[ 34.968537][ T26] audit: type=1800 audit(1554680870.583:27): pid=7459 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 34.992003][ T26] audit: type=1800 audit(1554680870.583:28): pid=7459 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 35.666235][ T26] audit: type=1800 audit(1554680871.333:29): pid=7459 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [....] startpar: service(s) returned failure: rsyslog ...[?25l[?1c7[FAIL8[?25h[?0c failed! Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.242' (ECDSA) to the list of known hosts. 2019/04/07 23:48:06 fuzzer started 2019/04/07 23:48:08 dialing manager at 10.128.0.26:34543 2019/04/07 23:48:09 syscalls: 2408 2019/04/07 23:48:09 code coverage: enabled 2019/04/07 23:48:09 comparison tracing: enabled 2019/04/07 23:48:09 extra coverage: extra coverage is not supported by the kernel 2019/04/07 23:48:09 setuid sandbox: enabled 2019/04/07 23:48:09 namespace sandbox: enabled 2019/04/07 23:48:09 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/07 23:48:09 fault injection: enabled 2019/04/07 23:48:09 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/07 23:48:09 net packet injection: enabled 2019/04/07 23:48:09 net device setup: enabled 23:50:13 executing program 0: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) ioctl$TUNGETIFF(r1, 0x800454d2, &(0x7f00000000c0)) syzkaller login: [ 177.756843][ T7645] IPVS: ftp: loaded support on port[0] = 21 23:50:13 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={0x18, 0x40000000000016, 0xffffffffff7ffffd, 0x0, 0x0, {0x11}, [@nested={0x4, 0xb}]}, 0x18}}, 0x0) [ 177.858800][ T7645] chnl_net:caif_netlink_parms(): no params data found [ 177.921801][ T7645] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.952804][ T7645] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.961789][ T7645] device bridge_slave_0 entered promiscuous mode [ 177.971840][ T7645] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.979564][ T7645] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.989223][ T7645] device bridge_slave_1 entered promiscuous mode [ 178.003983][ T7648] IPVS: ftp: loaded support on port[0] = 21 [ 178.032283][ T7645] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 178.056683][ T7645] bond0: Enslaving bond_slave_1 as an active interface with an up link 23:50:13 executing program 2: open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) [ 178.095501][ T7645] team0: Port device team_slave_0 added [ 178.106095][ T7645] team0: Port device team_slave_1 added [ 178.216684][ T7645] device hsr_slave_0 entered promiscuous mode 23:50:13 executing program 3: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000006000)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f00000001c0)) syz_open_dev$sndpcmp(&(0x7f0000000480)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0) io_setup(0x0, 0x0) [ 178.264893][ T7645] device hsr_slave_1 entered promiscuous mode [ 178.332741][ T7645] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.340115][ T7645] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.348425][ T7645] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.355772][ T7645] bridge0: port 1(bridge_slave_0) entered forwarding state [ 178.401532][ T7651] IPVS: ftp: loaded support on port[0] = 21 [ 178.426215][ T7648] chnl_net:caif_netlink_parms(): no params data found [ 178.441756][ T7653] IPVS: ftp: loaded support on port[0] = 21 [ 178.535940][ T7645] 8021q: adding VLAN 0 to HW filter on device bond0 [ 178.571525][ T7645] 8021q: adding VLAN 0 to HW filter on device team0 23:50:14 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000006000)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f00000001c0)) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffff9c, 0x84, 0xf, 0x0, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio\x00', 0x140202, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000000480)='/dev/snd/pcmC#D#p\x00', 0x0, 0x405) dup2(r2, r1) io_setup(0x8, &(0x7f0000000140)=0x0) io_submit(r3, 0x1, &(0x7f0000000240)=[&(0x7f0000000200)={0x2, 0x0, 0x0, 0x1, 0x0, r1, 0x0}]) [ 178.583183][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 178.596633][ T17] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.616141][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.625587][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 178.699078][ T7648] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.707532][ T7648] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.716899][ T7648] device bridge_slave_0 entered promiscuous mode [ 178.727737][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 178.738109][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.745654][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 178.756967][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 178.765686][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.772741][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.818317][ T7648] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.825908][ T7648] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.841430][ T7648] device bridge_slave_1 entered promiscuous mode [ 178.858301][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 23:50:14 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000100)={0x100000011, @dev, 0x0, 0x0, 'lblc\x00'}, 0x2c) [ 178.867799][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 178.879713][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 178.888448][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 178.914242][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 178.940977][ T7659] IPVS: ftp: loaded support on port[0] = 21 [ 178.959792][ T7648] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 178.976844][ T7651] chnl_net:caif_netlink_parms(): no params data found [ 178.988111][ T7645] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 179.020953][ T7648] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 179.035805][ T7661] IPVS: ftp: loaded support on port[0] = 21 [ 179.102245][ T7648] team0: Port device team_slave_0 added [ 179.111482][ T7648] team0: Port device team_slave_1 added [ 179.127538][ T7653] chnl_net:caif_netlink_parms(): no params data found [ 179.149874][ T7651] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.157789][ T7651] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.166306][ T7651] device bridge_slave_0 entered promiscuous mode [ 179.176128][ T7651] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.183503][ T7651] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.191884][ T7651] device bridge_slave_1 entered promiscuous mode [ 179.255914][ T7648] device hsr_slave_0 entered promiscuous mode [ 179.314494][ T7648] device hsr_slave_1 entered promiscuous mode [ 179.378857][ T7651] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 179.390238][ T7645] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 179.430203][ T7651] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 179.468188][ T7651] team0: Port device team_slave_0 added [ 179.480161][ T7653] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.493631][ T7653] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.501790][ T7653] device bridge_slave_0 entered promiscuous mode [ 179.512958][ T7651] team0: Port device team_slave_1 added [ 179.540734][ T7653] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.550438][ T7653] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.558985][ T7653] device bridge_slave_1 entered promiscuous mode [ 179.627100][ T7651] device hsr_slave_0 entered promiscuous mode [ 179.675347][ T7651] device hsr_slave_1 entered promiscuous mode [ 179.771039][ T7653] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 179.783415][ T7653] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 179.807386][ T7648] 8021q: adding VLAN 0 to HW filter on device bond0 [ 179.854585][ T7659] chnl_net:caif_netlink_parms(): no params data found [ 179.863811][ T7653] team0: Port device team_slave_0 added [ 179.872781][ T7651] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.879885][ T7651] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.887341][ T7651] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.894523][ T7651] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.910357][ T7653] team0: Port device team_slave_1 added [ 179.922511][ T7648] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.931900][ T7649] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 179.940593][ T7649] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.948772][ T7649] bridge0: port 2(bridge_slave_1) entered disabled state 23:50:15 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000024c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) add_key$user(0x0, 0x0, &(0x7f0000000580)="d8b98318b88de5636ad1a6da820065294787d16a63d50420019952e8f06a18a3c04f37e30b2fb760f6590a86fbb61b8e5863fc4b5cf2ab412922d63418b4a752b7a852508eac7f32899568ee242c8cb615d79341c68e97208da02d2f8b0f1b3c77de0442e0c3c3bcde1bfd8cc90b5e13db38ef64ed7156ae2989168cca0a533ce721f2daebc035835f32513c3147bbe6ca6d920e59753727a0f0b5e99528983590783f7aab76e996793f415a7b13e7be1ba7926245db63453ff642bc6a2844966df1f9e22db7b39e1901e2308153b4e7d7858450d23c4f0034488eb955003054f5316d78544679685f614af106afc26923365e7e52c98c91dcb9c2402c5f8ca3148347180aac5d35b0377faff0174537fae2cc1f86bab0bfea865c076741e624f870ec3b90e16070f337254e9c7dd6208306415cf780e821cad2777c0c23a5abc3f960d2afee5574268507ba7a1b491b5ca4c99cbe7417de00586ddf78e99d590aa8f18830c01e6e83721b4bb52499313567c106f31f9f7f524ed7ba509b07d1456d835dc1362b488ad06a31b35bac766ba49c95157fcc8590ec25294d285064914fbc61202780fff7df7eeba1fff8ce4dcd629268d53dcf3469f76eeb017b4b5e55273bee4c2a1c71666245d20a0a794aee31e691762ba4f9897c9d122b1c2c67d385583e0d65df728df745e9743b11314c097316be60426dcbcdd9db9d34253314beed39500cb2347f1c9b85d62c4e21f177430629cde1f720a65db49985802a217cb41389e7cd5f8a4294fa5801f099576df5c7df25cd7e157f95292e73820319ad6eb4c23c54a7c27c6dadb0ce4ce25ad039588cef69f3dea447fb67dd22d4e0bd8229a3d881b0a732efe0dd13e4e0db13545d34e02007d55a0cb6cdc85a816c4acc35aa7f96d95cd5d3716c2a5f3442b9df4f6d77546a610482e55bae641ebef42a4295b2551af9db4a55dadf653b259082efb7470da0240e09fabc3b70ac520f43562b921beb32f5c179491456844db914ac44fa54a688f32d502547f29b3dc81da7c6fa8ad74ac6ade5cd12e699fae2dece753505d028768c6d82aacb8a71c7b5eaff54d9a9773b86c4c96d993f1bd4a5fab9c8e7e2da5028b168805c06ae714ff1628a1b16ed4397952badf62207cfc23b4047842ec8068644ec9797b9619800384153190e6902a9cd62e6b180db5043f3b6c19fa0738d945e419fd805a000433cda63c2080caf9a30c7010b55cc17a336bea4d4572d23f7898cee4b60c2c8424d1ecc4a6951d8e1f61718ed58951468cea5e19eda711b7f9e2f760b09e75ab29e5973b3ad88d85433f233e90e2cadc1420e26cb7fbc6fc42d94ed71d86e580363f5abe469c3ed465d801a5ac407ab7b4bd88c852410b9a689fc9bb29637d3de9d734b8b77fc7313d53631a436555b02064e742ce54e13178b6650f799ec042f8a27cf8943791c114a680eb9a6f400644ff3b907b20bbc0e91ce43b8877101651c255ec1705e786354cd94e8308c07af5d5741fda80d332d0cd03dde432c7be6819b82b450fca2e2247912caab774fd15044f488982a04887ff9b008a3f71e576dc198b9bf47d1422ee4c2c9f9815513cd23a8c24d4ba1a9f231b89b62c3c2de835c8b22ead7c24d25fd0ef1650e307d048973730ce5bfae249314ac2591dd6df5bd0ed57d7fb917e67c514becc66a845676db235ae078b93146d713c521810bf5232e2da1dac82591f5ee6ede223a8dade38c84403f965fb387df4f9d7de6fbe8c32df7e629939f013761ba708a6215734fc966845246c9edb49b6dc9c7d84bba4d5c1550f3570ed3c7d7fd49a8305a5a1c42bbbc393a965b5fbf92076009ada94a475f8fa5390c33d8c0def5508fa92b16b0350c370c5d3066b42ee2126bd525925c12251f9aa0afb69cc7500ae165e5d5750463774590a580c9df8f227b186de5909dffd4b1c852ec92ef23789c191135a87b93107082abaf41c9786ad14775573fbeb091e336d59f28daa33286fd1ecae0baebf05d073abc95c753fd0e68bf58a281dc0f8f8c100b45948776d5d123b65daf490a141858855456ecec09a65fb939e330097aa88033522ce0dcc5b7c99af7865bc5d252b27f414e31a76487ac792df5d619218d76cb7438e5b1e6b5a0c961086901a832ce78426aa1cb3d016ee70377ee5ca679bb219eaa9a77881a59e019dcd1c0b785a2c139af6ba1ac93500600ac7fa980971676ba8499b3db548535d06c70494cc209cf8a5716c82f2c1c77a12731804ae294620bea843e1571249abe41603836250700ad36b454396c8cb55fb97d80898ff8b43a70d38f86cb0c27ec42a9bbe2429795a41a6125deb83f6ff619da0b73c44f409771557f1a2e9eb754e7cbe3beef06127e6c071e180799a17f31b68ed382804d86403fa2cf5fadb4e13bace1970f85c014e98ca6cd4292bc6f1df71a4d42fd1b4f4dd842ffd7ca077c872fd1b36dda38cfb5f0a2ba481354bde15d1d13f750c071a75d612469111fed3adb95c746208a7799cac21edb73af9fde8723188fae20c32e300c5094784a0b5d586615d8c0933563cb1b827d3e880ebbb699e5497b913017d1a62f5977dc8a41eb1509331ef6c6570180aec318b22db79604e84df96a89fae278dea37ce6dd267a7749389630d0d4b15c89cfbf80af0f35b8460aeddefef6dee4ae9488ce711bf2b716e4efb84642d0dd3d2f1654867ce8e2c8161a58749a6bf0ce09cfefa40350e669a42b046e7984c1553fc0fbc97a0665846ea5a3d9ce77e983fedd0fa5e3a8fb1e79024a2c1662babb3c23ea04240f5daae9fc18b0376128c0de783b37032d679cf8f13ee4c7b8aa89752e09c52c181207890d031372e776a0d913f40ea8d2bb244eb4e588c4a56bcae4c2b4a0ca496a21d751661eff0f9f934292d05ee8e99b3b71140377b01a3ab2af4db12d3b67d30f960b12c0154091d34b17350e698088ec97c9bddf61be362edbd3a4d2615a0da37ffe932fab09e8364e8d7abb96b93e36b7c63cd52bc620794c8a7f5dcc8221f1055a35da6a4c3977e2afd95c80d0ed3ee9cb268d69988a78ff9a897af0c5734f2d5aa93ce0f5ab31c265e6c0f7c534a4d1e6a4b08a629a1ceb817117d6839bc8fd0636eef3b8993379d97f3d2ab23d8b8c6f52d98d23b0550fb43cc92263318b172d3cba00a6e986c7633180fa9cf29f427fa132115c3fe1ff4e6f55110ea12bec3889b03a47d2d8272c83f19110d7010e9b8c701a90ff7e3a7a9326c537a63da59b3b25c86674ca7898a3ef4dabe179a798654faaa6dde226ff02ed550237dd398d63514ff21a117cb6c9385d0c1b40eacedac7b0b8fad9e7a0d4176b8794803c583a643cc3e3a03ffbc1dfadf62253c409762cf96d27c4a9fe2c5942b9d1cee5d78a6b063716b4f19695ddb63398f9b1988f99a686ceb7b56bbd94131ab636b97afb3e5f10c7e4efdc25cb6606cea66e2320013e61a36f4a75929d57fbae829e3c709f9203403d98d15e97914dccd45f2dd60b9f504168f2fa888f72e3f947796a6d49b872d245dede2558bcda7a167acf747f8adde3199c1ceaae69dc6408b99bf33b9d012b49b1eff372a5f7774557f0a70335fc9d119922f6fdf8f69546a7b2755be70313fe5b4a1f76cfc0551f3ff0c851888221b10fb6ea83ffaa56ca75bf489db1d366bc5b6136051bbd9f30cf77722b09fa7b8f40867cf6516f14a44deee14daf2759d3eddcaf7dea26ace23522e1fe09a88ec762f39c8b281718faa52a28763c99016a577a5c1443ddf543e2e84e3a8640", 0xa81, 0xfffffffffffffffe) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 179.959965][ T7649] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 179.967768][ T7649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 179.981080][ T7661] chnl_net:caif_netlink_parms(): no params data found [ 180.035184][ T7673] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 180.053729][ T7653] device hsr_slave_0 entered promiscuous mode [ 180.104526][ T7653] device hsr_slave_1 entered promiscuous mode [ 180.144981][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 180.153632][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 180.162314][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.169561][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 180.177747][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 180.186959][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 180.195807][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.203022][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 180.250170][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 180.258590][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 180.293262][ T7661] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.303812][ T7661] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.312548][ T7661] device bridge_slave_0 entered promiscuous mode [ 180.321154][ T7661] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.328726][ T7661] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.336865][ T7661] device bridge_slave_1 entered promiscuous mode [ 180.354474][ T7659] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.361535][ T7659] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.377509][ T7659] device bridge_slave_0 entered promiscuous mode 23:50:16 executing program 0: syz_open_dev$adsp(0x0, 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) r0 = inotify_init1(0x0) r1 = getpid() fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000080)={0x0, 0x0}) kcmp(r1, r2, 0x1, 0xffffffffffffffff, 0xffffffffffffffff) [ 180.401694][ T7655] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 23:50:16 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$ashmem(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ashmem\x00', 0x100, 0x0) r0 = accept4$inet(0xffffffffffffff9c, 0x0, &(0x7f0000000380), 0x80000) ioctl$sock_inet_SIOCDELRT(r0, 0x890c, &(0x7f0000000e40)={0x0, {0x2, 0x4e23, @dev}, {0x2, 0x4e21, @local}, {0x2, 0x4e22, @local}, 0x0, 0x0, 0x0, 0x0, 0x45}) r1 = perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0xfffffffffffffffe, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) fcntl$lock(r1, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x8000000000001, 