[ 37.473092][ T26] audit: type=1800 audit(1554675055.338:28): pid=7645 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 38.167610][ T26] audit: type=1800 audit(1554675056.108:29): pid=7645 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 38.187952][ T26] audit: type=1800 audit(1554675056.118:30): pid=7645 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 [....] startpar: service(s) returned failure: ssh ...[?25l[?1c7[FAIL8[?25h[?0c failed! Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.24' (ECDSA) to the list of known hosts. 2019/04/07 22:11:09 fuzzer started 2019/04/07 22:11:12 dialing manager at 10.128.0.26:34543 2019/04/07 22:11:12 syscalls: 2408 2019/04/07 22:11:12 code coverage: enabled 2019/04/07 22:11:12 comparison tracing: enabled 2019/04/07 22:11:12 extra coverage: extra coverage is not supported by the kernel 2019/04/07 22:11:12 setuid sandbox: enabled 2019/04/07 22:11:12 namespace sandbox: enabled 2019/04/07 22:11:12 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/07 22:11:12 fault injection: enabled 2019/04/07 22:11:12 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/07 22:11:12 net packet injection: enabled 2019/04/07 22:11:12 net device setup: enabled 22:13:25 executing program 0: syzkaller login: [ 187.844621][ T7832] IPVS: ftp: loaded support on port[0] = 21 22:13:25 executing program 1: [ 187.952793][ T7832] chnl_net:caif_netlink_parms(): no params data found [ 188.016298][ T7832] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.024627][ T7832] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.033922][ T7832] device bridge_slave_0 entered promiscuous mode [ 188.043052][ T7832] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.050232][ T7832] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.059529][ T7832] device bridge_slave_1 entered promiscuous mode [ 188.085870][ T7832] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 188.109643][ T7832] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 188.124750][ T7835] IPVS: ftp: loaded support on port[0] = 21 [ 188.150725][ T7832] team0: Port device team_slave_0 added [ 188.172095][ T7832] team0: Port device team_slave_1 added 22:13:26 executing program 2: [ 188.263919][ T7832] device hsr_slave_0 entered promiscuous mode 22:13:26 executing program 3: [ 188.371405][ T7832] device hsr_slave_1 entered promiscuous mode [ 188.502707][ T7832] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.509935][ T7832] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.517756][ T7832] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.524865][ T7832] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.555272][ T7837] IPVS: ftp: loaded support on port[0] = 21 [ 188.580300][ T7839] IPVS: ftp: loaded support on port[0] = 21 22:13:26 executing program 4: [ 188.714931][ T7832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 188.724873][ T7835] chnl_net:caif_netlink_parms(): no params data found [ 188.774455][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 188.792746][ T2989] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.812107][ T2989] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.832234][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 188.862718][ T7832] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.908750][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 188.931964][ T2989] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.939097][ T2989] bridge0: port 1(bridge_slave_0) entered forwarding state 22:13:26 executing program 5: [ 189.019735][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 189.033830][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.040982][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 189.093661][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 189.107339][ T7844] IPVS: ftp: loaded support on port[0] = 21 [ 189.133541][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 189.134945][ T7848] IPVS: ftp: loaded support on port[0] = 21 [ 189.144426][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 189.156684][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 189.176238][ T7835] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.183435][ T7835] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.191195][ T7835] device bridge_slave_0 entered promiscuous mode [ 189.198610][ T7835] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.207020][ T7835] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.214845][ T7835] device bridge_slave_1 entered promiscuous mode [ 189.232556][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 189.243359][ T7839] chnl_net:caif_netlink_parms(): no params data found [ 189.282418][ T7837] chnl_net:caif_netlink_parms(): no params data found [ 189.308049][ T7835] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.323460][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 189.332356][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.359712][ T7835] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.411069][ T7835] team0: Port device team_slave_0 added [ 189.417519][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 189.425933][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 189.449271][ T7839] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.456796][ T7839] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.464858][ T7839] device bridge_slave_0 entered promiscuous mode [ 189.479650][ T7835] team0: Port device team_slave_1 added [ 189.488017][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 189.497547][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 189.517309][ T7837] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.524513][ T7837] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.532228][ T7837] device bridge_slave_0 entered promiscuous mode [ 189.539373][ T7839] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.547211][ T7839] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.555485][ T7839] device bridge_slave_1 entered promiscuous mode [ 189.584722][ T7837] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.592492][ T7837] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.600059][ T7837] device bridge_slave_1 entered promiscuous mode [ 189.630149][ T7837] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.639645][ T7832] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 189.652688][ T7844] chnl_net:caif_netlink_parms(): no params data found [ 189.713963][ T7835] device hsr_slave_0 entered promiscuous mode [ 189.751561][ T7835] device hsr_slave_1 entered promiscuous mode [ 189.793458][ T7837] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.818996][ T7839] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.830647][ T7839] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.867441][ T7837] team0: Port device team_slave_0 added [ 189.901320][ T7839] team0: Port device team_slave_0 added [ 189.913621][ T7837] team0: Port device team_slave_1 added [ 189.937062][ T7835] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.944186][ T7835] bridge0: port 2(bridge_slave_1) entered forwarding state [ 189.957626][ T7839] team0: Port device team_slave_1 added [ 189.986147][ T7844] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.995037][ T7844] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.005079][ T7844] device bridge_slave_0 entered promiscuous mode [ 190.074123][ T7837] device hsr_slave_0 entered promiscuous mode [ 190.121340][ T7837] device hsr_slave_1 entered promiscuous mode [ 190.163920][ T7832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 190.172658][ T7844] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.179720][ T7844] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.188176][ T7844] device bridge_slave_1 entered promiscuous mode [ 190.206474][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.218654][ T7848] chnl_net:caif_netlink_parms(): no params data found [ 190.302603][ T7839] device hsr_slave_0 entered promiscuous mode [ 190.341321][ T7839] device hsr_slave_1 entered promiscuous mode [ 190.423946][ T7844] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 190.444882][ T7848] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.452456][ T7848] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.460099][ T7848] device bridge_slave_0 entered promiscuous mode [ 190.470097][ T7848] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.478621][ T7848] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.486402][ T7848] device bridge_slave_1 entered promiscuous mode [ 190.503616][ T7844] bond0: Enslaving bond_slave_1 as an active interface with an up link 22:13:28 executing program 0: [ 190.555998][ T7835] 8021q: adding VLAN 0 to HW filter on device bond0 22:13:28 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) unshare(0x20400) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x4000000000000231, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, 0x0) [ 190.636207][ T7844] team0: Port device team_slave_0 added [ 190.650595][ T3639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 190.655904][ T7858] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 190.659764][ T3639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 190.699682][ T7848] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 190.717758][ T7835] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.729260][ T7844] team0: Port device team_slave_1 added [ 190.749747][ T7839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.759816][ T7848] bond0: Enslaving bond_slave_1 as an active interface with an up link 22:13:28 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndtimer(&(0x7f0000000000)='/dev/snd/timer\x00', 0x0, 0x4000) [ 190.819147][ T7839] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.846533][ T7848] team0: Port device team_slave_0 added [ 190.874351][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.883117][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.895667][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.902802][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.910485][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.919149][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.927431][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.934551][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.942138][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 190.949707][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 190.957444][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 190.965838][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.974536][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 190.983024][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.991792][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 191.000148][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.009223][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 22:13:29 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'stdrng\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) [ 191.029687][ T7848] team0: Port device team_slave_1 added [ 191.043622][ T7849] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.061488][ T7849] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.073230][ T7849] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.080292][ T7849] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.098488][ T7849] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.107232][ T7849] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.115989][ T7849] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.123116][ T7849] bridge0: port 2(bridge_slave_1) entered forwarding state 22:13:29 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x2c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={r0, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={r1}, 0xc) 22:13:29 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x2c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={r0, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={r1}, 0xc) [ 191.131462][ T7849] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 191.141328][ T7849] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready 22:13:29 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x2c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={r0, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={r1}, 0xc) [ 191.184079][ T7844] device hsr_slave_0 entered promiscuous mode [ 191.221354][ T7844] device hsr_slave_1 entered promiscuous mode [ 191.288073][ T7849] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 191.298651][ T7849] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 191.307575][ T7849] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 191.316110][ T7849] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 191.325104][ T7849] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 191.336872][ T7835] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 191.393588][ T7848] device hsr_slave_0 entered promiscuous mode [ 191.451692][ T7848] device hsr_slave_1 entered promiscuous mode [ 191.511286][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 191.519899][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 191.532546][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 191.541198][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.549506][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 191.558288][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 191.566468][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 191.574630][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 191.598187][ T7837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.608025][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 191.622100][ T7835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 191.637267][ T7839] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 191.663305][ T7837] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.690529][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 191.700152][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 22:13:29 executing program 1: r0 = syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0x3, 0x2) ioctl$VIDIOC_STREAMON(r0, 0x40045612, &(0x7f00000007c0)) [ 191.724383][ T7839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 191.793264][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.808413][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.841597][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.849900][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.863325][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.871994][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.889152][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.896259][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.914655][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 191.925009][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 191.944426][ T7844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.955494][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 191.966697][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 191.975227][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.002771][ T7848] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.009588][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 192.018197][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 192.027056][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 192.041399][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 192.049710][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 