[ 41.849069][ T23] audit: type=1800 audit(1554692851.961:27): pid=7592 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 41.888516][ T23] audit: type=1800 audit(1554692851.971:28): pid=7592 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 42.519207][ T23] audit: type=1800 audit(1554692852.671:29): pid=7592 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 42.539309][ T23] audit: type=1800 audit(1554692852.671:30): pid=7592 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.230' (ECDSA) to the list of known hosts. 2019/04/08 03:07:51 fuzzer started 2019/04/08 03:07:54 dialing manager at 10.128.0.26:34543 2019/04/08 03:07:54 syscalls: 2408 2019/04/08 03:07:54 code coverage: enabled 2019/04/08 03:07:54 comparison tracing: enabled 2019/04/08 03:07:54 extra coverage: extra coverage is not supported by the kernel 2019/04/08 03:07:54 setuid sandbox: enabled 2019/04/08 03:07:54 namespace sandbox: enabled 2019/04/08 03:07:54 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/08 03:07:54 fault injection: enabled 2019/04/08 03:07:54 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/08 03:07:54 net packet injection: enabled 2019/04/08 03:07:54 net device setup: enabled 03:10:07 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000415fc8)={0x0, 0x0, &(0x7f00000daff0)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x13c}}, 0x0) syzkaller login: [ 197.756055][ T7756] IPVS: ftp: loaded support on port[0] = 21 03:10:08 executing program 1: r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab01, 0xffffffffffffffff) [ 197.889799][ T7756] chnl_net:caif_netlink_parms(): no params data found [ 197.989200][ T7756] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.014326][ T7756] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.022594][ T7756] device bridge_slave_0 entered promiscuous mode [ 198.040310][ T7760] IPVS: ftp: loaded support on port[0] = 21 [ 198.048294][ T7756] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.059362][ T7756] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.070091][ T7756] device bridge_slave_1 entered promiscuous mode [ 198.109419][ T7756] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 198.121484][ T7756] bond0: Enslaving bond_slave_1 as an active interface with an up link 03:10:08 executing program 2: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x6, 0x0) write(r1, &(0x7f0000c34fff), 0xffffff0b) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) write$binfmt_elf64(r1, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) dup2(r2, r1) tkill(r0, 0x1000000000016) [ 198.156958][ T7756] team0: Port device team_slave_0 added [ 198.177266][ T7756] team0: Port device team_slave_1 added 03:10:08 executing program 3: getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffff9c, 0x84, 0x1b, &(0x7f00000001c0)=ANY=[@ANYBLOB="a80000000b801265500d65178f0b06c56c5be518e793b7b8e3fe38afd1cbe5e12790d21130f304a2ad064a259bb78ee851c2261251c1d513b4a5baf707ee762a8b0e2c80098cfe761abfe424f71f87d79d916aa8b826dfa42941042bc8a90aac54e96aae3bc6affd6b8a4bd59dea047c8bc145b0bd02cf28fe77a888ee8f5dc79c6646b2d178d6846727abc0"], 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vhost-net\x00', 0x2, 0x0) r1 = dup(r0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_PPC_ALLOCATE_HTAB(r1, 0x4008af03, &(0x7f0000000100)=0x40) ioctl$VHOST_RESET_OWNER(r0, 0xaf02, 0x0) [ 198.347856][ T7756] device hsr_slave_0 entered promiscuous mode [ 198.415462][ T7756] device hsr_slave_1 entered promiscuous mode [ 198.484581][ T7756] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.491841][ T7756] bridge0: port 2(bridge_slave_1) entered forwarding state [ 198.499737][ T7756] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.506834][ T7756] bridge0: port 1(bridge_slave_0) entered forwarding state [ 198.519035][ T7760] chnl_net:caif_netlink_parms(): no params data found [ 198.533463][ T7763] IPVS: ftp: loaded support on port[0] = 21 [ 198.535645][ T7765] IPVS: ftp: loaded support on port[0] = 21 [ 198.677310][ T7760] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.685451][ T7760] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.693552][ T7760] device bridge_slave_0 entered promiscuous mode [ 198.715100][ T7760] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.722530][ T7760] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.731121][ T7760] device bridge_slave_1 entered promiscuous mode 03:10:08 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) r1 = dup(r0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r0, 0x80000000006) r3 = dup3(r2, r0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000200)) write$UHID_INPUT(r3, &(0x7f0000001640)={0x300, "e52aac313baccb9b551156a2d7c12b7711c32a17d3c4c9ceef08c2046fe288a70a6e513019e5e114cc4ae935d23a9990952824f5d0c1f52e2eb94e5301ba9dc9a02818038eaef46fc2c3ebbe46e4a6024c93823f66462ba3d68913fdeadd1087b06846aa3ddf6ed3dc2b61b4960f48c2edf5cdf23c7e8d3f2e6daa71e66b29bc19e377d7df4637d735194a52da503a0ac44383ba5b3da867e09ceae02a9bfc21e7f28814c2fab7da41344e207ca706dc37592abdb685e4b80eb6dc2b1dc550a1d16166d163a4a220a54d7844facbbb2648ee90aa05c3c03ee447d79e517df8ffe70c215bd0bf69e86a5f48d571b9337590d05e9947727c0d77d18a117f110252735ca6700a55fd26838935808cce7b7c222a75339e44230bdeb99bc39c0c1cc20de74fcb9744f4c4a988f3874a846d31abcf5504d78a3e14f35f6cbd123fcff22890cc17c730c3ea9f74616dfe60064552ec25568a6211bdc39483a28bed0df0afc7d7c6d13d301e080c8846ea512a8ccae7a99da8dd3009feaf204d22e32c5ecc333e616159d55328d375e59194c5c9a0b3843afb283d1d26f59e03105e91aa552386468432a09be73220e942394f34c559797b74bfe7c5c2c639a40e4d2e81e1004b127540a0bdd6be2f95698e75e4f1203a47d61f506ac9364be9d98ae46536f74afe08c450ecb902e00f188c9f32aed0677455e10bbe82c763a464f10f64c403c35376b7a675546835209f0e2809e9c2bd191f784dda4b727bfac512497a07474e6d3e13233601df81abcdb6fbfb152483ec61baaee45a5d733c62107f63c55a046401a5ddef70cef8d52cb4784e3efc34de554c8ff48f7ae3d6dc1ed4eb70fe1e610355fd66ce1af8ff63b6641fb3dadfab8a9b0b1f26ca11f7287258ad4766e08340f8f2fd53e7e5f287bb73c186f0290f225687040c762776a02e5e65f1b9b713e8ef98ffe111b3e4e7b761dd3ed763ed8dafd67625fb300ac752c0ff9c0c04b75be292c3f0247bd0b3560f1c76aff38791037fcf2b812f1601934a8fc769f7198e0df685841489263a1495a8a8bab1a63cb12b3089a3e30aab15ae872437e52a6f0dbc4df2d0e8df4c6bcd47beefc179d85b70b42b319453e6efaff96a509420bec299f227c4b676c58038916897f15430ff52087dd97dd329c6b6e207378053accaa31843a333e4f69586103424f44bd67eb355c1fbe078e62f07ebaae46c3e335372127dc5fa70a4579af715e531bda52761dc206aded4678079720603a577ef7e5fb5a81a525b7c96a4047d9d6bb80d7e0ce55cc0a4f73256ae9c515307f13fe54126786de425d7a674b05116104176faac5b9365b33fd2f5a710a5159d342abecede83ad421bbb712cd5b006671a958cec907311719eb3e0b5dc4fb51054e06656a7a2a066c0aac65ceb434ca3f242cb2b1d7a22179a85cbbeeacc2f0135d8dd4d1363a98d2543fa4973e19eb359e956d27f142c75f62c7aecaf47090236b9791847725bc6fde15cd4a119a4976a3f0f2d622973ad9000aae56f88b396fa1881ec0b0a5de9955fc8f864b36eacd635b88826e0a64897d605fa4a14f7786b037cf308bef61c7f860e38f1ae67fe8cb7802dbe85f9c0c082eed1a13e645370d0c95d63bba215ac8a637b8f968aef06329d62ba131b56b46bfcfa6a5e82016d5eeb6e7db45595d1acaaa5ec9886315d3dced9d0a15c44c043ac91e4ae7077139774607b76cbc017f636145beb84c1829a6030f4a895a56b8d141f743c9189a71387893f785804f85927a23ccd79c432ab686b621ec91706ef082b4ea4fa608ce2daca0d2e2e07ff51e6a8fdc22f1c8ee5ae53720f93b4547704fae580e5560e3c7b1ac2a38ffc294d3c96635e3b919339394843c8a171c7d106eb9c0a11be25783694b177b399e7a495538e293a59d3ab44b176afed6894aa0e501d9b98981be3f2057bf6c9869403a34cb83ad57150c674301f39524a026f3608a3414287bc4e507355823c6f8640bb803a392fb8847023d1db3c39753e72414682c617de9bd0d5b6a55d46004d49f20d2f8f53cdd8eb11402f7895cd7c01b4964fd005c564b0b0e156969ccde818dda3a7cae02d1d3af95081e6549f28976fa81b5e90fbb0a62fea850ffaf0220132189c11a74996261f6de6001c50364f08c4f48fd46a0417ec8ee4d003efeead64b87d64b43cd6868f365e72e26dd9f5f9f74d135f64464cb38dd62051ae70c5a4daabebe700eb9b290b8ed4142db0090219e6186f8f71fa8fe1ebe42f621b8eed182ee8ad0401f0a3530fd48e4d1eb2637f1fbd2a7032b0f85715203c12ab8ff48131bc4ff28272b57119a76bc0b30fef5294c23c0b2bcadfbba37a00502b5e43d72148d9acc7cb7cb39dc830cd6f30262a09eecf29d1055c2edc3926cfd5076aa5f9f172ed145359fc974ca5ded652433d212607bed155df1aff269414548a39a644b6ce927de5de6e6750575c4fd7ea7fe10b1e51fde6975c0c23fc012a8b12fe3fa64e972e4e09eafea165ae5c1ffc9d761e1314a781959c223b96eefde0f4f45c7ac032a8d3f1bd304114c3329a3e4966eddcc8d44ae70bad2932f963100955e2d2d487347c2aa8356bc6bc3c84e418163c758f1372246884e6d80d87d7ab3fe660dda13ada65f200b4fb365223b93bbc29493ae6dbbbb1823edb8e9f045b60414edab955e1046b67a8d4908ab08ad90216125d2ffd8c7814a9a4940df0a653b1cf53cf456412228445ebc8e1584adfe13207ff24fe602e2a506218710483b5544347a3d515b7d2ddcaa1bb7ae3578841918a8ed00659d5f260d23ae17a9ffc77f79758844586fe53517097838a92dde8873e8be1cd5934f1a4bfdd9d0b5725b811c4a2c121b7729946993a736bd195c55684ea680304af4844a1b2f74e2c2b2ccaeceb00b9c2c515b70912efb27643c5624025e358b44853cc0efddc103ee514471af902cd9b68f102c95a91d2b825b473ce842e6367b0b7305ce8be6f9c812abe860bb632e00b69a0370e5c8f9ba0cebbcbe1b9276949c303a4e9e3b6db37a0716520c07512192364abb58399fca973a1b32106096eda8bb85745562e8a35c5e917fdf858091a4c29d6549e10098d6b205fc5cad546fe07b3a70756cf7079c88f3708f0c8527002b99e80cbd584a3737fb37953cd6dccf21add4d4b6e65894490840c008578737d5e208649d1cd34beb403c2226300297853a29cf6c661b426c13306575d81f6fd21712e0ec4366013883b95a71d5094acbf156e42de11cb873744983ec1ff9cfbee2278053b8b4e523388bd41dfd3c2ecaacc5d9d2958bbfa94f4bd0ac1c61c98ab295dd5c69020f1329818df9a2aa88ced03f4e6a4d1f8cb020afcd2384e65511ddeb908ba0c13a03dd32e8d4ccf0246008f35ef5184f81b8fed73b4aae4998bd8c7d784210042247d39396ba881bf43555d0ec58deede7b4729e79d31b2a346527594ca3a47a1723a792a701dc18d0124365e2c4a4fefed48c29a9f2fc747b302eaf92a100b2da211c91de4ab79d4aede483d852635c6f14d38095a5739d475c7aa67fdd54767a056eeb3098dfd8d1c21f32e76f0247f04118448273586856e641b83f540a643e72dc15804b78bac475f39e23291798aa45a2c10aa5fef2d5e4d7b8f529a66535d11c6149e9797f2fcce2804f2a5370345e98b0c02c7dd27135d414fe72f0740423920d68b64f6b8c05788c6693ee1b9abb5d4593a970dc3ee2528765fb739964f4fed7200d7e796a9f3d0d60834e638dd8c29d4e85011e4ba4f127fe765954a5b5bb5d1cc69f2376599d5a3e8c30714893f763c06061072c10cb0eee17eb2a2514acc584b04e169d4a33a330367bb725ff9462f5d50282a2e393293eec8ea1eaab8217cc108798a4a57eccdb00647ab9f07318993f7c59c395a93cbd681d0a967a56e3f13c832c48dcc0d0096870b0d51b754e70b12a849b6f376923f7f7d909f64d64e1d6e338d39166b725265b96ed21e36b12057148d66e5df04b7b734ed0957d47fde172be2473b9ac6fdb823abe3e11ec69a170a14511d5572d6c0d9f6b749acad7003f0567bb6f9381649e42d02764077330d5af3d93185968a9f8dfed16c4a7c768a2bb98304946a557182c0ce93e82b340074e384cc6bd6129483386c654a6ab3bb12fe8e86adafa93f218fdf5019c09292858acd8ef7aa6a78e3f846215856d630ae9c5fc4009693b2767ea55c469f9099693287b35d43ee0f7a5baf3328d37b2c536f2abd6e21e472c105ae982cdd26a5a20562122e71efb148279cd9409c3114b608f297695958c5604cf0918c0c70c56c79170260d73bde297e47cae1c404cca0a96eed51a2dc8f6f6ad862fe767ee5b5e68f231096825d935b809b3c1b5d9a2cd76cae22652bed7d263b42612ed717eba0aaf2a3989c4520c402d29428010000000000000062fb3fdd073b91d4e2f6895fba9639ee78bd8ccb5bc3ce442fbeb9a1521314b82804293159fd7df4db66b78a06fe93e705bbc4e0d294a787c3cbf271b2acd15e7b4998c822f7724d3191e2265bd0d694dfb08063c9ff26a424880b46e26b5560d756c134ad1a7b92eee3f49dc2883b604ecc49c5ce92ce467778301326588a6577d44758e8d90710248d110dbf3d3d568779bd1c616369f84619dd089e38b51634f7c5d2ac9f1547a342877815a3864ad70b68b196bde9d810512f411d5235633ef65088788dfa3f152df7cee3a0803f6ac7ae192301dec07ff870ff3d7cf1c09cc9093263b225d01222376531007af9e6fb96e5ccaa8274f70adc786db7f33a20a752717b56b9a03bfce15a1aacd78c4adf8bdf41de8aaf421684c27526088c54322b5eea9175ef9c574c1f873218cc6f5df233892d7d5b0b0649ffc5a1c4909f2967a8c1f15b419ecde0448f071fa71e553f4f12cfa5e35022e75ddc5509edddc3de82d9097759b27f7c24776702e0ff64559281f796f11c1a9c77a156f390d2d18d1759b6be0347eb5bb4df912e9cfafa0db3be3243bacb378ca0946cece695a8099d6d7a24fc8bcca4c09695e3208f17f00bf404f6eb7852dfe73c163a19fd4e890e0edd5c7a727984b6f47a952373b95200bba061756c699c218b52c265b22bcd5cb24fdf056621fdd2126cede171e435320ca34e56e4c82a2afc9a59d3bf4647877658b6f23a6484f37acd8e2e184926993b5d1bbe6cdba64f486b4fb41bb94a644140540894f8fc14e585bc8beae88eabf926add289c82eb8cea99743baed842d76eb5c5573f7a7f3f2693960d6bfed697b5619afd942f41689dbd281a35e32478ba3a388dada82a2f4164481aa6a8f3946a84ea6186b20ce388c202be42996ae90feec7258d4a4a276353df84c96b160ac003d81cf395c0e61b0f0a9e692c32fab307f754cae5de7716a00cb96160cd39c931f4885d612862cecf6ba76502c9d266f97e4cf6cf0a16f787788e5471458a0dc24d3f2a28caa0f7ee00cf8bb113bd9c2b086037d765b5ec9a849df6f482fc01b48261e44299b0bc88321d837b6e2d221ebf2996b4140cd82e531de27f8de445f31c64469a5a145b031cd2569d19e27369c31ec63a989f0c9aaba7cc9d36d652001d40004f83a90d6465854f31bf15d1ef6bff4c02d60b948a37e3f50d250d7f85f545f507014aae5a35908283168c034f654acbb9d0fc261671d612e3d74261653e69e5e9cf7c8fda298b4d6c879cbbb97eafe648ba70150599089d65c1fdc0d5af879a2d46a443ac6dd21b33f72510742db4faf7eeb1580580ffe26e2d5ff", 