[ 33.853868][ T26] audit: type=1800 audit(1554628638.300:27): pid=7447 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 33.883379][ T26] audit: type=1800 audit(1554628638.300:28): pid=7447 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 34.751863][ T26] audit: type=1800 audit(1554628639.240:29): pid=7447 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 34.772287][ T26] audit: type=1800 audit(1554628639.240:30): pid=7447 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.2' (ECDSA) to the list of known hosts. 2019/04/07 09:17:35 fuzzer started 2019/04/07 09:17:38 dialing manager at 10.128.0.26:34543 2019/04/07 09:17:38 syscalls: 2408 2019/04/07 09:17:38 code coverage: enabled 2019/04/07 09:17:38 comparison tracing: enabled 2019/04/07 09:17:38 extra coverage: extra coverage is not supported by the kernel 2019/04/07 09:17:38 setuid sandbox: enabled 2019/04/07 09:17:38 namespace sandbox: enabled 2019/04/07 09:17:38 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/07 09:17:38 fault injection: enabled 2019/04/07 09:17:38 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/07 09:17:38 net packet injection: enabled 2019/04/07 09:17:38 net device setup: enabled 09:19:37 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="250000001a008100a00f80ecdb4cb904024865160b000000d4126efb090010005200000040", 0x25}], 0x1}, 0x0) syzkaller login: [ 172.946612][ T7613] IPVS: ftp: loaded support on port[0] = 21 09:19:37 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f0000000100)=@md0='/dev/md0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000240)='sysfs\x00', 0x0, 0x0) [ 173.035487][ T7613] chnl_net:caif_netlink_parms(): no params data found [ 173.100595][ T7613] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.108655][ T7613] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.130074][ T7613] device bridge_slave_0 entered promiscuous mode [ 173.149784][ T7613] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.156962][ T7613] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.169789][ T7613] device bridge_slave_1 entered promiscuous mode [ 173.212712][ T7613] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 173.226469][ T7613] bond0: Enslaving bond_slave_1 as an active interface with an up link 09:19:37 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)) r1 = syz_open_pts(r0, 0x1) fcntl$setstatus(r1, 0x4, 0x102800) ioctl$TCXONC(r1, 0x540a, 0x0) write(r1, &(0x7f0000000000)="d5", 0x1) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) dup3(r1, r0, 0x0) [ 173.261762][ T7616] IPVS: ftp: loaded support on port[0] = 21 [ 173.271512][ T7613] team0: Port device team_slave_0 added [ 173.282256][ T7613] team0: Port device team_slave_1 added 09:19:37 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) socket$kcm(0xa, 0x2000001000000002, 0x0) socket$kcm(0x29, 0x2, 0x0) socket$kcm(0x10, 0x100000000000003, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) socket$kcm(0x29, 0x2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) openat$cgroup_ro(r0, &(0x7f0000000240)='cpuacct.stat\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000580)) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0) r2 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x3e, &(0x7f0000000300)=r1, 0x4) sendmsg$kcm(r2, &(0x7f0000003d00)={&(0x7f0000000380)=@in={0x2, 0x4e23, @multicast1}, 0x80, 0x0}, 0xfd00) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="119a07737e827f"], 0x7) [ 173.430663][ T7613] device hsr_slave_0 entered promiscuous mode [ 173.499240][ T7613] device hsr_slave_1 entered promiscuous mode [ 173.552495][ T7618] IPVS: ftp: loaded support on port[0] = 21 [ 173.556427][ T7613] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.565603][ T7613] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.573451][ T7613] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.580542][ T7613] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.677378][ T7620] IPVS: ftp: loaded support on port[0] = 21 09:19:38 executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000500)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="2c80"]) read$FUSE(r0, &(0x7f0000002740), 0x82) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) set_mempolicy(0x8003, &(0x7f0000000080)=0x5, 0x6) prctl$PR_SET_THP_DISABLE(0x29, 0x10000000000001) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$netlink(0x10, 0x3, 0x1) mincore(&(0x7f0000ffe000/0x2000)=nil, 0x2000, &(0x7f0000000540)=""/229) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x100) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r1, 0xc0305615, &(0x7f0000000040)={0x0, {0x101, 0x6}}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/netlink\x00') [ 173.723816][ T7613] 8021q: adding VLAN 0 to HW filter on device bond0 [ 173.775192][ T7616] chnl_net:caif_netlink_parms(): no params data found [ 173.843013][ T7613] 8021q: adding VLAN 0 to HW filter on device team0 [ 173.886099][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 173.897444][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.917571][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.927454][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 173.965802][ T7618] chnl_net:caif_netlink_parms(): no params data found [ 173.974502][ T7625] IPVS: ftp: loaded support on port[0] = 21 [ 173.994174][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 174.005249][ T12] bridge0: port 1(bridge_slave_0) entered blocking state 09:19:38 executing program 5: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f0000000240)=@sg0='/dev/sg0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='ubifs\x00\xbaDc\\$\xa7]#^O9\x91\xcf\xdf\x98\xc2\xa8\x10\x06\xc6\xe0\xa4\xb5\xaf6:\x82\x87g/\x17;#\x86\x8c\xf3\xd8\xff\x9eP\xbd\'\xfc$\x98J\x1ey$Fg\xe5\x0fq,-Q+\x16\x11\xf6\xaf\xb3z\xd2\xda\v\x8e\xc7\x0e\x85\x83\xc9\x8c\x05\x19g/\x8f\x01\xbe\xd4\x85\xbdH\x1eJ2\xf2\xb2\xf4j/.A\xa3gWY\x96\xed\xe5\a;0VO\x00\x82>\xcfpdB[\x83\x9d3\xd8\x82\a\x91\xed\xb6]\x15\xbbeM<\x11\f\x1f\xee\xff\x01\x93\xd5\x10\xa3p\xf0dI`Yphz\xe3g\\\xff\xcb\xdc\xaf]\xa9\xc2\xbc$\xd0\x17\xd6\xadIw\xb2\xcd(\xa0T\xea\xa0&\xdc\xff\x9e\x15\x12\xf8w\x87E\xb5\v\xccjI\xc9\x02K\xe3\xc9\x7f\x89z\xc9\xe8\xdc\'\x19_/f\x801w\xca\xa1\xd6?\x0f\x17\xa5G\x9c\xef\x04!\x84|\xc7\x15\x82\xc0\xc1\x81\x8c\xec\xb2\xd6\x02\xa8\r\x03\xe7\x05o\x85\fP\xb8b)\x8d\x19\xbb\nj\x15\xb9\"RC\xbc', 0x0, 0x0) [ 174.012427][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 174.022329][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 174.031133][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.038234][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 174.116435][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 174.132546][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 174.141519][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 174.150010][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 174.159193][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 174.203170][ T7629] IPVS: ftp: loaded support on port[0] = 21 [ 174.226761][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 174.234910][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 174.243346][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 174.251724][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 174.260136][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 174.269183][ T7613] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 174.276814][ T7616] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.284071][ T7616] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.293459][ T7616] device bridge_slave_0 entered promiscuous mode [ 174.302473][ T7616] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.309676][ T7616] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.317192][ T7616] device bridge_slave_1 entered promiscuous mode [ 174.339650][ T7620] chnl_net:caif_netlink_parms(): no params data found [ 174.356721][ T7616] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 174.376591][ T7618] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.384536][ T7618] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.392232][ T7618] device bridge_slave_0 entered promiscuous mode [ 174.412827][ T7616] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 174.435188][ T7618] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.442800][ T7618] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.451628][ T7618] device bridge_slave_1 entered promiscuous mode [ 174.494008][ T7620] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.501955][ T7620] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.509587][ T7620] device bridge_slave_0 entered promiscuous mode [ 174.516866][ T7620] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.523993][ T7620] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.531618][ T7620] device bridge_slave_1 entered promiscuous mode [ 174.543950][ T7616] team0: Port device team_slave_0 added [ 174.551383][ T7616] team0: Port device team_slave_1 added [ 174.563899][ T7618] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 174.579478][ T7620] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 174.592805][ T7620] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 174.613036][ T7618] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 174.626518][ T7613] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 174.692635][ T7616] device hsr_slave_0 entered promiscuous mode [ 174.706268][ T7634] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 174.717312][ T7635] netlink: 'syz-executor.0': attribute type 16 has an invalid length. 09:19:39 executing program 0: r0 = open(&(0x7f0000000000)='./file1\x00', 0x400043, 0x0) keyctl$set_reqkey_keyring(0xe, 0xffffffffffffffff) close(r0) sendmmsg(0xffffffffffffffff, 0x0, 0x65460ddc, 0x0) fcntl$lock(0xffffffffffffffff, 0x24, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)) setsockopt$inet_opts(r0, 0x0, 0x9, &(0x7f0000000080)="9cf2d9679c4d04f23de40d07", 0xc) [ 174.739048][ T7616] device hsr_slave_1 entered promiscuous mode [ 174.786791][ T7618] team0: Port device team_slave_0 added [ 174.816452][ T7620] team0: Port device team_slave_0 added [ 174.824592][ T7620] team0: Port device team_slave_1 added 09:19:39 executing program 0: 09:19:39 executing program 0: [ 174.834506][ T7616] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.841593][ T7616] bridge0: port 2(bridge_slave_1) entered forwarding state [ 174.848925][ T7616] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.856986][ T7616] bridge0: port 1(bridge_slave_0) entered forwarding state [ 174.873562][ T7618] team0: Port device team_slave_1 added 09:19:39 executing program 0: [ 174.894370][ T7625] chnl_net:caif_netlink_parms(): no params data found 09:19:39 executing program 0: 09:19:39 executing program 0: 09:19:39 executing program 0: [ 175.030700][ T7620] device hsr_slave_0 entered promiscuous mode [ 175.068459][ T7620] device hsr_slave_1 entered promiscuous mode [ 175.150422][ T7618] device hsr_slave_0 entered promiscuous mode [ 175.188426][ T7618] device hsr_slave_1 entered promiscuous mode [ 175.246925][ T17] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.266641][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.294512][ T7629] chnl_net:caif_netlink_parms(): no params data found [ 175.355651][ T7629] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.363822][ T7629] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.372312][ T7629] device bridge_slave_0 entered promiscuous mode [ 175.379924][ T7625] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.386987][ T7625] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.395546][ T7625] device bridge_slave_0 entered promiscuous mode [ 175.403275][ T7625] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.410748][ T7625] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.418844][ T7625] device bridge_slave_1 entered promiscuous mode [ 175.430871][ T7629] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.437905][ T7629] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.446142][ T7629] device bridge_slave_1 entered promiscuous mode [ 175.465255][ T7629] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 175.486451][ T7625] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 175.496974][ T7625] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 175.506543][ T7629] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 175.524061][ T7616] 8021q: adding VLAN 0 to HW filter on device bond0 [ 175.541043][ T7625] team0: Port device team_slave_0 added [ 175.547811][ T7625] team0: Port device team_slave_1 added [ 175.565759][ T7629] team0: Port device team_slave_0 added [ 175.573925][ T7629] team0: Port device team_slave_1 added [ 175.629677][ T7625] device hsr_slave_0 entered