[ 36.799307][ T26] audit: type=1800 audit(1554683208.292:28): pid=7549 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 37.637609][ T26] audit: type=1800 audit(1554683209.212:29): pid=7549 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 37.658135][ T26] audit: type=1800 audit(1554683209.212:30): pid=7549 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 [....] startpar: service(s) returned failure: ssh ...[?25l[?1c7[FAIL8[?25h[?0c failed! Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.12' (ECDSA) to the list of known hosts. 2019/04/08 00:27:00 fuzzer started 2019/04/08 00:27:03 dialing manager at 10.128.0.26:34543 2019/04/08 00:27:04 syscalls: 2408 2019/04/08 00:27:04 code coverage: enabled 2019/04/08 00:27:04 comparison tracing: enabled 2019/04/08 00:27:04 extra coverage: extra coverage is not supported by the kernel 2019/04/08 00:27:04 setuid sandbox: enabled 2019/04/08 00:27:04 namespace sandbox: enabled 2019/04/08 00:27:04 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/08 00:27:04 fault injection: enabled 2019/04/08 00:27:04 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/08 00:27:04 net packet injection: enabled 2019/04/08 00:27:04 net device setup: enabled 00:29:15 executing program 0: getsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r0, 0x103) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) recvmmsg(r0, &(0x7f0000001b40)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x600, 0x3e8}}], 0x1, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) close(r0) write(r1, &(0x7f0000000100), 0x34000) syzkaller login: [ 183.649834][ T7740] IPVS: ftp: loaded support on port[0] = 21 00:29:15 executing program 1: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000002000)) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x2, 0x20031, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_WAKE(r0, 0x8010aa01, &(0x7f0000000040)={&(0x7f0000014000/0x4000)=nil, 0x4000}) [ 183.752036][ T7740] chnl_net:caif_netlink_parms(): no params data found [ 183.806388][ T7740] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.814890][ T7740] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.825380][ T7740] device bridge_slave_0 entered promiscuous mode [ 183.834602][ T7740] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.842852][ T7740] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.851021][ T7740] device bridge_slave_1 entered promiscuous mode [ 183.873922][ T7740] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 183.885472][ T7740] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 183.923647][ T7740] team0: Port device team_slave_0 added [ 183.931124][ T7740] team0: Port device team_slave_1 added 00:29:15 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) io_setup(0x264a, &(0x7f0000000080)=0x0) io_submit(r1, 0x2, &(0x7f0000000240)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff9c}]) [ 184.000503][ T7740] device hsr_slave_0 entered promiscuous mode [ 184.046977][ T7740] device hsr_slave_1 entered promiscuous mode [ 184.092753][ T7743] IPVS: ftp: loaded support on port[0] = 21 [ 184.120830][ T7740] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.128136][ T7740] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.135971][ T7740] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.143156][ T7740] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.167354][ T7745] IPVS: ftp: loaded support on port[0] = 21 [ 184.266011][ T7740] 8021q: adding VLAN 0 to HW filter on device bond0 00:29:15 executing program 3: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000002000)) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x800000004, 0x20031, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_WAKE(r0, 0x8010aa01, &(0x7f0000000040)={&(0x7f0000014000/0x4000)=nil, 0x4000}) [ 184.310614][ T7740] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.317849][ T7746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 184.330234][ T7746] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.349799][ T7746] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.358616][ T7746] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 184.439348][ T7746] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 184.450489][ T7746] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.457606][ T7746] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.476936][ T7746] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 184.495689][ T7746] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.502799][ T7746] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.522761][ T7750] IPVS: ftp: loaded support on port[0] = 21 00:29:16 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) pipe(0x0) r1 = dup3(r0, 0xffffffffffffffff, 0x0) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) r4 = open$dir(&(0x7f0000000100)='./file0\x00', 0x4006, 0x0) sendfile(r4, r4, 0x0, 0x8800000) syz_genetlink_get_family_id$tipc(&(0x7f0000000280)='TIPC\x00') sendmsg$TIPC_CMD_SET_NODE_ADDR(r1, &(0x7f0000000380)={&(0x7f0000000200), 0xc, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x5) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000140)="66b9810000400f322ed30cbad104ec660f38df2b0fe21526660ff85e503ede1b0f20c06635000000800f22c0b800088ec00fae470b", 0x35}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000000)={{{@in=@remote, @in6=@initdev}}, {{@in=@initdev}, 0x0, @in=@multicast1}}, &(0x7f00000001c0)=0xe8) [ 184.541130][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.552297][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 184.561459][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 184.572227][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 184.612648][ T7743] chnl_net:caif_netlink_parms(): no params data found [ 184.629404][ T7740] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 184.643094][ T7740] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 184.667040][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 184.695739][ T7740] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 184.748856][ T7745] chnl_net:caif_netlink_parms(): no params data found [ 184.825506][ T7743] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.855499][ T7743] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.865745][ T7743] device bridge_slave_0 entered promiscuous mode [ 184.889897][ T7753] IPVS: ftp: loaded support on port[0] = 21 [ 184.914132][ T7743] bridge0: port 2(bridge_slave_1) entered blocking state 00:29:16 executing program 5: r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x3], 0x2}}, 0x0) [ 184.964665][ T7743] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.985012][ T7743] device bridge_slave_1 entered promiscuous mode [ 185.082995][ T7743] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 185.095196][ C0] hrtimer: interrupt took 31728 ns [ 185.106162][ T7761] IPVS: ftp: loaded support on port[0] = 21 [ 185.112527][ T7743] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 185.156158][ T7766] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7766 [ 185.166073][ T7766] caller is ip6_finish_output+0x335/0xdc0 [ 185.172101][ T7766] CPU: 0 PID: 7766 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 185.181126][ T7766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 185.181147][ T7766] Call Trace: [ 185.181177][ T7766] dump_stack+0x172/0x1f0 [ 185.181208][ T7766] __this_cpu_preempt_check+0x246/0x270 [ 185.181233][ T7766] ip6_finish_output+0x335/0xdc0 [ 185.181252][ T7766] ip6_output+0x235/0x7f0 [ 185.181273][ T7766] ? ip6_finish_output+0xdc0/0xdc0 [ 185.194730][ T7766] ? ip6_fragment+0x3980/0x3980 [ 185.204571][ T7766] ? kasan_check_read+0x11/0x20 [ 185.213806][ T7766] ip6_xmit+0xe41/0x20c0 [ 185.223745][ T7766] ? ip6_finish_output2+0x2550/0x2550 [ 185.232794][ T7766] ? mark_held_locks+0xf0/0xf0 [ 185.242909][ T7766] ? ip6_setup_cork+0x1870/0x1870 [ 185.247961][ T7766] sctp_v6_xmit+0x313/0x660 [ 185.247985][ T7766] sctp_packet_transmit+0x1bc4/0x36f0 [ 185.248018][ T7766] ? sctp_packet_config+0xfe0/0xfe0 [ 185.257978][ T7766] ? sctp_packet_append_chunk+0x946/0xda0 [ 185.257993][ T7766] ? sctp_outq_select_transport+0x21a/0x790 [ 185.258012][ T7766] sctp_outq_flush_ctrl.constprop.0+0x6d4/0xd50 [ 185.258040][ T7766] ? sctp_prsctp_prune_sent.isra.0+0x820/0x820 [ 185.268956][ T7766] ? lock_downgrade+0x880/0x880 [ 185.268976][ T7766] ? add_timer+0x400/0x930 [ 185.268989][ T7766] ? find_held_lock+0x35/0x130 [ 185.269010][ T7766] ? add_timer+0x41e/0x930 [ 185.281128][ T7766] sctp_outq_flush+0xe8/0x2780 [ 185.281142][ T7766] ? mark_held_locks+0xa4/0xf0 [ 185.281157][ T7766] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 185.281178][ T7766] ? add_timer+0x41e/0x930 [ 185.292149][ T7766] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 185.301303][ T7766] ? lockdep_hardirqs_on+0x418/0x5d0 [ 185.310436][ T7766] ? trace_hardirqs_on+0x67/0x230 [ 185.310454][ T7766] ? __sctp_outq_teardown+0xc60/0xc60 [ 185.310477][ T7766] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 185.310488][ T7766] ? sctp_outq_tail+0x68c/0x930 [ 185.310507][ T7766] sctp_outq_uncork+0x6c/0x80 [ 185.321047][ T7766] sctp_do_sm+0x2575/0x5770 [ 185.331230][ T7766] ? sctp_hash_transport+0xdb1/0x18d0 [ 185.331252][ T7766] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 185.331268][ T7766] ? __local_bh_enable_ip+0x15a/0x270 [ 185.331285][ T7766] ? lock_downgrade+0x880/0x880 [ 185.331306][ T7766] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.341584][ T7766] ? kasan_check_read+0x11/0x20 [ 185.353171][ T7766] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.362668][ T7766] ? sctp_hash_transport+0x10b/0x18d0 [ 185.372530][ T7766] ? memcpy+0x46/0x50 [ 185.384558][ T7766] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.395628][ T7766] ? sctp_assoc_set_primary+0x274/0x310 [ 185.406707][ T7766] sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 185.406726][ T7766] __sctp_connect+0x8cd/0xce0 [ 185.406748][ T7766] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 185.406776][ T7766] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 185.416136][ T7766] ? _copy_from_user+0xdd/0x150 [ 185.427911][ T7766] ? security_sctp_bind_connect+0x99/0xd0 [ 185.427939][ T7766] __sctp_setsockopt_connectx+0x133/0x1a0 [ 185.427958][ T7766] sctp_setsockopt+0x15db/0x6fe0 [ 185.427980][ T7766] ? sctp_setsockopt_paddr_thresholds+0x540/0x540 [ 185.438024][ T7766] ? kasan_check_read+0x11/0x20 [ 185.438043][ T7766] ? ___might_sleep+0x163/0x280 [ 185.438058][ T7766] ? __might_sleep+0x95/0x190 [ 185.438076][ T7766] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 185.438097][ T7766] ? aa_sk_perm+0x288/0x880 [ 185.449910][ T7766] ? aa_sock_opt_perm.isra.0+0xa1/0x130 [ 185.449937][ T7766] sock_common_setsockopt+0x9a/0xe0 [ 185.449958][ T7766] __sys_setsockopt+0x180/0x280 [ 185.460519][ T7766] ? kernel_accept+0x310/0x310 [ 185.471162][ T7766] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.471177][ T7766] ? do_syscall_64+0x26/0x610 [ 185.471190][ T7766] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.471202][ T7766] ? do_syscall_64+0x26/0x610 [ 185.471224][ T7766] __x64_sys_setsockopt+0xbe/0x150 [ 185.471243][ T7766] do_syscall_64+0x103/0x610 [ 185.482485][ T7766] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.492023][ T7766] RIP: 0033:0x4582b9 [ 185.502125][ T7766] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 185.512816][ T7766] RSP: 002b:00007f8162e6fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 185.522410][ T7766] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004582b9 [ 185.532520][ T7766] RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000005 [ 185.543218][ T7766] RBP: 000000000073c040 R08: 000000000000001c R09: 0000000000000000 [ 185.543234][ T7766] R10: 0000000020000000 R11: 0000000000000246 R12: 00007f8162e706d4 [ 185.552903][ T7766] R13: 00000000004cd198 R14: 00000000004dafa0 R15: 00000000ffffffff [ 185.652166][ T7745] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.661699][ T7766] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7766 [ 185.662555][ T7745] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.671113][ T7766] caller is ip6_finish_output+0x335/0xdc0 [ 185.683949][ T7766] CPU: 0 PID: 7766 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 185.683958][ T7766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 185.683963][ T7766] Call Trace: [ 185.683987][ T7766] dump_stack+0x172/0x1f0 [ 185.684010][ T7766] __this_cpu_preempt_check+0x246/0x270 [ 185.694473][ T7745] device bridge_slave_0 entered promiscuous mode [ 185.703102][ T7766] ip6_finish_output+0x335/0xdc0 [ 185.703122][ T7766] ip6_output+0x235/0x7f0 [ 185.703139][ T7766] ? ip6_finish_output+0xdc0/0xdc0 [ 185.703158][ T7766] ? ip6_fragment+0x3980/0x3980 [ 185.703177][ T7766] ? kasan_check_read+0x11/0x20 [ 185.703199][ T7766] ip6_xmit+0xe41/0x20c0 [ 185.710821][ T7766] ? ip6_finish_output2+0x2550/0x2550 [ 185.722659][ T7766] ? mark_held_locks+0xf0/0xf0 [ 185.722680][ T7766] ? ip6_setup_cork+0x1870/0x1870 [ 185.722709][ T7766] sctp_v6_xmit+0x313/0x660 [ 185.722741][ T7766] sctp_packet_transmit+0x1bc4/0x36f0 [ 185.728630][ T7745] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.732004][ T7766] ? sctp_packet_config+0xfe0/0xfe0 [ 185.732027][ T7766] ? kmem_cache_alloc_node_trace+0x352/0x720 [ 185.737692][ T7745] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.741959][ T7766] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 185.741980][ T7766] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 185.741999][ T7766] sctp_outq_flush+0x2b8/0x2780 [ 185.751067][ T7766] ? sctp_chunkify+0x4b/0x290 [ 185.751095][ T7766] ? __sctp_outq_teardown+0xc60/0xc60 [ 185.757772][ T7745] device bridge_slave_1 entered promiscuous mode [ 185.761225][ T7766] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 185.770714][ T7766] ? sctp_outq_tail+0x68c/0x930 [ 185.770732][ T7766] sctp_outq_uncork+0x6c/0x80 [ 185.770752][ T7766] sctp_do_sm+0x2575/0x5770 [ 185.783123][ T7766] ? graph_lock+0x7b/0x200 [ 185.783147][ T7766] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 185.783161][ T7766] ? add_lock_to_list.isra.0+0x1cd/0x3a0 [ 185.783171][ T7766] ? save_trace+0xe0/0x290 [ 185.783201][ T7766] ? sctp_assoc_bh_rcv+0x2fc/0x660 [ 185.801358][ T7766] ? find_held_lock+0x35/0x130 [ 185.801376][ T7766] ? sctp_assoc_bh_rcv+0x2fc/0x660 [ 185.801404][ T7766] ? trace_hardirqs_on+0x67/0x230 [ 185.801426][ T7766] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 185.813377][ T7766] ? ktime_get+0x208/0x300 [ 185.823145][ T7766] sctp_assoc_bh_rcv+0x343/0x660 [ 185.834827][ T7766] sctp_inq_push+0x1ea/0x290 [ 185.915558][ T7766] sctp_backlog_rcv+0x196/0xbe0 [ 185.920407][ T7766] ? __local_bh_enable_ip+0x15a/0x270 [ 185.925773][ T7766] ? _raw_spin_unlock_bh+0x31/0x40 [ 185.930887][ T7766] ? __local_bh_enable_ip+0x15a/0x270 [ 185.936264][ T7766] ? sctp_hash_obj+0x600/0x600 [ 185.941032][ T7766] ? __release_sock+0xca/0x3a0 [ 185.945801][ T7766] ? __local_bh_enable_ip+0x15a/0x270 [ 185.951185][ T7766] __release_sock+0x12e/0x3a0 [ 185.955877][ T7766] release_sock+0x59/0x1c0 [ 185.960294][ T7766] sctp_wait_for_connect+0x316/0x540 [ 185.965582][ T7766] ? sctp_get_port+0x180/0x180 [ 185.970341][ T7766] ? memcpy+0x46/0x50 [ 185.974322][ T7766] ? finish_wait+0x260/0x260 [ 185.978921][ T7766] ? sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 185.984466][ T7766] __sctp_connect+0xac2/0xce0 [ 185.995790][ T7766] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 186.001363][ T7766] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 186.007615][ T7766] ? _copy_from_user+0xdd/0x150 [ 186.012474][ T7766] ? security_sctp_bind_connect+0x99/0xd0 [ 186.018205][ T7766] __sctp_setsockopt_connectx+0x133/0x1a0 [ 186.024364][ T7766] sctp_setsockopt+0x15db/0x6fe0 [ 186.029311][ T7766] ? sctp_setsockopt_paddr_thresholds+0x540/0x540 [ 186.035725][ T7766] ? kasan_check_read+0x11/0x20 [ 186.040577][ T7766] ? ___might_sleep+0x163/0x280 [ 186.045428][ T7766] ? __might_sleep+0x95/0x190 [ 186.050102][ T7766] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 186.055731][ T7766] ? aa_sk_perm+0x288/0x880 [ 186.060240][ T7766] ? aa_sock_opt_perm.isra.0+0xa1/0x130 [ 186.065792][ T7766] sock_common_setsockopt+0x9a/0xe0 [ 186.071009][ T7766] __sys_setsockopt+0x180/0x280 [ 186.075891][ T7766] ? kernel_accept+0x310/0x310 [ 186.080684][ T7766] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.086177][ T7766] ? do_syscall_64+0x26/0x610 [ 186.090882][ T7766] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 186.096971][ T7766] ? do_syscall_64+0x26/0x610 [ 186.101663][ T7766] __x64_sys_setsockopt+0xbe/0x150 [ 186.106775][ T7766] do_syscall_64+0x103/0x610 [ 186.111387][ T7766] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 186.117273][ T7766] RIP: 0033:0x4582b9 [ 186.121179][ T7766] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 186.140784][ T7766] RSP: 002b:00007f8162e6fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 186.149223][ T7766] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004582b9 [ 186.157201][ T7766] RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000005 [ 186.165176][ T7766] RBP: 000000000073c040 R08: 000000000000001c R09: 0000000000000000 [ 186.173149][ T7766] R10: 0000000020000000 R11: 0000000000000246 R12: 00007f8162e706d4 [ 186.181118][ T7766] R13: 00000000004cd198 R14: 00000000004dafa0 R15: 00000000ffffffff [ 186.221123][ T7750] chnl_net:caif_netlink_parms(): no params data found [ 186.225148][ T7767] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7767 [ 186.237618][ T7767] caller is ip6_finish_output+0x335/0xdc0 [ 186.243430][ T7767] CPU: 1 PID: 7767 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 186.243445][ T7767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 186.254550][ T7758] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7758 [ 186.262499][ T7767] Call Trace: [ 186.262527][ T7767] dump_stack+0x172/0x1f0 [ 186.262548][ T7767] __this_cpu_preempt_check+0x246/0x270 [ 186.262567][ T7767] ip6_finish_output+0x335/0xdc0 [ 186.262588][ T7767] ip6_output+0x235/0x7f0 [ 186.272064][ T7758] caller is ip6_finish_output+0x335/0xdc0 [ 186.275238][ T7767] ? ip6_finish_output+0xdc0/0xdc0 [ 186.305072][ T7767] ? retint_kernel+0x2d/0x2d [ 186.309664][ T7767] ? ip6_fragment+0x3980/0x3980 [ 186.314519][ T7767] ip6_xmit+0xe41/0x20c0 [ 186.318796][ T7767] ? ip6_finish_output2+0x2550/0x2550 [ 186.324182][ T7767] ? retint_kernel+0x2d/0x2d [ 186.328781][ T7767] ? ip6_setup_cork+0x1870/0x1870 [ 186.333831][ T7767] sctp_v6_xmit+0x313/0x660 [ 186.338352][ T7767] sctp_packet_transmit+0x1bc4/0x36f0 [ 186.343746][ T7767] ? sctp_packet_config+0xfe0/0xfe0 [ 186.348944][ T7767] ? sctp_packet_append_chunk+0x946/0xda0 [ 186.354660][ T7767] ? sctp_outq_select_transport+0x21a/0x790 [ 186.360558][ T7767] sctp_outq_flush_ctrl.constprop.0+0x6d4/0xd50 [ 186.366832][ T7767] ? sctp_prsctp_prune_sent.isra.0+0x820/0x820 [ 186.373007][ T7767] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.378478][ T7767] ? mark_held_locks+0xa0/0xf0 [ 186.383242][ T7767] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.388700][ T7767] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.394161][ T7767] ? lockdep_hardirqs_on+0x418/0x5d0 [ 186.399449][ T7767] sctp_outq_flush+0xe8/0x2780 [ 186.404213][ T7767] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.409676][ T7767] ? __sctp_outq_teardown+0xc60/0xc60 [ 186.415048][ T7767] ? debug_smp_processor_id+0x280/0x280 [ 186.420590][ T7767] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 186.426826][ T7767] ? sctp_outq_tail+0x68c/0x930 [ 186.431690][ T7767] sctp_outq_uncork+0x6c/0x80 [ 186.436374][ T7767] sctp_do_sm+0x2575/0x5770 [ 186.440894][ T7767] ? sctp_hash_transport+0xdb1/0x18d0 [ 186.446281][ T7767] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 186.452957][ T7767] ? __local_bh_enable_ip+0x15a/0x270 [ 186.458330][ T7767] ? lock_downgrade+0x880/0x880 [ 186.463175][ T7767] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 186.469421][ T7767] ? kasan_check_read+0x11/0x20 [ 186.474272][ T7767] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 186.480508][ T7767] ? sctp_hash_transport+0x10b/0x18d0 [ 186.485908][ T7767] ? memcpy+0x46/0x50 [ 186.489896][ T7767] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 186.496143][ T7767] ? sctp_assoc_set_primary+0x274/0x310 [ 186.501694][ T7767] sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 186.507070][ T7767] __sctp_connect+0x8cd/0xce0 [ 186.511754][ T7767] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 186.517304][ T7767] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 186.523538][ T7767] ? _copy_from_user+0xdd/0x150 [ 186.528387][ T7767] ? security_sctp_bind_connect+0x99/0xd0 [ 186.534127][ T7767] __sctp_setsockopt_connectx+0x133/0x1a0 [ 186.539848][ T7767] sctp_setsockopt+0x15db/0x6fe0 [ 186.544798][ T7767] ? trace_hardirqs_on_caller+0x6a/0x220 [ 186.550444][ T7767] ? sctp_setsockopt_paddr_thresholds+0x540/0x540 [ 186.556877][ T7767] ? ___might_sleep+0x163/0x280 [ 186.561734][ T7767] ? __might_sleep+0x95/0x190 [ 186.566413][ T7767] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 186.572046][ T7767] ? aa_sk_perm+0x288/0x880 [ 186.576548][ T7767] ? aa_sk_perm+0x10/0x880 [ 186.580964][ T7767] ? aa_sock_opt_perm.isra.0+0xa1/0x130 [ 186.586517][ T7767] sock_common_setsockopt+0x9a/0xe0 [ 186.591715][ T7767] __sys_setsockopt+0x180/0x280 [ 186.596567][ T7767] ? kernel_accept+0x310/0x310 [ 186.601511][ T7767] __x64_sys_setsockopt+0xbe/0x150 [ 186.606652][ T7767] ? do_syscall_64+0xfe/0x610 [ 186.611333][ T7767] do_syscall_64+0x103/0x610 [ 186.615933][ T7767] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 186.621835][ T7767] RIP: 0033:0x4582b9 [ 186.625739][ T7767] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 186.645348][ T7767] RSP: 002b:00007f8162e4ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 186.653765][ T7767] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004582b9 [ 186.661733][ T7767] RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000007 [ 186.669703][ T7767] RBP: 000000000073c0e0 R08: 000000000000001c R09: 0000000000000000 [ 186.677679][ T7767] R10: 0000000020000000 R11: 0000000000000246 R12: 00007f8162e4f6d4 [ 186.685655][ T7767] R13: 00000000004cd198 R14: 00000000004dafa0 R15: 00000000ffffffff [ 186.693653][ T7758] CPU: 0 PID: 7758 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 186.702677][ T7758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 186.703158][ T7757] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7757 [ 186.712724][ T7758] Call Trace: [ 186.712750][ T7758] dump_stack+0x172/0x1f0 [ 186.712771][ T7758] __this_cpu_preempt_check+0x246/0x270 [ 186.712790][ T7758] ip6_finish_output+0x335/0xdc0 [ 186.712811][ T7758] ip6_output+0x235/0x7f0 [ 186.712831][ T7758] ? ip6_finish_output+0xdc0/0xdc0 [ 186.712852][ T7758] ? ip6_fragment+0x3980/0x3980 [ 186.712881][ T7758] ? kasan_check_read+0x11/0x20 [ 186.712901][ T7758] ip6_xmit+0xe41/0x20c0 [ 186.712930][ T7758] ? ip6_finish_output2+0x2550/0x2550 [ 186.712952][ T7758] ? mark_held_locks+0xf0/0xf0 [ 186.722369][ T7757] caller is ip6_finish_output+0x335/0xdc0 [ 186.725607][ T7758] ? ip6_setup_cork+0x1870/0x1870 [ 186.784446][ T7758] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 186.790701][ T7758] sctp_v6_xmit+0x313/0x660 [ 186.795212][ T7758] sctp_packet_transmit+0x1bc4/0x36f0 [ 186.800611][ T7758] ? sctp_packet_config+0xfe0/0xfe0 [ 186.805819][ T7758] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 186.812229][ T7758] ? __genradix_ptr+0xf0/0x130 [ 186.816999][ T7758] sctp_outq_flush+0x2b8/0x2780 [ 186.821847][ T7758] ? sctp_sendmsg_to_asoc+0x616/0x17b0 [ 186.827310][ T7758] ? sctp_sendmsg+0xda7/0x1800 [ 186.832070][ T7758] ? inet_sendmsg+0x147/0x5e0 [ 186.836740][ T7758] ? sock_sendmsg+0xdd/0x130 [ 186.841325][ T7758] ? sock_write_iter+0x27c/0x3e0 [ 186.846257][ T7758] ? new_sync_write+0x4c7/0x760 [ 186.851102][ T7758] ? __vfs_write+0xe4/0x110 [ 186.855599][ T7758] ? vfs_write+0x20c/0x580 [ 186.860023][ T7758] ? ksys_write+0xea/0x1f0 [ 186.864436][ T7758] ? __x64_sys_write+0x73/0xb0 [ 186.869208][ T7758] ? __sctp_outq_teardown+0xc60/0xc60 [ 186.874593][ T7758] ? sctp_sm_lookup_event+0x134/0x48d [ 186.879982][ T7758] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 186.886221][ T7758] ? sctp_outq_tail+0x68c/0x930 [ 186.891082][ T7758] sctp_outq_uncork+0x6c/0x80 [ 186.895755][ T7758] sctp_do_sm+0x2575/0x5770 [ 186.900264][ T7758] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 186.906942][ T7758] ? lock_downgrade+0x880/0x880 [ 186.911789][ T7758] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 186.917515][ T7758] ? iov_iter_advance+0x295/0xf70 [ 186.922554][ T7758] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 186.928795][ T7758] ? refcount_inc_not_zero_checked+0x144/0x200 [ 186.935035][ T7758] ? refcount_dec_and_mutex_lock+0x90/0x90 [ 186.940833][ T7758] ? __check_object_size+0x3d/0x42f [ 186.946039][ T7758] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 186.952275][ T7758] ? refcount_add_not_zero_checked+0x174/0x240 [ 186.958427][ T7758] ? refcount_add_not_zero_checked+0x174/0x240 [ 186.964597][ T7758] ? once_deferred+0xa0/0xa0 [ 186.969191][ T7758] sctp_primitive_SEND+0xa0/0xd0 [ 186.974134][ T7758] sctp_sendmsg_to_asoc+0xa63/0x17b0 [ 186.979423][ T7758] ? mark_held_locks+0xf0/0xf0 [ 186.984186][ T7758] ? lock_sock_nested+0x20/0x120 [ 186.989135][ T7758] ? sctp_clear_owner_w+0x120/0x120 [ 186.994340][ T7758] ? __local_bh_enable_ip+0x15a/0x270 [ 186.999807][ T7758] ? lockdep_hardirqs_on+0x418/0x5d0 [ 187.005096][ T7758] ? lock_sock_nested+0x9a/0x120 [ 187.010038][ T7758] ? trace_hardirqs_on+0x67/0x230 [ 187.015061][ T7758] ? lock_sock_nested+0x9a/0x120 [ 187.020000][ T7758] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 187.026768][ T7758] ? sctp_sendmsg_check_sflags+0x1b7/0x270 [ 187.032585][ T7758] sctp_sendmsg+0xda7/0x1800 [ 187.037190][ T7758] ? sctp_id2assoc+0x2c0/0x2c0 [ 187.041959][ T7758] ? __might_sleep+0x95/0x190 [ 187.046639][ T7758] ? aa_sk_perm+0x288/0x880 [ 187.051154][ T7758] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 187.056707][ T7758] inet_sendmsg+0x147/0x5e0 [ 187.061216][ T7758] ? ipip_gro_receive+0x100/0x100 [ 187.066245][ T7758] sock_sendmsg+0xdd/0x130 [ 187.070672][ T7758] sock_write_iter+0x27c/0x3e0 [ 187.075446][ T7758] ? sock_sendmsg+0x130/0x130 [ 187.080160][ T7758] ? aa_path_link+0x460/0x460 [ 187.084842][ T7758] ? find_held_lock+0x35/0x130 [ 187.089620][ T7758] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 187.095896][ T7758] ? iov_iter_init+0xee/0x220 [ 187.100679][ T7758] new_sync_write+0x4c7/0x760 [ 187.105373][ T7758] ? default_llseek+0x2e0/0x2e0 [ 187.110238][ T7758] ? common_file_perm+0x238/0x720 [ 187.120759][ T7758] ? __fget+0x381/0x550 [ 187.124928][ T7758] ? apparmor_file_permission+0x25/0x30 [ 187.130491][ T7758] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 187.136732][ T7758] ? security_file_permission+0x94/0x380 [ 187.142367][ T7758] __vfs_write+0xe4/0x110 [ 187.146701][ T7758] vfs_write+0x20c/0x580 [ 187.150958][ T7758] ksys_write+0xea/0x1f0 [ 187.156366][ T7758] ? __ia32_sys_read+0xb0/0xb0 [ 187.161127][ T7758] ? do_syscall_64+0x26/0x610 [ 187.165821][ T7758] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 187.171894][ T7758] ? do_syscall_64+0x26/0x610 [ 187.176582][ T7758] __x64_sys_write+0x73/0xb0 [ 187.181176][ T7758] do_syscall_64+0x103/0x610 [ 187.185768][ T7758] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 187.191657][ T7758] RIP: 0033:0x4582b9 [ 187.195556][ T7758] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 187.215164][ T7758] RSP: 002b:00007f8162e90c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 187.223582][ T7758] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 187.231563][ T7758] RDX: 0000000000034000 RSI: 0000000020000100 RDI: 0000000000000005 [ 187.239559][ T7758] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 187.247531][ T7758] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8162e916d4 [ 187.255499][ T7758] R13: 00000000004c402c R14: 00000000004dcd70 R15: 00000000ffffffff [ 187.263491][ T7757] CPU: 1 PID: 7757 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 187.272516][ T7757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 187.272529][ T7757] Call Trace: [ 187.285885][ T7757] dump_stack+0x172/0x1f0 [ 187.285908][ T7757] __this_cpu_preempt_check+0x246/0x270 [ 187.295759][ T7757] ip6_finish_output+0x335/0xdc0 [ 187.300698][ T7757] ip6_output+0x235/0x7f0 [ 187.300715][ T7757] ? ip6_finish_output+0xdc0/0xdc0 [ 187.300734][ T7757] ? ip6_fragment+0x3980/0x3980 [ 187.300760][ T7757] ? kasan_check_read+0x11/0x20 [ 187.310171][ T7757] ip6_xmit+0xe41/0x20c0 [ 187.310196][ T7757] ? ip6_finish_output2+0x2550/0x2550 [ 187.310211][ T7757] ? mark_held_locks+0xf0/0xf0 [ 187.310230][ T7757] ? ip6_setup_cork+0x1870/0x1870 [ 187.310260][ T7757] sctp_v6_xmit+0x313/0x660 [ 187.319926][ T7757] sctp_packet_transmit+0x1bc4/0x36f0 [ 187.319959][ T7757] ? sctp_packet_config+0xfe0/0xfe0 [ 187.319984][ T7757] ? kasan_check_read+0x11/0x20 [ 187.329588][ T7757] ? del_timer+0xcd/0x120 [ 187.329607][ T7757] sctp_outq_flush+0x2b8/0x2780 [ 187.329624][ T7757] ? mark_held_locks+0xa4/0xf0 [ 187.329639][ T7757] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 187.329659][ T7757] ? del_timer+0xcd/0x120 [ 187.339420][ T7757] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 187.339439][ T7757] ? __sctp_outq_teardown+0xc60/0xc60 [ 187.339459][ T7757] ? del_timer+0xd2/0x120 [ 187.339481][ T7757] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 187.359488][ T7757] ? sctp_outq_tail+0x68c/0x930 [ 187.368630][ T7757] sctp_outq_uncork+0x6c/0x80 [ 187.368645][ T7757] sctp_do_sm+0x2575/0x5770 [ 187.368670][ T7757] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 187.368683][ T7757] ? __lock_acquire+0x242a/0x3fb0 [ 187.368704][ T7757] ? __save_stack_trace+0x99/0x100 [ 187.379242][ T7757] ? skb_dequeue+0x12e/0x180 [ 187.379257][ T7757] ? find_held_lock+0x35/0x130 [ 187.379273][ T7757] ? skb_dequeue+0x12e/0x180 [ 187.379300][ T7757] ? trace_hardirqs_on+0x67/0x230 [ 187.389388][ T7757] ? kasan_check_read+0x11/0x20 [ 187.389408][ T7757] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 187.389433][ T7757] sctp_primitive_SHUTDOWN+0xa0/0xd0 [ 187.389449][ T7757] sctp_close+0x445/0x860 [ 187.389467][ T7757] ? sctp_init_sock+0x1360/0x1360 [ 187.389490][ T7757] ? ip_mc_drop_socket+0x211/0x270 [ 187.389504][ T7757] ? __sock_release+0x89/0x2b0 [ 187.389524][ T7757] inet_release+0x105/0x1f0 [ 187.389545][ T7757] inet6_release+0x53/0x80 [ 187.399217][ T7757] __sock_release+0xd3/0x2b0 [ 187.410275][ T7757] ? __sock_release+0x2b0/0x2b0 [ 187.410288][ T7757] sock_close+0x1b/0x30 [ 187.410301][ T7757] __fput+0x2e5/0x8d0 [ 187.410318][ T7757] ____fput+0x16/0x20 [ 187.410334][ T7757] task_work_run+0x14a/0x1c0 [ 187.410363][ T7757] get_signal+0x1961/0x1d50 [ 187.419527][ T7757] ? ___sys_recvmsg+0x5a0/0x5a0 [ 187.419544][ T7757] ? lock_downgrade+0x880/0x880 [ 187.419566][ T7757] do_signal+0x87/0x1940 [ 187.419587][ T7757] ? setup_sigcontext+0x7d0/0x7d0 [ 187.431250][ T7757] ? put_timespec64+0xda/0x140 [ 187.431269][ T7757] ? __sys_recvmmsg+0x131/0x270 [ 187.431286][ T7757] ? exit_to_usermode_loop+0x43/0x2c0 [ 187.431299][ T7757] ? do_syscall_64+0x52d/0x610 [ 187.431311][ T7757] ? exit_to_usermode_loop+0x43/0x2c0 [ 187.431326][ T7757] ? lockdep_hardirqs_on+0x418/0x5d0 [ 187.431347][ T7757] ? trace_hardirqs_on+0x67/0x230 [ 187.441023][ T7757] exit_to_usermode_loop+0x244/0x2c0 [ 187.450327][ T7757] do_syscall_64+0x52d/0x610 [ 187.450346][ T7757] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 187.450357][ T7757] RIP: 0033:0x4582b9 [ 187.450372][ T7757] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 187.450380][ T7757] RSP: 002b:00007f8162eb1c78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 187.450393][ T7757] RAX: fffffffffffffe00 RBX: 0000000000000005 RCX: 00000000004582b9 [ 187.450401][ T7757] RDX: 0000000000000001 RSI: 0000000020001b40 RDI: 0000000000000004 [ 187.450422][ T7757] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 187.460264][ T7757] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8162eb26d4 [ 187.460273][ T7757] R13: 00000000004c4f97 R14: 00000000004d8eb8 R15: 00000000ffffffff 00:29:19 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0adc1f123c12a41d88b070") syz_emit_ethernet(0x2e, &(0x7f0000000080)={@local, @link_local, [], {@ipv4={0x800, {{0x6, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, @remote, @local, {[@timestamp={0xffffff94, 0x4}]}}, @igmp={0x0, 0x0, 0x0, @multicast1}}}}}, 0x0) [ 187.468336][ T7758] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7758 [ 187.475768][ T7758] caller is ip6_finish_output+0x335/0xdc0 [ 187.486020][ T7758] CPU: 1 PID: 7758 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 187.495341][ T7758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 187.504311][ T7758] Call Trace: [ 187.513289][ T7758] dump_stack+0x172/0x1f0 [ 187.521244][ T7758] __this_cpu_preempt_check+0x246/0x270 [ 187.530475][ T7758] ip6_finish_output+0x335/0xdc0 [ 187.530495][ T7758] ip6_output+0x235/0x7f0 [ 187.530510][ T7758] ? ip6_finish_output+0xdc0/0xdc0 [ 187.530528][ T7758] ? ip6_fragment+0x3980/0x3980 [ 187.530546][ T7758] ? kasan_check_read+0x11/0x20 [ 187.530564][ T7758] ip6_xmit+0xe41/0x20c0 [ 187.530589][ T7758] ? ip6_finish_output2+0x2550/0x2550 [ 187.530605][ T7758] ? mark_held_locks+0xf0/0xf0 [ 187.530624][ T7758] ? ip6_setup_cork+0x1870/0x1870 [ 187.530645][ T7758] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 187.540328][ T7758] sctp_v6_xmit+0x313/0x660 [ 187.549540][ T7758] sctp_packet_transmit+0x1bc4/0x36f0 [ 187.549573][ T7758] ? sctp_packet_config+0xfe0/0xfe0 [ 187.549593][ T7758] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 187.549606][ T7758] ? __genradix_ptr+0xf0/0x130 [ 187.549621][ T7758] sctp_outq_flush+0x2b8/0x2780 [ 187.549638][ T7758] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 187.549658][ T7758] ? __sctp_outq_teardown+0xc60/0xc60 [ 187.549677][ T7758] ? sctp_outq_uncork+0x80/0x80 [ 187.549694][ T7758] sctp_outq_uncork+0x6c/0x80 [ 187.549707][ T7758] sctp_do_sm+0x2575/0x5770 [ 187.549721][ T7758] ? __vfs_write+0xe4/0x110 [ 187.549732][ T7758] ? vfs_write+0x20c/0x580 [ 187.549744][ T7758] ? ksys_write+0xea/0x1f0 [ 187.549765][ T7758] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 187.549791][ T7758] ? sctp_assoc_bh_rcv+0x2fc/0x660 [ 187.549805][ T7758] ? find_held_lock+0x35/0x130 [ 187.549825][ T7758] ? sctp_assoc_bh_rcv+0x2fc/0x660 [ 187.559422][ T7758] ? mark_held_locks+0xa4/0xf0 [ 187.559437][ T7758] ? ktime_get+0x105/0x300 [ 187.559451][ T7758] ? sctp_assoc_bh_rcv+0x2fc/0x660 [ 187.559462][ T7758] ? ktime_get+0x105/0x300 [ 187.559479][ T7758] ? trace_hardirqs_on+0x67/0x230 [ 187.559497][ T7758] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 187.559509][ T7758] ? ktime_get+0x208/0x300 [ 187.559528][ T7758] sctp_assoc_bh_rcv+0x343/0x660 [ 187.569649][ T7758] sctp_inq_push+0x1ea/0x290 [ 187.580294][ T7758] sctp_backlog_rcv+0x196/0xbe0 [ 187.580309][ T7758] ? __local_bh_enable_ip+0x15a/0x270 [ 187.580326][ T7758] ? sctp_hash_obj+0x600/0x600 [ 187.580348][ T7758] __release_sock+0x12e/0x3a0 [ 187.580368][ T7758] release_sock+0x59/0x1c0 [ 187.580384][ T7758] sctp_sendmsg+0xdcd/0x1800 [ 187.580406][ T7758] ? sctp_id2assoc+0x2c0/0x2c0 [ 187.580431][ T7758] ? __might_sleep+0x95/0x190 [ 187.590713][ T7758] ? aa_sk_perm+0x288/0x880 [ 187.601158][ T7758] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 187.601177][ T7758] inet_sendmsg+0x147/0x5e0 [ 187.601189][ T7758] ? ipip_gro_receive+0x100/0x100 [ 187.601205][ T7758] sock_sendmsg+0xdd/0x130 [ 187.601221][ T7758] sock_write_iter+0x27c/0x3e0 [ 187.601237][ T7758] ? sock_sendmsg+0x130/0x130 [ 187.601261][ T7758] ? aa_path_link+0x460/0x460 [ 187.601281][ T7758] ? find_held_lock+0x35/0x130 [ 187.624765][ T7758] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 187.624782][ T7758] ? iov_iter_init+0xee/0x220 [ 187.624799][ T7758] new_sync_write+0x4c7/0x760 [ 187.624816][ T7758] ? default_llseek+0x2e0/0x2e0 [ 187.624837][ T7758] ? common_file_perm+0x238/0x720 [ 187.624851][ T7758] ? __fget+0x381/0x550 [ 187.624883][ T7758] ? apparmor_file_permission+0x25/0x30 [ 187.641264][ T7758] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 187.657173][ T7758] ? security_file_permission+0x94/0x380 [ 187.657194][ T7758] __vfs_write+0xe4/0x110 [ 187.657211][ T7758] vfs_write+0x20c/0x580 [ 187.657232][ T7758] ksys_write+0xea/0x1f0 [ 187.657249][ T7758] ? __ia32_sys_read+0xb0/0xb0 [ 187.657265][ T7758] ? do_syscall_64+0x26/0x610 [ 187.657279][ T7758] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 187.657291][ T7758] ? do_syscall_64+0x26/0x610 [ 187.657309][ T7758] __x64_sys_write+0x73/0xb0 [ 187.657324][ T7758] do_syscall_64+0x103/0x610 [ 187.657340][ T7758] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 187.657351][ T7758] RIP: 0033:0x4582b9 [ 187.657366][ T7758] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 187.657381][ T7758] RSP: 002b:00007f8162e90c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 187.673303][ T7758] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 187.673313][ T7758] RDX: 0000000000034000 RSI: 0000000020000100 RDI: 0000000000000005 [ 187.673321][ T7758] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 187.673329][ T7758] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8162e916d4 [ 187.673337][ T7758] R13: 00000000004c402c R14: 00000000004dcd70 R15: 00000000ffffffff [ 188.164423][ T7745] bond0: Enslaving bond_slave_0 as an active interface with an up link 00:29:19 executing program 0: dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 188.189973][ T7743] team0: Port device team_slave_0 added [ 188.198319][ T7743] team0: Port device team_slave_1 added [ 188.209802][ T7745] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 188.279126][ T7776] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 188.339275][ T7743] device hsr_slave_0 entered promiscuous mode [ 188.367465][ T7743] device hsr_slave_1 entered promiscuous mode [ 188.429492][ T7745] team0: Port device team_slave_0 added [ 188.435434][ T7750] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.443316][ T7750] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.466213][ T7750] device bridge_slave_0 entered promiscuous mode [ 188.504679][ T7745] team0: Port device team_slave_1 added 00:29:20 executing program 0: dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 188.552822][ T7750] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.564268][ T7750] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.574516][ T7750] device bridge_slave_1 entered promiscuous mode 00:29:20 executing program 0: dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 188.689276][ T7745] device hsr_slave_0 entered promiscuous mode [ 188.727651][ T7745] device hsr_slave_1 entered promiscuous mode [ 188.813397][ T7750] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 188.827759][ T7753] chnl_net:caif_netlink_parms(): no params data found [ 188.852600][ T7750] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 188.874954][ T7743] 8021q: adding VLAN 0 to HW filter on device bond0 [ 188.912165][ T7761] chnl_net:caif_netlink_parms(): no params data found 00:29:20 executing program 0: dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 188.934394][ T7743] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.989889][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 189.003159][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 189.022513][ T7750] team0: Port device team_slave_0 added [ 189.068065][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.077340][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.085951][ T3483] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.093116][ T3483] bridge0: port 1(bridge_slave_0) entered forwarding state [ 189.107301][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 189.116460][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 189.135231][ T3483] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.142411][ T3483] bridge0: port 2(bridge_slave_1) entered forwarding state [ 189.157199][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 00:29:20 executing program 0: syz_open_dev$sndctrl(&(0x7f0000000080)='/dev/snd/controlC#\x00', 0x2, 0x26000) [ 189.166062][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 189.180011][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 189.198772][ T7750] team0: Port device team_slave_1 added 00:29:20 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x402, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x1f, r0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 189.261247][ T7780] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 189.277743][ T7780] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 189.286139][ T7780] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 189.297047][ T7780] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.305451][ T7780] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 189.316136][ T7780] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 189.363976][ T7753] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.372560][ T7753] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.381507][ T7753] device bridge_slave_0 entered promiscuous mode [ 189.389530][ T7780] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 189.403422][ T7761] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.412435][ T7761] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.420266][ T7761] device bridge_slave_0 entered promiscuous mode [ 189.433874][ T7745] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.441546][ T7753] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.448722][ T7753] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.456304][ T7753] device bridge_slave_1 entered promiscuous mode [ 189.509572][ T7750] device hsr_slave_0 entered promiscuous mode [ 189.569664][ T7750] device hsr_slave_1 entered promiscuous mode [ 189.609878][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 189.618519][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 189.627042][ T7761] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.634100][ T7761] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.642039][ T7761] device bridge_slave_1 entered promiscuous mode [ 189.655283][ T7743] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 189.683854][ T7745] 8021q: adding VLAN 0 to HW filter on device team0 [ 189.703434][ T7761] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.714375][ T7753] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.726264][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 189.734323][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 189.756579][ T7743] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 189.766468][ T7761] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.776833][ T7753] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.791427][ T7794] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.800474][ T7794] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.808897][ T7794] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.815958][ T7794] bridge0: port 1(bridge_slave_0) entered forwarding state [ 189.823622][ T7794] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 189.832170][ T7794] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 189.840808][ T7794] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.847902][ T7794] bridge0: port 2(bridge_slave_1) entered forwarding state [ 189.855444][ T7794] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 189.864443][ T7794] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 189.898879][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 189.918516][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 189.933571][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 00:29:21 executing program 1: r0 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x638, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0x40045730, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, [0xfffffffe]}) [ 189.959442][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 189.974823][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.988936][ T7753] team0: Port device team_slave_0 added [ 189.995733][ T7761] team0: Port device team_slave_0 added [ 190.012685][ T7745] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 190.033178][ T7745] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 190.046505][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 190.055647][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 190.067607][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 190.076501][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 190.086307][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 190.094636][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 190.103423][ T7753] team0: Port device team_slave_1 added [ 190.114343][ T7761] team0: Port device team_slave_1 added [ 190.170003][ T7753] device hsr_slave_0 entered promiscuous mode [ 190.197000][ T7753] device hsr_slave_1 entered promiscuous mode [ 190.309510][ T7761] device hsr_slave_0 entered promiscuous mode [ 190.377065][ T7761] device hsr_slave_1 entered promiscuous mode [ 190.451590][ T7745] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 190.520594][ T7750] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.559197][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 190.570644][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 190.582034][ T7750] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.591394][ T7753] 8021q: adding VLAN 0 to HW filter on device bond0 00:29:22 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x805, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f00000009c0)={'syz0\x00'}, 0x45c) close(r0) [ 190.615082][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.623801][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.632250][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.639325][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.648694][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 190.671252][ T7761] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.689104][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.707419][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.715708][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.722784][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.730506][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 190.738924][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 190.759518][ T7753] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.771745][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 190.781704][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.790449][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 190.799833][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.808348][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.816870][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.825086][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.832159][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.840923][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 190.848830][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 190.867511][ T7761] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.892101][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 190.903553][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 190.913303][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 190.921939][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.930322][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 190.938842][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 190.947095][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.955550][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.964125][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.971289][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.980026][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 191.004260][ T7750] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 191.016242][ T7750] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 191.027573][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.036218][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.045461][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.052567][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.060361][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 191.069351][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 191.077739][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.086172][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.094551][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.101639][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.109529][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 191.129348][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 191.138826][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 191.148775][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 191.160963][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 191.170637][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 191.180011][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 191.189568][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.208618][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 191.217880][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 191.226448][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 191.235392][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 191.244456][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.252980][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 191.261783][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 191.272028][ T7746] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 191.285809][ T7761] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 191.298026][ T7761] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 191.314452][ T7753] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 191.327728][ T7753] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 191.335701][ T7746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 191.344648][ T7746] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 191.353384][ T7746] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 191.361952][ T7746] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 191.370383][ T7746] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 191.379057][ T7746] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 191.388930][ T7746] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 191.412813][ T7761] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 191.450124][ T7753] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 191.472561][ T7750] 8021q: adding VLAN 0 to HW filter on device batadv0 00:29:23 executing program 