0x1000}, 0x1006) [ 198.768374][ T7756] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.890438][ T7760] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 198.908519][ T7760] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 198.960996][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.995033][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.015833][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 199.067062][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.067978][ T7772] IPVS: ftp: loaded support on port[0] = 21 [ 199.084819][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.098054][ T7765] chnl_net:caif_netlink_parms(): no params data found [ 199.111513][ T7756] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.119576][ T7763] chnl_net:caif_netlink_parms(): no params data found [ 199.130648][ T7760] team0: Port device team_slave_0 added 03:10:09 executing program 5: openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000540)='/dev/video36\x00', 0x2, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000180)={0x0, 0x3, 0x5, 0x964, 0x6, 0x4, 0x3, 0x2, {0x0, @in6={{0xa, 0x4e24, 0x8001, @local}}, 0x5, 0x100000001, 0x6, 0x7, 0x7}}, &(0x7f00000000c0)=0xb0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000100)={r2, 0xb0, &(0x7f0000000240)=[@in6={0xa, 0x4e20, 0x9, @mcast2, 0xfffffffffffffff8}, @in={0x2, 0x4e20, @remote}, @in6={0xa, 0x4e20, 0xffffffffffff7fff, @dev={0xfe, 0x80, [], 0x12}, 0xffffffffffffff1a}, @in={0x2, 0x4e22, @remote}, @in6={0xa, 0x4e24, 0x7, @local, 0x3ff}, @in={0x2, 0x4e22, @remote}, @in={0x2, 0x4e20, @broadcast}, @in6={0xa, 0x7, 0x10000, @mcast2, 0xfffffffffffffffc}]}, &(0x7f0000000300)=0x10) ioctl$KVM_GET_SREGS(0xffffffffffffffff, 0x8138ae83, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x5) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) accept4$inet6(0xffffffffffffff9c, 0x0, 0x0, 0x800) ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, 0x0) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL(r1, 0xc040564b, &(0x7f0000000340)={0xfac, 0x0, 0x3017, 0x81, 0x4, {0x9, 0x2}}) syz_open_dev$rtc(0x0, 0x0, 0x0) connect$bt_l2cap(r4, &(0x7f0000000080)={0x1f, 0x0, {0x700, 0x0, 0x2, 0x0, 0x6}, 0x300000000000000}, 0xe) ioctl$VIDIOC_DQBUF(r1, 0xc0585611, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x2) alarm(0xbfaf) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000000)={r3, 0x10001}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f00000003c0)={0x0, @in={{0x2, 0x4e24, @loopback}}, [0x0, 0x1000, 0x4, 0xd8, 0x0, 0x0, 0x0, 0x1000000000000000, 0x6, 0x0, 0x0, 0x380000, 0x3ff, 0x100, 0xe68]}, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, 0x0) [ 199.168430][ T7760] team0: Port device team_slave_1 added [ 199.239917][ T7770] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 199.249333][ T7770] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 199.257987][ T7770] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.265126][ T7770] bridge0: port 1(bridge_slave_0) entered forwarding state [ 199.275893][ T7770] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 199.287872][ T7770] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 199.296497][ T7770] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.303559][ T7770] bridge0: port 2(bridge_slave_1) entered forwarding state [ 199.315941][ T7770] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 199.325017][ T7770] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 199.389275][ T7760] device hsr_slave_0 entered promiscuous mode [ 199.424466][ T7760] device hsr_slave_1 entered promiscuous mode [ 199.506940][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 199.516012][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 199.518925][ T7774] IPVS: ftp: loaded support on port[0] = 21 [ 199.524782][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 199.539102][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 199.547783][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 199.564551][ T7765] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.571731][ T7765] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.581691][ T7765] device bridge_slave_0 entered promiscuous mode [ 199.589226][ T7763] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.597003][ T7763] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.604843][ T7763] device bridge_slave_0 entered promiscuous mode [ 199.612358][ T7763] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.619525][ T7763] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.627541][ T7763] device bridge_slave_1 entered promiscuous mode [ 199.641966][ T7765] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.650495][ T7765] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.659605][ T7765] device bridge_slave_1 entered promiscuous mode [ 199.690767][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 199.699111][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 199.707620][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 199.716134][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 199.749765][ T7756] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 199.762113][ T7765] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 199.775471][ T7765] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 199.790383][ T7763] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 199.812840][ T7763] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 199.882633][ T7756] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 199.891655][ T7765] team0: Port device team_slave_0 added [ 199.899113][ T7765] team0: Port device team_slave_1 added [ 199.931290][ T7772] chnl_net:caif_netlink_parms(): no params data found [ 199.970097][ T7763] team0: Port device team_slave_0 added [ 199.977542][ T7763] team0: Port device team_slave_1 added [ 200.056792][ T7772] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.063885][ T7772] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.072589][ T7772] device bridge_slave_0 entered promiscuous mode [ 200.162237][ C0] hrtimer: interrupt took 41231 ns [ 200.169974][ T7763] device hsr_slave_0 entered promiscuous mode 03:10:10 executing program 0: 03:10:10 executing program 0: [ 200.224694][ T7763] device hsr_slave_1 entered promiscuous mode 03:10:10 executing program 0: 03:10:10 executing program 0: 03:10:10 executing program 0: [ 200.299728][ T7772] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.310947][ T7772] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.323722][ T7772] device bridge_slave_1 entered promiscuous mode 03:10:10 executing program 0: 03:10:10 executing program 0: [ 200.386898][ T7765] device hsr_slave_0 entered promiscuous mode [ 200.444568][ T7765] device hsr_slave_1 entered promiscuous mode [ 200.503172][ T7772] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 200.519147][ T7760] 8021q: adding VLAN 0 to HW filter on device bond0 [ 200.527157][ T7774] chnl_net:caif_netlink_parms(): no params data found [ 200.540887][ T7772] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 200.576671][ T7772] team0: Port device team_slave_0 added [ 200.585139][ T7772] team0: Port device team_slave_1 added [ 200.618670][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 200.627049][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 200.707178][ T7772] device hsr_slave_0 entered promiscuous mode [ 200.754518][ T7772] device hsr_slave_1 entered promiscuous mode [ 200.805918][ T7760] 8021q: adding VLAN 0 to HW filter on device team0 [ 200.830410][ T7774] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.837948][ T7774] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.846526][ T7774] device bridge_slave_0 entered promiscuous mode [ 200.874349][ T7774] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.881487][ T7774] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.889641][ T7774] device bridge_slave_1 entered promiscuous mode [ 200.902444][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 200.911355][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 200.920322][ T7759] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.927703][ T7759] bridge0: port 1(bridge_slave_0) entered forwarding state [ 200.935509][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 200.944639][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 200.952976][ T7759] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.960096][ T7759] bridge0: port 2(bridge_slave_1) entered forwarding state [ 200.967926][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 200.977300][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 200.985986][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 200.994750][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 201.003862][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 201.012193][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 201.039125][ T7774] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 201.055548][ T7774] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 201.079044][ T7763] 8021q: adding VLAN 0 to HW filter on device bond0 [ 201.104294][ T7774] team0: Port device team_slave_0 added [ 201.111741][ T7774] team0: Port device team_slave_1 added [ 201.121345][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 201.129977][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 201.152373][ T7763] 8021q: adding VLAN 0 to HW filter on device team0 [ 201.166935][ T7765] 8021q: adding VLAN 0 to HW filter on device bond0 [ 201.173757][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 201.184009][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 201.215583][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 201.225048][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 201.233375][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.240485][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 201.248142][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 201.258060][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 201.266424][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.273466][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 201.281247][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 201.289815][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 201.298204][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 201.306566][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 201.321305][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 201.377560][ T7774] device hsr_slave_0 entered promiscuous mode [ 201.415061][ T7774] device hsr_slave_1 entered promiscuous mode [ 201.461869][ T7760] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 201.473344][ T7760] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 201.489981][ T7765] 8021q: adding VLAN 0 to HW filter on device team0 [ 201.501029][ T7770] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 201.510647][ T7770] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 201.520169][ T7770] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 201.528787][ T7770] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 201.537800][ T7770] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 201.545695][ T7770] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 201.553302][ T7770] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 201.561987][ T7770] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 201.570420][ T7770] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.577516][ T7770] bridge0: port 1(bridge_slave_0) entered forwarding state [ 201.586576][ T7770] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 201.594618][ T7770] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 201.631615][ T7770] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 201.641074][ T7770] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 201.650228][ T7770] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 201.662165][ T7770] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 201.672455][ T7760] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 201.685981][ T7766] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 201.696795][ T7766] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 201.705279][ T7766] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.712322][ T7766] bridge0: port 2(bridge_slave_1) entered forwarding state [ 201.724195][ T7763] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 201.736656][ T7763] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 201.759702][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 201.768125][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 201.783504][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 