[ 36.393656][ T26] audit: type=1800 audit(1554593013.785:27): pid=7572 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 36.419959][ T26] audit: type=1800 audit(1554593013.785:28): pid=7572 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 37.075584][ T26] audit: type=1800 audit(1554593014.535:29): pid=7572 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 37.095990][ T26] audit: type=1800 audit(1554593014.545:30): pid=7572 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.180' (ECDSA) to the list of known hosts. 2019/04/06 23:23:45 fuzzer started 2019/04/06 23:23:47 dialing manager at 10.128.0.26:34543 2019/04/06 23:23:47 syscalls: 2408 2019/04/06 23:23:47 code coverage: enabled 2019/04/06 23:23:47 comparison tracing: enabled 2019/04/06 23:23:47 extra coverage: extra coverage is not supported by the kernel 2019/04/06 23:23:47 setuid sandbox: enabled 2019/04/06 23:23:47 namespace sandbox: enabled 2019/04/06 23:23:47 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/06 23:23:47 fault injection: enabled 2019/04/06 23:23:47 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/06 23:23:47 net packet injection: enabled 2019/04/06 23:23:47 net device setup: enabled 23:25:49 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) poll(0x0, 0x0, 0x0) syzkaller login: [ 172.152617][ T7737] IPVS: ftp: loaded support on port[0] = 21 23:25:49 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r1, 0x6, 0x3, 0x0, 0x0) [ 172.252150][ T7737] chnl_net:caif_netlink_parms(): no params data found [ 172.320433][ T7737] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.338861][ T7737] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.346985][ T7737] device bridge_slave_0 entered promiscuous mode [ 172.371516][ T7737] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.378650][ T7737] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.399670][ T7737] device bridge_slave_1 entered promiscuous mode [ 172.430289][ T7737] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 172.445362][ T7740] IPVS: ftp: loaded support on port[0] = 21 [ 172.453238][ T7737] bond0: Enslaving bond_slave_1 as an active interface with an up link 23:25:50 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r0, r1) recvfrom$unix(r0, &(0x7f0000000180), 0x832f1f7e, 0x0, &(0x7f0000000140)=@abs, 0x20e94f86) [ 172.502752][ T7737] team0: Port device team_slave_0 added [ 172.522592][ T7737] team0: Port device team_slave_1 added [ 172.611618][ T7737] device hsr_slave_0 entered promiscuous mode [ 172.649141][ T7737] device hsr_slave_1 entered promiscuous mode [ 172.697166][ T7742] IPVS: ftp: loaded support on port[0] = 21 [ 172.733704][ T7737] bridge0: port 2(bridge_slave_1) entered blocking state 23:25:50 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'nr0\x01\x00\x00\xc3\x00', 0x40004005}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x337) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000680)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb96\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\x97\x80\xe9\xa1S\f\xc7?\xa6\x95I\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~\xff\xff\x00\x00#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xd5\x1b\xca\xa9\xc7[\xa2\xef\xacM\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b\x06!\x982\xeck+8Dk;\x95\xfe7q\x8e\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xb4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\x04R\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xafh_\x9c\x91\xc1q_|L\x11\x03\x94\xc0\t=\x17\x95P\xd6\xcdH\x1c8^ARL\x9b\x1f\xf6P\rSj\x95\xd9o\x03\xd4\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x13\x82Rk\x9cAz\xab\rT\xadLO\f\x17Y\x1dg\x10\xe3LL\x1fC\xfa\xd9\xb0\xfb\xb4\xf3[\xdf\xd0\xd6\x82\xf6~0\xb8\xf4\xb0X\xfew\xbdY\n\xd6\x105\x9c\xb7\xe5F\xc1:9\xb8\xc2\x85\b\xfd\x92\xb0k\x93\xd7\xc40J\xc2\xf0\x83\xb1\xcb\xd1K\xb9(\"9(~\xf4\xf4\x94`\xe8\xdb\x17\xf9\xcf#)T\xcdj^\xa61\x12\x91 \xd7\x92\xc0\xd0s\xa9\xe4\x18:\xb4(-$\xde`\x97\x8c\xe6\xcd\x8d\x99\x03\xe5u\x97\x14\xb0\xd6\xd0\xae\xcf\xd9\x1e\x1f\xd00=#\xa3\xd4v\xd8\xbdj\x10(\xb6\xf7\x15\xe1\x88\xfe\xe2\x86\xb72\xc4HC@T\xea\xb7XmW\xffk\xc4\x96M|\xf1\x1f\xfa$\xf8IW\xc4\xa9\xcc\x02(\'\x81}S\xe9\xa7\rJ\xc6\xf0_\xc3\x86\x0f\xbd\x83V\x9ar\x02\xbf\xa0+\xe2.i\x7fP\xebnW\x90\x8d\xc5\xc7w\t\xeb\xd9\xec\xd8\x87WA\xee\x15O]\xafI\x03\x9b\x9f\"\x1c\vMdKm\x7f$\"cIB#\xe1Zt\xc7\xc7\x9f\xa0\xd3\x18\x1d\t\xee\x86\xe8\xda\xae\xeeo\xf8s6WK5:\a\xa5\x89\x9a8\xb4\'\xf7\a\xe6\xbe\"<\xd2IS\x04\xb4\xb4\xee\x80\a\x9d\x1b\x15\xfa\xadAB\xdf\x17l\'7\xf9[\xe17\xcb\xdcF\xa4\xddW[#\xa5\x1cK&\x13\x1cF\x0e\xd5O\xf3\xd9\xc1\x0eYwk}\xbc \xe8\xd0l\xe1\xe2\x9a\x84\x00'/787) [ 172.741049][ T7737] bridge0: port 2(bridge_slave_1) entered forwarding state [ 172.748869][ T7737] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.755961][ T7737] bridge0: port 1(bridge_slave_0) entered forwarding state [ 172.864609][ T7740] chnl_net:caif_netlink_parms(): no params data found [ 172.911005][ T7737] 8021q: adding VLAN 0 to HW filter on device bond0 [ 172.967622][ T7737] 8021q: adding VLAN 0 to HW filter on device team0 [ 172.981159][ T7746] IPVS: ftp: loaded support on port[0] = 21 [ 172.997523][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 173.011932][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.031698][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.040556][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready 23:25:50 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) capset(&(0x7f0000001140)={0x19980330}, &(0x7f00009b3000)) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) [ 173.085924][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 173.098016][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.105141][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.119547][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 173.128633][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.135773][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.175447][ T7742] chnl_net:caif_netlink_parms(): no params data found [ 173.189601][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 173.200968][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 173.216362][ T7737] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 173.230205][ T7737] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 173.244089][ T7740] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.253000][ T7740] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.262355][ T7740] device bridge_slave_0 entered promiscuous mode [ 173.281107][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 173.292675][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 173.301480][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 173.327264][ T7740] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.338883][ T7740] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.346890][ T7740] device bridge_slave_1 entered promiscuous mode [ 173.365547][ T7750] IPVS: ftp: loaded support on port[0] = 21 [ 173.382374][ T7737] 8021q: adding VLAN 0 to HW filter on device batadv0 23:25:50 executing program 5: r0 = syz_open_dev$sndseq(&(0x7f0000000240)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x200000000bf}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505331, &(0x7f0000000300)={{}, {0x1ff}}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = gettid() timer_create(0x0, &(0x7f00000002c0)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{}, {0x0, 0x1c9c380}}, 0x0) tkill(r2, 0x1000000000013) [ 173.403840][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 173.465114][ T7740] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 173.502077][ T7740] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 173.518260][ T7742] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.526914][ T7742] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.536059][ T7742] device bridge_slave_0 entered promiscuous mode [ 173.568009][ T7742] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.577263][ T7742] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.585132][ T7742] device bridge_slave_1 entered promiscuous mode [ 173.641072][ T7742] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 173.661079][ T7740] team0: Port device team_slave_0 added [ 173.681392][ T7742] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 173.706339][ T7740] team0: Port device team_slave_1 added [ 173.717779][ T7753] IPVS: ftp: loaded support on port[0] = 21 [ 173.728791][ C0] hrtimer: interrupt took 48624 ns [ 173.753494][ T7746] chnl_net:caif_netlink_parms(): no params data found 23:25:51 executing program 0: gettid() ptrace$getregs(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = getpgid(0x0) shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil) shmctl$IPC_SET(0x0, 0x1, 0x0) epoll_wait(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$sock_inet6_tcp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) tgkill(0x0, 0x0, 0x0) prctl$PR_SET_MM_AUXV(0x23, 0xc, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x1f, 0x0) setgid(0x0) [ 173.791456][ T7742] team0: Port device team_slave_0 added 23:25:51 executing program 0: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000180)='bond0\x00\x16@\xea\xff\xff\x80\x00\x00\x02\xff', 0x0}, 0x30) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000380)=r0, 0x4) socket$inet(0x2, 0x4000000000000000, 0x7) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0) getresuid(0x0, &(0x7f0000001240), 0x0) getresuid(&(0x7f0000000780), 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_ifreq(r1, 0x8991, &(0x7f0000000140)={'bond0\x00\x16@\xea\xff\xff\x80\x00\x00\x02\xff', @ifru_names='bond_slave_1\x00'}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_ifreq(r1, 0x8990, &(0x7f0000000240)={'bond0\x00\x00\x00\n\x00!!\x00\x01\x00', @ifru_names='bond_slave_1\x00'}) getresuid(0x0, &(0x7f00000000c0), 0x0) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000280)={{{@in=@broadcast, @in6}}, {{@in6=@remote}, 0x0, @in=@empty}}, &(0x7f0000000080)=0xe8) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x10}, 0xc) syz_mount_image$reiserfs(&(0x7f00000003c0)='reiserfs\x00', &(0x7f0000000400)='./file0\x00', 0x10000, 0x1, &(0x7f00000005c0)=[{&(0x7f0000000500)="7248ce687bdbe23539d0dce18bbcf73b0fd82eea18516472a11b7be35086f1fd128004e1cfd3fdf444dacc9a0d3ff9fa85015b40fa9805523f22ce074e193e47d89c1de896f441693158f34147f575576394410c6f2573945766ba422fe1368790f6bf088cd5e110bd92c5ed26bbcccfb3f67d78961ed0877dbef13fe00f12fdb3f9ac5e", 0x84, 0x6}], 0x1000, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r2, 0x84, 0x1c, &(0x7f0000000000), &(0x7f0000000040)=0x4) write$binfmt_script(r2, &(0x7f0000000000)=ANY=[], 0x0) [ 173.842480][ T7740] device hsr_slave_0 entered promiscuous mode [ 173.882199][ T7740] device hsr_slave_1 entered promiscuous mode [ 173.971253][ T7742] team0: Port device team_slave_1 added [ 173.981185][ T7765] bond0: Releasing backup interface bond_slave_1 [ 174.104352][ T7768] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 174.164997][ T7750] chnl_net:caif_netlink_parms(): no params data found [ 174.174945][ T7765] bond0: Releasing backup interface bond_slave_1 23:25:51 executing program 0: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000180)='bond0\x00\x16@\xea\xff\xff\x80\x00\x00\x02\xff', 0x0}, 0x30) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000380)=r0, 0x4) socket$inet(0x2, 0x4000000000000000, 0x7) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0) getresuid(0x0, &(0x7f0000001240), 0x0) getresuid(&(0x7f0000000780), 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_ifreq(r1, 0x8991, &(0x7f0000000140)={'bond0\x00\x16@\xea\xff\xff\x80\x00\x00\x02\xff', @ifru_names='bond_slave_1\x00'}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_ifreq(r1, 0x8990, &(0x7f0000000240)={'bond0\x00\x00\x00\n\x00!!\x00\x01\x00', @ifru_names='bond_slave_1\x00'}) getresuid(0x0, &(0x7f00000000c0), 0x0) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000280)={{{@in=@broadcast, @in6}}, {{@in6=@remote}, 0x0, @in=@empty}}, &(0x7f0000000080)=0xe8) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x10}, 0xc) syz_mount_image$reiserfs(&(0x7f00000003c0)='reiserfs\x00', &(0x7f0000000400)='./file0\x00', 0x10000, 0x1, &(0x7f00000005c0)=[{&(0x7f0000000500)="7248ce687bdbe23539d0dce18bbcf73b0fd82eea18516472a11b7be35086f1fd128004e1cfd3fdf444dacc9a0d3ff9fa85015b40fa9805523f22ce074e193e47d89c1de896f441693158f34147f575576394410c6f2573945766ba422fe1368790f6bf088cd5e110bd92c5ed26bbcccfb3f67d78961ed0877dbef13fe00f12fdb3f9ac5e", 0x84, 0x6}], 0x1000, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r2, 0x84, 0x1c, &(0x7f0000000000), &(0x7f0000000040)=0x4) write$binfmt_script(r2, &(0x7f0000000000)=ANY=[], 0x0) [ 174.285611][ T7768] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 174.402424][ T7742] device hsr_slave_0 entered promiscuous mode [ 174.439140][ T7742] device hsr_slave_1 entered promiscuous mode [ 174.527839][ T7784] bond0: Releasing backup interface bond_slave_1 [ 174.639990][ T7787] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 174.659152][ T7746] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.666237][ T7746] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.677148][ T7746] device bridge_slave_0 entered promiscuous mode 23:25:52 executing program 0: fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) accept$inet(0xffffffffffffffff, 0x0, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x0, 0x0) syncfs(r0) r1 = gettid() pipe2(0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) getsockname$unix(0xffffffffffffffff, 0x0, 0x0) tkill(r1, 0x2001000000000016) [ 174.685589][ T7746] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.695271][ T7746] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.708284][ T7746] device bridge_slave_1 entered promiscuous mode [ 174.745989][ T7746] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 174.758415][ T7746] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 174.792576][ T7750] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.800286][ T7750] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.807808][ T7750] device bridge_slave_0 entered promiscuous mode [ 174.832563][ T7746] team0: Port device team_slave_0 added [ 174.844690][ T7750] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.852511][ T7750] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.861628][ T7750] device bridge_slave_1 entered promiscuous mode [ 174.884446][ T7746] team0: Port device team_slave_1 added [ 174.905083][ T7750] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 174.924739][ T7750] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 174.992016][ T7746] device hsr_slave_0 entered promiscuous mode [ 175.029456][ T7746] device hsr_slave_1 entered promiscuous mode [ 175.105744][ T7742] 8021q: adding VLAN 0 to HW filter on device bond0 [ 175.115901][ T7750] team0: Port device team_slave_0 added [ 175.124887][ T7750] team0: Port device team_slave_1 added [ 175.201898][ T7750] device hsr_slave_0 entered promiscuous mode [ 175.239177][ T7750] device hsr_slave_1 entered promiscuous mode [ 175.305366][ T7753] chnl_net:caif_netlink_parms(): no params data found [ 175.329778][ T7746] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.337288][ T7746] bridge0: port 2(bridge_slave_1) entered forwarding state [ 175.344710][ T7746] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.351781][ T7746] bridge0: port 1(bridge_slave_0) entered forwarding state [ 175.364460][ T7740] 8021q: adding VLAN 0 to HW filter on device bond0 [ 175.373932][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.381775][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.417715][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 175.426049][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 175.434306][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 175.442166][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 175.452741][ T7742] 8021q: adding VLAN 0 to HW filter on device team0 [ 175.475267][ T7740] 8021q: adding VLAN 0 to HW filter on device team0 [ 175.486921][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 175.496273][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 175.505115][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.512212][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 175.520419][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 175.529030][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 175.537299][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.544384][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 175.576342][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 175.584602][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 175.593480][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 175.611257][ T7753] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.618295][ T7753] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.626016][ T7753] device bridge_slave_0 entered promiscuous mode [ 175.634287][ T7753] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.641656][ T7753] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.649680][ T7753] device bridge_slave_1 entered promiscuous mode [ 175.657847][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 175.667019][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 175.675962][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 175.684597][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 175.693416][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 175.730487][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 175.738713][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 175.747128][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 175.755714][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 175.764682][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 175.773246][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 175.781655][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.788866][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 175.797002][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 175.810821][ T7753] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 175.821452][ T7753] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 175.837039][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 175.845570][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 175.854200][ T2990] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.861311][ T2990] bridge0: port 2(bridge_slave_1) entered forwarding state [ 175.893364][ T7742] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 175.903011][ T7746] 8021q: adding VLAN 0 to HW filter on device bond0 [ 175.912722][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 175.922086][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 175.930937][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 175.939469][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 175.947743][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 175.966448][ T7753] team0: Port device team_slave_0 added [ 175.979900][ T7742] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 175.992934][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 176.003633][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 176.021286][ T7750] 8021q: adding VLAN 0 to HW filter on device bond0 [ 176.030458][ T7753] team0: Port device team_slave_1 added [ 176.037708][ T7746] 8021q: adding VLAN 0 to HW filter on device team0 [ 176.049661][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 176.061394][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 176.069844][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 176.078002][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 176.089280][ T7740] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 176.100678][ T7740] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 176.131687][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready 23:25:53 executing program 2: r0 = open(&(0x7f0000000080)='./file1\x00', 0x400042, 0x0) keyctl$set_reqkey_keyring(0xe, 0x0) close(r0) getpeername$netlink(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) getsockname$netlink(r0, 0x0, &(0x7f0000000040)) [ 176.149492][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 176.157692][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 176.169030][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 176.178026][ T7745] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.185179][ T7745] bridge0: port 1(bridge_slave_0) entered forwarding state [ 176.194424][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 176.203723][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 176.214811][ T7745] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.222616][ T7745] bridge0: port 2(bridge_slave_1) entered forwarding state [ 176.231335][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 23:25:53 executing program 2: open(0x0, 0x0, 0x0) fcntl$lock(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, 0x0) recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = gettid() semctl$IPC_INFO(0x0, 0x0, 0x3, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) unlink(0x0) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) prctl$PR_GET_PDEATHSIG(0x2, 0x0) ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, 0x0) ioctl$FIGETBSZ(0xffffffffffffffff, 0x2, 0x0) tkill(r0, 0x1000000000016) [ 176.254397][ T7750] 8021q: adding VLAN 0 to HW filter on device team0 [ 176.293645][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready 23:25:53 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, 0x0) timerfd_create(0x0, 0x0) openat$cgroup_subtree(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.subtree_control\x00', 0x2, 0x0) eventfd(0x0) syncfs(0xffffffffffffffff) r0 = gettid() pipe2(0x0, 0x0) syz_open_procfs(0x0, 0x0) write$P9_RXATTRWALK(0xffffffffffffffff, 0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) getsockname$unix(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x2001000000000016) [ 176.303537][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 176.315325][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 176.326053][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 176.339138][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 176.364089][ T7740] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 176.401327][ T7753] device hsr_slave_0 entered promiscuous mode [ 176.439000][ T7753] device hsr_slave_1 entered promiscuous mode [ 176.487960][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 176.495696][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 176.504454][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 176.513228][ T7752] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.520319][ T7752] bridge0: port 1(bridge_slave_0) entered forwarding state [ 176.528089][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 176.536755][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 176.545106][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 176.553533][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 176.562002][ T7752] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.569067][ T7752] bridge0: port 2(bridge_slave_1) entered forwarding state [ 176.576520][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 176.585246][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 176.593723][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 176.602533][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 176.610822][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 176.619549][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 176.634288][ T7746] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 176.659073][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 176.668929][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 176.685752][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 176.730551][ T7746] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 176.738300][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 176.746742][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 176.755568][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 176.764173][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 176.772846][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready 23:25:54 executing program 1: syz_emit_ethernet(0x66, &(0x7f0000000080)={@local, @random="029cce98941b", [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3580], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff89, 0x0, 0x0, 0x0, [0x14], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3], 0x4100}, @mcast2}}}}}}}, 0x0) 23:25:54 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) sched_getparam(0x0, 0x0) syncfs(0xffffffffffffffff) gettid() pipe2(0x0, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) setrlimit(0xd694a72aa74d79e0, 0x0) [ 176.781179][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 176.789809][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 176.801344][ T7750] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 176.899376][ T7750] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 177.087323][ T7753] 8021q: adding VLAN 0 to HW filter on device bond0 23:25:54 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) fgetxattr(r0, &(0x7f0000000000)=@known='system.sockprotoname\x00', 0x0, 0x0) [ 177.153902][ T227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 177.168738][ T7833] capability: warning: `syz-executor.4' uses 32-bit capabilities (legacy support in use) [ 177.172569][ T227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 23:25:54 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) capset(&(0x7f0000001140)={0x19980330}, &(0x7f00009b3000)) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) [ 177.206226][ T7753] 8021q: adding VLAN 0 to HW filter on device team0 [ 177.254785][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 177.267866][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 177.288599][ T7752] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.295743][ T7752] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.335271][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 177.344137][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 177.357543][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 177.365988][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.373041][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 177.381348][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 177.390298][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 177.414571][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 177.423418][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 177.432027][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 177.441310][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 177.450712][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 177.459020][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 177.467138][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 177.476200][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 177.485073][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 177.506580][ T7753] 8021q: adding VLAN 0 to HW filter on device batadv0 23:25:55 executing program 5: r0 = socket$inet(0x2, 0x3, 0x1c) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0adc5f123c123f319bd070") bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x11, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1}]}, &(0x7f0000000040)='syzkaller\x00', 0x1, 0x49c, &(0x7f0000002880)=""/251}, 0x48) 23:25:55 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000200)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2e, 0x17, 0x0, 0x0, 0xffffff80}}, &(0x7f0000000240)='EP\xd4\x00\x1f\x91\xeb/W\xb72$C0%\x03\x9c0\x96\xb2\fkC\x93H\xbfh\x9c\b`\x857\xd6\">c\xad\xc0bO\xba\xe2\xe1\t5\x9d\xcei\"2L\xcc\x13\x16\vh\xca\xe6C\x06\x97%\x9d\xd5-\x1fs\xe1j\xdc5\x92\xd0)%\xdf\xfa\xe8^\x9c\xd29\x8clg\xc8\x7f\xb5\xb1&\x02\xf1E\xb4\x84\xbeE\x91)f\xe8\xb7\xe2\xf6`i\xc5m\xd7l\x1d\xc1\x12\x01<:kM\xe9\x99\xcd\xcd\xc8\x85Z\xee47\xdc\xc8u\x80\xcf\xbeTo\xbb\xfb\xc0\xebV\xd8\xbb\xbe\xa2\x90J|s\xc2', 0x1, 0x348, &(0x7f0000000480)=""/195, 0x0, 0x0, [0x42]}, 0x48) 23:25:55 executing program 2: r0 = gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000029000)={0xffffffffffffffff, 0xffffffffffffffff}) readv(0xffffffffffffffff, &(0x7f0000000140), 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000b28000)=0x3e) fcntl$setsig(r1, 0xa, 0x12) poll(&(0x7f0000b2c000)=[{r2}], 0x1, 0xfffffffffffffff8) r3 = dup2(r1, r2) fcntl$setown(r3, 0x8, r0) tkill(r0, 0x16) 