[ 34.184882][ T25] audit: type=1800 audit(1554597718.383:27): pid=7453 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 34.217045][ T25] audit: type=1800 audit(1554597718.383:28): pid=7453 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 34.834709][ T25] audit: type=1800 audit(1554597719.073:29): pid=7453 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 34.860561][ T25] audit: type=1800 audit(1554597719.073:30): pid=7453 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.2' (ECDSA) to the list of known hosts. 2019/04/07 00:42:14 fuzzer started 2019/04/07 00:42:17 dialing manager at 10.128.0.26:34543 2019/04/07 00:42:17 syscalls: 2408 2019/04/07 00:42:17 code coverage: enabled 2019/04/07 00:42:17 comparison tracing: enabled 2019/04/07 00:42:17 extra coverage: extra coverage is not supported by the kernel 2019/04/07 00:42:17 setuid sandbox: enabled 2019/04/07 00:42:17 namespace sandbox: enabled 2019/04/07 00:42:17 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/07 00:42:17 fault injection: enabled 2019/04/07 00:42:17 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/07 00:42:17 net packet injection: enabled 2019/04/07 00:42:17 net device setup: enabled 00:44:15 executing program 0: syzkaller login: [ 171.041836][ T7618] IPVS: ftp: loaded support on port[0] = 21 00:44:15 executing program 1: [ 171.162705][ T7618] chnl_net:caif_netlink_parms(): no params data found [ 171.239496][ T7618] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.270479][ T7618] bridge0: port 1(bridge_slave_0) entered disabled state [ 171.278683][ T7618] device bridge_slave_0 entered promiscuous mode [ 171.290820][ T7618] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.304867][ T7618] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.313357][ T7618] device bridge_slave_1 entered promiscuous mode [ 171.327642][ T7621] IPVS: ftp: loaded support on port[0] = 21 00:44:15 executing program 2: [ 171.353231][ T7618] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 171.367379][ T7618] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 171.414593][ T7618] team0: Port device team_slave_0 added [ 171.432968][ T7618] team0: Port device team_slave_1 added [ 171.494277][ T7618] device hsr_slave_0 entered promiscuous mode 00:44:15 executing program 3: [ 171.561591][ T7618] device hsr_slave_1 entered promiscuous mode [ 171.655944][ T7623] IPVS: ftp: loaded support on port[0] = 21 [ 171.670708][ T7618] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.677995][ T7618] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.685935][ T7618] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.693117][ T7618] bridge0: port 1(bridge_slave_0) entered forwarding state [ 171.764190][ T7621] chnl_net:caif_netlink_parms(): no params data found [ 171.773301][ T7626] IPVS: ftp: loaded support on port[0] = 21 00:44:16 executing program 4: [ 171.871743][ T7618] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.926841][ T7618] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.964218][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 171.977771][ T2990] bridge0: port 1(bridge_slave_0) entered disabled state [ 171.996821][ T2990] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.006009][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 172.024458][ T7621] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.033938][ T7621] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.042260][ T7621] device bridge_slave_0 entered promiscuous mode [ 172.056631][ T7630] IPVS: ftp: loaded support on port[0] = 21 00:44:16 executing program 5: [ 172.084902][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 172.094050][ T2990] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.101216][ T2990] bridge0: port 1(bridge_slave_0) entered forwarding state [ 172.113086][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 172.121732][ T2990] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.128807][ T2990] bridge0: port 2(bridge_slave_1) entered forwarding state [ 172.139795][ T7621] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.147298][ T7621] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.157039][ T7621] device bridge_slave_1 entered promiscuous mode [ 172.178501][ T7623] chnl_net:caif_netlink_parms(): no params data found [ 172.202894][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 172.212674][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 172.222950][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 172.263798][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 172.271582][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 172.279699][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 172.289665][ T7621] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 172.300204][ T7621] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 172.327491][ T7633] IPVS: ftp: loaded support on port[0] = 21 [ 172.359575][ T7618] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 172.379527][ T7621] team0: Port device team_slave_0 added [ 172.399483][ T7623] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.406895][ T7623] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.415759][ T7623] device bridge_slave_0 entered promiscuous mode [ 172.423476][ T7623] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.430630][ T7623] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.438319][ T7623] device bridge_slave_1 entered promiscuous mode [ 172.448779][ T7621] team0: Port device team_slave_1 added [ 172.472611][ T7626] chnl_net:caif_netlink_parms(): no params data found [ 172.503925][ T7630] chnl_net:caif_netlink_parms(): no params data found [ 172.551183][ T7630] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.558323][ T7630] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.566261][ T7630] device bridge_slave_0 entered promiscuous mode [ 172.574600][ T7623] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 172.588171][ T7623] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 172.610210][ T7626] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.617821][ T7626] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.625840][ T7626] device bridge_slave_0 entered promiscuous mode [ 172.633128][ T7630] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.640178][ T7630] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.648575][ T7630] device bridge_slave_1 entered promiscuous mode [ 172.669581][ T7630] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 172.687974][ T7626] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.696213][ T7626] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.704438][ T7626] device bridge_slave_1 entered promiscuous mode [ 172.724319][ T7626] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 172.734394][ T7630] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 172.747599][ T7623] team0: Port device team_slave_0 added [ 172.793089][ T7621] device hsr_slave_0 entered promiscuous mode [ 172.830824][ T7621] device hsr_slave_1 entered promiscuous mode [ 172.876182][ T7626] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 172.894982][ T7623] team0: Port device team_slave_1 added [ 172.916258][ T7618] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 173.003061][ T7623] device hsr_slave_0 entered promiscuous mode [ 173.040915][ T7623] device hsr_slave_1 entered promiscuous mode [ 173.089872][ T7630] team0: Port device team_slave_0 added [ 173.096790][ T7626] team0: Port device team_slave_0 added [ 173.104267][ T7626] team0: Port device team_slave_1 added [ 173.137525][ T7630] team0: Port device team_slave_1 added [ 173.158084][ T7623] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.165217][ T7623] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.172554][ T7623] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.179586][ T7623] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.293025][ T7630] device hsr_slave_0 entered promiscuous mode [ 173.330867][ T7630] device hsr_slave_1 entered promiscuous mode 00:44:17 executing program 0: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0xa4}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) [ 173.412830][ T7626] device hsr_slave_0 entered promiscuous mode [ 173.461859][ T7626] device hsr_slave_1 entered promiscuous mode [ 173.528103][ T7626] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.535292][ T7626] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.542723][ T7626] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.549784][ T7626] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.564907][ T7628] bridge0: port 1(bridge_slave_0) entered disabled state 00:44:17 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000001c0)={0x0, 0x1}, 0x4) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000000c0)='bridge0\x00', 0x10) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) [ 173.573448][ T7628] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.583810][ T7628] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.592719][ T7628] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.617330][ T7633] chnl_net:caif_netlink_parms(): no params data found [ 173.684118][ T7621] 8021q: adding VLAN 0 to HW filter on device bond0 [ 173.726274][ T7621] 8021q: adding VLAN 0 to HW filter on device team0 [ 173.732335][ T7647] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7647 [ 173.742703][ C0] hrtimer: interrupt took 64974 ns [ 173.748697][ T7647] caller is sk_mc_loop+0x1d/0x210 [ 173.750106][ T7623] 8021q: adding VLAN 0 to HW filter on device bond0 [ 173.753896][ T7647] CPU: 0 PID: 7647 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 173.753907][ T7647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 173.753911][ T7647] Call Trace: [ 173.753933][ T7647] dump_stack+0x172/0x1f0 [ 173.753956][ T7647] __this_cpu_preempt_check+0x246/0x270 [ 173.753973][ T7647] sk_mc_loop+0x1d/0x210 [ 173.753988][ T7647] ip_mc_output+0x2ef/0xf70 [ 173.754005][ T7647] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 173.754024][ T7647] ? ip_append_data.part.0+0x170/0x170 [ 173.754035][ T7647] ? ip_make_skb+0x1b1/0x2c0 [ 173.754049][ T7647] ? ip_reply_glue_bits+0xc0/0xc0 [ 173.754072][ T7647] ip_local_out+0xc4/0x1b0 [ 173.773220][ T7623] 8021q: adding VLAN 0 to HW filter on device team0 [ 173.779772][ T7647] ip_send_skb+0x42/0xf0 [ 173.815390][ T7623] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 173.817348][ T7647] udp_send_skb.isra.0+0x6b2/0x1180 [ 173.817370][ T7647] udp_sendmsg+0x1dfd/0x2820 [ 173.817392][ T7647] ? __lock_acquire+0x548/0x3fb0 [ 173.817410][ T7647] ? ip_reply_glue_bits+0xc0/0xc0 [ 173.827269][ T7623] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 173.833813][ T7647] ? udp4_lib_lookup_skb+0x440/0x440 [ 173.833826][ T7647] ? __might_fault+0x12b/0x1e0 [ 173.833840][ T7647] ? find_held_lock+0x35/0x130 [ 173.833860][ T7647] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 173.833872][ T7647] ? lockdep_hardirqs_on+0x418/0x5d0 [ 173.833901][ T7647] ? __might_sleep+0x95/0x190 [ 173.856487][ T7623] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 173.858206][ T7647] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 173.858224][ T7647] ? aa_sk_perm+0x288/0x880 00:44:18 executing program 2: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x7e4, &(0x7f0000000200)=0x0) io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) [ 173.921205][ T7647] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 173.921223][ T7647] inet_sendmsg+0x147/0x5e0 [ 173.921236][ T7647] ? udp4_lib_lookup_skb+0x440/0x440 [ 173.921246][ T7647] ? inet_sendmsg+0x147/0x5e0 [ 173.921257][ T7647] ? ipip_gro_receive+0x100/0x100 [ 173.921275][ T7647] sock_sendmsg+0xdd/0x130 [ 173.921291][ T7647] ___sys_sendmsg+0x3e2/0x930 [ 173.921309][ T7647] ? copy_msghdr_from_user+0x430/0x430 [ 173.921326][ T7647] ? lock_downgrade+0x880/0x880 [ 173.921351][ T7647] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 173.921370][ T7647] ? kasan_check_read+0x11/0x20 [ 173.921385][ T7647] ? __fget+0x381/0x550 [ 173.921402][ T7647] ? ksys_dup3+0x3e0/0x3e0 [ 173.921416][ T7647] ? __fget_light+0x55/0x230 [ 173.921439][ T7647] ? __fget_light+0x1a9/0x230 [ 173.921457][ T7647] ? __fdget+0x1b/0x20 [ 173.921470][ T7647] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 173.921483][ T7647] ? sockfd_lookup_light+0xcb/0x180 [ 173.921498][ T7647] __sys_sendmmsg+0x1bf/0x4d0 [ 173.921513][ T7647] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 173.921537][ T7647] ? _copy_to_user+0xc9/0x120 [ 173.921553][ T7647] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 173.931719][ T7647] ? put_timespec64+0xda/0x140 [ 173.931740][ T7647] ? nsecs_to_jiffies+0x30/0x30 [ 174.045347][ T7647] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 174.050816][ T7647] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 174.056282][ T7647] ? do_syscall_64+0x26/0x610 [ 174.060965][ T7647] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 174.067036][ T7647] ? do_syscall_64+0x26/0x610 [ 174.071722][ T7647] __x64_sys_sendmmsg+0x9d/0x100 [ 174.076687][ T7647] do_syscall_64+0x103/0x610 [ 174.081291][ T7647] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 174.087183][ T7647] RIP: 0033:0x4582b9 [ 174.091080][ T7647] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 174.110698][ T7647] RSP: 002b:00007f1812345c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 174.119122][ T7647] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 174.127104][ T7647] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 174.135088][ T7647] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 174.143073][ T7647] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f18123466d4 [ 174.151066][ T7647] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 174.169712][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 174.181675][ T7647] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7647 [ 174.187809][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 174.192046][ T7647] caller is sk_mc_loop+0x1d/0x210 [ 174.204118][ T7647] CPU: 0 PID: 7647 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 174.210221][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 174.213138][ T7647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 174.213143][ T7647] Call Trace: [ 174.213164][ T7647] dump_stack+0x172/0x1f0 [ 174.213187][ T7647] __this_cpu_preempt_check+0x246/0x270 [ 174.213204][ T7647] sk_mc_loop+0x1d/0x210 [ 174.213219][ T7647] ip_mc_output+0x2ef/0xf70 [ 174.213235][ T7647] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 174.213254][ T7647] ? ip_append_data.part.0+0x170/0x170 [ 174.237862][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 174.238257][ T7647] ? ip_make_skb+0x1b1/0x2c0 [ 174.254132][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 174.257636][ T7647] ? ip_reply_glue_bits+0xc0/0xc0 [ 174.257659][ T7647] ip_local_out+0xc4/0x1b0 [ 174.279089][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 174.283096][ T7647] ip_send_skb+0x42/0xf0 [ 174.283111][ T7647] udp_send_skb.isra.0+0x6b2/0x1180 [ 174.283127][ T7647] ? xfrm_lookup_route+0x5b/0x1f0 [ 174.283146][ T7647] udp_sendmsg+0x1dfd/0x2820 [ 174.283161][ T7647] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 174.283179][ T7647] ? ip_reply_glue_bits+0xc0/0xc0 [ 174.283199][ T7647] ? udp4_lib_lookup_skb+0x440/0x440 [ 174.283213][ T7647] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 174.283229][ T7647] ? lockdep_hardirqs_on+0x418/0x5d0 [ 174.283257][ T7647] ? __might_sleep+0x95/0x190 [ 174.303984][ T3483] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.304879][ T7647] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 174.310068][ T3483] bridge0: port 1(bridge_slave_0) entered forwarding state [ 174.315053][ T7647] ? aa_sk_perm+0x288/0x880 [ 174.315064][ T7647] ? aa_sk_perm+0x10/0x880 [ 174.315082][ T7647] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 174.315098][ T7647] inet_sendmsg+0x147/0x5e0 [ 174.315111][ T7647] ? udp4_lib_lookup_skb+0x440/0x440 [ 174.315126][ T7647] ? inet_sendmsg+0x147/0x5e0 [ 174.345444][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 174.346153][ T7647] ? ipip_gro_receive+0x100/0x100 [ 174.358189][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 174.363455][ T7647] sock_sendmsg+0xdd/0x130 [ 174.363472][ T7647] ___sys_sendmsg+0x3e2/0x930 [ 174.363489][ T7647] ? copy_msghdr_from_user+0x430/0x430 [ 174.363505][ T7647] ? __lock_acquire+0x548/0x3fb0 [ 174.363516][ T7647] ? lock_downgrade+0x880/0x880 [ 174.363529][ T7647] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 174.363546][ T7647] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 174.363561][ T7647] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 174.363579][ T7647] ? __might_fault+0x12b/0x1e0 [ 174.363596][ T7647] ? find_held_lock+0x35/0x130 [ 174.395658][ T3483] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.395759][ T7647] ? __might_fault+0x12b/0x1e0 [ 174.400496][ T3483] bridge0: port 2(bridge_slave_1) entered forwarding state [ 174.408477][ T7647] ? lock_downgrade+0x880/0x880 [ 174.443437][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 174.445739][ T7647] ? ___might_sleep+0x163/0x280 [ 174.445758][ T7647] __sys_sendmmsg+0x1bf/0x4d0 [ 174.467608][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 174.467781][ T7647] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 174.485033][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 174.491476][ T7647] ? _copy_to_user+0xc9/0x120 [ 174.491496][ T7647] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 174.491509][ T7647] ? put_timespec64+0xda/0x140 [ 174.491521][ T7647] ? nsecs_to_jiffies+0x30/0x30 [ 174.491543][ T7647] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 174.491556][ T7647] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 174.491570][ T7647] ? do_syscall_64+0x26/0x610 [ 174.491585][ T7647] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 174.491604][ T7647] ? do_syscall_64+0x26/0x610 [ 174.491624][ T7647] __x64_sys_sendmmsg+0x9d/0x100 [ 174.491643][ T7647] do_syscall_64+0x103/0x610 [ 174.520248][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 174.521870][ T7647] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 174.521882][ T7647] RIP: 0033:0x4582b9 [ 174.521897][ T7647] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 174.521905][ T7647] RSP: 002b:00007f1812345c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 174.521917][ T7647] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 174.521925][ T7647] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 174.521933][ T7647] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 174.521940][ T7647] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f18123466d4 [ 174.521948][ T7647] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 174.536709][ T7654] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7654 [ 174.552365][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 174.555623][ T7654] caller is sk_mc_loop+0x1d/0x210 [ 174.555639][ T7654] CPU: 0 PID: 7654 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 174.555653][ T7654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 174.567087][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 174.571199][ T7654] Call Trace: [ 174.571228][ T7654] dump_stack+0x172/0x1f0 [ 174.571255][ T7654] __this_cpu_preempt_check+0x246/0x270 [ 174.571276][ T7654] sk_mc_loop+0x1d/0x210 [ 174.571291][ T7654] ip_mc_output+0x2ef/0xf70 [ 174.571310][ T7654] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 174.578553][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 174.582037][ T7654] ? ip_append_data.part.0+0x170/0x170 [ 174.582050][ T7654] ? ip_make_skb+0x1b1/0x2c0 [ 174.582063][ T7654] ? ip_reply_glue_bits+0xc0/0xc0 [ 174.582079][ T7654] ip_local_out+0xc4/0x1b0 [ 174.582094][ T7654] ip_send_skb+0x42/0xf0 [ 174.582111][ T7654] udp_send_skb.isra.0+0x6b2/0x1180 [ 174.582125][ T7654] ? xfrm_lookup_route+0x5b/0x1f0 [ 174.582146][ T7654] udp_sendmsg+0x1dfd/0x2820 [ 174.582158][ T7654] ? __lock_acquire+0x548/0x3fb0 [ 174.582179][ T7654] ? ip_reply_glue_bits+0xc0/0xc0 [ 174.594297][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 174.599558][ T7654] ? udp4_lib_lookup_skb+0x440/0x440 [ 174.609637][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 174.629071][ T7654] ? __might_fault+0x12b/0x1e0 [ 174.629088][ T7654] ? find_held_lock+0x35/0x130 [ 174.629120][ T7654] ? __might_sleep+0x95/0x190 [ 174.629136][ T7654] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 174.629148][ T7654] ? aa_sk_perm+0x288/0x880 [ 174.629169][ T7654] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 174.629186][ T7654] inet_sendmsg+0x147/0x5e0 [ 174.629199][ T7654] ? udp4_lib_lookup_skb+0x440/0x440 [ 174.629208][ T7654] ? inet_sendmsg+0x147/0x5e0 [ 174.629220][ T7654] ? ipip_gro_receive+0x100/0x100 [ 174.629237][ T7654] sock_sendmsg+0xdd/0x130 [ 174.629253][ T7654] ___sys_sendmsg+0x3e2/0x930 [ 174.629271][ T7654] ? copy_msghdr_from_user+0x430/0x430 [ 174.629285][ T7654] ? lock_downgrade+0x880/0x880 [ 174.629306][ T7654] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 174.644643][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 174.645763][ T7654] ? kasan_check_read+0x11/0x20 [ 174.645784][ T7654] ? __fget+0x381/0x550 [ 174.669709][ T7654] ? ksys_dup3+0x3e0/0x3e0 [ 174.669731][ T7654] ? __fget_light+0x1a9/0x230 [ 174.687048][ T7654] ? __fdget+0x1b/0x20 [ 174.687069][ T7654] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 174.699978][ T7654] ? sockfd_lookup_light+0xcb/0x180 [ 174.699998][ T7654] __sys_sendmmsg+0x1bf/0x4d0 [ 174.710594][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 174.719239][ T7654] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 174.719266][ T7654] ? _copy_to_user+0xc9/0x120 [ 174.727251][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 174.730412][ T7654] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 174.730425][ T7654] ? put_timespec64+0xda/0x140 [ 174.730437][ T7654] ? nsecs_to_jiffies+0x30/0x30 [ 174.730459][ T7654] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 174.730476][ T7654] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 174.740325][ T7654] ? do_syscall_64+0x26/0x610 [ 174.740342][ T7654] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 174.740355][ T7654] ? do_syscall_64+0x26/0x610 [ 174.740372][ T7654] __x64_sys_sendmmsg+0x9d/0x100 [ 174.740390][ T7654] do_syscall_64+0x103/0x610 [ 174.740408][ T7654] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 174.740419][ T7654] RIP: 0033:0x4582b9 [ 174.740435][ T7654] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 174.740442][ T7654] RSP: 002b:00007f1812303c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 174.740456][ T7654] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 174.740469][ T7654] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000008 [ 174.749293][ T7654] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 174.749302][ T7654] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f18123046d4 [ 174.749310][ T7654] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 174.778265][ T7654] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7654 [ 174.805099][ T7654] caller is sk_mc_loop+0x1d/0x210 [ 174.815213][ T7654] CPU: 0 PID: 7654 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 174.815221][ T7654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 174.815226][ T7654] Call Trace: [ 174.815247][ T7654] dump_stack+0x172/0x1f0 [ 174.815270][ T7654] __this_cpu_preempt_check+0x246/0x270 [ 174.815285][ T7654] sk_mc_loop+0x1d/0x210 [ 174.815305][ T7654] ip_mc_output+0x2ef/0xf70 [ 174.836078][ T7654] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 174.836095][ T7654] ? ip_append_data.part.0+0x170/0x170 [ 174.836107][ T7654] ? ip_make_skb+0x1b1/0x2c0 [ 174.836119][ T7654] ? ip_reply_glue_bits+0xc0/0xc0 [ 174.836134][ T7654] ip_local_out+0xc4/0x1b0 [ 174.836148][ T7654] ip_send_skb+0x42/0xf0 [ 174.836163][ T7654] udp_send_skb.isra.0+0x6b2/0x1180 [ 174.836176][ T7654] ? xfrm_lookup_route+0x5b/0x1f0 [ 174.836195][ T7654] udp_sendmsg+0x1dfd/0x2820 [ 174.841410][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 174.845807][ T7654] ? __lock_acquire+0x548/0x3fb0 [ 174.850569][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 174.856071][ T7654] ? ip_reply_glue_bits+0xc0/0xc0 [ 174.860760][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 174.866156][ T7654] ? udp4_lib_lookup_skb+0x440/0x440 [ 174.870710][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 174.875890][ T7654] ? __might_fault+0x12b/0x1e0 [ 174.875908][ T7654] ? find_held_lock+0x35/0x130 [ 174.894660][ T7654] ? __might_sleep+0x95/0x190 [ 174.904940][ T7654] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 174.904952][ T7654] ? aa_sk_perm+0x288/0x880 [ 174.904973][ T7654] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 174.904990][ T7654] inet_sendmsg+0x147/0x5e0 [ 174.905001][ T7654] ? udp4_lib_lookup_skb+0x440/0x440 [ 174.905017][ T7654] ? inet_sendmsg+0x147/0x5e0 [ 174.918933][ T7654] ? ipip_gro_receive+0x100/0x100 [ 174.932402][ T7654] sock_sendmsg+0xdd/0x130 [ 174.932419][ T7654] ___sys_sendmsg+0x3e2/0x930 [ 174.932437][ T7654] ? copy_msghdr_from_user+0x430/0x430 [ 174.932454][ T7654] ? __lock_acquire+0x548/0x3fb0 [ 174.932465][ T7654] ? lock_downgrade+0x880/0x880 [ 174.932477][ T7654] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 174.932498][ T7654] ? kasan_check_read+0x11/0x20 [ 174.941311][ T7654] ? __might_fault+0x12b/0x1e0 [ 174.941327][ T7654] ? find_held_lock+0x35/0x130 [ 174.941340][ T7654] ? __might_fault+0x12b/0x1e0 [ 174.941358][ T7654] ? lock_downgrade+0x880/0x880 [ 174.941380][ T7654] ? ___might_sleep+0x163/0x280 [ 174.941396][ T7654] __sys_sendmmsg+0x1bf/0x4d0 [ 174.941414][ T7654] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 174.941439][ T7654] ? _copy_to_user+0xc9/0x120 [ 174.941462][ T7654] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 174.957538][ T7654] ? put_timespec64+0xda/0x140 [ 174.968254][ T7654] ? nsecs_to_jiffies+0x30/0x30 [ 174.973059][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 174.978618][ T7654] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 174.984893][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 174.989655][ T7654] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 175.005384][ T7654] ? do_syscall_64+0x26/0x610 [ 175.005398][ T7654] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 175.005410][ T7654] ? do_syscall_64+0x26/0x610 [ 175.005427][ T7654] __x64_sys_sendmmsg+0x9d/0x100 [ 175.005442][ T7654] do_syscall_64+0x103/0x610 [ 175.005462][ T7654] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 175.020856][ T7654] RIP: 0033:0x4582b9 [ 175.020871][ T7654] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 175.020878][ T7654] RSP: 002b:00007f1812303c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 175.020891][ T7654] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 175.020898][ T7654] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000008 [ 175.020905][ T7654] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 175.020912][ T7654] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f18123046d4 [ 175.020919][ T7654] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 175.090490][ T7647] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7647 [ 175.101316][ T7647] caller is sk_mc_loop+0x1d/0x210 [ 175.118598][ T7647] CPU: 0 PID: 7647 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 175.118607][ T7647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 175.118612][ T7647] Call Trace: [ 175.118633][ T7647] dump_stack+0x172/0x1f0 [ 175.118655][ T7647] __this_cpu_preempt_check+0x246/0x270 [ 175.118670][ T7647] sk_mc_loop+0x1d/0x210 [ 175.118690][ T7647] ip_mc_output+0x2ef/0xf70 [ 175.132797][ T7647] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 175.132816][ T7647] ? ip_append_data.part.0+0x170/0x170 [ 175.150552][ T7647] ? ip_make_skb+0x1b1/0x2c0 [ 175.150572][ T7647] ? ip_reply_glue_bits+0xc0/0xc0 [ 175.150589][ T7647] ip_local_out+0xc4/0x1b0 [ 175.150604][ T7647] ip_send_skb+0x42/0xf0 [ 175.150619][ T7647] udp_send_skb.isra.0+0x6b2/0x1180 [ 175.150637][ T7647] ? xfrm_lookup_route+0x5b/0x1f0 [ 175.160404][ T7647] udp_sendmsg+0x1dfd/0x2820 [ 175.160418][ T7647] ? __lock_acquire+0x548/0x3fb0 [ 175.160437][ T7647] ? ip_reply_glue_bits+0xc0/0xc0 [ 175.160454][ T7647] ? udp4_lib_lookup_skb+0x440/0x440 [ 175.160466][ T7647] ? __might_fault+0x12b/0x1e0 [ 175.160478][ T7647] ? find_held_lock+0x35/0x130 [ 175.160513][ T7647] ? __might_sleep+0x95/0x190 [ 175.160537][ T7647] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 175.160551][ T7647] ? aa_sk_perm+0x288/0x880 [ 175.160575][ T7647] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 175.160592][ T7647] inet_sendmsg+0x147/0x5e0 [ 175.175665][ T7647] ? udp4_lib_lookup_skb+0x440/0x440 [ 175.189631][ T7647] ? inet_sendmsg+0x147/0x5e0 [ 175.189650][ T7647] ? ipip_gro_receive+0x100/0x100 [ 175.199082][ T7647] sock_sendmsg+0xdd/0x130 [ 175.199106][ T7647] ___sys_sendmsg+0x3e2/0x930 [ 175.214584][ T7647] ? copy_msghdr_from_user+0x430/0x430 [ 175.214603][ T7647] ? __lock_acquire+0x548/0x3fb0 [ 175.263825][ T7630] 8021q: adding VLAN 0 to HW filter on device bond0 [ 175.267018][ T7647] ? lock_downgrade+0x880/0x880 [ 175.284306][ T7630] 8021q: adding VLAN 0 to HW filter on device team0 [ 175.286828][ T7647] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 175.314664][ T7654] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7654 [ 175.315938][ T7647] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 175.315958][ T7647] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 175.320969][ T7654] caller is sk_mc_loop+0x1d/0x210 [ 175.327140][ T7647] ? __might_fault+0x12b/0x1e0 [ 175.327160][ T7647] ? find_held_lock+0x35/0x130 [ 175.764399][ T7647] ? __might_fault+0x12b/0x1e0 [ 175.769257][ T7647] ? lock_downgrade+0x880/0x880 [ 175.774112][ T7647] ? ___might_sleep+0x163/0x280 [ 175.778958][ T7647] __sys_sendmmsg+0x1bf/0x4d0 [ 175.783633][ T7647] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 175.789147][ T7647] ? _copy_to_user+0xc9/0x120 [ 175.793817][ T7647] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 175.800047][ T7647] ? put_timespec64+0xda/0x140 [ 175.804803][ T7647] ? nsecs_to_jiffies+0x30/0x30 [ 175.809654][ T7647] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 175.815105][ T7647] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 175.820762][ T7647] ? do_syscall_64+0x26/0x610 [ 175.825432][ T7647] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 175.831505][ T7647] ? do_syscall_64+0x26/0x610 [ 175.836180][ T7647] __x64_sys_sendmmsg+0x9d/0x100 [ 175.841114][ T7647] do_syscall_64+0x103/0x610 [ 175.845704][ T7647] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 175.851584][ T7647] RIP: 0033:0x4582b9 [ 175.855475][ T7647] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 175.875165][ T7647] RSP: 002b:00007f1812345c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 175.883571][ T7647] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 175.891533][ T7647] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 175.899497][ T7647] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 175.907468][ T7647] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f18123466d4 [ 175.915434][ T7647] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 175.923427][ T7654] CPU: 1 PID: 7654 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 175.932647][ T7654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 175.942696][ T7654] Call Trace: [ 175.945976][ T7654] dump_stack+0x172/0x1f0 [ 175.950302][ T7654] __this_cpu_preempt_check+0x246/0x270 [ 175.955859][ T7654] sk_mc_loop+0x1d/0x210 [ 175.960104][ T7654] ip_mc_output+0x2ef/0xf70 [ 175.964598][ T7654] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 175.969790][ T7654] ? ip_append_data.part.0+0x170/0x170 [ 175.975230][ T7654] ? ip_make_skb+0x1b1/0x2c0 [ 175.979804][ T7654] ? ip_reply_glue_bits+0xc0/0xc0 [ 175.984813][ T7654] ip_local_out+0xc4/0x1b0 [ 175.989232][ T7654] ip_send_skb+0x42/0xf0 [ 175.993467][ T7654] udp_send_skb.isra.0+0x6b2/0x1180 [ 175.998650][ T7654] ? xfrm_lookup_route+0x5b/0x1f0 [ 176.003662][ T7654] udp_sendmsg+0x1dfd/0x2820 [ 176.008234][ T7654] ? __lock_acquire+0x548/0x3fb0 [ 176.013244][ T7654] ? ip_reply_glue_bits+0xc0/0xc0 [ 176.018255][ T7654] ? udp4_lib_lookup_skb+0x440/0x440 [ 176.023645][ T7654] ? __might_fault+0x12b/0x1e0 [ 176.028654][ T7654] ? find_held_lock+0x35/0x130 [ 176.033503][ T7654] ? __might_sleep+0x95/0x190 [ 176.038163][ T7654] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 176.043779][ T7654] ? aa_sk_perm+0x288/0x880 [ 176.048269][ T7654] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 176.053802][ T7654] inet_sendmsg+0x147/0x5e0 [ 176.058374][ T7654] ? udp4_lib_lookup_skb+0x440/0x440 [ 176.063641][ T7654] ? inet_sendmsg+0x147/0x5e0 [ 176.068304][ T7654] ? ipip_gro_receive+0x100/0x100 [ 176.073315][ T7654] sock_sendmsg+0xdd/0x130 [ 176.077718][ T7654] ___sys_sendmsg+0x3e2/0x930 [ 176.082382][ T7654] ? copy_msghdr_from_user+0x430/0x430 [ 176.087829][ T7654] ? __lock_acquire+0x548/0x3fb0 [ 176.092749][ T7654] ? lock_downgrade+0x880/0x880 [ 176.097675][ T7654] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 176.104191][ T7654] ? kasan_check_read+0x11/0x20 [ 176.109044][ T7654] ? __might_fault+0x12b/0x1e0 [ 176.113877][ T7654] ? find_held_lock+0x35/0x130 [ 176.118640][ T7654] ? __might_fault+0x12b/0x1e0 [ 176.123388][ T7654] ? lock_downgrade+0x880/0x880 [ 176.128232][ T7654] ? ___might_sleep+0x163/0x280 [ 176.133153][ T7654] __sys_sendmmsg+0x1bf/0x4d0 [ 176.137908][ T7654] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 176.142924][ T7654] ? _copy_to_user+0xc9/0x120 [ 176.147586][ T7654] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 176.153815][ T7654] ? put_timespec64+0xda/0x140 [ 176.158559][ T7654] ? nsecs_to_jiffies+0x30/0x30 [ 176.163402][ T7654] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 176.168842][ T7654] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 176.174285][ T7654] ? do_syscall_64+0x26/0x610 [ 176.179448][ T7654] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 176.185496][ T7654] ? do_syscall_64+0x26/0x610 [ 176.190160][ T7654] __x64_sys_sendmmsg+0x9d/0x100 [ 176.195084][ T7654] do_syscall_64+0x103/0x610 [ 176.199659][ T7654] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 176.205542][ T7654] RIP: 0033:0x4582b9 [ 176.209423][ T7654] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 176.229137][ T7654] RSP: 002b:00007f1812303c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 176.237532][ T7654] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 176.245556][ T7654] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000008 [ 176.253597][ T7654] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 176.261815][ T7654] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f18123046d4 [ 176.269767][ T7654] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 176.281520][ T7647] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7647 [ 176.290969][ T7647] caller is sk_mc_loop+0x1d/0x210 [ 176.296011][ T7647] CPU: 1 PID: 7647 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 176.302388][ T7630] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 176.305046][ T7647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 176.305052][ T7647] Call Trace: [ 176.305075][ T7647] dump_stack+0x172/0x1f0 [ 176.305098][ T7647] __this_cpu_preempt_check+0x246/0x270 [ 176.319361][ T7630] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 176.325672][ T7647] sk_mc_loop+0x1d/0x210 [ 176.325689][ T7647] ip_mc_output+0x2ef/0xf70 [ 176.325706][ T7647] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 176.325727][ T7647] ? ip_append_data.part.0+0x170/0x170 [ 176.341402][ T7630] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 176.349281][ T7647] ? ip_make_skb+0x1b1/0x2c0 [ 176.349295][ T7647] ? ip_reply_glue_bits+0xc0/0xc0 [ 176.349314][ T7647] ip_local_out+0xc4/0x1b0 [ 176.358030][ T7647] ip_send_skb+0x42/0xf0 [ 176.358045][ T7647] udp_send_skb.isra.0+0x6b2/0x1180 [ 176.358064][ T7647] ? xfrm_lookup_route+0x5b/0x1f0 [ 176.403867][ T7647] udp_sendmsg+0x1dfd/0x2820 [ 176.408555][ T7647] ? __lock_acquire+0x548/0x3fb0 [ 176.413495][ T7647] ? ip_reply_glue_bits+0xc0/0xc0 [ 176.418505][ T7647] ? udp4_lib_lookup_skb+0x440/0x440 [ 176.423771][ T7647] ? __might_fault+0x12b/0x1e0 [ 176.428517][ T7647] ? find_held_lock+0x35/0x130 [ 176.433279][ T7647] ? __might_sleep+0x95/0x190 [ 176.437947][ T7647] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 176.443568][ T7647] ? aa_sk_perm+0x288/0x880 [ 176.448146][ T7647] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 176.453676][ T7647] inet_sendmsg+0x147/0x5e0 [ 176.458162][ T7647] ? udp4_lib_lookup_skb+0x440/0x440 [ 176.463433][ T7647] ? inet_sendmsg+0x147/0x5e0 [ 176.468096][ T7647] ? ipip_gro_receive+0x100/0x100 [ 176.473123][ T7647] sock_sendmsg+0xdd/0x130 [ 176.477528][ T7647] ___sys_sendmsg+0x3e2/0x930 [ 176.482190][ T7647] ? copy_msghdr_from_user+0x430/0x430 [ 176.487650][ T7647] ? __lock_acquire+0x548/0x3fb0 [ 176.492567][ T7647] ? lock_downgrade+0x880/0x880 [ 176.497399][ T7647] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 176.503634][ T7647] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 