[ 37.728943][ T26] audit: type=1800 audit(1554643261.153:26): pid=7617 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 37.755781][ T26] audit: type=1800 audit(1554643261.153:27): pid=7617 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 37.796516][ T26] audit: type=1800 audit(1554643261.163:28): pid=7617 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 38.733349][ T26] audit: type=1800 audit(1554643262.193:29): pid=7617 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.44' (ECDSA) to the list of known hosts. 2019/04/07 13:21:21 fuzzer started 2019/04/07 13:21:24 dialing manager at 10.128.0.26:34543 2019/04/07 13:21:24 syscalls: 2408 2019/04/07 13:21:24 code coverage: enabled 2019/04/07 13:21:24 comparison tracing: enabled 2019/04/07 13:21:24 extra coverage: extra coverage is not supported by the kernel 2019/04/07 13:21:24 setuid sandbox: enabled 2019/04/07 13:21:24 namespace sandbox: enabled 2019/04/07 13:21:24 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/07 13:21:24 fault injection: enabled 2019/04/07 13:21:24 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/07 13:21:24 net packet injection: enabled 2019/04/07 13:21:24 net device setup: enabled 13:23:32 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) ioctl$KDGKBENT(0xffffffffffffffff, 0x4b46, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, 0x0, 0x44801) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, 0x0, 0x0) sendto$inet(r1, &(0x7f0000000000), 0xfffffdef, 0xc0, 0x0, 0x0) getsockopt(r1, 0x1, 0x800, &(0x7f0000004ec0)=""/245, &(0x7f0000004fc0)=0xf5) mincore(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, &(0x7f0000000000)) ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000040)) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000340)={0x0, @loopback, @dev}, &(0x7f0000001040)=0xc) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000002440)={{{@in6=@loopback, @in6=@remote}}, {{@in6=@remote}, 0x0, @in6=@dev}}, 0x0) io_setup(0x1, 0x0) io_submit(0x0, 0x0, 0x0) syzkaller login: [ 189.636507][ T7783] IPVS: ftp: loaded support on port[0] = 21 13:23:33 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x3, 0x8) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'ip_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) r2 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x3000000000000000, 0x4080) ioctl$VIDIOC_DV_TIMINGS_CAP(r2, 0xc0905664, &(0x7f0000000080)={0x0, 0x0, [], @bt={0xc60, 0x9, 0x7, 0x51, 0x10001, 0x2, 0x1, 0x9}}) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) [ 189.778211][ T7783] chnl_net:caif_netlink_parms(): no params data found [ 189.868543][ T7786] IPVS: ftp: loaded support on port[0] = 21 [ 189.875421][ T7783] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.883812][ T7783] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.897282][ T7783] device bridge_slave_0 entered promiscuous mode [ 189.920235][ T7783] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.929877][ T7783] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.938677][ T7783] device bridge_slave_1 entered promiscuous mode 13:23:33 executing program 2: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x100000003, 0x0) clock_gettime(0x0, &(0x7f0000000280)={0x0, 0x0}) getsockopt$EBT_SO_GET_ENTRIES(r0, 0x0, 0x81, &(0x7f0000000140)={'broute\x00', 0x0, 0x3, 0x0, [], 0x2, &(0x7f0000000000)=[{}, {}], 0x0}, &(0x7f00000001c0)=0x78) recvmmsg(r0, &(0x7f0000001cc0), 0x4000052, 0x10102, &(0x7f0000001540)={0x0, r1+10000000}) sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0xfea3, &(0x7f0000000080)={&(0x7f0000000240)={0x14, 0x1a, 0x201}, 0x14}}, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000100)=0xd, 0x4) [ 189.994936][ T7783] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 190.018667][ T7783] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 190.104451][ T7783] team0: Port device team_slave_0 added [ 190.115984][ T7786] chnl_net:caif_netlink_parms(): no params data found [ 190.136442][ T7783] team0: Port device team_slave_1 added [ 190.171528][ T7789] IPVS: ftp: loaded support on port[0] = 21 13:23:33 executing program 3: r0 = socket$kcm(0x11, 0x2, 0x300) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0xfffffffffffffffe, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f00000002c0)=r0, 0x4) sendmsg$kcm(r1, &(0x7f0000003d00)={&(0x7f0000000380)=@in={0x2, 0x4e23, @multicast1}, 0x80, 0x0}, 0xfd00) socket$kcm(0x29, 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f0000000280), 0x0) [ 190.277682][ T7783] device hsr_slave_0 entered promiscuous mode [ 190.344955][ T7783] device hsr_slave_1 entered promiscuous mode [ 190.431702][ T7783] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.439195][ T7783] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.447205][ T7783] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.454332][ T7783] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.471987][ T7791] IPVS: ftp: loaded support on port[0] = 21 13:23:33 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) connect$inet6(r1, &(0x7f0000000380)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) [ 190.495537][ T7786] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.504248][ T7786] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.523803][ T7786] device bridge_slave_0 entered promiscuous mode [ 190.557239][ T7786] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.565916][ T7786] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.575114][ T7786] device bridge_slave_1 entered promiscuous mode [ 190.638590][ T7783] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.658569][ T7786] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 190.680422][ T7783] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.689498][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 190.701483][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.722693][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.734361][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 190.772340][ T7786] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 190.799930][ T7794] IPVS: ftp: loaded support on port[0] = 21 [ 190.814477][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready 13:23:34 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x100000}) ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000040)=ANY=[@ANYBLOB="4fd5"]) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000028000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 190.833428][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.840791][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.851864][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.861331][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.868641][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.920180][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.930080][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 190.941008][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.950239][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 190.967022][ T7789] chnl_net:caif_netlink_parms(): no params data found [ 190.984654][ T7786] team0: Port device team_slave_0 added [ 190.996362][ T7798] IPVS: ftp: loaded support on port[0] = 21 [ 191.033638][ T7786] team0: Port device team_slave_1 added [ 191.051131][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 191.059848][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.090127][ T7789] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.097983][ T7789] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.106138][ T7789] device bridge_slave_0 entered promiscuous mode [ 191.126107][ T7789] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.133501][ T7789] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.141162][ T7789] device bridge_slave_1 entered promiscuous mode [ 191.150494][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 191.160205][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 191.169401][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 191.178680][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 191.195800][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 191.231845][ T7789] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 191.304638][ T7786] device hsr_slave_0 entered promiscuous mode [ 191.343613][ T7786] device hsr_slave_1 entered promiscuous mode [ 191.410999][ T7789] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 191.477398][ T7789] team0: Port device team_slave_0 added [ 191.489929][ T7789] team0: Port device team_slave_1 added [ 191.519549][ T7783] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 191.539684][ T7791] chnl_net:caif_netlink_parms(): no params data found 13:23:35 executing program 0: r0 = socket(0x1e, 0x805, 0x0) r1 = socket(0x1e, 0x2, 0x0) bind(r1, &(0x7f0000d80f80)=@generic={0x1e, "0103000000000000000000000000000009a979f321b30c7bc8790405c7bad62e0a43a632ed4938d36d73fb8f8401a3ff59829a2b0afe7ce43a4b2470a0c5216669ca021f6f65dcf160e7e58f358c0002f0000158d19bcb31f1314a8ef151622ca5bdb9c8ead2000077aeb81c90001d6d7c980ee590c8b9f70dc136cb184a"}, 0x80) connect$llc(r0, &(0x7f00000000c0)={0x1e, 0x302}, 0x10) [ 191.714573][ T7789] device hsr_slave_0 entered promiscuous mode [ 191.753043][ T7789] device hsr_slave_1 entered promiscuous mode 13:23:35 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xf7c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget(0x1, 0x3000, 0x0, &(0x7f0000ffa000/0x3000)=nil) [ 191.801527][ T7789] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.808672][ T7789] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.816075][ T7789] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.823203][ T7789] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.868374][ T7794] chnl_net:caif_netlink_parms(): no params data found [ 191.879201][ T7791] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.886435][ T7791] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.895436][ T7791] device bridge_slave_0 entered promiscuous mode [ 191.905595][ T7791] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.912819][ T7791] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.920882][ T7791] device bridge_slave_1 entered promiscuous mode [ 191.928495][ T7798] chnl_net:caif_netlink_parms(): no params data found [ 191.957378][ T7793] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.965140][ T7793] bridge0: port 2(bridge_slave_1) entered disabled state 13:23:35 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000640)=[@textreal={0x8, &(0x7f0000000240)="640fbe0af0f75100ba420066ed360faa66b9800000c00f326635000800000f308221990fc71e27000f216d260f2134baf80c66b82735ea8166efbafc0cb06cee", 0x40}], 0x1, 0x10, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 192.070657][ T7818] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 192.095273][ T7798] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.106991][ T7798] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.120992][ T7798] device bridge_slave_0 entered promiscuous mode [ 192.129301][ T7794] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.142875][ T7794] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.150936][ T7794] device bridge_slave_0 entered promiscuous mode [ 192.171529][ T7786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.181380][ T7791] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 192.192467][ T7791] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 192.207281][ T7798] bridge0: port 2(bridge_slave_1) entered blocking state 13:23:35 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_sco(r0, &(0x7f0000000040), 0x8) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000100)={0x0, 0x2710}, 0x10) listen(r0, 0x0) accept(r0, 0x0, 0x0) [ 192.215837][ T7798] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.228875][ T7798] device bridge_slave_1 entered promiscuous mode [ 192.238736][ T7794] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.249378][ T7794] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.259621][ T7794] device bridge_slave_1 entered promiscuous mode 13:23:35 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_sco(r0, &(0x7f0000000040), 0x8) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000100)={0x0, 0x2710}, 0x10) listen(r0, 0x0) accept(r0, 0x0, 0x0) [ 192.328524][ T7791] team0: Port device team_slave_0 added [ 192.339655][ T7786] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.349680][ T7794] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 192.360363][ T7794] bond0: Enslaving bond_slave_1 as an active interface with an up link 13:23:35 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_sco(r0, &(0x7f0000000040), 0x8) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000100)={0x0, 0x2710}, 0x10) listen(r0, 0x0) accept(r0, 0x0, 0x0) [ 192.420393][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.430967][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.446507][ T7791] team0: Port device team_slave_1 added [ 192.477778][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.487659][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.496567][ T2990] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.503676][ T2990] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.511665][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 13:23:36 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_sco(r0, &(0x7f0000000040), 0x8) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000100)={0x0, 0x2710}, 0x10) listen(r0, 0x0) accept(r0, 0x0, 0x0) [ 192.521652][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.530384][ T2990] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.537501][ T2990] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.548285][ T7798] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 192.579563][ T7798] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 192.589742][ T7794] team0: Port device team_slave_0 added [ 192.600914][ T7794] team0: Port device team_slave_1 added [ 192.632898][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.640939][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 192.664888][ T7789] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.705941][ T7791] device hsr_slave_0 entered promiscuous mode [ 192.773047][ T7791] device hsr_slave_1 entered promiscuous mode [ 192.823736][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 192.838616][ T7798] team0: Port device team_slave_0 added [ 192.846030][ T7798] team0: Port device team_slave_1 added [ 192.925844][ T7798] device hsr_slave_0 entered promiscuous mode [ 192.963164][ T7798] device hsr_slave_1 entered promiscuous mode [ 193.027378][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 193.036721][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 193.046167][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 193.055125][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 193.069852][ T7786] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 193.080723][ T7786] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 193.111020][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 193.119267][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 193.128993][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 193.138900][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 