23:25:55 executing program 3: syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)={[{@creator={'creator', 0x3d, "4ef8ea2c"}}]}) 23:25:55 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) capset(&(0x7f0000001140)={0x19980330}, &(0x7f00009b3000)) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) 23:25:55 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f063c123f3188b070") syz_emit_ethernet(0x3a, &(0x7f0000000080)={@local, @broadcast, [], {@ipv4={0x800, {{0x6, 0x4, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @remote={0xac, 0x14, 0x223}, {[@rr={0xffffff86, 0x3}]}}, @icmp=@timestamp_reply}}}}, 0x0) [ 178.396274][ T7852] hfs: creator requires a 4 character value 23:25:55 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) capset(&(0x7f0000001140)={0x19980330}, &(0x7f00009b3000)) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) 23:25:55 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x0, 0xfffffffffffffffc}, 0x4) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000180)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0xfff}]}, 0x10) bind$inet(r0, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) write$binfmt_elf32(r0, &(0x7f0000003200)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38}, [{}], "15c4091343215d017f4e9c1e8f9d40373178fc243b42f7964873aef4cdeb22aa6afccebe5774baa8efb752f5a17ed262ce0e65cff4109755ea56bf706b3380d987c4e0ae78b4f8b93ebdc627080f08bd2da5ee1e7769b02dfa7cdd592ba61962da6947ff076cf155aec7c76dd15f97e8fb1b3fddafec3b8372ad0156063fe99ef0fdae56feba68a33b360bdef4f714b609f6cbcf202c7abb08fddd81ae1991cb5bd13062a629b1f8ae610b20b577ef45b2250bfeb99cea72b91d36c361dd24a719e37630e7b79f74fc358318a2c366549fc00aff3ee0c9a1d53177a496d7c8fe8d9c83d99bf0096efeab9f181720209cb5975a806e6000d7b21717a151851c2b845356160b25507e636a33909ced8addafc043203db3c425ad84d3d3f16153a74d2289c7eccb3c1d76f45a68443c6f64199b0d7cdb5e5db50855285c180fe28fc22af59d4158a09e736656edaec9c7ae7a215899b20bb8cf77c3faa94ef8dd7273871789ed98b38ae6d9867392daee4b4d39cf711e0db6bb10cfd63aa517f4c76d9f1994deb0fd8e9fc00f7166138888a4d64ad07d9267936ebfc660eff1834aba39174c90d1129984771b9aff2bffc2419c12a41b6fc4a57abc0ef243712dd42f76d88c3fc5b12149ab10ace3abe5c01a8494d66fdb268ff028db34860c7fe52aa6d9fecd89a4e89a740bee30e7a216a8b7bd21cf1f865552e89b7c41ecdaaa36003e8c083f12da9a15b4bf432dca6665ac7ba2a8b76c85866ad98e3a1ec175bf7d9d839a26a53e16853498dd35f84bbe325656d117fc117cfe4df252f03ab35e8f7253d51b935e9914c8173b8cf18119f839ae5ecdea395b09474d87f693dc7384349bbb100c371e14e28a468e2f0fea6fac52cce42efbfd95cd545fb58559481bf827e5d9b6a67362c578b97879c3d5d26f0ea57505e7e55f307ba5e6ec0f4c8485c384754ca55034e7cf6ff8aeb0f0a8588eb540fe0c1561d04740188ed92b899c19110dc5726c4129e052da5928f06f5488787a4823cf4b0117ebcc49d6bdc9da9390d77e62c6fb06d02c9ac288dcf676fa2b4845ace578f6b908c2b2fde8d819644b801834b65e0950f431318ccf42fef729f2b1cbf8d1d8169d67d4e449dcdd6359472b68ba09837b52a1726136c97ddb6464c77b708e2acb70a63486e8420bf147db85fabd1c176513738def4ab90fe1b4d5f24675b0b61a9d58b775d56f0e44d3ae4c4ea38f9ae33b11d3429cb7a4724e7f36babcf2e7d3eb9a367d317337981e0802a4ef57fd1191cf199ff45698d386438ebefb9bbfde879b083cedcb70b0664514784d3b4cdf446d956731a41e38ce3d45c4684bde36c74d6a22380732452769cbe5e59cd563222e64db12fbfaba27c8c8d642427ccff746a1c7c8090433387509e7e3debd672a7355eead08995826f86aec228c5cf6c1afe57cc2f34306cc3de2ca240112f5e40785f49afa7c35d3102592f0c5514cc221056103a7cf3ebcda14fa76087dbcc18328ef69deb24c3e80d71b90963e0987d1869d070fc84a65084c62ef7b7d5ab312bddc3da663da11cd30d8e258995951ee1dc4f088451720c6b08c5b2a70fa4768be1d225011b6fc3f34d2b97c1ed401fc8693c03a3b3f98f4be4c3ff18ac509e3e5f5b087ca08b01a197ea33d4a5002cb82782e67a96dee1aa127d3c4b2fa6a781d21342679ce7e517f70819589d4d5d74908eb6640da49db7564d84bd525c5f75c5592e559fe2a5664c87ab3f03519a887adf70a23e093dd6f3c3807bb3648710a779a3718a9a83d5dee461459624e1683a27333cb1ece729dbb21095bcbee7060d6251a82f947ca4af72cf548520e72e1b17e36148e42998291d41aa5a3261c4af6d0583048b904fee345781f69890a59e5b844724323bde29d1797676aa44a5a63937e0af393aab531dbe634851c6610a5b4570aaf5b2901e737eba98e8a837bed07ef7f6f0ad292a85e34400d621c4c08faffb46bfe27a8eedc3cf87076745dbd5d3d15a0a360702edb69bcfb6c3e69cd37bc7911e33615d79bbba35dc390bbcc313e495d43e06117d88ade505222eef291426b4d7dcba022ff1c78c4e5a919e6c090d88f5a7f953156bf1fc0bffb748ec8c97d78062cfb542078c5820432477c048fdeaa23219b6bd7f7e642d250adf7430ae87eefbcb6aa2993f49ed0e37eb547916b9a5b1437060600402319589299de5760aa6212b0309401586a81724ef4ad78f13b570b6fc5d451ea9deac8e413ffd48b68bdc2ece1c202e04adcdef807ed519d983b8eaa042a738e291a89c71d57d684d6317574d932eddb198ca25baba0318dddbf80bcf2ac88386caf90e57e95d62d3b491ecc09b1dbf001908a0bb6e6ad4cf2ebd54339851a457f42fc1165cc26887aa8f0c360a958c4700d291aa7749b978ade140ef72f3414f54be054ab5577566a24f36dbc41488425b810401043a3f9678db19e599f1df07ac16c3dd920fcd0718318ccd422e18529a4a4f0241692d22d9220ab9e926ac8c74d86aa75e4adfdccc5c5496f2f8af150bbf072e21ebcd966d06e2c383fb267c9751aec691b876cb475d1780f51db25051a76ad257e37558a00c7db2be385367112092045ffd0598418c647a7cd8f87320ef4407e4a177e34a61bb032f61c652e6160806b3ab9706c0bd94acc0e863f7c997b60ec37d9cfcca07b6da0ce7b40e98c6e53d9e1b4bfcf764212910c512b5f88fa86b5d7c51ee64047011181d144790cea6fc4fb58f070b0ce735bd1ec85e9ca9c60a5e3d6191c255e219e46dedde1d61ecfceff7e4af2b4e0fb46e3d8c29e79c6cd5b9bd4e6603cb69bcbf18255e64205183a0ff70ff78f369f7a95978e66ee1f299a17369c73d1f446a83edfdcf2670e7227e08fa4b564a7f7465936c88b570953dbb42d0b40ad26dc21f90dda4473a9e203258a0a563270912c54b8774d738f00acf9f316c6340a03cfcf719ce4008e0476eefbb05cb6fb1cfca3a8073ba45a8624d5dd7b7ca6b4311f9fb3d25982bcec838932966ef05cc6d9c5eaba3512df15c7fda553cc8042df50cc4ea958d42c143e43978432df51ac01a227e6c25cda620051d2f016dbe508e6e2f7ef15276c0d868a632edca82c29c414621b215805f15d1699f02cfe5ad29ece5f15a07391b9b77b68ac4b919a37548c21f76a8332c970008c5c0a7370d2a8cf1b45722f5e456231c810307e08bf4da7e283e6714ebbffe75beafaccd3702594db17d0630085f6c09fb045639554f0000350ea1b81b5e7c2771982ca729f267b6e2b146cacb5a8530a9830331be31d6a7e339254b3b926a71ef29807d0ca304a453238b9b06921a9c96499de01df25b0559a4089f0b31a09c029437c629aae666b7055c14ed06ad2d2aa4042ef2360a991048d4af49e0b40639967dc1d94058c2db3304ffe48304e6a5ac99df951312cf153c4cf82519276992284f9bb7c8f87d999f9cb7d2061d1ab5708dc238dd5766a29fd0a68eb589e0897d4f7595f1fe079917c82d8712b168605fc054827e1240ddcae1bd37df1914b354dc6ff3b06cfcd0b83d8d60bab25bf5cd34d8502dffafa7bcd6db6131d284faf5078801a411eec5c90d0e112b757d8cc9bc8402e41111ac4e16cc3a569cddabbd6a385339acedee42708eb50b4650d6acd63c6b983ff3d0da5db3a07507c396ad4e7cfe7d49fbf6576976deec91eb61582cea74a60c8d8ac2157e34b8058453d368d25a91e058d47014efc1794a9ad768dea73a8f3e52ff7c85e142a8498de1258671e111d6e83d577372df8c4954bb9cbd86e4ae8be037a27bf50ab422464308fd4a0c821a2c8d55352d3f8408e26f5d87f15b720388e143d5352a1f53e4c28fdbc0e422d8949c3abbaf6eb758b35768730bd32250a9aafa35c979f6fd06a52863ee599f32fce66b0db3012c189157d149f7300dd2db58f685e3bd65d7d15d637b8556ce4d7e910a33a7b3c9e80562b587da2442ea4390db496c13e28514805caf59bdefca126ba3872267b20d17a254d70dbd9c0bcc6496859d15c5041c117dd3e366e889f44b03c03209d39198d6ae8dda71c8eb723a6d6c4536cd62509b1e2553ecddf3bdfa80f21dcda0c20098aa1cbe216aa215577638304e3da0bc33041008a9a24611143637413bc7d8e300e45734a3c7b9ca2162a2af153a0e288e3c19ba29f942df13b34d82972540c89fe0f90b4c679763d095e4405ee0201b869723b19c41e8ca8e4d68c23bc74c8e88d6aede06eecbf8dd60ea058012cd8249c53a5c4c3bf52bdcaffa2a5c8eed92b33f0809016c5e4839235332dc2885bab9976cf1c0288b7c6ae5be57e9ca808d51db35b462be34e00e61a0b26d3daa7172a23b1dcc224a835b68f8d07ec55af56450a131d7c020a7dd5d60cf0180c6c06c8ec4cabe1a98dc749223f647c81109d946563401668831a121df2173ec589c8dee269f7e83a7a13b476b7d60ac4aef1a47a228380def900c115d3c645a7e7dcdf2e27ff7ce489067c804ed4b948e776919307ba0d9a616eb61e9d7c6439b7f805f5155a1fdc3b0118ad9818ba7157f80ab169e603676dd913931723a9ca9a4ac08c343ad2cc07bd3f575b5c9998af774654e5e40da94d837042ebb7a75552da40f588fffedd7095040e3b981d977792f074c2efad81c2cde58a4f4de7ec5309bb079149b2b98ebad7e5092c6d50af5184198b863c3a16cc0401ad8774daf430d2dac19e74b42c12aca011f69c5f0f1e9f5ae0e402ccbf58d912272d76bdc001dd84efad10acd1712eb1061eb2a121e91b67604d890e5e1d30a75d15c1fa96e7d54dbacf25ed5194bd4d992fb5be1bb5205b84ad268d7388c84a37f6ff5b0db3bc9a1600802105b339343c4ee717220d294f0900bf38aad26ed552ab24fa09ff53cfca7542acde12abb93f3ab57dc621e1e29c31e9d700e1d8dd0004eee07b08da5ff036c53f4716e93470f230cad325ec8c6f4be4f4217e20c25c3e36a55be0b846de80086fba91e6e556a73535856020b440c57b9a7f86c02fff8e39ff1f5a548c176184da73fe01bdb3c2a2f47652194bbb58c328f697191bebf72e6e0919c3bf324fa4c8e3faa291246afb3cc3829ac0bb308a344103204df913237584ac72441fa3a354898a577bb7ef1b50e9f3f25d140673f53063a761dec8a70d4cba60ea8462d540d50d791526f9bdcad0b49a3094e6b373ed38aec8736c095dd546d8d23846d2cfc229185551244caeb252bed0b792038b9fda8a4525545b531eeafa75fbeaaa4d00f4f5ad3ace2c35979e64b610e0dec6c6f1309ed17dff3f45a4044ada856b64eab45890b30bc99dd2", [[], [], [], [], [], [], []]}, 0x1619) 23:25:55 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PDEATHSIG(0x1, 0x0) [ 178.475064][ T7852] hfs: unable to parse mount options 23:25:56 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) mremap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffd000/0x2000)=nil) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000280)={'veth1_to_team\x00', &(0x7f0000001e00)=@ethtool_gstrings={0x1b, 0x4}}) 23:25:56 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x9}) [ 178.552193][ T7875] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7875 [ 178.561612][ T7875] caller is sk_mc_loop+0x1d/0x210 [ 178.566648][ T7875] CPU: 0 PID: 7875 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 178.575663][ T7875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 178.585723][ T7875] Call Trace: [ 178.589022][ T7875] dump_stack+0x172/0x1f0 [ 178.593379][ T7875] __this_cpu_preempt_check+0x246/0x270 23:25:56 executing program 2: r0 = open$dir(&(0x7f00000000c0)='.\x00', 0x0, 0x0) mknodat(r0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) renameat2(r0, &(0x7f0000000040)='./file0\x00', r0, &(0x7f0000000100)='./file1\x00', 0x0) 23:25:56 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) capset(&(0x7f0000001140)={0x19980330}, &(0x7f00009b3000)) preadv(0xffffffffffffffff, &(0x7f0000000480), 0x1000000000000237, 0x0) [ 178.598964][ T7875] sk_mc_loop+0x1d/0x210 [ 178.603226][ T7875] ip_mc_output+0x2ef/0xf70 [ 178.607769][ T7875] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 178.612910][ T7875] ? ip_append_data.part.0+0x170/0x170 [ 178.618410][ T7875] ? ip_make_skb+0x1b1/0x2c0 [ 178.622984][ T7875] ? ip_reply_glue_bits+0xc0/0xc0 [ 178.628007][ T7875] ip_local_out+0xc4/0x1b0 [ 178.632431][ T7875] ip_send_skb+0x42/0xf0 [ 178.636671][ T7875] udp_send_skb.isra.0+0x6b2/0x1180 [ 178.641883][ T7875] ? xfrm_lookup_route+0x5b/0x1f0 [ 178.646894][ T7875] udp_sendmsg+0x1dfd/0x2820 [ 178.651481][ T7875] ? ip_reply_glue_bits+0xc0/0xc0 [ 178.656521][ T7875] ? udp4_lib_lookup_skb+0x440/0x440 [ 178.661792][ T7875] ? ___might_sleep+0x163/0x280 [ 178.666631][ T7875] ? __might_sleep+0x95/0x190 [ 178.671290][ T7875] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 178.676908][ T7875] ? aa_sk_perm+0x288/0x880 [ 178.681570][ T7875] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 178.687099][ T7875] inet_sendmsg+0x147/0x5e0 [ 178.691585][ T7875] ? udp4_lib_lookup_skb+0x440/0x440 [ 178.696870][ T7875] ? inet_sendmsg+0x147/0x5e0 [ 178.701540][ T7875] ? ipip_gro_receive+0x100/0x100 [ 178.706561][ T7875] sock_sendmsg+0xdd/0x130 [ 178.710993][ T7875] sock_write_iter+0x27c/0x3e0 [ 178.715756][ T7875] ? sock_sendmsg+0x130/0x130 [ 178.720425][ T7875] ? aa_path_link+0x460/0x460 [ 178.725084][ T7875] ? find_held_lock+0x35/0x130 [ 178.729826][ T7875] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 178.736053][ T7875] ? iov_iter_init+0xee/0x220 [ 178.740714][ T7875] new_sync_write+0x4c7/0x760 [ 178.745373][ T7875] ? default_llseek+0x2e0/0x2e0 [ 178.750209][ T7875] ? common_file_perm+0x238/0x720 [ 178.755226][ T7875] ? __fget+0x381/0x550 [ 178.759368][ T7875] ? apparmor_file_permission+0x25/0x30 [ 178.764912][ T7875] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 178.771149][ T7875] ? security_file_permission+0x94/0x380 [ 178.776767][ T7875] __vfs_write+0xe4/0x110 [ 178.781081][ T7875] vfs_write+0x20c/0x580 [ 178.785327][ T7875] ksys_write+0xea/0x1f0 [ 178.789566][ T7875] ? __ia32_sys_read+0xb0/0xb0 [ 178.794332][ T7875] ? do_syscall_64+0x26/0x610 [ 178.799004][ T7875] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 178.805055][ T7875] ? do_syscall_64+0x26/0x610 [ 178.809727][ T7875] __x64_sys_write+0x73/0xb0 [ 178.814324][ T7875] do_syscall_64+0x103/0x610 [ 178.818903][ T7875] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 178.824779][ T7875] RIP: 0033:0x4582b9 [ 178.828653][ T7875] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 178.848242][ T7875] RSP: 002b:00007f9ec2b9cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 178.856737][ T7875] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 178.864694][ T7875] RDX: 0000000000001619 RSI: 0000000020003200 RDI: 0000000000000003 [ 178.872663][ T7875] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 178.880616][ T7875] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9ec2b9d6d4 [ 178.888567][ T7875] R13: 00000000004c7a03 R14: 00000000004ddaa8 R15: 00000000ffffffff [ 178.897380][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 178.903375][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 178.963592][ T7852] hfs: creator requires a 4 character value [ 178.978496][ T7884] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 179.024030][ T7852] hfs: unable to parse mount options 23:25:56 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) capset(&(0x7f0000001140)={0x19980330}, &(0x7f00009b3000)) preadv(0xffffffffffffffff, &(0x7f0000000480), 0x1000000000000237, 0x0) 23:25:56 executing program 5: accept$unix(0xffffffffffffff9c, 0x0, &(0x7f0000000080)) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) keyctl$read(0xb, 0xfffffffffffffffd, &(0x7f0000000000)=""/4, 0xfffffffffffffd5c) 23:25:56 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x177, 0x29) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) recvmmsg(r0, &(0x7f0000000680)=[{{0x0, 0x0, 0x0}}], 0x1, 0x203f, 0x0) 23:25:56 executing program 3: open(0x0, 0x0, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x41, 0x0, 0x0) r0 = gettid() getsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) write$P9_RSYMLINK(0xffffffffffffffff, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) keyctl$restrict_keyring(0x1d, 0x0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) timer_create(0x0, 0x0, 0x0) write$P9_RSTAT(0xffffffffffffffff, 0x0, 0xfffffffffffffe6d) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x1000000000016) 23:25:56 executing program 0: symlink(0x0, 0x0) unlink(0x0) pipe(0x0) getpeername$unix(0xffffffffffffffff, 0x0, 0x0) r0 = gettid() utimes(0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_create(0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, 0x0) chmod(0x0, 0x0) chmod(&(0x7f0000000000)='./file0\x00', 0x0) tkill(r0, 0x1000000000016) [ 179.226124][ T7909] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 179.254934][ T7909] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7909 [ 179.264340][ T7909] caller is ip6_finish_output+0x335/0xdc0 23:25:56 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) capset(&(0x7f0000001140)={0x19980330}, &(0x7f00009b3000)) preadv(0xffffffffffffffff, &(0x7f0000000480), 0x1000000000000237, 0x0) 23:25:56 executing program 1: r0 = open(&(0x7f0000000140)='.