176.509077][ T7647] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 176.514524][ T7647] ? __might_fault+0x12b/0x1e0 [ 176.519268][ T7647] ? find_held_lock+0x35/0x130 [ 176.524012][ T7647] ? __might_fault+0x12b/0x1e0 [ 176.528762][ T7647] ? lock_downgrade+0x880/0x880 [ 176.533601][ T7647] ? ___might_sleep+0x163/0x280 [ 176.538437][ T7647] __sys_sendmmsg+0x1bf/0x4d0 [ 176.543104][ T7647] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 176.548117][ T7647] ? _copy_to_user+0xc9/0x120 [ 176.552777][ T7647] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 176.559014][ T7647] ? put_timespec64+0xda/0x140 [ 176.563761][ T7647] ? nsecs_to_jiffies+0x30/0x30 [ 176.568602][ T7647] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 176.574058][ T7647] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 176.579497][ T7647] ? do_syscall_64+0x26/0x610 [ 176.584157][ T7647] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 176.590206][ T7647] ? do_syscall_64+0x26/0x610 [ 176.594887][ T7647] __x64_sys_sendmmsg+0x9d/0x100 [ 176.599930][ T7647] do_syscall_64+0x103/0x610 [ 176.604508][ T7647] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 176.610566][ T7647] RIP: 0033:0x4582b9 [ 176.614445][ T7647] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 176.634050][ T7647] RSP: 002b:00007f1812345c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 176.642461][ T7647] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 176.650421][ T7647] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 176.658398][ T7647] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 176.666359][ T7647] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f18123466d4 [ 176.674318][ T7647] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 176.685863][ T7626] 8021q: adding VLAN 0 to HW filter on device bond0 [ 176.695742][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 176.722500][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 176.725108][ T7647] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7647 [ 176.739310][ T7647] caller is sk_mc_loop+0x1d/0x210 [ 176.742857][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 176.744522][ T7647] CPU: 0 PID: 7647 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 176.759172][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 176.761503][ T7647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 176.761509][ T7647] Call Trace: [ 176.761532][ T7647] dump_stack+0x172/0x1f0 [ 176.761553][ T7647] __this_cpu_preempt_check+0x246/0x270 [ 176.761568][ T7647] sk_mc_loop+0x1d/0x210 [ 176.761583][ T7647] ip_mc_output+0x2ef/0xf70 [ 176.761605][ T7647] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 176.770340][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.779815][ T7647] ? ip_append_data.part.0+0x170/0x170 [ 176.783124][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 176.792898][ T7647] ? ip_make_skb+0x1b1/0x2c0 [ 176.792913][ T7647] ? ip_reply_glue_bits+0xc0/0xc0 [ 176.792927][ T7647] ip_local_out+0xc4/0x1b0 [ 176.792943][ T7647] ip_send_skb+0x42/0xf0 [ 176.792962][ T7647] udp_send_skb.isra.0+0x6b2/0x1180 [ 176.799123][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 176.802709][ T7647] ? xfrm_lookup_route+0x5b/0x1f0 [ 176.802729][ T7647] udp_sendmsg+0x1dfd/0x2820 [ 176.802743][ T7647] ? __lock_acquire+0x548/0x3fb0 [ 176.802763][ T7647] ? ip_reply_glue_bits+0xc0/0xc0 [ 176.807773][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 176.812433][ T7647] ? udp4_lib_lookup_skb+0x440/0x440 00:44:21 executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) open(&(0x7f0000000040)='./file0/file0\x00', 0x3, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) read$FUSE(r0, 0x0, 0x2f) [ 176.812446][ T7647] ? __might_fault+0x12b/0x1e0 [ 176.812460][ T7647] ? find_held_lock+0x35/0x130 [ 176.812491][ T7647] ? __might_sleep+0x95/0x190 [ 176.812506][ T7647] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 176.812518][ T7647] ? aa_sk_perm+0x288/0x880 [ 176.812536][ T7647] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 176.812551][ T7647] inet_sendmsg+0x147/0x5e0 [ 176.812563][ T7647] ? udp4_lib_lookup_skb+0x440/0x440 [ 176.812574][ T7647] ? inet_sendmsg+0x147/0x5e0 [ 176.812590][ T7647] ? ipip_gro_receive+0x100/0x100 [ 176.825046][ T7647] sock_sendmsg+0xdd/0x130 [ 176.832659][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.836792][ T7647] ___sys_sendmsg+0x3e2/0x930 [ 176.841887][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 176.846223][ T7647] ? copy_msghdr_from_user+0x430/0x430 [ 176.855626][ T7647] ? __lock_acquire+0x548/0x3fb0 [ 176.868100][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 176.868687][ T7647] ? lock_downgrade+0x880/0x880 [ 176.881163][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 176.883206][ T7647] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 176.883224][ T7647] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 176.883246][ T7647] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 176.896745][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 176.901441][ T7647] ? __might_fault+0x12b/0x1e0 [ 176.901456][ T7647] ? find_held_lock+0x35/0x130 [ 176.901470][ T7647] ? __might_fault+0x12b/0x1e0 [ 176.901489][ T7647] ? lock_downgrade+0x880/0x880 [ 176.901508][ T7647] ? ___might_sleep+0x163/0x280 [ 176.901526][ T7647] __sys_sendmmsg+0x1bf/0x4d0 [ 176.906924][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 176.910954][ T7647] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 176.910979][ T7647] ? _copy_to_user+0xc9/0x120 [ 176.910996][ T7647] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 176.911009][ T7647] ? put_timespec64+0xda/0x140 [ 176.911021][ T7647] ? nsecs_to_jiffies+0x30/0x30 [ 176.911043][ T7647] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 176.917391][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 176.921144][ T7647] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 176.921159][ T7647] ? do_syscall_64+0x26/0x610 [ 176.921172][ T7647] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 176.921185][ T7647] ? do_syscall_64+0x26/0x610 [ 176.921202][ T7647] __x64_sys_sendmmsg+0x9d/0x100 [ 176.921223][ T7647] do_syscall_64+0x103/0x610 [ 176.927384][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 176.931243][ T7647] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 176.931255][ T7647] RIP: 0033:0x4582b9 [ 176.931270][ T7647] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 176.931277][ T7647] RSP: 002b:00007f1812345c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 176.931290][ T7647] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 176.931297][ T7647] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000005 00:44:21 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x402201) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x801c581f, 0x0) 00:44:21 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x402201) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x801c581f, 0x0) [ 176.931304][ T7647] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 176.931311][ T7647] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f18123466d4 [ 176.931317][ T7647] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 176.942280][ T7647] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7647 [ 176.967260][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.970675][ T7647] caller is sk_mc_loop+0x1d/0x210 [ 176.970695][ T7647] CPU: 0 PID: 7647 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 00:44:21 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x402201) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x801c581f, 0x0) [ 176.976156][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 176.981052][ T7647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 176.981057][ T7647] Call Trace: [ 176.981078][ T7647] dump_stack+0x172/0x1f0 [ 176.981112][ T7647] __this_cpu_preempt_check+0x246/0x270 [ 176.993804][ T7647] sk_mc_loop+0x1d/0x210 [ 177.007903][ T7647] ip_mc_output+0x2ef/0xf70 [ 177.013937][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 177.018809][ T7647] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 177.018826][ T7647] ? ip_append_data.part.0+0x170/0x170 [ 177.018843][ T7647] ? ip_make_skb+0x1b1/0x2c0 [ 177.039545][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 177.040287][ T7647] ? ip_reply_glue_bits+0xc0/0xc0 [ 177.040303][ T7647] ip_local_out+0xc4/0x1b0 [ 177.040320][ T7647] ip_send_skb+0x42/0xf0 [ 177.040335][ T7647] udp_send_skb.isra.0+0x6b2/0x1180 [ 177.040348][ T7647] ? xfrm_lookup_route+0x5b/0x1f0 [ 177.040375][ T7647] udp_sendmsg+0x1dfd/0x2820 [ 177.040395][ T7647] ? __lock_acquire+0x548/0x3fb0 [ 177.049551][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.050110][ T7647] ? ip_reply_glue_bits+0xc0/0xc0 [ 177.054849][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 177.062028][ T7647] ? udp4_lib_lookup_skb+0x440/0x440 [ 177.062041][ T7647] ? __might_fault+0x12b/0x1e0 [ 177.062059][ T7647] ? find_held_lock+0x35/0x130 [ 177.067680][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 177.071736][ T7647] ? __might_sleep+0x95/0x190 [ 177.071754][ T7647] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 177.071767][ T7647] ? aa_sk_perm+0x288/0x880 [ 177.071788][ T7647] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 177.071805][ T7647] inet_sendmsg+0x147/0x5e0 [ 177.078779][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 177.082773][ T7647] ? udp4_lib_lookup_skb+0x440/0x440 [ 177.082784][ T7647] ? inet_sendmsg+0x147/0x5e0 [ 177.082797][ T7647] ? ipip_gro_receive+0x100/0x100 [ 177.082814][ T7647] sock_sendmsg+0xdd/0x130 [ 177.082830][ T7647] ___sys_sendmsg+0x3e2/0x930 [ 177.082845][ T7647] ? copy_msghdr_from_user+0x430/0x430 [ 177.082861][ T7647] ? __lock_acquire+0x548/0x3fb0 [ 177.082871][ T7647] ? lock_downgrade+0x880/0x880 [ 177.082885][ T7647] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 177.082902][ T7647] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 177.082915][ T7647] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 177.082934][ T7647] ? __might_fault+0x12b/0x1e0 [ 177.099382][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 177.101293][ T7647] ? find_held_lock+0x35/0x130 [ 177.101310][ T7647] ? __might_fault+0x12b/0x1e0 [ 177.101329][ T7647] ? lock_downgrade+0x880/0x880 [ 177.101357][ T7647] ? ___might_sleep+0x163/0x280 [ 177.101371][ T7647] __sys_sendmmsg+0x1bf/0x4d0 [ 177.101392][ T7647] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 177.111534][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 177.117570][ T7647] ? _copy_to_user+0xc9/0x120 [ 177.117594][ T7647] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 177.132554][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 177.139721][ T7647] ? put_timespec64+0xda/0x140 [ 177.139735][ T7647] ? nsecs_to_jiffies+0x30/0x30 [ 177.139757][ T7647] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 177.149671][ T7647] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 177.176215][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 177.177851][ T7647] ? do_syscall_64+0x26/0x610 [ 177.177876][ T7647] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 177.197317][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 177.201942][ T7647] ? do_syscall_64+0x26/0x610 [ 177.201962][ T7647] __x64_sys_sendmmsg+0x9d/0x100 [ 177.201979][ T7647] do_syscall_64+0x103/0x610 [ 177.201996][ T7647] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 177.202006][ T7647] RIP: 0033:0x4582b9 [ 177.202020][ T7647] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 177.202034][ T7647] RSP: 002b:00007f1812345c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 177.217973][ T7647] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 177.228069][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 177.234361][ T7647] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 177.234373][ T7647] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 177.234380][ T7647] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f18123466d4 [ 177.234388][ T7647] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 177.244354][ T7654] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7654 [ 177.283840][ T7654] caller is sk_mc_loop+0x1d/0x210 [ 177.296518][ T7654] CPU: 0 PID: 7654 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 177.296527][ T7654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 177.296531][ T7654] Call Trace: [ 177.296555][ T7654] dump_stack+0x172/0x1f0 [ 177.296577][ T7654] __this_cpu_preempt_check+0x246/0x270 [ 177.296594][ T7654] sk_mc_loop+0x1d/0x210 [ 177.296608][ T7654] ip_mc_output+0x2ef/0xf70 [ 177.296629][ T7654] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 177.326082][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 177.329247][ T7654] ? ip_append_data.part.0+0x170/0x170 [ 177.329259][ T7654] ? ip_make_skb+0x1b1/0x2c0 [ 177.329276][ T7654] ? ip_reply_glue_bits+0xc0/0xc0 [ 177.346230][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 177.348465][ T7654] ip_local_out+0xc4/0x1b0 [ 177.360407][ T7654] ip_send_skb+0x42/0xf0 [ 177.360424][ T7654] udp_send_skb.isra.0+0x6b2/0x1180 [ 177.360439][ T7654] ? xfrm_lookup_route+0x5b/0x1f0 [ 177.360458][ T7654] udp_sendmsg+0x1dfd/0x2820 [ 177.360472][ T7654] ? __lock_acquire+0x548/0x3fb0 [ 177.360490][ T7654] ? ip_reply_glue_bits+0xc0/0xc0 [ 177.360508][ T7654] ? udp4_lib_lookup_skb+0x440/0x440 [ 177.360520][ T7654] ? __might_fault+0x12b/0x1e0 [ 177.360532][ T7654] ? find_held_lock+0x35/0x130 [ 177.360561][ T7654] ? __might_sleep+0x95/0x190 [ 177.375873][ T7633] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.378119][ T7654] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 177.389236][ T7633] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.395478][ T7654] ? aa_sk_perm+0x288/0x880 [ 177.395501][ T7654] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 177.395517][ T7654] inet_sendmsg+0x147/0x5e0 [ 177.395530][ T7654] ? udp4_lib_lookup_skb+0x440/0x440 [ 177.395539][ T7654] ? inet_sendmsg+0x147/0x5e0 [ 177.395552][ T7654] ? ipip_gro_receive+0x100/0x100 [ 177.395568][ T7654] sock_sendmsg+0xdd/0x130 [ 177.395586][ T7654] ___sys_sendmsg+0x3e2/0x930 [ 177.410486][ T7654] ? copy_msghdr_from_user+0x430/0x430 [ 177.410504][ T7654] ? __lock_acquire+0x548/0x3fb0 [ 177.410517][ T7654] ? lock_downgrade+0x880/0x880 [ 177.410531][ T7654] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 177.410554][ T7654] ? kasan_check_read+0x11/0x20 [ 177.417081][ T7633] device bridge_slave_0 entered promiscuous mode [ 177.420669][ T7654] ? __might_fault+0x12b/0x1e0 [ 177.420683][ T7654] ? find_held_lock+0x35/0x130 [ 177.420697][ T7654] ? __might_fault+0x12b/0x1e0 [ 177.420716][ T7654] ? lock_downgrade+0x880/0x880 [ 177.420737][ T7654] ? ___might_sleep+0x163/0x280 [ 177.420752][ T7654] __sys_sendmmsg+0x1bf/0x4d0 [ 177.420770][ T7654] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 177.420792][ T7654] ? _copy_to_user+0xc9/0x120 [ 177.420807][ T7654] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 177.420820][ T7654] ? put_timespec64+0xda/0x140 [ 177.420833][ T7654] ? nsecs_to_jiffies+0x30/0x30 [ 177.420857][ T7654] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 177.420870][ T7654] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 177.420885][ T7654] ? do_syscall_64+0x26/0x610 [ 177.420900][ T7654] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 177.420914][ T7654] ? do_syscall_64+0x26/0x610 [ 177.420930][ T7654] __x64_sys_sendmmsg+0x9d/0x100 [ 177.420947][ T7654] do_syscall_64+0x103/0x610 [ 177.420964][ T7654] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 177.420976][ T7654] RIP: 0033:0x4582b9 [ 177.420992][ T7654] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 177.420999][ T7654] RSP: 002b:00007f1812303c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 177.421012][ T7654] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 177.421019][ T7654] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000008 [ 177.421027][ T7654] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 177.421036][ T7654] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f18123046d4 [ 177.421045][ T7654] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 178.096694][ T7621] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 178.118012][ T7621] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 178.141234][ T7636] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 178.149246][ T7636] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 178.157340][ T7636] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 178.165456][ T7636] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 178.173507][ T7636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 178.184951][ T7636] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 178.193405][ T7636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 178.202038][ T7636] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 178.210452][ T7636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 178.218692][ T7636] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 178.227187][ T7636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 178.235451][ T7636] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 178.244733][ T7633] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.251919][ T7633] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.260077][ T7633] device bridge_slave_1 entered promiscuous mode [ 178.284044][ T7626] 8021q: adding VLAN 0 to HW filter on device team0 [ 178.291623][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 178.299948][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 178.308363][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 178.316218][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 178.336849][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 178.346632][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 178.355805][ T3483] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.363044][ T3483] bridge0: port 1(bridge_slave_0) entered forwarding state [ 178.377879][ T7633] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 178.388916][ T7633] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 178.404044][ T7621] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 178.427316][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 178.436329][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 178.445314][ T2990] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.452565][ T2990] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.460920][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 