[ 34.351715][ T26] audit: type=1800 audit(1554700447.876:28): pid=7414 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 35.093557][ T26] audit: type=1800 audit(1554700448.716:29): pid=7414 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 35.119009][ T26] audit: type=1800 audit(1554700448.736:30): pid=7414 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 [....] startpar: service(s) returned failure: ssh ...[?25l[?1c7[FAIL8[?25h[?0c failed! Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.165' (ECDSA) to the list of known hosts. 2019/04/08 05:14:17 fuzzer started 2019/04/08 05:14:20 dialing manager at 10.128.0.26:34543 2019/04/08 05:14:20 syscalls: 2408 2019/04/08 05:14:20 code coverage: enabled 2019/04/08 05:14:20 comparison tracing: enabled 2019/04/08 05:14:20 extra coverage: extra coverage is not supported by the kernel 2019/04/08 05:14:20 setuid sandbox: enabled 2019/04/08 05:14:20 namespace sandbox: enabled 2019/04/08 05:14:20 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/08 05:14:20 fault injection: enabled 2019/04/08 05:14:20 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/08 05:14:20 net packet injection: enabled 2019/04/08 05:14:20 net device setup: enabled 05:16:24 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) ioctl$ASHMEM_GET_PROT_MASK(0xffffffffffffffff, 0x7706, 0x0) lookup_dcookie(0x5, 0x0, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) msync(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x5) ioctl$TIOCSWINSZ(r0, 0x5414, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x20000010) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000081, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r0, 0xc08c5334, &(0x7f0000000500)={0xffff, 0x8, 0xb18, 'queue0\x00', 0x8}) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, 0x0, 0xc0f7) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) mkdirat$cgroup(r1, &(0x7f0000000080)='3yz0\x00', 0x1ff) fchdir(r1) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) sendmsg$TIPC_CMD_DISABLE_BEARER(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240), 0xc, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x4000000) umount2(&(0x7f0000000280)='./file0\x00', 0x0) bind$unix(0xffffffffffffffff, 0x0, 0x3ba) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x19, 0x0, 0x0) pipe2$9p(0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, &(0x7f0000000000)={{}, 0xcb81c968a55f6b80, 0x0, 0x0, {}, 0x8000000000000000, 0x2}) openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x789000, 0x0) setsockopt$inet6_MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) syzkaller login: [ 171.079635][ T7604] IPVS: ftp: loaded support on port[0] = 21 05:16:24 executing program 1: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, 0x0) write$cgroup_type(0xffffffffffffffff, &(0x7f00000002c0)='threaded\x00', 0x143c6c92) clone(0x101, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000000a000)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x8000000200000000, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) ioctl$sock_bt_hidp_HIDPGETCONNINFO(0xffffffffffffffff, 0x800448d3, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0x1ff, 0x3}, 0x0, 0x3, 0x0, 0x0, 0x0, "ff8ee1d0d1a133166298a7d16dc757333c42e4e9c6a51849bd4d296816376b94cdbf2e52cfbab0e77a3d9b075317d24526a97eba030a392d382fff381b8a00af74018db0a3e072bb0f650ca76b2f82b60eae905eb70e3d26c33b33d491ce17bb9f3d794658fddc07e49a5c4d211aece0ff5f49445a2737e00cf7146477adb986"}) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) syz_genetlink_get_family_id$tipc(0x0) sendmsg$TIPC_CMD_GET_MAX_PORTS(0xffffffffffffffff, 0x0, 0x0) [ 171.209097][ T7604] chnl_net:caif_netlink_parms(): no params data found [ 171.253894][ T7604] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.261917][ T7604] bridge0: port 1(bridge_slave_0) entered disabled state [ 171.270536][ T7604] device bridge_slave_0 entered promiscuous mode [ 171.297326][ T7604] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.304576][ T7604] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.312593][ T7604] device bridge_slave_1 entered promiscuous mode [ 171.338190][ T7604] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 171.350203][ T7604] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 171.374235][ T7604] team0: Port device team_slave_0 added [ 171.381619][ T7604] team0: Port device team_slave_1 added 05:16:25 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x20000001, &(0x7f0000000180)={0x2, 0x10084e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000080)='bbr\x00', 0x4) write$binfmt_elf64(r1, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0x120001644) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) recvmsg(r1, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x7ffff000}], 0x1, &(0x7f0000000200)=""/20, 0x487, 0x1000000}, 0x1500) [ 171.405854][ T7607] IPVS: ftp: loaded support on port[0] = 21 [ 171.425911][ T7604] device hsr_slave_0 entered promiscuous mode [ 171.463227][ T7604] device hsr_slave_1 entered promiscuous mode [ 171.544409][ T7604] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.551693][ T7604] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.560015][ T7604] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.567164][ T7604] bridge0: port 1(bridge_slave_0) entered forwarding state [ 171.601971][ T7609] IPVS: ftp: loaded support on port[0] = 21 05:16:25 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000380)={0x7b, 0x0, [0x4b564d04, 0x1]}) [ 171.796674][ T7607] chnl_net:caif_netlink_parms(): no params data found [ 171.857365][ T7604] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.910290][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 171.911604][ T7612] IPVS: ftp: loaded support on port[0] = 21 [ 171.933060][ T2899] bridge0: port 1(bridge_slave_0) entered disabled state [ 171.952792][ T2899] bridge0: port 2(bridge_slave_1) entered disabled state 05:16:25 executing program 4: syz_emit_ethernet(0x3e, &(0x7f0000000140)={@broadcast, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @remote={0xac, 0x70}, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x8, 0x2, 0x0, 0x0, 0x0, 0x2, {0x12, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @dev}}}}}}, 0x0) [ 171.962148][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 171.977683][ T7604] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.987107][ T7609] chnl_net:caif_netlink_parms(): no params data found [ 172.054674][ T7607] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.061775][ T7607] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.083634][ T7607] device bridge_slave_0 entered promiscuous mode [ 172.116582][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 172.133465][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.140684][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 172.155450][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 172.164506][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.171594][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 172.180790][ T7607] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.193012][ T7607] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.200951][ T7607] device bridge_slave_1 entered promiscuous mode [ 172.221866][ T7617] IPVS: ftp: loaded support on port[0] = 21 [ 172.238365][ T7614] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 05:16:25 executing program 5: getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x20000001, &(0x7f0000000180)={0x2, 0x10084e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000080)='bbr\x00', 0x4) write$binfmt_elf64(r1, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0x120001644) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) recvmsg(r1, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x7ffff000}], 0x1, &(0x7f0000000200)=""/20, 0x487, 0x1000000}, 0x1500) [ 172.268814][ T7614] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 172.298457][ T7607] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 172.309535][ T7607] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 172.362558][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 172.371687][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 172.396575][ T7614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 172.406064][ T7614] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 172.416722][ T7614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 172.425436][ T7614] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 172.436860][ T7609] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.444318][ T7609] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.452085][ T7609] device bridge_slave_0 entered promiscuous mode [ 172.461044][ T7607] team0: Port device team_slave_0 added [ 172.470667][ T7620] IPVS: ftp: loaded support on port[0] = 21 [ 172.479787][ T7607] team0: Port device team_slave_1 added [ 172.487087][ T7604] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 172.499657][ T7609] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.507690][ T7609] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.518135][ T7609] device bridge_slave_1 entered promiscuous mode [ 172.555712][ T7609] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 172.568938][ T7609] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 172.635080][ T7607] device hsr_slave_0 entered promiscuous mode [ 172.693366][ T7607] device hsr_slave_1 entered promiscuous mode [ 172.803180][ T7609] team0: Port device team_slave_0 added [ 172.812428][ T7609] team0: Port device team_slave_1 added [ 172.857077][ T7617] chnl_net:caif_netlink_parms(): no params data found [ 172.954754][ T7609] device hsr_slave_0 entered promiscuous mode [ 172.993189][ T7609] device hsr_slave_1 entered promiscuous mode [ 173.062253][ T7612] chnl_net:caif_netlink_parms(): no params data found [ 173.073295][ T7604] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 173.095962][ T7617] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.103319][ T7617] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.111047][ T7617] device bridge_slave_0 entered promiscuous mode [ 173.143311][ T7617] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.150686][ T7617] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.159169][ T7617] device bridge_slave_1 entered promiscuous mode [ 173.217312][ T7612] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.233922][ T7612] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.242011][ T7612] device bridge_slave_0 entered promiscuous mode [ 173.259932][ T7612] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.267593][ T7612] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.275979][ T7612] device bridge_slave_1 entered promiscuous mode [ 173.344173][ T7617] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 173.348229][ C1] hrtimer: interrupt took 28559 ns [ 173.354725][ T7609] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.364843][ T7609] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.372147][ T7609] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.379471][ T7609] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.408040][ T2899] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.416571][ T2899] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.431056][ T7617] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 173.515336][ T7612] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 173.534510][ T7620] chnl_net:caif_netlink_parms(): no params data found 05:16:27 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) clone(0x2102801ff5, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xa00000000, 0x0, 0x40000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='nfs\x00', 0x0, &(0x7f0000000000)) [ 173.564936][ T7607] 8021q: adding VLAN 0 to HW filter on device bond0 [ 173.576829][ T7612] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 173.605680][ T7617] team0: Port device team_slave_0 added [ 173.616467][ T7607] 8021q: adding VLAN 0 to HW filter on device team0 [ 173.646997][ T7614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 173.659391][ T7614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 05:16:27 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) syz_open_dev$vcsn(0x0, 0x7f, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00') preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0) [ 173.669330][ T7617] team0: Port device team_slave_1 added [ 173.688456][ T7612] team0: Port device team_slave_0 added [ 173.696454][ T7612] team0: Port device team_slave_1 added [ 173.716677][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 173.726824][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 