\x00', 0x143042, 0x0) ptrace$peekuser(0x3, 0x0, 0x0) write$P9_RREADDIR(r0, 0x0, 0x0) 23:25:56 executing program 5: symlink(0x0, 0x0) unlink(0x0) r0 = gettid() utimes(0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) rmdir(0x0) clock_gettime(0x0, 0x0) openat$cgroup_subtree(0xffffffffffffffff, 0x0, 0x2, 0x0) ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, 0x0) socket$inet(0x2, 0x800, 0x7fff) socketpair(0x2, 0x1, 0x400, &(0x7f00000001c0)) accept4$unix(0xffffffffffffffff, &(0x7f00000033c0), &(0x7f0000003440)=0x6e, 0x800) socketpair(0x7, 0x1, 0x81, &(0x7f0000003480)) fchmodat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x1) socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) tkill(r0, 0x1000000000016) [ 179.270134][ T7909] CPU: 1 PID: 7909 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 179.279158][ T7909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 179.289232][ T7909] Call Trace: [ 179.292533][ T7909] dump_stack+0x172/0x1f0 [ 179.296920][ T7909] __this_cpu_preempt_check+0x246/0x270 [ 179.302477][ T7909] ip6_finish_output+0x335/0xdc0 [ 179.307419][ T7909] ip6_output+0x235/0x7f0 [ 179.311750][ T7909] ? ip6_finish_output+0xdc0/0xdc0 [ 179.316872][ T7909] ? ip6_fragment+0x3980/0x3980 [ 179.321709][ T7909] ? ip_reply_glue_bits+0xc0/0xc0 [ 179.326761][ T7909] ip6_local_out+0xc4/0x1b0 [ 179.331262][ T7909] ip6_send_skb+0xbb/0x350 [ 179.335676][ T7909] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 179.341115][ T7909] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 179.346824][ T7909] udpv6_sendmsg+0x21e3/0x28d0 [ 179.351586][ T7909] ? ip_reply_glue_bits+0xc0/0xc0 [ 179.356614][ T7909] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 179.362588][ T7909] ? mark_held_locks+0xf0/0xf0 [ 179.367359][ T7909] ? __lock_acquire+0x548/0x3fb0 [ 179.372290][ T7909] ? __local_bh_enable_ip+0x15a/0x270 [ 179.377747][ T7909] ? release_sock+0x158/0x1c0 [ 179.382412][ T7909] ? __local_bh_enable_ip+0x15a/0x270 [ 179.387768][ T7909] ? _raw_spin_unlock_bh+0x31/0x40 [ 179.392891][ T7909] inet_sendmsg+0x147/0x5e0 [ 179.397408][ T7909] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 179.403372][ T7909] ? inet_sendmsg+0x147/0x5e0 [ 179.408028][ T7909] ? ipip_gro_receive+0x100/0x100 [ 179.413050][ T7909] sock_sendmsg+0xdd/0x130 [ 179.417474][ T7909] __sys_sendto+0x262/0x380 [ 179.421990][ T7909] ? __ia32_sys_getpeername+0xb0/0xb0 [ 179.427366][ T7909] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 179.433636][ T7909] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 179.439087][ T7909] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 179.444527][ T7909] ? do_syscall_64+0x26/0x610 [ 179.449194][ T7909] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 179.455257][ T7909] __x64_sys_sendto+0xe1/0x1a0 [ 179.460006][ T7909] do_syscall_64+0x103/0x610 [ 179.464580][ T7909] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 179.470462][ T7909] RIP: 0033:0x4582b9 [ 179.474361][ T7909] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 179.493965][ T7909] RSP: 002b:00007f4b63f81c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 179.502367][ T7909] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 179.510332][ T7909] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 179.518291][ T7909] RBP: 000000000073bf00 R08: 0000000020000140 R09: 000000000000001c [ 179.526240][ T7909] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4b63f826d4 [ 179.534197][ T7909] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 179.546009][ T7909] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7909 [ 179.555425][ T7909] caller is sk_mc_loop+0x1d/0x210 [ 179.560504][ T7909] CPU: 1 PID: 7909 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 179.560513][ T7909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 179.560519][ T7909] Call Trace: [ 179.560539][ T7909] dump_stack+0x172/0x1f0 [ 179.560565][ T7909] __this_cpu_preempt_check+0x246/0x270 [ 179.560580][ T7909] sk_mc_loop+0x1d/0x210 [ 179.597136][ T7909] ip6_finish_output2+0x17a5/0x2550 [ 179.602345][ T7909] ? find_held_lock+0x35/0x130 [ 179.607132][ T7909] ? ip6_mtu+0x2e6/0x460 [ 179.611394][ T7909] ? ip6_forward_finish+0x580/0x580 [ 179.616600][ T7909] ? lock_downgrade+0x880/0x880 [ 179.621467][ T7909] ? rcu_read_unlock_special+0xf3/0x210 [ 179.627033][ T7909] ip6_finish_output+0x614/0xdc0 [ 179.631978][ T7909] ? ip6_finish_output+0x614/0xdc0 [ 179.637096][ T7909] ip6_output+0x235/0x7f0 [ 179.641439][ T7909] ? ip6_finish_output+0xdc0/0xdc0 [ 179.641460][ T7909] ? ip6_fragment+0x3980/0x3980 [ 179.641476][ T7909] ? ip_reply_glue_bits+0xc0/0xc0 [ 179.641497][ T7909] ip6_local_out+0xc4/0x1b0 [ 179.641518][ T7909] ip6_send_skb+0xbb/0x350 [ 179.641536][ T7909] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 179.641549][ T7909] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 179.641567][ T7909] udpv6_sendmsg+0x21e3/0x28d0 [ 179.641579][ T7909] ? ip_reply_glue_bits+0xc0/0xc0 [ 179.641597][ T7909] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 179.641611][ T7909] ? mark_held_locks+0xf0/0xf0 [ 179.641630][ T7909] ? __lock_acquire+0x548/0x3fb0 [ 179.641643][ T7909] ? __local_bh_enable_ip+0x15a/0x270 [ 179.641670][ T7909] ? release_sock+0x158/0x1c0 [ 179.702199][ T7909] ? __local_bh_enable_ip+0x15a/0x270 [ 179.702218][ T7909] ? _raw_spin_unlock_bh+0x31/0x40 [ 179.702239][ T7909] inet_sendmsg+0x147/0x5e0 [ 179.702256][ T7909] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 179.702268][ T7909] ? inet_sendmsg+0x147/0x5e0 [ 179.702282][ T7909] ? ipip_gro_receive+0x100/0x100 [ 179.702301][ T7909] sock_sendmsg+0xdd/0x130 [ 179.702319][ T7909] __sys_sendto+0x262/0x380 [ 179.702353][ T7909] ? __ia32_sys_getpeername+0xb0/0xb0 [ 179.702383][ T7909] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 179.763488][ T7909] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 179.768958][ T7909] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 179.774425][ T7909] ? do_syscall_64+0x26/0x610 [ 179.779200][ T7909] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 179.785287][ T7909] __x64_sys_sendto+0xe1/0x1a0 [ 179.790068][ T7909] do_syscall_64+0x103/0x610 [ 179.794670][ T7909] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 179.800566][ T7909] RIP: 0033:0x4582b9 [ 179.804466][ T7909] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 23:25:57 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) open$dir(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f0000000180)=""/65, 0x41) [ 179.824073][ T7909] RSP: 002b:00007f4b63f81c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 179.832491][ T7909] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 179.840892][ T7909] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 179.848878][ T7909] RBP: 000000000073bf00 R08: 0000000020000140 R09: 000000000000001c [ 179.856849][ T7909] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4b63f826d4 [ 179.864843][ T7909] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff 23:25:57 executing program 5: mmap(&(0x7f0000000000/0xff7000)=nil, 0xff7000, 0xfffffffffffffffd, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000000)="fe63ddf373354b78415427aba8a849a6", 0x10) 23:25:57 executing program 1: symlink(0x0, 0x0) unlink(0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getpeername$unix(r0, 0x0, 0x0) r1 = gettid() utimes(0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) symlink(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0\x00') timer_create(0x0, 0x0, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)={@local, @loopback, 0x0, 0x7, [@loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x1, @multicast2, @broadcast, @multicast1, @loopback]}, 0x2c) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r1, 0x1000000000016) [ 179.956494][ T7911] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7911 [ 179.966134][ T7911] caller is ip6_finish_output+0x335/0xdc0 [ 179.971962][ T7911] CPU: 1 PID: 7911 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 179.980996][ T7911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 179.981002][ T7911] Call Trace: [ 179.981027][ T7911] dump_stack+0x172/0x1f0 [ 179.981055][ T7911] __this_cpu_preempt_check+0x246/0x270 [ 179.981078][ T7911] ip6_finish_output+0x335/0xdc0 [ 179.981103][ T7911] ip6_output+0x235/0x7f0 [ 179.981129][ T7911] ? ip6_finish_output+0xdc0/0xdc0 [ 180.009229][ T7911] ? ip6_fragment+0x3980/0x3980 [ 180.009247][ T7911] ? ip_reply_glue_bits+0xc0/0xc0 [ 180.009267][ T7911] ip6_local_out+0xc4/0x1b0 [ 180.009288][ T7911] ip6_send_skb+0xbb/0x350 [ 180.009310][ T7911] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 180.009324][ T7911] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 180.009348][ T7911] udpv6_sendmsg+0x21e3/0x28d0 23:25:57 executing program 0: setxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, 0x0) ioctl$sock_inet6_udp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) getrandom(0x0, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) getpeername$unix(r0, 0x0, &(0x7f0000000700)) [ 180.009365][ T7911] ? ip_reply_glue_bits+0xc0/0xc0 [ 180.009388][ T7911] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 180.009409][ T7911] ? mark_held_locks+0xf0/0xf0 [ 180.069154][ T7911] ? __lock_acquire+0x548/0x3fb0 [ 180.074101][ T7911] ? __local_bh_enable_ip+0x15a/0x270 [ 180.079493][ T7911] ? release_sock+0x158/0x1c0 [ 180.079525][ T7911] ? __local_bh_enable_ip+0x15a/0x270 [ 180.079543][ T7911] ? _raw_spin_unlock_bh+0x31/0x40 [ 180.079562][ T7911] inet_sendmsg+0x147/0x5e0 [ 180.079578][ T7911] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 23:25:57 executing program 1: open(&(0x7f00000001c0)='./file0\x00', 0x10143042, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) r0 = gettid() write$P9_RWSTAT(0xffffffffffffffff, 0x0, 0xfffffffffffffe37) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) prctl$PR_SET_KEEPCAPS(0x8, 0x0) stat(0x0, 0x0) getcwd(0x0, 0x0) fcntl$setsig(0xffffffffffffffff, 0xa, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) tkill(r0, 0x1000000000016) [ 180.079590][ T7911] ? inet_sendmsg+0x147/0x5e0 [ 180.079605][ T7911] ? ipip_gro_receive+0x100/0x100 [ 180.079631][ T7911] sock_sendmsg+0xdd/0x130 [ 180.079653][ T7911] __sys_sendto+0x262/0x380 [ 180.123816][ T7911] ? __ia32_sys_getpeername+0xb0/0xb0 [ 180.129232][ T7911] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 180.135493][ T7911] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 180.140966][ T7911] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 180.146430][ T7911] ? do_syscall_64+0x26/0x610 [ 180.151119][ T7911] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe 23:25:57 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) [ 180.157543][ T7911] __x64_sys_sendto+0xe1/0x1a0 [ 180.162321][ T7911] do_syscall_64+0x103/0x610 [ 180.166922][ T7911] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 180.172814][ T7911] RIP: 0033:0x4582b9 [ 180.176723][ T7911] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 180.196328][ T7911] RSP: 002b:00007f4b63f60c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 180.204742][ T7911] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 180.212716][ T7911] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 180.221018][ T7911] RBP: 000000000073bfa0 R08: 0000000020000140 R09: 000000000000001c [ 180.228984][ T7911] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4b63f616d4 [ 180.228995][ T7911] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 180.299028][ T7911] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7911 [ 180.308410][ T7911] caller is sk_mc_loop+0x1d/0x210 [ 180.313590][ T7911] CPU: 0 PID: 7911 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 180.322609][ T7911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 180.333073][ T7911] Call Trace: [ 180.336369][ T7911] dump_stack+0x172/0x1f0 [ 180.340720][ T7911] __this_cpu_preempt_check+0x246/0x270 [ 180.346277][ T7911] sk_mc_loop+0x1d/0x210 [ 180.350532][ T7911] ip6_finish_output2+0x17a5/0x2550 [ 180.355742][ T7911] ? find_held_lock+0x35/0x130 [ 180.360515][ T7911] ? ip6_mtu+0x2e6/0x460 [ 180.364766][ T7911] ? ip6_forward_finish+0x580/0x580 [ 180.369972][ T7911] ? lock_downgrade+0x880/0x880 [ 180.374833][ T7911] ? rcu_read_unlock_special+0xf3/0x210 [ 180.380399][ T7911] ip6_finish_output+0x614/0xdc0 [ 180.380416][ T7911] ? ip6_finish_output+0x614/0xdc0 [ 180.380438][ T7911] ip6_output+0x235/0x7f0 [ 180.380459][ T7911] ? ip6_finish_output+0xdc0/0xdc0 [ 180.390579][ T7911] ? ip6_fragment+0x3980/0x3980 [ 180.390597][ T7911] ? ip_reply_glue_bits+0xc0/0xc0 [ 180.390617][ T7911] ip6_local_out+0xc4/0x1b0 [ 180.390642][ T7911] ip6_send_skb+0xbb/0x350 [ 180.400063][ T7911] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 180.400078][ T7911] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 180.400101][ T7911] udpv6_sendmsg+0x21e3/0x28d0 [ 180.409945][ T7911] ? ip_reply_glue_bits+0xc0/0xc0 [ 180.409968][ T7911] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 180.409988][ T7911] ? mark_held_locks+0xf0/0xf0 [ 180.410008][ T7911] ? __lock_acquire+0x548/0x3fb0 [ 180.455459][ T7911] ? __local_bh_enable_ip+0x15a/0x270 [ 180.460862][ T7911] ? release_sock+0x158/0x1c0 [ 180.460894][ T7911] ? __local_bh_enable_ip+0x15a/0x270 [ 180.460916][ T7911] ? _raw_spin_unlock_bh+0x31/0x40 [ 180.471033][ T7911] inet_sendmsg+0x147/0x5e0 [ 180.471050][ T7911] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 180.471062][ T7911] ? inet_sendmsg+0x147/0x5e0 [ 180.471075][ T7911] ? ipip_gro_receive+0x100/0x100 [ 180.471101][ T7911] sock_sendmsg+0xdd/0x130 [ 180.500773][ T7911] __sys_sendto+0x262/0x380 [ 180.505286][ T7911] ? __ia32_sys_getpeername+0xb0/0xb0 [ 180.510652][ T7911] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 180.516885][ T7911] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 180.522369][ T7911] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 180.527847][ T7911] ? do_syscall_64+0x26/0x610 [ 180.532514][ T7911] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 180.538564][ T7911] __x64_sys_sendto+0xe1/0x1a0 [ 180.543312][ T7911] do_syscall_64+0x103/0x610 [ 180.547888][ T7911] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 180.553796][ T7911] RIP: 0033:0x4582b9 [ 180.557680][ T7911] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 180.577278][ T7911] RSP: 002b:00007f4b63f60c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 180.585666][ T7911] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 23:25:58 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x300000a, 0x2011, r0, 0x0) mmap(&(0x7f0000032000/0x4000)=nil, 0x4000, 0x0, 0x2013, r0, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) 23:25:58 executing program 0: r0 = getpid() sched_setattr(r0, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x90400000204, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000000300)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='maps\x00') execve(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) open$dir(&(0x7f0000296ff8)='./file0\x00', 0x27e, 0x0) 23:25:58 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getrandom(&(0x7f00000000c0)=""/93, 0x5d, 0x2) timer_create(0x0, &(0x7f0000cd0000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = gettid() tkill(r2, 0x14) 23:25:58 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) 23:25:58 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x0, 0x4010, r0, 0x0) clone(0x4120000108007, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000040)={{0x0, 0x6001, 0x0, 0x0, 0x6, 0x9, 0x3f, 0xd4, 0x7, 0x3f, 0x1000, 0x1}, {0x3, 0x0, 0x8, 0x0, 0x4, 0xffffffffffffff89, 0x8, 0x0, 0xdb, 0x3, 0x7fff, 0x9}, {0x10001, 0xf000, 0xf, 0x9bc7, 0x7fffffff, 0x8, 0x400, 0xb555, 0x1f, 0x3f, 0x5, 0x3}, {0x10000, 0x5000, 0xf, 0x0, 0x0, 0x9, 0xdf4c, 0x0, 0x3, 0xd4b5, 0x7, 0x7}, {0x1000, 0x14001, 0x0, 0x6, 0x7ff, 0x64, 0x7fffffff, 0x2, 0x81, 0x6, 0x400, 0x8001}, {0x11000, 0xd000, 0xe, 0x1, 0x100, 0xb7, 0x20, 0x10000, 0xb04, 0x3, 0x0, 0x8}, {0xf001, 0xf002, 0x4, 0x1, 0x4, 0x1, 0x5a, 0x5da3, 0x8, 0xd6, 0x7, 0x1}, {0xf000, 0x7000, 0x8, 0x4, 0x6, 0x3, 0x10000, 0xffff, 0x4, 0x5, 0xb7, 0x1}, {0x6000, 0x7000}, {0x1, 0x6000}, 0x80000029, 0x0, 0x6, 0x40, 0x9, 0x400, 0xd000, [0x7ff, 0x8, 0x2, 0x101]}) 23:25:58 executing program 5: getrandom(&(0x7f00000000c0)=""/93, 0x5d, 0x2) timer_create(0x0, &(0x7f0000cd0000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = gettid() tkill(r0, 0x14) [ 180.593616][ T7911] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 180.601567][ T7911] RBP: 000000000073bfa0 R08: 0000000020000140 R09: 000000000000001c [ 180.609518][ T7911] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4b63f616d4 [ 180.617466][ T7911] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff 23:25:58 executing program 5: getrandom(&(0x7f00000000c0)=""/93, 0x5d, 0x2) timer_create(0x0, &(0x7f0000cd0000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = gettid() tkill(r0, 0x14) 23:25:58 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getrandom(&(0x7f00000000c0)=""/93, 0x5d, 0x2) timer_create(0x0, &(0x7f0000cd0000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = gettid() tkill(r2, 0x14) 23:25:58 executing program 0: r0 = socket(0x200000000000011, 0x4000000000080002, 0xdd86) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14) writev(r0, &(0x7f0000000480)=[{&(0x7f0000000080)="d9f48cfb3243e54a0fdef01b15d41931650b880330f133c24071b6a2730eca5b12e35a0c386628b9", 0x28}, {0x0}], 0x2) 23:25:58 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) 23:25:58 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getrandom(&(0x7f00000000c0)=""/93, 0x5d, 0x2) timer_create(0x0, &(0x7f0000cd0000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = gettid() tkill(r2, 0x14) 23:25:58 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000080)={r1, 0x3, 0x6, @dev}, 0x10) [ 181.083597][ T8001] device team_slave_0 entered promiscuous mode [ 181.090117][ T8001] device team_slave_1 entered promiscuous mode [ 181.170405][ T8000] device team_slave_0 left promiscuous mode [ 181.176513][ T8000] device team_slave_1 left promiscuous mode 23:25:59 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x300000a, 0x2011, r0, 0x0) mmap(&(0x7f0000032000/0x4000)=nil, 0x4000, 0x0, 0x2013, r0, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) 23:25:59 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) ioctl$TIOCLINUX6(r0, 0x541c, 0x0) 23:25:59 executing program 1: open(0x0, 0x0, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x41, 0x0, 0x0) r0 = gettid() getsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) write$P9_RSYMLINK(0xffffffffffffffff, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) timer_create(0x0, 0x0, 0x0) write$P9_RSTAT(0xffffffffffffffff, 0x0, 0xfffffffffffffe6d) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x1000000000016) 23:25:59 executing program 4: capset(&(0x7f0000001140)={0x19980330}, &(0x7f00009b3000)) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) 23:25:59 executing program 5: open(0x0, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x276) r0 = gettid() ptrace$peekuser(0x3, 0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) semctl$GETNCNT(0x0, 0x0, 0xe, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) chown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) write$P9_RRENAMEAT(0xffffffffffffffff, 0x0, 0x0) write$P9_RUNLINKAT(0xffffffffffffffff, 0x0, 0x0) write$P9_RFLUSH(0xffffffffffffffff, 0x0, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x1000000000016) 23:25:59 executing program 0: openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) r0 = gettid() semctl$IPC_INFO(0x0, 0x0, 0x3, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) unlink(0x0) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) semctl$IPC_RMID(0x0, 0x0, 0x0) openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$sock_SIOCBRDELBR(0xffffffffffffffff, 0x89a1, 0x0) tkill(r0, 0x1000000000016) 23:25:59 executing program 4: capset(&(0x7f0000001140)={0x19980330}, &(0x7f00009b3000)) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) 23:25:59 executing program 5: r0 = open(&(0x7f0000000140)='.\x00', 0x0, 0x0) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_PKEY_SIGN(0x1b, 0x0, 0x0, 0x0, 0x0) semctl$GETNCNT(0x0, 0x0, 0xe, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) fchdir(r0) write$P9_RRENAMEAT(0xffffffffffffffff, 0x0, 0x0) write$P9_RXATTRWALK(0xffffffffffffffff, 0x0, 0x0) read(r0, 0x0, 0x0) 23:25:59 executing program 1: open(0x0, 0x0, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x41, 0x0, 0x0) r0 = gettid() getsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) write$P9_RSYMLINK(0xffffffffffffffff, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) keyctl$restrict_keyring(0x1d, 0x0, 0x0, 0x0) timer_create(0x0, 0x0, 0x0) write$P9_RSTAT(0xffffffffffffffff, 0x0, 0xfffffffffffffe6d) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x1000000000016) 23:25:59 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="0a0775db7b2803b4f0a12585675d26b0d5e383e5b3b60ced5c54dbb7295df0df8217ad62005127000000000000e60000", 0x30) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000001bc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) r2 = dup(r1) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000042c0)={0x30}, 0x30) recvmmsg(r1, &(0x7f0000004580)=[{{0x0, 0x0, &(0x7f0000001440)=[{&(0x7f0000001340)=""/239, 0xef}], 0x1}}], 0x1, 0x0, 0x0) write$P9_RLERROR(r2, &(0x7f0000000000)={0x15, 0x7, 0x0, {0xc, 'cgroup}\xf3{/\\['}}, 0x15) 23:25:59 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getrandom(&(0x7f00000000c0)=""/93, 0x5d, 0x2) timer_create(0x0, &(0x7f0000cd0000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = gettid() tkill(r2, 0x14) 23:25:59 executing program 4: capset(&(0x7f0000001140)={0x19980330}, &(0x7f00009b3000)) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) 23:26:00 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x300000a, 0x2011, r0, 0x0) mmap(&(0x7f0000032000/0x4000)=nil, 0x4000, 0x0, 0x2013, r0, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) 23:26:00 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000540)=""/11, 0x485) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) syz_execute_func(&(0x7f0000000040)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dcc6f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair(0x0, 0x0, 0x0, 0x0) ioctl$TCSETS(r0, 0x5402, 0x0) 23:26:00 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000540)=""/11, 0x485) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)) syz_execute_func(&(0x7f0000000040)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dcc6f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair(0x0, 0x0, 0x0, 0x0) ioctl$VT_RESIZEX(r0, 0x560a, 0x0) 23:26:00 executing program 4: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) capset(&(0x7f0000001140)={0x19980330}, &(0x7f00009b3000)) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) 23:26:00 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000540)=""/11, 0x485) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) syz_execute_func(&(0x7f0000000080)="410f01f964ff0941c326f0fe8332800000c4e2c99758423e46d8731266420fe2e33e0f1110c442019dcc6f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair(0x0, 0x0, 0x0, 0x0) ioctl$PIO_FONTRESET(r0, 0x4b6d, 0x0) 23:26:00 executing program 4: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) capset(&(0x7f0000001140)={0x19980330}, &(0x7f00009b3000)) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) 23:26:00 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000540)=""/11, 0x485) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) syz_execute_func(&(0x7f0000000040)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dcc6f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair(0x0, 0x0, 0x0, 0x0) ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, 0x0) 23:26:00 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 23:26:00 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000540)=""/11, 0x485) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) syz_execute_func(&(0x7f0000000040)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dcc6f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair(0x0, 0x0, 0x0, 0x0) ioctl$TCSETS(r0, 0x5402, 0x0) 23:26:00 executing program 1: r0 = syz_open_dev$vcsn(&(0x7f0000000340)='/dev/vcs#\x00', 0x3, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000600)='mem\x00\x00\x00.cur\x89\xc9^\xab\xe3\xb3\'\xf5\xfd\xb132\xfa\x82\xbeb\x15\n\a\xael\xc2\xdf\xf3\xb8W\xc4\xfdS\x0f\xfa\xcbb~\x932G\xc1\xa2P\xd1\xd5iHf\xae\x00\x00\x00\x00J\xdc\xef\xb8\xfeE\xcc\x06K{\x00\xbf\x83\xe2\x10\xe7\x89&\x9e9\xd9\x00\x84\xe8\x00r\x85\xf2\x88\xe1:\x9c\'\xaeb\xdd\xe9\xbe\xb8\x8d\xbe\xfd\xcfWv\xc2\xc29i\x80v\x938\x95\x7f\\\xda\x8brG\x86\xfe\x9f\x1fJI\x17ai\xc4\xdc\x9e8\x86\xe7\xca\xda\xe7\x87[\xcb\xbeF\xcdk\x8c\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x94\x00\x00\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2d, 0x0, 0x0) mkdir(0x0, 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x2001002, 0x0) sendmsg$IPVS_CMD_DEL_SERVICE(r1, 0x0, 0x0) mount$bpf(0x0, &(0x7f00000003c0)='./file0/file0\x00', &(0x7f0000000580)='bpf\x00', 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000300)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x588e, 0x0) prctl$PR_SVE_GET_VL(0x33, 0xa104) setreuid(0x0, 0x0) mount$bpf(0x0, &(0x7f00000005c0)='./file0/file0\x00', &(0x7f0000000a40)='bpf\x00', 0x0, 0x0) umount2(&(0x7f0000000800)='./file0\x00', 0x0) 23:26:00 executing program 4: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) capset(&(0x7f0000001140)={0x19980330}, &(0x7f00009b3000)) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) 23:26:00 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getrandom(&(0x7f00000000c0)=""/93, 0x5d, 0x2) timer_create(0x0, &(0x7f0000cd0000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) gettid() 23:26:00 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x300000a, 0x2011, r0, 0x0) mmap(&(0x7f0000032000/0x4000)=nil, 0x4000, 0x0, 0x2013, r0, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) 23:26:00 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380), 0x0, 0x0) capset(&(0x7f0000001140)={0x19980330}, &(0x7f00009b3000)) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) 23:26:00 executing program 0: r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000e00)=ANY=[@ANYBLOB="f8"], 0x1) r1 = open(&(0x7f0000000240)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x12, r1, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000d40)=ANY=[]) 23:26:00 executing program 1: r0 = syz_open_dev$vcsn(&(0x7f0000000340)='/dev/vcs#\x00', 0x3, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000600)='mem\x00\x00\x00.cur\x89\xc9^\xab\xe3\xb3\'\xf5\xfd\xb132\xfa\x82\xbeb\x15\n\a\xael\xc2\xdf\xf3\xb8W\xc4\xfdS\x0f\xfa\xcbb~\x932G\xc1\xa2P\xd1\xd5iHf\xae\x00\x00\x00\x00J\xdc\xef\xb8\xfeE\xcc\x06K{\x00\xbf\x83\xe2\x10\xe7\x89&\x9e9\xd9\x00\x84\xe8\x00r\x85\xf2\x88\xe1:\x9c\'\xaeb\xdd\xe9\xbe\xb8\x8d\xbe\xfd\xcfWv\xc2\xc29i\x80v\x938\x95\x7f\\\xda\x8brG\x86\xfe\x9f\x1fJI\x17ai\xc4\xdc\x9e8\x86\xe7\xca\xda\xe7\x87[\xcb\xbeF\xcdk\x8c\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x94\x00\x00\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2d, 0x0, 0x0) mkdir(0x0, 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x2001002, 0x0) sendmsg$IPVS_CMD_DEL_SERVICE(r1, 0x0, 0x0) mount$bpf(0x0, &(0x7f00000003c0)='./file0/file0\x00', &(0x7f0000000580)='bpf\x00', 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000300)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x588e, 0x0) prctl$PR_SVE_GET_VL(0x33, 0xa104) setreuid(0x0, 0x0) mount$bpf(0x0, &(0x7f00000005c0)='./file0/file0\x00', &(0x7f0000000a40)='bpf\x00', 0x0, 0x0) umount2(&(0x7f0000000800)='./file0\x00', 0x0) 23:26:00 executing program 5: mknod(&(0x7f0000000000)='./file0\x00', 0x1040, 0x0) r0 = gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket(0x10, 0x80002, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = memfd_create(&(0x7f0000000340)='\xb7\x98\x99\xe3(\xc6i\xe2\xdb\xe0Nm\x90\x7f\x82(\xf4\x84)\xe1\x00\x9b\x00\"\xaa\x9c\n\xd4\xae2\x059\xc0\xda3\xe4\xac\xb3ps\xff\xf0p\xe0\xc4\x90w\x02P\x8b\xcc0\xe4\xbf\xbe\xf94\x14\xbf\xf5\x9a\xb8\xf14a\xd5\x05W\xd2\x84S\x9bTo\x16\x92\x88\xd6\xe1\x0e|\xe2\x1a\xd1G\xb6\a\xa2 }\x99.\x80\xa2D\x9c<\x80\xae\fc\x19\xd1\x97\xb8y\x80\x16\xe7\xbb\x8e\xae\xf1\xaf\xfb\x948\x1a\xcc\x02\x91\x95\xa2\x1f\xea\xa8\xeb\x14O\xba\x93\xad\xe3\n\xccP\xa3]\x02\xbdJ\x87\x85\xd7\x91:\xf9E\xf7\x00\xe5DG\xed\x9a#l\xe7c\xdb3\x83\r\xe5(\xefy\xceQ\x93\xd7\x1a\x91a;gs\xf8\x80\"\x90s-]*\xe9\xb9iL\x91\x1e}\xd5\x8c\xeb1\xb9\x84\xc7\x83\xe5c\xa3\xfc\xdb#\x1a\xfe\a\xdb\t\t', 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYPTR=&(0x7f00000002c0)=ANY=[]], 0x37d) execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) sendmmsg$alg(r3, &(0x7f0000001940), 0x4924924924926b2, 0x0) ioctl$int_in(r1, 0x2000000005452, &(0x7f00000000c0)=0x3f) fcntl$setown(r1, 0x8, r0) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) tkill(r0, 0x16) [ 183.483535][ T26] audit: type=1804 audit(1554593160.945:31): pid=8134 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir825523016/syzkaller.GYqAOU/18/bus" dev="sda1" ino=16607 res=1 23:26:01 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380), 0x0, 0x0) capset(&(0x7f0000001140)={0x19980330}, &(0x7f00009b3000)) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) 23:26:01 executing program 0: r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000e00)=ANY=[@ANYBLOB="f8"], 0x1) r1 = open(&(0x7f0000000240)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x12, r1, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000d40)=ANY=[]) 23:26:01 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) inotify_init1(0x0) r1 = socket$inet(0x10, 0x3, 0xc) sendmsg(r1, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="24000000010607031dfffd946fa283200a0009000100061d85680c1baba20400ff7e0000", 0x24}], 0x1}, 0x0) 23:26:01 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380), 0x0, 0x0) capset(&(0x7f0000001140)={0x19980330}, &(0x7f00009b3000)) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) [ 183.670614][ T26] audit: type=1804 audit(1554593161.135:32): pid=8154 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir825523016/syzkaller.GYqAOU/19/bus" dev="sda1" ino=16607 res=1 [ 183.713930][ T8159] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 23:26:01 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getrandom(&(0x7f00000000c0)=""/93, 0x5d, 0x2) timer_create(0x0, &(0x7f0000cd0000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) gettid() [ 183.766824][ T8162] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 23:26:01 executing program 0: r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000e00)=ANY=[@ANYBLOB="f8"], 0x1) r1 = open(&(0x7f0000000240)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x12, r1, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000d40)=ANY=[]) 23:26:01 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{0x0}], 0x1, 0x0) capset(&(0x7f0000001140)={0x19980330}, &(0x7f00009b3000)) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) [ 183.938419][ T26] audit: type=1804 audit(1554593161.395:33): pid=8172 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir825523016/syzkaller.GYqAOU/20/bus" dev="sda1" ino=16604 res=1 23:26:01 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x300000a, 0x2011, r0, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) 23:26:01 executing program 1: r0 = socket$packet(0x11, 0x2, 0x300) sendmmsg(r0, &(0x7f0000004540)=[{{&(0x7f0000000080)=@nfc={0x27, 0x1, 0x2, 0x7}, 0x80, &(0x7f0000000640)=[{&(0x7f0000000540)="1bd849603c10dc7c869e10150928b230a7dea7e3b108ce2eb5c38392734aaf11d539e927a7a56642b19e29467dc389aa13f46cabbfce43ce20b3f51ecf5e365fa9a03419dc87f997d5b4c17103b8a1ed7027e56bfd2154014c3fda912745bcd3350218bcaf90211e175573ccdc19f0bc563acc85c42031d75aeb15ea6cac1342e8c1e2e5524b2ce6db5521da6e9024cb2b952cecd3f3075fb50f70a96646019a1779c0bf4e799ae8b937986c6b9d691767660485d2fecb11131c7c2f29ad37eee540f5", 0xc3}], 0x1}}, {{0x0, 0x0, &(0x7f0000003c80)=[{&(0x7f0000003980)='v', 0x1}], 0x1}, 0x6f}], 0x2, 0x8000) 23:26:01 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{0x0}], 0x1, 0x0) capset(&(0x7f0000001140)={0x19980330}, &(0x7f00009b3000)) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) 23:26:01 executing program 0: r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000e00)=ANY=[@ANYBLOB="f8"], 0x1) r1 = open(&(0x7f0000000240)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x12, r1, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000d40)=ANY=[]) 23:26:01 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) setitimer(0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x910, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getitimer(0x2, &(0x7f0000000000)) 23:26:02 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{0x0}], 0x1, 0x0) capset(&(0x7f0000001140)={0x19980330}, &(0x7f00009b3000)) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) [ 184.508197][ T8186] syz-executor.5 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 184.524315][ T26] audit: type=1804 audit(1554593161.985:34): pid=8185 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir825523016/syzkaller.GYqAOU/21/bus" dev="sda1" ino=16516 res=1 23:26:02 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0x8090ae81, 0x0) 23:26:02 executing program 0: r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000e00)=ANY=[@ANYBLOB="f8"], 0x1) open(&(0x7f0000000240)='./bus\x00', 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000d40)=ANY=[]) 23:26:02 executing program 1: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write$FUSE_NOTIFY_POLL(r1, &(0x7f0000000080)={0x18}, 0xff5b) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cuse\x00', 0x2, 0x0) splice(r0, 0x0, r2, 0x0, 0x18, 0x9) 23:26:02 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getrandom(&(0x7f00000000c0)=""/93, 0x5d, 0x2) timer_create(0x0, &(0x7f0000cd0000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) gettid() 23:26:02 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) capset(0x0, &(0x7f00009b3000)) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) [ 184.693915][ T26] audit: type=1804 audit(1554593162.155:35): pid=8202 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir825523016/syzkaller.GYqAOU/22/bus" dev="sda1" ino=16604 res=1 23:26:02 executing program 0: r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000e00)=ANY=[@ANYBLOB="f8"], 0x1) open(&(0x7f0000000240)='./bus\x00', 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000d40)=ANY=[]) [ 184.908918][ T26] audit: type=1804 audit(1554593162.365:36): pid=8218 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir825523016/syzkaller.GYqAOU/23/bus" dev="sda1" ino=16604 res=1 23:26:02 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7c774aac) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) 23:26:02 executing program 1: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cuse\x00', 0x2, 0x0) splice(r1, 0x0, r0, 0x0, 0x18, 0x0) 23:26:02 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0x8090ae81, 0x0) 23:26:02 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) capset(0x0, &(0x7f00009b3000)) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) 23:26:02 executing program 0: r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000e00)=ANY=[@ANYBLOB="f8"], 0x1) open(&(0x7f0000000240)='./bus\x00', 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000d40)=ANY=[]) [ 185.436969][ T26] audit: type=1804 audit(1554593162.895:37): pid=8229 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir825523016/syzkaller.GYqAOU/24/bus" dev="sda1" ino=16608 res=1 23:26:02 executing program 1: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write$FUSE_NOTIFY_POLL(r1, &(0x7f0000000080)={0x18}, 0xff5b) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cuse\x00', 0x2, 0x0) splice(r0, 0x0, r2, 0x0, 0x10018, 0x0) 23:26:02 executing program 0: r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000e00)=ANY=[@ANYBLOB="f8"], 0x1) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x12, 0xffffffffffffffff, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000d40)=ANY=[]) 23:26:03 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) capset(0x0, &(0x7f00009b3000)) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) 23:26:03 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getrandom(&(0x7f00000000c0)=""/93, 0x5d, 0x2) timer_create(0x0, &(0x7f0000cd0000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x14) 23:26:03 executing program 5: recvmsg$kcm(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000200)=@nfc, 0x80, &(0x7f0000000000)=[{&(0x7f00000004c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000280)=""/240, 0xd932}, 0x0) r0 = socket$kcm(0xa, 0x2, 0x11) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000480)={&(0x7f0000000080)=@in6={0xa, 0x4e20, 0x0, @mcast2={0xff, 0x2, [0xe803, 0x5153000000000000, 0x2a0, 0x0, 0x0, 0x4000]}, 0x2a}, 0x80, &(0x7f0000000340), 0x16, &(0x7f0000000180)}, 0x0) 23:26:03 executing program 0: r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000e00)=ANY=[@ANYBLOB="f8"], 0x1) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x12, 0xffffffffffffffff, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000d40)=ANY=[]) 23:26:03 executing program 1: r0 = syz_open_dev$vcsn(&(0x7f0000000340)='/dev/vcs#\x00', 0x3, 0x80) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2d, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x2001002, 0x0) sendmsg$IPVS_CMD_DEL_SERVICE(r1, 0x0, 0x0) mount$bpf(0x0, &(0x7f00000003c0)='./file0/file0\x00', &(0x7f0000000580)='bpf\x00', 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000300)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x588e, 0x0) setreuid(0x0, 0x0) mount$bpf(0x0, &(0x7f00000005c0)='./file0/file0\x00', &(0x7f0000000a40)='bpf\x00', 0x0, 0x0) umount2(&(0x7f0000000800)='./file0\x00', 0x0) [ 185.743697][ T8251] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 185.779736][ T8251] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/8251 [ 185.789551][ T8251] caller is ip6_finish_output+0x335/0xdc0 [ 185.795368][ T8251] CPU: 0 PID: 8251 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 185.804396][ T8251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 185.814453][ T8251] Call Trace: [ 185.817759][ T8251] dump_stack+0x172/0x1f0 [ 185.822108][ T8251] __this_cpu_preempt_check+0x246/0x270 [ 185.827674][ T8251] ip6_finish_output+0x335/0xdc0 [ 185.832631][ T8251] ip6_output+0x235/0x7f0 [ 185.836980][ T8251] ? ip6_finish_output+0xdc0/0xdc0 [ 185.842110][ T8251] ? ip6_fragment+0x3980/0x3980 [ 185.846978][ T8251] ? ip_reply_glue_bits+0xc0/0xc0 [ 185.852188][ T8251] ip6_local_out+0xc4/0x1b0 [ 185.856704][ T8251] ip6_send_skb+0xbb/0x350 [ 185.861146][ T8251] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 185.866623][ T8251] udpv6_sendmsg+0x21e3/0x28d0 [ 185.871404][ T8251] ? ip_reply_glue_bits+0xc0/0xc0 [ 185.876443][ T8251] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 185.882441][ T8251] ? mark_held_locks+0xf0/0xf0 [ 185.887215][ T8251] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.892687][ T8251] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.898159][ T8251] ? lockdep_hardirqs_on+0x19e/0x5d0 [ 185.903454][ T8251] ? retint_kernel+0x2d/0x2d [ 185.908054][ T8251] ? trace_hardirqs_on_caller+0x6a/0x220 [ 185.913706][ T8251] ? release_sock+0x158/0x1c0 [ 185.918405][ T8251] ? __local_bh_enable_ip+0x15a/0x270 [ 185.923792][ T8251] ? _raw_spin_unlock_bh+0x31/0x40 [ 185.928919][ T8251] inet_sendmsg+0x147/0x5e0 [ 185.933432][ T8251] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 185.939414][ T8251] ? inet_sendmsg+0x147/0x5e0 [ 185.944096][ T8251] ? ipip_gro_receive+0x100/0x100 [ 185.949144][ T8251] sock_sendmsg+0xdd/0x130 [ 185.953576][ T8251] ___sys_sendmsg+0x806/0x930 [ 185.958267][ T8251] ? copy_msghdr_from_user+0x430/0x430 [ 185.963735][ T8251] ? lock_downgrade+0x880/0x880 [ 185.968593][ T8251] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.974843][ T8251] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.980323][ T8251] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.985790][ T8251] ? lockdep_hardirqs_on+0x418/0x5d0 [ 185.991081][ T8251] ? retint_kernel+0x2d/0x2d [ 185.995688][ T8251] ? trace_hardirqs_on_caller+0x6a/0x220 [ 186.001352][ T8251] ? sockfd_lookup_light+0x10d/0x180 [ 186.006643][ T8251] ? sockfd_lookup_light+0x110/0x180 [ 186.011941][ T8251] __sys_sendmsg+0x105/0x1d0 [ 186.016542][ T8251] ? __ia32_sys_shutdown+0x80/0x80 [ 186.021677][ T8251] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.027149][ T8251] ? do_syscall_64+0x26/0x610 [ 186.031833][ T8251] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 186.037916][ T8251] ? do_syscall_64+0x26/0x610 [ 186.042609][ T8251] __x64_sys_sendmsg+0x78/0xb0 [ 186.047381][ T8251] do_syscall_64+0x103/0x610 [ 186.052011][ T8251] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 186.057906][ T8251] RIP: 0033:0x4582b9 [ 186.061808][ T8251] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 186.081413][ T8251] RSP: 002b:00007f28c9ff6c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 186.089826][ T8251] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 186.097816][ T8251] RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000003 [ 186.106668][ T8251] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 186.114638][ T8251] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f28c9ff76d4 [ 186.122615][ T8251] R13: 00000000004c58ba R14: 00000000004d9b78 R15: 00000000ffffffff [ 186.155760][ T8251] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/8251 [ 186.165375][ T8251] caller is ip6_fragment+0x100/0x3980 [ 186.171292][ T8251] CPU: 