201.792345][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 201.801384][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 201.810035][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 201.829826][ T7772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 201.840251][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 201.871484][ T7763] 8021q: adding VLAN 0 to HW filter on device batadv0 03:10:12 executing program 1: [ 201.889129][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 201.907720][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 201.922570][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 201.933719][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 201.976552][ T7765] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 201.991061][ T7765] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 202.004061][ T7772] 8021q: adding VLAN 0 to HW filter on device team0 [ 202.018498][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 202.028355][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 202.036698][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 202.044450][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 202.073793][ T7765] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 202.101475][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 202.123543][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 202.153011][ T7759] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.160187][ T7759] bridge0: port 1(bridge_slave_0) entered forwarding state [ 202.194699][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 202.203453][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 202.212107][ T7759] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.219252][ T7759] bridge0: port 2(bridge_slave_1) entered forwarding state [ 202.229751][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 202.251439][ T7774] 8021q: adding VLAN 0 to HW filter on device bond0 [ 202.272626][ T7772] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 202.285379][ T7772] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 202.300049][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 202.309572][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 202.318655][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 202.329132][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 202.338684][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready 03:10:12 executing program 2: [ 202.347781][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 202.356965][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 202.366190][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 202.376257][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 202.384914][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 03:10:12 executing program 3: getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffff9c, 0x84, 0x1b, &(0x7f00000001c0)=ANY=[@ANYBLOB="a80000000b801265500d65178f0b06c56c5be518e793b7b8e3fe38afd1cbe5e12790d21130f304a2ad064a259bb78ee851c2261251c1d513b4a5baf707ee762a8b0e2c80098cfe761abfe424f71f87d79d916aa8b826dfa42941042bc8a90aac54e96aae3bc6affd6b8a4bd59dea047c8bc145b0bd02cf28fe77a888ee8f5dc79c6646b2d178d6846727abc0"], 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vhost-net\x00', 0x2, 0x0) r1 = dup(r0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_PPC_ALLOCATE_HTAB(r1, 0x4008af03, &(0x7f0000000100)=0x40) ioctl$VHOST_RESET_OWNER(r0, 0xaf02, 0x0) [ 202.424867][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 202.432809][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 202.451464][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 202.472805][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 202.484448][ T7774] 8021q: adding VLAN 0 to HW filter on device team0 [ 202.496358][ T7772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 202.525309][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 202.533841][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 202.554852][ T7759] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.561905][ T7759] bridge0: port 1(bridge_slave_0) entered forwarding state [ 202.570380][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 202.589639][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 202.599161][ T7759] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.606252][ T7759] bridge0: port 2(bridge_slave_1) entered forwarding state [ 202.615021][ T7759] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 202.634435][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 202.643636][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 202.653882][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 202.663246][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 202.683681][ T7774] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 202.695957][ T7774] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 202.710580][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 202.718862][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 202.727813][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 202.736431][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 202.745176][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 202.753543][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 202.761968][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 202.771158][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 202.812791][ T7774] 8021q: adding VLAN 0 to HW filter on device batadv0 03:10:13 executing program 1: 03:10:13 executing program 5: 03:10:13 executing program 0: 03:10:13 executing program 2: 03:10:13 executing program 4: 03:10:13 executing program 3: 03:10:13 executing program 1: 03:10:13 executing program 1: 03:10:13 executing program 4: 03:10:13 executing program 0: 03:10:13 executing program 3: 03:10:13 executing program 2: 03:10:13 executing program 5: 03:10:13 executing program 1: 03:10:13 executing program 2: 03:10:13 executing program 4: 03:10:13 executing program 0: 03:10:13 executing program 3: 03:10:13 executing program 5: 03:10:13 executing program 4: 03:10:13 executing program 1: 03:10:13 executing program 2: 03:10:13 executing program 3: 03:10:13 executing program 0: 03:10:13 executing program 5: 03:10:13 executing program 4: 03:10:13 executing program 0: 03:10:13 executing program 2: 03:10:13 executing program 5: 03:10:13 executing program 3: 03:10:13 executing program 1: 03:10:13 executing program 2: 03:10:13 executing program 0: 03:10:13 executing program 4: 03:10:13 executing program 5: 03:10:14 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000280)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000440)=[{&(0x7f0000000400)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) write$binfmt_elf32(r1, &(0x7f0000000300)=ANY=[@ANYBLOB='oELF'], 0x4) utime(&(0x7f00000001c0)='./file0\x00', &(0x7f00000000c0)={0xfffffffffffffffd}) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) 03:10:14 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000280)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000440)=[{&(0x7f0000000400)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) write$binfmt_elf32(r1, &(0x7f0000000300)=ANY=[@ANYBLOB='oELF\x00'], 0x5) utime(&(0x7f00000001c0)='./file0\x00', &(0x7f00000000c0)={0xfffffffffffffffd}) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) 03:10:14 executing program 0: gettid() perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpriority(0x2, 0x0) 03:10:14 executing program 2: 03:10:14 executing program 5: 03:10:14 executing program 4: bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x806) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat], 0x0}}], 0x0, 0x0, &(0x7f00000003c0)}) 03:10:14 executing program 5: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c) recvmmsg(r0, &(0x7f0000000200), 0x2ab, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e24}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x3fffffffffffe9f, 0x0) [ 204.078199][ T7924] binder: 7923:7924 transaction failed 29189/-22, size 24-0 line 2995 03:10:14 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$SIOCGSTAMP(r0, 0x8906, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendto$packet(r2, &(0x7f0000000180), 0x0, 0x4, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) prctl$PR_GET_NO_NEW_PRIVS(0x27) sendto$inet6(r3, 0x0, 0xb9, 0x20000001, &(0x7f0000000040)={0xa, 0x2, 0x8000000000, @ipv4={[], [], @empty}}, 0x1c) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) splice(r3, 0x0, r2, 0x0, 0x1000000000000003, 0x0) ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) getpgid(0x0) ioprio_get$pid(0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f00000003c0)) socket$inet6_udplite(0xa, 0x2, 0x88) prctl$PR_SET_PTRACER(0x59616d61, 0x0) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x80000) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, 0x0) ioctl$TCSETA(0xffffffffffffffff, 0x5406, 0x0) sendto$packet(r3, &(0x7f0000000340), 0xfffffffffffffd4d, 0x57, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'lo\x00'}) [ 204.106349][ T23] audit: type=1804 audit(1554693014.261:31): pid=7908 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir487984808/syzkaller.2Hu811/7/file0/file0" dev="sda1" ino=16543 res=1 [ 204.158614][ T7929] binder: 7923:7929 transaction failed 29189/-22, size 24-0 line 2995 03:10:14 executing program 1: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) keyctl$join(0x1, &(0x7f0000000040)={'syz'}) 03:10:14 executing program 0: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = inotify_init1(0x0) ioctl$sock_inet6_udp_SIOCINQ(r0, 0x541b, &(0x7f0000000040)) [ 204.192327][ T23] audit: type=1804 audit(1554693014.291:32): pid=7918 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir487984808/syzkaller.2Hu811/7/file0/file0" dev="sda1" ino=16543 res=1 [ 204.221065][ T7759] binder: undelivered TRANSACTION_ERROR: 29189 [ 204.232594][ T7759] binder: undelivered TRANSACTION_ERROR: 29189 [ 204.248519][ T7934] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7934 [ 204.258031][ T7934] caller is ip6_finish_output+0x335/0xdc0 [ 204.263783][ T7934] CPU: 1 PID: 7934 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 204.272814][ T7934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 204.282883][ T7934] Call Trace: [ 204.286234][ T7934] dump_stack+0x172/0x1f0 [ 204.290617][ T7934] __this_cpu_preempt_check+0x246/0x270 [ 204.296173][ T7934] ip6_finish_output+0x335/0xdc0 [ 204.301125][ T7934] ip6_output+0x235/0x7f0 [ 204.305460][ T7934] ? ip6_finish_output+0xdc0/0xdc0 [ 204.310574][ T7934] ? ip6_fragment+0x3980/0x3980 [ 204.315442][ T7934] ? ip_reply_glue_bits+0xc0/0xc0 [ 204.320497][ T7934] ip6_local_out+0xc4/0x1b0 [ 204.325006][ T7934] ip6_send_skb+0xbb/0x350 [ 204.329431][ T7934] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 204.334896][ T7934] udpv6_sendmsg+0x21e3/0x28d0 [ 204.339699][ T7934] ? find_held_lock+0x35/0x130 [ 204.344466][ T7934] ? ip_reply_glue_bits+0xc0/0xc0 [ 204.349493][ T7934] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 204.355489][ T7934] ? aa_profile_af_perm+0x320/0x320 [ 204.360707][ T7934] ? __might_fault+0x12b/0x1e0 [ 204.365472][ T7934] ? find_held_lock+0x35/0x130 [ 204.370266][ T7934] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 204.376523][ T7934] ? rw_copy_check_uvector+0x2a6/0x330 [ 204.382014][ T7934] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 204.387568][ T7934] inet_sendmsg+0x147/0x5e0 [ 204.392072][ T7934] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 204.398047][ T7934] ? inet_sendmsg+0x147/0x5e0 [ 204.402725][ T7934] ? ipip_gro_receive+0x100/0x100 [ 204.407792][ T7934] sock_sendmsg+0xdd/0x130 [ 204.412301][ T7934] ___sys_sendmsg+0x3e2/0x930 [ 204.416984][ T7934] ? copy_msghdr_from_user+0x430/0x430 [ 204.422453][ T7934] ? lock_downgrade+0x880/0x880 [ 204.427303][ T7934] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.433550][ T7934] ? kasan_check_read+0x11/0x20 [ 204.438420][ T7934] ? __fget+0x381/0x550 [ 204.442586][ T7934] ? ksys_dup3+0x3e0/0x3e0 [ 204.447014][ T7934] ? __sched_text_start+0x8/0x8 [ 204.451888][ T7934] ? __fget_light+0x1a9/0x230 [ 204.456567][ T7934] ? __fdget+0x1b/0x20 [ 204.461219][ T7934] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 204.467461][ T7934] ? sockfd_lookup_light+0xcb/0x180 [ 204.472658][ T7934] __sys_sendmmsg+0x1bf/0x4d0 [ 204.477348][ T7934] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 204.482388][ T7934] ? _copy_to_user+0xc9/0x120 [ 204.487065][ T7934] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 204.493308][ T7934] ? put_timespec64+0xda/0x140 [ 204.498075][ T7934] ? nsecs_to_jiffies+0x30/0x30 [ 204.502956][ T7934] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.508419][ T7934] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.513875][ T7934] ? do_syscall_64+0x26/0x610 [ 204.518553][ T7934] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.524620][ T7934] ? do_syscall_64+0x26/0x610 [ 204.529306][ T7934] __x64_sys_sendmmsg+0x9d/0x100 [ 204.534251][ T7934] do_syscall_64+0x103/0x610 [ 204.538846][ T7934] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.544739][ T7934] RIP: 0033:0x4582b9 [ 204.548649][ T7934] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 204.568256][ T7934] RSP: 002b:00007f823001fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 204.576673][ T7934] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 204.584646][ T7934] RDX: 03fffffffffffe9f RSI: 00000000200092c0 RDI: 0000000000000003 [ 204.593599][ T7934] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 204.601579][ T7934] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f82300206d4 03:10:14 executing program 4: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000080)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) ptrace(0x4207, r1) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'yam0\x00\x01\x17\x8b\x00', 0x8001}) ptrace$setregset(0x4209, r1, 0x20000002, 0x0) [ 204.609559][ T7934] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 204.619089][ T23] audit: type=1804 audit(1554693014.291:33): pid=7914 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir149064754/syzkaller.gNj0Kn/8/file0/file0" dev="sda1" ino=16550 res=1 [ 204.654393][ T7934] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7934 [ 204.663755][ T7934] caller is ip6_finish_output+0x335/0xdc0 [ 204.669624][ T7934] CPU: 0 PID: 7934 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 204.669633][ T7934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 204.669638][ T7934] Call Trace: [ 204.669661][ T7934] dump_stack+0x172/0x1f0 [ 204.669686][ T7934] __this_cpu_preempt_check+0x246/0x270 [ 204.669703][ T7934] ip6_finish_output+0x335/0xdc0 [ 204.669720][ T7934] ip6_output+0x235/0x7f0 [ 204.669734][ T7934] ? ip6_finish_output+0xdc0/0xdc0 [ 204.669751][ T7934] ? ip6_fragment+0x3980/0x3980 [ 204.669765][ T7934] ? ip_reply_glue_bits+0xc0/0xc0 [ 204.726368][ T7934] ip6_local_out+0xc4/0x1b0 [ 204.730885][ T7934] ip6_send_skb+0xbb/0x350 [ 204.735311][ T7934] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 204.740777][ T7934] udpv6_sendmsg+0x21e3/0x28d0 [ 204.745538][ T7934] ? find_held_lock+0x35/0x130 [ 204.750301][ T7934] ? ip_reply_glue_bits+0xc0/0xc0 [ 204.755338][ T7934] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 204.761326][ T7934] ? aa_profile_af_perm+0x320/0x320 [ 204.766533][ T7934] ? __might_fault+0x12b/0x1e0 [ 204.771301][ T7934] ? find_held_lock+0x35/0x130 [ 204.776072][ T7934] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 204.782319][ T7934] ? rw_copy_check_uvector+0x2a6/0x330 [ 204.787814][ T7934] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 204.793362][ T7934] inet_sendmsg+0x147/0x5e0 [ 204.797869][ T7934] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 204.803847][ T7934] ? inet_sendmsg+0x147/0x5e0 [ 204.808529][ T7934] ? ipip_gro_receive+0x100/0x100 [ 204.813734][ T7934] sock_sendmsg+0xdd/0x130 [ 204.818158][ T7934] ___sys_sendmsg+0x3e2/0x930 [ 204.822850][ T7934] ? copy_msghdr_from_user+0x430/0x430 [ 204.828312][ T7934] ? __lock_acquire+0x548/0x3fb0 [ 204.833256][ T7934] ? lock_downgrade+0x880/0x880 [ 204.838104][ T7934] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.844367][ T7934] ? kasan_check_read+0x11/0x20 [ 204.849227][ T7934] ? __might_fault+0x12b/0x1e0 [ 204.853992][ T7934] ? find_held_lock+0x35/0x130 [ 204.858759][ T7934] ? __might_fault+0x12b/0x1e0 [ 204.863534][ T7934] ? lock_downgrade+0x880/0x880 [ 204.868406][ T7934] ? ___might_sleep+0x163/0x280 [ 204.873260][ T7934] __sys_sendmmsg+0x1bf/0x4d0 [ 204.877945][ T7934] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 204.882979][ T7934] ? _copy_to_user+0xc9/0x120 [ 204.887659][ T7934] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 204.893918][ T7934] ? put_timespec64+0xda/0x140 [ 204.898705][ T7934] ? nsecs_to_jiffies+0x30/0x30 [ 204.903571][ T7934] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.909032][ T7934] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.914492][ T7934] ? do_syscall_64+0x26/0x610 [ 204.919170][ T7934] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.925246][ T7934] ? do_syscall_64+0x26/0x610 [ 204.929947][ T7934] __x64_sys_sendmmsg+0x9d/0x100 [ 204.934886][ T7934] do_syscall_64+0x103/0x610 [ 204.939478][ T7934] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.945365][ T7934] RIP: 0033:0x4582b9 [ 204.949287][ T7934] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 204.968886][ T7934] RSP: 002b:00007f823001fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 204.977315][ T7934] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 204.985285][ T7934] RDX: 03fffffffffffe9f RSI: 00000000200092c0 RDI: 0000000000000003 [ 204.993269][ T7934] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 205.001248][ T7934] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f82300206d4 03:10:14 executing program 3: [ 205.009227][ T7934] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 205.042697][ T7934] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7934 [ 205.052244][ T7934] caller is ip6_finish_output+0x335/0xdc0 [ 205.058030][ T7934] CPU: 0 PID: 7934 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 205.067066][ T7934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 205.077134][ T7934] Call Trace: [ 205.080441][ T7934] dump_stack+0x172/0x1f0 [ 205.084806][ T7934] __this_cpu_preempt_check+0x246/0x270 [ 205.090363][ T7934] ip6_finish_output+0x335/0xdc0 [ 205.095310][ T7934] ip6_output+0x235/0x7f0 [ 205.099642][ T7934] ? ip6_finish_output+0xdc0/0xdc0 [ 205.104756][ T7934] ? ip6_fragment+0x3980/0x3980 [ 205.109609][ T7934] ? ip_reply_glue_bits+0xc0/0xc0 [ 205.114636][ T7934] ip6_local_out+0xc4/0x1b0 [ 205.119145][ T7934] ip6_send_skb+0xbb/0x350 [ 205.123580][ T7934] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 205.129046][ T7934] udpv6_sendmsg+0x21e3/0x28d0 [ 205.133806][ T7934] ? find_held_lock+0x35/0x130 [ 205.138568][ T7934] ? ip_reply_glue_bits+0xc0/0xc0 [ 205.143596][ T7934] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 205.149583][ T7934] ? aa_profile_af_perm+0x320/0x320 [ 205.154787][ T7934] ? __might_fault+0x12b/0x1e0 [ 205.159553][ T7934] ? find_held_lock+0x35/0x130 [ 205.164320][ T7934] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 205.170570][ T7934] ? rw_copy_check_uvector+0x2a6/0x330 [ 205.176058][ T7934] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 205.181605][ T7934] inet_sendmsg+0x147/0x5e0 [ 205.186110][ T7934] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 205.192097][ T7934] ? inet_sendmsg+0x147/0x5e0 [ 205.196775][ T7934] ? ipip_gro_receive+0x100/0x100 [ 205.201801][ T7934] sock_sendmsg+0xdd/0x130 [ 205.206231][ T7934] ___sys_sendmsg+0x3e2/0x930 [ 205.210929][ T7934] ? copy_msghdr_from_user+0x430/0x430 [ 205.216390][ T7934] ? __lock_acquire+0x548/0x3fb0 [ 205.221322][ T7934] ? lock_downgrade+0x880/0x880 [ 205.226168][ T7934] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 205.232413][ T7934] ? kasan_check_read+0x11/0x20 [ 205.237268][ T7934] ? __might_fault+0x12b/0x1e0 [ 205.242046][ T7934] ? find_held_lock+0x35/0x130 [ 205.246807][ T7934] ? __might_fault+0x12b/0x1e0 [ 205.251577][ T7934] ? lock_downgrade+0x880/0x880 [ 205.256438][ T7934] ? ___might_sleep+0x163/0x280 [ 205.261288][ T7934] __sys_sendmmsg+0x1bf/0x4d0 [ 205.265967][ T7934] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 205.271001][ T7934] ? _copy_to_user+0xc9/0x120 [ 205.275679][ T7934] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 205.281941][ T7934] ? put_timespec64+0xda/0x140 [ 205.286707][ T7934] ? nsecs_to_jiffies+0x30/0x30 [ 205.291583][ T7934] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 205.297042][ T7934] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 205.302519][ T7934] ? do_syscall_64+0x26/0x610 [ 205.307199][ T7934] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.313275][ T7934] ? do_syscall_64+0x26/0x610 [ 205.317960][ T7934] __x64_sys_sendmmsg+0x9d/0x100 [ 205.322896][ T7934] do_syscall_64+0x103/0x610 [ 205.327499][ T7934] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.333389][ T7934] RIP: 0033:0x4582b9 [ 205.337287][ T7934] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 205.356892][ T7934] RSP: 002b:00007f823001fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 205.365311][ T7934] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 205.373281][ T7934] RDX: 03fffffffffffe9f RSI: 00000000200092c0 RDI: 0000000000000003 [ 205.381251][ T7934] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 205.389222][ T7934] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f82300206d4 [ 205.397193][ T7934] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff 03:10:15 executing program 4: mkdir(&(0x7f0000578000)='./file0\x00', 0x0) getpgid(0x0) lsetxattr(&(0x7f0000000300)='./file0\x00', 0x0, &(0x7f00000003c0)='\x02\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00\x00\x00\x00\x00', 0x14, 0x0) r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x0, 0x0) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r0, 0x110, 0x4, &(0x7f0000000040)=0x2, 0x4) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer\x00', 0x20100, 0x0) r1 = syz_open_dev$ndb(&(0x7f00000000c0)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r1, 0xc0401273, &(0x7f0000000100)={[0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb900000000000000], 0x0, 0x81, 0x0, 0x3}) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) 03:10:15 executing program 3: bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x806) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat], 0x0}}], 0x0, 0x0, &(0x7f00000003c0)}) 03:10:15 executing program 0: clone(0x4000003102041ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() ioctl$PPPIOCGDEBUG(0xffffffffffffffff, 0x80047441, &(0x7f0000000040)) futex(&(0x7f0000000140)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x20) write$P9_RREAD(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="06a13877d91d08b154d5a1088aa72308fd9fbb061d1b2dc09075b0fe0000a67775c5417b9cd38f4f8c20a5a5ab6eda6495697c1ae2d037c1d8"], 0x39) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f00000000c0)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 205.699329][ T7961] binder: 7960:7961 transaction failed 29189/-22, size 24-0 line 2995 [ 205.729166][ T7969] binder: 7960:7969 transaction failed 29189/-22, size 24-0 line 2995 03:10:15 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(0xffffffffffffffff, 0x40106614, 0x0) ioctl$RTC_ALM_READ(0xffffffffffffffff, 0x80247008, 0x0) r1 = perf_event_open(&(0x7f0000000600)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x440, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000080)={0x400000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup2(r0, 0xffffffffffffffff) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, 0x0, &(0x7f00000005c0)) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000000780)={{{@in6, @in=@multicast1}}, {{@in6}, 0x0, @in=@loopback}}, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) pipe(&(0x7f0000000bc0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r4, &(0x7f00000001c0), 0x7ba27d3a) read(r3, &(0x7f0000000200)=""/250, 0x29e4ba6b) ioctl$SIOCGSTAMPNS(0xffffffffffffffff, 0x8907, &(0x7f0000000080)) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000240)) socket(0x40000000010, 0x2, 0xc) 03:10:15 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(0xffffffffffffffff, 0x40106614, 0x0) ioctl$RTC_ALM_READ(0xffffffffffffffff, 0x80247008, 0x0) r2 = perf_event_open(&(0x7f0000000600)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x440, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = perf_event_open(&(0x7f0000000080)={0x400000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r1, r1) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f0000000680)={{{@in=@multicast2, @in6=@loopback}}, {{@in=@dev}}}, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000000780)={{{@in6, @in=@multicast1}}, {{@in6}, 0x0, @in=@loopback}}, &(0x7f0000000880)=0xe8) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r3, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, r3) pipe(&(0x7f0000000bc0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r5, 0x0, r2) write(r5, &(0x7f00000001c0), 0x7ba27d3a) read(r4, &(0x7f0000000200)=""/250, 0x29e4ba6b) ioctl$SIOCGSTAMPNS(r0, 0x8907, &(0x7f0000000080)) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000200)={@initdev}, &(0x7f0000000240)=0x14) socket(0x40000000010, 0x2, 0xc) 03:10:15 executing program 4: mkdir(0x0, 0x0) mount(0x0, 0x0, &(0x7f0000018ffa)='ramfs\x00', 