193.147546][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 193.156893][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 193.216091][ T7794] device hsr_slave_0 entered promiscuous mode [ 193.253364][ T7794] device hsr_slave_1 entered promiscuous mode [ 193.324814][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 193.332596][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.348877][ T7789] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.369023][ T7791] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.388263][ T7786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.408791][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 193.417972][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 193.427280][ T3483] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.434500][ T3483] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.442322][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 193.451826][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 193.461109][ T3483] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.468291][ T3483] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.476697][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 193.495916][ T7791] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.529341][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 193.538128][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.549616][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 193.559057][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 193.568052][ T3483] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.575464][ T3483] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.583827][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 193.592527][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 193.601233][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 193.610280][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 193.620611][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 193.629418][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 193.637987][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 193.669498][ T7789] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 193.682175][ T7789] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 193.691023][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 193.700451][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 193.706842][ C0] hrtimer: interrupt took 32127 ns [ 193.708526][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 193.721780][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 193.751912][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 193.761400][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 193.783959][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.791057][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state 13:23:37 executing program 1: socketpair(0x2b, 0x1, 0x0, 0x0) [ 193.799444][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 193.808530][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 193.844770][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 193.857288][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 193.876180][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 193.886015][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 193.895532][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 193.904486][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 193.926001][ T7791] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 193.939394][ T7791] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 193.959451][ T7789] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.967332][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 193.975822][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 193.984879][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 193.995565][ T7794] 8021q: adding VLAN 0 to HW filter on device bond0 [ 194.020207][ T7798] 8021q: adding VLAN 0 to HW filter on device bond0 [ 194.073912][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 194.081744][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 194.095328][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 194.108090][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 194.120340][ T7791] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 194.130467][ T7798] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.140419][ T7794] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.156684][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 194.166313][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 194.176640][ T2990] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.183769][ T2990] bridge0: port 1(bridge_slave_0) entered forwarding state [ 194.192284][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 194.201610][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 194.210092][ T2990] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.217281][ T2990] bridge0: port 1(bridge_slave_0) entered forwarding state [ 194.248855][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 194.257022][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 194.265777][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 194.276802][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 194.286109][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.293251][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 194.304245][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 194.312950][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 194.321269][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.328569][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 194.336575][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 194.345921][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 194.354826][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 194.363698][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 194.372124][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 194.380666][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 194.389129][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 194.397749][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 194.407344][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 194.451323][ T7794] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 194.480163][ T7794] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 194.489974][ T7852] check_preemption_disabled: 1 callbacks suppressed [ 194.490019][ T7852] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7852 [ 194.507637][ T7852] caller is sk_mc_loop+0x1d/0x210 [ 194.514559][ T7852] CPU: 0 PID: 7852 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 194.533183][ T7852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.543455][ T7852] Call Trace: [ 194.546766][ T7852] dump_stack+0x172/0x1f0 [ 194.551112][ T7852] __this_cpu_preempt_check+0x246/0x270 [ 194.556933][ T7852] sk_mc_loop+0x1d/0x210 [ 194.561222][ T7852] ip_mc_output+0x2ef/0xf70 [ 194.566079][ T7852] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 194.571230][ T7852] ? retint_kernel+0x2d/0x2d [ 194.575832][ T7852] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 194.581768][ T7852] ip_local_out+0xc4/0x1b0 [ 194.586204][ T7852] ip_send_skb+0x42/0xf0 [ 194.590545][ T7852] udp_send_skb.isra.0+0x6b2/0x1180 [ 194.595766][ T7852] udp_push_pending_frames+0x5c/0xf0 [ 194.601051][ T7852] udp_sendmsg+0x12ff/0x2820 [ 194.605633][ T7852] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.611864][ T7852] ? finish_task_switch+0x146/0x780 [ 194.617054][ T7852] ? ip_reply_glue_bits+0xc0/0xc0 [ 194.622082][ T7852] ? udp4_lib_lookup_skb+0x440/0x440 [ 194.627369][ T7852] ? trace_hardirqs_on_caller+0x6a/0x220 [ 194.633028][ T7852] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.638611][ T7852] ? ___might_sleep+0x163/0x280 [ 194.643498][ T7852] ? __might_sleep+0x95/0x190 [ 194.648189][ T7852] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 194.653822][ T7852] ? aa_sk_perm+0x288/0x880 [ 194.658348][ T7852] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 194.663913][ T7852] inet_sendmsg+0x147/0x5e0 [ 194.668431][ T7852] ? udp4_lib_lookup_skb+0x440/0x440 [ 194.673704][ T7852] ? inet_sendmsg+0x147/0x5e0 [ 194.678386][ T7852] ? ipip_gro_receive+0x100/0x100 [ 194.683414][ T7852] sock_sendmsg+0xdd/0x130 [ 194.687820][ T7852] sock_write_iter+0x27c/0x3e0 [ 194.692565][ T7852] ? sock_sendmsg+0x130/0x130 [ 194.697243][ T7852] ? aa_path_link+0x460/0x460 [ 194.701914][ T7852] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.708155][ T7852] ? iov_iter_init+0xee/0x220 [ 194.712828][ T7852] new_sync_write+0x4c7/0x760 [ 194.717524][ T7852] ? default_llseek+0x2e0/0x2e0 [ 194.722375][ T7852] ? retint_kernel+0x2d/0x2d [ 194.730492][ T7852] __vfs_write+0xe4/0x110 [ 194.734822][ T7852] vfs_write+0x20c/0x580 [ 194.739510][ T7852] ksys_write+0xea/0x1f0 [ 194.743757][ T7852] ? __ia32_sys_read+0xb0/0xb0 [ 194.748615][ T7852] ? do_syscall_64+0x26/0x610 [ 194.753447][ T7852] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.759514][ T7852] ? do_syscall_64+0x26/0x610 [ 194.764237][ T7852] __x64_sys_write+0x73/0xb0 [ 194.768951][ T7852] do_syscall_64+0x103/0x610 [ 194.773763][ T7852] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.779676][ T7852] RIP: 0033:0x4582b9 [ 194.783590][ T7852] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 194.803463][ T7852] RSP: 002b:00007f9425a9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 194.811901][ T7852] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 194.819860][ T7852] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000005 [ 194.828048][ T7852] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 194.836438][ T7852] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9425a9b6d4 [ 194.844890][ T7852] R13: 00000000004c7a90 R14: 00000000004ddb68 R15: 00000000ffffffff [ 194.865474][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 194.874194][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 194.887432][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 194.897066][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 194.897334][ T7853] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7853 [ 194.907040][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 194.907541][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 194.907987][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 194.909497][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 194.917521][ T7853] caller is sk_mc_loop+0x1d/0x210 [ 194.927872][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 194.933331][ T7853] CPU: 1 PID: 7853 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 194.933340][ T7853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.933345][ T7853] Call Trace: [ 194.933372][ T7853] dump_stack+0x172/0x1f0 [ 194.933396][ T7853] __this_cpu_preempt_check+0x246/0x270 [ 194.933415][ T7853] sk_mc_loop+0x1d/0x210 [ 194.933433][ T7853] ip_mc_output+0x2ef/0xf70 [ 194.933453][ T7853] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 194.933472][ T7853] ? ip_append_data.part.0+0x170/0x170 [ 194.933490][ T7853] ? retint_kernel+0x2d/0x2d [ 194.933507][ T7853] ip_local_out+0xc4/0x1b0 [ 194.933524][ T7853] ip_send_skb+0x42/0xf0 [ 194.933541][ T7853] udp_send_skb.isra.0+0x6b2/0x1180 [ 194.933566][ T7853] udp_push_pending_frames+0x5c/0xf0 [ 194.933583][ T7853] udp_sendmsg+0x12ff/0x2820 [ 194.933602][ T7853] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.933619][ T7853] ? ip_reply_glue_bits+0xc0/0xc0 [ 194.933639][ T7853] ? udp4_lib_lookup_skb+0x440/0x440 13:23:38 executing program 2: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x402c542c, &(0x7f0000000000)) [ 194.933655][ T7853] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.933691][ T7853] ? preempt_schedule+0x4b/0x60 [ 194.933706][ T7853] ? preempt_schedule_common+0x4f/0xe0 [ 194.933725][ T7853] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.933739][ T7853] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.933754][ T7853] ? lockdep_hardirqs_on+0x418/0x5d0 [ 194.933767][ T7853] ? retint_kernel+0x2d/0x2d [ 194.933783][ T7853] ? trace_hardirqs_on_caller+0x6a/0x220 [ 194.933802][ T7853] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.933822][ T7853] ? retint_kernel+0x2d/0x2d [ 194.933836][ T7853] ? ipip_gro_receive+0x100/0x100 [ 194.933851][ T7853] inet_sendmsg+0x147/0x5e0 [ 194.933862][ T7853] ? udp4_lib_lookup_skb+0x440/0x440 [ 194.933873][ T7853] ? inet_sendmsg+0x147/0x5e0 [ 194.933885][ T7853] ? ipip_gro_receive+0x100/0x100 [ 194.933902][ T7853] sock_sendmsg+0xdd/0x130 [ 194.933920][ T7853] sock_write_iter+0x27c/0x3e0 [ 194.933936][ T7853] ? sock_sendmsg+0x130/0x130 [ 194.933962][ T7853] ? aa_path_link+0x460/0x460 [ 194.933974][ T7853] ? find_held_lock+0x35/0x130 [ 194.933986][ T7853] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.934000][ T7853] ? iov_iter_init+0xee/0x220 [ 194.934020][ T7853] new_sync_write+0x4c7/0x760 [ 194.934036][ T7853] ? default_llseek+0x2e0/0x2e0 [ 194.934057][ T7853] ? common_file_perm+0x238/0x720 [ 194.934071][ T7853] ? __fget+0x381/0x550 [ 194.934089][ T7853] ? apparmor_file_permission+0x25/0x30 [ 194.934102][ T7853] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.934121][ T7853] ? security_file_permission+0x94/0x380 [ 194.934139][ T7853] __vfs_write+0xe4/0x110 [ 194.934174][ T7853] vfs_write+0x20c/0x580 [ 194.934193][ T7853] ksys_write+0xea/0x1f0 [ 194.934211][ T7853] ? __ia32_sys_read+0xb0/0xb0 [ 194.934228][ T7853] ? do_syscall_64+0x26/0x610 [ 194.934242][ T7853] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.934255][ T7853] ? do_syscall_64+0x26/0x610 [ 194.934273][ T7853] __x64_sys_write+0x73/0xb0 [ 194.934288][ T7853] do_syscall_64+0x103/0x610 [ 194.934307][ T7853] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.934320][ T7853] RIP: 0033:0x4582b9 [ 194.934336][ T7853] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 194.934345][ T7853] RSP: 002b:00007f9425a79c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 194.934360][ T7853] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 194.934369][ T7853] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000008 [ 194.934378][ T7853] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 194.934386][ T7853] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9425a7a6d4 [ 194.934396][ T7853] R13: 00000000004c7a90 R14: 00000000004ddb68 R15: 00000000ffffffff [ 194.985897][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 194.985988][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 195.083348][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 195.094283][ C0] protocol 88fb is buggy, dev hsr_slave_0 13:23:38 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000100)='hugetlb.2MB.max_usage_in_bytes\x00', 0x2, 0x0) sendfile(r1, r1, 0x0, 0x6) [ 195.094333][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 195.136361][ T7798] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 195.386975][ T7798] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 195.421592][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 195.435950][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 195.453799][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 195.463672][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 