[ 38.644249][ T27] audit: type=1800 audit(1554667524.471:27): pid=7581 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 38.664797][ T27] audit: type=1800 audit(1554667524.471:28): pid=7581 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 39.377327][ T27] audit: type=1800 audit(1554667525.261:29): pid=7581 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [....] startpar: service(s) returned failure: ssh ...[?25l[?1c7[FAIL8[?25h[?0c failed! Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.62' (ECDSA) to the list of known hosts. 2019/04/07 20:05:42 fuzzer started 2019/04/07 20:05:45 dialing manager at 10.128.0.26:34543 2019/04/07 20:05:45 syscalls: 2408 2019/04/07 20:05:45 code coverage: enabled 2019/04/07 20:05:45 comparison tracing: enabled 2019/04/07 20:05:45 extra coverage: extra coverage is not supported by the kernel 2019/04/07 20:05:45 setuid sandbox: enabled 2019/04/07 20:05:45 namespace sandbox: enabled 2019/04/07 20:05:45 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/07 20:05:45 fault injection: enabled 2019/04/07 20:05:45 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/07 20:05:45 net packet injection: enabled 2019/04/07 20:05:45 net device setup: enabled 20:07:59 executing program 0: r0 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r0, &(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x0, 0x0, 0x2, {0xa, 0x0, 0x0, @dev}}}, 0x3a) syzkaller login: [ 193.360838][ T7767] IPVS: ftp: loaded support on port[0] = 21 20:07:59 executing program 1: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha1\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) [ 193.472433][ T7767] chnl_net:caif_netlink_parms(): no params data found [ 193.556332][ T7767] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.564575][ T7767] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.573160][ T7767] device bridge_slave_0 entered promiscuous mode [ 193.584880][ T7767] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.592135][ T7767] bridge0: port 2(bridge_slave_1) entered disabled state [ 193.601345][ T7767] device bridge_slave_1 entered promiscuous mode [ 193.648684][ T7770] IPVS: ftp: loaded support on port[0] = 21 [ 193.657277][ T7767] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 193.675577][ T7767] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 193.716945][ T7767] team0: Port device team_slave_0 added [ 193.738397][ T7767] team0: Port device team_slave_1 added 20:07:59 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\xac\x00\x00', 0x4) ftruncate(r0, 0x8) [ 193.826839][ T7767] device hsr_slave_0 entered promiscuous mode [ 193.884086][ T7767] device hsr_slave_1 entered promiscuous mode [ 193.953332][ T7772] IPVS: ftp: loaded support on port[0] = 21 [ 193.955229][ T7767] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.966775][ T7767] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.974951][ T7767] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.982475][ T7767] bridge0: port 1(bridge_slave_0) entered forwarding state [ 194.051492][ T7770] chnl_net:caif_netlink_parms(): no params data found [ 194.170437][ T7770] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.179605][ T7770] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.188375][ T7770] device bridge_slave_0 entered promiscuous mode [ 194.197274][ T7770] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.206785][ T7770] bridge0: port 2(bridge_slave_1) entered disabled state 20:08:00 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000540)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffff9c, 0x8933, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000580)=ANY=[@ANYRES32], &(0x7f00000000c0)=0x1) [ 194.215868][ T7770] device bridge_slave_1 entered promiscuous mode [ 194.280626][ T7770] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 194.323626][ T7767] 8021q: adding VLAN 0 to HW filter on device bond0 [ 194.337845][ T7770] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 194.356747][ T7772] chnl_net:caif_netlink_parms(): no params data found [ 194.398564][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 194.425752][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.450490][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.462863][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 194.510129][ T7767] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.553055][ T7777] IPVS: ftp: loaded support on port[0] = 21 [ 194.570560][ T7770] team0: Port device team_slave_0 added [ 194.582433][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready 20:08:00 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bind$unix(r0, &(0x7f0000000100)=@abs={0x1}, 0x6e) [ 194.596305][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 194.607429][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.614616][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 194.669998][ T7770] team0: Port device team_slave_1 added [ 194.681108][ T2869] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 194.698544][ T2869] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 194.708296][ T2869] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.715549][ T2869] bridge0: port 2(bridge_slave_1) entered forwarding state [ 194.727637][ T2869] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 194.737232][ T2869] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 194.779363][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 194.791673][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 194.818676][ T7772] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.826587][ T7772] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.838020][ T7772] device bridge_slave_0 entered promiscuous mode [ 194.856526][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 194.869436][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 194.879147][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 194.891260][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 194.907597][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 194.928131][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 194.937793][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 194.952773][ T7767] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 194.966577][ T7772] bridge0: port 2(bridge_slave_1) entered blocking state 20:08:00 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000540)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x2000000000000000) [ 194.980584][ T7772] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.990244][ T7772] device bridge_slave_1 entered promiscuous mode [ 195.048185][ T7770] device hsr_slave_0 entered promiscuous mode [ 195.114218][ T7770] device hsr_slave_1 entered promiscuous mode [ 195.200761][ T7772] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 195.216014][ T7772] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 195.216146][ T7781] IPVS: ftp: loaded support on port[0] = 21 [ 195.252062][ T7772] team0: Port device team_slave_0 added [ 195.278243][ T7772] team0: Port device team_slave_1 added [ 195.316666][ T7783] IPVS: ftp: loaded support on port[0] = 21 [ 195.366142][ T7772] device hsr_slave_0 entered promiscuous mode [ 195.424149][ T7772] device hsr_slave_1 entered promiscuous mode [ 195.557364][ T7767] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 195.710474][ T7777] chnl_net:caif_netlink_parms(): no params data found [ 195.749330][ T7781] chnl_net:caif_netlink_parms(): no params data found 20:08:01 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000300)='/dev/video#\x00', 0x6, 0x0) ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, &(0x7f0000000340)={0x9, @output}) [ 195.856068][ T7770] 8021q: adding VLAN 0 to HW filter on device bond0 20:08:01 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000540)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffff9c, 0x8933, 0x0) [ 195.910287][ T7777] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.920763][ T7777] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.931797][ T7777] device bridge_slave_0 entered promiscuous mode [ 195.971213][ T7777] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.979123][ T7777] bridge0: port 2(bridge_slave_1) entered disabled state [ 195.987717][ T7777] device bridge_slave_1 entered promiscuous mode [ 196.008538][ C1] hrtimer: interrupt took 25476 ns [ 196.065747][ T7781] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.073551][ T7781] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.081901][ T7781] device bridge_slave_0 entered promiscuous mode [ 196.096905][ T7777] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 196.139140][ T7772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.148563][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 196.157534][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 196.169757][ T7770] 8021q: adding VLAN 0 to HW filter on device team0 [ 196.178036][ T7781] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.186887][ T7781] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.196028][ T7781] device bridge_slave_1 entered promiscuous mode [ 196.206268][ T7777] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 196.232806][ T7772] 8021q: adding VLAN 0 to HW filter on device team0 [ 196.268836][ T2869] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 196.277227][ T2869] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 196.286348][ T2869] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 196.298055][ T2869] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 196.307181][ T2869] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.314406][ T2869] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.323157][ T2869] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 196.332283][ T2869] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 196.341518][ T2869] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.348717][ T2869] bridge0: port 2(bridge_slave_1) entered forwarding state [ 196.357086][ T2869] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 196.400226][ T7783] chnl_net:caif_netlink_parms(): no params data found [ 196.432622][ T7781] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 196.443664][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 196.460916][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 196.470129][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 196.480492][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.487718][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.496186][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 196.505223][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 196.514744][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.521910][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 196.574063][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 196.583043][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 196.592284][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 196.601073][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 196.610149][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 196.619064][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 196.628425][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 196.637745][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 196.646801][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 196.662933][ T7770] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 196.674900][ T7770] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 196.705411][ T7777] team0: Port device team_slave_0 added [ 196.714438][ T7781] bond0: Enslaving bond_slave_1 as an active interface with an up link 20:08:02 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000540)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffff9c, 0x8933, 0x0) [ 196.777233][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 196.785599][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 196.805604][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 196.815351][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 196.830006][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 196.840540][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 196.849784][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 196.876069][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 196.885469][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 196.894526][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 196.903094][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 196.912228][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 196.932482][ T7772] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 196.952737][ T7772] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 196.962386][ T7777] team0: Port device team_slave_1 added [ 196.977623][ T7781] team0: Port device team_slave_0 added [ 196.989889][ T7781] team0: Port device team_slave_1 added [ 197.000919][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 197.016383][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 197.119541][ T7770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 197.145466][ T7772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 197.208919][ T7781] device hsr_slave_0 entered promiscuous mode [ 197.264202][ T7781] device hsr_slave_1 entered promiscuous mode 20:08:03 executing program 2: clone(0x13102001fef, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) accept$inet6(0xffffffffffffff9c, 0x0, 0x0) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, 0x0, 0x0) tkill(r0, 0x25) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x310c, 0x139}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 20:08:03 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000540)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffff9c, 0x8933, 0x0) [ 197.436723][ T7777] device hsr_slave_0 entered promiscuous mode [ 197.469464][ T7777] device hsr_slave_1 entered promiscuous mode 20:08:03 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha1\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000180)="0f", 0x1) [ 197.537486][ T7783] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.547158][ T7783] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.566008][ T7783] device bridge_slave_0 entered promiscuous mode 20:08:03 executing program 2: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='bridge0\x00', 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x400000000000030, 0x0) [ 197.624620][ T7783] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.631761][ T7783] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.659880][ T7783] device bridge_slave_1 entered promiscuous mode 20:08:03 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000540)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000580)=ANY=[@ANYRES32], 0x0) [ 197.767471][ T7783] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 197.789537][ T7827] check_preemption_disabled: 1 callbacks suppressed [ 197.789554][ T7827] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7827 [ 197.806267][ T7827] caller is sk_mc_loop+0x1d/0x210 [ 197.811334][ T7827] CPU: 1 PID: 7827 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 197.820381][ T7827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.830464][ T7827] Call Trace: [ 197.833827][ T7827] dump_stack+0x172/0x1f0 [ 197.838209][ T7827] __this_cpu_preempt_check+0x246/0x270 [ 197.843789][ T7827] sk_mc_loop+0x1d/0x210 [ 197.848085][ T7827] ip_mc_output+0x2ef/0xf70 [ 197.852625][ T7827] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 197.858236][ T7827] ? ip_append_data.part.0+0x170/0x170 [ 197.863725][ T7827] ? ip_make_skb+0x1b1/0x2c0 [ 197.868431][ T7827] ? ip_reply_glue_bits+0xc0/0xc0 [ 197.873490][ T7827] ip_local_out+0xc4/0x1b0 [ 197.877959][ T7827] ip_send_skb+0x42/0xf0 [ 197.882241][ T7827] udp_send_skb.isra.0+0x6b2/0x1180 [ 197.887494][ T7827] ? xfrm_lookup_route+0x5b/0x1f0 [ 197.892575][ T7827] udp_sendmsg+0x1dfd/0x2820 [ 197.897229][ T7827] ? __lock_acquire+0x548/0x3fb0 [ 197.902194][ T7827] ? ip_reply_glue_bits+0xc0/0xc0 [ 197.902541][ T7783] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 197.907263][ T7827] ? udp4_lib_lookup_skb+0x440/0x440 [ 197.907294][ T7827] ? __might_fault+0x12b/0x1e0 [ 197.907310][ T7827] ? find_held_lock+0x35/0x130 [ 197.907343][ T7827] ? __might_sleep+0x95/0x190 [ 197.907360][ T7827] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 197.907375][ T7827] ? aa_sk_perm+0x288/0x880 [ 197.907402][ T7827] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 197.950953][ T7827] inet_sendmsg+0x147/0x5e0 [ 197.955494][ T7827] ? udp4_lib_lookup_skb+0x440/0x440 [ 197.960811][ T7827] ? inet_sendmsg+0x147/0x5e0 [ 197.965508][ T7827] ? ipip_gro_receive+0x100/0x100 [ 197.970577][ T7827] sock_sendmsg+0xdd/0x130 [ 197.975029][ T7827] ___sys_sendmsg+0x3e2/0x930 [ 197.979741][ T7827] ? copy_msghdr_from_user+0x430/0x430 [ 197.985234][ T7827] ? lock_downgrade+0x880/0x880 [ 197.990142][ T7827] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 197.996424][ T7827] ? kasan_check_read+0x11/0x20 [ 198.001330][ T7827] ? __fget+0x381/0x550 [ 198.005536][ T7827] ? ksys_dup3+0x3e0/0x3e0 [ 198.009992][ T7827] ? find_held_lock+0x35/0x130 [ 198.014789][ T7827] ? finish_task_switch+0x146/0x780 [ 198.020042][ T7827] ? __fget_light+0x1a9/0x230 [ 198.024753][ T7827] ? __fdget+0x1b/0x20 [ 198.028859][ T7827] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.028886][ T7827] ? sockfd_lookup_light+0xcb/0x180 [ 198.040360][ T7827] __sys_sendmmsg+0x1bf/0x4d0 [ 198.045074][ T7827] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 198.050128][ T7827] ? __switch_to_asm+0x40/0x70 [ 198.054940][ T7827] ? lockdep_hardirqs_on+0x418/0x5d0 [ 198.060277][ T7827] ? retint_kernel+0x2d/0x2d [ 198.064903][ T7827] ? trace_hardirqs_on_caller+0x6a/0x220 [ 198.070603][ T7827] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.076144][ T7827] ? retint_kernel+0x2d/0x2d [ 198.080869][ T7827] __x64_sys_sendmmsg+0x9d/0x100 [ 198.085864][ T7827] do_syscall_64+0x103/0x610 [ 198.085885][ T7827] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.085896][ T7827] RIP: 0033:0x4582b9 [ 198.085916][ T7827] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 198.085923][ T7827] RSP: 002b:00007fd7f89d6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 198.085936][ T7827] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 198.085943][ T7827] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 198.085950][ T7827] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 198.085958][ T7827] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd7f89d76d4 [ 198.085978][ T7827] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 198.240723][ T7781] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.275965][ T7827] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7827 [ 198.286455][ T7827] caller is sk_mc_loop+0x1d/0x210 [ 198.291534][ T7827] CPU: 1 PID: 7827 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 198.300570][ T7827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 198.310644][ T7827] Call Trace: [ 198.313960][ T7827] dump_stack+0x172/0x1f0 [ 198.318329][ T7827] __this_cpu_preempt_check+0x246/0x270 [ 198.323907][ T7827] sk_mc_loop+0x1d/0x210 [ 198.328183][ T7827] ip_mc_output+0x2ef/0xf70 [ 198.332723][ T7827] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 198.337874][ T7827] ? ip_append_data.part.0+0x170/0x170 [ 198.343365][ T7827] ? ip_make_skb+0x1b1/0x2c0 [ 198.347993][ T7827] ? ip_reply_glue_bits+0xc0/0xc0 [ 198.353054][ T7827] ip_local_out+0xc4/0x1b0 [ 198.357501][ T7827] ip_send_skb+0x42/0xf0 [ 198.361787][ T7827] udp_send_skb.isra.0+0x6b2/0x1180 [ 198.367021][ T7827] ? xfrm_lookup_route+0x5b/0x1f0 [ 198.372085][ T7827] udp_sendmsg+0x1dfd/0x2820 [ 198.376701][ T7827] ? __lock_acquire+0x548/0x3fb0 [ 198.381672][ T7827] ? ip_reply_glue_bits+0xc0/0xc0 [ 198.386741][ T7827] ? udp4_lib_lookup_skb+0x440/0x440 [ 198.392057][ T7827] ? __might_fault+0x12b/0x1e0 [ 198.396853][ T7827] ? find_held_lock+0x35/0x130 [ 198.401668][ T7827] ? __might_sleep+0x95/0x190 [ 198.406378][ T7827] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 198.412039][ T7827] ? aa_sk_perm+0x288/0x880 [ 198.416578][ T7827] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 198.422160][ T7827] inet_sendmsg+0x147/0x5e0 [ 198.426694][ T7827] ? udp4_lib_lookup_skb+0x440/0x440 [ 198.432023][ T7827] ? inet_sendmsg+0x147/0x5e0 [ 198.436734][ T7827] ? ipip_gro_receive+0x100/0x100 [ 198.441794][ T7827] sock_sendmsg+0xdd/0x130 [ 198.446249][ T7827] ___sys_sendmsg+0x3e2/0x930 [ 198.450963][ T7827] ? copy_msghdr_from_user+0x430/0x430 [ 198.456471][ T7827] ? __lock_acquire+0x548/0x3fb0 [ 198.461443][ T7827] ? lock_downgrade+0x880/0x880 [ 198.466320][ T7827] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 198.472595][ T7827] ? kasan_check_read+0x11/0x20 [ 198.477487][ T7827] ? __might_fault+0x12b/0x1e0 [ 198.482289][ T7827] ? find_held_lock+0x35/0x130 [ 198.487090][ T7827] ? __might_fault+0x12b/0x1e0 [ 198.491894][ T7827] ? lock_downgrade+0x880/0x880 [ 198.496785][ T7827] ? ___might_sleep+0x163/0x280 [ 198.501667][ T7827] __sys_sendmmsg+0x1bf/0x4d0 [ 198.506383][ T7827] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 198.511441][ T7827] ? __switch_to_asm+0x40/0x70 [ 198.516254][ T7827] ? lockdep_hardirqs_on+0x418/0x5d0 [ 198.521577][ T7827] ? retint_kernel+0x2d/0x2d [ 198.526204][ T7827] ? trace_hardirqs_on_caller+0x6a/0x220 [ 198.531872][ T7827] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.537365][ T7827] ? retint_kernel+0x2d/0x2d 20:08:04 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000540)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffff9c, 0x8933, 0x0) [ 198.542002][ T7827] __x64_sys_sendmmsg+0x9d/0x100 [ 198.546993][ T7827] do_syscall_64+0x103/0x610 [ 198.551612][ T7827] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.557532][ T7827] RIP: 0033:0x4582b9 [ 198.557554][ T7827] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 198.557561][ T7827] RSP: 002b:00007fd7f89d6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 198.557574][ T7827] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 198.557581][ T7827] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 198.557588][ T7827] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 198.557596][ T7827] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd7f89d76d4 [ 198.557603][ T7827] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 198.572814][ T7781] 8021q: adding VLAN 0 to HW filter on device team0 [ 198.650909][ T7783] team0: Port device team_slave_0 added [ 198.657105][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 198.665730][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 198.674776][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 198.693221][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 198.703347][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.710574][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 198.730658][ T7777] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.754938][ T7783] team0: Port device team_slave_1 added [ 198.761872][ T7794] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 198.762824][ T7827] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7827 [ 198.772074][ T7794] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 198.778915][ T7827] caller is sk_mc_loop+0x1d/0x210 [ 198.778934][ T7827] CPU: 0 PID: 7827 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 198.778954][ T7827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 198.788150][ T7794] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 198.792145][ T7827] Call Trace: [ 198.801717][ T7794] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.811352][ T7827] dump_stack+0x172/0x1f0 [ 198.811375][ T7827] __this_cpu_preempt_check+0x246/0x270 [ 198.811392][ T7827] sk_mc_loop+0x1d/0x210 [ 198.811416][ T7827] ip_mc_output+0x2ef/0xf70 [ 198.819495][ T7794] bridge0: port 2(bridge_slave_1) entered forwarding state [ 198.822726][ T7827] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 198.830323][ T7794] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 198.834106][ T7827] ? ip_append_data.part.0+0x170/0x170 [ 198.834120][ T7827] ? ip_make_skb+0x1b1/0x2c0 [ 198.834134][ T7827] ? ip_reply_glue_bits+0xc0/0xc0 [ 198.834156][ T7827] ip_local_out+0xc4/0x1b0 [ 198.840701][ T7794] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 198.844044][ T7827] ip_send_skb+0x42/0xf0 [ 198.844062][ T7827] udp_send_skb.isra.0+0x6b2/0x1180 [ 198.844078][ T7827] ? xfrm_lookup_route+0x5b/0x1f0 [ 198.844099][ T7827] udp_sendmsg+0x1dfd/0x2820 [ 198.849574][ T7794] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 198.855849][ T7827] ? __lock_acquire+0x548/0x3fb0 [ 198.855868][ T7827] ? ip_reply_glue_bits+0xc0/0xc0 [ 198.855887][ T7827] ? udp4_lib_lookup_skb+0x440/0x440 [ 198.855912][ T7827] ? __might_fault+0x12b/0x1e0 [ 198.861932][ T7794] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 198.868965][ T7827] ? find_held_lock+0x35/0x130 [ 198.869009][ T7827] ? __might_sleep+0x95/0x190 [ 198.869040][ T7827] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 198.875424][ T7794] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 198.879167][ T7827] ? aa_sk_perm+0x288/0x880 [ 198.885142][ T7794] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 198.888650][ T7827] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 198.897630][ T7794] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 198.900993][ T7827] inet_sendmsg+0x147/0x5e0 [ 198.906921][ T7794] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 198.911253][ T7827] ? udp4_lib_lookup_skb+0x440/0x440 [ 198.916884][ T7794] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 198.923759][ T7827] ? inet_sendmsg+0x147/0x5e0 [ 198.923775][ T7827] ? ipip_gro_receive+0x100/0x100 [ 198.923791][ T7827] sock_sendmsg+0xdd/0x130 [ 198.923808][ T7827] ___sys_sendmsg+0x3e2/0x930 [ 198.923832][ T7827] ? copy_msghdr_from_user+0x430/0x430 [ 199.049598][ T7827] ? __lock_acquire+0x548/0x3fb0 [ 199.054541][ T7827] ? lock_downgrade+0x880/0x880 [ 199.059396][ T7827] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.065664][ T7827] ? kasan_check_read+0x11/0x20 [ 199.070645][ T7827] ? __might_fault+0x12b/0x1e0 [ 199.075420][ T7827] ? find_held_lock+0x35/0x130 [ 199.080188][ T7827] ? __might_fault+0x12b/0x1e0 [ 199.084958][ T7827] ? lock_downgrade+0x880/0x880 [ 199.089827][ T7827] ? ___might_sleep+0x163/0x280 [ 199.094720][ T7827] __sys_sendmmsg+0x1bf/0x4d0 [ 199.099426][ T7827] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 199.104459][ T7827] ? __switch_to_asm+0x40/0x70 [ 199.109266][ T7827] ? lockdep_hardirqs_on+0x418/0x5d0 [ 199.114569][ T7827] ? retint_kernel+0x2d/0x2d [ 199.119178][ T7827] ? trace_hardirqs_on_caller+0x6a/0x220 [ 199.124820][ T7827] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.130282][ T7827] ? retint_kernel+0x2d/0x2d [ 199.134878][ T7827] __x64_sys_sendmmsg+0x9d/0x100 [ 199.139822][ T7827] do_syscall_64+0x103/0x610 [ 199.144417][ T7827] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.150307][ T7827] RIP: 0033:0x4582b9 [ 199.154231][ T7827] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.173833][ T7827] RSP: 002b:00007fd7f89d6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 199.182266][ T7827] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 199.190251][ T7827] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 199.198237][ T7827] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 199.206205][ T7827] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd7f89d76d4 [ 199.214176][ T7827] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 199.242112][ T7827] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7827 [ 199.246446][ T7777] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.251759][ T7827] caller is sk_mc_loop+0x1d/0x210 [ 199.263180][ T7827] CPU: 1 PID: 7827 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 199.272223][ T7827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.272243][ T7827] Call Trace: [ 199.285717][ T7827] dump_stack+0x172/0x1f0 [ 199.285748][ T7827] __this_cpu_preempt_check+0x246/0x270 [ 199.295655][ T7827] sk_mc_loop+0x1d/0x210 [ 199.295672][ T7827] ip_mc_output+0x2ef/0xf70 [ 199.295690][ T7827] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 199.295706][ T7827] ? ip_append_data.part.0+0x170/0x170 [ 199.295718][ T7827] ? ip_make_skb+0x1b1/0x2c0 [ 199.295730][ T7827] ? ip_reply_glue_bits+0xc0/0xc0 [ 199.295746][ T7827] ip_local_out+0xc4/0x1b0 [ 199.295761][ T7827] ip_send_skb+0x42/0xf0 [ 199.295775][ T7827] udp_send_skb.isra.0+0x6b2/0x1180 [ 199.295791][ T7827] ? xfrm_lookup_route+0x5b/0x1f0 [ 199.295811][ T7827] udp_sendmsg+0x1dfd/0x2820 [ 199.295825][ T7827] ? __lock_acquire+0x548/0x3fb0 [ 199.295840][ T7827] ? ip_reply_glue_bits+0xc0/0xc0 [ 199.295859][ T7827] ? udp4_lib_lookup_skb+0x440/0x440 [ 199.295870][ T7827] ? __might_fault+0x12b/0x1e0 [ 199.295882][ T7827] ? find_held_lock+0x35/0x130 [ 199.295912][ T7827] ? __might_sleep+0x95/0x190 [ 199.295927][ T7827] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 199.295940][ T7827] ? aa_sk_perm+0x288/0x880 [ 199.295961][ T7827] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 199.295991][ T7827] inet_sendmsg+0x147/0x5e0 [ 199.296014][ T7827] ? udp4_lib_lookup_skb+0x440/0x440 [ 199.309927][ T7827] ? inet_sendmsg+0x147/0x5e0 [ 199.309944][ T7827] ? ipip_gro_receive+0x100/0x100 [ 199.309960][ T7827] sock_sendmsg+0xdd/0x130 [ 199.310000][ T7827] ___sys_sendmsg+0x3e2/0x930 [ 199.320108][ T7827] ? copy_msghdr_from_user+0x430/0x430 [ 199.320128][ T7827] ? __lock_acquire+0x548/0x3fb0 [ 199.320141][ T7827] ? lock_downgrade+0x880/0x880 [ 199.320166][ T7827] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.329648][ T7827] ? kasan_check_read+0x11/0x20 [ 199.329668][ T7827] ? __might_fault+0x12b/0x1e0 [ 199.329692][ T7827] ? find_held_lock+0x35/0x130 [ 199.339180][ T7827] ? __might_fault+0x12b/0x1e0 [ 199.339203][ T7827] ? lock_downgrade+0x880/0x880 [ 199.339232][ T7827] ? ___might_sleep+0x163/0x280 [ 199.348889][ T7827] __sys_sendmmsg+0x1bf/0x4d0 [ 199.348910][ T7827] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 199.348924][ T7827] ? __switch_to_asm+0x40/0x70 [ 199.348950][ T7827] ? lockdep_hardirqs_on+0x418/0x5d0 [ 199.359107][ T7827] ? retint_kernel+0x2d/0x2d [ 199.359124][ T7827] ? trace_hardirqs_on_caller+0x6a/0x220 [ 199.359142][ T7827] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.359163][ T7827] ? retint_kernel+0x2d/0x2d [ 199.369250][ T7827] __x64_sys_sendmmsg+0x9d/0x100 [ 199.369273][ T7827] do_syscall_64+0x103/0x610 [ 199.369297][ T7827] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.378791][ T7827] RIP: 0033:0x4582b9 [ 199.378813][ T7827] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.378820][ T7827] RSP: 002b:00007fd7f89d6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 199.378844][ T7827] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 199.389020][ T7827] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 199.389029][ T7827] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 199.389037][ T7827] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd7f89d76d4 [ 199.389044][ T7827] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 199.569331][ T7827] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7827 [ 199.580044][ T7827] caller is sk_mc_loop+0x1d/0x210 [ 199.595427][ T7827] CPU: 1 PID: 7827 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 199.595445][ T7827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.612737][ T7827] Call Trace: [ 199.626817][ T7827] dump_stack+0x172/0x1f0 [ 199.626838][ T7827] __this_cpu_preempt_check+0x246/0x270 [ 199.626855][ T7827] sk_mc_loop+0x1d/0x210 [ 199.626870][ T7827] ip_mc_output+0x2ef/0xf70 [ 199.626886][ T7827] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 199.626903][ T7827] ? ip_append_data.part.0+0x170/0x170 [ 199.626915][ T7827] ? ip_make_skb+0x1b1/0x2c0 [ 199.626929][ T7827] ? ip_reply_glue_bits+0xc0/0xc0 [ 199.626946][ T7827] ip_local_out+0xc4/0x1b0 [ 199.626961][ T7827] ip_send_skb+0x42/0xf0 [ 199.626987][ T7827] udp_send_skb.isra.0+0x6b2/0x1180 [ 199.627004][ T7827] ? xfrm_lookup_route+0x5b/0x1f0 [ 199.627022][ T7827] udp_sendmsg+0x1dfd/0x2820 [ 199.627036][ T7827] ? __lock_acquire+0x548/0x3fb0 [ 199.627054][ T7827] ? ip_reply_glue_bits+0xc0/0xc0 [ 199.627070][ T7827] ? udp4_lib_lookup_skb+0x440/0x440 [ 199.627082][ T7827] ? __might_fault+0x12b/0x1e0 [ 199.627093][ T7827] ? find_held_lock+0x35/0x130 [ 199.627125][ T7827] ? __might_sleep+0x95/0x190 [ 199.627141][ T7827] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 199.627154][ T7827] ? aa_sk_perm+0x288/0x880 [ 199.627181][ T7827] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 199.650452][ T7827] inet_sendmsg+0x147/0x5e0 [ 199.650469][ T7827] ? udp4_lib_lookup_skb+0x440/0x440 [ 199.650478][ T7827] ? inet_sendmsg+0x147/0x5e0 [ 199.650501][ T7827] ? ipip_gro_receive+0x100/0x100 [ 199.664656][ T7827] sock_sendmsg+0xdd/0x130 [ 199.664674][ T7827] ___sys_sendmsg+0x3e2/0x930 [ 199.664691][ T7827] ? copy_msghdr_from_user+0x430/0x430 [ 199.664708][ T7827] ? __lock_acquire+0x548/0x3fb0 [ 199.664720][ T7827] ? lock_downgrade+0x880/0x880 [ 199.664734][ T7827] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.664752][ T7827] ? kasan_check_read+0x11/0x20 [ 199.664771][ T7827] ? __might_fault+0x12b/0x1e0 [ 199.664784][ T7827] ? find_held_lock+0x35/0x130 [ 199.664796][ T7827] ? __might_fault+0x12b/0x1e0 [ 199.664816][ T7827] ? lock_downgrade+0x880/0x880 [ 199.664836][ T7827] ? ___might_sleep+0x163/0x280 [ 199.664850][ T7827] __sys_sendmmsg+0x1bf/0x4d0 [ 199.664866][ T7827] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 199.664879][ T7827] ? __switch_to_asm+0x40/0x70 [ 199.664902][ T7827] ? lockdep_hardirqs_on+0x418/0x5d0 [ 199.664914][ T7827] ? retint_kernel+0x2d/0x2d [ 199.664937][ T7827] ? trace_hardirqs_on_caller+0x6a/0x220 [ 199.675055][ T7827] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.675077][ T7827] ? retint_kernel+0x2d/0x2d [ 199.675099][ T7827] __x64_sys_sendmmsg+0x9d/0x100 [ 199.675116][ T7827] do_syscall_64+0x103/0x610 [ 199.675132][ T7827] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.675143][ T7827] RIP: 0033:0x4582b9 [ 199.675164][ T7827] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.675172][ T7827] RSP: 002b:00007fd7f89d6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 199.675186][ T7827] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 199.675195][ T7827] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 199.675203][ T7827] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 199.675211][ T7827] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd7f89d76d4 [ 199.675220][ T7827] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 199.677296][ T7827] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7827 [ 199.689312][ T7827] caller is sk_mc_loop+0x1d/0x210 [ 199.689329][ T7827] CPU: 1 PID: 7827 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 199.689337][ T7827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.689342][ T7827] Call Trace: [ 199.689366][ T7827] dump_stack+0x172/0x1f0 [ 199.699628][ T7827] __this_cpu_preempt_check+0x246/0x270 [ 199.699647][ T7827] sk_mc_loop+0x1d/0x210 [ 199.699671][ T7827] ip_mc_output+0x2ef/0xf70 [ 199.709227][ T7827] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 199.719563][ T7827] ? ip_append_data.part.0+0x170/0x170 [ 199.719577][ T7827] ? ip_make_skb+0x1b1/0x2c0 [ 199.719590][ T7827] ? ip_reply_glue_bits+0xc0/0xc0 [ 199.719610][ T7827] ip_local_out+0xc4/0x1b0 [ 199.734306][ T7827] ip_send_skb+0x42/0xf0 [ 199.734325][ T7827] udp_send_skb.isra.0+0x6b2/0x1180 [ 199.734339][ T7827] ? xfrm_lookup_route+0x5b/0x1f0 [ 199.734358][ T7827] udp_sendmsg+0x1dfd/0x2820 [ 199.734372][ T7827] ? __lock_acquire+0x548/0x3fb0 [ 199.734388][ T7827] ? ip_reply_glue_bits+0xc0/0xc0 [ 199.734406][ T7827] ? udp4_lib_lookup_skb+0x440/0x440 [ 199.734418][ T7827] ? __might_fault+0x12b/0x1e0 [ 199.734431][ T7827] ? find_held_lock+0x35/0x130 [ 199.734461][ T7827] ? __might_sleep+0x95/0x190 [ 199.734479][ T7827] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 199.734492][ T7827] ? aa_sk_perm+0x288/0x880 [ 199.734513][ T7827] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 199.734536][ T7827] inet_sendmsg+0x147/0x5e0 [ 199.734549][ T7827] ? udp4_lib_lookup_skb+0x440/0x440 [ 199.734558][ T7827] ? inet_sendmsg+0x147/0x5e0 [ 199.734569][ T7827] ? ipip_gro_receive+0x100/0x100 [ 199.734586][ T7827] sock_sendmsg+0xdd/0x130 [ 199.734602][ T7827] ___sys_sendmsg+0x3e2/0x930 [ 199.734620][ T7827] ? copy_msghdr_from_user+0x430/0x430 [ 199.734635][ T7827] ? __lock_acquire+0x548/0x3fb0 [ 199.734648][ T7827] ? lock_downgrade+0x880/0x880 [ 199.734663][ T7827] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.734683][ T7827] ? kasan_check_read+0x11/0x20 [ 199.734700][ T7827] ? __might_fault+0x12b/0x1e0 [ 199.734713][ T7827] ? find_held_lock+0x35/0x130 [ 199.734725][ T7827] ? __might_fault+0x12b/0x1e0 [ 199.734743][ T7827] ? lock_downgrade+0x880/0x880 [ 199.734760][ T7827] ? ___might_sleep+0x163/0x280 [ 199.734775][ T7827] __sys_sendmmsg+0x1bf/0x4d0 [ 199.734790][ T7827] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 199.734801][ T7827] ? __switch_to_asm+0x40/0x70 [ 199.734820][ T7827] ? lockdep_hardirqs_on+0x418/0x5d0 [ 199.734830][ T7827] ? retint_kernel+0x2d/0x2d [ 199.734842][ T7827] ? trace_hardirqs_on_caller+0x6a/0x220 [ 199.734859][ T7827] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.734875][ T7827] ? retint_kernel+0x2d/0x2d [ 199.734893][ T7827] __x64_sys_sendmmsg+0x9d/0x100 [ 199.734907][ T7827] do_syscall_64+0x103/0x610 [ 199.734922][ T7827] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.734932][ T7827] RIP: 0033:0x4582b9 [ 199.734951][ T7827] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.734958][ T7827] RSP: 002b:00007fd7f89d6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 199.734986][ T7827] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 199.734994][ T7827] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 199.735001][ T7827] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 199.735008][ T7827] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd7f89d76d4 [ 199.735015][ T7827] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 199.739061][ T7827] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7827 [ 199.745779][ T7827] caller is sk_mc_loop+0x1d/0x210 [ 199.745798][ T7827] CPU: 1 PID: 7827 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 199.745807][ T7827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.745813][ T7827] Call Trace: [ 199.745832][ T7827] dump_stack+0x172/0x1f0 [ 199.745863][ T7827] __this_cpu_preempt_check+0x246/0x270 [ 199.761256][ T7827] sk_mc_loop+0x1d/0x210 [ 199.761275][ T7827] ip_mc_output+0x2ef/0xf70 [ 199.761295][ T7827] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 199.761317][ T7827] ? ip_append_data.part.0+0x170/0x170 [ 199.771783][ T7781] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 199.775485][ T7827] ? ip_make_skb+0x1b1/0x2c0 [ 199.775499][ T7827] ? ip_reply_glue_bits+0xc0/0xc0 [ 199.775521][ T7827] ip_local_out+0xc4/0x1b0 [ 199.775539][ T7827] ip_send_skb+0x42/0xf0 [ 199.775554][ T7827] udp_send_skb.isra.0+0x6b2/0x1180 [ 199.775569][ T7827] ? xfrm_lookup_route+0x5b/0x1f0 [ 199.775590][ T7827] udp_sendmsg+0x1dfd/0x2820 [ 199.775614][ T7827] ? __lock_acquire+0x548/0x3fb0 [ 199.786592][ T7781] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 199.790729][ T7827] ? ip_reply_glue_bits+0xc0/0xc0 [ 199.790749][ T7827] ? udp4_lib_lookup_skb+0x440/0x440 [ 199.790764][ T7827] ? __might_fault+0x12b/0x1e0 [ 199.790786][ T7827] ? find_held_lock+0x35/0x130 [ 200.450623][ T7827] ? __might_sleep+0x95/0x190 [ 200.455326][ T7827] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 200.460990][ T7827] ? aa_sk_perm+0x288/0x880 [ 200.465531][ T7827] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 200.471110][ T7827] inet_sendmsg+0x147/0x5e0 [ 200.475643][ T7827] ? udp4_lib_lookup_skb+0x440/0x440 [ 200.480949][ T7827] ? inet_sendmsg+0x147/0x5e0 [ 200.485656][ T7827] ? ipip_gro_receive+0x100/0x100 [ 200.490715][ T7827] sock_sendmsg+0xdd/0x130 [ 200.495167][ T7827] ___sys_sendmsg+0x3e2/0x930 [ 200.499881][ T7827] ? copy_msghdr_from_user+0x430/0x430 [ 200.505366][ T7827] ? __lock_acquire+0x548/0x3fb0 [ 200.510331][ T7827] ? lock_downgrade+0x880/0x880 [ 200.515202][ T7827] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 200.521567][ T7827] ? kasan_check_read+0x11/0x20 [ 200.526464][ T7827] ? __might_fault+0x12b/0x1e0 [ 200.531260][ T7827] ? find_held_lock+0x35/0x130 [ 200.536133][ T7827] ? __might_fault+0x12b/0x1e0 [ 200.540924][ T7827] ? lock_downgrade+0x880/0x880 [ 200.545806][ T7827] ? ___might_sleep+0x163/0x280 [ 200.550686][ T7827] __sys_sendmmsg+0x1bf/0x4d0 [ 200.555390][ T7827] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 200.560435][ T7827] ? __switch_to_asm+0x40/0x70 [ 200.565232][ T7827] ? lockdep_hardirqs_on+0x418/0x5d0 [ 200.570626][ T7827] ? retint_kernel+0x2d/0x2d [ 200.575247][ T7827] ? trace_hardirqs_on_caller+0x6a/0x220 [ 200.580935][ T7827] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.586527][ T7827] ? retint_kernel+0x2d/0x2d [ 200.591178][ T7827] __x64_sys_sendmmsg+0x9d/0x100 [ 200.596147][ T7827] do_syscall_64+0x103/0x610 [ 200.600765][ T7827] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.606676][ T7827] RIP: 0033:0x4582b9 [ 200.610591][ T7827] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 200.630212][ T7827] RSP: 002b:00007fd7f89d6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 200.638656][ T7827] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 200.646656][ T7827] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 200.654647][ T7827] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 200.662636][ T7827] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd7f89d76d4 [ 200.670627][ T7827] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 200.683119][ T7827] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7827 [ 200.693195][ T7827] caller is sk_mc_loop+0x1d/0x210 [ 200.698347][ T7827] CPU: 1 PID: 7827 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 200.707389][ T7827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 200.717472][ T7827] Call Trace: [ 200.720788][ T7827] dump_stack+0x172/0x1f0 [ 200.725140][ T7827] __this_cpu_preempt_check+0x246/0x270 [ 200.730727][ T7827] sk_mc_loop+0x1d/0x210 [ 200.734995][ T7827] ip_mc_output+0x2ef/0xf70 [ 200.739625][ T7827] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 200.744785][ T7827] ? ip_append_data.part.0+0x170/0x170 [ 200.750268][ T7827] ? ip_make_skb+0x1b1/0x2c0 [ 200.754878][ T7827] ? ip_reply_glue_bits+0xc0/0xc0 [ 200.759929][ T7827] ip_local_out+0xc4/0x1b0 [ 200.764370][ T7827] ip_send_skb+0x42/0xf0 [ 200.768645][ T7827] udp_send_skb.isra.0+0x6b2/0x1180 [ 200.773870][ T7827] ? xfrm_lookup_route+0x5b/0x1f0 [ 200.778933][ T7827] udp_sendmsg+0x1dfd/0x2820 [ 200.783558][ T7827] ? __lock_acquire+0x548/0x3fb0 [ 200.788537][ T7827] ? ip_reply_glue_bits+0xc0/0xc0 [ 200.793590][ T7827] ? udp4_lib_lookup_skb+0x440/0x440 [ 200.798906][ T7827] ? __might_fault+0x12b/0x1e0 [ 200.803696][ T7827] ? find_held_lock+0x35/0x130 [ 200.808523][ T7827] ? __might_sleep+0x95/0x190 [ 200.813232][ T7827] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 200.818909][ T7827] ? aa_sk_perm+0x288/0x880 [ 200.823444][ T7827] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 200.829034][ T7827] inet_sendmsg+0x147/0x5e0 [ 200.833570][ T7827] ? udp4_lib_lookup_skb+0x440/0x440 [ 200.838900][ T7827] ? inet_sendmsg+0x147/0x5e0 [ 200.843604][ T7827] ? ipip_gro_receive+0x100/0x100 [ 