178.469471][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 178.486643][ T7626] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 178.497382][ T7626] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network 00:44:22 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") unshare(0x0) r1 = socket$caif_seqpacket(0x25, 0x5, 0x0) setsockopt$CAIFSO_LINK_SELECT(r1, 0x116, 0x7f, &(0x7f0000000000), 0x4) 00:44:22 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x402201) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x801c581f, 0x0) [ 178.528369][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 178.538428][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 178.549948][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 178.559836][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 178.583794][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 178.593166][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 178.603767][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 178.613297][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 178.621997][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 178.629792][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 178.650752][ T7633] team0: Port device team_slave_0 added [ 178.678696][ T7626] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 178.711352][ T7633] team0: Port device team_slave_1 added [ 178.764798][ T7633] device hsr_slave_0 entered promiscuous mode [ 178.811092][ T7633] device hsr_slave_1 entered promiscuous mode 00:44:23 executing program 3: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffff9c) getsockopt$inet_pktinfo(r0, 0x0, 0x8, 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000600)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_pts(r1, 0x0) write$binfmt_aout(r1, &(0x7f0000000240)=ANY=[], 0x519) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000040)={0x17}) 00:44:23 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_aout(r1, &(0x7f00000001c0)=ANY=[], 0xe2f9ef75) splice(r0, 0x0, r3, 0x0, 0x2000007, 0x0) [ 178.945167][ T7633] 8021q: adding VLAN 0 to HW filter on device bond0 [ 178.978404][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 178.996378][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 179.004657][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 179.016972][ T7633] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.037991][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 179.046867][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 179.056048][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.063184][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.072626][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 179.084152][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.093148][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.101781][ T7628] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.109172][ T7628] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.127633][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 179.143291][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 179.152328][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 179.161932][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 179.174875][ T7633] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 179.186639][ T7633] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 00:44:23 executing program 5: clone(0x4000003102041ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() futex(&(0x7f0000000140)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4000000002f) write$P9_RREAD(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="054fcff8f1513f7f00000040efb7ee236bec6f71a223306865b6ffffa660b100020000000000335c8d3fa02d0f4000fa4bfef58bd65051f46d"], 0x39) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f00000000c0)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:44:23 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mknod(&(0x7f0000000200)='./file0\x00', 0x1041, 0x0) clone(0xfffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = getpid() execve(&(0x7f0000001880)='./file0\x00', 0x0, 0x0) lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x8d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r1, 0x0, 0xffffffffffffffff, 0x0) process_vm_writev(r1, &(0x7f0000000240)=[{&(0x7f0000000080)=""/28, 0x1c}], 0x1, &(0x7f0000000340)=[{&(0x7f0000000500)=""/224, 0xe0}], 0x1, 0x0) tkill(r1, 0x9) 00:44:23 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x801c581f, 0x0) 00:44:23 executing program 1: clock_adjtime(0x0, &(0x7f0000000100)={0x3ff}) 00:44:23 executing program 3: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffff9c) getsockopt$inet_pktinfo(r0, 0x0, 0x8, 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000600)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_pts(r1, 0x0) write$binfmt_aout(r1, &(0x7f0000000240)=ANY=[], 0x519) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000040)={0x17}) [ 179.195005][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 179.203783][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 179.221440][ T7633] 8021q: adding VLAN 0 to HW filter on device batadv0 00:44:23 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000040)={0xa0007}) ioctl$KVM_SMI(r2, 0xaeb7) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x3fd, 0x0, 0x0, 0xfffffffffffffe60) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:44:23 executing program 2: ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x801c581f, 0x0) 00:44:23 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2) ioctl$EVIOCGSND(r0, 0x8040451a, &(0x7f0000000180)=""/121) 00:44:23 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000e11ff0)=[{&(0x7f0000000140)="580000001400192340834b80040d8c560a067fffffff81004e220000000058000b4824ca945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010009080800414900000004fcff", 0x58}], 0x1) [ 179.434952][ T7724] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 00:44:23 executing program 2: ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x801c581f, 0x0) 00:44:23 executing program 4: socketpair(0x200000001, 0x20000000000005, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8b0f, &(0x7f00000000c0)='ip6gre0\x00') 00:44:24 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}, 0x1c) sendmmsg(r0, &(0x7f00000002c0), 0x4cc, 0xfff6) 00:44:24 executing program 3: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffff9c) getsockopt$inet_pktinfo(r0, 0x0, 0x8, 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000600)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_pts(r1, 0x0) write$binfmt_aout(r1, &(0x7f0000000240)=ANY=[], 0x519) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000040)={0x17}) 00:44:24 executing program 2: ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x801c581f, 0x0) 00:44:24 executing program 5: openat$zero(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero\x00', 0x0, 0x0) syz_open_dev$amidi(&(0x7f0000000180)='/dev/amidi#\x00', 0x10000, 0x0) syz_open_dev$radio(&(0x7f00000001c0)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r0 = syz_open_dev$admmidi(0x0, 0x0, 0x0) getsockname$packet(r0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58) mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1000, &(0x7f0000000240)=ANY=[@ANYBLOB="f712d1eb044425a48906599524fdbf07d7f4712af351e22894b1227d344710946a868af36f41c56ae27db5fa99bd67f4bdfa04197e65196f21a27e61e27bb3"]) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) r2 = accept$alg(r1, 0x0, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x80, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x1}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 00:44:24 executing program 4: r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000240)={0xa, 0x4e22}, 0x1c) listen(r3, 0x0) sendto$inet6(r2, &(0x7f0000f6f000), 0x0, 0x20000003, 0x0, 0x0) 00:44:24 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can, 0x3000, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x1a9, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) 00:44:24 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x801c581f, 0x0) 00:44:24 executing program 3: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffff9c) getsockopt$inet_pktinfo(r0, 0x0, 0x8, 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000600)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_pts(r1, 0x0) write$binfmt_aout(r1, &(0x7f0000000240)=ANY=[], 0x519) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000040)={0x17}) 00:44:24 executing program 4: r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000240)={0xa, 0x4e22}, 0x1c) listen(r3, 0x0) sendto$inet6(r2, &(0x7f0000f6f000), 0x0, 0x20000003, 0x0, 0x0) 00:44:24 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, 0x0}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:44:24 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x801c581f, 0x0) 00:44:24 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can, 0x3000, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x1a9, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) 00:44:24 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}, 0x1c) sendmmsg(r0, &(0x7f00000002c0), 0x4cc, 0xfff6) 00:44:24 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x801c581f, 0x0) 00:44:24 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x100000000000000}, 