promiscuous mode [ 175.698448][ T7625] device hsr_slave_1 entered promiscuous mode [ 175.783685][ T7616] 8021q: adding VLAN 0 to HW filter on device team0 [ 175.840754][ T7629] device hsr_slave_0 entered promiscuous mode [ 175.878491][ T7629] device hsr_slave_1 entered promiscuous mode [ 175.927896][ T7621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 175.936109][ T7621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 175.971344][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 175.982807][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 175.991459][ T7628] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.998553][ T7628] bridge0: port 1(bridge_slave_0) entered forwarding state [ 176.021027][ T7620] 8021q: adding VLAN 0 to HW filter on device bond0 [ 176.037632][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 176.047552][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 176.056294][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.063385][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 176.071524][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 176.080210][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 176.099824][ T7625] 8021q: adding VLAN 0 to HW filter on device bond0 [ 176.118752][ T7618] 8021q: adding VLAN 0 to HW filter on device bond0 [ 176.126244][ T7621] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 176.134882][ T7621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 176.143932][ T7621] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 176.152345][ T7621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 176.161415][ T7621] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 176.169962][ T7621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 176.179083][ T7621] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 176.187233][ T7621] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 176.205259][ T7620] 8021q: adding VLAN 0 to HW filter on device team0 [ 176.219642][ T7618] 8021q: adding VLAN 0 to HW filter on device team0 [ 176.230076][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 176.237819][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 176.245908][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 176.253865][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 176.261866][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 176.272835][ T7616] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 176.285272][ T7616] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 176.297369][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 176.305620][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 176.327913][ T7625] 8021q: adding VLAN 0 to HW filter on device team0 [ 176.339549][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 176.348363][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 176.356761][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.363846][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 176.372704][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 176.381289][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 176.389850][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.396869][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 176.404618][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 176.413167][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 176.421538][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.428634][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 176.436193][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 176.445055][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 176.453397][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.460464][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 176.468738][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 176.478126][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 176.485907][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 176.504300][ T7616] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 176.512687][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 176.522458][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 176.531166][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 176.539883][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 176.556640][ T7620] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 176.567477][ T7620] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 176.590552][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 176.598449][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 176.606870][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 176.615401][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 176.624004][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 176.632383][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 176.642372][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 176.651012][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 176.659617][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 176.667830][ T7628] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.674912][ T7628] bridge0: port 1(bridge_slave_0) entered forwarding state [ 176.682911][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 176.691435][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 176.701634][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 176.710022][ T7628] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.717060][ T7628] bridge0: port 2(bridge_slave_1) entered forwarding state [ 176.724798][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 176.733775][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 176.742261][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 176.752224][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 176.759784][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 176.767495][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 176.790507][ T7629] 8021q: adding VLAN 0 to HW filter on device bond0 09:19:41 executing program 1: [ 176.832318][ T7621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 176.846825][ T7621] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 176.857032][ T7621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 176.865827][ T7621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 176.874810][ T7621] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 176.893014][ T7621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 176.903375][ T7621] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 176.915368][ T7621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 176.924002][ T7621] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 176.932275][ T7621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 176.940572][ T7621] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 176.953812][ T7618] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 176.964609][ T7618] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 176.984896][ T7625] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 176.996040][ T7620] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 177.005401][ T7621] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 177.014950][ T7621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 177.024266][ T7621] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 177.032650][ T7621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 177.041131][ T7621] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 177.051092][ T7621] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 177.065522][ T7618] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 177.075955][ T7629] 8021q: adding VLAN 0 to HW filter on device team0 [ 177.091305][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 177.099168][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 177.106676][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 177.117275][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 177.126119][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.133204][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.159239][ T7625] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 177.166421][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 177.195164][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 09:19:41 executing program 2: [ 177.217228][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 177.245864][ T2969] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.253009][ T2969] bridge0: port 2(bridge_slave_1) entered forwarding state [ 177.266942][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 177.286758][ T7668] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7668 [ 177.296650][ T7668] caller is sk_mc_loop+0x1d/0x210 [ 177.301757][ T7668] CPU: 1 PID: 7668 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 177.310765][ T7668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 177.320808][ T7668] Call Trace: [ 177.320845][ T7668] dump_stack+0x172/0x1f0 [ 177.320868][ T7668] __this_cpu_preempt_check+0x246/0x270 [ 177.320887][ T7668] sk_mc_loop+0x1d/0x210 [ 177.320901][ T7668] ip_mc_output+0x2ef/0xf70 [ 177.320919][ T7668] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 177.320934][ T7668] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 177.320948][ T7668] ? prandom_u32_state+0x13/0x180 [ 177.320963][ T7668] ? ip_append_data.part.0+0x170/0x170 [ 177.364641][ T7668] ? __ip_make_skb+0xf15/0x1820 [ 177.369477][ T7668] ip_local_out+0xc4/0x1b0 [ 177.373873][ T7668] ip_send_skb+0x42/0xf0 [ 177.378094][ T7668] udp_send_skb.isra.0+0x6b2/0x1180 [ 177.383278][ T7668] udp_push_pending_frames+0x5c/0xf0 [ 177.388567][ T7668] udp_sendmsg+0x12ff/0x2820 [ 177.393147][ T7668] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 177.399374][ T7668] ? ip_reply_glue_bits+0xc0/0xc0 [ 177.404377][ T7668] ? udp4_lib_lookup_skb+0x440/0x440 [ 177.409645][ T7668] ? ___might_sleep+0x163/0x280 [ 177.414477][ T7668] ? ___might_sleep+0x163/0x280 [ 177.419304][ T7668] ? __might_sleep+0x95/0x190 [ 177.423990][ T7668] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 177.429610][ T7668] ? aa_sk_perm+0x288/0x880 [ 177.434108][ T7668] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 177.439635][ T7668] inet_sendmsg+0x147/0x5e0 [ 177.444116][ T7668] ? udp4_lib_lookup_skb+0x440/0x440 [ 177.449375][ T7668] ? inet_sendmsg+0x147/0x5e0 [ 177.454028][ T7668] ? ipip_gro_receive+0x100/0x100 [ 177.459144][ T7668] sock_sendmsg+0xdd/0x130 [ 177.463549][ T7668] sock_write_iter+0x27c/0x3e0 [ 177.468301][ T7668] ? sock_sendmsg+0x130/0x130 [ 177.472965][ T7668] ? aa_path_link+0x460/0x460 [ 177.477641][ T7668] ? find_held_lock+0x35/0x130 [ 177.482382][ T7668] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 177.488599][ T7668] ? iov_iter_init+0xee/0x220 [ 177.493343][ T7668] new_sync_write+0x4c7/0x760 [ 177.497998][ T7668] ? default_llseek+0x2e0/0x2e0 [ 177.502830][ T7668] ? common_file_perm+0x238/0x720 [ 177.507830][ T7668] ? __fget+0x381/0x550 [ 177.511966][ T7668] ? apparmor_file_permission+0x25/0x30 [ 177.517505][ T7668] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 177.523730][ T7668] ? security_file_permission+0x94/0x380 [ 177.529343][ T7668] __vfs_write+0xe4/0x110 [ 177.533700][ T7668] vfs_write+0x20c/0x580 [ 177.537922][ T7668] ksys_write+0xea/0x1f0 [ 177.542148][ T7668] ? __ia32_sys_read+0xb0/0xb0 [ 177.546896][ T7668] ? do_syscall_64+0x26/0x610 [ 177.551555][ T7668] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 177.557599][ T7668] ? do_syscall_64+0x26/0x610 [ 177.562258][ T7668] __x64_sys_write+0x73/0xb0 [ 177.566827][ T7668] do_syscall_64+0x103/0x610 [ 177.571398][ T7668] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 177.577277][ T7668] RIP: 0033:0x4582b9 [ 177.581147][ T7668] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 177.600733][ T7668] RSP: 002b:00007f0fbde92c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 177.609245][ T7668] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 177.617288][ T7668] RDX: 0000000000000007 RSI: 0000000020000280 RDI: 0000000000000015 [ 177.625254][ T7668] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 177.633210][ T7668] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0fbde936d4 [ 177.641184][ T7668] R13: 00000000004c7a90 R14: 00000000004ddb68 R15: 00000000ffffffff [ 177.657008][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 177.671452][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 177.680209][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 177.699046][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 177.706835][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 177.716190][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 177.724878][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 177.733671][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 177.740111][ T7662] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7662 [ 177.741920][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 177.750986][ T7662] caller is sk_mc_loop+0x1d/0x210 [ 177.759275][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 177.764193][ T7662] CPU: 0 PID: 7662 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 177.780860][ T7662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 177.790916][ T7662] Call Trace: [ 177.794202][ T7662] dump_stack+0x172/0x1f0 [ 177.798540][ T7662] __this_cpu_preempt_check+0x246/0x270 [ 177.804073][ T7662] sk_mc_loop+0x1d/0x210 [ 177.808300][ T7662] ip_mc_output+0x2ef/0xf70 [ 177.812792][ T7662] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 177.818774][ T7662] ? ip_append_data.part.0+0x170/0x170 [ 177.824221][ T7662] ? retint_kernel+0x2d/0x2d [ 177.828794][ T7662] ip_local_out+0xc4/0x1b0 [ 177.833207][ T7662] ip_send_skb+0x42/0xf0 [ 177.837433][ T7662] udp_send_skb.isra.0+0x6b2/0x1180 [ 177.842619][ T7662] udp_push_pending_frames+0x5c/0xf0 [ 177.847905][ T7662] udp_sendmsg+0x12ff/0x2820 [ 177.852479][ T7662] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 177.858722][ T7662] ? finish_task_switch+0x146/0x780 [ 177.863899][ T7662] ? ip_reply_glue_bits+0xc0/0xc0 [ 177.868907][ T7662] ? udp4_lib_lookup_skb+0x440/0x440 [ 177.874177][ T7662] ? ___might_sleep+0x163/0x280 [ 177.879011][ T7662] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 177.885262][ T7662] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 177.890703][ T7662] ? lockdep_hardirqs_on+0x418/0x5d0 [ 177.895969][ T7662] ? retint_kernel+0x2d/0x2d [ 177.900543][ T7662] ? trace_hardirqs_on_caller+0x6a/0x220 [ 177.906162][ T7662] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 177.911605][ T7662] ? retint_kernel+0x2d/0x2d [ 177.916184][ T7662] ? ipip_gro_receive+0x100/0x100 [ 177.921190][ T7662] inet_sendmsg+0x147/0x5e0 [ 177.925790][ T7662] ? udp4_lib_lookup_skb+0x440/0x440 [ 177.931054][ T7662] ? inet_sendmsg+0x147/0x5e0 [ 177.935712][ T7662] ? ipip_gro_receive+0x100/0x100 [ 177.940723][ T7662] sock_sendmsg+0xdd/0x130 [ 177.945137][ T7662] sock_write_iter+0x27c/0x3e0 [ 177.949887][ T7662] ? sock_sendmsg+0x130/0x130 [ 177.954565][ T7662] ? aa_path_link+0x460/0x460 [ 177.959224][ T7662] ? lockdep_hardirqs_on+0x418/0x5d0 [ 177.964490][ T7662] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 177.970720][ T7662] ? iov_iter_init+0xee/0x220 [ 177.975396][ T7662] new_sync_write+0x4c7/0x760 [ 177.980054][ T7662] ? default_llseek+0x2e0/0x2e0 [ 177.984888][ T7662] ? retint_kernel+0x2d/0x2d [ 177.989462][ T7662] ? common_file_perm+0x238/0x720 [ 177.994610][ T7662] ? apparmor_mmap_file+0xa0/0xa0 [ 177.999616][ T7662] ? apparmor_file_permission+0x25/0x30 [ 178.005142][ T7662] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 178.011365][ T7662] ? security_file_permission+0x94/0x380 [ 178.016979][ T7662] __vfs_write+0xe4/0x110 [ 178.021295][ T7662] vfs_write+0x20c/0x580 [ 178.025526][ T7662] ksys_write+0xea/0x1f0 [ 178.029756][ T7662] ? __ia32_sys_read+0xb0/0xb0 [ 178.034513][ T7662] ? do_syscall_64+0x26/0x610 [ 178.039173][ T7662] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 178.045221][ T7662] ? do_syscall_64+0x26/0x610 [ 178.049884][ T7662] __x64_sys_write+0x73/0xb0 [ 178.054456][ T7662] do_syscall_64+0x103/0x610 [ 178.059042][ T7662] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 178.064912][ T7662] RIP: 0033:0x4582b9 [ 178.068796][ T7662] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 178.088497][ T7662] RSP: 002b:00007f0fbdeb3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 178.096893][ T7662] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 178.104844][ T7662] RDX: 0000000000000007 RSI: 0000000020000280 RDI: 0000000000000027 [ 178.112796][ T7662] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 178.120835][ T7662] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0fbdeb46d4 [ 178.128873][ T7662] R13: 00000000004c7a90 R14: 00000000004ddb68 R15: 00000000ffffffff [ 178.149700][ T7629] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 178.209116][ T7629] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 178.212098][ C0] hrtimer: interrupt took 40987 ns 09:19:42 executing program 3: [ 178.307787][ T7676] UBIFS error (pid: 7676): cannot open "/dev/sg0", error -22 09:19:43 executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000500)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="2c80"]) read$FUSE(r0, &(0x7f0000002740), 0x82) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) set_mempolicy(0x8003, &(0x7f0000000080)=0x5, 0x6) prctl$PR_SET_THP_DISABLE(0x29, 0x10000000000001) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$netlink(0x10, 0x3, 0x1) mincore(&(0x7f0000ffe000/0x2000)=nil, 0x2000, &(0x7f0000000540)=""/229) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x100) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r1, 0xc0305615, &(0x7f0000000040)={0x0, {0x101, 0x6}}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/netlink\x00') 09:19:43 executing program 0: 09:19:43 executing program 1: 09:19:43 executing program 3: 09:19:43 executing program 2: 09:19:43 executing program 5: 09:19:43 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000500)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="2c80"]) read$FUSE(r0, &(0x7f0000002740), 0x82) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) set_mempolicy(0x8003, &(0x7f0000000080)=0x5, 0x6) prctl$PR_SET_THP_DISABLE(0x29, 0x10000000000001) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$netlink(0x10, 0x3, 0x1) mincore(&(0x7f0000ffe000/0x2000)=nil, 0x2000, &(0x7f0000000540)=""/229) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x100) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r1, 0xc0305615, &(0x7f0000000040)={0x0, {0x101, 0x6}}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/netlink\x00') 09:19:43 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000500)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="2c80"]) read$FUSE(r0, &(0x7f0000002740), 0x82) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) set_mempolicy(0x8003, &(0x7f0000000080)=0x5, 0x6) prctl$PR_SET_THP_DISABLE(0x29, 0x10000000000001) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$netlink(0x10, 0x3, 0x1) mincore(&(0x7f0000ffe000/0x2000)=nil, 0x2000, &(0x7f0000000540)=""/229) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x100) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r1, 0xc0305615, &(0x7f0000000040)={0x0, {0x101, 0x6}}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/netlink\x00') 09:19:43 executing program 1: 09:19:43 executing program 3: 09:19:43 executing program 2: 09:19:43 executing program 2: 09:19:43 executing program 4: 09:19:43 executing program 1: 09:19:43 executing program 3: 09:19:43 executing program 2: 09:19:43 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000500)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="2c80"]) read$FUSE(r0, &(0x7f0000002740), 0x82) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) set_mempolicy(0x8003, &(0x7f0000000080)=0x5, 0x6) prctl$PR_SET_THP_DISABLE(0x29, 0x10000000000001) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$netlink(0x10, 0x3, 0x1) mincore(&(0x7f0000ffe000/0x2000)=nil, 0x2000, &(0x7f0000000540)=""/229) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x100) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r1, 0xc0305615, &(0x7f0000000040)={0x0, {0x101, 0x6}}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/netlink\x00') 09:19:43 executing program 3: 09:19:43 executing program 1: 09:19:44 executing program 0: 09:19:44 executing program 2: 09:19:44 executing program 4: 09:19:44 executing program 3: 09:19:44 executing program 1: 09:19:44 executing program 3: 09:19:44 executing program 4: 09:19:44 executing program 2: 09:19:44 executing program 0: 09:19:44 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000500)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="2c80"]) read$FUSE(r0, &(0x7f0000002740), 0x82) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) set_mempolicy(0x8003, &(0x7f0000000080)=0x5, 0x6) prctl$PR_SET_THP_DISABLE(0x29, 0x10000000000001) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$netlink(0x10, 0x3, 0x1) mincore(&(0x7f0000ffe000/0x2000)=nil, 0x2000, &(0x7f0000000540)=""/229) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x100) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r1, 0xc0305615, &(0x7f0000000040)={0x0, {0x101, 0x6}}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/netlink\x00') 09:19:44 executing program 1: 09:19:44 executing program 4: 09:19:44 executing program 2: 09:19:44 executing program 0: 09:19:44 executing program 3: 09:19:44 executing program 4: 09:19:44 executing program 3: 09:19:44 executing program 1: 09:19:44 executing program 2: 09:19:44 executing program 0: 09:19:44 executing program 2: 09:19:45 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000500)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="2c80"]) read$FUSE(r0, &(0x7f0000002740), 0x82) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) set_mempolicy(0x8003, &(0x7f0000000080)=0x5, 0x6) prctl$PR_SET_THP_DISABLE(0x29, 0x10000000000001) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$netlink(0x10, 0x3, 0x1) mincore(&(0x7f0000ffe000/0x2000)=nil, 0x2000, &(0x7f0000000540)=""/229) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x100) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r1, 0xc0305615, &(0x7f0000000040)={0x0, {0x101, 0x6}}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 09:19:45 executing program 4: 09:19:45 executing program 3: 09:19:45 executing program 1: 09:19:45 executing program 0: 09:19:45 executing program 2: 09:19:45 executing program 4: 09:19:45 executing program 2: 09:19:45 executing program 1: 09:19:45 executing program 3: 09:19:45 executing program 0: 09:19:45 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@updpolicy={0xb8, 0x14, 0x40d, 0x0, 0x0, {{@in6=@mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0xa]}, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}, 0x8}, 0x0) [ 180.965390][ T7810] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.4'. 09:19:45 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000500)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="2c80"]) read$FUSE(r0, &(0x7f0000002740), 0x82) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) set_mempolicy(0x8003, &(0x7f0000000080)=0x5, 0x6) prctl$PR_SET_THP_DISABLE(0x29, 0x10000000000001) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$netlink(0x10, 0x3, 0x1) mincore(&(0x7f0000ffe000/0x2000)=nil, 0x2000, &(0x7f0000000540)=""/229) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x100) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r1, 0xc0305615, &(0x7f0000000040)={0x0, {0x101, 0x6}}) 09:19:45 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, &(0x7f0000000280)) bind$can_raw(0xffffffffffffffff, &(0x7f0000000200), 0x10) sendmmsg$unix(0xffffffffffffffff, &(0x7f000000a000)=[{&(0x7f000000a000)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0xfffffffffffffe8a}], 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000002740)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) sendmmsg(r0, &(0x7f0000007e00), 0x136a88c8311572c, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000400)=0x4, 0x4) r1 = syz_open_pts(0xffffffffffffff9c, 0x40000) ioctl$KDGKBDIACR(r1, 0x4b4a, &(0x7f00000001c0)=""/14) 09:19:45 executing program 3: creat(&(0x7f0000000000)='./file0\x00', 0x1) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x0, 0x1}, 0x1c) syz_open_dev$dmmidi(0x0, 0x0, 0x0) getsockopt$ARPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) write$P9_RWALK(0xffffffffffffffff, 0x0, 0x0) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r1, 0x4000000fffe) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) shutdown(r2, 0x2) r3 = accept4(r1, 0x0, 0x0, 0x0) sendto$inet6(r3, &(0x7f00000000c0), 0xfffffdda, 0x5, 0x0, 0xfffffffffffffff0) 09:19:45 executing program 2: perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x5, 0x0) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f0000000040), 0x4000000000005de, 0x3b9ac9ff, &(0x7f0000000100)={0x77359400}) 09:19:45 executing program 0: 09:19:45 executing program 4: [ 181.276633][ T7825] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7825 [ 181.286654][ T7825] caller is ip6_finish_output+0x335/0xdc0 [ 181.297118][ T7825] CPU: 0 PID: 7825 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 181.306156][ T7825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 181.316214][ T7825] Call Trace: [ 181.319513][ T7825] dump_stack+0x172/0x1f0 [ 181.323874][ T7825] __this_cpu_preempt_check+0x246/0x270 [ 181.329433][ T7825] ip6_finish_output+0x335/0xdc0 [ 181.334383][ T7825] ? rcu_read_unlock_special+0xf3/0x210 [ 181.340024][ T7825] ip6_output+0x235/0x7f0 [ 181.344356][ T7825] ? ip6_finish_output+0xdc0/0xdc0 [ 181.349471][ T7825] ? ip6_fragment+0x3980/0x3980 [ 181.354323][ T7825] ? lockdep_hardirqs_on+0x418/0x5d0 [ 181.359609][ T7825] ? retint_kernel+0x2d/0x2d [ 181.364204][ T7825] ? trace_hardirqs_on_caller+0x6a/0x220 [ 181.369839][ T7825] ip6_local_out+0xc4/0x1b0 [ 181.374349][ T7825] ip6_send_skb+0xbb/0x350 [ 181.378776][ T7825] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 181.384244][ T7825] udpv6_sendmsg+0x21e3/0x28d0 [ 181.389022][ T7825] ? find_held_lock+0x35/0x130 [ 181.393785][ T7825] ? ip_reply_glue_bits+0xc0/0xc0 [ 181.398817][ T7825] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 181.404802][ T7825] ? aa_profile_af_perm+0x320/0x320 [ 181.410086][ T7825] ? retint_kernel+0x2d/0x2d [ 181.414711][ T7825] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 181.420257][ T7825] inet_sendmsg+0x147/0x5e0 [ 181.424771][ T7825] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 181.430744][ T7825] ? inet_sendmsg+0x147/0x5e0 [ 181.435420][ T7825] ? ipip_gro_receive+0x100/0x100 [ 181.440445][ T7825] sock_sendmsg+0xdd/0x130 [ 181.444884][ T7825] ___sys_sendmsg+0x3e2/0x930 [ 181.449563][ T7825] ? copy_msghdr_from_user+0x430/0x430 [ 181.455024][ T7825] ? lock_downgrade+0x880/0x880 [ 181.459872][ T7825] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 181.466112][ T7825] ? kasan_check_read+0x11/0x20 [ 181.470964][ T7825] ? __fget+0x381/0x550 [ 181.475122][ T7825] ? ksys_dup3+0x3e0/0x3e0 [ 181.479536][ T7825] ? __lock_acquire+0x548/0x3fb0 [ 181.484477][ T7825] ? __fget_light+0x1a9/0x230 [ 181.489153][ T7825] ? __fdget+0x1b/0x20 [ 181.493216][ T7825] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 181.499456][ T7825] ? sockfd_lookup_light+0xcb/0x180 [ 181.504652][ T7825] __sys_sendmmsg+0x1bf/0x4d0 [ 181.509427][ T7825] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 181.514474][ T7825] ? _copy_to_user+0xc9/0x120 [ 181.519159][ T7825] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 181.525399][ T7825] ? put_timespec64+0xda/0x140 [ 181.530163][ T7825] ? nsecs_to_jiffies+0x30/0x30 [ 181.535025][ T7825] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 181.540487][ T7825] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 181.545947][ T7825] ? do_syscall_64+0x26/0x610 [ 181.550626][ T7825] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 181.556690][ T7825] ? do_syscall_64+0x26/0x610 [ 181.561374][ T7825] __x64_sys_sendmmsg+0x9d/0x100 [ 181.566327][ T7825] do_syscall_64+0x103/0x610 [ 181.570930][ T7825] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 181.576816][ T7825] RIP: 0033:0x4582b9 [ 181.580709][ T7825] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 181.600311][ T7825] RSP: 002b:00007f3e1d9fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 181.608725][ T7825] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 181.616717][ T7825] RDX: 0136a88c8311572c RSI: 0000000020007e00 RDI: 0000000000000004 [ 181.624686][ T7825] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 181.632653][ T7825] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3e1d9ff6d4 [ 181.640622][ T7825] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 181.643785][ T7826] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7826 [ 181.658911][ T7826] caller is ip6_finish_output+0x335/0xdc0 [ 181.664645][ T7826] CPU: 1 PID: 7826 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 181.673648][ T7826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 181.673654][ T7826] Call Trace: [ 181.673676][ T7826] dump_stack+0x172/0x1f0 [ 181.673699][ T7826] __this_cpu_preempt_check+0x246/0x270 [ 181.673718][ T7826] ip6_finish_output+0x335/0xdc0 [ 181.673736][ T7826] ip6_output+0x235/0x7f0 [ 181.673752][ T7826] ? ip6_finish_output+0xdc0/0xdc0 [ 181.673775][ T7826] ? ip6_fragment+0x3980/0x3980 [ 181.717615][ T7826] ip6_xmit+0xe41/0x20c0 [ 181.721861][ T7826] ? ip6_finish_output2+0x2550/0x2550 [ 181.727219][ T7826] ? mark_held_locks+0xf0/0xf0 [ 181.731991][ T7826] ? ip6_setup_cork+0x1870/0x1870 [ 181.737097][ T7826] inet6_csk_xmit+0x2fb/0x5d0 [ 181.741764][ T7826] ? inet6_csk_update_pmtu+0x190/0x190 [ 181.747204][ T7826] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 181.753447][ T7826] ? csum_ipv6_magic+0x20/0x80 [ 181.758202][ T7826] __tcp_transmit_skb+0x1a32/0x3750 [ 181.763485][ T7826] ? __tcp_select_window+0x8b0/0x8b0 [ 181.768764][ T7826] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 181.774986][ T7826] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 181.780677][ T7826] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 181.786951][ T7826] tcp_connect+0x1e47/0x4280 [ 181.791532][ T7826] ? tcp_push_one+0x110/0x110 [ 181.796196][ T7826] ? secure_tcpv6_ts_off+0x24f/0x360 [ 181.801555][ T7826] ? secure_dccpv6_sequence_number+0x280/0x280 [ 181.807725][ T7826] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 181.813960][ T7826] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 181.820182][ T7826] ? prandom_u32_state+0x13/0x180 [ 181.825292][ T7826] tcp_v6_connect+0x150b/0x20a0 [ 181.830124][ T7826] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 181.835482][ T7826] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 181.840777][ T7826] ? find_held_lock+0x35/0x130 [ 181.845526][ T7826] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 181.848250][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 181.851153][ T7826] __inet_stream_connect+0x83f/0xea0 [ 181.851171][ T7826] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 181.857118][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 181.862318][ T7826] ? __inet_stream_connect+0x83f/0xea0 [ 181.862339][ T7826] ? inet_dgram_connect+0x2e0/0x2e0 [ 181.862353][ T7826] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 181.862366][ T7826] ? rcu_read_lock_sched_held+0x110/0x130 [ 181.862381][ T7826] ? kmem_cache_alloc_trace+0x354/0x760 [ 181.862400][ T7826] ? __lock_acquire+0x548/0x3fb0 [ 181.906423][ T7826] tcp_sendmsg_locked+0x231f/0x37f0 [ 181.911609][ T7826] ? mark_held_locks+0xf0/0xf0 [ 181.916357][ T7826] ? mark_held_locks+0xa4/0xf0 [ 181.921104][ T7826] ? tcp_sendpage+0x60/0x60 [ 181.925589][ T7826] ? lock_sock_nested+0x9a/0x120 [ 181.930519][ T7826] ? trace_hardirqs_on+0x67/0x230 [ 181.935523][ T7826] ? lock_sock_nested+0x9a/0x120 [ 181.940459][ T7826] ? __local_bh_enable_ip+0x15a/0x270 [ 181.945829][ T7826] tcp_sendmsg+0x30/0x50 [ 181.950054][ T7826] inet_sendmsg+0x147/0x5e0 [ 181.954537][ T7826] ? ipip_gro_receive+0x100/0x100 [ 181.959545][ T7826] sock_sendmsg+0xdd/0x130 [ 181.963942][ T7826] __sys_sendto+0x262/0x380 [ 181.968428][ T7826] ? __ia32_sys_getpeername+0xb0/0xb0 [ 181.973793][ T7826] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 181.980025][ T7826] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 181.985467][ T7826] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 181.990908][ T7826] ? do_syscall_64+0x26/0x610 [ 181.995582][ T7826] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 182.001720][ T7826] __x64_sys_sendto+0xe1/0x1a0 [ 182.006471][ T7826] do_syscall_64+0x103/0x610 [ 182.011045][ T7826] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 182.016916][ T7826] RIP: 0033:0x4582b9 [ 182.020811][ T7826] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 182.040397][ T7826] RSP: 002b:00007f0fbdeb3c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 182.048790][ T7826] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 182.056745][ T7826] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 182.064703][ T7826] RBP: 000000000073bf00 R08: 000000002031e000 R09: 000000000000001c 09:19:46 executing program 4: socketpair(0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000700)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x10, 0x3, 0x10) r2 = socket$kcm(0x10, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x10e, 0x2, &(0x7f0000002780)=r2, 0x4) 09:19:46 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) setxattr$trusted_overlay_redirect(0x0, 0x0, 0x0, 0xffffffffffffffbf, 0x0) getpgrp(0xffffffffffffffff) getpgid(0x0) semctl$SEM_STAT(r0, 0x1, 0x10, 0x0) 09:19:46 executing program 0: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_proto_private(0xffffffffffffffff, 0x0, 0x0) r1 = dup(r0) clock_gettime(0x0, 0x0) setsockopt$sock_timeval(r1, 0x1, 0x0, 0x0, 0x0) [ 182.072655][ T7826] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f0fbdeb46d4 [ 182.080605][ T7826] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 182.094684][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 182.100622][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 182.110313][ T7825] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7825 [ 182.119813][ T7825] caller is sk_mc_loop+0x1d/0x210 [ 182.124995][ T7825] CPU: 1 PID: 7825 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 182.134012][ T7825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 182.144151][ T7825] Call Trace: [ 182.147477][ T7825] dump_stack+0x172/0x1f0 [ 182.151825][ T7825] __this_cpu_preempt_check+0x246/0x270 [ 182.157382][ T7825] sk_mc_loop+0x1d/0x210 [ 182.161649][ T7825] ip6_finish_output2+0x17a5/0x2550 [ 182.166840][ T7825] ? find_held_lock+0x35/0x130 [ 182.171607][ T7825] ? ip6_mtu+0x2e6/0x460 [ 182.175850][ T7825] ? ip6_forward_finish+0x580/0x580 [ 182.175870][ T7825] ? lock_downgrade+0x880/0x880 [ 182.175886][ T7825] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 182.175907][ T7825] ? kasan_check_read+0x11/0x20 [ 182.197028][ T7825] ip6_finish_output+0x614/0xdc0 [ 182.201971][ T7825] ? ip6_finish_output+0x614/0xdc0 [ 182.207088][ T7825] ip6_output+0x235/0x7f0 [ 182.211424][ T7825] ? ip6_finish_output+0xdc0/0xdc0 [ 182.216546][ T7825] ? ip6_fragment+0x3980/0x3980 [ 182.221395][ T7825] ? lockdep_hardirqs_on+0x418/0x5d0 [ 182.221410][ T7825] ? retint_kernel+0x2d/0x2d [ 182.221426][ T7825] ? trace_hardirqs_on_caller+0x6a/0x220 [ 182.221443][ T7825] ip6_local_out+0xc4/0x1b0 [ 182.221460][ T7825] ip6_send_skb+0xbb/0x350 [ 182.221478][ T7825] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 182.221498][ T7825] udpv6_sendmsg+0x21e3/0x28d0 [ 182.221508][ T7825] ? find_held_lock+0x35/0x130 [ 182.221521][ T7825] ? ip_reply_glue_bits+0xc0/0xc0 [ 182.221541][ T7825] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 182.221561][ T7825] ? aa_profile_af_perm+0x320/0x320 [ 182.221578][ T7825] ? retint_kernel+0x2d/0x2d [ 182.281598][ T7825] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 182.281617][ T7825] inet_sendmsg+0x147/0x5e0 [ 182.291642][ T7825] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 182.297610][ T7825] ? inet_sendmsg+0x147/0x5e0 [ 182.302274][ T7825] ? ipip_gro_receive+0x100/0x100 [ 182.307285][ T7825] sock_sendmsg+0xdd/0x130 [ 182.311689][ T7825] ___sys_sendmsg+0x3e2/0x930 [ 182.316355][ T7825] ? copy_msghdr_from_user+0x430/0x430 [ 182.321811][ T7825] ? lock_downgrade+0x880/0x880 [ 182.326903][ T7825] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 182.333129][ T7825] ? kasan_check_read+0x11/0x20 [ 182.337968][ T7825] ? __fget+0x381/0x550 [ 182.342113][ T7825] ? ksys_dup3+0x3e0/0x3e0 [ 182.346509][ T7825] ? __lock_acquire+0x548/0x3fb0 [ 182.351432][ T7825] ? __fget_light+0x1a9/0x230 [ 182.356192][ T7825] ? __fdget+0x1b/0x20 [ 182.360249][ T7825] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 182.366471][ T7825] ? sockfd_lookup_light+0xcb/0x180 [ 182.371651][ T7825] __sys_sendmmsg+0x1bf/0x4d0 [ 182.376315][ T7825] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 182.381330][ T7825] ? _copy_to_user+0xc9/0x120 [ 182.385991][ T7825] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 182.392318][ T7825] ? put_timespec64+0xda/0x140 [ 182.397063][ T7825] ? nsecs_to_jiffies+0x30/0x30 [ 182.402077][ T7825] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 182.407518][ T7825] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 182.412975][ T7825] ? do_syscall_64+0x26/0x610 [ 182.417633][ T7825] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 182.423683][ T7825] ? do_syscall_64+0x26/0x610 [ 182.428344][ T7825] __x64_sys_sendmmsg+0x9d/0x100 [ 182.433271][ T7825] do_syscall_64+0x103/0x610 [ 182.437854][ T7825] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 182.443733][ T7825] RIP: 0033:0x4582b9 [ 182.447613][ T7825] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 182.467207][ T7825] RSP: 002b:00007f3e1d9fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 09:19:46 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz0\x00', 0x200002, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000000c0)={r0, 0x18, &(0x7f0000000340)}, 0xffffffffffffffba) r1 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0xffffff7a) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x6912ded7695d98a5) pipe(0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(0xffffffffffffffff, 0x84, 0x20, 0x0, 0x0) bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e23, @remote}, 0x10) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f00006dc000)=[{0x6, 0x0, 0x0, 0xa1}]}, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000200)='dctcp\x00N\xc7\xfcd\xf7\x8a\x06\xa2>k;\x9eOP\xe1?