200.848662][ T7827] sock_sendmsg+0xdd/0x130 [ 200.853112][ T7827] ___sys_sendmsg+0x3e2/0x930 [ 200.860413][ T7827] ? copy_msghdr_from_user+0x430/0x430 [ 200.865911][ T7827] ? __lock_acquire+0x548/0x3fb0 [ 200.870876][ T7827] ? lock_downgrade+0x880/0x880 [ 200.875759][ T7827] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 200.882038][ T7827] ? kasan_check_read+0x11/0x20 [ 200.886922][ T7827] ? __might_fault+0x12b/0x1e0 [ 200.891719][ T7827] ? find_held_lock+0x35/0x130 [ 200.896604][ T7827] ? __might_fault+0x12b/0x1e0 [ 200.901420][ T7827] ? lock_downgrade+0x880/0x880 [ 200.906312][ T7827] ? ___might_sleep+0x163/0x280 [ 200.911193][ T7827] __sys_sendmmsg+0x1bf/0x4d0 [ 200.915909][ T7827] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 200.920958][ T7827] ? __switch_to_asm+0x40/0x70 [ 200.925770][ T7827] ? lockdep_hardirqs_on+0x418/0x5d0 [ 200.931080][ T7827] ? retint_kernel+0x2d/0x2d [ 200.935697][ T7827] ? trace_hardirqs_on_caller+0x6a/0x220 [ 200.941443][ T7827] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.946940][ T7827] ? retint_kernel+0x2d/0x2d [ 200.951580][ T7827] __x64_sys_sendmmsg+0x9d/0x100 [ 200.956594][ T7827] do_syscall_64+0x103/0x610 [ 200.961227][ T7827] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.967153][ T7827] RIP: 0033:0x4582b9 [ 200.971076][ T7827] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 200.990695][ T7827] RSP: 002b:00007fd7f89d6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 200.999146][ T7827] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 201.007144][ T7827] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 201.015133][ T7827] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 201.023122][ T7827] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd7f89d76d4 [ 201.031122][ T7827] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 201.041186][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 201.051819][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 201.060485][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 201.069672][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 201.079641][ T7827] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7827 [ 201.089288][ T7827] caller is sk_mc_loop+0x1d/0x210 [ 201.094422][ T7827] CPU: 1 PID: 7827 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 201.094432][ T7827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 201.094448][ T7827] Call Trace: [ 201.116953][ T7827] dump_stack+0x172/0x1f0 [ 201.121447][ T7827] __this_cpu_preempt_check+0x246/0x270 [ 201.127241][ T7827] sk_mc_loop+0x1d/0x210 [ 201.131925][ T7827] ip_mc_output+0x2ef/0xf70 [ 201.136599][ T7827] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 201.141859][ T7827] ? ip_append_data.part.0+0x170/0x170 [ 201.147535][ T7827] ? ip_make_skb+0x1b1/0x2c0 [ 201.152276][ T7827] ? ip_reply_glue_bits+0xc0/0xc0 [ 201.157492][ T7827] ip_local_out+0xc4/0x1b0 [ 201.162020][ T7827] ip_send_skb+0x42/0xf0 [ 201.166341][ T7827] udp_send_skb.isra.0+0x6b2/0x1180 [ 201.171628][ T7827] ? xfrm_lookup_route+0x5b/0x1f0 [ 201.176848][ T7827] udp_sendmsg+0x1dfd/0x2820 [ 201.181551][ T7827] ? __lock_acquire+0x548/0x3fb0 [ 201.186600][ T7827] ? ip_reply_glue_bits+0xc0/0xc0 [ 201.191755][ T7827] ? udp4_lib_lookup_skb+0x440/0x440 [ 201.197222][ T7827] ? __might_fault+0x12b/0x1e0 [ 201.202120][ T7827] ? find_held_lock+0x35/0x130 [ 201.207031][ T7827] ? __might_sleep+0x95/0x190 [ 201.211862][ T7827] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 201.217617][ T7827] ? aa_sk_perm+0x288/0x880 [ 201.222305][ T7827] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 201.228033][ T7827] inet_sendmsg+0x147/0x5e0 [ 201.232676][ T7827] ? udp4_lib_lookup_skb+0x440/0x440 [ 201.238031][ T7827] ? inet_sendmsg+0x147/0x5e0 [ 201.242758][ T7827] ? ipip_gro_receive+0x100/0x100 [ 201.247880][ T7827] sock_sendmsg+0xdd/0x130 [ 201.252428][ T7827] ___sys_sendmsg+0x3e2/0x930 [ 201.257200][ T7827] ? copy_msghdr_from_user+0x430/0x430 [ 201.263091][ T7827] ? __lock_acquire+0x548/0x3fb0 [ 201.268193][ T7827] ? lock_downgrade+0x880/0x880 [ 201.273111][ T7827] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 201.279440][ T7827] ? kasan_check_read+0x11/0x20 [ 201.284403][ T7827] ? __might_fault+0x12b/0x1e0 [ 201.289221][ T7827] ? find_held_lock+0x35/0x130 [ 201.294055][ T7827] ? __might_fault+0x12b/0x1e0 [ 201.298877][ T7827] ? lock_downgrade+0x880/0x880 [ 201.303878][ T7827] ? ___might_sleep+0x163/0x280 [ 201.308839][ T7827] __sys_sendmmsg+0x1bf/0x4d0 [ 201.313605][ T7827] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 201.318731][ T7827] ? __switch_to_asm+0x40/0x70 [ 201.323574][ T7827] ? lockdep_hardirqs_on+0x418/0x5d0 [ 201.329000][ T7827] ? retint_kernel+0x2d/0x2d [ 201.333728][ T7827] ? trace_hardirqs_on_caller+0x6a/0x220 [ 201.339426][ T7827] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 201.344985][ T7827] ? retint_kernel+0x2d/0x2d [ 201.349697][ T7827] __x64_sys_sendmmsg+0x9d/0x100 [ 201.354730][ T7827] do_syscall_64+0x103/0x610 [ 201.359432][ T7827] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 201.365404][ T7827] RIP: 0033:0x4582b9 [ 201.369419][ T7827] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 201.389330][ T7827] RSP: 002b:00007fd7f89d6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 201.397920][ T7827] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 201.405956][ T7827] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 201.414269][ T7827] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 201.422299][ T7827] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd7f89d76d4 [ 201.430314][ T7827] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 201.475868][ T7827] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7827 [ 201.486025][ T7827] caller is sk_mc_loop+0x1d/0x210 [ 201.491202][ T7827] CPU: 1 PID: 7827 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 201.500286][ T7827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 201.510414][ T7827] Call Trace: [ 201.513901][ T7827] dump_stack+0x172/0x1f0 [ 201.518348][ T7827] __this_cpu_preempt_check+0x246/0x270 [ 201.523994][ T7827] sk_mc_loop+0x1d/0x210 [ 201.528324][ T7827] ip_mc_output+0x2ef/0xf70 [ 201.532965][ T7827] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 201.538288][ T7827] ? ip_append_data.part.0+0x170/0x170 [ 201.543854][ T7827] ? ip_make_skb+0x1b1/0x2c0 [ 201.548615][ T7827] ? ip_reply_glue_bits+0xc0/0xc0 [ 201.553765][ T7827] ip_local_out+0xc4/0x1b0 [ 201.558358][ T7827] ip_send_skb+0x42/0xf0 [ 201.562684][ T7827] udp_send_skb.isra.0+0x6b2/0x1180 [ 201.567962][ T7827] ? xfrm_lookup_route+0x5b/0x1f0 [ 201.573072][ T7827] udp_sendmsg+0x1dfd/0x2820 [ 201.577738][ T7827] ? __lock_acquire+0x548/0x3fb0 [ 201.582801][ T7827] ? ip_reply_glue_bits+0xc0/0xc0 [ 201.587988][ T7827] ? udp4_lib_lookup_skb+0x440/0x440 [ 201.593431][ T7827] ? __might_fault+0x12b/0x1e0 [ 201.598392][ T7827] ? find_held_lock+0x35/0x130 [ 201.603230][ T7827] ? __might_sleep+0x95/0x190 [ 201.608085][ T7827] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 201.613858][ T7827] ? aa_sk_perm+0x288/0x880 [ 201.618484][ T7827] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 201.624151][ T7827] inet_sendmsg+0x147/0x5e0 [ 201.628782][ T7827] ? udp4_lib_lookup_skb+0x440/0x440 [ 201.634140][ T7827] ? inet_sendmsg+0x147/0x5e0 [ 201.638865][ T7827] ? ipip_gro_receive+0x100/0x100 [ 201.644030][ T7827] sock_sendmsg+0xdd/0x130 [ 201.648485][ T7827] ___sys_sendmsg+0x3e2/0x930 [ 201.653236][ T7827] ? copy_msghdr_from_user+0x430/0x430 [ 201.658819][ T7827] ? __lock_acquire+0x548/0x3fb0 [ 201.663867][ T7827] ? lock_downgrade+0x880/0x880 [ 201.668760][ T7827] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 201.675185][ T7827] ? kasan_check_read+0x11/0x20 [ 201.680171][ T7827] ? __might_fault+0x12b/0x1e0 [ 201.685114][ T7827] ? find_held_lock+0x35/0x130 [ 201.689888][ T7827] ? __might_fault+0x12b/0x1e0 [ 201.694754][ T7827] ? lock_downgrade+0x880/0x880 [ 201.699704][ T7827] ? ___might_sleep+0x163/0x280 [ 201.704632][ T7827] __sys_sendmmsg+0x1bf/0x4d0 [ 201.709367][ T7827] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 201.714442][ T7827] ? __switch_to_asm+0x40/0x70 [ 201.723599][ T7827] ? lockdep_hardirqs_on+0x418/0x5d0 [ 201.731269][ T7827] ? retint_kernel+0x2d/0x2d [ 201.736060][ T7827] ? trace_hardirqs_on_caller+0x6a/0x220 [ 201.741738][ T7827] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 201.747255][ T7827] ? retint_kernel+0x2d/0x2d [ 201.756290][ T7827] __x64_sys_sendmmsg+0x9d/0x100 [ 201.761291][ T7827] do_syscall_64+0x103/0x610 [ 201.765999][ T7827] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 201.772001][ T7827] RIP: 0033:0x4582b9 [ 201.775946][ T7827] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 201.799136][ T7827] RSP: 002b:00007fd7f89d6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 201.807558][ T7827] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 201.815692][ T7827] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 201.823676][ T7827] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 201.831697][ T7827] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd7f89d76d4 [ 201.843905][ T7827] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 201.881390][ T7783] device hsr_slave_0 entered promiscuous mode [ 201.944200][ T7783] device hsr_slave_1 entered promiscuous mode [ 201.987419][ T7781] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 201.997950][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 202.007206][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 202.015882][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.022955][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 202.031759][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 202.042444][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 202.051103][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.058368][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 202.066425][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 202.075237][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 202.085284][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 202.103853][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 202.112892][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 202.125803][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 202.135075][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 202.144012][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 202.152544][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 202.162074][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 202.190376][ T7777] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 202.204395][ T7777] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 202.238772][ T2869] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 202.249572][ T2869] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 202.305003][ T7777] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 202.358107][ T7783] 8021q: adding VLAN 0 to HW filter on device bond0 [ 202.372058][ T7837] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 202.381811][ T7837] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 202.393366][ T7783] 8021q: adding VLAN 0 to HW filter on device team0 [ 202.405077][ T7837] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 202.414643][ T7837] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 202.430299][ T7837] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.437499][ T7837] bridge0: port 1(bridge_slave_0) entered forwarding state [ 202.450244][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 202.463821][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 202.472551][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 202.481944][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.489162][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 202.500884][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 202.531012][ T7783] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 202.542136][ T7783] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 202.562091][ T2869] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 202.572639][ T2869] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 202.582722][ T2869] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 202.593000][ T2869] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 202.602701][ T2869] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 202.612292][ T2869] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 202.621717][ T2869] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 202.631423][ T2869] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 202.640733][ T2869] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 202.650926][ T2869] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 202.660166][ T2869] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 20:08:08 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) setsockopt$inet6_tcp_int(r0, 0x6, 0x12, &(0x7f00000003c0)=0x7f, 0x4) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) write$P9_RWRITE(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r2, 0x2007fff) sendfile(r1, r2, 0x0, 0x8000fffffffe) 20:08:08 executing program 1: r0 = socket(0x11, 0x802, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8915, &(0x7f0000000000)={'team0\x00\n\x00L\xff\xff\xff\xc3`\x00'}) [ 202.687416][ T7783] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 202.788997][ T7855] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 202.829452][ T7855] check_preemption_disabled: 38 callbacks suppressed [ 202.829474][ T7855] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7855 [ 202.846597][ T7855] caller is ip6_finish_output+0x335/0xdc0 [ 202.852356][ T7855] CPU: 0 PID: 7855 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 202.864275][ T7855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 202.874363][ T7855] Call Trace: [ 202.877687][ T7855] dump_stack+0x172/0x1f0 [ 202.882056][ T7855] __this_cpu_preempt_check+0x246/0x270 [ 202.887642][ T7855] ip6_finish_output+0x335/0xdc0 [ 202.892620][ T7855] ip6_output+0x235/0x7f0 [ 202.896999][ T7855] ? ip6_finish_output+0xdc0/0xdc0 [ 202.902161][ T7855] ? ip6_fragment+0x3980/0x3980 [ 202.907060][ T7855] ip6_xmit+0xe41/0x20c0 [ 202.911348][ T7855] ? ip6_finish_output2+0x2550/0x2550 [ 202.916845][ T7855] ? mark_held_locks+0xf0/0xf0 [ 202.921645][ T7855] ? ip6_setup_cork+0x1870/0x1870 [ 202.926722][ T7855] inet6_csk_xmit+0x2fb/0x5d0 [ 202.931434][ T7855] ? inet6_csk_update_pmtu+0x190/0x190 [ 202.937031][ T7855] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.943314][ T7855] ? csum_ipv6_magic+0x20/0x80 [ 202.948116][ T7855] __tcp_transmit_skb+0x1a32/0x3750 [ 202.953446][ T7855] ? __tcp_select_window+0x8b0/0x8b0 [ 202.958770][ T7855] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.965983][ T7855] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 202.971498][ T7855] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 202.977785][ T7855] tcp_connect+0x1e47/0x4280 [ 202.982421][ T7855] ? tcp_push_one+0x110/0x110 [ 202.987128][ T7855] ? secure_tcpv6_ts_off+0x24f/0x360 [ 202.992455][ T7855] ? secure_dccpv6_sequence_number+0x280/0x280 [ 202.998639][ T7855] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 203.004913][ T7855] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 203.011179][ T7855] ? prandom_u32_state+0x13/0x180 [ 203.016242][ T7855] tcp_v6_connect+0x150b/0x20a0 [ 203.021122][ T7855] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 203.026527][ T7855] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 203.031835][ T7855] ? __switch_to_asm+0x34/0x70 [ 203.036658][ T7855] ? __switch_to_asm+0x40/0x70 [ 203.041488][ T7855] ? find_held_lock+0x35/0x130 [ 203.046281][ T7855] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 203.051947][ T7855] __inet_stream_connect+0x83f/0xea0 [ 203.057266][ T7855] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 203.062583][ T7855] ? __inet_stream_connect+0x83f/0xea0 [ 203.068087][ T7855] ? inet_dgram_connect+0x2e0/0x2e0 [ 203.073318][ T7855] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 203.078720][ T7855] ? rcu_read_lock_sched_held+0x110/0x130 [ 203.084467][ T7855] ? kmem_cache_alloc_trace+0x354/0x760 [ 203.090046][ T7855] ? __lock_acquire+0x548/0x3fb0 [ 203.095039][ T7855] tcp_sendmsg_locked+0x231f/0x37f0 [ 203.100276][ T7855] ? mark_held_locks+0xf0/0xf0 [ 203.105082][ T7855] ? mark_held_locks+0xa4/0xf0 [ 203.109909][ T7855] ? tcp_sendpage+0x60/0x60 [ 203.114437][ T7855] ? lock_sock_nested+0x9a/0x120 [ 203.119418][ T7855] ? trace_hardirqs_on+0x67/0x230 [ 203.124476][ T7855] ? lock_sock_nested+0x9a/0x120 [ 203.129468][ T7855] ? __local_bh_enable_ip+0x15a/0x270 [ 203.134884][ T7855] tcp_sendmsg+0x30/0x50 [ 203.139164][ T7855] inet_sendmsg+0x147/0x5e0 [ 203.143699][ T7855] ? ipip_gro_receive+0x100/0x100 [ 203.148759][ T7855] sock_sendmsg+0xdd/0x130 [ 203.153210][ T7855] __sys_sendto+0x262/0x380 [ 203.157756][ T7855] ? __ia32_sys_getpeername+0xb0/0xb0 [ 203.163175][ T7855] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 203.169462][ T7855] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 203.174952][ T7855] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 203.180455][ T7855] ? do_syscall_64+0x26/0x610 [ 203.185159][ T7855] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 203.191272][ T7855] __x64_sys_sendto+0xe1/0x1a0 [ 203.196081][ T7855] do_syscall_64+0x103/0x610 [ 203.200707][ T7855] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 203.206624][ T7855] RIP: 0033:0x4582b9 [ 203.210536][ T7855] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 203.230154][ T7855] RSP: 002b:00007fdf6feddc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 203.238590][ T7855] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 203.246580][ T7855] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 203.254580][ T7855] RBP: 000000000073bf00 R08: 00000000208d4fe4 R09: 000000000000001c [ 203.262571][ T7855] R10: 0000000020000008 R11: 0000000000000246 R12: 00007fdf6fede6d4 [ 203.270566][ T7855] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 203.304662][ T7855] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7855 [ 203.314446][ T7855] caller is ip6_finish_output+0x335/0xdc0 [ 203.320208][ T7855] CPU: 0 PID: 7855 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 203.329249][ T7855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 203.339413][ T7855] Call Trace: [ 203.342738][ T7855] dump_stack+0x172/0x1f0 [ 203.347161][ T7855] __this_cpu_preempt_check+0x246/0x270 [ 203.352746][ T7855] ip6_finish_output+0x335/0xdc0 [ 203.357730][ T7855] ip6_output+0x235/0x7f0 [ 203.362093][ T7855] ? ip6_finish_output+0xdc0/0xdc0 [ 203.367240][ T7855] ? ip6_fragment+0x3980/0x3980 [ 203.372222][ T7855] ip6_xmit+0xe41/0x20c0 [ 203.376514][ T7855] ? ip6_finish_output2+0x2550/0x2550 [ 203.381924][ T7855] ? mark_held_locks+0xf0/0xf0 [ 203.386721][ T7855] ? ip6_setup_cork+0x1870/0x1870 [ 203.392044][ T7855] inet6_csk_xmit+0x2fb/0x5d0 [ 203.396759][ T7855] ? inet6_csk_update_pmtu+0x190/0x190 [ 203.402250][ T7855] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 203.408525][ T7855] ? csum_ipv6_magic+0x20/0x80 [ 203.413418][ T7855] __tcp_transmit_skb+0x1a32/0x3750 [ 203.418652][ T7855] ? memcpy+0x46/0x50 [ 203.422677][ T7855] ? __tcp_select_window+0x8b0/0x8b0 [ 203.428016][ T7855] ? tcp_rbtree_insert+0x188/0x200 [ 203.433175][ T7855] tcp_send_synack+0x4b0/0x15b0 [ 203.438070][ T7855] ? tcp_send_active_reset+0x8e0/0x8e0 [ 203.443567][ T7855] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 203.449856][ T7855] ? tcp_sync_mss+0x2ee/0xa30 [ 203.454573][ T7855] tcp_rcv_state_process+0x225d/0x4d93 [ 203.460077][ T7855] ? tcp_finish_connect+0x510/0x510 [ 203.465306][ T7855] ? __release_sock+0xca/0x3a0 [ 203.470115][ T7855] ? find_held_lock+0x35/0x130 [ 203.474942][ T7855] ? mark_held_locks+0xa4/0xf0 [ 203.479747][ T7855] ? __local_bh_enable_ip+0x15a/0x270 [ 203.485148][ T7855] ? _raw_spin_unlock_bh+0x31/0x40 [ 203.490292][ T7855] ? __local_bh_enable_ip+0x15a/0x270 [ 203.495701][ T7855] tcp_v6_do_rcv+0x7da/0x12c0 [ 203.500406][ T7855] ? tcp_v6_do_rcv+0x7da/0x12c0 [ 203.505293][ T7855] __release_sock+0x12e/0x3a0 [ 203.510035][ T7855] release_sock+0x59/0x1c0 [ 203.514487][ T7855] __inet_stream_connect+0x59f/0xea0 [ 203.519811][ T7855] ? inet_dgram_connect+0x2e0/0x2e0 [ 203.525048][ T7855] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 203.530452][ T7855] ? do_wait_intr_irq+0x2b0/0x2b0 [ 203.535515][ T7855] ? __lock_acquire+0x548/0x3fb0 [ 203.540583][ T7855] tcp_sendmsg_locked+0x231f/0x37f0 [ 203.545815][ T7855] ? mark_held_locks+0xf0/0xf0 [ 203.550614][ T7855] ? mark_held_locks+0xa4/0xf0 [ 203.555413][ T7855] ? tcp_sendpage+0x60/0x60 [ 203.559951][ T7855] ? lock_sock_nested+0x9a/0x120 [ 203.564927][ T7855] ? trace_hardirqs_on+0x67/0x230 [ 203.570077][ T7855] ? lock_sock_nested+0x9a/0x120 [ 203.575051][ T7855] ? __local_bh_enable_ip+0x15a/0x270 [ 203.580461][ T7855] tcp_sendmsg+0x30/0x50 [ 203.584739][ T7855] inet_sendmsg+0x147/0x5e0 [ 203.589291][ T7855] ? ipip_gro_receive+0x100/0x100 [ 203.594353][ T7855] sock_sendmsg+0xdd/0x130 [ 203.598806][ T7855] __sys_sendto+0x262/0x380 [ 203.603350][ T7855] ? __ia32_sys_getpeername+0xb0/0xb0 [ 203.608795][ T7855] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 203.615086][ T7855] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 203.620576][ T7855] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 203.626078][ T7855] ? do_syscall_64+0x26/0x610 [ 203.630781][ T7855] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 203.636912][ T7855] __x64_sys_sendto+0xe1/0x1a0 [ 203.641716][ T7855] do_syscall_64+0x103/0x610 [ 203.646347][ T7855] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 203.652266][ T7855] RIP: 0033:0x4582b9 [ 203.656212][ T7855] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 203.675835][ T7855] RSP: 002b:00007fdf6feddc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 203.684372][ T7855] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 203.692456][ T7855] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 203.700454][ T7855] RBP: 000000000073bf00 R08: 00000000208d4fe4 R09: 000000000000001c [ 203.708451][ T7855] R10: 0000000020000008 R11: 0000000000000246 R12: 00007fdf6fede6d4 [ 203.716449][ T7855] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 203.797298][ T7855] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7855 [ 203.807016][ T7855] caller is ip6_finish_output+0x335/0xdc0 [ 203.812869][ T7855] CPU: 1 PID: 7855 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 203.821906][ T7855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 203.832020][ T7855] Call Trace: [ 203.835358][ T7855] dump_stack+0x172/0x1f0 [ 203.839733][ T7855] __this_cpu_preempt_check+0x246/0x270 [ 203.845324][ T7855] ip6_finish_output+0x335/0xdc0 [ 203.850312][ T7855] ip6_output+0x235/0x7f0 [ 203.854676][ T7855] ? ip6_finish_output+0xdc0/0xdc0 [ 203.860343][ T7855] ? ip6_fragment+0x3980/0x3980 [ 203.865243][ T7855] ip6_xmit+0xe41/0x20c0 [ 203.869513][ T7855] ? find_held_lock+0x35/0x130 [ 203.874314][ T7855] ? ip6_finish_output2+0x2550/0x2550 [ 203.874344][ T7855] ? mark_held_locks+0xf0/0xf0 [ 203.874363][ T7855] ? ip6_setup_cork+0x1870/0x1870 [ 203.874399][ T7855] inet6_csk_xmit+0x2fb/0x5d0 [ 203.884583][ T7855] ? inet6_csk_update_pmtu+0x190/0x190 [ 203.884599][ T7855] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 203.884618][ T7855] ? csum_ipv6_magic+0x20/0x80 [ 203.884640][ T7855] __tcp_transmit_skb+0x1a32/0x3750 [ 203.884663][ T7855] ? __tcp_select_window+0x8b0/0x8b0 [ 203.884682][ T7855] ? tcp_mstamp_refresh+0x16/0xa0 [ 203.884701][ T7855] __tcp_send_ack.part.0+0x3c6/0x5b0 [ 203.884719][ T7855] tcp_send_ack+0x88/0xa0 [ 203.884734][ T7855] tcp_send_challenge_ack.isra.0+0x250/0x300 [ 203.884755][ T7855] tcp_validate_incoming+0x55e/0x1660 [ 203.942207][ T7855] tcp_rcv_state_process+0xb6b/0x4d93 [ 203.953000][ T7855] ? tcp_finish_connect+0x510/0x510 [ 203.958236][ T7855] ? __release_sock+0xca/0x3a0 [ 203.963032][ T7855] ? find_held_lock+0x35/0x130 [ 203.967949][ T7855] ? mark_held_locks+0xa4/0xf0 [ 203.972754][ T7855] ? __local_bh_enable_ip+0x15a/0x270 [ 203.978157][ T7855] ? _raw_spin_unlock_bh+0x31/0x40 [ 203.983302][ T7855] ? __local_bh_enable_ip+0x15a/0x270 [ 203.988739][ T7855] tcp_v6_do_rcv+0x7da/0x12c0 [ 203.991305][ T7866] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7866 [ 203.993436][ T7855] ? tcp_v6_do_rcv+0x7da/0x12c0 [ 203.993460][ T7855] __release_sock+0x12e/0x3a0 [ 203.993482][ T7855] release_sock+0x59/0x1c0 [ 203.993499][ T7855] __inet_stream_connect+0x59f/0xea0 [ 203.993535][ T7855] ? inet_dgram_connect+0x2e0/0x2e0 [ 204.002887][ T7866] caller is ip6_finish_output+0x335/0xdc0 [ 204.007999][ T7855] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 204.008015][ T7855] ? do_wait_intr_irq+0x2b0/0x2b0 [ 204.008030][ T7855] ? __lock_acquire+0x548/0x3fb0 [ 204.008048][ T7855] tcp_sendmsg_locked+0x231f/0x37f0 [ 204.008064][ T7855] ? mark_held_locks+0xf0/0xf0 [ 204.008081][ T7855] ? mark_held_locks+0xa4/0xf0 [ 204.008097][ T7855] ? tcp_sendpage+0x60/0x60 [ 204.008111][ T7855] ? lock_sock_nested+0x9a/0x120 [ 204.008126][ T7855] ? trace_hardirqs_on+0x67/0x230 [ 204.008140][ T7855] ? lock_sock_nested+0x9a/0x120 [ 204.008157][ T7855] ? __local_bh_enable_ip+0x15a/0x270 [ 204.008176][ T7855] tcp_sendmsg+0x30/0x50 [ 204.008189][ T7855] inet_sendmsg+0x147/0x5e0 [ 204.008202][ T7855] ? ipip_gro_receive+0x100/0x100 [ 204.008225][ T7855] sock_sendmsg+0xdd/0x130 [ 204.106601][ T7855] __sys_sendto+0x262/0x380 [ 204.111149][ T7855] ? __ia32_sys_getpeername+0xb0/0xb0 [ 204.116575][ T7855] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 204.122857][ T7855] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.128341][ T7855] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.133828][ T7855] ? do_syscall_64+0x26/0x610 [ 204.138555][ T7855] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.144667][ T7855] __x64_sys_sendto+0xe1/0x1a0 [ 204.149468][ T7855] do_syscall_64+0x103/0x610 [ 204.154087][ T7855] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.160009][ T7855] RIP: 0033:0x4582b9 [ 204.163921][ T7855] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 204.183545][ T7855] RSP: 002b:00007fdf6feddc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c 20:08:09 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000540)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x2000000000000000) 20:08:09 executing program 0: r0 = mq_open(&(0x7f0000000040)='-,\x00\xf5*\xeb\xba\xd9\xab\xe1\x8a\xdd\nME\xff\a\x17\x97`\xb2j\xa3', 0x0, 0x0, 0x0) mq_timedreceive(r0, 0x0, 0x0, 0x0, 0x0) 20:08:09 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e23}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(0xffffffffffffffff, 0x7d3) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffff9c, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000080)={0x0, @in6={{0xa, 0x4e24, 0x9, @local, 0x1}}, 0x0, 0x0, 0x401, 0x5, 0x5c32d93b}, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) 20:08:09 executing program 4: ioctl$EVIOCGABS20(0xffffffffffffffff, 0x80184560, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KDSKBLED(0xffffffffffffffff, 0x4b65, 0x0) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x2, 0x0) ioctl$VIDIOC_G_DV_TIMINGS(r1, 0xc0845658, &(0x7f0000000080)={0x0, @bt={0xfffffffffffffff8, 0x800, 0x0, 0x3, 0x7, 0x2, 0x10001, 0xfffffffffffffff8, 0x114d, 0xfff, 0x0, 0x7, 0x9, 0x4, 0x5e87be6295e08898}}) openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$binfmt_aout(r0, 0x0, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r1, 0x0, 0x482, 0x0, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f00000000c0)={@mcast2, 0x81}) sched_setaffinity(0x0, 0x5, &(0x7f0000000580)=0x6) getsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000003c0), &(0x7f00000004c0)=0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x10000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000300)=0x14) accept4$packet(0xffffffffffffff9c, &(0x7f0000000940)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000980)=0x14, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x19, 0x35, &(0x7f0000000a40)=ANY=[@ANYBLOB="0500db44c7450000ffffffff2d020000000000e556b35eb80065040400010000000404006f1937867ba5bcbc39e1ffaf87f528c65200e414000000000000000000269476ff2ee4c780dcd08a75717412404981777a47c0b139d29e849e20f7dcf9edd06fcfe0f700f80348201b17bebd3d05378dbd901b0454b3bbdfcb8fe63dce1205e9b42f4be1609f88bd8a845b67139fd0b13acc5345c957209e0c463aeaf2ac4807449d97ca3e7b25c70db0c838e06d9459a650c4a6ecdc1b880ef0d0cb3320c06012da6c53a5120bacde541b00a27fc87a5bb7b315fab2c6351266ff9524375058922b4763303edfa5dbceb011748b92fb932a4d66dfe2f605a0df9fc39c0df25157fbc26627fd1a8341444edbae9e772bef3d10ef16b893b31f270ff9abb60f724686d036c99997264ee9f80aec3e9d19532767c306ed63d8fc22d36306c1def8aec580669c3801d641be449079470a980e731d1b7340c332c1128732e88142de25d45a9cf87c9a0538fc250ee949222f1202beddbaac38a6a69efd6cdb36d0f88c5a06b8aebaa02bc17d0a25c6363e93fb77449ede19b469e3250b7ca213691d389966c4bed1f3d14093"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], r4, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) socket$inet6(0xa, 0x2, 0xfd9) ioctl(r3, 0x10001, &(0x7f0000000100)="153f6234488dd25d766070") socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = socket(0xa, 0x3, 0x8) r7 = syz_open_dev$amidi(&(0x7f0000000340)='/dev/amidi#\x00', 0x80009c4, 0x70000) ioctl$TIOCGSID(r7, 0x5429, &(0x7f0000000400)=0x0) ioctl$sock_FIOSETOWN(r5, 0x8901, &(0x7f0000000440)=r8) ioctl$sock_inet_SIOCSIFFLAGS(r6, 0x89a2, &(0x7f0000000180)={'bridge0\x00\x00\x01\x00', 0x4}) setsockopt$sock_int(r6, 0x1, 0x23, &(0x7f0000000800), 0x4) ioctl$RTC_WKALM_RD(r7, 0x80287010, &(0x7f00000002c0)) setsockopt$IP_VS_SO_SET_DELDEST(r6, 0x0, 0x488, &(0x7f0000000080)={{0x69, @remote, 0x4e24, 0x200000000, 'lblcr\x00', 0x1e, 0x0, 0x13}, {@remote, 0x4e21, 0x7, 0xffff, 0x7f, 0x2}}, 0x44) 20:08:09 executing program 1: getpgid(0x0) sched_setscheduler(0x0, 0x5, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nullb0\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r1, 0x0) write$binfmt_misc(r1, &(0x7f0000000900)=ANY=[@ANYBLOB="000000008e9464a206bd25e188bc0994ddc3d95c5e6dec2aa5588b8bff2e1c2222551fbc604e3e3b37d33db65ff8d115168aaccef4eeb7e1eb24c5700ebdff10ece5ca1f61e06965b298c8ce3dd02c68a147a8ec7063e732be04fec951f934879ed74cfde53d9a4f0dd315fd4b8b8ca68aa7d1b08841e555727e8c767ee245828827867edc7a1153576dd34779fce9ab868692959c00a04e576d3c530d6671d7f1e3a0389707571c3366af65da074a0ff9ec2bcecfaf942b0b4dd95b532479a7c2c73146d1e82cb0b679aa2aafadc8ff4162836a56718e77701ac5fdce60d3eb930e56672227814408cbef5bc446372ad430cc00000000000000"], 0xfa) io_setup(0x101, &(0x7f0000000040)=0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, 0x0) shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000500)=""/248) io_submit(r2, 0x2000000000000246, &(0x7f0000001540)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000), 0xfffffce4}]) [ 204.191987][ T7855] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 204.199988][ T7855] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 204.207990][ T7855] RBP: 000000000073bf00 R08: 00000000208d4fe4 R09: 000000000000001c [ 204.215986][ T7855] R10: 0000000020000008 R11: 0000000000000246 R12: 00007fdf6fede6d4 [ 204.223984][ T7855] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 204.232013][ T7866] CPU: 0 PID: 7866 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 204.241076][ T7866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 204.251187][ T7866] Call Trace: [ 204.254514][ T7866] dump_stack+0x172/0x1f0 [ 204.258881][ T7866] __this_cpu_preempt_check+0x246/0x270 [ 204.264472][ T7866] ip6_finish_output+0x335/0xdc0 [ 204.269453][ T7866] ip6_output+0x235/0x7f0 [ 204.273833][ T7866] ? ip6_finish_output+0xdc0/0xdc0 [ 204.279001][ T7866] ? ip6_fragment+0x3980/0x3980 [ 204.283908][ T7866] ip6_xmit+0xe41/0x20c0 [ 204.288224][ T7866] ? ip6_finish_output2+0x2550/0x2550 [ 204.293638][ T7866] ? mark_held_locks+0xf0/0xf0 [ 204.298435][ T7866] ? ip6_setup_cork+0x1870/0x1870 [ 204.303533][ T7866] inet6_csk_xmit+0x2fb/0x5d0 [ 204.308247][ T7866] ? inet6_csk_update_pmtu+0x190/0x190 [ 204.313735][ T7866] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.313965][ T7877] QAT: Invalid ioctl [ 204.320032][ T7866] ? csum_ipv6_magic+0x20/0x80 [ 204.320056][ T7866] __tcp_transmit_skb+0x1a32/0x3750 [ 204.320083][ T7866] ? __tcp_select_window+0x8b0/0x8b0 [ 204.320106][ T7866] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.320124][ T7866] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 204.320139][ T7866] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 204.320154][ T7866] tcp_connect+0x1e47/0x4280 [ 204.320179][ T7866] ? tcp_push_one+0x110/0x110 [ 204.366762][ T7866] ? secure_tcpv6_ts_off+0x24f/0x360 [ 204.372154][ T7866] ? secure_dccpv6_sequence_number+0x280/0x280 [ 204.378346][ T7866] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.384629][ T7866] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.390911][ T7866] ? prandom_u32_state+0x13/0x180 [ 204.395984][ T7866] tcp_v6_connect+0x150b/0x20a0 [ 204.400891][ T7866] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 204.406300][ T7866] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 204.411613][ T7866] ? __switch_to_asm+0x34/0x70 [ 204.416410][ T7866] ? __switch_to_asm+0x40/0x70 [ 204.421221][ T7866] ? find_held_lock+0x35/0x130 [ 204.426070][ T7866] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 204.431746][ T7866] __inet_stream_connect+0x83f/0xea0 [ 204.437068][ T7866] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 204.440675][ T7876] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7876 [ 204.442377][ T7866] ? __inet_stream_connect+0x83f/0xea0 [ 204.442404][ T7866] ? inet_dgram_connect+0x2e0/0x2e0 [ 204.442423][ T7866] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 204.442452][ T7866] ? rcu_read_lock_sched_held+0x110/0x130 [ 204.451896][ T7876] caller is ip6_finish_output+0x335/0xdc0 [ 204.457235][ T7866] ? kmem_cache_alloc_trace+0x354/0x760 [ 204.457250][ T7866] ? __lock_acquire+0x548/0x3fb0 [ 204.457275][ T7866] tcp_sendmsg_locked+0x231f/0x37f0 [ 204.457292][ T7866] ? mark_held_locks+0xf0/0xf0 [ 204.457313][ T7866] ? mark_held_locks+0xa4/0xf0 [ 204.504589][ T7866] ? tcp_sendpage+0x60/0x60 [ 204.509123][ T7866] ? lock_sock_nested+0x9a/0x120 [ 204.514089][ T7866] ? trace_hardirqs_on+0x67/0x230 [ 204.519140][ T7866] ? lock_sock_nested+0x9a/0x120 [ 204.524105][ T7866] ? __local_bh_enable_ip+0x15a/0x270 [ 204.529510][ T7866] tcp_sendmsg+0x30/0x50 [ 204.533782][ T7866] inet_sendmsg+0x147/0x5e0 [ 204.538319][ T7866] ? ipip_gro_receive+0x100/0x100 [ 204.543376][ T7866] sock_sendmsg+0xdd/0x130 [ 204.547825][ T7866] __sys_sendto+0x262/0x380 [ 204.552361][ T7866] ? __ia32_sys_getpeername+0xb0/0xb0 [ 204.557776][ T7866] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 204.564156][ T7866] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.569658][ T7866] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.575142][ T7866] ? do_syscall_64+0x26/0x610 [ 204.579847][ T7866] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.585952][ T7866] __x64_sys_sendto+0xe1/0x1a0 [ 204.590763][ T7866] do_syscall_64+0x103/0x610 [ 204.595386][ T7866] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.601302][ T7866] RIP: 0033:0x4582b9 [ 204.605222][ T7866] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 204.624866][ T7866] RSP: 002b:00007fdf6fe7ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 204.633295][ T7866] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 204.641284][ T7866] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 204.649280][ T7866] RBP: 000000000073c0e0 R08: 00000000208d4fe4 R09: 000000000000001c [ 204.657268][ T7866] R10: 0000000020000008 R11: 0000000000000246 R12: 00007fdf6fe7b6d4 [ 204.665254][ T7866] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 204.673279][ T7876] CPU: 1 PID: 7876 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 204.697878][ T7876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 204.707959][ T7876] Call Trace: [ 204.711288][ T7876] dump_stack+0x172/0x1f0 [ 204.715666][ T7876] __this_cpu_preempt_check+0x246/0x270 [ 204.721247][ T7876] ip6_finish_output+0x335/0xdc0 [ 204.726227][ T7876] ip6_output+0x235/0x7f0 [ 204.730590][ T7876] ? ip6_finish_output+0xdc0/0xdc0 [ 204.735727][ T7876] ? retint_kernel+0x2d/0x2d [ 204.740363][ T7876] ? ip6_fragment+0x3980/0x3980 [ 204.745236][ T7876] ? ip6_finish_output+0xdc0/0xdc0 [ 204.750389][ T7876] ip6_xmit+0xe41/0x20c0 [ 204.754669][ T7876] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.760184][ T7876] ? ip6_finish_output2+0x2550/0x2550 [ 204.765682][ T7876] ? mark_held_locks+0xf0/0xf0 [ 204.770489][ T7876] ? ip6_setup_cork+0x1870/0x1870 [ 204.775580][ T7876] sctp_v6_xmit+0x313/0x660 [ 204.780141][ T7876] sctp_packet_transmit+0x1bc4/0x36f0 [ 204.785576][ T7876] ? sctp_packet_config+0xfe0/0xfe0 [ 204.790810][ T7876] ? sctp_packet_append_chunk+0x946/0xda0 [ 204.796558][ T7876] ? __sanitizer_cov_trace_switch+0x3c/0x80 [ 204.802566][ T7876] sctp_outq_flush_ctrl.constprop.0+0x6d4/0xd50 [ 204.808840][ T7876] ? sctp_prsctp_prune_sent.isra.0+0x820/0x820 [ 204.815034][ T7876] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.820531][ T7876] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.826107][ T7876] sctp_outq_flush+0xe8/0x2780 [ 204.826134][ T7876] ? _raw_spin_unlock_irqrestore+0x95/0xe0 [ 204.826147][ T7876] ? __sctp_outq_teardown+0xc60/0xc60 [ 204.826169][ T7876] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 204.826180][ T7876] ? sctp_outq_tail+0x68c/0x930 [ 204.826195][ T7876] sctp_outq_uncork+0x6c/0x80 [ 204.826208][ T7876] sctp_do_sm+0x2575/0x5770 [ 204.826224][ T7876] ? sctp_hash_transport+0xdb1/0x18d0 [ 204.826248][ T7876] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 204.826263][ T7876] ? __local_bh_enable_ip+0x15a/0x270 [ 204.826288][ T7876] ? lock_downgrade+0x880/0x880 [ 204.885374][ T7876] ? mark_held_locks+0xa4/0xf0 [ 204.890165][ T7876] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.890182][ T7876] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.890198][ T7876] ? lockdep_hardirqs_on+0x418/0x5d0 [ 204.890215][ T7876] ? retint_kernel+0x2d/0x2d [ 204.890231][ T7876] ? trace_hardirqs_on_caller+0x6a/0x220 [ 204.890250][ T7876] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.890283][ T7876] sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 204.927644][ T7876] __sctp_connect+0x8cd/0xce0 [ 204.927671][ T7876] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 204.927697][ T7876] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 204.927712][ T7876] ? _copy_from_user+0xdd/0x150 [ 204.927733][ T7876] ? security_sctp_bind_connect+0x99/0xd0 [ 204.927757][ T7876] __sctp_setsockopt_connectx+0x133/0x1a0 [ 204.938043][ T7876] sctp_setsockopt+0x15db/0x6fe0 [ 204.938067][ T7876] ? sctp_setsockopt_paddr_thresholds+0x540/0x540 [ 204.938091][ T7876] ? ___might_sleep+0x163/0x280 [ 204.938107][ T7876] ? __might_sleep+0x95/0x190 [ 204.938126][ T7876] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 204.938150][ T7876] ? aa_sk_perm+0x288/0x880 [ 204.969642][ T7877] bridge0: port 3(gretap0) entered blocking state 20:08:10 executing program 3: r0 = syz_open_dev$usb(&(0x7f0000000100)='/dev/bus/usb/00#/00#\x00', 0x201, 0x800000002009) ioctl$FS_IOC_FSGETXATTR(r0, 0x80045515, &(0x7f00000000c0)) 20:08:10 executing program 5: openat$full(0xffffffffffffff9c, 0x0, 0x8, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000380)='keyring\x00', &(0x7f00000003c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000480)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f00000009c0)="585ccbc4ed83b836c1a6474914dc5500b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e330897501f9007b6b482550829e022b8753a188748c569f435fb3bae96efb74b50ec93c2db8eae3198a29e5c0cfc60000ce0637ce0080b4ec24c53d86571ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3d009d308bd73f47725390000000000000000000000000000000000000000000000195e23", 0xc0, r0) r2 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f0000000100)='\x00', 0x1, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000000)={r2, r1, r2}, &(0x7f0000000700)=""/243, 0xf3, &(0x7f0000000040)={&(0x7f0000000580)={'streebog256-generic\x00\x00\x00\x00\x00@\x00'}}) ioctl$BLKTRACESTOP(0xffffffffffffffff, 0x1275, 0x0) r3 = openat$nullb(0xffffffffffffff9c, 0x0, 0x8000, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x83, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x2) ioctl$BLKZEROOUT(r3, 0x127f, 0x0) 20:08:10 executing program 0: capset(&(0x7f0000000040)={0x24020019980330}, &(0x7f0000000140)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) r1 = dup(r0) ioctl$TIOCSLCKTRMIOS(r1, 0x5457, 0x0) [ 204.976933][ T7876] ? retint_kernel+0x2d/0x2d [ 204.976960][ T7876] ? aa_sock_opt_perm.isra.0+0xa1/0x130 [ 204.976991][ T7876] sock_common_setsockopt+0x9a/0xe0 [ 204.977014][ T7876] __sys_setsockopt+0x180/0x280 [ 204.977044][ T7876] ? kernel_accept+0x310/0x310 [ 205.022036][ T7877] bridge0: port 3(gretap0) entered disabled state [ 205.023255][ T7876] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 205.023273][ T7876] ? do_syscall_64+0x26/0x610 [ 205.023290][ T7876] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.023304][ T7876] ? do_syscall_64+0x26/0x610 [ 205.023326][ T7876] __x64_sys_setsockopt+0xbe/0x150 [ 205.023351][ T7876] do_syscall_64+0x103/0x610 [ 205.060439][ T7876] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.066362][ T7876] RIP: 0033:0x4582b9 [ 205.070281][ T7876] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 205.089943][ T7876] RSP: 002b:00007fd7f89d6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 205.098387][ T7876] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004582b9 [ 205.106376][ T7876] RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000005 [ 205.114362][ T7876] RBP: 000000000073bf00 R08: 000000000000001c R09: 0000000000000000 [ 205.122349][ T7876] R10: 000000002055bfe4 R11: 0000000000000246 R12: 00007fd7f89d76d4 [ 205.130347][ T7876] R13: 00000000004cd198 R14: 00000000004dafa0 R15: 00000000ffffffff [ 205.164600][ T7890] capability: warning: `syz-executor.0' uses 32-bit capabilities (legacy support in use) 20:08:11 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x6, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000f, 0x13, r0, 0x0) io_setup(0x101, &(0x7f0000000040)) [ 205.294629][ T7887] QAT: Invalid ioctl [ 205.323390][ T7892] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7892 [ 205.333071][ T7892] caller is ip6_finish_output+0x335/0xdc0 [ 205.338911][ T7892] CPU: 1 PID: 7892 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 205.347971][ T7892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 205.347990][ T7892] Call Trace: [ 205.348024][ T7892] dump_stack+0x172/0x1f0 [ 205.348053][ T7892] __this_cpu_preempt_check+0x246/0x270 [ 205.348076][ T7892] ip6_finish_output+0x335/0xdc0 [ 205.348101][ T7892] ip6_output+0x235/0x7f0 [ 205.348123][ T7892] ? ip6_finish_output+0xdc0/0xdc0 [ 205.348148][ T7892] ? ip6_fragment+0x3980/0x3980 [ 205.390855][ T7892] ? kasan_check_read+0x11/0x20 [ 205.390881][ T7892] ip6_xmit+0xe41/0x20c0 [ 205.390908][ T7892] ? ip6_finish_output2+0x2550/0x2550 [ 205.405438][ T7892] ? mark_held_locks+0xf0/0xf0 [ 205.410246][ T7892] ? perf_trace_lock+0x510/0x510 [ 205.415222][ T7892] ? ip6_setup_cork+0x1870/0x1870 [ 205.420295][ T7892] sctp_v6_xmit+0x313/0x660 [ 205.424835][ T7892] sctp_packet_transmit+0x1bc4/0x36f0 [ 205.430261][ T7892] ? sctp_packet_config+0xfe0/0xfe0 [ 205.435492][ T7892] ? sctp_packet_append_chunk+0x946/0xda0 [ 205.441278][ T7892] ? sctp_outq_select_transport+0x21a/0x790 [ 205.447206][ T7892] sctp_outq_flush_ctrl.constprop.0+0x6d4/0xd50 [ 205.453478][ T7892] ? sctp_prsctp_prune_sent.isra.0+0x820/0x820 [ 205.459698][ T7892] ? lock_downgrade+0x880/0x880 [ 205.464632][ T7892] ? add_timer+0x400/0x930 [ 205.469079][ T7892] ? find_held_lock+0x35/0x130 [ 205.473869][ T7892] ? add_timer+0x41e/0x930 [ 205.478315][ T7892] sctp_outq_flush+0xe8/0x2780 [ 205.483107][ T7892] ? mark_held_locks+0xa4/0xf0 [ 205.487902][ T7892] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 205.493730][ T7892] ? add_timer+0x41e/0x930 [ 205.498167][ T7892] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 205.504001][ T7892] ? lockdep_hardirqs_on+0x418/0x5d0 [ 205.509311][ T7892] ? trace_hardirqs_on+0x67/0x230 [ 205.514377][ T7892] ? __sctp_outq_teardown+0xc60/0xc60 [ 205.519804][ T7892] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 205.526069][ T7892] ? sctp_outq_tail+0x68c/0x930 [ 205.530946][ T7892] sctp_outq_uncork+0x6c/0x80 [ 205.535660][ T7892] sctp_do_sm+0x2575/0x5770 [ 205.540194][ T7892] ? sctp_hash_transport+0xdb1/0x18d0 [ 205.545691][ T7892] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 205.552394][ T7892] ? __local_bh_enable_ip+0x15a/0x270 [ 205.557800][ T7892] ? lock_downgrade+0x880/0x880 [ 205.562678][ T7892] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 205.568955][ T7892] ? kasan_check_read+0x11/0x20 [ 205.573845][ T7892] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 205.580114][ T7892] ? sctp_hash_transport+0x10b/0x18d0 [ 205.585539][ T7892] ? memcpy+0x46/0x50 [ 205.589551][ T7892] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 205.595817][ T7892] ? sctp_assoc_set_primary+0x274/0x310 [ 205.601423][ T7892] sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 205.606912][ T7892] __sctp_connect+0x8cd/0xce0 [ 205.611623][ T7892] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 205.617207][ T7892] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 205.623475][ T7892] ? _copy_from_user+0xdd/0x150 [ 205.628363][ T7892] ? security_sctp_bind_connect+0x99/0xd0 [ 205.634118][ T7892] __sctp_setsockopt_connectx+0x133/0x1a0 [ 205.639875][ T7892] sctp_setsockopt+0x15db/0x6fe0 [ 205.644847][ T7892] ? sctp_setsockopt_paddr_thresholds+0x540/0x540 [ 205.651287][ T7892] ? lockdep_hardirqs_on+0x418/0x5d0 [ 205.656593][ T7892] ? retint_kernel+0x2d/0x2d [ 205.661211][ T7892] ? trace_hardirqs_on_caller+0x6a/0x220 [ 205.666877][ T7892] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 205.672391][ T7892] ? retint_kernel+0x2d/0x2d [ 205.677027][ T7892] ? sock_common_setsockopt+0x26/0xe0 [ 205.682435][ T7892] sock_common_setsockopt+0x9a/0xe0 [ 205.687671][ T7892] __sys_setsockopt+0x180/0x280 [ 205.692559][ T7892] ? kernel_accept+0x310/0x310 [ 205.697382][ T7892] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 205.702876][ T7892] ? do_syscall_64+0x26/0x610 [ 205.707599][ T7892] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.713697][ T7892] ? do_syscall_64+0x26/0x610 [ 205.718421][ T7892] __x64_sys_setsockopt+0xbe/0x150 [ 205.725703][ T7892] do_syscall_64+0x103/0x610 [ 205.730346][ T7892] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.736256][ T7892] RIP: 0033:0x4582b9 [ 205.740167][ T7892] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 205.759880][ T7892] RSP: 002b:00007fd7f89b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 205.768312][ T7892] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004582b9 20:08:11 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070") r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0) ioctl$BLKTRACETEARDOWN(r1, 0x227f, 0x0) 20:08:11 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x0) getpgrp(0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvfrom(r0, &(0x7f00000002c0)=""/203, 0x0, 0x20, &(0x7f0000000240)=@nl, 0x707000) [ 205.776299][ T7892] RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000008 [ 205.784290][ T7892] RBP: 000000000073bfa0 R08: 000000000000001c R09: 0000000000000000 [ 205.792284][ T7892] R10: 000000002055bfe4 R11: 0000000000000246 R12: 00007fd7f89b66d4 [ 205.800279][ T7892] R13: 00000000004cd198 R14: 00000000004dafa0 R15: 00000000ffffffff 20:08:11 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x804) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f00000001c0)=[@acquire], 0x0, 0x0, 0x0}) close(r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)}) 20:08:11 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e23}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(0xffffffffffffffff, 0x7d3) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffff9c, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000080)={0x0, @in6={{0xa, 0x4e24, 0x9, @local, 0x1}}, 0x0, 0x0, 0x401, 0x5, 0x5c32d93b}, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) [ 205.837222][ T7877] device gretap0 entered promiscuous mode [ 205.892677][ T7877] bridge0: port 3(gretap0) entered blocking state [ 205.899349][ T7877] bridge0: port 3(gretap0) entered forwarding state [ 206.014357][ T7915] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7915 [ 206.024470][ T7915] caller is ip6_finish_output+0x335/0xdc0 [ 206.030298][ T7915] CPU: 0 PID: 7915 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 206.039337][ T7915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 206.039345][ T7915] Call Trace: [ 206.039372][ T7915] dump_stack+0x172/0x1f0 [ 206.039396][ T7915] __this_cpu_preempt_check+0x246/0x270 [ 206.039416][ T7915] ip6_finish_output+0x335/0xdc0 [ 206.039439][ T7915] ip6_output+0x235/0x7f0 [ 206.072075][ T7915] ? ip6_finish_output+0xdc0/0xdc0 [ 206.077224][ T7915] ? ip6_fragment+0x3980/0x3980 [ 206.082105][ T7915] ? kasan_check_read+0x11/0x20 [ 206.086992][ T7915] ip6_xmit+0xe41/0x20c0 [ 206.091279][ T7915] ? ip6_finish_output2+0x2550/0x2550 [ 206.096695][ T7915] ? ip6_setup_cork+0x1870/0x1870 [ 206.101773][ T7915] sctp_v6_xmit+0x313/0x660 [ 206.106313][ T7915] sctp_packet_transmit+0x1bc4/0x36f0 [ 206.111737][ T7915] ? sctp_packet_config+0xfe0/0xfe0 [ 206.116967][ T7915] ? sctp_packet_append_chunk+0x946/0xda0 [ 206.122721][ T7915] ? sctp_outq_select_transport+0x21a/0x790 [ 206.128649][ T7915] sctp_outq_flush_ctrl.constprop.0+0x6d4/0xd50 [ 206.134931][ T7915] ? sctp_prsctp_prune_sent.isra.0+0x820/0x820 [ 206.141108][ T7915] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 206.146601][ T7915] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 206.152094][ T7915] sctp_outq_flush+0xe8/0x2780 [ 206.156899][ T7915] ? _raw_spin_unlock_irqrestore+0x95/0xe0 [ 206.162743][ T7915] ? __sctp_outq_teardown+0xc60/0xc60 [ 206.168164][ T7915] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 206.174431][ T7915] ? sctp_outq_tail+0x68c/0x930 [ 206.179323][ T7915] sctp_outq_uncork+0x6c/0x80 [ 206.184043][ T7915] sctp_do_sm+0x2575/0x5770 [ 206.188575][ T7915] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 206.194077][ T7915] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 206.200792][ T7915] ? lock_downgrade+0x880/0x880 [ 206.205667][ T7915] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 206.211937][ T7915] ? mark_held_locks+0xa4/0xf0 [ 206.216755][ T7915] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 206.223033][ T7915] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 206.228524][ T7915] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 206.234016][ T7915] ? lockdep_hardirqs_on+0x418/0x5d0 [ 206.239335][ T7915] ? retint_kernel+0x2d/0x2d [ 206.243955][ T7915] ? trace_hardirqs_on_caller+0x6a/0x220 [ 206.249637][ T7915] ? retint_kernel+0x2d/0x2d [ 206.254271][ T7915] sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 206.259678][ T7915] __sctp_connect+0x8cd/0xce0 [ 206.264395][ T7915] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 206.269993][ T7915] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 206.276263][ T7915] ? _copy_from_user+0xdd/0x150 [ 206.281331][ T7915] ? security_sctp_bind_connect+0x99/0xd0 [ 206.287090][ T7915] __sctp_setsockopt_connectx+0x133/0x1a0 [ 206.292846][ T7915] sctp_setsockopt+0x15db/0x6fe0 [ 206.297816][ T7915] ? sctp_setsockopt_paddr_thresholds+0x540/0x540 [ 206.304298][ T7915] ? lockdep_hardirqs_on+0x418/0x5d0 [ 206.309614][ T7915] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 206.315103][ T7915] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 206.320592][ T7915] ? lockdep_hardirqs_on+0x418/0x5d0 [ 206.325906][ T7915] ? retint_kernel+0x2d/0x2d [ 206.330534][ T7915] ? trace_hardirqs_on_caller+0x6a/0x220 [ 206.336199][ T7915] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 206.341689][ T7915] ? retint_kernel+0x2d/0x2d [ 206.346313][ T7915] sock_common_setsockopt+0x9a/0xe0 [ 206.351542][ T7915] __sys_setsockopt+0x180/0x280 [ 206.356428][ T7915] ? kernel_accept+0x310/0x310 [ 206.361230][ T7915] __x64_sys_setsockopt+0xbe/0x150 [ 206.366368][ T7915] ? do_syscall_64+0x5b/0x610 [ 206.371078][ T7915] do_syscall_64+0x103/0x610 [ 206.375695][ T7915] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 206.381658][ T7915] RIP: 0033:0x4582b9 [ 206.385566][ T7915] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 206.405181][ T7915] RSP: 002b:00007fd7f89d6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 20:08:11 executing program 3: r0 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r0, &(0x7f0000000540)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) [ 206.413604][ T7915] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004582b9 [ 206.421678][ T7915] RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000005 [ 206.429665][ T7915] RBP: 000000000073bf00 R08: 000000000000001c R09: 0000000000000000 [ 206.437739][ T7915] R10: 000000002055bfe4 R11: 0000000000000246 R12: 00007fd7f89d76d4 [ 206.445724][ T7915] R13: 00000000004cd198 R14: 00000000004dafa0 R15: 00000000ffffffff 20:08:12 executing program 4: ioctl$EVIOCGABS20(0xffffffffffffffff, 0x80184560, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KDSKBLED(0xffffffffffffffff, 0x4b65, 0x0) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x2, 0x0) ioctl$VIDIOC_G_DV_TIMINGS(r1, 0xc0845658, &(0x7f0000000080)={0x0, @bt={0xfffffffffffffff8, 0x800, 0x0, 0x3, 0x7, 0x2, 0x10001, 0xfffffffffffffff8, 0x114d, 0xfff, 0x0, 0x7, 0x9, 0x4, 0x5e87be6295e08898}}) openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$binfmt_aout(r0, 0x0, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r1, 0x0, 0x482, 0x0, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f00000000c0)={@mcast2, 0x81}) sched_setaffinity(0x0, 0x5, &(0x7f0000000580)=0x6) getsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000003c0), &(0x7f00000004c0)=0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x10000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000300)=0x14) accept4$packet(0xffffffffffffff9c, &(0x7f0000000940)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000980)=0x14, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x19, 0x35, &(0x7f0000000a40)=ANY=[@ANYBLOB="0500db44c7450000ffffffff2d020000000000e556b35eb80065040400010000000404006f1937867ba5bcbc39e1ffaf87f528c65200e414000000000000000000269476ff2ee4c780dcd08a75717412404981777a47c0b139d29e849e20f7dcf9edd06fcfe0f700f80348201b17bebd3d05378dbd901b0454b3bbdfcb8fe63dce1205e9b42f4be1609f88bd8a845b67139fd0b13acc5345c957209e0c463aeaf2ac4807449d97ca3e7b25c70db0c838e06d9459a650c4a6ecdc1b880ef0d0cb3320c06012da6c53a5120bacde541b00a27fc87a5bb7b315fab2c6351266ff9524375058922b4763303edfa5dbceb011748b92fb932a4d66dfe2f605a0df9fc39c0df25157fbc26627fd1a8341444edbae9e772bef3d10ef16b893b31f270ff9abb60f724686d036c99997264ee9f80aec3e9d19532767c306ed63d8fc22d36306c1def8aec580669c3801d641be449079470a980e731d1b7340c332c1128732e88142de25d45a9cf87c9a0538fc250ee949222f1202beddbaac38a6a69efd6cdb36d0f88c5a06b8aebaa02bc17d0a25c6363e93fb77449ede19b469e3250b7ca213691d389966c4bed1f3d14093"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], r4, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) socket$inet6(0xa, 0x2, 0xfd9) ioctl(r3, 0x10001, &(0x7f0000000100)="153f6234488dd25d766070") socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = socket(0xa, 0x3, 0x8) r7 = syz_open_dev$amidi(&(0x7f0000000340)='/dev/amidi#\x00', 0x80009c4, 0x70000) ioctl$TIOCGSID(r7, 0x5429, &(0x7f0000000400)=0x0) ioctl$sock_FIOSETOWN(r5, 0x8901, &(0x7f0000000440)=r8) ioctl$sock_inet_SIOCSIFFLAGS(r6, 0x89a2, &(0x7f0000000180)={'bridge0\x00\x00\x01\x00', 0x4}) setsockopt$sock_int(r6, 0x1, 0x23, &(0x7f0000000800), 0x4) ioctl$RTC_WKALM_RD(r7, 0x80287010, &(0x7f00000002c0)) setsockopt$IP_VS_SO_SET_DELDEST(r6, 0x0, 0x488, &(0x7f0000000080)={{0x69, @remote, 0x4e24, 0x200000000, 'lblcr\x00', 0x1e, 0x0, 0x13}, {@remote, 0x4e21, 0x7, 0xffff, 0x7f, 0x2}}, 0x44) [ 206.462097][ T7922] binder: 7918:7922 tried to acquire reference to desc 0, got 1 instead [ 206.484952][ T7920] binder: 7918:7920 unknown command 536872576 [ 206.506444][ T7920] binder: 7918:7920 ioctl c0306201 20008fd0 returned -22 [ 206.522602][ T7927] QAT: Invalid ioctl 20:08:12 executing program 3: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs\x00', 0x0, 0x0) ioctl(r1, 0x2, &(0x7f0000000500)="51d57dcf11295a97c6ad459d5ee5f78e01e6108ceec938a99d7d26639eea1affe0b45c4d8a534efb446d19faebe2c6781ec612c845c3c563f93458fe987a394c91cfce3ee642afc2bdd56bc294b9dbf11427161bb7c2c51ac35192") fstat(r0, &(0x7f0000000140)) sendto$inet6(r1, &(0x7f0000000580)="9dc5aa44fae083901a08b7074cde52535012184d10deb075fd9ce830aa85205c2c1c52811d80a927ed8b906a0c8a6edb3eb86e292ccf937725549ef83971c8ec90e9eb143ae0508be0e9805a8ffb1924cf0fb4196e31e9d64cc9", 0x5a, 0x44855, 0x0, 0x0) write$FUSE_ATTR(r1, &(0x7f0000000240)={0x78, 0x0, 0x2, {0x0, 0x1000, 0x0, {0x4, 0x8001, 0x9, 0x200000000000000, 0x8, 0x5, 0x3f, 0x0, 0xffffffffffffff85, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x4}}}, 0x78) write$cgroup_pid(r1, &(0x7f00000004c0), 0x12) ioctl$sock_kcm_SIOCKCMUNATTACH(r1, 0x89e1, &(0x7f0000000440)={r1}) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='/\x00~WM\x00\x030\x80\x90\"\xcf\xde&U]\xc9\xec\xfe\x19t@n\xda\xd3\x83dx-c\xb6a(T\xb9\xe4\x9d\xbd\xca\xefq\x81\x97\xe3~\x87\n0\x8b\x1e:y\x8f\xa7\x88\xa4m0%\xef\x93>Q\x82\x8a\xb6u\x06N*\xdb\xe9\x12d#\xb4\xa7=h\xfb&9m\xb2\xf1`\xd4\x9c\xb6\xcc\xe7l\'(\x9aO\x9d\tsT\xaa\xa5\x86\r#\x83\xdf\x87Rk\xaa\x18M\x90\xbbw)6l\x17\xbc3\xd7e\xe9\xbc/\x88*\x13\xf3\xa9\xc1\xf6\x06`\xbdO\xd2\xfa1\xd2\xc0\xa7u$\r$\xde\xd5@i\x18\xa6k,u\xc4?\xe1\xffE\x8a\xe5\xcd\x9f\xecc\x03\x9b\xa5\xa7\xb6j`\xed\xe5\xcc\xda\xbc~\xe7v`\xef#X\xcc\xdf\xf0\"&\x02\x13\x84\xb0\xc25\xf1\x14\xed\x9a\xde\x92vz\xec\xc2V\xac\xde\xb6\x10\xdfB\xe7\x16\x9f$\x03W\xf75\xae_\xe2\x90\x17\xe5\x1e\'%/H\xb9[\xfb\xbb:\x86U5)\x8b\xdc6\xd7\x1d\xb65\xf4\x1cWw\x1d\xb7z\xea\xff\x88?