[ 34.545010][ T26] audit: type=1800 audit(1554691166.686:27): pid=7372 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 34.545034][ T26] audit: type=1800 audit(1554691166.686:28): pid=7372 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 35.305400][ T26] audit: type=1800 audit(1554691167.486:29): pid=7372 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 35.326534][ T26] audit: type=1800 audit(1554691167.486:30): pid=7372 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.255' (ECDSA) to the list of known hosts. 2019/04/08 02:39:50 fuzzer started 2019/04/08 02:39:53 dialing manager at 10.128.0.26:34543 2019/04/08 02:39:53 syscalls: 2408 2019/04/08 02:39:53 code coverage: enabled 2019/04/08 02:39:53 comparison tracing: enabled 2019/04/08 02:39:53 extra coverage: extra coverage is not supported by the kernel 2019/04/08 02:39:53 setuid sandbox: enabled 2019/04/08 02:39:53 namespace sandbox: enabled 2019/04/08 02:39:53 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/08 02:39:53 fault injection: enabled 2019/04/08 02:39:53 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/08 02:39:53 net packet injection: enabled 2019/04/08 02:39:53 net device setup: enabled 02:41:57 executing program 0: openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/btrfs-control\x00', 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_LINKINFO={0x24, 0x12, @bridge_slave={{0x14, 0x1, 'bridge_slave\x00'}, {0xc, 0x5, [@IFLA_BRPORT_GUARD={0x8, 0x22}]}}}]}, 0x44}}, 0x0) syzkaller login: [ 185.090355][ T7537] IPVS: ftp: loaded support on port[0] = 21 02:41:57 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f0000000000)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)={[{@fat=@check_relaxed='check=relaxed'}]}) [ 185.195559][ T7537] chnl_net:caif_netlink_parms(): no params data found [ 185.289989][ T7537] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.307646][ T7537] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.316455][ T7537] device bridge_slave_0 entered promiscuous mode [ 185.326646][ T7537] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.334174][ T7537] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.343388][ T7537] device bridge_slave_1 entered promiscuous mode [ 185.364927][ T7540] IPVS: ftp: loaded support on port[0] = 21 02:41:57 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xf74, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) unshare(0x6c060000) [ 185.384605][ T7537] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 185.408626][ T7537] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 185.459829][ T7537] team0: Port device team_slave_0 added [ 185.479975][ T7537] team0: Port device team_slave_1 added [ 185.554304][ T7544] IPVS: ftp: loaded support on port[0] = 21 02:41:57 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xfffffffffffffffd, "1829716571b7fc2e3504e9ddaaed72dd57fc84f9652ec12682d178ac6bcb05b7"}) [ 185.613486][ T7537] device hsr_slave_0 entered promiscuous mode [ 185.671113][ T7537] device hsr_slave_1 entered promiscuous mode [ 185.731035][ T7537] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.738306][ T7537] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.746333][ T7537] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.753455][ T7537] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.807454][ T7546] IPVS: ftp: loaded support on port[0] = 21 [ 185.819135][ T7540] chnl_net:caif_netlink_parms(): no params data found 02:41:58 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$GIO_SCRNMAP(0xffffffffffffffff, 0x4b40, &(0x7f0000000040)) setgroups(0x1210, &(0x7f0000000380)=[0x0]) [ 186.013950][ T7537] 8021q: adding VLAN 0 to HW filter on device bond0 02:41:58 executing program 5: getgroups(0x2, &(0x7f0000001280)=[0x0, 0xffffffffffffffff]) syz_mount_image$jfs(&(0x7f00000000c0)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 186.064559][ T7540] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.081247][ T7540] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.094747][ T7540] device bridge_slave_0 entered promiscuous mode [ 186.118207][ T7540] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.125363][ T7540] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.133486][ T7540] device bridge_slave_1 entered promiscuous mode [ 186.154484][ T7540] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 186.173926][ T7544] chnl_net:caif_netlink_parms(): no params data found [ 186.174399][ T7550] IPVS: ftp: loaded support on port[0] = 21 [ 186.198965][ T7540] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 186.213371][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 186.234923][ T17] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.253470][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.263853][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 186.281762][ T7537] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.332665][ T7540] team0: Port device team_slave_0 added [ 186.339837][ T7540] team0: Port device team_slave_1 added [ 186.351585][ T3682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.360115][ T3682] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.369239][ T3682] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.376342][ T3682] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.383890][ T3682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.392482][ T3682] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 186.400939][ T3682] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.408006][ T3682] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.428230][ T7552] IPVS: ftp: loaded support on port[0] = 21 [ 186.449913][ T7546] chnl_net:caif_netlink_parms(): no params data found [ 186.533908][ T7540] device hsr_slave_0 entered promiscuous mode [ 186.591289][ T7540] device hsr_slave_1 entered promiscuous mode [ 186.668367][ T7544] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.675724][ T7544] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.683415][ T7544] device bridge_slave_0 entered promiscuous mode [ 186.692706][ T7547] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 186.701719][ T7547] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 186.718767][ T7544] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.726046][ T7544] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.734218][ T7544] device bridge_slave_1 entered promiscuous mode [ 186.772288][ T7544] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 186.790097][ T7544] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 186.815622][ T7546] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.822882][ T7546] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.830634][ T7546] device bridge_slave_0 entered promiscuous mode [ 186.838702][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.847626][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.855980][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 186.877997][ T7544] team0: Port device team_slave_0 added [ 186.885662][ T7544] team0: Port device team_slave_1 added [ 186.891932][ T7546] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.899114][ T7546] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.907185][ T7546] device bridge_slave_1 entered promiscuous mode [ 186.924019][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 186.932765][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 186.948160][ T7537] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 186.958809][ T7537] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 186.986996][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 186.995851][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 187.005045][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 187.013358][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 187.036710][ T7550] chnl_net:caif_netlink_parms(): no params data found [ 187.046384][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 187.103563][ T7544] device hsr_slave_0 entered promiscuous mode [ 187.141337][ T7544] device hsr_slave_1 entered promiscuous mode [ 187.202936][ T7546] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 187.216527][ T7546] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 187.247354][ T7546] team0: Port device team_slave_0 added [ 187.297658][ T7546] team0: Port device team_slave_1 added [ 187.324074][ T7537] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 187.353242][ T7540] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.360198][ T7550] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.367456][ T7550] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.377556][ T7550] device bridge_slave_0 entered promiscuous mode [ 187.432728][ T7546] device hsr_slave_0 entered promiscuous mode [ 187.471193][ T7546] device hsr_slave_1 entered promiscuous mode [ 187.527395][ T7552] chnl_net:caif_netlink_parms(): no params data found [ 187.544692][ T7550] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.556351][ T7550] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.567233][ T7550] device bridge_slave_1 entered promiscuous mode [ 187.596862][ T7550] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 187.635208][ T7550] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 187.668013][ T7541] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.676099][ T7541] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.692868][ T7540] 8021q: adding VLAN 0 to HW filter on device team0 02:41:59 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x40, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4138ae84, &(0x7f0000000000)) [ 187.716511][ T7552] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.726240][ T7552] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.734767][ T7552] device bridge_slave_0 entered promiscuous mode [ 187.777652][ T7563] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 187.799030][ T7552] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.813008][ T7552] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.824649][ T7552] device bridge_slave_1 entered promiscuous mode [ 187.832998][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 187.841834][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 