0x118, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet(r2, 0x0, 0x0, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000440)='veth1\x00\x00\x00\x00\xff\xff\xff\xff\xff\xef\x00', 0x40c392f5) ioctl$sock_inet_tcp_SIOCOUTQ(r2, 0x5411, &(0x7f00000000c0)) r3 = dup2(r2, r2) ioctl$TIOCGSID(r3, 0x5429, &(0x7f0000000100)=0x0) ptrace$peekuser(0x3, r4, 0x0) sendmsg$alg(r3, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)=[{&(0x7f0000000000)="a7ceec2903", 0x5}], 0x1}, 0x8005) write$P9_RATTACH(r3, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0) sendto$inet(r2, &(0x7f0000000000), 0xfffffdef, 0xc0, 0x0, 0x0) ioctl$EVIOCGUNIQ(r3, 0x80404508, &(0x7f0000001140)=""/4096) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x400c6615, &(0x7f0000000140)) shutdown(0xffffffffffffffff, 0x1) pipe(&(0x7f0000000240)) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, &(0x7f0000000200), 0x0) [ 180.437587][ T7659] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.445210][ T7659] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.458799][ T7659] device bridge_slave_1 entered promiscuous mode [ 180.493530][ T7661] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 180.503827][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 180.516788][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 180.534762][ C0] hrtimer: interrupt took 26611 ns [ 180.535986][ T7651] 8021q: adding VLAN 0 to HW filter on device bond0 [ 180.569681][ T7661] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 180.581771][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 180.590690][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 180.606007][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.619538][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 180.629374][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 180.640313][ T7659] bond0: Enslaving bond_slave_0 as an active interface with an up link 23:50:16 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$ashmem(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ashmem\x00', 0x100, 0x0) r0 = accept4$inet(0xffffffffffffff9c, 0x0, &(0x7f0000000380), 0x80000) ioctl$sock_inet_SIOCDELRT(r0, 0x890c, &(0x7f0000000e40)={0x0, {0x2, 0x4e23, @dev}, {0x2, 0x4e21, @local}, {0x2, 0x4e22, @local}, 0x0, 0x0, 0x0, 0x0, 0x45}) r1 = perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0xfffffffffffffffe, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) fcntl$lock(r1, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x8000000000001, 0x118, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet(r2, 0x0, 0x0, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000440)='veth1\x00\x00\x00\x00\xff\xff\xff\xff\xff\xef\x00', 0x40c392f5) ioctl$sock_inet_tcp_SIOCOUTQ(r2, 0x5411, &(0x7f00000000c0)) r3 = dup2(r2, r2) ioctl$TIOCGSID(r3, 0x5429, &(0x7f0000000100)=0x0) ptrace$peekuser(0x3, r4, 0x0) sendmsg$alg(r3, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)=[{&(0x7f0000000000)="a7ceec2903", 0x5}], 0x1}, 0x8005) write$P9_RATTACH(r3, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0) sendto$inet(r2, &(0x7f0000000000), 0xfffffdef, 0xc0, 0x0, 0x0) ioctl$EVIOCGUNIQ(r3, 0x80404508, &(0x7f0000001140)=""/4096) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x400c6615, &(0x7f0000000140)) shutdown(0xffffffffffffffff, 0x1) pipe(&(0x7f0000000240)) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, &(0x7f0000000200), 0x0) [ 180.661396][ T7648] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 180.673747][ T7648] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 180.692539][ T7653] 8021q: adding VLAN 0 to HW filter on device bond0 [ 180.711068][ T7659] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 180.720838][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 180.739438][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 180.756607][ T7651] 8021q: adding VLAN 0 to HW filter on device team0 23:50:16 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$ashmem(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ashmem\x00', 0x100, 0x0) r0 = accept4$inet(0xffffffffffffff9c, 0x0, &(0x7f0000000380), 0x80000) ioctl$sock_inet_SIOCDELRT(r0, 0x890c, &(0x7f0000000e40)={0x0, {0x2, 0x4e23, @dev}, {0x2, 0x4e21, @local}, {0x2, 0x4e22, @local}, 0x0, 0x0, 0x0, 0x0, 0x45}) r1 = perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0xfffffffffffffffe, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) fcntl$lock(r1, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x8000000000001, 0x118, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet(r2, 0x0, 0x0, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000440)='veth1\x00\x00\x00\x00\xff\xff\xff\xff\xff\xef\x00', 0x40c392f5) ioctl$sock_inet_tcp_SIOCOUTQ(r2, 0x5411, &(0x7f00000000c0)) r3 = dup2(r2, r2) ioctl$TIOCGSID(r3, 0x5429, &(0x7f0000000100)=0x0) ptrace$peekuser(0x3, r4, 0x0) sendmsg$alg(r3, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)=[{&(0x7f0000000000)="a7ceec2903", 0x5}], 0x1}, 0x8005) write$P9_RATTACH(r3, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0) sendto$inet(r2, &(0x7f0000000000), 0xfffffdef, 0xc0, 0x0, 0x0) ioctl$EVIOCGUNIQ(r3, 0x80404508, &(0x7f0000001140)=""/4096) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x400c6615, &(0x7f0000000140)) shutdown(0xffffffffffffffff, 0x1) pipe(&(0x7f0000000240)) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, &(0x7f0000000200), 0x0) [ 180.788925][ T7661] team0: Port device team_slave_0 added [ 180.796623][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 180.807979][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 180.834619][ T7648] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 180.848157][ T7659] team0: Port device team_slave_0 added [ 180.855823][ T7653] 8021q: adding VLAN 0 to HW filter on device team0 [ 180.863661][ T7661] team0: Port device team_slave_1 added [ 180.877615][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 180.889907][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 180.902798][ T7659] team0: Port device team_slave_1 added 23:50:16 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r1 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000080)=0xa0, 0x4) sendmsg$can_raw(r1, &(0x7f0000000140)={&(0x7f0000000200)={0x1d, r2}, 0x10, &(0x7f0000000040)={&(0x7f0000000100)=@can={{}, 0x0, 0x0, 0x0, 0x0, "e96b4b8fdd5fd9b1"}, 0x10}}, 0x0) [ 180.991347][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 181.037441][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 181.066684][ T23] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.074173][ T23] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.082165][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 181.090926][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 181.099664][ T23] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.106866][ T23] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.115600][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 181.124604][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 181.133135][ T23] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.140253][ T23] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.148661][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 181.157449][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 181.166232][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 181.174876][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 181.183363][ T23] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.190513][ T23] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.199019][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 181.208565][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 181.221380][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 23:50:16 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$ashmem(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ashmem\x00', 0x100, 0x0) r0 = accept4$inet(0xffffffffffffff9c, 0x0, &(0x7f0000000380), 0x80000) ioctl$sock_inet_SIOCDELRT(r0, 0x890c, &(0x7f0000000e40)={0x0, {0x2, 0x4e23, @dev}, {0x2, 0x4e21, @local}, {0x2, 0x4e22, @local}, 0x0, 0x0, 0x0, 0x0, 0x45}) r1 = perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0xfffffffffffffffe, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) fcntl$lock(r1, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x8000000000001, 0x118, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet(r2, 0x0, 0x0, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000440)='veth1\x00\x00\x00\x00\xff\xff\xff\xff\xff\xef\x00', 0x40c392f5) ioctl$sock_inet_tcp_SIOCOUTQ(r2, 0x5411, &(0x7f00000000c0)) r3 = dup2(r2, r2) ioctl$TIOCGSID(r3, 0x5429, &(0x7f0000000100)=0x0) ptrace$peekuser(0x3, r4, 0x0) sendmsg$alg(r3, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)=[{&(0x7f0000000000)="a7ceec2903", 0x5}], 0x1}, 0x8005) write$P9_RATTACH(r3, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0) sendto$inet(r2, &(0x7f0000000000), 0xfffffdef, 0xc0, 0x0, 0x0) ioctl$EVIOCGUNIQ(r3, 0x80404508, &(0x7f0000001140)=""/4096) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x400c6615, &(0x7f0000000140)) shutdown(0xffffffffffffffff, 0x1) pipe(&(0x7f0000000240)) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, &(0x7f0000000200), 0x0) [ 181.266834][ T7661] device hsr_slave_0 entered promiscuous mode 23:50:17 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000380)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) [ 181.324447][ T7661] device hsr_slave_1 entered promiscuous mode [ 181.389602][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 181.401441][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 181.411277][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 181.420832][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 181.429860][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 181.438708][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 181.447792][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 181.459077][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 181.468134][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 181.476932][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 181.492000][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 181.500544][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 181.508828][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 181.517212][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 181.566007][ T7659] device hsr_slave_0 entered promiscuous mode [ 181.594516][ T7659] device hsr_slave_1 entered promiscuous mode [ 181.648342][ T7651] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 181.658382][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 181.667517][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 181.700759][ T7653] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 181.712491][ T7653] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 181.728738][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 181.737519][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 181.771834][ T7653] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 181.783842][ T7651] 8021q: adding VLAN 0 to HW filter on device batadv0 23:50:17 executing program 2: 23:50:17 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4030ae7b, &(0x7f0000000240)={0x0, 0x0, @ioapic}) [ 181.890849][ T7661] 8021q: adding VLAN 0 to HW filter on device bond0 [ 181.901888][ T7659] 8021q: adding VLAN 0 to HW filter on device bond0 [ 181.929544][ T7649] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 181.949860][ T7649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 181.982737][ T7661] 8021q: adding VLAN 0 to HW filter on device team0 [ 182.010114][ T7659] 8021q: adding VLAN 0 to HW filter on device team0 [ 182.035118][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 182.048928][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 182.062507][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.069742][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.079357][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 182.087331][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 182.096279][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 182.118682][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 182.127360][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 182.136801][ T23] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.144061][ T23] bridge0: port 2(bridge_slave_1) entered forwarding state [ 182.152780][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 182.162109][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 182.171065][ T23] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.178158][ T23] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.186044][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 182.195072][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 182.203818][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 182.212461][ T23] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.219520][ T23] bridge0: port 2(bridge_slave_1) entered forwarding state [ 182.227423][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 182.236469][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 182.245277][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 182.253812][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.263685][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 182.271908][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 182.289734][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 182.299122][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 182.308242][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 182.318118][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 182.326980][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.335798][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 182.344819][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 182.353552][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 182.374656][ T7659] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 182.389481][ T7659] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 182.403266][ T7649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 182.411946][ T7649] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 182.420975][ T7649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 182.429638][ T7649] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 182.438625][ T7649] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 182.447657][ T7649] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 182.456491][ T7649] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 182.465490][ T7649] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 182.474830][ T7649] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 182.483613][ T7661] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 182.502698][ T7659] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 182.520884][ T7661] 8021q: adding VLAN 0 to HW filter on device batadv0 23:50:18 executing program 4: syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r0 = syz_open_dev$audion(0x0, 0x0, 0x0) ioctl$KVM_GET_NESTED_STATE(r0, 0xc080aebe, &(0x7f0000000300)={0x0, 0x0, 0x2080}) 23:50:18 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x10) ioctl$KVM_ASSIGN_SET_INTX_MASK(0xffffffffffffffff, 0x4040aea4, 0x0) perf_event_open$cgroup(&(0x7f0000000100)={0x4, 0x70, 0x100000000, 0x3, 0x7f, 0x2, 0x0, 0x0, 0x400, 0xf, 0x6fb, 0xad, 0x4, 0x400, 0x2, 0x0, 0x4, 0x0, 0x2, 0x1, 0x3, 0x80000001, 0x8, 0x8, 0x0, 0x6, 0x0, 0x0, 0x7c, 0x1, 0x3, 0x5, 0x8, 0xd, 0x1000, 0x1, 0x80, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0}, 0x80, 0x12000000, 0x3ff, 0x7, 0xf0f, 0x0, 0x3}, r0, 0x0, 0xffffffffffffff9c, 0x2) r1 = syz_open_dev$sndctrl(&(0x7f0000006000)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f00000001c0)) r2 = openat$audio(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio\x00', 0x140202, 0x0) r3 = syz_open_dev$sndpcmp(&(0x7f0000000480)='/dev/snd/pcmC#D#p\x00', 0x0, 0x405) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/current\x00', 0x2, 0x0) dup2(r3, r2) 23:50:18 executing program 3: 23:50:18 executing program 2: 23:50:18 executing program 0: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x101006, 0x0) r1 = memfd_create(&(0x7f00000002c0)=')\\\x10X\x80\xa9\xbf\x8c\x9b\xd4s!\x14\xb0p.\\O\x90]\xd7\xdf\x943\xd8\xad\x12W\x9fZ~\x9e\xf3\x84/\xe4\x19\xe5=\xde\x8e\x91\xd3D\x99\x90\xf6U\xfe\x87\xe7\xd7\xccN<\xc6\xbb\x93\xb3\xf7\xcb7\xb7\t\xf4p #U\xf9:\x8c\xa1F\xd2\xa6p5\x804Y~\xc9\x19\x03R\xb8L\xef\xd0\x84f\xbe\'\xf2\xf9W3b\x9c\x1d)\xcc?7\xe9\xad\x16\x8f\xc89w\xfb\xa9\xc0\xe9\xa0a\xab\xfb)\x0e\x10\xcb\n{\"\xecD\xfa\xdeuC\x86\x92\xad\xef\"3H\x89\x94\xcc\xed\xe3\xef\a\xe7\x106\xfd\xd1\xcfq\x02\xfe{R46g\xee\xa4\xb6\xe9w\xe9\x15c6\xac\xa6\xe8\x8f\xd8\xc4\x0e\xad\x9f|\x1c\xf9\x92\xf8j\x1b\xb1x\x9a\x93?\t\xdfg\x98\x00\xab\xc4C\xfb\x9bs|\xec\xb9\xf7\xd3\xee\xbcG', 0x0) write$binfmt_aout(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="2818fbff0003"], 0x6) write$binfmt_elf64(r1, &(0x7f00000004c0)=ANY=[@ANYRESDEC], 0x14) sendfile(r0, r1, &(0x7f0000000000), 0x11) 23:50:18 executing program 5: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/igmp\x00') perf_event_open(&(0x7f000000a000)={0x3, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0xa000000200000000, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x80a102001ff8, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet6_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000100), 0x4) mount(0x0, &(0x7f0000343ff8)='./file0\x00', &(0x7f0000000200)='nfs\x00', 0x0, &(0x7f000000a000)) 23:50:18 executing program 2: 23:50:18 executing program 3: 23:50:18 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x10) ioctl$KVM_ASSIGN_SET_INTX_MASK(0xffffffffffffffff, 0x4040aea4, 0x0) perf_event_open$cgroup(&(0x7f0000000100)={0x4, 0x70, 0x100000000, 0x3, 0x7f, 0x2, 0x0, 0x0, 0x400, 0xf, 0x6fb, 0xad, 0x4, 0x400, 0x2, 0x0, 0x4, 0x0, 0x2, 0x1, 0x3, 0x80000001, 0x8, 0x8, 0x0, 0x6, 0x0, 0x0, 0x7c, 0x1, 0x3, 0x5, 0x8, 0xd, 0x1000, 0x1, 0x80, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0}, 0x80, 0x12000000, 0x3ff, 0x7, 0xf0f, 0x0, 0x3}, r0, 0x0, 0xffffffffffffff9c, 0x2) r1 = syz_open_dev$sndctrl(&(0x7f0000006000)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f00000001c0)) r2 = openat$audio(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio\x00', 0x140202, 0x0) r3 = syz_open_dev$sndpcmp(&(0x7f0000000480)='/dev/snd/pcmC#D#p\x00', 0x0, 0x405) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/current\x00', 0x2, 0x0) dup2(r3, r2) 23:50:18 executing program 5: 23:50:18 executing program 4: 23:50:18 executing program 0: 23:50:18 executing program 2: 23:50:18 executing program 3: dup(0xffffffffffffffff) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) arch_prctl$ARCH_GET_CPUID(0x1011) syz_open_dev$amidi(&(0x7f0000000140)='/dev/amidi#\x00', 0x0, 0x80) io_setup(0x0, 0x0) ioctl$SG_GET_ACCESS_COUNT(0xffffffffffffffff, 0x2289, &(0x7f00000001c0)) r0 = socket$can_raw(0x1d, 0x3, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x0, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) unshare(0x40000000) epoll_wait(0xffffffffffffffff, &(0x7f00000000c0)=[{}], 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, 0x0) ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, &(0x7f0000000500)={0x0, 0x0, 0x80000001}) ioctl$sock_netrom_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000300)={0x1, @bcast, @bpq0='bpq0\x00', 0x6, 'syz1\x00', @bcast, 0x0, 0x0, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) 23:50:18 executing program 5: 23:50:18 executing program 0: 23:50:18 executing program 1: 23:50:18 executing program 1: [ 183.104281][ C0] sched: DL replenish lagged too much [ 183.146977][ T7773] IPVS: ftp: loaded support on port[0] = 21 23:50:18 executing program 2: 23:50:18 executing program 4: 23:50:18 executing program 5: 23:50:18 executing program 1: 23:50:19 executing program 0: [ 183.416636][ T7778] IPVS: ftp: loaded support on port[0] = 21 23:50:19 executing program 1: 23:50:19 executing program 2: 23:50:19 executing program 3: dup(0xffffffffffffffff) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) arch_prctl$ARCH_GET_CPUID(0x1011) syz_open_dev$amidi(&(0x7f0000000140)='/dev/amidi#\x00', 0x0, 0x80) io_setup(0x0, 0x0) ioctl$SG_GET_ACCESS_COUNT(0xffffffffffffffff, 0x2289, &(0x7f00000001c0)) r0 = socket$can_raw(0x1d, 0x3, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x0, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) unshare(0x40000000) epoll_wait(0xffffffffffffffff, &(0x7f00000000c0)=[{}], 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, 0x0) ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, &(0x7f0000000500)={0x0, 0x0, 0x80000001}) ioctl$sock_netrom_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000300)={0x1, @bcast, @bpq0='bpq0\x00', 0x6, 'syz1\x00', @bcast, 0x0, 0x0, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) 23:50:19 executing program 5: 23:50:19 executing program 4: ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc1205531, &(0x7f0000000080)) 23:50:19 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000080)={r0, 0x0, 0x1, 0x0, 0x0}, 0x20) 23:50:19 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x80005, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x7, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, 0x0, &(0x7f0000000300)=0x3a6) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r1) close(r0) 23:50:19 executing program 1: 23:50:19 executing program 1: 23:50:19 executing program 5: 23:50:19 executing program 4: ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc1205531, &(0x7f0000000080)) 23:50:19 executing program 2: 23:50:19 executing program 1: 23:50:19 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x80005, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x7, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, 0x0, &(0x7f0000000300)=0x3a6) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r1) close(r0) 23:50:20 executing program 3: dup(0xffffffffffffffff) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) arch_prctl$ARCH_GET_CPUID(0x1011) syz_open_dev$amidi(&(0x7f0000000140)='/dev/amidi#\x00', 0x0, 0x80) io_setup(0x0, 0x0) ioctl$SG_GET_ACCESS_COUNT(0xffffffffffffffff, 0x2289, &(0x7f00000001c0)) r0 = socket$can_raw(0x1d, 0x3, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x0, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) unshare(0x40000000) epoll_wait(0xffffffffffffffff, &(0x7f00000000c0)=[{}], 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, 0x0) ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, &(0x7f0000000500)={0x0, 0x0, 0x80000001}) ioctl$sock_netrom_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000300)={0x1, @bcast, @bpq0='bpq0\x00', 0x6, 'syz1\x00', @bcast, 0x0, 0x0, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) 23:50:20 executing program 2: 23:50:20 executing program 4: ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc1205531, &(0x7f0000000080)) 23:50:20 executing program 5: 23:50:20 executing program 1: 23:50:20 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x80005, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x7, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, 0x0, &(0x7f0000000300)=0x3a6) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r1) close(r0) 23:50:20 executing program 1: 23:50:20 executing program 5: 23:50:20 executing program 2: 23:50:20 executing program 4: ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc1205531, &(0x7f0000000080)) 23:50:20 executing program 5: 23:50:20 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x80005, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x7, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, 0x0, &(0x7f0000000300)=0x3a6) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r1) close(r0) 23:50:22 executing program 3: dup(0xffffffffffffffff) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) arch_prctl$ARCH_GET_CPUID(0x1011) syz_open_dev$amidi(&(0x7f0000000140)='/dev/amidi#\x00', 0x0, 0x80) io_setup(0x0, 0x0) ioctl$SG_GET_ACCESS_COUNT(0xffffffffffffffff, 0x2289, &(0x7f00000001c0)) r0 = socket$can_raw(0x1d, 0x3, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x0, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) unshare(0x40000000) epoll_wait(0xffffffffffffffff, &(0x7f00000000c0)=[{}], 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, 0x0) ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, &(0x7f0000000500)={0x0, 0x0, 0x80000001}) ioctl$sock_netrom_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000300)={0x1, @bcast, @bpq0='bpq0\x00', 0x6, 'syz1\x00', @bcast, 0x0, 0x0, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) 23:50:22 executing program 5: 23:50:22 executing program 2: 23:50:22 executing program 1: 23:50:22 executing program 4: ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(0xffffffffffffffff, 0xc1205531, &(0x7f0000000080)) 23:50:22 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x80005, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x7, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, 0x0, &(0x7f0000000300)=0x3a6) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r1) 23:50:22 executing program 1: 23:50:22 executing program 2: 23:50:22 executing program 1: [ 186.743154][ T7877] IPVS: ftp: loaded support on port[0] = 21 23:50:22 executing program 2: 23:50:22 executing program 4: ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(0xffffffffffffffff, 0xc1205531, &(0x7f0000000080)) 23:50:22 executing program 5: 23:50:22 executing program 3: 23:50:22 executing program 5: 23:50:22 executing program 2: 23:50:22 executing program 1: 23:50:22 executing program 4: ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(0xffffffffffffffff, 0xc1205531, &(0x7f0000000080)) 23:50:23 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x80005, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x7, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, 0x0, &(0x7f0000000300)=0x3a6) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r1) 23:50:23 executing program 1: 23:50:23 executing program 5: 23:50:23 executing program 2: 23:50:23 executing program 3: 23:50:23 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc1205531, &(0x7f0000000080)) 23:50:23 executing program 5: 23:50:23 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc1205531, &(0x7f0000000080)) 23:50:23 executing program 1: 23:50:23 executing program 2: 23:50:23 executing program 3: 23:50:23 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x94b, 0x4) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) sendmmsg(r0, &(0x7f00000002c0), 0x400000000000174, 0x0) [ 187.777427][ T7938] check_preemption_disabled: 1 callbacks suppressed [ 187.777441][ T7938] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7938 [ 187.794291][ T7938] caller is sk_mc_loop+0x1d/0x210 [ 187.799534][ T7938] CPU: 1 PID: 7938 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 187.809172][ T7938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 187.819421][ T7938] Call Trace: [ 187.822874][ T7938] dump_stack+0x172/0x1f0 [ 187.827222][ T7938] __this_cpu_preempt_check+0x246/0x270 [ 187.832876][ T7938] sk_mc_loop+0x1d/0x210 [ 187.837223][ T7938] ip_mc_output+0x2ef/0xf70 [ 187.841766][ T7938] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 187.847231][ T7938] ? ip_append_data.part.0+0x170/0x170 [ 187.852968][ T7938] ? ip_make_skb+0x1b1/0x2c0 [ 187.857569][ T7938] ? ip_reply_glue_bits+0xc0/0xc0 [ 187.862779][ T7938] ip_local_out+0xc4/0x1b0 [ 187.867292][ T7938] ip_send_skb+0x42/0xf0 [ 187.872115][ T7938] udp_send_skb.isra.0+0x6b2/0x1180 [ 187.877418][ T7938] ? xfrm_lookup_route+0x5b/0x1f0 [ 187.883338][ T7938] udp_sendmsg+0x1dfd/0x2820 [ 187.888033][ T7938] ? __lock_acquire+0x548/0x3fb0 [ 187.892967][ T7938] ? find_held_lock+0x35/0x130 [ 187.897827][ T7938] ? ip_reply_glue_bits+0xc0/0xc0 [ 187.903084][ T7938] ? udp4_lib_lookup_skb+0x440/0x440 [ 187.908877][ T7938] udpv6_sendmsg+0x13a4/0x28d0 [ 187.913905][ T7938] ? udpv6_sendmsg+0x13a4/0x28d0 [ 187.919249][ T7938] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 187.925733][ T7938] ? aa_profile_af_perm+0x320/0x320 [ 187.931298][ T7938] ? __might_fault+0x12b/0x1e0 [ 187.936425][ T7938] ? find_held_lock+0x35/0x130 [ 187.941455][ T7938] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 187.947756][ T7938] ? rw_copy_check_uvector+0x2a6/0x330 [ 187.953235][ T7938] ? ___might_sleep+0x163/0x280 [ 187.958089][ T7938] ? __might_sleep+0x95/0x190 [ 187.962952][ T7938] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 187.968687][ T7938] ? aa_sk_perm+0x288/0x880 [ 187.973288][ T7938] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 187.979115][ T7938] inet_sendmsg+0x147/0x5e0 [ 187.983828][ T7938] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 187.989940][ T7938] ? inet_sendmsg+0x147/0x5e0 [ 187.995002][ T7938] ? ipip_gro_receive+0x100/0x100 [ 188.000041][ T7938] sock_sendmsg+0xdd/0x130 [ 188.004587][ T7938] ___sys_sendmsg+0x3e2/0x930 [ 188.009281][ T7938] ? copy_msghdr_from_user+0x430/0x430 [ 188.014852][ T7938] ? lock_downgrade+0x880/0x880 [ 188.014868][ T7938] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 188.014885][ T7938] ? kasan_check_read+0x11/0x20 [ 188.014903][ T7938] ? __fget+0x381/0x550 [ 188.014923][ T7938] ? ksys_dup3+0x3e0/0x3e0 [ 188.014941][ T7938] ? __fget_light+0x1a9/0x230 [ 188.014955][ T7938] ? __fdget+0x1b/0x20 [ 188.014965][ T7938] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 188.014977][ T7938] ? sockfd_lookup_light+0xcb/0x180 [ 188.014989][ T7938] __sys_sendmmsg+0x1bf/0x4d0 [ 188.015004][ T7938] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 188.015026][ T7938] ? _copy_to_user+0xc9/0x120 [ 188.026563][ T7938] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 188.026578][ T7938] ? put_timespec64+0xda/0x140 [ 188.026591][ T7938] ? nsecs_to_jiffies+0x30/0x30 [ 188.026613][ T7938] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 188.026626][ T7938] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 188.026639][ T7938] ? do_syscall_64+0x26/0x610 [ 188.026651][ T7938] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 188.026663][ T7938] ? do_syscall_64+0x26/0x610 [ 188.026681][ T7938] __x64_sys_sendmmsg+0x9d/0x100 [ 188.026697][ T7938] do_syscall_64+0x103/0x610 [ 188.026712][ T7938] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 188.026728][ T7938] RIP: 0033:0x4582b9 [ 188.139678][ T7938] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 188.159481][ T7938] RSP: 002b:00007eff7491ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 188.168103][ T7938] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 188.176449][ T7938] RDX: 0400000000000174 RSI: 00000000200002c0 RDI: 0000000000000003 [ 188.184856][ T7938] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 188.193004][ T7938] R10: 0000000000000000 R11: 0000000000000246 R12: 00007eff7491b6d4 [ 188.200973][ T7938] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 188.213019][ T7938] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7938 [ 188.223024][ T7938] caller is sk_mc_loop+0x1d/0x210 [ 188.228729][ T7938] CPU: 1 PID: 7938 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 188.238853][ T7938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 188.249517][ T7938] Call Trace: [ 188.253180][ T7938] dump_stack+0x172/0x1f0 [ 188.257616][ T7938] __this_cpu_preempt_check+0x246/0x270 [ 188.263534][ T7938] sk_mc_loop+0x1d/0x210 [ 188.268338][ T7938] ip_mc_output+0x2ef/0xf70 [ 188.272936][ T7938] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 188.278231][ T7938] ? ip_append_data.part.0+0x170/0x170 [ 188.283860][ T7938] ? ip_make_skb+0x1b1/0x2c0 [ 188.288630][ T7938] ? ip_reply_glue_bits+0xc0/0xc0 [ 188.293743][ T7938] ip_local_out+0xc4/0x1b0 [ 188.298266][ T7938] ip_send_skb+0x42/0xf0 [ 188.302884][ T7938] udp_send_skb.isra.0+0x6b2/0x1180 [ 188.308545][ T7938] ? xfrm_lookup_route+0x5b/0x1f0 [ 188.320993][ T7938] udp_sendmsg+0x1dfd/0x2820 23:50:24 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x80005, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x7, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, 0x0, &(0x7f0000000300)=0x3a6) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r1) 23:50:24 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc1205531, &(0x7f0000000080)) 23:50:24 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000100)='oom_adj\x00') write$P9_RXATTRWALK(r0, 0x0, 0x16a) 23:50:24 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001fee, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_execute_func(&(0x7f00000002c0)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e3baba0f111010c1585e5c2b71660f3a42ab06b5") mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f00000000c0)=@loop={'/dev/loop', 0x0}, &(0x7f00000001c0)='./file0\x00', 0x0, 0x11000, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) 23:50:24 executing program 3: msgget(0x2, 0x610) [ 188.326530][ T7938] ? __lock_acquire+0x548/0x3fb0 [ 188.332056][ T7938] ? find_held_lock+0x35/0x130 [ 188.337948][ T7938] ? ip_reply_glue_bits+0xc0/0xc0 [ 188.343814][ T7938] ? udp4_lib_lookup_skb+0x440/0x440 [ 188.349412][ T7938] udpv6_sendmsg+0x13a4/0x28d0 [ 188.354559][ T7938] ? udpv6_sendmsg+0x13a4/0x28d0 [ 188.359871][ T7938] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 188.365951][ T7938] ? aa_profile_af_perm+0x320/0x320 [ 188.365967][ T7938] ? __might_fault+0x12b/0x1e0 [ 188.365981][ T7938] ? find_held_lock+0x35/0x130 [ 188.365998][ T7938] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 188.366014][ T7938] ? rw_copy_check_uvector+0x2a6/0x330 [ 188.366040][ T7938] ? ___might_sleep+0x163/0x280 [ 188.366055][ T7938] ? __might_sleep+0x95/0x190 [ 188.366074][ T7938] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 188.376981][ T7938] ? aa_sk_perm+0x288/0x880 [ 188.377004][ T7938] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 188.420240][ T7938] inet_sendmsg+0x147/0x5e0 [ 188.424746][ T7938] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 188.431096][ T7938] ? inet_sendmsg+0x147/0x5e0 [ 188.435977][ T7938] ? ipip_gro_receive+0x100/0x100 [ 188.441369][ T7938] sock_sendmsg+0xdd/0x130 [ 188.446000][ T7938] ___sys_sendmsg+0x3e2/0x930 [ 188.450865][ T7938] ? copy_msghdr_from_user+0x430/0x430 [ 188.456525][ T7938] ? __lock_acquire+0x548/0x3fb0 [ 188.461996][ T7938] ? lock_downgrade+0x880/0x880 [ 188.467129][ T7938] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 188.473727][ T7938] ? kasan_check_read+0x11/0x20 [ 188.478862][ T7938] ? __might_fault+0x12b/0x1e0 [ 188.484241][ T7938] ? find_held_lock+0x35/0x130 [ 188.489290][ T7938] ? __might_fault+0x12b/0x1e0 [ 188.494423][ T7938] ? lock_downgrade+0x880/0x880 [ 188.499467][ T7938] ? ___might_sleep+0x163/0x280 [ 188.504355][ T7938] __sys_sendmmsg+0x1bf/0x4d0 [ 188.509831][ T7938] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 188.515548][ T7938] ? _copy_to_user+0xc9/0x120 [ 188.520510][ T7938] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 188.527060][ T7938] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 188.533843][ T7938] ? put_timespec64+0xda/0x140 [ 188.538795][ T7938] ? nsecs_to_jiffies+0x30/0x30 [ 188.544008][ T7938] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 188.549654][ T7938] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 188.555317][ T7938] ? do_syscall_64+0x26/0x610 [ 188.560462][ T7938] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 188.566865][ T7938] ? do_syscall_64+0x26/0x610 [ 188.571982][ T7938] __x64_sys_sendmmsg+0x9d/0x100 [ 188.577083][ T7938] do_syscall_64+0x103/0x610 [ 188.581757][ T7938] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 188.588061][ T7938] RIP: 0033:0x4582b9 [ 188.592135][ T7938] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 188.613160][ T7938] RSP: 002b:00007eff7491ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 188.622271][ T7938] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 188.630771][ T7938] RDX: 0400000000000174 RSI: 00000000200002c0 RDI: 0000000000000003 [ 188.639161][ T7938] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 188.647565][ T7938] R10: 0000000000000000 R11: 0000000000000246 R12: 00007eff7491b6d4 [ 188.656419][ T7938] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff 23:50:24 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x800448d3, 0x0) 23:50:24 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x80005, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x7, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, 0x0, &(0x7f0000000300)=0x3a6) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r0) 23:50:24 executing program 1: r0 = socket(0x80000000010, 0x100000802, 0x0) sendto(r0, &(0x7f0000000000)="120000001200e7ef007b1a41cd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000002000)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x144}, {&(0x7f00000000c0)=""/85, 0x6f6}, {&(0x7f0000000fc0)=""/4096, 0x1064}, {&(0x7f0000000400)=""/120, 0x1078}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x10}, {&(0x7f0000000340)=""/22, 0x15}], 0x8, &(0x7f0000002400)=""/191, 0xfffffffffffffeb2}}], 0x4000000000000f6, 0x0, &(0x7f0000003700)={0x77359400}) r1 = socket(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000100)={'veth1_to_team\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="86e161121004010000000400000000ffff"]}) ppoll(&(0x7f0000000080), 0x28, 0x0, &(0x7f0000000140), 0x8) setsockopt$inet_int(r1, 0x0, 0x40, &(0x7f0000000080), 0x4) 23:50:24 executing program 4: ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc1205531, &(0x7f0000000080)) 23:50:24 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001fee, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_execute_func(&(0x7f00000002c0)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e3baba0f111010c1585e5c2b71660f3a42ab06b5") mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f00000000c0)=@loop={'/dev/loop', 0x0}, &(0x7f00000001c0)='./file0\x00', 0x0, 0x11000, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) 23:50:24 executing program 3: r0 = memfd_create(&(0x7f0000000200)='#vmem1\x00', 0x4) socketpair$unix(0x1, 0x4000000000002, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$inet_udp(0x2, 0x2, 0x0) writev(r4, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400add427323b470c458c56", 0x10}], 0x1) close(r5) socket$netlink(0x10, 0x3, 0x4) ioctl$sock_TIOCINQ(r3, 0x541b, &(0x7f0000000140)) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r3, 0x0, r5, 0x0, 0x20000000010008, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) [ 188.998083][ T7948] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7948 [ 189.007856][ T7948] caller is sk_mc_loop+0x1d/0x210 [ 189.012991][ T7948] CPU: 0 PID: 7948 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 189.022015][ T7948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 189.032329][ T7948] Call Trace: [ 189.032358][ T7948] dump_stack+0x172/0x1f0 [ 189.040440][ T7948] __this_cpu_preempt_check+0x246/0x270 [ 189.046103][ T7948] sk_mc_loop+0x1d/0x210 [ 189.050367][ T7948] ip_mc_output+0x2ef/0xf70 [ 189.055100][ T7948] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 189.060309][ T7948] ? ip_append_data.part.0+0x170/0x170 [ 189.065862][ T7948] ? ip_make_skb+0x1b1/0x2c0 [ 189.070708][ T7948] ? ip_reply_glue_bits+0xc0/0xc0 [ 189.076011][ T7948] ip_local_out+0xc4/0x1b0 [ 189.080666][ T7948] ip_send_skb+0x42/0xf0 [ 189.085448][ T7948] udp_send_skb.isra.0+0x6b2/0x1180 [ 189.090755][ T7948] ? xfrm_lookup_route+0x5b/0x1f0 [ 189.096326][ T7948] udp_sendmsg+0x1dfd/0x2820 [ 189.101101][ T7948] ? find_held_lock+0x35/0x130 [ 189.105882][ T7948] ? ip_reply_glue_bits+0xc0/0xc0 [ 189.111085][ T7948] ? udp4_lib_lookup_skb+0x440/0x440 [ 189.116373][ T7948] ? kasan_check_read+0x11/0x20 [ 189.121325][ T7948] ? is_bpf_text_address+0xd3/0x170 [ 189.126815][ T7948] udpv6_sendmsg+0x13a4/0x28d0 [ 189.131788][ T7948] ? udpv6_sendmsg+0x13a4/0x28d0 [ 189.137088][ T7948] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 189.143177][ T7948] ? aa_profile_af_perm+0x320/0x320 [ 189.148376][ T7948] ? __might_fault+0x12b/0x1e0 [ 189.153419][ T7948] ? find_held_lock+0x35/0x130 [ 189.158194][ T7948] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 189.164830][ T7948] ? rw_copy_check_uvector+0x2a6/0x330 [ 189.170419][ T7948] ? ___might_sleep+0x163/0x280 [ 189.175461][ T7948] ? __might_sleep+0x95/0x190 [ 189.180229][ T7948] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 189.185946][ T7948] ? aa_sk_perm+0x288/0x880 [ 189.190671][ T7948] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 189.196432][ T7948] inet_sendmsg+0x147/0x5e0 [ 189.200946][ T7948] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 189.207005][ T7948] ? inet_sendmsg+0x147/0x5e0 [ 189.211940][ T7948] ? ipip_gro_receive+0x100/0x100 [ 189.217317][ T7948] sock_sendmsg+0xdd/0x130 [ 189.221776][ T7948] ___sys_sendmsg+0x3e2/0x930 [ 189.226459][ T7948] ? copy_msghdr_from_user+0x430/0x430 [ 189.232291][ T7948] ? lock_downgrade+0x880/0x880 [ 189.237577][ T7948] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 189.243940][ T7948] ? kasan_check_read+0x11/0x20 [ 189.248819][ T7948] ? __fget+0x381/0x550 [ 189.253804][ T7948] ? ksys_dup3+0x3e0/0x3e0 [ 189.258233][ T7948] ? __fget_light+0x1a9/0x230 [ 189.263082][ T7948] ? __fdget+0x1b/0x20 [ 189.267148][ T7948] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 189.273387][ T7948] ? sockfd_lookup_light+0xcb/0x180 [ 189.278760][ T7948] __sys_sendmmsg+0x1bf/0x4d0 [ 189.283444][ T7948] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 189.288579][ T7948] ? _copy_to_user+0xc9/0x120 [ 189.293443][ T7948] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 189.299775][ T7948] ? put_timespec64+0xda/0x140 [ 189.303753][ T7938] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7938 [ 189.304636][ T7948] ? nsecs_to_jiffies+0x30/0x30 [ 189.304659][ T7948] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 189.304674][ T7948] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 189.304688][ T7948] ? do_syscall_64+0x26/0x610 [ 189.304703][ T7948] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.304723][ T7948] ? do_syscall_64+0x26/0x610 [ 189.314110][ T7938] caller is sk_mc_loop+0x1d/0x210 [ 189.318915][ T7948] __x64_sys_sendmmsg+0x9d/0x100 [ 189.355720][ T7948] do_syscall_64+0x103/0x610 [ 189.360311][ T7948] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.366286][ T7948] RIP: 0033:0x4582b9 [ 189.370269][ T7948] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 189.390230][ T7948] RSP: 002b:00007eff748f9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 189.398720][ T7948] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 189.406770][ T7948] RDX: 0400000000000174 RSI: 00000000200002c0 RDI: 0000000000000004 [ 189.414827][ T7948] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 189.423023][ T7948] R10: 0000000000000000 R11: 0000000000000246 R12: 00007eff748fa6d4 [ 189.431082][ T7948] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 189.439430][ T7938] CPU: 1 PID: 7938 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 189.448721][ T7938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 189.455737][ T7948] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7948 [ 189.458867][ T7938] Call Trace: [ 189.468527][ T7948] caller is sk_mc_loop+0x1d/0x210 [ 189.471655][ T7938] dump_stack+0x172/0x1f0 [ 189.488646][ T7938] __this_cpu_preempt_check+0x246/0x270 [ 189.494190][ T7938] sk_mc_loop+0x1d/0x210 [ 189.498624][ T7938] ip_mc_output+0x2ef/0xf70 [ 189.503132][ T7938] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 189.508326][ T7938] ? ip_append_data.part.0+0x170/0x170 [ 189.514045][ T7938] ? ip_make_skb+0x1b1/0x2c0 [ 189.518710][ T7938] ? ip_reply_glue_bits+0xc0/0xc0 [ 189.523729][ T7938] ip_local_out+0xc4/0x1b0 [ 189.528145][ T7938] ip_send_skb+0x42/0xf0 [ 189.532763][ T7938] udp_send_skb.isra.0+0x6b2/0x1180 [ 189.538249][ T7938] ? xfrm_lookup_route+0x5b/0x1f0 [ 189.543371][ T7938] udp_sendmsg+0x1dfd/0x2820 [ 189.548055][ T7938] ? __lock_acquire+0x548/0x3fb0 [ 189.553437][ T7938] ? find_held_lock+0x35/0x130 [ 189.558460][ T7938] ? ip_reply_glue_bits+0xc0/0xc0 [ 189.563568][ T7938] ? udp4_lib_lookup_skb+0x440/0x440 [ 189.569069][ T7938] udpv6_sendmsg+0x13a4/0x28d0 [ 189.574100][ T7938] ? udpv6_sendmsg+0x13a4/0x28d0 [ 189.579217][ T7938] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 189.585287][ T7938] ? aa_profile_af_perm+0x320/0x320 [ 189.591262][ T7938] ? __might_fault+0x12b/0x1e0 [ 189.596278][ T7938] ? find_held_lock+0x35/0x130 [ 189.602130][ T7938] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 189.608711][ T7938] ? rw_copy_check_uvector+0x2a6/0x330 [ 189.614618][ T7938] ? ___might_sleep+0x163/0x280 [ 189.619548][ T7938] ? __might_sleep+0x95/0x190 [ 189.624399][ T7938] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 189.630035][ T7938] ? aa_sk_perm+0x288/0x880 [ 189.634653][ T7938] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 189.640490][ T7938] inet_sendmsg+0x147/0x5e0 [ 189.645178][ T7938] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 189.651585][ T7938] ? inet_sendmsg+0x147/0x5e0 [ 189.657317][ T7938] ? ipip_gro_receive+0x100/0x100 [ 189.662528][ T7938] sock_sendmsg+0xdd/0x130 [ 189.666942][ T7938] ___sys_sendmsg+0x3e2/0x930 [ 189.671709][ T7938] ? copy_msghdr_from_user+0x430/0x430 [ 189.677170][ T7938] ? __lock_acquire+0x548/0x3fb0 [ 189.682106][ T7938] ? lock_downgrade+0x880/0x880 [ 189.686946][ T7938] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 189.693267][ T7938] ? kasan_check_read+0x11/0x20 [ 189.698553][ T7938] ? __might_fault+0x12b/0x1e0 [ 189.703319][ T7938] ? find_held_lock+0x35/0x130 [ 189.709598][ T7938] ? __might_fault+0x12b/0x1e0 [ 189.714360][ T7938] ? lock_downgrade+0x880/0x880 [ 189.719579][ T7938] ? ___might_sleep+0x163/0x280 [ 189.724518][ T7938] __sys_sendmmsg+0x1bf/0x4d0 [ 189.729581][ T7938] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 189.734695][ T7938] ? _copy_to_user+0xc9/0x120 [ 189.739634][ T7938] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 189.746297][ T7938] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 189.752627][ T7938] ? put_timespec64+0xda/0x140 [ 189.757469][ T7938] ? nsecs_to_jiffies+0x30/0x30 [ 189.762347][ T7938] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 189.767890][ T7938] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 189.773531][ T7938] ? do_syscall_64+0x26/0x610 [ 189.778204][ T7938] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.784436][ T7938] ? do_syscall_64+0x26/0x610 [ 189.789279][ T7938] __x64_sys_sendmmsg+0x9d/0x100 [ 189.794296][ T7938] do_syscall_64+0x103/0x610 [ 189.798903][ T7938] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.804963][ T7938] RIP: 0033:0x4582b9 [ 189.808853][ T7938] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 189.828993][ T7938] RSP: 002b:00007eff7491ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 189.837574][ T7938] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 189.845747][ T7938] RDX: 0400000000000174 RSI: 00000000200002c0 RDI: 0000000000000003 [ 189.853880][ T7938] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 189.861992][ T7938] R10: 0000000000000000 R11: 0000000000000246 R12: 00007eff7491b6d4 [ 189.869970][ T7938] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 189.878080][ T7948] CPU: 0 PID: 7948 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 189.887457][ T7948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 189.887463][ T7948] Call Trace: [ 189.887489][ T7948] dump_stack+0x172/0x1f0 [ 189.887510][ T7948] __this_cpu_preempt_check+0x246/0x270 [ 189.887524][ T7948] sk_mc_loop+0x1d/0x210 [ 189.887543][ T7948] ip_mc_output+0x2ef/0xf70 [ 189.901315][ T7948] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 189.901340][ T7948] ? ip_append_data.part.0+0x170/0x170 [ 189.922080][ T7938] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7938 [ 189.925785][ T7948] ? ip_make_skb+0x1b1/0x2c0 [ 189.925800][ T7948] ? ip_reply_glue_bits+0xc0/0xc0 [ 189.925817][ T7948] ip_local_out+0xc4/0x1b0 [ 189.925834][ T7948] ip_send_skb+0x42/0xf0 [ 189.925853][ T7948] udp_send_skb.isra.0+0x6b2/0x1180 [ 189.931466][ T7938] caller is sk_mc_loop+0x1d/0x210 [ 189.970470][ T7948] ? xfrm_lookup_route+0x5b/0x1f0 [ 189.975584][ T7948] udp_sendmsg+0x1dfd/0x2820 [ 189.980166][ T7948] ? find_held_lock+0x35/0x130 [ 189.984927][ T7948] ? ip_reply_glue_bits+0xc0/0xc0 [ 189.990195][ T7948] ? udp4_lib_lookup_skb+0x440/0x440 [ 189.995939][ T7948] ? kasan_check_read+0x11/0x20 [ 190.000901][ T7948] ? is_bpf_text_address+0xd3/0x170 [ 190.006310][ T7948] udpv6_sendmsg+0x13a4/0x28d0 [ 190.011157][ T7948] ? udpv6_sendmsg+0x13a4/0x28d0 [ 190.016282][ T7948] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 190.022547][ T7948] ? aa_profile_af_perm+0x320/0x320 [ 190.027741][ T7948] ? __might_fault+0x12b/0x1e0 [ 190.032775][ T7948] ? find_held_lock+0x35/0x130 [ 190.037887][ T7948] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.044404][ T7948] ? rw_copy_check_uvector+0x2a6/0x330 [ 190.050129][ T7948] ? ___might_sleep+0x163/0x280 [ 190.055066][ T7948] ? __might_sleep+0x95/0x190 [ 190.059742][ T7948] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 190.065385][ T7948] ? aa_sk_perm+0x288/0x880 [ 190.069893][ T7948] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 190.075615][ T7948] inet_sendmsg+0x147/0x5e0 [ 190.080116][ T7948] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 190.086180][ T7948] ? inet_sendmsg+0x147/0x5e0 [ 190.090935][ T7948] ? ipip_gro_receive+0x100/0x100 [ 190.096090][ T7948] sock_sendmsg+0xdd/0x130 [ 190.100696][ T7948] ___sys_sendmsg+0x3e2/0x930 [ 190.105388][ T7948] ? copy_msghdr_from_user+0x430/0x430 [ 190.110926][ T7948] ? __lock_acquire+0x548/0x3fb0 [ 190.116030][ T7948] ? lock_downgrade+0x880/0x880 [ 190.121690][ T7948] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 190.128335][ T7948] ? kasan_check_read+0x11/0x20 [ 190.133542][ T7948] ? __might_fault+0x12b/0x1e0 [ 190.138482][ T7948] ? find_held_lock+0x35/0x130 [ 190.143864][ T7948] ? __might_fault+0x12b/0x1e0 [ 190.148722][ T7948] ? lock_downgrade+0x880/0x880 [ 190.153838][ T7948] ? ___might_sleep+0x163/0x280 [ 190.158864][ T7948] __sys_sendmmsg+0x1bf/0x4d0 [ 190.163734][ T7948] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 190.169114][ T7948] ? _copy_to_user+0xc9/0x120 [ 190.174073][ T7948] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.180487][ T7948] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.187350][ T7948] ? put_timespec64+0xda/0x140 [ 190.192210][ T7948] ? nsecs_to_jiffies+0x30/0x30 [ 190.197160][ T7948] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.202736][ T7948] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.208281][ T7948] ? do_syscall_64+0x26/0x610 [ 190.213127][ T7948] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.219709][ T7948] ? do_syscall_64+0x26/0x610 [ 190.224644][ T7948] __x64_sys_sendmmsg+0x9d/0x100 [ 190.229840][ T7948] do_syscall_64+0x103/0x610 [ 190.234520][ T7948] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.240497][ T7948] RIP: 0033:0x4582b9 [ 190.244858][ T7948] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 190.264962][ T7948] RSP: 002b:00007eff748f9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 190.273892][ T7948] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 190.299687][ T7948] RDX: 0400000000000174 RSI: 00000000200002c0 RDI: 0000000000000004 [ 190.307827][ T7948] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 190.323652][ T7948] R10: 0000000000000000 R11: 0000000000000246 R12: 00007eff748fa6d4 [ 190.331895][ T7948] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 190.339970][ T7938] CPU: 1 PID: 7938 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 190.349282][ T7938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 190.359444][ T7938] Call Trace: [ 190.359749][ T7948] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7948 [ 190.362741][ T7938] dump_stack+0x172/0x1f0 [ 190.372153][ T7948] caller is sk_mc_loop+0x1d/0x210 [ 190.376484][ T7938] __this_cpu_preempt_check+0x246/0x270 [ 190.376500][ T7938] sk_mc_loop+0x1d/0x210 [ 190.376515][ T7938] ip_mc_output+0x2ef/0xf70 [ 190.376533][ T7938] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 190.401483][ T7938] ? ip_append_data.part.0+0x170/0x170 [ 190.407108][ T7938] ? ip_make_skb+0x1b1/0x2c0 [ 190.411867][ T7938] ? ip_reply_glue_bits+0xc0/0xc0 [ 190.417064][ T7938] ip_local_out+0xc4/0x1b0 [ 190.421562][ T7938] ip_send_skb+0x42/0xf0 [ 190.426064][ T7938] udp_send_skb.isra.0+0x6b2/0x1180 [ 190.431448][ T7938] ? xfrm_lookup_route+0x5b/0x1f0 [ 190.436561][ T7938] udp_sendmsg+0x1dfd/0x2820 [ 190.441449][ T7938] ? __lock_acquire+0x548/0x3fb0 [ 190.446639][ T7938] ? find_held_lock+0x35/0x130 [ 190.452996][ T7938] ? ip_reply_glue_bits+0xc0/0xc0 [ 190.458016][ T7938] ? udp4_lib_lookup_skb+0x440/0x440 [ 190.463776][ T7938] udpv6_sendmsg+0x13a4/0x28d0 [ 190.468732][ T7938] ? udpv6_sendmsg+0x13a4/0x28d0 [ 190.474016][ T7938] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 190.480357][ T7938] ? aa_profile_af_perm+0x320/0x320 [ 190.485638][ T7938] ? __might_fault+0x12b/0x1e0 [ 190.490576][ T7938] ? find_held_lock+0x35/0x130 [ 190.495342][ T7938] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.502096][ T7938] ? rw_copy_check_uvector+0x2a6/0x330 [ 190.507588][ T7938] ? ___might_sleep+0x163/0x280 [ 190.512622][ T7938] ? __might_sleep+0x95/0x190 [ 190.517643][ T7938] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 190.523530][ T7938] ? aa_sk_perm+0x288/0x880 [ 190.528057][ T7938] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 190.533684][ T7938] inet_sendmsg+0x147/0x5e0 [ 190.538367][ T7938] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 190.544608][ T7938] ? inet_sendmsg+0x147/0x5e0 [ 190.549279][ T7938] ? ipip_gro_receive+0x100/0x100 [ 190.554299][ T7938] sock_sendmsg+0xdd/0x130 [ 190.558986][ T7938] ___sys_sendmsg+0x3e2/0x930 [ 190.563661][ T7938] ? copy_msghdr_from_user+0x430/0x430 [ 190.569287][ T7938] ? __lock_acquire+0x548/0x3fb0 [ 190.574569][ T7938] ? lock_downgrade+0x880/0x880 [ 190.579938][ T7938] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 190.586366][ T7938] ? kasan_check_read+0x11/0x20 [ 190.591300][ T7938] ? __might_fault+0x12b/0x1e0 [ 190.596165][ T7938] ? find_held_lock+0x35/0x130 [ 190.600928][ T7938] ? __might_fault+0x12b/0x1e0 [ 190.605866][ T7938] ? lock_downgrade+0x880/0x880 [ 190.610716][ T7938] ? ___might_sleep+0x163/0x280 [ 190.615781][ T7938] __sys_sendmmsg+0x1bf/0x4d0 [ 190.620623][ T7938] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 190.625736][ T7938] ? _copy_to_user+0xc9/0x120 [ 190.630438][ T7938] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.636854][ T7938] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.643096][ T7938] ? put_timespec64+0xda/0x140 [ 190.647944][ T7938] ? nsecs_to_jiffies+0x30/0x30 [ 190.652889][ T7938] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.658614][ T7938] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.664192][ T7938] ? do_syscall_64+0x26/0x610 [ 190.669036][ T7938] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.675202][ T7938] ? do_syscall_64+0x26/0x610 [ 190.680150][ T7938] __x64_sys_sendmmsg+0x9d/0x100 [ 190.685516][ T7938] do_syscall_64+0x103/0x610 [ 190.690104][ T7938] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.696072][ T7938] RIP: 0033:0x4582b9 [ 190.699959][ T7938] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 190.719833][ T7938] RSP: 002b:00007eff7491ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 190.728235][ T7938] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 190.736283][ T7938] RDX: 0400000000000174 RSI: 00000000200002c0 RDI: 0000000000000003 [ 190.744339][ T7938] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 190.752479][ T7938] R10: 0000000000000000 R11: 0000000000000246 R12: 00007eff7491b6d4 [ 190.760882][ T7938] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 190.768873][ T7948] CPU: 0 PID: 7948 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 190.778255][ T7948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 190.787301][ T7938] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7938 [ 190.788483][ T7948] Call Trace: [ 190.788505][ T7948] dump_stack+0x172/0x1f0 [ 190.788526][ T7948] __this_cpu_preempt_check+0x246/0x270 [ 190.788545][ T7948] sk_mc_loop+0x1d/0x210 [ 190.797928][ T7938] caller is sk_mc_loop+0x1d/0x210 [ 190.801341][ T7948] ip_mc_output+0x2ef/0xf70 [ 190.825579][ T7948] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 190.830688][ T7948] ? ip_append_data.part.0+0x170/0x170 [ 190.836153][ T7948] ? ip_make_skb+0x1b1/0x2c0 [ 190.841090][ T7948] ? ip_reply_glue_bits+0xc0/0xc0 [ 190.846110][ T7948] ip_local_out+0xc4/0x1b0 [ 190.850637][ T7948] ip_send_skb+0x42/0xf0 [ 190.854884][ T7948] udp_send_skb.isra.0+0x6b2/0x1180 [ 190.860160][ T7948] ? xfrm_lookup_route+0x5b/0x1f0 [ 190.865270][ T7948] udp_sendmsg+0x1dfd/0x2820 [ 190.870228][ T7948] ? find_held_lock+0x35/0x130 [ 190.874989][ T7948] ? ip_reply_glue_bits+0xc0/0xc0 [ 190.880195][ T7948] ? udp4_lib_lookup_skb+0x440/0x440 [ 190.885477][ T7948] ? kasan_check_read+0x11/0x20 [ 190.890360][ T7948] ? is_bpf_text_address+0xd3/0x170 [ 190.895910][ T7948] udpv6_sendmsg+0x13a4/0x28d0 [ 190.900758][ T7948] ? udpv6_sendmsg+0x13a4/0x28d0 [ 190.905870][ T7948] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 190.911935][ T7948] ? aa_profile_af_perm+0x320/0x320 [ 190.917133][ T7948] ? __might_fault+0x12b/0x1e0 [ 190.921981][ T7948] ? find_held_lock+0x35/0x130 [ 190.927003][ T7948] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.933336][ T7948] ? rw_copy_check_uvector+0x2a6/0x330 [ 190.939412][ T7948] ? ___might_sleep+0x163/0x280 [ 190.944347][ T7948] ? __might_sleep+0x95/0x190 [ 190.949202][ T7948] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 190.954830][ T7948] ? aa_sk_perm+0x288/0x880 [ 190.959507][ T7948] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 190.965048][ T7948] inet_sendmsg+0x147/0x5e0 [ 190.969631][ T7948] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 190.975951][ T7948] ? inet_sendmsg+0x147/0x5e0 [ 190.980704][ T7948] ? ipip_gro_receive+0x100/0x100 [ 190.986075][ T7948] sock_sendmsg+0xdd/0x130 [ 190.990774][ T7948] ___sys_sendmsg+0x3e2/0x930 [ 190.995622][ T7948] ? copy_msghdr_from_user+0x430/0x430 [ 191.001183][ T7948] ? __lock_acquire+0x548/0x3fb0 [ 191.006211][ T7948] ? lock_downgrade+0x880/0x880 [ 191.011248][ T7948] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.017660][ T7948] ? kasan_check_read+0x11/0x20 [ 191.022792][ T7948] ? __might_fault+0x12b/0x1e0 [ 191.027908][ T7948] ? find_held_lock+0x35/0x130 [ 191.032761][ T7948] ? __might_fault+0x12b/0x1e0 [ 191.037611][ T7948] ? lock_downgrade+0x880/0x880 [ 191.042561][ T7948] ? ___might_sleep+0x163/0x280 [ 191.047667][ T7948] __sys_sendmmsg+0x1bf/0x4d0 [ 191.052432][ T7948] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 191.057606][ T7948] ? _copy_to_user+0xc9/0x120 [ 191.062456][ T7948] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.068776][ T7948] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.075031][ T7948] ? put_timespec64+0xda/0x140 [ 191.079963][ T7948] ? nsecs_to_jiffies+0x30/0x30 [ 191.084990][ T7948] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 191.090621][ T7948] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 191.096248][ T7948] ? do_syscall_64+0x26/0x610 [ 191.100925][ T7948] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.107257][ T7948] ? do_syscall_64+0x26/0x610 [ 191.111937][ T7948] __x64_sys_sendmmsg+0x9d/0x100 [ 191.117456][ T7948] do_syscall_64+0x103/0x610 [ 191.122332][ T7948] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.128650][ T7948] RIP: 0033:0x4582b9 [ 191.132735][ T7948] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 191.152814][ T7948] RSP: 002b:00007eff748f9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 191.161662][ T7948] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 191.169621][ T7948] RDX: 0400000000000174 RSI: 00000000200002c0 RDI: 0000000000000004 [ 191.177757][ T7948] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 191.186587][ T7948] R10: 0000000000000000 R11: 0000000000000246 R12: 00007eff748fa6d4 [ 191.195089][ T7948] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 191.203252][ T7938] CPU: 1 PID: 7938 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 191.208145][ T7948] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7948 [ 191.212904][ T7938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 191.222574][ T7948] caller is sk_mc_loop+0x1d/0x210 [ 191.232741][ T7938] Call Trace: [ 191.232763][ T7938] dump_stack+0x172/0x1f0 [ 191.232783][ T7938] __this_cpu_preempt_check+0x246/0x270 [ 191.232798][ T7938] sk_mc_loop+0x1d/0x210 [ 191.232816][ T7938] ip_mc_output+0x2ef/0xf70 [ 191.261474][ T7938] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 191.266769][ T7938] ? ip_append_data.part.0+0x170/0x170 [ 191.272479][ T7938] ? ip_make_skb+0x1b1/0x2c0 [ 191.277068][ T7938] ? ip_reply_glue_bits+0xc0/0xc0 [ 191.282287][ T7938] ip_local_out+0xc4/0x1b0 [ 191.286785][ T7938] ip_send_skb+0x42/0xf0 [ 191.291154][ T7938] udp_send_skb.isra.0+0x6b2/0x1180 [ 191.296343][ T7938] ? xfrm_lookup_route+0x5b/0x1f0 [ 191.301368][ T7938] udp_sendmsg+0x1dfd/0x2820 [ 191.306012][ T7938] ? __lock_acquire+0x548/0x3fb0 [ 191.310938][ T7938] ? find_held_lock+0x35/0x130 [ 191.315729][ T7938] ? ip_reply_glue_bits+0xc0/0xc0 [ 191.321022][ T7938] ? udp4_lib_lookup_skb+0x440/0x440 [ 191.326457][ T7938] udpv6_sendmsg+0x13a4/0x28d0 [ 191.331331][ T7938] ? udpv6_sendmsg+0x13a4/0x28d0 [ 191.336411][ T7938] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 191.342660][ T7938] ? aa_profile_af_perm+0x320/0x320 [ 191.347856][ T7938] ? __might_fault+0x12b/0x1e0 [ 191.352725][ T7938] ? find_held_lock+0x35/0x130 [ 191.358019][ T7938] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.364260][ T7938] ? rw_copy_check_uvector+0x2a6/0x330 [ 191.369736][ T7938] ? ___might_sleep+0x163/0x280 [ 191.374668][ T7938] ? __might_sleep+0x95/0x190 [ 191.379601][ T7938] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 191.385396][ T7938] ? aa_sk_perm+0x288/0x880 [ 191.390078][ T7938] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 191.395876][ T7938] inet_sendmsg+0x147/0x5e0 [ 191.400373][ T7938] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 191.406458][ T7938] ? inet_sendmsg+0x147/0x5e0 [ 191.411311][ T7938] ? ipip_gro_receive+0x100/0x100 [ 191.416415][ T7938] sock_sendmsg+0xdd/0x130 [ 191.421007][ T7938] ___sys_sendmsg+0x3e2/0x930 [ 191.425769][ T7938] ? copy_msghdr_from_user+0x430/0x430 [ 191.431244][ T7938] ? __lock_acquire+0x548/0x3fb0 [ 191.436197][ T7938] ? lock_downgrade+0x880/0x880 [ 191.441485][ T7938] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.447721][ T7938] ? kasan_check_read+0x11/0x20 [ 191.452846][ T7938] ? __might_fault+0x12b/0x1e0 [ 191.457613][ T7938] ? find_held_lock+0x35/0x130 [ 191.462382][ T7938] ? __might_fault+0x12b/0x1e0 [ 191.467238][ T7938] ? lock_downgrade+0x880/0x880 [ 191.472299][ T7938] ? ___might_sleep+0x163/0x280 [ 191.477267][ T7938] __sys_sendmmsg+0x1bf/0x4d0 [ 191.488948][ T7938] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 191.493985][ T7938] ? _copy_to_user+0xc9/0x120 [ 191.498963][ T7938] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.505221][ T7938] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.511473][ T7938] ? put_timespec64+0xda/0x140 [ 191.516323][ T7938] ? nsecs_to_jiffies+0x30/0x30 [ 191.521199][ T7938] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 191.526825][ T7938] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 191.532716][ T7938] ? do_syscall_64+0x26/0x610 [ 191.537388][ T7938] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.543840][ T7938] ? do_syscall_64+0x26/0x610 [ 191.548598][ T7938] __x64_sys_sendmmsg+0x9d/0x100 [ 191.553531][ T7938] do_syscall_64+0x103/0x610 [ 191.558551][ T7938] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.564517][ T7938] RIP: 0033:0x4582b9 [ 191.568402][ T7938] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 191.588546][ T7938] RSP: 002b:00007eff7491ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 191.597212][ T7938] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 191.605552][ T7938] RDX: 0400000000000174 RSI: 00000000200002c0 RDI: 0000000000000003 [ 191.613707][ T7938] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 191.622046][ T7938] R10: 0000000000000000 R11: 0000000000000246 R12: 00007eff7491b6d4 [ 191.630131][ T7938] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 191.638469][ T7948] CPU: 0 PID: 7948 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 191.647581][ T7948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 191.648185][ T7938] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7938 [ 191.657910][ T7948] Call Trace: [ 191.657934][ T7948] dump_stack+0x172/0x1f0 [ 191.657955][ T7948] __this_cpu_preempt_check+0x246/0x270 [ 191.657970][ T7948] sk_mc_loop+0x1d/0x210 [ 191.657986][ T7948] ip_mc_output+0x2ef/0xf70 [ 191.658004][ T7948] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 191.658021][ T7948] ? ip_append_data.part.0+0x170/0x170 [ 191.658034][ T7948] ? ip_make_skb+0x1b1/0x2c0 [ 191.658047][ T7948] ? ip_reply_glue_bits+0xc0/0xc0 [ 191.658065][ T7948] ip_local_out+0xc4/0x1b0 [ 191.658081][ T7948] ip_send_skb+0x42/0xf0 [ 191.658098][ T7948] udp_send_skb.isra.0+0x6b2/0x1180 [ 191.658113][ T7948] ? xfrm_lookup_route+0x5b/0x1f0 [ 191.658134][ T7948] udp_sendmsg+0x1dfd/0x2820 [ 191.658147][ T7948] ? find_held_lock+0x35/0x130 [ 191.658165][ T7948] ? ip_reply_glue_bits+0xc0/0xc0 [ 191.658184][ T7948] ? udp4_lib_lookup_skb+0x440/0x440 [ 191.658203][ T7948] ? kasan_check_read+0x11/0x20 [ 191.658224][ T7948] ? is_bpf_text_address+0xd3/0x170 [ 191.658278][ T7948] udpv6_sendmsg+0x13a4/0x28d0 [ 191.658290][ T7948] ? udpv6_sendmsg+0x13a4/0x28d0 [ 191.658315][ T7948] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 191.658495][ T7948] ? aa_profile_af_perm+0x320/0x320 [ 191.667972][ T7938] caller is sk_mc_loop+0x1d/0x210 [ 191.671735][ T7948] ? __might_fault+0x12b/0x1e0 [ 191.793178][ T7948] ? find_held_lock+0x35/0x130 [ 191.798108][ T7948] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.804446][ T7948] ? rw_copy_check_uvector+0x2a6/0x330 [ 191.809915][ T7948] ? ___might_sleep+0x163/0x280 [ 191.814760][ T7948] ? __might_sleep+0x95/0x190 [ 191.819534][ T7948] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 191.825250][ T7948] ? aa_sk_perm+0x288/0x880 [ 191.829753][ T7948] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 191.835291][ T7948] inet_sendmsg+0x147/0x5e0 [ 191.839903][ T7948] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 191.845872][ T7948] ? inet_sendmsg+0x147/0x5e0 [ 191.850538][ T7948] ? ipip_gro_receive+0x100/0x100 [ 191.855651][ T7948] sock_sendmsg+0xdd/0x130 [ 191.860059][ T7948] ___sys_sendmsg+0x3e2/0x930 [ 191.864752][ T7948] ? copy_msghdr_from_user+0x430/0x430 [ 191.870289][ T7948] ? __lock_acquire+0x548/0x3fb0 [ 191.875227][ T7948] ? lock_downgrade+0x880/0x880 [ 191.880068][ T7948] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.886329][ T7948] ? kasan_check_read+0x11/0x20 [ 191.891189][ T7948] ? __might_fault+0x12b/0x1e0 [ 191.895951][ T7948] ? find_held_lock+0x35/0x130 [ 191.900898][ T7948] ? __might_fault+0x12b/0x1e0 [ 191.905661][ T7948] ? lock_downgrade+0x880/0x880 [ 191.910600][ T7948] ? ___might_sleep+0x163/0x280 [ 191.915569][ T7948] __sys_sendmmsg+0x1bf/0x4d0 [ 191.920244][ T7948] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 191.925361][ T7948] ? _copy_to_user+0xc9/0x120 [ 191.930039][ T7948] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.936368][ T7948] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.942693][ T7948] ? put_timespec64+0xda/0x140 [ 191.947541][ T7948] ? nsecs_to_jiffies+0x30/0x30 [ 191.952567][ T7948] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 191.958289][ T7948] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 191.963753][ T7948] ? do_syscall_64+0x26/0x610 [ 191.968855][ T7948] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.975002][ T7948] ? do_syscall_64+0x26/0x610 [ 191.979761][ T7948] __x64_sys_sendmmsg+0x9d/0x100 [ 191.984884][ T7948] do_syscall_64+0x103/0x610 [ 191.989482][ T7948] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.995383][ T7948] RIP: 0033:0x4582b9 [ 191.999277][ T7948] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 192.019342][ T7948] RSP: 002b:00007eff748f9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 192.027938][ T7948] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 192.036094][ T7948] RDX: 0400000000000174 RSI: 00000000200002c0 RDI: 0000000000000004 [ 192.044183][ T7948] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 192.052499][ T7948] R10: 0000000000000000 R11: 0000000000000246 R12: 00007eff748fa6d4 [ 192.060909][ T7948] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 192.068894][ T7938] CPU: 1 PID: 7938 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 192.077916][ T7938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 192.087974][ T7938] Call Trace: [ 192.091424][ T7938] dump_stack+0x172/0x1f0 [ 192.095944][ T7938] __this_cpu_preempt_check+0x246/0x270 [ 192.101500][ T7938] sk_mc_loop+0x1d/0x210 [ 192.105853][ T7938] ip_mc_output+0x2ef/0xf70 [ 192.110392][ T7938] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 192.115775][ T7938] ? ip_append_data.part.0+0x170/0x170 [ 192.121332][ T7938] ? ip_make_skb+0x1b1/0x2c0 [ 192.125963][ T7938] ? ip_reply_glue_bits+0xc0/0xc0 [ 192.130996][ T7938] ip_local_out+0xc4/0x1b0 [ 192.135490][ T7938] ip_send_skb+0x42/0xf0 [ 192.139725][ T7938] udp_send_skb.isra.0+0x6b2/0x1180 [ 192.144999][ T7938] ? xfrm_lookup_route+0x5b/0x1f0 [ 192.150196][ T7938] udp_sendmsg+0x1dfd/0x2820 [ 192.154770][ T7938] ? __lock_acquire+0x548/0x3fb0 [ 192.159797][ T7938] ? find_held_lock+0x35/0x130 [ 192.164641][ T7938] ? ip_reply_glue_bits+0xc0/0xc0 [ 192.169663][ T7938] ? udp4_lib_lookup_skb+0x440/0x440 [ 192.174964][ T7938] udpv6_sendmsg+0x13a4/0x28d0 [ 192.179712][ T7938] ? udpv6_sendmsg+0x13a4/0x28d0 [ 192.184906][ T7938] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 192.191191][ T7938] ? aa_profile_af_perm+0x320/0x320 [ 192.196580][ T7938] ? __might_fault+0x12b/0x1e0 [ 192.201416][ T7938] ? find_held_lock+0x35/0x130 [ 192.206339][ T7938] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.212746][ T7938] ? rw_copy_check_uvector+0x2a6/0x330 [ 192.218205][ T7938] ? ___might_sleep+0x163/0x280 [ 192.223475][ T7938] ? __might_sleep+0x95/0x190 [ 192.228234][ T7938] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 192.234044][ T7938] ? aa_sk_perm+0x288/0x880 [ 192.238628][ T7938] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 192.244470][ T7938] inet_sendmsg+0x147/0x5e0 [ 192.249045][ T7938] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 192.255103][ T7938] ? inet_sendmsg+0x147/0x5e0 [ 192.260302][ T7938] ? ipip_gro_receive+0x100/0x100 [ 192.265512][ T7938] sock_sendmsg+0xdd/0x130 [ 192.269915][ T7938] ___sys_sendmsg+0x3e2/0x930 [ 192.274857][ T7938] ? copy_msghdr_from_user+0x430/0x430 [ 192.280404][ T7938] ? __lock_acquire+0x548/0x3fb0 [ 192.285337][ T7938] ? lock_downgrade+0x880/0x880 [ 192.290190][ T7938] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.296598][ T7938] ? kasan_check_read+0x11/0x20 [ 192.301619][ T7938] ? __might_fault+0x12b/0x1e0 [ 192.306558][ T7938] ? find_held_lock+0x35/0x130 [ 192.311390][ T7938] ? __might_fault+0x12b/0x1e0 [ 192.316233][ T7938] ? lock_downgrade+0x880/0x880 [ 192.321309][ T7938] ? ___might_sleep+0x163/0x280 [ 192.326774][ T7938] __sys_sendmmsg+0x1bf/0x4d0 [ 192.331438][ T7938] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 192.336729][ T7938] ? _copy_to_user+0xc9/0x120 [ 192.341483][ T7938] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.347878][ T7938] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.354195][ T7938] ? put_timespec64+0xda/0x140 [ 192.359036][ T7938] ? nsecs_to_jiffies+0x30/0x30 [ 192.363894][ T7938] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.369434][ T7938] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.374873][ T7938] ? do_syscall_64+0x26/0x610 [ 192.379714][ T7938] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.385953][ T7938] ? do_syscall_64+0x26/0x610 [ 192.390709][ T7938] __x64_sys_sendmmsg+0x9d/0x100 [ 192.395805][ T7938] do_syscall_64+0x103/0x610 [ 192.400999][ T7938] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.407219][ T7938] RIP: 0033:0x4582b9 [ 192.411272][ T7938] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 192.430869][ T7938] RSP: 002b:00007eff7491ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 192.439276][ T7938] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 192.447846][ T7938] RDX: 0400000000000174 RSI: 00000000200002c0 RDI: 0000000000000003 [ 192.456210][ T7938] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 192.464252][ T7938] R10: 0000000000000000 R11: 0000000000000246 R12: 00007eff7491b6d4 [ 192.472206][ T7938] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff 23:50:28 executing program 5: r0 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x1, 0x0) ioctl$int_in(r0, 0x80000080045002, &(0x7f0000000000)) clone(0x0, 0x0, 0x0, 0x0, 0x0) 23:50:28 executing program 4: ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc1205531, &(0x7f0000000080)) 23:50:28 executing program 1: r0 = socket(0x80000000010, 0x100000802, 0x0) sendto(r0, &(0x7f0000000000)="120000001200e7ef007b1a41cd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000002000)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x144}, {&(0x7f00000000c0)=""/85, 0x6f6}, {&(0x7f0000000fc0)=""/4096, 0x1064}, {&(0x7f0000000400)=""/120, 0x1078}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x10}, {&(0x7f0000000340)=""/22, 0x15}], 0x8, &(0x7f0000002400)=""/191, 0xfffffffffffffeb2}}], 0x4000000000000f6, 0x0, &(0x7f0000003700)={0x77359400}) r1 = socket(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000100)={'veth1_to_team\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="86e161121004010000000400000000ffff"]}) ppoll(&(0x7f0000000080), 0x28, 0x0, &(0x7f0000000140), 0x8) setsockopt$inet_int(r1, 0x0, 0x40, &(0x7f0000000080), 0x4) 23:50:28 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x80005, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x7, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, 0x0, &(0x7f0000000300)=0x3a6) close(r0) 23:50:28 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000000000500200000000ef00000a"]) 23:50:28 executing program 3: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_int(r0, 0x29, 0x19, 0x0, &(0x7f0000013000)) 23:50:28 executing program 3: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000012000/0x1000)=nil, 0x1000}, 0x1}) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/vhost-net\x00', 0x2, 0x0) r2 = dup(r1) ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f00000127c0)={'team0\x00'}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r2, 0x4008af30, &(0x7f0000000280)) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r2, 0xc0105303, 0x0) close(r0) 23:50:28 executing program 4: ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc1205531, &(0x7f0000000080)) 23:50:28 executing program 4: ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc1205531, &(0x7f0000000080)) 23:50:28 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x80005, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x7, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, 0x0, &(0x7f0000000300)=0x3a6) close(r0) 23:50:28 executing program 1: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000012000/0x1000)=nil, 0x1000}, 0x1}) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/vhost-net\x00', 0x2, 0x0) r2 = dup(r1) ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f00000127c0)={'team0\x00'}) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r2, 0x800448d3, 0x0) ioctl$VHOST_RESET_OWNER(r2, 0xaf02, 0x0) close(r0) 23:50:28 executing program 2: mlockall(0x1) mbind(&(0x7f0000860000/0x1000)=nil, 0x1000, 0x1, 0x0, 0x0, 0x5) 23:50:28 executing program 5: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) lseek(r0, 0x0, 0x3) 23:50:28 executing program 4: ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc1205531, &(0x7f0000000080)) 23:50:28 executing program 5: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, &(0x7f0000000180), 0x40000008, &(0x7f00000001c0)) 23:50:28 executing program 4: ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc1205531, &(0x7f0000000080)) 23:50:28 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x80005, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x7, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, 0x0, &(0x7f0000000300)=0x3a6) close(r0) 23:50:28 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000140)='reiserfs\x00', &(0x7f0000000180)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 23:50:28 executing program 4: ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r0 = syz_open_dev$sndctrl(0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc1205531, &(0x7f0000000080)) 23:50:28 executing program 5: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x2, 0x0) dup2(r0, r1) 23:50:28 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$gfs2(&(0x7f0000000380)='gfs2\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 193.202804][ T8058] REISERFS warning (device loop3): sh-2021 reiserfs_fill_super: can not find reiserfs on loop3 23:50:28 executing program 4: ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r0 = syz_open_dev$sndctrl(0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc1205531, &(0x7f0000000080)) 23:50:28 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x80005, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x7, &(0x7f0000013e95), 0x4) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, 0x0, &(0x7f0000000300)=0x3a6) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) close(r0) [ 193.494213][ T8076] REISERFS warning (device loop3): reiserfs_fill_super: Cannot allocate commit workqueue [ 193.541731][ T8075] gfs2: not a GFS2 filesystem 23:50:29 executing program 4: ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r0 = syz_open_dev$sndctrl(0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc1205531, &(0x7f0000000080)) 23:50:29 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) r1 = dup(r0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, 0x0) recvfrom$unix(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 23:50:29 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x80005, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x7, &(0x7f0000013e95), 0x4) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, 0x0, &(0x7f0000000300)=0x3a6) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) close(r0) 23:50:29 executing program 3: open(&(0x7f0000000000)='./bus\x00', 0x1141042, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = inotify_init() inotify_add_watch(r1, &(0x7f0000000240)='.\x00', 0x80000002) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141002, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ftruncate(r2, 0x0) 23:50:29 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$gfs2(&(0x7f0000000380)='gfs2\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 23:50:29 executing program 2: socket$nl_generic(0x10, 0x3, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x8000009) open(&(0x7f0000000100)='./bus\x00', 0x222402, 0x100) socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000680)) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgrp(0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000840)={0xffffffffffffffff}) capget(&(0x7f00000001c0)={0x20080522}, 0x0) r2 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) fcntl$setflags(0xffffffffffffffff, 0x2, 0x2) r3 = dup(r2) fsync(0xffffffffffffffff) syncfs(r0) ioctl$ASHMEM_SET_PROT_MASK(0xffffffffffffffff, 0x40087705, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) signalfd(r1, 0x0, 0x0) io_setup(0x0, 0x0) io_cancel(0x0, 0x0, 0x0) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r2, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback, 0x3}, 0x1c) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) ftruncate(0xffffffffffffffff, 0x2007fff) sendfile(r3, 0xffffffffffffffff, 0x0, 0x8000fffffffe) 23:50:29 executing program 4: ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(0xffffffffffffffff, 0xc1205531, &(0x7f0000000080)) 23:50:29 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/tcp\x00') sendfile(r0, r1, &(0x7f0000000000)=0x100000, 0x10000) [ 193.821267][ T8108] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 193.909468][ T8111] gfs2: not a GFS2 filesystem 23:50:29 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) r1 = dup(r0) write$FUSE_ATTR(r1, &(0x7f0000000200)={0x328}, 0x78) ioctl$SG_IO(r1, 0x2286, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, @scatter={0x0, 0x2, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 23:50:29 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x80005, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x7, &(0x7f0000013e95), 0x4) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, 0x0, &(0x7f0000000300)=0x3a6) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) close(r0) 23:50:29 executing program 4: ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(0xffffffffffffffff, 0xc1205531, &(0x7f0000000080)) [ 194.033979][ T8124] check_preemption_disabled: 734 callbacks suppressed [ 194.034059][ T8124] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/8124 [ 194.052189][ T8124] caller is ip6_finish_output+0x335/0xdc0 [ 194.059100][ T8124] CPU: 0 PID: 8124 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 194.068438][ T8124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.079752][ T8124] Call Trace: [ 194.083283][ T8124] dump_stack+0x172/0x1f0 [ 194.087793][ T8124] __this_cpu_preempt_check+0x246/0x270 [ 194.093506][ T8124] ip6_finish_output+0x335/0xdc0 [ 194.098699][ T8124] ip6_output+0x235/0x7f0 [ 194.103106][ T8124] ? ip6_finish_output+0xdc0/0xdc0 [ 194.108223][ T8124] ? ip6_fragment+0x3980/0x3980 [ 194.113239][ T8124] ip6_xmit+0xe41/0x20c0 [ 194.117752][ T8124] ? ip6_finish_output2+0x2550/0x2550 [ 194.123291][ T8124] ? mark_held_locks+0xf0/0xf0 [ 194.128048][ T8124] ? ip6_setup_cork+0x1870/0x1870 [ 194.133330][ T8124] inet6_csk_xmit+0x2fb/0x5d0 [ 194.138379][ T8124] ? inet6_csk_update_pmtu+0x190/0x190 [ 194.144297][ T8124] ? csum_ipv6_magic+0x20/0x80 [ 194.149055][ T8124] __tcp_transmit_skb+0x1a32/0x3750 [ 194.154261][ T8124] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.159710][ T8124] ? __tcp_select_window+0x8b0/0x8b0 [ 194.165085][ T8124] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.171433][ T8124] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 194.176903][ T8124] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 194.183227][ T8124] tcp_connect+0x1e47/0x4280 [ 194.187818][ T8124] ? tcp_push_one+0x110/0x110 [ 194.192741][ T8124] ? secure_tcpv6_ts_off+0x24f/0x360 [ 194.198098][ T8124] ? secure_dccpv6_sequence_number+0x280/0x280 [ 194.204826][ T8124] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.211063][ T8124] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.217299][ T8124] ? prandom_u32_state+0x13/0x180 [ 194.222402][ T8124] tcp_v6_connect+0x150b/0x20a0 [ 194.227586][ T8124] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 194.233037][ T8124] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 194.238413][ T8124] ? __switch_to_asm+0x34/0x70 [ 194.243247][ T8124] ? __switch_to_asm+0x40/0x70 [ 194.248361][ T8124] ? find_held_lock+0x35/0x130 [ 194.253188][ T8124] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 194.258920][ T8124] __inet_stream_connect+0x83f/0xea0 [ 194.264367][ T8124] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 194.269811][ T8124] ? __inet_stream_connect+0x83f/0xea0 [ 194.275542][ T8124] ? inet_dgram_connect+0x2e0/0x2e0 [ 194.280908][ T8124] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 194.286350][ T8124] ? rcu_read_lock_sched_held+0x110/0x130 [ 194.292075][ T8124] ? kmem_cache_alloc_trace+0x354/0x760 [ 194.297617][ T8124] tcp_sendmsg_locked+0x231f/0x37f0 [ 194.302809][ T8124] ? mark_held_locks+0xf0/0xf0 [ 194.307559][ T8124] ? mark_held_locks+0xa4/0xf0 [ 194.312329][ T8124] ? tcp_sendpage+0x60/0x60 [ 194.317220][ T8124] ? lock_sock_nested+0x9a/0x120 [ 194.322141][ T8124] ? trace_hardirqs_on+0x67/0x230 [ 194.327156][ T8124] ? lock_sock_nested+0x9a/0x120 [ 194.332273][ T8124] ? __local_bh_enable_ip+0x15a/0x270 [ 194.338274][ T8124] tcp_sendmsg+0x30/0x50 [ 194.342772][ T8124] inet_sendmsg+0x147/0x5e0 [ 194.347272][ T8124] ? ipip_gro_receive+0x100/0x100 [ 194.352567][ T8124] sock_sendmsg+0xdd/0x130 [ 194.357327][ T8124] __sys_sendto+0x262/0x380 [ 194.362136][ T8124] ? __ia32_sys_getpeername+0xb0/0xb0 [ 194.367681][ T8124] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.373924][ T8124] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.379369][ T8124] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.384915][ T8124] ? do_syscall_64+0x26/0x610 [ 194.389590][ T8124] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.395731][ T8124] __x64_sys_sendto+0xe1/0x1a0 [ 194.400753][ T8124] do_syscall_64+0x103/0x610 [ 194.405595][ T8124] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.412006][ T8124] RIP: 0033:0x4582b9 [ 194.416067][ T8124] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 194.436528][ T8124] RSP: 002b:00007fc94865ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 194.445028][ T8124] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 194.453714][ T8124] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 194.462194][ T8124] RBP: 000000000073c040 R08: 00000000208d4fe4 R09: 000000000000001c [ 194.470701][ T8124] R10: 0000000020000008 R11: 0000000000000246 R12: 00007fc94865b6d4 [ 194.479159][ T8124] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff 23:50:30 executing program 1: syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) openat$vhci(0xffffffffffffff9c, &(0x7f0000000400)='/dev/vhci\x00', 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/rtc0\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x3}, 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) 23:50:30 executing program 5: 23:50:30 executing program 4: ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(0xffffffffffffffff, 0xc1205531, &(0x7f0000000080)) 23:50:30 executing program 2: socket$nl_generic(0x10, 0x3, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x8000009) open(&(0x7f0000000100)='./bus\x00', 0x222402, 0x100) socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000680)) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgrp(0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000840)={0xffffffffffffffff}) capget(&(0x7f00000001c0)={0x20080522}, 0x0) r2 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) fcntl$setflags(0xffffffffffffffff, 0x2, 0x2) r3 = dup(r2) fsync(0xffffffffffffffff) syncfs(r0) ioctl$ASHMEM_SET_PROT_MASK(0xffffffffffffffff, 0x40087705, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) signalfd(r1, 0x0, 0x0) io_setup(0x0, 0x0) io_cancel(0x0, 0x0, 0x0) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r2, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback, 0x3}, 0x1c) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) ftruncate(0xffffffffffffffff, 0x2007fff) sendfile(r3, 0xffffffffffffffff, 0x0, 0x8000fffffffe) 23:50:30 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x80005, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, 0x0, &(0x7f0000000300)=0x3a6) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r0) 23:50:30 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/tcp\x00') sendfile(r0, r1, &(0x7f0000000000)=0x100000, 0x10000) [ 194.767796][ T8157] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/8157 [ 194.777492][ T8157] caller is ip6_finish_output+0x335/0xdc0 [ 194.783509][ T8157] CPU: 1 PID: 8157 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 194.793104][ T8157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.803603][ T8157] Call Trace: [ 194.807189][ T8157] dump_stack+0x172/0x1f0 [ 194.811639][ T8157] __this_cpu_preempt_check+0x246/0x270 [ 194.817646][ T8157] ip6_finish_output+0x335/0xdc0 [ 194.822678][ T8157] ip6_output+0x235/0x7f0 [ 194.827142][ T8157] ? ip6_finish_output+0xdc0/0xdc0 [ 194.832363][ T8157] ? ip6_fragment+0x3980/0x3980 [ 194.837317][ T8157] ip6_xmit+0xe41/0x20c0 [ 194.841778][ T8157] ? ip6_finish_output2+0x2550/0x2550 [ 194.847338][ T8157] ? mark_held_locks+0xf0/0xf0 [ 194.852495][ T8157] ? perf_trace_lock+0x510/0x510 [ 194.857606][ T8157] ? ip6_setup_cork+0x1870/0x1870 [ 194.863422][ T8157] inet6_csk_xmit+0x2fb/0x5d0 [ 194.868440][ T8157] ? inet6_csk_update_pmtu+0x190/0x190 [ 194.874206][ T8157] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.880455][ T8157] ? csum_ipv6_magic+0x20/0x80 [ 194.885499][ T8157] __tcp_transmit_skb+0x1a32/0x3750 [ 194.890702][ T8157] ? __tcp_select_window+0x8b0/0x8b0 [ 194.896155][ T8157] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.902384][ T8157] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 194.907831][ T8157] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 194.914675][ T8157] tcp_connect+0x1e47/0x4280 [ 194.919381][ T8157] ? tcp_push_one+0x110/0x110 [ 194.924324][ T8157] ? secure_tcpv6_ts_off+0x24f/0x360 [ 194.930066][ T8157] ? secure_dccpv6_sequence_number+0x280/0x280 [ 194.936575][ T8157] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.943301][ T8157] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.949988][ T8157] ? prandom_u32_state+0x13/0x180 [ 194.955278][ T8157] tcp_v6_connect+0x150b/0x20a0 [ 194.960506][ T8157] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 194.965977][ T8157] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 194.971520][ T8157] ? __switch_to_asm+0x34/0x70 [ 194.976732][ T8157] ? __switch_to_asm+0x40/0x70 [ 194.981869][ T8157] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.988510][ T8157] ? debug_smp_processor_id+0x3c/0x280 [ 194.994250][ T8157] ? find_held_lock+0x35/0x130 [ 194.999361][ T8157] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 195.005549][ T8157] __inet_stream_connect+0x83f/0xea0 [ 195.011137][ T8157] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 195.016786][ T8157] ? __inet_stream_connect+0x83f/0xea0 [ 195.022546][ T8157] ? inet_dgram_connect+0x2e0/0x2e0 [ 195.027828][ T8157] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 195.033205][ T8157] ? rcu_read_lock_sched_held+0x110/0x130 [ 195.039098][ T8157] ? kmem_cache_alloc_trace+0x354/0x760 [ 195.044737][ T8157] ? __lock_acquire+0x548/0x3fb0 [ 195.049922][ T8157] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.056462][ T8157] ? debug_smp_processor_id+0x3c/0x280 [ 195.062227][ T8157] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.068647][ T8157] tcp_sendmsg_locked+0x231f/0x37f0 [ 195.074009][ T8157] ? mark_held_locks+0xf0/0xf0 [ 195.078858][ T8157] ? mark_held_locks+0xa4/0xf0 [ 195.084281][ T8157] ? tcp_sendpage+0x60/0x60 [ 195.090079][ T8157] ? lock_sock_nested+0x9a/0x120 [ 195.095433][ T8157] ? trace_hardirqs_on+0x67/0x230 [ 195.100901][ T8157] ? lock_sock_nested+0x9a/0x120 [ 195.106019][ T8157] ? __local_bh_enable_ip+0x15a/0x270 [ 195.111401][ T8157] tcp_sendmsg+0x30/0x50 [ 195.115654][ T8157] inet_sendmsg+0x147/0x5e0 [ 195.120825][ T8157] ? ipip_gro_receive+0x100/0x100 [ 195.125967][ T8157] sock_sendmsg+0xdd/0x130 [ 195.130376][ T8157] __sys_sendto+0x262/0x380 [ 195.134884][ T8157] ? __ia32_sys_getpeername+0xb0/0xb0 [ 195.140709][ T8157] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 195.147307][ T8157] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 195.153112][ T8157] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 195.158735][ T8157] ? do_syscall_64+0x26/0x610 [ 195.163841][ T8157] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 195.170447][ T8157] __x64_sys_sendto+0xe1/0x1a0 [ 195.175206][ T8157] do_syscall_64+0x103/0x610 [ 195.179972][ T8157] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 195.185954][ T8157] RIP: 0033:0x4582b9 [ 195.189928][ T8157] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 195.210123][ T8157] RSP: 002b:00007fc94867bc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c 23:50:30 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet6_MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0x68, 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xa, &(0x7f0000000040), &(0x7f0000000080)=0x227) 23:50:30 executing program 1: r0 = socket$inet6(0x10, 0x3, 0x0) ioctl$KDGKBENT(0xffffffffffffffff, 0x4b46, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) accept4$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$ARPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x61, 0x0, 0x0) close(0xffffffffffffffff) write$nbd(0xffffffffffffffff, 0x0, 0x1c4) socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg(r0, &(0x7f00000008c0)={&(0x7f0000000100)=@nl=@proc={0x10, 0x0, 0x0, 0x10100000}, 0x80, 0x0}, 0x0) [ 195.218971][ T8157] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 195.227280][ T8157] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 195.235644][ T8157] RBP: 000000000073bfa0 R08: 00000000208d4fe4 R09: 000000000000001c [ 195.244922][ T8157] R10: 0000000020000008 R11: 0000000000000246 R12: 00007fc94867c6d4 [ 195.253149][ T8157] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff 23:50:31 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x80005, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, 0x0, &(0x7f0000000300)=0x3a6) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r0) 23:50:31 executing program 1: gettid() ptrace$setregset(0x4205, 0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) fcntl$lock(0xffffffffffffffff, 0x0, 0x0) getpeername(r0, &(0x7f0000000140)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff}}, &(0x7f00000001c0)=0x80) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) getgid() sched_setscheduler(0x0, 0x0, 0x0) r2 = dup(r1) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) getpriority(0x0, 0x0) sched_rr_get_interval(0x0, 0x0) write$cgroup_subtree(r2, 0x0, 0x0) 23:50:31 executing program 4: ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc1205531, 0x0) 23:50:31 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x80005, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, 0x0, &(0x7f0000000300)=0x3a6) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r0) 23:50:31 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) r1 = dup(r0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, 0x0) recvfrom$unix(r1, 0x0, 0x0, 0x40, 0x0, 0x0) 23:50:31 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x7, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, 0x0, &(0x7f0000000300)=0x3a6) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) close(r0) [ 195.559540][ T8157] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/8157 [ 195.569536][ T8157] caller is ip6_finish_output+0x335/0xdc0 [ 195.575448][ T8157] CPU: 1 PID: 8157 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 195.584646][ T8157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 195.594706][ T8157] Call Trace: [ 195.598128][ T8157] dump_stack+0x172/0x1f0 [ 195.602584][ T8157] __this_cpu_preempt_check+0x246/0x270 [ 195.608233][ T8157] ip6_finish_output+0x335/0xdc0 [ 195.613253][ T8157] ip6_output+0x235/0x7f0 [ 195.617759][ T8157] ? ip6_finish_output+0xdc0/0xdc0 [ 195.622979][ T8157] ? ip6_fragment+0x3980/0x3980 [ 195.627870][ T8157] ip6_xmit+0xe41/0x20c0 [ 195.632443][ T8157] ? ip6_finish_output2+0x2550/0x2550 [ 195.638095][ T8157] ? mark_held_locks+0xf0/0xf0 [ 195.642983][ T8157] ? ip6_setup_cork+0x1870/0x1870 [ 195.648044][ T8157] inet6_csk_xmit+0x2fb/0x5d0 [ 195.652743][ T8157] ? inet6_csk_update_pmtu+0x190/0x190 23:50:31 executing program 1: gettid() ptrace$setregset(0x4205, 0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) fcntl$lock(0xffffffffffffffff, 0x0, 0x0) getpeername(r0, &(0x7f0000000140)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff}}, &(0x7f00000001c0)=0x80) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) getgid() sched_setscheduler(0x0, 0x0, 0x0) r2 = dup(r1) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) getpriority(0x0, 0x0) sched_rr_get_interval(0x0, 0x0) write$cgroup_subtree(r2, 0x0, 0x0) [ 195.652771][ T8157] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.652792][ T8157] ? csum_ipv6_magic+0x20/0x80 [ 195.652813][ T8157] __tcp_transmit_skb+0x1a32/0x3750 [ 195.669813][ T8157] ? memcpy+0x46/0x50 [ 195.669840][ T8157] ? __tcp_select_window+0x8b0/0x8b0 [ 195.669861][ T8157] ? tcp_rbtree_insert+0x188/0x200 [ 195.690158][ T8157] tcp_send_synack+0x4b0/0x15b0 [ 195.695188][ T8157] ? tcp_send_active_reset+0x8e0/0x8e0 [ 195.700671][ T8157] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.706926][ T8157] ? tcp_sync_mss+0x2ee/0xa30 [ 195.711727][ T8157] tcp_rcv_state_process+0x225d/0x4d93 [ 195.717639][ T8157] ? tcp_finish_connect+0x510/0x510 [ 195.722871][ T8157] ? prandom_u32_state+0x13/0x180 [ 195.728288][ T8157] ? __release_sock+0xca/0x3a0 [ 195.733196][ T8157] ? find_held_lock+0x35/0x130 [ 195.738290][ T8157] ? mark_held_locks+0xa4/0xf0 [ 195.743162][ T8157] ? __local_bh_enable_ip+0x15a/0x270 [ 195.748789][ T8157] ? _raw_spin_unlock_bh+0x31/0x40 [ 195.754105][ T8157] ? __local_bh_enable_ip+0x15a/0x270 [ 195.754128][ T8157] tcp_v6_do_rcv+0x7da/0x12c0 [ 195.754139][ T8157] ? tcp_v6_do_rcv+0x7da/0x12c0 [ 195.754159][ T8157] __release_sock+0x12e/0x3a0 [ 195.754179][ T8157] release_sock+0x59/0x1c0 [ 195.754197][ T8157] __inet_stream_connect+0x59f/0xea0 [ 195.754218][ T8157] ? inet_dgram_connect+0x2e0/0x2e0 [ 195.764324][ T8157] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 195.764338][ T8157] ? do_wait_intr_irq+0x2b0/0x2b0 [ 195.764352][ T8157] ? __lock_acquire+0x548/0x3fb0 [ 195.764366][ T8157] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.764381][ T8157] ? debug_smp_processor_id+0x3c/0x280 [ 195.764394][ T8157] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.764414][ T8157] tcp_sendmsg_locked+0x231f/0x37f0 [ 195.764429][ T8157] ? mark_held_locks+0xf0/0xf0 [ 195.764447][ T8157] ? mark_held_locks+0xa4/0xf0 [ 195.838506][ T8157] ? tcp_sendpage+0x60/0x60 [ 195.843172][ T8157] ? lock_sock_nested+0x9a/0x120 [ 195.848188][ T8157] ? trace_hardirqs_on+0x67/0x230 [ 195.853326][ T8157] ? lock_sock_nested+0x9a/0x120 [ 195.858385][ T8157] ? __local_bh_enable_ip+0x15a/0x270 [ 195.864160][ T8157] tcp_sendmsg+0x30/0x50 [ 195.868816][ T8157] inet_sendmsg+0x147/0x5e0 [ 195.873393][ T8157] ? ipip_gro_receive+0x100/0x100 [ 195.878437][ T8157] sock_sendmsg+0xdd/0x130 [ 195.883388][ T8157] __sys_sendto+0x262/0x380 [ 195.888070][ T8157] ? __ia32_sys_getpeername+0xb0/0xb0 [ 195.893568][ T8157] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 195.899827][ T8157] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 195.905639][ T8157] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 195.911108][ T8157] ? do_syscall_64+0x26/0x610 [ 195.915913][ T8157] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 195.922206][ T8157] __x64_sys_sendto+0xe1/0x1a0 [ 195.927150][ T8157] do_syscall_64+0x103/0x610 [ 195.931829][ T8157] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 195.937925][ T8157] RIP: 0033:0x4582b9 [ 195.942013][ T8157] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 195.963732][ T8157] RSP: 002b:00007fc94867bc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 195.972509][ T8157] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 195.980482][ T8157] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 195.989020][ T8157] RBP: 000000000073bfa0 R08: 00000000208d4fe4 R09: 000000000000001c [ 195.997506][ T8157] R10: 0000000020000008 R11: 0000000000000246 R12: 00007fc94867c6d4 [ 196.006055][ T8157] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 196.016748][ T8157] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/8157 [ 196.026533][ T8157] caller is ip6_finish_output+0x335/0xdc0 [ 196.032434][ T8157] CPU: 0 PID: 8157 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 196.042139][ T8157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 196.052657][ T8157] Call Trace: [ 196.056138][ T8157] dump_stack+0x172/0x1f0 [ 196.060780][ T8157] __this_cpu_preempt_check+0x246/0x270 [ 196.066325][ T8157] ip6_finish_output+0x335/0xdc0 [ 196.071269][ T8157] ip6_output+0x235/0x7f0 [ 196.075618][ T8157] ? ip6_finish_output+0xdc0/0xdc0 [ 196.081415][ T8157] ? ip6_fragment+0x3980/0x3980 [ 196.087128][ T8157] ip6_xmit+0xe41/0x20c0 [ 196.092047][ T8157] ? ip6_finish_output2+0x2550/0x2550 [ 196.097412][ T8157] ? mark_held_locks+0xf0/0xf0 [ 196.102186][ T8157] ? ip6_setup_cork+0x1870/0x1870 [ 196.107887][ T8157] inet6_csk_xmit+0x2fb/0x5d0 [ 196.112647][ T8157] ? inet6_csk_update_pmtu+0x190/0x190 [ 196.118563][ T8157] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 196.125080][ T8157] ? csum_ipv6_magic+0x20/0x80 [ 196.130564][ T8157] __tcp_transmit_skb+0x1a32/0x3750 [ 196.136174][ T8157] ? __tcp_select_window+0x8b0/0x8b0 [ 196.141551][ T8157] ? tcp_mstamp_refresh+0x16/0xa0 [ 196.146848][ T8157] __tcp_send_ack.part.0+0x3c6/0x5b0 [ 196.152172][ T8157] tcp_send_ack+0x88/0xa0 [ 196.156492][ T8157] tcp_send_challenge_ack.isra.0+0x250/0x300 [ 196.162633][ T8157] tcp_validate_incoming+0x55e/0x1660 [ 196.167999][ T8157] tcp_rcv_state_process+0xb6b/0x4d93 [ 196.173461][ T8157] ? tcp_finish_connect+0x510/0x510 [ 196.178845][ T8157] ? __release_sock+0xca/0x3a0 [ 196.183680][ T8157] ? find_held_lock+0x35/0x130 [ 196.188817][ T8157] ? mark_held_locks+0xa4/0xf0 [ 196.193665][ T8157] ? __local_bh_enable_ip+0x15a/0x270 [ 196.199020][ T8157] ? _raw_spin_unlock_bh+0x31/0x40 [ 196.204568][ T8157] ? __local_bh_enable_ip+0x15a/0x270 [ 196.209941][ T8157] tcp_v6_do_rcv+0x7da/0x12c0 [ 196.214886][ T8157] ? tcp_v6_do_rcv+0x7da/0x12c0 [ 196.219723][ T8157] __release_sock+0x12e/0x3a0 [ 196.224389][ T8157] release_sock+0x59/0x1c0 [ 196.228801][ T8157] __inet_stream_connect+0x59f/0xea0 [ 196.234335][ T8157] ? inet_dgram_connect+0x2e0/0x2e0 [ 196.240094][ T8157] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 196.245548][ T8157] ? do_wait_intr_irq+0x2b0/0x2b0 [ 196.250555][ T8157] ? __lock_acquire+0x548/0x3fb0 [ 196.255561][ T8157] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 196.262333][ T8157] ? debug_smp_processor_id+0x3c/0x280 [ 196.267954][ T8157] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 196.274408][ T8157] tcp_sendmsg_locked+0x231f/0x37f0 [ 196.279865][ T8157] ? mark_held_locks+0xf0/0xf0 [ 196.284885][ T8157] ? mark_held_locks+0xa4/0xf0 [ 196.289824][ T8157] ? tcp_sendpage+0x60/0x60 [ 196.294405][ T8157] ? lock_sock_nested+0x9a/0x120 [ 196.299460][ T8157] ? trace_hardirqs_on+0x67/0x230 [ 196.304665][ T8157] ? lock_sock_nested+0x9a/0x120 [ 196.309679][ T8157] ? __local_bh_enable_ip+0x15a/0x270 [ 196.315486][ T8157] tcp_sendmsg+0x30/0x50 [ 196.320016][ T8157] inet_sendmsg+0x147/0x5e0 [ 196.324763][ T8157] ? ipip_gro_receive+0x100/0x100 [ 196.329864][ T8157] sock_sendmsg+0xdd/0x130 [ 196.334566][ T8157] __sys_sendto+0x262/0x380 [ 196.339144][ T8157] ? __ia32_sys_getpeername+0xb0/0xb0 [ 196.344775][ T8157] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 196.351446][ T8157] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 196.356892][ T8157] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 196.362428][ T8157] ? do_syscall_64+0x26/0x610 [ 196.367359][ T8157] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.373415][ T8157] __x64_sys_sendto+0xe1/0x1a0 [ 196.378450][ T8157] do_syscall_64+0x103/0x610 [ 196.383562][ T8157] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.389542][ T8157] RIP: 0033:0x4582b9 [ 196.393708][ T8157] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 196.413739][ T8157] RSP: 002b:00007fc94867bc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 196.422421][ T8157] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 196.430750][ T8157] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 196.438973][ T8157] RBP: 000000000073bfa0 R08: 00000000208d4fe4 R09: 000000000000001c [ 196.447050][ T8157] R10: 0000000020000008 R11: 0000000000000246 R12: 00007fc94867c6d4 [ 196.455196][ T8157] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff 23:50:32 executing program 2: socket$nl_generic(0x10, 0x3, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x8000009) open(&(0x7f0000000100)='./bus\x00', 0x222402, 0x100) socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000680)) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgrp(0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000840)={0xffffffffffffffff}) capget(&(0x7f00000001c0)={0x20080522}, 0x0) r2 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) fcntl$setflags(0xffffffffffffffff, 0x2, 0x2) r3 = dup(r2) fsync(0xffffffffffffffff) syncfs(r0) ioctl$ASHMEM_SET_PROT_MASK(0xffffffffffffffff, 0x40087705, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) signalfd(r1, 0x0, 0x0) io_setup(0x0, 0x0) io_cancel(0x0, 0x0, 0x0) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r2, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback, 0x3}, 0x1c) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) ftruncate(0xffffffffffffffff, 0x2007fff) sendfile(r3, 0xffffffffffffffff, 0x0, 0x8000fffffffe) 23:50:32 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x7, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, 0x0, &(0x7f0000000300)=0x3a6) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) close(r0) 23:50:32 executing program 5: r0 = socket$inet6(0x10, 0x1000000000003, 0x0) ioctl$KDGKBENT(0xffffffffffffffff, 0x4b46, 0x0) close(r0) write$nbd(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000000)={0x6, 0x1, 0xffffffffffffff18, 0x5, 0xe2}, 0xc) 23:50:32 executing program 4: ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc1205531, 0x0) 23:50:32 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_trie\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) 23:50:32 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/tcp\x00') sendfile(r0, r1, &(0x7f0000000000)=0x100000, 0x10000) 23:50:32 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(r0) write$FUSE_ATTR(r2, &(0x7f0000000200)={0x328}, 0x78) 23:50:32 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x7, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, 0x0, &(0x7f0000000300)=0x3a6) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) close(r0) 23:50:32 executing program 4: ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc1205531, 0x0) 23:50:32 executing program 1: r0 = socket$inet(0x2, 0x80001, 0x84) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f00000027c0)=0x4, 0x4) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000006000)=@in={0x2, 0x0, @loopback}, 0x80, 0x0}, 0x0) 23:50:32 executing program 2: socket$nl_generic(0x10, 0x3, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x8000009) open(&(0x7f0000000100)='./bus\x00', 0x222402, 0x100) socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000680)) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgrp(0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000840)={0xffffffffffffffff}) capget(&(0x7f00000001c0)={0x20080522}, 0x0) r2 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) fcntl$setflags(0xffffffffffffffff, 0x2, 0x2) r3 = dup(r2) fsync(0xffffffffffffffff) syncfs(r0) ioctl$ASHMEM_SET_PROT_MASK(0xffffffffffffffff, 0x40087705, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) signalfd(r1, 0x0, 0x0) io_setup(0x0, 0x0) io_cancel(0x0, 0x0, 0x0) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r2, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback, 0x3}, 0x1c) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) ftruncate(0xffffffffffffffff, 0x2007fff) sendfile(r3, 0xffffffffffffffff, 0x0, 0x8000fffffffe) 23:50:32 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/tcp\x00') sendfile(r0, r1, &(0x7f0000000000)=0x100000, 0x10000) 23:50:32 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xd) 23:50:32 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) r1 = socket$inet6_sctp(0xa, 0x80005, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x7, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, 0x0, &(0x7f0000000300)=0x3a6) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r0) 23:50:32 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) 23:50:32 executing program 1: r0 = socket(0x2, 0x1, 0x0) sendto$unix(r0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="00022e2f3547ec6d0bad6980008464f0ae690000000000000000400000b3fe4dd21df3ac231cabc820bfbdb5f273c245c2ab838826199583daa2d33b4843f22f553c2ef3c22864669ca8d8dfeb3c4718f204c336116fbaacc00614a0164e3f213c7e1a74257dd12aa5e93b4e384da5f281eae30004b682491544c9bf87347500000000"], 0x1) 23:50:32 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000280)={0x1000000077, 0x0, [0x4b564d03, 0x1]}) 23:50:32 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, 0xffffffffffffffff, &(0x7f0000000000)=0x100000, 0x10000) 23:50:32 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) r1 = socket$inet6_sctp(0xa, 0x80005, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x7, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, 0x0, &(0x7f0000000300)=0x3a6) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r0) 23:50:32 executing program 4: r0 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000100)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) keyctl$unlink(0x9, r0, 0xfffffffffffffffd) 23:50:32 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0xa, 0xe24, 0x0, @loopback}, 0x1c) [ 197.094385][ T8257] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/8257 [ 197.104063][ T8257] caller is ip6_finish_output+0x335/0xdc0 [ 197.110348][ T8257] CPU: 0 PID: 8257 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 197.119555][ T8257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.131460][ T8257] Call Trace: [ 197.135186][ T8257] dump_stack+0x172/0x1f0 [ 197.139552][ T8257] __this_cpu_preempt_check+0x246/0x270 [ 197.145215][ T8257] ip6_finish_output+0x335/0xdc0 [ 197.150499][ T8257] ip6_output+0x235/0x7f0 [ 197.154903][ T8257] ? ip6_finish_output+0xdc0/0xdc0 [ 197.160107][ T8257] ? ip6_fragment+0x3980/0x3980 [ 197.165028][ T8257] ? ip_reply_glue_bits+0xc0/0xc0 [ 197.170409][ T8257] ip6_local_out+0xc4/0x1b0 [ 197.175074][ T8257] ip6_send_skb+0xbb/0x350 [ 197.179671][ T8257] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 197.185563][ T8257] udpv6_sendmsg+0x21e3/0x28d0 [ 197.190396][ T8257] ? ip_reply_glue_bits+0xc0/0xc0 [ 197.195552][ T8257] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 197.201529][ T8257] ? mark_held_locks+0xf0/0xf0 [ 197.206298][ T8257] ? __lock_acquire+0x548/0x3fb0 [ 197.211325][ T8257] ? __local_bh_enable_ip+0x15a/0x270 [ 197.216694][ T8257] ? release_sock+0x158/0x1c0 [ 197.221401][ T8257] ? __local_bh_enable_ip+0x15a/0x270 [ 197.227124][ T8257] ? _raw_spin_unlock_bh+0x31/0x40 [ 197.232492][ T8257] inet_sendmsg+0x147/0x5e0 [ 197.237349][ T8257] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 197.243585][ T8257] ? inet_sendmsg+0x147/0x5e0 [ 197.248329][ T8257] ? ipip_gro_receive+0x100/0x100 [ 197.253349][ T8257] sock_sendmsg+0xdd/0x130 [ 197.257859][ T8257] __sys_sendto+0x262/0x380 [ 197.262752][ T8257] ? __ia32_sys_getpeername+0xb0/0xb0 [ 197.268294][ T8257] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.274973][ T8257] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.280592][ T8257] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.286121][ T8257] ? do_syscall_64+0x26/0x610 [ 197.291140][ T8257] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.297462][ T8257] __x64_sys_sendto+0xe1/0x1a0 [ 197.302395][ T8257] do_syscall_64+0x103/0x610 [ 197.307080][ T8257] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.313390][ T8257] RIP: 0033:0x4582b9 [ 197.317271][ T8257] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 23:50:33 executing program 5: r0 = socket$inet(0x2, 0x3ffffffffffffffe, 0x81) syncfs(r0) bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e20, @rand_addr=0x66b6}, 0x10) setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f0000000040), 0x4) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket(0xfffffffffffffff7, 0x80003, 0x1) r2 = open(&(0x7f0000000500)='./bus\x00', 0x141042, 0x0) close(r2) r3 = syz_open_dev$loop(&(0x7f0000000540)='/dev/loop#\x00', 0x5, 0x105082) r4 = memfd_create(&(0x7f0000000140)='\x00\x00\x00\x00\x8c\x00'/15, 0x0) pwritev(r4, &(0x7f0000000440)=[{&(0x7f0000000480)="a8", 0x1}], 0x1, 0x81003) ioctl$LOOP_CHANGE_FD(r3, 0x4c00, r4) r5 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r5, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) setsockopt$inet6_opts(r5, 0x29, 0x0, &(0x7f0000000680)=ANY=[], 0x0) sendmmsg(r5, &(0x7f00000092c0), 0x4ff, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000008c0)) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0xa) sendmsg$nl_generic(r6, 0x0, 0x800) ppoll(0x0, 0x0, 0x0, 0x0, 0x360) fcntl$setstatus(r2, 0x4, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write(r8, &(0x7f00000001c0), 0x526987c9) read(r7, &(0x7f0000000200)=""/250, 0x50c7e3e3) sendfile(r3, r4, 0x0, 0x80003) getpgid(0xffffffffffffffff) r9 = fcntl$getown(r1, 0x9) getpgrp(r9) ioctl$TIOCGPGRP(r8, 0x540f, &(0x7f00000001c0)) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000340)={0xffffffffffffffff, r8, 0x0, 0x9, &(0x7f0000000300)='em1@em1+\x00'}, 0x30) fcntl$getown(r1, 0x9) ioctl$sock_SIOCGPGRP(r7, 0x8904, &(0x7f00000004c0)=0x0) fcntl$getown(r2, 0x9) getpgrp(0x0) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000580)) getpgid(0x0) fcntl$getown(r0, 0x9) r11 = getpgid(r10) fcntl$lock(r8, 0x25, &(0x7f0000000080)={0x0, 0x7, 0x61, 0x81, r11}) 23:50:33 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) r1 = socket$inet6_sctp(0xa, 0x80005, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x7, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, 0x0, &(0x7f0000000300)=0x3a6) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r0) [ 197.337850][ T8257] RSP: 002b:00007f817699dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 197.346519][ T8257] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 197.355430][ T8257] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 197.363490][ T8257] RBP: 000000000073bf00 R08: 0000000020000140 R09: 000000000000001c [ 197.371905][ T8257] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f817699e6d4 [ 197.380293][ T8257] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 197.424504][ T8263] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/8263 [ 197.434056][ T8263] caller is ip6_finish_output+0x335/0xdc0 [ 197.440101][ T8263] CPU: 0 PID: 8263 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 197.449286][ T8263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.459528][ T8263] Call Trace: [ 197.462897][ T8263] dump_stack+0x172/0x1f0 [ 197.467313][ T8263] __this_cpu_preempt_check+0x246/0x270 [ 197.473264][ T8263] ip6_finish_output+0x335/0xdc0 [ 197.478291][ T8263] ip6_output+0x235/0x7f0 [ 197.489430][ T8263] ? ip6_finish_output+0xdc0/0xdc0 [ 197.494620][ T8263] ? ip6_fragment+0x3980/0x3980 [ 197.501552][ T8263] ? ip_reply_glue_bits+0xc0/0xc0 [ 197.506745][ T8263] ip6_local_out+0xc4/0x1b0 [ 197.511590][ T8263] ip6_send_skb+0xbb/0x350 [ 197.516001][ T8263] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 197.521533][ T8263] ? __sanitizer_cov_trace_cmp8+0x10/0x20 [ 197.527410][ T8263] udpv6_sendmsg+0x21e3/0x28d0 [ 197.532259][ T8263] ? find_held_lock+0x35/0x130 [ 197.537207][ T8263] ? ip_reply_glue_bits+0xc0/0xc0 [ 197.542331][ T8263] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 197.548651][ T8263] ? aa_profile_af_perm+0x320/0x320 [ 197.553931][ T8263] ? __might_fault+0x12b/0x1e0 [ 197.558691][ T8263] ? find_held_lock+0x35/0x130 [ 197.563533][ T8263] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.570023][ T8263] ? rw_copy_check_uvector+0x2a6/0x330 [ 197.575575][ T8263] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 197.581600][ T8263] inet_sendmsg+0x147/0x5e0 [ 197.586174][ T8263] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 197.592315][ T8263] ? inet_sendmsg+0x147/0x5e0 [ 197.597147][ T8263] ? ipip_gro_receive+0x100/0x100 [ 197.602255][ T8263] sock_sendmsg+0xdd/0x130 [ 197.606868][ T8263] ___sys_sendmsg+0x3e2/0x930 [ 197.611639][ T8263] ? copy_msghdr_from_user+0x430/0x430 [ 197.617258][ T8263] ? lock_downgrade+0x880/0x880 [ 197.622181][ T8263] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 197.628509][ T8263] ? kasan_check_read+0x11/0x20 [ 197.633618][ T8263] ? __fget+0x381/0x550 [ 197.638126][ T8263] ? ksys_dup3+0x3e0/0x3e0 [ 197.643352][ T8263] ? mutex_trylock+0x1e0/0x1e0 [ 197.648387][ T8263] ? __fget_light+0x1a9/0x230 [ 197.653487][ T8263] ? __fdget+0x1b/0x20 [ 197.657937][ T8263] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.664253][ T8263] ? sockfd_lookup_light+0xcb/0x180 [ 197.669693][ T8263] __sys_sendmmsg+0x1bf/0x4d0 [ 197.674536][ T8263] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 197.680061][ T8263] ? _copy_to_user+0xc9/0x120 [ 197.685079][ T8263] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.691492][ T8263] ? put_timespec64+0xda/0x140 [ 197.696531][ T8263] ? nsecs_to_jiffies+0x30/0x30 [ 197.701731][ T8263] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.707175][ T8263] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.712615][ T8263] ? do_syscall_64+0x26/0x610 [ 197.717457][ T8263] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.724201][ T8263] ? do_syscall_64+0x26/0x610 [ 197.729396][ T8263] __x64_sys_sendmmsg+0x9d/0x100 [ 197.734509][ T8263] do_syscall_64+0x103/0x610 [ 197.739274][ T8263] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.745154][ T8263] RIP: 0033:0x4582b9 [ 197.749032][ T8263] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00