195.490839][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 195.521404][ T7798] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 195.538197][ T7794] 8021q: adding VLAN 0 to HW filter on device batadv0 13:23:39 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$random(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x1, 0x0) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ftruncate(r1, 0x8000) sendfile(r0, r1, 0x0, 0xc00000000010) 13:23:39 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x100000}) ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000040)=ANY=[@ANYBLOB="4fd5"]) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000028000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 13:23:39 executing program 4: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc\x00', 0x0, 0x0) ioctl$RTC_WKALM_SET(r0, 0x80287010, &(0x7f0000000040)) 13:23:39 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_sco(r0, &(0x7f0000000040), 0x8) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000100)={0x0, 0x2710}, 0x10) accept(r0, 0x0, 0x0) 13:23:39 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4005}) r2 = socket$kcm(0x29, 0x5, 0x0) ioctl$TUNSETVNETHDRSZ(r1, 0x400454d8, &(0x7f0000000080)=0x82) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') write$cgroup_subtree(r1, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd'}]}, 0xfdef) 13:23:39 executing program 1: r0 = openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x80, 0x110) fadvise64(r0, 0xb, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r1 = accept$packet(0xffffffffffffffff, 0x0, &(0x7f0000000540)) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000200)={0x0, 0x0}) sched_getscheduler(r2) utimensat(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={{0x0, 0x7530}, {0x77359400}}, 0x0) inotify_init() write$cgroup_type(r0, &(0x7f00000001c0)='threaded\x00', 0x9) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000d40)='/dev/fuse\x00', 0x2, 0x0) ioctl$KDDELIO(r0, 0x4b35, 0x48000000000) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000580)={{{@in6=@empty, @in=@local}}, {{@in=@empty}, 0x0, @in=@multicast2}}, &(0x7f0000000140)=0xe8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f00000002c0)=0xc) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000001a80)={0x0, 0x0, &(0x7f0000001a40)={&(0x7f0000000540)=@newsa={0x140, 0x10, 0x801, 0x0, 0x0, {{@in, @in6=@mcast1}, {@in, 0x0, 0x6c}, @in=@broadcast, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @etimer_thresh={0x8}]}, 0x140}}, 0x0) mount$fuse(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000240)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id'}}) pivot_root(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0\x00') 13:23:39 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x0, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64) syz_execute_func(&(0x7f0000000140)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dcc400f0f1e9e") clone(0x2102001ff4, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet6_mreq(r1, 0x29, 0x15, &(0x7f0000000200)={@remote}, 0x14) sendmsg$TIPC_CMD_RESET_LINK_STATS(r1, &(0x7f0000000240)={&(0x7f0000000000), 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x8811) [ 195.837764][ T7885] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7885 [ 195.847598][ T7885] caller is ip6_finish_output+0x335/0xdc0 [ 195.853465][ T7885] CPU: 1 PID: 7885 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 195.862759][ T7885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 195.862780][ T7885] Call Trace: [ 195.862810][ T7885] dump_stack+0x172/0x1f0 [ 195.862838][ T7885] __this_cpu_preempt_check+0x246/0x270 [ 195.862862][ T7885] ip6_finish_output+0x335/0xdc0 [ 195.862885][ T7885] ip6_output+0x235/0x7f0 [ 195.862904][ T7885] ? ip6_finish_output+0xdc0/0xdc0 [ 195.862925][ T7885] ? ip6_fragment+0x3980/0x3980 [ 195.862946][ T7885] ip6_xmit+0xe41/0x20c0 [ 195.862969][ T7885] ? ip6_finish_output2+0x2550/0x2550 [ 195.862987][ T7885] ? mark_held_locks+0xf0/0xf0 [ 195.863006][ T7885] ? ip6_setup_cork+0x1870/0x1870 [ 195.863044][ T7885] inet6_csk_xmit+0x2fb/0x5d0 [ 195.863062][ T7885] ? inet6_csk_update_pmtu+0x190/0x190 [ 195.863077][ T7885] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.863101][ T7885] ? csum_ipv6_magic+0x20/0x80 [ 195.863129][ T7885] __tcp_transmit_skb+0x1a32/0x3750 [ 195.863145][ T7885] ? tcp_connect+0x1184/0x4280 [ 195.863187][ T7885] ? __tcp_select_window+0x8b0/0x8b0 [ 195.863204][ T7885] ? lockdep_hardirqs_on+0x418/0x5d0 [ 195.863222][ T7885] ? trace_hardirqs_on+0x67/0x230 [ 195.863243][ T7885] ? tcp_rbtree_insert+0x188/0x200 [ 195.863262][ T7885] tcp_connect+0x2e18/0x4280 [ 195.863290][ T7885] ? tcp_push_one+0x110/0x110 [ 195.863310][ T7885] ? secure_tcpv6_ts_off+0x24f/0x360 [ 195.863329][ T7885] ? secure_dccpv6_sequence_number+0x280/0x280 [ 195.863343][ T7885] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.863359][ T7885] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.863373][ T7885] ? prandom_u32_state+0x13/0x180 [ 195.863394][ T7885] tcp_v6_connect+0x150b/0x20a0 [ 195.863417][ T7885] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 195.863465][ T7885] __inet_stream_connect+0x83f/0xea0 [ 195.863477][ T7885] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 195.863491][ T7885] ? __inet_stream_connect+0x83f/0xea0 [ 195.863505][ T7885] ? mark_held_locks+0xa4/0xf0 [ 195.863525][ T7885] ? inet_dgram_connect+0x2e0/0x2e0 [ 195.863540][ T7885] ? lock_sock_nested+0x9a/0x120 [ 195.863554][ T7885] ? trace_hardirqs_on+0x67/0x230 [ 195.863570][ T7885] ? lock_sock_nested+0x9a/0x120 [ 195.863590][ T7885] ? __local_bh_enable_ip+0x15a/0x270 [ 195.863614][ T7885] inet_stream_connect+0x58/0xa0 [ 195.863639][ T7885] __sys_connect+0x266/0x330 [ 195.863669][ T7885] ? __ia32_sys_accept+0xb0/0xb0 [ 195.863687][ T7885] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 195.863704][ T7885] ? put_timespec64+0xda/0x140 [ 195.863734][ T7885] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 195.863750][ T7885] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 195.863767][ T7885] ? do_syscall_64+0x26/0x610 [ 195.863782][ T7885] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 195.863797][ T7885] ? do_syscall_64+0x26/0x610 [ 195.863820][ T7885] __x64_sys_connect+0x73/0xb0 [ 195.863840][ T7885] do_syscall_64+0x103/0x610 [ 195.863867][ T7885] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.141433][ T7885] RIP: 0033:0x4582b9 [ 196.145339][ T7885] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 196.165318][ T7885] RSP: 002b:00007f8191c6fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 196.173759][ T7885] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 13:23:39 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 196.181920][ T7885] RDX: 000000000000001c RSI: 0000000020000080 RDI: 0000000000000003 [ 196.189996][ T7885] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 196.197989][ T7885] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8191c706d4 [ 196.206007][ T7885] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff 13:23:39 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_sco(r0, &(0x7f0000000040), 0x8) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000100)={0x0, 0x2710}, 0x10) accept(r0, 0x0, 0x0) [ 196.254399][ T7893] device nr0 entered promiscuous mode 13:23:39 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_sco(r0, &(0x7f0000000040), 0x8) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000100)={0x0, 0x2710}, 0x10) accept(r0, 0x0, 0x0) [ 196.411001][ T7904] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7904 [ 196.420481][ T7904] caller is