3: openat$vhci(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vhci\x00', 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x28}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 00:29:23 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") connect$inet(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x2, 0x3, 0x19) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x23, &(0x7f0000000000)={{{@in=@multicast2, @in6=@mcast2}}, {{@in6}, 0x0, @in6=@loopback}}, 0xe8) close(r1) 00:29:23 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) pipe(0x0) r1 = dup3(r0, 0xffffffffffffffff, 0x0) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) r4 = open$dir(&(0x7f0000000100)='./file0\x00', 0x4006, 0x0) sendfile(r4, r4, 0x0, 0x8800000) syz_genetlink_get_family_id$tipc(&(0x7f0000000280)='TIPC\x00') sendmsg$TIPC_CMD_SET_NODE_ADDR(r1, 0x0, 0x5) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000140)="66b9810000400f322ed30cbad104ec660f38df2b0fe21526660ff85e503ede1b0f20c06635000000800f22c0b800088ec00fae470b", 0x35}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000000)={{{@in=@remote, @in6=@initdev}}, {{@in=@initdev}, 0x0, @in=@multicast1}}, &(0x7f00000001c0)=0xe8) 00:29:23 executing program 1: socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x805, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f00000009c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe487]}, 0x45c) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) 00:29:23 executing program 2: ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000081, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f00000004c0)='./file1\x00', 0xe001, 0xaaaadeb, &(0x7f0000000040), 0x0, 0x0) 00:29:23 executing program 5: syz_emit_ethernet(0x3a, &(0x7f0000000080)={@local, @link_local, [], {@ipv4={0x800, {{0x9, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, @remote, @local, {[@timestamp={0x44, 0x10, 0x7, 0x3, 0x0, [{}, {}, {}]}]}}, @igmp={0x0, 0x0, 0x0, @multicast1}}}}}, 0x0) 00:29:23 executing program 5: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) getsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r0, 0x103) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) recvmmsg(r0, &(0x7f0000001b40)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x600, 0x3e8}}], 0x1, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) close(r0) write(r1, &(0x7f0000000100), 0x34000) 00:29:23 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) timer_create(0x0, 0x0, &(0x7f0000000280)=0x0) timer_settime(r2, 0x0, 0x0, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}}, &(0x7f0000d43000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) statx(0xffffffffffffffff, &(0x7f00000003c0)='./control/file0\x00', 0x0, 0x0, 0x0) mount(0x0, 0x0, &(0x7f00005f7ffa)='ramfs\x00', 0x0, 0x0) mlock(&(0x7f000019c000/0x2000)=nil, 0x2000) clone(0x0, 0x0, 0x0, 0x0, 0x0) mlock(&(0x7f0000400000/0x4000)=nil, 0x4000) mbind(&(0x7f000040a000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x2) getsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f0000000040), &(0x7f0000000080)=0x4) [ 192.050598][ T7861] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7861 [ 192.060350][ T7861] caller is ip6_finish_output+0x335/0xdc0 [ 192.066104][ T7861] CPU: 0 PID: 7861 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 192.075154][ T7861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 192.085217][ T7861] Call Trace: [ 192.088519][ T7861] dump_stack+0x172/0x1f0 [ 192.092880][ T7861] __this_cpu_preempt_check+0x246/0x270 [ 192.098447][ T7861] ip6_finish_output+0x335/0xdc0 [ 192.103399][ T7861] ip6_output+0x235/0x7f0 [ 192.107739][ T7861] ? ip6_finish_output+0xdc0/0xdc0 [ 192.112884][ T7861] ? ip6_fragment+0x3980/0x3980 [ 192.117756][ T7861] ? kasan_check_read+0x11/0x20 [ 192.122622][ T7861] ip6_xmit+0xe41/0x20c0 [ 192.126888][ T7861] ? ip6_finish_output2+0x2550/0x2550 [ 192.132361][ T7861] ? mark_held_locks+0xf0/0xf0 [ 192.137145][ T7861] ? ip6_setup_cork+0x1870/0x1870 [ 192.142190][ T7861] sctp_v6_xmit+0x313/0x660 [ 192.146706][ T7861] sctp_packet_transmit+0x1bc4/0x36f0 [ 192.152116][ T7861] ? sctp_packet_config+0xfe0/0xfe0 [ 192.157329][ T7861] ? sctp_packet_append_chunk+0x946/0xda0 [ 192.163057][ T7861] ? sctp_outq_select_transport+0x21a/0x790 [ 192.168968][ T7861] sctp_outq_flush_ctrl.constprop.0+0x6d4/0xd50 [ 192.175231][ T7861] ? sctp_prsctp_prune_sent.isra.0+0x820/0x820 [ 192.181387][ T7861] ? lock_downgrade+0x880/0x880 [ 192.186247][ T7861] ? add_timer+0x400/0x930 [ 192.190670][ T7861] ? find_held_lock+0x35/0x130 [ 192.195437][ T7861] ? add_timer+0x41e/0x930 [ 192.199875][ T7861] sctp_outq_flush+0xe8/0x2780 [ 192.204651][ T7861] ? mark_held_locks+0xa4/0xf0 [ 192.209421][ T7861] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 192.215228][ T7861] ? add_timer+0x41e/0x930 [ 192.219644][ T7861] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 192.225720][ T7861] ? lockdep_hardirqs_on+0x418/0x5d0 [ 192.233808][ T7861] ? trace_hardirqs_on+0x67/0x230 [ 192.238840][ T7861] ? __sctp_outq_teardown+0xc60/0xc60 [ 192.244236][ T7861] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 192.250484][ T7861] ? sctp_outq_tail+0x68c/0x930 [ 192.255340][ T7861] sctp_outq_uncork+0x6c/0x80 [ 192.260022][ T7861] sctp_do_sm+0x2575/0x5770 [ 192.264532][ T7861] ? sctp_hash_transport+0xdb1/0x18d0 [ 192.269911][ T7861] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 192.269932][ T7861] ? __local_bh_enable_ip+0x15a/0x270 [ 192.269948][ T7861] ? lock_downgrade+0x880/0x880 [ 192.269961][ T7861] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.269980][ T7861] ? kasan_check_read+0x11/0x20 00:29:23 executing program 4: write$P9_RGETLOCK(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/kvm\x00', 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000100)="460f300f07c483614804ee08440f20c03506000000440f22c0c402f93473230f09f20f013cb9b805000000b9c00000000f01d90fc728c4c1f9e79f2e000000", 0x3f}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 192.269997][ T7861] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.270012][ T7861] ? sctp_hash_transport+0x10b/0x18d0 [ 192.270044][ T7861] ? memcpy+0x46/0x50 [ 192.313510][ T7861] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.319758][ T7861] ? sctp_assoc_set_primary+0x274/0x310 [ 192.325314][ T7861] sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 192.330696][ T7861] __sctp_connect+0x8cd/0xce0 [ 192.335388][ T7861] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 192.340954][ T7861] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.347205][ T7861] ? _copy_from_user+0xdd/0x150 [ 192.352071][ T7861] ? security_sctp_bind_connect+0x99/0xd0 [ 192.357804][ T7861] __sctp_setsockopt_connectx+0x133/0x1a0 [ 192.363534][ T7861] sctp_setsockopt+0x15db/0x6fe0 [ 192.368486][ T7861] ? sctp_setsockopt_paddr_thresholds+0x540/0x540 [ 192.368506][ T7861] ? kasan_check_read+0x11/0x20 [ 192.368527][ T7861] ? ___might_sleep+0x163/0x280 [ 192.368542][ T7861] ? __might_sleep+0x95/0x190 [ 192.368559][ T7861] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 192.368572][ T7861] ? aa_sk_perm+0x288/0x880 [ 192.368602][ T7861] ? aa_sock_opt_perm.isra.0+0xa1/0x130 [ 192.368623][ T7861] sock_common_setsockopt+0x9a/0xe0 [ 192.395103][ T7861] __sys_setsockopt+0x180/0x280 [ 192.410300][ T7861] ? kernel_accept+0x310/0x310 [ 192.410324][ T7861] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.410339][ T7861] ? do_syscall_64+0x26/0x610 [ 192.410363][ T7861] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.436106][ T7861] ? do_syscall_64+0x26/0x610 [ 192.440796][ T7861] __x64_sys_setsockopt+0xbe/0x150 [ 192.445911][ T7861] do_syscall_64+0x103/0x610 [ 192.450517][ T7861] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.450530][ T7861] RIP: 0033:0x4582b9 [ 192.450550][ T7861] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 192.479902][ T7861] RSP: 002b:00007f94a026dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 192.488328][ T7861] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004582b9 [ 192.496299][ T7861] RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000005 [ 192.504274][ T7861] RBP: 000000000073bfa0 R08: 000000000000001c R09: 0000000000000000 [ 192.512250][ T7861] R10: 0000000020000000 R11: 0000000000000246 R12: 00007f94a026e6d4 [ 192.520224][ T7861] R13: 00000000004cd198 R14: 00000000004dafa0 R15: 00000000ffffffff [ 192.609757][ T7861] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7861 [ 192.619471][ T7861] caller is ip6_finish_output+0x335/0xdc0 [ 192.625212][ T7861] CPU: 0 PID: 7861 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 192.634230][ T7861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 192.634237][ T7861] Call Trace: [ 192.634261][ T7861] dump_stack+0x172/0x1f0 [ 192.634284][ T7861] __this_cpu_preempt_check+0x246/0x270 [ 192.634305][ T7861] ip6_finish_output+0x335/0xdc0 [ 192.634328][ T7861] ip6_output+0x235/0x7f0 [ 192.666855][ T7861] ? ip6_finish_output+0xdc0/0xdc0 [ 192.672111][ T7861] ? ip6_fragment+0x3980/0x3980 [ 192.676977][ T7861] ? kasan_check_read+0x11/0x20 [ 192.676999][ T7861] ip6_xmit+0xe41/0x20c0 [ 192.677025][ T7861] ? ip6_finish_output2+0x2550/0x2550 [ 192.677041][ T7861] ? mark_held_locks+0xf0/0xf0 [ 192.677059][ T7861] ? ip6_setup_cork+0x1870/0x1870 [ 192.691657][ T7861] sctp_v6_xmit+0x313/0x660 [ 192.691682][ T7861] sctp_packet_transmit+0x1bc4/0x36f0 [ 192.691716][ T7861] ? sctp_packet_config+0xfe0/0xfe0 [ 192.716559][ T7861] ? kmem_cache_alloc_node_trace+0x352/0x720 [ 192.722554][ T7861] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.728813][ T7861] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 192.734554][ T7861] sctp_outq_flush+0x2b8/0x2780 [ 192.739427][ T7861] ? sctp_chunkify+0x4b/0x290 [ 192.744148][ T7861] ? __sctp_outq_teardown+0xc60/0xc60 [ 192.749550][ T7861] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 192.755836][ T7861] ? sctp_outq_tail+0x68c/0x930 [ 192.755855][ T7861] sctp_outq_uncork+0x6c/0x80 [ 192.755893][ T7861] sctp_do_sm+0x2575/0x5770 [ 192.755926][ T7861] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 192.755946][ T7861] ? sctp_prsctp_prune_sent.isra.0+0x820/0x820 [ 192.782931][ T7861] ? lock_downgrade+0x880/0x880 [ 192.787811][ T7861] ? sctp_assoc_bh_rcv+0x2fc/0x660 [ 192.792945][ T7861] ? find_held_lock+0x35/0x130 [ 192.797733][ T7861] ? sctp_assoc_bh_rcv+0x2fc/0x660 [ 192.802898][ T7861] ? trace_hardirqs_on+0x67/0x230 [ 192.807954][ T7861] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 192.813895][ T7861] ? ktime_get+0x208/0x300 [ 192.818343][ T7861] sctp_assoc_bh_rcv+0x343/0x660 [ 192.818369][ T7861] sctp_inq_push+0x1ea/0x290 [ 192.818388][ T7861] sctp_backlog_rcv+0x196/0xbe0 [ 192.818401][ T7861] ? __local_bh_enable_ip+0x15a/0x270 [ 192.818414][ T7861] ? _raw_spin_unlock_bh+0x31/0x40 [ 192.818427][ T7861] ? __local_bh_enable_ip+0x15a/0x270 [ 192.818448][ T7861] ? sctp_hash_obj+0x600/0x600 [ 192.853531][ T7861] ? __release_sock+0xca/0x3a0 [ 192.858316][ T7861] ? __local_bh_enable_ip+0x15a/0x270 [ 192.863795][ T7861] __release_sock+0x12e/0x3a0 [ 192.868490][ T7861] release_sock+0x59/0x1c0 [ 192.872940][ T7861] sctp_wait_for_connect+0x316/0x540 [ 192.878237][ T7861] ? sctp_get_port+0x180/0x180 [ 192.883012][ T7861] ? memcpy+0x46/0x50 [ 192.887093][ T7861] ? finish_wait+0x260/0x260 [ 192.891699][ T7861] ? sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 192.897274][ T7861] __sctp_connect+0xac2/0xce0 [ 192.901969][ T7861] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 192.907534][ T7861] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.913778][ T7861] ? _copy_from_user+0xdd/0x150 [ 192.918708][ T7861] ? security_sctp_bind_connect+0x99/0xd0 [ 192.924440][ T7861] __sctp_setsockopt_connectx+0x133/0x1a0 [ 192.930178][ T7861] sctp_setsockopt+0x15db/0x6fe0 [ 192.935232][ T7861] ? sctp_setsockopt_paddr_thresholds+0x540/0x540 [ 192.941655][ T7861] ? kasan_check_read+0x11/0x20 [ 192.946519][ T7861] ? ___might_sleep+0x163/0x280 [ 192.951615][ T7861] ? __might_sleep+0x95/0x190 [ 192.956303][ T7861] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 192.961951][ T7861] ? aa_sk_perm+0x288/0x880 [ 192.966511][ T7861] ? aa_sock_opt_perm.isra.0+0xa1/0x130 [ 192.972247][ T7861] sock_common_setsockopt+0x9a/0xe0 [ 192.977478][ T7861] __sys_setsockopt+0x180/0x280 [ 192.982346][ T7861] ? kernel_accept+0x310/0x310 [ 192.987125][ T7861] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.992592][ T7861] ? do_syscall_64+0x26/0x610 [ 192.997344][ T7861] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.003423][ T7861] ? do_syscall_64+0x26/0x610 [ 193.008123][ T7861] __x64_sys_setsockopt+0xbe/0x150 [ 193.013249][ T7861] do_syscall_64+0x103/0x610 [ 193.017854][ T7861] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.024275][ T7861] RIP: 0033:0x4582b9 [ 193.028180][ T7861] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 193.047888][ T7861] RSP: 002b:00007f94a026dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 193.056416][ T7861] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004582b9 [ 193.064403][ T7861] RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000005 [ 193.072634][ T7861] RBP: 000000000073bfa0 R08: 000000000000001c R09: 0000000000000000 [ 193.080622][ T7861] R10: 0000000020000000 R11: 0000000000000246 R12: 00007f94a026e6d4 [ 193.088609][ T7861] R13: 00000000004cd198 R14: 00000000004dafa0 R15: 00000000ffffffff 00:29:24 executing program 5: sched_setaffinity(0x0, 0xfffffc90, &(0x7f00000005c0)=0x1) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$P9_RGETLOCK(0xffffffffffffffff, &(0x7f0000000400)={0x21, 0x37, 0x0, {0x0, 0x0, 0x9a73, 0x0, 0x3, '%-!'}}, 0x21) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/kvm\x00', 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cpuacct.usage_sys\x00', 0x0, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f0000000300)="bf9d154b885b9dc5011bf0aa782d9926", 0x10) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f00000001c0)=@req3={0x1, 0x0, 0x0, 0x0, 0xffffffffffffbe9c}, 0x1c) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4008ae93, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_GET_PIT(0xffffffffffffffff, 0xc048ae65, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000100)="460f300f07c483614804ee08440f20c03506000000440f22c0c402f93473230f09f20f013cb9b805000000b9c00000000f01d90fc728c4c1f9e79f2e000000", 0x3f}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) mremap(&(0x7f0000fed000/0x2000)=nil, 0x2000, 0x4000, 0x0, &(0x7f0000ffa000/0x4000)=nil) 00:29:24 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x8000000000000001) write$evdev(r0, &(0x7f0000057fa0)=[{}, {}], 0xfffffd24) execveat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0) 00:29:24 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x6, 0x400) ioctl$SIOCAX25ADDUID(r0, 0x89e1, &(0x7f00000000c0)={0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}}) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000840)=""/148, 0x94}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x73) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69) connect(r1, &(0x7f0000000180)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80) sendmmsg$inet_sctp(r1, &(0x7f00000003c0), 0x3a301e0909ff38c, 0x0) lseek(r1, 0x50, 0x2) syz_genetlink_get_family_id$net_dm(&(0x7f0000000280)='NET_DM\x00') ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) [ 193.416425][ T7900] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7900 [ 193.426236][ T7900] caller is ip6_finish_output+0x335/0xdc0 [ 193.447650][ T7900] CPU: 0 PID: 7900 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 193.457041][ T7900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 193.467438][ T7900] Call Trace: [ 193.470762][ T7900] dump_stack+0x172/0x1f0 [ 193.475146][ T7900] __this_cpu_preempt_check+0x246/0x270 [ 193.480794][ T7900] ip6_finish_output+0x335/0xdc0 [ 193.485760][ T7900] ip6_output+0x235/0x7f0 [ 193.490115][ T7900] ? ip6_finish_output+0xdc0/0xdc0 [ 193.495242][ T7900] ? retint_kernel+0x2d/0x2d [ 193.499852][ T7900] ? ip6_fragment+0x3980/0x3980 [ 193.504763][ T7900] ip6_local_out+0xc4/0x1b0 [ 193.509374][ T7900] ip6_send_skb+0xbb/0x350 [ 193.513812][ T7900] ip6_push_pending_frames+0xc8/0xf0 [ 193.519116][ T7900] l2tp_ip6_sendmsg+0x140a/0x1790 [ 193.524155][ T7900] ? lockdep_hardirqs_on+0x418/0x5d0 [ 193.529463][ T7900] ? l2tp_ip6_recv+0xf10/0xf10 [ 193.534244][ T7900] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 193.539810][ T7900] ? retint_kernel+0x2d/0x2d [ 193.544423][ T7900] ? aa_label_sk_perm+0x101/0x560 [ 193.549466][ T7900] ? debug_lockdep_rcu_enabled+0x5a/0xa0 [ 193.555128][ T7900] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 193.560779][ T7900] inet_sendmsg+0x147/0x5e0 [ 193.565299][ T7900] ? l2tp_ip6_recv+0xf10/0xf10 [ 193.570078][ T7900] ? inet_sendmsg+0x147/0x5e0 [ 193.574888][ T7900] ? ipip_gro_receive+0x100/0x100 [ 193.579948][ T7900] sock_sendmsg+0xdd/0x130 [ 193.584384][ T7900] ___sys_sendmsg+0x3e2/0x930 [ 193.589369][ T7900] ? copy_msghdr_from_user+0x430/0x430 [ 193.594856][ T7900] ? lock_downgrade+0x880/0x880 [ 193.599789][ T7900] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.606054][ T7900] ? kasan_check_read+0x11/0x20 [ 193.610942][ T7900] ? __fget+0x381/0x550 [ 193.615121][ T7900] ? ksys_dup3+0x3e0/0x3e0 [ 193.619564][ T7900] ? __fget_light+0x1a9/0x230 [ 193.624253][ T7900] ? __fdget+0x1b/0x20 [ 193.628339][ T7900] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 193.634598][ T7900] ? sockfd_lookup_light+0xcb/0x180 [ 193.639813][ T7900] __sys_sendmmsg+0x1bf/0x4d0 [ 193.644515][ T7900] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 193.649718][ T7900] ? _copy_to_user+0xc9/0x120 [ 193.654666][ T7900] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 193.661319][ T7900] ? put_timespec64+0xda/0x140 [ 193.666102][ T7900] ? nsecs_to_jiffies+0x30/0x30 [ 193.671164][ T7900] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 193.676636][ T7900] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 193.682114][ T7900] ? do_syscall_64+0x26/0x610 [ 193.686807][ T7900] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.692920][ T7900] ? do_syscall_64+0x26/0x610 [ 193.697704][ T7900] __x64_sys_sendmmsg+0x9d/0x100 [ 193.702658][ T7900] do_syscall_64+0x103/0x610 [ 193.707328][ T7900] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.713234][ T7900] RIP: 0033:0x4582b9 [ 193.717140][ T7900] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 193.737000][ T7900] RSP: 002b:00007ff1ab377c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 193.745427][ T7900] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 193.753413][ T7900] RDX: 03a301e0909ff38c RSI: 00000000200003c0 RDI: 0000000000000004 [ 193.761397][ T7900] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 193.769383][ T7900] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff1ab3786d4 [ 193.777367][ T7900] R13: 00000000004c5246 R14: 00000000004d93b0 R15: 00000000ffffffff [ 193.835334][ T7900] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7900 [ 193.845996][ T7900] caller is ip6_finish_output+0x335/0xdc0 [ 193.851926][ T7900] CPU: 0 PID: 7900 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 193.861052][ T7900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 193.871122][ T7900] Call Trace: [ 193.874436][ T7900] dump_stack+0x172/0x1f0 [ 193.878890][ T7900] __this_cpu_preempt_check+0x246/0x270 [ 193.884556][ T7900] ip6_finish_output+0x335/0xdc0 [ 193.889655][ T7900] ip6_output+0x235/0x7f0 [ 193.894014][ T7900] ? ip6_finish_output+0xdc0/0xdc0 [ 193.899157][ T7900] ? ip6_fragment+0x3980/0x3980 [ 193.904106][ T7900] ip6_local_out+0xc4/0x1b0 [ 193.908634][ T7900] ip6_send_skb+0xbb/0x350 [ 193.913072][ T7900] ip6_push_pending_frames+0xc8/0xf0 [ 193.918367][ T7900] l2tp_ip6_sendmsg+0x140a/0x1790 [ 193.923468][ T7900] ? aa_profile_af_perm+0x320/0x320 [ 193.928686][ T7900] ? l2tp_ip6_recv+0xf10/0xf10 [ 193.933612][ T7900] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 193.939888][ T7900] ? rw_copy_check_uvector+0x2a6/0x330 [ 193.945368][ T7900] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 193.950847][ T7900] ? ___might_sleep+0x163/0x280 [ 193.955737][ T7900] ? __might_sleep+0x95/0x190 [ 193.960439][ T7900] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 193.965997][ T7900] inet_sendmsg+0x147/0x5e0 [ 193.970507][ T7900] ? l2tp_ip6_recv+0xf10/0xf10 [ 193.975459][ T7900] ? inet_sendmsg+0x147/0x5e0 [ 