[ 36.991083][ T26] audit: type=1800 audit(1554681656.563:27): pid=7610 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 37.013682][ T26] audit: type=1800 audit(1554681656.573:28): pid=7610 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 37.822266][ T26] audit: type=1800 audit(1554681657.473:29): pid=7610 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 37.842646][ T26] audit: type=1800 audit(1554681657.473:30): pid=7610 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.215' (ECDSA) to the list of known hosts. 2019/04/08 00:01:12 fuzzer started 2019/04/08 00:01:15 dialing manager at 10.128.0.26:34543 2019/04/08 00:01:15 syscalls: 2408 2019/04/08 00:01:15 code coverage: enabled 2019/04/08 00:01:15 comparison tracing: enabled 2019/04/08 00:01:15 extra coverage: extra coverage is not supported by the kernel 2019/04/08 00:01:15 setuid sandbox: enabled 2019/04/08 00:01:15 namespace sandbox: enabled 2019/04/08 00:01:15 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/08 00:01:15 fault injection: enabled 2019/04/08 00:01:15 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/08 00:01:15 net packet injection: enabled 2019/04/08 00:01:15 net device setup: enabled 00:03:20 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f0000000540)='/dev/usbmon#\x00', 0x7f, 0x2000) ioctl$PPPIOCSDEBUG(r0, 0x40047440, &(0x7f0000000600)=0x80000001) ioctl$SIOCGSTAMP(r0, 0x8906, &(0x7f0000000580)) r1 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) getsockopt$IP6T_SO_GET_REVISION_TARGET(r1, 0x29, 0x45, &(0x7f0000000100)={'ipvs\x00'}, &(0x7f0000000380)=0xfffffffffffffdaa) r2 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) r3 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_TIOCINQ(r3, 0x541b, &(0x7f00000002c0)) r4 = dup(r3) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r3) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0x2000000c, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback, 0x8}, 0x1c) r5 = dup(0xffffffffffffffff) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) fsetxattr$trusted_overlay_redirect(r5, &(0x7f0000000340)='trusted.overlay.redirect\x00', &(0x7f0000000480)='./bus\x00', 0x6, 0x3) ioctl$LOOP_CHANGE_FD(r2, 0x4c06, r2) ioctl$VT_RESIZE(r1, 0x5609, &(0x7f0000000500)={0x0, 0x1, 0x400}) rename(&(0x7f0000000000)='./bus\x00', &(0x7f0000000140)='./bus\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) accept$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @initdev}, &(0x7f0000000240)=0x1c) r6 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000400), &(0x7f00000004c0)=0xfffffffffffffca9) fstat(r2, &(0x7f00000006c0)) getgroups(0x4, &(0x7f0000000740)=[0xee00, 0xee01, 0xee00, 0xffffffffffffffff]) fcntl$setlease(r6, 0x400, 0x0) ftruncate(r6, 0x2007fff) sendfile(r4, r6, 0x0, 0x8000fffffffe) syzkaller login: [ 181.155958][ T7778] IPVS: ftp: loaded support on port[0] = 21 00:03:20 executing program 1: r0 = socket$kcm(0x2b, 0x200000000000001, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f0000000240)=@in={0x2, 0x0, @remote}, 0x80, 0x0}, 0x20000054) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x5452, &(0x7f00000013c0)) socketpair$unix(0x1, 0x10000000000005, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_attach_bpf(r0, 0x6, 0x21, 0x0, 0x0) [ 181.282524][ T7778] chnl_net:caif_netlink_parms(): no params data found [ 181.362607][ T7778] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.379836][ T7778] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.394288][ T7778] device bridge_slave_0 entered promiscuous mode [ 181.402900][ T7778] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.410085][ T7778] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.417986][ T7778] device bridge_slave_1 entered promiscuous mode [ 181.432333][ T7782] IPVS: ftp: loaded support on port[0] = 21 [ 181.467313][ T7778] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.490345][ T7778] bond0: Enslaving bond_slave_1 as an active interface with an up link 00:03:21 executing program 2: unshare(0x20020000) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000480)='devpts\x00vh\xd2p!s\n@ha.\xc1\x88\x05\x89\x1d\b\xb3Xd\x92Y\x1b\x8c\xc0\xd0\xf4\x952\x8c!JC\xd1]Ul\xa2\x80\x19\x88 \xd4b\x0f\x87\x89P\xb4M\xf7]w\xa9\xb6\xc3}\x16\f\x87ueg$\xd9,\x8c\x9b\xbb*\xfe\x95\xb8\xa1\x9aVA\xb73w\xdf/\xa9\xc5\x8e\xe1\xef\xc5\x8d\x168\xba\"\x83\x8b\xe2\xf7*\xfa\xd20a\x94\xc7yiF\a\v\x14\xd2\xc1z\x94\x9d\x9d\a*\xab\xea\xd9Ee\xac\xa28p\xa2\xa1\x9a;\xb4o\xa0\xf1\xd7&[2\xf2\x82\xbc\xc2tu\xfb\xf5\xb1Y\xd6\xa9\x1b\xbec\xdeA\x8d\x94W)\x93,\xac\x02\x86\xd1\r\x00\xefZ\xf3Y\x84\xdbF\xf2u\xa1\x8b_\x9fe\xfe[q\xb1\\\xcen\bC \x81', 0x0, 0x0) poll(0x0, 0x0, 0x84d8) ioctl$KDGKBTYPE(0xffffffffffffffff, 0x4b33, 0x0) mlockall(0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x280000, 0x0) ioctl$KDGKBTYPE(r0, 0x4b33, &(0x7f0000000240)) r1 = socket$inet6(0xa, 0x2, 0x0) prctl$PR_CAP_AMBIENT(0x2f, 0x0, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000180)=0x8) sendmmsg(r1, &(0x7f0000007e00), 0x3ffffeb, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmmsg(r1, &(0x7f000000ac80), 0x66, 0x0) ioctl$TIOCLINUX4(0xffffffffffffffff, 0x541c, 0x0) clone(0x13102001fee, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0x3) rt_sigaction(0x7, &(0x7f0000000340)={&(0x7f0000000140)="c4427d06bced3cd500002ef30f53573ef3a436f22e77b3c4425947adeb36e407c4e22d973c0ef22e40803cfb0b0f437200dac0d9d0", {0x6}, 0x2, &(0x7f00000002c0)="46839819b20000c86766430f380bac195d000000c4622191b4d102000000c421796ec66566400f383199aff62f61f0462989601b9a9ec4a2790ff7c4237d4a8144dd0000048fc930996cbf532e0fe95007"}, 0x0, 0x8, &(0x7f0000000480)) ioctl$TCGETA(r0, 0x5405, &(0x7f0000000280)) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000380)={'teql0\x00'}) unshare(0x2000400) tee(r2, r1, 0x8000, 0x5) rmdir(&(0x7f0000000580)='./file0\x00') [ 181.521810][ T7778] team0: Port device team_slave_0 added [ 181.529285][ T7778] team0: Port device team_slave_1 added [ 181.621895][ T7778] device hsr_slave_0 entered promiscuous mode 00:03:21 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") creat(0x0, 0x0) syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./bus\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 181.699193][ T7778] device hsr_slave_1 entered promiscuous mode [ 181.815801][ T7784] IPVS: ftp: loaded support on port[0] = 21 [ 181.849244][ T7778] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.856466][ T7778] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.864287][ T7778] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.871390][ T7778] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.897976][ T7782] chnl_net:caif_netlink_parms(): no params data found [ 181.907766][ T7787] IPVS: ftp: loaded support on port[0] = 21 00:03:21 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/mixer\x00', 0x1, 0x0) ioctl$ION_IOC_HEAP_QUERY(r0, 0xc0184908, &(0x7f0000000340)={0x0, 0x0, 0x0}) semtimedop(0x0, 0x0, 0x0, 0x0) [ 182.031921][ T7782] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.039533][ T7782] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.047694][ T7782] device bridge_slave_0 entered promiscuous mode [ 182.093566][ T7782] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.101116][ T7782] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.115079][ T7782] device bridge_slave_1 entered promiscuous mode [ 182.147651][ T7782] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.177645][ T7782] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 182.197787][ T7790] IPVS: ftp: loaded support on port[0] = 21 [ 182.233340][ T7778] 8021q: adding VLAN 0 to HW filter on device bond0 00:03:21 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet(0x10, 0x3, 0xc) sendmsg(r1, &(0x7f000001d000)={0x0, 0x0, &(0x7f0000024000)=[{&(0x7f0000000100)="24000000100207031dff22946fa2830020200a0009000300001d85687f0000000400ff7e28000000020a43ba5d806055b6fdd80b40000000140001000029ec2400020cd37e99d69cda45a95e", 0x4c}], 0x1}, 0x0) [ 182.296983][ T7778] 8021q: adding VLAN 0 to HW filter on device team0 [ 182.325315][ T7781] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 182.336583][ T7781] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.363916][ T7781] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.375266][ T7781] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 182.396270][ T7782] team0: Port device team_slave_0 added [ 182.429838][ T7781] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 182.432819][ T7796] IPVS: ftp: loaded support on port[0] = 21 [ 182.438464][ T7781] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 182.454537][ T7781] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.461651][ T7781] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.469554][ T7781] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 182.477982][ T7781] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 182.486397][ T7781] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.493472][ T7781] bridge0: port 2(bridge_slave_1) entered forwarding state [ 182.502164][ T7782] team0: Port device team_slave_1 added [ 182.533514][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 182.542880][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 182.551274][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 182.560101][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.568402][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 182.590317][ T7787] chnl_net:caif_netlink_parms(): no params data found [ 182.661086][ T7782] device hsr_slave_0 entered promiscuous mode [ 182.698962][ T7782] device hsr_slave_1 entered promiscuous mode [ 182.780895][ T7784] chnl_net:caif_netlink_parms(): no params data found [ 182.812057][ T7781] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 182.821843][ T7781] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 182.837839][ T7778] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 182.850003][ T7778] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 182.883025][ T7784] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.890746][ T7784] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.898253][ T7784] device bridge_slave_0 entered promiscuous mode [ 182.905696][ T7781] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 182.916962][ T7781] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 182.925412][ T7781] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 182.937775][ T7781] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 182.946018][ T7781] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 182.976826][ T7787] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.984570][ T7787] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.992606][ T7787] device bridge_slave_0 entered promiscuous mode [ 183.002228][ T7787] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.009349][ T7787] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.016857][ T7787] device bridge_slave_1 entered promiscuous mode [ 183.037358][ T7787] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 183.045836][ T7784] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.054457][ T7784] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.062330][ T7784] device bridge_slave_1 entered promiscuous mode [ 183.083417][ T7784] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 183.096479][ T7784] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 183.106272][ T7787] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 183.152114][ T7778] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 183.173350][ T7784] team0: Port device team_slave_0 added [ 183.181647][ T7787] team0: Port device team_slave_0 added [ 183.214152][ T7784] team0: Port device team_slave_1 added [ 183.223211][ T7787] team0: Port device team_slave_1 added [ 183.281745][ T7787] device hsr_slave_0 entered promiscuous mode [ 183.319016][ T7787] device hsr_slave_1 entered promiscuous mode [ 183.438006][ T7790] chnl_net:caif_netlink_parms(): no params data found [ 183.514634][ T7801] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 183.533535][ T7801] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7801 [ 183.543046][ T7801] caller is ip6_finish_output+0x335/0xdc0 [ 183.543070][ T7801] CPU: 0 PID: 7801 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 183.543079][ T7801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 183.543084][ T7801] Call Trace: [ 183.543103][ T7801] dump_stack+0x172/0x1f0 [ 183.543125][ T7801] __this_cpu_preempt_check+0x246/0x270 [ 183.543142][ T7801] ip6_finish_output+0x335/0xdc0 [ 183.543163][ T7801] ip6_output+0x235/0x7f0 [ 183.543183][ T7801] ? ip6_finish_output+0xdc0/0xdc0 [ 183.543215][ T7801] ? ip6_fragment+0x3980/0x3980 [ 183.543246][ T7801] ip6_xmit+0xe41/0x20c0 [ 183.543270][ T7801] ? ip6_finish_output2+0x2550/0x2550 [ 183.543287][ T7801] ? mark_held_locks+0xf0/0xf0 [ 183.543308][ T7801] ? ip6_setup_cork+0x1870/0x1870 [ 183.558047][ T7801] inet6_csk_xmit+0x2fb/0x5d0 [ 183.571346][ T7801] ? inet6_csk_update_pmtu+0x190/0x190 [ 183.571363][ T7801] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 183.571386][ T7801] ? csum_ipv6_magic+0x20/0x80 [ 183.571412][ T7801] __tcp_transmit_skb+0x1a32/0x3750 [ 183.571439][ T7801] ? __tcp_select_window+0x8b0/0x8b0 [ 183.571460][ T7801] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 183.571481][ T7801] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 183.581327][ T7801] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 183.590556][ T7801] tcp_connect+0x1e47/0x4280 [ 183.590584][ T7801] ? tcp_push_one+0x110/0x110 [ 183.590601][ T7801] ? secure_tcpv6_ts_off+0x24f/0x360 [ 183.590619][ T7801] ? secure_dccpv6_sequence_number+0x280/0x280 [ 183.590634][ T7801] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 183.590648][ T7801] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 183.590662][ T7801] ? prandom_u32_state+0x13/0x180 [ 183.590682][ T7801] tcp_v6_connect+0x150b/0x20a0 [ 183.590698][ T7801] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 183.590718][ T7801] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 183.590744][ T7801] ? find_held_lock+0x35/0x130 [ 183.590761][ T7801] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 183.590782][ T7801] __inet_stream_connect+0x83f/0xea0 [ 183.590794][ T7801] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 183.590808][ T7801] ? __inet_stream_connect+0x83f/0xea0 [ 183.590836][ T7801] ? inet_dgram_connect+0x2e0/0x2e0 [ 183.605021][ T7801] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 183.615120][ T7801] ? rcu_read_lock_sched_held+0x110/0x130 [ 183.624787][ T7801] ? kmem_cache_alloc_trace+0x354/0x760 [ 183.636458][ T7801] ? __lock_acquire+0x548/0x3fb0 [ 183.646408][ T7801] tcp_sendmsg_locked+0x231f/0x37f0 [ 183.657894][ T7801] ? mark_held_locks+0xf0/0xf0 [ 183.669560][ T7801] ? mark_held_locks+0xa4/0xf0 [ 183.669582][ T7801] ? tcp_sendpage+0x60/0x60 [ 183.669598][ T7801] ? lock_sock_nested+0x9a/0x120 [ 183.669614][ T7801] ? trace_hardirqs_on+0x67/0x230 [ 183.669629][ T7801] ? lock_sock_nested+0x9a/0x120 [ 183.669647][ T7801] ? __local_bh_enable_ip+0x15a/0x270 [ 183.669668][ T7801] tcp_sendmsg+0x30/0x50 [ 183.678909][ T7801] inet_sendmsg+0x147/0x5e0 [ 183.678924][ T7801] ? ipip_gro_receive+0x100/0x100 [ 183.678942][ T7801] sock_sendmsg+0xdd/0x130 [ 183.678962][ T7801] __sys_sendto+0x262/0x380 [ 183.678982][ T7801] ? __ia32_sys_getpeername+0xb0/0xb0 [ 183.679013][ T7801] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 183.690433][ T7801] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.690448][ T7801] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.690464][ T7801] ? do_syscall_64+0x26/0x610 [ 183.690480][ T7801] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.690501][ T7801] __x64_sys_sendto+0xe1/0x1a0 [ 183.690522][ T7801] do_syscall_64+0x103/0x610 [ 183.702967][ T7801] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.702980][ T7801] RIP: 0033:0x4582b9 [ 183.702997][ T7801] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 183.703005][ T7801] RSP: 002b:00007f502f7e4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 183.703019][ T7801] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 183.703028][ T7801] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 183.703037][ T7801] RBP: 000000000073bf00 R08: 00000000208d4fe4 R09: 000000000000001c [ 183.703046][ T7801] R10: 000000002000000c R11: 0000000000000246 R12: 00007f502f7e56d4 [ 183.703053][ T7801] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 183.910931][ T7801] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7801 [ 183.919955][ T7801] caller is ip6_finish_output+0x335/0xdc0 [ 183.935827][ T7801] CPU: 0 PID: 7801 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 183.935836][ T7801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 183.935840][ T7801] Call Trace: [ 183.935862][ T7801] dump_stack+0x172/0x1f0 [ 183.935894][ T7801] __this_cpu_preempt_check+0x246/0x270 [ 183.951819][ T7801] ip6_finish_output+0x335/0xdc0 [ 183.951842][ T7801] ip6_output+0x235/0x7f0 [ 183.951859][ T7801] ? ip6_finish_output+0xdc0/0xdc0 [ 183.951885][ T7801] ? ip6_fragment+0x3980/0x3980 [ 183.969126][ T7801] ip6_xmit+0xe41/0x20c0 [ 183.969141][ T7801] ? find_held_lock+0x35/0x130 [ 183.969165][ T7801] ? ip6_finish_output2+0x2550/0x2550 [ 183.969181][ T7801] ? mark_held_locks+0xf0/0xf0 [ 183.969212][ T7801] ? ip6_setup_cork+0x1870/0x1870 [ 183.983955][ T7801] inet6_csk_xmit+0x2fb/0x5d0 [ 183.983973][ T7801] ? inet6_csk_update_pmtu+0x190/0x190 [ 183.983989][ T7801] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 183.984011][ T7801] ? csum_ipv6_magic+0x20/0x80 [ 183.997445][ T7801] __tcp_transmit_skb+0x1a32/0x3750 [ 184.007281][ T7801] ? memcpy+0x46/0x50 [ 184.016517][ T7801] ? __tcp_select_window+0x8b0/0x8b0 [ 184.026472][ T7801] ? tcp_rbtree_insert+0x188/0x200 [ 184.035440][ T7801] tcp_send_synack+0x4b0/0x15b0 [ 184.045537][ T7801] ? tcp_send_active_reset+0x8e0/0x8e0 [ 184.055225][ T7801] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 184.066886][ T7801] ? tcp_sync_mss+0x2ee/0xa30 [ 184.076807][ T7801] tcp_rcv_state_process+0x225d/0x4d93 [ 184.086039][ T7801] ? tcp_finish_connect+0x510/0x510 [ 184.096493][ T7801] ? __release_sock+0xca/0x3a0 [ 184.108161][ T7801] ? find_held_lock+0x35/0x130 [ 184.123449][ T7801] ? mark_held_locks+0xa4/0xf0 [ 184.132976][ T7801] ? __local_bh_enable_ip+0x15a/0x270 [ 184.143072][ T7801] ? _raw_spin_unlock_bh+0x31/0x40 [ 184.143085][ T7801] ? __local_bh_enable_ip+0x15a/0x270 [ 184.143106][ T7801] tcp_v6_do_rcv+0x7da/0x12c0 [ 184.143117][ T7801] ? tcp_v6_do_rcv+0x7da/0x12c0 [ 184.143138][ T7801] __release_sock+0x12e/0x3a0 [ 184.143161][ T7801] release_sock+0x59/0x1c0 [ 184.143181][ T7801] __inet_stream_connect+0x59f/0xea0 [ 184.143214][ T7801] ? inet_dgram_connect+0x2e0/0x2e0 [ 184.158327][ T7801] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 184.167927][ T7801] ? do_wait_intr_irq+0x2b0/0x2b0 [ 184.177600][ T7801] ? __lock_acquire+0x548/0x3fb0 [ 184.188140][ T7801] tcp_sendmsg_locked+0x231f/0x37f0 [ 184.198063][ T7801] ? mark_held_locks+0xf0/0xf0 [ 184.208049][ T7801] ? mark_held_locks+0xa4/0xf0 [ 184.212816][ T7801] ? tcp_sendpage+0x60/0x60 [ 184.212832][ T7801] ? lock_sock_nested+0x9a/0x120 [ 184.212847][ T7801] ? trace_hardirqs_on+0x67/0x230 [ 184.212861][ T7801] ? lock_sock_nested+0x9a/0x120 [ 184.212879][ T7801] ? __local_bh_enable_ip+0x15a/0x270 [ 184.212901][ T7801] tcp_sendmsg+0x30/0x50 [ 184.212917][ T7801] inet_sendmsg+0x147/0x5e0 [ 184.212930][ T7801] ? ipip_gro_receive+0x100/0x100 [ 184.212955][ T7801] sock_sendmsg+0xdd/0x130 [ 184.227380][ T7801] __sys_sendto+0x262/0x380 [ 184.237653][ T7801] ? __ia32_sys_getpeername+0xb0/0xb0 [ 184.251373][ T7801] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 184.251403][ T7801] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.251419][ T7801] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.251434][ T7801] ? do_syscall_64+0x26/0x610 [ 184.251450][ T7801] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 184.251474][ T7801] __x64_sys_sendto+0xe1/0x1a0 [ 184.265734][ T7801] do_syscall_64+0x103/0x610 [ 184.277644][ T7801] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 184.287752][ T7801] RIP: 0033:0x4582b9 [ 184.298546][ T7801] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 184.308976][ T7801] RSP: 002b:00007f502f7e4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 184.308992][ T7801] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 184.309000][ T7801] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 184.309009][ T7801] RBP: 000000000073bf00 R08: 00000000208d4fe4 R09: 000000000000001c [ 184.309017][ T7801] R10: 000000002000000c R11: 0000000000000246 R12: 00007f502f7e56d4 [ 184.309026][ T7801] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 184.382442][ T7801] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7801 [ 184.392094][ T7801] caller is ip6_finish_output+0x335/0xdc0 [ 184.397821][ T7801] CPU: 0 PID: 7801 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 184.404797][ T7782] 8021q: adding VLAN 0 to HW filter on device bond0 [ 184.406845][ T7801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 184.424158][ T7801] Call Trace: [ 184.425637][ T7782] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.427465][ T7801] dump_stack+0x172/0x1f0 [ 184.438357][ T7801] __this_cpu_preempt_check+0x246/0x270 [ 184.443912][ T7801] ip6_finish_output+0x335/0xdc0 [ 184.448864][ T7801] ip6_output+0x235/0x7f0 [ 184.453211][ T7801] ? ip6_finish_output+0xdc0/0xdc0 [ 184.458348][ T7801] ? ip6_fragment+0x3980/0x3980 [ 184.463228][ T7801] ip6_xmit+0xe41/0x20c0 [ 184.466954][ T7782] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 184.467494][ T7801] ? ip6_finish_output2+0x2550/0x2550 [ 184.482116][ T7782] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 184.483165][ T7801] ? mark_held_locks+0xf0/0xf0 [ 184.498229][ T7801] ? ip6_setup_cork+0x1870/0x1870 [ 184.503312][ T7801] inet6_csk_xmit+0x2fb/0x5d0 [ 184.508115][ T7801] ? inet6_csk_update_pmtu+0x190/0x190 [ 184.511004][ T7782] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 184.513587][ T7801] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 184.526555][ T7801] ? csum_ipv6_magic+0x20/0x80 [ 184.531330][ T7801] __tcp_transmit_skb+0x1a32/0x3750 [ 184.536550][ T7801] ? __tcp_select_window+0x8b0/0x8b0 [ 184.541852][ T7801] ? tcp_mstamp_refresh+0x16/0xa0 [ 184.546885][ T7801] __tcp_send_ack.part.0+0x3c6/0x5b0 [ 184.552231][ T7801] tcp_send_ack+0x88/0xa0 [ 184.556564][ T7801] tcp_send_challenge_ack.isra.0+0x250/0x300 [ 184.562551][ T7801] tcp_validate_incoming+0x55e/0x1660 [ 184.567941][ T7801] tcp_rcv_state_process+0xb6b/0x4d93 [ 184.573368][ T7801] ? tcp_finish_connect+0x510/0x510 [ 184.578586][ T7801] ? __release_sock+0xca/0x3a0 [ 184.583359][ T7801] ? find_held_lock+0x35/0x130 [ 184.588134][ T7801] ? mark_held_locks+0xa4/0xf0 [ 184.592904][ T7801] ? __local_bh_enable_ip+0x15a/0x270 [ 184.598286][ T7801] ? _raw_spin_unlock_bh+0x31/0x40 [ 184.603404][ T7801] ? __local_bh_enable_ip+0x15a/0x270 [ 184.608785][ T7801] tcp_v6_do_rcv+0x7da/0x12c0 [ 184.613467][ T7801] ? tcp_v6_do_rcv+0x7da/0x12c0 [ 184.618333][ T7801] __release_sock+0x12e/0x3a0 [ 184.623022][ T7801] release_sock+0x59/0x1c0 [ 184.627451][ T7801] __inet_stream_connect+0x59f/0xea0 [ 184.632754][ T7801] ? inet_dgram_connect+0x2e0/0x2e0 [ 184.637958][ T7801] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 184.643334][ T7801] ? do_wait_intr_irq+0x2b0/0x2b0 [ 184.648360][ T7801] ? __lock_acquire+0x548/0x3fb0 [ 184.653320][ T7801] tcp_sendmsg_locked+0x231f/0x37f0 [ 184.658526][ T7801] ? mark_held_locks+0xf0/0xf0 [ 184.658547][ T7801] ? mark_held_locks+0xa4/0xf0 00:03:24 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000f56000)={0x0, 0x0, &(0x7f0000f36000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020300090c000000ffffffffffffffff02001300020000000000000000000000030006000000000002004e20e0000001000000000000002402000100f8ffffff0000000200000000030005000000000002004e20e00000010000000000000000"], 0x60}}, 0x0) sendmsg$key(r1, &(0x7f000033efc8)={0x0, 0xffffff7f, &(0x7f0000aa8000)={&(0x7f00009b9000)={0x2, 0x9, 0x0, 0x0, 0x2}, 0x10}}, 0x0) [ 184.658569][ T7801] ? tcp_sendpage+0x60/0x60 [ 184.658583][ T7801] ? lock_sock_nested+0x9a/0x120 [ 184.658597][ T7801] ? trace_hardirqs_on+0x67/0x230 [ 184.658609][ T7801] ? lock_sock_nested+0x9a/0x120 [ 184.658626][ T7801] ? __local_bh_enable_ip+0x15a/0x270 [ 184.672721][ T7801] tcp_sendmsg+0x30/0x50 [ 184.672752][ T7801] inet_sendmsg+0x147/0x5e0 [ 184.701704][ T7801] ? ipip_gro_receive+0x100/0x100 [ 184.706735][ T7801] sock_sendmsg+0xdd/0x130 [ 184.711168][ T7801] __sys_sendto+0x262/0x380 [ 184.715696][ T7801] ? __ia32_sys_getpeername+0xb0/0xb0 [ 184.721091][ T7801] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 184.727334][ T7801] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.732795][ T7801] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.738241][ T7801] ? do_syscall_64+0x26/0x610 [ 184.742913][ T7801] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 184.748973][ T7801] __x64_sys_sendto+0xe1/0x1a0 [ 184.753732][ T7801] do_syscall_64+0x103/0x610 [ 184.758342][ T7801] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 184.764247][ T7801] RIP: 0033:0x4582b9 [ 184.768134][ T7801] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 184.787714][ T7801] RSP: 002b:00007f502f7e4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 184.796105][ T7801] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 184.804053][ T7801] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 184.812002][ T7801] RBP: 000000000073bf00 R08: 00000000208d4fe4 R09: 000000000000001c [ 184.819962][ T7801] R10: 000000002000000c R11: 0000000000000246 R12: 00007f502f7e56d4 [ 184.827927][ T7801] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 184.838625][ C0] hrtimer: interrupt took 54821 ns [ 184.872046][ T7784] device hsr_slave_0 entered promiscuous mode [ 184.899020][ T7784] device hsr_slave_1 entered promiscuous mode [ 184.944700][ T7802] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7802 [ 184.954111][ T7802] caller is ip6_finish_output+0x335/0xdc0 [ 184.960806][ T7802] CPU: 0 PID: 7802 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 184.969830][ T7802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 184.979885][ T7802] Call Trace: [ 184.983229][ T7802] dump_stack+0x172/0x1f0 [ 184.987591][ T7802] __this_cpu_preempt_check+0x246/0x270 [ 184.993150][ T7802] ip6_finish_output+0x335/0xdc0 [ 184.998112][ T7802] ip6_output+0x235/0x7f0 [ 185.002494][ T7802] ? ip6_finish_output+0xdc0/0xdc0 [ 185.007600][ T7802] ? ip6_fragment+0x3980/0x3980 [ 185.012435][ T7802] ip6_xmit+0xe41/0x20c0 [ 185.016715][ T7802] ? ip6_finish_output2+0x2550/0x2550 [ 185.022077][ T7802] ? mark_held_locks+0xf0/0xf0 [ 185.026892][ T7802] ? ip6_setup_cork+0x1870/0x1870 [ 185.031911][ T7802] inet6_csk_xmit+0x2fb/0x5d0 [ 185.036614][ T7802] ? inet6_csk_update_pmtu+0x190/0x190 [ 185.042058][ T7802] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.054294][ T7802] ? csum_ipv6_magic+0x20/0x80 [ 185.059061][ T7802] __tcp_transmit_skb+0x1a32/0x3750 [ 185.064265][ T7802] ? __tcp_select_window+0x8b0/0x8b0 [ 185.069536][ T7802] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.075760][ T7802] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 185.081244][ T7802] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 185.087520][ T7802] tcp_connect+0x1e47/0x4280 [ 185.092578][ T7802] ? tcp_push_one+0x110/0x110 [ 185.097253][ T7802] ? secure_tcpv6_ts_off+0x24f/0x360 [ 185.102521][ T7802] ? secure_dccpv6_sequence_number+0x280/0x280 [ 185.108657][ T7802] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.115050][ T7802] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.121273][ T7802] ? prandom_u32_state+0x13/0x180 [ 185.126282][ T7802] tcp_v6_connect+0x150b/0x20a0 [ 185.131117][ T7802] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 185.136496][ T7802] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 185.141762][ T7802] ? __switch_to_asm+0x34/0x70 [ 185.146522][ T7802] ? __switch_to_asm+0x40/0x70 [ 185.151278][ T7802] ? find_held_lock+0x35/0x130 [ 185.156025][ T7802] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 185.161663][ T7802] __inet_stream_connect+0x83f/0xea0 [ 185.166942][ T7802] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 185.172216][ T7802] ? __inet_stream_connect+0x83f/0xea0 [ 185.177670][ T7802] ? inet_dgram_connect+0x2e0/0x2e0 [ 185.182851][ T7802] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 185.188228][ T7802] ? rcu_read_lock_sched_held+0x110/0x130 [ 185.193949][ T7802] ? kmem_cache_alloc_trace+0x354/0x760 [ 185.199499][ T7802] ? __lock_acquire+0x548/0x3fb0 [ 185.204436][ T7802] tcp_sendmsg_locked+0x231f/0x37f0 [ 185.209634][ T7802] ? mark_held_locks+0xf0/0xf0 [ 185.214394][ T7802] ? mark_held_locks+0xa4/0xf0 [ 185.219159][ T7802] ? tcp_sendpage+0x60/0x60 [ 185.223642][ T7802] ? lock_sock_nested+0x9a/0x120 [ 185.228558][ T7802] ? trace_hardirqs_on+0x67/0x230 [ 185.233562][ T7802] ? lock_sock_nested+0x9a/0x120 [ 185.238496][ T7802] ? __local_bh_enable_ip+0x15a/0x270 [ 185.243848][ T7802] tcp_sendmsg+0x30/0x50 [ 185.248082][ T7802] inet_sendmsg+0x147/0x5e0 [ 185.252591][ T7802] ? ipip_gro_receive+0x100/0x100 [ 185.257608][ T7802] sock_sendmsg+0xdd/0x130 [ 185.262007][ T7802] __sys_sendto+0x262/0x380 [ 185.266494][ T7802] ? __ia32_sys_getpeername+0xb0/0xb0 [ 185.271866][ T7802] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 185.278095][ T7802] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.283533][ T7802] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.288969][ T7802] ? do_syscall_64+0x26/0x610 [ 185.293628][ T7802] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.299697][ T7802] __x64_sys_sendto+0xe1/0x1a0 [ 185.304465][ T7802] do_syscall_64+0x103/0x610 [ 185.309057][ T7802] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.314929][ T7802] RIP: 0033:0x4582b9 [ 185.318801][ T7802] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 185.338388][ T7802] RSP: 002b:00007f502f7c3c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 185.346777][ T7802] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 185.354726][ T7802] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 185.362694][ T7802] RBP: 000000000073bfa0 R08: 00000000208d4fe4 R09: 000000000000001c [ 185.370643][ T7802] R10: 000000002000000c R11: 0000000000000246 R12: 00007f502f7c46d4 [ 185.378595][ T7802] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff 00:03:25 executing program 0: r0 = socket$kcm(0x2b, 0x200000000000001, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f0000000240)=@in={0x2, 0x0, @remote}, 0x80, 0x0}, 0x20000054) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x5452, &(0x7f00000013c0)) socketpair$unix(0x1, 0x10000000000005, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_attach_bpf(r0, 0x6, 0x15, &(0x7f00000000c0), 0x3d9) [ 185.398018][ T7796] chnl_net:caif_netlink_parms(): no params data found [ 185.437762][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 185.446477][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 185.454601][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 185.463285][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 185.472000][ T7793] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.479088][ T7793] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.486776][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 185.495749][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 185.504109][ T7793] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.511180][ T7793] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.518899][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 185.527342][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 185.536532][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 185.545053][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 185.553396][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 185.562073][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 185.571033][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 185.579365][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 185.587503][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 185.595995][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 185.604602][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 185.612602][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 185.620841][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 185.633198][ T7790] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.640761][ T7790] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.650807][ T7790] device bridge_slave_0 entered promiscuous mode [ 185.658270][ T7790] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.665838][ T7790] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.673970][ T7790] device bridge_slave_1 entered promiscuous mode 00:03:25 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000500)='./file0/file0\x00', 0x0) write$FUSE_ENTRY(0xffffffffffffffff, 0x0, 0x0) 00:03:25 executing program 0: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000200)='/dev/input/event#\x00', 0x0, 0x0) gettid() timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, 0x0) clock_gettime(0x0, &(0x7f00000023c0)) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") timer_settime(0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, &(0x7f000058c000), 0x0) dup3(r0, r1, 0x0) [ 185.776458][ T7790] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 185.816618][ T7796] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.823846][ T7796] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.832063][ T7796] device bridge_slave_0 entered promiscuous mode [ 185.841091][ T7790] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 185.862614][ T7790] team0: Port device team_slave_0 added [ 185.870142][ T7790] team0: Port device team_slave_1 added [ 185.894682][ T7787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 185.901977][ T7796] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.909556][ T7796] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.917279][ T7796] device bridge_slave_1 entered promiscuous mode [ 185.980650][ T7790] device hsr_slave_0 entered promiscuous mode [ 186.019829][ T7790] device hsr_slave_1 entered promiscuous mode 00:03:25 executing program 0: r0 = socket$inet(0x10, 0x3, 0xc) sendmsg(r0, &(0x7f000001d000)={0x0, 0x0, &(0x7f0000024000)=[{&(0x7f0000000100)="24000000100007031dff22946fa2830020200a0009000300001d85687f0000000400ff7e28000000020a43ba5d806055b6fdd80b", 0x34}], 0x1}, 0x0) [ 186.072875][ T7787] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.087373][ T7796] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 186.119716][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 186.127441][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 186.151052][ T7796] bond0: Enslaving bond_slave_1 as an active interface with an up link 00:03:25 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mreqsrc(r0, 0x0, 0x9, &(0x7f0000000000)={@loopback, @multicast2, @remote}, 0x37c) r1 = socket$inet6_icmp_raw(0x1c, 0x3, 0x3a) getsockopt$inet_mreqn(r0, 0x0, 0x9, &(0x7f00000000c0)={@loopback, @loopback, 0x0}, &(0x7f0000000100)=0xc) setsockopt$inet6_IPV6_PKTINFO(r1, 0x29, 0x2e, &(0x7f0000000400)={@empty, r2}, 0x14) sendmsg(r1, &(0x7f00000003c0)={&(0x7f0000000180)=@in6, 0x1c, 0x0, 0x0, &(0x7f0000001440)=[{0xa0, 0x88, 0x400, "6939c2dd61d860c29cc19173333e0668d50a24dbefb9af0728a2fe10e1225fdeff42c88161963b49af180f104a633277064a24d5e4ceb23906e082fb0574d5bd4ff36d375ad9d11a90d32251ecf34b09a7f4853a59ba7dffab6e474ce8c8559fb8d88b90ab0af8e39c6dbc51977aab80aa3957ecbd5dde2ab8f33345a37092fe143d8e6ea6b1a2ac8dfdaaf32173b7"}], 0xa0}, 0x20080) [ 186.172493][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.193023][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.203374][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.210490][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.235591][ T7784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.253993][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.264465][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.273540][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready 00:03:25 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0adc1f123c123f3188b070") recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000700)='stack\x00') preadv(r1, &(0x7f00000017c0), 0x3da, 0x0) [ 186.282751][ T7788] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.289901][ T7788] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.299965][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 186.349963][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 186.359641][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.368218][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.377145][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 186.386378][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 186.395547][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 186.409725][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 186.425478][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 186.433383][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 00:03:26 executing program 0: r0 = socket$inet6(0xa, 0x4000000003, 0x3) r1 = epoll_create1(0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xbcfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000180)={0xa, 0x0, 0x0, @mcast1}, 0x1c) [ 186.459306][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 186.469025][ T7784] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.478329][ T7796] team0: Port device team_slave_0 added [ 186.485459][ T7796] team0: Port device team_slave_1 added [ 186.517357][ T7787] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 186.564184][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 186.577228][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 186.585618][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.594363][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.603097][ T7788] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.610193][ T7788] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.620795][ T7790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.627922][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.636255][ T7847] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7847 [ 186.645565][ T7787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 186.646089][ T7847] caller is ip6_finish_output+0x335/0xdc0 [ 186.658310][ T7847] CPU: 1 PID: 7847 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 186.667321][ T7847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 186.677379][ T7847] Call Trace: [ 186.680678][ T7847] dump_stack+0x172/0x1f0 [ 186.685021][ T7847] __this_cpu_preempt_check+0x246/0x270 [ 186.690578][ T7847] ip6_finish_output+0x335/0xdc0 [ 186.695526][ T7847] ip6_output+0x235/0x7f0 [ 186.695555][ T7847] ? ip6_finish_output+0xdc0/0xdc0 [ 186.704973][ T7847] ? ip6_fragment+0x3980/0x3980 [ 186.709825][ T7847] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 186.709847][ T7847] ip6_local_out+0xc4/0x1b0 [ 186.709866][ T7847] ip6_send_skb+0xbb/0x350 [ 186.709887][ T7847] ip6_push_pending_frames+0xc8/0xf0 [ 186.709906][ T7847] rawv6_sendmsg+0x299c/0x35e0 [ 186.709937][ T7847] ? rawv6_getsockopt+0x150/0x150 [ 186.739386][ T7847] ? aa_profile_af_perm+0x320/0x320 [ 186.744580][ T7847] ? tomoyo_check_inet_address+0x321/0x700 [ 186.744598][ T7847] ? tomoyo_unix_entry+0x5d0/0x5d0 [ 186.744630][ T7847] ? ___might_sleep+0x163/0x280 [ 186.760350][ T7847] ? __might_sleep+0x95/0x190 [ 186.761706][ T7784] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 186.765042][ T7847] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 186.780873][ T7847] inet_sendmsg+0x147/0x5e0 [ 186.785375][ T7847] ? rawv6_getsockopt+0x150/0x150 [ 186.785388][ T7847] ? inet_sendmsg+0x147/0x5e0 [ 186.785402][ T7847] ? ipip_gro_receive+0x100/0x100 [ 186.785425][ T7847] sock_sendmsg+0xdd/0x130 [ 186.795880][ T7784] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 186.800098][ T7847] __sys_sendto+0x262/0x380 [ 186.800118][ T7847] ? __ia32_sys_getpeername+0xb0/0xb0 [ 186.800152][ T7847] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 186.800182][ T7847] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.800212][ T7847] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.841883][ T7847] ? do_syscall_64+0x26/0x610 [ 186.846561][ T7847] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 186.846585][ T7847] __x64_sys_sendto+0xe1/0x1a0 [ 186.846607][ T7847] do_syscall_64+0x103/0x610 [ 186.846624][ T7847] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 186.866821][ T7852] ntfs: (device loop3): ntfs_fill_super(): Unable to determine device size. [ 186.867988][ T7847] RIP: 0033:0x4582b9 [ 186.868012][ T7847] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 186.900221][ T7847] RSP: 002b:00007f502f7e4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 186.900236][ T7847] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 186.900243][ T7847] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 186.900252][ T7847] RBP: 000000000073bf00 R08: 0000000020000180 R09: 000000000000001c [ 186.900260][ T7847] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f502f7e56d4 [ 186.900268][ T7847] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 186.907155][ T7784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 186.949351][ T7847] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7847 [ 186.961122][ T7847] caller is sk_mc_loop+0x1d/0x210 [ 186.975689][ T7847] CPU: 0 PID: 7847 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 186.975699][ T7847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 186.975704][ T7847] Call Trace: [ 186.975734][ T7847] dump_stack+0x172/0x1f0 [ 187.002374][ T7847] __this_cpu_preempt_check+0x246/0x270 [ 187.007916][ T7847] sk_mc_loop+0x1d/0x210 [ 187.012146][ T7847] ip6_finish_output2+0x17a5/0x2550 [ 187.017331][ T7847] ? find_held_lock+0x35/0x130 [ 187.022088][ T7847] ? ip6_mtu+0x2e6/0x460 [ 187.026335][ T7847] ? ip6_forward_finish+0x580/0x580 [ 187.031516][ T7847] ? lock_downgrade+0x880/0x880 [ 187.036364][ T7847] ? rcu_read_unlock_special+0xf3/0x210 [ 187.042021][ T7847] ip6_finish_output+0x614/0xdc0 [ 187.046939][ T7847] ? ip6_finish_output+0x614/0xdc0 [ 187.052034][ T7847] ip6_output+0x235/0x7f0 [ 187.056369][ T7847] ? ip6_finish_output+0xdc0/0xdc0 [ 187.061493][ T7847] ? ip6_fragment+0x3980/0x3980 [ 187.066336][ T7847] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 187.071880][ T7847] ip6_local_out+0xc4/0x1b0 [ 187.076375][ T7847] ip6_send_skb+0xbb/0x350 [ 187.080777][ T7847] ip6_push_pending_frames+0xc8/0xf0 [ 187.086043][ T7847] rawv6_sendmsg+0x299c/0x35e0 [ 187.091352][ T7847] ? rawv6_getsockopt+0x150/0x150 [ 187.096363][ T7847] ? aa_profile_af_perm+0x320/0x320 [ 187.101557][ T7847] ? tomoyo_check_inet_address+0x321/0x700 [ 187.107344][ T7847] ? tomoyo_unix_entry+0x5d0/0x5d0 [ 187.112462][ T7847] ? ___might_sleep+0x163/0x280 [ 187.117312][ T7847] ? __might_sleep+0x95/0x190 [ 187.121976][ T7847] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 187.127523][ T7847] inet_sendmsg+0x147/0x5e0 [ 187.132007][ T7847] ? rawv6_getsockopt+0x150/0x150 [ 187.137007][ T7847] ? inet_sendmsg+0x147/0x5e0 [ 187.141671][ T7847] ? ipip_gro_receive+0x100/0x100 [ 187.146689][ T7847] sock_sendmsg+0xdd/0x130 [ 187.151085][ T7847] __sys_sendto+0x262/0x380 [ 187.155569][ T7847] ? __ia32_sys_getpeername+0xb0/0xb0 [ 187.160930][ T7847] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 187.167183][ T7847] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 187.172630][ T7847] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 187.178069][ T7847] ? do_syscall_64+0x26/0x610 [ 187.182743][ T7847] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 187.188796][ T7847] __x64_sys_sendto+0xe1/0x1a0 [ 187.193560][ T7847] do_syscall_64+0x103/0x610 [ 187.198135][ T7847] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 187.204010][ T7847] RIP: 0033:0x4582b9 [ 187.207902][ T7847] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 187.227490][ T7847] RSP: 002b:00007f502f7e4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 187.235893][ T7847] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 187.243843][ T7847] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 187.251796][ T7847] RBP: 000000000073bf00 R08: 0000000020000180 R09: 000000000000001c [ 187.259753][ T7847] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f502f7e56d4 [ 187.267733][ T7847] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 187.288012][ T7849] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7849 [ 187.297415][ T7849] caller is ip6_finish_output+0x335/0xdc0 [ 187.303172][ T7849] CPU: 1 PID: 7849 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 187.312210][ T7849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 187.322246][ T7849] Call Trace: [ 187.325521][ T7849] dump_stack+0x172/0x1f0 [ 187.329848][ T7849] __this_cpu_preempt_check+0x246/0x270 [ 187.335395][ T7849] ip6_finish_output+0x335/0xdc0 [ 187.340343][ T7849] ip6_output+0x235/0x7f0 [ 187.344673][ T7849] ? ip6_finish_output+0xdc0/0xdc0 [ 187.349788][ T7849] ? ip6_fragment+0x3980/0x3980 [ 187.354637][ T7849] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 187.360184][ T7849] ip6_local_out+0xc4/0x1b0 [ 187.364694][ T7849] ip6_send_skb+0xbb/0x350 [ 187.369115][ T7849] ip6_push_pending_frames+0xc8/0xf0 [ 187.374398][ T7849] rawv6_sendmsg+0x299c/0x35e0 [ 187.379170][ T7849] ? rawv6_getsockopt+0x150/0x150 [ 187.384210][ T7849] ? aa_profile_af_perm+0x320/0x320 [ 187.389403][ T7849] ? tomoyo_check_inet_address+0x321/0x700 [ 187.395213][ T7849] ? tomoyo_unix_entry+0x5d0/0x5d0 [ 187.400341][ T7849] ? ___might_sleep+0x163/0x280 [ 187.405191][ T7849] ? __might_sleep+0x95/0x190 [ 187.409889][ T7849] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 187.415432][ T7849] inet_sendmsg+0x147/0x5e0 [ 187.419934][ T7849] ? rawv6_getsockopt+0x150/0x150 [ 187.424949][ T7849] ? inet_sendmsg+0x147/0x5e0 [ 187.429619][ T7849] ? ipip_gro_receive+0x100/0x100 [ 187.434642][ T7849] sock_sendmsg+0xdd/0x130 [ 187.439057][ T7849] __sys_sendto+0x262/0x380 [ 187.443561][ T7849] ? __ia32_sys_getpeername+0xb0/0xb0 [ 187.448946][ T7849] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 187.455194][ T7849] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 187.460662][ T7849] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 187.466117][ T7849] ? do_syscall_64+0x26/0x610 [ 187.470789][ T7849] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 187.476866][ T7849] __x64_sys_sendto+0xe1/0x1a0 [ 187.481631][ T7849] do_syscall_64+0x103/0x610 [ 187.486226][ T7849] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 187.492139][ T7849] RIP: 0033:0x4582b9 [ 187.496030][ T7849] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 187.515710][ T7849] RSP: 002b:00007f502f7c3c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 187.524119][ T7849] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 187.532112][ T7849] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 187.540075][ T7849] RBP: 000000000073bfa0 R08: 0000000020000180 R09: 000000000000001c [ 187.548036][ T7849] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f502f7c46d4 [ 187.555998][ T7849] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 187.573618][ T7849] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7849 [ 187.583146][ T7849] caller is sk_mc_loop+0x1d/0x210 [ 187.588185][ T7849] CPU: 0 PID: 7849 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 187.597225][ T7849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 187.607287][ T7849] Call Trace: [ 187.610583][ T7849] dump_stack+0x172/0x1f0 [ 187.614921][ T7849] __this_cpu_preempt_check+0x246/0x270 [ 187.620462][ T7849] sk_mc_loop+0x1d/0x210 [ 187.624704][ T7849] ip6_finish_output2+0x17a5/0x2550 [ 187.629897][ T7849] ? find_held_lock+0x35/0x130 [ 187.634657][ T7849] ? ip6_mtu+0x2e6/0x460 [ 187.638903][ T7849] ? ip6_forward_finish+0x580/0x580 [ 187.644094][ T7849] ? lock_downgrade+0x880/0x880 [ 187.648943][ T7849] ? rcu_read_unlock_special+0xf3/0x210 [ 187.654492][ T7849] ip6_finish_output+0x614/0xdc0 [ 187.659449][ T7849] ? ip6_finish_output+0x614/0xdc0 [ 187.664561][ T7849] ip6_output+0x235/0x7f0 [ 187.668898][ T7849] ? ip6_finish_output+0xdc0/0xdc0 [ 187.674024][ T7849] ? ip6_fragment+0x3980/0x3980 [ 187.678877][ T7849] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 187.684427][ T7849] ip6_local_out+0xc4/0x1b0 [ 187.688946][ T7849] ip6_send_skb+0xbb/0x350 [ 187.693366][ T7849] ip6_push_pending_frames+0xc8/0xf0 [ 187.698648][ T7849] rawv6_sendmsg+0x299c/0x35e0 [ 187.703419][ T7849] ? rawv6_getsockopt+0x150/0x150 [ 187.708443][ T7849] ? aa_profile_af_perm+0x320/0x320 [ 187.713640][ T7849] ? tomoyo_check_inet_address+0x321/0x700 [ 187.719529][ T7849] ? tomoyo_unix_entry+0x5d0/0x5d0 [ 187.724650][ T7849] ? ___might_sleep+0x163/0x280 [ 187.729494][ T7849] ? __might_sleep+0x95/0x190 [ 187.734185][ T7849] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 187.739751][ T7849] inet_sendmsg+0x147/0x5e0 [ 187.744257][ T7849] ? rawv6_getsockopt+0x150/0x150 [ 187.749273][ T7849] ? inet_sendmsg+0x147/0x5e0 [ 187.753945][ T7849] ? ipip_gro_receive+0x100/0x100 [ 187.758968][ T7849] sock_sendmsg+0xdd/0x130 [ 187.763385][ T7849] __sys_sendto+0x262/0x380 [ 187.767889][ T7849] ? __ia32_sys_getpeername+0xb0/0xb0 [ 187.773277][ T7849] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 187.779528][ T7849] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 187.784980][ T7849] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 187.790431][ T7849] ? do_syscall_64+0x26/0x610 [ 187.795101][ T7849] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 187.801165][ T7849] __x64_sys_sendto+0xe1/0x1a0 [ 187.805935][ T7849] do_syscall_64+0x103/0x610 [ 187.810522][ T7849] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 187.816411][ T7849] RIP: 0033:0x4582b9 [ 187.820324][ T7849] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 187.839919][ T7849] RSP: 002b:00007f502f7c3c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 187.848325][ T7849] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 187.856290][ T7849] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 187.864260][ T7849] RBP: 000000000073bfa0 R08: 0000000020000180 R09: 000000000000001c [ 187.872229][ T7849] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f502f7c46d4 [ 187.880198][ T7849] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 187.901443][ T7796] device hsr_slave_0 entered promiscuous mode [ 187.939327][ T7796] device hsr_slave_1 entered promiscuous mode [ 187.991342][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 188.000340][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 188.009190][ T7788] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.016275][ T7788] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.023912][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 188.032637][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 188.041217][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 188.049881][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 188.058075][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 188.066609][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 188.074837][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 188.083191][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 188.091459][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 188.099821][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 188.109378][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 188.117146][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 188.183256][ T7790] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.211060][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 188.227415][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 188.250162][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 188.259099][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 188.267325][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.274406][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.282453][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 188.287774][ T7865] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7865 [ 188.291024][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 188.300009][ T7865] caller is ip6_finish_output+0x335/0xdc0 [ 188.308327][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.313974][ T7865] CPU: 1 PID: 7865 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 188.320752][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.329781][ T7865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 188.329787][ T7865] Call Trace: [ 188.329814][ T7865] dump_stack+0x172/0x1f0 [ 188.329839][ T7865] __this_cpu_preempt_check+0x246/0x270 [ 188.351858][ T7790] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 188.354645][ T7865] ip6_finish_output+0x335/0xdc0 [ 188.366252][ T7790] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 188.370477][ T7865] ip6_output+0x235/0x7f0 [ 188.370498][ T7865] ? ip6_finish_output+0xdc0/0xdc0 [ 188.370518][ T7865] ? ip6_fragment+0x3980/0x3980 [ 188.370534][ T7865] ? ip_reply_glue_bits+0xc0/0xc0 [ 188.370562][ T7865] ip6_local_out+0xc4/0x1b0 [ 188.387666][ T7796] 8021q: adding VLAN 0 to HW filter on device bond0 [ 188.390118][ T7865] ip6_send_skb+0xbb/0x350 [ 188.390141][ T7865] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 188.390157][ T7865] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 188.390179][ T7865] udpv6_sendmsg+0x21e3/0x28d0 [ 188.414857][ T7796] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.416184][ T7865] ? find_held_lock+0x35/0x130 [ 188.447814][ T7865] ? ip_reply_glue_bits+0xc0/0xc0 [ 188.452868][ T7865] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 188.454857][ T7796] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 188.458858][ T7865] ? aa_profile_af_perm+0x320/0x320 [ 188.458876][ T7865] ? __might_fault+0x12b/0x1e0 [ 188.458892][ T7865] ? find_held_lock+0x35/0x130 [ 188.458911][ T7865] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 188.458928][ T7865] ? rw_copy_check_uvector+0x2a6/0x330 [ 188.458970][ T7865] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 188.474384][ T7796] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 188.474470][ T7865] inet_sendmsg+0x147/0x5e0 [ 188.501472][ T7796] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 188.511476][ T7865] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 188.511491][ T7865] ? inet_sendmsg+0x147/0x5e0 [ 188.511505][ T7865] ? ipip_gro_receive+0x100/0x100 [ 188.511523][ T7865] sock_sendmsg+0xdd/0x130 [ 188.511542][ T7865] ___sys_sendmsg+0x3e2/0x930 [ 188.511561][ T7865] ? copy_msghdr_from_user+0x430/0x430 [ 188.511579][ T7865] ? lock_downgrade+0x880/0x880 [ 188.511595][ T7865] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 188.511615][ T7865] ? kasan_check_read+0x11/0x20 [ 188.511634][ T7865] ? __fget+0x381/0x550 [ 188.511653][ T7865] ? ksys_dup3+0x3e0/0x3e0 [ 188.511663][ T7865] ? __lock_acquire+0x548/0x3fb0 [ 188.511682][ T7865] ? __fget_light+0x1a9/0x230 [ 188.511696][ T7865] ? __fdget+0x1b/0x20 [ 188.511709][ T7865] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 188.511724][ T7865] ? sockfd_lookup_light+0xcb/0x180 [ 188.511749][ T7865] __sys_sendmmsg+0x1bf/0x4d0 [ 188.511768][ T7865] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 188.511796][ T7865] ? _copy_to_user+0xc9/0x120 [ 188.511814][ T7865] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 188.511829][ T7865] ? put_timespec64+0xda/0x140 [ 188.511844][ T7865] ? nsecs_to_jiffies+0x30/0x30 [ 188.511871][ T7865] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 188.523120][ T7865] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 188.627998][ T7865] ? do_syscall_64+0x26/0x610 [ 188.638280][ T7865] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 188.638297][ T7865] ? do_syscall_64+0x26/0x610 [ 188.638318][ T7865] __x64_sys_sendmmsg+0x9d/0x100 [ 188.664060][ T7865] do_syscall_64+0x103/0x610 [ 188.668662][ T7865] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 188.674556][ T7865] RIP: 0033:0x4582b9 [ 188.678453][ T7865] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 188.698058][ T7865] RSP: 002b:00007efe1e351c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 188.706454][ T7865] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 188.714406][ T7865] RDX: 0000000003ffffeb RSI: 0000000020007e00 RDI: 0000000000000004 [ 188.722364][ T7865] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 188.730330][ T7865] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efe1e3526d4 [ 188.738280][ T7865] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 188.747182][ T7865] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7865 [ 188.756599][ T7865] caller is sk_mc_loop+0x1d/0x210 [ 188.761759][ T7865] CPU: 0 PID: 7865 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 188.770770][ T7865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 188.780838][ T7865] Call Trace: [ 188.784131][ T7865] dump_stack+0x172/0x1f0 [ 188.788463][ T7865] __this_cpu_preempt_check+0x246/0x270 [ 188.794008][ T7865] sk_mc_loop+0x1d/0x210 [ 188.798256][ T7865] ip6_finish_output2+0x17a5/0x2550 [ 188.803449][ T7865] ? find_held_lock+0x35/0x130 [ 188.808223][ T7865] ? ip6_mtu+0x2e6/0x460 [ 188.812470][ T7865] ? ip6_forward_finish+0x580/0x580 [ 188.817749][ T7865] ? lock_downgrade+0x880/0x880 [ 188.822600][ T7865] ? rcu_read_unlock_special+0xf3/0x210 [ 188.828172][ T7865] ip6_finish_output+0x614/0xdc0 [ 188.833123][ T7865] ? ip6_finish_output+0x614/0xdc0 [ 188.838248][ T7865] ip6_output+0x235/0x7f0 [ 188.842579][ T7865] ? ip6_finish_output+0xdc0/0xdc0 [ 188.847687][ T7865] ? ip6_fragment+0x3980/0x3980 [ 188.852540][ T7865] ? ip_reply_glue_bits+0xc0/0xc0 [ 188.857587][ T7865] ip6_local_out+0xc4/0x1b0 [ 188.862092][ T7865] ip6_send_skb+0xbb/0x350 [ 188.866508][ T7865] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 188.871961][ T7865] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 188.877682][ T7865] udpv6_sendmsg+0x21e3/0x28d0 [ 188.882440][ T7865] ? find_held_lock+0x35/0x130 [ 188.887198][ T7865] ? ip_reply_glue_bits+0xc0/0xc0 [ 188.892252][ T7865] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 188.898245][ T7865] ? aa_profile_af_perm+0x320/0x320 [ 188.903440][ T7865] ? __might_fault+0x12b/0x1e0 [ 188.908212][ T7865] ? find_held_lock+0x35/0x130 [ 188.912977][ T7865] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 188.919222][ T7865] ? rw_copy_check_uvector+0x2a6/0x330 [ 188.924800][ T7865] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 188.930675][ T7865] inet_sendmsg+0x147/0x5e0 [ 188.940382][ T7865] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 188.946352][ T7865] ? inet_sendmsg+0x147/0x5e0 [ 188.951021][ T7865] ? ipip_gro_receive+0x100/0x100 [ 188.956049][ T7865] sock_sendmsg+0xdd/0x130 [ 188.961922][ T7865] ___sys_sendmsg+0x3e2/0x930 [ 188.966600][ T7865] ? copy_msghdr_from_user+0x430/0x430 [ 188.972060][ T7865] ? lock_downgrade+0x880/0x880 [ 188.976905][ T7865] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 188.983163][ T7865] ? kasan_check_read+0x11/0x20 [ 188.988025][ T7865] ? __fget+0x381/0x550 [ 188.992181][ T7865] ? ksys_dup3+0x3e0/0x3e0 [ 188.996597][ T7865] ? __lock_acquire+0x548/0x3fb0 [ 189.001550][ T7865] ? __fget_light+0x1a9/0x230 [ 189.006228][ T7865] ? __fdget+0x1b/0x20 [ 189.010299][ T7865] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 189.016538][ T7865] ? sockfd_lookup_light+0xcb/0x180 [ 189.021753][ T7865] __sys_sendmmsg+0x1bf/0x4d0 [ 189.026443][ T7865] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 189.031477][ T7865] ? _copy_to_user+0xc9/0x120 [ 189.036170][ T7865] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 189.046523][ T7865] ? put_timespec64+0xda/0x140 [ 189.052500][ T7865] ? nsecs_to_jiffies+0x30/0x30 [ 189.057386][ T7865] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 189.062845][ T7865] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 189.068300][ T7865] ? do_syscall_64+0x26/0x610 [ 189.072971][ T7865] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.079032][ T7865] ? do_syscall_64+0x26/0x610 [ 189.083711][ T7865] __x64_sys_sendmmsg+0x9d/0x100 [ 189.088646][ T7865] do_syscall_64+0x103/0x610 [ 189.093740][ T7865] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.099624][ T7865] RIP: 0033:0x4582b9 [ 189.103512][ T7865] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 189.123106][ T7865] RSP: 002b:00007efe1e351c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 189.131514][ T7865] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 189.139475][ T7865] RDX: 0000000003ffffeb RSI: 0000000020007e00 RDI: 0000000000000004 [ 189.147452][ T7865] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 189.155417][ T7865] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efe1e3526d4 [ 189.163384][ T7865] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 189.172049][ T7871] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7871 [ 189.173896][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 189.183192][ T7871] caller is ip6_finish_output+0x335/0xdc0 [ 189.189438][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 189.194535][ T7871] CPU: 1 PID: 7871 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 189.203194][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 189.211397][ T7871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 189.211403][ T7871] Call Trace: [ 189.211430][ T7871] dump_stack+0x172/0x1f0 [ 189.211454][ T7871] __this_cpu_preempt_check+0x246/0x270 [ 189.211488][ T7871] ip6_finish_output+0x335/0xdc0 [ 189.221161][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 189.229441][ T7871] ip6_output+0x235/0x7f0 [ 189.229461][ T7871] ? ip6_finish_output+0xdc0/0xdc0 [ 189.229485][ T7871] ? ip6_fragment+0x3980/0x3980 [ 189.233497][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 189.237092][ T7871] ? ip_reply_glue_bits+0xc0/0xc0 [ 189.243412][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 189.247537][ T7871] ip6_local_out+0xc4/0x1b0 [ 189.256137][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.259731][ T7871] ip6_send_skb+0xbb/0x350 [ 189.259760][ T7871] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 189.259775][ T7871] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 189.259803][ T7871] udpv6_sendmsg+0x21e3/0x28d0 [ 189.265579][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 189.269742][ T7871] ? ip_reply_glue_bits+0xc0/0xc0 [ 189.269766][ T7871] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 189.269790][ T7871] ? aa_profile_af_perm+0x320/0x320 [ 189.278058][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 189.282584][ T7871] ? __might_fault+0x12b/0x1e0 [ 189.282600][ T7871] ? find_held_lock+0x35/0x130 [ 189.282617][ T7871] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 189.282632][ T7871] ? rw_copy_check_uvector+0x2a6/0x330 [ 189.282676][ T7871] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 189.291327][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 189.295037][ T7871] inet_sendmsg+0x147/0x5e0 [ 189.306839][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 189.307244][ T7871] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 189.313565][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 189.318393][ T7871] ? inet_sendmsg+0x147/0x5e0 [ 189.323952][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 189.330928][ T7871] ? ipip_gro_receive+0x100/0x100 [ 189.330949][ T7871] sock_sendmsg+0xdd/0x130 [ 189.330966][ T7871] ___sys_sendmsg+0x3e2/0x930 [ 189.330985][ T7871] ? copy_msghdr_from_user+0x430/0x430 [ 189.331008][ T7871] ? lock_downgrade+0x880/0x880 [ 189.337824][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.342016][ T7871] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 189.342039][ T7871] ? kasan_check_read+0x11/0x20 [ 189.342058][ T7871] ? __fget+0x381/0x550 [ 189.342085][ T7871] ? ksys_dup3+0x3e0/0x3e0 [ 189.349095][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.354980][ T7871] ? find_held_lock+0x35/0x130 [ 189.360140][ T7788] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.364482][ T7871] ? kcov_ioctl+0x53/0x200 [ 189.370781][ T7788] bridge0: port 1(bridge_slave_0) entered forwarding state [ 189.376150][ T7871] ? __fget_light+0x1a9/0x230 [ 189.394026][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 189.401627][ T7871] ? __fdget+0x1b/0x20 [ 189.401645][ T7871] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 189.401661][ T7871] ? sockfd_lookup_light+0xcb/0x180 [ 189.401677][ T7871] __sys_sendmmsg+0x1bf/0x4d0 [ 189.401696][ T7871] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 189.401721][ T7871] ? _copy_to_user+0xc9/0x120 [ 189.401744][ T7871] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 189.401759][ T7871] ? put_timespec64+0xda/0x140 [ 189.401771][ T7871] ? nsecs_to_jiffies+0x30/0x30 [ 189.401793][ T7871] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 189.401808][ T7871] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 189.401824][ T7871] ? do_syscall_64+0x26/0x610 [ 189.401839][ T7871] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.401853][ T7871] ? do_syscall_64+0x26/0x610 [ 189.401872][ T7871] __x64_sys_sendmmsg+0x9d/0x100 [ 189.409367][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 189.415037][ T7871] do_syscall_64+0x103/0x610 [ 189.425065][ T7788] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.426874][ T7871] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.431954][ T7788] bridge0: port 2(bridge_slave_1) entered forwarding state [ 189.436282][ T7871] RIP: 0033:0x4582b9 [ 189.446836][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 189.451226][ T7871] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 189.451235][ T7871] RSP: 002b:00007efe1e30fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 189.451249][ T7871] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 189.451257][ T7871] RDX: 0000000000000066 RSI: 000000002000ac80 RDI: 0000000000000004 [ 189.451266][ T7871] RBP: 000000000073c0e0 R08: 0000000000000000 R09: 0000000000000000 [ 189.451274][ T7871] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efe1e3106d4 [ 189.451283][ T7871] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 189.461279][ T7871] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7871 [ 189.473711][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 189.474829][ T7871] caller is sk_mc_loop+0x1d/0x210 [ 189.482897][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 189.487292][ T7871] CPU: 1 PID: 7871 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 189.495628][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 189.499048][ T7871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 189.499055][ T7871] Call Trace: [ 189.499080][ T7871] dump_stack+0x172/0x1f0 [ 189.499104][ T7871] __this_cpu_preempt_check+0x246/0x270 [ 189.499123][ T7871] sk_mc_loop+0x1d/0x210 [ 189.499144][ T7871] ip6_finish_output2+0x17a5/0x2550 [ 189.499164][ T7871] ? find_held_lock+0x35/0x130 [ 189.508222][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 189.510750][ T7871] ? ip6_mtu+0x2e6/0x460 [ 189.510772][ T7871] ? ip6_forward_finish+0x580/0x580 [ 189.510788][ T7871] ? lock_downgrade+0x880/0x880 [ 189.510808][ T7871] ? rcu_read_unlock_special+0xf3/0x210 [ 189.510830][ T7871] ip6_finish_output+0x614/0xdc0 [ 189.510845][ T7871] ? ip6_finish_output+0x614/0xdc0 [ 189.510864][ T7871] ip6_output+0x235/0x7f0 [ 189.510879][ T7871] ? ip6_finish_output+0xdc0/0xdc0 [ 189.510899][ T7871] ? ip6_fragment+0x3980/0x3980 [ 189.510916][ T7871] ? ip_reply_glue_bits+0xc0/0xc0 [ 189.510937][ T7871] ip6_local_out+0xc4/0x1b0 [ 189.510957][ T7871] ip6_send_skb+0xbb/0x350 [ 189.521713][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.523674][ T7871] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 189.528284][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 189.533946][ T7871] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 189.533970][ T7871] udpv6_sendmsg+0x21e3/0x28d0 [ 189.533987][ T7871] ? ip_reply_glue_bits+0xc0/0xc0 [ 189.534010][ T7871] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 189.534033][ T7871] ? aa_profile_af_perm+0x320/0x320 [ 189.548759][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 189.548889][ T7871] ? __might_fault+0x12b/0x1e0 [ 189.554220][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 189.559771][ T7871] ? find_held_lock+0x35/0x130 [ 189.559790][ T7871] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 189.559807][ T7871] ? rw_copy_check_uvector+0x2a6/0x330 [ 189.559855][ T7871] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 189.559875][ T7871] inet_sendmsg+0x147/0x5e0 [ 189.559897][ T7871] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 189.572165][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 189.574923][ T7871] ? inet_sendmsg+0x147/0x5e0 [ 189.598138][ T7790] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 189.600656][ T7871] ? ipip_gro_receive+0x100/0x100 [ 189.600677][ T7871] sock_sendmsg+0xdd/0x130 [ 189.600695][ T7871] ___sys_sendmsg+0x3e2/0x930 [ 189.600715][ T7871] ? copy_msghdr_from_user+0x430/0x430 [ 189.600748][ T7871] ? lock_downgrade+0x880/0x880 [ 189.620316][ T7871] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 189.620338][ T7871] ? kasan_check_read+0x11/0x20 [ 189.620357][ T7871] ? __fget+0x381/0x550 [ 189.620376][ T7871] ? ksys_dup3+0x3e0/0x3e0 [ 189.620390][ T7871] ? find_held_lock+0x35/0x130 [ 189.620404][ T7871] ? kcov_ioctl+0x53/0x200 [ 189.620421][ T7871] ? __fget_light+0x1a9/0x230 [ 189.620436][ T7871] ? __fdget+0x1b/0x20 [ 189.620450][ T7871] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 189.620466][ T7871] ? sockfd_lookup_light+0xcb/0x180 [ 189.620482][ T7871] __sys_sendmmsg+0x1bf/0x4d0 [ 189.620497][ T7871] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 189.620520][ T7871] ? _copy_to_user+0xc9/0x120 [ 189.620534][ T7871] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 189.620547][ T7871] ? put_timespec64+0xda/0x140 [ 189.620559][ T7871] ? nsecs_to_jiffies+0x30/0x30 [ 189.620584][ T7871] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 189.620599][ T7871] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 189.620613][ T7871] ? do_syscall_64+0x26/0x610 [ 189.620628][ T7871] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.620642][ T7871] ? do_syscall_64+0x26/0x610 [ 189.620658][ T7871] __x64_sys_sendmmsg+0x9d/0x100 [ 189.620675][ T7871] do_syscall_64+0x103/0x610 [ 189.620692][ T7871] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.620704][ T7871] RIP: 0033:0x4582b9 [ 189.620725][ T7871] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 189.665137][ T7871] RSP: 002b:00007efe1e30fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 189.681908][ T7865] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7865 [ 189.689512][ T7871] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 189.689522][ T7871] RDX: 0000000000000066 RSI: 000000002000ac80 RDI: 0000000000000004 [ 189.689530][ T7871] RBP: 000000000073c0e0 R08: 0000000000000000 R09: 0000000000000000 [ 189.689538][ T7871] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efe1e3106d4 [ 189.689547][ T7871] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 189.697618][ T7865] caller is ip6_finish_output+0x335/0xdc0 [ 189.723039][ T7871] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7871 [ 189.723347][ T7865] CPU: 0 PID: 7865 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 189.731245][ T7871] caller is ip6_finish_output+0x335/0xdc0 [ 189.736212][ T7865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 190.248753][ T7865] Call Trace: [ 190.252056][ T7865] dump_stack+0x172/0x1f0 [ 190.256394][ T7865] __this_cpu_preempt_check+0x246/0x270 [ 190.261941][ T7865] ip6_finish_output+0x335/0xdc0 [ 190.266885][ T7865] ip6_output+0x235/0x7f0 [ 190.271226][ T7865] ? ip6_finish_output+0xdc0/0xdc0 [ 190.276341][ T7865] ? ip6_fragment+0x3980/0x3980 [ 190.281194][ T7865] ? ip_reply_glue_bits+0xc0/0xc0 [ 190.286242][ T7865] ip6_local_out+0xc4/0x1b0 [ 190.290745][ T7865] ip6_send_skb+0xbb/0x350 [ 190.295166][ T7865] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 190.300625][ T7865] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 190.306350][ T7865] udpv6_sendmsg+0x21e3/0x28d0 [ 190.311109][ T7865] ? find_held_lock+0x35/0x130 [ 190.315878][ T7865] ? ip_reply_glue_bits+0xc0/0xc0 [ 190.320905][ T7865] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 190.326885][ T7865] ? aa_profile_af_perm+0x320/0x320 [ 190.332084][ T7865] ? __might_fault+0x12b/0x1e0 [ 190.336841][ T7865] ? find_held_lock+0x35/0x130 [ 190.341604][ T7865] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.347841][ T7865] ? rw_copy_check_uvector+0x2a6/0x330 [ 190.353336][ T7865] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 190.358882][ T7865] inet_sendmsg+0x147/0x5e0 [ 190.363383][ T7865] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 190.369354][ T7865] ? inet_sendmsg+0x147/0x5e0 [ 190.374026][ T7865] ? ipip_gro_receive+0x100/0x100 [ 190.379050][ T7865] sock_sendmsg+0xdd/0x130 [ 190.383468][ T7865] ___sys_sendmsg+0x3e2/0x930 [ 190.388146][ T7865] ? copy_msghdr_from_user+0x430/0x430 [ 190.393601][ T7865] ? __lock_acquire+0x548/0x3fb0 [ 190.398533][ T7865] ? lock_downgrade+0x880/0x880 [ 190.403379][ T7865] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 190.409619][ T7865] ? kasan_check_read+0x11/0x20 [ 190.414473][ T7865] ? __might_fault+0x12b/0x1e0 [ 190.419260][ T7865] ? find_held_lock+0x35/0x130 [ 190.424034][ T7865] ? __might_fault+0x12b/0x1e0 [ 190.428799][ T7865] ? lock_downgrade+0x880/0x880 [ 190.433653][ T7865] ? ___might_sleep+0x163/0x280 [ 190.438502][ T7865] __sys_sendmmsg+0x1bf/0x4d0 [ 190.443177][ T7865] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 190.448225][ T7865] ? _copy_to_user+0xc9/0x120 [ 190.452911][ T7865] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.459150][ T7865] ? put_timespec64+0xda/0x140 [ 190.463912][ T7865] ? nsecs_to_jiffies+0x30/0x30 [ 190.468771][ T7865] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.474239][ T7865] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.479693][ T7865] ? do_syscall_64+0x26/0x610 [ 190.484365][ T7865] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.490441][ T7865] ? do_syscall_64+0x26/0x610 [ 190.495121][ T7865] __x64_sys_sendmmsg+0x9d/0x100 [ 190.500055][ T7865] do_syscall_64+0x103/0x610 [ 190.504647][ T7865] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.510532][ T7865] RIP: 0033:0x4582b9 [ 190.514425][ T7865] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 190.534017][ T7865] RSP: 002b:00007efe1e351c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 190.542424][ T7865] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 190.550386][ T7865] RDX: 0000000003ffffeb RSI: 0000000020007e00 RDI: 0000000000000004 [ 190.558346][ T7865] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 190.566307][ T7865] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efe1e3526d4 [ 190.574270][ T7865] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 190.582262][ T7871] CPU: 1 PID: 7871 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 190.591318][ T7871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 190.592145][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 190.601370][ T7871] Call Trace: [ 190.601395][ T7871] dump_stack+0x172/0x1f0 [ 190.601419][ T7871] __this_cpu_preempt_check+0x246/0x270 [ 190.601443][ T7871] ip6_finish_output+0x335/0xdc0 [ 190.619155][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 190.621747][ T7871] ip6_output+0x235/0x7f0 [ 190.621768][ T7871] ? ip6_finish_output+0xdc0/0xdc0 [ 190.627173][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 190.633795][ T7871] ? ip6_fragment+0x3980/0x3980 [ 190.633814][ T7871] ? ip_reply_glue_bits+0xc0/0xc0 [ 190.633835][ T7871] ip6_local_out+0xc4/0x1b0 [ 190.633853][ T7871] ip6_send_skb+0xbb/0x350 [ 190.633882][ T7871] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 190.640747][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 190.643305][ T7871] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 190.651757][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 190.655492][ T7871] udpv6_sendmsg+0x21e3/0x28d0 [ 190.655510][ T7871] ? ip_reply_glue_bits+0xc0/0xc0 [ 190.655531][ T7871] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 190.710570][ T7871] ? aa_profile_af_perm+0x320/0x320 [ 190.715782][ T7871] ? __might_fault+0x12b/0x1e0 [ 190.720555][ T7871] ? find_held_lock+0x35/0x130 [ 190.725414][ T7871] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.726003][ T7865] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7865 [ 190.731660][ T7871] ? rw_copy_check_uvector+0x2a6/0x330 [ 190.731710][ T7871] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 190.731727][ T7871] inet_sendmsg+0x147/0x5e0 [ 190.731750][ T7871] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 190.731762][ T7871] ? inet_sendmsg+0x147/0x5e0 [ 190.731774][ T7871] ? ipip_gro_receive+0x100/0x100 [ 190.731791][ T7871] sock_sendmsg+0xdd/0x130 [ 190.731809][ T7871] ___sys_sendmsg+0x3e2/0x930 [ 190.731826][ T7871] ? copy_msghdr_from_user+0x430/0x430 [ 190.731845][ T7871] ? __lock_acquire+0x548/0x3fb0 [ 190.731856][ T7871] ? lock_downgrade+0x880/0x880 [ 190.731870][ T7871] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 190.731890][ T7871] ? kasan_check_read+0x11/0x20 [ 190.731909][ T7871] ? __might_fault+0x12b/0x1e0 [ 190.731922][ T7871] ? find_held_lock+0x35/0x130 [ 190.731935][ T7871] ? __might_fault+0x12b/0x1e0 [ 190.731954][ T7871] ? lock_downgrade+0x880/0x880 [ 190.731979][ T7871] ? ___might_sleep+0x163/0x280 [ 190.731995][ T7871] __sys_sendmmsg+0x1bf/0x4d0 [ 190.732014][ T7871] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 190.732040][ T7871] ? _copy_to_user+0xc9/0x120 [ 190.732058][ T7871] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.732073][ T7871] ? put_timespec64+0xda/0x140 [ 190.732087][ T7871] ? nsecs_to_jiffies+0x30/0x30 [ 190.732113][ T7871] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.732129][ T7871] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.732145][ T7871] ? do_syscall_64+0x26/0x610 [ 190.732161][ T7871] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.732175][ T7871] ? do_syscall_64+0x26/0x610 [ 190.732193][ T7871] __x64_sys_sendmmsg+0x9d/0x100 [ 190.732223][ T7871] do_syscall_64+0x103/0x610 [ 190.732241][ T7871] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.732254][ T7871] RIP: 0033:0x4582b9 [ 190.732270][ T7871] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 190.732279][ T7871] RSP: 002b:00007efe1e30fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 190.732293][ T7871] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 190.732302][ T7871] RDX: 0000000000000066 RSI: 000000002000ac80 RDI: 0000000000000004 [ 190.732311][ T7871] RBP: 000000000073c0e0 R08: 0000000000000000 R09: 0000000000000000 [ 190.732320][ T7871] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efe1e3106d4 [ 190.732329][ T7871] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 190.741153][ T7871] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7871 [ 190.741810][ T7865] caller is sk_mc_loop+0x1d/0x210 [ 190.747231][ T7871] caller is sk_mc_loop+0x1d/0x210 [ 190.752809][ T7865] CPU: 0 PID: 7865 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 190.752817][ T7865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 190.752822][ T7865] Call Trace: [ 190.752843][ T7865] dump_stack+0x172/0x1f0 [ 190.752866][ T7865] __this_cpu_preempt_check+0x246/0x270 [ 190.752881][ T7865] sk_mc_loop+0x1d/0x210 [ 190.752902][ T7865] ip6_finish_output2+0x17a5/0x2550 [ 190.752915][ T7865] ? find_held_lock+0x35/0x130 [ 190.752932][ T7865] ? ip6_mtu+0x2e6/0x460 [ 190.752952][ T7865] ? ip6_forward_finish+0x580/0x580 [ 190.752966][ T7865] ? lock_downgrade+0x880/0x880 [ 190.752986][ T7865] ? rcu_read_unlock_special+0xf3/0x210 [ 190.753009][ T7865] ip6_finish_output+0x614/0xdc0 [ 190.753023][ T7865] ? ip6_finish_output+0x614/0xdc0 [ 190.753044][ T7865] ip6_output+0x235/0x7f0 [ 190.753064][ T7865] ? ip6_finish_output+0xdc0/0xdc0 [ 190.753083][ T7865] ? ip6_fragment+0x3980/0x3980 [ 190.753101][ T7865] ? ip_reply_glue_bits+0xc0/0xc0 [ 190.753122][ T7865] ip6_local_out+0xc4/0x1b0 [ 190.753141][ T7865] ip6_send_skb+0xbb/0x350 [ 190.753162][ T7865] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 190.753176][ T7865] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 190.753210][ T7865] udpv6_sendmsg+0x21e3/0x28d0 [ 190.753223][ T7865] ? find_held_lock+0x35/0x130 [ 190.753248][ T7865] ? ip_reply_glue_bits+0xc0/0xc0 [ 191.131269][ T7865] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 191.137261][ T7865] ? aa_profile_af_perm+0x320/0x320 [ 191.142475][ T7865] ? __might_fault+0x12b/0x1e0 [ 191.147253][ T7865] ? find_held_lock+0x35/0x130 [ 191.152017][ T7865] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.158259][ T7865] ? rw_copy_check_uvector+0x2a6/0x330 [ 191.163749][ T7865] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 191.169321][ T7865] inet_sendmsg+0x147/0x5e0 [ 191.173821][ T7865] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 191.179797][ T7865] ? inet_sendmsg+0x147/0x5e0 [ 191.184465][ T7865] ? ipip_gro_receive+0x100/0x100 [ 191.189490][ T7865] sock_sendmsg+0xdd/0x130 [ 191.193929][ T7865] ___sys_sendmsg+0x3e2/0x930 [ 191.198609][ T7865] ? copy_msghdr_from_user+0x430/0x430 [ 191.204067][ T7865] ? __lock_acquire+0x548/0x3fb0 [ 191.209031][ T7865] ? lock_downgrade+0x880/0x880 [ 191.213876][ T7865] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.220130][ T7865] ? kasan_check_read+0x11/0x20 [ 191.224984][ T7865] ? __might_fault+0x12b/0x1e0 [ 191.229747][ T7865] ? find_held_lock+0x35/0x130 [ 191.234507][ T7865] ? __might_fault+0x12b/0x1e0 [ 191.239279][ T7865] ? lock_downgrade+0x880/0x880 [ 191.244132][ T7865] ? ___might_sleep+0x163/0x280 [ 191.248985][ T7865] __sys_sendmmsg+0x1bf/0x4d0 [ 191.253663][ T7865] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 191.258699][ T7865] ? _copy_to_user+0xc9/0x120 [ 191.263379][ T7865] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.269613][ T7865] ? put_timespec64+0xda/0x140 [ 191.274375][ T7865] ? nsecs_to_jiffies+0x30/0x30 [ 191.279247][ T7865] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 191.284705][ T7865] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 191.290164][ T7865] ? do_syscall_64+0x26/0x610 [ 191.294840][ T7865] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.300901][ T7865] ? do_syscall_64+0x26/0x610 [ 191.305580][ T7865] __x64_sys_sendmmsg+0x9d/0x100 [ 191.310517][ T7865] do_syscall_64+0x103/0x610 [ 191.315112][ T7865] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.321000][ T7865] RIP: 0033:0x4582b9 [ 191.324896][ T7865] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 191.344494][ T7865] RSP: 002b:00007efe1e351c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 191.352900][ T7865] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 191.360869][ T7865] RDX: 0000000003ffffeb RSI: 0000000020007e00 RDI: 0000000000000004 [ 191.368837][ T7865] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 191.376804][ T7865] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efe1e3526d4 [ 191.384767][ T7865] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 191.392759][ T7871] CPU: 1 PID: 7871 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 191.401784][ T7871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 191.411838][ T7871] Call Trace: [ 191.415171][ T7871] dump_stack+0x172/0x1f0 [ 191.419695][ T7871] __this_cpu_preempt_check+0x246/0x270 [ 191.425252][ T7871] sk_mc_loop+0x1d/0x210 [ 191.427984][ T7865] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7865 [ 191.429513][ T7871] ip6_finish_output2+0x17a5/0x2550 [ 191.429530][ T7871] ? find_held_lock+0x35/0x130 [ 191.429548][ T7871] ? ip6_mtu+0x2e6/0x460 [ 191.429567][ T7871] ? ip6_forward_finish+0x580/0x580 [ 191.429583][ T7871] ? lock_downgrade+0x880/0x880 [ 191.429604][ T7871] ? rcu_read_unlock_special+0xf3/0x210 [ 191.429628][ T7871] ip6_finish_output+0x614/0xdc0 [ 191.429644][ T7871] ? ip6_finish_output+0x614/0xdc0 [ 191.429666][ T7871] ip6_output+0x235/0x7f0 [ 191.429684][ T7871] ? ip6_finish_output+0xdc0/0xdc0 [ 191.429711][ T7871] ? ip6_fragment+0x3980/0x3980 [ 191.439019][ T7865] caller is ip6_finish_output+0x335/0xdc0 [ 191.444192][ T7871] ? ip_reply_glue_bits+0xc0/0xc0 [ 191.503672][ T7871] ip6_local_out+0xc4/0x1b0 [ 191.508181][ T7871] ip6_send_skb+0xbb/0x350 [ 191.512609][ T7871] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 191.518068][ T7871] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 191.523789][ T7871] udpv6_sendmsg+0x21e3/0x28d0 [ 191.528555][ T7871] ? ip_reply_glue_bits+0xc0/0xc0 [ 191.533667][ T7871] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 191.539650][ T7871] ? aa_profile_af_perm+0x320/0x320 [ 191.544859][ T7871] ? __might_fault+0x12b/0x1e0 [ 191.549618][ T7871] ? find_held_lock+0x35/0x130 [ 191.554382][ T7871] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.560618][ T7871] ? rw_copy_check_uvector+0x2a6/0x330 [ 191.566110][ T7871] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 191.571673][ T7871] inet_sendmsg+0x147/0x5e0 [ 191.576188][ T7871] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 191.582172][ T7871] ? inet_sendmsg+0x147/0x5e0 [ 191.586849][ T7871] ? ipip_gro_receive+0x100/0x100 [ 191.591873][ T7871] sock_sendmsg+0xdd/0x130 [ 191.596291][ T7871] ___sys_sendmsg+0x3e2/0x930 [ 191.600968][ T7871] ? copy_msghdr_from_user+0x430/0x430 [ 191.606437][ T7871] ? __lock_acquire+0x548/0x3fb0 [ 191.611368][ T7871] ? lock_downgrade+0x880/0x880 [ 191.616221][ T7871] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.622464][ T7871] ? kasan_check_read+0x11/0x20 [ 191.627316][ T7871] ? __might_fault+0x12b/0x1e0 [ 191.632098][ T7871] ? find_held_lock+0x35/0x130 [ 191.636860][ T7871] ? __might_fault+0x12b/0x1e0 [ 191.641637][ T7871] ? lock_downgrade+0x880/0x880 [ 191.646494][ T7871] ? ___might_sleep+0x163/0x280 [ 191.651367][ T7871] __sys_sendmmsg+0x1bf/0x4d0 [ 191.656050][ T7871] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 191.661083][ T7871] ? _copy_to_user+0xc9/0x120 [ 191.665767][ T7871] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.672002][ T7871] ? put_timespec64+0xda/0x140 [ 191.676766][ T7871] ? nsecs_to_jiffies+0x30/0x30 [ 191.681626][ T7871] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 191.687079][ T7871] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 191.692532][ T7871] ? do_syscall_64+0x26/0x610 [ 191.697223][ T7871] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.703285][ T7871] ? do_syscall_64+0x26/0x610 [ 191.707968][ T7871] __x64_sys_sendmmsg+0x9d/0x100 [ 191.712909][ T7871] do_syscall_64+0x103/0x610 [ 191.717501][ T7871] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.723385][ T7871] RIP: 0033:0x4582b9 [ 191.727275][ T7871] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 191.746878][ T7871] RSP: 002b:00007efe1e30fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 191.755285][ T7871] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 191.763251][ T7871] RDX: 0000000000000066 RSI: 000000002000ac80 RDI: 0000000000000004 [ 191.771225][ T7871] RBP: 000000000073c0e0 R08: 0000000000000000 R09: 0000000000000000 [ 191.779190][ T7871] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efe1e3106d4 [ 191.787164][ T7871] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 191.795162][ T7865] CPU: 0 PID: 7865 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 191.799448][ T7871] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7871 [ 191.804188][ T7865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 191.804193][ T7865] Call Trace: [ 191.804227][ T7865] dump_stack+0x172/0x1f0 [ 191.804256][ T7865] __this_cpu_preempt_check+0x246/0x270 [ 191.813548][ T7871] caller is ip6_finish_output+0x335/0xdc0 [ 191.823558][ T7865] ip6_finish_output+0x335/0xdc0 [ 191.823586][ T7865] ip6_output+0x235/0x7f0 [ 191.851612][ T7865] ? ip6_finish_output+0xdc0/0xdc0 [ 191.856729][ T7865] ? ip6_fragment+0x3980/0x3980 [ 191.861580][ T7865] ? ip_reply_glue_bits+0xc0/0xc0 [ 191.866607][ T7865] ip6_local_out+0xc4/0x1b0 [ 191.871111][ T7865] ip6_send_skb+0xbb/0x350 [ 191.875528][ T7865] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 191.880982][ T7865] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 191.886703][ T7865] udpv6_sendmsg+0x21e3/0x28d0 [ 191.891463][ T7865] ? find_held_lock+0x35/0x130 [ 191.896232][ T7865] ? ip_reply_glue_bits+0xc0/0xc0 [ 191.901270][ T7865] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 191.907260][ T7865] ? aa_profile_af_perm+0x320/0x320 [ 191.912461][ T7865] ? __might_fault+0x12b/0x1e0 [ 191.917228][ T7865] ? find_held_lock+0x35/0x130 [ 191.921993][ T7865] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.928242][ T7865] ? rw_copy_check_uvector+0x2a6/0x330 [ 191.933738][ T7865] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 191.939286][ T7865] inet_sendmsg+0x147/0x5e0 [ 191.943789][ T7865] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 191.949762][ T7865] ? inet_sendmsg+0x147/0x5e0 [ 191.954435][ T7865] ? ipip_gro_receive+0x100/0x100 [ 191.959456][ T7865] sock_sendmsg+0xdd/0x130 [ 191.963875][ T7865] ___sys_sendmsg+0x3e2/0x930 [ 191.968552][ T7865] ? copy_msghdr_from_user+0x430/0x430 [ 191.974010][ T7865] ? __lock_acquire+0x548/0x3fb0 [ 191.978940][ T7865] ? lock_downgrade+0x880/0x880 [ 191.983786][ T7865] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.990029][ T7865] ? kasan_check_read+0x11/0x20 [ 191.994883][ T7865] ? __might_fault+0x12b/0x1e0 [ 191.999642][ T7865] ? find_held_lock+0x35/0x130 [ 192.004399][ T7865] ? __might_fault+0x12b/0x1e0 [ 192.009167][ T7865] ? lock_downgrade+0x880/0x880 [ 192.014030][ T7865] ? ___might_sleep+0x163/0x280 [ 192.018882][ T7865] __sys_sendmmsg+0x1bf/0x4d0 [ 192.023560][ T7865] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 192.028591][ T7865] ? _copy_to_user+0xc9/0x120 [ 192.033294][ T7865] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.039530][ T7865] ? put_timespec64+0xda/0x140 [ 192.044300][ T7865] ? nsecs_to_jiffies+0x30/0x30 [ 192.049159][ T7865] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.054613][ T7865] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.060069][ T7865] ? do_syscall_64+0x26/0x610 [ 192.064740][ T7865] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.070803][ T7865] ? do_syscall_64+0x26/0x610 [ 192.075480][ T7865] __x64_sys_sendmmsg+0x9d/0x100 [ 192.080422][ T7865] do_syscall_64+0x103/0x610 [ 192.085018][ T7865] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.090904][ T7865] RIP: 0033:0x4582b9 [ 192.094794][ T7865] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 192.114392][ T7865] RSP: 002b:00007efe1e351c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 192.122801][ T7865] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 192.130766][ T7865] RDX: 0000000003ffffeb RSI: 0000000020007e00 RDI: 0000000000000004 [ 192.138731][ T7865] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 192.146693][ T7865] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efe1e3526d4 [ 192.154655][ T7865] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 192.162644][ T7871] CPU: 1 PID: 7871 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 192.171664][ T7871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 192.181711][ T7871] Call Trace: [ 192.185015][ T7871] dump_stack+0x172/0x1f0 [ 192.189361][ T7871] __this_cpu_preempt_check+0x246/0x270 [ 192.194930][ T7871] ip6_finish_output+0x335/0xdc0 [ 192.199884][ T7871] ip6_output+0x235/0x7f0 [ 192.204245][ T7871] ? ip6_finish_output+0xdc0/0xdc0 [ 192.209368][ T7871] ? ip6_fragment+0x3980/0x3980 [ 192.214229][ T7871] ? ip_reply_glue_bits+0xc0/0xc0 [ 192.215322][ T7865] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/7865 [ 192.219258][ T7871] ip6_local_out+0xc4/0x1b0 [ 192.219279][ T7871] ip6_send_skb+0xbb/0x350 [ 192.219300][ T7871] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 192.219315][ T7871] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 192.219338][ T7871] udpv6_sendmsg+0x21e3/0x28d0 [ 192.219360][ T7871] ? ip_reply_glue_bits+0xc0/0xc0 [ 192.228711][ T7865] caller is sk_mc_loop+0x1d/0x210 [ 192.233135][ T7871] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 192.269365][ T7871] ? aa_profile_af_perm+0x320/0x320 [ 192.274559][ T7871] ? __might_fault+0x12b/0x1e0 [ 192.279320][ T7871] ? find_held_lock+0x35/0x130 [ 192.284109][ T7871] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.290349][ T7871] ? rw_copy_check_uvector+0x2a6/0x330 [ 192.295835][ T7871] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 192.301380][ T7871] inet_sendmsg+0x147/0x5e0 [ 192.305882][ T7871] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 192.311852][ T7871] ? inet_sendmsg+0x147/0x5e0 [ 192.316526][ T7871] ? ipip_gro_receive+0x100/0x100 [ 192.321555][ T7871] sock_sendmsg+0xdd/0x130 [ 192.325971][ T7871] ___sys_sendmsg+0x3e2/0x930 [ 192.330652][ T7871] ? copy_msghdr_from_user+0x430/0x430 [ 192.336124][ T7871] ? __lock_acquire+0x548/0x3fb0 [ 192.341056][ T7871] ? lock_downgrade+0x880/0x880 [ 192.345901][ T7871] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.352141][ T7871] ? kasan_check_read+0x11/0x20 [ 192.356992][ T7871] ? __might_fault+0x12b/0x1e0 [ 192.361754][ T7871] ? find_held_lock+0x35/0x130 [ 192.366512][ T7871] ? __might_fault+0x12b/0x1e0 [ 192.371277][ T7871] ? lock_downgrade+0x880/0x880 [ 192.376135][ T7871] ? ___might_sleep+0x163/0x280 [ 192.380985][ T7871] __sys_sendmmsg+0x1bf/0x4d0 [ 192.385665][ T7871] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 192.390694][ T7871] ? _copy_to_user+0xc9/0x120 [ 192.395393][ T7871] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.401626][ T7871] ? put_timespec64+0xda/0x140 [ 192.406385][ T7871] ? nsecs_to_jiffies+0x30/0x30 [ 192.411248][ T7871] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.416700][ T7871] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.422161][ T7871] ? do_syscall_64+0x26/0x610 [ 192.426834][ T7871] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.432896][ T7871] ? do_syscall_64+0x26/0x610 [ 192.437573][ T7871] __x64_sys_sendmmsg+0x9d/0x100 [ 192.442510][ T7871] do_syscall_64+0x103/0x610 [ 192.447101][ T7871] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.452986][ T7871] RIP: 0033:0x4582b9 [ 192.456880][ T7871] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 192.476483][ T7871] RSP: 002b:00007efe1e30fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 192.484890][ T7871] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 192.492855][ T7871] RDX: 0000000000000066 RSI: 000000002000ac80 RDI: 0000000000000004 [ 192.500820][ T7871] RBP: 000000000073c0e0 R08: 0000000000000000 R09: 0000000000000000 [ 192.508809][ T7871] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efe1e3106d4 [ 192.516774][ T7871] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 192.524767][ T7865] CPU: 0 PID: 7865 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 192.533793][ T7865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 192.543843][ T7865] Call Trace: [ 192.547164][ T7865] dump_stack+0x172/0x1f0 [ 192.551525][ T7865] __this_cpu_preempt_check+0x246/0x270 [ 192.557078][ T7865] sk_mc_loop+0x1d/0x210 [ 192.561334][ T7865] ip6_finish_output2+0x17a5/0x2550 [ 192.566536][ T7865] ? find_held_lock+0x35/0x130 [ 192.571305][ T7865] ? ip6_mtu+0x2e6/0x460 [ 192.571327][ T7865] ? ip6_forward_finish+0x580/0x580 [ 192.571346][ T7865] ? lock_downgrade+0x880/0x880 [ 192.585608][ T7865] ? rcu_read_unlock_special+0xf3/0x210 [ 192.591166][ T7865] ip6_finish_output+0x614/0xdc0 [ 192.591183][ T7865] ? ip6_finish_output+0x614/0xdc0 [ 192.591214][ T7865] ip6_output+0x235/0x7f0 [ 192.591242][ T7865] ? ip6_finish_output+0xdc0/0xdc0 [ 192.610674][ T7865] ? ip6_fragment+0x3980/0x3980 [ 192.615520][ T7865] ? ip_reply_glue_bits+0xc0/0xc0 [ 192.620542][ T7865] ip6_local_out+0xc4/0x1b0 [ 192.625049][ T7865] ip6_send_skb+0xbb/0x350 [ 192.629467][ T7865] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 192.634921][ T7865] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 192.640643][ T7865] udpv6_sendmsg+0x21e3/0x28d0 [ 192.645405][ T7865] ? find_held_lock+0x35/0x130 [ 192.650170][ T7865] ? ip_reply_glue_bits+0xc0/0xc0 [ 192.655209][ T7865] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 192.661194][ T7865] ? aa_profile_af_perm+0x320/0x320 [ 192.666400][ T7865] ? __might_fault+0x12b/0x1e0 [ 192.671161][ T7865] ? find_held_lock+0x35/0x130 [ 192.675919][ T7865] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.682157][ T7865] ? rw_copy_check_uvector+0x2a6/0x330 [ 192.687644][ T7865] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 192.693183][ T7865] inet_sendmsg+0x147/0x5e0 [ 192.697690][ T7865] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 192.703657][ T7865] ? inet_sendmsg+0x147/0x5e0 [ 192.708326][ T7865] ? ipip_gro_receive+0x100/0x100 [ 192.713350][ T7865] sock_sendmsg+0xdd/0x130 [ 192.717762][ T7865] ___sys_sendmsg+0x3e2/0x930 [ 192.722437][ T7865] ? copy_msghdr_from_user+0x430/0x430 [ 192.727890][ T7865] ? __lock_acquire+0x548/0x3fb0 [ 192.732819][ T7865] ? lock_downgrade+0x880/0x880 [ 192.737662][ T7865] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.743902][ T7865] ? kasan_check_read+0x11/0x20 [ 192.748750][ T7865] ? __might_fault+0x12b/0x1e0 [ 192.753595][ T7865] ? find_held_lock+0x35/0x130 [ 192.758372][ T7865] ? __might_fault+0x12b/0x1e0 [ 192.763136][ T7865] ? lock_downgrade+0x880/0x880 [ 192.767988][ T7865] ? ___might_sleep+0x163/0x280 [ 192.772834][ T7865] __sys_sendmmsg+0x1bf/0x4d0 [ 192.777510][ T7865] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 192.782542][ T7865] ? _copy_to_user+0xc9/0x120 [ 192.787223][ T7865] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.793469][ T7865] ? put_timespec64+0xda/0x140 [ 192.798229][ T7865] ? nsecs_to_jiffies+0x30/0x30 [ 192.803089][ T7865] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.808543][ T7865] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.813997][ T7865] ? do_syscall_64+0x26/0x610 [ 192.818669][ T7865] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.824728][ T7865] ? do_syscall_64+0x26/0x610 [ 192.829416][ T7865] __x64_sys_sendmmsg+0x9d/0x100 [ 192.834351][ T7865] do_syscall_64+0x103/0x610 [ 192.838942][ T7865] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.844826][ T7865] RIP: 0033:0x4582b9 [ 192.848718][ T7865] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 192.868322][ T7865] RSP: 002b:00007efe1e351c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 192.876732][ T7865] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 192.884699][ T7865] RDX: 0000000003ffffeb RSI: 0000000020007e00 RDI: 0000000000000004 [ 192.892666][ T7865] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 192.900629][ T7865] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efe1e3526d4 [ 192.908615][ T7865] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff 00:03:32 executing program 2: 00:03:32 executing program 1: ioctl$sock_netdev_private(0xffffffffffffffff, 0x89ff, &(0x7f0000000300)="dad6bb5f44ccf28fa8a34ccfd24cad6e692de56a75eacccffbc007508316f50958dbb38026eb5eea64db5a91be764ada4ec33f0c879f1b6e2d9113719f052524c897376409618b3fdd9f89f25dc8bbd1ab3246daca1f2f3d") ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, &(0x7f0000000380)={0x9, 0x4, 0x3}) renameat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000000140)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x0, 0x7f4bfb37, 0x0, 0x0, 0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) poll(0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000180)='./file0\x00', 0x40) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f00000001c0), &(0x7f0000000200)=0x14) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8912, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) recvmmsg(r1, &(0x7f0000003480)=[{{&(0x7f00000011c0)=@generic, 0x80, &(0x7f0000002700)=[{&(0x7f0000001240)=""/75, 0x4b}], 0x5, &(0x7f00000027c0)=""/243, 0x500}}], 0x500, 0x0, 0x0) shutdown(r1, 0x1) setsockopt$sock_int(r1, 0x1, 0x7, &(0x7f0000000e40), 0x4) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$TIOCGSOFTCAR(r0, 0x5419, &(0x7f0000000240)) 00:03:32 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x4) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_CONFIG(r1, 0x0, 0x0) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0) syz_open_dev$midi(0x0, 0x0, 0x0) write$P9_RWSTAT(0xffffffffffffffff, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r0, &(0x7f0000005c00)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) 00:03:32 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uhid\x00', 0x2, 0x0) syz_open_dev$midi(0x0, 0x0, 0x0) write$P9_RWSTAT(0xffffffffffffffff, 0x0, 0x0) write$UHID_CREATE(r1, &(0x7f0000001080)={0x0, 'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f00000000c0)=""/11, 0xb}, 0x120) read(r1, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) lstat(0x0, 0x0) dup2(r0, r1) write(0xffffffffffffffff, 0x0, 0x0) 00:03:32 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$inet6_int(r0, 0x29, 0x19, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000000080)=0xfff, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0xa, 0x10000000004e21}, 0x1c) recvmsg(r0, &(0x7f0000000400)={&(0x7f0000000180)=@nl=@proc, 0x80, 0x0}, 0x2000) 00:03:32 executing program 4: syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x5, 0x40) 00:03:32 executing program 4: [ 193.158350][ T22] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 00:03:32 executing program 5: [ 193.217587][ T22] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 00:03:32 executing program 0: 00:03:32 executing program 2: 00:03:32 executing program 4: [ 193.264622][ T22] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.322359][ T22] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.367342][ T22] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 00:03:33 executing program 5: 00:03:33 executing program 4: [ 193.424015][ T22] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 193.471586][ T22] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0