0x0, 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) ioctl(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000380)) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000100)) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xd) renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000000340)='./file0\x00', 0x0) fcntl$setlease(r0, 0x400, 0x1) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0) getresuid(0x0, 0x0, 0x0) getegid() sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) pivot_root(0x0, &(0x7f0000000000)='./file0\x00') ftruncate(0xffffffffffffffff, 0x208200) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000000)) write$uinput_user_dev(r1, &(0x7f0000000400)={'syz1\x00', {}, 0x25}, 0x45c) ioctl$UI_DEV_SETUP(r1, 0x5501, &(0x7f0000000300)={{}, 'syz0\x00'}) 03:10:15 executing program 5: [ 205.755965][ T7759] binder: undelivered TRANSACTION_ERROR: 29189 [ 205.767881][ T7759] binder: undelivered TRANSACTION_ERROR: 29189 [ 206.054452][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 206.060484][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 206.219404][ T7980] input: syz1 as /devices/virtual/input/input5 [ 206.294232][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 206.300088][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 206.498863][ T7980] input: syz1 as /devices/virtual/input/input6 [ 206.694210][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 206.700107][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 206.705994][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 206.711781][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:10:17 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$SIOCGSTAMP(r0, 0x8906, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendto$packet(r2, &(0x7f0000000180), 0x0, 0x4, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) prctl$PR_GET_NO_NEW_PRIVS(0x27) sendto$inet6(r3, 0x0, 0xb9, 0x20000001, &(0x7f0000000040)={0xa, 0x2, 0x8000000000, @ipv4={[], [], @empty}}, 0x1c) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) splice(r3, 0x0, r2, 0x0, 0x1000000000000003, 0x0) ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) getpgid(0x0) ioprio_get$pid(0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f00000003c0)) socket$inet6_udplite(0xa, 0x2, 0x88) prctl$PR_SET_PTRACER(0x59616d61, 0x0) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x80000) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, 0x0) ioctl$TCSETA(0xffffffffffffffff, 0x5406, 0x0) sendto$packet(r3, &(0x7f0000000340), 0xfffffffffffffd4d, 0x57, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'lo\x00'}) 03:10:17 executing program 5: r0 = socket(0x40000000010, 0x2, 0xc) write(r0, &(0x7f00000001c0)="1f0000000104ff00fd4354c007110000f305010008000100010423dcffdf00", 0x1f) write(r0, &(0x7f0000000200)="1f0000000104fffff13b54c007110009f30501000b00034002002023013860", 0x1f) 03:10:17 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x1, 0x4, &(0x7f0000346fc8)=ANY=[@ANYBLOB="1800000000000000000000000000000063014819000000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:10:17 executing program 4: syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/ptmx\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$binder(&(0x7f0000000180)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) write(r1, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 03:10:17 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10) sendmsg(r0, &(0x7f00000002c0)={&(0x7f0000000380)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)='\f', 0x1}], 0x1}, 0x0) [ 207.229440][ T8015] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.5'. 03:10:17 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$SIOCGSTAMP(r0, 0x8906, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendto$packet(r2, &(0x7f0000000180), 0x0, 0x4, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) prctl$PR_GET_NO_NEW_PRIVS(0x27) sendto$inet6(r3, 0x0, 0xb9, 0x20000001, &(0x7f0000000040)={0xa, 0x2, 0x8000000000, @ipv4={[], [], @empty}}, 0x1c) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) splice(r3, 0x0, r2, 0x0, 0x1000000000000003, 0x0) ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) getpgid(0x0) ioprio_get$pid(0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f00000003c0)) socket$inet6_udplite(0xa, 0x2, 0x88) prctl$PR_SET_PTRACER(0x59616d61, 0x0) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x80000) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, 0x0) ioctl$TCSETA(0xffffffffffffffff, 0x5406, 0x0) sendto$packet(r3, &(0x7f0000000340), 0xfffffffffffffd4d, 0x57, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'lo\x00'}) 03:10:17 executing program 0: r0 = syz_open_dev$ndb(&(0x7f00000000c0)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) getsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0401273, &(0x7f0000000100)={[0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb900000000000000], 0x0, 0x81, 0xb}) [ 207.275466][ T8020] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 207.310701][ T8020] netlink: 'syz-executor.5': attribute type 3 has an invalid length. 03:10:17 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10) sendmsg(r0, &(0x7f00000002c0)={&(0x7f0000000380)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)='\f', 0x1}], 0x1}, 0x0) [ 207.344250][ T8015] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.5'. 03:10:17 executing program 0: ptrace$setregs(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$ndb(&(0x7f00000000c0)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) 03:10:17 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r0, 0x8010aa02, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) rt_tgsigqueueinfo(0x0, 0x0, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSCTTY(0xffffffffffffffff, 0x540e, 0x0) ptrace(0xffffffffffffffff, 0x0) wait4(0x0, 0x0, 0x0, 0x0) 03:10:17 executing program 0: pipe(&(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000040)=0x72, 0x4) bind$inet(r3, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0x3ff}]}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x8001, 0x0) 03:10:17 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10) sendmsg(r0, &(0x7f00000002c0)={&(0x7f0000000380)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)='\f', 0x1}], 0x1}, 0x0) 03:10:20 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$SIOCGSTAMP(r0, 0x8906, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendto$packet(r2, &(0x7f0000000180), 0x0, 0x4, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) prctl$PR_GET_NO_NEW_PRIVS(0x27) sendto$inet6(r3, 0x0, 0xb9, 0x20000001, &(0x7f0000000040)={0xa, 0x2, 0x8000000000, @ipv4={[], [], @empty}}, 0x1c) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) splice(r3, 0x0, r2, 0x0, 0x1000000000000003, 0x0) ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) getpgid(0x0) ioprio_get$pid(0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f00000003c0)) socket$inet6_udplite(0xa, 0x2, 0x88) prctl$PR_SET_PTRACER(0x59616d61, 0x0) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x80000) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, 0x0) ioctl$TCSETA(0xffffffffffffffff, 0x5406, 0x0) sendto$packet(r3, &(0x7f0000000340), 0xfffffffffffffd4d, 0x57, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'lo\x00'}) 03:10:20 executing program 5: socket$unix(0x1, 0xfffffffffffffffa, 0x0) r0 = getpgid(0x0) ptrace$setregs(0xf, r0, 0xf2, 0x0) lsetxattr(&(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$RXRPC_MIN_SECURITY_LEVEL(0xffffffffffffffff, 0x110, 0x4, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer\x00', 0x20100, 0x0) write$P9_RLCREATE(r1, 0x0, 0xffffffffffffff5c) getpid() r2 = syz_open_dev$ndb(&(0x7f00000000c0)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) getsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r2, 0xc0401273, &(0x7f0000000100)={[0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb900000000000000], 0x0, 0x81, 0xb}) ioctl$BLKTRACETEARDOWN(r2, 0x1276, 0x0) 03:10:20 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10) sendmsg(r0, &(0x7f00000002c0)={&(0x7f0000000380)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)='\f', 0x1}], 0x1}, 0x0) 03:10:20 executing program 1: lsetxattr(0x0, 0x0, 0x0, 0x0, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$RXRPC_MIN_SECURITY_LEVEL(0xffffffffffffffff, 0x110, 0x4, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer\x00', 0x20100, 0x0) r0 = syz_open_dev$ndb(&(0x7f00000000c0)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0401273, &(0x7f0000000100)={[0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb900000000000000], 0x0, 0x0, 0x0, 0x3}) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) 03:10:20 executing program 4: r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_execute_func(&(0x7f0000000000)="f3e100def9575c8ac2c2c9734e424a2664f0ff064a460f3038082e67660e50e94d00c9c9c4625dbae5feabc4aba39ddf4507e50c420fae9972b571112d02") io_setup(0x0, 0x0) setxattr$security_evm(&(0x7f0000000200)='./bus\x00', 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) prctl$PR_MPX_ENABLE_MANAGEMENT(0x2b) stat(0x0, 0x0) lchown(&(0x7f00000001c0)='./bus\x00', 0x0, 0x0) creat(0x0, 0x0) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r2, 0x29, 0xd2, &(0x7f0000000240)={{0xa, 0x4e23, 0x7, @ipv4={[], [], @broadcast}, 0x3}, {0xa, 0x0, 0x17, @loopback, 0x7f}, 0x0, [0x5b, 0x0, 0x1, 0xffffffffffffffff, 0x1, 0x0, 0x7, 0xc9]}, 0x5c) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$sock_int(r1, 0x1, 0x21, &(0x7f0000000000), 0x4) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r3 = open(&(0x7f0000000100)='./file0\x00', 0x20141042, 0x1000000000000) r4 = getpgid(0x0) ioctl$sock_SIOCSPGRP(r3, 0x8902, &(0x7f0000000500)=r4) ioctl$GIO_CMAP(r2, 0x4b70, &(0x7f0000000540)) prctl$PR_GET_KEEPCAPS(0x7) ftruncate(r3, 0x80080) sendfile(r2, r3, 0x0, 0x2008000fffffffe) accept4$packet(r0, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, 0x0, 0x0) getsockopt$EBT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x81, 0x0, &(0x7f00000004c0)) 03:10:20 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000140)='cgroup.subtree_control\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)={[{0x2b, 'pids'}]}, 0x6) 03:10:20 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000140)='cgroup.subtree_control\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)={[{0x2b, 'pids'}]}, 0x6) 03:10:20 executing program 5: sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = gettid() r1 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001080)}, 0x20420}, 0x0, 0x0, 0xffffffffffffffff, 0x0) unshare(0x40000000) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0xbffd) fcntl$setownex(r2, 0xf, &(0x7f0000000580)={0x3, r0}) write$P9_RREADDIR(r2, 0x0, 0xfffffffffffffec9) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000180), &(0x7f0000000240)=0xc) statx(0xffffffffffffffff, &(0x7f0000000280)='./bus\x00', 0x0, 0x4, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000004c0)='\x96\xd7#1g\xefse\x83\xb0\x11sJ[\xa2\b\x00\x00\x00\xf97\x87;:\x85e5m\x8d\x95\xf64\xb8\xe9\x8c9\x18\xef@\xb61\x12^(\xb6\x02\xecu\xed\xd1U7\xd0Ac\x00\xe7N\x03\x9c\xf8k\xb8\x95\x9e\xb9A\x10\xae\xe1') syz_open_dev$evdev(0x0, 0x0, 0x0) accept(0xffffffffffffff9c, 0x0, 0x0) r6 = dup(r3) ioctl$SNDRV_TIMER_IOCTL_PVERSION(r5, 0x80045400, &(0x7f0000000300)) r7 = creat(&(0x7f0000000700)='./bus\x00', 0x0) stat(&(0x7f00000003c0)='./bus\x00', &(0x7f0000000440)) ftruncate(r7, 0x208200) r8 = open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0) r9 = epoll_create(0xd1fd) r10 = openat$smack_task_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/current\x00', 0x2, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x2) clock_gettime(0x0, &(0x7f0000000200)={0x0, 0x0}) ppoll(&(0x7f0000000140)=[{r10, 0x20}, {r1, 0x4408}, {r6, 0x8000}, {r3, 0x132}, {r9, 0x8080}, {r4, 0x2}], 0x6, &(0x7f0000000380)={r11, r12+10000000}, &(0x7f0000000540)={0x20}, 0x8) fremovexattr(0xffffffffffffffff, &(0x7f0000000400)=@known='com.apple.FinderInfo\x00') mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r8, 0x0) write$P9_RVERSION(r6, &(0x7f00000002c0)=ANY=[@ANYBLOB="150000ebd6038709c3421b08003950323030302e75"], 0x15) 03:10:20 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x80001, 0x84) sendmsg(r0, &(0x7f00000002c0)={&(0x7f0000000380)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)='\f', 0x1}], 0x1}, 0x0) [ 210.452663][ T8078] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 03:10:20 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000280)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000440)=[{&(0x7f0000000400)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) write$binfmt_elf32(r1, &(0x7f0000000300)=ANY=[@ANYBLOB='oELF'], 