192.061278][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 192.069492][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 192.084779][ T7844] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.094534][ T7837] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 192.104308][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.112405][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.136153][ T7837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 192.155974][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.165192][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.176435][ T2989] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.183577][ T2989] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.191393][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.199785][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.208190][ T2989] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.215292][ T2989] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.223311][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 192.238934][ T7848] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.249120][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.257008][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.264802][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.272782][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 192.300831][ T7844] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 192.316305][ T7844] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 192.329136][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 192.338078][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.348126][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 192.357745][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 192.366555][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 192.375014][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 192.388150][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready 22:13:30 executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000000480), 0x1000) write$FUSE_INIT(r0, &(0x7f00000000c0)={0x50, 0x0, 0x1, {0x7, 0x8, 0x0, 0x2}}, 0x50) 22:13:30 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x2c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={r0, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={r1}, 0xc) [ 192.400700][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 192.426533][ T7844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 192.461612][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 192.469597][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 192.483355][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.494827][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.506839][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.513972][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.521886][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.531073][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.542272][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.549355][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.558171][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 192.567201][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.612638][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 192.621976][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 192.635312][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.649951][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 192.659128][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 192.670870][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 192.679027][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 192.687740][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 192.705535][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 192.714251][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 192.728228][ T7848] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 22:13:30 executing program 4: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/ptmx\x00', 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000080)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000340)={0x0, 0x0}) ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 22:13:30 executing program 5: perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2008000}, 0xc) 22:13:30 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e20}, 0x1c) sendto$inet6(r0, &(0x7f00000000c0), 0x0, 0x0, 0x0, 0x0) readv(r0, &(0x7f00000000c0), 0x3a0) 22:13:30 executing program 3: r0 = socket(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00008a5ff0)={0x2, 0x4e20, @loopback}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000dfcff0)={0x2, 0x4e20, @loopback}, 0x10) ioctl$sock_SIOCINQ(r0, 0x541b, 0x0) 22:13:30 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x2c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={r0, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={r1}, 0xc) 22:13:30 executing program 2: sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) sched_setscheduler(0x0, 0x0, 0x0) execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, 0x0) [ 192.790009][ T7848] 8021q: adding VLAN 0 to HW filter on device batadv0 22:13:30 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_NUM(r1, 0x4008af10, &(0x7f0000000100)={0x0, 0x8}) [ 192.882892][ T7910] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 22:13:30 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x2c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={r0, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={r1}, 0xc) 22:13:30 executing program 2: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='fdinfo/3\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) [ 192.953199][ C1] hrtimer: interrupt took 34475 ns 22:13:31 executing program 5: creat(0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$BLKFRASET(0xffffffffffffffff, 0x1264, 0x0) ioctl$FIBMAP(0xffffffffffffffff, 0x1, 0x0) r0 = inotify_init1(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) inotify_add_watch(r0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000300)='fdinfo/3\x00') preadv(r1, &(0x7f0000000480), 0x1000000000000237, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x100000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c) getsockopt$IP6T_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x29, 0x45, 0x0, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x20000fff}) 22:13:31 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'stdrng\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="8c", 0x1) 22:13:31 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x2c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={r0, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={r1}, 0xc) 22:13:31 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000300)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x7fffffff, 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x9}]}}) 22:13:31 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) read$eventfd(r0, &(0x7f0000000040), 0x8) 22:13:31 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000015c0)={r4}) dup2(r2, r4) 22:13:31 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x2c) prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100), 0xc) 22:13:31 executing program 2: socket$packet(0x11, 0x400000000a, 0x300) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x7f) bind$inet(r2, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r3, 0x0, 0x110005, 0x0) 22:13:31 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x3602646, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x15a40, 0x0, 0x0, 0x2, 0x62, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10060, 0x0, 0x0, 0x3, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x3e, &(0x7f00000002c0), 0x161) sendmsg$kcm(r2, 0x0, 0x4000814) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={0x0, r1, 0x0, 0x15, &(0x7f0000000100)='cpuset.mem_exclusive\x00'}, 0x30) r3 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.mem_exclusive\x00', 0x2, 0x0) write$cgroup_int(r3, &(0x7f0000000180)=0xfffffffffffffffd, 0x12) 22:13:31 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f00009f2000)={0x0, 0x0, &(0x7f00006b8ff0)={0x0}}, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000400)="240000003a0007031dfffd946fa283000a200a0008000000001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0) [ 193.944488][ T7976] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7976 [ 193.954144][ T7976] caller is sk_mc_loop+0x1d/0x210 [ 193.954173][ T7976] CPU: 0 PID: 7976 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 193.954182][ T7976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 193.954188][ T7976] Call Trace: [ 193.954212][ T7976] dump_stack+0x172/0x1f0 [ 193.954239][ T7976] __this_cpu_preempt_check+0x246/0x270 [ 193.954256][ T7976] sk_mc_loop+0x1d/0x210 [ 193.954276][ T7976] ip_mc_output+0x2ef/0xf70 [ 193.954299][ T7976] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 193.954316][ T7976] ? __ip_make_skb+0xf15/0x1820 [ 193.954335][ T7976] ? ip_append_data.part.0+0x170/0x170 [ 193.954350][ T7976] ? dst_release+0x62/0xb0 [ 193.954367][ T7976] ? __ip_make_skb+0xf93/0x1820 [ 193.954387][ T7976] ip_local_out+0xc4/0x1b0 [ 193.954409][ T7976] ip_send_skb+0x42/0xf0 [ 193.954427][ T7976] ip_push_pending_frames+0x64/0x80 [ 193.954444][ T7976] raw_sendmsg+0x1e6d/0x2f20 22:13:32 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x2c) prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100), 0xc) [ 193.954473][ T7976] ? compat_raw_getsockopt+0x100/0x100 [ 193.981937][ T7976] ? finish_task_switch+0x146/0x780 [ 193.981967][ T7976] ? ___might_sleep+0x163/0x280 [ 193.981984][ T7976] ? __might_sleep+0x95/0x190 [ 193.982002][ T7976] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 193.982017][ T7976] ? aa_sk_perm+0x288/0x880 [ 193.982040][ T7976] ? _raw_spin_unlock_irq+0x5e/0x90 [ 194.000664][ T7976] ? finish_task_switch+0x146/0x780 [ 194.016055][ T7976] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 194.025384][ T7976] inet_sendmsg+0x147/0x5e0 [ 194.025401][ T7976] ? compat_raw_getsockopt+0x100/0x100 [ 194.025412][ T7976] ? inet_sendmsg+0x147/0x5e0 [ 194.025425][ T7976] ? ipip_gro_receive+0x100/0x100 [ 194.025443][ T7976] sock_sendmsg+0xdd/0x130 [ 194.025461][ T7976] kernel_sendmsg+0x44/0x50 [ 194.025483][ T7976] sock_no_sendpage+0x116/0x150 [ 194.043984][ T7976] ? sock_kfree_s+0x70/0x70 [ 194.054637][ T7976] inet_sendpage+0x44a/0x630 [ 194.054659][ T7976] kernel_sendpage+0x95/0xf0 [ 194.054671][ T7976] ? inet_sendmsg+0x5e0/0x5e0 [ 194.054685][ T7976] sock_sendpage+0x8b/0xc0 [ 194.054699][ T7976] ? pipe_lock+0x6e/0x80 [ 194.054717][ T7976] pipe_to_sendpage+0x299/0x370 [ 194.054732][ T7976] ? kernel_sendpage+0xf0/0xf0 [ 194.054748][ T7976] ? direct_splice_actor+0x1a0/0x1a0 [ 194.054771][ T7976] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.069940][ T7976] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 194.137406][ T7976] __splice_from_pipe+0x395/0x7d0 [ 194.137424][ T7976] ? direct_splice_actor+0x1a0/0x1a0 [ 194.137445][ T7976] ? direct_splice_actor+0x1a0/0x1a0 [ 194.183037][ T7976] splice_from_pipe+0x108/0x170 [ 194.198536][ T7976] ? splice_shrink_spd+0xd0/0xd0 [ 194.203513][ T7976] ? apparmor_file_permission+0x25/0x30 [ 194.209082][ T7976] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.215340][ T7976] ? security_file_permission+0x94/0x380 [ 194.220992][ T7976] generic_splice_sendpage+0x3c/0x50 [ 194.226292][ T7976] ? splice_from_pipe+0x170/0x170 [ 194.231323][ T7976] do_splice+0x70a/0x13c0 [ 194.235672][ T7976] ? opipe_prep.part.0+0x2d0/0x2d0 [ 194.240794][ T7976] ? __fget_light+0x1a9/0x230 22:13:32 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x1000000000002a, &(0x7f0000000040)=0xc6, 0x4) recvmmsg(r0, &(0x7f0000008880), 0x45b, 0x44000102, 0x0) sendto$inet6(r0, &(0x7f0000000440)="ff", 0x1, 0x0, 0x0, 0x0) [ 194.245485][ T7976] __x64_sys_splice+0x2c6/0x330 [ 194.250583][ T7976] do_syscall_64+0x103/0x610 [ 194.255273][ T7976] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.261165][ T7976] RIP: 0033:0x4582b9 [ 194.265066][ T7976] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 194.265082][ T7976] RSP: 002b:00007fe5a11cdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 194.293088][ T7976] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 194.293097][ T7976] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000004 [ 194.293106][ T7976] RBP: 000000000073bfa0 R08: 0000000000110005 R09: 0000000000000000 [ 194.293114][ T7976] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe5a11ce6d4 [ 194.293123][ T7976] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 194.294671][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 194.339311][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 194.346219][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 194.352051][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 194.382366][ T7976] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7976 [ 194.391924][ T7976] caller is sk_mc_loop+0x1d/0x210 [ 194.396981][ T7976] CPU: 0 PID: 7976 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 194.405993][ T7976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.406000][ T7976] Call Trace: [ 194.406025][ T7976] dump_stack+0x172/0x1f0 [ 194.406050][ T7976] __this_cpu_preempt_check+0x246/0x270 [ 194.406076][ T7976] sk_mc_loop+0x1d/0x210 [ 194.433531][ T7976] ip_mc_output+0x2ef/0xf70 [ 194.438070][ T7976] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 194.443195][ T7976] ? __ip_make_skb+0xf15/0x1820 [ 194.448055][ T7976] ? ip_append_data.part.0+0x170/0x170 [ 194.453555][ T7976] ? dst_release+0x62/0xb0 [ 194.457995][ T7976] ? __ip_make_skb+0xf93/0x1820 [ 194.462861][ T7976] ip_local_out+0xc4/0x1b0 [ 194.467298][ T7976] ip_send_skb+0x42/0xf0 [ 194.471564][ T7976] ip_push_pending_frames+0x64/0x80 [ 194.476773][ T7976] raw_sendmsg+0x1e6d/0x2f20 [ 194.481398][ T7976] ? compat_raw_getsockopt+0x100/0x100 [ 194.486890][ T7976] ? finish_task_switch+0x146/0x780 [ 194.492193][ T7976] ? ___might_sleep+0x163/0x280 [ 194.497046][ T7976] ? __might_sleep+0x95/0x190 [ 194.501727][ T7976] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 194.507364][ T7976] ? aa_sk_perm+0x288/0x880 [ 194.511864][ T7976] ? _raw_spin_unlock_irq+0x5e/0x90 [ 194.517067][ T7976] ? finish_task_switch+0x146/0x780 [ 194.522292][ T7976] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 194.527843][ T7976] inet_sendmsg+0x147/0x5e0 [ 194.532344][ T7976] ? compat_raw_getsockopt+0x100/0x100 [ 194.537794][ T7976] ? inet_sendmsg+0x147/0x5e0 [ 194.542466][ T7976] ? ipip_gro_receive+0x100/0x100 [ 194.547506][ T7976] sock_sendmsg+0xdd/0x130 [ 194.551931][ T7976] kernel_sendmsg+0x44/0x50 [ 194.556437][ T7976] sock_no_sendpage+0x116/0x150 [ 194.561299][ T7976] ? sock_kfree_s+0x70/0x70 [ 194.566277][ T7976] inet_sendpage+0x44a/0x630 [ 194.570875][ T7976] kernel_sendpage+0x95/0xf0 [ 194.575460][ T7976] ? inet_sendmsg+0x5e0/0x5e0 [ 194.580134][ T7976] sock_sendpage+0x8b/0xc0 [ 194.584559][ T7976] ? pipe_lock+0x6e/0x80 [ 194.588802][ T7976] pipe_to_sendpage+0x299/0x370 [ 194.593652][ T7976] ? kernel_sendpage+0xf0/0xf0 [ 194.598429][ T7976] ? direct_splice_actor+0x1a0/0x1a0 [ 194.603716][ T7976] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.609969][ T7976] ? anon_pipe_buf_release+0x1c6/0x270 [ 194.615428][ T7976] __splice_from_pipe+0x395/0x7d0 [ 194.620452][ T7976] ? direct_splice_actor+0x1a0/0x1a0 [ 194.625743][ T7976] ? direct_splice_actor+0x1a0/0x1a0 [ 194.631050][ T7976] splice_from_pipe+0x108/0x170 [ 194.635993][ T7976] ? splice_shrink_spd+0xd0/0xd0 [ 194.640959][ T7976] ? apparmor_file_permission+0x25/0x30 [ 194.646514][ T7976] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.652759][ T7976] ? security_file_permission+0x94/0x380 [ 194.658479][ T7976] generic_splice_sendpage+0x3c/0x50 [ 194.663782][ T7976] ? splice_from_pipe+0x170/0x170 [ 194.668802][ T7976] do_splice+0x70a/0x13c0 [ 194.673158][ T7976] ? opipe_prep.part.0+0x2d0/0x2d0 [ 194.678274][ T7976] ? __fget_light+0x1a9/0x230 [ 194.682955][ T7976] __x64_sys_splice+0x2c6/0x330 [ 194.687839][ T7976] do_syscall_64+0x103/0x610 [ 194.692435][ T7976] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.698319][ T7976] RIP: 0033:0x4582b9 [ 194.702214][ T7976] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 194.721814][ T7976] RSP: 002b:00007fe5a11cdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 194.730246][ T7976] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 194.738238][ T7976] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000004 [ 194.746205][ T7976] RBP: 000000000073bfa0 R08: 0000000000110005 R09: 0000000000000000 [ 194.754188][ T7976] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe5a11ce6d4 [ 194.762154][ T7976] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 194.770931][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 194.776783][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 194.785933][ T7976] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7976 [ 194.796353][ T7976] caller is sk_mc_loop+0x1d/0x210 [ 194.801448][ T7976] CPU: 1 PID: 7976 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 194.810552][ T7976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.820604][ T7976] Call Trace: [ 194.823905][ T7976] dump_stack+0x172/0x1f0 [ 194.828247][ T7976] __this_cpu_preempt_check+0x246/0x270 [ 194.833827][ T7976] sk_mc_loop+0x1d/0x210 [ 194.838087][ T7976] ip_mc_output+0x2ef/0xf70 [ 194.841941][ T7999] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7999 [ 194.842596][ T7976] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 194.842612][ T7976] ? __ip_make_skb+0xf15/0x1820 [ 194.842634][ T7976] ? ip_append_data.part.0+0x170/0x170 [ 194.851983][ T7999] caller is sk_mc_loop+0x1d/0x210 [ 194.857056][ T7976] ? dst_release+0x62/0xb0 [ 194.876731][ T7976] ? __ip_make_skb+0xf93/0x1820 [ 194.881615][ T7976] ip_local_out+0xc4/0x1b0 [ 194.886032][ T7976] ip_send_skb+0x42/0xf0 [ 194.890281][ T7976] ip_push_pending_frames+0x64/0x80 [ 194.895533][ T7976] raw_sendmsg+0x1e6d/0x2f20 [ 194.900149][ T7976] ? compat_raw_getsockopt+0x100/0x100 [ 194.905627][ T7976] ? finish_task_switch+0x146/0x780 [ 194.910847][ T7976] ? ___might_sleep+0x163/0x280 [ 194.915716][ T7976] ? __might_sleep+0x95/0x190 [ 194.920847][ T7976] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 194.926489][ T7976] ? aa_sk_perm+0x288/0x880 [ 194.931018][ T7976] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 194.936575][ T7976] inet_sendmsg+0x147/0x5e0 [ 194.941080][ T7976] ? compat_raw_getsockopt+0x100/0x100 [ 194.946537][ T7976] ? inet_sendmsg+0x147/0x5e0 [ 194.951211][ T7976] ? ipip_gro_receive+0x100/0x100 [ 194.956241][ T7976] sock_sendmsg+0xdd/0x130 [ 194.960659][ T7976] kernel_sendmsg+0x44/0x50 [ 194.965167][ T7976] sock_no_sendpage+0x116/0x150 [ 194.970013][ T7976] ? sock_kfree_s+0x70/0x70 [ 194.974538][ T7976] ? debug_check_no_obj_freed+0x211/0x444 [ 194.980281][ T7976] ? mark_held_locks+0xa4/0xf0 [ 194.985051][ T7976] inet_sendpage+0x44a/0x630 [ 194.989650][ T7976] kernel_sendpage+0x95/0xf0 [ 194.994238][ T7976] ? inet_sendmsg+0x5e0/0x5e0 [ 194.998916][ T7976] sock_sendpage+0x8b/0xc0 [ 195.003346][ T7976] ? lockdep_hardirqs_on+0x418/0x5d0 [ 195.008638][ T7976] pipe_to_sendpage+0x299/0x370 [ 195.013538][ T7976] ? kernel_sendpage+0xf0/0xf0 [ 195.018301][ T7976] ? direct_splice_actor+0x1a0/0x1a0 [ 195.023620][ T7976] ? __put_page+0x92/0xd0 [ 195.027955][ T7976] ? anon_pipe_buf_release+0x1c6/0x270 [ 195.033433][ T7976] __splice_from_pipe+0x395/0x7d0 [ 195.038456][ T7976] ? direct_splice_actor+0x1a0/0x1a0 [ 195.043748][ T7976] ? direct_splice_actor+0x1a0/0x1a0 [ 195.049031][ T7976] splice_from_pipe+0x108/0x170 [ 195.053895][ T7976] ? splice_shrink_spd+0xd0/0xd0 [ 195.058864][ T7976] ? apparmor_file_permission+0x25/0x30 [ 195.064409][ T7976] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.070654][ T7976] ? security_file_permission+0x94/0x380 [ 195.076380][ T7976] generic_splice_sendpage+0x3c/0x50 [ 195.081682][ T7976] ? splice_from_pipe+0x170/0x170 [ 195.086723][ T7976] do_splice+0x70a/0x13c0 [ 195.091068][ T7976] ? opipe_prep.part.0+0x2d0/0x2d0 [ 195.096185][ T7976] ? __fget_light+0x1a9/0x230 [ 195.100865][ T7976] __x64_sys_splice+0x2c6/0x330 [ 195.105739][ T7976] do_syscall_64+0x103/0x610 [ 195.110421][ T7976] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 195.116307][ T7976] RIP: 0033:0x4582b9 [ 195.120204][ T7976] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 195.139824][ T7976] RSP: 002b:00007fe5a11cdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 22:13:32 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) flock(r0, 0x5) r1 = syz_open_procfs(0x0, &(0x7f0000000300)='fdinfo/3\x00') preadv(r1, &(0x7f0000000480), 0x1000000000000237, 0x0) [ 195.148234][ T7976] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 195.156211][ T7976] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000004 [ 195.164181][ T7976] RBP: 000000000073bfa0 R08: 0000000000110005 R09: 0000000000000000 [ 195.172149][ T7976] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe5a11ce6d4 [ 195.180126][ T7976] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 195.188133][ T7999] CPU: 0 PID: 7999 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 195.197198][ T7999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 195.197203][ T7999] Call Trace: [ 195.197228][ T7999] dump_stack+0x172/0x1f0 [ 195.197260][ T7999] __this_cpu_preempt_check+0x246/0x270 [ 195.210770][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 195.214991][ T7999] sk_mc_loop+0x1d/0x210 [ 195.215010][ T7999] ip_mc_output+0x2ef/0xf70 [ 195.215031][ T7999] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 195.215045][ T7999] ? __ip_make_skb+0xf15/0x1820 [ 195.215070][ T7999] ? ip_append_data.part.0+0x170/0x170 [ 195.220642][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 195.226317][ T7999] ? dst_release+0x62/0xb0 [ 195.226333][ T7999] ? __ip_make_skb+0xf93/0x1820 [ 195.226350][ T7999] ip_local_out+0xc4/0x1b0 [ 195.226367][ T7999] ip_send_skb+0x42/0xf0 [ 195.226387][ T7999] ip_push_pending_frames+0x64/0x80 [ 195.256224][ T7999] raw_sendmsg+0x1e6d/0x2f20 [ 195.256252][ T7999] ? compat_raw_getsockopt+0x100/0x100 [ 195.256282][ T7999] ? finish_task_switch+0x146/0x780 [ 195.256312][ T7999] ? ___might_sleep+0x163/0x280 [ 195.256329][ T7999] ? __might_sleep+0x95/0x190 [ 195.256351][ T7999] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 195.270028][ T7999] ? aa_sk_perm+0x288/0x880 [ 195.270045][ T7999] ? _raw_spin_unlock_irq+0x5e/0x90 [ 195.270061][ T7999] ? finish_task_switch+0x146/0x780 [ 195.270084][ T7999] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 195.270104][ T7999] inet_sendmsg+0x147/0x5e0 [ 195.334810][ T7999] ? compat_raw_getsockopt+0x100/0x100 [ 195.340272][ T7999] ? inet_sendmsg+0x147/0x5e0 [ 195.344949][ T7999] ? ipip_gro_receive+0x100/0x100 [ 195.349978][ T7999] sock_sendmsg+0xdd/0x130 [ 195.354412][ T7999] kernel_sendmsg+0x44/0x50 [ 195.359000][ T7999] sock_no_sendpage+0x116/0x150 [ 195.363858][ T7999] ? sock_kfree_s+0x70/0x70 [ 195.368403][ T7999] inet_sendpage+0x44a/0x630 [ 195.373024][ T7999] kernel_sendpage+0x95/0xf0 [ 195.377614][ T7999] ? inet_sendmsg+0x5e0/0x5e0 [ 195.382309][ T7999] sock_sendpage+0x8b/0xc0 [ 195.386759][ T7999] ? pipe_lock+0x6e/0x80 [ 195.391003][ T7999] pipe_to_sendpage+0x299/0x370 [ 195.395852][ T7999] ? kernel_sendpage+0xf0/0xf0 [ 195.400613][ T7999] ? direct_splice_actor+0x1a0/0x1a0 [ 195.405921][ T7999] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.412159][ T7999] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 195.418237][ T7999] __splice_from_pipe+0x395/0x7d0 [ 195.423261][ T7999] ? direct_splice_actor+0x1a0/0x1a0 [ 195.428556][ T7999] ? direct_splice_actor+0x1a0/0x1a0 [ 195.433840][ T7999] splice_from_pipe+0x108/0x170 [ 195.438699][ T7999] ? splice_shrink_spd+0xd0/0xd0 [ 195.443646][ T7999] ? apparmor_file_permission+0x25/0x30 [ 195.449216][ T7999] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.455459][ T7999] ? security_file_permission+0x94/0x380 [ 195.461095][ T7999] generic_splice_sendpage+0x3c/0x50 [ 195.466375][ T7999] ? splice_from_pipe+0x170/0x170 [ 195.471400][ T7999] do_splice+0x70a/0x13c0 [ 195.475735][ T7999] ? opipe_prep.part.0+0x2d0/0x2d0 [ 195.480892][ T7999] ? __fget_light+0x1a9/0x230 [ 195.485656][ T7999] __x64_sys_splice+0x2c6/0x330 [ 195.490534][ T7999] do_syscall_64+0x103/0x610 [ 195.495136][ T7999] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 195.501023][ T7999] RIP: 0033:0x4582b9 [ 195.504940][ T7999] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 195.524547][ T7999] RSP: 002b:00007fe5a116ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 195.532958][ T7999] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 195.540924][ T7999] RDX: 000000000000000a RSI: 0000000000000000 RDI: 0000000000000008 22:13:33 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x2c) prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100), 0xc) [ 195.548889][ T7999] RBP: 000000000073c180 R08: 0000000000110005 R09: 0000000000000000 [ 195.556866][ T7999] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe5a116b6d4 [ 195.564843][ T7999] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 195.573803][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 195.579590][ C0] protocol 88fb is buggy, dev hsr_slave_1 22:13:33 executing program 0: bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={0xffffffffffffffff, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={r0}, 0xc) 22:13:33 executing program 5: openat$zero(0xffffffffffffff9c, 0x0, 0x801, 0x0) sched_setattr(0x0, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$EVIOCRMFF(0xffffffffffffffff, 0x40044581, 0x0) creat(&(0x7f00000001c0)='./bus\x00', 0xffffffffffdffffe) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./bus\x00', 0x0, 0x0, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600)) r1 = syz_open_pts(r0, 0x0) write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x35b) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x17}) 22:13:33 executing program 1: r0 = socket$inet(0x2, 0x80001, 0x84) connect(r0, &(0x7f00000003c0)=@hci, 0x80) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0adc1f123c123f3188b070") bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) sendmsg(r0, &(0x7f000001afc8)={&(0x7f0000006000)=@in={0x2, 0x0, @loopback}, 0x80, 0x0}, 0x0) 22:13:33 executing program 3: perf_event_open(&(0x7f0000000280)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000b40)='oom_adj\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000580)='oom_score_adj\x00\x9f\xc5r\x0e8J\xdb@\xf8\xbfj1\xe8\xce\x88\x02^\xb2\xf4hTR2\xf1\x89\x1e~m\x19\xc9lG^l\x13c7\xf7$\x7f?9>b\xe8/<\xdbj>:\xd9\x10\x04r\x18\x15\xdc)\x10I<\xd0:\x0f\x18\xec\x00\xc2w\x8a0C\xf8\xa9\xeaa\x16\x8c\xe6C\xf5\xcb\xdc\x1c\xea`\x9c\xe1\x8e\xdd\x8e\xaa\x1f\xf4\xaf\xa3Z\xbf\x17M\x1a\xff\xb1\x8dP]<\x9e\xe1B[y\xe6\xae\xe9I\xdb)\x9b\xcb\xa3Wlt\xe9\xa9\xfc\xf8\xde\xf0]\n\xa5S\x16\x1dh\x88\xc5\xea\xcf\xca5\xd2.\x93\xfd\t\x90#hq\r\x9b;\x83\xdd\x0fs\x80\x12\xc6\x8e~\xd4\xef\xc7:\xee4cu\xb2\x03\xd5\xd5)\xc9\xf1/\xea\x95_\'\xfb\xb9\xa94\xca\x9e\xf3\xfb\xc9\xd6~\xd5\xb7}B\xe5.\x86\xbf\xbb#\xb9\xf7N\xb3\xfe?x\xccX^\x16bz\"\x8a\xa45\x10t\xbb\xb7\xca\xa7\xcc\xde_\xdc\xab\xf2\xb8\xc7\xb3\xd3&$\xbb4\x81\t\xbb\xe3\xbfB(ln\xbc\xe9E<6$\x8f)\xb0\x1a\xc9\xe3\x18\xa6\xd9zk\x94Z\xed\x96\xad\xe2\\\xcb,!\x13\rv)r\xf1\x00E\xcccgr\xbf\xd4uB\x9f\xa5\x8c8\xe4D\x0f\xd3Vtd\x89\xc8V\x14\x17=\xd9\xcf*\xc8\xc7\xb7\xcc\x182/Jm\x8c5\x93\x14\xfd\x02\'\xe3\xc9\x12~\xc3\x10\xb7\xc7\xae\xcfA\x823|\xfd\xba2\xbd\xc6-\xe0E_x\xc7i\x8dV\xd9\\_l\xfb\xd8xX.N\x9bd\x91\xd5\xc1\xa1\xbahL\x95wF\x13{\xfd\xc8T\x1f\xe1)h\a\xe8Wn]\xe4') sendfile(r1, r0, 0x0, 0x4) 22:13:33 executing program 0: bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={0xffffffffffffffff, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={r0}, 0xc) [ 195.747337][ T7999] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7999 [ 195.757942][ T7999] caller is sk_mc_loop+0x1d/0x210 [ 195.763059][ T7999] CPU: 0 PID: 7999 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 195.772109][ T7999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 195.772115][ T7999] Call Trace: [ 195.772137][ T7999] dump_stack+0x172/0x1f0 [ 195.772160][ T7999] __this_cpu_preempt_check+0x246/0x270 [ 195.772174][ T7999] sk_mc_loop+0x1d/0x210 [ 195.772189][ T7999] ip_mc_output+0x2ef/0xf70 [ 195.772209][ T7999] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 195.809326][ T7999] ? __ip_make_skb+0xf15/0x1820 [ 195.815666][ T7999] ? ip_append_data.part.0+0x170/0x170 [ 195.821148][ T7999] ? dst_release+0x62/0xb0 [ 195.825572][ T7999] ? __ip_make_skb+0xf93/0x1820 [ 195.825592][ T7999] ip_local_out+0xc4/0x1b0 [ 195.825611][ T7999] ip_send_skb+0x42/0xf0 [ 195.825632][ T7999] ip_push_pending_frames+0x64/0x80 [ 195.844315][ T7999] raw_sendmsg+0x1e6d/0x2f20 [ 195.848926][ T7999] ? compat_raw_getsockopt+0x100/0x100 [ 195.854409][ T7999] ? finish_task_switch+0x146/0x780 [ 195.859625][ T7999] ? ___might_sleep+0x163/0x280 [ 195.864482][ T7999] ? __might_sleep+0x95/0x190 [ 195.864514][ T7999] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 195.864535][ T7999] ? aa_sk_perm+0x288/0x880 [ 195.874847][ T7999] ? _raw_spin_unlock_irq+0x5e/0x90 [ 195.874866][ T7999] ? finish_task_switch+0x146/0x780 [ 195.874894][ T7999] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 195.895402][ T7999] inet_sendmsg+0x147/0x5e0 [ 195.900018][ T7999] ? compat_raw_getsockopt+0x100/0x100 [ 195.905482][ T7999] ? inet_sendmsg+0x147/0x5e0 [ 195.910175][ T7999] ? ipip_gro_receive+0x100/0x100 [ 195.915212][ T7999] sock_sendmsg+0xdd/0x130 [ 195.920387][ T7999] kernel_sendmsg+0x44/0x50 [ 195.924908][ T7999] sock_no_sendpage+0x116/0x150 [ 195.929766][ T7999] ? sock_kfree_s+0x70/0x70 [ 195.934168][ T7976] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7976 [ 195.934322][ T7999] inet_sendpage+0x44a/0x630 [ 195.943710][ T7976] caller is sk_mc_loop+0x1d/0x210 [ 195.948174][ T7999] kernel_sendpage+0x95/0xf0 [ 195.957763][ T7999] ? inet_sendmsg+0x5e0/0x5e0 [ 195.962491][ T7999] sock_sendpage+0x8b/0xc0 [ 195.966921][ T7999] ? pipe_lock+0x6e/0x80 [ 195.971167][ T7999] pipe_to_sendpage+0x299/0x370 [ 195.976031][ T7999] ? kernel_sendpage+0xf0/0xf0 [ 195.980800][ T7999] ? direct_splice_actor+0x1a0/0x1a0 [ 195.986091][ T7999] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.992333][ T7999] ? anon_pipe_buf_release+0x1c6/0x270 [ 195.997798][ T7999] __splice_from_pipe+0x395/0x7d0 [ 196.003021][ T7999] ? direct_splice_actor+0x1a0/0x1a0 [ 196.008310][ T7999] ? direct_splice_actor+0x1a0/0x1a0 [ 196.013607][ T7999] splice_from_pipe+0x108/0x170 [ 196.018464][ T7999] ? splice_shrink_spd+0xd0/0xd0 [ 196.023421][ T7999] ? apparmor_file_permission+0x25/0x30 [ 196.028965][ T7999] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 196.035217][ T7999] ? security_file_permission+0x94/0x380 [ 196.040852][ T7999] generic_splice_sendpage+0x3c/0x50 [ 196.046148][ T7999] ? splice_from_pipe+0x170/0x170 [ 196.051190][ T7999] do_splice+0x70a/0x13c0 [ 196.055544][ T7999] ? opipe_prep.part.0+0x2d0/0x2d0 [ 196.060659][ T7999] ? __fget_light+0x1a9/0x230 [ 196.065373][ T7999] __x64_sys_splice+0x2c6/0x330 [ 196.070236][ T7999] do_syscall_64+0x103/0x610 [ 196.074835][ T7999] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.080726][ T7999] RIP: 0033:0x4582b9 [ 196.084622][ T7999] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 196.104224][ T7999] RSP: 002b:00007fe5a116ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 196.112635][ T7999] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 196.120600][ T7999] RDX: 000000000000000a RSI: 0000000000000000 RDI: 0000000000000008 [ 196.128575][ T7999] RBP: 000000000073c180 R08: 0000000000110005 R09: 0000000000000000 [ 196.136550][ T7999] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe5a116b6d4 [ 196.144528][ T7999] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 196.152543][ T7976] CPU: 1 PID: 7976 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 196.161577][ T7976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 196.171718][ T7976] Call Trace: [ 196.175018][ T7976] dump_stack+0x172/0x1f0 [ 196.179361][ T7976] __this_cpu_preempt_check+0x246/0x270 [ 196.184909][ T7976] sk_mc_loop+0x1d/0x210 [ 196.189155][ T7976] ip_mc_output+0x2ef/0xf70 [ 196.193666][ T7976] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 196.198774][ T7976] ? __ip_make_skb+0xf15/0x1820 [ 196.203639][ T7976] ? ip_append_data.part.0+0x170/0x170 [ 196.209096][ T7976] ? dst_release+0x62/0xb0 [ 196.213517][ T7976] ? __ip_make_skb+0xf93/0x1820 [ 196.218376][ T7976] ip_local_out+0xc4/0x1b0 [ 196.222796][ T7976] ip_send_skb+0x42/0xf0 [ 196.227035][ T7976] ip_push_pending_frames+0x64/0x80 [ 196.232245][ T7976] raw_sendmsg+0x1e6d/0x2f20 [ 196.236845][ T7976] ? compat_raw_getsockopt+0x100/0x100 [ 196.242338][ T7976] ? finish_task_switch+0x146/0x780 [ 196.247663][ T7976] ? ___might_sleep+0x163/0x280 [ 196.252522][ T7976] ? __might_sleep+0x95/0x190 [ 196.257206][ T7976] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 196.263107][ T7976] ? aa_sk_perm+0x288/0x880 [ 196.267618][ T7976] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 196.273437][ T7976] inet_sendmsg+0x147/0x5e0 [ 196.277941][ T7976] ? compat_raw_getsockopt+0x100/0x100 [ 196.283396][ T7976] ? inet_sendmsg+0x147/0x5e0 [ 196.288075][ T7976] ? ipip_gro_receive+0x100/0x100 [ 196.293110][ T7976] sock_sendmsg+0xdd/0x130 [ 196.297530][ T7976] kernel_sendmsg+0x44/0x50 [ 196.302052][ T7976] sock_no_sendpage+0x116/0x150 [ 196.306896][ T7976] ? sock_kfree_s+0x70/0x70 [ 196.311400][ T7976] ? debug_check_no_obj_freed+0x211/0x444 [ 196.317128][ T7976] ? mark_held_locks+0xa4/0xf0 [ 196.321895][ T7976] inet_sendpage+0x44a/0x630 [ 196.326513][ T7976] kernel_sendpage+0x95/0xf0 [ 196.331276][ T7976] ? inet_sendmsg+0x5e0/0x5e0 [ 196.335952][ T7976] sock_sendpage+0x8b/0xc0 [ 196.340372][ T7976] ? lockdep_hardirqs_on+0x418/0x5d0 [ 196.345660][ T7976] pipe_to_sendpage+0x299/0x370 [ 196.350544][ T7976] ? kernel_sendpage+0xf0/0xf0 [ 196.355400][ T7976] ? direct_splice_actor+0x1a0/0x1a0 [ 196.360684][ T7976] ? __put_page+0x92/0xd0 [ 196.365029][ T7976] ? anon_pipe_buf_release+0x1c6/0x270 [ 196.370525][ T7976] __splice_from_pipe+0x395/0x7d0 [ 196.375544][ T7976] ? direct_splice_actor+0x1a0/0x1a0 [ 196.380858][ T7976] ? direct_splice_actor+0x1a0/0x1a0 [ 196.386226][ T7976] splice_from_pipe+0x108/0x170 [ 196.391083][ T7976] ? splice_shrink_spd+0xd0/0xd0 [ 196.396028][ T7976] ? apparmor_file_permission+0x25/0x30 [ 196.401587][ T7976] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 196.407852][ T7976] ? security_file_permission+0x94/0x380 [ 196.413486][ T7976] generic_splice_sendpage+0x3c/0x50 [ 196.418778][ T7976] ? splice_from_pipe+0x170/0x170 [ 196.423801][ T7976] do_splice+0x70a/0x13c0 [ 196.428156][ T7976] ? opipe_prep.part.0+0x2d0/0x2d0 [ 196.433292][ T7976] ? __fget_light+0x1a9/0x230 [ 196.437971][ T7976] __x64_sys_splice+0x2c6/0x330 [ 196.442830][ T7976] do_syscall_64+0x103/0x610 [ 196.447418][ T7976] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.453315][ T7976] RIP: 0033:0x4582b9 [ 196.457221][ T7976] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 196.476818][ T7976] RSP: 002b:00007fe5a11cdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 196.485229][ T7976] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 196.493192][ T7976] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000004 [ 196.501167][ T7976] RBP: 000000000073bfa0 R08: 0000000000110005 R09: 0000000000000000 [ 196.509132][ T7976] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe5a11ce6d4 [ 196.517095][ T7976] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 196.545525][ T7976] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7976 [ 196.555681][ T7976] caller is sk_mc_loop+0x1d/0x210 [ 196.560721][ T7976] CPU: 0 PID: 7976 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 196.569737][ T7976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 196.579789][ T7976] Call Trace: [ 196.583092][ T7976] dump_stack+0x172/0x1f0 [ 196.587461][ T7976] __this_cpu_preempt_check+0x246/0x270 [ 196.593068][ T7976] sk_mc_loop+0x1d/0x210 [ 196.597334][ T7976] ip_mc_output+0x2ef/0xf70 [ 196.601852][ T7976] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 196.606962][ T7976] ? __ip_make_skb+0xf15/0x1820 [ 196.611812][ T7976] ? ip_append_data.part.0+0x170/0x170 [ 196.617264][ T7976] ? dst_release+0x62/0xb0 [ 196.621679][ T7976] ? __ip_make_skb+0xf93/0x1820 [ 196.626546][ T7976] ip_local_out+0xc4/0x1b0 [ 196.630966][ T7976] ip_send_skb+0x42/0xf0 [ 196.635210][ T7976] ip_push_pending_frames+0x64/0x80 [ 196.640418][ T7976] raw_sendmsg+0x1e6d/0x2f20 [ 196.645027][ T7976] ? compat_raw_getsockopt+0x100/0x100 [ 196.650497][ T7976] ? finish_task_switch+0x146/0x780 [ 196.655719][ T7976] ? ___might_sleep+0x163/0x280 [ 196.660573][ T7976] ? __might_sleep+0x95/0x190 [ 196.665264][ T7976] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 196.670895][ T7976] ? aa_sk_perm+0x288/0x880 [ 196.675425][ T7976] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 196.681162][ T7976] inet_sendmsg+0x147/0x5e0 [ 196.685677][ T7976] ? compat_raw_getsockopt+0x100/0x100 [ 196.691135][ T7976] ? inet_sendmsg+0x147/0x5e0 [ 196.695807][ T7976] ? ipip_gro_receive+0x100/0x100 [ 196.700830][ T7976] sock_sendmsg+0xdd/0x130 [ 196.705264][ T7976] kernel_sendmsg+0x44/0x50 [ 196.709770][ T7976] sock_no_sendpage+0x116/0x150 [ 196.714628][ T7976] ? sock_kfree_s+0x70/0x70 [ 196.719148][ T7976] ? debug_check_no_obj_freed+0x211/0x444 [ 196.724897][ T7976] ? mark_held_locks+0xa4/0xf0 [ 196.729664][ T7976] inet_sendpage+0x44a/0x630 [ 196.734260][ T7976] kernel_sendpage+0x95/0xf0 [ 196.738844][ T7976] ? inet_sendmsg+0x5e0/0x5e0 [ 196.743530][ T7976] sock_sendpage+0x8b/0xc0 [ 196.747951][ T7976] ? lockdep_hardirqs_on+0x418/0x5d0 [ 196.753240][ T7976] pipe_to_sendpage+0x299/0x370 [ 196.758091][ T7976] ? kernel_sendpage+0xf0/0xf0 [ 196.762859][ T7976] ? direct_splice_actor+0x1a0/0x1a0 [ 196.768142][ T7976] ? __put_page+0x92/0xd0 [ 196.772474][ T7976] ? anon_pipe_buf_release+0x1c6/0x270 [ 196.778027][ T7976] __splice_from_pipe+0x395/0x7d0 [ 196.783053][ T7976] ? direct_splice_actor+0x1a0/0x1a0 [ 196.788345][ T7976] ? direct_splice_actor+0x1a0/0x1a0 [ 196.793629][ T7976] splice_from_pipe+0x108/0x170 [ 196.798478][ T7976] ? splice_shrink_spd+0xd0/0xd0 [ 196.803432][ T7976] ? apparmor_file_permission+0x25/0x30 [ 196.808983][ T7976] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 196.815240][ T7976] ? security_file_permission+0x94/0x380 [ 196.820881][ T7976] generic_splice_sendpage+0x3c/0x50 [ 196.826181][ T7976] ? splice_from_pipe+0x170/0x170 [ 196.831213][ T7976] do_splice+0x70a/0x13c0 [ 196.835575][ T7976] ? opipe_prep.part.0+0x2d0/0x2d0 [ 196.840694][ T7976] ? __fget_light+0x1a9/0x230 [ 196.845371][ T7976] __x64_sys_splice+0x2c6/0x330 [ 196.850226][ T7976] do_syscall_64+0x103/0x610 [ 196.854821][ T7976] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.860712][ T7976] RIP: 0033:0x4582b9 [ 196.864609][ T7976] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 196.884244][ T7976] RSP: 002b:00007fe5a11cdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 196.892667][ T7976] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 196.900632][ T7976] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000004 [ 196.908598][ T7976] RBP: 000000000073bfa0 R08: 0000000000110005 R09: 0000000000000000 [ 196.916570][ T7976] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe5a11ce6d4 [ 196.924558][ T7976] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 196.954047][ T7999] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7999 [ 196.964056][ T7999] caller is sk_mc_loop+0x1d/0x210 [ 196.969103][ T7999] CPU: 0 PID: 7999 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 196.978145][ T7999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 196.988199][ T7999] Call Trace: [ 196.988224][ T7999] dump_stack+0x172/0x1f0 [ 196.988248][ T7999] __this_cpu_preempt_check+0x246/0x270 [ 196.988274][ T7999] sk_mc_loop+0x1d/0x210 [ 197.005648][ T7999] ip_mc_output+0x2ef/0xf70 [ 197.010160][ T7999] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 197.015274][ T7999] ? __ip_make_skb+0xf15/0x1820 [ 197.020132][ T7999] ? ip_append_data.part.0+0x170/0x170 [ 197.025596][ T7999] ? dst_release+0x62/0xb0 [ 197.030023][ T7999] ? __ip_make_skb+0xf93/0x1820 [ 197.034887][ T7999] ip_local_out+0xc4/0x1b0 [ 197.039313][ T7999] ip_send_skb+0x42/0xf0 [ 197.040231][ T7976] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7976 [ 197.043572][ T7999] ip_push_pending_frames+0x64/0x80 [ 197.043590][ T7999] raw_sendmsg+0x1e6d/0x2f20 [ 197.043628][ T7999] ? compat_raw_getsockopt+0x100/0x100 [ 197.043658][ T7999] ? finish_task_switch+0x146/0x780 [ 197.043686][ T7999] ? ___might_sleep+0x163/0x280 [ 197.043711][ T7999] ? __might_sleep+0x95/0x190 [ 197.053224][ T7976] caller is sk_mc_loop+0x1d/0x210 [ 197.058351][ T7999] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 197.093672][ T7999] ? aa_sk_perm+0x288/0x880 [ 197.098185][ T7999] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 197.103739][ T7999] inet_sendmsg+0x147/0x5e0 [ 197.108246][ T7999] ? compat_raw_getsockopt+0x100/0x100 [ 197.113706][ T7999] ? inet_sendmsg+0x147/0x5e0 [ 197.118383][ T7999] ? ipip_gro_receive+0x100/0x100 [ 197.123412][ T7999] sock_sendmsg+0xdd/0x130 [ 197.127835][ T7999] kernel_sendmsg+0x44/0x50 [ 197.132340][ T7999] sock_no_sendpage+0x116/0x150 [ 197.137188][ T7999] ? sock_kfree_s+0x70/0x70 [ 197.141699][ T7999] ? debug_check_no_obj_freed+0x211/0x444 [ 197.147430][ T7999] ? mark_held_locks+0xa4/0xf0 [ 197.152218][ T7999] inet_sendpage+0x44a/0x630 [ 197.156812][ T7999] kernel_sendpage+0x95/0xf0 [ 197.161396][ T7999] ? inet_sendmsg+0x5e0/0x5e0 [ 197.166091][ T7999] sock_sendpage+0x8b/0xc0 [ 197.170520][ T7999] ? lockdep_hardirqs_on+0x418/0x5d0 [ 197.175865][ T7999] pipe_to_sendpage+0x299/0x370 [ 197.180713][ T7999] ? kernel_sendpage+0xf0/0xf0 [ 197.185478][ T7999] ? direct_splice_actor+0x1a0/0x1a0 [ 197.190770][ T7999] ? __put_page+0x92/0xd0 [ 197.195118][ T7999] ? anon_pipe_buf_release+0x1c6/0x270 [ 197.200584][ T7999] __splice_from_pipe+0x395/0x7d0 [ 197.205606][ T7999] ? direct_splice_actor+0x1a0/0x1a0 [ 197.210895][ T7999] ? direct_splice_actor+0x1a0/0x1a0 [ 197.216177][ T7999] splice_from_pipe+0x108/0x170 [ 197.221032][ T7999] ? splice_shrink_spd+0xd0/0xd0 [ 197.225976][ T7999] ? apparmor_file_permission+0x25/0x30 [ 197.231551][ T7999] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 197.237800][ T7999] ? security_file_permission+0x94/0x380 [ 197.243441][ T7999] generic_splice_sendpage+0x3c/0x50 [ 197.248724][ T7999] ? splice_from_pipe+0x170/0x170 [ 197.253745][ T7999] do_splice+0x70a/0x13c0 [ 197.258088][ T7999] ? opipe_prep.part.0+0x2d0/0x2d0 [ 197.263200][ T7999] ? __fget_light+0x1a9/0x230 [ 197.267911][ T7999] __x64_sys_splice+0x2c6/0x330 [ 197.272773][ T7999] do_syscall_64+0x103/0x610 [ 197.277367][ T7999] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.283257][ T7999] RIP: 0033:0x4582b9 [ 197.287156][ T7999] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 197.306784][ T7999] RSP: 002b:00007fe5a116ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 197.315212][ T7999] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 197.323188][ T7999] RDX: 000000000000000a RSI: 0000000000000000 RDI: 0000000000000008 [ 197.331151][ T7999] RBP: 000000000073c180 R08: 0000000000110005 R09: 0000000000000000 [ 197.339118][ T7999] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe5a116b6d4 [ 197.347088][ T7999] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 197.355082][ T7976] CPU: 1 PID: 7976 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 197.364131][ T7976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.374189][ T7976] Call Trace: [ 197.377492][ T7976] dump_stack+0x172/0x1f0 [ 197.377935][ T7999] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7999 [ 197.381849][ T7976] __this_cpu_preempt_check+0x246/0x270 [ 197.381869][ T7976] sk_mc_loop+0x1d/0x210 [ 197.381886][ T7976] ip_mc_output+0x2ef/0xf70 [ 197.381911][ T7976] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 197.391213][ T7999] caller is sk_mc_loop+0x1d/0x210 [ 197.396726][ T7976] ? __ip_make_skb+0xf15/0x1820 [ 197.420423][ T7976] ? ip_append_data.part.0+0x170/0x170 [ 197.425894][ T7976] ? dst_release+0x62/0xb0 [ 197.430317][ T7976] ? __ip_make_skb+0xf93/0x1820 [ 197.435178][ T7976] ip_local_out+0xc4/0x1b0 [ 197.439603][ T7976] ip_send_skb+0x42/0xf0 [ 197.443866][ T7976] ip_push_pending_frames+0x64/0x80 [ 197.449079][ T7976] raw_sendmsg+0x1e6d/0x2f20 [ 197.453691][ T7976] ? compat_raw_getsockopt+0x100/0x100 [ 197.459164][ T7976] ? finish_task_switch+0x146/0x780 [ 197.464380][ T7976] ? ___might_sleep+0x163/0x280 [ 197.469236][ T7976] ? __might_sleep+0x95/0x190 [ 197.473918][ T7976] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 197.479642][ T7976] ? aa_sk_perm+0x288/0x880 [ 197.484164][ T7976] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 197.489979][ T7976] inet_sendmsg+0x147/0x5e0 [ 197.494523][ T7976] ? compat_raw_getsockopt+0x100/0x100 [ 197.499981][ T7976] ? inet_sendmsg+0x147/0x5e0 [ 197.504665][ T7976] ? ipip_gro_receive+0x100/0x100 [ 197.509692][ T7976] sock_sendmsg+0xdd/0x130 [ 197.514124][ T7976] kernel_sendmsg+0x44/0x50 [ 197.518637][ T7976] sock_no_sendpage+0x116/0x150 [ 197.523490][ T7976] ? sock_kfree_s+0x70/0x70 [ 197.528008][ T7976] ? debug_check_no_obj_freed+0x211/0x444 [ 197.533745][ T7976] ? mark_held_locks+0xa4/0xf0 [ 197.538516][ T7976] inet_sendpage+0x44a/0x630 [ 197.543113][ T7976] kernel_sendpage+0x95/0xf0 [ 197.547698][ T7976] ? inet_sendmsg+0x5e0/0x5e0 [ 197.552379][ T7976] sock_sendpage+0x8b/0xc0 [ 197.556794][ T7976] ? lockdep_hardirqs_on+0x418/0x5d0 [ 197.562087][ T7976] pipe_to_sendpage+0x299/0x370 [ 197.566937][ T7976] ? kernel_sendpage+0xf0/0xf0 [ 197.571706][ T7976] ? direct_splice_actor+0x1a0/0x1a0 [ 197.576992][ T7976] ? __put_page+0x92/0xd0 [ 197.581334][ T7976] ? anon_pipe_buf_release+0x1c6/0x270 [ 197.586798][ T7976] __splice_from_pipe+0x395/0x7d0 [ 197.591821][ T7976] ? direct_splice_actor+0x1a0/0x1a0 [ 197.597109][ T7976] ? direct_splice_actor+0x1a0/0x1a0 [ 197.602392][ T7976] splice_from_pipe+0x108/0x170 [ 197.607247][ T7976] ? splice_shrink_spd+0xd0/0xd0 [ 197.612197][ T7976] ? apparmor_file_permission+0x25/0x30 [ 197.617741][ T7976] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 197.623985][ T7976] ? security_file_permission+0x94/0x380 [ 197.629624][ T7976] generic_splice_sendpage+0x3c/0x50 [ 197.634923][ T7976] ? splice_from_pipe+0x170/0x170 [ 197.639949][ T7976] do_splice+0x70a/0x13c0 [ 197.644287][ T7976] ? opipe_prep.part.0+0x2d0/0x2d0 [ 197.649396][ T7976] ? __fget_light+0x1a9/0x230 [ 197.654079][ T7976] __x64_sys_splice+0x2c6/0x330 [ 197.658940][ T7976] do_syscall_64+0x103/0x610 [ 197.663548][ T7976] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.669444][ T7976] RIP: 0033:0x4582b9 [ 197.673347][ T7976] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 197.692956][ T7976] RSP: 002b:00007fe5a11cdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 197.701365][ T7976] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 197.709333][ T7976] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000004 [ 197.717316][ T7976] RBP: 000000000073bfa0 R08: 0000000000110005 R09: 0000000000000000 [ 197.725285][ T7976] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe5a11ce6d4 [ 197.733255][ T7976] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 197.741247][ T7999] CPU: 0 PID: 7999 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 197.750276][ T7999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.760346][ T7999] Call Trace: [ 197.763643][ T7999] dump_stack+0x172/0x1f0 [ 197.768001][ T7999] __this_cpu_preempt_check+0x246/0x270 [ 197.784879][ T7999] sk_mc_loop+0x1d/0x210 [ 197.789129][ T7999] ip_mc_output+0x2ef/0xf70 [ 197.793643][ T7999] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 197.798751][ T7999] ? __ip_make_skb+0xf15/0x1820 [ 197.803619][ T7999] ? ip_append_data.part.0+0x170/0x170 [ 197.809074][ T7999] ? dst_release+0x62/0xb0 [ 197.814966][ T7999] ? __ip_make_skb+0xf93/0x1820 [ 197.819817][ T7999] ip_local_out+0xc4/0x1b0 [ 197.824238][ T7999] ip_send_skb+0x42/0xf0 [ 197.828480][ T7999] ip_push_pending_frames+0x64/0x80 [ 197.833686][ T7999] raw_sendmsg+0x1e6d/0x2f20 [ 197.838282][ T7999] ? compat_raw_getsockopt+0x100/0x100 [ 197.843763][ T7999] ? finish_task_switch+0x146/0x780 [ 197.848971][ T7999] ? ___might_sleep+0x163/0x280 [ 197.853821][ T7999] ? __might_sleep+0x95/0x190 [ 197.858497][ T7999] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 197.864150][ T7999] ? aa_sk_perm+0x288/0x880 [ 197.868656][ T7999] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 197.874202][ T7999] inet_sendmsg+0x147/0x5e0 [ 197.878704][ T7999] ? compat_raw_getsockopt+0x100/0x100 [ 197.884157][ T7999] ? inet_sendmsg+0x147/0x5e0 [ 197.888835][ T7999] ? ipip_gro_receive+0x100/0x100 [ 197.893861][ T7999] sock_sendmsg+0xdd/0x130 [ 197.898284][ T7999] kernel_sendmsg+0x44/0x50 [ 197.902788][ T7999] sock_no_sendpage+0x116/0x150 [ 197.907637][ T7999] ? sock_kfree_s+0x70/0x70 [ 197.912142][ T7999] ? debug_check_no_obj_freed+0x211/0x444 [ 197.917870][ T7999] ? mark_held_locks+0xa4/0xf0 [ 197.923192][ T7999] inet_sendpage+0x44a/0x630 [ 197.927904][ T7999] kernel_sendpage+0x95/0xf0 [ 197.932490][ T7999] ? inet_sendmsg+0x5e0/0x5e0 [ 197.937175][ T7999] sock_sendpage+0x8b/0xc0 [ 197.941592][ T7999] ? lockdep_hardirqs_on+0x418/0x5d0 [ 197.946875][ T7999] pipe_to_sendpage+0x299/0x370 [ 197.951734][ T7999] ? kernel_sendpage+0xf0/0xf0 [ 197.956494][ T7999] ? direct_splice_actor+0x1a0/0x1a0 [ 197.961789][ T7999] ? __put_page+0x92/0xd0 [ 197.966136][ T7999] ? anon_pipe_buf_release+0x1c6/0x270 [ 197.971596][ T7999] __splice_from_pipe+0x395/0x7d0 [ 197.976627][ T7999] ? direct_splice_actor+0x1a0/0x1a0 [ 197.981917][ T7999] ? direct_splice_actor+0x1a0/0x1a0 [ 197.987202][ T7999] splice_from_pipe+0x108/0x170 [ 197.992052][ T7999] ? splice_shrink_spd+0xd0/0xd0 [ 197.996996][ T7999] ? apparmor_file_permission+0x25/0x30 [ 198.002649][ T7999] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 198.008893][ T7999] ? security_file_permission+0x94/0x380 [ 198.014538][ T7999] generic_splice_sendpage+0x3c/0x50 [ 198.019853][ T7999] ? splice_from_pipe+0x170/0x170 [ 198.024894][ T7999] do_splice+0x70a/0x13c0 [ 198.029234][ T7999] ? opipe_prep.part.0+0x2d0/0x2d0 [ 198.034347][ T7999] ? __fget_light+0x1a9/0x230 [ 198.039023][ T7999] __x64_sys_splice+0x2c6/0x330 [ 198.043890][ T7999] do_syscall_64+0x103/0x610 [ 198.048520][ T7999] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.054411][ T7999] RIP: 0033:0x4582b9 [ 198.058304][ T7999] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 198.077900][ T7999] RSP: 002b:00007fe5a116ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 198.086307][ T7999] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 198.094276][ T7999] RDX: 000000000000000a RSI: 0000000000000000 RDI: 0000000000000008 [ 198.102243][ T7999] RBP: 000000000073c180 R08: 0000000000110005 R09: 0000000000000000 [ 198.110212][ T7999] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe5a116b6d4 [ 198.118179][ T7999] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff 22:13:36 executing program 2: ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000040)) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0) socket$inet(0x2, 0x3, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_GET_XCRS(r0, 0x8188aea6, &(0x7f0000000340)=ANY=[@ANYBLOB]) prctl$PR_SET_UNALIGN(0x6, 0x0) getpgrp(0x0) ptrace$getregs(0xffffffffffffffff, 0x0, 0x2, 0x0) r1 = socket$inet(0x2, 0x0, 0x9) sendto$inet(r1, 0x0, 0x0, 0x0, &(0x7f0000000280), 0x10) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000140)=[0x0, 0x0]) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x400c6615, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r2, 0x0) write$binfmt_misc(r2, &(0x7f0000000440)={'syz1'}, 0x11008) setsockopt$IP_VS_SO_SET_DEL(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) 22:13:36 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in6=@local, 0x0, 0x0, 0x0, 0x6, 0xffffffffffffffff}}, 0xe8) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmmsg(r1, &(0x7f0000007e00), 0x400000000000058, 0x0) 22:13:36 executing program 0: bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={0xffffffffffffffff, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={r0}, 0xc) 22:13:36 executing program 5: r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f0000000880)={0x0, r0}) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) 22:13:36 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x8000, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000000), 0x4) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) recvmmsg(r0, &(0x7f0000008880), 0x45b, 0x44000102, 0x0) sendto$inet6(r0, &(0x7f0000000440)="ff", 0x1, 0x0, 0x0, 0x0) 22:13:36 executing program 3: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/rtc0\x00', 0x0, 0x0) socket(0xa, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000000)={0x0, @dev, 0x0, 0x0, 'lblcr\x00'}, 0x2c) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0) msgget(0x1, 0x664) msgctl$IPC_STAT(0x0, 0x2, 0x0) ioctl$NBD_SET_SOCK(0xffffffffffffffff, 0xab00, 0xffffffffffffffff) ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000400)={0x0, 0x0, {0x0, 0x0, 0x0, 0x12, 0x0, 0xff}}) 22:13:36 executing program 0: r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={r0, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={r1}, 0xc) [ 198.269592][ T8052] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 22:13:36 executing program 3: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x0, 0x0) ioctl$PPPOEIOCSFWD(r0, 0x80044dfd, &(0x7f0000000040)={0x18, 0x0, {0x0, @empty, 'bpq0\x00'}}) 22:13:36 executing program 0: r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={r0, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={r1}, 0xc) [ 198.517088][ T8041] FAT-fs (loop5): bogus number of reserved sectors [ 198.557039][ T8041] FAT-fs (loop5): Can't find a valid FAT filesystem 22:13:36 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000040)={@local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @remote}, @icmp=@timestamp_reply}}}}, 0x0) geteuid() ioctl$SNDRV_TIMER_IOCTL_PAUSE(0xffffffffffffffff, 0x54a3) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000280)={0x8e, 0x8, 0x10000}) bind$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x2}, 0x10) fcntl$lock(0xffffffffffffffff, 0x6, 0x0) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000300)={0x10, 0x17, 0x0, {0x7, './file0'}}, 0x10) syz_open_dev$dri(&(0x7f0000000140)='/dev/dri/card#\x00', 0x1000000000040000, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) quotactl(0x0, 0x0, 0x0, 0x0) r1 = syz_open_dev$sndpcmp(0x0, 0x0, 0xc0000) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$RTC_VL_READ(0xffffffffffffffff, 0x80047013, 0x0) ioctl$RTC_AIE_ON(r2, 0x7001) 22:13:36 executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000000480), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, 0x1, {0x7, 0x8}}, 0x50) stat(&(0x7f0000000140)='./file0\x00', 0x0) 22:13:36 executing program 0: r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={r0, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={r1}, 0xc) 22:13:36 executing program 3: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) socket$inet6(0xa, 0x0, 0x6) [ 198.783565][ T8102] rtc_cmos 00:00: Alarms can be up to one day in the future [ 199.037266][ T8150] check_preemption_disabled: 111 callbacks suppressed [ 199.037291][ T8150] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8150 [ 199.054019][ T8150] caller is ip6_finish_output+0x335/0xdc0 [ 199.059797][ T8150] CPU: 1 PID: 8150 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 199.068862][ T8150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.078941][ T8150] Call Trace: [ 199.082254][ T8150] dump_stack+0x172/0x1f0 [ 199.086632][ T8150] __this_cpu_preempt_check+0x246/0x270 [ 199.092466][ T8150] ip6_finish_output+0x335/0xdc0 [ 199.097444][ T8150] ip6_output+0x235/0x7f0 [ 199.101792][ T8150] ? ip6_finish_output+0xdc0/0xdc0 [ 199.106923][ T8150] ? ip6_fragment+0x3980/0x3980 [ 199.111812][ T8150] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 199.117379][ T8150] ip6_local_out+0xc4/0x1b0 [ 199.121906][ T8150] ip6_send_skb+0xbb/0x350 [ 199.126430][ T8150] ip6_push_pending_frames+0xc8/0xf0 [ 199.131732][ T8150] rawv6_sendmsg+0x299c/0x35e0 [ 199.136531][ T8150] ? rawv6_getsockopt+0x150/0x150 [ 199.141574][ T8150] ? aa_profile_af_perm+0x320/0x320 [ 199.146878][ T8150] ? find_held_lock+0x35/0x130 [ 199.151662][ T8150] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.157949][ T8150] ? rw_copy_check_uvector+0x2a6/0x330 [ 199.163435][ T8150] ? ___might_sleep+0x163/0x280 [ 199.168335][ T8150] ? __might_sleep+0x95/0x190 [ 199.173051][ T8150] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 199.178616][ T8150] inet_sendmsg+0x147/0x5e0 [ 199.183131][ T8150] ? rawv6_getsockopt+0x150/0x150 [ 199.188166][ T8150] ? inet_sendmsg+0x147/0x5e0 [ 199.192859][ T8150] ? ipip_gro_receive+0x100/0x100 [ 199.197898][ T8150] sock_sendmsg+0xdd/0x130 [ 199.202334][ T8150] ___sys_sendmsg+0x3e2/0x930 [ 199.207031][ T8150] ? copy_msghdr_from_user+0x430/0x430 [ 199.212531][ T8150] ? lock_downgrade+0x880/0x880 [ 199.217396][ T8150] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.223655][ T8150] ? kasan_check_read+0x11/0x20 [ 199.228563][ T8150] ? __fget+0x381/0x550 [ 199.232741][ T8150] ? ksys_dup3+0x3e0/0x3e0 [ 199.237173][ T8150] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.243427][ T8150] ? debug_smp_processor_id+0x3c/0x280 [ 199.248920][ T8150] ? __fget_light+0x1a9/0x230 [ 199.253607][ T8150] ? __fdget+0x1b/0x20 [ 199.257689][ T8150] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.263945][ T8150] ? sockfd_lookup_light+0xcb/0x180 [ 199.269163][ T8150] __sys_sendmmsg+0x1bf/0x4d0 [ 199.273856][ T8150] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 199.278907][ T8150] ? _copy_to_user+0xc9/0x120 [ 199.283603][ T8150] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.289882][ T8150] ? put_timespec64+0xda/0x140 [ 199.294665][ T8150] ? nsecs_to_jiffies+0x30/0x30 [ 199.299575][ T8150] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.305066][ T8150] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.310548][ T8150] ? do_syscall_64+0x26/0x610 [ 199.315246][ T8150] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.321327][ T8150] ? do_syscall_64+0x26/0x610 [ 199.326024][ T8150] __x64_sys_sendmmsg+0x9d/0x100 [ 199.330981][ T8150] do_syscall_64+0x103/0x610 [ 199.335590][ T8150] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.341490][ T8150] RIP: 0033:0x4582b9 [ 199.345411][ T8150] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.365117][ T8150] RSP: 002b:00007f362343dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 199.373546][ T8150] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 199.381700][ T8150] RDX: 0400000000000058 RSI: 0000000020007e00 RDI: 0000000000000008 [ 199.389691][ T8150] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 199.397676][ T8150] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f362343e6d4 [ 199.405654][ T8150] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 199.416129][ T8150] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8150 [ 199.425843][ T8150] caller is ip6_finish_output+0x335/0xdc0 [ 199.432071][ T8150] CPU: 1 PID: 8150 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 199.441100][ T8150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.451163][ T8150] Call Trace: [ 199.454453][ T8150] dump_stack+0x172/0x1f0 [ 199.458794][ T8150] __this_cpu_preempt_check+0x246/0x270 [ 199.464344][ T8150] ip6_finish_output+0x335/0xdc0 [ 199.469332][ T8150] ip6_output+0x235/0x7f0 [ 199.473691][ T8150] ? ip6_finish_output+0xdc0/0xdc0 [ 199.478790][ T8150] ? ip6_fragment+0x3980/0x3980 [ 199.483629][ T8150] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 199.489215][ T8150] ip6_local_out+0xc4/0x1b0 [ 199.493820][ T8150] ip6_send_skb+0xbb/0x350 [ 199.498223][ T8150] ip6_push_pending_frames+0xc8/0xf0 [ 199.503517][ T8150] rawv6_sendmsg+0x299c/0x35e0 [ 199.508306][ T8150] ? rawv6_getsockopt+0x150/0x150 [ 199.508339][ T8150] ? aa_profile_af_perm+0x320/0x320 [ 199.508358][ T8150] ? find_held_lock+0x35/0x130 [ 199.518742][ T8150] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.518763][ T8150] ? rw_copy_check_uvector+0x2a6/0x330 [ 199.518794][ T8150] ? ___might_sleep+0x163/0x280 [ 199.518814][ T8150] ? __might_sleep+0x95/0x190 [ 199.529816][ T8150] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 199.529838][ T8150] inet_sendmsg+0x147/0x5e0 [ 199.529862][ T8150] ? rawv6_getsockopt+0x150/0x150 [ 199.559856][ T8150] ? inet_sendmsg+0x147/0x5e0 [ 199.564525][ T8150] ? ipip_gro_receive+0x100/0x100 [ 199.569543][ T8150] sock_sendmsg+0xdd/0x130 [ 199.573959][ T8150] ___sys_sendmsg+0x3e2/0x930 [ 199.578638][ T8150] ? copy_msghdr_from_user+0x430/0x430 [ 199.584090][ T8150] ? __lock_acquire+0x548/0x3fb0 [ 199.589009][ T8150] ? lock_downgrade+0x880/0x880 [ 199.593856][ T8150] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.600119][ T8150] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.606351][ T8150] ? debug_smp_processor_id+0x3c/0x280 [ 199.611844][ T8150] ? __might_fault+0x12b/0x1e0 [ 199.616607][ T8150] ? find_held_lock+0x35/0x130 [ 199.621364][ T8150] ? __might_fault+0x12b/0x1e0 [ 199.626113][ T8150] ? lock_downgrade+0x880/0x880 [ 199.630978][ T8150] ? ___might_sleep+0x163/0x280 [ 199.635848][ T8150] __sys_sendmmsg+0x1bf/0x4d0 [ 199.640535][ T8150] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 199.645572][ T8150] ? _copy_to_user+0xc9/0x120 [ 199.650241][ T8150] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.656466][ T8150] ? put_timespec64+0xda/0x140 [ 199.661239][ T8150] ? nsecs_to_jiffies+0x30/0x30 [ 199.666080][ T8150] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.671529][ T8150] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.676979][ T8150] ? do_syscall_64+0x26/0x610 [ 199.681640][ T8150] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.687693][ T8150] ? do_syscall_64+0x26/0x610 [ 199.692361][ T8150] __x64_sys_sendmmsg+0x9d/0x100 [ 199.697294][ T8150] do_syscall_64+0x103/0x610 [ 199.701890][ T8150] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.707772][ T8150] RIP: 0033:0x4582b9 [ 199.711674][ T8150] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.731262][ T8150] RSP: 002b:00007f362343dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 199.739656][ T8150] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 199.747634][ T8150] RDX: 0400000000000058 RSI: 0000000020007e00 RDI: 0000000000000008 [ 199.755609][ T8150] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 199.763566][ T8150] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f362343e6d4 [ 199.771556][ T8150] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 199.780011][ C1] net_ratelimit: 8 callbacks suppressed [ 199.780026][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 199.791419][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 199.798681][ T8150] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8150 [ 199.808081][ T8150] caller is ip6_finish_output+0x335/0xdc0 [ 199.808100][ T8150] CPU: 1 PID: 8150 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 199.808115][ T8150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.824308][ T8150] Call Trace: [ 199.824335][ T8150] dump_stack+0x172/0x1f0 [ 199.824362][ T8150] __this_cpu_preempt_check+0x246/0x270 [ 199.824385][ T8150] ip6_finish_output+0x335/0xdc0 [ 199.847586][ T8150] ip6_output+0x235/0x7f0 [ 199.847610][ T8150] ? ip6_finish_output+0xdc0/0xdc0 [ 199.856871][ T8150] ? ip6_fragment+0x3980/0x3980 [ 199.856892][ T8150] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 199.856915][ T8150] ip6_local_out+0xc4/0x1b0 [ 199.856936][ T8150] ip6_send_skb+0xbb/0x350 [ 199.866888][ T8150] ip6_push_pending_frames+0xc8/0xf0 [ 199.866909][ T8150] rawv6_sendmsg+0x299c/0x35e0 [ 199.866943][ T8150] ? rawv6_getsockopt+0x150/0x150 [ 199.896668][ T8150] ? aa_profile_af_perm+0x320/0x320 [ 199.901873][ T8150] ? find_held_lock+0x35/0x130 [ 199.906666][ T8150] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.912986][ T8150] ? rw_copy_check_uvector+0x2a6/0x330 [ 199.918435][ T8150] ? ___might_sleep+0x163/0x280 [ 199.923269][ T8150] ? __might_sleep+0x95/0x190 [ 199.927958][ T8150] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 199.933528][ T8150] inet_sendmsg+0x147/0x5e0 [ 199.938030][ T8150] ? rawv6_getsockopt+0x150/0x150 [ 199.943038][ T8150] ? inet_sendmsg+0x147/0x5e0 [ 199.947728][ T8150] ? ipip_gro_receive+0x100/0x100 [ 199.952747][ T8150] sock_sendmsg+0xdd/0x130 [ 199.957151][ T8150] ___sys_sendmsg+0x3e2/0x930 [ 199.961813][ T8150] ? copy_msghdr_from_user+0x430/0x430 [ 199.967256][ T8150] ? __lock_acquire+0x548/0x3fb0 [ 199.972192][ T8150] ? lock_downgrade+0x880/0x880 [ 199.977074][ T8150] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.983311][ T8150] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.989538][ T8150] ? debug_smp_processor_id+0x3c/0x280 [ 199.995002][ T8150] ? __might_fault+0x12b/0x1e0 [ 199.999760][ T8150] ? find_held_lock+0x35/0x130 [ 200.004511][ T8150] ? __might_fault+0x12b/0x1e0 [ 200.009293][ T8150] ? lock_downgrade+0x880/0x880 [ 200.014149][ T8150] ? ___might_sleep+0x163/0x280 [ 200.018987][ T8150] __sys_sendmmsg+0x1bf/0x4d0 [ 200.023651][ T8150] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 200.028674][ T8150] ? _copy_to_user+0xc9/0x120 [ 200.033336][ T8150] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.039576][ T8150] ? put_timespec64+0xda/0x140 [ 200.044322][ T8150] ? nsecs_to_jiffies+0x30/0x30 [ 200.049161][ T8150] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.054612][ T8150] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.060069][ T8150] ? do_syscall_64+0x26/0x610 [ 200.064734][ T8150] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.070908][ T8150] ? do_syscall_64+0x26/0x610 [ 200.075601][ T8150] __x64_sys_sendmmsg+0x9d/0x100 [ 200.080566][ T8150] do_syscall_64+0x103/0x610 [ 200.085147][ T8150] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.091022][ T8150] RIP: 0033:0x4582b9 [ 200.094916][ T8150] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 200.114526][ T8150] RSP: 002b:00007f362343dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 200.122924][ T8150] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 200.130879][ T8150] RDX: 0400000000000058 RSI: 0000000020007e00 RDI: 0000000000000008 [ 200.138838][ T8150] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 200.146791][ T8150] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f362343e6d4 [ 200.154760][ T8150] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 200.165045][ T8150] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8150 [ 200.174613][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 200.174647][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 200.186288][ T8150] caller is ip6_finish_output+0x335/0xdc0 [ 200.192075][ T8150] CPU: 0 PID: 8150 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 200.201097][ T8150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 200.211152][ T8150] Call Trace: [ 200.214460][ T8150] dump_stack+0x172/0x1f0 [ 200.218803][ T8150] __this_cpu_preempt_check+0x246/0x270 [ 200.224362][ T8150] ip6_finish_output+0x335/0xdc0 [ 200.229374][ T8150] ip6_output+0x235/0x7f0 [ 200.233708][ T8150] ? ip6_finish_output+0xdc0/0xdc0 [ 200.238819][ T8150] ? ip6_fragment+0x3980/0x3980 [ 200.243672][ T8150] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 200.249206][ T8150] ip6_local_out+0xc4/0x1b0 [ 200.253714][ T8150] ip6_send_skb+0xbb/0x350 [ 200.258143][ T8150] ip6_push_pending_frames+0xc8/0xf0 [ 200.263429][ T8150] rawv6_sendmsg+0x299c/0x35e0 [ 200.268181][ T8150] ? rawv6_getsockopt+0x150/0x150 [ 200.273208][ T8150] ? aa_profile_af_perm+0x320/0x320 [ 200.278407][ T8150] ? find_held_lock+0x35/0x130 [ 200.283174][ T8150] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.289411][ T8150] ? rw_copy_check_uvector+0x2a6/0x330 [ 200.294879][ T8150] ? ___might_sleep+0x163/0x280 [ 200.299728][ T8150] ? __might_sleep+0x95/0x190 [ 200.304418][ T8150] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 200.309964][ T8150] inet_sendmsg+0x147/0x5e0 [ 200.314479][ T8150] ? rawv6_getsockopt+0x150/0x150 [ 200.319518][ T8150] ? inet_sendmsg+0x147/0x5e0 [ 200.324183][ T8150] ? ipip_gro_receive+0x100/0x100 [ 200.329208][ T8150] sock_sendmsg+0xdd/0x130 [ 200.333640][ T8150] ___sys_sendmsg+0x3e2/0x930 [ 200.338327][ T8150] ? copy_msghdr_from_user+0x430/0x430 [ 200.343787][ T8150] ? __lock_acquire+0x548/0x3fb0 [ 200.348706][ T8150] ? lock_downgrade+0x880/0x880 [ 200.353555][ T8150] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 200.359800][ T8150] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 200.366045][ T8150] ? debug_smp_processor_id+0x3c/0x280 [ 200.371520][ T8150] ? __might_fault+0x12b/0x1e0 [ 200.376301][ T8150] ? find_held_lock+0x35/0x130 [ 200.381096][ T8150] ? __might_fault+0x12b/0x1e0 [ 200.385859][ T8150] ? lock_downgrade+0x880/0x880 [ 200.390715][ T8150] ? ___might_sleep+0x163/0x280 [ 200.395570][ T8150] __sys_sendmmsg+0x1bf/0x4d0 [ 200.400248][ T8150] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 200.405291][ T8150] ? _copy_to_user+0xc9/0x120 [ 200.409959][ T8150] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.416201][ T8150] ? put_timespec64+0xda/0x140 [ 200.420959][ T8150] ? nsecs_to_jiffies+0x30/0x30 [ 200.425829][ T8150] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.431291][ T8150] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.436754][ T8150] ? do_syscall_64+0x26/0x610 [ 200.441429][ T8150] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.447491][ T8150] ? do_syscall_64+0x26/0x610 [ 200.452179][ T8150] __x64_sys_sendmmsg+0x9d/0x100 [ 200.457128][ T8150] do_syscall_64+0x103/0x610 [ 200.461728][ T8150] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.467632][ T8150] RIP: 0033:0x4582b9 [ 200.471532][ T8150] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 200.491237][ T8150] RSP: 002b:00007f362343dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 200.499661][ T8150] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 200.507717][ T8150] RDX: 0400000000000058 RSI: 0000000020007e00 RDI: 0000000000000008 [ 200.515675][ T8150] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 200.523644][ T8150] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f362343e6d4 [ 200.531611][ T8150] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 200.540310][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 200.542123][ T8150] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8150 [ 200.546127][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 200.555510][ T8150] caller is ip6_finish_output+0x335/0xdc0 [ 200.566995][ T8150] CPU: 1 PID: 8150 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 200.576016][ T8150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 200.586269][ T8150] Call Trace: [ 200.589559][ T8150] dump_stack+0x172/0x1f0 [ 200.593887][ T8150] __this_cpu_preempt_check+0x246/0x270 [ 200.599441][ T8150] ip6_finish_output+0x335/0xdc0 [ 200.604388][ T8150] ip6_output+0x235/0x7f0 [ 200.609282][ T8150] ? ip6_finish_output+0xdc0/0xdc0 [ 200.614423][ T8150] ? ip6_fragment+0x3980/0x3980 [ 200.619301][ T8150] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 200.624836][ T8150] ip6_local_out+0xc4/0x1b0 [ 200.629331][ T8150] ip6_send_skb+0xbb/0x350 [ 200.633746][ T8150] ip6_push_pending_frames+0xc8/0xf0 [ 200.639057][ T8150] rawv6_sendmsg+0x299c/0x35e0 [ 200.643812][ T8150] ? rawv6_getsockopt+0x150/0x150 [ 200.648825][ T8150] ? aa_profile_af_perm+0x320/0x320 [ 200.654033][ T8150] ? find_held_lock+0x35/0x130 [ 200.658788][ T8150] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.665188][ T8150] ? rw_copy_check_uvector+0x2a6/0x330 [ 200.670664][ T8150] ? ___might_sleep+0x163/0x280 [ 200.675499][ T8150] ? __might_sleep+0x95/0x190 [ 200.680183][ T8150] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 200.685728][ T8150] inet_sendmsg+0x147/0x5e0 [ 200.690215][ T8150] ? rawv6_getsockopt+0x150/0x150 [ 200.695229][ T8150] ? inet_sendmsg+0x147/0x5e0 [ 200.699889][ T8150] ? ipip_gro_receive+0x100/0x100 [ 200.704914][ T8150] sock_sendmsg+0xdd/0x130 [ 200.709315][ T8150] ___sys_sendmsg+0x3e2/0x930 [ 200.713977][ T8150] ? copy_msghdr_from_user+0x430/0x430 [ 200.719420][ T8150] ? __lock_acquire+0x548/0x3fb0 [ 200.724337][ T8150] ? lock_downgrade+0x880/0x880 [ 200.729188][ T8150] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 200.735421][ T8150] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 200.741657][ T8150] ? debug_smp_processor_id+0x3c/0x280 [ 200.747119][ T8150] ? __might_fault+0x12b/0x1e0 [ 200.751878][ T8150] ? find_held_lock+0x35/0x130 [ 200.756656][ T8150] ? __might_fault+0x12b/0x1e0 [ 200.761406][ T8150] ? lock_downgrade+0x880/0x880 [ 200.766257][ T8150] ? ___might_sleep+0x163/0x280 [ 200.771144][ T8150] __sys_sendmmsg+0x1bf/0x4d0 [ 200.779542][ T8150] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 200.784579][ T8150] ? _copy_to_user+0xc9/0x120 [ 200.789251][ T8150] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.796105][ T8150] ? put_timespec64+0xda/0x140 [ 200.800874][ T8150] ? nsecs_to_jiffies+0x30/0x30 [ 200.805720][ T8150] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.811179][ T8150] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.816633][ T8150] ? do_syscall_64+0x26/0x610 [ 200.821319][ T8150] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.827397][ T8150] ? do_syscall_64+0x26/0x610 [ 200.832066][ T8150] __x64_sys_sendmmsg+0x9d/0x100 [ 200.836997][ T8150] do_syscall_64+0x103/0x610 [ 200.841575][ T8150] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.847470][ T8150] RIP: 0033:0x4582b9 [ 200.851348][ T8150] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 200.870936][ T8150] RSP: 002b:00007f362343dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 200.879328][ T8150] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 200.887283][ T8150] RDX: 0400000000000058 RSI: 0000000020007e00 RDI: 0000000000000008 [ 200.895254][ T8150] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 200.903222][ T8150] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f362343e6d4 [ 200.911190][ T8150] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 200.920954][ T8150] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8150 [ 200.920986][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 200.930754][ T8150] caller is ip6_finish_output+0x335/0xdc0 [ 200.930772][ T8150] CPU: 1 PID: 8150 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 200.930788][ T8150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 200.936606][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 200.942213][ T8150] Call Trace: [ 200.942236][ T8150] dump_stack+0x172/0x1f0 [ 200.942262][ T8150] __this_cpu_preempt_check+0x246/0x270 [ 200.942287][ T8150] ip6_finish_output+0x335/0xdc0 [ 200.951413][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 200.961355][ T8150] ip6_output+0x235/0x7f0 [ 200.961378][ T8150] ? ip6_finish_output+0xdc0/0xdc0 [ 200.967127][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 200.970371][ T8150] ? ip6_fragment+0x3980/0x3980 [ 200.985166][ T8150] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 201.016364][ T8150] ip6_local_out+0xc4/0x1b0 [ 201.016389][ T8150] ip6_send_skb+0xbb/0x350 [ 201.025331][ T8150] ip6_push_pending_frames+0xc8/0xf0 [ 201.030658][ T8150] rawv6_sendmsg+0x299c/0x35e0 [ 201.035433][ T8150] ? rawv6_getsockopt+0x150/0x150 [ 201.040463][ T8150] ? aa_profile_af_perm+0x320/0x320 [ 201.045680][ T8150] ? find_held_lock+0x35/0x130 [ 201.045700][ T8150] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 201.045724][ T8150] ? rw_copy_check_uvector+0x2a6/0x330 [ 201.062181][ T8150] ? ___might_sleep+0x163/0x280 [ 201.062201][ T8150] ? __might_sleep+0x95/0x190 [ 201.062235][ T8150] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 201.062256][ T8150] inet_sendmsg+0x147/0x5e0 [ 201.071775][ T8150] ? rawv6_getsockopt+0x150/0x150 [ 201.071789][ T8150] ? inet_sendmsg+0x147/0x5e0 [ 201.071804][ T8150] ? ipip_gro_receive+0x100/0x100 [ 201.071824][ T8150] sock_sendmsg+0xdd/0x130 [ 201.071846][ T8150] ___sys_sendmsg+0x3e2/0x930 [ 201.081887][ T8150] ? copy_msghdr_from_user+0x430/0x430 [ 201.091570][ T8150] ? __lock_acquire+0x548/0x3fb0 [ 201.091584][ T8150] ? lock_downgrade+0x880/0x880 [ 201.091601][ T8150] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 201.091614][ T8150] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 201.091637][ T8150] ? debug_smp_processor_id+0x3c/0x280 [ 201.138849][ T8150] ? __might_fault+0x12b/0x1e0 [ 201.143617][ T8150] ? find_held_lock+0x35/0x130 [ 201.148363][ T8150] ? __might_fault+0x12b/0x1e0 [ 201.153113][ T8150] ? lock_downgrade+0x880/0x880 [ 201.157952][ T8150] ? ___might_sleep+0x163/0x280 [ 201.162786][ T8150] __sys_sendmmsg+0x1bf/0x4d0 [ 201.167449][ T8150] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 201.172463][ T8150] ? _copy_to_user+0xc9/0x120 [ 201.177151][ T8150] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 201.183391][ T8150] ? put_timespec64+0xda/0x140 [ 201.188138][ T8150] ? nsecs_to_jiffies+0x30/0x30 [ 201.192976][ T8150] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 201.198419][ T8150] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 201.203867][ T8150] ? do_syscall_64+0x26/0x610 [ 201.208531][ T8150] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 201.214683][ T8150] ? do_syscall_64+0x26/0x610 [ 201.219364][ T8150] __x64_sys_sendmmsg+0x9d/0x100 [ 201.224300][ T8150] do_syscall_64+0x103/0x610 [ 201.228893][ T8150] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 201.234767][ T8150] RIP: 0033:0x4582b9 [ 201.238645][ T8150] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 201.258319][ T8150] RSP: 002b:00007f362343dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 201.266712][ T8150] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 201.274664][ T8150] RDX: 0400000000000058 RSI: 0000000020007e00 RDI: 0000000000000008 [ 201.282622][ T8150] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 201.290578][ T8150] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f362343e6d4 [ 201.298544][ T8150] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 201.307864][ T8150] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8150 [ 201.317274][ T8150] caller is ip6_finish_output+0x335/0xdc0 [ 201.323159][ T8150] CPU: 1 PID: 8150 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 201.332186][ T8150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 201.342262][ T8150] Call Trace: [ 201.345563][ T8150] dump_stack+0x172/0x1f0 [ 201.349885][ T8150] __this_cpu_preempt_check+0x246/0x270 [ 201.355418][ T8150] ip6_finish_output+0x335/0xdc0 [ 201.360339][ T8150] ip6_output+0x235/0x7f0 [ 201.364666][ T8150] ? ip6_finish_output+0xdc0/0xdc0 [ 201.369800][ T8150] ? ip6_fragment+0x3980/0x3980 [ 201.374635][ T8150] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 201.380169][ T8150] ip6_local_out+0xc4/0x1b0 [ 201.384656][ T8150] ip6_send_skb+0xbb/0x350 [ 201.389058][ T8150] ip6_push_pending_frames+0xc8/0xf0 [ 201.394326][ T8150] rawv6_sendmsg+0x299c/0x35e0 [ 201.399077][ T8150] ? rawv6_getsockopt+0x150/0x150 [ 201.404085][ T8150] ? aa_profile_af_perm+0x320/0x320 [ 201.409278][ T8150] ? find_held_lock+0x35/0x130 [ 201.414030][ T8150] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 201.420275][ T8150] ? rw_copy_check_uvector+0x2a6/0x330 [ 201.425728][ T8150] ? ___might_sleep+0x163/0x280 [ 201.430566][ T8150] ? __might_sleep+0x95/0x190 [ 201.435239][ T8150] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 201.440783][ T8150] inet_sendmsg+0x147/0x5e0 [ 201.445275][ T8150] ? rawv6_getsockopt+0x150/0x150 [ 201.450279][ T8150] ? inet_sendmsg+0x147/0x5e0 [ 201.454935][ T8150] ? ipip_gro_receive+0x100/0x100 [ 201.459941][ T8150] sock_sendmsg+0xdd/0x130 [ 201.464340][ T8150] ___sys_sendmsg+0x3e2/0x930 [ 201.469039][ T8150] ? copy_msghdr_from_user+0x430/0x430 [ 201.474752][ T8150] ? __lock_acquire+0x548/0x3fb0 [ 201.479670][ T8150] ? lock_downgrade+0x880/0x880 [ 201.484507][ T8150] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 201.490729][ T8150] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 201.496953][ T8150] ? debug_smp_processor_id+0x3c/0x280 [ 201.502399][ T8150] ? __might_fault+0x12b/0x1e0 [ 201.507145][ T8150] ? find_held_lock+0x35/0x130 [ 201.511888][ T8150] ? __might_fault+0x12b/0x1e0 [ 201.516637][ T8150] ? lock_downgrade+0x880/0x880 [ 201.521474][ T8150] ? ___might_sleep+0x163/0x280 [ 201.526312][ T8150] __sys_sendmmsg+0x1bf/0x4d0 [ 201.530973][ T8150] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 201.536007][ T8150] ? _copy_to_user+0xc9/0x120 [ 201.540666][ T8150] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 201.546909][ T8150] ? put_timespec64+0xda/0x140 [ 201.551654][ T8150] ? nsecs_to_jiffies+0x30/0x30 [ 201.556497][ T8150] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 201.561947][ T8150] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 201.567397][ T8150] ? do_syscall_64+0x26/0x610 [ 201.572057][ T8150] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 201.578119][ T8150] ? do_syscall_64+0x26/0x610 [ 201.582794][ T8150] __x64_sys_sendmmsg+0x9d/0x100 [ 201.587716][ T8150] do_syscall_64+0x103/0x610 [ 201.592290][ T8150] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 201.598187][ T8150] RIP: 0033:0x4582b9 [ 201.602115][ T8150] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 201.621728][ T8150] RSP: 002b:00007f362343dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 201.630131][ T8150] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 201.638083][ T8150] RDX: 0400000000000058 RSI: 0000000020007e00 RDI: 0000000000000008 [ 201.646034][ T8150] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 201.653992][ T8150] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f362343e6d4 [ 201.661981][ T8150] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 201.672116][ T8150] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8150 [ 201.682282][ T8150] caller is ip6_finish_output+0x335/0xdc0 [ 201.688007][ T8150] CPU: 0 PID: 8150 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 201.697106][ T8150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 201.707144][ T8150] Call Trace: [ 201.710423][ T8150] dump_stack+0x172/0x1f0 [ 201.714767][ T8150] __this_cpu_preempt_check+0x246/0x270 [ 201.720332][ T8150] ip6_finish_output+0x335/0xdc0 [ 201.725444][ T8150] ip6_output+0x235/0x7f0 [ 201.729759][ T8150] ? ip6_finish_output+0xdc0/0xdc0 [ 201.734866][ T8150] ? ip6_fragment+0x3980/0x3980 [ 201.739712][ T8150] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 201.745243][ T8150] ip6_local_out+0xc4/0x1b0 [ 201.749729][ T8150] ip6_send_skb+0xbb/0x350 [ 201.754149][ T8150] ip6_push_pending_frames+0xc8/0xf0 [ 201.759431][ T8150] rawv6_sendmsg+0x299c/0x35e0 [ 201.764181][ T8150] ? rawv6_getsockopt+0x150/0x150 [ 201.769186][ T8150] ? aa_profile_af_perm+0x320/0x320 [ 201.774381][ T8150] ? find_held_lock+0x35/0x130 [ 201.779148][ T8150] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 201.785370][ T8150] ? rw_copy_check_uvector+0x2a6/0x330 [ 201.790830][ T8150] ? ___might_sleep+0x163/0x280 [ 201.795698][ T8150] ? __might_sleep+0x95/0x190 [ 201.800404][ T8150] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 201.805936][ T8150] inet_sendmsg+0x147/0x5e0 [ 201.810424][ T8150] ? rawv6_getsockopt+0x150/0x150 [ 201.815438][ T8150] ? inet_sendmsg+0x147/0x5e0 [ 201.820113][ T8150] ? ipip_gro_receive+0x100/0x100 [ 201.825123][ T8150] sock_sendmsg+0xdd/0x130 [ 201.829555][ T8150] ___sys_sendmsg+0x3e2/0x930 [ 201.834246][ T8150] ? copy_msghdr_from_user+0x430/0x430 [ 201.839714][ T8150] ? __lock_acquire+0x548/0x3fb0 [ 201.844652][ T8150] ? lock_downgrade+0x880/0x880 [ 201.849483][ T8150] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 201.855724][ T8150] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 201.861967][ T8150] ? debug_smp_processor_id+0x3c/0x280 [ 201.867435][ T8150] ? __might_fault+0x12b/0x1e0 [ 201.872202][ T8150] ? find_held_lock+0x35/0x130 [ 201.876996][ T8150] ? __might_fault+0x12b/0x1e0 [ 201.881772][ T8150] ? lock_downgrade+0x880/0x880 [ 201.886719][ T8150] ? ___might_sleep+0x163/0x280 [ 201.891582][ T8150] __sys_sendmmsg+0x1bf/0x4d0 [ 201.896275][ T8150] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 201.901328][ T8150] ? _copy_to_user+0xc9/0x120 [ 201.906012][ T8150] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 201.912254][ T8150] ? put_timespec64+0xda/0x140 [ 201.917049][ T8150] ? nsecs_to_jiffies+0x30/0x30 [ 201.922684][ T8150] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 201.928171][ T8150] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 201.933629][ T8150] ? do_syscall_64+0x26/0x610 [ 201.938309][ T8150] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 201.944386][ T8150] ? do_syscall_64+0x26/0x610 [ 201.949050][ T8150] __x64_sys_sendmmsg+0x9d/0x100 [ 201.953986][ T8150] do_syscall_64+0x103/0x610 [ 201.958588][ T8150] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 201.964460][ T8150] RIP: 0033:0x4582b9 [ 201.968364][ T8150] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 201.987950][ T8150] RSP: 002b:00007f362343dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 201.996353][ T8150] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 202.004318][ T8150] RDX: 0400000000000058 RSI: 0000000020007e00 RDI: 0000000000000008 [ 202.012294][ T8150] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 202.020260][ T8150] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f362343e6d4 [ 202.028213][ T8150] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 202.039329][ T8150] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8150 [ 202.048686][ T8150] caller is ip6_finish_output+0x335/0xdc0 [ 202.054519][ T8150] CPU: 1 PID: 8150 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 202.063536][ T8150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 202.074615][ T8150] Call Trace: [ 202.077902][ T8150] dump_stack+0x172/0x1f0 [ 202.082244][ T8150] __this_cpu_preempt_check+0x246/0x270 [ 202.087792][ T8150] ip6_finish_output+0x335/0xdc0 [ 202.092726][ T8150] ip6_output+0x235/0x7f0 [ 202.097040][ T8150] ? ip6_finish_output+0xdc0/0xdc0 [ 202.102141][ T8150] ? ip6_fragment+0x3980/0x3980 [ 202.106974][ T8150] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 202.112512][ T8150] ip6_local_out+0xc4/0x1b0 [ 202.117013][ T8150] ip6_send_skb+0xbb/0x350 [ 202.121417][ T8150] ip6_push_pending_frames+0xc8/0xf0 [ 202.126681][ T8150] rawv6_sendmsg+0x299c/0x35e0 [ 202.131431][ T8150] ? rawv6_getsockopt+0x150/0x150 [ 202.136450][ T8150] ? aa_profile_af_perm+0x320/0x320 [ 202.141635][ T8150] ? find_held_lock+0x35/0x130 [ 202.146381][ T8150] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 202.152606][ T8150] ? rw_copy_check_uvector+0x2a6/0x330 [ 202.158054][ T8150] ? ___might_sleep+0x163/0x280 [ 202.162904][ T8150] ? __might_sleep+0x95/0x190 [ 202.167574][ T8150] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 202.173130][ T8150] inet_sendmsg+0x147/0x5e0 [ 202.177626][ T8150] ? rawv6_getsockopt+0x150/0x150 [ 202.182644][ T8150] ? inet_sendmsg+0x147/0x5e0 [ 202.187303][ T8150] ? ipip_gro_receive+0x100/0x100 [ 202.192325][ T8150] sock_sendmsg+0xdd/0x130 [ 202.196726][ T8150] ___sys_sendmsg+0x3e2/0x930 [ 202.201391][ T8150] ? copy_msghdr_from_user+0x430/0x430 [ 202.206834][ T8150] ? __lock_acquire+0x548/0x3fb0 [ 202.211753][ T8150] ? lock_downgrade+0x880/0x880 [ 202.216587][ T8150] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.222807][ T8150] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.229051][ T8150] ? debug_smp_processor_id+0x3c/0x280 [ 202.234527][ T8150] ? __might_fault+0x12b/0x1e0 [ 202.239277][ T8150] ? find_held_lock+0x35/0x130 [ 202.244049][ T8150] ? __might_fault+0x12b/0x1e0 [ 202.248801][ T8150] ? lock_downgrade+0x880/0x880 [ 202.253645][ T8150] ? ___might_sleep+0x163/0x280 [ 202.258499][ T8150] __sys_sendmmsg+0x1bf/0x4d0 [ 202.263183][ T8150] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 202.268197][ T8150] ? _copy_to_user+0xc9/0x120 [ 202.272868][ T8150] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 202.279088][ T8150] ? put_timespec64+0xda/0x140 [ 202.283840][ T8150] ? nsecs_to_jiffies+0x30/0x30 [ 202.288689][ T8150] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 202.294133][ T8150] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 202.299588][ T8150] ? do_syscall_64+0x26/0x610 [ 202.304264][ T8150] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.310330][ T8150] ? do_syscall_64+0x26/0x610 [ 202.315078][ T8150] __x64_sys_sendmmsg+0x9d/0x100 [ 202.320000][ T8150] do_syscall_64+0x103/0x610 [ 202.324584][ T8150] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.330457][ T8150] RIP: 0033:0x4582b9 [ 202.334333][ T8150] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 202.353920][ T8150] RSP: 002b:00007f362343dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 202.362326][ T8150] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 202.370278][ T8150] RDX: 0400000000000058 RSI: 0000000020007e00 RDI: 0000000000000008 [ 202.378229][ T8150] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 202.386192][ T8150] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f362343e6d4 [ 202.394164][ T8150] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 202.404538][ T8150] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8150 [ 202.413933][ T8150] caller is ip6_finish_output+0x335/0xdc0 [ 202.419656][ T8150] CPU: 1 PID: 8150 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 202.428694][ T8150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 202.438742][ T8150] Call Trace: [ 202.442125][ T8150] dump_stack+0x172/0x1f0 [ 202.446451][ T8150] __this_cpu_preempt_check+0x246/0x270 [ 202.452005][ T8150] ip6_finish_output+0x335/0xdc0 [ 202.456947][ T8150] ip6_output+0x235/0x7f0 [ 202.461264][ T8150] ? ip6_finish_output+0xdc0/0xdc0 [ 202.466360][ T8150] ? ip6_fragment+0x3980/0x3980 [ 202.471191][ T8150] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 202.476737][ T8150] ip6_local_out+0xc4/0x1b0 [ 202.481224][ T8150] ip6_send_skb+0xbb/0x350 [ 202.485624][ T8150] ip6_push_pending_frames+0xc8/0xf0 [ 202.490897][ T8150] rawv6_sendmsg+0x299c/0x35e0 [ 202.495652][ T8150] ? rawv6_getsockopt+0x150/0x150 [ 202.500682][ T8150] ? aa_profile_af_perm+0x320/0x320 [ 202.505867][ T8150] ? find_held_lock+0x35/0x130 [ 202.510618][ T8150] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 202.516853][ T8150] ? rw_copy_check_uvector+0x2a6/0x330 [ 202.522301][ T8150] ? ___might_sleep+0x163/0x280 [ 202.527133][ T8150] ? __might_sleep+0x95/0x190 [ 202.531815][ T8150] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 202.537340][ T8150] inet_sendmsg+0x147/0x5e0 [ 202.541838][ T8150] ? rawv6_getsockopt+0x150/0x150 [ 202.546854][ T8150] ? inet_sendmsg+0x147/0x5e0 [ 202.551519][ T8150] ? ipip_gro_receive+0x100/0x100 [ 202.556530][ T8150] sock_sendmsg+0xdd/0x130 [ 202.560955][ T8150] ___sys_sendmsg+0x3e2/0x930 [ 202.565621][ T8150] ? copy_msghdr_from_user+0x430/0x430 [ 202.571067][ T8150] ? __lock_acquire+0x548/0x3fb0 [ 202.575983][ T8150] ? lock_downgrade+0x880/0x880 [ 202.580820][ T8150] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.587062][ T8150] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.593291][ T8150] ? debug_smp_processor_id+0x3c/0x280 [ 202.598743][ T8150] ? __might_fault+0x12b/0x1e0 [ 202.603493][ T8150] ? find_held_lock+0x35/0x130 [ 202.608245][ T8150] ? __might_fault+0x12b/0x1e0 [ 202.613111][ T8150] ? lock_downgrade+0x880/0x880 [ 202.617958][ T8150] ? ___might_sleep+0x163/0x280 [ 202.622809][ T8150] __sys_sendmmsg+0x1bf/0x4d0 [ 202.627475][ T8150] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 202.632497][ T8150] ? _copy_to_user+0xc9/0x120 [ 202.637171][ T8150] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 202.643402][ T8150] ? put_timespec64+0xda/0x140 [ 202.648150][ T8150] ? nsecs_to_jiffies+0x30/0x30 [ 202.652989][ T8150] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 202.658427][ T8150] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 202.663880][ T8150] ? do_syscall_64+0x26/0x610 [ 202.668556][ T8150] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.674693][ T8150] ? do_syscall_64+0x26/0x610 [ 202.679371][ T8150] __x64_sys_sendmmsg+0x9d/0x100 [ 202.684386][ T8150] do_syscall_64+0x103/0x610 [ 202.688965][ T8150] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.694851][ T8150] RIP: 0033:0x4582b9 [ 202.698728][ T8150] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 202.718410][ T8150] RSP: 002b:00007f362343dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 