187.850209][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.857299][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.867257][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 187.876302][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.884811][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.891911][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.907563][ T7546] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.920142][ T7544] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.929253][ T7550] team0: Port device team_slave_0 added [ 187.944927][ C0] hrtimer: interrupt took 29038 ns [ 187.952021][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.960048][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 187.974242][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 188.003425][ T7550] team0: Port device team_slave_1 added [ 188.013543][ T7541] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 188.026551][ T7541] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 188.038966][ T7541] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 188.048065][ T7541] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 188.056760][ T7541] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 188.064730][ T7541] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 188.072503][ T7541] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 188.081383][ T7541] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 188.089707][ T7541] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 02:42:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x40, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4138ae84, &(0x7f0000000000)) [ 188.101827][ T7546] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.117976][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 188.126610][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 188.135796][ T7552] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 188.152218][ T7552] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 188.180439][ T7544] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.206194][ T7540] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 188.218209][ T7540] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 188.234933][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 188.248534][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 188.258105][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.265217][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.278977][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 188.287763][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready 02:42:00 executing program 0: openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000040)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 188.305604][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.312734][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.331631][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 188.341679][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 188.362756][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 188.380277][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 188.410593][ T7544] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 188.421966][ T7544] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 188.447486][ T7550] device hsr_slave_0 entered promiscuous mode 02:42:00 executing program 0: pwritev(0xffffffffffffffff, &(0x7f00000009c0)=[{&(0x7f0000000500)="17", 0x1}], 0x1, 0x0) fallocate(0xffffffffffffffff, 0x20, 0x0, 0xfffffeff000) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x1, 0x2) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x5, 0x0, 0xf93, 0x2, 0x0, 0x1}, 0xc) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x1000000000000, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, &(0x7f00000001c0), 0x4) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000440)={0x0, 0x4}, &(0x7f0000000480)=0xfffffffffffffe00) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f00000004c0)={0x7, 0x4, 0x8, 0x6, r1}, &(0x7f0000000500)=0x10) prctl$PR_SET_SPECULATION_CTRL(0x35, 0x0) ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) r2 = getpid() get_robust_list(r2, &(0x7f0000000380)=&(0x7f0000000340)={&(0x7f0000000100)={&(0x7f00000000c0)}, 0x0, &(0x7f0000000240)={&(0x7f0000000200)}}, &(0x7f00000003c0)=0x18) ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(0xffffffffffffffff, 0x800442d4, &(0x7f0000000180)) ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(0xffffffffffffffff, 0x800442d4, 0x0) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r3, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x80000000}, 0x60) bind$netrom(r0, &(0x7f0000000540)={{0x3, @default, 0x2}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) ioctl$DRM_IOCTL_MODE_SETCRTC(0xffffffffffffffff, 0xc06864a2, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) r4 = openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x2080000, 0x0) openat(0xffffffffffffff9c, 0x0, 0x220100, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000640)='cpuset.effective_mems\x00', 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x200000, 0x0) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000300)={&(0x7f0000000280)='./file0\x00', r4}, 0x10) clone(0x4400002102001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fstat(0xffffffffffffffff, 0x0) request_key(&(0x7f000000aff5)='asymmetric\x00', &(0x7f0000001ffb)={'\x00\x00\f', 0xffffffffffffffff, 0x4c00000000006874}, &(0x7f0000001fee)='R\trist\xe3cusgrVid:De', 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000002c0)={0x6, 0x8, 0x201, 0x6, 0x3, 0x0, 0x0, 0x6}, 0x0) [ 188.511503][ T7550] device hsr_slave_1 entered promiscuous mode 02:42:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x800, 0x0) openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x0, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, 0x0, 0x0, 0x2000000000002) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)) [ 188.566093][ T7552] team0: Port device team_slave_0 added [ 188.579419][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 188.607278][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 188.623397][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.630575][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.631757][ T7581] mmap: syz-executor.0 (7581) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 188.638695][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 188.659111][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 188.668206][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.675336][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.688979][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 188.698297][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 188.713275][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 188.726359][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 188.735800][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 188.750452][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 188.759920][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 188.773595][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 188.782255][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 188.790598][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 188.799612][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 188.807724][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 188.815623][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 188.843144][ T7552] team0: Port device team_slave_1 added [ 188.855194][ T7540] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 188.871991][ T2401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 188.882396][ T2401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 188.897092][ T2401] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 188.905744][ T2401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 188.920052][ T2401] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 188.929230][ T2401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 188.943349][ T2401] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 189.023501][ T7552] device hsr_slave_0 entered promiscuous mode [ 189.062439][ T7552] device hsr_slave_1 entered promiscuous mode 02:42:01 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x800, 0x0) openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x0, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, 0x0, 0x0, 0x2000000000002) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)) [ 189.104340][ T7546] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 189.124550][ T7546] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 189.155262][ T2401] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 189.181664][ T2401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 189.190080][ T2401] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 189.222900][ T7544] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 189.267924][ T7591] FAT-fs (loop1): bogus number of reserved sectors [ 189.277284][ T7591] FAT-fs (loop1): Can't find a valid FAT filesystem [ 189.298200][ T7550] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.325694][ T7546] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 189.382851][ T7598] FAT-fs (loop1): bogus number of reserved sectors [ 189.395257][ T7598] FAT-fs (loop1): Can't find a valid FAT filesystem [ 189.409177][ T2401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 189.420554][ T2401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 189.438085][ T7600] IPVS: ftp: loaded support on port[0] = 21 [ 189.443013][ T7550] 8021q: adding VLAN 0 to HW filter on device team0 [ 189.513352][ T7552] 8021q: adding VLAN 0 to HW filter on device bond0 02:42:01 executing program 1: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rfkill\x00', 0x0, 0x0) ppoll(&(0x7f0000000040)=[{r0}], 0x1, 0x0, 0x0, 0x0) [ 189.559498][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.582622][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.620485][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.627698][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 189.641727][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 