173.735311][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.742374][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.760637][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 05:16:27 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xfffffffffffffffe) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000080)={'lo\x00@\x00', 0x101}) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000100)) socket$inet6(0xa, 0x5, 0x5) pipe(0x0) fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r0, 0xc0305302, &(0x7f0000000180)={0x94, 0x7af5, 0x9, 0x8, 0x8, 0x2}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) signalfd4(r0, &(0x7f00000000c0)={0x6}, 0x8, 0x80800) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x1000, 0x0) ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0) sendto$packet(r2, &(0x7f0000000340), 0xfffffffffffffd4d, 0x57, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000200)=0x100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='pagemap\x00') sendfile(r3, r4, &(0x7f0000000000)=0x100000, 0xfffc) [ 173.769460][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 173.778221][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.785327][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.793478][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 173.802195][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 173.830698][ T7609] 8021q: adding VLAN 0 to HW filter on device bond0 [ 173.885584][ T7612] device hsr_slave_0 entered promiscuous mode [ 173.923187][ T7612] device hsr_slave_1 entered promiscuous mode [ 173.932526][ T7651] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7651 [ 173.942392][ T7651] caller is ip6_finish_output+0x335/0xdc0 [ 173.948645][ T7651] CPU: 0 PID: 7651 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 173.957656][ T7651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 173.967710][ T7651] Call Trace: [ 173.971019][ T7651] dump_stack+0x172/0x1f0 [ 173.975446][ T7651] __this_cpu_preempt_check+0x246/0x270 [ 173.980986][ T7651] ip6_finish_output+0x335/0xdc0 [ 173.985917][ T7651] ip6_output+0x235/0x7f0 [ 173.990242][ T7651] ? ip6_finish_output+0xdc0/0xdc0 [ 173.995337][ T7651] ? ip6_fragment+0x3980/0x3980 [ 174.000175][ T7651] ip6_xmit+0xe41/0x20c0 [ 174.004400][ T7651] ? ip6_finish_output2+0x2550/0x2550 [ 174.009758][ T7651] ? mark_held_locks+0xf0/0xf0 [ 174.014523][ T7651] ? ip6_setup_cork+0x1870/0x1870 [ 174.019562][ T7651] inet6_csk_xmit+0x2fb/0x5d0 [ 174.024228][ T7651] ? inet6_csk_update_pmtu+0x190/0x190 [ 174.029686][ T7651] __tcp_transmit_skb+0x1a32/0x3750 [ 174.034876][ T7651] ? __tcp_select_window+0x8b0/0x8b0 [ 174.040170][ T7651] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 174.046400][ T7651] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 174.051846][ T7651] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 174.058073][ T7651] tcp_connect+0x1e47/0x4280 [ 174.062676][ T7651] ? tcp_push_one+0x110/0x110 [ 174.067362][ T7651] ? secure_tcpv6_ts_off+0x24f/0x360 [ 174.072650][ T7651] ? secure_dccpv6_sequence_number+0x280/0x280 [ 174.078798][ T7651] tcp_v6_connect+0x150b/0x20a0 [ 174.083632][ T7651] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 174.088991][ T7651] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 174.094258][ T7651] ? retint_kernel+0x2d/0x2d [ 174.098835][ T7651] ? trace_hardirqs_on_caller+0x6a/0x220 [ 174.104479][ T7651] ? find_held_lock+0x35/0x130 [ 174.109240][ T7651] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 174.114869][ T7651] __inet_stream_connect+0x83f/0xea0 [ 174.120166][ T7651] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 174.125459][ T7651] ? __inet_stream_connect+0x83f/0xea0 [ 174.130913][ T7651] ? inet_dgram_connect+0x2e0/0x2e0 [ 174.136105][ T7651] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 174.141478][ T7651] ? rcu_read_lock_sched_held+0x110/0x130 [ 174.147180][ T7651] ? kmem_cache_alloc_trace+0x354/0x760 [ 174.152727][ T7651] ? tcp_sendmsg_locked+0x1fe1/0x37f0 [ 174.158093][ T7651] tcp_sendmsg_locked+0x231f/0x37f0 [ 174.163297][ T7651] ? mark_held_locks+0xf0/0xf0 [ 174.168051][ T7651] ? mark_held_locks+0xa4/0xf0 [ 174.172799][ T7651] ? tcp_sendpage+0x60/0x60 [ 174.177318][ T7651] ? lock_sock_nested+0x9a/0x120 [ 174.182234][ T7651] ? trace_hardirqs_on+0x67/0x230 [ 174.187239][ T7651] ? lock_sock_nested+0x9a/0x120 [ 174.192167][ T7651] ? __local_bh_enable_ip+0x15a/0x270 [ 174.197625][ T7651] tcp_sendmsg+0x30/0x50 [ 174.201866][ T7651] inet_sendmsg+0x147/0x5e0 [ 174.206381][ T7651] ? ipip_gro_receive+0x100/0x100 [ 174.211408][ T7651] sock_sendmsg+0xdd/0x130 [ 174.215817][ T7651] __sys_sendto+0x262/0x380 [ 174.220301][ T7651] ? __ia32_sys_getpeername+0xb0/0xb0 [ 174.225672][ T7651] ? retint_kernel+0x2d/0x2d [ 174.230253][ T7651] ? trace_hardirqs_on_caller+0x6a/0x220 [ 174.235905][ T7651] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 174.241354][ T7651] ? retint_kernel+0x2d/0x2d [ 174.245951][ T7651] __x64_sys_sendto+0xe1/0x1a0 [ 174.250702][ T7651] ? __sys_sendto+0x380/0x380 [ 174.255392][ T7651] do_syscall_64+0x103/0x610 [ 174.259985][ T7651] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 174.265855][ T7651] RIP: 0033:0x4582b9 [ 174.269730][ T7651] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 174.289450][ T7651] RSP: 002b:00007f9d89cb9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 174.297849][ T7651] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 174.305805][ T7651] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 174.315729][ T7651] RBP: 000000000073bfa0 R08: 0000000020000040 R09: 000000000000001c [ 174.323697][ T7651] R10: 0000000020000001 R11: 0000000000000246 R12: 00007f9d89cba6d4 [ 174.331669][ T7651] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 174.366528][ T7651] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7651 [ 174.376832][ T7651] caller is ip6_finish_output+0x335/0xdc0 [ 174.382789][ T7651] CPU: 1 PID: 7651 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 174.391813][ T7651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 174.401889][ T7651] Call Trace: [ 174.401930][ T7651] dump_stack+0x172/0x1f0 [ 174.401956][ T7651] __this_cpu_preempt_check+0x246/0x270 [ 174.409544][ T7651] ip6_finish_output+0x335/0xdc0 [ 174.409565][ T7651] ip6_output+0x235/0x7f0 [ 174.424327][ T7651] ? ip6_finish_output+0xdc0/0xdc0 [ 174.424342][ T7651] ? retint_kernel+0x2d/0x2d [ 174.424359][ T7651] ? ip6_fragment+0x3980/0x3980 [ 174.424380][ T7651] ip6_xmit+0xe41/0x20c0 [ 174.424403][ T7651] ? ip6_finish_output2+0x2550/0x2550 [ 174.434060][ T7651] ? mark_held_locks+0xf0/0xf0 [ 174.434080][ T7651] ? ip6_setup_cork+0x1870/0x1870 [ 174.434111][ T7651] inet6_csk_xmit+0x2fb/0x5d0 [ 174.434134][ T7651] ? inet6_csk_update_pmtu+0x190/0x190 [ 174.434159][ T7651] ? __tcp_transmit_skb+0x133a/0x3750 [ 174.434179][ T7651] __tcp_transmit_skb+0x1a32/0x3750 [ 174.434203][ T7651] ? __tcp_select_window+0x8b0/0x8b0 [ 174.434224][ T7651] ? tcp_rbtree_insert+0x188/0x200 [ 174.434242][ T7651] tcp_send_synack+0x4b0/0x15b0 [ 174.448834][ T7651] ? calibrate_delay.cold+0x3ce/0x4a7 [ 174.448860][ T7651] ? tcp_send_active_reset+0x8e0/0x8e0 [ 174.458870][ T7651] ? retint_kernel+0x2d/0x2d [ 174.458900][ T7651] ? tcp_sync_mss+0x2ee/0xa30 [ 174.468995][ T7651] tcp_rcv_state_process+0x225d/0x4d93 [ 174.469011][ T7651] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 174.469030][ T7651] ? tcp_finish_connect+0x510/0x510 [ 174.479556][ T7651] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 174.479586][ T7651] ? __release_sock+0xca/0x3a0 [ 174.489955][ T7651] tcp_v6_do_rcv+0x7da/0x12c0 [ 174.489966][ T7651] ? tcp_v6_do_rcv+0x7da/0x12c0 [ 174.489988][ T7651] __release_sock+0x12e/0x3a0 [ 174.500184][ T7651] release_sock+0x59/0x1c0 [ 174.500209][ T7651] __inet_stream_connect+0x59f/0xea0 [ 174.510219][ T7651] ? inet_dgram_connect+0x2e0/0x2e0 [ 174.510245][ T7651] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 174.522824][ T7651] ? do_wait_intr_irq+0x2b0/0x2b0 [ 174.522847][ T7651] ? tcp_sendmsg_locked+0x1fe1/0x37f0 [ 174.522866][ T7651] tcp_sendmsg_locked+0x231f/0x37f0 [ 174.522884][ T7651] ? mark_held_locks+0xf0/0xf0 [ 174.522902][ T7651] ? mark_held_locks+0xa4/0xf0 [ 174.533621][ T7651] ? tcp_sendpage+0x60/0x60 [ 174.533637][ T7651] ? lock_sock_nested+0x9a/0x120 [ 174.533654][ T7651] ? trace_hardirqs_on+0x67/0x230 [ 174.533666][ T7651] ? lock_sock_nested+0x9a/0x120 [ 174.533683][ T7651] ? __local_bh_enable_ip+0x15a/0x270 [ 174.533703][ T7651] tcp_sendmsg+0x30/0x50 [ 174.533718][ T7651] inet_sendmsg+0x147/0x5e0 [ 174.533729][ T7651] ? ipip_gro_receive+0x100/0x100 [ 174.533756][ T7651] sock_sendmsg+0xdd/0x130 [ 174.543933][ T7651] __sys_sendto+0x262/0x380 [ 174.543953][ T7651] ? __ia32_sys_getpeername+0xb0/0xb0 [ 174.543980][ T7651] ? retint_kernel+0x2d/0x2d [ 174.553452][ T7651] ? trace_hardirqs_on_caller+0x6a/0x220 [ 174.553471][ T7651] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 174.553490][ T7651] ? retint_kernel+0x2d/0x2d [ 174.553515][ T7651] __x64_sys_sendto+0xe1/0x1a0 [ 174.553528][ T7651] ? __sys_sendto+0x380/0x380 [ 174.553545][ T7651] do_syscall_64+0x103/0x610 [ 174.553560][ T7651] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 174.553570][ T7651] RIP: 0033:0x4582b9 [ 174.553588][ T7651] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 174.567980][ T7651] RSP: 002b:00007f9d89cb9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 174.567995][ T7651] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 174.568003][ T7651] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 174.568010][ T7651] RBP: 000000000073bfa0 R08: 0000000020000040 R09: 000000000000001c [ 174.568023][ T7651] R10: 0000000020000001 R11: 0000000000000246 R12: 00007f9d89cba6d4 [ 174.578596][ T7651] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 174.604272][ T7651] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7651 [ 174.613942][ T7651] caller is ip6_finish_output+0x335/0xdc0 [ 174.623914][ T7651] CPU: 1 PID: 7651 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 174.633651][ T7651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 174.633657][ T7651] Call Trace: [ 174.633682][ T7651] dump_stack+0x172/0x1f0 [ 174.633707][ T7651] __this_cpu_preempt_check+0x246/0x270 [ 174.633729][ T7651] ip6_finish_output+0x335/0xdc0 [ 174.633754][ T7651] ip6_output+0x235/0x7f0 [ 174.633778][ T7651] ? ip6_finish_output+0xdc0/0xdc0 [ 174.643254][ T7651] ? retint_kernel+0x2d/0x2d [ 174.643277][ T7651] ? ip6_fragment+0x3980/0x3980 [ 174.643291][ T7651] ? ip6_finish_output+0xdc0/0xdc0 [ 174.643311][ T7651] ip6_xmit+0xe41/0x20c0 [ 174.643336][ T7651] ? ip6_finish_output2+0x2550/0x2550 [ 174.643352][ T7651] ? mark_held_locks+0xf0/0xf0 [ 174.643373][ T7651] ? __sk_dst_check+0x146/0x2f0 [ 174.652254][ T7651] ? ip6_setup_cork+0x1870/0x1870 [ 174.652281][ T7651] ? nr_rx_frame+0x1230/0x1d70 [ 174.652303][ T7651] inet6_csk_xmit+0x2fb/0x5d0 [ 174.667944][ T7651] ? inet6_csk_update_pmtu+0x190/0x190 [ 174.667977][ T7651] __tcp_transmit_skb+0x1a32/0x3750 [ 174.677987][ T7651] ? __tcp_select_window+0x8b0/0x8b0 [ 174.678007][ T7651] ? retint_kernel+0x2d/0x2d [ 174.689684][ T7651] __tcp_send_ack.part.0+0x3c6/0x5b0 [ 174.689703][ T7651] tcp_send_ack+0x88/0xa0 [ 174.700145][ T7651] tcp_send_challenge_ack.isra.0+0x250/0x300 [ 174.700167][ T7651] tcp_validate_incoming+0x55e/0x1660 [ 174.707552][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 174.723661][ T7651] tcp_rcv_state_process+0xb6b/0x4d93 [ 174.723678][ T7651] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 174.723690][ T7651] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 174.723705][ T7651] ? lockdep_hardirqs_on+0x3c2/0x5d0 [ 174.723719][ T7651] ? tcp_finish_connect+0x510/0x510 [ 174.723738][ T7651] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 174.723760][ T7651] ? retint_kernel+0x2d/0x2d [ 174.723777][ T7651] ? __release_sock+0xca/0x3a0 [ 174.723799][ T7651] tcp_v6_do_rcv+0x7da/0x12c0 [ 174.723810][ T7651] ? tcp_v6_do_rcv+0x7da/0x12c0 [ 174.723826][ T7651] __release_sock+0x12e/0x3a0 [ 174.723846][ T7651] release_sock+0x59/0x1c0 [ 174.992216][ T7651] __inet_stream_connect+0x59f/0xea0 [ 174.997522][ T7651] ? inet_dgram_connect+0x2e0/0x2e0 [ 175.002733][ T7651] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 175.008096][ T7651] ? do_wait_intr_irq+0x2b0/0x2b0 [ 175.013123][ T7651] ? tcp_sendmsg_locked+0x1fe1/0x37f0 [ 175.018522][ T7651] tcp_sendmsg_locked+0x231f/0x37f0 [ 175.023860][ T7651] ? mark_held_locks+0xf0/0xf0 [ 175.028611][ T7651] ? mark_held_locks+0xa4/0xf0 [ 175.033376][ T7651] ? tcp_sendpage+0x60/0x60 [ 175.037879][ T7651] ? lock_sock_nested+0x9a/0x120 [ 175.042914][ T7651] ? trace_hardirqs_on+0x67/0x230 [ 175.047919][ T7651] ? lock_sock_nested+0x9a/0x120 [ 175.052851][ T7651] ? __local_bh_enable_ip+0x15a/0x270 [ 175.058336][ T7651] tcp_sendmsg+0x30/0x50 [ 175.062571][ T7651] inet_sendmsg+0x147/0x5e0 [ 175.067182][ T7651] ? ipip_gro_receive+0x100/0x100 [ 175.072206][ T7651] sock_sendmsg+0xdd/0x130 [ 175.076633][ T7651] __sys_sendto+0x262/0x380 [ 175.081132][ T7651] ? __ia32_sys_getpeername+0xb0/0xb0 [ 175.086523][ T7651] ? retint_kernel+0x2d/0x2d [ 175.091103][ T7651] ? trace_hardirqs_on_caller+0x6a/0x220 [ 175.096742][ T7651] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 175.102223][ T7651] ? retint_kernel+0x2d/0x2d [ 175.106808][ T7651] __x64_sys_sendto+0xe1/0x1a0 [ 175.111568][ T7651] ? __sys_sendto+0x380/0x380 [ 175.116255][ T7651] do_syscall_64+0x103/0x610 [ 175.120865][ T7651] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 175.126741][ T7651] RIP: 0033:0x4582b9 [ 175.130739][ T7651] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 175.150768][ T7651] RSP: 002b:00007f9d89cb9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 175.159172][ T7651] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 175.167132][ T7651] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 175.175100][ T7651] RBP: 000000000073bfa0 R08: 0000000020000040 R09: 000000000000001c [ 175.183078][ T7651] R10: 0000000020000001 R11: 0000000000000246 R12: 00007f9d89cba6d4 [ 175.191064][ T7651] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 175.203450][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 175.207276][ T7654] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7654 [ 175.212397][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 175.220897][ T7654] caller is ip6_finish_output+0x335/0xdc0 [ 175.220917][ T7654] CPU: 1 PID: 7654 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 175.220926][ T7654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 175.220933][ T7654] Call Trace: [ 175.220954][ T7654] dump_stack+0x172/0x1f0 [ 175.220978][ T7654] __this_cpu_preempt_check+0x246/0x270 [ 175.220993][ T7654] ip6_finish_output+0x335/0xdc0 [ 175.221014][ T7654] ip6_output+0x235/0x7f0 [ 175.221038][ T7654] ? ip6_finish_output+0xdc0/0xdc0 [ 175.254060][ T7654] ? ip6_fragment+0x3980/0x3980 [ 175.254081][ T7654] ip6_xmit+0xe41/0x20c0 [ 175.254103][ T7654] ? ip6_finish_output2+0x2550/0x2550 [ 175.254119][ T7654] ? mark_held_locks+0xf0/0xf0 [ 175.254135][ T7654] ? ip6_setup_cork+0x1870/0x1870 [ 175.254167][ T7654] inet6_csk_xmit+0x2fb/0x5d0 [ 175.254187][ T7654] ? inet6_csk_update_pmtu+0x190/0x190 [ 175.261868][ T7654] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 175.261892][ T7654] ? csum_ipv6_magic+0x20/0x80 [ 175.272358][ T7654] __tcp_transmit_skb+0x1a32/0x3750 [ 175.272383][ T7654] ? __tcp_select_window+0x8b0/0x8b0 [ 175.281801][ T7654] ? lockdep_hardirqs_on+0x418/0x5d0 [ 175.281818][ T7654] ? trace_hardirqs_on+0x67/0x230 [ 175.281839][ T7654] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 175.291087][ T7654] tcp_write_xmit+0xe39/0x5660 [ 175.291110][ T7654] ? __might_fault+0x12b/0x1e0 [ 175.301399][ T7654] __tcp_push_pending_frames+0xb4/0x350 [ 175.301418][ T7654] tcp_push+0x4cd/0x6c0 [ 175.311088][ T7654] ? __check_object_size+0x3d/0x42f [ 175.311117][ T7654] tcp_sendmsg_locked+0x15eb/0x37f0 [ 175.322883][ T7654] ? tcp_sendpage+0x60/0x60 [ 175.322900][ T7654] ? trace_hardirqs_on+0x67/0x230 [ 175.322915][ T7654] ? lock_sock_nested+0x9a/0x120 [ 175.322931][ T7654] ? __local_bh_enable_ip+0x15a/0x270 [ 175.322951][ T7654] tcp_sendmsg+0x30/0x50 [ 175.322971][ T7654] inet_sendmsg+0x147/0x5e0 [ 175.332900][ T7654] ? ipip_gro_receive+0x100/0x100 [ 175.332917][ T7654] sock_sendmsg+0xdd/0x130 [ 175.332935][ T7654] __sys_sendto+0x262/0x380 [ 175.332953][ T7654] ? __ia32_sys_getpeername+0xb0/0xb0 [ 175.332984][ T7654] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 175.332997][ T7654] ? put_timespec64+0xda/0x140 [ 175.333013][ T7654] ? nsecs_to_jiffies+0x30/0x30 [ 175.343646][ T7654] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 175.343661][ T7654] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 175.343675][ T7654] ? do_syscall_64+0x26/0x610 [ 175.343697][ T7654] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 175.343719][ T7654] __x64_sys_sendto+0xe1/0x1a0 [ 175.343737][ T7654] do_syscall_64+0x103/0x610 [ 175.354552][ T7654] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 175.354565][ T7654] RIP: 0033:0x4582b9 [ 175.354580][ T7654] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 175.354587][ T7654] RSP: 002b:00007f9d89c98c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 175.354600][ T7654] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 175.354608][ T7654] RDX: fffffffffffffd4d RSI: 0000000020000340 RDI: 0000000000000005 [ 175.354617][ T7654] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 175.354624][ T7654] R10: 0000000000000057 R11: 0000000000000246 R12: 00007f9d89c996d4 [ 175.354633][ T7654] R13: 00000000004c59f3 R14: 00000000004d9d88 R15: 00000000ffffffff [ 175.356751][ T7654] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7654 [ 175.370008][ T7654] caller is ip6_finish_output+0x335/0xdc0 [ 175.370027][ T7654] CPU: 1 PID: 7654 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 175.379430][ T7654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 175.379437][ T7654] Call Trace: [ 175.379468][ T7654] dump_stack+0x172/0x1f0 [ 175.389135][ T7654] __this_cpu_preempt_check+0x246/0x270 [ 175.389158][ T7654] ip6_finish_output+0x335/0xdc0 [ 175.399086][ T7654] ip6_output+0x235/0x7f0 [ 175.408655][ T7654] ? ip6_finish_output+0xdc0/0xdc0 [ 175.418180][ T7654] ? ip6_fragment+0x3980/0x3980 [ 175.427058][ T7654] ip6_xmit+0xe41/0x20c0 [ 175.427079][ T7654] ? ip6_finish_output2+0x2550/0x2550 [ 175.427095][ T7654] ? mark_held_locks+0xf0/0xf0 [ 175.427112][ T7654] ? ip6_setup_cork+0x1870/0x1870 [ 175.427144][ T7654] inet6_csk_xmit+0x2fb/0x5d0 [ 175.427159][ T7654] ? inet6_csk_update_pmtu+0x190/0x190 [ 175.427174][ T7654] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 175.427200][ T7654] ? csum_ipv6_magic+0x20/0x80 [ 175.443572][ T7654] __tcp_transmit_skb+0x1a32/0x3750 [ 175.443598][ T7654] ? __tcp_select_window+0x8b0/0x8b0 [ 175.443611][ T7654] ? tcp_rearm_rto.part.0+0x1e0/0x390 [ 175.443633][ T7654] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 175.443647][ T7654] tcp_write_xmit+0xe39/0x5660 [ 175.443659][ T7654] ? __might_fault+0x12b/0x1e0 [ 175.443692][ T7654] __tcp_push_pending_frames+0xb4/0x350 [ 175.454069][ T7654] tcp_push+0x4cd/0x6c0 [ 175.454086][ T7654] ? __check_object_size+0x3d/0x42f [ 175.454103][ T7654] tcp_sendmsg_locked+0x15eb/0x37f0 [ 175.454133][ T7654] ? tcp_sendpage+0x60/0x60 [ 175.454149][ T7654] ? trace_hardirqs_on+0x67/0x230 [ 175.454166][ T7654] ? lock_sock_nested+0x9a/0x120 [ 175.454190][ T7654] ? __local_bh_enable_ip+0x15a/0x270 [ 175.470347][ T7654] tcp_sendmsg+0x30/0x50 [ 175.479661][ T7654] inet_sendmsg+0x147/0x5e0 [ 175.489402][ T7654] ? ipip_gro_receive+0x100/0x100 [ 175.518180][ T7654] sock_sendmsg+0xdd/0x130 [ 175.534185][ T7654] __sys_sendto+0x262/0x380 [ 175.534205][ T7654] ? __ia32_sys_getpeername+0xb0/0xb0 [ 175.534234][ T7654] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 175.534248][ T7654] ? put_timespec64+0xda/0x140 [ 175.534261][ T7654] ? nsecs_to_jiffies+0x30/0x30 [ 175.534284][ T7654] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 175.534297][ T7654] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 175.534311][ T7654] ? do_syscall_64+0x26/0x610 [ 175.534328][ T7654] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 175.534345][ T7654] __x64_sys_sendto+0xe1/0x1a0 [ 175.534363][ T7654] do_syscall_64+0x103/0x610 [ 175.534380][ T7654] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 175.534392][ T7654] RIP: 0033:0x4582b9 [ 175.534407][ T7654] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 175.534414][ T7654] RSP: 002b:00007f9d89c98c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 175.534426][ T7654] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 175.534440][ T7654] RDX: fffffffffffffd4d RSI: 0000000020000340 RDI: 0000000000000005 [ 175.559860][ T7654] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 175.559868][ T7654] R10: 0000000000000057 R11: 0000000000000246 R12: 00007f9d89c996d4 [ 175.559875][ T7654] R13: 00000000004c59f3 R14: 00000000004d9d88 R15: 00000000ffffffff [ 175.562161][ T7654] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7654 [ 175.584423][ T7609] 8021q: adding VLAN 0 to HW filter on device team0 [ 175.592154][ T7654] caller is ip6_finish_output+0x335/0xdc0 [ 175.613826][ T7650] device lo entered promiscuous mode [ 175.616458][ T7654] CPU: 1 PID: 7654 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 175.653797][ T7609] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 175.654224][ T7654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 175.654231][ T7654] Call Trace: [ 175.654256][ T7654] dump_stack+0x172/0x1f0 [ 175.654283][ T7654] __this_cpu_preempt_check+0x246/0x270 [ 175.659072][ T7609] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 175.664517][ T7654] ip6_finish_output+0x335/0xdc0 [ 175.664534][ T7654] ip6_output+0x235/0x7f0 [ 175.664548][ T7654] ? ip6_finish_output+0xdc0/0xdc0 [ 175.664564][ T7654] ? ip6_fragment+0x3980/0x3980 [ 175.664583][ T7654] ip6_xmit+0xe41/0x20c0 [ 175.664604][ T7654] ? ip6_finish_output2+0x2550/0x2550 [ 175.664620][ T7654] ? mark_held_locks+0xf0/0xf0 [ 175.664638][ T7654] ? ip6_setup_cork+0x1870/0x1870 [ 175.664659][ T7654] ? inet6_csk_route_socket+0x715/0xf40 [ 175.664686][ T7654] inet6_csk_xmit+0x2fb/0x5d0 [ 175.691024][ T7609] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 175.691972][ T7654] ? inet6_csk_update_pmtu+0x190/0x190 [ 175.702426][ T7654] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 175.731985][ T7654] ? csum_ipv6_magic+0x20/0x80 [ 175.732015][ T7654] __tcp_transmit_skb+0x1a32/0x3750 [ 175.732035][ T7654] ? __tcp_select_window+0x8b0/0x8b0 [ 175.732057][ T7654] __tcp_send_ack.part.0+0x3c6/0x5b0 [ 175.732069][ T7654] tcp_send_ack+0x88/0xa0 [ 175.732080][ T7654] __tcp_ack_snd_check+0x165/0x8d0 [ 175.732094][ T7654] tcp_rcv_established+0x9ed/0x1fb0 [ 175.747605][ T7654] ? find_held_lock+0x35/0x130 [ 175.747633][ T7654] ? tcp_data_queue+0x4840/0x4840 [ 176.092773][ T7654] ? __local_bh_enable_ip+0x15a/0x270 [ 176.098159][ T7654] ? _raw_spin_unlock_bh+0x31/0x40 [ 176.103263][ T7654] ? __local_bh_enable_ip+0x15a/0x270 [ 176.108651][ T7654] ? lockdep_hardirqs_on+0x418/0x5d0 [ 176.113946][ T7654] tcp_v6_do_rcv+0x421/0x12c0 [ 176.118638][ T7654] __release_sock+0x12e/0x3a0 [ 176.123398][ T7654] release_sock+0x59/0x1c0 [ 176.127815][ T7654] tcp_sendmsg+0x3b/0x50 [ 176.132043][ T7654] inet_sendmsg+0x147/0x5e0 [ 176.136546][ T7654] ? ipip_gro_receive+0x100/0x100 [ 176.141570][ T7654] sock_sendmsg+0xdd/0x130 [ 176.146083][ T7654] __sys_sendto+0x262/0x380 [ 176.150804][ T7654] ? __ia32_sys_getpeername+0xb0/0xb0 [ 176.156282][ T7654] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 176.162558][ T7654] ? put_timespec64+0xda/0x140 [ 176.167336][ T7654] ? nsecs_to_jiffies+0x30/0x30 [ 176.172187][ T7654] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 176.177670][ T7654] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 176.183138][ T7654] ? do_syscall_64+0x26/0x610 [ 176.187797][ T7654] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 176.193870][ T7654] __x64_sys_sendto+0xe1/0x1a0 [ 176.198645][ T7654] do_syscall_64+0x103/0x610 [ 176.203272][ T7654] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 176.209153][ T7654] RIP: 0033:0x4582b9 [ 176.213051][ T7654] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 176.232753][ T7654] RSP: 002b:00007f9d89c98c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 176.241170][ T7654] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 176.249133][ T7654] RDX: fffffffffffffd4d RSI: 0000000020000340 RDI: 0000000000000005 [ 176.257361][ T7654] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 176.265353][ T7654] R10: 0000000000000057 R11: 0000000000000246 R12: 00007f9d89c996d4 [ 176.273411][ T7654] R13: 00000000004c59f3 R14: 00000000004d9d88 R15: 00000000ffffffff [ 176.305647][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 176.312593][ T7655] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7655 [ 176.320018][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 176.322686][ T7655] caller is ip6_finish_output+0x335/0xdc0 [ 176.331973][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 176.336340][ T7655] CPU: 1 PID: 7655 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 176.336349][ T7655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 176.336354][ T7655] Call Trace: [ 176.336379][ T7655] dump_stack+0x172/0x1f0 [ 176.336404][ T7655] __this_cpu_preempt_check+0x246/0x270 [ 176.336424][ T7655] ip6_finish_output+0x335/0xdc0 [ 176.336441][ T7655] ip6_output+0x235/0x7f0 [ 176.336456][ T7655] ? ip6_finish_output+0xdc0/0xdc0 [ 176.336472][ T7655] ? ip6_fragment+0x3980/0x3980 [ 176.336489][ T7655] ip6_xmit+0xe41/0x20c0 [ 176.336510][ T7655] ? ip6_finish_output2+0x2550/0x2550 [ 176.336525][ T7655] ? mark_held_locks+0xf0/0xf0 [ 176.336545][ T7655] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 176.350913][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready 05:16:30 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xfffffffffffffffe) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000080)={'lo\x00@\x00', 0x101}) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000100)) socket$inet6(0xa, 0x5, 0x5) pipe(0x0) fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r0, 0xc0305302, &(0x7f0000000180)={0x94, 0x7af5, 0x9, 0x8, 0x8, 0x2}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) signalfd4(r0, &(0x7f00000000c0)={0x6}, 0x8, 0x80800) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x1000, 0x0) ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0) sendto$packet(r2, &(0x7f0000000340), 0xfffffffffffffd4d, 0x57, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000200)=0x100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='pagemap\x00') sendfile(r3, r4, &(0x7f0000000000)=0x100000, 0xfffc) [ 176.353468][ T7655] ? ip6_setup_cork+0x1870/0x1870 [ 176.353486][ T7655] ? inet6_csk_route_socket+0x715/0xf40 [ 176.353511][ T7655] inet6_csk_xmit+0x2fb/0x5d0 [ 176.353525][ T7655] ? inet6_csk_update_pmtu+0x190/0x190 [ 176.353540][ T7655] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 176.353561][ T7655] ? csum_ipv6_magic+0x20/0x80 [ 176.353584][ T7655] __tcp_transmit_skb+0x1a32/0x3750 [ 176.353612][ T7655] ? __tcp_select_window+0x8b0/0x8b0 [ 176.353626][ T7655] ? lockdep_hardirqs_on+0x418/0x5d0 [ 176.353640][ T7655] ? trace_hardirqs_on+0x67/0x230 [ 176.353658][ T7655] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 176.370928][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 176.371330][ T7655] ? ktime_get+0x208/0x300 [ 176.371355][ T7655] tcp_send_active_reset+0x43a/0x8e0 [ 176.371378][ T7655] tcp_close+0xbb1/0x10c0 [ 176.378130][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 176.381935][ T7655] ? sock_fasync+0x100/0x160 [ 176.381965][ T7655] inet_release+0x105/0x1f0 [ 176.381983][ T7655] inet6_release+0x53/0x80 [ 176.382000][ T7655] __sock_release+0xd3/0x2b0 [ 176.392472][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 176.396349][ T7655] ? __sock_release+0x2b0/0x2b0 [ 176.396361][ T7655] sock_close+0x1b/0x30 [ 176.396375][ T7655] __fput+0x2e5/0x8d0 [ 176.396392][ T7655] ____fput+0x16/0x20 [ 176.396408][ T7655] task_work_run+0x14a/0x1c0 [ 176.396427][ T7655] do_exit+0x90a/0x2fa0 [ 176.396443][ T7655] ? get_signal+0x331/0x1d50 [ 176.396456][ T7655] ? mm_update_next_owner+0x640/0x640 [ 176.396475][ T7655] ? kasan_check_write+0x14/0x20 [ 176.396497][ T7655] ? _raw_spin_unlock_irq+0x28/0x90 [ 176.408332][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 176.411199][ T7655] ? get_signal+0x331/0x1d50 [ 176.411217][ T7655] ? _raw_spin_unlock_irq+0x28/0x90 [ 176.411236][ T7655] do_group_exit+0x135/0x370 [ 176.411253][ T7655] get_signal+0x399/0x1d50 [ 176.419338][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 176.425285][ T7655] ? dlci_ioctl_set+0x40/0x40 [ 176.425306][ T7655] ? do_vfs_ioctl+0x120/0x1390 [ 176.425323][ T7655] do_signal+0x87/0x1940 [ 176.425336][ T7655] ? ioctl_preallocate+0x210/0x210 [ 176.425348][ T7655] ? __fget+0x381/0x550 [ 176.425363][ T7655] ? setup_sigcontext+0x7d0/0x7d0 [ 176.425375][ T7655] ? ksys_dup3+0x3e0/0x3e0 [ 176.425389][ T7655] ? nsecs_to_jiffies+0x30/0x30 [ 176.425412][ T7655] ? exit_to_usermode_loop+0x43/0x2c0 [ 176.425423][ T7655] ? do_syscall_64+0x52d/0x610 [ 176.425434][ T7655] ? exit_to_usermode_loop+0x43/0x2c0 [ 176.425453][ T7655] ? lockdep_hardirqs_on+0x418/0x5d0 [ 176.436571][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 176.440658][ T7655] ? trace_hardirqs_on+0x67/0x230 [ 176.440680][ T7655] exit_to_usermode_loop+0x244/0x2c0 [ 176.440698][ T7655] do_syscall_64+0x52d/0x610 [ 176.449065][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 176.452402][ T7655] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 176.452415][ T7655] RIP: 0033:0x4582b9 [ 176.452429][ T7655] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 176.452443][ T7655] RSP: 002b:00007f9d89c77c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 176.461623][ T2899] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.462423][ T7655] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00000000004582b9 [ 176.462432][ T7655] RDX: 0000000020000080 RSI: 0000000000008914 RDI: 0000000000000003 [ 176.462440][ T7655] RBP: 000000000073c0e0 R08: 0000000000000000 R09: 0000000000000000 [ 176.462449][ T7655] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d89c786d4 [ 176.462457][ T7655] R13: 00000000004c391d R14: 00000000004d6b60 R15: 00000000ffffffff [ 176.501664][ T2899] bridge0: port 1(bridge_slave_0) entered forwarding state [ 176.516798][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 176.606942][ T7669] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7669 [ 176.620220][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 176.622575][ T7669] caller is ip6_finish_output+0x335/0xdc0 [ 176.627709][ T2899] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.632098][ T7669] CPU: 1 PID: 7669 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 176.636333][ T2899] bridge0: port 2(bridge_slave_1) entered forwarding state [ 176.641349][ T7669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 176.641359][ T7669] Call Trace: [ 176.650688][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 176.654900][ T7669] dump_stack+0x172/0x1f0 [ 176.654924][ T7669] __this_cpu_preempt_check+0x246/0x270 [ 176.654952][ T7669] ip6_finish_output+0x335/0xdc0 [ 176.654972][ T7669] ip6_output+0x235/0x7f0 [ 176.654989][ T7669] ? ip6_finish_output+0xdc0/0xdc0 [ 176.655008][ T7669] ? ip6_fragment+0x3980/0x3980 [ 176.655021][ T7669] ? ip6_finish_output+0xdc0/0xdc0 [ 176.655037][ T7669] ? ip6_output+0x6/0x7f0 [ 176.655052][ T7669] ip6_xmit+0xe41/0x20c0 [ 176.655075][ T7669] ? ip6_finish_output2+0x2550/0x2550 [ 176.655090][ T7669] ? mark_held_locks+0xf0/0xf0 [ 176.655107][ T7669] ? ip6_setup_cork+0x1870/0x1870 [ 176.655135][ T7669] inet6_csk_xmit+0x2fb/0x5d0 [ 176.655147][ T7669] ? inet6_csk_update_pmtu+0x190/0x190 [ 176.655161][ T7669] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 176.655183][ T7669] ? csum_ipv6_magic+0x20/0x80 [ 176.655205][ T7669] __tcp_transmit_skb+0x1a32/0x3750 [ 176.655230][ T7669] ? __tcp_select_window+0x8b0/0x8b0 [ 176.668835][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 176.670298][ T7669] ? tcp_fastopen_no_cookie+0xfe/0x190 [ 176.676434][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 176.680915][ T7669] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 176.696631][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 176.701327][ T7669] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 176.707424][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 176.713955][ T7669] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 176.713974][ T7669] tcp_connect+0x1e47/0x4280 [ 176.713988][ T7669] ? retint_kernel+0x2d/0x2d [ 176.714011][ T7669] ? tcp_push_one+0x110/0x110 [ 176.714034][ T7669] ? tcp_v6_connect+0x1503/0x20a0 [ 176.714053][ T7669] ? tcp_connect+0xf/0x4280 [ 176.723477][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 176.723819][ T7669] tcp_v6_connect+0x150b/0x20a0 [ 176.761632][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 176.766778][ T7669] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 176.766801][ T7669] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 176.766816][ T7669] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 176.766840][ T7669] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 176.766862][ T7669] __inet_stream_connect+0x83f/0xea0 [ 176.766874][ T7669] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 176.766886][ T7669] ? __inet_stream_connect+0x83f/0xea0 [ 176.766905][ T7669] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 176.780366][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 176.782849][ T7669] ? inet_dgram_connect+0x2e0/0x2e0 [ 176.782865][ T7669] ? retint_kernel+0x2d/0x2d [ 176.782894][ T7669] tcp_sendmsg_locked+0x231f/0x37f0 [ 176.782915][ T7669] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 176.791647][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 176.798838][ T7669] ? lockdep_hardirqs_on+0x418/0x5d0 [ 176.798854][ T7669] ? retint_kernel+0x2d/0x2d [ 176.798866][ T7669] ? retint_kernel+0x2d/0x2d [ 176.798889][ T7669] ? tcp_sendpage+0x60/0x60 [ 176.798901][ T7669] ? retint_kernel+0x2d/0x2d [ 176.798936][ T7669] tcp_sendmsg+0x30/0x50 [ 176.798951][ T7669] inet_sendmsg+0x147/0x5e0 [ 176.798963][ T7669] ? ipip_gro_receive+0x100/0x100 [ 176.798981][ T7669] sock_sendmsg+0xdd/0x130 [ 176.799001][ T7669] __sys_sendto+0x262/0x380 [ 176.811474][ T2899] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 176.814233][ T7669] ? __ia32_sys_getpeername+0xb0/0xb0 [ 176.814260][ T7669] ? retint_kernel+0x2d/0x2d [ 176.814276][ T7669] ? trace_hardirqs_on_caller+0x6a/0x220 [ 176.814296][ T7669] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 176.814311][ T7669] ? retint_kernel+0x2d/0x2d [ 176.814333][ T7669] __x64_sys_sendto+0xe1/0x1a0 [ 176.814344][ T7669] ? __x64_sys_sendto+0x1/0x1a0 [ 176.814359][ T7669] do_syscall_64+0x103/0x610 [ 176.814374][ T7669] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 176.814385][ T7669] RIP: 0033:0x4582b9 [ 176.814400][ T7669] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 176.814408][ T7669] RSP: 002b:00007f9d89cb9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 176.814418][ T7669] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 176.814424][ T7669] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 176.814431][ T7669] RBP: 000000000073bfa0 R08: 0000000020000040 R09: 000000000000001c [ 176.814438][ T7669] R10: 0000000020000001 R11: 0000000000000246 R12: 00007f9d89cba6d4 [ 176.814446][ T7669] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 176.821955][ T7669] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7669 [ 176.827626][ T7607] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 176.831996][ T7669] caller is ip6_finish_output+0x335/0xdc0 [ 177.354366][ T7669] CPU: 1 PID: 7669 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 177.363471][ T7669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 177.373704][ T7669] Call Trace: [ 177.376997][ T7669] dump_stack+0x172/0x1f0 [ 177.381325][ T7669] __this_cpu_preempt_check+0x246/0x270 [ 177.386865][ T7669] ip6_finish_output+0x335/0xdc0 [ 177.396552][ T7669] ip6_output+0x235/0x7f0 [ 177.400904][ T7669] ? ip6_finish_output+0xdc0/0xdc0 [ 177.406030][ T7669] ? ip6_fragment+0x3980/0x3980 [ 177.410971][ T7669] ? perf_trace_drv_set_tim+0x178/0x540 [ 177.416566][ T7669] ip6_xmit+0xe41/0x20c0 [ 177.420816][ T7669] ? ip6_finish_output2+0x2550/0x2550 [ 177.426201][ T7669] ? retint_kernel+0x2d/0x2d [ 177.430804][ T7669] ? ip6_setup_cork+0x1870/0x1870 [ 177.435923][ T7669] ? perf_trace_drv_set_tim+0x120/0x540 [ 177.441532][ T7669] inet6_csk_xmit+0x2fb/0x5d0 [ 177.446210][ T7669] ? inet6_csk_update_pmtu+0x190/0x190 [ 177.451693][ T7669] ? csum_ipv6_magic+0x20/0x80 [ 177.456468][ T7669] __tcp_transmit_skb+0x1a32/0x3750 [ 177.461674][ T7669] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 177.467127][ T7669] ? __tcp_select_window+0x8b0/0x8b0 [ 177.472404][ T7669] ? tcp_rbtree_insert+0x188/0x200 [ 177.477521][ T7669] tcp_send_synack+0x4b0/0x15b0 [ 177.482371][ T7669] ? calibrate_delay.cold+0x3ce/0x4a7 [ 177.487731][ T7669] ? tcp_send_active_reset+0x8e0/0x8e0 [ 177.498144][ T7669] ? retint_kernel+0x2d/0x2d [ 177.504173][ T7669] ? tcp_sync_mss+0x2ee/0xa30 [ 177.508855][ T7669] tcp_rcv_state_process+0x225d/0x4d93 [ 177.514328][ T7669] ? __irqentry_text_end+0xac26/0x1fac62 [ 177.519966][ T7669] ? tcp_finish_connect+0x510/0x510 [ 177.525166][ T7669] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 177.530623][ T7669] ? retint_kernel+0x2d/0x2d [ 177.535213][ T7669] ? tcp_v6_do_rcv+0x7bf/0x12c0 [ 177.540230][ T7669] tcp_v6_do_rcv+0x7da/0x12c0 [ 177.544910][ T7669] ? tcp_v6_do_rcv+0x7da/0x12c0 [ 177.549763][ T7669] __release_sock+0x12e/0x3a0 [ 177.554443][ T7669] release_sock+0x59/0x1c0 [ 177.558867][ T7669] __inet_stream_connect+0x59f/0xea0 [ 177.564165][ T7669] ? inet_dgram_connect+0x2e0/0x2e0 [ 177.569357][ T7669] ? retint_kernel+0x2d/0x2d [ 177.573946][ T7669] ? do_wait_intr_irq+0x2b0/0x2b0 [ 177.579001][ T7669] tcp_sendmsg_locked+0x231f/0x37f0 [ 177.584202][ T7669] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 177.589677][ T7669] ? lockdep_hardirqs_on+0x418/0x5d0 [ 177.595045][ T7669] ? retint_kernel+0x2d/0x2d [ 177.599625][ T7669] ? retint_kernel+0x2d/0x2d [ 177.604225][ T7669] ? tcp_sendpage+0x60/0x60 [ 177.608733][ T7669] ? retint_kernel+0x2d/0x2d [ 177.613344][ T7669] tcp_sendmsg+0x30/0x50 [ 177.617590][ T7669] inet_sendmsg+0x147/0x5e0 [ 177.622176][ T7669] ? ipip_gro_receive+0x100/0x100 [ 177.627207][ T7669] sock_sendmsg+0xdd/0x130 [ 177.631705][ T7669] __sys_sendto+0x262/0x380 [ 177.636203][ T7669] ? __ia32_sys_getpeername+0xb0/0xb0 [ 177.641569][ T7669] ? retint_kernel+0x2d/0x2d [ 177.646157][ T7669] ? trace_hardirqs_on_caller+0x6a/0x220 [ 177.651787][ T7669] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 177.657232][ T7669] ? retint_kernel+0x2d/0x2d [ 177.661825][ T7669] __x64_sys_sendto+0xe1/0x1a0 [ 177.666594][ T7669] ? __x64_sys_sendto+0x1/0x1a0 [ 177.671435][ T7669] do_syscall_64+0x103/0x610 [ 177.676020][ T7669] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 177.681894][ T7669] RIP: 0033:0x4582b9 [ 177.685881][ T7669] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 177.705500][ T7669] RSP: 002b:00007f9d89cb9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 177.713934][ T7669] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 177.721908][ T7669] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 177.729880][ T7669] RBP: 000000000073bfa0 R08: 0000000020000040 R09: 000000000000001c [ 177.737865][ T7669] R10: 0000000020000001 R11: 0000000000000246 R12: 00007f9d89cba6d4 [ 177.745834][ T7669] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 177.755068][ T7669] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7669 [ 177.764516][ T7669] caller is ip6_finish_output+0x335/0xdc0 [ 177.770267][ T7669] CPU: 0 PID: 7669 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 177.779370][ T7669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 177.789427][ T7669] Call Trace: [ 177.792853][ T7669] dump_stack+0x172/0x1f0 [ 177.797173][ T7669] __this_cpu_preempt_check+0x246/0x270 [ 177.802711][ T7669] ip6_finish_output+0x335/0xdc0 [ 177.807642][ T7669] ip6_output+0x235/0x7f0 [ 177.811962][ T7669] ? ip6_finish_output+0xdc0/0xdc0 [ 177.817077][ T7669] ? ip6_fragment+0x3980/0x3980 [ 177.821937][ T7669] ip6_xmit+0xe41/0x20c0 [ 177.826201][ T7669] ? ip6_finish_output2+0x2550/0x2550 [ 177.831573][ T7669] ? mark_held_locks+0xf0/0xf0 [ 177.836329][ T7669] ? ip6_setup_cork+0x1870/0x1870 [ 177.841345][ T7669] inet6_csk_xmit+0x2fb/0x5d0 [ 177.846006][ T7669] ? inet6_csk_update_pmtu+0x190/0x190 [ 177.851455][ T7669] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 177.857711][ T7669] ? csum_ipv6_magic+0x20/0x80 [ 177.862473][ T7669] __tcp_transmit_skb+0x1a32/0x3750 [ 177.867676][ T7669] ? __tcp_select_window+0x8b0/0x8b0 [ 177.872959][ T7669] ? tcp_mstamp_refresh+0x16/0xa0 [ 177.877996][ T7669] __tcp_send_ack.part.0+0x3c6/0x5b0 [ 177.883624][ T7669] tcp_send_ack+0x88/0xa0 [ 177.887941][ T7669] tcp_send_challenge_ack.isra.0+0x250/0x300 [ 177.894034][ T7669] tcp_validate_incoming+0x55e/0x1660 [ 177.899396][ T7669] tcp_rcv_state_process+0xb6b/0x4d93 [ 177.904753][ T7669] ? __irqentry_text_end+0xac26/0x1fac62 [ 177.910374][ T7669] ? tcp_finish_connect+0x510/0x510 [ 177.915560][ T7669] ? __release_sock+0xca/0x3a0 [ 177.920307][ T7669] ? find_held_lock+0x35/0x130 [ 177.925055][ T7669] ? mark_held_locks+0xa4/0xf0 [ 177.929801][ T7669] ? __local_bh_enable_ip+0x15a/0x270 [ 177.935169][ T7669] ? _raw_spin_unlock_bh+0x31/0x40 [ 177.940270][ T7669] ? __local_bh_enable_ip+0x15a/0x270 [ 177.946497][ T7669] tcp_v6_do_rcv+0x7da/0x12c0 [ 177.951161][ T7669] ? tcp_v6_do_rcv+0x7da/0x12c0 [ 177.956011][ T7669] __release_sock+0x12e/0x3a0 [ 177.960707][ T7669] release_sock+0x59/0x1c0 [ 177.965114][ T7669] __inet_stream_connect+0x59f/0xea0 [ 177.970399][ T7669] ? inet_dgram_connect+0x2e0/0x2e0 [ 177.975615][ T7669] ? retint_kernel+0x2d/0x2d [ 177.980193][ T7669] ? do_wait_intr_irq+0x2b0/0x2b0 [ 177.985228][ T7669] tcp_sendmsg_locked+0x231f/0x37f0 [ 177.990416][ T7669] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 177.995871][ T7669] ? lockdep_hardirqs_on+0x418/0x5d0 [ 178.001141][ T7669] ? retint_kernel+0x2d/0x2d [ 178.005725][ T7669] ? retint_kernel+0x2d/0x2d [ 178.010316][ T7669] ? tcp_sendpage+0x60/0x60 [ 178.014924][ T7669] ? retint_kernel+0x2d/0x2d [ 178.019505][ T7669] tcp_sendmsg+0x30/0x50 [ 178.023746][ T7669] inet_sendmsg+0x147/0x5e0 [ 178.028230][ T7669] ? ipip_gro_receive+0x100/0x100 [ 178.033249][ T7669] sock_sendmsg+0xdd/0x130 [ 178.037653][ T7669] __sys_sendto+0x262/0x380 [ 178.042321][ T7669] ? __ia32_sys_getpeername+0xb0/0xb0 [ 178.047858][ T7669] ? retint_kernel+0x2d/0x2d [ 178.052475][ T7669] ? trace_hardirqs_on_caller+0x6a/0x220 [ 178.058104][ T7669] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 178.063569][ T7669] ? retint_kernel+0x2d/0x2d [ 178.068184][ T7669] __x64_sys_sendto+0xe1/0x1a0 [ 178.073023][ T7669] ? __x64_sys_sendto+0x1/0x1a0 [ 178.077881][ T7669] do_syscall_64+0x103/0x610 [ 178.082462][ T7669] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 178.088338][ T7669] RIP: 0033:0x4582b9 [ 178.092218][ T7669] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 178.112077][ T7669] RSP: 002b:00007f9d89cb9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 178.120478][ T7669] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 178.128540][ T7669] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 178.136508][ T7669] RBP: 000000000073bfa0 R08: 0000000020000040 R09: 000000000000001c [ 178.144634][ T7669] R10: 0000000020000001 R11: 0000000000000246 R12: 00007f9d89cba6d4 [ 178.152586][ T7669] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 178.184860][ T7617] device hsr_slave_0 entered promiscuous mode [ 178.233295][ T7617] device hsr_slave_1 entered promiscuous mode 05:16:31 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xfffffffffffffffe) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000080)={'lo\x00@\x00', 0x101}) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000100)) socket$inet6(0xa, 0x5, 0x5) pipe(0x0) fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r0, 0xc0305302, &(0x7f0000000180)={0x94, 0x7af5, 0x9, 0x8, 0x8, 0x2}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) signalfd4(r0, &(0x7f00000000c0)={0x6}, 0x8, 0x80800) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x1000, 0x0) ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0) sendto$packet(r2, &(0x7f0000000340), 0xfffffffffffffd4d, 0x57, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000200)=0x100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='pagemap\x00') sendfile(r3, r4, &(0x7f0000000000)=0x100000, 0xfffc) [ 178.274213][ T7620] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.282536][ T7620] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.290552][ T7620] device bridge_slave_0 entered promiscuous mode [ 178.303862][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 178.311748][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 05:16:31 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) write$P9_RSYMLINK(r0, &(0x7f0000000000)={0x14}, 0x14) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) r1 = fcntl$dupfd(r0, 0x0, r0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) [ 178.378824][ T7620] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.390676][ T7620] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.404050][ T7620] device bridge_slave_1 entered promiscuous mode [ 178.442424][ T7620] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 178.458466][ T7681] device lo entered promiscuous mode [ 178.471456][ T7607] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 178.497639][ T7620] bond0: Enslaving bond_slave_1 as an active interface with an up link 05:16:32 executing program 0: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=@nullb='[d::],0::.:\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) [ 178.540099][ T7612] 8021q: adding VLAN 0 to HW filter on device bond0 [ 178.614080][ T7688] libceph: resolve '0' (ret=-3): failed [ 178.619681][ T7688] libceph: parse_ips bad ip '[d::],0::.' [ 178.628128][ T7620] team0: Port device team_slave_0 added [ 178.650690][ T7620] team0: Port device team_slave_1 added [ 178.690344][ T7612] 8021q: adding VLAN 0 to HW filter on device team0 [ 178.717813][ T7618] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 178.729356][ T7618] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 05:16:32 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) syz_open_dev$vcsn(&(0x7f0000000100)='/dev/vcs#\x00', 0x7f, 0x301000) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00') preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0) 05:16:32 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @remote, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2f, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x8000000]}, @local={0xfe, 0x80, [0xfffffffffffff000]}, {[], @tcp={{0x3a00, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 178.748477][ T7618] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 178.782596][ T7618] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 178.813972][ T7618] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.821166][ T7618] bridge0: port 1(bridge_slave_0) entered forwarding state [ 178.863776][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 178.871690][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 178.881501][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 178.890627][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.897745][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.905777][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 178.914543][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 178.923198][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 178.931660][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 178.995789][ T7620] device hsr_slave_0 entered promiscuous mode [ 179.063410][ T7620] device hsr_slave_1 entered promiscuous mode [ 179.125407][ T7617] 8021q: adding VLAN 0 to HW filter on device bond0 [ 179.134348][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 179.142291][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 179.151330][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 179.167529][ T7617] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.176170][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 179.184736][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 179.192405][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 179.200904][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 179.221713][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 179.230647][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 179.239238][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 179.248206][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 179.257265][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.264535][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.272113][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 179.295035][ T7612] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 179.314779][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.325694][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.334215][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.341266][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.349439][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 179.358153][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 179.371412][ T7620] 8021q: adding VLAN 0 to HW filter on device bond0 [ 179.387095][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 179.395733][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 179.406134][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 179.420507][ T7612] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 179.432724][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 179.441588][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 179.453194][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 179.461451][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 179.475504][ T7620] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.491536][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 179.499922][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 179.513958][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 179.522457][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 179.525500][ T7714] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 179.559919][ T7617] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 179.568500][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 179.584015][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 179.593495][ T3001] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.600583][ T3001] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.608366][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.618713][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.627311][ T3001] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.634581][ T3001] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.643325][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 179.653085][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 179.662912][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 179.671576][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 179.690654][ T7620] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 179.708351][ T7620] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 179.732373][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 05:16:33 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00') preadv(r1, &(0x7f0000000480), 0x2000000000000113, 0x0) [ 179.741912][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 179.754541][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 179.766817][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 179.776806][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 179.786267][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 179.795538][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 179.804207][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 179.815525][ T7617] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 179.829604][ T7618] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 179.848252][ T7620] 8021q: adding VLAN 0 to HW filter on device batadv0 05:16:33 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='syscall\x00') preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0) 05:16:34 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600)) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2}) write$binfmt_aout(r0, &(0x7f0000000000)=ANY=[], 0x97bb) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)) 05:16:34 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) r2 = socket(0xa, 0x1, 0x0) close(r2) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8) sendmmsg$inet_sctp(r2, &(0x7f0000000bc0)=[{&(0x7f0000000180), 0x3bf, &(0x7f0000000140), 0x3bf, &(0x7f0000000080)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x4}}], 0x30}], 0x1, 0x0) 05:16:34 executing program 0: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=@nullb='[d::],0::.:\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) 05:16:34 executing program 2: r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000140)={&(0x7f0000000200)={0x1d, r1}, 0x10, &(0x7f0000000040)={&(0x7f0000000100)=@can={{}, 0x0, 0x0, 0x0, 0x0, "e96b4b8fdd5fd9b1"}, 0x10}}, 0x0) 05:16:34 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) lsetxattr$system_posix_acl(&(0x7f0000000200)='./file0\x00', &(0x7f0000000100)='system.posix_acl_default\x00', &(0x7f0000000340), 0x24, 0x0) getxattr(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)=@known='system.posix_acl_default\x00', 0x0, 0x0) 05:16:34 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x0, 0x0, &(0x7f0000000080), &(0x7f0000000100), &(0x7f0000000140)="95ed4619e054153fc89de18584a9530395b62d8ac9c75b895637ba0e3dc4ecc7ac8418554aa73b693ba790019bbc") sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0) 05:16:34 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00') preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0) 05:16:34 executing program 0: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=@nullb='[d::],0::.:\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) [ 180.790354][ T7743] libceph: resolve '0' (ret=-3): failed [ 180.823660][ T7743] libceph: parse_ips bad ip '[d::],0::.' [ 180.862548][ T7747] check_preemption_disabled: 11 callbacks suppressed [ 180.862571][ T7747] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7747 [ 180.879664][ T7747] caller is ip6_finish_output+0x335/0xdc0 [ 180.885658][ T7747] CPU: 0 PID: 7747 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 180.890597][ T7758] libceph: resolve '0' (ret=-3): failed [ 180.894681][ T7747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 180.894705][ T7747] Call Trace: [ 180.894741][ T7747] dump_stack+0x172/0x1f0 [ 180.894770][ T7747] __this_cpu_preempt_check+0x246/0x270 [ 180.894792][ T7747] ip6_finish_output+0x335/0xdc0 [ 180.894812][ T7747] ip6_output+0x235/0x7f0 [ 180.894832][ T7747] ? ip6_finish_output+0xdc0/0xdc0 [ 180.894854][ T7747] ? ip6_fragment+0x3980/0x3980 [ 180.908192][ T7758] libceph: parse_ips bad ip '[d::],0::.' [ 180.910809][ T7747] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 180.910830][ T7747] ip6_local_out+0xc4/0x1b0 [ 180.910850][ T7747] ip6_send_skb+0xbb/0x350 [ 180.943292][ T7747] ip6_push_pending_frames+0xc8/0xf0 [ 180.943310][ T7747] rawv6_sendmsg+0x299c/0x35e0 [ 180.943332][ T7747] ? rawv6_getsockopt+0x150/0x150 [ 180.954494][ T7747] ? aa_profile_af_perm+0x320/0x320 [ 180.954517][ T7747] ? find_held_lock+0x35/0x130 [ 180.954534][ T7747] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 180.954551][ T7747] ? rw_copy_check_uvector+0x2a6/0x330 [ 180.954587][ T7747] ? ___might_sleep+0x163/0x280 [ 180.991437][ T7763] libceph: resolve '0' (ret=-3): failed [ 180.994705][ T7747] ? __might_sleep+0x95/0x190 [ 180.994743][ T7747] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 180.994760][ T7747] inet_sendmsg+0x147/0x5e0 [ 180.994783][ T7747] ? rawv6_getsockopt+0x150/0x150 [ 181.000365][ T7763] libceph: parse_ips bad ip '[d::],0::.' [ 181.005087][ T7747] ? inet_sendmsg+0x147/0x5e0 [ 181.005103][ T7747] ? ipip_gro_receive+0x100/0x100 [ 181.005122][ T7747] sock_sendmsg+0xdd/0x130 [ 181.005138][ T7747] ___sys_sendmsg+0x3e2/0x930 [ 181.005155][ T7747] ? copy_msghdr_from_user+0x430/0x430 [ 181.005173][ T7747] ? lock_downgrade+0x880/0x880 [ 181.005194][ T7747] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 181.025457][ T7747] ? kasan_check_read+0x11/0x20 [ 181.036169][ T7747] ? __fget+0x381/0x550 [ 181.036188][ T7747] ? ksys_dup3+0x3e0/0x3e0 [ 181.036210][ T7747] ? __fget_light+0x1a9/0x230 [ 181.060615][ T7767] libceph: resolve '0' (ret=-3): failed [ 181.065243][ T7747] ? __fdget+0x1b/0x20 [ 181.065263][ T7747] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 181.065281][ T7747] ? sockfd_lookup_light+0xcb/0x180 [ 181.065295][ T7747] __sys_sendmmsg+0x1bf/0x4d0 [ 181.065312][ T7747] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 181.065343][ T7747] ? lock_downgrade+0x880/0x880 [ 181.079555][ T7767] libceph: parse_ips bad ip '[d::],0::.' [ 181.080601][ T7747] ? kasan_check_write+0x14/0x20 [ 181.080619][ T7747] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 181.080641][ T7747] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 181.111334][ T7747] ? do_syscall_64+0x26/0x610 [ 181.120992][ T7747] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 181.121009][ T7747] ? do_syscall_64+0x26/0x610 05:16:34 executing program 0: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=@nullb='[d::],0::.:\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) 05:16:34 executing program 0: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mount(&(0x7f0000000040)=@nullb='[d::],0::.:\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) 05:16:34 executing program 0: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mount(&(0x7f0000000040)=@nullb='[d::],0::.:\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) [ 181.121030][ T7747] __x64_sys_sendmmsg+0x9d/0x100 [ 181.121049][ T7747] do_syscall_64+0x103/0x610 [ 181.154684][ T7770] libceph: resolve '0' (ret=-3): failed [ 181.158090][ T7747] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 181.158105][ T7747] RIP: 0033:0x4582b9 [ 181.158120][ T7747] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 181.158135][ T7747] RSP: 002b:00007fe15d67fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 181.167571][ T7770] libceph: parse_ips bad ip '[d::],0::.' [ 181.167918][ T7747] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 181.167927][ T7747] RDX: 00000000000002e9 RSI: 0000000020000480 RDI: 0000000000000003 [ 181.167935][ T7747] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 181.167944][ T7747] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe15d6806d4 [ 181.167953][ T7747] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 181.247356][ T7747] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7747 [ 181.274796][ T7747] caller is ip6_finish_output+0x335/0xdc0 [ 181.280514][ T7747] CPU: 0 PID: 7747 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 181.280523][ T7747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 181.280528][ T7747] Call Trace: [ 181.280562][ T7747] dump_stack+0x172/0x1f0 [ 181.280586][ T7747] __this_cpu_preempt_check+0x246/0x270 [ 181.280608][ T7747] ip6_finish_output+0x335/0xdc0 [ 181.317761][ T7747] ip6_output+0x235/0x7f0 [ 181.322514][ T7747] ? ip6_finish_output+0xdc0/0xdc0 [ 181.327703][ T7747] ? ip6_fragment+0x3980/0x3980 [ 181.332629][ T7747] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 181.338248][ T7747] ip6_local_out+0xc4/0x1b0 [ 181.342744][ T7747] ip6_send_skb+0xbb/0x350 [ 181.349926][ T7747] ip6_push_pending_frames+0xc8/0xf0 [ 181.355195][ T7747] rawv6_sendmsg+0x299c/0x35e0 [ 181.359950][ T7747] ? rawv6_getsockopt+0x150/0x150 [ 181.364969][ T7747] ? aa_profile_af_perm+0x320/0x320 [ 181.370154][ T7747] ? find_held_lock+0x35/0x130 [ 181.374902][ T7747] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 181.381125][ T7747] ? rw_copy_check_uvector+0x2a6/0x330 [ 181.386580][ T7747] ? ___might_sleep+0x163/0x280 [ 181.391415][ T7747] ? __might_sleep+0x95/0x190 [ 181.396092][ T7747] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 181.401622][ T7747] inet_sendmsg+0x147/0x5e0 [ 181.406120][ T7747] ? rawv6_getsockopt+0x150/0x150 [ 181.411122][ T7747] ? inet_sendmsg+0x147/0x5e0 [ 181.415780][ T7747] ? ipip_gro_receive+0x100/0x100 [ 181.420789][ T7747] sock_sendmsg+0xdd/0x130 [ 181.425210][ T7747] ___sys_sendmsg+0x3e2/0x930 [ 181.429972][ T7747] ? copy_msghdr_from_user+0x430/0x430 [ 181.435500][ T7747] ? lock_downgrade+0x880/0x880 [ 181.440444][ T7747] ? kasan_check_write+0x14/0x20 [ 181.445379][ T7747] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 181.450819][ T7747] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 181.456258][ T7747] ? lockdep_hardirqs_on+0x418/0x5d0 [ 181.461529][ T7747] ? retint_kernel+0x2d/0x2d [ 181.466108][ T7747] ? trace_hardirqs_on_caller+0x6a/0x220 [ 181.471726][ T7747] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 181.477172][ T7747] ? __do_page_fault+0x3fb/0xda0 [ 181.482092][ T7747] ? retint_kernel+0x2d/0x2d [ 181.486759][ T7747] ? ___might_sleep+0x163/0x280 [ 181.491594][ T7747] __sys_sendmmsg+0x1bf/0x4d0 [ 181.496270][ T7747] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 181.501393][ T7747] ? lock_downgrade+0x880/0x880 [ 181.506236][ T7747] ? kasan_check_write+0x14/0x20 [ 181.511156][ T7747] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 181.516965][ T7747] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 181.522405][ T7747] ? do_syscall_64+0x26/0x610 [ 181.527065][ T7747] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 181.533112][ T7747] ? do_syscall_64+0x26/0x610 [ 181.537785][ T7747] __x64_sys_sendmmsg+0x9d/0x100 [ 181.542716][ T7747] do_syscall_64+0x103/0x610 [ 181.547296][ T7747] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 181.553192][ T7747] RIP: 0033:0x4582b9 [ 181.557166][ T7747] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 181.577024][ T7747] RSP: 002b:00007fe15d67fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 181.585415][ T7747] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 181.593366][ T7747] RDX: 00000000000002e9 RSI: 0000000020000480 RDI: 0000000000000003 [ 181.601318][ T7747] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 05:16:34 executing program 1: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=@nullb='[:::],0::b:\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) [ 181.609273][ T7747] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe15d6806d4 [ 181.617224][ T7747] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 181.645906][ T7747] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7747 [ 181.655441][ T7747] caller is ip6_finish_output+0x335/0xdc0 [ 181.661181][ T7747] CPU: 1 PID: 7747 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 181.670206][ T7747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 181.680265][ T7747] Call Trace: [ 181.684029][ T7747] dump_stack+0x172/0x1f0 [ 181.688373][ T7747] __this_cpu_preempt_check+0x246/0x270 [ 181.693941][ T7747] ip6_finish_output+0x335/0xdc0 [ 181.698880][ T7747] ip6_output+0x235/0x7f0 [ 181.703218][ T7747] ? ip6_finish_output+0xdc0/0xdc0 [ 181.708354][ T7747] ? ip6_fragment+0x3980/0x3980 [ 181.713217][ T7747] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 181.713239][ T7747] ip6_local_out+0xc4/0x1b0 [ 181.723281][ T7747] ip6_send_skb+0xbb/0x350 [ 181.727715][ T7747] ip6_push_pending_frames+0xc8/0xf0 [ 181.733005][ T7747] rawv6_sendmsg+0x299c/0x35e0 [ 181.733029][ T7747] ? rawv6_getsockopt+0x150/0x150 [ 181.733046][ T7747] ? aa_profile_af_perm+0x320/0x320 [ 181.733065][ T7747] ? find_held_lock+0x35/0x130 [ 181.733081][ T7747] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 181.733097][ T7747] ? rw_copy_check_uvector+0x2a6/0x330 [ 181.733122][ T7747] ? ___might_sleep+0x163/0x280 [ 181.770192][ T7747] ? __might_sleep+0x95/0x190 [ 181.774900][ T7747] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 181.780471][ T7747] inet_sendmsg+0x147/0x5e0 [ 181.784992][ T7747] ? rawv6_getsockopt+0x150/0x150 [ 181.790019][ T7747] ? inet_sendmsg+0x147/0x5e0 [ 181.794790][ T7747] ? ipip_gro_receive+0x100/0x100 [ 181.799813][ T7747] sock_sendmsg+0xdd/0x130 [ 181.804322][ T7747] ___sys_sendmsg+0x3e2/0x930 [ 181.809018][ T7747] ? copy_msghdr_from_user+0x430/0x430 [ 181.814491][ T7747] ? __lock_acquire+0x548/0x3fb0 [ 181.819452][ T7747] ? kasan_check_write+0x14/0x20 [ 181.824407][ T7747] ? __might_fault+0x12b/0x1e0 [ 181.829194][ T7747] ? find_held_lock+0x35/0x130 [ 181.833970][ T7747] ? __might_fault+0x12b/0x1e0 [ 181.838758][ T7747] ? lock_downgrade+0x880/0x880 [ 181.843643][ T7747] ? ___might_sleep+0x163/0x280 [ 181.848514][ T7747] __sys_sendmmsg+0x1bf/0x4d0 [ 181.853722][ T7747] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 181.853754][ T7747] ? lock_downgrade+0x880/0x880 05:16:35 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8923, &(0x7f00000000c0)={'bridge0\x00', &(0x7f0000000080)=ANY=[@ANYBLOB="0f"]}) [ 181.853779][ T7747] ? kasan_check_write+0x14/0x20 [ 181.853795][ T7747] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 181.853809][ T7747] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 181.853829][ T7747] ? do_syscall_64+0x26/0x610 [ 181.863800][ T7747] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 181.863818][ T7747] ? do_syscall_64+0x26/0x610 [ 181.863836][ T7747] __x64_sys_sendmmsg+0x9d/0x100 [ 181.863851][ T7747] do_syscall_64+0x103/0x610 [ 181.863867][ T7747] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 181.863878][ T7747] RIP: 0033:0x4582b9 [ 181.863892][ T7747] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 181.863900][ T7747] RSP: 002b:00007fe15d67fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 181.863912][ T7747] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 181.863919][ T7747] RDX: 00000000000002e9 RSI: 0000000020000480 RDI: 0000000000000003 [ 181.863933][ T7747] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 181.966906][ T7747] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe15d6806d4 [ 181.974870][ T7747] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff 05:16:35 executing program 4: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) r0 = creat(&(0x7f0000000340)='./file1/file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000040)) setsockopt$inet_udp_int(r0, 0x11, 0xb, 0x0, 0x0) write$FUSE_LK(r0, &(0x7f00000002c0)={0x28, 0xfffffffffffffff5, 0x4, {{0x5, 0x8102, 0x0, r1}}}, 0x28) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000300)='ext3\x00', 0x10000, &(0x7f0000000380)='\x00') mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5"]) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x526, 0xf000000) 05:16:35 executing program 0: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mount(&(0x7f0000000040)=@nullb='[d::],0::.:\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) 05:16:35 executing program 5: syz_emit_ethernet(0x3e, &(0x7f0000000140)={@broadcast, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @remote={0xac, 0x70}, @dev}, @icmp=@parameter_prob={0x3, 0x2, 0x0, 0x0, 0x0, 0x2, {0x12, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @dev}}}}}}, 0x0) 05:16:35 executing program 1: r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) recvfrom$inet(r0, 0x0, 0xa42478c4, 0x102005, 0x0, 0xfffffffffffffdad) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x400000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) stat(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r0, &(0x7f0000001b80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000009c0)={{{@in6=@remote, @in=@remote}}, {{@in6=@dev}, 0x0, @in6=@mcast2}}, &(0x7f0000000380)=0xe8) lstat(&(0x7f0000000000)='./file0/file0\x00', &(0x7f00000007c0)) gettid() getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, &(0x7f0000000540)) keyctl$revoke(0x3, 0x0) r4 = getpgid(0x0) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000840)={{0x0, r2, r3, 0x0, r3}, 0xb8fb, 0x0, 0x0, 0x8000, 0x0, r4, 0x81}) r5 = syz_open_dev$loop(&(0x7f0000000440)='/dev/loop#\x00', 0x100007f, 0x141000) ioctl$TIOCSCTTY(r0, 0x540e, 0x0) sendmsg(r0, &(0x7f0000001b40)={&(0x7f00000003c0)=@in={0x2, 0x4e24, @multicast1}, 0x80, &(0x7f0000001a00)=[{&(0x7f00000019c0)}], 0x1}, 0x40000) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f00000001c0)="2d41d358b8261e7d73e3e48511a08593", 0x10) keyctl$KEYCTL_PKEY_VERIFY(0x1c, &(0x7f0000000240)={0x0, 0x1f, 0x6}, &(0x7f0000000280)=ANY=[@ANYBLOB="656e633d706b63733120686173683d636d61632d6165732d6e656f6e000000000000000000d900"/60], 0x0, 0x0) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000080)={[0x0, 0x74000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400000000000000, 0x1000000], 0x2, 0x400, 0x2}) perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x8, 0x0, 0xe, 0xd00, 0x7f, 0x2, 0xfffffffffffffff8, 0x0, 0x0, 0x0, 0x4, 0x9e6d, 0x73d9, 0x5c97, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x6, 0xfff, 0x4, 0x0, 0x200, 0x0, 0x80000000, 0x6, @perf_bp={0x0}, 0x100, 0x8, 0x5, 0x6, 0x0, 0x8880, 0xc1f}, 0x0, 0xe, r1, 0x0) request_key(&(0x7f00000005c0)='pkcs7_test\x00', 0x0, &(0x7f0000000640)='Fvmnet1/\x00', 0xffffffffffffffff) ioctl$SIOCX25SCALLUSERDATA(r0, 0x89e5, &(0x7f00000002c0)={0x14, "9df55aa714ba36d743d76c2e1cd70acc00b56d427240d06e684545c953c5424008599cc46b8155d1c5e4319a55efee593fdcf7aa7c69c397535e666074845b9172163bc7f3d5ff61224738495d0f0d642d49f7141d03d1289faec8f0a5c61c33f8f8cf770cf5f4e78e91ec850b7e595f7c7b2d69467b15afed79ae6d25e789ce"}) add_key(&(0x7f00000008c0)='dns_resolver\x00', 0x0, &(0x7f0000000ac0)="93306bd5e5cd077834a342a7221f114272fc2e5ce2e334da1e8d91165abd90a11ef0a24c92a824aef7e56a8dc4aa9a58812d948b554dcf9975614855d2513886658ca05135e6db381b6f90de095fc4405b52cbc1b150999bb530a347c8c6d049c614ba2ee8a14a3585764fb1f23502ae4dbed7b83f72c703b777a937a5bd090b", 0x80, 0xfffffffffffffff9) setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2d, &(0x7f0000000c00)={0x88, {{0x2, 0x4e22, @multicast2}}}, 0xfffffd94) keyctl$instantiate_iov(0x14, 0x0, 0x0, 0x0, 0x0) io_setup(0xa7e7, &(0x7f0000000580)) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioprio_set$pid(0x3, 0x0, 0x6972942b) memfd_create(&(0x7f0000000100)='3\x00\x1e\x18J', 0x1) [ 182.013162][ T7747] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7747 [ 182.022835][ T7747] caller is ip6_finish_output+0x335/0xdc0 [ 182.030120][ T7747] CPU: 1 PID: 7747 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 182.039277][ T7747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 182.049346][ T7747] Call Trace: [ 182.052745][ T7747] dump_stack+0x172/0x1f0 [ 182.057100][ T7747] __this_cpu_preempt_check+0x246/0x270 [ 182.062757][ T7747] ip6_finish_output+0x335/0xdc0 [ 182.067721][ T7747] ip6_output+0x235/0x7f0 [ 182.072077][ T7747] ? ip6_finish_output+0xdc0/0xdc0 [ 182.077221][ T7747] ? ip6_fragment+0x3980/0x3980 [ 182.082182][ T7747] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 182.087733][ T7747] ip6_local_out+0xc4/0x1b0 [ 182.092518][ T7747] ip6_send_skb+0xbb/0x350 [ 182.096937][ T7747] ip6_push_pending_frames+0xc8/0xf0 [ 182.102219][ T7747] rawv6_sendmsg+0x299c/0x35e0 [ 182.107155][ T7747] ? rawv6_getsockopt+0x150/0x150 [ 182.112164][ T7747] ? aa_profile_af_perm+0x320/0x320 [ 182.117354][ T7747] ? find_held_lock+0x35/0x130 [ 182.122103][ T7747] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 182.128336][ T7747] ? rw_copy_check_uvector+0x2a6/0x330 [ 182.133791][ T7747] ? ___might_sleep+0x163/0x280 [ 182.138626][ T7747] ? __might_sleep+0x95/0x190 [ 182.143297][ T7747] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 182.148840][ T7747] inet_sendmsg+0x147/0x5e0 [ 182.153426][ T7747] ? rawv6_getsockopt+0x150/0x150 [ 182.158431][ T7747] ? inet_sendmsg+0x147/0x5e0 [ 182.163185][ T7747] ? ipip_gro_receive+0x100/0x100 [ 182.168206][ T7747] sock_sendmsg+0xdd/0x130 [ 182.172609][ T7747] ___sys_sendmsg+0x3e2/0x930 [ 182.177547][ T7747] ? copy_msghdr_from_user+0x430/0x430 [ 182.183030][ T7747] ? __lock_acquire+0x548/0x3fb0 [ 182.187955][ T7747] ? kasan_check_write+0x14/0x20 [ 182.192878][ T7747] ? __might_fault+0x12b/0x1e0 [ 182.197627][ T7747] ? find_held_lock+0x35/0x130 [ 182.202374][ T7747] ? __might_fault+0x12b/0x1e0 [ 182.207126][ T7747] ? lock_downgrade+0x880/0x880 [ 182.211974][ T7747] ? ___might_sleep+0x163/0x280 [ 182.216844][ T7747] __sys_sendmmsg+0x1bf/0x4d0 [ 182.221511][ T7747] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 182.226529][ T7747] ? lock_downgrade+0x880/0x880 [ 182.231371][ T7747] ? kasan_check_write+0x14/0x20 [ 182.236294][ T7747] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 182.241736][ T7747] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 182.247187][ T7747] ? do_syscall_64+0x26/0x610 [ 182.251865][ T7747] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 182.257999][ T7747] ? do_syscall_64+0x26/0x610 [ 182.262660][ T7747] __x64_sys_sendmmsg+0x9d/0x100 [ 182.267671][ T7747] do_syscall_64+0x103/0x610 [ 182.272247][ T7747] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 182.278228][ T7747] RIP: 0033:0x4582b9 [ 182.282110][ T7747] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 182.302513][ T7747] RSP: 002b:00007fe15d67fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 182.311005][ T7747] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 182.318969][ T7747] RDX: 00000000000002e9 RSI: 0000000020000480 RDI: 0000000000000003 [ 182.326944][ T7747] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 182.334899][ T7747] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe15d6806d4 [ 182.342854][ T7747] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 182.394303][ T7800] e Filesystem requires source device [ 182.413599][ T7801] libceph: resolve '0' (ret=-3): failed [ 182.419188][ T7801] libceph: parse_ips bad ip '[d::],0::.' [ 182.432374][ T7747] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7747 [ 182.443254][ T7747] caller is ip6_finish_output+0x335/0xdc0 [ 182.448989][ T7747] CPU: 1 PID: 7747 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 182.458006][ T7747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 182.468147][ T7747] Call Trace: [ 182.471528][ T7747] dump_stack+0x172/0x1f0 [ 182.475850][ T7747] __this_cpu_preempt_check+0x246/0x270 [ 182.481384][ T7747] ip6_finish_output+0x335/0xdc0 [ 182.486310][ T7747] ip6_output+0x235/0x7f0 [ 182.490634][ T7747] ? ip6_finish_output+0xdc0/0xdc0 [ 182.495753][ T7747] ? ip6_fragment+0x3980/0x3980 [ 182.500593][ T7747] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 182.506129][ T7747] ip6_local_out+0xc4/0x1b0 [ 182.510626][ T7747] ip6_send_skb+0xbb/0x350 [ 182.517295][ T7747] ip6_push_pending_frames+0xc8/0xf0 [ 182.522570][ T7747] rawv6_sendmsg+0x299c/0x35e0 [ 182.527327][ T7747] ? rawv6_getsockopt+0x150/0x150 [ 182.532338][ T7747] ? aa_profile_af_perm+0x320/0x320 [ 182.537523][ T7747] ? find_held_lock+0x35/0x130 [ 182.542271][ T7747] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 182.548508][ T7747] ? rw_copy_check_uvector+0x2a6/0x330 [ 182.554134][ T7747] ? ___might_sleep+0x163/0x280 [ 182.558970][ T7747] ? __might_sleep+0x95/0x190 [ 182.563651][ T7747] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 182.569183][ T7747] inet_sendmsg+0x147/0x5e0 [ 182.573669][ T7747] ? rawv6_getsockopt+0x150/0x150 [ 182.578674][ T7747] ? inet_sendmsg+0x147/0x5e0 [ 182.583334][ T7747] ? ipip_gro_receive+0x100/0x100 [ 182.588343][ T7747] sock_sendmsg+0xdd/0x130 [ 182.592752][ T7747] ___sys_sendmsg+0x3e2/0x930 [ 182.597415][ T7747] ? copy_msghdr_from_user+0x430/0x430 [ 182.602865][ T7747] ? __lock_acquire+0x548/0x3fb0 [ 182.607794][ T7747] ? kasan_check_write+0x14/0x20 [ 182.612721][ T7747] ? __might_fault+0x12b/0x1e0 [ 182.617563][ T7747] ? find_held_lock+0x35/0x130 [ 182.622307][ T7747] ? __might_fault+0x12b/0x1e0 [ 182.627068][ T7747] ? lock_downgrade+0x880/0x880 [ 182.631909][ T7747] ? ___might_sleep+0x163/0x280 [ 182.636744][ T7747] __sys_sendmmsg+0x1bf/0x4d0 [ 182.641406][ T7747] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 182.646435][ T7747] ? lock_downgrade+0x880/0x880 [ 182.651283][ T7747] ? kasan_check_write+0x14/0x20 [ 182.656203][ T7747] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 182.661731][ T7747] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 182.667172][ T7747] ? do_syscall_64+0x26/0x610 [ 182.671834][ T7747] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 182.677893][ T7747] ? do_syscall_64+0x26/0x610 [ 182.685098][ T7747] __x64_sys_sendmmsg+0x9d/0x100 [ 182.690213][ T7747] do_syscall_64+0x103/0x610 [ 182.694799][ T7747] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 182.700672][ T7747] RIP: 0033:0x4582b9 [ 182.704553][ T7747] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 182.725009][ T7747] RSP: 002b:00007fe15d67fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 182.733497][ T7747] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 182.741453][ T7747] RDX: 00000000000002e9 RSI: 0000000020000480 RDI: 0000000000000003 [ 182.749406][ T7747] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 182.757366][ T7747] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe15d6806d4 [ 182.765332][ T7747] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 182.793209][ T7747] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7747 [ 182.802653][ T7747] caller is ip6_finish_output+0x335/0xdc0 [ 182.808575][ T7747] CPU: 0 PID: 7747 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 182.817582][ T7747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 182.827618][ T7747] Call Trace: [ 182.831260][ T7747] dump_stack+0x172/0x1f0 [ 182.835597][ T7747] __this_cpu_preempt_check+0x246/0x270 [ 182.841138][ T7747] ip6_finish_output+0x335/0xdc0 [ 182.846065][ T7747] ip6_output+0x235/0x7f0 [ 182.850382][ T7747] ? ip6_finish_output+0xdc0/0xdc0 [ 182.855491][ T7747] ? ip6_fragment+0x3980/0x3980 [ 182.860363][ T7747] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 182.865897][ T7747] ip6_local_out+0xc4/0x1b0 [ 182.870471][ T7747] ip6_send_skb+0xbb/0x350 [ 182.874887][ T7747] ip6_push_pending_frames+0xc8/0xf0 [ 182.880762][ T7747] rawv6_sendmsg+0x299c/0x35e0 [ 182.885514][ T7747] ? rawv6_getsockopt+0x150/0x150 [ 182.890524][ T7747] ? aa_profile_af_perm+0x320/0x320 [ 182.895708][ T7747] ? find_held_lock+0x35/0x130 [ 182.900456][ T7747] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 182.906682][ T7747] ? rw_copy_check_uvector+0x2a6/0x330 [ 182.912143][ T7747] ? ___might_sleep+0x163/0x280 [ 182.916982][ T7747] ? __might_sleep+0x95/0x190 [ 182.921650][ T7747] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 182.927181][ T7747] inet_sendmsg+0x147/0x5e0 [ 182.931669][ T7747] ? rawv6_getsockopt+0x150/0x150 [ 182.936673][ T7747] ? inet_sendmsg+0x147/0x5e0 [ 182.941370][ T7747] ? ipip_gro_receive+0x100/0x100 [ 182.946381][ T7747] sock_sendmsg+0xdd/0x130 [ 182.950788][ T7747] ___sys_sendmsg+0x3e2/0x930 [ 182.955453][ T7747] ? copy_msghdr_from_user+0x430/0x430 [ 182.960894][ T7747] ? __lock_acquire+0x548/0x3fb0 [ 182.965829][ T7747] ? kasan_check_write+0x14/0x20 [ 182.970752][ T7747] ? __might_fault+0x12b/0x1e0 [ 182.975496][ T7747] ? find_held_lock+0x35/0x130 [ 182.980243][ T7747] ? __might_fault+0x12b/0x1e0 [ 182.985002][ T7747] ? lock_downgrade+0x880/0x880 [ 182.989839][ T7747] ? ___might_sleep+0x163/0x280 [ 182.994673][ T7747] __sys_sendmmsg+0x1bf/0x4d0 [ 182.999440][ T7747] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 183.004462][ T7747] ? lock_downgrade+0x880/0x880 [ 183.009303][ T7747] ? kasan_check_write+0x14/0x20 [ 183.014223][ T7747] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.019664][ T7747] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.025107][ T7747] ? do_syscall_64+0x26/0x610 [ 183.029771][ T7747] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.035905][ T7747] ? do_syscall_64+0x26/0x610 [ 183.040569][ T7747] __x64_sys_sendmmsg+0x9d/0x100 [ 183.045495][ T7747] do_syscall_64+0x103/0x610 [ 183.050266][ T7747] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.056243][ T7747] RIP: 0033:0x4582b9 [ 183.060136][ T7747] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 183.079732][ T7747] RSP: 002b:00007fe15d67fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 183.088136][ T7747] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 183.096089][ T7747] RDX: 00000000000002e9 RSI: 0000000020000480 RDI: 0000000000000003 [ 183.104127][ T7747] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 183.112168][ T7747] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe15d6806d4 [ 183.120132][ T7747] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 183.156180][ T7747] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7747 [ 183.165843][ T7747] caller is ip6_finish_output+0x335/0xdc0 [ 183.171583][ T7747] CPU: 0 PID: 7747 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 183.180788][ T7747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 183.191200][ T7747] Call Trace: [ 183.194508][ T7747] dump_stack+0x172/0x1f0 [ 183.198853][ T7747] __this_cpu_preempt_check+0x246/0x270 [ 183.204421][ T7747] ip6_finish_output+0x335/0xdc0 [ 183.209467][ T7747] ip6_output+0x235/0x7f0 [ 183.213814][ T7747] ? ip6_finish_output+0xdc0/0xdc0 [ 183.215660][ T7792] e Filesystem requires source device [ 183.218941][ T7747] ? ip6_fragment+0x3980/0x3980 [ 183.218960][ T7747] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 183.218981][ T7747] ip6_local_out+0xc4/0x1b0 [ 183.239222][ T7747] ip6_send_skb+0xbb/0x350 [ 183.243655][ T7747] ip6_push_pending_frames+0xc8/0xf0 [ 183.248951][ T7747] rawv6_sendmsg+0x299c/0x35e0 [ 183.253736][ T7747] ? rawv6_getsockopt+0x150/0x150 [ 183.258767][ T7747] ? aa_profile_af_perm+0x320/0x320 [ 183.261015][ T7792] overlayfs: './file0' not a directory [ 183.264167][ T7747] ? find_held_lock+0x35/0x130 [ 183.264184][ T7747] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 183.264200][ T7747] ? rw_copy_check_uvector+0x2a6/0x330 [ 183.264228][ T7747] ? ___might_sleep+0x163/0x280 [ 183.264244][ T7747] ? __might_sleep+0x95/0x190 [ 183.264280][ T7747] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 183.301441][ T7747] inet_sendmsg+0x147/0x5e0 [ 183.305958][ T7747] ? rawv6_getsockopt+0x150/0x150 [ 183.310992][ T7747] ? inet_sendmsg+0x147/0x5e0 [ 183.315720][ T7747] ? ipip_gro_receive+0x100/0x100 [ 183.320753][ T7747] sock_sendmsg+0xdd/0x130 [ 183.325253][ T7747] ___sys_sendmsg+0x3e2/0x930 [ 183.329926][ T7747] ? copy_msghdr_from_user+0x430/0x430 [ 183.335396][ T7747] ? lock_downgrade+0x880/0x880 [ 183.340244][ T7747] ? kasan_check_write+0x14/0x20 [ 183.345173][ T7747] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.350615][ T7747] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.356057][ T7747] ? lockdep_hardirqs_on+0x418/0x5d0 [ 183.361326][ T7747] ? retint_kernel+0x2d/0x2d [ 183.365912][ T7747] ? trace_hardirqs_on_caller+0x6a/0x220 [ 183.371534][ T7747] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.376978][ T7747] ? __do_page_fault+0x3fb/0xda0 [ 183.381899][ T7747] ? retint_kernel+0x2d/0x2d [ 183.386498][ T7747] ? ___might_sleep+0x163/0x280 [ 183.391433][ T7747] __sys_sendmmsg+0x1bf/0x4d0 [ 183.396100][ T7747] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 183.401120][ T7747] ? lock_downgrade+0x880/0x880 [ 183.405960][ T7747] ? kasan_check_write+0x14/0x20 [ 183.410894][ T7747] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.416342][ T7747] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.421785][ T7747] ? do_syscall_64+0x26/0x610 [ 183.426444][ T7747] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.432579][ T7747] ? do_syscall_64+0x26/0x610 [ 183.437240][ T7747] __x64_sys_sendmmsg+0x9d/0x100 [ 183.442181][ T7747] do_syscall_64+0x103/0x610 [ 183.446756][ T7747] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.452627][ T7747] RIP: 0033:0x4582b9 [ 183.456521][ T7747] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 183.476195][ T7747] RSP: 002b:00007fe15d67fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 183.484945][ T7747] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 183.492899][ T7747] RDX: 00000000000002e9 RSI: 0000000020000480 RDI: 0000000000000003 [ 183.500937][ T7747] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 183.508901][ T7747] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe15d6806d4 [ 183.517232][ T7747] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 183.535431][ T7747] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7747 [ 183.544815][ T7747] caller is ip6_finish_output+0x335/0xdc0 [ 183.550542][ T7747] CPU: 1 PID: 7747 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 183.559593][ T7747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 183.569650][ T7747] Call Trace: [ 183.572952][ T7747] dump_stack+0x172/0x1f0 [ 183.577290][ T7747] __this_cpu_preempt_check+0x246/0x270 [ 183.582936][ T7747] ip6_finish_output+0x335/0xdc0 [ 183.587888][ T7747] ip6_output+0x235/0x7f0 [ 183.592221][ T7747] ? ip6_finish_output+0xdc0/0xdc0 [ 183.597352][ T7747] ? ip6_fragment+0x3980/0x3980 [ 183.602213][ T7747] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 183.607825][ T7747] ip6_local_out+0xc4/0x1b0 [ 183.612350][ T7747] ip6_send_skb+0xbb/0x350 [ 183.616785][ T7747] ip6_push_pending_frames+0xc8/0xf0 [ 183.622339][ T7747] rawv6_sendmsg+0x299c/0x35e0 [ 183.627213][ T7747] ? rawv6_getsockopt+0x150/0x150 [ 183.632245][ T7747] ? aa_profile_af_perm+0x320/0x320 [ 183.637551][ T7747] ? find_held_lock+0x35/0x130 [ 183.642414][ T7747] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 183.648664][ T7747] ? rw_copy_check_uvector+0x2a6/0x330 [ 183.654145][ T7747] ? ___might_sleep+0x163/0x280 [ 183.659026][ T7747] ? __might_sleep+0x95/0x190 [ 183.663988][ T7747] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 183.669558][ T7747] inet_sendmsg+0x147/0x5e0 [ 183.674072][ T7747] ? rawv6_getsockopt+0x150/0x150 [ 183.679102][ T7747] ? inet_sendmsg+0x147/0x5e0 [ 183.684340][ T7747] ? ipip_gro_receive+0x100/0x100 [ 183.689382][ T7747] sock_sendmsg+0xdd/0x130 [ 183.693803][ T7747] ___sys_sendmsg+0x3e2/0x930 [ 183.698484][ T7747] ? copy_msghdr_from_user+0x430/0x430 [ 183.703958][ T7747] ? __lock_acquire+0x548/0x3fb0 [ 183.708907][ T7747] ? kasan_check_write+0x14/0x20 [ 183.713860][ T7747] ? __might_fault+0x12b/0x1e0 [ 183.718800][ T7747] ? find_held_lock+0x35/0x130 [ 183.723586][ T7747] ? __might_fault+0x12b/0x1e0 [ 183.728371][ T7747] ? lock_downgrade+0x880/0x880 [ 183.733240][ T7747] ? ___might_sleep+0x163/0x280 [ 183.738253][ T7747] __sys_sendmmsg+0x1bf/0x4d0 [ 183.742951][ T7747] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 183.748000][ T7747] ? lock_downgrade+0x880/0x880 [ 183.752872][ T7747] ? kasan_check_write+0x14/0x20 [ 183.757924][ T7747] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.763387][ T7747] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.768852][ T7747] ? do_syscall_64+0x26/0x610 [ 183.773529][ T7747] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.779618][ T7747] ? do_syscall_64+0x26/0x610 [ 183.784304][ T7747] __x64_sys_sendmmsg+0x9d/0x100 [ 183.789228][ T7747] do_syscall_64+0x103/0x610 [ 183.793805][ T7747] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.799682][ T7747] RIP: 0033:0x4582b9 [ 183.803654][ T7747] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 183.823353][ T7747] RSP: 002b:00007fe15d67fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 183.831833][ T7747] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 183.839789][ T7747] RDX: 00000000000002e9 RSI: 0000000020000480 RDI: 0000000000000003 [ 183.847830][ T7747] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 183.856129][ T7747] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe15d6806d4 [ 183.864177][ T7747] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 183.913236][ T7747] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7747 [ 183.922673][ T7747] caller is ip6_finish_output+0x335/0xdc0 [ 183.928584][ T7747] CPU: 1 PID: 7747 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 183.937615][ T7747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 183.947798][ T7747] Call Trace: [ 183.951090][ T7747] dump_stack+0x172/0x1f0 [ 183.955454][ T7747] __this_cpu_preempt_check+0x246/0x270