1 PID: 8251 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 186.180343][ T8251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 186.190398][ T8251] Call Trace: [ 186.193696][ T8251] dump_stack+0x172/0x1f0 [ 186.198039][ T8251] __this_cpu_preempt_check+0x246/0x270 [ 186.203595][ T8251] ip6_fragment+0x100/0x3980 [ 186.208200][ T8251] ? ip6_mtu+0x2e6/0x460 [ 186.212449][ T8251] ? find_held_lock+0x35/0x130 [ 186.217226][ T8251] ? ip6_forward_finish+0x580/0x580 [ 186.222722][ T8251] ? ip6_forward+0x3880/0x3880 [ 186.227505][ T8251] ip6_finish_output+0x8a3/0xdc0 [ 186.234119][ T8251] ip6_output+0x235/0x7f0 [ 186.238557][ T8251] ? ip6_finish_output+0xdc0/0xdc0 [ 186.243683][ T8251] ? ip6_fragment+0x3980/0x3980 [ 186.248544][ T8251] ? ip_reply_glue_bits+0xc0/0xc0 [ 186.253582][ T8251] ip6_local_out+0xc4/0x1b0 [ 186.258105][ T8251] ip6_send_skb+0xbb/0x350 [ 186.262540][ T8251] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 186.268341][ T8251] udpv6_sendmsg+0x21e3/0x28d0 [ 186.268360][ T8251] ? ip_reply_glue_bits+0xc0/0xc0 [ 186.268384][ T8251] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 186.268406][ T8251] ? mark_held_locks+0xf0/0xf0 [ 186.268423][ T8251] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.268440][ T8251] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.268455][ T8251] ? lockdep_hardirqs_on+0x19e/0x5d0 [ 186.268470][ T8251] ? retint_kernel+0x2d/0x2d [ 186.268487][ T8251] ? trace_hardirqs_on_caller+0x6a/0x220 [ 186.268516][ T8251] ? release_sock+0x158/0x1c0 [ 186.268549][ T8251] ? __local_bh_enable_ip+0x15a/0x270 [ 186.268565][ T8251] ? _raw_spin_unlock_bh+0x31/0x40 [ 186.268586][ T8251] inet_sendmsg+0x147/0x5e0 [ 186.268601][ T8251] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 186.268613][ T8251] ? inet_sendmsg+0x147/0x5e0 [ 186.268635][ T8251] ? ipip_gro_receive+0x100/0x100 [ 186.268654][ T8251] sock_sendmsg+0xdd/0x130 [ 186.268672][ T8251] ___sys_sendmsg+0x806/0x930 [ 186.268692][ T8251] ? copy_msghdr_from_user+0x430/0x430 [ 186.268711][ T8251] ? lock_downgrade+0x880/0x880 [ 186.268725][ T8251] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 186.268741][ T8251] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.268756][ T8251] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.268771][ T8251] ? lockdep_hardirqs_on+0x418/0x5d0 [ 186.268783][ T8251] ? retint_kernel+0x2d/0x2d [ 186.268798][ T8251] ? trace_hardirqs_on_caller+0x6a/0x220 [ 186.268833][ T8251] ? sockfd_lookup_light+0x10d/0x180 [ 186.268847][ T8251] ? sockfd_lookup_light+0x110/0x180 [ 186.268879][ T8251] __sys_sendmsg+0x105/0x1d0 [ 186.268893][ T8251] ? __ia32_sys_shutdown+0x80/0x80 [ 186.268918][ T8251] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.268933][ T8251] ? do_syscall_64+0x26/0x610 [ 186.268947][ T8251] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 186.268961][ T8251] ? do_syscall_64+0x26/0x610 23:26:04 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu\x00', 0x275a, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) 23:26:04 executing program 0: r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000e00)=ANY=[@ANYBLOB="f8"], 0x1) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x12, 0xffffffffffffffff, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000d40)=ANY=[]) 23:26:04 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) capset(&(0x7f0000001140), &(0x7f00009b3000)) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) 23:26:04 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getrandom(&(0x7f00000000c0)=""/93, 0x5d, 0x2) timer_create(0x0, &(0x7f0000cd0000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x14) 23:26:04 executing program 5: recvmsg$kcm(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000200)=@nfc, 0x80, &(0x7f0000000000)=[{&(0x7f00000004c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000280)=""/240, 0xd932}, 0x0) r0 = socket$kcm(0xa, 0x2, 0x11) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000480)={&(0x7f0000000080)=@in6={0xa, 0x4e20, 0x0, @mcast2={0xff, 0x2, [0xe803, 0x5153000000000000, 0x2a0, 0x0, 0x0, 0x4000]}, 0x2a}, 0x80, &(0x7f0000000340), 0x16, &(0x7f0000000180)}, 0x0) [ 186.268980][ T8251] __x64_sys_sendmsg+0x78/0xb0 [ 186.268997][ T8251] do_syscall_64+0x103/0x610 [ 186.269014][ T8251] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 186.269025][ T8251] RIP: 0033:0x4582b9 [ 186.269040][ T8251] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 186.269049][ T8251] RSP: 002b:00007f28c9ff6c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 186.269063][ T8251] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 186.269072][ T8251] RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000003 [ 186.269081][ T8251] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 186.269090][ T8251] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f28c9ff76d4 [ 186.269099][ T8251] R13: 00000000004c58ba R14: 00000000004d9b78 R15: 00000000ffffffff [ 186.269487][ T8251] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/8251 [ 186.269559][ T8251] caller is ip6_fragment+0x244/0x3980 [ 186.269609][ T8251] CPU: 1 PID: 8251 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 186.269618][ T8251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 186.269630][ T8251] Call Trace: [ 186.269650][ T8251] dump_stack+0x172/0x1f0 [ 186.269673][ T8251] __this_cpu_preempt_check+0x246/0x270 [ 186.269692][ T8251] ip6_fragment+0x244/0x3980 [ 186.269707][ T8251] ? ip6_mtu+0x2e6/0x460 23:26:04 executing program 0: r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) r1 = open(&(0x7f0000000240)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x12, r1, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000d40)=ANY=[]) 23:26:04 executing program 0: r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) r1 = open(&(0x7f0000000240)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x12, r1, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000d40)=ANY=[]) 23:26:04 executing program 1: r0 = syz_open_dev$vcsn(&(0x7f0000000340)='/dev/vcs#\x00', 0x3, 0x80) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2d, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x2001002, 0x0) sendmsg$IPVS_CMD_DEL_SERVICE(r1, 0x0, 0x0) mount$bpf(0x0, &(0x7f00000003c0)='./file0/file0\x00', &(0x7f0000000580)='bpf\x00', 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000300)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x588e, 0x0) setreuid(0x0, 0x0) mount$bpf(0x0, &(0x7f00000005c0)='./file0/file0\x00', &(0x7f0000000a40)='bpf\x00', 0x0, 0x0) umount2(&(0x7f0000000800)='./file0\x00', 0x0) [ 186.269722][ T8251] ? find_held_lock+0x35/0x130 [ 186.269738][ T8251] ? ip6_forward_finish+0x580/0x580 [ 186.269765][ T8251] ? ip6_forward+0x3880/0x3880 [ 186.269791][ T8251] ip6_finish_output+0x8a3/0xdc0 [ 186.269814][ T8251] ip6_output+0x235/0x7f0 [ 186.269833][ T8251] ? ip6_finish_output+0xdc0/0xdc0 [ 186.269853][ T8251] ? ip6_fragment+0x3980/0x3980 [ 186.269884][ T8251] ? ip_reply_glue_bits+0xc0/0xc0 [ 186.269904][ T8251] ip6_local_out+0xc4/0x1b0 [ 186.269923][ T8251] ip6_send_skb+0xbb/0x350 [ 186.269943][ T8251] udp_v6_send_skb.isra.0+0x839/0x14f0 23:26:04 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) capset(&(0x7f0000001140), &(0x7f00009b3000)) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) [ 186.269966][ T8251] udpv6_sendmsg+0x21e3/0x28d0 [ 186.269982][ T8251] ? ip_reply_glue_bits+0xc0/0xc0 [ 186.270005][ T8251] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 186.270024][ T8251] ? mark_held_locks+0xf0/0xf0 [ 186.270039][ T8251] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.270055][ T8251] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.270069][ T8251] ? lockdep_hardirqs_on+0x19e/0x5d0 [ 186.270082][ T8251] ? retint_kernel+0x2d/0x2d [ 186.270097][ T8251] ? trace_hardirqs_on_caller+0x6a/0x220 [ 186.270123][ T8251] ? release_sock+0x158/0x1c0 [ 186.270152][ T8251] ? __local_bh_enable_ip+0x15a/0x270 [ 186.270167][ T8251] ? _raw_spin_unlock_bh+0x31/0x40 [ 186.270185][ T8251] inet_sendmsg+0x147/0x5e0 [ 186.270199][ T8251] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 186.270210][ T8251] ? inet_sendmsg+0x147/0x5e0 [ 186.270223][ T8251] ? ipip_gro_receive+0x100/0x100 [ 186.270239][ T8251] sock_sendmsg+0xdd/0x130 [ 186.270257][ T8251] ___sys_sendmsg+0x806/0x930 [ 186.270276][ T8251] ? copy_msghdr_from_user+0x430/0x430 [ 186.270293][ T8251] ? lock_downgrade+0x880/0x880 [ 186.270306][ T8251] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 186.270322][ T8251] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.270337][ T8251] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.270351][ T8251] ? lockdep_hardirqs_on+0x418/0x5d0 [ 186.270364][ T8251] ? retint_kernel+0x2d/0x2d [ 186.270377][ T8251] ? trace_hardirqs_on_caller+0x6a/0x220 [ 186.270413][ T8251] ? sockfd_lookup_light+0x10d/0x180 [ 186.270429][ T8251] ? sockfd_lookup_light+0x110/0x180 [ 186.270447][ T8251] __sys_sendmsg+0x105/0x1d0 [ 186.270461][ T8251] ? __ia32_sys_shutdown+0x80/0x80 [ 186.270487][ T8251] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.270501][ T8251] ? do_syscall_64+0x26/0x610 [ 186.270515][ T8251] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 186.270528][ T8251] ? do_syscall_64+0x26/0x610 [ 186.270545][ T8251] __x64_sys_sendmsg+0x78/0xb0 [ 186.270562][ T8251] do_syscall_64+0x103/0x610 [ 186.270580][ T8251] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 186.270590][ T8251] RIP: 0033:0x4582b9 23:26:04 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) capset(&(0x7f0000001140), &(0x7f00009b3000)) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) [ 186.270603][ T8251] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 186.270609][ T8251] RSP: 002b:00007f28c9ff6c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 186.270632][ T8251] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 186.270642][ T8251] RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000003 [ 186.270650][ T8251] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 23:26:04 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu\x00', 0x275a, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) [ 186.270657][ T8251] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f28c9ff76d4 [ 186.270666][ T8251] R13: 00000000004c58ba R14: 00000000004d9b78 R15: 00000000ffffffff [ 186.292341][ T8251] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/8251 [ 186.292433][ T8251] caller is sk_mc_loop+0x1d/0x210 [ 186.292511][ T8251] CPU: 1 PID: 8251 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 186.292520][ T8251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 186.292525][ T8251] Call Trace: 23:26:04 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000b80)) timer_settime(0x0, 0x1, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000d43000)) 23:26:04 executing program 0: r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) r1 = open(&(0x7f0000000240)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x12, r1, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000d40)=ANY=[]) [ 186.292545][ T8251] dump_stack+0x172/0x1f0 [ 186.292569][ T8251] __this_cpu_preempt_check+0x246/0x270 [ 186.292586][ T8251] sk_mc_loop+0x1d/0x210 [ 186.292606][ T8251] ip6_finish_output2+0x17a5/0x2550 [ 186.292640][ T8251] ? ip6_forward_finish+0x580/0x580 [ 186.292655][ T8251] ? ip6_copy_metadata+0x809/0xc30 [ 186.292678][ T8251] ? ip6_sk_dst_lookup_flow+0xb90/0xb90 [ 186.292702][ T8251] ip6_fragment+0x2bd1/0x3980 [ 186.292717][ T8251] ? ip6_forward_finish+0x580/0x580 [ 186.292732][ T8251] ? ip6_fragment+0x2bd1/0x3980 [ 186.292746][ T8251] ? ip6_mtu+0x2e6/0x460 [ 186.292767][ T8251] ? ip6_forward_finish+0x580/0x580 [ 186.292796][ T8251] ? ip6_forward+0x3880/0x3880 [ 186.292823][ T8251] ip6_finish_output+0x8a3/0xdc0 [ 186.292846][ T8251] ip6_output+0x235/0x7f0 [ 186.292880][ T8251] ? ip6_finish_output+0xdc0/0xdc0 [ 186.292902][ T8251] ? ip6_fragment+0x3980/0x3980 [ 186.292919][ T8251] ? ip_reply_glue_bits+0xc0/0xc0 [ 186.292940][ T8251] ip6_local_out+0xc4/0x1b0 [ 186.292958][ T8251] ip6_send_skb+0xbb/0x350 [ 186.292979][ T8251] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 186.293005][ T8251] udpv6_sendmsg+0x21e3/0x28d0 [ 186.293021][ T8251] ? ip_reply_glue_bits+0xc0/0xc0 [ 186.293045][ T8251] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 186.293065][ T8251] ? mark_held_locks+0xf0/0xf0 [ 186.293081][ T8251] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.293098][ T8251] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.293112][ T8251] ? lockdep_hardirqs_on+0x19e/0x5d0 [ 186.293126][ T8251] ? retint_kernel+0x2d/0x2d [ 186.293142][ T8251] ? trace_hardirqs_on_caller+0x6a/0x220 23:26:04 executing program 5: pipe(&(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000940)={0x26, 'hash\x00', 0x0, 0x0, 'vmac64(aes-generic)\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000080)="ad56b6cc0400fbab65d8b4ac2ca35c6e", 0x10) write$FUSE_INTERRUPT(r1, &(0x7f0000000000)={0x10}, 