(0x7f00000001c0)={0x1a, 0x30e, 0x4, 0x6, 0xac, 0x8, @remote}, 0x10) 22:01:48 executing program 1: r0 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x4, 0x0, 0x0) 22:01:48 executing program 2: sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) chown(0x0, 0x0, 0x0) lsetxattr$system_posix_acl(0x0, 0x0, 0x0, 0x0, 0x0) sendmmsg(r0, &(0x7f000000b040)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000200)}], 0x1}, 0x20351a0a}, {{0x0, 0x0, &(0x7f00000008c0)=[{0x0}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008500)}}, {{0x0, 0x0, &(0x7f000000aac0)=[{0x0}, {0x0}], 0x2}, 0xe6a}], 0x4, 0x4000) clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:01:48 executing program 4: set_mempolicy(0x4003, &(0x7f0000000140)=0x6, 0x9) r0 = creat(&(0x7f0000000280)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x44000) perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fallocate(r0, 0x0, 0x0, 0xa6ba0) io_setup(0x40000100000003, &(0x7f0000000200)=0x0) io_submit(r1, 0x653, &(0x7f0000000540)=[&(0x7f00000000c0)={0x804000000000000, 0x0, 0x8, 0x1, 0x90030000000000, r0, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xc00}]) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x5c831, 0xffffffffffffffff, 0x0) 22:01:48 executing program 5: mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) 22:01:49 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='memory.events\x00', 0x7a05, 0x1700) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00\xe7\xce]tcS>\x93-\t/5\xc7\xf7\xd09&\xa3B\xf1\x06\x00\x00~\xb3\x9a\x0esV\x7f6\xba\xf2\xa0\xab\xfa\x1f+\xf8=\"\x1e\x1f\xe7\x8e\xa42\xe2H\xfe\x9f\x92\x9a5\x90G\xbd\x93\x80\x8c\xa3\xcbB\x91K\xa3\xda\xd5\xab\xeb\xd2?G\xaeNN\xd0\xf7\x81,9?\\\x12m\xef\xdci\x8a\x87.)\xab\xadwD\xfa\xef\xd9\xad\x18\x01\x97\x89\xb2\x05d\"\xbaQ\xf3G\x14`\xe9\xe1\xe3\xe8\xcd\x18\x84\x91\x87\xe9h\xac^)5\x94\\\xe0\b\xd4\x83Q\xee\x15q@\xe1\xc2\xdd\xc7\xb8\xfc\x7f4nh\xec\x88\xe9A\x8d\xf4\xac,\t\xfbR\xfbp!\x1a\x86\x1dN\x81\xac\xa8\x98\a,\n\x9dd\x04S\"\x0f\xb5\x1c6\xe1\xb2', 0x7a05, 0x1700) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") pwrite64(r1, &(0x7f0000000200)="4ebefa1e923f1e018b6e53bf4815b78e1f2ef9212b93090c1ff6b35c208d50aef3fd759f995b53dd37c58cf8332b8a6b66575478e02ef0145bf122ba2e2c53a7ec45e375683475a6495f8d7b7a088f5e32dc266569074319bf8c8d3d8007cc92e2ba0d9082c41b63e330f353a3f675a98d2e74a08e38400f7f5eb113a0e25fd90115d57a7acdcab1128cf4f9c719f3f29d460c507f8a2a6594d259217d32eae9be93c6ed17a67ae2e7e689a31fa8449da12fd62bf423cff702b09e6ee1ff0e698b8bb517819eb712ba2b34b54b28b79d9399d920d5a5507e8a85f37060dfe3051f06f8d7cc9b068495ee5d5fcce85410bcd9f91d1f198353ce94b2e03370e43875c1a035bb88fd26fbb5b1252e2056d6b67e2b2f424051a40ad9170e76a81a6ca4f149ff643db76f8f2c1aa8024a6279952027489bbad6479e47ea5ba9e47d8136df398665f6cdfd15e93cfbf2ce1151afe9321ed63fe7100e704b232646fc1e0e936b90cceaaa70225ce71640e10316d2cc637355eddb3c4e16ff1635fa4e65a66eb5ab2cbf9d6f063e05f0e46fcc14bf31eedfb9f33c215fc14946cc6f7493924442e939f71ac4bd3e35e78857f9624c663f3669a47a7146e3249ee3eaaf681f371d515af5b934f9252c7ac2a164bf318fc2b194ee087b2b28ed5e4618c0906fc3f32c43a3b9e08a2e0d509f65a7de909e8c3c535f1d8cb9c236716e5ad709", 0x200, 0x3200) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xfffffcbe) 22:01:49 executing program 2: r0 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt(r0, 0x2000000000010d, 0x0, 0x0, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(0xffffffffffffffff, 0xc038563b, &(0x7f0000000400)={0x1, 0x0, {0x0, 0x3, 0x3ff, 0xfffffffffffff36b}}) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) set_mempolicy(0x4003, &(0x7f0000000140)=0x6, 0x9) r1 = creat(&(0x7f0000000280)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x44000) perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000000)) write$evdev(0xffffffffffffffff, 0x0, 0x0) fallocate(r1, 0x0, 0x0, 0xa6ba0) io_setup(0x40000100000003, &(0x7f0000000200)=0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000340), &(0x7f0000000380)=0x14) execve(0x0, &(0x7f0000000780)=[&(0x7f0000000240)='security.capability\x00', 0x0, 0x0, &(0x7f0000000640)='#%[\x00', &(0x7f0000000680)='security.capability\x00', &(0x7f00000006c0)='security.capability\x00'], 0x0) io_submit(r2, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x804000000000000, 0x0, 0x8, 0x1, 0x0, r1, 0x0, 0x0, 0xc00}]) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x5c831, 0xffffffffffffffff, 0x0) ioctl$RTC_PLL_GET(0xffffffffffffffff, 0x80207011, 0x0) socket$unix(0x1, 0x1, 0x0) 22:01:49 executing program 4: set_mempolicy(0x4003, &(0x7f0000000140)=0x6, 0x9) r0 = creat(&(0x7f0000000280)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x44000) perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fallocate(r0, 0x0, 0x0, 0xa6ba0) io_setup(0x40000100000003, &(0x7f0000000200)=0x0) io_submit(r1, 0x653, &(0x7f0000000540)=[&(0x7f00000000c0)={0x804000000000000, 0x0, 0x8, 0x1, 0x90030000000000, r0, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xc00}]) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x5c831, 0xffffffffffffffff, 0x0) 22:01:49 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r2 = socket$inet6(0xa, 0x0, 0x104) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet6_int(r2, 0x29, 0xb, &(0x7f0000000040)=0x8, 0xfe7e) r3 = creat(&(0x7f0000000140)='./file0\x00', 0x80) connect$vsock_dgram(r3, &(0x7f00000001c0)={0x28, 0x0, 0xffffffff}, 0x10) recvmsg(r2, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=""/36, 0x12}, 0x2000) sendmmsg(r1, &(0x7f00000002c0), 0x40000000000001c, 0x0) close(0xffffffffffffffff) getpid() rt_sigaction(0x26, &(0x7f00000002c0)={&(0x7f0000000200)="0f4ddcf2a5660fc681f7ffffff00c4e2a98c9306000000c4e169de300fabee65660f3a62ab000001003cc4e2d2f7c5c4e3ad0f4f2b08c4c2b58cb5e76d0000", {0xfffffffffffffa69}, 0x2, &(0x7f0000000240)="0f0f60f51d1167000f4f77007900c4c14d1587000000000ffbd3c4c1b5ed1af3de01c4c22d9acac4e27d5a4c4cfa"}, &(0x7f00000003c0)={&(0x7f0000000300)="81613792d17955c4e29101dedee488a326000000c4e2b1b7abfeeffffff2e100c4c1bd14b7d363bf62d341fec4c2792fbe6eadd75bc4c139140b", {}, 0x0, 0x0}, 0x0, 0x0) ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0x0) ioctl$SG_GET_REQUEST_TABLE(0xffffffffffffffff, 0x2286, 0x0) setitimer(0x1, &(0x7f0000000080)={{0x0, 0x2710}, {0x0, 0x2710}}, 0x0) write$FUSE_STATFS(0xffffffffffffffff, 0x0, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f00000000c0)) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f0000000440)={0x0, 0x3}, &(0x7f0000000480)=0x8) r5 = socket$nl_route(0x10, 0x3, 0x0) dup2(r5, r4) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_int(r6, &(0x7f0000000280)='rdma.max\x00', 0x2, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10a000000) r7 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) ioctl$int_in(r7, 0x80000000005016, 0x0) 22:01:49 executing program 3: r0 = syz_open_dev$video(&(0x7f00000000c0)='/dev/video#\x00', 0x3, 0x0) ioctl$VIDIOC_QUERYCTRL(r0, 0xc0445624, &(0x7f0000000440)={0x42f0efff, 0x0, "225a6374327c2da684f6cae230f600"}) 22:01:49 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev}, 0x1c) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xb, &(0x7f0000000040), 0xfe7e) r2 = creat(&(0x7f0000000140)='./file0\x00', 0x80) connect$vsock_dgram(r2, &(0x7f00000001c0)={0x28, 0x0, 0xffffffff}, 0x10) close(0xffffffffffffffff) getpid() rt_sigaction(0x26, &(0x7f00000002c0)={&(0x7f0000000200)="0f4ddcf2a5660fc681f7ffffff00c4e2a98c9306000000c4e169de300fabee65660f3a62ab000001003cc4e2d2f7c5c4e3ad0f4f2b08c4c2b58cb5e76d0000", {0xfffffffffffffa69}, 0x2, &(0x7f0000000240)="0f0f60f51d1167000f4f77007900c4c14d1587000000000ffbd3c4c1b5ed1af3de01c4c22d9acac4e27d5a4c4cfa"}, &(0x7f00000003c0)={&(0x7f0000000300)="81613792d17955c4e29101dedee488a326000000c4e2b1b7abfeeffffff2e100c4c1bd14b7d363bf62d341fec4c2792fbe6eadd75bc4c139140b", {}, 0x0, 0x0}, 0x0, 0x0) ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0x0) ioctl$SG_GET_REQUEST_TABLE(0xffffffffffffffff, 0x2286, 0x0) write$FUSE_STATFS(0xffffffffffffffff, 0x0, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f00000000c0)) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000440)={0x0, 0x3}, &(0x7f0000000480)=0x8) r4 = socket$nl_route(0x10, 0x3, 0x0) dup2(r4, r3) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10a000000) r5 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) ioctl$int_in(r5, 0x80000000005016, 0x0) 22:01:49 executing program 3: openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_open_dev$vcsa(0x0, 0x400, 0x0) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x100000000, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r4, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4) connect$inet(r4, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r4, &(0x7f0000007fc0), 0x40000000000002f, 0x0) setrlimit(0x400000011, 0x0) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, 0x0, 0x20040000) close(0xffffffffffffffff) getsockopt$ARPT_SO_GET_INFO(r0, 0x0, 0x60, 0x0, 0x0) ioctl$sock_inet_udp_SIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000200)) mprotect(&(0x7f000052d000/0x4000)=nil, 0x4000, 0x0) r5 = openat$rtc(0xffffffffffffff9c, 0x0, 0x4, 0x0) ioctl$GIO_UNISCRNMAP(r3, 0x4b69, &(0x7f00000002c0)=""/130) getsockopt$sock_linger(r5, 0x1, 0xd, &(0x7f0000000100), &(0x7f0000000180)=0x8) mlockall(0x3) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000240)={0x3, 0x2, 0x1000}, 0x4) [ 196.414933][ T7982] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7982 [ 196.425174][ T7982] caller is ip6_finish_output+0x335/0xdc0 [ 196.431180][ T7982] CPU: 1 PID: 7982 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 196.440238][ T7982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 196.450617][ T7982] Call Trace: [ 196.453968][ T7982] dump_stack+0x172/0x1f0 [ 196.458374][ T7982] __this_cpu_preempt_check+0x246/0x270 [ 196.463952][ T7982] ip6_finish_output+0x335/0xdc0 [ 196.468955][ T7982] ? rcu_read_unlock_special+0xf3/0x210 [ 196.474531][ T7982] ip6_output+0x235/0x7f0 [ 196.478881][ T7982] ? ip6_finish_output+0xdc0/0xdc0 [ 196.484032][ T7982] ? trace_hardirqs_on_caller+0x6a/0x220 [ 196.489704][ T7982] ? ip6_fragment+0x3980/0x3980 [ 196.494606][ T7982] ip6_local_out+0xc4/0x1b0 [ 196.499156][ T7982] ip6_send_skb+0xbb/0x350 [ 196.503595][ T7982] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 196.509097][ T7982] udpv6_sendmsg+0x21e3/0x28d0 [ 196.513892][ T7982] ? ip_reply_glue_bits+0xc0/0xc0 [ 196.518944][ T7982] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 196.524945][ T7982] ? trace_hardirqs_on_caller+0x6a/0x220 [ 196.530650][ T7982] ? aa_profile_af_perm+0x320/0x320 [ 196.535896][ T7982] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 196.541424][ T7982] ? retint_kernel+0x2d/0x2d [ 196.546095][ T7982] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 196.551680][ T7982] inet_sendmsg+0x147/0x5e0 [ 196.556196][ T7982] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 196.562198][ T7982] ? inet_sendmsg+0x147/0x5e0 [ 196.566880][ T7982] ? ipip_gro_receive+0x100/0x100 [ 196.571941][ T7982] sock_sendmsg+0xdd/0x130 [ 196.576371][ T7982] ___sys_sendmsg+0x3e2/0x930 [ 196.581072][ T7982] ? copy_msghdr_from_user+0x430/0x430 [ 196.586565][ T7982] ? lock_downgrade+0x880/0x880 [ 196.591434][ T7982] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 196.597694][ T7982] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 196.603173][ T7982] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 196.608644][ T7982] ? lockdep_hardirqs_on+0x418/0x5d0 [ 196.613938][ T7982] ? retint_kernel+0x2d/0x2d [ 196.618534][ T7982] ? trace_hardirqs_on_caller+0x6a/0x220 [ 196.624195][ T7982] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 196.629670][ T7982] ? retint_kernel+0x2d/0x2d [ 196.634282][ T7982] ? sockfd_lookup_light+0xde/0x180 [ 196.639502][ T7982] ? sockfd_lookup_light+0x103/0x180 [ 196.644824][ T7982] ? sockfd_lookup_light+0xcb/0x180 [ 196.650075][ T7982] __sys_sendmmsg+0x1bf/0x4d0 [ 196.654803][ T7982] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 196.659858][ T7982] ? finish_task_switch+0x118/0x780 [ 196.665071][ T7982] ? __switch_to_asm+0x34/0x70 [ 196.669849][ T7982] ? __switch_to_asm+0x40/0x70 [ 196.674654][ T7982] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 196.680131][ T7982] ? lockdep_hardirqs_on+0x418/0x5d0 [ 196.685445][ T7982] ? retint_kernel+0x2d/0x2d [ 196.690048][ T7982] ? trace_hardirqs_on_caller+0x6a/0x220 [ 196.695702][ T7982] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 196.701179][ T7982] ? retint_kernel+0x2d/0x2d [ 196.705800][ T7982] __x64_sys_sendmmsg+0x9d/0x100 [ 196.710749][ T7982] ? do_syscall_64+0xfe/0x610 [ 196.715438][ T7982] do_syscall_64+0x103/0x610 [ 196.720046][ T7982] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.725955][ T7982] RIP: 0033:0x4582b9 [ 196.729878][ T7982] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 196.749521][ T7982] RSP: 002b:00007f3a30116c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 196.757976][ T7982] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 196.765975][ T7982] RDX: 040000000000001c RSI: 00000000200002c0 RDI: 0000000000000004 [ 196.773973][ T7982] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 196.781970][ T7982] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3a301176d4 [ 196.789961][ T7982] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff 22:01:50 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0xfffffffffffff000, &(0x7f0000000040)) 22:01:50 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r1, 0xae44, 0xffffffffffffa30a) 22:01:50 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = socket$inet6(0xa, 0x0, 0x104) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, 0x0, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xb, 0x0, 0x0) r2 = creat(0x0, 0x80) connect$vsock_dgram(r2, &(0x7f00000001c0)={0x28, 0x0, 0xffffffff}, 0x10) recvmsg(r1, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=""/36, 0x12}, 0x2000) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000001c, 0x0) getpid() rt_sigaction(0x26, &(0x7f00000002c0)={&(0x7f0000000200)="0f4ddcf2a5660fc681f7ffffff00c4e2a98c9306000000c4e169de300fabee65660f3a62ab000001003cc4e2d2f7c5c4e3ad0f4f2b08c4c2b58cb5e76d0000", {0xfffffffffffffa69}, 0x2, &(0x7f0000000240)="0f0f60f51d1167000f4f77007900c4c14d1587000000000ffbd3c4c1b5ed1af3de01c4c22d9acac4e27d5a4c4cfa"}, &(0x7f00000003c0)={&(0x7f0000000300)="81613792d17955c4e29101dedee488a326000000c4e2b1b7abfeeffffff2e100c4c1bd14b7d363bf62d341fec4c2792fbe6eadd75bc4c139140b", {}, 0x0, 0x0}, 0x8, &(0x7f0000000400)) ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0x0) ioctl$SG_GET_REQUEST_TABLE(0xffffffffffffffff, 0x2286, 0x0) setitimer(0x1, &(0x7f0000000080)={{0x0, 0x2710}, {0x0, 0x2710}}, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x400c6615, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000440)={0x0, 0x3}, &(0x7f0000000480)=0x8) r4 = socket$nl_route(0x10, 0x3, 0x0) dup2(r4, r3) ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) 22:01:50 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r2 = socket$inet6(0xa, 0x0, 0x104) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet6_int(r2, 0x29, 0xb, &(0x7f0000000040)=0x8, 0xfe7e) r3 = creat(&(0x7f0000000140)='./file0\x00', 0x80) connect$vsock_dgram(r3, &(0x7f00000001c0)={0x28, 0x0, 0xffffffff}, 0x10) recvmsg(r2, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=""/36, 0x12}, 0x2000) sendmmsg(r1, &(0x7f00000002c0), 0x40000000000001c, 0x0) close(0xffffffffffffffff) getpid() rt_sigaction(0x26, &(0x7f00000002c0)={&(0x7f0000000200)="0f4ddcf2a5660fc681f7ffffff00c4e2a98c9306000000c4e169de300fabee65660f3a62ab000001003cc4e2d2f7c5c4e3ad0f4f2b08c4c2b58cb5e76d0000", {0xfffffffffffffa69}, 0x2, &(0x7f0000000240)="0f0f60f51d1167000f4f77007900c4c14d1587000000000ffbd3c4c1b5ed1af3de01c4c22d9acac4e27d5a4c4cfa"}, &(0x7f00000003c0)={&(0x7f0000000300)="81613792d17955c4e29101dedee488a326000000c4e2b1b7abfeeffffff2e100c4c1bd14b7d363bf62d341fec4c2792fbe6eadd75bc4c139140b", {}, 0x0, 0x0}, 0x0, 0x0) ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0x0) ioctl$SG_GET_REQUEST_TABLE(0xffffffffffffffff, 0x2286, 0x0) setitimer(0x1, &(0x7f0000000080)={{0x0, 0x2710}, {0x0, 0x2710}}, 0x0) write$FUSE_STATFS(0xffffffffffffffff, 0x0, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f00000000c0)) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f0000000440)={0x0, 0x3}, &(0x7f0000000480)=0x8) r5 = socket$nl_route(0x10, 0x3, 0x0) dup2(r5, r4) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_int(r6, &(0x7f0000000280)='rdma.max\x00', 0x2, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10a000000) r7 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) ioctl$int_in(r7, 0x80000000005016, 0x0) 22:01:50 executing program 1: r0 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2272, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, @buffer={0x209, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 22:01:50 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ustat(0x0, 0x0) 22:01:50 