189.673431][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 189.682289][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.689369][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 189.697629][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 189.706641][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 02:42:01 executing program 3: r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x9) fstatfs(r0, &(0x7f0000000080)=""/19) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c) write$binfmt_script(r1, &(0x7f0000002ec0)={'3! ', './file0'}, 0x3138) [ 189.742795][ T7547] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 189.751886][ T7547] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 189.760604][ T7547] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 189.769896][ T7547] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 189.797834][ T7547] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.820617][ T7547] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 189.850671][ T7547] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 189.858539][ T7612] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7612 [ 189.858600][ T7612] caller is ip6_finish_output+0x335/0xdc0 [ 189.858617][ T7612] CPU: 0 PID: 7612 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 189.858624][ T7612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 189.858630][ T7612] Call Trace: [ 189.858647][ T7612] dump_stack+0x172/0x1f0 [ 189.858669][ T7612] __this_cpu_preempt_check+0x246/0x270 [ 189.858690][ T7612] ip6_finish_output+0x335/0xdc0 [ 189.910979][ T7612] ip6_output+0x235/0x7f0 [ 189.915120][ T7547] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 189.915399][ T7612] ? ip6_finish_output+0xdc0/0xdc0 [ 189.928281][ T7612] ? ip6_fragment+0x3980/0x3980 [ 189.933139][ T7612] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 189.938715][ T7612] ip6_local_out+0xc4/0x1b0 [ 189.943236][ T7612] ip6_send_skb+0xbb/0x350 [ 189.945209][ T7547] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 189.947659][ T7612] ip6_push_pending_frames+0xc8/0xf0 [ 189.947678][ T7612] rawv6_sendmsg+0x299c/0x35e0 [ 189.947703][ T7612] ? rawv6_getsockopt+0x150/0x150 [ 189.970421][ T7612] ? aa_profile_af_perm+0x320/0x320 [ 189.975626][ T7612] ? __sched_text_start+0x8/0x8 [ 189.980486][ T7612] ? try_to_wake_up+0xc6/0x1000 [ 189.985178][ T7547] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 189.985342][ T7612] ? preempt_schedule+0x4b/0x60 [ 189.997377][ T7612] ? preempt_schedule_common+0x4f/0xe0 [ 190.002857][ T7612] ? ___might_sleep+0x163/0x280 [ 190.007719][ T7612] ? __might_sleep+0x95/0x190 [ 190.012432][ T7612] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 190.017988][ T7612] inet_sendmsg+0x147/0x5e0 [ 190.022506][ T7612] ? rawv6_getsockopt+0x150/0x150 [ 190.027536][ T7612] ? inet_sendmsg+0x147/0x5e0 [ 190.032631][ T7612] ? ipip_gro_receive+0x100/0x100 [ 190.037654][ T7612] sock_sendmsg+0xdd/0x130 [ 190.042065][ T7612] sock_write_iter+0x27c/0x3e0 [ 190.042084][ T7612] ? sock_sendmsg+0x130/0x130 [ 190.042105][ T7612] ? aa_path_link+0x460/0x460 [ 190.042119][ T7612] ? find_held_lock+0x35/0x130 [ 190.042133][ T7612] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.042147][ T7612] ? iov_iter_init+0xee/0x220 [ 190.042165][ T7612] new_sync_write+0x4c7/0x760 [ 190.042181][ T7612] ? default_llseek+0x2e0/0x2e0 [ 190.042198][ T7612] ? common_file_perm+0x238/0x720 [ 190.042210][ T7612] ? __fget+0x381/0x550 [ 190.042229][ T7612] ? apparmor_file_permission+0x25/0x30 [ 190.096096][ T7612] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 190.102320][ T7612] ? security_file_permission+0x94/0x380 [ 190.107937][ T7612] __vfs_write+0xe4/0x110 [ 190.112253][ T7612] vfs_write+0x20c/0x580 [ 190.116491][ T7612] ksys_write+0xea/0x1f0 [ 190.120727][ T7612] ? __ia32_sys_read+0xb0/0xb0 [ 190.125488][ T7612] __x64_sys_write+0x73/0xb0 [ 190.130066][ T7612] do_syscall_64+0x103/0x610 [ 190.134641][ T7612] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.140512][ T7612] RIP: 0033:0x4582b9 [ 190.144568][ T7612] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 190.164335][ T7612] RSP: 002b:00007f189254cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 190.172725][ T7612] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 190.180686][ T7612] RDX: 0000000000003138 RSI: 0000000020002ec0 RDI: 0000000000000006 [ 190.188642][ T7612] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 190.197934][ T7612] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f189254d6d4 [ 190.205902][ T7612] R13: 00000000004c7a3b R14: 00000000004ddaf0 R15: 00000000ffffffff [ 190.229363][ T7550] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 190.245166][ T2401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 190.253197][ T2401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 190.263809][ T7552] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.272583][ T7612] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7612 [ 190.282016][ T7612] caller is ip6_fragment+0x100/0x3980 [ 190.287404][ T7612] CPU: 0 PID: 7612 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 190.296416][ T7612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 190.306467][ T7612] Call Trace: [ 190.309766][ T7612] dump_stack+0x172/0x1f0 [ 190.309795][ T7612] __this_cpu_preempt_check+0x246/0x270 [ 190.309814][ T7612] ip6_fragment+0x100/0x3980 [ 190.319766][ T7612] ? ip6_mtu+0x2e6/0x460 [ 190.319786][ T7612] ? find_held_lock+0x35/0x130 [ 190.319807][ T7612] ? ip6_forward_finish+0x580/0x580 [ 190.328612][ T7612] ? ip6_forward+0x3880/0x3880 [ 190.328635][ T7612] ip6_finish_output+0x8a3/0xdc0 [ 190.338558][ T7612] ip6_output+0x235/0x7f0 [ 190.338580][ T7612] ? ip6_finish_output+0xdc0/0xdc0 [ 190.348265][ T7612] ? ip6_fragment+0x3980/0x3980 [ 190.348280][ T7612] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 190.348302][ T7612] ip6_local_out+0xc4/0x1b0 [ 190.357711][ T7612] ip6_send_skb+0xbb/0x350 [ 190.357744][ T7612] ip6_push_pending_frames+0xc8/0xf0 [ 190.368123][ T7612] rawv6_sendmsg+0x299c/0x35e0 [ 190.368147][ T7612] ? rawv6_getsockopt+0x150/0x150 [ 190.368166][ T7612] ? aa_profile_af_perm+0x320/0x320 [ 190.377048][ T7612] ? __sched_text_start+0x8/0x8 [ 190.387056][ T7612] ? try_to_wake_up+0xc6/0x1000 [ 190.387073][ T7612] ? preempt_schedule+0x4b/0x60 [ 190.387091][ T7612] ? preempt_schedule_common+0x4f/0xe0 [ 190.397285][ T7612] ? ___might_sleep+0x163/0x280 [ 190.397301][ T7612] ? __might_sleep+0x95/0x190 [ 190.397328][ T7612] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 190.406984][ T7612] inet_sendmsg+0x147/0x5e0 [ 190.406999][ T7612] ? rawv6_getsockopt+0x150/0x150 [ 190.407015][ T7612] ? inet_sendmsg+0x147/0x5e0 [ 190.417283][ T7612] ? ipip_gro_receive+0x100/0x100 [ 190.417302][ T7612] sock_sendmsg+0xdd/0x130 [ 190.417322][ T7612] sock_write_iter+0x27c/0x3e0 [ 190.436826][ T7612] ? sock_sendmsg+0x130/0x130 [ 190.451506][ T7612] ? aa_path_link+0x460/0x460 [ 190.451519][ T7612] ? find_held_lock+0x35/0x130 [ 190.451533][ T7612] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.451547][ T7612] ? iov_iter_init+0xee/0x220 [ 190.451563][ T7612] new_sync_write+0x4c7/0x760 [ 190.451580][ T7612] ? default_llseek+0x2e0/0x2e0 [ 190.451600][ T7612] ? common_file_perm+0x238/0x720 [ 190.451615][ T7612] ? __fget+0x381/0x550 [ 190.451631][ T7612] ? apparmor_file_permission+0x25/0x30 [ 190.451644][ T7612] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 190.451658][ T7612] ? security_file_permission+0x94/0x380 [ 190.451675][ T7612] __vfs_write+0xe4/0x110 [ 190.460826][ T7612] vfs_write+0x20c/0x580 [ 190.460845][ T7612] ksys_write+0xea/0x1f0 [ 190.460861][ T7612] ? __ia32_sys_read+0xb0/0xb0 [ 190.460884][ T7612] __x64_sys_write+0x73/0xb0 [ 190.460902][ T7612] do_syscall_64+0x103/0x610 [ 190.460920][ T7612] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.460931][ T7612] RIP: 0033:0x4582b9 [ 190.460944][ T7612] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 190.460950][ T7612] RSP: 002b:00007f189254cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 190.460964][ T7612] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 190.460972][ T7612] RDX: 0000000000003138 RSI: 0000000020002ec0 RDI: 0000000000000006 [ 190.460979][ T7612] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 190.460987][ T7612] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f189254d6d4 [ 190.460993][ T7612] R13: 00000000004c7a3b R14: 00000000004ddaf0 R15: 00000000ffffffff [ 190.461919][ T7612] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7612 [ 190.481600][ T7612] caller is ip6_fragment+0x244/0x3980 [ 190.481617][ T7612] CPU: 0 PID: 7612 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 190.481625][ T7612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 190.481630][ T7612] Call Trace: [ 190.481647][ T7612] dump_stack+0x172/0x1f0 [ 190.481670][ T7612] __this_cpu_preempt_check+0x246/0x270 [ 190.481688][ T7612] ip6_fragment+0x244/0x3980 [ 190.491016][ T7612] ? ip6_mtu+0x2e6/0x460 [ 190.491032][ T7612] ? find_held_lock+0x35/0x130 [ 190.491049][ T7612] ? ip6_forward_finish+0x580/0x580 [ 190.491074][ T7612] ? ip6_forward+0x3880/0x3880 [ 190.491099][ T7612] ip6_finish_output+0x8a3/0xdc0 [ 190.491118][ T7612] ip6_output+0x235/0x7f0 [ 190.491134][ T7612] ? ip6_finish_output+0xdc0/0xdc0 [ 190.491150][ T7612] ? ip6_fragment+0x3980/0x3980 [ 190.491167][ T7612] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 190.491184][ T7612] ip6_local_out+0xc4/0x1b0 [ 190.491201][ T7612] ip6_send_skb+0xbb/0x350 [ 190.491219][ T7612] ip6_push_pending_frames+0xc8/0xf0 [ 190.491233][ T7612] rawv6_sendmsg+0x299c/0x35e0 [ 190.491253][ T7612] ? rawv6_getsockopt+0x150/0x150 [ 190.491267][ T7612] ? aa_profile_af_perm+0x320/0x320 [ 190.491281][ T7612] ? __sched_text_start+0x8/0x8 [ 190.491298][ T7612] ? try_to_wake_up+0xc6/0x1000 [ 190.491312][ T7612] ? preempt_schedule+0x4b/0x60 [ 190.491330][ T7612] ? preempt_schedule_common+0x4f/0xe0 [ 190.505324][ T7612] ? ___might_sleep+0x163/0x280 [ 190.505345][ T7612] ? __might_sleep+0x95/0x190 [ 190.515334][ T7613] IPVS: ftp: loaded support on port[0] = 21 [ 190.517111][ T7612] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 190.517130][ T7612] inet_sendmsg+0x147/0x5e0 [ 190.517149][ T7612] ? rawv6_getsockopt+0x150/0x150 [ 190.527073][ T7612] ? inet_sendmsg+0x147/0x5e0 [ 190.527088][ T7612] ? ipip_gro_receive+0x100/0x100 [ 190.527106][ T7612] sock_sendmsg+0xdd/0x130 [ 190.527124][ T7612] sock_write_iter+0x27c/0x3e0 [ 190.535566][ T7612] ? sock_sendmsg+0x130/0x130 [ 190.549459][ T7612] ? aa_path_link+0x460/0x460 [ 190.549474][ T7612] ? find_held_lock+0x35/0x130 [ 190.549494][ T7612] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.578833][ T7612] ? iov_iter_init+0xee/0x220 [ 190.578852][ T7612] new_sync_write+0x4c7/0x760 [ 190.578869][ T7612] ? default_llseek+0x2e0/0x2e0 [ 190.578890][ T7612] ? common_file_perm+0x238/0x720 [ 190.578903][ T7612] ? __fget+0x381/0x550 [ 190.578921][ T7612] ? apparmor_file_permission+0x25/0x30 [ 190.578933][ T7612] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 190.578949][ T7612] ? security_file_permission+0x94/0x380 [ 190.578965][ T7612] __vfs_write+0xe4/0x110 [ 190.578982][ T7612] vfs_write+0x20c/0x580 [ 190.579000][ T7612] ksys_write+0xea/0x1f0 [ 190.579015][ T7612] ? __ia32_sys_read+0xb0/0xb0 [ 190.579037][ T7612] __x64_sys_write+0x73/0xb0 [ 190.579054][ T7612] do_syscall_64+0x103/0x610 [ 190.579070][ T7612] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.579081][ T7612] RIP: 0033:0x4582b9 [ 190.579095][ T7612] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 190.579102][ T7612] RSP: 002b:00007f189254cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 190.579113][ T7612] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 190.579121][ T7612] RDX: 0000000000003138 RSI: 0000000020002ec0 RDI: 0000000000000006 [ 190.579128][ T7612] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 190.579136][ T7612] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f189254d6d4 [ 190.579145][ T7612] R13: 00000000004c7a3b R14: 00000000004ddaf0 R15: 00000000ffffffff [ 191.048191][ T7550] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 191.057478][ T2401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.067235][ T2401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.075903][ T2401] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.083005][ T2401] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.091056][ T2401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.099852][ T2401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.108331][ T2401] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.115442][ T2401] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.123414][ T2401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 191.191663][ T7541] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 191.213027][ T7541] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 191.227488][ T7541] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 191.236573][ T7541] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 191.251248][ T7541] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 191.259894][ T7541] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.276434][ T7541] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 191.287147][ T7541] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 191.299577][ T7541] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 191.310274][ T7541] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 191.325362][ T7552] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 191.345502][ T7541] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 191.388520][ T7552] 8021q: adding VLAN 0 to HW filter on device batadv0 02:42:05 executing program 2: r0 = openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x40, 0x0) write$FUSE_WRITE(r0, &(0x7f00000003c0)={0x18, 0xfffffffffffffff5, 0x6}, 0x18) r1 = syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet6(0xa, 0x3, 0x6) fdatasync(0xffffffffffffff9c) socket$inet6(0xa, 0x1000000000002, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="3497613ff984f3708d28c709070000691d926f6b2406e19d7085ad8ca6c6eedfbbbd4085e1d7f7fbeded720b20f505f19c0b2f3b8025aaa57e6077564ea68f1c214c0b4be9951849671251d39a4596b51a53661514901242000000000000001000"/108], 0x1}, 0x1, 0x0, 0x0, 0x90}, 0xfffffffffffffffd) r3 = syz_open_procfs(0x0, &(0x7f0000000200)='net\x00') fcntl$setstatus(r1, 0x4, 0x4800) syz_open_dev$rtc(&(0x7f00000000c0)='/dev/rtc#\x00', 0x4, 0x400) r4 = socket$inet6(0xa, 0x0, 0x0) bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e20, 0xffffffffffffffff}, 0x1c) r5 = socket$inet_dccp(0x2, 0x6, 0x0) listen(r4, 0x6) setsockopt(r5, 0x10d, 0x800000000d, 0x0, 0x0) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r2) accept(r4, 0x0, &(0x7f0000000080)=0xfe0f) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000340)='tls\x00', 0x4) utimensat(r3, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000280)={{0x77359400}, {0x77359400}}, 0x100) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x2710}, 0x10) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffffffffffe69) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00') faccessat(r6, &(0x7f0000000080)='.\x00', 0x7, 0x0) syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x7, 0xa00) 02:42:05 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x800, 0x0) openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x0, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, 0x0, 0x0, 0x2000000000002) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)) 02:42:05 executing program 3: r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x9) fstatfs(r0, &(0x7f0000000080)=""/19) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c) write$binfmt_script(r1, &(0x7f0000002ec0)={'3! ', './file0'}, 0x3138) 02:42:05 executing program 4: r0 = socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f0000000140), 0x4) sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nl=@unspec={0x1100000000000000, 0x1100, 0xaa, 0x80fe}, 0x80, &(0x7f0000000280)=[{&(0x7f00000018c0)="f4001100002b2c25e994efd18498d66204baa68754a3000000000300000000000000000000ffffff840080fe00000000", 0x30}], 0x1}, 0x0) 02:42:05 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x1, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x3001}) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000e00)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\xd4\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') ioctl$TUNSETVNETLE(r0, 0x400454dc, &(0x7f0000000040)=0x1) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x530) 02:42:05 executing program 5: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000100)='configfs\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getdents64(r0, &(0x7f00000002c0)=""/156, 0x9c) 02:42:05 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0xf93f00, 0x0, &(0x7f0000e32000), 0x0, 0x0) 02:42:05 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) keyctl$reject(0x13, 0x0, 0x0, 0x9, 0x0) [ 193.141344][ T7647] device nr0 entered promiscuous mode 02:42:05 executing program 3: r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x9) fstatfs(r0, &(0x7f0000000080)=""/19) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c) write$binfmt_script(r1, &(0x7f0000002ec0)={'3! ', './file0'}, 0x3138) 02:42:05 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000040)={r0, 0x0, 0x0, 0x0, 0x0, 0xffffffd1}, 0x125) 02:42:05 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000180)='/dev/dri/card#\x00', 0x0, 0x0) flistxattr(r0, 0x0, 0x0) 02:42:05 executing program 2: r0 = memfd_create(&(0x7f0000000340)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0) write(r0, &(0x7f0000000080)="b1", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000200), 0xff8) chdir(&(0x7f0000000000)='./file0\x00') 02:42:05 executing program 3: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000002c0)='fuse\x00', 0x0, &(0x7f00000003c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) clone(0x4000002102001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) open(&(0x7f0000000040)='./file0/file0\x00', 0x8000000003, 0x0) 02:42:06 executing program 4: ioctl$RTC_VL_READ(0xffffffffffffffff, 0x80047013, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timer\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f00000002c0), &(0x7f0000000200)=0xfffffffffffffdf3) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x0, 0x0) 02:42:06 executing program 3: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000002c0)='fuse\x00', 0x0, &(0x7f00000003c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) clone(0x4000002102001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) open(&(0x7f0000000040)='./file0/file0\x00', 0x8000000003, 0x0) 02:42:06 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x800, 0x0) openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x0, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, 0x0, 0x0, 0x2000000000002) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)) 02:42:06 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x1, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x3001}) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000e00)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\xd4\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') ioctl$TUNSETVNETLE(r0, 0x400454dc, &(0x7f0000000040)=0x1) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x530) 02:42:06 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="24000000250007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 02:42:06 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000400)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x8619, 0x0, 0x0, 0x9}]}) [ 194.040258][ T7695] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. 