0x10) write$nbd(r1, &(0x7f0000001a80)=ANY=[@ANYBLOB="674466980000000000000000000000002fa9a5aca7cd6428c112b6ec46ecd32f0dcce443fad130aaeb982d332f3e16ecda9c2090f5ab04d1beed266a1bb15ddcad8ea86f24163557c62216fa8fd981bec50ea410b751aa6c94891904453f42094094c6729ce93a3e6a55475e80934588a586894df50814b29a99ec5d1e778ef9d9c49eb6d7be18493441734f97f120f5553284ffdd4c82f84dc685d7d43088eed9c43d12fc4ef696cab2e76485cac3d8f48637572024f3deb261ca2dc92b2b390b76d243187271d89a7dc6baefd53a7368884d013f3a021c2febcc5adb4cbdf884942c36f8371bca441d38243ed5b33b9352b3e376fd7f67adf374a3277ed392909bc0a378b1c09834c083b7d726c35a6a93d1d34123fdaa46de2369a810ded006b613758d597885689b75d0b1e1696f9ef8b3c75f8d56fa3e2918deb4df2605e87c2f8c41e90b65e6f28d31ce822f67cabef8ca8655308ce695e3337c02907f5f41024a1306dbe57f6946ec704c7be8c369b86c03f1214b015e33a9d1bc47376493a020785d9103650f6d718b97abf017c034e3131fff3c9d8b70c04548c86f9ebe5effb982860ecce5a770f236c3f67fbcf7f479c42f61143731b33ace0d45d9f427e5abd65f40b52f2d7da83802daf85349db499061facbea3e50cb8c2a1e5ce5e7f46421da9c6608e42540cf4153305a32b8bb285f0bab63c49216eeeadf5843cdf1a8ac6ba4a470e23f2653c9d6466e03bca1b5bbb56841aa3b35b3a6214ab3fb6882fc3ac89e9fe7ec04b5f7506305d0a5630e7f6095528e4de223f22eb59ad2e46ed090db8ab02c7010c74a3c326ccb3385857d0bbaa73ae80970a8c941634dab99c55293bd0ad705b100b1bf2804eda918782e9cf835568dd9437c88b5a7acb23e349b0de32f9163e8e7a822d4852396cb7d2e50f18c798823e874597fbf2f58fa4977c65fb486009ac7068e7d43cf165164ee1a97e6eaecaf353f048a462f94deb3029ab65c96b2467f56b2cc62411dedbf88fadaa28d4bf43631db9f960a219a62da963c3f39d641ec81e251e1e4c441e6192862ecdfb956c8bd1b176d6c2f06b2bf29bd93c74a5cdac7de65909bee169b8a1e066e9dab6a518cd44d19b21b2e138e55332efc99106f270fa9c3b53aa285186ab46bf9c238c2ae7be59049c9dd7fd8c37dce76cc22965e8681697d49e2ed383dceff5354eee45adbd7f20f43e5451eb1cc3e5f110fcccb125d13368fcf97709872e173801690d1b8763b7a7b0291fe97386d06086f42b31b81696f0c40952fd936fc0d46430fed919e0311657fd7e315427ebd480b52503e18788ab6ae2bd55d5b42e702032a4665cf808de31c2d496d84ded35a392b1e026d43b23385ffff04f8ea06686f8db7bb456d83ba7a7fc3ee09471418e3a027489cd47a1d419a9e7721ad007f1e0a5b203eafe19e46c7f4e60e095cd2ef1abe3dd80f62e5f43613d361ef460218691fa0d38d7546c476dc404d33eb45e36c2c852797f4fbac900e5a40727ec7253a8e83f491b8195b7d217e7298903a917915dfd5184805f23c8a842742608dbb0c75b7c94e5a26f54d92dcaeb03f79a7b8bba049dbafb0f8a0fa86f2767994c5b6ee16c6597bb98b0a600ec659cd78360de134bd46e1de8981f194e9c6bbe92b617069b5534dddddd070b989636d1e0e8e4c20fd693696ebfde39dbd7d67c6b9b31c91a26524237c00bf936833489903b5ea6e6abd2aa65c4bca42a3db6bac9eb6b4d3aa1af5f167200de3338a4dee5017b08b4069034e37a9cfb47b83cf370058f9a608cb2d7566b860fe2ca8ae9a462498d9630ec6320234e28cccf8f60c082f1e498307a34099f6d1ca2ff8a18c816f1cec0214aa63064d70b6e3da7fe07c1548cb1b31b98f5e86264a997948c0b3a7bae064d955faff74a5846a5252e7024f952d4c42474fb7b1664718ef8dbd6782ebdb47643d70c17f6b984b4b5ca9cb348c08bafcf6ddc387f62db4ee058904ecc698da7b931e3ea4741479321c053ae488c6c4070fbe5d61456f625f92dd7f8ae7f2d2339c2fcb160e3fb9ddb85c02686923130cad1cdb09aeafdb1c8e779384c57aa4d8f5f3bbec993174dcb45e29d46e60aae5382c375be302b0aae3daef52d1353c1926368696fa43df41d191fe3ea94e8e52cf83261abe123338cbda8a5197111e9282dba03c16bc4013aab2c58c8a6859f0f2e2604ca1676a9f532f3726318c8c363a284098fbc9b43660101a392a615985cf25e2ca3b7afdf7f26380a35de49f964ffa29fcfe48f899f866cb0fc7f98f45779bc2f45ab48dc7254101c18d6d3caf283b86ca85c8375ef1a6268722be69bdaa01e69dc0b8cc37914016f7b9b49faef8a26ed1e1369f33b634c49370ba299394ee9b6022e7ad0a6cae7f50c35ede0d0c01fbe8e66db2c3ed4deaf541b0402c59927d5df2bdf0f8566014bd09b3fec2bda5bcd690a12554b0542e819b8cd3209280fd1bfbd18b4154ea6c0a092ca78bc4c1ae29efccc96b930f3c60bb86888af70407f65084a74c5fdf1f4a5ea7b8c5e8ba810ab87b8f9bff858da6e2397742b6fedc5fcf7ef089adae67b0fbf52583974e2e2a8e4543d64cf2e5ebfadca68227a2494d7b2f540224b028cbc46acb5dd407cfb27eb7fdcd2ff3bc7a4966b0cd0bb6b289fb2af0a6343f8b64e82a0855787acfa58127ac83d32e701f0a1174dfefc1325795b5c0d8eb7315437325d31420b14e5753a3934c170d555ec2d5e6583d5628951c7ab0e8f36adc7e73d4947e8d946341e48d39fff16efd147d10a1265dc4b36230fe5c3f8054d0d5d188147e9d1a12e8f53e084ca12194a0c6c3aff5a0812cb303459034deb541f4197507673ed12472307403a8478fcff4d1ce33b74a2223f498522c5c48139923528db925bac21a163509615fa96248896d71b465e1c4c430b994981e139309532187126c3671ea7591445aa4e7d783d611a6db5eb0cea9112d3eef27b13b44b72036f5ccb8ae3944915b70259322eed21a53bc9ae1fb228dc5b2f0c9a7b944538b67f832a8abf3c8463c3e9b59f9cc16cc411bfa38d8c6710debc7ffb30a54a2ab9647af082f5a2e2149eb21e906ac40a4cdaba33a037b8ad1519a86b097b0b342626b3552675227dd1514a94fbe79a378031a0c195089bef572545f40f22f8b81b9bfc962e38f382a675d4de6a7dbf2943a45bf7f84b8d2a1c2759a8cb8194d546572a7980e530ee9a3784769a248b1af43089c56da314759dd7f6f56c6df9353b0dc40b9460a0a614b1519aa3208dad393ba12b7371f0dd32501b8c0bd20513c6c33710b9e9a54d1dfe848724214a4dff4a8a4ed348de6461d86af8e54e28c02b8329f205ff799def6a98336ed9b003da9c1ecd1c0a489c839a8d005b36c4d79d218a5546205da09544def4e3560278c03aaaf30840bc34736c5eb49c1aac80bf2c4b248670355b650c214f199f64f7e52186f51517dd65d754c0fd212d170ab702b80aa09b6f941cf1eca7a6c11fa19f22f77eb05f04e51cebb48e8da2361ce80599286e8f50ae6a2f5278db112399cf698af8a953a24edeb4049c0fbea4f18674e6670cedb0c76350e8da7e217db233abeb0fdc0a370899a8c6bb14521bb8644c19530b91c15d593dc70de54db5ca3f4d639046ca83a08be8a966d7a08d963e811582dca20154bdc72a3d9545de615ec62d3f338519e996214c7fdb3372e1ae65ce77512a6bd5b4ac5cd3e5e48b35b35707cc1445390ec0a52f296d011ed8ef7cf7baeebd6d9932a9951334d3cdabe2d38fa691993bf6ea2736182588981af9e70e0211bfa9d07a1dbadc3cd97bb6ee7517581f2793193a677744f36501786741ed01d8a960e32ce9ae032c1e4ebc4680a0c7bcc977bac3199c683bfbf9d611225d823dfce378a8f691442b5f0efa3ea7a926b4d5a02f6aea2a932e153bed0e4a6a0dfe5c35c6ed80d294f6c3c8f1cc40b886aec59ad5d11bbbf245895593e8f70111750e881859d43db2a2ae999bea050dae6ba78128729f21d630ddf5d1563bd391c94a4d3a1660b713d496d9c14a9a890dde69cc2d8c176fe5cf2a2b24c8794fae247463b4111a97e694664e6712283b2c1a65aff9bdaba1c941ef19c63377629c3cb4eb5db0124fc249faae580480a86b3cef8a9ff95e2590e549f7947f29f4498036d659f57ebe5a397fd687657425d14ae0141ba8d516a01a5599973a08671d4798c58283d29ae62eb368ec04760f090c2145e47da9fa0939f0e5ebedc0d5f6f81a7a1d0fa21e7fce4e64ba10cc1565d2ea2156e4f7bb3d6ec7dfce2689dc3f96fa21053b9c293422931d210e853f7f25cbb21d1bae8df3c21dde7ff4845b59220e69a7c7cdb352b3652af4c6e065c17089e394f41e52cb54d8cb71a1833d7c3dbc45eb47d517fcf75477b53ad1348ce57b892bfe1afcc6d28988504630f450e711a7dc5c29c1ee173cec5ec0b3792bb85b7d0d5ce7d5bc48b01ea2a32b8b36bdebc2f92784b9871707a95913a707b956c065773669891772d790ecd91a13750d4e444857138bbad6c3bb465a9c5927ce9a107c7b31ee899dac5174fd23eb770ba6c5d8b805b8fc84a59b5cfe31d48b5270a78637b2fc07e73d9c4858fc30fdb679ca788e02cd3eed079cd8bf6d7777802401643435ba440856595ea11ece27157cba9b749fc3e806da7ece433dd1eb673a135b6cb2d12ca9340b7462fb97182886aedef6c9a1ba1210da24f0a54c082299b92cc16425ef4ebd4b4c272462a3be53f29c8b95628e2a63d30a295aa9f241edeba0d562784612233175ffa4ef22e92b3266bcc0bff39a9b7b54a10ec7905b8665024b2a6737777cd0d555d1c4ee2a3063c6d19a9a785ad25c08b7b0d9e6de4f044588496aea650cd90f84f738c0f3a40a8bd7fd8d5dbe4ca8eb776227e1ded96bc05fc7095ae4f1e883bf9a3a7d9c324e3197132882ffec13739d285005ecaba0837459defadb9e6bdec450ce11403dde67a8778545f2958590d8f1677ded3109b3c6a393b278d49c1bf2a3b6f7ae668e06e2e29fe3b3deedced2c6f01917398863608b3fee4da061b8d6aa5b19842cbc973e0798ffd002100fea61f4a3396e7b2c88f0c2ebaaf7fcb7e5c69c4422aca6c8ceefe3e42db3676c084c8a359ddfbae78446d2c145fa31f983f59a40fc62e3273cfea69ad92f44300b3f1404fe9b384e054ac48201790b6fd8fc67e99eb53e3ccffe8d1aac926197b5bb9345681dc567e53465ff512653fd8be52d17a3243a4c2a9036523eecc213e0c9742e4c7cdff8a6c4b45fe746acff1c68f813810008da3531a51087d150b93738b5e2d9193fab196ccf61430e9ec6af286f1de1bf94d8082de0e5f284e78f85cc0a24d1a5a504d1219ef81d83726ebafc7674bc218960c7526e7a76242af6a85bdb7591ced2f938d17c3d801553daf2be4dfbcfed0230791987b483e8fd5feaab25ad9a2ba2e45a2a0f802d6c5a690c2b6fab1cf3e7093f562fafe347d0ac256d4e2c783410db0e7923ec4a8712188ad6639fa2586b3f77582ed99bc4c8753755d0f17b0fce5fda1e1b4fced493a73b92574c9bad7a3f17b6f4d692eb9dfc0525049a7357e1ff90f5edcbc7e7ee98cc286f41996aaa50fd47b2806324207d4835e77ef59ed50fbe92d658857052c1b8cfec6d497ee38cc956c85eeb529b4dfde4095399f61243f49c791c8d58a6a68b0c16e0134ce01135b3e52a339f174677890f4d5ce5f51d21730845e2db947c76ce9cfdc8dc218d025e8f4d34c66ee9c0e2d096b7357f0f4df72862759f1441552503c934c3dc9d4eb6908c15261bec11662d3674084c0667c8009cb6cf318fcb60fcd61715d7284a187188e76cb88d4552de21c866bfc96f5cb2f7b9b10be4fcb62a882569952436b6e73cd36433e3556bad24d4abea805922c6dd7c7b7cdeb588ef74bfc5fa39d73041190a4ae3a0833af"], 0x1) splice(r0, 0x0, r3, 0x0, 0x7fffffff, 0x0) 23:26:04 executing program 0: write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000e00)=ANY=[@ANYBLOB="f8"], 0x1) r0 = open(&(0x7f0000000240)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x12, r0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f0000000d40)=ANY=[]) [ 186.293171][ T8251] ? release_sock+0x158/0x1c0 [ 186.293203][ T8251] ? __local_bh_enable_ip+0x15a/0x270 [ 186.293219][ T8251] ? _raw_spin_unlock_bh+0x31/0x40 [ 186.293240][ T8251] inet_sendmsg+0x147/0x5e0 [ 186.293255][ T8251] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 186.293267][ T8251] ? inet_sendmsg+0x147/0x5e0 [ 186.293282][ T8251] ? ipip_gro_receive+0x100/0x100 [ 186.293300][ T8251] sock_sendmsg+0xdd/0x130 [ 186.293319][ T8251] ___sys_sendmsg+0x806/0x930 [ 186.293339][ T8251] ? copy_msghdr_from_user+0x430/0x430 [ 186.293357][ T8251] ? lock_downgrade+0x880/0x880 [ 186.293373][ T8251] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 186.293390][ T8251] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.293406][ T8251] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.293421][ T8251] ? lockdep_hardirqs_on+0x418/0x5d0 [ 186.293435][ T8251] ? retint_kernel+0x2d/0x2d [ 186.293450][ T8251] ? trace_hardirqs_on_caller+0x6a/0x220 [ 186.293490][ T8251] ? sockfd_lookup_light+0x10d/0x180 [ 186.293507][ T8251] ? sockfd_lookup_light+0x110/0x180 [ 186.293526][ T8251] __sys_sendmsg+0x105/0x1d0 [ 186.293542][ T8251] ? __ia32_sys_shutdown+0x80/0x80 [ 186.293570][ T8251] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.293585][ T8251] ? do_syscall_64+0x26/0x610 [ 186.293600][ T8251] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 186.293615][ T8251] ? do_syscall_64+0x26/0x610 [ 186.293643][ T8251] __x64_sys_sendmsg+0x78/0xb0 [ 186.293661][ T8251] do_syscall_64+0x103/0x610 [ 186.293680][ T8251] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 186.293692][ T8251] RIP: 0033:0x4582b9 [ 186.293708][ T8251] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 186.293716][ T8251] RSP: 002b:00007f28c9ff6c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 186.293732][ T8251] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 186.293741][ T8251] RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000003 [ 186.293750][ T8251] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 23:26:05 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getrandom(&(0x7f00000000c0)=""/93, 0x5d, 0x2) timer_create(0x0, &(0x7f0000cd0000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x14) 23:26:05 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) capset(&(0x7f0000001140)={0x19980330}, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) 23:26:05 executing program 0: write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000e00)=ANY=[@ANYBLOB="f8"], 0x1) r0 = open(&(0x7f0000000240)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x12, r0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f0000000d40)=ANY=[]) 23:26:05 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu\x00', 0x275a, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) [ 186.293759][ T8251] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f28c9ff76d4 [ 186.293769][ T8251] R13: 00000000004c58ba R14: 00000000004d9b78 R15: 00000000ffffffff 23:26:05 executing program 1: perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x5c63, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = semget(0xffffffffffffffff, 0x4, 0x0) semctl$GETALL(r0, 0x0, 0xd, &(0x7f0000000240)=""/223) 23:26:05 executing program 2: write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x7c774aac) ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611) 23:26:05 executing program 0: write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000e00)=ANY=[@ANYBLOB="f8"], 0x1) r0 = open(&(0x7f0000000240)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x12, r0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f0000000d40)=ANY=[]) 23:26:05 executing program 5: perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x5c63, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) rmdir(&(0x7f0000000080)='./file0\x00') 23:26:05 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) capset(&(0x7f0000001140)={0x19980330}, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) 23:26:05 executing program 0: r0 = creat(0x0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000e00)=ANY=[@ANYBLOB="f8"], 0x1) r1 = open(&(0x7f0000000240)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x12, r1, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000d40)=ANY=[]) 23:26:05 executing program 2: write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x7c774aac) ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611) 23:26:05 executing program 0: r0 = creat(0x0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000e00)=ANY=[@ANYBLOB="f8"], 0x1) r1 = open(&(0x7f0000000240)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x12, r1, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000d40)=ANY=[]) 23:26:05 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getrandom(&(0x7f00000000c0)=""/93, 0x5d, 0x2) timer_create(0x0, &(0x7f0000cd0000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) r2 = gettid() tkill(r2, 0x14) 23:26:05 executing program 5: pipe(&(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000100)=ANY=[], 0xfffffda8) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000940)={0x26, 'hash\x00', 0x0, 0x0, 'vmac64(aes-generic)\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) r4 = socket$inet(0x2, 0x3, 0x1c) ioctl(r4, 0x1000008912, &(0x7f00000000c0)="0adc5f123c123f319bd070") setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000080)="ad56b6cc0400fbab65d8b4ac2ca35c6e", 0x10) splice(r0, 0x0, r3, 0x0, 0x7fffffff, 0x0) 23:26:05 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) capset(&(0x7f0000001140)={0x19980330}, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) 23:26:05 executing program 2: write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x7c774aac) ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611) 23:26:05 executing program 1: mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) dup3(0xffffffffffffffff, 0xffffffffffffff9c, 0x0) mount(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000a40)='ramfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0/file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file0/file1\x00', 0x0) rename(&(0x7f0000000280)='./file0/file1\x00', &(0x7f00000002c0)='./file0/file0\x00') 23:26:05 executing program 0: r0 = creat(0x0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000e00)=ANY=[@ANYBLOB="f8"], 0x1) r1 = open(&(0x7f0000000240)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x12, r1, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000d40)=ANY=[]) 23:26:05 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7c774aac) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) 23:26:06 executing program 0: r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000e00)=ANY=[@ANYBLOB="f8"], 0x1) r1 = open(&(0x7f0000000240)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x12, r1, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000d40)=ANY=[])