\xe4\xe2R>\xec\xd3;\x80\x9f\x92\x8d;>\xee\xb8[w\n\xa7M\n\xec\xe8t\xf4{3f\x97\xf8?\xee\x93$T\xc1\xd4N8\xd6\a\x10%=\xc6G\xc2\xa0\xfe]Q\x01Bd\\\xe2\x05i$\xb5\xf9|T\x16Hy\xb4\x9f\xa2i\xe0s\x14\x9c\xefDn\xb2y\x86\xa3]\x81\t\x9e\x86\xb3z\xb5\xf5dQ6\xaf\xab\x938-SL\xa0.\xd5V\x95g\xbax\x9b-W\x06\xd3{\x92\x8d=\x18\xbe$\x88*}\xaf\x12f\x93\xde\x00\x01~m\x95\xe9\x11\xbd\x8c\xa9\xfb\xbe}\xdc\x05}+\xa3q\xf0\xa8\xfe\x16.\xf42ZI,\f3{\xd8I\x84\xdb\xd2\x1er\x93\xe58z\x94\xfb\xc3\x8c\xd9Gj\xd6\x18\a\'\xc1w|u/\x9a6\xc2\x03,8\x9f9\xe3u\x846\x06\x191a\\\xcb\x17\xf9\x1f\xda\xb8\x80B!\x9d~\xde', 0x44d9) sendfile(0xffffffffffffffff, r1, 0x0, 0x56e5) ioctl(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x200007ff, &(0x7f0000deaff0)={0x2, 0x4e23}, 0x10) socket$inet_smc(0x2b, 0x1, 0x0) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0xfcf9) socketpair(0x0, 0x0, 0x0, 0x0) socket$xdp(0x2c, 0x3, 0x0) socket$xdp(0x2c, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x2, 0x0, 0x0) socket$inet6_sctp(0xa, 0x0, 0x84) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x34) ioctl$sock_inet_tcp_SIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, 0x0, 0x0) sendto$inet(r2, &(0x7f00006fd000)="c3401c344654f3c7d9b41ba48c8e319aa4eedc3d6bd8ebd65c856a27d61154adc2b2a9763ae0001c0d3235d2fa5860c9176d0f289be11f38e9dd18c58f6bd779650fc30f93653bdaecf323c9f6506a7868aba2d5a066b289546465a5eb278de12b1989f64cc99412e36880d20c34d91051b22f6c8acc9d082b7bcdec844f667da086", 0x82, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000180)='nv\x00', 0x1ff) shutdown(r2, 0x1) [ 182.475600][ T7825] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 182.483554][ T7825] RDX: 0136a88c8311572c RSI: 0000000020007e00 RDI: 0000000000000004 [ 182.491511][ T7825] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 182.499464][ T7825] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3e1d9ff6d4 [ 182.507505][ T7825] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 182.542392][ T7825] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7825 [ 182.552114][ T7825] caller is ip6_finish_output+0x335/0xdc0 [ 182.558055][ T7825] CPU: 1 PID: 7825 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 182.567152][ T7825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 182.577204][ T7825] Call Trace: [ 182.580497][ T7825] dump_stack+0x172/0x1f0 [ 182.584835][ T7825] __this_cpu_preempt_check+0x246/0x270 [ 182.590381][ T7825] ip6_finish_output+0x335/0xdc0 [ 182.595326][ T7825] ip6_output+0x235/0x7f0 [ 182.599665][ T7825] ? ip6_finish_output+0xdc0/0xdc0 [ 182.604796][ T7825] ? ip6_fragment+0x3980/0x3980 [ 182.609658][ T7825] ip6_local_out+0xc4/0x1b0 [ 182.614164][ T7825] ip6_send_skb+0xbb/0x350 [ 182.618601][ T7825] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 182.624071][ T7825] udpv6_sendmsg+0x21e3/0x28d0 [ 182.629004][ T7825] ? find_held_lock+0x35/0x130 [ 182.633772][ T7825] ? ip_reply_glue_bits+0xc0/0xc0 [ 182.638806][ T7825] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 182.645499][ T7825] ? aa_profile_af_perm+0x320/0x320 [ 182.652014][ T7825] ? lockdep_hardirqs_on+0x418/0x5d0 [ 182.657473][ T7825] ? retint_kernel+0x2d/0x2d [ 182.662064][ T7825] ? trace_hardirqs_on_caller+0x6a/0x220 [ 182.667704][ T7825] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 182.673199][ T7825] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 182.678750][ T7825] inet_sendmsg+0x147/0x5e0 [ 182.683252][ T7825] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 182.689235][ T7825] ? inet_sendmsg+0x147/0x5e0 [ 182.693913][ T7825] ? ipip_gro_receive+0x100/0x100 [ 182.698938][ T7825] sock_sendmsg+0xdd/0x130 [ 182.703358][ T7825] ___sys_sendmsg+0x3e2/0x930 [ 182.708043][ T7825] ? copy_msghdr_from_user+0x430/0x430 [ 182.713508][ T7825] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 182.718969][ T7825] ? lockdep_hardirqs_on+0x418/0x5d0 [ 182.724252][ T7825] ? retint_kernel+0x2d/0x2d [ 182.728845][ T7825] ? trace_hardirqs_on_caller+0x6a/0x220 [ 182.734480][ T7825] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 182.739954][ T7825] ? retint_kernel+0x2d/0x2d [ 182.744562][ T7825] ? lock_is_held_type+0xa4/0x320 [ 182.749595][ T7825] ? ___might_sleep+0x163/0x280 [ 182.754712][ T7825] __sys_sendmmsg+0x1bf/0x4d0 [ 182.759394][ T7825] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 182.764426][ T7825] ? _copy_to_user+0xc9/0x120 [ 182.769121][ T7825] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 182.770667][ T7849] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7849 [ 182.775363][ T7825] ? put_timespec64+0xda/0x140 [ 182.775376][ T7825] ? nsecs_to_jiffies+0x30/0x30 [ 182.775400][ T7825] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 182.775418][ T7825] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 182.784830][ T7849] caller is ip6_finish_output+0x335/0xdc0 [ 182.789436][ T7825] ? do_syscall_64+0x26/0x610 [ 182.789450][ T7825] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 182.789463][ T7825] ? do_syscall_64+0x26/0x610 [ 182.789481][ T7825] __x64_sys_sendmmsg+0x9d/0x100 [ 182.789500][ T7825] do_syscall_64+0x103/0x610 [ 182.789515][ T7825] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 182.789531][ T7825] RIP: 0033:0x4582b9 [ 182.845536][ T7825] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 182.865146][ T7825] RSP: 002b:00007f3e1d9fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 182.873558][ T7825] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 182.882038][ T7825] RDX: 0136a88c8311572c RSI: 0000000020007e00 RDI: 0000000000000004 [ 182.890025][ T7825] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 182.897994][ T7825] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3e1d9ff6d4 [ 182.905959][ T7825] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 182.914159][ T7849] CPU: 0 PID: 7849 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 182.920514][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 182.924751][ T7849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 182.924757][ T7849] Call Trace: 09:19:47 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$can_raw(0xffffffffffffffff, &(0x7f0000000200), 0x10) sendmmsg$unix(0xffffffffffffffff, &(0x7f000000a000)=[{&(0x7f000000a000)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0xfffffffffffffe8a}], 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000002740)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000240)={0x7, 0x0, 0x9, 0x8, 0x8000}) sendmmsg(r1, &(0x7f0000007e00), 0x136a88c8311572c, 0x0) setsockopt$inet6_udp_int(r1, 0x11, 0x67, &(0x7f0000000400)=0x4, 0x4) syz_open_pts(0xffffffffffffff9c, 0x40000) 09:19:47 executing program 4: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = accept(0xffffffffffffff9c, &(0x7f0000000000)=@vsock={0x28, 0x0, 0x0, @my}, &(0x7f0000000080)=0x80) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000000c0)={{{@in6=@dev, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@empty}}, &(0x7f0000000280)=0x90) bind$can_raw(r1, &(0x7f0000000200)={0x1d, r2}, 0x10) sendmmsg$unix(0xffffffffffffffff, &(0x7f000000a000)=[{&(0x7f000000a000)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0xfffffffffffffe8a}], 0x0, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000002740)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000240)={0x7, 0x3, 0x9, 0x8, 0x8000}) sendmmsg(r3, &(0x7f0000007e00), 0x136a88c8311572c, 0x0) setsockopt$inet6_udp_int(r3, 0x11, 0x67, &(0x7f0000000400)=0x4, 0x4) r4 = syz_open_pts(0xffffffffffffff9c, 0x40000) ioctl$KDGKBDIACR(r4, 0x4b4a, &(0x7f00000001c0)=""/14) [ 182.924779][ T7849] dump_stack+0x172/0x1f0 [ 182.924802][ T7849] __this_cpu_preempt_check+0x246/0x270 [ 182.930762][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 182.940539][ T7849] ip6_finish_output+0x335/0xdc0 [ 182.940562][ T7849] ip6_output+0x235/0x7f0 [ 182.940580][ T7849] ? ip6_finish_output+0xdc0/0xdc0 [ 182.940599][ T7849] ? ip6_fragment+0x3980/0x3980 [ 182.979747][ T7849] ? ip_reply_glue_bits+0xc0/0xc0 [ 182.984777][ T7849] ip6_local_out+0xc4/0x1b0 [ 182.989285][ T7849] ip6_send_skb+0xbb/0x350 [ 182.993711][ T7849] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 182.999186][ T7849] ? __sanitizer_cov_trace_cmp8+0x10/0x20 [ 183.004917][ T7849] udpv6_sendmsg+0x21e3/0x28d0 [ 183.009688][ T7849] ? ip_reply_glue_bits+0xc0/0xc0 [ 183.011562][ T7851] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/7851 [ 183.014717][ T7849] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 183.014739][ T7849] ? aa_profile_af_perm+0x320/0x320 [ 183.014759][ T7849] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.024071][ T7851] caller is ip6_finish_output+0x335/0xdc0 [ 183.029991][ T7849] ? retint_kernel+0x2d/0x2d [ 183.030040][ T7849] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 183.056449][ T7849] inet_sendmsg+0x147/0x5e0 [ 183.060949][ T7849] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 183.066915][ T7849] ? inet_sendmsg+0x147/0x5e0 [ 183.071588][ T7849] ? ipip_gro_receive+0x100/0x100 [ 183.076606][ T7849] sock_sendmsg+0xdd/0x130 [ 183.081020][ T7849] ___sys_sendmsg+0x3e2/0x930 [ 183.085695][ T7849] ? copy_msghdr_from_user+0x430/0x430 [ 183.091148][ T7849] ? lock_downgrade+0x880/0x880 [ 183.096004][ T7849] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 183.102246][ T7849] ? kasan_check_read+0x11/0x20 [ 183.107092][ T7849] ? __fget+0x381/0x550 [ 183.111245][ T7849] ? ksys_dup3+0x3e0/0x3e0 [ 183.115659][ T7849] ? trace_hardirqs_on_caller+0x6a/0x220 [ 183.121288][ T7849] ? __fget_light+0x1a9/0x230 [ 183.125958][ T7849] ? __fdget+0x1b/0x20 [ 183.130018][ T7849] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 183.136251][ T7849] ? sockfd_lookup_light+0xcb/0x180 [ 183.141460][ T7849] __sys_sendmmsg+0x1bf/0x4d0 [ 183.146133][ T7849] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 183.151183][ T7849] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.156638][ T7849] ? lockdep_hardirqs_on+0x418/0x5d0 [ 183.161917][ T7849] ? retint_kernel+0x2d/0x2d [ 183.166500][ T7849] ? trace_hardirqs_on_caller+0x6a/0x220 [ 183.172129][ T7849] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.177596][ T7849] ? retint_kernel+0x2d/0x2d [ 183.182191][ T7849] __x64_sys_sendmmsg+0x9d/0x100 [ 183.187123][ T7849] ? do_syscall_64+0xfe/0x610 [ 183.191799][ T7849] do_syscall_64+0x103/0x610 [ 183.196385][ T7849] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.202271][ T7849] RIP: 0033:0x4582b9 [ 183.206173][ T7849] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 183.225768][ T7849] RSP: 002b:00007f737c93bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 183.234178][ T7849] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 183.242249][ T7849] RDX: 0136a88c8311572c RSI: 0000000020007e00 RDI: 0000000000000004 [ 183.250214][ T7849] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 183.258182][ T7849] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f737c93c6d4 [ 183.266153][ T7849] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 183.274156][ T7851] CPU: 1 PID: 7851 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 183.283183][ T7851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 183.293223][ T7851] Call Trace: [ 183.293242][ T7851] dump_stack+0x172/0x1f0 [ 183.293263][ T7851] __this_cpu_preempt_check+0x246/0x270 [ 183.293282][ T7851] ip6_finish_output+0x335/0xdc0 [ 183.293302][ T7851] ip6_output+0x235/0x7f0 [ 183.315702][ T7851] ? ip6_finish_output+0xdc0/0xdc0 [ 183.320829][ T7851] ? ip6_fragment+0x3980/0x3980 [ 183.325681][ T7851] ? retint_kernel+0x2d/0x2d [ 183.330287][ T7851] ip6_local_out+0xc4/0x1b0 [ 183.334813][ T7851] ip6_send_skb+0xbb/0x350 [ 183.339240][ T7851] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 183.344703][ T7851] udpv6_sendmsg+0x21e3/0x28d0 [ 183.349470][ T7851] ? ip_reply_glue_bits+0xc0/0xc0 [ 183.354515][ T7851] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 183.360507][ T7851] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.365960][ T7851] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.371415][ T7851] ? lockdep_hardirqs_on+0x418/0x5d0 [ 183.376718][ T7851] ? retint_kernel+0x2d/0x2d [ 183.381304][ T7851] ? trace_hardirqs_on_caller+0x6a/0x220 [ 183.386936][ T7851] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.392410][ T7851] ? retint_kernel+0x2d/0x2d [ 183.397019][ T7851] ? trace_hardirqs_on_caller+0x6a/0x220 [ 183.402653][ T7851] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.408301][ T7851] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 183.408320][ T7851] inet_sendmsg+0x147/0x5e0 [ 183.408334][ T7851] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 183.408343][ T7851] ? inet_sendmsg+0x147/0x5e0 [ 183.408353][ T7851] ? ipip_gro_receive+0x100/0x100 [ 183.408374][ T7851] sock_sendmsg+0xdd/0x130 [ 183.438947][ T7851] ___sys_sendmsg+0x3e2/0x930 [ 183.443639][ T7851] ? copy_msghdr_from_user+0x430/0x430 [ 183.449142][ T7851] ? __fget+0x381/0x550 [ 183.453300][ T7851] ? ksys_dup3+0x3e0/0x3e0 [ 183.457705][ T7851] ? __fget_light+0x1a9/0x230 [ 183.462364][ T7851] ? __fdget+0x1b/0x20 [ 183.466413][ T7851] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 183.472638][ T7851] ? sockfd_lookup_light+0xcb/0x180 [ 183.477821][ T7851] __sys_sendmmsg+0x1bf/0x4d0 [ 183.482481][ T7851] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 183.487495][ T7851] ? _copy_to_user+0xc9/0x120 [ 183.492161][ T7851] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 183.498498][ T7851] ? put_timespec64+0xda/0x140 [ 183.503245][ T7851] ? nsecs_to_jiffies+0x30/0x30 [ 183.508870][ T7851] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.514308][ T7851] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.519746][ T7851] ? do_syscall_64+0x26/0x610 [ 183.524406][ T7851] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.530464][ T7851] ? do_syscall_64+0x26/0x610 [ 183.535130][ T7851] __x64_sys_sendmmsg+0x9d/0x100 [ 183.540051][ T7851] do_syscall_64+0x103/0x610 [ 183.544628][ T7851] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.550504][ T7851] RIP: 0033:0x4582b9 [ 183.554380][ T7851] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 183.573963][ T7851] RSP: 002b:00007fe2a19bcc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 183.582351][ T7851] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 09:19:47 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000500)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="2c80"]) read$FUSE(r0, &(0x7f0000002740), 0x82) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) set_mempolicy(0x8003, &(0x7f0000000080)=0x5, 0x6) prctl$PR_SET_THP_DISABLE(0x29, 0x10000000000001) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$netlink(0x10, 0x3, 0x1) mincore(&(0x7f0000ffe000/0x2000)=nil, 0x2000, &(0x7f0000000540)=""/229) creat(&(0x7f0000000000)='./file0\x00', 0x100) [ 183.590386][ T7851] RDX: 0136a88c8311572c RSI: 0000000020007e00 RDI: 0000000000000004 [ 183.598347][ T7851] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 183.606300][ T7851] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe2a19bd6d4 [ 183.614254][ T7851] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 183.623010][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 183.629570][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 183.636201][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 183.642941][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 183.656762][ T7834] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7834 [ 183.666355][ T7834] caller is ip6_finish_output+0x335/0xdc0 [ 183.672337][ T7834] CPU: 0 PID: 7834 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 183.681354][ T7834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 183.691401][ T7834] Call Trace: [ 183.694785][ T7834] dump_stack+0x172/0x1f0 [ 183.699136][ T7834] __this_cpu_preempt_check+0x246/0x270 [ 183.704695][ T7834] ip6_finish_output+0x335/0xdc0 [ 183.707176][ T7851] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/7851 [ 183.709637][ T7834] ? rcu_read_unlock_special+0xf3/0x210 [ 183.709659][ T7834] ip6_output+0x235/0x7f0 [ 183.709680][ T7834] ? ip6_finish_output+0xdc0/0xdc0 [ 183.709697][ T7834] ? trace_hardirqs_on_caller+0x6a/0x220 [ 183.709720][ T7834] ? ip6_fragment+0x3980/0x3980 [ 183.719812][ T7851] caller is sk_mc_loop+0x1d/0x210 [ 183.725309][ T7834] ip6_local_out+0xc4/0x1b0 [ 183.725334][ T7834] ip6_send_skb+0xbb/0x350 [ 183.759045][ T7834] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 183.764501][ T7834] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 183.770740][ T7834] udpv6_sendmsg+0x21e3/0x28d0 [ 183.775500][ T7834] ? ip_reply_glue_bits+0xc0/0xc0 [ 183.780525][ T7834] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 183.786506][ T7834] ? aa_profile_af_perm+0x320/0x320 [ 183.791719][ T7834] ? retint_kernel+0x2d/0x2d [ 183.796301][ T7834] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 183.802537][ T7834] ? rw_copy_check_uvector+0x2a6/0x330 [ 183.808023][ T7834] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 183.813564][ T7834] inet_sendmsg+0x147/0x5e0 [ 183.818154][ T7834] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 183.824138][ T7834] ? inet_sendmsg+0x147/0x5e0 [ 183.828826][ T7834] ? ipip_gro_receive+0x100/0x100 [ 183.833847][ T7834] sock_sendmsg+0xdd/0x130 [ 183.838264][ T7834] ___sys_sendmsg+0x3e2/0x930 [ 183.842940][ T7834] ? copy_msghdr_from_user+0x430/0x430 [ 183.848409][ T7834] ? lock_downgrade+0x880/0x880 [ 183.853252][ T7834] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 183.859509][ T7834] ? kasan_check_read+0x11/0x20 [ 183.864361][ T7834] ? __fget+0x381/0x550 [ 183.868601][ T7834] ? ksys_dup3+0x3e0/0x3e0 [ 183.873020][ T7834] ? __fget_light+0x1a9/0x230 [ 183.877690][ T7834] ? __fdget+0x1b/0x20 [ 183.882373][ T7834] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 183.888610][ T7834] ? sockfd_lookup_light+0xcb/0x180 [ 183.893812][ T7834] __sys_sendmmsg+0x1bf/0x4d0 [ 183.898490][ T7834] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 183.903521][ T7834] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.908973][ T7834] ? lockdep_hardirqs_on+0x418/0x5d0 [ 183.914253][ T7834] ? retint_kernel+0x2d/0x2d [ 183.918839][ T7834] ? trace_hardirqs_on_caller+0x6a/0x220 [ 183.924474][ T7834] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.929933][ T7834] ? retint_kernel+0x2d/0x2d [ 183.934525][ T7834] __x64_sys_sendmmsg+0x9d/0x100 [ 183.939543][ T7834] ? do_syscall_64+0x5b/0x610 [ 183.944224][ T7834] do_syscall_64+0x103/0x610 [ 183.948898][ T7834] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.954781][ T7834] RIP: 0033:0x4582b9 [ 183.958670][ T7834] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 183.978265][ T7834] RSP: 002b:00007f3e1d9ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 183.986667][ T7834] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 183.994631][ T7834] RDX: 0136a88c8311572c RSI: 0000000020007e00 RDI: 0000000000000006 [ 184.002595][ T7834] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 184.010560][ T7834] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3e1d9de6d4 [ 184.018523][ T7834] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 184.026520][ T7851] CPU: 1 PID: 7851 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 184.035548][ T7851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 184.045616][ T7851] Call Trace: [ 184.048917][ T7851] dump_stack+0x172/0x1f0 [ 184.053269][ T7851] __this_cpu_preempt_check+0x246/0x270 [ 184.058828][ T7851] sk_mc_loop+0x1d/0x210 [ 184.063085][ T7851] ip6_finish_output2+0x17a5/0x2550 [ 184.068296][ T7851] ? find_held_lock+0x35/0x130 [ 184.073060][ T7851] ? ip6_mtu+0x2e6/0x460 [ 184.077300][ T7851] ? ip6_forward_finish+0x580/0x580 [ 184.082483][ T7851] ? lock_downgrade+0x880/0x880 [ 184.087321][ T7851] ? rcu_read_unlock_special+0xf3/0x210 [ 184.092877][ T7851] ip6_finish_output+0x614/0xdc0 [ 184.097799][ T7851] ? ip6_finish_output+0x614/0xdc0 [ 184.102899][ T7851] ip6_output+0x235/0x7f0 [ 184.107214][ T7851] ? ip6_finish_output+0xdc0/0xdc0 [ 184.112312][ T7851] ? ip6_fragment+0x3980/0x3980 [ 184.117145][ T7851] ? retint_kernel+0x2d/0x2d [ 184.121723][ T7851] ip6_local_out+0xc4/0x1b0 [ 184.126212][ T7851] ip6_send_skb+0xbb/0x350 [ 184.130617][ T7851] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 184.136064][ T7851] udpv6_sendmsg+0x21e3/0x28d0 [ 184.140820][ T7851] ? ip_reply_glue_bits+0xc0/0xc0 [ 184.145831][ T7851] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 184.151798][ T7851] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.157238][ T7851] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.162684][ T7851] ? lockdep_hardirqs_on+0x418/0x5d0 [ 184.167955][ T7851] ? retint_kernel+0x2d/0x2d [ 184.172551][ T7851] ? trace_hardirqs_on_caller+0x6a/0x220 [ 184.178174][ T7851] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.183622][ T7851] ? retint_kernel+0x2d/0x2d [ 184.188196][ T7851] ? trace_hardirqs_on_caller+0x6a/0x220 [ 184.193813][ T7851] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.199284][ T7851] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 184.205247][ T7851] inet_sendmsg+0x147/0x5e0 [ 184.209734][ T7851] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 184.215695][ T7851] ? inet_sendmsg+0x147/0x5e0 [ 184.220354][ T7851] ? ipip_gro_receive+0x100/0x100 [ 184.225361][ T7851] sock_sendmsg+0xdd/0x130 [ 184.229766][ T7851] ___sys_sendmsg+0x3e2/0x930 [ 184.234431][ T7851] ? copy_msghdr_from_user+0x430/0x430 [ 184.239883][ T7851] ? __fget+0x381/0x550 [ 184.244024][ T7851] ? ksys_dup3+0x3e0/0x3e0 [ 184.248516][ T7851] ? __fget_light+0x1a9/0x230 [ 184.253179][ T7851] ? __fdget+0x1b/0x20 [ 184.257233][ T7851] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 184.263460][ T7851] ? sockfd_lookup_light+0xcb/0x180 [ 184.268657][ T7851] __sys_sendmmsg+0x1bf/0x4d0 [ 184.273319][ T7851] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 184.278339][ T7851] ? _copy_to_user+0xc9/0x120 [ 184.283002][ T7851] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 184.289225][ T7851] ? put_timespec64+0xda/0x140 [ 184.293986][ T7851] ? nsecs_to_jiffies+0x30/0x30 [ 184.298853][ T7851] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.304656][ T7851] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.310103][ T7851] ? do_syscall_64+0x26/0x610 [ 184.314766][ T7851] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 184.320814][ T7851] ? do_syscall_64+0x26/0x610 [ 184.325474][ T7851] __x64_sys_sendmmsg+0x9d/0x100 [ 184.330396][ T7851] do_syscall_64+0x103/0x610 [ 184.334976][ T7851] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 184.340848][ T7851] RIP: 0033:0x4582b9 [ 184.344729][ T7851] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 184.364319][ T7851] RSP: 002b:00007fe2a19bcc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 184.372714][ T7851] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 184.380668][ T7851] RDX: 0136a88c8311572c RSI: 0000000020007e00 RDI: 0000000000000004 [ 184.388633][ T7851] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 184.396594][ T7851] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe2a19bd6d4 [ 184.404637][ T7851] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 184.422832][ T7849] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7849 [ 184.432202][ T7849] caller is sk_mc_loop+0x1d/0x210 [ 184.437236][ T7849] CPU: 1 PID: 7849 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 184.437585][ T7825] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7825 [ 184.446334][ T7849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 184.446339][ T7849] Call Trace: [ 184.446360][ T7849] dump_stack+0x172/0x1f0 [ 184.446382][ T7849] __this_cpu_preempt_check+0x246/0x270 [ 184.446400][ T7849] sk_mc_loop+0x1d/0x210 [ 184.446419][ T7849] ip6_finish_output2+0x17a5/0x2550 [ 184.446432][ T7849] ? find_held_lock+0x35/0x130 [ 184.446447][ T7849] ? ip6_mtu+0x2e6/0x460 [ 184.446464][ T7849] ? ip6_forward_finish+0x580/0x580 [ 184.446484][ T7849] ? lock_downgrade+0x880/0x880 [ 184.455820][ T7825] caller is sk_mc_loop+0x1d/0x210 [ 184.465800][ T7849] ? rcu_read_unlock_special+0xf3/0x210 [ 184.465824][ T7849] ip6_finish_output+0x614/0xdc0 [ 184.465838][ T7849] ? ip6_finish_output+0x614/0xdc0 [ 184.465858][ T7849] ip6_output+0x235/0x7f0 [ 184.532303][ T7849] ? ip6_finish_output+0xdc0/0xdc0 [ 184.537413][ T7849] ? ip6_fragment+0x3980/0x3980 [ 184.542274][ T7849] ? ip_reply_glue_bits+0xc0/0xc0 [ 184.547312][ T7849] ip6_local_out+0xc4/0x1b0 [ 184.551812][ T7849] ip6_send_skb+0xbb/0x350 [ 184.556241][ T7849] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 184.561689][ T7849] ? __sanitizer_cov_trace_cmp8+0x10/0x20 [ 184.567410][ T7849] udpv6_sendmsg+0x21e3/0x28d0 [ 184.572170][ T7849] ? ip_reply_glue_bits+0xc0/0xc0 [ 184.577196][ T7849] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 184.583176][ T7849] ? aa_profile_af_perm+0x320/0x320 [ 184.588370][ T7849] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.593826][ T7849] ? retint_kernel+0x2d/0x2d [ 184.598442][ T7849] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 184.603985][ T7849] inet_sendmsg+0x147/0x5e0 [ 184.608482][ T7849] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 184.614448][ T7849] ? inet_sendmsg+0x147/0x5e0 [ 184.619115][ T7849] ? ipip_gro_receive+0x100/0x100 [ 184.624133][ T7849] sock_sendmsg+0xdd/0x130 [ 184.628544][ T7849] ___sys_sendmsg+0x3e2/0x930 [ 184.633221][ T7849] ? copy_msghdr_from_user+0x430/0x430 [ 184.638677][ T7849] ? lock_downgrade+0x880/0x880 [ 184.643517][ T7849] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 184.649750][ T7849] ? kasan_check_read+0x11/0x20 [ 184.654598][ T7849] ? __fget+0x381/0x550 [ 184.658754][ T7849] ? ksys_dup3+0x3e0/0x3e0 [ 184.663164][ T7849] ? trace_hardirqs_on_caller+0x6a/0x220 [ 184.668798][ T7849] ? __fget_light+0x1a9/0x230 [ 184.673468][ T7849] ? __fdget+0x1b/0x20 [ 184.677530][ T7849] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 184.683762][ T7849] ? sockfd_lookup_light+0xcb/0x180 [ 184.688959][ T7849] __sys_sendmmsg+0x1bf/0x4d0 [ 184.693630][ T7849] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 184.698657][ T7849] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.704111][ T7849] ? lockdep_hardirqs_on+0x418/0x5d0 [ 184.709387][ T7849] ? retint_kernel+0x2d/0x2d [ 184.713970][ T7849] ? trace_hardirqs_on_caller+0x6a/0x220 [ 184.719605][ T7849] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.725068][ T7849] ? retint_kernel+0x2d/0x2d [ 184.729655][ T7849] __x64_sys_sendmmsg+0x9d/0x100 [ 184.734591][ T7849] ? do_syscall_64+0xfe/0x610 [ 184.739261][ T7849] do_syscall_64+0x103/0x610 [ 184.743846][ T7849] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 184.749724][ T7849] RIP: 0033:0x4582b9 [ 184.753611][ T7849] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 184.773223][ T7849] RSP: 002b:00007f737c93bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 184.781711][ T7849] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 184.789677][ T7849] RDX: 0136a88c8311572c RSI: 0000000020007e00 RDI: 0000000000000004 [ 184.797637][ T7849] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 184.805606][ T7849] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f737c93c6d4 [ 184.813575][ T7849] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 184.821591][ T7825] CPU: 0 PID: 7825 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 184.830619][ T7825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 184.840692][ T7825] Call Trace: [ 184.843970][ T7825] dump_stack+0x172/0x1f0 [ 184.848288][ T7825] __this_cpu_preempt_check+0x246/0x270 [ 184.853818][ T7825] sk_mc_loop+0x1d/0x210 [ 184.858059][ T7825] ip6_finish_output2+0x17a5/0x2550 [ 184.863247][ T7825] ? find_held_lock+0x35/0x130 [ 184.867995][ T7825] ? ip6_mtu+0x2e6/0x460 [ 184.872224][ T7825] ? ip6_forward_finish+0x580/0x580 [ 184.877406][ T7825] ? lock_downgrade+0x880/0x880 [ 184.882244][ T7825] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 184.888469][ T7825] ? kasan_check_read+0x11/0x20 [ 184.893306][ T7825] ip6_finish_output+0x614/0xdc0 [ 184.898226][ T7825] ? ip6_finish_output+0x614/0xdc0 [ 184.903323][ T7825] ip6_output+0x235/0x7f0 [ 184.907641][ T7825] ? ip6_finish_output+0xdc0/0xdc0 [ 184.912743][ T7825] ? ip6_fragment+0x3980/0x3980 [ 184.917581][ T7825] ip6_local_out+0xc4/0x1b0 [ 184.922085][ T7825] ip6_send_skb+0xbb/0x350 [ 184.926485][ T7825] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 184.931931][ T7825] udpv6_sendmsg+0x21e3/0x28d0 [ 184.936674][ T7825] ? find_held_lock+0x35/0x130 [ 184.941418][ T7825] ? ip_reply_glue_bits+0xc0/0xc0 [ 184.946431][ T7825] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 184.952400][ T7825] ? aa_profile_af_perm+0x320/0x320 [ 184.957579][ T7825] ? lockdep_hardirqs_on+0x418/0x5d0 [ 184.962844][ T7825] ? retint_kernel+0x2d/0x2d [ 184.967418][ T7825] ? trace_hardirqs_on_caller+0x6a/0x220 [ 184.973050][ T7825] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.978528][ T7825] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 184.984069][ T7825] inet_sendmsg+0x147/0x5e0 [ 184.988563][ T7825] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 184.994540][ T7825] ? inet_sendmsg+0x147/0x5e0 [ 184.999199][ T7825] ? ipip_gro_receive+0x100/0x100 [ 185.004216][ T7825] sock_sendmsg+0xdd/0x130 [ 185.008616][ T7825] ___sys_sendmsg+0x3e2/0x930 [ 185.013282][ T7825] ? copy_msghdr_from_user+0x430/0x430 [ 185.018725][ T7825] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.024183][ T7825] ? lockdep_hardirqs_on+0x418/0x5d0 [ 185.029451][ T7825] ? retint_kernel+0x2d/0x2d [ 185.034031][ T7825] ? trace_hardirqs_on_caller+0x6a/0x220 [ 185.040606][ T7825] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.051307][ T7825] ? retint_kernel+0x2d/0x2d [ 185.055887][ T7825] ? lock_is_held_type+0xa4/0x320 [ 185.060901][ T7825] ? ___might_sleep+0x163/0x280 [ 185.065742][ T7825] __sys_sendmmsg+0x1bf/0x4d0 [ 185.070404][ T7825] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 185.075421][ T7825] ? _copy_to_user+0xc9/0x120 [ 185.080085][ T7825] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 185.086321][ T7825] ? put_timespec64+0xda/0x140 [ 185.091067][ T7825] ? nsecs_to_jiffies+0x30/0x30 [ 185.095992][ T7825] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.101441][ T7825] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.106882][ T7825] ? do_syscall_64+0x26/0x610 [ 185.111541][ T7825] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.117589][ T7825] ? do_syscall_64+0x26/0x610 [ 185.122249][ T7825] __x64_sys_sendmmsg+0x9d/0x100 [ 185.127179][ T7825] do_syscall_64+0x103/0x610 [ 185.131759][ T7825] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.137634][ T7825] RIP: 0033:0x4582b9 [ 185.141512][ T7825] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 185.161102][ T7825] RSP: 002b:00007f3e1d9fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 185.169516][ T7825] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 185.177471][ T7825] RDX: 0136a88c8311572c RSI: 0000000020007e00 RDI: 0000000000000004 [ 185.185424][ T7825] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 185.193379][ T7825] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3e1d9ff6d4 [ 185.201333][ T7825] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 185.209359][ T7834] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7834 [ 185.218900][ T7834] caller is sk_mc_loop+0x1d/0x210 [ 185.223939][ T7834] CPU: 1 PID: 7834 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 185.227390][ T7825] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7825 [ 185.232948][ T7834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 185.232954][ T7834] Call Trace: [ 185.232976][ T7834] dump_stack+0x172/0x1f0 [ 185.232998][ T7834] __this_cpu_preempt_check+0x246/0x270 [ 185.233023][ T7834] sk_mc_loop+0x1d/0x210 [ 185.233042][ T7834] ip6_finish_output2+0x17a5/0x2550 [ 185.233057][ T7834] ? find_held_lock+0x35/0x130 [ 185.233072][ T7834] ? ip6_mtu+0x2e6/0x460 [ 185.233090][ T7834] ? ip6_forward_finish+0x580/0x580 [ 185.233103][ T7834] ? lock_downgrade+0x880/0x880 [ 185.233122][ T7834] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.242441][ T7825] caller is ip6_finish_output+0x335/0xdc0 [ 185.252451][ T7834] ? kasan_check_read+0x11/0x20 [ 185.252473][ T7834] ip6_finish_output+0x614/0xdc0 [ 185.252487][ T7834] ? ip6_finish_output+0x614/0xdc0 [ 185.252511][ T7834] ip6_output+0x235/0x7f0 [ 185.325216][ T7834] ? ip6_finish_output+0xdc0/0xdc0 [ 185.330338][ T7834] ? trace_hardirqs_on_caller+0x6a/0x220 [ 185.335962][ T7834] ? ip6_fragment+0x3980/0x3980 [ 185.340814][ T7834] ip6_local_out+0xc4/0x1b0 [ 185.345317][ T7834] ip6_send_skb+0xbb/0x350 [ 185.349748][ T7834] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 185.355460][ T7834] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.361706][ T7834] udpv6_sendmsg+0x21e3/0x28d0 [ 185.366466][ T7834] ? ip_reply_glue_bits+0xc0/0xc0 [ 185.371492][ T7834] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 185.377493][ T7834] ? aa_profile_af_perm+0x320/0x320 [ 185.382700][ T7834] ? retint_kernel+0x2d/0x2d [ 185.387283][ T7834] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 185.393527][ T7834] ? rw_copy_check_uvector+0x2a6/0x330 [ 185.399014][ T7834] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 185.404554][ T7834] inet_sendmsg+0x147/0x5e0 [ 185.409051][ T7834] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 185.415024][ T7834] ? inet_sendmsg+0x147/0x5e0 [ 185.419698][ T7834] ? ipip_gro_receive+0x100/0x100 [ 185.424716][ T7834] sock_sendmsg+0xdd/0x130 [ 185.429129][ T7834] ___sys_sendmsg+0x3e2/0x930 [ 185.433802][ T7834] ? copy_msghdr_from_user+0x430/0x430 [ 185.439257][ T7834] ? lock_downgrade+0x880/0x880 [ 185.444099][ T7834] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.450343][ T7834] ? kasan_check_read+0x11/0x20 [ 185.455188][ T7834] ? __fget+0x381/0x550 [ 185.459343][ T7834] ? ksys_dup3+0x3e0/0x3e0 [ 185.463759][ T7834] ? __fget_light+0x1a9/0x230 [ 185.468445][ T7834] ? __fdget+0x1b/0x20 [ 185.472504][ T7834] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 185.478742][ T7834] ? sockfd_lookup_light+0xcb/0x180 [ 185.483934][ T7834] __sys_sendmmsg+0x1bf/0x4d0 [ 185.488621][ T7834] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 185.493647][ T7834] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.499184][ T7834] ? lockdep_hardirqs_on+0x418/0x5d0 [ 185.504473][ T7834] ? retint_kernel+0x2d/0x2d [ 185.509056][ T7834] ? trace_hardirqs_on_caller+0x6a/0x220 [ 185.514685][ T7834] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.520139][ T7834] ? retint_kernel+0x2d/0x2d [ 185.524726][ T7834] __x64_sys_sendmmsg+0x9d/0x100 [ 185.529759][ T7834] ? do_syscall_64+0x5b/0x610 [ 185.534430][ T7834] do_syscall_64+0x103/0x610 [ 185.539020][ T7834] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.545082][ T7834] RIP: 0033:0x4582b9 [ 185.548968][ T7834] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 185.568570][ T7834] RSP: 002b:00007f3e1d9ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 185.576968][ T7834] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 185.584937][ T7834] RDX: 0136a88c8311572c RSI: 0000000020007e00 RDI: 0000000000000006 [ 185.592906][ T7834] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 185.600864][ T7834] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3e1d9de6d4 [ 185.608826][ T7834] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 185.616897][ T7825] CPU: 0 PID: 7825 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 185.625919][ T7825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 185.635975][ T7825] Call Trace: [ 185.638898][ T7826] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7826 [ 185.639287][ T7825] dump_stack+0x172/0x1f0 [ 185.639311][ T7825] __this_cpu_preempt_check+0x246/0x270 [ 185.648900][ T7826] caller is ip6_finish_output+0x335/0xdc0 [ 185.653160][ T7825] ip6_finish_output+0x335/0xdc0 [ 185.669296][ T7825] ip6_output+0x235/0x7f0 [ 185.673629][ T7825] ? ip6_finish_output+0xdc0/0xdc0 [ 185.678742][ T7825] ? ip6_fragment+0x3980/0x3980 [ 185.683593][ T7825] ? ip_reply_glue_bits+0xc0/0xc0 [ 185.688615][ T7825] ip6_local_out+0xc4/0x1b0 [ 185.693114][ T7825] ip6_send_skb+0xbb/0x350 [ 185.697527][ T7825] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 185.702976][ T7825] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.709227][ T7825] udpv6_sendmsg+0x21e3/0x28d0 [ 185.715512][ T7825] ? find_held_lock+0x35/0x130 [ 185.720277][ T7825] ? ip_reply_glue_bits+0xc0/0xc0 [ 185.725304][ T7825] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 185.731285][ T7825] ? aa_profile_af_perm+0x320/0x320 [ 185.736475][ T7825] ? __might_fault+0x12b/0x1e0 [ 185.741232][ T7825] ? find_held_lock+0x35/0x130 [ 185.745999][ T7825] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 185.752319][ T7825] ? rw_copy_check_uvector+0x2a6/0x330 [ 185.757815][ T7825] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 185.763357][ T7825] inet_sendmsg+0x147/0x5e0 [ 185.767855][ T7825] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 185.773826][ T7825] ? inet_sendmsg+0x147/0x5e0 [ 185.778496][ T7825] ? ipip_gro_receive+0x100/0x100 [ 185.783517][ T7825] sock_sendmsg+0xdd/0x130 [ 185.787929][ T7825] ___sys_sendmsg+0x3e2/0x930 [ 185.792605][ T7825] ? copy_msghdr_from_user+0x430/0x430 [ 185.798060][ T7825] ? __lock_acquire+0x548/0x3fb0 [ 185.803002][ T7825] ? retint_kernel+0x2d/0x2d [ 185.807587][ T7825] ? trace_hardirqs_on_caller+0x6a/0x220 [ 185.813221][ T7825] ? __might_fault+0x12b/0x1e0 [ 185.817994][ T7825] ? find_held_lock+0x35/0x130 [ 185.823557][ T7825] ? __might_fault+0x12b/0x1e0 [ 185.828321][ T7825] ? lock_downgrade+0x880/0x880 [ 185.833189][ T7825] ? ___might_sleep+0x163/0x280 [ 185.838034][ T7825] __sys_sendmmsg+0x1bf/0x4d0 [ 