ip6_finish_output+0x335/0xdc0 [ 196.426499][ T7904] CPU: 1 PID: 7904 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 196.435798][ T7904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 196.446231][ T7904] Call Trace: [ 196.446258][ T7904] dump_stack+0x172/0x1f0 [ 196.446285][ T7904] __this_cpu_preempt_check+0x246/0x270 [ 196.459635][ T7904] ip6_finish_output+0x335/0xdc0 [ 196.464684][ T7904] ip6_output+0x235/0x7f0 [ 196.464701][ T7904] ? ip6_finish_output+0xdc0/0xdc0 [ 196.464719][ T7904] ? ip6_fragment+0x3980/0x3980 [ 196.464739][ T7904] ip6_xmit+0xe41/0x20c0 [ 196.464764][ T7904] ? ip6_finish_output2+0x2550/0x2550 [ 196.464789][ T7904] ? mark_held_locks+0xf0/0xf0 [ 196.479095][ T7904] ? ip6_setup_cork+0x1870/0x1870 [ 196.479133][ T7904] inet6_csk_xmit+0x2fb/0x5d0 [ 196.488753][ T7904] ? inet6_csk_update_pmtu+0x190/0x190 [ 196.488770][ T7904] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 196.488792][ T7904] ? csum_ipv6_magic+0x20/0x80 [ 196.515205][ T7904] __tcp_transmit_skb+0x1a32/0x3750 [ 196.515219][ T7904] ? tcp_connect+0x1184/0x4280 [ 196.515241][ T7904] ? __tcp_select_window+0x8b0/0x8b0 [ 196.515256][ T7904] ? lockdep_hardirqs_on+0x418/0x5d0 [ 196.515273][ T7904] ? trace_hardirqs_on+0x67/0x230 [ 196.515290][ T7904] ? tcp_rbtree_insert+0x188/0x200 [ 196.515305][ T7904] tcp_connect+0x2e18/0x4280 [ 196.515331][ T7904] ? tcp_push_one+0x110/0x110 [ 196.515348][ T7904] ? secure_tcpv6_ts_off+0x24f/0x360 [ 196.515370][ T7904] ? secure_dccpv6_sequence_number+0x280/0x280 [ 196.541736][ T7904] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 196.541752][ T7904] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 196.541767][ T7904] ? prandom_u32_state+0x13/0x180 [ 196.541789][ T7904] tcp_v6_connect+0x150b/0x20a0 [ 196.595979][ T7904] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 196.601763][ T7904] __inet_stream_connect+0x83f/0xea0 [ 196.607110][ T7904] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 196.612516][ T7904] ? __inet_stream_connect+0x83f/0xea0 [ 196.618059][ T7904] ? mark_held_locks+0xa4/0xf0 [ 196.622871][ T7904] ? inet_dgram_connect+0x2e0/0x2e0 [ 196.628087][ T7904] ? lock_sock_nested+0x9a/0x120 [ 196.633066][ T7904] ? trace_hardirqs_on+0x67/0x230 [ 196.638201][ T7904] ? lock_sock_nested+0x9a/0x120 [ 196.638221][ T7904] ? __local_bh_enable_ip+0x15a/0x270 [ 196.638246][ T7904] inet_stream_connect+0x58/0xa0 [ 196.638267][ T7904] __sys_connect+0x266/0x330 [ 196.638294][ T7904] ? __ia32_sys_accept+0xb0/0xb0 [ 196.638309][ T7904] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 196.663544][ T7904] ? put_timespec64+0xda/0x140 [ 196.663574][ T7904] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 196.663589][ T7904] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 196.663604][ T7904] ? do_syscall_64+0x26/0x610 [ 196.663620][ T7904] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.663632][ T7904] ? do_syscall_64+0x26/0x610 [ 196.663653][ T7904] __x64_sys_connect+0x73/0xb0 [ 196.663676][ T7904] do_syscall_64+0x103/0x610 [ 196.663692][ T7904] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.663703][ T7904] RIP: 0033:0x4582b9 [ 196.663718][ T7904] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 196.663725][ T7904] RSP: 002b:00007f8191c4ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 196.663739][ T7904] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 13:23:40 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_sco(r0, &(0x7f0000000040), 0x8) listen(r0, 0x0) accept(r0, 0x0, 0x0) [ 196.663746][ T7904] RDX: 000000000000001c RSI: 0000000020000080 RDI: 0000000000000004 [ 196.663753][ T7904] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 196.663759][ T7904] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8191c4f5d4 [ 196.663767][ T7904] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff 13:23:40 executing program 1: 13:23:40 executing program 2: 13:23:40 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x100000}) ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000040)=ANY=[@ANYBLOB="4fd5"]) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000028000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 13:23:40 executing program 4: 13:23:40 executing program 3: 13:23:40 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x3, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000002c0)={0x1, &(0x7f00006dc000)=[{0x6, 0x0, 0x0, 0xa1}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fc, &(0x7f0000deaff0)={0x2, 0x3, @loopback}, 0x10) write$binfmt_elf64(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c460107047b000001000000000002003e00050000004300000000000000400000000000000097000000000000000200000001003800010008000500ff0751e574640002f3fffe000000000000000600000000000000200000020000000000000000000100000000000100000002000000c40700000000000000000000002051"], 0x82) recvfrom(r0, &(0x7f0000000380)=""/239, 0xff4e, 0x0, 0x0, 0x307) recvmmsg(r0, &(0x7f00000041c0)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f00000001c0)=""/250, 0xfa}], 0x1}}], 0x1, 0x0, 0x0) close(r0) 13:23:40 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0xc4c85512, &(0x7f0000000080)={0x6, 0x0, 0x0, 0x0, 'syz0\x00'}) 13:23:40 executing program 4: 13:23:40 executing program 4: 13:23:40 executing program 3: 13:23:40 executing program 4: 13:23:41 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_sco(r0, &(0x7f0000000040), 0x8) listen(r0, 0x0) accept(r0, 0x0, 0x0) 13:23:41 executing program 3: 13:23:41 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x3, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000002c0)={0x1, &(0x7f00006dc000)=[{0x6, 0x0, 0x0, 0xa1}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fc, &(0x7f0000deaff0)={0x2, 0x3, @loopback}, 0x10) write$binfmt_elf64(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c460107047b000001000000000002003e00050000004300000000000000400000000000000097000000000000000200000001003800010008000500ff0751e574640002f3fffe000000000000000600000000000000200000020000000000000000000100000000000100000002000000c40700000000000000000000002051"], 0x82) recvfrom(r0, &(0x7f0000000380)=""/239, 0xff4e, 0x0, 0x0, 0x307) recvmmsg(r0, &(0x7f00000041c0)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f00000001c0)=""/250, 0xfa}], 0x1}}], 0x1, 0x0, 0x0) close(r0) 13:23:41 executing program 4: 13:23:41 executing program 5: 13:23:41 executing program 1: 13:23:41 executing program 5: 13:23:41 executing program 4: 13:23:41 executing program 3: 13:23:41 executing program 1: 13:23:41 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000100)='hugetlb.2MB.max_usage_in_bytes\x00', 0x2, 0x0) r2 = openat$cgroup_ro(r0, &(0x7f0000000000)='cpuset.effective_cpus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x3) 13:23:41 executing program 3: 13:23:42 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_sco(r0, &(0x7f0000000040), 0x8) listen(r0, 0x0) accept(r0, 0x0, 0x0) 13:23:42 executing program 5: 13:23:42 executing program 3: 13:23:42 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x3, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000002c0)={0x1, &(0x7f00006dc000)=[{0x6, 0x0, 0x0, 0xa1}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fc, &(0x7f0000deaff0)={0x2, 0x3, @loopback}, 0x10) write$binfmt_elf64(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c460107047b000001000000000002003e00050000004300000000000000400000000000000097000000000000000200000001003800010008000500ff0751e574640002f3fffe000000000000000600000000000000200000020000000000000000000100000000000100000002000000c40700000000000000000000002051"], 0x82) recvfrom(r0, &(0x7f0000000380)=""/239, 0xff4e, 0x0, 0x0, 0x307) recvmmsg(r0, &(0x7f00000041c0)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f00000001c0)=""/250, 0xfa}], 0x1}}], 0x1, 0x0, 0x0) close(r0) 13:23:42 executing program 4: 13:23:42 executing program 4: 13:23:42 executing program 5: 13:23:42 executing program 3: 13:23:42 executing program 5: [ 199.425115][ T88] device bridge_slave_1 left promiscuous mode [ 199.431854][ T88] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.489921][ T88] device bridge_slave_0 left promiscuous mode [ 199.501369][ T88] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.196132][ T88] device hsr_slave_1 left promiscuous mode [ 201.258419][ T88] device hsr_slave_0 left promiscuous mode [ 201.329816][ T88] team0 (unregistering): Port device team_slave_1 removed [ 201.346444][ T88] team0 (unregistering): Port device team_slave_0 removed [ 201.358944][ T88] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 201.397703][ T88] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 201.488664][ T88] bond0 (unregistering): Released all slaves [ 201.571327][ T7994] IPVS: ftp: loaded support on port[0] = 21 [ 201.657360][ T7994] chnl_net:caif_netlink_parms(): no params data found [ 201.699734][ T7994] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.707267][ T7994] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.715381][ T7994] device bridge_slave_0 entered promiscuous mode [ 201.723732][ T7994] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.730984][ T7994] bridge0: port 2(bridge_slave_1) entered disabled state [ 201.739553][ T7994] device bridge_slave_1 entered promiscuous mode [ 201.760531][ T7994] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 201.772096][ T7994] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 201.840076][ T7994] team0: Port device team_slave_0 added [ 201.853447][ T7994] team0: Port device team_slave_1 added [ 201.925510][ T7994] device hsr_slave_0 entered promiscuous mode [ 201.973181][ T7994] device hsr_slave_1 entered promiscuous mode [ 202.032323][ T7994] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.039614][ T7994] bridge0: port 2(bridge_slave_1) entered forwarding state [ 202.047088][ T7994] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.054252][ T7994] bridge0: port 1(bridge_slave_0) entered forwarding state [ 202.131861][ T7994] 8021q: adding VLAN 0 to HW filter on device bond0 [ 202.154461][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 202.169114][ T7799] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.178201][ T7799] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.199401][ T7994] 8021q: adding VLAN 0 to HW filter on device team0 [ 202.218324][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 202.233887][ T7799] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.240979][ T7799] bridge0: port 1(bridge_slave_0) entered forwarding state [ 202.271199][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 202.286995][ T3483] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.294200][ T3483] bridge0: port 2(bridge_slave_1) entered forwarding state [ 202.329669][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 202.338822][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 202.354098][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 202.373047][ T7994] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 202.390496][ T7994] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 202.399041][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 202.414505][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 202.442423][ T7994] 8021q: adding VLAN 0 to HW filter on device batadv0 13:23:45 executing program 1: 13:23:45 executing program 4: 13:23:45 executing program 5: 13:23:45 executing program 3: 13:23:45 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x3, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000002c0)={0x1, &(0x7f00006dc000)=[{0x6, 0x0, 0x0, 0xa1}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fc, &(0x7f0000deaff0)={0x2, 0x3, @loopback}, 0x10) write$binfmt_elf64(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c460107047b000001000000000002003e00050000004300000000000000400000000000000097000000000000000200000001003800010008000500ff0751e574640002f3fffe000000000000000600000000000000200000020000000000000000000100000000000100000002000000c40700000000000000000000002051"], 0x82) recvfrom(r0, &(0x7f0000000380)=""/239, 0xff4e, 0x0, 0x0, 0x307) recvmmsg(r0, &(0x7f00000041c0)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f00000001c0)=""/250, 0xfa}], 0x1}}], 0x1, 0x0, 0x0) close(r0) 13:23:45 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000100)={0x0, 0x2710}, 0x10) listen(r0, 0x0) accept(r0, 0x0, 0x0) 13:23:46 executing program 5: 13:23:46 executing program 4: 13:23:46 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000100)={0x0, 0x2710}, 0x10) listen(r0, 0x0) accept(r0, 0x0, 0x0) 13:23:46 executing program 3: 13:23:46 executing program 1: 13:23:46 executing program 5: 13:23:46 executing program 1: 13:23:46 executing program 4: 13:23:46 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000100)={0x0, 0x2710}, 0x10) listen(r0, 0x0) accept(r0, 0x0, 0x0) 13:23:46 executing program 3: 13:23:46 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x3, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000002c0)={0x1, &(0x7f00006dc000)=[{0x6, 0x0, 0x0, 0xa1}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fc, &(0x7f0000deaff0)={0x2, 0x3, @loopback}, 0x10) write$binfmt_elf64(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c460107047b000001000000000002003e00050000004300000000000000400000000000000097000000000000000200000001003800010008000500ff0751e574640002f3fffe000000000000000600000000000000200000020000000000000000000100000000000100000002000000c40700000000000000000000002051"], 0x82) recvfrom(r0, &(0x7f0000000380)=""/239, 0xff4e, 0x0, 0x0, 0x307) recvmmsg(r0, &(0x7f00000041c0)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f00000001c0)=""/250, 0xfa}], 0x1}}], 0x1, 0x0, 0x0) 13:23:46 executing program 5: 13:23:46 executing program 1: 13:23:46 executing program 4: 13:23:46 executing program 0: bind$bt_sco(0xffffffffffffffff, &(0x7f0000000040), 0x8) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x14, &(0x7f0000000100)={0x0, 0x2710}, 0x10) listen(0xffffffffffffffff, 0x0) accept(0xffffffffffffffff, 0x0, 0x0) 13:23:46 executing program 5: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") ioctl$RTC_WKALM_SET(r0, 0x80287010, &(0x7f0000000040)) 13:23:46 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r3 = openat$cgroup_ro(r0, &(0x7f0000000140)='cpuset.effective_cpus\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0x3) 13:23:46 executing program 1: 13:23:46 executing program 4: 13:23:46 executing program 5: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") ioctl$RTC_WKALM_SET(r0, 0x80287010, &(0x7f0000000040)) 13:23:46 executing program 1: 13:23:46 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x3, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000002c0)={0x1, &(0x7f00006dc000)=[{0x6, 0x0, 0x0, 0xa1}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fc, &(0x7f0000deaff0)={0x2, 0x3, @loopback}, 0x10) write$binfmt_elf64(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c460107047b000001000000000002003e00050000004300000000000000400000000000000097000000000000000200000001003800010008000500ff0751e574640002f3fffe000000000000000600000000000000200000020000000000000000000100000000000100000002000000c40700000000000000000000002051"], 0x82) recvfrom(r0, &(0x7f0000000380)=""/239, 0xff4e, 0x0, 0x0, 0x307) recvmmsg(r0, &(0x7f00000041c0)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f00000001c0)=""/250, 0xfa}], 0x1}}], 0x1, 0x0, 0x0) 13:23:46 