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev}, 0x1c) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xb, &(0x7f0000000040), 0xfe7e) r2 = creat(&(0x7f0000000140)='./file0\x00', 0x80) connect$vsock_dgram(r2, &(0x7f00000001c0)={0x28, 0x0, 0xffffffff}, 0x10) close(0xffffffffffffffff) getpid() rt_sigaction(0x26, &(0x7f00000002c0)={&(0x7f0000000200)="0f4ddcf2a5660fc681f7ffffff00c4e2a98c9306000000c4e169de300fabee65660f3a62ab000001003cc4e2d2f7c5c4e3ad0f4f2b08c4c2b58cb5e76d0000", {0xfffffffffffffa69}, 0x2, &(0x7f0000000240)="0f0f60f51d1167000f4f77007900c4c14d1587000000000ffbd3c4c1b5ed1af3de01c4c22d9acac4e27d5a4c4cfa"}, &(0x7f00000003c0)={&(0x7f0000000300)="81613792d17955c4e29101dedee488a326000000c4e2b1b7abfeeffffff2e100c4c1bd14b7d363bf62d341fec4c2792fbe6eadd75bc4c139140b", {}, 0x0, 0x0}, 0x0, 0x0) ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0x0) ioctl$SG_GET_REQUEST_TABLE(0xffffffffffffffff, 0x2286, 0x0) write$FUSE_STATFS(0xffffffffffffffff, 0x0, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f00000000c0)) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000440)={0x0, 0x3}, &(0x7f0000000480)=0x8) r4 = socket$nl_route(0x10, 0x3, 0x0) dup2(r4, r3) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10a000000) r5 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) ioctl$int_in(r5, 0x80000000005016, 0x0) [ 197.290672][ T8008] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/8008 [ 197.301164][ T8008] caller is ip6_finish_output+0x335/0xdc0 [ 197.307217][ T8008] CPU: 0 PID: 8008 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 197.316292][ T8008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.326425][ T8008] Call Trace: [ 197.329858][ T8008] dump_stack+0x172/0x1f0 [ 197.334572][ T8008] __this_cpu_preempt_check+0x246/0x270 [ 197.340200][ T8008] ip6_finish_output+0x335/0xdc0 [ 197.345204][ T8008] ? rcu_read_unlock_special+0xf3/0x210 [ 197.350905][ T8008] ip6_output+0x235/0x7f0 [ 197.355194][ T8015] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/8015 [ 197.364599][ T8008] ? ip6_finish_output+0xdc0/0xdc0 [ 197.364619][ T8008] ? ip6_fragment+0x3980/0x3980 [ 197.364633][ T8008] ? ip_reply_glue_bits+0xc0/0xc0 [ 197.364651][ T8008] ip6_local_out+0xc4/0x1b0 [ 197.364669][ T8008] ip6_send_skb+0xbb/0x350 [ 197.364690][ T8008] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 197.364714][ T8008] udpv6_sendmsg+0x21e3/0x28d0 [ 197.364728][ T8008] ? ip_reply_glue_bits+0xc0/0xc0 [ 197.364746][ T8008] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 197.364766][ T8008] ? aa_profile_af_perm+0x320/0x320 [ 197.364783][ T8008] ? lockdep_hardirqs_on+0x418/0x5d0 [ 197.364799][ T8008] ? retint_kernel+0x2d/0x2d [ 197.364815][ T8008] ? trace_hardirqs_on_caller+0x6a/0x220 [ 197.364838][ T8008] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.364860][ T8008] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.364892][ T8008] ? retint_kernel+0x2d/0x2d [ 197.364909][ T8008] inet_sendmsg+0x147/0x5e0 [ 197.364924][ T8008] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 197.364935][ T8008] ? inet_sendmsg+0x147/0x5e0 [ 197.364949][ T8008] ? ipip_gro_receive+0x100/0x100 [ 197.364968][ T8008] sock_sendmsg+0xdd/0x130 [ 197.364996][ T8008] ___sys_sendmsg+0x3e2/0x930 [ 197.370227][ T8015] caller is ip6_finish_output+0x335/0xdc0 [ 197.375065][ T8008] ? copy_msghdr_from_user+0x430/0x430 [ 197.375095][ T8008] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.375113][ T8008] ? lockdep_hardirqs_on+0x418/0x5d0 [ 197.375127][ T8008] ? retint_kernel+0x2d/0x2d [ 197.375143][ T8008] ? trace_hardirqs_on_caller+0x6a/0x220 [ 197.375162][ T8008] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.375184][ T8008] ? retint_kernel+0x2d/0x2d [ 197.375227][ T8008] ? __fget_light+0x1d7/0x230 [ 197.375244][ T8008] ? audit_add_tree_rule.cold+0x37/0x37 [ 197.375261][ T8008] ? __fget_light+0x1a9/0x230 [ 197.375277][ T8008] ? __fdget+0x1b/0x20 [ 197.375291][ T8008] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.375319][ T8008] ? sockfd_lookup_light+0xcb/0x180 [ 197.549045][ T8008] __sys_sendmmsg+0x1bf/0x4d0 [ 197.553766][ T8008] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 197.558835][ T8008] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.564333][ T8008] ? lockdep_hardirqs_on+0x418/0x5d0 [ 197.569646][ T8008] ? retint_kernel+0x2d/0x2d [ 197.574267][ T8008] ? trace_hardirqs_on_caller+0x6a/0x220 [ 197.579941][ T8008] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.585437][ T8008] ? retint_kernel+0x2d/0x2d [ 197.590072][ T8008] __x64_sys_sendmmsg+0x9d/0x100 [ 197.595052][ T8008] ? do_syscall_64+0xed/0x610 [ 197.599764][ T8008] do_syscall_64+0x103/0x610 [ 197.604377][ T8008] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.610289][ T8008] RIP: 0033:0x4582b9 [ 197.614197][ T8008] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 197.633820][ T8008] RSP: 002b:00007f66b4c7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 197.642262][ T8008] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 197.650258][ T8008] RDX: 040000000000001c RSI: 00000000200002c0 RDI: 0000000000000004 [ 197.658254][ T8008] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 197.666257][ T8008] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66b4c7e6d4 [ 197.674283][ T8008] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 197.682516][ T8015] CPU: 1 PID: 8015 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 22:01:51 executing program 1: r0 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000001440)={0x53, 0x0, 0x6, 0x101, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="8895b69a150b", 0x0, 0x7f, 0x10002, 0x3, &(0x7f0000001400)}) [ 197.691631][ T8015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.701734][ T8015] Call Trace: [ 197.705055][ T8015] dump_stack+0x172/0x1f0 [ 197.705081][ T8015] __this_cpu_preempt_check+0x246/0x270 [ 197.705123][ T8015] ip6_finish_output+0x335/0xdc0 [ 197.705140][ T8015] ? rcu_read_unlock_special+0xf3/0x210 [ 197.705157][ T8015] ip6_output+0x235/0x7f0 [ 197.705179][ T8015] ? ip6_finish_output+0xdc0/0xdc0 [ 197.705195][ T8015] ? ip6_fragment+0x3980/0x3980 [ 197.705208][ T8015] ? ip_reply_glue_bits+0xc0/0xc0 [ 197.705224][ T8015] ip6_local_out+0xc4/0x1b0 [ 197.705239][ T8015] ip6_send_skb+0xbb/0x350 [ 197.705258][ T8015] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 197.720296][ T8015] udpv6_sendmsg+0x21e3/0x28d0 [ 197.764371][ T8015] ? ip_reply_glue_bits+0xc0/0xc0 [ 197.769446][ T8015] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 197.775499][ T8015] ? kasan_check_read+0x11/0x20 [ 197.780400][ T8015] ? _raw_spin_unlock_irq+0x5e/0x90 [ 197.785654][ T8015] ? finish_task_switch+0x146/0x780 [ 197.790898][ T8015] ? finish_task_switch+0x118/0x780 [ 197.796153][ T8015] ? __switch_to_asm+0x34/0x70 [ 197.800963][ T8015] ? __switch_to_asm+0x40/0x70 [ 197.805792][ T8015] ? lockdep_hardirqs_on+0x418/0x5d0 [ 197.811137][ T8015] ? retint_kernel+0x2d/0x2d [ 197.815775][ T8015] ? trace_hardirqs_on_caller+0x6a/0x220 [ 197.821495][ T8015] ? retint_kernel+0x2d/0x2d [ 197.826148][ T8015] inet_sendmsg+0x147/0x5e0 [ 197.830697][ T8015] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 197.836892][ T8015] ? inet_sendmsg+0x147/0x5e0 [ 197.841610][ T8015] ? ipip_gro_receive+0x100/0x100 [ 197.841630][ T8015] sock_sendmsg+0xdd/0x130 [ 197.841648][ T8015] ___sys_sendmsg+0x3e2/0x930 [ 197.841666][ T8015] ? copy_msghdr_from_user+0x430/0x430 [ 197.841688][ T8015] ? lock_downgrade+0x880/0x880 [ 197.841704][ T8015] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 197.841727][ T8015] ? kasan_check_read+0x11/0x20 [ 197.841747][ T8015] ? __fget+0x381/0x550 [ 197.841779][ T8015] ? ksys_dup3+0x3e0/0x3e0 [ 197.872554][ T8015] ? __fget_light+0x1a9/0x230 22:01:51 executing program 4: r0 = socket(0x848000000015, 0x805, 0x0) getsockopt(r0, 0x114, 0x2720, 0x0, &(0x7f0000000240)) [ 197.872570][ T8015] ? __fdget+0x1b/0x20 [ 197.872588][ T8015] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.872607][ T8015] ? sockfd_lookup_light+0xcb/0x180 [ 197.872623][ T8015] __sys_sendmmsg+0x1bf/0x4d0 [ 197.872645][ T8015] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 197.872674][ T8015] ? _copy_to_user+0xc9/0x120 [ 197.881724][ T8015] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.881750][ T8015] ? put_timespec64+0xda/0x140 [ 197.894961][ T8015] ? nsecs_to_jiffies+0x30/0x30 [ 197.894986][ T8015] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.895001][ T8015] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.895016][ T8015] ? do_syscall_64+0x26/0x610 [ 197.895041][ T8015] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.895054][ T8015] ? do_syscall_64+0x26/0x610 [ 197.895072][ T8015] __x64_sys_sendmmsg+0x9d/0x100 [ 197.895102][ T8015] do_syscall_64+0x103/0x610 [ 197.895121][ T8015] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.895143][ T8015] RIP: 0033:0x4582b9 [ 197.906631][ T8015] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 197.906641][ T8015] RSP: 002b:00007f3a30116c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 197.906656][ T8015] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 197.906665][ T8015] RDX: 040000000000001c RSI: 00000000200002c0 RDI: 0000000000000004 [ 197.906674][ T8015] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 197.906683][ T8015] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3a301176d4 [ 197.906692][ T8015] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 198.059055][ T8015] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/8015 [ 198.068849][ T8015] caller is ip6_finish_output+0x335/0xdc0 [ 198.074798][ T8015] CPU: 0 PID: 8015 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 198.083841][ T8015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 22:01:51 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x0, @dev}, 0x1, 0x0, 0x4}}, 0x26) [ 198.093906][ T8015] Call Trace: [ 198.093936][ T8015] dump_stack+0x172/0x1f0 [ 198.093964][ T8015] __this_cpu_preempt_check+0x246/0x270 [ 198.093993][ T8015] ip6_finish_output+0x335/0xdc0 [ 198.117284][ T8015] ip6_output+0x235/0x7f0 [ 198.117308][ T8015] ? ip6_finish_output+0xdc0/0xdc0 [ 198.126799][ T8015] ? ip6_fragment+0x3980/0x3980 [ 198.131686][ T8015] ? ip6_local_out+0x7f/0x1b0 [ 198.136390][ T8015] ip6_local_out+0xc4/0x1b0 [ 198.140933][ T8015] ip6_send_skb+0xbb/0x350 [ 198.145390][ T8015] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 198.150898][ T8015] udpv6_sendmsg+0x21e3/0x28d0 [ 198.155708][ T8015] ? ip_reply_glue_bits+0xc0/0xc0 [ 198.160790][ T8015] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 198.166824][ T8015] ? aa_profile_af_perm+0x320/0x320 [ 198.172064][ T8015] ? lockdep_hardirqs_on+0x418/0x5d0 [ 198.177413][ T8015] ? retint_kernel+0x2d/0x2d [ 198.182051][ T8015] ? trace_hardirqs_on_caller+0x6a/0x220 [ 198.187749][ T8015] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.193280][ T8015] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 198.198871][ T8015] inet_sendmsg+0x147/0x5e0 [ 198.203417][ T8015] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 198.209435][ T8015] ? inet_sendmsg+0x147/0x5e0 [ 198.214152][ T8015] ? ipip_gro_receive+0x100/0x100 [ 198.219216][ T8015] sock_sendmsg+0xdd/0x130 [ 198.223672][ T8015] ___sys_sendmsg+0x3e2/0x930 [ 198.228395][ T8015] ? copy_msghdr_from_user+0x430/0x430 [ 198.233892][ T8015] ? __lock_acquire+0x548/0x3fb0 [ 198.238862][ T8015] ? lock_downgrade+0x880/0x880 22:01:51 executing program 4: r0 = socket(0x848000000015, 0x805, 0x0) getsockopt(r0, 0x114, 0x2720, 0x0, &(0x7f0000000240)) [ 198.243748][ T8015] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 198.250038][ T8015] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.255554][ T8015] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.261064][ T8015] ? __might_fault+0x12b/0x1e0 [ 198.265879][ T8015] ? find_held_lock+0x35/0x130 [ 198.265897][ T8015] ? __might_fault+0x12b/0x1e0 [ 198.265915][ T8015] ? lock_downgrade+0x880/0x880 [ 198.265939][ T8015] ? ___might_sleep+0x163/0x280 [ 198.265957][ T8015] __sys_sendmmsg+0x1bf/0x4d0 [ 198.265974][ T8015] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 198.265997][ T8015] ? _copy_to_user+0xc9/0x120 [ 198.266016][ T8015] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.266029][ T8015] ? put_timespec64+0xda/0x140 [ 198.266044][ T8015] ? nsecs_to_jiffies+0x30/0x30 [ 198.266070][ T8015] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.266098][ T8015] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.266115][ T8015] ? do_syscall_64+0x26/0x610 [ 198.266132][ T8015] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.266147][ T8015] ? do_syscall_64+0x26/0x610 [ 198.266165][ T8015] __x64_sys_sendmmsg+0x9d/0x100 [ 198.266182][ T8015] do_syscall_64+0x103/0x610 [ 198.266200][ T8015] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.266213][ T8015] RIP: 0033:0x4582b9 [ 198.266232][ T8015] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 198.266241][ T8015] RSP: 002b:00007f3a30116c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 198.266257][ T8015] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 198.266266][ T8015] RDX: 040000000000001c RSI: 00000000200002c0 RDI: 0000000000000004 [ 198.266275][ T8015] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 198.266283][ T8015] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3a301176d4 [ 198.266292][ T8015] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff 22:01:52 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'qu2zZ\xdeqtC\x9e\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00`\xbe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00'}) close(r0) 22:01:52 executing program 1: getgroups(0x0, 0x0) r0 = getpgrp(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x800000409ff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() futex(&(0x7f0000000140)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) write$P9_RREAD(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="fa79be9c7993304290ed32e54619c82f86204f7ec2ff449fb8ee9e12f9db87aef081c78dfd3aa53b871e24445c16f5eff08614b07ea96e62a6"], 0x39) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f00000000c0)) ptrace$cont(0x7, r1, 0x0, 0x0) 22:01:52 executing program 4: r0 = socket(0x848000000015, 0x805, 0x0) getsockopt(r0, 0x114, 0x2720, 0x0, &(0x7f0000000240)) 22:01:52 executing program 2: syz_open_dev$rtc(&(0x7f0000000000)='/dev/rtc#\x00', 0x0, 0x800) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000380)=0x0) sched_setaffinity(r0, 0xfffffffffffffe0c, &(0x7f0000000400)=0x8000009) r1 = creat(&(0x7f0000000200)='./bus\x00', 0x4) ioctl$KDADDIO(r1, 0x4b34, 0x8000) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000680)) sendmsg$nl_route(r1, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) getpgrp(0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) capget(0x0, 0x0) socket$inet6(0xa, 0x400000000001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000001cc0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@newlink={0x28, 0x10, 0x801, 0xc00, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) 22:01:52 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r2 = socket$inet6(0xa, 0x0, 0x104) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet6_int(r2, 0x29, 0xb, &(0x7f0000000040)=0x8, 0xfe7e) r3 = creat(&(0x7f0000000140)='./file0\x00', 0x80) connect$vsock_dgram(r3, &(0x7f00000001c0)={0x28, 0x0, 0xffffffff}, 0x10) sendmmsg(r1, &(0x7f00000002c0), 0x40000000000001c, 0x0) close(0xffffffffffffffff) getpid() rt_sigaction(0x26, &(0x7f00000002c0)={&(0x7f0000000200)="0f4ddcf2a5660fc681f7ffffff00c4e2a98c9306000000c4e169de300fabee65660f3a62ab000001003cc4e2d2f7c5c4e3ad0f4f2b08c4c2b58cb5e76d0000", {0xfffffffffffffa69}, 0x2, &(0x7f0000000240)="0f0f60f51d1167000f4f77007900c4c14d1587000000000ffbd3c4c1b5ed1af3de01c4c22d9acac4e27d5a4c4cfa"}, &(0x7f00000003c0)={&(0x7f0000000300)="81613792d17955c4e29101dedee488a326000000c4e2b1b7abfeeffffff2e100c4c1bd14b7d363bf62d341fec4c2792fbe6eadd75bc4c139140b", {}, 0x0, 0x0}, 0x0, 0x0) ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0x0) ioctl$SG_GET_REQUEST_TABLE(0xffffffffffffffff, 0x2286, 0x0) setitimer(0x1, &(0x7f0000000080)={{0x0, 0x2710}, {0x0, 0x2710}}, 0x0) write$FUSE_STATFS(0xffffffffffffffff, 0x0, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f00000000c0)) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f0000000440)={0x0, 0x3}, &(0x7f0000000480)=0x8) r5 = socket$nl_route(0x10, 0x3, 0x0) dup2(r5, r4) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_int(r6, &(0x7f0000000280)='rdma.max\x00', 0x2, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10a000000) r7 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) ioctl$int_in(r7, 0x80000000005016, 0x0) 22:01:52 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2275, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, @buffer={0x209, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 199.069698][ T8054] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/8054 [ 199.079509][ T8054] caller is ip6_finish_output+0x335/0xdc0 [ 199.085615][ T8054] CPU: 1 PID: 8054 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 199.096411][ T8054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.106581][ T8054] Call Trace: [ 199.109925][ T8054] dump_stack+0x172/0x1f0 [ 199.114318][ T8054] __this_cpu_preempt_check+0x246/0x270 [ 199.119920][ T8054] ip6_finish_output+0x335/0xdc0 [ 199.124937][ T8054] ip6_output+0x235/0x7f0 [ 199.129324][ T8054] ? ip6_finish_output+0xdc0/0xdc0 [ 199.134476][ T8054] ? retint_kernel+0x2d/0x2d [ 199.139123][ T8054] ? ip6_fragment+0x3980/0x3980 [ 199.144035][ T8054] ? __ip6_local_out+0x4aa/0x8e0 [ 199.149032][ T8054] ip6_local_out+0xc4/0x1b0 [ 199.153585][ T8054] ip6_send_skb+0xbb/0x350 [ 199.158061][ T8054] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 199.165114][ T8054] udpv6_sendmsg+0x21e3/0x28d0 [ 199.169946][ T8054] ? find_held_lock+0x35/0x130 [ 199.174754][ T8054] ? ip_reply_glue_bits+0xc0/0xc0 [ 199.179830][ T8054] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 199.185865][ T8054] ? aa_profile_af_perm+0x320/0x320 [ 199.191120][ T8054] ? lockdep_hardirqs_on+0x418/0x5d0 [ 199.196454][ T8054] ? retint_kernel+0x2d/0x2d [ 199.201272][ T8054] ? trace_hardirqs_on_caller+0x6a/0x220 [ 199.207128][ T8054] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.212956][ T8054] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 199.214797][ T8061] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 199.218550][ T8054] inet_sendmsg+0x147/0x5e0 [ 199.218571][ T8054] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 199.218581][ T8054] ? inet_sendmsg+0x147/0x5e0 [ 199.218593][ T8054] ? ipip_gro_receive+0x100/0x100 [ 199.218612][ T8054] sock_sendmsg+0xdd/0x130 [ 199.218630][ T8054] ___sys_sendmsg+0x3e2/0x930 [ 199.218650][ T8054] ? copy_msghdr_from_user+0x430/0x430 [ 199.218672][ T8054] ? lock_downgrade+0x880/0x880 [ 199.218699][ T8054] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.227341][ C0] sd 0:0:1:0: [sg0] tag#3713 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK [ 199.231001][ T8054] ? kasan_check_read+0x11/0x20 [ 199.237076][ C0] sd 0:0:1:0: [sg0] tag#3713 CDB: Read(16) [ 199.241947][ T8054] ? __fget+0x381/0x550 [ 199.247053][ C0] sd 0:0:1:0: [sg0] tag#3713 CDB[00]: 88 95 b6 9a 15 0b 98 fa a6 f8 23 7c 79 80 97 11 [ 199.251432][ T8054] ? ksys_dup3+0x3e0/0x3e0 [ 199.256195][ C0] sd 0:0:1:0: [sg0] tag#3713 CDB[10]: 75 a4 ab 1e 65 28 f5 30 55 3e 66 57 25 b0 9a 99 [ 199.261616][ T8054] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.266544][ C0] sd 0:0:1:0: [sg0] tag#3713 CDB[20]: 61 [ 199.272733][ T8054] ? __fget_light+0x1a9/0x230 [ 199.272749][ T8054] ? __fdget+0x1b/0x20 [ 199.272764][ T8054] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.272782][ T8054] ? sockfd_lookup_light+0xcb/0x180 [ 199.272806][ T8054] __sys_sendmmsg+0x1bf/0x4d0 [ 199.359136][ T8054] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 199.364219][ T8054] ? _copy_to_user+0xc9/0x120 [ 199.368941][ T8054] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.375221][ T8054] ? put_timespec64+0xda/0x140 [ 199.383354][ T8054] ? nsecs_to_jiffies+0x30/0x30 [ 199.388257][ T8054] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.393761][ T8054] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.399270][ T8054] ? do_syscall_64+0x26/0x610 [ 199.403989][ T8054] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.410111][ T8054] ? do_syscall_64+0x26/0x610 [ 199.414833][ T8054] __x64_sys_sendmmsg+0x9d/0x100 [ 199.419815][ T8054] do_syscall_64+0x103/0x610 [ 199.424450][ T8054] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.430379][ T8054] RIP: 0033:0x4582b9 [ 199.434303][ T8054] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.453930][ T8054] RSP: 002b:00007f66b4c7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 199.462372][ T8054] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 22:01:52 executing program 3: r0 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000001440)={0x53, 0x0, 0x21, 0x101, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001280)="8895b69a150b98faa6f8237c7980971175a4ab1e6528f530553e665725b09a9961", 0x0, 0x7f, 0x10002, 0x3, &(0x7f0000001400)}) 22:01:52 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000300)) dup2(r0, r1) [ 199.470367][ T8054] RDX: 040000000000001c RSI: 00000000200002c0 RDI: 0000000000000004 [ 199.478366][ T8054] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 199.486358][ T8054] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66b4c7e6d4 [ 199.494357][ T8054] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff 22:01:53 executing program 1: getgroups(0x0, 0x0) r0 = getpgrp(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x800000409ff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() futex(&(0x7f0000000140)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) write$P9_RREAD(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="fa79be9c7993304290ed32e54619c82f86204f7ec2ff449fb8ee9e12f9db87aef081c78dfd3aa53b871e24445c16f5eff08614b07ea96e62a6"], 0x39) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f00000000c0)) ptrace$cont(0x7, r1, 0x0, 0x0) 22:01:53 executing program 4: r0 = socket(0x848000000015, 0x805, 0x0) getsockopt(r0, 0x114, 0x2720, 0x0, &(0x7f0000000240)) 22:01:53 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2275, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, @buffer={0x209, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 199.630632][ T8054] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/8054 [ 199.641947][ T8054] caller is ip6_finish_output+0x335/0xdc0 [ 199.647939][ T8054] CPU: 0 PID: 8054 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 199.656983][ T8054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.667064][ T8054] Call Trace: [ 199.670408][ T8054] dump_stack+0x172/0x1f0 [ 199.674771][ T8054] __this_cpu_preempt_check+0x246/0x270 [ 199.680359][ T8054] ip6_finish_output+0x335/0xdc0 [ 199.685330][ T8054] ? rcu_read_unlock_special+0xf3/0x210 [ 199.690914][ T8054] ip6_output+0x235/0x7f0 [ 199.695273][ T8054] ? ip6_finish_output+0xdc0/0xdc0 [ 199.700423][ T8054] ? ip6_fragment+0x3980/0x3980 [ 199.705303][ T8054] ? ip6_local_out+0x7f/0x1b0 [ 199.710015][ T8054] ip6_local_out+0xc4/0x1b0 [ 199.714552][ T8054] ip6_send_skb+0xbb/0x350 [ 199.719004][ T8054] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 199.724509][ T8054] udpv6_sendmsg+0x21e3/0x28d0 [ 199.729326][ T8054] ? ip_reply_glue_bits+0xc0/0xc0 [ 199.734399][ T8054] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 199.740426][ T8054] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.745918][ T8054] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.751425][ T8054] ? lockdep_hardirqs_on+0x418/0x5d0 [ 199.756741][ T8054] ? retint_kernel+0x2d/0x2d [ 199.761352][ T8054] ? trace_hardirqs_on_caller+0x6a/0x220 [ 199.767018][ T8054] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.772537][ T8054] ? lockdep_hardirqs_on+0x418/0x5d0 [ 199.777849][ T8054] ? retint_kernel+0x2d/0x2d [ 199.782472][ T8054] ? trace_hardirqs_on_caller+0x6a/0x220 [ 199.788161][ T8054] ? retint_kernel+0x2d/0x2d [ 199.792794][ T8054] inet_sendmsg+0x147/0x5e0 [ 199.797330][ T8054] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 199.803338][ T8054] ? inet_sendmsg+0x147/0x5e0 [ 199.808046][ T8054] ? ipip_gro_receive+0x100/0x100 [ 199.813124][ T8054] sock_sendmsg+0xdd/0x130 [ 199.817591][ T8054] ___sys_sendmsg+0x3e2/0x930 [ 199.822315][ T8054] ? copy_msghdr_from_user+0x430/0x430 [ 199.827811][ T8054] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.833309][ T8054] ? lockdep_hardirqs_on+0x418/0x5d0 [ 199.838629][ T8054] ? retint_kernel+0x2d/0x2d [ 199.843256][ T8054] ? trace_hardirqs_on_caller+0x6a/0x220 [ 199.848929][ T8054] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.854426][ T8054] ? __might_fault+0x12b/0x1e0 [ 199.859223][ T8054] ? find_held_lock+0x35/0x130 [ 199.864025][ T8054] ? __might_fault+0x12b/0x1e0 [ 199.868834][ T8054] ? lock_downgrade+0x880/0x880 [ 199.873720][ T8054] ? ___might_sleep+0x163/0x280 [ 199.878600][ T8054] __sys_sendmmsg+0x1bf/0x4d0 [ 199.883313][ T8054] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 199.888376][ T8054] ? _copy_to_user+0xc9/0x120 [ 199.893091][ T8054] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.899365][ T8054] ? put_timespec64+0xda/0x140 [ 199.904153][ T8054] ? nsecs_to_jiffies+0x30/0x30 [ 199.909042][ T8054] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.914547][ T8054] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.920040][ T8054] ? do_syscall_64+0x26/0x610 [ 199.924748][ T8054] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.930849][ T8054] ? do_syscall_64+0x26/0x610 [ 199.935568][ T8054] __x64_sys_sendmmsg+0x9d/0x100 [ 199.940549][ T8054] do_syscall_64+0x103/0x610 [ 199.945168][ T8054] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.951101][ T8054] RIP: 0033:0x4582b9 [ 199.955018][ T8054] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.974642][ T8054] RSP: 002b:00007f66b4c7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 199.983091][ T8054] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 199.991105][ T8054] RDX: 040000000000001c RSI: 00000000200002c0 RDI: 0000000000000004 [ 199.999111][ T8054] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 200.007115][ T8054] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66b4c7e6d4 [ 200.015116][ T8054] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 200.119330][ T8054] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/8054 [ 200.131173][ T8054] caller is ip6_finish_output+0x335/0xdc0 [ 200.137353][ T8054] CPU: 1 PID: 8054 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 200.146427][ T8054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 200.156544][ T8054] Call Trace: [ 200.160271][ T8054] dump_stack+0x172/0x1f0 [ 200.165797][ T8054] __this_cpu_preempt_check+0x246/0x270 [ 200.171558][ T8054] ip6_finish_output+0x335/0xdc0 [ 200.176583][ T8054] ip6_output+0x235/0x7f0 [ 200.180980][ T8054] ? ip6_finish_output+0xdc0/0xdc0 [ 200.186273][ T8054] ? ip6_fragment+0x3980/0x3980 [ 200.191181][ T8054] ? retint_kernel+0x2d/0x2d [ 200.195889][ T8054] ip6_local_out+0xc4/0x1b0 [ 200.200578][ T8054] ip6_send_skb+0xbb/0x350 [ 200.205062][ T8054] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 200.210601][ T8054] udpv6_sendmsg+0x21e3/0x28d0 [ 200.215822][ T8054] ? ip_reply_glue_bits+0xc0/0xc0 [ 200.221082][ T8054] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 200.227127][ T8054] ? aa_profile_af_perm+0x320/0x320 [ 200.232371][ T8054] ? retint_kernel+0x2d/0x2d [ 200.237024][ T8054] ? lockdep_hardirqs_on+0x418/0x5d0 [ 200.242457][ T8054] ? retint_kernel+0x2d/0x2d [ 200.247095][ T8054] ? trace_hardirqs_on_caller+0x6a/0x220 [ 200.252778][ T8054] ? retint_kernel+0x2d/0x2d [ 200.257416][ T8054] inet_sendmsg+0x147/0x5e0 [ 200.261958][ T8054] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 200.267983][ T8054] ? inet_sendmsg+0x147/0x5e0 [ 200.272711][ T8054] ? ipip_gro_receive+0x100/0x100 [ 200.277781][ T8054] sock_sendmsg+0xdd/0x130 [ 200.282242][ T8054] ___sys_sendmsg+0x3e2/0x930 [ 200.286958][ T8054] ? copy_msghdr_from_user+0x430/0x430 [ 200.292460][ T8054] ? __lock_acquire+0x548/0x3fb0 [ 200.297548][ T8054] ? retint_kernel+0x2d/0x2d [ 200.302180][ T8054] ? trace_hardirqs_on_caller+0x6a/0x220 [ 200.307853][ T8054] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.313352][ T8054] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.318851][ T8054] ? lockdep_hardirqs_on+0x418/0x5d0 [ 200.324178][ T8054] ? retint_kernel+0x2d/0x2d [ 200.328810][ T8054] ? trace_hardirqs_on_caller+0x6a/0x220 [ 200.334948][ T8054] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.340484][ T8054] ? retint_kernel+0x2d/0x2d [ 200.345130][ T8054] ? ___might_sleep+0x163/0x280 [ 200.350036][ T8054] __sys_sendmmsg+0x1bf/0x4d0 [ 200.354748][ T8054] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 200.359820][ T8054] ? _copy_to_user+0xc9/0x120 [ 200.364533][ T8054] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.370818][ T8054] ? put_timespec64+0xda/0x140 [ 200.375614][ T8054] ? nsecs_to_jiffies+0x30/0x30 [ 200.380522][ T8054] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.386031][ T8054] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.391533][ T8054] ? do_syscall_64+0x26/0x610 [ 200.396336][ T8054] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.402453][ T8054] ? do_syscall_64+0x26/0x610 [ 200.407180][ T8054] __x64_sys_sendmmsg+0x9d/0x100 [ 200.412283][ T8054] do_syscall_64+0x103/0x610 [ 200.416916][ T8054] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.422839][ T8054] RIP: 0033:0x4582b9 [ 200.426765][ T8054] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 200.446482][ T8054] RSP: 002b:00007f66b4c7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 200.454916][ T8054] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 200.462913][ T8054] RDX: 040000000000001c RSI: 00000000200002c0 RDI: 0000000000000004 22:01:53 executing program 4: getsockopt(0xffffffffffffffff, 0x114, 0x2720, 0x0, &(0x7f0000000240)) 22:01:53 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xff7000)=nil, 0xff7000, 0xfffffffffc, 0x31, 0xffffffffffffffff, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000003600)={0x0, 0x0, 0xffffffffffffffde, 0x0, @scatter={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 200.470913][ T8054] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 200.478914][ T8054] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66b4c7e6d4 [ 200.486910][ T8054] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff 22:01:54 executing program 4: getsockopt(0xffffffffffffffff, 0x114, 0x2720, 0x0, &(0x7f0000000240)) 22:01:54 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000080)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @remote}, {0x2, 0x0, @broadcast}, 0x282, 0x0, 0x0, 0x46a}) [ 200.570280][ T8061] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 22:01:54 executing program 2: r0 = socket(0x10, 0x80002, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) utimensat(r0, 0x0, 0x0, 0x0) [ 200.721248][ T8054] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/8054 [ 200.733013][ T8054] caller is ip6_finish_output+0x335/0xdc0 [ 200.739003][ T8054] CPU: 0 PID: 8054 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 200.748050][ T8054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 200.758140][ T8054] Call Trace: [ 200.761470][ T8054] dump_stack+0x172/0x1f0 [ 200.765842][ T8054] __this_cpu_preempt_check+0x246/0x270 [ 200.771420][ T8054] ip6_finish_output+0x335/0xdc0 [ 200.771443][ T8054] ip6_output+0x235/0x7f0 [ 200.780743][ T8054] ? ip6_finish_output+0xdc0/0xdc0 [ 200.785883][ T8054] ? trace_hardirqs_on_caller+0x6a/0x220 [ 200.791563][ T8054] ? ip6_fragment+0x3980/0x3980 [ 200.796455][ T8054] ip6_local_out+0xc4/0x1b0 [ 200.800993][ T8054] ip6_send_skb+0xbb/0x350 [ 200.805442][ T8054] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 200.810947][ T8054] udpv6_sendmsg+0x21e3/0x28d0 [ 200.815743][ T8054] ? ip_reply_glue_bits+0xc0/0xc0 [ 200.820809][ T8054] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 200.826832][ T8054] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.832331][ T8054] ? aa_profile_af_perm+0x320/0x320 [ 200.837578][ T8054] ? lockdep_hardirqs_on+0x418/0x5d0 [ 200.842895][ T8054] ? retint_kernel+0x2d/0x2d [ 200.847511][ T8054] ? trace_hardirqs_on_caller+0x6a/0x220 [ 200.853181][ T8054] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.858692][ T8054] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.864195][ T8054] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 200.869781][ T8054] inet_sendmsg+0x147/0x5e0 [ 200.874375][ T8054] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 200.880364][ T8054] ? inet_sendmsg+0x147/0x5e0 [ 200.885053][ T8054] ? ipip_gro_receive+0x100/0x100 [ 200.890150][ T8054] sock_sendmsg+0xdd/0x130 [ 200.894595][ T8054] ___sys_sendmsg+0x3e2/0x930 [ 200.899295][ T8054] ? copy_msghdr_from_user+0x430/0x430 [ 200.904774][ T8054] ? __lock_acquire+0x548/0x3fb0 [ 200.909731][ T8054] ? retint_kernel+0x2d/0x2d [ 200.914374][ T8054] ? trace_hardirqs_on_caller+0x6a/0x220 [ 200.920043][ T8054] ? __might_fault+0x12b/0x1e0 [ 200.924818][ T8054] ? find_held_lock+0x35/0x130 [ 200.929599][ T8054] ? __might_fault+0x12b/0x1e0 [ 200.934384][ T8054] ? lock_downgrade+0x880/0x880 [ 200.939239][ T8054] ? ___might_sleep+0x163/0x280 [ 200.944112][ T8054] __sys_sendmmsg+0x1bf/0x4d0 [ 200.948809][ T8054] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 200.953839][ T8054] ? _copy_to_user+0xc9/0x120 [ 200.958522][ T8054] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.964774][ T8054] ? put_timespec64+0xda/0x140 [ 200.969546][ T8054] ? nsecs_to_jiffies+0x30/0x30 [ 200.974399][ T8054] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.979862][ T8054] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.985324][ T8054] ? do_syscall_64+0x26/0x610 [ 200.990002][ T8054] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.996099][ T8054] ? do_syscall_64+0x26/0x610 [ 201.000798][ T8054] __x64_sys_sendmmsg+0x9d/0x100 [ 201.005739][ T8054] do_syscall_64+0x103/0x610 [ 201.010333][ T8054] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 201.016236][ T8054] RIP: 0033:0x4582b9 [ 201.020136][ T8054] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 201.039756][ T8054] RSP: 002b:00007f66b4c7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 201.048170][ T8054] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 201.056154][ T8054] RDX: 040000000000001c RSI: 00000000200002c0 RDI: 0000000000000004 [ 201.064140][ T8054] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 201.072118][ T8054] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66b4c7e6d4 [ 201.080100][ T8054] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 201.092115][ T8054] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/8054 [ 201.102082][ T8054] caller is ip6_finish_output+0x335/0xdc0 [ 201.114443][ T8054] CPU: 1 PID: 8054 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 201.123482][ T8054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 201.133544][ T8054] Call Trace: [ 201.136874][ T8054] dump_stack+0x172/0x1f0 [ 201.141237][ T8054] __this_cpu_preempt_check+0x246/0x270 [ 201.146799][ T8054] ip6_finish_output+0x335/0xdc0 [ 201.151815][ T8054] ip6_output+0x235/0x7f0 [ 201.156164][ T8054] ? ip6_finish_output+0xdc0/0xdc0 [ 201.161310][ T8054] ? ip6_fragment+0x3980/0x3980 [ 201.166283][ T8054] ? ip_reply_glue_bits+0xc0/0xc0 [ 201.171350][ T8054] ip6_local_out+0xc4/0x1b0 [ 201.175872][ T8054] ip6_send_skb+0xbb/0x350 [ 201.180322][ T8054] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 201.185845][ T8054] udpv6_sendmsg+0x21e3/0x28d0 [ 201.190626][ T8054] ? ip_reply_glue_bits+0xc0/0xc0 [ 201.195668][ T8054] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 201.201684][ T8054] ? aa_profile_af_perm+0x320/0x320 [ 201.206904][ T8054] ? __might_fault+0x12b/0x1e0 [ 201.211697][ T8054] ? find_held_lock+0x35/0x130 [ 201.216503][ T8054] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 201.222800][ T8054] ? rw_copy_check_uvector+0x2a6/0x330 [ 201.228314][ T8054] ? retint_kernel+0x2d/0x2d [ 201.232949][ T8054] ? trace_hardirqs_on_caller+0x6a/0x220 [ 201.238654][ T8054] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 201.244671][ T8054] inet_sendmsg+0x147/0x5e0 [ 201.249214][ T8054] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 201.255220][ T8054] ? inet_sendmsg+0x147/0x5e0 [ 201.259935][ T8054] ? ipip_gro_receive+0x100/0x100 [ 201.265143][ T8054] sock_sendmsg+0xdd/0x130 [ 201.269600][ T8054] ___sys_sendmsg+0x3e2/0x930 [ 201.274318][ T8054] ? copy_msghdr_from_user+0x430/0x430 [ 201.279829][ T8054] ? __lock_acquire+0x548/0x3fb0 [ 201.284800][ T8054] ? retint_kernel+0x2d/0x2d [ 201.289430][ T8054] ? trace_hardirqs_on_caller+0x6a/0x220 [ 201.295108][ T8054] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 201.300607][ T8054] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 201.306106][ T8054] ? lockdep_hardirqs_on+0x418/0x5d0 [ 201.311428][ T8054] ? retint_kernel+0x2d/0x2d [ 201.316055][ T8054] ? trace_hardirqs_on_caller+0x6a/0x220 [ 201.321741][ T8054] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 201.327238][ T8054] ? retint_kernel+0x2d/0x2d [ 201.331873][ T8054] ? ___might_sleep+0x163/0x280 [ 201.336754][ T8054] __sys_sendmmsg+0x1bf/0x4d0 [ 201.341468][ T8054] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 201.346528][ T8054] ? _copy_to_user+0xc9/0x120 [ 201.351239][ T8054] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 201.357506][ T8054] ? put_timespec64+0xda/0x140 [ 201.362298][ T8054] ? nsecs_to_jiffies+0x30/0x30 [ 201.367192][ T8054] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 201.372685][ T8054] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 201.378188][ T8054] ? do_syscall_64+0x26/0x610 [ 201.382905][ T8054] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 201.389006][ T8054] ? do_syscall_64+0x26/0x610 [ 201.393860][ T8054] __x64_sys_sendmmsg+0x9d/0x100 [ 201.398835][ T8054] do_syscall_64+0x103/0x610 [ 201.403464][ T8054] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 201.409385][ T8054] RIP: 0033:0x4582b9 [ 201.413317][ T8054] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 201.432950][ T8054] RSP: 002b:00007f66b4c7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 201.441392][ T8054] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 201.449388][ T8054] RDX: 040000000000001c RSI: 00000000200002c0 RDI: 0000000000000004 [ 201.457375][ T8054] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 201.465365][ T8054] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66b4c7e6d4 [ 201.473359][ T8054] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 201.485112][ T8054] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/8054 [ 201.494739][ T8054] caller is ip6_finish_output+0x335/0xdc0 [ 201.500492][ T8054] CPU: 1 PID: 8054 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 201.500501][ T8054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 201.500506][ T8054] Call Trace: [ 201.500533][ T8054] dump_stack+0x172/0x1f0 [ 201.500560][ T8054] __this_cpu_preempt_check+0x246/0x270 [ 201.519693][ T8054] ip6_finish_output+0x335/0xdc0 [ 201.519714][ T8054] ip6_output+0x235/0x7f0 [ 201.519730][ T8054] ? ip6_finish_output+0xdc0/0xdc0 [ 201.519749][ T8054] ? ip6_fragment+0x3980/0x3980 [ 201.519773][ T8054] ? ip_reply_glue_bits+0xc0/0xc0 [ 201.519804][ T8054] ip6_local_out+0xc4/0x1b0 [ 201.527462][ T8054] ip6_send_skb+0xbb/0x350 [ 201.527484][ T8054] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 201.527506][ T8054] udpv6_sendmsg+0x21e3/0x28d0 [ 201.527523][ T8054] ? ip_reply_glue_bits+0xc0/0xc0 [ 201.527545][ T8054] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 201.527570][ T8054] ? aa_profile_af_perm+0x320/0x320 [ 201.538103][ T8054] ? __might_fault+0x12b/0x1e0 [ 201.538121][ T8054] ? find_held_lock+0x35/0x130 [ 201.538138][ T8054] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 201.538154][ T8054] ? rw_copy_check_uvector+0x2a6/0x330 [ 201.538202][ T8054] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 201.547674][ T8054] inet_sendmsg+0x147/0x5e0 [ 201.547694][ T8054] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 201.547703][ T8054] ? inet_sendmsg+0x147/0x5e0 [ 201.547716][ T8054] ? ipip_gro_receive+0x100/0x100 [ 201.547734][ T8054] sock_sendmsg+0xdd/0x130 [ 201.547750][ T8054] ___sys_sendmsg+0x3e2/0x930 [ 201.547773][ T8054] ? copy_msghdr_from_user+0x430/0x430 [ 201.557670][ T8054] ? __lock_acquire+0x548/0x3fb0 [ 201.557688][ T8054] ? retint_kernel+0x2d/0x2d [ 201.557703][ T8054] ? trace_hardirqs_on_caller+0x6a/0x220 [ 201.557725][ T8054] ? __might_fault+0x12b/0x1e0 [ 201.557738][ T8054] ? find_held_lock+0x35/0x130 [ 201.557758][ T8054] ? __might_fault+0x12b/0x1e0 [ 201.566701][ T8054] ? lock_downgrade+0x880/0x880 [ 201.566726][ T8054] ? ___might_sleep+0x163/0x280 [ 201.566742][ T8054] __sys_sendmmsg+0x1bf/0x4d0 [ 201.566759][ T8054] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 201.566784][ T8054] ? _copy_to_user+0xc9/0x120 [ 201.577033][ T8054] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 201.577050][ T8054] ? put_timespec64+0xda/0x140 [ 201.577063][ T8054] ? nsecs_to_jiffies+0x30/0x30 [ 201.577097][ T8054] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 201.577112][ T8054] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 201.577149][ T8054] ? do_syscall_64+0x26/0x610 [ 201.588180][ T8054] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 201.588198][ T8054] ? do_syscall_64+0x26/0x610 [ 201.588218][ T8054] __x64_sys_sendmmsg+0x9d/0x100 [ 201.588235][ T8054] do_syscall_64+0x103/0x610 [ 201.588250][ T8054] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 201.588262][ T8054] RIP: 0033:0x4582b9 [ 201.588279][ T8054] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 201.588298][ T8054] RSP: 002b:00007f66b4c7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 201.598271][ T8054] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 201.598286][ T8054] RDX: 040000000000001c RSI: 00000000200002c0 RDI: 0000000000000004 [ 201.598293][ T8054] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 201.598301][ T8054] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66b4c7e6d4 [ 201.598309][ T8054] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 201.603104][ T8054] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/8054 [ 201.615196][ T8054] caller is ip6_finish_output+0x335/0xdc0 [ 201.615216][ T8054] CPU: 1 PID: 8054 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 201.615225][ T8054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 201.615230][ T8054] Call Trace: [ 201.615253][ T8054] dump_stack+0x172/0x1f0 [ 201.615287][ T8054] __this_cpu_preempt_check+0x246/0x270 [ 201.615303][ T8054] ip6_finish_output+0x335/0xdc0 [ 201.615322][ T8054] ip6_output+0x235/0x7f0 [ 201.615345][ T8054] ? ip6_finish_output+0xdc0/0xdc0 [ 201.631423][ T8054] ? ip6_fragment+0x3980/0x3980 [ 201.631441][ T8054] ? ip_reply_glue_bits+0xc0/0xc0 [ 201.631465][ T8054] ip6_local_out+0xc4/0x1b0 [ 201.641195][ T8054] ip6_send_skb+0xbb/0x350 [ 201.641219][ T8054] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 201.641241][ T8054] udpv6_sendmsg+0x21e3/0x28d0 [ 201.650351][ T8054] ? ip_reply_glue_bits+0xc0/0xc0 [ 201.650386][ T8054] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 201.660804][ T8054] ? aa_profile_af_perm+0x320/0x320 [ 201.660823][ T8054] ? __might_fault+0x12b/0x1e0 [ 201.660848][ T8054] ? find_held_lock+0x35/0x130 [ 201.671111][ T8054] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 201.671133][ T8054] ? rw_copy_check_uvector+0x2a6/0x330 [ 201.671175][ T8054] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 201.680724][ T8054] inet_sendmsg+0x147/0x5e0 [ 201.680745][ T8054] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 201.680765][ T8054] ? inet_sendmsg+0x147/0x5e0 [ 201.690406][ T8054] ? ipip_gro_receive+0x100/0x100 [ 201.690427][ T8054] sock_sendmsg+0xdd/0x130 [ 201.690449][ T8054] ___sys_sendmsg+0x3e2/0x930 [ 201.699997][ T8054] ? copy_msghdr_from_user+0x430/0x430 [ 201.700022][ T8054] ? __lock_acquire+0x548/0x3fb0 [ 201.709783][ T8054] ? retint_kernel+0x2d/0x2d [ 201.709802][ T8054] ? trace_hardirqs_on_caller+0x6a/0x220 [ 201.709827][ T8054] ? __might_fault+0x12b/0x1e0 [ 202.027765][ T8054] ? find_held_lock+0x35/0x130 [ 202.032535][ T8054] ? __might_fault+0x12b/0x1e0 [ 202.037320][ T8054] ? lock_downgrade+0x880/0x880 [ 202.042188][ T8054] ? ___might_sleep+0x163/0x280 [ 202.047072][ T8054] __sys_sendmmsg+0x1bf/0x4d0 [ 202.051790][ T8054] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 202.056828][ T8054] ? _copy_to_user+0xc9/0x120 [ 202.061531][ T8054] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 202.067800][ T8054] ? put_timespec64+0xda/0x140 [ 202.072569][ T8054] ? nsecs_to_jiffies+0x30/0x30 [ 202.077436][ T8054] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 202.082900][ T8054] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 202.088378][ T8054] ? do_syscall_64+0x26/0x610 [ 202.093075][ T8054] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.099186][ T8054] ? do_syscall_64+0x26/0x610 [ 202.103899][ T8054] __x64_sys_sendmmsg+0x9d/0x100 [ 202.108858][ T8054] do_syscall_64+0x103/0x610 [ 202.113468][ T8054] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.119396][ T8054] RIP: 0033:0x4582b9 [ 202.123329][ T8054] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 202.143101][ T8054] RSP: 002b:00007f66b4c7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 202.151523][ T8054] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 202.159505][ T8054] RDX: 040000000000001c RSI: 00000000200002c0 RDI: 0000000000000004 [ 202.167810][ T8054] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 202.175789][ T8054] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66b4c7e6d4 [ 202.183809][ T8054] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff 22:01:55 executing program 5: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf64(r0, &(0x7f0000000980)=ANY=[@ANYBLOB='}'], 0x1) setsockopt$sock_int(r1, 0x1, 0x200000010, &(0x7f0000000040)=0x1, 0x4) write$binfmt_elf32(r0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00'], 0x1) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, &(0x7f0000002b00)=[{&(0x7f0000002a80)=""/95, 0x5f}], 0x1, &(0x7f0000000080)=""/62, 0x3e}}], 0x251, 0x0, 0x0) 22:01:55 executing program 2: pipe(0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000040)=@nullb='[0::]:4547:\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ceph\x00', 0x0, 0x0) 22:01:55 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) clone(0x40003102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r0, 0xc018620b, 0x0) 22:01:55 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) ioctl$sock_ifreq(r0, 0x200008924, &(0x7f0000000040)={'bridge0\x00', @ifru_settings={0x1, 0xff, @fr_pvc=0x0}}) [ 202.326353][ T8112] binder: 8108:8112 ioctl c018620b 0 returned -14 [ 202.451937][ T3483] libceph: mon0 [::1]:4547 socket error on write [ 202.468962][ T3483] libceph: mon0 [::1]:4547 socket error on write 22:01:56 executing program 1: getgroups(0x0, 0x0) r0 = getpgrp(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x800000409ff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() futex(&(0x7f0000000140)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) write$P9_RREAD(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="fa79be9c7993304290ed32e54619c82f86204f7ec2ff449fb8ee9e12f9db87aef081c78dfd3aa53b871e24445c16f5eff08614b07ea96e62a6"], 0x39) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f00000000c0)) ptrace$cont(0x7, r1, 0x0, 0x0) 22:01:56 executing program 4: getsockopt(0xffffffffffffffff, 0x114, 0x2720, 0x0, &(0x7f0000000240)) 22:01:56 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x5a) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f0000000bc0), 0x3146e6ddae11d35, 0x8004) 22:01:56 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x10) writev(r0, &(0x7f0000000000)=[{&(0x7f00000000c0)="480000001500197f09004b0101048c590188ffffcf5d3474bc9240e10520613057fff7e07900e0413ff26bb452cf9e8a62bf5b3b8c3cfe5f0028213ee20600d4ff5bffff00c7e5ed3563ab", 0x4b}], 0x1) 22:01:56 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000080)={0x10000107000}) dup2(r0, r1) 22:01:56 executing program 4: r0 = socket(0x0, 0x805, 0x0) getsockopt(r0, 0x114, 0x2720, 0x0, &(0x7f0000000240)) 22:01:56 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="000000000000000008001b00000000000800100005000000db8ce1b61d48c35374170c7b28954b4af3709b52688f66"], 0x1}}, 0x0) 22:01:56 executing program 4: r0 = socket(0x0, 0x805, 0x0) getsockopt(r0, 0x114, 0x2720, 0x0, &(0x7f0000000240)) 22:01:56 executing program 0: [ 203.152263][ T3000] libceph: mon0 [::1]:4547 socket error on write 22:01:56 executing program 2: pipe(0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000040)=@nullb='[0::]:4547:\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ceph\x00', 0x0, 0x0) 22:01:56 executing program 4: r0 = socket(0x0, 0x805, 0x0) getsockopt(r0, 0x114, 0x2720, 0x0, &(0x7f0000000240)) 22:01:56 executing program 5: [ 203.336484][ T3483] libceph: mon0 [::1]:4547 socket error on write [ 203.506886][ T17] libceph: mon0 [::1]:4547 socket error on write [ 203.514359][ T17] libceph: mon0 [::1]:4547 socket error on write [ 204.385968][ T17] libceph: mon0 [::1]:4547 socket closed (con state CONNECTING) 22:01:59 executing program 1: getgroups(0x0, 0x0) r0 = getpgrp(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x800000409ff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() futex(&(0x7f0000000140)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) write$P9_RREAD(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="fa79be9c7993304290ed32e54619c82f86204f7ec2ff449fb8ee9e12f9db87aef081c78dfd3aa53b871e24445c16f5eff08614b07ea96e62a6"], 0x39) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f00000000c0)) ptrace$cont(0x7, r1, 0x0, 0x0) 22:01:59 executing program 3: 22:01:59 executing program 0: 22:01:59 executing program 5: 22:01:59 executing program 4: r0 = socket(0x848000000015, 0x0, 0x0) getsockopt(r0, 0x114, 0x2720, 0x0, &(0x7f0000000240)) 22:01:59 executing program 2: pipe(0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000040)=@nullb='[0::]:4547:\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ceph\x00', 0x0, 0x0) 22:01:59 executing program 3: 22:01:59 executing program 0: 22:01:59 executing program 5: 22:01:59 executing program 3: 22:01:59 executing program 4: r0 = socket(0x848000000015, 0x0, 0x0) getsockopt(r0, 0x114, 0x2720, 0x0, &(0x7f0000000240)) 22:01:59 executing program 5: [ 205.859594][ T7855] libceph: mon0 [::1]:4547 socket error on write [ 205.876337][ T7855] libceph: mon0 [::1]:4547 socket error on write [ 206.345377][ T7855] libceph: mon0 [::1]:4547 socket error on write