0x4) utime(&(0x7f0000000100)='./file0\x00', &(0x7f0000000080)={0xfffffffffffffffc}) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) 03:10:20 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10) r1 = socket$inet(0x2, 0x1, 0x84) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e20, @local}, 0x10) [ 210.749099][ T23] audit: type=1804 audit(1554693020.901:34): pid=8092 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir046359781/syzkaller.xXvWlj/22/file0/file0" dev="sda1" ino=16585 res=1 [ 210.790101][ T8078] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8078 [ 210.800129][ T8078] caller is ip6_finish_output+0x335/0xdc0 [ 210.806090][ T8078] CPU: 1 PID: 8078 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 210.815124][ T8078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 210.825196][ T8078] Call Trace: [ 210.828631][ T8078] dump_stack+0x172/0x1f0 [ 210.832981][ T8078] __this_cpu_preempt_check+0x246/0x270 [ 210.838545][ T8078] ip6_finish_output+0x335/0xdc0 [ 210.843594][ T8078] ip6_output+0x235/0x7f0 [ 210.846826][ T8085] IPVS: ftp: loaded support on port[0] = 21 [ 210.847935][ T8078] ? ip6_finish_output+0xdc0/0xdc0 [ 210.847968][ T8078] ? ip6_fragment+0x3980/0x3980 [ 210.848016][ T8078] ? virtballoon_remove+0x1b8/0x260 [ 210.848036][ T8078] ip6_xmit+0xe41/0x20c0 [ 210.848061][ T8078] ? ip6_finish_output2+0x2550/0x2550 [ 210.878672][ T8078] ? retint_kernel+0x2d/0x2d [ 210.883367][ T8078] ? ip6_setup_cork+0x1870/0x1870 [ 210.888430][ T8078] ? inet6_csk_xmit+0x3b9/0x5d0 [ 210.893314][ T8078] ? virtballoon_remove+0x160/0x260 [ 210.898527][ T8078] inet6_csk_xmit+0x2fb/0x5d0 [ 210.903227][ T8078] ? inet6_csk_update_pmtu+0x190/0x190 [ 210.908708][ T8078] ? inet6_csk_update_pmtu+0x190/0x190 [ 210.914194][ T8078] __tcp_transmit_skb+0x1a32/0x3750 [ 210.919426][ T8078] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 210.924905][ T8078] ? __tcp_select_window+0x8b0/0x8b0 [ 210.930205][ T8078] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 210.936657][ T8078] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 210.942130][ T8078] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 210.948387][ T8078] tcp_connect+0x1e47/0x4280 [ 210.952997][ T8078] ? tcp_push_one+0x110/0x110 [ 210.957681][ T8078] ? retint_kernel+0x2d/0x2d [ 210.962290][ T8078] ? tcp_v6_connect+0x1503/0x20a0 [ 210.967348][ T8078] tcp_v6_connect+0x150b/0x20a0 [ 210.972209][ T8078] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 210.977606][ T8078] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 210.982902][ T8078] ? retint_kernel+0x2d/0x2d [ 210.987514][ T8078] ? __sanitizer_cov_trace_pc+0x8/0x50 [ 210.992991][ T8078] __inet_stream_connect+0x83f/0xea0 [ 210.998320][ T8078] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 211.003708][ T8078] ? __inet_stream_connect+0x83f/0xea0 [ 211.009195][ T8078] ? inet_dgram_connect+0x2e0/0x2e0 [ 211.014424][ T8078] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 211.014441][ T8078] ? rcu_read_lock_sched_held+0x110/0x130 [ 211.014461][ T8078] ? kmem_cache_alloc_trace+0x354/0x760 [ 211.014476][ T8078] ? __lock_acquire+0x548/0x3fb0 [ 211.014503][ T8078] ? trace_hardirqs_on_caller+0x6a/0x220 [ 211.014526][ T8078] tcp_sendmsg_locked+0x231f/0x37f0 [ 211.014542][ T8078] ? mark_held_locks+0xf0/0xf0 [ 211.014562][ T8078] ? mark_held_locks+0xa4/0xf0 [ 211.014581][ T8078] ? tcp_sendpage+0x60/0x60 [ 211.014598][ T8078] ? lock_sock_nested+0x9a/0x120 [ 211.014613][ T8078] ? trace_hardirqs_on+0x67/0x230 [ 211.014626][ T8078] ? lock_sock_nested+0x9a/0x120 [ 211.014643][ T8078] ? __local_bh_enable_ip+0x15a/0x270 [ 211.014665][ T8078] tcp_sendmsg+0x30/0x50 [ 211.014681][ T8078] inet_sendmsg+0x147/0x5e0 [ 211.014695][ T8078] ? ipip_gro_receive+0x100/0x100 [ 211.014713][ T8078] sock_sendmsg+0xdd/0x130 [ 211.014732][ T8078] __sys_sendto+0x262/0x380 [ 211.014760][ T8078] ? __ia32_sys_getpeername+0xb0/0xb0 [ 211.014779][ T8078] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 211.014806][ T8078] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 211.014829][ T8078] ? retint_kernel+0x2d/0x2d [ 211.014849][ T8078] ? __sys_sendto+0x380/0x380 [ 211.014872][ T8078] __x64_sys_sendto+0xe1/0x1a0 [ 211.014893][ T8078] do_syscall_64+0x103/0x610 [ 211.014916][ T8078] entry_SYSCALL_64_after_hwframe+0x49/0xbe 03:10:21 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000007f80)=[{&(0x7f00000001c0)='\f', 0x1}], 0x1}, 0x0) r0 = socket$inet(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f000001afc8)={&(0x7f0000006000)=@in={0x2, 0x0, @loopback}, 0x80, 0x0}, 0x0) [ 211.014927][ T8078] RIP: 0033:0x4582b9 [ 211.014943][ T8078] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 211.061377][ T8078] RSP: 002b:00007f8f02f41c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 211.061393][ T8078] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 211.061401][ T8078] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 211.061411][ T8078] RBP: 000000000073bfa0 R08: 00000000208d4fe4 R09: 000000000000001c [ 211.061420][ T8078] R10: 0000000020000008 R11: 0000000000000246 R12: 00007f8f02f426d4 [ 211.061430][ T8078] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 211.161136][ T8078] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8078 [ 211.187853][ T8078] caller is ip6_finish_output+0x335/0xdc0 [ 211.187907][ T8078] CPU: 1 PID: 8078 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 211.187916][ T8078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 211.187921][ T8078] Call Trace: [ 211.187940][ T8078] dump_stack+0x172/0x1f0 [ 211.187962][ T8078] __this_cpu_preempt_check+0x246/0x270 [ 211.187981][ T8078] ip6_finish_output+0x335/0xdc0 [ 211.188003][ T8078] ip6_output+0x235/0x7f0 [ 211.188021][ T8078] ? ip6_finish_output+0xdc0/0xdc0 [ 211.188040][ T8078] ? ip6_fragment+0x3980/0x3980 [ 211.188085][ T8078] ? rebind_store+0x148/0x250 [ 211.188106][ T8078] ip6_xmit+0xe41/0x20c0 [ 211.188133][ T8078] ? ip6_finish_output2+0x2550/0x2550 [ 211.188155][ T8078] ? mark_held_locks+0xf0/0xf0 [ 211.204547][ T8078] ? ip6_setup_cork+0x1870/0x1870 [ 211.204575][ T8078] ? rebind_store+0xf0/0x250 [ 211.204596][ T8078] inet6_csk_xmit+0x2fb/0x5d0 [ 211.204615][ T8078] ? inet6_csk_update_pmtu+0x190/0x190 [ 211.204649][ T8078] __tcp_transmit_skb+0x1a32/0x3750 [ 211.204676][ T8078] ? __tcp_select_window+0x8b0/0x8b0 [ 211.204691][ T8078] ? retint_kernel+0x2d/0x2d [ 211.204720][ T8078] tcp_send_synack+0x4b0/0x15b0 [ 211.204744][ T8078] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 211.204765][ T8078] ? tcp_send_active_reset+0x8e0/0x8e0 [ 211.220767][ T8078] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 211.220783][ T8078] ? tcp_sync_mss+0x2ee/0xa30 [ 211.220803][ T8078] tcp_rcv_state_process+0x225d/0x4d93 [ 211.220838][ T8078] ? __irqentry_text_end+0xac26/0x1fac62 [ 211.220855][ T8078] ? tcp_finish_connect+0x510/0x510 [ 211.220871][ T8078] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 211.220890][ T8078] ? retint_kernel+0x2d/0x2d [ 211.220919][ T8078] tcp_v6_do_rcv+0x7da/0x12c0 [ 211.220931][ T8078] ? tcp_v6_do_rcv+0x7da/0x12c0 [ 211.220954][ T8078] __release_sock+0x12e/0x3a0 [ 211.220974][ T8078] release_sock+0x59/0x1c0 [ 211.220993][ T8078] __inet_stream_connect+0x59f/0xea0 [ 211.221017][ T8078] ? inet_dgram_connect+0x2e0/0x2e0 [ 211.221034][ T8078] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 211.221056][ T8078] ? do_wait_intr_irq+0x2b0/0x2b0 [ 211.221072][ T8078] ? __lock_acquire+0x548/0x3fb0 [ 211.221087][ T8078] ? trace_hardirqs_on_caller+0x6a/0x220 [ 211.221110][ T8078] tcp_sendmsg_locked+0x231f/0x37f0 [ 211.221127][ T8078] ? mark_held_locks+0xf0/0xf0 [ 211.221147][ T8078] ? mark_held_locks+0xa4/0xf0 [ 211.221167][ T8078] ? tcp_sendpage+0x60/0x60 [ 211.221180][ T8078] ? lock_sock_nested+0x9a/0x120 [ 211.221201][ T8078] ? trace_hardirqs_on+0x67/0x230 [ 211.245270][ T8078] ? lock_sock_nested+0x9a/0x120 [ 211.245288][ T8078] ? __local_bh_enable_ip+0x15a/0x270 [ 211.245312][ T8078] tcp_sendmsg+0x30/0x50 [ 211.245328][ T8078] inet_sendmsg+0x147/0x5e0 [ 211.245339][ T8078] ? ipip_gro_receive+0x100/0x100 [ 211.245355][ T8078] sock_sendmsg+0xdd/0x130 [ 211.245373][ T8078] __sys_sendto+0x262/0x380 [ 211.245392][ T8078] ? __ia32_sys_getpeername+0xb0/0xb0 [ 211.245410][ T8078] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 211.245438][ T8078] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 211.245460][ T8078] ? retint_kernel+0x2d/0x2d [ 211.245481][ T8078] ? __sys_sendto+0x380/0x380 [ 211.245502][ T8078] __x64_sys_sendto+0xe1/0x1a0 [ 211.245522][ T8078] do_syscall_64+0x103/0x610 [ 211.245540][ T8078] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 211.245553][ T8078] RIP: 0033:0x4582b9 [ 211.245570][ T8078] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 211.245577][ T8078] RSP: 002b:00007f8f02f41c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 211.245592][ T8078] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 211.245600][ T8078] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 211.245609][ T8078] RBP: 000000000073bfa0 R08: 00000000208d4fe4 R09: 000000000000001c [ 211.245617][ T8078] R10: 0000000020000008 R11: 0000000000000246 R12: 00007f8f02f426d4 [ 211.245626][ T8078] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 211.263026][ T8078] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8078 [ 211.270627][ T8078] caller is ip6_finish_output+0x335/0xdc0 [ 211.270696][ T8078] CPU: 1 PID: 8078 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 211.298760][ T8078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 211.298766][ T8078] Call Trace: [ 211.298791][ T8078] dump_stack+0x172/0x1f0 [ 211.298816][ T8078] __this_cpu_preempt_check+0x246/0x270 [ 211.298837][ T8078] ip6_finish_output+0x335/0xdc0 [ 211.298860][ T8078] ip6_output+0x235/0x7f0 [ 211.298880][ T8078] ? ip6_finish_output+0xdc0/0xdc0 [ 211.298900][ T8078] ? ip6_fragment+0x3980/0x3980 [ 211.298936][ T8078] ? xhci_endpoint_reset+0x58/0x890 [ 211.314136][ T8078] ip6_xmit+0xe41/0x20c0 [ 211.314164][ T8078] ? ip6_finish_output2+0x2550/0x2550 [ 211.314183][ T8078] ? retint_kernel+0x2d/0x2d [ 211.314198][ T8078] ? ip6_setup_cork+0x1870/0x1870 [ 211.314237][ T8078] ? xhci_get_endpoint_flag+0xc0/0xc0 [ 211.314258][ T8078] inet6_csk_xmit+0x2fb/0x5d0 [ 211.314276][ T8078] ? inet6_csk_update_pmtu+0x190/0x190 [ 211.314299][ T8078] ? csum_ipv6_magic+0x20/0x80 [ 211.314324][ T8078] __tcp_transmit_skb+0x1a32/0x3750 [ 211.314350][ T8078] ? __tcp_select_window+0x8b0/0x8b0 [ 211.314361][ T8078] ? retint_kernel+0x2d/0x2d [ 211.314387][ T8078] ? __alloc_skb+0x3d0/0x5e0 [ 211.314406][ T8078] __tcp_send_ack.part.0+0x3c6/0x5b0 [ 211.314425][ T8078] tcp_send_ack+0x88/0xa0 [ 211.314441][ T8078] tcp_send_challenge_ack.isra.0+0x250/0x300 [ 211.314458][ T8078] tcp_validate_incoming+0x55e/0x1660 [ 211.314481][ T8078] tcp_rcv_state_process+0xb6b/0x4d93 [ 211.314509][ T8078] ? mark_lock+0x1352/0x1380 [ 211.344267][ T8078] ? tcp_finish_connect+0x510/0x510 [ 211.344284][ T8078] ? lockdep_hardirqs_on+0x418/0x5d0 [ 211.344299][ T8078] ? retint_kernel+0x2d/0x2d [ 211.344315][ T8078] ? trace_hardirqs_on_caller+0x6a/0x220 [ 211.344334][ T8078] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 211.344353][ T8078] ? retint_kernel+0x2d/0x2d [ 211.344371][ T8078] tcp_v6_do_rcv+0x7da/0x12c0 [ 211.344385][ T8078] ? tcp_v6_do_rcv+0x7da/0x12c0 [ 211.344407][ T8078] __release_sock+0x12e/0x3a0 [ 211.344431][ T8078] release_sock+0x59/0x1c0 [ 211.344450][ T8078] __inet_stream_connect+0x59f/0xea0 [ 211.344474][ T8078] ? inet_dgram_connect+0x2e0/0x2e0 [ 211.344491][ T8078] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 211.344506][ T8078] ? do_wait_intr_irq+0x2b0/0x2b0 [ 211.344521][ T8078] ? __lock_acquire+0x548/0x3fb0 [ 211.344535][ T8078] ? trace_hardirqs_on_caller+0x6a/0x220 [ 211.344556][ T8078] tcp_sendmsg_locked+0x231f/0x37f0 [ 211.344573][ T8078] ? mark_held_locks+0xf0/0xf0 [ 211.344593][ T8078] ? mark_held_locks+0xa4/0xf0 [ 211.344612][ T8078] ? tcp_sendpage+0x60/0x60 [ 211.344626][ T8078] ? lock_sock_nested+0x9a/0x120 [ 211.344640][ T8078] ? trace_hardirqs_on+0x67/0x230 [ 211.344655][ T8078] ? lock_sock_nested+0x9a/0x120 [ 211.344672][ T8078] ? __local_bh_enable_ip+0x15a/0x270 [ 211.344693][ T8078] tcp_sendmsg+0x30/0x50 [ 211.344709][ T8078] inet_sendmsg+0x147/0x5e0 [ 211.344723][ T8078] ? ipip_gro_receive+0x100/0x100 [ 211.344748][ T8078] sock_sendmsg+0xdd/0x130 [ 211.344767][ T8078] __sys_sendto+0x262/0x380 [ 211.344786][ T8078] ? __ia32_sys_getpeername+0xb0/0xb0 [ 211.344811][ T8078] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 211.355113][ T8078] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 211.355135][ T8078] ? retint_kernel+0x2d/0x2d [ 211.355167][ T8078] ? __sys_sendto+0x380/0x380 [ 211.366867][ T8078] __x64_sys_sendto+0xe1/0x1a0 [ 211.366889][ T8078] do_syscall_64+0x103/0x610 [ 211.366909][ T8078] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 211.366920][ T8078] RIP: 0033:0x4582b9 [ 211.366935][ T8078] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 211.366943][ T8078] RSP: 002b:00007f8f02f41c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 211.366956][ T8078] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 211.366965][ T8078] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 211.366974][ T8078] RBP: 000000000073bfa0 R08: 00000000208d4fe4 R09: 000000000000001c [ 211.366983][ T8078] R10: 0000000020000008 R11: 0000000000000246 R12: 00007f8f02f426d4 [ 211.366992][ T8078] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 211.510368][ T8080] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8080 [ 211.523306][ T8080] caller is ip6_finish_output+0x335/0xdc0 [ 211.523327][ T8080] CPU: 1 PID: 8080 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 211.523344][ T8080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 211.534241][ T8080] Call Trace: [ 211.534265][ T8080] dump_stack+0x172/0x1f0 [ 211.534287][ T8080] __this_cpu_preempt_check+0x246/0x270 [ 211.534307][ T8080] ip6_finish_output+0x335/0xdc0 [ 211.534327][ T8080] ip6_output+0x235/0x7f0 [ 211.534345][ T8080] ? ip6_finish_output+0xdc0/0xdc0 [ 211.534365][ T8080] ? ip6_fragment+0x3980/0x3980 [ 211.534381][ T8080] ? virtballoon_remove+0x1b8/0x260 [ 211.534408][ T8080] ip6_xmit+0xe41/0x20c0 [ 211.548412][ T8080] ? ip6_finish_output2+0x2550/0x2550 [ 211.548433][ T8080] ? mark_held_locks+0xf0/0xf0 [ 211.558904][ T8080] ? ip6_setup_cork+0x1870/0x1870 [ 211.558929][ T8080] ? virtballoon_remove+0x160/0x260 [ 211.558949][ T8080] inet6_csk_xmit+0x2fb/0x5d0 [ 211.558966][ T8080] ? inet6_csk_update_pmtu+0x190/0x190 [ 211.558981][ T8080] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 211.559002][ T8080] ? csum_ipv6_magic+0x20/0x80 [ 211.559026][ T8080] __tcp_transmit_skb+0x1a32/0x3750 [ 211.559051][ T8080] ? __tcp_select_window+0x8b0/0x8b0 [ 211.559064][ T8080] ? lockdep_hardirqs_on+0x418/0x5d0 [ 211.559084][ T8080] ? trace_hardirqs_on+0x67/0x230 [ 211.582685][ T8080] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 211.582704][ T8080] tcp_write_xmit+0xe39/0x5660 [ 211.582717][ T8080] ? tcp_current_mss+0x239/0x390 [ 211.582754][ T8080] tcp_push_one+0xd7/0x110 [ 211.582771][ T8080] do_tcp_sendpages+0x115b/0x1b80 [ 211.582798][ T8080] ? sk_stream_alloc_skb+0xd10/0xd10 [ 211.582813][ T8080] ? __local_bh_enable_ip+0x15a/0x270 [ 211.582830][ T8080] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 211.582849][ T8080] tcp_sendpage_locked+0x84/0xd0 [ 211.582865][ T8080] tcp_sendpage+0x3f/0x60 [ 211.582878][ T8080] ? tcp_sendpage_locked+0xd0/0xd0 [ 211.582891][ T8080] inet_sendpage+0x16b/0x630 [ 211.582913][ T8080] kernel_sendpage+0x95/0xf0 [ 211.582923][ T8080] ? inet_sendmsg+0x5e0/0x5e0 [ 211.582939][ T8080] sock_sendpage+0x8b/0xc0 [ 211.582973][ T8080] pipe_to_sendpage+0x299/0x370 [ 211.582989][ T8080] ? kernel_sendpage+0xf0/0xf0 [ 211.583004][ T8080] ? direct_splice_actor+0x1a0/0x1a0 [ 211.583018][ T8080] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 211.583031][ T8080] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 211.583043][ T8080] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 211.583061][ T8080] __splice_from_pipe+0x395/0x7d0 [ 211.583076][ T8080] ? direct_splice_actor+0x1a0/0x1a0 [ 211.583096][ T8080] ? direct_splice_actor+0x1a0/0x1a0 [ 211.583109][ T8080] splice_from_pipe+0x108/0x170 [ 211.583125][ T8080] ? splice_shrink_spd+0xd0/0xd0 [ 211.583153][ T8080] generic_splice_sendpage+0x3c/0x50 [ 211.583175][ T8080] ? splice_from_pipe+0x170/0x170 [ 211.599568][ T8080] direct_splice_actor+0x126/0x1a0 [ 211.599597][ T8080] splice_direct_to_actor+0x369/0x970 [ 211.615533][ T8080] ? generic_pipe_buf_nosteal+0x10/0x10 [ 211.615555][ T8080] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 211.615568][ T8080] ? do_splice_to+0x190/0x190 [ 211.615587][ T8080] ? rw_verify_area+0x118/0x360 [ 211.615604][ T8080] do_splice_direct+0x1da/0x2a0 [ 211.615621][ T8080] ? splice_direct_to_actor+0x970/0x970 [ 211.615645][ T8080] ? rw_verify_area+0x118/0x360 [ 211.615667][ T8080] do_sendfile+0x597/0xd00 [ 211.631618][ T8080] ? do_compat_pwritev64+0x1c0/0x1c0 [ 211.631640][ T8080] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 211.646617][ T8080] ? put_timespec64+0xda/0x140 [ 211.646645][ T8080] __x64_sys_sendfile64+0x1dd/0x220 [ 211.646664][ T8080] ? __ia32_sys_sendfile+0x230/0x230 [ 211.646679][ T8080] ? do_syscall_64+0x26/0x610 [ 211.646693][ T8080] ? lockdep_hardirqs_on+0x418/0x5d0 [ 211.646708][ T8080] ? trace_hardirqs_on+0x67/0x230 [ 211.646727][ T8080] do_syscall_64+0x103/0x610 [ 211.646754][ T8080] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 211.646766][ T8080] RIP: 0033:0x4582b9 [ 211.646779][ T8080] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 211.646785][ T8080] RSP: 002b:00007f8f02f20c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 211.646798][ T8080] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 211.646805][ T8080] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 211.646813][ T8080] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 211.646821][ T8080] R10: 02008000fffffffe R11: 0000000000000246 R12: 00007f8f02f216d4 [ 211.646829][ T8080] R13: 00000000004c5227 R14: 00000000004d9368 R15: 00000000ffffffff [ 211.666893][ T8090] IPVS: ftp: loaded support on port[0] = 21 [ 211.749200][ T8080] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8080 [ 211.749237][ T8080] caller is ip6_finish_output+0x335/0xdc0 [ 211.749253][ T8080] CPU: 1 PID: 8080 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 211.749261][ T8080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 211.749267][ T8080] Call Trace: [ 211.749286][ T8080] dump_stack+0x172/0x1f0 [ 211.749309][ T8080] __this_cpu_preempt_check+0x246/0x270 [ 211.749326][ T8080] ip6_finish_output+0x335/0xdc0 [ 211.749347][ T8080] ip6_output+0x235/0x7f0 [ 211.759214][ T8080] ? ip6_finish_output+0xdc0/0xdc0 [ 211.759246][ T8080] ? ip6_fragment+0x3980/0x3980 [ 211.759268][ T8080] ip6_xmit+0xe41/0x20c0 [ 211.769126][ T8080] ? ip6_finish_output2+0x2550/0x2550 [ 211.769144][ T8080] ? mark_held_locks+0xf0/0xf0 [ 211.769162][ T8080] ? ip6_setup_cork+0x1870/0x1870 [ 211.769179][ T8080] ? inet6_csk_route_socket+0x715/0xf40 [ 211.769209][ T8080] inet6_csk_xmit+0x2fb/0x5d0 [ 211.779515][ T8080] ? inet6_csk_update_pmtu+0x190/0x190 [ 211.779532][ T8080] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 211.779554][ T8080] ? csum_ipv6_magic+0x20/0x80 [ 211.790291][ T8080] __tcp_transmit_skb+0x1a32/0x3750 [ 211.790318][ T8080] ? __tcp_select_window+0x8b0/0x8b0 [ 211.800093][ T8080] ? lockdep_hardirqs_on+0x418/0x5d0 [ 211.800111][ T8080] ? trace_hardirqs_on+0x67/0x230 [ 211.800132][ T8080] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 211.809991][ T8080] tcp_write_xmit+0xe39/0x5660 [ 211.810026][ T8080] __tcp_push_pending_frames+0xb4/0x350 [ 211.821087][ T8080] do_tcp_sendpages+0x167b/0x1b80 [ 211.821118][ T8080] ? sk_stream_alloc_skb+0xd10/0xd10 [ 211.830358][ T8080] ? __local_bh_enable_ip+0x15a/0x270 [ 211.830382][ T8080] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 211.830404][ T8080] tcp_sendpage_locked+0x84/0xd0 [ 211.840001][ T8080] tcp_sendpage+0x3f/0x60 [ 211.840017][ T8080] ? tcp_sendpage_locked+0xd0/0xd0 [ 211.840036][ T8080] inet_sendpage+0x16b/0x630 [ 211.849727][ T8080] kernel_sendpage+0x95/0xf0 [ 211.849747][ T8080] ? inet_sendmsg+0x5e0/0x5e0 [ 211.849768][ T8080] sock_sendpage+0x8b/0xc0 [ 211.860356][ T8080] pipe_to_sendpage+0x299/0x370 [ 211.860375][ T8080] ? kernel_sendpage+0xf0/0xf0 [ 211.860394][ T8080] ? direct_splice_actor+0x1a0/0x1a0 [ 211.870335][ T8080] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 211.870352][ T8080] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 211.870372][ T8080] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 211.881194][ T8080] __splice_from_pipe+0x395/0x7d0 [ 211.881212][ T8080] ? direct_splice_actor+0x1a0/0x1a0 [ 211.881242][ T8080] ? direct_splice_actor+0x1a0/0x1a0 [ 211.890756][ T8080] splice_from_pipe+0x108/0x170 [ 211.890776][ T8080] ? splice_shrink_spd+0xd0/0xd0 [ 211.890803][ T8080] generic_splice_sendpage+0x3c/0x50 [ 211.900212][ T8080] ? splice_from_pipe+0x170/0x170 [ 211.900241][ T8080] direct_splice_actor+0x126/0x1a0 [ 211.900262][ T8080] splice_direct_to_actor+0x369/0x970 [ 211.910297][ T8080] ? generic_pipe_buf_nosteal+0x10/0x10 [ 211.910323][ T8080] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 211.919913][ T8080] ? do_splice_to+0x190/0x190 [ 211.919935][ T8080] ? rw_verify_area+0x118/0x360 [ 211.919953][ T8080] do_splice_direct+0x1da/0x2a0 [ 211.929464][ T8080] ? splice_direct_to_actor+0x970/0x970 [ 211.929490][ T8080] ? rw_verify_area+0x118/0x360 [ 211.938386][ T8080] do_sendfile+0x597/0xd00 [ 211.938411][ T8080] ? do_compat_pwritev64+0x1c0/0x1c0 [ 211.938425][ T8080] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 211.938439][ T8080] ? put_timespec64+0xda/0x140 [ 211.938463][ T8080] __x64_sys_sendfile64+0x1dd/0x220 [ 211.938484][ T8080] ? __ia32_sys_sendfile+0x230/0x230 [ 211.949291][ T8080] ? do_syscall_64+0x26/0x610 [ 211.949310][ T8080] ? lockdep_hardirqs_on+0x418/0x5d0 [ 211.949331][ T8080] ? trace_hardirqs_on+0x67/0x230 [ 211.959377][ T8080] do_syscall_64+0x103/0x610 [ 211.959405][ T8080] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 211.968824][ T8080] RIP: 0033:0x4582b9 [ 211.968841][ T8080] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 211.968848][ T8080] RSP: 002b:00007f8f02f20c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 211.968862][ T8080] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 211.968877][ T8080] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 211.979361][ T8080] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 211.979370][ T8080] R10: 02008000fffffffe R11: 0000000000000246 R12: 00007f8f02f216d4 [ 211.979377][ T8080] R13: 00000000004c5227 R14: 00000000004d9368 R15: 00000000ffffffff [ 212.062335][ T8080] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8080 [ 212.086966][ T8080] caller is ip6_finish_output+0x335/0xdc0 [ 212.086985][ T8080] CPU: 0 PID: 8080 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 212.087002][ T8080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 212.100128][ T8080] Call Trace: [ 212.100153][ T8080] dump_stack+0x172/0x1f0 [ 212.100177][ T8080] __this_cpu_preempt_check+0x246/0x270 [ 212.100205][ T8080] ip6_finish_output+0x335/0xdc0 [ 212.109454][ T8080] ip6_output+0x235/0x7f0 [ 212.109475][ T8080] ? ip6_finish_output+0xdc0/0xdc0 [ 212.109495][ T8080] ? ip6_fragment+0x3980/0x3980 [ 212.109517][ T8080] ip6_xmit+0xe41/0x20c0 [ 212.124649][ T8080] ? ip6_finish_output2+0x2550/0x2550 [ 212.124668][ T8080] ? mark_held_locks+0xf0/0xf0 [ 212.124687][ T8080] ? ip6_setup_cork+0x1870/0x1870 [ 212.124703][ T8080] ? inet6_csk_route_socket+0x715/0xf40 [ 212.124731][ T8080] inet6_csk_xmit+0x2fb/0x5d0 [ 212.134326][ T8080] ? inet6_csk_update_pmtu+0x190/0x190 [ 212.134343][ T8080] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 212.134365][ T8080] ? csum_ipv6_magic+0x20/0x80 [ 213.080026][ T8080] __tcp_transmit_skb+0x1a32/0x3750 [ 213.085257][ T8080] ? __tcp_select_window+0x8b0/0x8b0 [ 213.090543][ T8080] ? mark_lock+0x1340/0x1380 [ 213.095150][ T8080] ? ktime_get+0x105/0x300 [ 213.099637][ T8080] ? tcp_mstamp_refresh+0x16/0xa0 [ 213.104655][ T8080] ? ktime_get+0x105/0x300 [ 213.109075][ T8080] __tcp_send_ack.part.0+0x3c6/0x5b0 [ 213.114357][ T8080] tcp_send_ack+0x88/0xa0 [ 213.118677][ T8080] __tcp_ack_snd_check+0x165/0x8d0 [ 213.123784][ T8080] tcp_rcv_established+0x175d/0x1fb0 [ 213.129067][ T8080] ? tcp_data_queue+0x4840/0x4840 [ 213.134084][ T8080] ? __local_bh_enable_ip+0x100/0x270 [ 213.139449][ T8080] ? _raw_spin_unlock_bh+0x31/0x40 [ 213.144540][ T8080] ? __local_bh_enable_ip+0x15a/0x270 [ 213.149901][ T8080] ? lockdep_hardirqs_on+0x418/0x5d0 [ 213.155209][ T8080] tcp_v6_do_rcv+0x421/0x12c0 [ 213.159919][ T8080] __release_sock+0x12e/0x3a0 [ 213.164609][ T8080] release_sock+0x59/0x1c0 [ 213.169029][ T8080] tcp_sendpage+0x4a/0x60 [ 213.173354][ T8080] ? tcp_sendpage_locked+0xd0/0xd0 [ 213.178446][ T8080] inet_sendpage+0x16b/0x630 [ 213.183024][ T8080] kernel_sendpage+0x95/0xf0 [ 213.187616][ T8080] ? inet_sendmsg+0x5e0/0x5e0 [ 213.192282][ T8080] sock_sendpage+0x8b/0xc0 [ 213.196683][ T8080] pipe_to_sendpage+0x299/0x370 [ 213.201516][ T8080] ? kernel_sendpage+0xf0/0xf0 [ 213.206267][ T8080] ? direct_splice_actor+0x1a0/0x1a0 [ 213.211539][ T8080] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 213.217775][ T8080] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 213.224115][ T8080] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 213.230355][ T8080] __splice_from_pipe+0x395/0x7d0 [ 213.235363][ T8080] ? direct_splice_actor+0x1a0/0x1a0 [ 213.240651][ T8080] ? direct_splice_actor+0x1a0/0x1a0 [ 213.245941][ T8080] splice_from_pipe+0x108/0x170 [ 213.250804][ T8080] ? splice_shrink_spd+0xd0/0xd0 [ 213.255731][ T8080] generic_splice_sendpage+0x3c/0x50 [ 213.261010][ T8080] ? splice_from_pipe+0x170/0x170 [ 213.266021][ T8080] direct_splice_actor+0x126/0x1a0 [ 213.271131][ T8080] splice_direct_to_actor+0x369/0x970 [ 213.276497][ T8080] ? generic_pipe_buf_nosteal+0x10/0x10 [ 213.282039][ T8080] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 213.288271][ T8080] ? do_splice_to+0x190/0x190 [ 213.292935][ T8080] ? rw_verify_area+0x118/0x360 [ 213.297769][ T8080] do_splice_direct+0x1da/0x2a0 [ 213.302611][ T8080] ? splice_direct_to_actor+0x970/0x970 [ 213.308159][ T8080] ? rw_verify_area+0x118/0x360 [ 213.313023][ T8080] do_sendfile+0x597/0xd00 [ 213.317452][ T8080] ? do_compat_pwritev64+0x1c0/0x1c0 [ 213.322734][ T8080] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 213.328972][ T8080] ? put_timespec64+0xda/0x140 [ 213.333726][ T8080] __x64_sys_sendfile64+0x1dd/0x220 [ 213.338927][ T8080] ? __ia32_sys_sendfile+0x230/0x230 [ 213.344230][ T8080] ? do_syscall_64+0x26/0x610 [ 213.348936][ T8080] ? lockdep_hardirqs_on+0x418/0x5d0 [ 213.354244][ T8080] ? trace_hardirqs_on+0x67/0x230 03:10:23 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$SIOCGSTAMP(r0, 0x8906, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendto$packet(r2, &(0x7f0000000180), 0x0, 0x4, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) prctl$PR_GET_NO_NEW_PRIVS(0x27) sendto$inet6(r3, 0x0, 0xb9, 0x20000001, &(0x7f0000000040)={0xa, 0x2, 0x8000000000, @ipv4={[], [], @empty}}, 0x1c) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) splice(r3, 0x0, r2, 0x0, 0x1000000000000003, 0x0) ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) getpgid(0x0) ioprio_get$pid(0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f00000003c0)) socket$inet6_udplite(0xa, 0x2, 0x88) prctl$PR_SET_PTRACER(0x59616d61, 0x0) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x80000) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, 0x0) ioctl$TCSETA(0xffffffffffffffff, 0x5406, 0x0) sendto$packet(r3, &(0x7f0000000340), 0xfffffffffffffd4d, 0x57, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'lo\x00'}) 03:10:23 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x80001, 0x84) sendmsg(r0, &(0x7f00000002c0)={&(0x7f0000000380)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)='\f', 0x1}], 0x1}, 0x0) 03:10:23 executing program 1: r0 = socket(0x10, 0x88000000000802, 0x0) write(r0, &(0x7f00000000c0)="fc0000001d00071bab0925003a0007000aab080204000000f0ffff93210001c00000000000000000003f000000039815fa2c1ec28656aaa79bb94b46fe0000000a000200255f8c03036c6cdec64f7a7bc6652fb5562ab55b44a7afd9df0d11512fe0cad44000000000008934d07302ad23fed20100fe7b0000005538000033d477e280fc83ab825eff7f000000000000170e5bba4a463ae4f5566f91cf190201ded815b2ccd243fa95ed94e0ad91bd0734babc7c6d27392ad23f2e00000000000000066b17e583df150c3b880f411f46a60467b4d57155870271bfe9c8c077c34d3c0fd5f77a58a10000c880ac80000000000000000000000033cc0d", 0xfc) [ 213.359285][ T8080] do_syscall_64+0x103/0x610 [ 213.363885][ T8080] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 213.369780][ T8080] RIP: 0033:0x4582b9 [ 213.373690][ T8080] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 213.393302][ T8080] RSP: 002b:00007f8f02f20c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 213.393317][ T8080] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 213.393324][ T8080] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 213.393332][ T8080] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 213.393340][ T8080] R10: 02008000fffffffe R11: 0000000000000246 R12: 00007f8f02f216d4 [ 213.393348][ T8080] R13: 00000000004c5227 R14: 00000000004d9368 R15: 00000000ffffffff [ 213.489835][ T8080] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8080 [ 213.500998][ T8080] caller is ip6_finish_output+0x335/0xdc0 [ 213.506803][ T8080] CPU: 1 PID: 8080 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 213.515837][ T8080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 213.515843][ T8080] Call Trace: [ 213.515866][ T8080] dump_stack+0x172/0x1f0 [ 213.515890][ T8080] __this_cpu_preempt_check+0x246/0x270 03:10:23 executing program 1: r0 = open(&(0x7f0000000140)='.\x00', 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r1 = gettid() add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8912, 0x0) keyctl$set_timeout(0xf, 0x0, 0x0) ptrace$peekuser(0x3, 0x0, 0x0) ioctl$KDGKBLED(0xffffffffffffffff, 0x4b64, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) listen(0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) getsockopt$SO_COOKIE(r0, 0x1, 0x39, 0x0, 0x0) tkill(r1, 0x1000000000016) [ 213.515910][ T8080] ip6_finish_output+0x335/0xdc0 [ 213.515932][ T8080] ip6_output+0x235/0x7f0 [ 213.515953][ T8080] ? ip6_finish_output+0xdc0/0xdc0 [ 213.553480][ T8080] ? ip6_fragment+0x3980/0x3980 [ 213.558352][ T8080] ip6_xmit+0xe41/0x20c0 [ 213.562611][ T8080] ? ip6_finish_output2+0x2550/0x2550 [ 213.567995][ T8080] ? mark_held_locks+0xf0/0xf0 [ 213.568015][ T8080] ? ip6_setup_cork+0x1870/0x1870 [ 213.568032][ T8080] ? inet6_csk_route_socket+0x715/0xf40 [ 213.568059][ T8080] inet6_csk_xmit+0x2fb/0x5d0 [ 213.583360][ T8080] ? inet6_csk_update_pmtu+0x190/0x190 [ 213.583378][ T8080] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 213.583400][ T8080] ? csum_ipv6_magic+0x20/0x80 [ 213.605003][ T8080] __tcp_transmit_skb+0x1a32/0x3750 [ 213.605030][ T8080] ? __tcp_select_window+0x8b0/0x8b0 [ 213.605058][ T8080] __tcp_send_ack.part.0+0x3c6/0x5b0 [ 213.605076][ T8080] tcp_send_ack+0x88/0xa0 [ 213.605090][ T8080] __tcp_ack_snd_check+0x165/0x8d0 [ 213.605106][ T8080] tcp_rcv_established+0x9ed/0x1fb0 [ 213.605125][ T8080] ? tcp_data_queue+0x4840/0x4840 [ 213.605138][ T8080] ? __local_bh_enable_ip+0x100/0x270 [ 213.605159][ T8080] tcp_v6_do_rcv+0x421/0x12c0 [ 213.605180][ T8080] __release_sock+0x12e/0x3a0 [ 213.605210][ T8080] release_sock+0x59/0x1c0 [ 213.640632][ T8080] tcp_sendpage+0x4a/0x60 [ 213.664070][ T8080] ? tcp_sendpage_locked+0xd0/0xd0 [ 213.669186][ T8080] inet_sendpage+0x16b/0x630 [ 213.669211][ T8080] kernel_sendpage+0x95/0xf0 [ 213.669233][ T8080] ? inet_sendmsg+0x5e0/0x5e0 [ 213.669251][ T8080] sock_sendpage+0x8b/0xc0 [ 213.669272][ T8080] pipe_to_sendpage+0x299/0x370 [ 213.669295][ T8080] ? kernel_sendpage+0xf0/0xf0 [ 213.687513][ T8080] ? direct_splice_actor+0x1a0/0x1a0 [ 213.687531][ T8080] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 213.687546][ T8080] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 213.687560][ T8080] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 213.687579][ T8080] __splice_from_pipe+0x395/0x7d0 [ 213.687595][ T8080] ? direct_splice_actor+0x1a0/0x1a0 [ 213.687617][ T8080] ? direct_splice_actor+0x1a0/0x1a0 [ 213.687632][ T8080] splice_from_pipe+0x108/0x170 [ 213.687649][ T8080] ? splice_shrink_spd+0xd0/0xd0 [ 213.687679][ T8080] generic_splice_sendpage+0x3c/0x50 [ 213.687691][ T8080] ? splice_from_pipe+0x170/0x170 [ 213.687712][ T8080] direct_splice_actor+0x126/0x1a0 [ 213.721089][ T8080] splice_direct_to_actor+0x369/0x970 [ 213.721110][ T8080] ? generic_pipe_buf_nosteal+0x10/0x10 [ 213.721131][ T8080] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 213.721145][ T8080] ? do_splice_to+0x190/0x190 [ 213.721167][ T8080] ? rw_verify_area+0x118/0x360 [ 213.741551][ T8080] do_splice_direct+0x1da/0x2a0 [ 213.741570][ T8080] ? splice_direct_to_actor+0x970/0x970 [ 213.741596][ T8080] ? rw_verify_area+0x118/0x360 [ 213.741620][ T8080] do_sendfile+0x597/0xd00 [ 213.751840][ T8080] ? do_compat_pwritev64+0x1c0/0x1c0 [ 213.751858][ T8080] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 213.751873][ T8080] ? put_timespec64+0xda/0x140 [ 213.751900][ T8080] __x64_sys_sendfile64+0x1dd/0x220 [ 213.751922][ T8080] ? __ia32_sys_sendfile+0x230/0x230 [ 213.762029][ T8080] ? do_syscall_64+0x26/0x610 [ 213.762047][ T8080] ? lockdep_hardirqs_on+0x418/0x5d0 [ 213.762064][ T8080] ? trace_hardirqs_on+0x67/0x230 [ 213.762084][ T8080] do_syscall_64+0x103/0x610 [ 213.762105][ T8080] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 213.762123][ T8080] RIP: 0033:0x4582b9 [ 213.793574][ T8080] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 213.793583][ T8080] RSP: 002b:00007f8f02f20c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 213.793598][ T8080] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 213.793607][ T8080] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 213.793616][ T8080] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 213.793626][ T8080] R10: 02008000fffffffe R11: 0000000000000246 R12: 00007f8f02f216d4 [ 213.793635][ T8080] R13: 00000000004c5227 R14: 00000000004d9368 R15: 00000000ffffffff [ 213.911782][ T8080] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8080 [ 213.925898][ T8080] caller is ip6_finish_output+0x335/0xdc0 [ 213.925919][ T8080] CPU: 1 PID: 8080 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 213.943145][ T8080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 213.943150][ T8080] Call Trace: [ 213.943173][ T8080] dump_stack+0x172/0x1f0 [ 213.943194][ T8080] __this_cpu_preempt_check+0x246/0x270 [ 213.943211][ T8080] ip6_finish_output+0x335/0xdc0 [ 213.943241][ T8080] ip6_output+0x235/0x7f0 [ 213.943265][ T8080] ? ip6_finish_output+0xdc0/0xdc0 [ 213.957997][ T8080] ? ip6_fragment+0x3980/0x3980 [ 213.958020][ T8080] ip6_xmit+0xe41/0x20c0 [ 213.958044][ T8080] ? ip6_finish_output2+0x2550/0x2550 [ 213.971377][ T8080] ? mark_held_locks+0xf0/0xf0 [ 213.981228][ T8080] ? ip6_setup_cork+0x1870/0x1870 [ 213.990460][ T8080] ? inet6_csk_route_socket+0x715/0xf40 [ 213.990491][ T8080] inet6_csk_xmit+0x2fb/0x5d0 [ 213.990515][ T8080] ? inet6_csk_update_pmtu+0x190/0x190 [ 214.004669][ T8080] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 214.004693][ T8080] ? csum_ipv6_magic+0x20/0x80 [ 214.004716][ T8080] __tcp_transmit_skb+0x1a32/0x3750 [ 214.004750][ T8080] ? __tcp_select_window+0x8b0/0x8b0 [ 214.004764][ T8080] ? lockdep_hardirqs_on+0x418/0x5d0 [ 214.004779][ T8080] ? trace_hardirqs_on+0x67/0x230 [ 214.004796][ T8080] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 214.004816][ T8080] ? ktime_get+0x208/0x300 [ 214.014933][ T8080] tcp_send_active_reset+0x43a/0x8e0 [ 214.014953][ T8080] tcp_close+0xbb1/0x10c0 [ 214.014972][ T8080] ? sock_fasync+0x100/0x160 [ 214.014991][ T8080] inet_release+0x105/0x1f0 [ 214.015010][ T8080] inet6_release+0x53/0x80 [ 214.015025][ T8080] __sock_release+0xd3/0x2b0 [ 214.015042][ T8080] ? __sock_release+0x2b0/0x2b0 [ 214.015055][ T8080] sock_close+0x1b/0x30 [ 214.015069][ T8080] __fput+0x2e5/0x8d0 [ 214.015086][ T8080] ____fput+0x16/0x20 [ 214.015103][ T8080] task_work_run+0x14a/0x1c0 [ 214.015123][ T8080] do_exit+0x90a/0x2fa0 [ 214.015141][ T8080] ? get_signal+0x2a7/0x1d50 03:10:24 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) keyctl$setperm(0x5, 0x0, 0x0) 03:10:24 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) sendmmsg(r0, &(0x7f0000007e00), 0x26e, 0x0) 03:10:24 executing program 0: mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff) r0 = memfd_create(&(0x7f0000000100)='\vem1\xc1\xf8\xa6\x8dN\xc0\xa3\\\xe2\xcb\xa2\xba\xe5\xf4\x97\xac#*\xff', 0x0) write(r0, &(0x7f00000000c0)="0600", 0x2) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000080)=ANY=[@ANYBLOB], 0xe) sendfile(r0, r0, &(0x7f0000001000), 0xffff) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r0, 0x0) pipe2$9p(&(0x7f0000000040), 0x800) socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f000002eff0)={0x4db, &(0x7f0000000000)=[{}]}, 0x10) [ 214.015158][ T8080] ? mm_update_next_owner+0x640/0x640 [ 214.015180][ T8080] ? _raw_spin_unlock_irq+0x28/0x90 [ 214.015192][ T8080] ? get_signal+0x331/0x1d50 [ 214.015202][ T8080] ? _raw_spin_unlock_irq+0x28/0x90 [ 214.015227][ T8080] do_group_exit+0x135/0x370 [ 214.015244][ T8080] get_signal+0x399/0x1d50 [ 214.015274][ T8080] ? fsnotify_first_mark+0x210/0x210 [ 214.015294][ T8080] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 214.015326][ T8080] do_signal+0x87/0x1940 [ 214.015349][ T8080] ? setup_sigcontext+0x7d0/0x7d0 [ 214.015364][ T8080] ? put_timespec64+0xda/0x140 [ 214.015389][ T8080] ? exit_to_usermode_loop+0x43/0x2c0 [ 214.025948][ T8080] ? do_syscall_64+0x52d/0x610 [ 214.025962][ T8080] ? exit_to_usermode_loop+0x43/0x2c0 [ 214.025979][ T8080] ? lockdep_hardirqs_on+0x418/0x5d0 [ 214.025995][ T8080] ? trace_hardirqs_on+0x67/0x230 [ 214.026014][ T8080] exit_to_usermode_loop+0x244/0x2c0 [ 214.026032][ T8080] do_syscall_64+0x52d/0x610 [ 214.026050][ T8080] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 214.026062][ T8080] RIP: 0033:0x4582b9