executing program 0: bind$bt_sco(0xffffffffffffffff, &(0x7f0000000040), 0x8) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x14, &(0x7f0000000100)={0x0, 0x2710}, 0x10) listen(0xffffffffffffffff, 0x0) accept(0xffffffffffffffff, 0x0, 0x0) 13:23:46 executing program 4: 13:23:46 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r3 = openat$cgroup_ro(r0, &(0x7f0000000140)='cpuset.effective_cpus\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0x3) 13:23:46 executing program 5: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") ioctl$RTC_WKALM_SET(r0, 0x80287010, &(0x7f0000000040)) 13:23:46 executing program 0: bind$bt_sco(0xffffffffffffffff, &(0x7f0000000040), 0x8) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x14, &(0x7f0000000100)={0x0, 0x2710}, 0x10) listen(0xffffffffffffffff, 0x0) accept(0xffffffffffffffff, 0x0, 0x0) 13:23:46 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000340), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64) syz_execute_func(&(0x7f00000001c0)="410f01f964ff0941c3c4e2c99758423e46d873120f96b1feefffffc4e12f2ac03e0f1110c442019dcc6f") clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$sock_timeval(r1, 0x1, 0x14, &(0x7f0000000140), 0x10) pwritev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000100)="2265162d6c36d2d553b535288f726cee2343cd3da80438bbe33926e61647fc7fcab63c030ef325ad0f899dcc3d1baefa9b3b5a978b1e8319bcc3c41f139590cb2be0b46092dbd2174e400b05", 0x4c}], 0x1, 0x0) sendmsg$TIPC_CMD_RESET_LINK_STATS(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0x0) 13:23:46 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r2 = openat$cgroup_ro(r0, &(0x7f0000000140)='cpuacct.usage_user\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x3) 13:23:47 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r3 = openat$cgroup_ro(r0, &(0x7f0000000140)='cpuset.effective_cpus\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0x3) 13:23:47 executing program 5: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") ioctl$RTC_WKALM_SET(r0, 0x80287010, &(0x7f0000000040)) 13:23:47 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r2 = openat$cgroup_ro(r0, &(0x7f0000000140)='cpuacct.usage_user\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x3) 13:23:47 executing program 3: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='status\x00') r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x81000008912, &(0x7f0000000080)="0adc1f123c40a41d88b070") preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) 13:23:47 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x3, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000002c0)={0x1, &(0x7f00006dc000)=[{0x6, 0x0, 0x0, 0xa1}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fc, &(0x7f0000deaff0)={0x2, 0x3, @loopback}, 0x10) write$binfmt_elf64(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c460107047b000001000000000002003e00050000004300000000000000400000000000000097000000000000000200000001003800010008000500ff0751e574640002f3fffe000000000000000600000000000000200000020000000000000000000100000000000100000002000000c40700000000000000000000002051"], 0x82) recvfrom(r0, &(0x7f0000000380)=""/239, 0xff4e, 0x0, 0x0, 0x307) recvmmsg(r0, &(0x7f00000041c0)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f00000001c0)=""/250, 0xfa}], 0x1}}], 0x1, 0x0, 0x0) 13:23:47 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) bind$bt_sco(r0, &(0x7f0000000040), 0x8) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000100)={0x0, 0x2710}, 0x10) listen(r0, 0x0) accept(r0, 0x0, 0x0) 13:23:47 executing program 5: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$RTC_WKALM_SET(r0, 0x80287010, &(0x7f0000000040)) 13:23:47 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) bind$bt_sco(r0, &(0x7f0000000040), 0x8) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000100)={0x0, 0x2710}, 0x10) listen(r0, 0x0) accept(r0, 0x0, 0x0) 13:23:47 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4, 0x0, &(0x7f0000000000)=[@register_looper], 0x1, 0x0, &(0x7f0000000040)="f0"}) 13:23:47 executing program 5: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$RTC_WKALM_SET(r0, 0x80287010, &(0x7f0000000040)) [ 204.038545][ T8119] binder: 8113:8119 ERROR: BC_REGISTER_LOOPER called without request [ 204.072001][ T8119] binder: BINDER_SET_CONTEXT_MGR already set [ 204.099013][ T8119] binder: 8113:8119 ioctl 40046207 0 returned -16 [ 204.115559][ T8115] binder_alloc: 8113: binder_alloc_buf, no vma [ 204.130487][ T8119] binder: 8113:8119 ERROR: BC_REGISTER_LOOPER called without request [ 204.150559][ T8115] binder: 8113:8115 transaction failed 29189/-3, size 0-0 line 3148 [ 204.173584][ T3483] binder: release 8113:8119 transaction 2 out, still active [ 204.181816][ T3483] binder: undelivered TRANSACTION_COMPLETE [ 204.201219][ T3483] binder: undelivered TRANSACTION_ERROR: 29189 [ 204.217298][ T3483] binder: release 8113:8119 transaction 2 in, still active [ 204.232234][ T8084] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8084 [ 204.237200][ T3483] binder: send failed reply for transaction 2, target dead [ 204.242461][ T8084] caller is ip6_finish_output+0x335/0xdc0 [ 204.255399][ T8084] CPU: 0 PID: 8084 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 204.264537][ T8084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 204.274754][ T8084] Call Trace: [ 204.278061][ T8084] dump_stack+0x172/0x1f0 [ 204.282423][ T8084] __this_cpu_preempt_check+0x246/0x270 [ 204.288096][ T8084] ip6_finish_output+0x335/0xdc0 [ 204.293061][ T8084] ip6_output+0x235/0x7f0 [ 204.297509][ T8084] ? ip6_finish_output+0xdc0/0xdc0 [ 204.304878][ T8084] ? ip6_fragment+0x3980/0x3980 [ 204.309872][ T8084] ip6_xmit+0xe41/0x20c0 [ 204.314255][ T8084] ? ip6_finish_output2+0x2550/0x2550 [ 204.319755][ T8084] ? mark_held_locks+0xf0/0xf0 [ 204.324540][ T8084] ? ip6_setup_cork+0x1870/0x1870 [ 204.329622][ T8084] inet6_csk_xmit+0x2fb/0x5d0 [ 204.334323][ T8084] ? inet6_csk_update_pmtu+0x190/0x190 [ 204.339893][ T8084] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.346178][ T8084] ? csum_ipv6_magic+0x20/0x80 [ 204.351015][ T8084] __tcp_transmit_skb+0x1a32/0x3750 [ 204.356239][ T8084] ? tcp_connect+0x1184/0x4280 [ 204.361038][ T8084] ? __tcp_select_window+0x8b0/0x8b0 [ 204.366346][ T8084] ? lockdep_hardirqs_on+0x418/0x5d0 [ 204.371653][ T8084] ? trace_hardirqs_on+0x67/0x230 [ 204.376709][ T8084] ? tcp_rbtree_insert+0x188/0x200 [ 204.382216][ T8084] tcp_connect+0x2e18/0x4280 [ 204.386838][ T8084] ? tcp_push_one+0x110/0x110 [ 204.391543][ T8084] ? secure_tcpv6_ts_off+0x24f/0x360 [ 204.396853][ T8084] ? secure_dccpv6_sequence_number+0x280/0x280 [ 204.403112][ T8084] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.409418][ T8084] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.416057][ T8084] ? prandom_u32_state+0x13/0x180 [ 204.421113][ T8084] tcp_v6_connect+0x150b/0x20a0 [ 204.426033][ T8084] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 204.431363][ T8084] __inet_stream_connect+0x83f/0xea0 [ 204.436844][ T8084] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 204.442189][ T8084] ? __inet_stream_connect+0x83f/0xea0 [ 204.447669][ T8084] ? mark_held_locks+0xa4/0xf0 [ 204.452579][ T8084] ? inet_dgram_connect+0x2e0/0x2e0 [ 204.458332][ T8084] ? lock_sock_nested+0x9a/0x120 [ 204.463312][ T8084] ? trace_hardirqs_on+0x67/0x230 [ 204.468356][ T8084] ? lock_sock_nested+0x9a/0x120 [ 204.473415][ T8084] ? __local_bh_enable_ip+0x15a/0x270 [ 204.480645][ T8084] inet_stream_connect+0x58/0xa0 [ 204.485727][ T8084] __sys_connect+0x266/0x330 [ 204.490350][ T8084] ? __ia32_sys_accept+0xb0/0xb0 [ 204.495402][ T8084] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20