02:42:06 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="24000000250007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 02:42:06 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, 0x0) write$binfmt_misc(r0, &(0x7f0000001740)=ANY=[@ANYBLOB="73797a3198f6341f941a395dc58eb6f2df977f3eb5307ccbbdb8339eb4e45c9a8262d85fd441cde8483df980ff7fa4146ef8066d68f743f74b90ca7d0d7c6de0871ec8b479415942703283d536adbe0d2f4977389bbc3635a244dfc9a121809660ad430868e727ecf34b5fbb708eec298d585a936714a5728f86ca94101d602cab4c49b0adbd2fbf63c8baff8dfba1eeda4ca06028d66c21d0ea04a8b2a60d23f4e360948790321727a83332e86f4f1c837cf7c60992d1aea419464ccc7b1d2679f030dfaeb153448e096b6409a6c2bcd9cf4613264b99992d08d48cc64edd13cd3885f361f7bc8c33aaca7235a785a9ceab85bd213e131205c62a9f8635c144eaa7307ae30ca8874dc46b62f951525b3dd894d6ae5357614712aa874dd0c4a7ca0d199ed612fdce56759bd3864a3253ef442b6190baa6c61bb1256108cdcff20859960d7ff6fd441d59deb247d4359df9a9457c8401b510b6de0d31ca39a997069450570369ff11ed78b73c4d54e1c38217f9120f192099d13551b06a9d3eb39c3c6aaf0cb589c911453142865dc507b9523d178ef2bb0ff9b0cd43ca23438a915dfdd35b01196ef7a2a412b71db9e93ced964c3ba7da194705ebe6ae9ff6d6999a672a2f087ffa44b41a234452d87696173efb36ec4ed326157685c71cba93b3efa037844e89818ab0ec7eec5b69eae0aa152ff761ef0e42cce988249a1ed8d6f9a82d7b2a4ee8ce"], 0x209) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) dup2(r1, r0) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0) [ 194.152698][ T7700] device nr0 entered promiscuous mode [ 194.186464][ T7710] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. 02:42:06 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000001c0)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000050000002560b700ff"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x480, 0x0, 0xd07ee511}]}) 02:42:06 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000400)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x8619, 0x0, 0x0, 0x9}]}) 02:42:06 executing program 4: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/246) close(r0) 02:42:06 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000400)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x8619, 0x0, 0x0, 0x9}]}) 02:42:06 executing program 5: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x800, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, 0x0, 0x0, 0x2000000000002) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) 02:42:07 executing program 3: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000002c0)='fuse\x00', 0x0, &(0x7f00000003c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) clone(0x4000002102001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) open(&(0x7f0000000040)='./file0/file0\x00', 0x8000000003, 0x0) 02:42:07 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x800, 0x0) openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x0, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, 0x0, 0x0, 0x2000000000002) 02:42:07 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000400)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x8619, 0x0, 0x0, 0x9}]}) 02:42:07 executing program 1: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) r1 = memfd_create(&(0x7f0000000280)='^\x00', 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f00000003c0)=0x17642c4) pwritev(r1, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x0) preadv(r0, &(0x7f00000015c0)=[{&(0x7f0000000440)=""/4096, 0x1000}], 0x1, 0x0) sendfile(r0, r1, 0x0, 0x102002700) 02:42:07 executing program 4: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$IPVS_CMD_SET_DEST(0xffffffffffffffff, 0x0, 0x0) clone(0x4000003102041ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() creat(&(0x7f0000000080)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xa00000000, 0x0, 0xfffffffffffff800}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) getsockopt$inet6_buf(r1, 0x29, 0x31, &(0x7f0000000100)=""/175, &(0x7f0000000000)=0xaf) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f0000000000)) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2f) ioctl$DRM_IOCTL_MAP_BUFS(0xffffffffffffffff, 0xc0186419, 0x0) nanosleep(&(0x7f0000000000)={0x0, 0x1c9c380}, 0x0) mprotect(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0) 02:42:07 executing program 3: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000002c0)='fuse\x00', 0x0, &(0x7f00000003c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) clone(0x4000002102001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) open(&(0x7f0000000040)='./file0/file0\x00', 0x8000000003, 0x0) 02:42:07 executing program 5: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) sendfile(r0, r0, 0x0, 0x80) 02:42:07 executing program 3: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000002c0)='fuse\x00', 0x0, &(0x7f00000003c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) open(&(0x7f0000000040)='./file0/file0\x00', 0x8000000003, 0x0) 02:42:07 executing program 5: r0 = socket$kcm(0x29, 0x2, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, &(0x7f0000000000), 0x4) [ 195.185100][ T3026] rpcbind: RPC call returned error 22 02:42:07 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000400)={[{0x3, 0xfff, 0xc, 0xf6, 0xffffffffffff5e80, 0x8619, 0x7, 0x1f, 0x0, 0x0, 0x8, 0xa3}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x2}], 0x200}) 02:42:07 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000400)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x8619, 0x0, 0x0, 0x9}]}) 02:42:07 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4008ae52, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 02:42:07 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x7) 02:42:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x800, 0x0) openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x0, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, 0x0, 0x0, 0x2000000000002) 02:42:08 executing program 1: r0 = creat(&(0x7f0000000280)='./file0\x00', 0x8) recvfrom$unix(r0, &(0x7f00000007c0)=""/233, 0x24b, 0x20, 0x0, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x3, @empty}, 0x10) sendto$inet(r1, 0x0, 0x2f5, 0x200007fc, &(0x7f0000000000)={0x2, 0x3, @local}, 0x10) setsockopt$inet_tcp_TLS_RX(r1, 0x6, 0x2, &(0x7f0000000240), 0x4) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e23, @multicast1}, 0x10) accept4(r1, &(0x7f00000001c0)=@l2, &(0x7f0000000080)=0x80, 0x7ff) getpid() stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) lstat(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r2 = memfd_create(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) fcntl$F_SET_FILE_RW_HINT(r2, 0x40e, &(0x7f0000000140)=0x3) sendto(r1, &(0x7f00000000c0)='H', 0x1, 0x5, 0x0, 0x0) sendto(r1, &(0x7f0000000100)="91", 0x1, 0x8000, 0x0, 0x0) shutdown(r1, 0x2) recvfrom$inet(r1, 0x0, 0x0, 0x80040000101, 0x0, 0x2f49b2819fbc7c26) 02:42:08 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) connect$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000040)=0x8, 0x4) sendmmsg(r0, &(0x7f00000002c0), 0x400000000000174, 0x7ffffff7) 02:42:08 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000400)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x8619, 0x0, 0x0, 0x9}]}) 02:42:08 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f0000007e00), 0x400000000000058, 0x0) getegid() [ 195.913394][ T7811] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7811 [ 195.922888][ T7811] caller is ip6_finish_output+0x335/0xdc0 [ 195.928672][ T7811] CPU: 1 PID: 7811 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 195.937699][ T7811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 195.947762][ T7811] Call Trace: [ 195.951056][ T7811] dump_stack+0x172/0x1f0 [ 195.955398][ T7811] __this_cpu_preempt_check+0x246/0x270 [ 195.960944][ T7811] ip6_finish_output+0x335/0xdc0 [ 195.965871][ T7811] ip6_output+0x235/0x7f0 [ 195.970186][ T7811] ? ip6_finish_output+0xdc0/0xdc0 [ 195.975295][ T7811] ? ip6_fragment+0x3980/0x3980 [ 195.980226][ T7811] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 195.990712][ T7811] ip6_local_out+0xc4/0x1b0 [ 195.995385][ T7811] ip6_send_skb+0xbb/0x350 [ 195.999786][ T7811] ip6_push_pending_frames+0xc8/0xf0 [ 196.005058][ T7811] rawv6_sendmsg+0x299c/0x35e0 [ 196.009810][ T7811] ? rawv6_getsockopt+0x150/0x150 [ 196.014818][ T7811] ? aa_profile_af_perm+0x320/0x320 [ 196.020002][ T7811] ? find_held_lock+0x35/0x130 [ 196.024749][ T7811] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 196.030973][ T7811] ? rw_copy_check_uvector+0x2a6/0x330 [ 196.036423][ T7811] ? ___might_sleep+0x163/0x280 [ 196.041259][ T7811] ? __might_sleep+0x95/0x190 [ 196.045931][ T7811] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 196.051459][ T7811] inet_sendmsg+0x147/0x5e0 [ 196.055945][ T7811] ? rawv6_getsockopt+0x150/0x150 [ 196.060946][ T7811] ? inet_sendmsg+0x147/0x5e0 [ 196.065604][ T7811] ? ipip_gro_receive+0x100/0x100 [ 196.070614][ T7811] sock_sendmsg+0xdd/0x130 [ 196.075013][ T7811] ___sys_sendmsg+0x3e2/0x930 [ 196.079672][ T7811] ? copy_msghdr_from_user+0x430/0x430 [ 196.085112][ T7811] ? lock_downgrade+0x880/0x880 [ 196.089980][ T7811] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 196.096201][ T7811] ? kasan_check_read+0x11/0x20 [ 196.101036][ T7811] ? __fget+0x381/0x550 [ 196.105179][ T7811] ? ksys_dup3+0x3e0/0x3e0 [ 196.109578][ T7811] ? find_held_lock+0x35/0x130 [ 196.114329][ T7811] ? __fget_light+0x1a9/0x230 [ 196.118994][ T7811] ? __fdget+0x1b/0x20 [ 196.123045][ T7811] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 196.129267][ T7811] ? sockfd_lookup_light+0xcb/0x180 [ 196.134450][ T7811] __sys_sendmmsg+0x1bf/0x4d0 [ 196.139131][ T7811] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 196.144145][ T7811] ? _copy_to_user+0xc9/0x120 [ 196.148818][ T7811] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 196.155056][ T7811] ? put_timespec64+0xda/0x140 [ 196.159801][ T7811] ? nsecs_to_jiffies+0x30/0x30 [ 196.164647][ T7811] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 196.170088][ T7811] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 196.175531][ T7811] ? do_syscall_64+0x26/0x610 [ 196.180194][ T7811] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.186249][ T7811] ? do_syscall_64+0x26/0x610 [ 196.190916][ T7811] __x64_sys_sendmmsg+0x9d/0x100 [ 196.197375][ T7811] do_syscall_64+0x103/0x610 [ 196.201951][ T7811] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.207821][ T7811] RIP: 0033:0x4582b9 [ 196.211714][ T7811] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 196.231495][ T7811] RSP: 002b:00007f7a58fadc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 196.239986][ T7811] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 196.248026][ T7811] RDX: 0400000000000058 RSI: 0000000020007e00 RDI: 0000000000000004 [ 196.256072][ T7811] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 02:42:08 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x100, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) dup2(r0, 0xffffffffffffffff) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c9, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) fcntl$addseals(r2, 0x409, 0x2000000000001) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='cpu.stat\x00', 0x0, 0x0) ioctl$KDSETKEYCODE(r3, 0x4b4d, 0x0) setsockopt$packet_fanout_data(r3, 0x107, 0x16, &(0x7f0000000500)={0x200001ea, &(0x7f0000000540)}, 0xffffffffffffff6c) connect$inet6(r2, &(0x7f0000002740)={0xa, 0x0, 0x0, @dev, 0x4}, 0x79) sendmmsg(r2, &(0x7f0000007e00), 0x136a88c8311572c, 0x11) ioctl$KVM_GET_SUPPORTED_CPUID(r3, 0xc008ae05, &(0x7f0000000540)=""/139) [ 196.264033][ T7811] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7a58fae6d4 [ 196.271997][ T7811] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 196.360000][ T7811] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7811 [ 196.369515][ T7811] caller is ip6_finish_output+0x335/0xdc0 [ 196.375324][ T7811] CPU: 1 PID: 7811 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 196.384359][ T7811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 196.394589][ T7811] Call Trace: [ 196.397891][ T7811] dump_stack+0x172/0x1f0 [ 196.402245][ T7811] __this_cpu_preempt_check+0x246/0x270 [ 196.407801][ T7811] ip6_finish_output+0x335/0xdc0 [ 196.412750][ T7811] ip6_output+0x235/0x7f0 [ 196.417084][ T7811] ? ip6_finish_output+0xdc0/0xdc0 [ 196.422199][ T7811] ? ip6_fragment+0x3980/0x3980 [ 196.427054][ T7811] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 196.432613][ T7811] ip6_local_out+0xc4/0x1b0 [ 196.437122][ T7811] ip6_send_skb+0xbb/0x350 [ 196.441543][ T7811] ip6_push_pending_frames+0xc8/0xf0 [ 196.446829][ T7811] rawv6_sendmsg+0x299c/0x35e0 [ 196.451605][ T7811] ? rawv6_getsockopt+0x150/0x150 [ 196.456632][ T7811] ? aa_profile_af_perm+0x320/0x320 [ 196.461833][ T7811] ? find_held_lock+0x35/0x130 [ 196.466599][ T7811] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 196.472869][ T7811] ? rw_copy_check_uvector+0x2a6/0x330 [ 196.478356][ T7811] ? ___might_sleep+0x163/0x280 [ 196.483216][ T7811] ? __might_sleep+0x95/0x190 [ 196.487917][ T7811] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 196.493468][ T7811] inet_sendmsg+0x147/0x5e0 [ 196.497975][ T7811] ? rawv6_getsockopt+0x150/0x150 [ 196.503007][ T7811] ? inet_sendmsg+0x147/0x5e0 [ 196.507668][ T7811] ? ipip_gro_receive+0x100/0x100 [ 196.512685][ T7811] sock_sendmsg+0xdd/0x130 [ 196.517087][ T7811] ___sys_sendmsg+0x3e2/0x930 [ 196.521811][ T7811] ? copy_msghdr_from_user+0x430/0x430 [ 196.527251][ T7811] ? finish_task_switch+0x146/0x780 [ 196.532428][ T7811] ? finish_task_switch+0x118/0x780 [ 196.537615][ T7811] ? __switch_to_asm+0x34/0x70 [ 196.542371][ T7811] ? __schedule+0x81f/0x1cc0 [ 196.546958][ T7811] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 196.552399][ T7811] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 196.557850][ T7811] ? lockdep_hardirqs_on+0x418/0x5d0 [ 196.563116][ T7811] ? retint_kernel+0x2d/0x2d [ 196.567702][ T7811] ? trace_hardirqs_on_caller+0x6a/0x220 [ 196.573322][ T7811] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 196.578774][ T7811] ? retint_kernel+0x2d/0x2d [ 196.583445][ T7811] __sys_sendmmsg+0x1bf/0x4d0 [ 196.588111][ T7811] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 196.593132][ T7811] ? _copy_to_user+0xc9/0x120 [ 196.597794][ T7811] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 196.604024][ T7811] ? put_timespec64+0xda/0x140 [ 196.608773][ T7811] ? nsecs_to_jiffies+0x30/0x30 [ 196.613623][ T7811] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 196.619062][ T7811] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 196.624528][ T7811] ? do_syscall_64+0x26/0x610 [ 196.629188][ T7811] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.635348][ T7811] ? do_syscall_64+0x26/0x610 [ 196.640024][ T7811] __x64_sys_sendmmsg+0x9d/0x100 [ 196.644947][ T7811] do_syscall_64+0x103/0x610 [ 196.649525][ T7811] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.655410][ T7811] RIP: 0033:0x4582b9 [ 196.659289][ T7811] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 196.678876][ T7811] RSP: 002b:00007f7a58fadc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 196.687372][ T7811] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 196.695334][ T7811] RDX: 0400000000000058 RSI: 0000000020007e00 RDI: 0000000000000004 [ 196.703290][ T7811] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 02:42:08 executing program 3: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000002c0)='fuse\x00', 0x0, &(0x7f00000003c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) open(&(0x7f0000000040)='./file0/file0\x00', 0x8000000003, 0x0) 02:42:08 executing program 4: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000100)=[{0x5}]}) [ 196.711248][ T7811] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7a58fae6d4 [ 196.719207][ T7811] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff 02:42:08 executing program 4: seccomp(0x1, 0x0, &(0x7f0000000180)={0x1, &(0x7f0000000580)=[{0x6, 0x0, 0x0, 0xfffffffffffffffd}]}) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000400)='TIPCv2\x00') sendmsg$TIPC_NL_NODE_GET(r0, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000480)={&(0x7f0000000580)=ANY=[@ANYBLOB="0477b8b441d73ac39225"], 0x1}, 0x1, 0x0, 0x0, 0x40}, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000100)={0x0}, &(0x7f0000000340)=0xc) unlink(&(0x7f0000001e00)='./bus\x00') fcntl$setown(r1, 0x8, r2) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) ioctl$KDSETLED(0xffffffffffffffff, 0x4b32, 0x8) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) r3 = getpid() sched_setattr(r3, &(0x7f0000000040)={0x0, 0x2, 0x0, 0x1, 0x3, 0x0, 0xfffffffffffffffe}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = socket$inet6(0xa, 0x1000000000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup2(r6, r4) write$P9_RSTATFS(r7, &(0x7f0000000280)={0x43, 0x9, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}, 0x43) ioctl$RTC_EPOCH_SET(r1, 0x4008700e, 0x8) recvmmsg(r5, &(0x7f0000000b80)=[{{&(0x7f0000000200)=@l2, 0x80, &(0x7f00000005c0), 0x0, &(0x7f0000000600)=""/84, 0x54}}, {{&(0x7f0000000680)=@l2, 0x80, &(0x7f0000000a40), 0x0, &(0x7f0000000ac0)=""/147, 0x93}}], 0x4000000000002ce, 0x62, 0x0) [ 196.851217][ T26] audit: type=1326 audit(1554691329.026:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7833 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45b11a code=0xffff0000 [ 197.105850][ T7811] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7811 [ 197.115604][ T7811] caller is ip6_finish_output+0x335/0xdc0 [ 197.121388][ T7811] CPU: 1 PID: 7811 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 197.130432][ T7811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.130437][ T7811] Call Trace: [ 197.130460][ T7811] dump_stack+0x172/0x1f0 [ 197.130487][ T7811] __this_cpu_preempt_check+0x246/0x270 [ 197.146181][ T7811] ip6_finish_output+0x335/0xdc0 [ 197.146204][ T7811] ip6_output+0x235/0x7f0 [ 197.146223][ T7811] ? ip6_finish_output+0xdc0/0xdc0 [ 197.156063][ T7811] ? ip6_fragment+0x3980/0x3980 [ 197.156078][ T7811] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 197.156099][ T7811] ip6_local_out+0xc4/0x1b0 [ 197.156117][ T7811] ip6_send_skb+0xbb/0x350 [ 197.156137][ T7811] ip6_push_pending_frames+0xc8/0xf0 [ 197.165367][ T7811] rawv6_sendmsg+0x299c/0x35e0 [ 197.165392][ T7811] ? rawv6_getsockopt+0x150/0x150 [ 197.165412][ T7811] ? aa_profile_af_perm+0x320/0x320 [ 197.175341][ T7811] ? find_held_lock+0x35/0x130 [ 197.185445][ T7811] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.210612][ T7811] ? rw_copy_check_uvector+0x2a6/0x330 [ 197.210642][ T7811] ? ___might_sleep+0x163/0x280 [ 197.210657][ T7811] ? __might_sleep+0x95/0x190 [ 197.210685][ T7811] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 197.210700][ T7811] inet_sendmsg+0x147/0x5e0 [ 197.227323][ T7811] ? rawv6_getsockopt+0x150/0x150 [ 197.227337][ T7811] ? inet_sendmsg+0x147/0x5e0 [ 197.227350][ T7811] ? ipip_gro_receive+0x100/0x100 [ 197.227368][ T7811] sock_sendmsg+0xdd/0x130 [ 197.227389][ T7811] ___sys_sendmsg+0x3e2/0x930 [ 197.236901][ T7811] ? copy_msghdr_from_user+0x430/0x430 [ 197.236922][ T7811] ? __lock_acquire+0x548/0x3fb0 [ 197.236939][ T7811] ? __schedule+0x81f/0x1cc0 [ 197.236960][ T7811] ? __might_fault+0x12b/0x1e0 [ 197.290315][ T7811] ? find_held_lock+0x35/0x130 [ 197.295063][ T7811] ? __might_fault+0x12b/0x1e0 [ 197.299817][ T7811] ? lock_downgrade+0x880/0x880 [ 197.304658][ T7811] ? ___might_sleep+0x163/0x280 [ 197.309492][ T7811] __sys_sendmmsg+0x1bf/0x4d0 [ 197.314152][ T7811] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 197.319178][ T7811] ? _copy_to_user+0xc9/0x120 [ 197.323846][ T7811] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.330069][ T7811] ? put_timespec64+0xda/0x140 [ 197.334814][ T7811] ? nsecs_to_jiffies+0x30/0x30 [ 197.339658][ T7811] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.345100][ T7811] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.350628][ T7811] ? do_syscall_64+0x26/0x610 [ 197.355296][ T7811] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.361343][ T7811] ? do_syscall_64+0x26/0x610 [ 197.366004][ T7811] __x64_sys_sendmmsg+0x9d/0x100 [ 197.370929][ T7811] do_syscall_64+0x103/0x610 [ 197.375502][ T7811] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.381375][ T7811] RIP: 0033:0x4582b9 [ 197.385256][ T7811] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 197.404865][ T7811] RSP: 002b:00007f7a58fadc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 197.413258][ T7811] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 197.421219][ T7811] RDX: 0400000000000058 RSI: 0000000020007e00 RDI: 0000000000000004 [ 197.429172][ T7811] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 197.437126][ T7811] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7a58fae6d4 [ 197.445168][ T7811] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 197.457199][ T7811] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7811 [ 197.467005][ T7811] caller is ip6_finish_output+0x335/0xdc0 [ 197.472791][ T7811] CPU: 0 PID: 7811 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 197.472798][ T7811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.472803][ T7811] Call Trace: [ 197.472823][ T7811] dump_stack+0x172/0x1f0 [ 197.472853][ T7811] __this_cpu_preempt_check+0x246/0x270 [ 197.505063][ T7811] ip6_finish_output+0x335/0xdc0 [ 197.505084][ T7811] ip6_output+0x235/0x7f0 [ 197.505101][ T7811] ? ip6_finish_output+0xdc0/0xdc0 [ 197.505118][ T7811] ? ip6_fragment+0x3980/0x3980 [ 197.505135][ T7811] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 197.505155][ T7811] ip6_local_out+0xc4/0x1b0 [ 197.505171][ T7811] ip6_send_skb+0xbb/0x350 [ 197.505190][ T7811] ip6_push_pending_frames+0xc8/0xf0 [ 197.524547][ T7811] rawv6_sendmsg+0x299c/0x35e0 [ 197.524570][ T7811] ? rawv6_getsockopt+0x150/0x150 [ 197.534587][ T7811] ? aa_profile_af_perm+0x320/0x320 [ 197.534608][ T7811] ? find_held_lock+0x35/0x130 [ 197.534622][ T7811] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.534644][ T7811] ? rw_copy_check_uvector+0x2a6/0x330 [ 197.544320][ T7811] ? ___might_sleep+0x163/0x280 [ 197.544340][ T7811] ? __might_sleep+0x95/0x190 [ 197.559427][ T7811] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 197.559445][ T7811] inet_sendmsg+0x147/0x5e0 [ 197.559465][ T7811] ? rawv6_getsockopt+0x150/0x150 [ 197.570443][ T7811] ? inet_sendmsg+0x147/0x5e0 [ 197.570458][ T7811] ? ipip_gro_receive+0x100/0x100 [ 197.570476][ T7811] sock_sendmsg+0xdd/0x130 [ 197.570492][ T7811] ___sys_sendmsg+0x3e2/0x930 [ 197.570512][ T7811] ? copy_msghdr_from_user+0x430/0x430 [ 197.619276][ T7811] ? __lock_acquire+0x548/0x3fb0 [ 197.619296][ T7811] ? __schedule+0x81f/0x1cc0 [ 197.619318][ T7811] ? __might_fault+0x12b/0x1e0 [ 197.639017][ T7811] ? find_held_lock+0x35/0x130 [ 197.643792][ T7811] ? __might_fault+0x12b/0x1e0 [ 197.648576][ T7811] ? lock_downgrade+0x880/0x880 [ 197.653443][ T7811] ? ___might_sleep+0x163/0x280 [ 197.658302][ T7811] __sys_sendmmsg+0x1bf/0x4d0 [ 197.658328][ T7811] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 197.658356][ T7811] ? _copy_to_user+0xc9/0x120 [ 197.668026][ T7811] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.678914][ T7811] ? put_timespec64+0xda/0x140 [ 197.678931][ T7811] ? nsecs_to_jiffies+0x30/0x30 [ 197.678953][ T7811] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.678971][ T7811] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.688554][ T7811] ? do_syscall_64+0x26/0x610 [ 197.688570][ T7811] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.688584][ T7811] ? do_syscall_64+0x26/0x610 [ 197.688602][ T7811] __x64_sys_sendmmsg+0x9d/0x100 [ 197.699486][ T7811] do_syscall_64+0x103/0x610 [ 197.699507][ T7811] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.699522][ T7811] RIP: 0033:0x4582b9 [ 197.710221][ T7811] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 197.710230][ T7811] RSP: 002b:00007f7a58fadc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 197.710244][ T7811] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 197.710252][ T7811] RDX: 0400000000000058 RSI: 0000000020007e00 RDI: 0000000000000004 [ 197.710268][ T7811] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 197.710276][ T7811] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7a58fae6d4 [ 197.710289][ T7811] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff 02:42:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x800, 0x0) openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x0, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, 0x0, 0x0, 0x2000000000002) 02:42:10 executing program 4: openat$full(0xffffffffffffff9c, &(0x7f0000000400)='/dev/full\x00', 0x0, 0x0) mlockall(0x400000000007) getresgid(0x0, 0x0, 0x0) mlockall(0x4) [ 197.770881][ T26] audit: type=1326 audit(1554691329.956:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7833 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45b11a code=0xffff0000 [ 197.856672][ T7811] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7811 [ 197.866432][ T7811] caller is ip6_finish_output+0x335/0xdc0 [ 197.872206][ T7811] CPU: 0 PID: 7811 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 197.881231][ T7811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.891286][ T7811] Call Trace: [ 197.894570][ T7811] dump_stack+0x172/0x1f0 [ 197.898886][ T7811] __this_cpu_preempt_check+0x246/0x270 [ 197.904419][ T7811] ip6_finish_output+0x335/0xdc0 [ 197.909341][ T7811] ip6_output+0x235/0x7f0 [ 197.913656][ T7811] ? ip6_finish_output+0xdc0/0xdc0 [ 197.918764][ T7811] ? ip6_fragment+0x3980/0x3980 [ 197.923616][ T7811] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 197.929147][ T7811] ip6_local_out+0xc4/0x1b0 [ 197.933646][ T7811] ip6_send_skb+0xbb/0x350 [ 197.938047][ T7811] ip6_push_pending_frames+0xc8/0xf0 [ 197.943328][ T7811] rawv6_sendmsg+0x299c/0x35e0 [ 197.948079][ T7811] ? rawv6_getsockopt+0x150/0x150 [ 197.953094][ T7811] ? aa_profile_af_perm+0x320/0x320 [ 197.958280][ T7811] ? retint_kernel+0x2d/0x2d [ 197.962854][ T7811] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.969074][ T7811] ? rw_copy_check_uvector+0x2a6/0x330 [ 197.974522][ T7811] ? ___might_sleep+0x163/0x280 [ 197.979356][ T7811] ? __might_sleep+0x95/0x190 [ 197.984026][ T7811] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 197.989556][ T7811] inet_sendmsg+0x147/0x5e0 [ 197.994041][ T7811] ? rawv6_getsockopt+0x150/0x150 [ 197.999055][ T7811] ? inet_sendmsg+0x147/0x5e0 [ 198.003722][ T7811] ? ipip_gro_receive+0x100/0x100 [ 198.008815][ T7811] sock_sendmsg+0xdd/0x130 [ 198.013223][ T7811] ___sys_sendmsg+0x3e2/0x930 [ 198.017894][ T7811] ? copy_msghdr_from_user+0x430/0x430 [ 198.023358][ T7811] ? __lock_acquire+0x548/0x3fb0 [ 198.028723][ T7811] ? __schedule+0x81f/0x1cc0 [ 198.033307][ T7811] ? __might_fault+0x12b/0x1e0 [ 198.038053][ T7811] ? find_held_lock+0x35/0x130 [ 198.042797][ T7811] ? __might_fault+0x12b/0x1e0 [ 198.047547][ T7811] ? lock_downgrade+0x880/0x880 [ 198.052386][ T7811] ? ___might_sleep+0x163/0x280 [ 198.057219][ T7811] __sys_sendmmsg+0x1bf/0x4d0 [ 198.061887][ T7811] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 198.066900][ T7811] ? _copy_to_user+0xc9/0x120 [ 198.071561][ T7811] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.077784][ T7811] ? put_timespec64+0xda/0x140 [ 198.082530][ T7811] ? nsecs_to_jiffies+0x30/0x30 [ 198.087422][ T7811] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.092862][ T7811] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.098320][ T7811] ? do_syscall_64+0x26/0x610 [ 198.102989][ T7811] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.109038][ T7811] ? do_syscall_64+0x26/0x610 [ 198.113790][ T7811] __x64_sys_sendmmsg+0x9d/0x100 [ 198.118716][ T7811] do_syscall_64+0x103/0x610 [ 198.123296][ T7811] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.129169][ T7811] RIP: 0033:0x4582b9 [ 198.133221][ T7811] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 02:42:10 executing program 3: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000002c0)='fuse\x00', 0x0, &(0x7f00000003c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) open(&(0x7f0000000040)='./file0/file0\x00', 0x8000000003, 0x0) [ 198.152929][ T7811] RSP: 002b:00007f7a58fadc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 198.161324][ T7811] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 198.169386][ T7811] RDX: 0400000000000058 RSI: 0000000020007e00 RDI: 0000000000000004 [ 198.177341][ T7811] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 198.185308][ T7811] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7a58fae6d4 [ 198.193290][ T7811] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 198.238957][ T7811] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7811 [ 198.248456][ T7811] caller is ip6_finish_output+0x335/0xdc0 [ 198.254298][ T7811] CPU: 1 PID: 7811 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 198.263399][ T7811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 198.263404][ T7811] Call Trace: [ 198.263426][ T7811] dump_stack+0x172/0x1f0 [ 198.263446][ T7811] __this_cpu_preempt_check+0x246/0x270 [ 198.263465][ T7811] ip6_finish_output+0x335/0xdc0 [ 198.263486][ T7811] ip6_output+0x235/0x7f0 [ 198.263509][ T7811] ? ip6_finish_output+0xdc0/0xdc0 [ 198.301020][ T7811] ? ip6_fragment+0x3980/0x3980 [ 198.305880][ T7811] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 198.311433][ T7811] ip6_local_out+0xc4/0x1b0 [ 198.315940][ T7811] ip6_send_skb+0xbb/0x350 [ 198.320363][ T7811] ip6_push_pending_frames+0xc8/0xf0 [ 198.325647][ T7811] rawv6_sendmsg+0x299c/0x35e0 [ 198.330420][ T7811] ? rawv6_getsockopt+0x150/0x150 [ 198.335441][ T7811] ? aa_profile_af_perm+0x320/0x320 [ 198.335464][ T7811] ? find_held_lock+0x35/0x130 [ 198.345411][ T7811] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.351667][ T7811] ? rw_copy_check_uvector+0x2a6/0x330 [ 198.357152][ T7811] ? ___might_sleep+0x163/0x280 [ 198.362004][ T7811] ? __might_sleep+0x95/0x190 [ 198.366690][ T7811] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 198.372249][ T7811] inet_sendmsg+0x147/0x5e0 [ 198.376755][ T7811] ? rawv6_getsockopt+0x150/0x150 [ 198.381784][ T7811] ? inet_sendmsg+0x147/0x5e0 [ 198.386459][ T7811] ? ipip_gro_receive+0x100/0x100 [ 198.391489][ T7811] sock_sendmsg+0xdd/0x130 [ 198.395906][ T7811] ___sys_sendmsg+0x3e2/0x930 [ 198.400763][ T7811] ? copy_msghdr_from_user+0x430/0x430 [ 198.406236][ T7811] ? __lock_acquire+0x548/0x3fb0 [ 198.411183][ T7811] ? __schedule+0x81f/0x1cc0 [ 198.415800][ T7811] ? __might_fault+0x12b/0x1e0 [ 198.420570][ T7811] ? find_held_lock+0x35/0x130 [ 198.425350][ T7811] ? __might_fault+0x12b/0x1e0 [ 198.430128][ T7811] ? lock_downgrade+0x880/0x880 [ 198.434993][ T7811] ? ___might_sleep+0x163/0x280 [ 198.439860][ T7811] __sys_sendmmsg+0x1bf/0x4d0 [ 198.444547][ T7811] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 198.449583][ T7811] ? _copy_to_user+0xc9/0x120 [ 198.454273][ T7811] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.460510][ T7811] ? put_timespec64+0xda/0x140 [ 198.465383][ T7811] ? nsecs_to_jiffies+0x30/0x30 [ 198.470250][ T7811] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.475713][ T7811] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.481171][ T7811] ? do_syscall_64+0x26/0x610 [ 198.485857][ T7811] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.491923][ T7811] ? do_syscall_64+0x26/0x610 [ 198.496603][ T7811] __x64_sys_sendmmsg+0x9d/0x100 [ 198.501543][ T7811] do_syscall_64+0x103/0x610 [ 198.506139][ T7811] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.512040][ T7811] RIP: 0033:0x4582b9 [ 198.515944][ T7811] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 198.535550][ T7811] RSP: 002b:00007f7a58fadc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 198.543996][ T7811] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 198.552139][ T7811] RDX: 0400000000000058 RSI: 0000000020007e00 RDI: 0000000000000004 [ 198.552147][ T7811] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 198.552154][ T7811] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7a58fae6d4 [ 198.552161][ T7811] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 198.570491][ T7811] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7811 [ 198.584290][ T7811] caller is ip6_finish_output+0x335/0xdc0 [ 198.599304][ T7811] CPU: 1 PID: 7811 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 198.608338][ T7811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 198.618385][ T7811] Call Trace: [ 198.621681][ T7811] dump_stack+0x172/0x1f0 [ 198.625997][ T7811] __this_cpu_preempt_check+0x246/0x270 [ 198.631530][ T7811] ip6_finish_output+0x335/0xdc0 [ 198.636451][ T7811] ip6_output+0x235/0x7f0 [ 198.640783][ T7811] ? ip6_finish_output+0xdc0/0xdc0 [ 198.645973][ T7811] ? ip6_fragment+0x3980/0x3980 [ 198.650817][ T7811] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 198.656346][ T7811] ip6_local_out+0xc4/0x1b0 [ 198.660843][ T7811] ip6_send_skb+0xbb/0x350 [ 198.665258][ T7811] ip6_push_pending_frames+0xc8/0xf0 [ 198.670524][ T7811] rawv6_sendmsg+0x299c/0x35e0 [ 198.675273][ T7811] ? rawv6_getsockopt+0x150/0x150 [ 198.680281][ T7811] ? aa_profile_af_perm+0x320/0x320 [ 198.685480][ T7811] ? find_held_lock+0x35/0x130 [ 198.690234][ T7811] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.696456][ T7811] ? rw_copy_check_uvector+0x2a6/0x330 [ 198.701908][ T7811] ? ___might_sleep+0x163/0x280 [ 198.706751][ T7811] ? __might_sleep+0x95/0x190 [ 198.711429][ T7811] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 198.716955][ T7811] inet_sendmsg+0x147/0x5e0 [ 198.721441][ T7811] ? rawv6_getsockopt+0x150/0x150 [ 198.726442][ T7811] ? inet_sendmsg+0x147/0x5e0 [ 198.731098][ T7811] ? ipip_gro_receive+0x100/0x100 [ 198.736105][ T7811] sock_sendmsg+0xdd/0x130 [ 198.740504][ T7811] ___sys_sendmsg+0x3e2/0x930 [ 198.745166][ T7811] ? copy_msghdr_from_user+0x430/0x430 [ 198.750615][ T7811] ? __lock_acquire+0x548/0x3fb0 [ 198.755545][ T7811] ? __schedule+0x81f/0x1cc0 [ 198.760144][ T7811] ? __might_fault+0x12b/0x1e0 [ 198.764898][ T7811] ? find_held_lock+0x35/0x130 [ 198.769642][ T7811] ? __might_fault+0x12b/0x1e0 [ 198.774394][ T7811] ? lock_downgrade+0x880/0x880 [ 198.779247][ T7811] ? ___might_sleep+0x163/0x280 [ 198.784082][ T7811] __sys_sendmmsg+0x1bf/0x4d0 [ 198.788743][ T7811] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 198.793777][ T7811] ? _copy_to_user+0xc9/0x120 [ 198.798440][ T7811] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.804661][ T7811] ? put_timespec64+0xda/0x140 [ 198.809406][ T7811] ? nsecs_to_jiffies+0x30/0x30 [ 198.814246][ T7811] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.819688][ T7811] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.825127][ T7811] ? do_syscall_64+0x26/0x610 [ 198.829784][ T7811] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.835843][ T7811] ? do_syscall_64+0x26/0x610 [ 198.840504][ T7811] __x64_sys_sendmmsg+0x9d/0x100 [ 198.845424][ T7811] do_syscall_64+0x103/0x610 [ 198.850005][ T7811] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.855880][ T7811] RIP: 0033:0x4582b9 [ 198.859761][ T7811] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 198.879347][ T7811] RSP: 002b:00007f7a58fadc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 02:42:10 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$TIOCSSOFTCAR(r0, 0x541a, 0x0) 02:42:10 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000400)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x8619, 0x0, 0x0, 0x9}]}) [ 198.887740][ T7811] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 198.895699][ T7811] RDX: 0400000000000058 RSI: 0000000020007e00 RDI: 0000000000000004 [ 198.903751][ T7811] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 198.911842][ T7811] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7a58fae6d4 [ 198.919803][ T7811] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff 02:42:11 executing program 1: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0) umount2(&(0x7f0000000040)='./file0\x00', 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000300)='cgroup.threads\x00', 0x2, 0x0) ppoll(&(0x7f0000000240)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0) [ 198.987007][ T7811] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7811 [ 198.996655][ T7811] caller is ip6_finish_output+0x335/0xdc0 [ 199.002451][ T7811] CPU: 1 PID: 7811 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 199.011470][ T7811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.021630][ T7811] Call Trace: [ 199.024940][ T7811] dump_stack+0x172/0x1f0 [ 199.031045][ T7811] __this_cpu_preempt_check+0x246/0x270 [ 199.036682][ T7811] ip6_finish_output+0x335/0xdc0 [ 199.041608][ T7811] ip6_output+0x235/0x7f0 [ 199.045929][ T7811] ? ip6_finish_output+0xdc0/0xdc0 [ 199.051024][ T7811] ? ip6_fragment+0x3980/0x3980 [ 199.055952][ T7811] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 199.061483][ T7811] ip6_local_out+0xc4/0x1b0 [ 199.065983][ T7811] ip6_send_skb+0xbb/0x350 [ 199.070411][ T7811] ip6_push_pending_frames+0xc8/0xf0 [ 199.075681][ T7811] rawv6_sendmsg+0x299c/0x35e0 [ 199.080429][ T7811] ? rawv6_getsockopt+0x150/0x150 [ 199.085433][ T7811] ? aa_profile_af_perm+0x320/0x320 [ 199.090612][ T7811] ? find_held_lock+0x35/0x130 [ 199.095442][ T7811] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.101835][ T7811] ? rw_copy_check_uvector+0x2a6/0x330 [ 199.107280][ T7811] ? ___might_sleep+0x163/0x280 [ 199.112109][ T7811] ? __might_sleep+0x95/0x190 [ 199.116778][ T7811] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 199.122305][ T7811] inet_sendmsg+0x147/0x5e0 [ 199.126804][ T7811] ? rawv6_getsockopt+0x150/0x150 [ 199.131818][ T7811] ? inet_sendmsg+0x147/0x5e0 [ 199.136474][ T7811] ? ipip_gro_receive+0x100/0x100 [ 199.141927][ T7811] sock_sendmsg+0xdd/0x130 [ 199.146350][ T7811] ___sys_sendmsg+0x3e2/0x930 [ 199.151024][ T7811] ? copy_msghdr_from_user+0x430/0x430 [ 199.156814][ T7811] ? __lock_acquire+0x548/0x3fb0 [ 199.161746][ T7811] ? __schedule+0x81f/0x1cc0 [ 199.166408][ T7811] ? __might_fault+0x12b/0x1e0 [ 199.171154][ T7811] ? find_held_lock+0x35/0x130 [ 199.175920][ T7811] ? __might_fault+0x12b/0x1e0 [ 199.180664][ T7811] ? lock_downgrade+0x880/0x880 [ 199.185504][ T7811] ? ___might_sleep+0x163/0x280 [ 199.190450][ T7811] __sys_sendmmsg+0x1bf/0x4d0 [ 199.195121][ T7811] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 199.200127][ T7811] ? _copy_to_user+0xc9/0x120 [ 199.204783][ T7811] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.210997][ T7811] ? put_timespec64+0xda/0x140 [ 199.215737][ T7811] ? nsecs_to_jiffies+0x30/0x30 [ 199.220577][ T7811] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.226023][ T7811] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.231457][ T7811] ? do_syscall_64+0x26/0x610 [ 199.236109][ T7811] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.242149][ T7811] ? do_syscall_64+0x26/0x610 [ 199.246823][ T7811] __x64_sys_sendmmsg+0x9d/0x100 [ 199.251743][ T7811] do_syscall_64+0x103/0x610 [ 199.256310][ T7811] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.262185][ T7811] RIP: 0033:0x4582b9 [ 199.266059][ T7811] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.286610][ T7811] RSP: 002b:00007f7a58fadc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 199.295103][ T7811] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 199.303053][ T7811] RDX: 0400000000000058 RSI: 0000000020007e00 RDI: 0000000000000004 [ 199.311003][ T7811] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 199.318950][ T7811] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7a58fae6d4 [ 199.326902][ T7811] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff 02:42:11 executing program 5: dup2(0xffffffffffffffff, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c9, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000500)={0x200001ea, &(0x7f0000000540)}, 0xffffffffffffff6c) connect$inet6(r0, &(0x7f0000002740)={0xa, 0x0, 0x0, @dev, 0x4}, 0x79) sendmmsg(r0, &(0x7f0000007e00), 0x136a88c8311572c, 0x11) 02:42:11 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000400)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x8619, 0x0, 0x0, 0x9}]}) 02:42:11 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x800, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, 0x0, 0x0, 0x2000000000002) 02:42:11 executing program 5: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c9, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$packet_fanout_data(r1, 0x107, 0x16, 0x0, 0x0) connect$inet6(r0, &(0x7f0000002740)={0xa, 0x0, 0x0, @dev, 0x4}, 0x79) sendmmsg(r0, &(0x7f0000007e00), 0x136a88c8311572c, 0x11) 02:42:11 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000380)='oom_score\x00') preadv(r1, &(0x7f0000000480), 0x1000000000000237, 0x0) 02:42:11 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) dup2(r0, r2) perf_event_open(&(0x7f0000000100)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) fcntl$addseals(r3, 0x409, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='cpu.stat\x00', 0x0, 0x0) ioctl$KDSETKEYCODE(0xffffffffffffffff, 0x4b4d, 0x0) setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, 0x0, 0x0) connect$inet6(r3, &(0x7f0000002740)={0xa, 0x0, 0x0, @dev, 0x4}, 0x79) sendmmsg(r3, &(0x7f0000007e00), 0x136a88c8311572c, 0x11) ioctl$KVM_GET_SUPPORTED_CPUID(0xffffffffffffffff, 0xc008ae05, 0x0) 02:42:11 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000400)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x8619, 0x0, 0x0, 0x9}]}) 02:42:11 executing program 4: r0 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timer\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}})