202.726809][ T8150] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 202.734761][ T8150] RDX: 0400000000000058 RSI: 0000000020007e00 RDI: 0000000000000008 [ 202.742716][ T8150] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 22:13:40 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in6=@local, 0x0, 0x0, 0x0, 0x6, 0xffffffffffffffff}}, 0xe8) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmmsg(r1, &(0x7f0000007e00), 0x400000000000058, 0x0) [ 202.750669][ T8150] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f362343e6d4 [ 202.758623][ T8150] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff 22:13:40 executing program 5: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000000)='^\'\x00') 22:13:40 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x0, 0x5, 0x7, 0x9}, 0x2c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={r0, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={r1}, 0xc) 22:13:40 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000040)={@local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @remote}, @icmp=@timestamp_reply}}}}, 0x0) geteuid() ioctl$SNDRV_TIMER_IOCTL_PAUSE(0xffffffffffffffff, 0x54a3) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000200)='/dev/btrfs-control\x00', 0x1, 0x0) openat$md(0xffffffffffffff9c, &(0x7f0000000580)='/dev/md0\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r2, 0x404c534a, &(0x7f0000000280)={0x8e, 0x8, 0x10000}) bind$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x2}, 0x10) setxattr$trusted_overlay_nlink(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000380)='trusted.overlay.nlink\x00', &(0x7f00000003c0)={'L+', 0x54b6}, 0x28, 0x1) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040)=0x0) fcntl$lock(r1, 0x6, &(0x7f0000000080)={0x0, 0x2, 0xc701, 0x6, r3}) write$P9_RREADLINK(r2, &(0x7f0000000300)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10) r4 = syz_open_dev$dri(&(0x7f0000000140)='/dev/dri/card#\x00', 0x1000000000040000, 0x4) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setxattr$security_ima(&(0x7f0000000000)='./file0\x00', &(0x7f0000000180)='security.ima\x00', &(0x7f0000000240)=@md5={0x1, "d3cce0f719456821301b2b983f6d12c9"}, 0x11, 0x2) quotactl(0x0, 0x0, 0x0, 0x0) r5 = syz_open_dev$sndpcmp(0x0, 0x5, 0xc0000) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r5) r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x9) ioctl$RTC_VL_READ(r5, 0x80047013, &(0x7f00000000c0)) ioctl$RTC_AIE_ON(r6, 0x7001) getsockopt$inet_mreqn(r4, 0x0, 0x24, &(0x7f0000000540)={@multicast1, @empty}, &(0x7f00000005c0)=0xc) ioctl$RTC_AIE_OFF(r6, 0x7002) socket$inet6(0xa, 0x80003, 0xff) 22:13:40 executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000000480), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, 0x1, {0x7, 0x8}}, 0x50) stat(&(0x7f0000000140)='./file0\x00', 0x0) 22:13:40 executing program 3: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) socket$inet6(0xa, 0x0, 0x6) 22:13:40 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x0, 0x5, 0x7, 0x9}, 0x2c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={r0, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={r1}, 0xc) 22:13:40 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) fstat(0xffffffffffffffff, &(0x7f0000000140)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg(0xffffffffffffffff, &(0x7f0000007e00), 0x400000000000058, 0x0) 22:13:40 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000040)={@local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @remote}, @icmp=@timestamp_reply}}}}, 0x0) geteuid() ioctl$SNDRV_TIMER_IOCTL_PAUSE(0xffffffffffffffff, 0x54a3) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000200)='/dev/btrfs-control\x00', 0x1, 0x0) openat$md(0xffffffffffffff9c, &(0x7f0000000580)='/dev/md0\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r2, 0x404c534a, &(0x7f0000000280)={0x8e, 0x8, 0x10000}) bind$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x2}, 0x10) setxattr$trusted_overlay_nlink(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000380)='trusted.overlay.nlink\x00', &(0x7f00000003c0)={'L+', 0x54b6}, 0x28, 0x1) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040)=0x0) fcntl$lock(r1, 0x6, &(0x7f0000000080)={0x0, 0x2, 0xc701, 0x6, r3}) write$P9_RREADLINK(r2, &(0x7f0000000300)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10) r4 = syz_open_dev$dri(&(0x7f0000000140)='/dev/dri/card#\x00', 0x1000000000040000, 0x4) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setxattr$security_ima(&(0x7f0000000000)='./file0\x00', &(0x7f0000000180)='security.ima\x00', &(0x7f0000000240)=@md5={0x1, "d3cce0f719456821301b2b983f6d12c9"}, 0x11, 0x2) quotactl(0x0, 0x0, 0x0, 0x0) r5 = syz_open_dev$sndpcmp(0x0, 0x5, 0xc0000) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r5) r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x9) ioctl$RTC_VL_READ(r5, 0x80047013, &(0x7f00000000c0)) ioctl$RTC_AIE_ON(r6, 0x7001) getsockopt$inet_mreqn(r4, 0x0, 0x24, &(0x7f0000000540)={@multicast1, @empty}, &(0x7f00000005c0)=0xc) ioctl$RTC_AIE_OFF(r6, 0x7002) socket$inet6(0xa, 0x80003, 0xff) 22:13:41 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x0, 0x5, 0x7, 0x9}, 0x2c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={r0, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={r1}, 0xc) 22:13:41 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000040)={@local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @remote}, @icmp=@timestamp_reply}}}}, 0x0) geteuid() ioctl$SNDRV_TIMER_IOCTL_PAUSE(0xffffffffffffffff, 0x54a3) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000200)='/dev/btrfs-control\x00', 0x1, 0x0) openat$md(0xffffffffffffff9c, &(0x7f0000000580)='/dev/md0\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r2, 0x404c534a, &(0x7f0000000280)={0x8e, 0x8, 0x10000}) bind$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x2}, 0x10) setxattr$trusted_overlay_nlink(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000380)='trusted.overlay.nlink\x00', &(0x7f00000003c0)={'L+', 0x54b6}, 0x28, 0x1) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040)=0x0) fcntl$lock(r1, 0x6, &(0x7f0000000080)={0x0, 0x2, 0xc701, 0x6, r3}) write$P9_RREADLINK(r2, &(0x7f0000000300)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10) r4 = syz_open_dev$dri(&(0x7f0000000140)='/dev/dri/card#\x00', 0x1000000000040000, 0x4) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setxattr$security_ima(&(0x7f0000000000)='./file0\x00', &(0x7f0000000180)='security.ima\x00', &(0x7f0000000240)=@md5={0x1, "d3cce0f719456821301b2b983f6d12c9"}, 0x11, 0x2) quotactl(0x0, 0x0, 0x0, 0x0) r5 = syz_open_dev$sndpcmp(0x0, 0x5, 0xc0000) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r5) r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x9) ioctl$RTC_VL_READ(r5, 0x80047013, &(0x7f00000000c0)) ioctl$RTC_AIE_ON(r6, 0x7001) getsockopt$inet_mreqn(r4, 0x0, 0x24, &(0x7f0000000540)={@multicast1, @empty}, &(0x7f00000005c0)=0xc) ioctl$RTC_AIE_OFF(r6, 0x7002) socket$inet6(0xa, 0x80003, 0xff) 22:13:41 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x0, 0x7, 0x9}, 0x2c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={r0, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={r1}, 0xc) 22:13:41 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in6=@local, 0x0, 0x0, 0x0, 0x6, 0xffffffffffffffff}}, 0xe8) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmmsg(r1, &(0x7f0000007e00), 0x400000000000058, 0x0) 22:13:41 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000680)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4, 0x0, &(0x7f0000000000)=[@register_looper], 0x1, 0x0, &(0x7f0000000040)="f0"}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000300)=[@reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 22:13:41 executing program 3: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000040)={@local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @remote}, @icmp=@timestamp_reply}}}}, 0x0) geteuid() ioctl$SNDRV_TIMER_IOCTL_PAUSE(0xffffffffffffffff, 0x54a3) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000200)='/dev/btrfs-control\x00', 0x1, 0x0) openat$md(0xffffffffffffff9c, &(0x7f0000000580)='/dev/md0\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r2, 0x404c534a, &(0x7f0000000280)={0x8e, 0x8, 0x10000}) bind$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x2}, 0x10) setxattr$trusted_overlay_nlink(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000380)='trusted.overlay.nlink\x00', &(0x7f00000003c0)={'L+', 0x54b6}, 0x28, 0x1) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040)=0x0) fcntl$lock(r1, 0x6, &(0x7f0000000080)={0x0, 0x2, 0xc701, 0x6, r3}) write$P9_RREADLINK(r2, &(0x7f0000000300)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10) r4 = syz_open_dev$dri(&(0x7f0000000140)='/dev/dri/card#\x00', 0x1000000000040000, 0x4) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setxattr$security_ima(&(0x7f0000000000)='./file0\x00', &(0x7f0000000180)='security.ima\x00', &(0x7f0000000240)=@md5={0x1, "d3cce0f719456821301b2b983f6d12c9"}, 0x11, 0x2) quotactl(0x0, 0x0, 0x0, 0x0) r5 = syz_open_dev$sndpcmp(0x0, 0x5, 0xc0000) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r5) r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x9) ioctl$RTC_VL_READ(r5, 0x80047013, &(0x7f00000000c0)) ioctl$RTC_AIE_ON(r6, 0x7001) getsockopt$inet_mreqn(r4, 0x0, 0x24, &(0x7f0000000540)={@multicast1, @empty}, &(0x7f00000005c0)=0xc) ioctl$RTC_AIE_OFF(r6, 0x7002) socket$inet6(0xa, 0x80003, 0xff) 22:13:41 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x0, 0x7, 0x9}, 0x2c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={r0, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={r1}, 0xc) [ 203.551144][ T8264] binder: 8259:8264 ERROR: BC_REGISTER_LOOPER called without request [ 203.583701][ T8264] binder_alloc: 8259: binder_alloc_buf, no vma [ 203.607828][ T8264] binder: 8259:8264 transaction failed 29189/-3, size 0-0 line 3148 [ 203.634547][ T8264] binder: send failed reply for transaction 2 to 8259:8264 22:13:41 executing program 2: openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x801, 0x0) sched_setattr(0x0, 0x0, 0x0) eventfd2(0x8, 0x80001) ioctl$EVIOCRMFF(0xffffffffffffffff, 0x40044581, 0x0) creat(&(0x7f00000001c0)='./bus\x00', 0xffffffffffdffffe) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./bus\x00', 0x0, 0x0, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600)) r1 = syz_open_pts(r0, 0x0) write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x35b) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x17}) stat(&(0x7f0000000900)='./bus\x00', 0x0) 22:13:41 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000040)={@local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @remote}, @icmp=@timestamp_reply}}}}, 0x0) geteuid() ioctl$SNDRV_TIMER_IOCTL_PAUSE(0xffffffffffffffff, 0x54a3) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000200)='/dev/btrfs-control\x00', 0x1, 0x0) openat$md(0xffffffffffffff9c, &(0x7f0000000580)='/dev/md0\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r2, 0x404c534a, &(0x7f0000000280)={0x8e, 0x8, 0x10000}) bind$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x2}, 0x10) setxattr$trusted_overlay_nlink(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000380)='trusted.overlay.nlink\x00', &(0x7f00000003c0)={'L+', 0x54b6}, 0x28, 0x1) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040)=0x0) fcntl$lock(r1, 0x6, &(0x7f0000000080)={0x0, 0x2, 0xc701, 0x6, r3}) write$P9_RREADLINK(r2, &(0x7f0000000300)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10) r4 = syz_open_dev$dri(&(0x7f0000000140)='/dev/dri/card#\x00', 0x1000000000040000, 0x4) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setxattr$security_ima(&(0x7f0000000000)='./file0\x00', &(0x7f0000000180)='security.ima\x00', &(0x7f0000000240)=@md5={0x1, "d3cce0f719456821301b2b983f6d12c9"}, 0x11, 0x2) quotactl(0x0, 0x0, 0x0, 0x0) r5 = syz_open_dev$sndpcmp(0x0, 0x5, 0xc0000) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r5) r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x9) ioctl$RTC_VL_READ(r5, 0x80047013, &(0x7f00000000c0)) ioctl$RTC_AIE_ON(r6, 0x7001) getsockopt$inet_mreqn(r4, 0x0, 0x24, &(0x7f0000000540)={@multicast1, @empty}, &(0x7f00000005c0)=0xc) ioctl$RTC_AIE_OFF(r6, 0x7002) socket$inet6(0xa, 0x80003, 0xff) 22:13:41 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x0, 0x7, 0x9}, 0x2c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={r0, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={r1}, 0xc) [ 203.649142][ T8264] binder_alloc: binder_alloc_mmap_handler: 8259 20001000-20004000 already mapped failed -16 22:13:41 executing program 3: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/rtc0\x00', 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) semget$private(0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000240)) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0) ioctl$RTC_WKALM_SET(0xffffffffffffffff, 0x4028700f, 0x0) geteuid() fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000400)={0x0, 0x0, {0x0, 0x0, 0x0, 0x12, 0x0, 0xff}}) syz_genetlink_get_family_id$tipc(&(0x7f0000000580)='TIPC\x00') [ 203.727830][ T8264] binder: BINDER_SET_CONTEXT_MGR already set [ 203.727837][ T8271] binder_alloc: 8259: binder_alloc_buf, no vma 22:13:41 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x0, 0x9}, 0x2c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={r0, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={r1}, 0xc) 22:13:41 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000040)={@local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @remote}, @icmp=@timestamp_reply}}}}, 0x0) geteuid() ioctl$SNDRV_TIMER_IOCTL_PAUSE(0xffffffffffffffff, 0x54a3) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000200)='/dev/btrfs-control\x00', 0x1, 0x0) openat$md(0xffffffffffffff9c, &(0x7f0000000580)='/dev/md0\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r2, 0x404c534a, &(0x7f0000000280)={0x8e, 0x8, 0x10000}) bind$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x2}, 0x10) setxattr$trusted_overlay_nlink(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000380)='trusted.overlay.nlink\x00', &(0x7f00000003c0)={'L+', 0x54b6}, 0x28, 0x1) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040)=0x0) fcntl$lock(r1, 0x6, &(0x7f0000000080)={0x0, 0x2, 0xc701, 0x6, r3}) write$P9_RREADLINK(r2, &(0x7f0000000300)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10) r4 = syz_open_dev$dri(&(0x7f0000000140)='/dev/dri/card#\x00', 0x1000000000040000, 0x4) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setxattr$security_ima(&(0x7f0000000000)='./file0\x00', &(0x7f0000000180)='security.ima\x00', &(0x7f0000000240)=@md5={0x1, "d3cce0f719456821301b2b983f6d12c9"}, 0x11, 0x2) quotactl(0x0, 0x0, 0x0, 0x0) r5 = syz_open_dev$sndpcmp(0x0, 0x5, 0xc0000) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r5) r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x9) ioctl$RTC_VL_READ(r5, 0x80047013, &(0x7f00000000c0)) ioctl$RTC_AIE_ON(r6, 0x7001) getsockopt$inet_mreqn(r4, 0x0, 0x24, &(0x7f0000000540)={@multicast1, @empty}, &(0x7f00000005c0)=0xc) ioctl$RTC_AIE_OFF(r6, 0x7002) [ 203.784611][ T8271] binder: 8259:8271 transaction failed 29189/-3, size 0-0 line 3148 [ 203.854544][ T8278] binder: 8259:8278 ERROR: BC_REGISTER_LOOPER called without request 22:13:41 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="03000000000000008d0300000000000002"]) [ 203.938649][ T8264] binder: 8259:8264 ioctl 40046207 0 returned -16 [ 203.938904][ T5] binder: undelivered TRANSACTION_COMPLETE