185.842706][ T7825] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 185.848565][ T7825] ? _copy_to_user+0xc9/0x120 [ 185.853261][ T7825] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 185.859494][ T7825] ? put_timespec64+0xda/0x140 [ 185.864252][ T7825] ? nsecs_to_jiffies+0x30/0x30 [ 185.869105][ T7825] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.874552][ T7825] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.880726][ T7825] ? do_syscall_64+0x26/0x610 [ 185.885486][ T7825] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.891544][ T7825] ? do_syscall_64+0x26/0x610 [ 185.896224][ T7825] __x64_sys_sendmmsg+0x9d/0x100 [ 185.901156][ T7825] do_syscall_64+0x103/0x610 [ 185.905740][ T7825] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.911619][ T7825] RIP: 0033:0x4582b9 [ 185.915514][ T7825] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 185.935107][ T7825] RSP: 002b:00007f3e1d9fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 185.943507][ T7825] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 185.951473][ T7825] RDX: 0136a88c8311572c RSI: 0000000020007e00 RDI: 0000000000000004 [ 185.959434][ T7825] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 185.967394][ T7825] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3e1d9ff6d4 [ 185.975354][ T7825] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 185.983340][ T7826] CPU: 1 PID: 7826 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 185.992366][ T7826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 186.002419][ T7826] Call Trace: [ 186.005718][ T7826] dump_stack+0x172/0x1f0 [ 186.010061][ T7826] __this_cpu_preempt_check+0x246/0x270 [ 186.015618][ T7826] ip6_finish_output+0x335/0xdc0 [ 186.020565][ T7826] ip6_output+0x235/0x7f0 [ 186.024904][ T7826] ? ip6_finish_output+0xdc0/0xdc0 [ 186.030024][ T7826] ? ip6_fragment+0x3980/0x3980 [ 186.034885][ T7826] ip6_xmit+0xe41/0x20c0 [ 186.039142][ T7826] ? ip6_finish_output2+0x2550/0x2550 [ 186.044516][ T7826] ? mark_held_locks+0xf0/0xf0 [ 186.049288][ T7826] ? ip6_setup_cork+0x1870/0x1870 [ 186.054419][ T7826] inet6_csk_xmit+0x2fb/0x5d0 [ 186.059101][ T7826] ? inet6_csk_update_pmtu+0x190/0x190 [ 186.064560][ T7826] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 186.070805][ T7826] ? csum_ipv6_magic+0x20/0x80 [ 186.075579][ T7826] __tcp_transmit_skb+0x1a32/0x3750 [ 186.080790][ T7826] ? __tcp_select_window+0x8b0/0x8b0 [ 186.086091][ T7826] ? lockdep_hardirqs_on+0x418/0x5d0 [ 186.091379][ T7826] ? trace_hardirqs_on+0x67/0x230 [ 186.096414][ T7826] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 186.102140][ T7826] tcp_write_xmit+0xe39/0x5660 [ 186.106916][ T7826] ? tcp_established_options+0x29d/0x4d0 [ 186.112585][ T7826] __tcp_push_pending_frames+0xb4/0x350 [ 186.118138][ T7826] tcp_send_fin+0x149/0xbb0 [ 186.122647][ T7826] tcp_close+0xddf/0x10c0 [ 186.127068][ T7826] ? ip_mc_drop_socket+0x211/0x270 [ 186.132188][ T7826] ? __sock_release+0x89/0x2b0 [ 186.136969][ T7826] inet_release+0x105/0x1f0 [ 186.141489][ T7826] inet6_release+0x53/0x80 [ 186.145908][ T7826] __sock_release+0xd3/0x2b0 [ 186.150504][ T7826] ? __sock_release+0x2b0/0x2b0 [ 186.155355][ T7826] sock_close+0x1b/0x30 [ 186.159509][ T7826] __fput+0x2e5/0x8d0 [ 186.163500][ T7826] ____fput+0x16/0x20 [ 186.167493][ T7826] task_work_run+0x14a/0x1c0 [ 186.172096][ T7826] do_exit+0x90a/0x2fa0 [ 186.176259][ T7826] ? get_signal+0x331/0x1d50 [ 186.180854][ T7826] ? mm_update_next_owner+0x640/0x640 [ 186.186233][ T7826] ? kasan_check_write+0x14/0x20 [ 186.191177][ T7826] ? _raw_spin_unlock_irq+0x28/0x90 [ 186.196374][ T7826] ? get_signal+0x331/0x1d50 [ 186.200977][ T7826] ? _raw_spin_unlock_irq+0x28/0x90 [ 186.206184][ T7826] do_group_exit+0x135/0x370 [ 186.210784][ T7826] get_signal+0x399/0x1d50 [ 186.215290][ T7826] ? fput_many+0x12c/0x1a0 [ 186.219713][ T7826] ? fput+0x1b/0x20 [ 186.223532][ T7826] do_signal+0x87/0x1940 [ 186.227970][ T7826] ? setup_sigcontext+0x7d0/0x7d0 [ 186.232999][ T7826] ? exit_to_usermode_loop+0x43/0x2c0 [ 186.238352][ T7826] ? do_syscall_64+0x52d/0x610 [ 186.243097][ T7826] ? exit_to_usermode_loop+0x43/0x2c0 [ 186.248459][ T7826] ? lockdep_hardirqs_on+0x418/0x5d0 [ 186.253742][ T7826] ? trace_hardirqs_on+0x67/0x230 [ 186.258752][ T7826] exit_to_usermode_loop+0x244/0x2c0 [ 186.264022][ T7826] do_syscall_64+0x52d/0x610 [ 186.268596][ T7826] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 186.274469][ T7826] RIP: 0033:0x4582b9 [ 186.278353][ T7826] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 186.297950][ T7826] RSP: 002b:00007f0fbdeb3c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 186.306352][ T7826] RAX: fffffffffffffe00 RBX: 0000000000000006 RCX: 00000000004582b9 [ 186.314308][ T7826] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 186.322260][ T7826] RBP: 000000000073bf00 R08: 000000002031e000 R09: 000000000000001c [ 186.330230][ T7826] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f0fbdeb46d4 [ 186.338180][ T7826] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff 09:19:51 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) shutdown(r1, 0x0) 09:19:51 executing program 4: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = accept(0xffffffffffffff9c, &(0x7f0000000000)=@vsock={0x28, 0x0, 0x0, @my}, &(0x7f0000000080)=0x80) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000000c0)={{{@in6=@dev, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@empty}}, &(0x7f0000000280)=0x90) bind$can_raw(r1, &(0x7f0000000200)={0x1d, r2}, 0x10) sendmmsg$unix(0xffffffffffffffff, &(0x7f000000a000)=[{&(0x7f000000a000)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0xfffffffffffffe8a}], 0x0, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000002740)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000240)={0x7, 0x3, 0x9, 0x8, 0x8000}) sendmmsg(r3, &(0x7f0000007e00), 0x136a88c8311572c, 0x0) setsockopt$inet6_udp_int(r3, 0x11, 0x67, &(0x7f0000000400)=0x4, 0x4) r4 = syz_open_pts(0xffffffffffffff9c, 0x40000) ioctl$KDGKBDIACR(r4, 0x4b4a, &(0x7f00000001c0)=""/14) 09:19:51 executing program 3: openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x4000) 09:19:51 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xf7c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) shutdown(r0, 0x1) 09:19:51 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-cast6-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000012c0)="0a0775b005e381e5b3b60ced5c54dbb7", 0x10) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000240)={'#! ', './file0'}, 0xb) recvmsg(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000001480)=""/4096, 0x1000}], 0x1}, 0x0) 09:19:51 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) unshare(0x60000000) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, 0x0, 0x0) getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, 0x0, &(0x7f0000000500)) syz_genetlink_get_family_id$team(0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff}) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xcd, &(0x7f0000000240)={{0xa, 0x4e21, 0x6, @ipv4={[], [], @multicast1}, 0x401}, {0xa, 0x4e23, 0xffffffff, @ipv4={[], [], @broadcast}, 0x1}, 0x44c00, [0xd505, 0x6, 0x1, 0x0, 0x0, 0x7]}, 0x5c) accept4$nfc_llcp(r1, &(0x7f00000001c0), &(0x7f0000000140)=0x60, 0x800) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000180)={'team0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000002fc0)={'nr0\x00', r2}) getsockopt$inet_sctp_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f0000000480)=ANY=[@ANYBLOB="0600000000040300080001002d000010e1d25d7fc35a786b753b44b2e5dbf1915f9a030d6bad5dc626c800905d"], 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB="00000000800072dd0a"], 0x1}}, 0x0) r3 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r3, 0x0, 0xca, &(0x7f0000000000)=0x10001, 0x10) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4e, 0x0, 0x0) r4 = syz_genetlink_get_family_id$SEG6(&(0x7f00000000c0)='SEG6\x00') sendmsg$SEG6_CMD_DUMPHMAC(r1, &(0x7f0000000440)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000003c0)={&(0x7f00000002c0)={0x24, r4, 0x402, 0x70bd2b, 0x25dfdbfd, {}, [@SEG6_ATTR_SECRETLEN={0x8, 0x5, 0x3}, @SEG6_ATTR_SECRETLEN={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x20008000) getsockopt$sock_int(r3, 0x1, 0x0, 0x0, &(0x7f0000000080)) 09:19:51 executing program 2: syz_emit_ethernet(0x3e, &(0x7f0000000200)={@broadcast, @random="f4e99d1b7f5f", [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @remote={0xac, 0x223}, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x4, 0x4, 0x0, 0x0, 0x0, 0x3, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x223}, @dev}}}}}}, 0x0) [ 186.890189][ T7904] IPVS: ftp: loaded support on port[0] = 21 09:19:51 executing program 2: r0 = memfd_create(&(0x7f0000000080)='\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00', 0x0) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x0) sched_setattr(0x0, &(0x7f00000002c0)={0x0, 0x2, 0x1, 0x0, 0x3, 0x0, 0x0, 0x340195f4}, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x0, 0x0}, 0x10) execveat(r0, 0x0, 0x0, 0x0, 0x0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x4000) ioctl$FIDEDUPERANGE(r2, 0xc0189436, &(0x7f0000000440)={0x0, 0x101, 0x1, 0x0, 0x0, [{0xffffffffffffffff, 0x0, 0x400}]}) 09:19:51 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xf7c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x2001002, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000240)='IPVS\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x588e, 0x0) mount$bpf(0x0, &(0x7f00000005c0)='./file0/file0\x00', &(0x7f0000000a40)='bpf\x00', 0x0, 0x0) umount2(&(0x7f0000000800)='./file0\x00', 0x0) 09:19:51 executing program 0: r0 = openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x80, 0x110) fadvise64(r0, 0xb, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r1 = accept$packet(0xffffffffffffffff, 0x0, &(0x7f0000000540)) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prctl$PR_SET_MM_MAP_SIZE(0x23, 0xf, &(0x7f0000000040)) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, 0x0, 0x0) socket$inet6(0xa, 0x1000000000002, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000200)={0x0, 0x0}) sched_getscheduler(r2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000d40)='/dev/fuse\x00', 0x2, 0x0) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000580)={{{@in6=@empty, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in=@multicast2}}, &(0x7f0000000140)=0xe8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f00000002c0)=0xc) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000001a80)={0x0, 0x0, &(0x7f0000001a40)={&(0x7f0000000540)=@newsa={0x140, 0x10, 0x801, 0x0, 0x0, {{@in, @in6=@mcast1}, {@in, 0x0, 0x6c}, @in=@broadcast, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @etimer_thresh={0x8}]}, 0x140}}, 0x0) ioctl$EVIOCSABS0(r0, 0x401845c0, &(0x7f0000000400)={0x7, 0x114, 0x7ff, 0x0, 0xeaa, 0xff}) getsockopt(r0, 0x40, 0x3, &(0x7f00000001c0)=""/30, &(0x7f0000000340)=0x1e) mount$fuse(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000240)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id'}}) write$FUSE_ATTR(r3, &(0x7f0000000440)={0x78, 0x0, 0x6, {0xffffffffffff85d3, 0x1, 0x0, {0x2, 0x80000000, 0x4, 0x4, 0x3f, 0x80, 0x4, 0x8, 0x5, 0x6, 0x3, r4, r6, 0x7fffffff000, 0x73}}}, 0x78) 09:19:51 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000006400)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000100)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0) socket$unix(0x1, 0x1, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0xa02122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000d80)='/proc/self/net/pfkey\x00', 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$VT_GETSTATE(r1, 0x5603, &(0x7f0000001100)={0x20007, 0x8, 0x8000000000008}) r2 = fcntl$dupfd(r1, 0x4, r1) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000280)={r2, 0x50, &(0x7f00000007c0)={0x0, 0x0}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000440)={0xffffffffffffffff, r2, 0x0, 0x1, &(0x7f0000000140)='\x00', r3}, 0x30) getresgid(&(0x7f00000006c0), &(0x7f0000000700), &(0x7f0000000740)) munlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000001300)=""/246) ioctl$EVIOCGREP(r0, 0x40047459, &(0x7f0000d1df52)=""/174) 09:19:51 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000500)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="2c80"]) read$FUSE(r0, &(0x7f0000002740), 0x82) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) set_mempolicy(0x8003, &(0x7f0000000080)=0x5, 0x6) prctl$PR_SET_THP_DISABLE(0x29, 0x10000000000001) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$netlink(0x10, 0x3, 0x1) mincore(&(0x7f0000ffe000/0x2000)=nil, 0x2000, &(0x7f0000000540)=""/229) creat(&(0x7f0000000000)='./file0\x00', 0x100)