\xeb=\xc3\xcc$\xbd<\x03n9j\xd3\xaf7\x94PX\x83\x9e\x81\"p\xbc@\x90\x1f\xa6T\xe7\xcc2\x92\xa8/\xc8\f7M\xc0qB\xa1\xc2\xe9\xd3\xe2R\x8eO\xda\xc3+\xca\xef\xe9\x10\xeb\xd3\xb9H\xa3\xbf\xeb\xef_\xa8\xd8$s\xc7\xfb\xf3\xec', 0x0, 0x0) fcntl$notify(r2, 0x402, 0x800000000000000d) fcntl$notify(r2, 0x402, 0x0) getsockopt$bt_BT_FLUSHABLE(r1, 0x112, 0x8, 0x0, &(0x7f00000002c0)) syz_mount_image$ext4(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, &(0x7f00000024c0), 0x100032, &(0x7f00000000c0)=ANY=[]) 20:08:12 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000180)=0xfff) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) sched_setaffinity(0x0, 0xfffffffffffffdbd, &(0x7f00000000c0)=0x1) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = add_key$user(&(0x7f0000000100)='user\x00', &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000200)="81f86b613c2d5445433df2921b38b45efd55d6d9f4b70211fcff467869f21650a7d91427192fd584", 0x28, 0xfffffffffffffffe) request_key(&(0x7f00000004c0)='id_resolver\x00', &(0x7f0000000500)={'syz'}, 0x0, r1) 20:08:12 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) openat$mixer(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000140), 0x0) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(0xffffffffffffffff, 0x12, 0x2, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000540)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffff9c, 0x8933, &(0x7f0000000000)={'vcan0\x00'}) 20:08:12 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x800000409ff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() futex(&(0x7f0000000140)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x2e) write$P9_RREAD(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="fa79be9cba8a882aca5b737021abaa0f82a9fd4a8d59e46ba0a2bd6054583fdc9e3a14b08ea96e62a6de8502b2e2ac32e5befcf08c3f9b324f"], 0x39) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f00000000c0)) ptrace$cont(0x7, r1, 0x0, 0x0) socket$bt_rfcomm(0x1f, 0x0, 0x3) 20:08:12 executing program 5: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e23}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(r0, 0x7d3) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffff9c, 0x84, 0x1d, &(0x7f0000000000)={0x3, [0x0, 0x0, 0x0]}, &(0x7f0000000040)=0x10) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000200)=[@in6={0xa, 0x0, 0x0, @loopback, 0x2}], 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) 20:08:12 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000180)=0xfff) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) sched_setaffinity(0x0, 0xfffffffffffffdbd, &(0x7f00000000c0)=0x1) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = add_key$user(&(0x7f0000000100)='user\x00', &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000200)="81f86b613c2d5445433df2921b38b45efd55d6d9f4b70211fcff467869f21650a7d91427192fd584", 0x28, 0xfffffffffffffffe) request_key(&(0x7f00000004c0)='id_resolver\x00', &(0x7f0000000500)={'syz'}, 0x0, r1) 20:08:12 executing program 4: r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dlm-control\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r0, 0x84, 0x1c, &(0x7f0000000100), &(0x7f00000001c0)=0x4) getpgid(0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x6, 0x0) preadv(r1, &(0x7f0000000380)=[{0x0}, {0x0}], 0x2, 0x2) syz_open_dev$usbmon(&(0x7f00000002c0)='/dev/usbmon#\x00', 0x81, 0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, 0x0, 0x0) sched_setscheduler(0x0, 0x5, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nullb0\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r3, 0x0) write$binfmt_misc(r3, 0x0, 0x0) io_setup(0x101, &(0x7f0000000040)=0x0) ioctl$BLKRESETZONE(r1, 0x40101283, 0x0) shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000500)=""/248) io_submit(r4, 0x2000000000000246, &(0x7f0000001540)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r2, &(0x7f0000000000), 0xfffffce4}]) [ 206.875165][ T7953] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7953 [ 206.884671][ T7953] caller is ip6_finish_output+0x335/0xdc0 [ 206.890435][ T7953] CPU: 1 PID: 7953 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 206.899475][ T7953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 206.909563][ T7953] Call Trace: [ 206.912884][ T7953] dump_stack+0x172/0x1f0 [ 206.917253][ T7953] __this_cpu_preempt_check+0x246/0x270 [ 206.922839][ T7953] ip6_finish_output+0x335/0xdc0 [ 206.927821][ T7953] ip6_output+0x235/0x7f0 [ 206.932188][ T7953] ? ip6_finish_output+0xdc0/0xdc0 [ 206.937331][ T7953] ? ip6_fragment+0x3980/0x3980 [ 206.942224][ T7953] ? kasan_check_read+0x11/0x20 [ 206.947553][ T7953] ip6_xmit+0xe41/0x20c0 [ 206.951845][ T7953] ? ip6_finish_output2+0x2550/0x2550 [ 206.957259][ T7953] ? mark_held_locks+0xf0/0xf0 [ 206.962056][ T7953] ? ip6_setup_cork+0x1870/0x1870 [ 206.967117][ T7953] sctp_v6_xmit+0x313/0x660 [ 206.967140][ T7953] sctp_packet_transmit+0x1bc4/0x36f0 [ 206.967171][ T7953] ? sctp_packet_config+0xfe0/0xfe0 [ 206.967188][ T7953] ? sctp_packet_append_chunk+0x946/0xda0 [ 206.967201][ T7953] ? sctp_outq_select_transport+0x21a/0x790 [ 206.967219][ T7953] sctp_outq_flush_ctrl.constprop.0+0x6d4/0xd50 [ 206.967242][ T7953] ? sctp_prsctp_prune_sent.isra.0+0x820/0x820 [ 207.006397][ T7953] ? lock_downgrade+0x880/0x880 [ 207.011283][ T7953] ? add_timer+0x400/0x930 [ 207.015726][ T7953] ? find_held_lock+0x35/0x130 [ 207.020514][ T7953] ? add_timer+0x41e/0x930 [ 207.024962][ T7953] sctp_outq_flush+0xe8/0x2780 [ 207.029762][ T7953] ? mark_held_locks+0xa4/0xf0 [ 207.034555][ T7953] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 207.040383][ T7953] ? add_timer+0x41e/0x930 [ 207.044817][ T7953] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 207.050732][ T7953] ? lockdep_hardirqs_on+0x418/0x5d0 [ 207.056041][ T7953] ? trace_hardirqs_on+0x67/0x230 [ 207.061092][ T7953] ? __sctp_outq_teardown+0xc60/0xc60 [ 207.066524][ T7953] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 207.072790][ T7953] ? sctp_outq_tail+0x68c/0x930 [ 207.077669][ T7953] sctp_outq_uncork+0x6c/0x80 [ 207.082378][ T7953] sctp_do_sm+0x2575/0x5770 [ 207.086916][ T7953] ? sctp_hash_transport+0xdb1/0x18d0 [ 207.092322][ T7953] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 207.099032][ T7953] ? __local_bh_enable_ip+0x15a/0x270 [ 207.104433][ T7953] ? lock_downgrade+0x880/0x880 [ 207.109308][ T7953] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 207.115577][ T7953] ? kasan_check_read+0x11/0x20 [ 207.120457][ T7953] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 207.126725][ T7953] ? sctp_hash_transport+0x10b/0x18d0 [ 207.132140][ T7953] ? memcpy+0x46/0x50 [ 207.136146][ T7953] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 207.142431][ T7953] ? sctp_assoc_set_primary+0x274/0x310 [ 207.148015][ T7953] sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 207.153553][ T7953] __sctp_connect+0x8cd/0xce0 [ 207.158263][ T7953] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 207.163835][ T7953] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 207.170098][ T7953] ? _copy_from_user+0xdd/0x150 [ 207.174971][ T7953] ? security_sctp_bind_connect+0x99/0xd0 [ 207.180731][ T7953] __sctp_setsockopt_connectx+0x133/0x1a0 [ 207.186486][ T7953] sctp_setsockopt+0x15db/0x6fe0 [ 207.191461][ T7953] ? sctp_setsockopt_paddr_thresholds+0x540/0x540 [ 207.197903][ T7953] ? kasan_check_read+0x11/0x20 [ 207.202783][ T7953] ? ___might_sleep+0x163/0x280 [ 207.207662][ T7953] ? __might_sleep+0x95/0x190 [ 207.212365][ T7953] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 207.218028][ T7953] ? aa_sk_perm+0x288/0x880 [ 207.222570][ T7953] ? aa_sock_opt_perm.isra.0+0xa1/0x130 [ 207.228151][ T7953] sock_common_setsockopt+0x9a/0xe0 [ 207.233379][ T7953] __sys_setsockopt+0x180/0x280 [ 207.238253][ T7953] ? kernel_accept+0x310/0x310 [ 207.243045][ T7953] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 207.248542][ T7953] ? do_syscall_64+0x26/0x610 [ 207.253246][ T7953] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 207.259342][ T7953] ? do_syscall_64+0x26/0x610 [ 207.264072][ T7953] __x64_sys_setsockopt+0xbe/0x150 [ 207.269212][ T7953] do_syscall_64+0x103/0x610 [ 207.273829][ T7953] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 207.279739][ T7953] RIP: 0033:0x4582b9 [ 207.283649][ T7953] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 207.303306][ T7953] RSP: 002b:00007fab56174c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 207.311735][ T7953] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004582b9 20:08:13 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCFLSH(r1, 0x5412, 0x70a000) dup3(r0, r1, 0x0) [ 207.319725][ T7953] RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000005 [ 207.327713][ T7953] RBP: 000000000073bfa0 R08: 000000000000001c R09: 0000000000000000 [ 207.335705][ T7953] R10: 000000002055bfe4 R11: 0000000000000246 R12: 00007fab561756d4 [ 207.343690][ T7953] R13: 00000000004cd198 R14: 00000000004dafa0 R15: 00000000ffffffff 20:08:13 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$setperm(0x7, r0, 0x10000000) 20:08:13 executing program 1: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x44000) r1 = creat(&(0x7f0000000180)='./bus\x00', 0x0) ftruncate(r1, 0x8003f1) io_setup(0x400000000004, &(0x7f0000000300)=0x0) io_submit(r2, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x10000}]) fallocate(r0, 0x0, 0x0, 0x8001) 20:08:13 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e23}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(r0, 0x7d3) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffff9c, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000080)={0x0, @in6={{0xa, 0x4e24, 0x9, @local}}, 0x0, 0xffffffff, 0x401}, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000200)=[@in6={0xa, 0x0, 0x0, @loopback, 0x2}], 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) 20:08:13 executing program 3: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs\x00', 0x0, 0x0) ioctl(r1, 0x2, &(0x7f0000000500)="51d57dcf11295a97c6ad459d5ee5f78e01e6108ceec938a99d7d26639eea1affe0b45c4d8a534efb446d19faebe2c6781ec612c845c3c563f93458fe987a394c91cfce3ee642afc2bdd56bc294b9dbf11427161bb7c2c51ac35192") fstat(r0, &(0x7f0000000140)) sendto$inet6(r1, &(0x7f0000000580)="9dc5aa44fae083901a08b7074cde52535012184d10deb075fd9ce830aa85205c2c1c52811d80a927ed8b906a0c8a6edb3eb86e292ccf937725549ef83971c8ec90e9eb143ae0508be0e9805a8ffb1924cf0fb4196e31e9d64cc9", 0x5a, 0x44855, 0x0, 0x0) write$FUSE_ATTR(r1, &(0x7f0000000240)={0x78, 0x0, 0x2, {0x0, 0x1000, 0x0, {0x4, 0x8001, 0x9, 0x200000000000000, 0x8, 0x5, 0x3f, 0x0, 0xffffffffffffff85, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x4}}}, 0x78) write$cgroup_pid(r1, &(0x7f00000004c0), 0x12) ioctl$sock_kcm_SIOCKCMUNATTACH(r1, 0x89e1, &(0x7f0000000440)={r1}) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='/\x00~WM\x00\x030\x80\x90\"\xcf\xde&U]\xc9\xec\xfe\x19t@n\xda\xd3\x83dx-c\xb6a(T\xb9\xe4\x9d\xbd\xca\xefq\x81\x97\xe3~\x87\n0\x8b\x1e:y\x8f\xa7\x88\xa4m0%\xef\x93>Q\x82\x8a\xb6u\x06N*\xdb\xe9\x12d#\xb4\xa7=h\xfb&9m\xb2\xf1`\xd4\x9c\xb6\xcc\xe7l\'(\x9aO\x9d\tsT\xaa\xa5\x86\r#\x83\xdf\x87Rk\xaa\x18M\x90\xbbw)6l\x17\xbc3\xd7e\xe9\xbc/\x88*\x13\xf3\xa9\xc1\xf6\x06`\xbdO\xd2\xfa1\xd2\xc0\xa7u$\r$\xde\xd5@i\x18\xa6k,u\xc4?\xe1\xffE\x8a\xe5\xcd\x9f\xecc\x03\x9b\xa5\xa7\xb6j`\xed\xe5\xcc\xda\xbc~\xe7v`\xef#X\xcc\xdf\xf0\"&\x02\x13\x84\xb0\xc25\xf1\x14\xed\x9a\xde\x92vz\xec\xc2V\xac\xde\xb6\x10\xdfB\xe7\x16\x9f$\x03W\xf75\xae_\xe2\x90\x17\xe5\x1e\'%/H\xb9[\xfb\xbb:\x86U5)\x8b\xdc6\xd7\x1d\xb65\xf4\x1cWw\x1d\xb7z\xea\xff\x88?\xeb=\xc3\xcc$\xbd<\x03n9j\xd3\xaf7\x94PX\x83\x9e\x81\"p\xbc@\x90\x1f\xa6T\xe7\xcc2\x92\xa8/\xc8\f7M\xc0qB\xa1\xc2\xe9\xd3\xe2R\x8eO\xda\xc3+\xca\xef\xe9\x10\xeb\xd3\xb9H\xa3\xbf\xeb\xef_\xa8\xd8$s\xc7\xfb\xf3\xec', 0x0, 0x0) fcntl$notify(r2, 0x402, 0x800000000000000d) fcntl$notify(r2, 0x402, 0x0) getsockopt$bt_BT_FLUSHABLE(r1, 0x112, 0x8, 0x0, &(0x7f00000002c0)) syz_mount_image$ext4(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, &(0x7f00000024c0), 0x100032, &(0x7f00000000c0)=ANY=[]) 20:08:13 executing program 2: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs\x00', 0x0, 0x0) ioctl(r1, 0x2, &(0x7f0000000500)="51d57dcf11295a97c6ad459d5ee5f78e01e6108ceec938a99d7d26639eea1affe0b45c4d8a534efb446d19faebe2c6781ec612c845c3c563f93458fe987a394c91cfce3ee642afc2bdd56bc294b9dbf11427161bb7c2c51ac35192") fstat(r0, &(0x7f0000000140)) sendto$inet6(r1, &(0x7f0000000580)="9dc5aa44fae083901a08b7074cde52535012184d10deb075fd9ce830aa85205c2c1c52811d80a927ed8b906a0c8a6edb3eb86e292ccf937725549ef83971c8ec90e9eb143ae0508be0e9805a8ffb1924cf0fb4196e31e9d64cc9", 0x5a, 0x44855, 0x0, 0x0) write$FUSE_ATTR(r1, &(0x7f0000000240)={0x78, 0x0, 0x2, {0x0, 0x1000, 0x0, {0x4, 0x8001, 0x9, 0x200000000000000, 0x8, 0x5, 0x3f, 0x0, 0xffffffffffffff85, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x4}}}, 0x78) write$cgroup_pid(r1, &(0x7f00000004c0), 0x12) ioctl$sock_kcm_SIOCKCMUNATTACH(r1, 0x89e1, &(0x7f0000000440)={r1}) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='/\x00~WM\x00\x030\x80\x90\"\xcf\xde&U]\xc9\xec\xfe\x19t@n\xda\xd3\x83dx-c\xb6a(T\xb9\xe4\x9d\xbd\xca\xefq\x81\x97\xe3~\x87\n0\x8b\x1e:y\x8f\xa7\x88\xa4m0%\xef\x93>Q\x82\x8a\xb6u\x06N*\xdb\xe9\x12d#\xb4\xa7=h\xfb&9m\xb2\xf1`\xd4\x9c\xb6\xcc\xe7l\'(\x9aO\x9d\tsT\xaa\xa5\x86\r#\x83\xdf\x87Rk\xaa\x18M\x90\xbbw)6l\x17\xbc3\xd7e\xe9\xbc/\x88*\x13\xf3\xa9\xc1\xf6\x06`\xbdO\xd2\xfa1\xd2\xc0\xa7u$\r$\xde\xd5@i\x18\xa6k,u\xc4?\xe1\xffE\x8a\xe5\xcd\x9f\xecc\x03\x9b\xa5\xa7\xb6j`\xed\xe5\xcc\xda\xbc~\xe7v`\xef#X\xcc\xdf\xf0\"&\x02\x13\x84\xb0\xc25\xf1\x14\xed\x9a\xde\x92vz\xec\xc2V\xac\xde\xb6\x10\xdfB\xe7\x16\x9f$\x03W\xf75\xae_\xe2\x90\x17\xe5\x1e\'%/H\xb9[\xfb\xbb:\x86U5)\x8b\xdc6\xd7\x1d\xb65\xf4\x1cWw\x1d\xb7z\xea\xff\x88?\xeb=\xc3\xcc$\xbd<\x03n9j\xd3\xaf7\x94PX\x83\x9e\x81\"p\xbc@\x90\x1f\xa6T\xe7\xcc2\x92\xa8/\xc8\f7M\xc0qB\xa1\xc2\xe9\xd3\xe2R\x8eO\xda\xc3+\xca\xef\xe9\x10\xeb\xd3\xb9H\xa3\xbf\xeb\xef_\xa8\xd8$s\xc7\xfb\xf3\xec', 0x0, 0x0) fcntl$notify(r2, 0x402, 0x800000000000000d) fcntl$notify(r2, 0x402, 0x0) getsockopt$bt_BT_FLUSHABLE(r1, 0x112, 0x8, 0x0, &(0x7f00000002c0)) syz_mount_image$ext4(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, &(0x7f00000024c0), 0x100032, &(0x7f00000000c0)=ANY=[]) [ 207.628944][ T7949] sctp: failed to load transform for md5: -4 [ 207.659679][ T7953] sctp: failed to load transform for md5: -4 20:08:13 executing program 4: r0 = syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_QUERYMENU(r0, 0xc02c5625, &(0x7f0000000100)={0xf0f03c, 0x0, @value}) 20:08:13 executing program 5: