[ 37.431741][ T25] audit: type=1800 audit(1554676605.761:27): pid=7646 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 37.455210][ T25] audit: type=1800 audit(1554676605.761:28): pid=7646 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 38.159092][ T25] audit: type=1800 audit(1554676606.551:29): pid=7646 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 38.179432][ T25] audit: type=1800 audit(1554676606.551:30): pid=7646 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.146' (ECDSA) to the list of known hosts. 2019/04/07 22:37:09 fuzzer started 2019/04/07 22:37:12 dialing manager at 10.128.0.26:34543 2019/04/07 22:37:12 syscalls: 2408 2019/04/07 22:37:12 code coverage: enabled 2019/04/07 22:37:12 comparison tracing: enabled 2019/04/07 22:37:12 extra coverage: extra coverage is not supported by the kernel 2019/04/07 22:37:12 setuid sandbox: enabled 2019/04/07 22:37:12 namespace sandbox: enabled 2019/04/07 22:37:12 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/07 22:37:12 fault injection: enabled 2019/04/07 22:37:12 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/07 22:37:12 net packet injection: enabled 2019/04/07 22:37:12 net device setup: enabled 22:39:28 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x18}}, 0x0, 0x1a, 0x0, 0x1}, 0x20) syzkaller login: [ 200.421373][ T7810] IPVS: ftp: loaded support on port[0] = 21 22:39:28 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4008ae89, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x94}) [ 200.570336][ T7810] chnl_net:caif_netlink_parms(): no params data found [ 200.660960][ T7810] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.686496][ T7810] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.694593][ T7810] device bridge_slave_0 entered promiscuous mode [ 200.703389][ T7810] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.710516][ T7810] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.718546][ T7810] device bridge_slave_1 entered promiscuous mode [ 200.739787][ T7810] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 200.755293][ T7813] IPVS: ftp: loaded support on port[0] = 21 22:39:29 executing program 2: mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x8031, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) mbind(&(0x7f0000557000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x0) get_mempolicy(0x0, 0x0, 0x0, &(0x7f000058b000/0x4000)=nil, 0x3) [ 200.763219][ T7810] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 200.818014][ T7810] team0: Port device team_slave_0 added [ 200.825407][ T7810] team0: Port device team_slave_1 added 22:39:29 executing program 3: syz_mount_image$nfs(&(0x7f0000000100)='nfs\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 200.978837][ T7810] device hsr_slave_0 entered promiscuous mode [ 201.017617][ T7810] device hsr_slave_1 entered promiscuous mode [ 201.144623][ T7810] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.151914][ T7810] bridge0: port 2(bridge_slave_1) entered forwarding state [ 201.159661][ T7810] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.166772][ T7810] bridge0: port 1(bridge_slave_0) entered forwarding state [ 201.189190][ T7815] IPVS: ftp: loaded support on port[0] = 21 [ 201.217433][ T7813] chnl_net:caif_netlink_parms(): no params data found [ 201.249347][ T7818] IPVS: ftp: loaded support on port[0] = 21 [ 201.284416][ T7810] 8021q: adding VLAN 0 to HW filter on device bond0 22:39:29 executing program 4: r0 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c) syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_PORTS(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40041000}, 0xc, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x4000000}, 0x40) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff) r1 = open(&(0x7f0000000080)='./file0\x00', 0x40002, 0x0) r2 = open$dir(&(0x7f0000000100)='./file0\x00', 0x4002, 0x0) write$FUSE_DIRENT(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="49ffffff00000000000000000000000063cbe75896047d5a5724abba53f1da2afebdf535a7e6e39f9e95ab643a735f585a0898ef4dcde4f84a6b40cb73b2bf090e063a43f1fdd63dff0d3a5ff7330fb2a77e90055355462e6c333c"], 0x5b) truncate(&(0x7f0000000240)='./file0\x00', 0x90002) sendfile(r1, r2, 0x0, 0x7fffffff) [ 201.352429][ T7813] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.360172][ T7813] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.373338][ T7813] device bridge_slave_0 entered promiscuous mode [ 201.382198][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 201.395640][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.404674][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 201.429897][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 201.460916][ T7813] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.486331][ T7813] bridge0: port 2(bridge_slave_1) entered disabled state [ 201.494361][ T7813] device bridge_slave_1 entered promiscuous mode [ 201.517789][ T7810] 8021q: adding VLAN 0 to HW filter on device team0 [ 201.565995][ T7822] IPVS: ftp: loaded support on port[0] = 21 [ 201.583386][ T7813] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 201.608631][ T7821] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 201.619960][ T7821] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 201.630420][ T7821] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.637560][ T7821] bridge0: port 1(bridge_slave_0) entered forwarding state [ 201.648471][ T7821] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 201.657230][ T7821] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready 22:39:30 executing program 5: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000040)=0x72, 0x4) bind$inet(r3, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r3, 0x0, 0x123, 0x200007fd, &(0x7f00000000c0)={0x2, 0x4e23, @local}, 0x40) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000)=0xda9, 0x4) writev(r3, &(0x7f0000000080)=[{&(0x7f0000000ec0)="61ce6ed94f41f48fddb17be75acd3fd8976f2f631226482bfc0c6321cc4cae47952fade164de0d115b601581953f9a337ea011906254b229aa6c3a8d246142c633fc0f54b0218c5becb9fd513c8914bdfad4668e36b8ffb24d6f7dc5e8119510898eca216a75ce4e6a295af4b6bc4dae50e31997f687b4bbc532210cef625534447e1a449d37a6163113a57c34f68e15230f660c161a41fa5330b0f852d2e337c373b2efe237dad926b57ba2421c33d21b5f8b412a", 0xb5}], 0x1) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0xe212, 0x0) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in6=@remote}}, &(0x7f0000000100)=0xe8) ioctl$sock_inet6_SIOCADDRT(r3, 0x890b, &(0x7f00000001c0)={@dev={0xfe, 0x80, [], 0xc}, @remote, @dev={0xfe, 0x80, [], 0x29}, 0x1, 0x7, 0x9, 0x500, 0x4477, 0x40000010, r4}) [ 201.665612][ T7821] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.672714][ T7821] bridge0: port 2(bridge_slave_1) entered forwarding state [ 201.690833][ T7813] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 201.773667][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 201.783253][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 201.791876][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 201.800551][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 201.808926][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 201.817710][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 201.825897][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 201.834377][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 201.842555][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 201.850902][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 201.861566][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 201.905344][ T7818] chnl_net:caif_netlink_parms(): no params data found [ 201.913341][ T7826] IPVS: ftp: loaded support on port[0] = 21 [ 201.926857][ T7810] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 201.954242][ T7813] team0: Port device team_slave_0 added [ 201.963696][ T7813] team0: Port device team_slave_1 added [ 202.018764][ T7813] device hsr_slave_0 entered promiscuous mode [ 202.056842][ T7813] device hsr_slave_1 entered promiscuous mode [ 202.096545][ T7815] chnl_net:caif_netlink_parms(): no params data found [ 202.188247][ T7815] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.195378][ T7815] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.203311][ T7815] device bridge_slave_0 entered promiscuous mode [ 202.213381][ T7815] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.220494][ T7815] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.228473][ T7815] device bridge_slave_1 entered promiscuous mode [ 202.247957][ T7818] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.255047][ T7818] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.262980][ T7818] device bridge_slave_0 entered promiscuous mode [ 202.272931][ T7810] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 202.311576][ T7818] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.321087][ T7818] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.329895][ T7818] device bridge_slave_1 entered promiscuous mode [ 202.339076][ T7815] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 202.397768][ T7815] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 202.450264][ T7822] chnl_net:caif_netlink_parms(): no params data found [ 202.463006][ T7818] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 202.484521][ T7815] team0: Port device team_slave_0 added [ 202.493229][ T7815] team0: Port device team_slave_1 added 22:39:30 executing program 0: setsockopt$inet_sctp6_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) gettid() mkdir(0x0, 0x0) mknodat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x0) renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x2) sendmmsg(r0, &(0x7f000000ac80), 0x66, 0x0) [ 202.505371][ T7818] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 202.633235][ T7836] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7836 [ 202.642828][ T7836] caller is ip6_finish_output+0x335/0xdc0 [ 202.648617][ T7836] CPU: 0 PID: 7836 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 202.648628][ T7836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 202.648635][ T7836] Call Trace: [ 202.648659][ T7836] dump_stack+0x172/0x1f0 [ 202.648685][ T7836] __this_cpu_preempt_check+0x246/0x270 [ 202.648706][ T7836] ip6_finish_output+0x335/0xdc0 [ 202.648730][ T7836] ip6_output+0x235/0x7f0 [ 202.667800][ T7836] ? ip6_finish_output+0xdc0/0xdc0 [ 202.667822][ T7836] ? ip6_fragment+0x3980/0x3980 [ 202.667838][ T7836] ? ip_reply_glue_bits+0xc0/0xc0 [ 202.667860][ T7836] ip6_local_out+0xc4/0x1b0 [ 202.675473][ T7836] ip6_send_skb+0xbb/0x350 [ 202.685925][ T7836] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 202.685942][ T7836] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 202.685964][ T7836] udpv6_sendmsg+0x21e3/0x28d0 [ 202.695374][ T7836] ? ip_reply_glue_bits+0xc0/0xc0 [ 202.695398][ T7836] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 202.695420][ T7836] ? aa_profile_af_perm+0x320/0x320 [ 202.705265][ T7836] ? __might_fault+0x12b/0x1e0 [ 202.705282][ T7836] ? find_held_lock+0x35/0x130 [ 202.705303][ T7836] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 202.714192][ T7836] ? rw_copy_check_uvector+0x2a6/0x330 [ 202.714239][ T7836] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 202.725371][ T7836] inet_sendmsg+0x147/0x5e0 [ 202.725388][ T7836] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 202.725406][ T7836] ? inet_sendmsg+0x147/0x5e0 [ 202.735163][ T7836] ? ipip_gro_receive+0x100/0x100 [ 202.735182][ T7836] sock_sendmsg+0xdd/0x130 [ 202.735203][ T7836] ___sys_sendmsg+0x3e2/0x930 [ 202.746356][ T7836] ? copy_msghdr_from_user+0x430/0x430 [ 202.746377][ T7836] ? lock_downgrade+0x880/0x880 [ 202.746392][ T7836] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.746419][ T7836] ? kasan_check_read+0x11/0x20 [ 202.756013][ T7836] ? __fget+0x381/0x550 [ 202.756035][ T7836] ? ksys_dup3+0x3e0/0x3e0 [ 202.756058][ T7836] ? __fget_light+0x1a9/0x230 [ 202.767733][ T7836] ? __fdget+0x1b/0x20 [ 202.767749][ T7836] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 202.767767][ T7836] ? sockfd_lookup_light+0xcb/0x180 [ 202.767783][ T7836] __sys_sendmmsg+0x1bf/0x4d0 [ 202.767802][ T7836] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 202.773727][ T7815] device hsr_slave_0 entered promiscuous mode [ 202.777835][ T7836] ? _copy_to_user+0xc9/0x120 [ 202.777855][ T7836] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 202.777869][ T7836] ? put_timespec64+0xda/0x140 [ 202.777889][ T7836] ? nsecs_to_jiffies+0x30/0x30 [ 202.888601][ T7836] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 202.894044][ T7836] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 202.899495][ T7836] ? do_syscall_64+0x26/0x610 [ 202.904160][ T7836] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.910220][ T7836] ? do_syscall_64+0x26/0x610 [ 202.914878][ T7836] __x64_sys_sendmmsg+0x9d/0x100 [ 202.919798][ T7836] do_syscall_64+0x103/0x610 [ 202.924373][ T7836] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.930267][ T7836] RIP: 0033:0x4582b9 [ 202.934147][ T7836] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 202.953750][ T7836] RSP: 002b:00007f7b231e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 202.962163][ T7836] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 202.970117][ T7836] RDX: 0000000000000066 RSI: 000000002000ac80 RDI: 0000000000000003 [ 202.978072][ T7836] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 202.986028][ T7836] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b231e56d4 [ 202.993999][ T7836] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 203.004031][ T7836] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7836 [ 203.013910][ T7836] caller is sk_mc_loop+0x1d/0x210 [ 203.019030][ T7836] CPU: 1 PID: 7836 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 203.019768][ T7815] device hsr_slave_1 entered promiscuous mode [ 203.028045][ T7836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 203.028052][ T7836] Call Trace: [ 203.028076][ T7836] dump_stack+0x172/0x1f0 [ 203.028099][ T7836] __this_cpu_preempt_check+0x246/0x270 [ 203.028116][ T7836] sk_mc_loop+0x1d/0x210 [ 203.028135][ T7836] ip6_finish_output2+0x17a5/0x2550 [ 203.028151][ T7836] ? find_held_lock+0x35/0x130 [ 203.028168][ T7836] ? ip6_mtu+0x2e6/0x460 [ 203.028189][ T7836] ? ip6_forward_finish+0x580/0x580 [ 203.028204][ T7836] ? lock_downgrade+0x880/0x880 [ 203.028224][ T7836] ? rcu_read_unlock_special+0xf3/0x210 [ 203.028248][ T7836] ip6_finish_output+0x614/0xdc0 [ 203.028265][ T7836] ? ip6_finish_output+0x614/0xdc0 [ 203.028287][ T7836] ip6_output+0x235/0x7f0 [ 203.028308][ T7836] ? ip6_finish_output+0xdc0/0xdc0 [ 203.028328][ T7836] ? ip6_fragment+0x3980/0x3980 [ 203.028345][ T7836] ? ip_reply_glue_bits+0xc0/0xc0 [ 203.028368][ T7836] ip6_local_out+0xc4/0x1b0 [ 203.125114][ T7836] ip6_send_skb+0xbb/0x350 [ 203.129518][ T7836] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 203.134959][ T7836] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 203.140666][ T7836] udpv6_sendmsg+0x21e3/0x28d0 [ 203.145415][ T7836] ? ip_reply_glue_bits+0xc0/0xc0 [ 203.150444][ T7836] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 203.156425][ T7836] ? aa_profile_af_perm+0x320/0x320 [ 203.161636][ T7836] ? __might_fault+0x12b/0x1e0 [ 203.166402][ T7836] ? find_held_lock+0x35/0x130 [ 203.171159][ T7836] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 203.177392][ T7836] ? rw_copy_check_uvector+0x2a6/0x330 [ 203.182866][ T7836] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 203.188399][ T7836] inet_sendmsg+0x147/0x5e0 [ 203.192884][ T7836] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 203.198847][ T7836] ? inet_sendmsg+0x147/0x5e0 [ 203.203515][ T7836] ? ipip_gro_receive+0x100/0x100 [ 203.208529][ T7836] sock_sendmsg+0xdd/0x130 [ 203.212947][ T7836] ___sys_sendmsg+0x3e2/0x930 [ 203.217622][ T7836] ? copy_msghdr_from_user+0x430/0x430 [ 203.223085][ T7836] ? lock_downgrade+0x880/0x880 [ 203.227919][ T7836] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 203.234147][ T7836] ? kasan_check_read+0x11/0x20 [ 203.239058][ T7836] ? __fget+0x381/0x550 [ 203.243209][ T7836] ? ksys_dup3+0x3e0/0x3e0 [ 203.247610][ T7836] ? __fget_light+0x1a9/0x230 [ 203.252273][ T7836] ? __fdget+0x1b/0x20 [ 203.256331][ T7836] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 203.262562][ T7836] ? sockfd_lookup_light+0xcb/0x180 [ 203.267740][ T7836] __sys_sendmmsg+0x1bf/0x4d0 [ 203.272398][ T7836] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 203.277428][ T7836] ? _copy_to_user+0xc9/0x120 [ 203.282101][ T7836] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 203.288324][ T7836] ? put_timespec64+0xda/0x140 [ 203.293080][ T7836] ? nsecs_to_jiffies+0x30/0x30 [ 203.297952][ T7836] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 203.303402][ T7836] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 203.308854][ T7836] ? do_syscall_64+0x26/0x610 [ 203.313519][ T7836] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 203.319574][ T7836] ? do_syscall_64+0x26/0x610 [ 203.324249][ T7836] __x64_sys_sendmmsg+0x9d/0x100 [ 203.329171][ T7836] do_syscall_64+0x103/0x610 [ 203.333752][ T7836] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 203.339637][ T7836] RIP: 0033:0x4582b9 [ 203.343538][ T7836] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 203.362154][ C0] hrtimer: interrupt took 35669 ns [ 203.363151][ T7836] RSP: 002b:00007f7b231e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 203.376651][ T7836] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 203.384616][ T7836] RDX: 0000000000000066 RSI: 000000002000ac80 RDI: 0000000000000003 [ 203.392582][ T7836] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 203.400555][ T7836] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b231e56d4 [ 203.408526][ T7836] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 203.417339][ T7836] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7836 [ 203.426804][ T7836] caller is ip6_finish_output+0x335/0xdc0 [ 203.432523][ T7836] CPU: 0 PID: 7836 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 203.441513][ T7836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 203.451545][ T7836] Call Trace: [ 203.454856][ T7836] dump_stack+0x172/0x1f0 [ 203.459174][ T7836] __this_cpu_preempt_check+0x246/0x270 [ 203.464703][ T7836] ip6_finish_output+0x335/0xdc0 [ 203.469624][ T7836] ip6_output+0x235/0x7f0 [ 203.473966][ T7836] ? ip6_finish_output+0xdc0/0xdc0 [ 203.479062][ T7836] ? ip6_fragment+0x3980/0x3980 [ 203.483893][ T7836] ? ip_reply_glue_bits+0xc0/0xc0 [ 203.488901][ T7836] ip6_local_out+0xc4/0x1b0 [ 203.493385][ T7836] ip6_send_skb+0xbb/0x350 [ 203.497786][ T7836] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 203.503222][ T7836] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 203.508923][ T7836] udpv6_sendmsg+0x21e3/0x28d0 [ 203.513665][ T7836] ? ip_reply_glue_bits+0xc0/0xc0 [ 203.518684][ T7836] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 203.524662][ T7836] ? aa_profile_af_perm+0x320/0x320 [ 203.529858][ T7836] ? __might_fault+0x12b/0x1e0 [ 203.534604][ T7836] ? find_held_lock+0x35/0x130 [ 203.539347][ T7836] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 203.545565][ T7836] ? rw_copy_check_uvector+0x2a6/0x330 [ 203.551020][ T7836] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 203.556554][ T7836] inet_sendmsg+0x147/0x5e0 [ 203.561043][ T7836] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 203.567025][ T7836] ? inet_sendmsg+0x147/0x5e0 [ 203.571684][ T7836] ? ipip_gro_receive+0x100/0x100 [ 203.576692][ T7836] sock_sendmsg+0xdd/0x130 [ 203.581092][ T7836] ___sys_sendmsg+0x3e2/0x930 [ 203.585751][ T7836] ? copy_msghdr_from_user+0x430/0x430 [ 203.591192][ T7836] ? __lock_acquire+0x548/0x3fb0 [ 203.596106][ T7836] ? lock_downgrade+0x880/0x880 [ 203.600950][ T7836] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 203.607196][ T7836] ? kasan_check_read+0x11/0x20 [ 203.612028][ T7836] ? __might_fault+0x12b/0x1e0 [ 203.616772][ T7836] ? find_held_lock+0x35/0x130 [ 203.621512][ T7836] ? __might_fault+0x12b/0x1e0 [ 203.626258][ T7836] ? lock_downgrade+0x880/0x880 [ 203.631108][ T7836] ? ___might_sleep+0x163/0x280 [ 203.635977][ T7836] __sys_sendmmsg+0x1bf/0x4d0 [ 203.640639][ T7836] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 203.645657][ T7836] ? _copy_to_user+0xc9/0x120 [ 203.650318][ T7836] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 203.656536][ T7836] ? put_timespec64+0xda/0x140 [ 203.661277][ T7836] ? nsecs_to_jiffies+0x30/0x30 [ 203.666113][ T7836] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 203.671568][ T7836] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 203.677006][ T7836] ? do_syscall_64+0x26/0x610 [ 203.681660][ T7836] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 203.687722][ T7836] ? do_syscall_64+0x26/0x610 [ 203.692390][ T7836] __x64_sys_sendmmsg+0x9d/0x100 [ 203.697337][ T7836] do_syscall_64+0x103/0x610 [ 203.701912][ T7836] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 203.707779][ T7836] RIP: 0033:0x4582b9 [ 203.711654][ T7836] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 203.731245][ T7836] RSP: 002b:00007f7b231e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 203.739653][ T7836] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 203.747602][ T7836] RDX: 0000000000000066 RSI: 000000002000ac80 RDI: 0000000000000003 [ 203.755549][ T7836] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 203.763505][ T7836] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b231e56d4 [ 203.771469][ T7836] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 203.781695][ T7836] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7836 [ 203.791063][ T7836] caller is sk_mc_loop+0x1d/0x210 [ 203.796088][ T7836] CPU: 0 PID: 7836 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 203.805111][ T7836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 203.815159][ T7836] Call Trace: [ 203.818437][ T7836] dump_stack+0x172/0x1f0 [ 203.822753][ T7836] __this_cpu_preempt_check+0x246/0x270 [ 203.828284][ T7836] sk_mc_loop+0x1d/0x210 [ 203.832511][ T7836] ip6_finish_output2+0x17a5/0x2550 [ 203.837688][ T7836] ? find_held_lock+0x35/0x130 [ 203.842444][ T7836] ? ip6_mtu+0x2e6/0x460 [ 203.846679][ T7836] ? ip6_forward_finish+0x580/0x580 [ 203.851858][ T7836] ? lock_downgrade+0x880/0x880 [ 203.856690][ T7836] ? rcu_read_unlock_special+0xf3/0x210 [ 203.862249][ T7836] ip6_finish_output+0x614/0xdc0 [ 203.867172][ T7836] ? ip6_finish_output+0x614/0xdc0 [ 203.872268][ T7836] ip6_output+0x235/0x7f0 [ 203.876580][ T7836] ? ip6_finish_output+0xdc0/0xdc0 [ 203.881702][ T7836] ? ip6_fragment+0x3980/0x3980 [ 203.886532][ T7836] ? ip_reply_glue_bits+0xc0/0xc0 [ 203.891540][ T7836] ip6_local_out+0xc4/0x1b0 [ 203.896024][ T7836] ip6_send_skb+0xbb/0x350 [ 203.900426][ T7836] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 203.905892][ T7836] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 203.911598][ T7836] udpv6_sendmsg+0x21e3/0x28d0 [ 203.916345][ T7836] ? ip_reply_glue_bits+0xc0/0xc0 [ 203.921366][ T7836] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 203.927369][ T7836] ? aa_profile_af_perm+0x320/0x320 [ 203.932589][ T7836] ? __might_fault+0x12b/0x1e0 [ 203.937340][ T7836] ? find_held_lock+0x35/0x130 [ 203.942169][ T7836] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 203.948399][ T7836] ? rw_copy_check_uvector+0x2a6/0x330 [ 203.953857][ T7836] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 203.959389][ T7836] inet_sendmsg+0x147/0x5e0 [ 203.963877][ T7836] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 203.969853][ T7836] ? inet_sendmsg+0x147/0x5e0 [ 203.974510][ T7836] ? ipip_gro_receive+0x100/0x100 [ 203.979517][ T7836] sock_sendmsg+0xdd/0x130 [ 203.983937][ T7836] ___sys_sendmsg+0x3e2/0x930 [ 203.988598][ T7836] ? copy_msghdr_from_user+0x430/0x430 [ 203.994038][ T7836] ? __lock_acquire+0x548/0x3fb0 [ 203.998952][ T7836] ? lock_downgrade+0x880/0x880 [ 204.003791][ T7836] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.010027][ T7836] ? kasan_check_read+0x11/0x20 [ 204.014871][ T7836] ? __might_fault+0x12b/0x1e0 [ 204.019641][ T7836] ? find_held_lock+0x35/0x130 [ 204.024389][ T7836] ? __might_fault+0x12b/0x1e0 [ 204.029142][ T7836] ? lock_downgrade+0x880/0x880 [ 204.033979][ T7836] ? ___might_sleep+0x163/0x280 [ 204.038811][ T7836] __sys_sendmmsg+0x1bf/0x4d0 [ 204.043476][ T7836] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 204.048486][ T7836] ? _copy_to_user+0xc9/0x120 [ 204.053150][ T7836] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 204.059377][ T7836] ? put_timespec64+0xda/0x140 [ 204.064142][ T7836] ? nsecs_to_jiffies+0x30/0x30 [ 204.068979][ T7836] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.074417][ T7836] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.079857][ T7836] ? do_syscall_64+0x26/0x610 [ 204.084516][ T7836] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.090565][ T7836] ? do_syscall_64+0x26/0x610 [ 204.095243][ T7836] __x64_sys_sendmmsg+0x9d/0x100 [ 204.100203][ T7836] do_syscall_64+0x103/0x610 [ 204.104781][ T7836] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.110675][ T7836] RIP: 0033:0x4582b9 [ 204.114572][ T7836] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 204.134921][ T7836] RSP: 002b:00007f7b231e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 204.143324][ T7836] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 204.151287][ T7836] RDX: 0000000000000066 RSI: 000000002000ac80 RDI: 0000000000000003 [ 204.159271][ T7836] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 204.167246][ T7836] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b231e56d4 [ 204.175211][ T7836] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 204.184562][ T7836] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7836 [ 204.193946][ T7836] caller is ip6_finish_output+0x335/0xdc0 [ 204.199862][ T7836] CPU: 0 PID: 7836 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 204.208899][ T7836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 204.218972][ T7836] Call Trace: [ 204.219000][ T7836] dump_stack+0x172/0x1f0 [ 204.219021][ T7836] __this_cpu_preempt_check+0x246/0x270 [ 204.219047][ T7836] ip6_finish_output+0x335/0xdc0 [ 204.226669][ T7836] ip6_output+0x235/0x7f0 [ 204.226688][ T7836] ? ip6_finish_output+0xdc0/0xdc0 [ 204.226708][ T7836] ? ip6_fragment+0x3980/0x3980 [ 204.226724][ T7836] ? ip_reply_glue_bits+0xc0/0xc0 [ 204.226746][ T7836] ip6_local_out+0xc4/0x1b0 [ 204.237224][ T7836] ip6_send_skb+0xbb/0x350 [ 204.237246][ T7836] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 204.237260][ T7836] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 204.237283][ T7836] udpv6_sendmsg+0x21e3/0x28d0 [ 204.237304][ T7836] ? ip_reply_glue_bits+0xc0/0xc0 [ 204.246817][ T7836] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 204.246840][ T7836] ? aa_profile_af_perm+0x320/0x320 [ 204.246863][ T7836] ? __might_fault+0x12b/0x1e0 [ 204.256717][ T7836] ? find_held_lock+0x35/0x130 [ 204.256735][ T7836] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 204.256753][ T7836] ? rw_copy_check_uvector+0x2a6/0x330 [ 204.256797][ T7836] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 204.265692][ T7836] inet_sendmsg+0x147/0x5e0 [ 204.265710][ T7836] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 204.265728][ T7836] ? inet_sendmsg+0x147/0x5e0 [ 204.276922][ T7836] ? ipip_gro_receive+0x100/0x100 [ 204.276942][ T7836] sock_sendmsg+0xdd/0x130 [ 204.276961][ T7836] ___sys_sendmsg+0x3e2/0x930 [ 204.276980][ T7836] ? copy_msghdr_from_user+0x430/0x430 [ 204.277001][ T7836] ? __lock_acquire+0x548/0x3fb0 [ 204.287581][ T7836] ? lock_downgrade+0x880/0x880 [ 204.287597][ T7836] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.287617][ T7836] ? kasan_check_read+0x11/0x20 [ 204.287636][ T7836] ? __might_fault+0x12b/0x1e0 [ 204.287650][ T7836] ? find_held_lock+0x35/0x130 [ 204.287669][ T7836] ? __might_fault+0x12b/0x1e0 [ 204.298833][ T7836] ? lock_downgrade+0x880/0x880 [ 204.298857][ T7836] ? ___might_sleep+0x163/0x280 [ 204.298877][ T7836] __sys_sendmmsg+0x1bf/0x4d0 [ 204.308491][ T7836] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 204.308522][ T7836] ? _copy_to_user+0xc9/0x120 [ 204.320214][ T7836] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 204.320229][ T7836] ? put_timespec64+0xda/0x140 [ 204.320242][ T7836] ? nsecs_to_jiffies+0x30/0x30 [ 204.320266][ T7836] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.320280][ T7836] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.320301][ T7836] ? do_syscall_64+0x26/0x610 [ 204.330350][ T7836] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.341074][ T7836] ? do_syscall_64+0x26/0x610 [ 204.341095][ T7836] __x64_sys_sendmmsg+0x9d/0x100 [ 204.341117][ T7836] do_syscall_64+0x103/0x610 [ 204.350580][ T7836] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.350593][ T7836] RIP: 0033:0x4582b9 [ 204.350613][ T7836] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 204.360839][ T7836] RSP: 002b:00007f7b231e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 204.360854][ T7836] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 204.360861][ T7836] RDX: 0000000000000066 RSI: 000000002000ac80 RDI: 0000000000000003 [ 204.360869][ T7836] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 204.360876][ T7836] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b231e56d4 [ 204.360884][ T7836] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 204.558973][ T7836] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7836 [ 204.569189][ T7836] caller is sk_mc_loop+0x1d/0x210 [ 204.574252][ T7836] CPU: 0 PID: 7836 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 204.583289][ T7836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 204.593737][ T7836] Call Trace: [ 204.597040][ T7836] dump_stack+0x172/0x1f0 [ 204.601384][ T7836] __this_cpu_preempt_check+0x246/0x270 [ 204.607173][ T7836] sk_mc_loop+0x1d/0x210 [ 204.611423][ T7836] ip6_finish_output2+0x17a5/0x2550 [ 204.616781][ T7836] ? find_held_lock+0x35/0x130 [ 204.621557][ T7836] ? ip6_mtu+0x2e6/0x460 [ 204.625811][ T7836] ? ip6_forward_finish+0x580/0x580 [ 204.631195][ T7836] ? lock_downgrade+0x880/0x880 [ 204.636197][ T7836] ? rcu_read_unlock_special+0xf3/0x210 [ 204.641763][ T7836] ip6_finish_output+0x614/0xdc0 [ 204.646691][ T7836] ? ip6_finish_output+0x614/0xdc0 [ 204.651797][ T7836] ip6_output+0x235/0x7f0 [ 204.656163][ T7836] ? ip6_finish_output+0xdc0/0xdc0 [ 204.661286][ T7836] ? ip6_fragment+0x3980/0x3980 [ 204.666138][ T7836] ? ip_reply_glue_bits+0xc0/0xc0 [ 204.671171][ T7836] ip6_local_out+0xc4/0x1b0 [ 204.675664][ T7836] ip6_send_skb+0xbb/0x350 [ 204.680064][ T7836] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 204.685504][ T7836] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 204.691221][ T7836] udpv6_sendmsg+0x21e3/0x28d0 [ 204.695980][ T7836] ? ip_reply_glue_bits+0xc0/0xc0 [ 204.700998][ T7836] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 204.707054][ T7836] ? aa_profile_af_perm+0x320/0x320 [ 204.712257][ T7836] ? __might_fault+0x12b/0x1e0 [ 204.717003][ T7836] ? find_held_lock+0x35/0x130 [ 204.721762][ T7836] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 204.727999][ T7836] ? rw_copy_check_uvector+0x2a6/0x330 [ 204.733457][ T7836] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 204.738989][ T7836] inet_sendmsg+0x147/0x5e0 [ 204.743486][ T7836] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 204.749447][ T7836] ? inet_sendmsg+0x147/0x5e0 [ 204.754107][ T7836] ? ipip_gro_receive+0x100/0x100 [ 204.759138][ T7836] sock_sendmsg+0xdd/0x130 [ 204.763552][ T7836] ___sys_sendmsg+0x3e2/0x930 [ 204.768213][ T7836] ? copy_msghdr_from_user+0x430/0x430 [ 204.773662][ T7836] ? __lock_acquire+0x548/0x3fb0 [ 204.778586][ T7836] ? lock_downgrade+0x880/0x880 [ 204.783425][ T7836] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.789667][ T7836] ? kasan_check_read+0x11/0x20 [ 204.794508][ T7836] ? __might_fault+0x12b/0x1e0 [ 204.799265][ T7836] ? find_held_lock+0x35/0x130 [ 204.804115][ T7836] ? __might_fault+0x12b/0x1e0 [ 204.808882][ T7836] ? lock_downgrade+0x880/0x880 [ 204.813732][ T7836] ? ___might_sleep+0x163/0x280 [ 204.818582][ T7836] __sys_sendmmsg+0x1bf/0x4d0 [ 204.823258][ T7836] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 204.828279][ T7836] ? _copy_to_user+0xc9/0x120 [ 204.832942][ T7836] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 204.839277][ T7836] ? put_timespec64+0xda/0x140 [ 204.844023][ T7836] ? nsecs_to_jiffies+0x30/0x30 [ 204.848889][ T7836] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.854343][ T7836] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.859895][ T7836] ? do_syscall_64+0x26/0x610 [ 204.864567][ T7836] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.870614][ T7836] ? do_syscall_64+0x26/0x610 [ 204.875306][ T7836] __x64_sys_sendmmsg+0x9d/0x100 [ 204.880233][ T7836] do_syscall_64+0x103/0x610 [ 204.884808][ T7836] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.890697][ T7836] RIP: 0033:0x4582b9 [ 204.894591][ T7836] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 204.914204][ T7836] RSP: 002b:00007f7b231e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 204.922636][ T7836] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 204.930600][ T7836] RDX: 0000000000000066 RSI: 000000002000ac80 RDI: 0000000000000003 [ 204.938645][ T7836] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 204.946629][ T7836] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b231e56d4 [ 204.954637][ T7836] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 204.970655][ T7836] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7836 [ 204.980501][ T7836] caller is ip6_finish_output+0x335/0xdc0 [ 204.986299][ T7836] CPU: 1 PID: 7836 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 204.995327][ T7836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 205.005395][ T7836] Call Trace: [ 205.008714][ T7836] dump_stack+0x172/0x1f0 [ 205.013589][ T7836] __this_cpu_preempt_check+0x246/0x270 [ 205.019176][ T7836] ip6_finish_output+0x335/0xdc0 [ 205.024172][ T7836] ip6_output+0x235/0x7f0 [ 205.028524][ T7836] ? ip6_finish_output+0xdc0/0xdc0 [ 205.033680][ T7836] ? ip6_fragment+0x3980/0x3980 [ 205.038653][ T7836] ? ip_reply_glue_bits+0xc0/0xc0 [ 205.043691][ T7836] ip6_local_out+0xc4/0x1b0 [ 205.048303][ T7836] ip6_send_skb+0xbb/0x350 [ 205.052748][ T7836] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 205.058400][ T7836] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 205.064159][ T7836] udpv6_sendmsg+0x21e3/0x28d0 [ 205.068941][ T7836] ? ip_reply_glue_bits+0xc0/0xc0 [ 205.073975][ T7836] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 205.079963][ T7836] ? aa_profile_af_perm+0x320/0x320 [ 205.085200][ T7836] ? __might_fault+0x12b/0x1e0 [ 205.090091][ T7836] ? find_held_lock+0x35/0x130 [ 205.094852][ T7836] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 205.101445][ T7836] ? rw_copy_check_uvector+0x2a6/0x330 [ 205.106916][ T7836] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 205.112447][ T7836] inet_sendmsg+0x147/0x5e0 [ 205.116946][ T7836] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 205.122929][ T7836] ? inet_sendmsg+0x147/0x5e0 [ 205.127605][ T7836] ? ipip_gro_receive+0x100/0x100 [ 205.132617][ T7836] sock_sendmsg+0xdd/0x130 [ 205.137031][ T7836] ___sys_sendmsg+0x3e2/0x930 [ 205.141704][ T7836] ? copy_msghdr_from_user+0x430/0x430 [ 205.147151][ T7836] ? __lock_acquire+0x548/0x3fb0 [ 205.152076][ T7836] ? lock_downgrade+0x880/0x880 [ 205.156915][ T7836] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 205.163161][ T7836] ? kasan_check_read+0x11/0x20 [ 205.167995][ T7836] ? __might_fault+0x12b/0x1e0 [ 205.172771][ T7836] ? find_held_lock+0x35/0x130 [ 205.177530][ T7836] ? __might_fault+0x12b/0x1e0 [ 205.182291][ T7836] ? lock_downgrade+0x880/0x880 [ 205.187138][ T7836] ? ___might_sleep+0x163/0x280 [ 205.191976][ T7836] __sys_sendmmsg+0x1bf/0x4d0 [ 205.196667][ T7836] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 205.201712][ T7836] ? _copy_to_user+0xc9/0x120 [ 205.206405][ T7836] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 205.212636][ T7836] ? put_timespec64+0xda/0x140 [ 205.217398][ T7836] ? nsecs_to_jiffies+0x30/0x30 [ 205.222249][ T7836] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 205.227692][ T7836] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 205.233143][ T7836] ? do_syscall_64+0x26/0x610 [ 205.237815][ T7836] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.243871][ T7836] ? do_syscall_64+0x26/0x610 [ 205.248530][ T7836] __x64_sys_sendmmsg+0x9d/0x100 [ 205.253453][ T7836] do_syscall_64+0x103/0x610 [ 205.258042][ T7836] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.263952][ T7836] RIP: 0033:0x4582b9 [ 205.267828][ T7836] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 205.287420][ T7836] RSP: 002b:00007f7b231e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 205.295830][ T7836] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 205.303800][ T7836] RDX: 0000000000000066 RSI: 000000002000ac80 RDI: 0000000000000003 [ 205.311750][ T7836] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 205.319711][ T7836] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b231e56d4 [ 205.327679][ T7836] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 205.337665][ T7836] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7836 [ 205.347006][ T7836] caller is sk_mc_loop+0x1d/0x210 [ 205.352014][ T7836] CPU: 0 PID: 7836 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 205.361028][ T7836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 205.371065][ T7836] Call Trace: [ 205.374361][ T7836] dump_stack+0x172/0x1f0 [ 205.378678][ T7836] __this_cpu_preempt_check+0x246/0x270 [ 205.384207][ T7836] sk_mc_loop+0x1d/0x210 [ 205.388439][ T7836] ip6_finish_output2+0x17a5/0x2550 [ 205.393620][ T7836] ? find_held_lock+0x35/0x130 [ 205.398371][ T7836] ? ip6_mtu+0x2e6/0x460 [ 205.402616][ T7836] ? ip6_forward_finish+0x580/0x580 [ 205.407801][ T7836] ? lock_downgrade+0x880/0x880 [ 205.412636][ T7836] ? rcu_read_unlock_special+0xf3/0x210 [ 205.418169][ T7836] ip6_finish_output+0x614/0xdc0 [ 205.423117][ T7836] ? ip6_finish_output+0x614/0xdc0 [ 205.428238][ T7836] ip6_output+0x235/0x7f0 [ 205.432576][ T7836] ? ip6_finish_output+0xdc0/0xdc0 [ 205.437672][ T7836] ? ip6_fragment+0x3980/0x3980 [ 205.442518][ T7836] ? ip_reply_glue_bits+0xc0/0xc0 [ 205.447538][ T7836] ip6_local_out+0xc4/0x1b0 [ 205.452026][ T7836] ip6_send_skb+0xbb/0x350 [ 205.456450][ T7836] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 205.461889][ T7836] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 205.467593][ T7836] udpv6_sendmsg+0x21e3/0x28d0 [ 205.472339][ T7836] ? ip_reply_glue_bits+0xc0/0xc0 [ 205.477371][ T7836] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 205.483343][ T7836] ? aa_profile_af_perm+0x320/0x320 [ 205.488521][ T7836] ? __might_fault+0x12b/0x1e0 [ 205.493353][ T7836] ? find_held_lock+0x35/0x130 [ 205.498103][ T7836] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 205.504342][ T7836] ? rw_copy_check_uvector+0x2a6/0x330 [ 205.509817][ T7836] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 205.515366][ T7836] inet_sendmsg+0x147/0x5e0 [ 205.519852][ T7836] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 205.525813][ T7836] ? inet_sendmsg+0x147/0x5e0 [ 205.530477][ T7836] ? ipip_gro_receive+0x100/0x100 [ 205.535528][ T7836] sock_sendmsg+0xdd/0x130 [ 205.539936][ T7836] ___sys_sendmsg+0x3e2/0x930 [ 205.544602][ T7836] ? copy_msghdr_from_user+0x430/0x430 [ 205.550222][ T7836] ? __lock_acquire+0x548/0x3fb0 [ 205.555171][ T7836] ? lock_downgrade+0x880/0x880 [ 205.560043][ T7836] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 205.566282][ T7836] ? kasan_check_read+0x11/0x20 [ 205.571139][ T7836] ? __might_fault+0x12b/0x1e0 [ 205.575882][ T7836] ? find_held_lock+0x35/0x130 [ 205.580629][ T7836] ? __might_fault+0x12b/0x1e0 [ 205.585380][ T7836] ? lock_downgrade+0x880/0x880 [ 205.590217][ T7836] ? ___might_sleep+0x163/0x280 [ 205.595049][ T7836] __sys_sendmmsg+0x1bf/0x4d0 [ 205.599716][ T7836] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 205.604756][ T7836] ? _copy_to_user+0xc9/0x120 [ 205.609420][ T7836] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 205.615651][ T7836] ? put_timespec64+0xda/0x140 [ 205.620405][ T7836] ? nsecs_to_jiffies+0x30/0x30 [ 205.625246][ T7836] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 205.630692][ T7836] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 205.636167][ T7836] ? do_syscall_64+0x26/0x610 [ 205.640843][ T7836] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.646891][ T7836] ? do_syscall_64+0x26/0x610 [ 205.651573][ T7836] __x64_sys_sendmmsg+0x9d/0x100 [ 205.656493][ T7836] do_syscall_64+0x103/0x610 [ 205.661069][ T7836] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.666949][ T7836] RIP: 0033:0x4582b9 [ 205.670827][ T7836] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 205.690416][ T7836] RSP: 002b:00007f7b231e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 205.699157][ T7836] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 205.707149][ T7836] RDX: 0000000000000066 RSI: 000000002000ac80 RDI: 0000000000000003 [ 205.715214][ T7836] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 205.723205][ T7836] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b231e56d4 [ 205.731268][ T7836] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 205.743909][ T7836] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7836 [ 205.753433][ T7836] caller is ip6_finish_output+0x335/0xdc0 [ 205.759228][ T7836] CPU: 0 PID: 7836 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 205.768267][ T7836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 205.778329][ T7836] Call Trace: [ 205.781615][ T7836] dump_stack+0x172/0x1f0 [ 205.786046][ T7836] __this_cpu_preempt_check+0x246/0x270 [ 205.791620][ T7836] ip6_finish_output+0x335/0xdc0 [ 205.796587][ T7836] ip6_output+0x235/0x7f0 [ 205.801039][ T7836] ? ip6_finish_output+0xdc0/0xdc0 [ 205.806173][ T7836] ? ip6_fragment+0x3980/0x3980 [ 205.811027][ T7836] ? ip_reply_glue_bits+0xc0/0xc0 [ 205.816043][ T7836] ip6_local_out+0xc4/0x1b0 [ 205.820558][ T7836] ip6_send_skb+0xbb/0x350 [ 205.824971][ T7836] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 205.830422][ T7836] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 205.836186][ T7836] udpv6_sendmsg+0x21e3/0x28d0 [ 205.840951][ T7836] ? ip_reply_glue_bits+0xc0/0xc0 [ 205.850213][ T7836] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 205.856194][ T7836] ? aa_profile_af_perm+0x320/0x320 [ 205.861405][ T7836] ? __might_fault+0x12b/0x1e0 [ 205.866169][ T7836] ? find_held_lock+0x35/0x130 [ 205.870933][ T7836] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 205.877335][ T7836] ? rw_copy_check_uvector+0x2a6/0x330 [ 205.882820][ T7836] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 205.888369][ T7836] inet_sendmsg+0x147/0x5e0 [ 205.892855][ T7836] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 205.898814][ T7836] ? inet_sendmsg+0x147/0x5e0 [ 205.904487][ T7836] ? ipip_gro_receive+0x100/0x100 [ 205.909500][ T7836] sock_sendmsg+0xdd/0x130 [ 205.913909][ T7836] ___sys_sendmsg+0x3e2/0x930 [ 205.918570][ T7836] ? copy_msghdr_from_user+0x430/0x430 [ 205.924012][ T7836] ? __lock_acquire+0x548/0x3fb0 [ 205.928952][ T7836] ? lock_downgrade+0x880/0x880 [ 205.933783][ T7836] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 205.940026][ T7836] ? kasan_check_read+0x11/0x20 [ 205.944864][ T7836] ? __might_fault+0x12b/0x1e0 [ 205.949611][ T7836] ? find_held_lock+0x35/0x130 [ 205.954485][ T7836] ? __might_fault+0x12b/0x1e0 [ 205.959248][ T7836] ? lock_downgrade+0x880/0x880 [ 205.964095][ T7836] ? ___might_sleep+0x163/0x280 [ 205.968931][ T7836] __sys_sendmmsg+0x1bf/0x4d0 [ 205.973687][ T7836] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 205.978703][ T7836] ? _copy_to_user+0xc9/0x120 [ 205.983376][ T7836] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 205.989684][ T7836] ? put_timespec64+0xda/0x140 [ 205.994435][ T7836] ? nsecs_to_jiffies+0x30/0x30 [ 205.999291][ T7836] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 206.004734][ T7836] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 206.010181][ T7836] ? do_syscall_64+0x26/0x610 [ 206.014852][ T7836] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 206.021250][ T7836] ? do_syscall_64+0x26/0x610 [ 206.025927][ T7836] __x64_sys_sendmmsg+0x9d/0x100 [ 206.031204][ T7836] do_syscall_64+0x103/0x610 [ 206.035797][ T7836] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 206.041687][ T7836] RIP: 0033:0x4582b9 [ 206.045564][ T7836] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 206.065162][ T7836] RSP: 002b:00007f7b231e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 206.073562][ T7836] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 206.081539][ T7836] RDX: 0000000000000066 RSI: 000000002000ac80 RDI: 0000000000000003 [ 206.089519][ T7836] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 206.097475][ T7836] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b231e56d4 [ 206.105523][ T7836] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 206.114996][ T7836] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7836 [ 206.124384][ T7836] caller is sk_mc_loop+0x1d/0x210 [ 206.129613][ T7836] CPU: 0 PID: 7836 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 206.138643][ T7836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 206.148699][ T7836] Call Trace: [ 206.151978][ T7836] dump_stack+0x172/0x1f0 [ 206.156293][ T7836] __this_cpu_preempt_check+0x246/0x270 [ 206.161818][ T7836] sk_mc_loop+0x1d/0x210 [ 206.166045][ T7836] ip6_finish_output2+0x17a5/0x2550 [ 206.171222][ T7836] ? find_held_lock+0x35/0x130 [ 206.175986][ T7836] ? ip6_mtu+0x2e6/0x460 [ 206.180214][ T7836] ? ip6_forward_finish+0x580/0x580 [ 206.185394][ T7836] ? lock_downgrade+0x880/0x880 [ 206.190227][ T7836] ? rcu_read_unlock_special+0xf3/0x210 [ 206.195782][ T7836] ip6_finish_output+0x614/0xdc0 [ 206.200708][ T7836] ? ip6_finish_output+0x614/0xdc0 [ 206.205827][ T7836] ip6_output+0x235/0x7f0 [ 206.210165][ T7836] ? ip6_finish_output+0xdc0/0xdc0 [ 206.215274][ T7836] ? ip6_fragment+0x3980/0x3980 [ 206.220107][ T7836] ? ip_reply_glue_bits+0xc0/0xc0 [ 206.225118][ T7836] ip6_local_out+0xc4/0x1b0 [ 206.229614][ T7836] ip6_send_skb+0xbb/0x350 [ 206.234034][ T7836] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 206.239477][ T7836] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 206.245202][ T7836] udpv6_sendmsg+0x21e3/0x28d0 [ 206.250037][ T7836] ? ip_reply_glue_bits+0xc0/0xc0 [ 206.255063][ T7836] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 206.261027][ T7836] ? aa_profile_af_perm+0x320/0x320 [ 206.266207][ T7836] ? __might_fault+0x12b/0x1e0 [ 206.270952][ T7836] ? find_held_lock+0x35/0x130 [ 206.275725][ T7836] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 206.282035][ T7836] ? rw_copy_check_uvector+0x2a6/0x330 [ 206.287489][ T7836] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 206.293016][ T7836] inet_sendmsg+0x147/0x5e0 [ 206.297502][ T7836] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 206.303480][ T7836] ? inet_sendmsg+0x147/0x5e0 [ 206.308168][ T7836] ? ipip_gro_receive+0x100/0x100 [ 206.313174][ T7836] sock_sendmsg+0xdd/0x130 [ 206.317571][ T7836] ___sys_sendmsg+0x3e2/0x930 [ 206.322231][ T7836] ? copy_msghdr_from_user+0x430/0x430 [ 206.327672][ T7836] ? __lock_acquire+0x548/0x3fb0 [ 206.332600][ T7836] ? lock_downgrade+0x880/0x880 [ 206.337451][ T7836] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 206.343678][ T7836] ? kasan_check_read+0x11/0x20 [ 206.348513][ T7836] ? __might_fault+0x12b/0x1e0 [ 206.353272][ T7836] ? find_held_lock+0x35/0x130 [ 206.358124][ T7836] ? __might_fault+0x12b/0x1e0 [ 206.362908][ T7836] ? lock_downgrade+0x880/0x880 [ 206.367745][ T7836] ? ___might_sleep+0x163/0x280 [ 206.372576][ T7836] __sys_sendmmsg+0x1bf/0x4d0 [ 206.377430][ T7836] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 206.382438][ T7836] ? _copy_to_user+0xc9/0x120 [ 206.387094][ T7836] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 206.393312][ T7836] ? put_timespec64+0xda/0x140 [ 206.398158][ T7836] ? nsecs_to_jiffies+0x30/0x30 [ 206.402998][ T7836] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 206.408437][ T7836] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 206.413895][ T7836] ? do_syscall_64+0x26/0x610 [ 206.418556][ T7836] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 206.424608][ T7836] ? do_syscall_64+0x26/0x610 [ 206.429291][ T7836] __x64_sys_sendmmsg+0x9d/0x100 [ 206.434240][ T7836] do_syscall_64+0x103/0x610 [ 206.438819][ T7836] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 206.444690][ T7836] RIP: 0033:0x4582b9 [ 206.448565][ T7836] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 206.468177][ T7836] RSP: 002b:00007f7b231e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 206.476571][ T7836] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 206.484521][ T7836] RDX: 0000000000000066 RSI: 000000002000ac80 RDI: 0000000000000003 [ 206.492495][ T7836] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 206.500451][ T7836] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b231e56d4 [ 206.508401][ T7836] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 206.533777][ T7813] 8021q: adding VLAN 0 to HW filter on device bond0 22:39:34 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 206.552655][ T7818] team0: Port device team_slave_0 added [ 206.560389][ T7826] chnl_net:caif_netlink_parms(): no params data found [ 206.575928][ T7818] team0: Port device team_slave_1 added 22:39:35 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e23}, 0x1c) listen(r0, 0x18) r1 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6e, &(0x7f0000000000)=[@in={0x2, 0x4e23, @local}], 0x10) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000300)={0x0, @in={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1f}}}}, 0x0) [ 206.604534][ T7813] 8021q: adding VLAN 0 to HW filter on device team0 [ 206.634616][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 206.642688][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 22:39:35 executing program 0: socketpair$unix(0x1, 0x1000000000080003, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x0, 0x0) ioctl$BLKRRPART(r1, 0x1268, 0x70a000) [ 206.709882][ T7818] device hsr_slave_0 entered promiscuous mode [ 206.747370][ T7818] device hsr_slave_1 entered promiscuous mode [ 206.802435][ T7822] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.809875][ T7822] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.818446][ T7822] device bridge_slave_0 entered promiscuous mode [ 206.826371][ T7822] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.833439][ T7822] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.841432][ T7822] device bridge_slave_1 entered promiscuous mode [ 206.849255][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 206.861285][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 206.869757][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.876818][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 206.884564][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 206.893278][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 206.901559][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.908664][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 206.916314][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 22:39:35 executing program 0: request_key(0x0, 0x0, 0x0, 0xfffffffffffffffc) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e23}, 0x1c) listen(r0, 0x18) r1 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6e, &(0x7f0000000000)=[@in={0x2, 0x4e23, @local}], 0x10) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000300)={0x0, @in={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1f}}}, 0x0, 0x0, 0x3ff, 0x2}, 0x0) [ 206.978625][ T7822] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 206.988235][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 206.998091][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 207.011143][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 207.021016][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 207.030226][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 207.043247][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 207.057907][ T7813] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 207.076201][ T7813] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 207.118489][ T7813] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 207.197949][ T7822] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 207.227111][ T7863] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 22:39:35 executing program 0: request_key(0x0, 0x0, 0x0, 0xfffffffffffffffc) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e23}, 0x1c) listen(r0, 0x18) r1 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6e, &(0x7f0000000000)=[@in={0x2, 0x4e23, @local}], 0x10) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000300)={0x0, @in={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1f}}}, 0x0, 0x0, 0x3ff, 0x2}, 0x0) [ 207.254089][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 207.283337][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 207.302963][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 207.327649][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 207.337280][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 207.354870][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 207.373152][ T7826] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.397591][ T7826] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.409363][ T7826] device bridge_slave_0 entered promiscuous mode [ 207.440855][ T7826] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.448675][ T7826] bridge0: port 2(bridge_slave_1) entered disabled state 22:39:35 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)) r1 = syz_open_pts(r0, 0x109002) ioctl$TCXONC(r1, 0x540a, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xd) write$tun(r1, &(0x7f0000000400)=ANY=[@ANYBLOB], 0x1) [ 207.457114][ T7826] device bridge_slave_1 entered promiscuous mode [ 207.472749][ T7815] 8021q: adding VLAN 0 to HW filter on device bond0 [ 207.481393][ T7822] team0: Port device team_slave_0 added [ 207.520439][ T7822] team0: Port device team_slave_1 added 22:39:36 executing program 0: request_key(0x0, 0x0, 0x0, 0xfffffffffffffffc) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e23}, 0x1c) listen(r0, 0x18) r1 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6e, &(0x7f0000000000)=[@in={0x2, 0x4e23, @local}], 0x10) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000300)={0x0, @in={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1f}}}, 0x0, 0x0, 0x3ff, 0x2}, 0x0) [ 207.567646][ T7815] 8021q: adding VLAN 0 to HW filter on device team0 [ 207.581820][ T7826] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 207.603562][ T7826] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 207.620018][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 207.635498][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 207.671843][ T7818] 8021q: adding VLAN 0 to HW filter on device bond0 [ 207.730058][ T7818] 8021q: adding VLAN 0 to HW filter on device team0 [ 207.775638][ T7818] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 207.793121][ T7818] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 207.821357][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 207.835071][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 207.861047][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 207.877853][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 207.886946][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.894028][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 207.901870][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 207.910544][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 207.919348][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.926476][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 207.933997][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 207.942935][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 207.951925][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 207.960482][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 207.968998][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 207.977700][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 207.985937][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 207.994310][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 208.002588][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 208.010919][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 208.025647][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 208.034811][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 208.044363][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 208.052372][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 208.061655][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 208.070064][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.077165][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 208.085810][ T7826] team0: Port device team_slave_0 added [ 208.139355][ T7822] device hsr_slave_0 entered promiscuous mode [ 208.206790][ T7822] device hsr_slave_1 entered promiscuous mode [ 208.248311][ T7826] team0: Port device team_slave_1 added [ 208.256467][ T7821] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 208.264486][ T7821] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 208.273194][ T7821] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 208.281886][ T7821] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.288987][ T7821] bridge0: port 2(bridge_slave_1) entered forwarding state [ 208.317982][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 208.327468][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 208.335893][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 208.345596][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 208.354434][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 208.363071][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 208.371845][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 208.380236][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 208.388976][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 208.397294][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 208.405888][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 208.423203][ T7815] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 208.499286][ T7826] device hsr_slave_0 entered promiscuous mode [ 208.536741][ T7826] device hsr_slave_1 entered promiscuous mode [ 208.590249][ T7818] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 208.642885][ T7815] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 208.752311][ T7822] 8021q: adding VLAN 0 to HW filter on device bond0 [ 208.787678][ T7822] 8021q: adding VLAN 0 to HW filter on device team0 [ 208.823577][ T7821] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 208.838993][ T7821] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 208.856916][ T7821] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 208.865688][ T7821] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 208.903465][ T7821] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.910657][ T7821] bridge0: port 1(bridge_slave_0) entered forwarding state [ 208.936646][ T7821] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 208.957308][ T7821] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 208.965771][ T7821] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.972909][ T7821] bridge0: port 2(bridge_slave_1) entered forwarding state [ 208.987934][ T7826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 209.001908][ T7819] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 209.011349][ T7819] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 209.025127][ T7819] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 209.062985][ T7826] 8021q: adding VLAN 0 to HW filter on device team0 [ 209.077893][ T7821] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 209.092793][ T7821] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 209.101887][ T7821] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 209.111648][ T7821] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 209.120166][ T7821] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 209.128947][ T7821] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 209.137391][ T7821] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 209.145618][ T7821] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 209.154152][ T7821] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 209.162209][ T7821] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 209.173062][ T7822] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 209.188381][ T7821] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 209.214864][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 209.224010][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 209.233285][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.240445][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 209.250476][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 209.274528][ T7822] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 209.304265][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 209.314385][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 209.329504][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.336665][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 209.351472][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 209.361506][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 209.375602][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 209.385892][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 209.400970][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 209.411036][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 209.442419][ T7826] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 209.466299][ T7826] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 209.493052][ T7854] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 209.501546][ T7854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 209.518484][ T7854] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 209.533285][ T7854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 209.542220][ T7854] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 209.617104][ T7854] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 209.630328][ T7826] 8021q: adding VLAN 0 to HW filter on device batadv0 22:39:38 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x01\x00'}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000140)={0x212}) 22:39:38 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)) r1 = syz_open_pts(r0, 0x109002) ioctl$TCXONC(r1, 0x540a, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xd) write$tun(r1, &(0x7f0000000400)=ANY=[@ANYBLOB], 0x1) 22:39:38 executing program 0: request_key(0x0, 0x0, 0x0, 0xfffffffffffffffc) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e23}, 0x1c) listen(r0, 0x18) r1 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6e, &(0x7f0000000000)=[@in={0x2, 0x4e23, @local}], 0x10) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000300)={0x0, @in={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1f}}}, 0x0, 0x0, 0x3ff, 0x2}, 0x0) 22:39:38 executing program 5: syz_open_dev$sndseq(&(0x7f0000b39000)='/dev/snd/seq\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndseq(0x0, 0x0, 0x0) 22:39:38 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x200, 0x1) write$tun(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0000000002840800ff001f00000063c759e602da3b0900000000000000000000ffffac1414bb3f9c1584a7d5d29465bb0282378748f91e080404e4400001fe8000000000000000000000000000aaff01000000000000000000000000000100000000000000000000ffffe0000002fe8800000000000000000000000001013f10000000000000010900000000000000000001080000000000000000035a81f711355ae307e2b3c0e97591da56cabeef14f98bdeeadfdf43a17e8dc494356686d9a97e809b7f15630ba909f729044c68b56ef8ec0f12b09740dfce7e35b02b032a71f8bdb42d861ab47e41c0513cf0bc6e24866c75195724c2040000ffff01030000000502000001050000000000007700000004bb7d4364359f08cd5f822ecbb43e6db6a54b477a2956f450e9df9da99aee3a0448552b21d5c1936f8ec025ce6f2fe4440972dfabc78aa86cf135a2a98ea27ada5716d864cbaf162cc8701c10483d94c65a32d9baa0a4a50031b8f404573d48bb0d446c5df0807764538c6e18ccecba8b77265ac0c44ebd2bf0c8d7dc00f81ef75b5b675b6ce440624c79fbce96c6a259deab77f7a39ef0693650df269ac343290edd07a7fa11be00531aee0402b42791a7c19bb7105be036edeb94b20276ba98977052785b789a408cfb834f9702f889aefc59c2651e24de261714ba4f900ffbcfcdfcdc8eb68d5147d65aa1cd5c09721158ba73a8e5425a9002dcc9cdc8acfcd96d2cb42773af551c8915607d1285b9c7688eed3c8e455f10bc19f8577abfb098023fe84e8911c2862967ebbc3fd984402beae90000003a000728670000000006000000000000c204000000040103000000072000000000060101007f0f0000000000000100010000000000010100000000000001020000000000000000000c0604030610bf03fe880000000000000000000000000101fe8000000000000000000000000000aafe8000000000000000000000000000aa3a02040109200500000000000000000000000000000000010000000000000000000000000000000300004e2400004e2300000004000000030000000100000004000000000000"], 0x1) 22:39:38 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x5) 22:39:38 executing program 1: syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) 22:39:38 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/current\x00', 0x2, 0x0) write$apparmor_current(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030703030315e7065726d70726f66696c65202f007065726d70726f66696c65054797bbc8ee8ec01fb72f1379dc54614f7d5ab560948051a6a7cb801d7c2bec8fc39b9d4eb90ce6ac3ffcfcc83abf164f3d1d9f343e248f743052410128bcb1e7da7df10712086f7b4006023939f5073462549bc159d8f7751b37940896e67f59bb034550fca725c06d23e1dc533a3d91ee6dfbbe10fbbaf8553257017848e4d9dacd9a7ce127d8ffaefc2dad74e9613a95560ca89c525f55b6199a1fc3c4ec647af7279cf7961776f0dd33c676300c5fefb5b7d7cf5265393c98275cd3bdfb79dc8e8d8cc6a725cbf62e35430566c20240ccaeb46fd387689d422c726e80b29bd823e5fed46939938f322b945651ec689100000000000100018a6f9df183d9db63758094436fc97e9d81aaf496d1"], 0x1) 22:39:38 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno'}}) [ 210.607747][ T7926] 9pnet: Insufficient options for proto=fd 22:39:39 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000280)={0x7a, 0x0, [0x277, 0x0, 0x40000001], [0xc1]}) 22:39:39 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x1) 22:39:39 executing program 3: openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xb) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCGWINSZ(r0, 0x5413, &(0x7f0000000080)) [ 210.675961][ T7921] mkiss: ax0: crc mode is auto. 22:39:39 executing program 2: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000300)=0x40) [ 210.865604][ T7921] mkiss: ax0: crc mode is auto. 22:39:39 executing program 5: r0 = add_key$keyring(&(0x7f0000000980)='keyring\x00', &(0x7f0000000140)={'syz'}, 0x0, 0x0, 0xfffffffffffffffc) add_key(&(0x7f0000000940)='big_key\x00', 0x0, &(0x7f0000000a00)="46ac5128da090e4899c38028efeb85968ead969e21e33725a7edc030260cdb3ca79964a6e93ce51185f005b7dac052cb797af438c32c29b736fb12c63dd0e504445044a1ae9c10fd8171232ed7dcb08e9acaf4c569c4c1805c47994118fc35ff7f03407dc7093fa7d3132d276a10768b2711cd1c6ecd3545692431856b6e0651412ff7b73711097f061a1b67f6c3d7605eab3b675b6c061e6ef32b7ea8847b6f84da1334d35322b94447bfaca74b152eb64cfa54cb63126c2cc662e7898e6459ed40c4566403f303d341c9c34c6049d9f8e1c2a9483f003c20e66886d0e1629f498668c202f183de294d03da07c9f5feb65bc196554a79a2f255828c1f1cf9a09654f9df849443e8d290debcc78efbdca391a348b33f18ef618011273faa1f095298dd71db08a90e177a1e9a0c771deca3b51670a26850b89d4439574328c19d9e91766dd52169e0ad5011e4acc005861b3b3146d67445e6f6c75ce4af9d8db6963887d79113613267c5bc42fb0aca828590fb291ce8836d3cd391d364efdbb7015d8ec643d83b623380c21c6ebbf774498c94e60838a45d4692bfe73aaea2bbcecb6dcec20e5aa48a950428e2372009212f2f6be608cdec5ff84108f3f3d2e42c99a6d4cd4577ec9f39a51533efe71d494ccadb66eddd4cc0e56b33eefb0ada68ae36c905a977d9042a63299d2130f4e85357b0078c31bc45b00f5ccd879a6735d85882bfddbc6f2cff4a2b976b29e5a8adc74893c748b297a660ba0f64ad8a6ac6fcf180b6a4357ad6733cb75035cd58631142bd720cf52bcd1438647cbe1058e32d33c38f1327bef3f6b1c815ab4f2d47366473ae37c65a2d1df88823dd4c326d640c50e5bddfa976f04cd034331b632cd7a8bbc838081f28f6e24ed646721cea36e56501f9085e428a6c94b7ba5431f59651f36c8f715e4547ffed53c03cc58d2d4382193625cf69c197c4eb3c3c86c291d693837ab7eb23d61d2518379f0c61acf67425afa1ff8d1fac196a7ef9f6f9b514a2028ae010d1bf10833940294c400401ec706ce366dc4c62f6c55c6985a31592360cc7e6cc30a90cae1891b4cffb882b0329457503055db6a8e3b651b3302c24e6d149e8368ee6d3bafbc417256d042b4b87cb1bf46169ad1a593da66b2c6f453180f2c51be35c431e1af07e54c1251334415135422fa81b015a7a746c1979827e3d32057d408016cdc2b641a42626bbf8b7970a5638e9e48783ff80ded5b5184b69d41e60ba9e2ff7ef3e85b4419db2b064d64f833dc2035a6cc3ea28335ad94eb5ba974d9799ce94565559e6a7636b725c4c3dc1702af3c0f3d9dc77f6d404b7c8ff2cec1b4e703451a1d2750d9a22e9f4b5e27da765d228f09bbd30088ac9dff793ec759161849cf4217f5684bff8eddd65be61d3ed2dcc7bae8ab5e1260c3a90cdb37626c4871098802b34f271d8a091b0517bd1588b43cf21b2e3fe676e34d115a56d450d50a97ac7e2ea5904f9695dbde822dba41ac3a1190d63ef486a1829d38b005f9458a82533a555a2f674eea95af7ef7f0cf9654e0ed8d2ab722ca065fd97e6518b76a39cc1b04dc49c395f3aad5e05c76c1881f6a85fee6c6fba8340692eb0b7f3f948350e6947dac635cfef9e4ff4d3f756802cbd97e8c5845b25bc5a021d9875277f197d1bce55661e6961dd788a444962e33fa582a01d0bd61aaa22a76adf68b3169d3f0b49", 0x4c1, r0) [ 210.951381][ T7947] kvm [7946]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 22:39:39 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r0, 0x1, 0x2a, &(0x7f0000000000)=r0, 0x4) recvmsg(r0, &(0x7f00000023c0)={0x0, 0x0, 0x0}, 0x2) sendmsg(r1, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0) 22:39:39 executing program 4: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) readv(r1, &(0x7f0000000540)=[{&(0x7f0000000100)=""/97, 0x61}, {0x0}], 0x2) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r1, 0x2) ioctl$TCSETAF(r2, 0x5408, 0x0) dup3(r2, r1, 0x0) write(r1, &(0x7f0000c34fff), 0xffffff0b) 22:39:39 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000280)={0x7a, 0x0, [0x10a, 0x0, 0x40000001], [0xc1]}) 22:39:39 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000280)={0x7a, 0x0, [0x9e, 0x0, 0x40000001], [0xc1]}) 22:39:39 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x0, &(0x7f0000000340)=',,,loeth1selinux-selinuxeth1trustedvboxnet0-md5sum\x00') sendmsg$TIPC_CMD_GET_BEARER_NAMES(r2, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x811100}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, 0x0, 0x108, 0x70bd25, 0x25dfdbff, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000003c0)={0x0, r2, 0x0, 0x2d, &(0x7f0000000380)='*!keyringvmnet1procposix_acl_access^security\x00'}, 0x30) setuid(0x0) 22:39:39 executing program 2: mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno'}}) [ 211.475386][ T8006] devpts: called with bogus options [ 211.625046][ T8017] devpts: called with bogus options 22:39:40 executing program 2: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ppp\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000280)) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f00000004c0)) 22:39:40 executing program 5: syz_open_dev$sndseq(&(0x7f0000b39000)='/dev/snd/seq\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f000003e000)='\'', 0x0) r1 = syz_open_dev$sndseq(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r2, 0x40605346, &(0x7f0000000040)) 22:39:40 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KDGKBENT(0xffffffffffffffff, 0x4b46, 0x0) r1 = dup(r0) mmap$perf(&(0x7f0000ff5000/0xa000)=nil, 0xa000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x5421, &(0x7f0000000000)) 22:39:40 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xd) poll(&(0x7f0000000180)=[{r0}], 0x1, 0x1) 22:39:40 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000980)='keyring\x00', &(0x7f0000000140)={'syz'}, 0x0, 0x0, 0xfffffffffffffffc) r1 = add_key(&(0x7f0000000940)='big_key\x00', &(0x7f00000000c0)={'\xff\xff\xff'}, 0x0, 0x0, r0) keyctl$read(0xb, r1, &(0x7f0000005340)=""/4096, 0x1000000d6) 22:39:40 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000280)={0x7a, 0x0, [0xc0000080, 0x0, 0x40000001], [0xc1]}) 22:39:40 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x1000000200000581) r1 = dup2(r0, r0) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f00000000c0)='hybla\x00\xba\"\"Q\xc0#{Y\xf0\x0e\xe4>\n\xe4f*(\xe4\xc7\x13\xd1G\xbc\xef\xa4\xdd\x03\x1e~4K\xd8\x1a\x85\fy\x83E\x84d^*SS\xfd7\xe8\xaexs{\xc9\x13\xac\a\xdc\xa1\x85j\x9b\xd3\x01\"\xe7\x8b\xbc}\xc0\xb1\xf5\xe3\xa3\r\xf7\xd5\\\xadh\xa8\v\'&GQ\xa2q\x9e0\x80!\xf974\xacRB9d\xa8\xe9\x8b=1&\xdb\xd3\xdb;\xd8\x05\xfe9\xd6>v\xed\xab,$\xc7\x9d