193.980434][ T7900] ? ipip_gro_receive+0x100/0x100 [ 193.985690][ T7900] sock_sendmsg+0xdd/0x130 [ 193.990425][ T7900] ___sys_sendmsg+0x3e2/0x930 [ 193.995600][ T7900] ? copy_msghdr_from_user+0x430/0x430 [ 194.002490][ T7900] ? __lock_acquire+0x548/0x3fb0 [ 194.009216][ T7900] ? lock_downgrade+0x880/0x880 [ 194.014716][ T7900] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.021834][ T7900] ? kasan_check_read+0x11/0x20 [ 194.027912][ T7900] ? __might_fault+0x12b/0x1e0 [ 194.033133][ T7900] ? find_held_lock+0x35/0x130 [ 194.038055][ T7900] ? __might_fault+0x12b/0x1e0 [ 194.043333][ T7900] ? lock_downgrade+0x880/0x880 [ 194.048261][ T7900] ? ___might_sleep+0x163/0x280 [ 194.053122][ T7900] __sys_sendmmsg+0x1bf/0x4d0 [ 194.057954][ T7900] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 194.063097][ T7900] ? _copy_to_user+0xc9/0x120 [ 194.067938][ T7900] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.074259][ T7900] ? put_timespec64+0xda/0x140 [ 194.079039][ T7900] ? nsecs_to_jiffies+0x30/0x30 [ 194.083940][ T7900] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.089411][ T7900] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.094998][ T7900] ? do_syscall_64+0x26/0x610 [ 194.099690][ T7900] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.105790][ T7900] ? do_syscall_64+0x26/0x610 [ 194.110624][ T7900] __x64_sys_sendmmsg+0x9d/0x100 [ 194.115582][ T7900] do_syscall_64+0x103/0x610 [ 194.120192][ T7900] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.126180][ T7900] RIP: 0033:0x4582b9 [ 194.130261][ T7900] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 194.150908][ T7900] RSP: 002b:00007ff1ab377c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 194.159448][ T7900] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 194.167448][ T7900] RDX: 03a301e0909ff38c RSI: 00000000200003c0 RDI: 0000000000000004 [ 194.175586][ T7900] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 194.183564][ T7900] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff1ab3786d4 [ 194.191684][ T7900] R13: 00000000004c5246 R14: 00000000004d93b0 R15: 00000000ffffffff [ 194.216854][ T7900] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7900 [ 194.226419][ T7900] caller is ip6_finish_output+0x335/0xdc0 [ 194.232743][ T7900] CPU: 0 PID: 7900 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 194.241894][ T7900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.251967][ T7900] Call Trace: [ 194.255300][ T7900] dump_stack+0x172/0x1f0 [ 194.259654][ T7900] __this_cpu_preempt_check+0x246/0x270 [ 194.265225][ T7900] ip6_finish_output+0x335/0xdc0 [ 194.270189][ T7900] ip6_output+0x235/0x7f0 [ 194.274537][ T7900] ? ip6_finish_output+0xdc0/0xdc0 [ 194.279666][ T7900] ? ip6_fragment+0x3980/0x3980 [ 194.284541][ T7900] ip6_local_out+0xc4/0x1b0 [ 194.289064][ T7900] ip6_send_skb+0xbb/0x350 [ 194.293498][ T7900] ip6_push_pending_frames+0xc8/0xf0 [ 194.298795][ T7900] l2tp_ip6_sendmsg+0x140a/0x1790 [ 194.303833][ T7900] ? aa_profile_af_perm+0x320/0x320 [ 194.309388][ T7900] ? l2tp_ip6_recv+0xf10/0xf10 [ 194.314172][ T7900] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.319742][ T7900] ? lockdep_hardirqs_on+0x418/0x5d0 [ 194.325040][ T7900] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.330509][ T7900] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.336077][ T7900] ? lockdep_hardirqs_on+0x418/0x5d0 [ 194.341371][ T7900] ? retint_kernel+0x2d/0x2d [ 194.346031][ T7900] ? trace_hardirqs_on_caller+0x6a/0x220 [ 194.351685][ T7900] ? retint_kernel+0x2d/0x2d [ 194.356285][ T7900] ? ipip_gro_receive+0x100/0x100 [ 194.361390][ T7900] inet_sendmsg+0x147/0x5e0 [ 194.365930][ T7900] ? l2tp_ip6_recv+0xf10/0xf10 [ 194.370702][ T7900] ? inet_sendmsg+0x147/0x5e0 [ 194.375393][ T7900] ? ipip_gro_receive+0x100/0x100 [ 194.380432][ T7900] sock_sendmsg+0xdd/0x130 [ 194.384887][ T7900] ___sys_sendmsg+0x3e2/0x930 [ 194.389637][ T7900] ? copy_msghdr_from_user+0x430/0x430 [ 194.395291][ T7900] ? __lock_acquire+0x548/0x3fb0 [ 194.400239][ T7900] ? lock_downgrade+0x880/0x880 [ 194.405243][ T7900] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.411675][ T7900] ? kasan_check_read+0x11/0x20 [ 194.416728][ T7900] ? __might_fault+0x12b/0x1e0 [ 194.421501][ T7900] ? find_held_lock+0x35/0x130 [ 194.426364][ T7900] ? __might_fault+0x12b/0x1e0 [ 194.431164][ T7900] ? lock_downgrade+0x880/0x880 [ 194.436037][ T7900] ? ___might_sleep+0x163/0x280 [ 194.440926][ T7900] __sys_sendmmsg+0x1bf/0x4d0 [ 194.445617][ T7900] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 194.450757][ T7900] ? _copy_to_user+0xc9/0x120 [ 194.455450][ T7900] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.461905][ T7900] ? put_timespec64+0xda/0x140 [ 194.466771][ T7900] ? nsecs_to_jiffies+0x30/0x30 [ 194.471708][ T7900] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.477265][ T7900] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.482836][ T7900] ? do_syscall_64+0x26/0x610 [ 194.487548][ T7900] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.493715][ T7900] ? do_syscall_64+0x26/0x610 [ 194.498495][ T7900] __x64_sys_sendmmsg+0x9d/0x100 [ 194.503456][ T7900] do_syscall_64+0x103/0x610 [ 194.508066][ T7900] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.514033][ T7900] RIP: 0033:0x4582b9 [ 194.517962][ T7900] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 194.537756][ T7900] RSP: 002b:00007ff1ab377c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 194.546288][ T7900] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 194.554279][ T7900] RDX: 03a301e0909ff38c RSI: 00000000200003c0 RDI: 0000000000000004 [ 194.562429][ T7900] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 194.570424][ T7900] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff1ab3786d4 [ 194.578410][ T7900] R13: 00000000004c5246 R14: 00000000004d93b0 R15: 00000000ffffffff [ 194.657467][ T7900] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7900 [ 194.667036][ T7900] caller is ip6_finish_output+0x335/0xdc0 [ 194.672787][ T7900] CPU: 1 PID: 7900 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 194.681818][ T7900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.691947][ T7900] Call Trace: [ 194.695263][ T7900] dump_stack+0x172/0x1f0 [ 194.699617][ T7900] __this_cpu_preempt_check+0x246/0x270 [ 194.705194][ T7900] ip6_finish_output+0x335/0xdc0 [ 194.710169][ T7900] ip6_output+0x235/0x7f0 [ 194.714609][ T7900] ? ip6_finish_output+0xdc0/0xdc0 [ 194.719745][ T7900] ? ip6_fragment+0x3980/0x3980 [ 194.724699][ T7900] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 194.730268][ T7900] ip6_local_out+0xc4/0x1b0 [ 194.734796][ T7900] ip6_send_skb+0xbb/0x350 [ 194.739348][ T7900] ip6_push_pending_frames+0xc8/0xf0 [ 194.744735][ T7900] l2tp_ip6_sendmsg+0x140a/0x1790 [ 194.749782][ T7900] ? aa_profile_af_perm+0x320/0x320 [ 194.755006][ T7900] ? l2tp_ip6_recv+0xf10/0xf10 [ 194.759892][ T7900] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.766154][ T7900] ? rw_copy_check_uvector+0x2a6/0x330 [ 194.771649][ T7900] ? ___might_sleep+0x163/0x280 [ 194.776524][ T7900] ? __might_sleep+0x95/0x190 [ 194.781236][ T7900] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 194.786808][ T7900] inet_sendmsg+0x147/0x5e0 [ 194.791431][ T7900] ? l2tp_ip6_recv+0xf10/0xf10 [ 194.796214][ T7900] ? inet_sendmsg+0x147/0x5e0 [ 194.800934][ T7900] ? ipip_gro_receive+0x100/0x100 [ 194.806007][ T7900] sock_sendmsg+0xdd/0x130 [ 194.810539][ T7900] ___sys_sendmsg+0x3e2/0x930 [ 194.815248][ T7900] ? copy_msghdr_from_user+0x430/0x430 [ 194.820732][ T7900] ? __lock_acquire+0x548/0x3fb0 [ 194.825693][ T7900] ? lock_downgrade+0x880/0x880 [ 194.830568][ T7900] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.836840][ T7900] ? kasan_check_read+0x11/0x20 [ 194.841784][ T7900] ? __might_fault+0x12b/0x1e0 [ 194.846568][ T7900] ? find_held_lock+0x35/0x130 [ 194.851358][ T7900] ? __might_fault+0x12b/0x1e0 [ 194.856321][ T7900] ? lock_downgrade+0x880/0x880 [ 194.861225][ T7900] ? ___might_sleep+0x163/0x280 [ 194.866096][ T7900] __sys_sendmmsg+0x1bf/0x4d0 [ 194.870799][ T7900] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 194.875855][ T7900] ? _copy_to_user+0xc9/0x120 [ 194.880669][ T7900] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.887006][ T7900] ? put_timespec64+0xda/0x140 [ 194.891795][ T7900] ? nsecs_to_jiffies+0x30/0x30 [ 194.896712][ T7900] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.902193][ T7900] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.907673][ T7900] ? do_syscall_64+0x26/0x610 [ 194.912377][ T7900] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.918471][ T7900] ? do_syscall_64+0x26/0x610 [ 194.923171][ T7900] __x64_sys_sendmmsg+0x9d/0x100 [ 194.928132][ T7900] do_syscall_64+0x103/0x610 [ 194.932747][ T7900] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.938813][ T7900] RIP: 0033:0x4582b9 [ 194.942727][ T7900] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 194.962346][ T7900] RSP: 002b:00007ff1ab377c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 194.970775][ T7900] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 194.978787][ T7900] RDX: 03a301e0909ff38c RSI: 00000000200003c0 RDI: 0000000000000004 [ 194.989080][ T7900] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 194.997065][ T7900] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff1ab3786d4 00:29:26 executing program 3: openat$vhci(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vhci\x00', 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x28}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 00:29:26 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f00000001c0)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCSKEYCODE(r0, 0x40084504, &(0x7f0000000100)) [ 195.005134][ T7900] R13: 00000000004c5246 R14: 00000000004d93b0 R15: 00000000ffffffff 00:29:26 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000001000), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) write$FUSE_ENTRY(r0, &(0x7f0000002000)={0x90, 0x0, 0x2}, 0x90) 00:29:26 executing program 3: openat$vhci(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vhci\x00', 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x28}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0)