0xfffffefd) 00:44:24 executing program 3: clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f00000000c0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000280)='./file0\x00', 0x0, 0x11000, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) 00:44:24 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@ipv6_getanyicast={0x14, 0x3e, 0x301}, 0x14}}, 0x0) 00:44:24 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x801c581f, 0x0) 00:44:24 executing program 3: clone(0x200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) syz_execute_func(&(0x7f0000000980)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dcc6f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) creat(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0) execve(&(0x7f0000000200)='\xe9\x1fq\x89Y\x1e\x923aK/file0\x00', 0x0, 0x0) getrandom(&(0x7f0000000580)=""/169, 0xa9, 0x2) creat(&(0x7f0000000280)='./file0\x00', 0x0) 00:44:24 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can, 0x3000, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x1a9, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) 00:44:25 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@ipv6_getanyicast={0x14, 0x3e, 0x301}, 0x14}}, 0x0) 00:44:25 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x801c581f, 0x0) 00:44:25 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@ipv6_getanyicast={0x14, 0x3e, 0x301}, 0x14}}, 0x0) 00:44:25 executing program 3: clone(0x200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) syz_execute_func(&(0x7f0000000980)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dcc6f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) creat(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0) execve(&(0x7f0000000200)='\xe9\x1fq\x89Y\x1e\x923aK/file0\x00', 0x0, 0x0) getrandom(&(0x7f0000000580)=""/169, 0xa9, 0x2) creat(&(0x7f0000000280)='./file0\x00', 0x0) 00:44:25 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000180)={0x0, 0x0}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000140)={'lo\x00', 0x200}) 00:44:25 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x801c581f, 0x0) 00:44:25 executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x12, 0x4, 0x4, 0x9}, 0x3c) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r0, &(0x7f0000000200)}, 0x10) 00:44:25 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @loopback}, 0x39) dup2(0xffffffffffffffff, 0xffffffffffffffff) getsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x5606, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23}, 0x10) open$dir(0x0, 0x0, 0x0) sendto(r0, &(0x7f0000000040)="b6", 0x1, 0x1, 0x0, 0x0) r1 = getpgid(0xffffffffffffffff) syz_open_procfs(r1, &(0x7f0000000000)='attr/current\x00') setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, 0x0, 0x0) syz_open_dev$loop(0x0, 0x0, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, 0x0) sync() ioctl$BLKALIGNOFF(0xffffffffffffffff, 0x127a, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) close(0xffffffffffffffff) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000140), 0x4) ioctl$EVIOCGREP(0xffffffffffffffff, 0x80084503, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, 0x0) ioctl$TCSETA(0xffffffffffffffff, 0x5406, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x24f) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) readv(r0, &(0x7f0000000500)=[{&(0x7f0000000080)=""/41, 0x29}], 0x1) 00:44:25 executing program 3: clone(0x200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) syz_execute_func(&(0x7f0000000980)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dcc6f") clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) creat(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0) execve(&(0x7f0000000200)='\xe9\x1fq\x89Y\x1e\x923aK/file0\x00', 0x0, 0x0) getrandom(&(0x7f0000000580)=""/169, 0xa9, 0x2) creat(&(0x7f0000000280)='./file0\x00', 0x0) 00:44:25 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@ipv6_getanyicast={0x14, 0x3e, 0x301}, 0x14}}, 0x0) 00:44:25 executing program 2: perf_event_open$cgroup(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x140043, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x100000000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890c, &(0x7f0000000000)={r1}) 00:44:25 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000180)={0x0, 0x0}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000140)={'lo\x00', 0x200}) 00:44:25 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mknod(&(0x7f0000000200)='./file0\x00', 0x1041, 0x0) clone(0xfffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = getpid() execve(&(0x7f0000001880)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r1, 0x0, 0xffffffffffffffff, 0x0) process_vm_writev(r1, &(0x7f0000000240)=[{&(0x7f0000000080)=""/28, 0x1c}], 0x1, &(0x7f0000000340)=[{&(0x7f0000000500)=""/224, 0xe0}, {0x0}], 0x2, 0x0) tkill(r1, 0x9) 00:44:25 executing program 2: syz_emit_ethernet(0x7e, &(0x7f0000000200)={@broadcast, @local, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @remote={0xac, 0x223}, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x5, 0x0, 0x0, 0x0, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x689, 0x0, @local={0xac, 0x223}, @dev, {[@timestamp={0x8, 0x40, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {[@broadcast]}, {[@multicast1]}, {[@dev]}]}]}}}}}}}, 0x0) 00:44:25 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x5}, 0x1c) recvmmsg(r0, &(0x7f0000003b40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000000)=0x6, 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000180)={@local, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0) accept(0xffffffffffffffff, 0x0, 0x0) openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x6a8843, 0x0) syz_open_dev$dspn(0x0, 0x0, 0x0) shutdown(r0, 0x0) 00:44:25 executing program 4: 00:44:25 executing program 1: 00:44:26 executing program 0: 00:44:26 executing program 5: 00:44:26 executing program 2: 00:44:26 executing program 1: 00:44:26 executing program 4: prctl$PR_MPX_DISABLE_MANAGEMENT(0x2c) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000140)=0x1, 0x4) fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) fcntl$lock(0xffffffffffffffff, 0x0, 0x0) write$FUSE_WRITE(0xffffffffffffffff, 0x0, 0x0) r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x20601, 0x0) sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, 0x0, 0x20000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$FUSE_CREATE_OPEN(r0, &(0x7f00000005c0)={0xa0, 0x0, 0x5, {{0x5, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfff, {0x6, 0x0, 0x807c, 0x9, 0x0, 0x2, 0x0, 0x0, 0x1cb1}}, {0x0, 0xfffffffffffffffe}}}, 0xa0) close(r0) openat$vimc1(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video1\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 00:44:26 executing program 2: 00:44:26 executing program 0: 00:44:26 executing program 5: 00:44:26 executing program 1: 00:44:26 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x5}, 0x1c) recvmmsg(r0, &(0x7f0000003b40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000000)=0x6, 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000180)={@local, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0) accept(0xffffffffffffffff, 0x0, 0x0) openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x6a8843, 0x0) syz_open_dev$dspn(0x0, 0x0, 0x0) shutdown(r0, 0x0) 00:44:26 executing program 2: 00:44:26 executing program 0: 00:44:26 executing program 5: 00:44:26 executing program 1: 00:44:26 executing program 2: 00:44:26 executing program 1: 00:44:26 executing program 4: 00:44:26 executing program 0: 00:44:26 executing program 5: 00:44:26 executing program 2: 00:44:26 executing program 1: 00:44:26 executing program 3: 00:44:26 executing program 0: 00:44:26 executing program 4: 00:44:26 executing program 5: 00:44:26 executing program 2: 00:44:26 executing program 1: 00:44:26 executing program 2: 00:44:26 executing program 0: 00:44:26 executing program 5: 00:44:26 executing program 4: 00:44:26 executing program 1: 00:44:26 executing program 3: 00:44:26 executing program 5: 00:44:26 executing program 2: 00:44:26 executing program 0: 00:44:26 executing program 4: 00:44:27 executing program 1: 00:44:27 executing program 2: 00:44:27 executing program 3: 00:44:27 executing program 0: 00:44:27 executing program 4: 00:44:27 executing program 3: 00:44:27 executing program 5: 00:44:27 executing program 1: 00:44:27 executing program 4: 00:44:27 executing program 2: 00:44:27 executing program 3: 00:44:27 executing program 5: 00:44:27 executing program 1: 00:44:27 executing program 4: 00:44:27 executing program 0: 00:44:27 executing program 3: 00:44:27 executing program 2: 00:44:27 executing program 0: 00:44:27 executing program 3: 00:44:27 executing program 1: 00:44:27 executing program 5: 00:44:27 executing program 4: 00:44:27 executing program 2: 00:44:27 executing program 3: 00:44:27 executing program 0: 00:44:27 executing program 2: 00:44:27 executing program 1: 00:44:27 executing program 4: 00:44:27 executing program 5: 00:44:27 executing program 3: 00:44:27 executing program 0: 00:44:27 executing program 1: 00:44:27 executing program 2: 00:44:27 executing program 5: 00:44:27 executing program 3: 00:44:27 executing program 4: 00:44:27 executing program 1: 00:44:27 executing program 0: 00:44:28 executing program 2: