[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 38.687148][ T26] audit: type=1800 audit(1554581275.869:25): pid=7726 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 38.707132][ T26] audit: type=1800 audit(1554581275.869:26): pid=7726 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 38.736590][ T26] audit: type=1800 audit(1554581275.869:27): pid=7726 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.166' (ECDSA) to the list of known hosts. 2019/04/06 20:08:11 fuzzer started 2019/04/06 20:08:14 dialing manager at 10.128.0.26:34543 2019/04/06 20:08:14 syscalls: 2408 2019/04/06 20:08:14 code coverage: enabled 2019/04/06 20:08:14 comparison tracing: enabled 2019/04/06 20:08:14 extra coverage: extra coverage is not supported by the kernel 2019/04/06 20:08:14 setuid sandbox: enabled 2019/04/06 20:08:14 namespace sandbox: enabled 2019/04/06 20:08:14 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/06 20:08:14 fault injection: enabled 2019/04/06 20:08:14 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/06 20:08:14 net packet injection: enabled 2019/04/06 20:08:14 net device setup: enabled 20:10:11 executing program 0: syz_open_dev$video(&(0x7f00000000c0)='/dev/video#\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000300)={{{@in=@broadcast, @in=@remote}}, {{@in=@initdev}, 0x0, @in=@initdev}}, 0x0) add_key(&(0x7f0000000100)='.request_key_auth\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0), 0x0, 0xfffffffffffffffe) request_key(0x0, &(0x7f0000000580)={'syz'}, 0x0, 0xfffffffffffffff8) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000004c0)={0x1000000a, 0xfffbffffffffffff}) syzkaller login: [ 174.188482][ T7890] IPVS: ftp: loaded support on port[0] = 21 20:10:11 executing program 1: ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) perf_event_open(&(0x7f0000000400)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, &(0x7f00000019c0)=""/4096, 0x1000}, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000040)='memory.high\x00', 0x2, 0x0) writev(r1, &(0x7f0000000700), 0x100000000000000d) [ 174.291194][ T7890] chnl_net:caif_netlink_parms(): no params data found [ 174.364928][ T7890] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.389146][ T7890] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.397525][ T7890] device bridge_slave_0 entered promiscuous mode [ 174.406725][ T7890] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.414002][ T7890] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.422932][ T7890] device bridge_slave_1 entered promiscuous mode [ 174.437966][ T7893] IPVS: ftp: loaded support on port[0] = 21 [ 174.458800][ T7890] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 174.482917][ T7890] bond0: Enslaving bond_slave_1 as an active interface with an up link 20:10:11 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_create(0x0, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) write(r0, &(0x7f0000000080)="220000002000070700be0000090007010a0000f801003c0100ff040405000c008000", 0x22) [ 174.530625][ T7890] team0: Port device team_slave_0 added [ 174.555123][ T7890] team0: Port device team_slave_1 added [ 174.692346][ T7890] device hsr_slave_0 entered promiscuous mode 20:10:11 executing program 3: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x80000000006, 0x1000000000000001) ioctl$FS_IOC_FSGETXATTR(r0, 0x802c550a, &(0x7f0000000100)={0x2, 0x0, 0x0, 0x740008, 0xffffffff7ff0bdbe}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$SCSI_IOCTL_GET_PCI(r0, 0x4004550d, &(0x7f0000000240)) [ 174.759462][ T7890] device hsr_slave_1 entered promiscuous mode [ 174.818920][ T7893] chnl_net:caif_netlink_parms(): no params data found [ 174.847960][ T7890] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.855200][ T7890] bridge0: port 2(bridge_slave_1) entered forwarding state [ 174.863066][ T7890] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.870164][ T7890] bridge0: port 1(bridge_slave_0) entered forwarding state [ 174.916587][ T7896] IPVS: ftp: loaded support on port[0] = 21 [ 174.954901][ T7898] IPVS: ftp: loaded support on port[0] = 21 [ 175.012517][ T7893] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.019752][ T7893] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.027671][ T7893] device bridge_slave_0 entered promiscuous mode [ 175.041914][ T7893] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.048977][ T7893] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.057255][ T7893] device bridge_slave_1 entered promiscuous mode 20:10:12 executing program 4: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000040)='/dev/capi20\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$CAPI_GET_MANUFACTURER(r0, 0xc0044306, &(0x7f0000000000)=0x100000001) [ 175.113083][ T7893] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 175.123355][ T7893] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 175.283289][ T7893] team0: Port device team_slave_0 added [ 175.299972][ T7893] team0: Port device team_slave_1 added [ 175.317947][ T7896] chnl_net:caif_netlink_parms(): no params data found [ 175.335509][ T22] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.354677][ T22] bridge0: port 2(bridge_slave_1) entered disabled state 20:10:12 executing program 5: r0 = syz_open_dev$sndseq(&(0x7f00000001c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r0, 0xc08c5335, &(0x7f00000000c0)={0x0, 0x200000000080, 0xfdfdffff, 'queue0\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00', 0x0, [0x0, 0x0, 0x1f00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000]}) [ 175.407101][ T7901] IPVS: ftp: loaded support on port[0] = 21 [ 175.474206][ T7890] 8021q: adding VLAN 0 to HW filter on device bond0 [ 175.531068][ T7893] device hsr_slave_0 entered promiscuous mode [ 175.599368][ T7893] device hsr_slave_1 entered promiscuous mode [ 175.696720][ T7896] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.703995][ T7896] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.711574][ T7896] device bridge_slave_0 entered promiscuous mode [ 175.718955][ T7898] chnl_net:caif_netlink_parms(): no params data found [ 175.730202][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 175.738393][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 175.761145][ T7906] IPVS: ftp: loaded support on port[0] = 21 [ 175.772474][ T7896] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.780382][ T7896] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.788276][ T7896] device bridge_slave_1 entered promiscuous mode [ 175.805762][ T7890] 8021q: adding VLAN 0 to HW filter on device team0 [ 175.839964][ T7896] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 175.871666][ T7902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 175.880305][ T7902] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 175.888522][ T7902] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.895598][ T7902] bridge0: port 1(bridge_slave_0) entered forwarding state [ 175.903342][ T7902] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 175.912991][ T7902] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 175.921341][ T7902] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.928361][ T7902] bridge0: port 2(bridge_slave_1) entered forwarding state [ 175.936057][ T7902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 175.951633][ T7896] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 175.998819][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 176.038128][ T7896] team0: Port device team_slave_0 added [ 176.046561][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 176.055967][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 176.081971][ T7898] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.089206][ T7898] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.096726][ T7898] device bridge_slave_0 entered promiscuous mode [ 176.107074][ T7898] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.114649][ T7898] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.122723][ T7898] device bridge_slave_1 entered promiscuous mode [ 176.130818][ T7896] team0: Port device team_slave_1 added [ 176.147521][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 176.158958][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 176.167391][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 176.175733][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 176.184032][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 176.196769][ T7901] chnl_net:caif_netlink_parms(): no params data found [ 176.224804][ T7898] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 176.238795][ T7898] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 176.251040][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 176.260063][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 176.271039][ T7890] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 176.305764][ T7898] team0: Port device team_slave_0 added [ 176.312664][ T7898] team0: Port device team_slave_1 added [ 176.331177][ T7901] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.338299][ T7901] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.347037][ T7901] device bridge_slave_0 entered promiscuous mode [ 176.366724][ T7893] 8021q: adding VLAN 0 to HW filter on device bond0 [ 176.385505][ T7901] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.392648][ T7901] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.400866][ T7901] device bridge_slave_1 entered promiscuous mode [ 176.451725][ T7896] device hsr_slave_0 entered promiscuous mode [ 176.499460][ T7896] device hsr_slave_1 entered promiscuous mode [ 176.630890][ T7898] device hsr_slave_0 entered promiscuous mode [ 176.679461][ T7898] device hsr_slave_1 entered promiscuous mode [ 176.748519][ T7893] 8021q: adding VLAN 0 to HW filter on device team0 [ 176.765104][ T7906] chnl_net:caif_netlink_parms(): no params data found [ 176.777061][ T7909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 176.785738][ T7909] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 176.795246][ T7901] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 176.806989][ T7890] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 176.850977][ T7901] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 176.923447][ T7909] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 176.933738][ T7909] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 176.942223][ T7909] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.949324][ T7909] bridge0: port 1(bridge_slave_0) entered forwarding state [ 176.956812][ T7909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 176.965902][ T7909] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 176.973844][ C1] hrtimer: interrupt took 34535 ns [ 176.974466][ T7909] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.986109][ T7909] bridge0: port 2(bridge_slave_1) entered forwarding state [ 177.030962][ T7906] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.038088][ T7906] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.053121][ T7906] device bridge_slave_0 entered promiscuous mode [ 177.068795][ T7901] team0: Port device team_slave_0 added [ 177.089596][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 177.098634][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 177.107476][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 177.122599][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 177.135420][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 177.147441][ T7906] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.155980][ T7906] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.166015][ T7906] device bridge_slave_1 entered promiscuous mode [ 177.194656][ T7901] team0: Port device team_slave_1 added [ 177.228854][ T7907] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 177.258461][ T7907] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 177.291409][ T7907] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 177.302683][ T7906] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 177.316643][ T7896] 8021q: adding VLAN 0 to HW filter on device bond0 [ 177.337919][ T7893] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 177.354614][ T7893] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 177.382949][ T7906] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 177.396893][ T7909] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 177.415600][ T7909] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 177.426940][ T7909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 177.441573][ T7909] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 177.502083][ T7901] device hsr_slave_0 entered promiscuous mode [ 177.559493][ T7901] device hsr_slave_1 entered promiscuous mode [ 177.627386][ T7893] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 177.654469][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 177.668310][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 177.676454][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 177.696433][ T7896] 8021q: adding VLAN 0 to HW filter on device team0 20:10:14 executing program 0: syz_open_dev$video(&(0x7f00000000c0)='/dev/video#\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000300)={{{@in=@broadcast, @in=@remote}}, {{@in=@initdev}, 0x0, @in=@initdev}}, 0x0) add_key(&(0x7f0000000100)='.request_key_auth\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0), 0x0, 0xfffffffffffffffe) request_key(0x0, &(0x7f0000000580)={'syz'}, 0x0, 0xfffffffffffffff8) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000004c0)={0x1000000a, 0xfffbffffffffffff}) [ 177.733580][ T7906] team0: Port device team_slave_0 added [ 177.755642][ T7906] team0: Port device team_slave_1 added [ 177.811044][ T7898] 8021q: adding VLAN 0 to HW filter on device bond0 [ 177.831764][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 177.844444][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 177.856537][ T3488] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.863653][ T3488] bridge0: port 1(bridge_slave_0) entered forwarding state 20:10:15 executing program 1: ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) perf_event_open(&(0x7f0000000400)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, &(0x7f00000019c0)=""/4096, 0x1000}, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000040)='memory.high\x00', 0x2, 0x0) writev(r1, &(0x7f0000000700), 0x100000000000000d) [ 177.962017][ T7906] device hsr_slave_0 entered promiscuous mode [ 177.995111][ T7906] device hsr_slave_1 entered promiscuous mode [ 178.061180][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 178.072510][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 178.081720][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 178.090399][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.097495][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.106200][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 20:10:15 executing program 1: ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) perf_event_open(&(0x7f0000000400)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, &(0x7f00000019c0)=""/4096, 0x1000}, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000040)='memory.high\x00', 0x2, 0x0) writev(r1, &(0x7f0000000700), 0x100000000000000d) [ 178.184053][ T7898] 8021q: adding VLAN 0 to HW filter on device team0 [ 178.204958][ T7896] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 178.220075][ T7896] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 178.245149][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 178.265848][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 178.294460][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 178.303812][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 178.322266][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 178.337073][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 178.356271][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 178.373515][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 178.387642][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready 20:10:15 executing program 1: ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) perf_event_open(&(0x7f0000000400)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, &(0x7f00000019c0)=""/4096, 0x1000}, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000040)='memory.high\x00', 0x2, 0x0) writev(r1, &(0x7f0000000700), 0x100000000000000d) [ 178.402963][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 178.421877][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 178.444004][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 178.481142][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 178.536569][ T7901] 8021q: adding VLAN 0 to HW filter on device bond0 [ 178.575152][ T7902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 178.596056][ T7902] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 178.611053][ T7902] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.618139][ T7902] bridge0: port 1(bridge_slave_0) entered forwarding state [ 178.630303][ T7902] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 178.644384][ T7902] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 178.653896][ T7902] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.661063][ T7902] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.674840][ T7902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 178.685191][ T7902] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 20:10:15 executing program 0: syz_open_dev$video(&(0x7f00000000c0)='/dev/video#\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000300)={{{@in=@broadcast, @in=@remote}}, {{@in=@initdev}, 0x0, @in=@initdev}}, 0x0) add_key(&(0x7f0000000100)='.request_key_auth\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0), 0x0, 0xfffffffffffffffe) request_key(0x0, &(0x7f0000000580)={'syz'}, 0x0, 0xfffffffffffffff8) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000004c0)={0x1000000a, 0xfffbffffffffffff}) [ 178.787560][ T7906] 8021q: adding VLAN 0 to HW filter on device bond0 [ 178.800314][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 178.817355][ T7896] 8021q: adding VLAN 0 to HW filter on device batadv0 20:10:16 executing program 1: socket$inet_udp(0x2, 0x2, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000280)=0x7, 0x4) sendmmsg(r0, &(0x7f00000002c0), 0xc6, 0x0) [ 178.835668][ T7907] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 178.864607][ T7907] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 20:10:16 executing program 0: syz_open_dev$video(&(0x7f00000000c0)='/dev/video#\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000300)={{{@in=@broadcast, @in=@remote}}, {{@in=@initdev}, 0x0, @in=@initdev}}, 0x0) add_key(&(0x7f0000000100)='.request_key_auth\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0), 0x0, 0xfffffffffffffffe) request_key(0x0, &(0x7f0000000580)={'syz'}, 0x0, 0xfffffffffffffff8) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000004c0)={0x1000000a, 0xfffbffffffffffff}) [ 178.888846][ T7907] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 178.898059][ T7907] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 178.918509][ T7907] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 178.928336][ T7935] check_preemption_disabled: 3 callbacks suppressed [ 178.928381][ T7935] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7935 [ 178.948005][ T7935] caller is sk_mc_loop+0x1d/0x210 [ 178.953328][ T7935] CPU: 1 PID: 7935 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 178.962344][ T7935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 178.972395][ T7935] Call Trace: [ 178.975697][ T7935] dump_stack+0x172/0x1f0 [ 178.980041][ T7935] __this_cpu_preempt_check+0x246/0x270 [ 178.985590][ T7935] sk_mc_loop+0x1d/0x210 [ 178.989845][ T7935] ip_mc_output+0x2ef/0xf70 [ 178.994354][ T7935] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 178.999469][ T7935] ? ip_append_data.part.0+0x170/0x170 [ 178.999484][ T7935] ? ip_make_skb+0x1b1/0x2c0 [ 178.999498][ T7935] ? ip_reply_glue_bits+0xc0/0xc0 [ 178.999517][ T7935] ip_local_out+0xc4/0x1b0 [ 178.999535][ T7935] ip_send_skb+0x42/0xf0 [ 178.999558][ T7935] udp_send_skb.isra.0+0x6b2/0x1180 [ 178.999574][ T7935] ? xfrm_lookup_route+0x5b/0x1f0 [ 179.033579][ T7935] udp_sendmsg+0x1dfd/0x2820 [ 179.038175][ T7935] ? perf_swevent_start_hrtimer.part.0+0xc0/0x130 [ 179.044594][ T7935] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 179.050322][ T7935] ? ip_reply_glue_bits+0xc0/0xc0 [ 179.055350][ T7935] ? udp4_lib_lookup_skb+0x440/0x440 [ 179.060641][ T7935] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 179.066900][ T7935] ? retint_kernel+0x2d/0x2d [ 179.071511][ T7935] ? trace_hardirqs_on_caller+0x6a/0x220 [ 179.077178][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 179.082665][ T7935] ? retint_kernel+0x2d/0x2d [ 179.087317][ T7935] udpv6_sendmsg+0x13a4/0x28d0 [ 179.092094][ T7935] ? udpv6_sendmsg+0x13a4/0x28d0 [ 179.097049][ T7935] ? lock_downgrade+0x880/0x880 [ 179.101929][ T7935] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 179.107944][ T7935] ? aa_profile_af_perm+0x320/0x320 [ 179.113164][ T7935] ? __might_fault+0x12b/0x1e0 [ 179.117936][ T7935] ? find_held_lock+0x35/0x130 [ 179.122712][ T7935] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 179.128958][ T7935] ? rw_copy_check_uvector+0x2a6/0x330 [ 179.134438][ T7935] ? ___might_sleep+0x163/0x280 [ 179.139294][ T7935] ? __might_sleep+0x95/0x190 [ 179.143980][ T7935] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 179.149614][ T7935] ? aa_sk_perm+0x288/0x880 [ 179.154138][ T7935] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 179.159718][ T7935] inet_sendmsg+0x147/0x5e0 [ 179.164227][ T7935] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 179.170209][ T7935] ? inet_sendmsg+0x147/0x5e0 [ 179.174889][ T7935] ? ipip_gro_receive+0x100/0x100 [ 179.179943][ T7935] sock_sendmsg+0xdd/0x130 [ 179.184365][ T7935] ___sys_sendmsg+0x3e2/0x930 [ 179.189055][ T7935] ? copy_msghdr_from_user+0x430/0x430 [ 179.194522][ T7935] ? lock_downgrade+0x880/0x880 [ 179.199371][ T7935] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 179.205631][ T7935] ? kasan_check_read+0x11/0x20 [ 179.210532][ T7935] ? __fget+0x381/0x550 [ 179.214702][ T7935] ? ksys_dup3+0x3e0/0x3e0 [ 179.219121][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 179.224581][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 179.230047][ T7935] ? __fget_light+0x1a9/0x230 [ 179.234731][ T7935] ? __fdget+0x1b/0x20 [ 179.238805][ T7935] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 179.245071][ T7935] ? sockfd_lookup_light+0xcb/0x180 [ 179.250287][ T7935] __sys_sendmmsg+0x1bf/0x4d0 [ 179.254972][ T7935] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 179.260023][ T7935] ? _copy_to_user+0xc9/0x120 [ 179.264712][ T7935] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 179.270957][ T7935] ? put_timespec64+0xda/0x140 [ 179.275730][ T7935] ? nsecs_to_jiffies+0x30/0x30 [ 179.280608][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 179.286073][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 179.291558][ T7935] ? do_syscall_64+0x26/0x610 [ 179.296262][ T7935] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 179.302337][ T7935] ? do_syscall_64+0x26/0x610 [ 179.307026][ T7935] __x64_sys_sendmmsg+0x9d/0x100 [ 179.311974][ T7935] do_syscall_64+0x103/0x610 [ 179.316570][ T7935] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 179.322465][ T7935] RIP: 0033:0x4582b9 [ 179.326364][ T7935] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 179.345974][ T7935] RSP: 002b:00007f2146b68c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 179.354391][ T7935] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 179.362363][ T7935] RDX: 00000000000000c6 RSI: 00000000200002c0 RDI: 0000000000000005 [ 179.370337][ T7935] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 179.378308][ T7935] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2146b696d4 [ 179.386283][ T7935] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 179.406662][ T7901] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.415210][ T7935] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7935 [ 179.427622][ T7935] caller is sk_mc_loop+0x1d/0x210 [ 179.432987][ T7935] CPU: 1 PID: 7935 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 179.442029][ T7935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 179.452081][ T7935] Call Trace: [ 179.455376][ T7935] dump_stack+0x172/0x1f0 [ 179.459731][ T7935] __this_cpu_preempt_check+0x246/0x270 [ 179.465287][ T7935] sk_mc_loop+0x1d/0x210 [ 179.469542][ T7935] ip_mc_output+0x2ef/0xf70 [ 179.474055][ T7935] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 179.479180][ T7935] ? ip_append_data.part.0+0x170/0x170 [ 179.484653][ T7935] ip_local_out+0xc4/0x1b0 [ 179.489095][ T7935] ip_send_skb+0x42/0xf0 [ 179.493348][ T7935] udp_send_skb.isra.0+0x6b2/0x1180 [ 179.498551][ T7935] ? xfrm_lookup_route+0x5b/0x1f0 [ 179.503611][ T7935] udp_sendmsg+0x1dfd/0x2820 [ 179.508221][ T7935] ? perf_swevent_start_hrtimer.part.0+0xc0/0x130 [ 179.514642][ T7935] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 179.520384][ T7935] ? ip_reply_glue_bits+0xc0/0xc0 [ 179.525440][ T7935] ? udp4_lib_lookup_skb+0x440/0x440 [ 179.530732][ T7935] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 179.536987][ T7935] ? retint_kernel+0x2d/0x2d [ 179.541606][ T7935] ? trace_hardirqs_on_caller+0x6a/0x220 [ 179.547253][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 179.558193][ T7935] ? retint_kernel+0x2d/0x2d [ 179.562800][ T7935] udpv6_sendmsg+0x13a4/0x28d0 [ 179.567567][ T7935] ? udpv6_sendmsg+0x13a4/0x28d0 [ 179.572510][ T7935] ? lock_downgrade+0x880/0x880 [ 179.577381][ T7935] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 179.583379][ T7935] ? aa_profile_af_perm+0x320/0x320 [ 179.588598][ T7935] ? lockdep_hardirqs_on+0x418/0x5d0 [ 179.593897][ T7935] ? retint_kernel+0x2d/0x2d [ 179.598498][ T7935] ? trace_hardirqs_on_caller+0x6a/0x220 [ 179.604137][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 179.609614][ T7935] ? ___might_sleep+0x163/0x280 [ 179.614469][ T7935] ? __might_sleep+0x95/0x190 [ 179.619156][ T7935] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 179.624802][ T7935] ? aa_sk_perm+0x288/0x880 [ 179.629325][ T7935] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 179.634879][ T7935] inet_sendmsg+0x147/0x5e0 [ 179.639427][ T7935] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 179.645413][ T7935] ? inet_sendmsg+0x147/0x5e0 [ 179.650092][ T7935] ? ipip_gro_receive+0x100/0x100 [ 179.655163][ T7935] sock_sendmsg+0xdd/0x130 [ 179.659585][ T7935] ___sys_sendmsg+0x3e2/0x930 [ 179.664283][ T7935] ? copy_msghdr_from_user+0x430/0x430 [ 179.669763][ T7935] ? __lock_acquire+0x548/0x3fb0 [ 179.674715][ T7935] ? lock_downgrade+0x880/0x880 [ 179.679606][ T7935] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 179.685855][ T7935] ? kasan_check_read+0x11/0x20 [ 179.690747][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 179.696212][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 179.701676][ T7935] ? lockdep_hardirqs_on+0x418/0x5d0 [ 179.707004][ T7935] ? retint_kernel+0x2d/0x2d [ 179.711613][ T7935] ? trace_hardirqs_on_caller+0x6a/0x220 [ 179.717764][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 179.723237][ T7935] ? retint_kernel+0x2d/0x2d [ 179.727860][ T7935] ? ___might_sleep+0x163/0x280 [ 179.732726][ T7935] __sys_sendmmsg+0x1bf/0x4d0 [ 179.737409][ T7935] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 179.742456][ T7935] ? _copy_to_user+0xc9/0x120 [ 179.747149][ T7935] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 179.753395][ T7935] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 179.759645][ T7935] ? put_timespec64+0xda/0x140 [ 179.764432][ T7935] ? nsecs_to_jiffies+0x30/0x30 [ 179.769294][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 179.774806][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 179.780275][ T7935] ? do_syscall_64+0x26/0x610 [ 179.784960][ T7935] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 179.791048][ T7935] ? do_syscall_64+0x26/0x610 [ 179.795730][ T7935] __x64_sys_sendmmsg+0x9d/0x100 [ 179.800703][ T7935] do_syscall_64+0x103/0x610 [ 179.805303][ T7935] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 179.811195][ T7935] RIP: 0033:0x4582b9 [ 179.815096][ T7935] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 179.834710][ T7935] RSP: 002b:00007f2146b68c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 179.843129][ T7935] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 179.843139][ T7935] RDX: 00000000000000c6 RSI: 00000000200002c0 RDI: 0000000000000005 [ 179.843147][ T7935] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 179.843156][ T7935] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2146b696d4 [ 179.843165][ T7935] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 179.870400][ T7901] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network 20:10:17 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x1, 0x31, 0xffffffffffffffff, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r1, 0x3a, 0x1, &(0x7f0000000000), 0x4) [ 179.893935][ T7901] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 179.909991][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 179.914265][ T7940] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7940 [ 179.918404][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 179.927569][ T7940] caller is sk_mc_loop+0x1d/0x210 [ 179.941133][ T7940] CPU: 1 PID: 7940 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 179.949847][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 179.950168][ T7940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 179.950174][ T7940] Call Trace: [ 179.950196][ T7940] dump_stack+0x172/0x1f0 [ 179.950220][ T7940] __this_cpu_preempt_check+0x246/0x270 [ 179.950240][ T7940] sk_mc_loop+0x1d/0x210 [ 179.958044][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 179.967475][ T7940] ip_mc_output+0x2ef/0xf70 [ 179.967497][ T7940] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 179.967515][ T7940] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 179.967533][ T7940] ? ip_append_data.part.0+0x170/0x170 [ 179.967549][ T7940] ? retint_kernel+0x2d/0x2d [ 179.967570][ T7940] ip_local_out+0xc4/0x1b0 [ 179.967600][ T7940] ip_send_skb+0x42/0xf0 [ 179.967617][ T7940] udp_send_skb.isra.0+0x6b2/0x1180 [ 179.967631][ T7940] ? ip_reply_glue_bits+0xc0/0xc0 [ 179.967654][ T7940] udp_sendmsg+0x1dfd/0x2820 [ 179.979546][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 179.980782][ T7940] ? ip_reply_glue_bits+0xc0/0xc0 [ 179.980803][ T7940] ? udp4_lib_lookup_skb+0x440/0x440 [ 179.980830][ T7940] ? flexible_sched_in+0xcb/0x9c0 [ 179.985696][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 179.992245][ T7940] ? visit_groups_merge+0x4c0/0x5d0 [ 179.992278][ T7940] ? retint_kernel+0x2d/0x2d [ 179.992295][ T7940] ? trace_hardirqs_on_caller+0x6a/0x220 [ 179.992321][ T7940] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 179.992342][ T7940] ? retint_kernel+0x2d/0x2d [ 179.992372][ T7940] udpv6_sendmsg+0x13a4/0x28d0 [ 179.992387][ T7940] ? udpv6_sendmsg+0x13a4/0x28d0 [ 179.992405][ T7940] ? mark_held_locks+0xa4/0xf0 [ 179.992427][ T7940] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 180.008565][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 180.012920][ T7940] ? aa_profile_af_perm+0x320/0x320 [ 180.012939][ T7940] ? __might_fault+0x12b/0x1e0 [ 180.012954][ T7940] ? find_held_lock+0x35/0x130 [ 180.012971][ T7940] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 180.012989][ T7940] ? rw_copy_check_uvector+0x2a6/0x330 [ 180.013018][ T7940] ? ___might_sleep+0x163/0x280 [ 180.013040][ T7940] ? __might_sleep+0x95/0x190 [ 180.025483][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 180.026263][ T7940] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 180.026277][ T7940] ? aa_sk_perm+0x288/0x880 [ 180.026294][ T7940] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 180.026317][ T7940] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 180.035717][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.036510][ T7940] inet_sendmsg+0x147/0x5e0 [ 180.036528][ T7940] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 180.036539][ T7940] ? inet_sendmsg+0x147/0x5e0 [ 180.036558][ T7940] ? ipip_gro_receive+0x100/0x100 [ 180.041219][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 180.048347][ T7940] sock_sendmsg+0xdd/0x130 [ 180.065508][ T7935] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7935 [ 180.070846][ T7940] ___sys_sendmsg+0x3e2/0x930 [ 180.070867][ T7940] ? copy_msghdr_from_user+0x430/0x430 [ 180.070888][ T7940] ? lock_downgrade+0x880/0x880 [ 180.070904][ T7940] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 180.070937][ T7940] ? kasan_check_read+0x11/0x20 [ 180.070960][ T7940] ? __fget+0x381/0x550 [ 180.070982][ T7940] ? ksys_dup3+0x3e0/0x3e0 [ 180.071007][ T7940] ? __fget_light+0x1a9/0x230 [ 180.071024][ T7940] ? __fdget+0x1b/0x20 [ 180.071039][ T7940] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 180.071055][ T7940] ? sockfd_lookup_light+0xcb/0x180 [ 180.071072][ T7940] __sys_sendmmsg+0x1bf/0x4d0 [ 180.071092][ T7940] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 180.071120][ T7940] ? _copy_to_user+0xc9/0x120 [ 180.071141][ T7940] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 180.076379][ T7935] caller is sk_mc_loop+0x1d/0x210 [ 180.080944][ T7940] ? put_timespec64+0xda/0x140 [ 180.080972][ T7940] ? nsecs_to_jiffies+0x30/0x30 [ 180.080996][ T7940] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 180.081011][ T7940] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 180.081038][ T7940] ? do_syscall_64+0x26/0x610 [ 180.081055][ T7940] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 180.081069][ T7940] ? do_syscall_64+0x26/0x610 [ 180.081086][ T7940] __x64_sys_sendmmsg+0x9d/0x100 [ 180.081117][ T7940] do_syscall_64+0x103/0x610 [ 180.081135][ T7940] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 180.081147][ T7940] RIP: 0033:0x4582b9 [ 180.081163][ T7940] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 180.081183][ T7940] RSP: 002b:00007f2146b26c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 180.081197][ T7940] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 180.081205][ T7940] RDX: 00000000000000c6 RSI: 00000000200002c0 RDI: 0000000000000008 [ 180.081226][ T7940] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 180.081248][ T7940] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2146b276d4 [ 180.081257][ T7940] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 180.098468][ T7940] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7940 [ 180.102071][ T7935] CPU: 0 PID: 7935 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 180.106998][ T7940] caller is sk_mc_loop+0x1d/0x210 [ 180.111731][ T7935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 180.111736][ T7935] Call Trace: [ 180.111756][ T7935] dump_stack+0x172/0x1f0 [ 180.111782][ T7935] __this_cpu_preempt_check+0x246/0x270 [ 180.488196][ T7935] sk_mc_loop+0x1d/0x210 [ 180.492441][ T7935] ip_mc_output+0x2ef/0xf70 [ 180.496957][ T7935] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 180.502072][ T7935] ? ip_append_data.part.0+0x170/0x170 [ 180.507530][ T7935] ? retint_kernel+0x2d/0x2d [ 180.512120][ T7935] ip_local_out+0xc4/0x1b0 [ 180.516536][ T7935] ip_send_skb+0x42/0xf0 [ 180.520783][ T7935] udp_send_skb.isra.0+0x6b2/0x1180 [ 180.525981][ T7935] ? xfrm_lookup_route+0x5b/0x1f0 [ 180.531012][ T7935] udp_sendmsg+0x1dfd/0x2820 [ 180.535600][ T7935] ? perf_swevent_start_hrtimer.part.0+0xc0/0x130 [ 180.542009][ T7935] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 180.547727][ T7935] ? ip_reply_glue_bits+0xc0/0xc0 [ 180.552752][ T7935] ? udp4_lib_lookup_skb+0x440/0x440 [ 180.558051][ T7935] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 180.564301][ T7935] ? retint_kernel+0x2d/0x2d [ 180.568889][ T7935] ? trace_hardirqs_on_caller+0x6a/0x220 [ 180.574540][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 180.580006][ T7935] ? retint_kernel+0x2d/0x2d [ 180.584606][ T7935] udpv6_sendmsg+0x13a4/0x28d0 [ 180.589370][ T7935] ? udpv6_sendmsg+0x13a4/0x28d0 [ 180.594307][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 180.599768][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 180.605232][ T7935] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 180.611763][ T7935] ? aa_profile_af_perm+0x320/0x320 [ 180.617436][ T7935] ? retint_kernel+0x2d/0x2d [ 180.622039][ T7935] ? iov_iter_init+0x9e/0x220 [ 180.626716][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 180.632177][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 180.637656][ T7935] ? lockdep_hardirqs_on+0x418/0x5d0 [ 180.642958][ T7935] ? retint_kernel+0x2d/0x2d [ 180.647559][ T7935] ? trace_hardirqs_on_caller+0x6a/0x220 [ 180.653203][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 180.658666][ T7935] ? retint_kernel+0x2d/0x2d [ 180.663263][ T7935] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 180.669246][ T7935] inet_sendmsg+0x147/0x5e0 [ 180.673746][ T7935] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 180.679716][ T7935] ? inet_sendmsg+0x147/0x5e0 [ 180.684391][ T7935] ? ipip_gro_receive+0x100/0x100 [ 180.689429][ T7935] sock_sendmsg+0xdd/0x130 [ 180.693846][ T7935] ___sys_sendmsg+0x3e2/0x930 [ 180.698525][ T7935] ? copy_msghdr_from_user+0x430/0x430 [ 180.703998][ T7935] ? __lock_acquire+0x548/0x3fb0 [ 180.708946][ T7935] ? lock_downgrade+0x880/0x880 [ 180.713800][ T7935] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 180.720347][ T7935] ? kasan_check_read+0x11/0x20 [ 180.725201][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 180.730662][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 180.736138][ T7935] ? lockdep_hardirqs_on+0x418/0x5d0 [ 180.741419][ T7935] ? retint_kernel+0x2d/0x2d [ 180.746009][ T7935] ? trace_hardirqs_on_caller+0x6a/0x220 [ 180.751642][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 180.757112][ T7935] ? retint_kernel+0x2d/0x2d [ 180.761745][ T7935] ? ___might_sleep+0x163/0x280 [ 180.766595][ T7935] __sys_sendmmsg+0x1bf/0x4d0 [ 180.771275][ T7935] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 180.776307][ T7935] ? _copy_to_user+0xc9/0x120 [ 180.780987][ T7935] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 180.787223][ T7935] ? put_timespec64+0xda/0x140 [ 180.791987][ T7935] ? nsecs_to_jiffies+0x30/0x30 [ 180.796843][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 180.802301][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 180.807757][ T7935] ? do_syscall_64+0x26/0x610 [ 180.812441][ T7935] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 180.818502][ T7935] ? do_syscall_64+0x26/0x610 [ 180.823181][ T7935] __x64_sys_sendmmsg+0x9d/0x100 [ 180.828143][ T7935] do_syscall_64+0x103/0x610 [ 180.832735][ T7935] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 180.838634][ T7935] RIP: 0033:0x4582b9 [ 180.842551][ T7935] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 180.862149][ T7935] RSP: 002b:00007f2146b68c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 180.870569][ T7935] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 180.878545][ T7935] RDX: 00000000000000c6 RSI: 00000000200002c0 RDI: 0000000000000005 [ 180.886528][ T7935] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 180.894504][ T7935] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2146b696d4 [ 180.902470][ T7935] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 180.910471][ T7940] CPU: 1 PID: 7940 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 180.919502][ T7940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 180.928823][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 180.929549][ T7940] Call Trace: [ 180.929576][ T7940] dump_stack+0x172/0x1f0 [ 180.929624][ T7940] __this_cpu_preempt_check+0x246/0x270 [ 180.929654][ T7940] sk_mc_loop+0x1d/0x210 [ 180.929673][ T7940] ip_mc_output+0x2ef/0xf70 [ 180.929700][ T7940] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 180.929721][ T7940] ? ip_append_data.part.0+0x170/0x170 [ 180.929734][ T7940] ? ip_make_skb+0x1b1/0x2c0 [ 180.929748][ T7940] ? ip_reply_glue_bits+0xc0/0xc0 [ 180.929765][ T7940] ip_local_out+0xc4/0x1b0 [ 180.929783][ T7940] ip_send_skb+0x42/0xf0 [ 180.929800][ T7940] udp_send_skb.isra.0+0x6b2/0x1180 [ 180.929817][ T7940] ? xfrm_lookup_route+0x5b/0x1f0 [ 180.929840][ T7940] udp_sendmsg+0x1dfd/0x2820 [ 180.929877][ T7940] ? ip_reply_glue_bits+0xc0/0xc0 [ 180.946235][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 180.951072][ T7940] ? udp4_lib_lookup_skb+0x440/0x440 [ 180.951094][ T7940] ? flexible_sched_in+0xcb/0x9c0 [ 180.951116][ T7940] ? visit_groups_merge+0x4c0/0x5d0 [ 180.951137][ T7940] ? retint_kernel+0x2d/0x2d [ 180.966332][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.970424][ T7940] ? trace_hardirqs_on_caller+0x6a/0x220 [ 180.970447][ T7940] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 180.970467][ T7940] ? retint_kernel+0x2d/0x2d [ 180.970500][ T7940] udpv6_sendmsg+0x13a4/0x28d0 [ 180.975102][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 180.980096][ T7940] ? udpv6_sendmsg+0x13a4/0x28d0 [ 180.980114][ T7940] ? mark_held_locks+0xa4/0xf0 [ 180.980140][ T7940] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 180.991071][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 180.993972][ T7940] ? aa_profile_af_perm+0x320/0x320 [ 180.993990][ T7940] ? __might_fault+0x12b/0x1e0 [ 180.994011][ T7940] ? find_held_lock+0x35/0x130 [ 181.004178][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 181.008643][ T7940] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 181.008669][ T7940] ? rw_copy_check_uvector+0x2a6/0x330 [ 181.025945][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 181.026941][ T7940] ? ___might_sleep+0x163/0x280 [ 181.026964][ T7940] ? __might_sleep+0x95/0x190 [ 181.033289][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 181.036728][ T7940] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 181.036744][ T7940] ? aa_sk_perm+0x288/0x880 [ 181.036767][ T7940] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 181.050665][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 181.054849][ T7940] inet_sendmsg+0x147/0x5e0 [ 181.066619][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 181.071353][ T7940] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 181.071367][ T7940] ? inet_sendmsg+0x147/0x5e0 [ 181.071381][ T7940] ? ipip_gro_receive+0x100/0x100 [ 181.071406][ T7940] sock_sendmsg+0xdd/0x130 [ 181.071424][ T7940] ___sys_sendmsg+0x3e2/0x930 [ 181.071482][ T7940] ? copy_msghdr_from_user+0x430/0x430 [ 181.084235][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 181.087128][ T7940] ? __lock_acquire+0x548/0x3fb0 [ 181.087142][ T7940] ? lock_downgrade+0x880/0x880 [ 181.087165][ T7940] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 181.096776][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 181.100236][ T7940] ? kasan_check_read+0x11/0x20 [ 181.100270][ T7940] ? __might_fault+0x12b/0x1e0 [ 181.100285][ T7940] ? find_held_lock+0x35/0x130 [ 181.100298][ T7940] ? __might_fault+0x12b/0x1e0 [ 181.100320][ T7940] ? lock_downgrade+0x880/0x880 [ 181.100358][ T7940] ? ___might_sleep+0x163/0x280 [ 181.100376][ T7940] __sys_sendmmsg+0x1bf/0x4d0 [ 181.100395][ T7940] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 181.100421][ T7940] ? _copy_to_user+0xc9/0x120 [ 181.114292][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 181.117817][ T7940] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 181.117833][ T7940] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 181.117849][ T7940] ? put_timespec64+0xda/0x140 [ 181.117869][ T7940] ? nsecs_to_jiffies+0x30/0x30 [ 181.125130][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 181.129578][ T7940] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 181.129595][ T7940] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 181.129612][ T7940] ? do_syscall_64+0x26/0x610 [ 181.129629][ T7940] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 181.129642][ T7940] ? do_syscall_64+0x26/0x610 [ 181.129662][ T7940] __x64_sys_sendmmsg+0x9d/0x100 [ 181.129681][ T7940] do_syscall_64+0x103/0x610 [ 181.129706][ T7940] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 181.129719][ T7940] RIP: 0033:0x4582b9 [ 181.129741][ T7940] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 181.144857][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 181.147155][ T7940] RSP: 002b:00007f2146b26c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 181.155843][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 181.160572][ T7940] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 181.160582][ T7940] RDX: 00000000000000c6 RSI: 00000000200002c0 RDI: 0000000000000008 [ 181.160590][ T7940] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 181.160599][ T7940] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2146b276d4 [ 181.160608][ T7940] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 181.465333][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 181.477364][ T7898] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 181.492348][ T7906] 8021q: adding VLAN 0 to HW filter on device team0 [ 181.505864][ T7940] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7940 [ 181.508267][ T7935] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7935 [ 181.515400][ T7940] caller is sk_mc_loop+0x1d/0x210 [ 181.515421][ T7940] CPU: 1 PID: 7940 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 181.524724][ T7935] caller is sk_mc_loop+0x1d/0x210 [ 181.529708][ T7940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 181.529714][ T7940] Call Trace: [ 181.529737][ T7940] dump_stack+0x172/0x1f0 [ 181.529761][ T7940] __this_cpu_preempt_check+0x246/0x270 [ 181.529780][ T7940] sk_mc_loop+0x1d/0x210 [ 181.571390][ T7940] ip_mc_output+0x2ef/0xf70 [ 181.575896][ T7940] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 181.581224][ T7940] ? ip_append_data.part.0+0x170/0x170 [ 181.586675][ T7940] ? ip_make_skb+0x1b1/0x2c0 [ 181.591278][ T7940] ? ip_reply_glue_bits+0xc0/0xc0 [ 181.596303][ T7940] ip_local_out+0xc4/0x1b0 [ 181.600743][ T7940] ip_send_skb+0x42/0xf0 [ 181.604983][ T7940] udp_send_skb.isra.0+0x6b2/0x1180 [ 181.610180][ T7940] ? xfrm_lookup_route+0x5b/0x1f0 [ 181.615218][ T7940] udp_sendmsg+0x1dfd/0x2820 [ 181.619809][ T7940] ? ip_reply_glue_bits+0xc0/0xc0 [ 181.627460][ T7940] ? udp4_lib_lookup_skb+0x440/0x440 [ 181.632758][ T7940] ? flexible_sched_in+0xcb/0x9c0 [ 181.637920][ T7940] ? visit_groups_merge+0x4c0/0x5d0 [ 181.643131][ T7940] ? retint_kernel+0x2d/0x2d [ 181.648262][ T7940] ? trace_hardirqs_on_caller+0x6a/0x220 [ 181.653902][ T7940] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 181.659382][ T7940] ? retint_kernel+0x2d/0x2d [ 181.663987][ T7940] udpv6_sendmsg+0x13a4/0x28d0 [ 181.668747][ T7940] ? udpv6_sendmsg+0x13a4/0x28d0 [ 181.673698][ T7940] ? mark_held_locks+0xa4/0xf0 [ 181.678468][ T7940] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 181.684676][ T7940] ? aa_profile_af_perm+0x320/0x320 [ 181.689878][ T7940] ? __might_fault+0x12b/0x1e0 [ 181.694750][ T7940] ? find_held_lock+0x35/0x130 [ 181.699515][ T7940] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 181.705753][ T7940] ? rw_copy_check_uvector+0x2a6/0x330 [ 181.711250][ T7940] ? ___might_sleep+0x163/0x280 [ 181.716556][ T7940] ? __might_sleep+0x95/0x190 [ 181.721394][ T7940] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 181.727022][ T7940] ? aa_sk_perm+0x288/0x880 [ 181.731543][ T7940] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 181.737104][ T7940] inet_sendmsg+0x147/0x5e0 [ 181.741621][ T7940] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 181.747592][ T7940] ? inet_sendmsg+0x147/0x5e0 [ 181.752264][ T7940] ? ipip_gro_receive+0x100/0x100 [ 181.757285][ T7940] sock_sendmsg+0xdd/0x130 [ 181.761706][ T7940] ___sys_sendmsg+0x3e2/0x930 [ 181.766386][ T7940] ? copy_msghdr_from_user+0x430/0x430 [ 181.771851][ T7940] ? __lock_acquire+0x548/0x3fb0 [ 181.776779][ T7940] ? lock_downgrade+0x880/0x880 [ 181.781629][ T7940] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 181.787869][ T7940] ? kasan_check_read+0x11/0x20 [ 181.792728][ T7940] ? __might_fault+0x12b/0x1e0 [ 181.797498][ T7940] ? find_held_lock+0x35/0x130 [ 181.802272][ T7940] ? __might_fault+0x12b/0x1e0 [ 181.807038][ T7940] ? lock_downgrade+0x880/0x880 [ 181.811896][ T7940] ? ___might_sleep+0x163/0x280 [ 181.816753][ T7940] __sys_sendmmsg+0x1bf/0x4d0 [ 181.821456][ T7940] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 181.826487][ T7940] ? _copy_to_user+0xc9/0x120 [ 181.831161][ T7940] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 181.837390][ T7940] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 181.843620][ T7940] ? put_timespec64+0xda/0x140 [ 181.848377][ T7940] ? nsecs_to_jiffies+0x30/0x30 [ 181.853241][ T7940] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 181.858699][ T7940] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 181.864155][ T7940] ? do_syscall_64+0x26/0x610 [ 181.868826][ T7940] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 181.874883][ T7940] ? do_syscall_64+0x26/0x610 [ 181.879565][ T7940] __x64_sys_sendmmsg+0x9d/0x100 [ 181.884506][ T7940] do_syscall_64+0x103/0x610 [ 181.889096][ T7940] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 181.894983][ T7940] RIP: 0033:0x4582b9 [ 181.899571][ T7940] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 181.919168][ T7940] RSP: 002b:00007f2146b26c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 181.927593][ T7940] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 181.935558][ T7940] RDX: 00000000000000c6 RSI: 00000000200002c0 RDI: 0000000000000008 [ 181.943543][ T7940] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 181.951506][ T7940] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2146b276d4 [ 181.959594][ T7940] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 181.967583][ T7935] CPU: 0 PID: 7935 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 181.976611][ T7935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 181.985215][ T7940] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7940 [ 181.986657][ T7935] Call Trace: [ 181.986696][ T7935] dump_stack+0x172/0x1f0 [ 181.986724][ T7935] __this_cpu_preempt_check+0x246/0x270 [ 181.996039][ T7940] caller is sk_mc_loop+0x1d/0x210 [ 181.999306][ T7935] sk_mc_loop+0x1d/0x210 [ 181.999323][ T7935] ip_mc_output+0x2ef/0xf70 [ 181.999343][ T7935] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 181.999362][ T7935] ? ip_append_data.part.0+0x170/0x170 [ 182.033461][ T7935] ? ip_make_skb+0x1b1/0x2c0 [ 182.038047][ T7935] ? ip_reply_glue_bits+0xc0/0xc0 [ 182.043082][ T7935] ip_local_out+0xc4/0x1b0 [ 182.047500][ T7935] ip_send_skb+0x42/0xf0 [ 182.051786][ T7935] udp_send_skb.isra.0+0x6b2/0x1180 [ 182.056984][ T7935] ? xfrm_lookup_route+0x5b/0x1f0 [ 182.062014][ T7935] udp_sendmsg+0x1dfd/0x2820 [ 182.066606][ T7935] ? perf_swevent_start_hrtimer.part.0+0xc0/0x130 [ 182.073016][ T7935] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 182.078733][ T7935] ? ip_reply_glue_bits+0xc0/0xc0 [ 182.083762][ T7935] ? udp4_lib_lookup_skb+0x440/0x440 [ 182.089056][ T7935] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 182.095309][ T7935] ? retint_kernel+0x2d/0x2d [ 182.099898][ T7935] ? trace_hardirqs_on_caller+0x6a/0x220 [ 182.105546][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 182.111037][ T7935] ? retint_kernel+0x2d/0x2d [ 182.115649][ T7935] udpv6_sendmsg+0x13a4/0x28d0 [ 182.120431][ T7935] ? udpv6_sendmsg+0x13a4/0x28d0 [ 182.125368][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 182.130822][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 182.136308][ T7935] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 182.142292][ T7935] ? aa_profile_af_perm+0x320/0x320 [ 182.147488][ T7935] ? __might_fault+0x12b/0x1e0 [ 182.152248][ T7935] ? find_held_lock+0x35/0x130 [ 182.157041][ T7935] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 182.163281][ T7935] ? rw_copy_check_uvector+0x2a6/0x330 [ 182.168757][ T7935] ? ___might_sleep+0x163/0x280 [ 182.173631][ T7935] ? __might_sleep+0x95/0x190 [ 182.178306][ T7935] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 182.183959][ T7935] ? aa_sk_perm+0x288/0x880 [ 182.189014][ T7935] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 182.194568][ T7935] inet_sendmsg+0x147/0x5e0 [ 182.199083][ T7935] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 182.205064][ T7935] ? inet_sendmsg+0x147/0x5e0 [ 182.209739][ T7935] ? ipip_gro_receive+0x100/0x100 [ 182.214766][ T7935] sock_sendmsg+0xdd/0x130 [ 182.219194][ T7935] ___sys_sendmsg+0x3e2/0x930 [ 182.223877][ T7935] ? copy_msghdr_from_user+0x430/0x430 [ 182.229347][ T7935] ? __lock_acquire+0x548/0x3fb0 [ 182.234281][ T7935] ? lock_downgrade+0x880/0x880 [ 182.239134][ T7935] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 182.245384][ T7935] ? kasan_check_read+0x11/0x20 [ 182.250241][ T7935] ? __might_fault+0x12b/0x1e0 [ 182.255009][ T7935] ? find_held_lock+0x35/0x130 [ 182.259777][ T7935] ? __might_fault+0x12b/0x1e0 [ 182.264554][ T7935] ? lock_downgrade+0x880/0x880 [ 182.269416][ T7935] ? ___might_sleep+0x163/0x280 [ 182.274279][ T7935] __sys_sendmmsg+0x1bf/0x4d0 [ 182.278964][ T7935] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 182.284006][ T7935] ? _copy_to_user+0xc9/0x120 [ 182.288689][ T7935] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 182.294955][ T7935] ? put_timespec64+0xda/0x140 [ 182.299722][ T7935] ? nsecs_to_jiffies+0x30/0x30 [ 182.304583][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 182.310048][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 182.315513][ T7935] ? do_syscall_64+0x26/0x610 [ 182.320197][ T7935] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 182.326267][ T7935] ? do_syscall_64+0x26/0x610 [ 182.330960][ T7935] __x64_sys_sendmmsg+0x9d/0x100 [ 182.335902][ T7935] do_syscall_64+0x103/0x610 [ 182.340512][ T7935] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 182.346406][ T7935] RIP: 0033:0x4582b9 [ 182.350304][ T7935] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 182.369928][ T7935] RSP: 002b:00007f2146b68c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 182.378364][ T7935] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 182.386359][ T7935] RDX: 00000000000000c6 RSI: 00000000200002c0 RDI: 0000000000000005 [ 182.394338][ T7935] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 182.402307][ T7935] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2146b696d4 [ 182.410279][ T7935] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 182.418276][ T7940] CPU: 1 PID: 7940 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 182.427311][ T7940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 182.428660][ T7935] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7935 [ 182.437362][ T7940] Call Trace: [ 182.437402][ T7940] dump_stack+0x172/0x1f0 [ 182.437428][ T7940] __this_cpu_preempt_check+0x246/0x270 [ 182.437447][ T7940] sk_mc_loop+0x1d/0x210 [ 182.437464][ T7940] ip_mc_output+0x2ef/0xf70 [ 182.437485][ T7940] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 182.446866][ T7935] caller is sk_mc_loop+0x1d/0x210 [ 182.450064][ T7940] ? ip_append_data.part.0+0x170/0x170 [ 182.450078][ T7940] ? ip_make_skb+0x1b1/0x2c0 [ 182.450091][ T7940] ? ip_reply_glue_bits+0xc0/0xc0 [ 182.450109][ T7940] ip_local_out+0xc4/0x1b0 [ 182.450125][ T7940] ip_send_skb+0x42/0xf0 [ 182.450142][ T7940] udp_send_skb.isra.0+0x6b2/0x1180 [ 182.450157][ T7940] ? xfrm_lookup_route+0x5b/0x1f0 [ 182.450177][ T7940] udp_sendmsg+0x1dfd/0x2820 [ 182.450196][ T7940] ? ip_reply_glue_bits+0xc0/0xc0 [ 182.450212][ T7940] ? udp4_lib_lookup_skb+0x440/0x440 [ 182.450229][ T7940] ? flexible_sched_in+0xcb/0x9c0 [ 182.450247][ T7940] ? visit_groups_merge+0x4c0/0x5d0 [ 182.450266][ T7940] ? retint_kernel+0x2d/0x2d [ 182.450281][ T7940] ? trace_hardirqs_on_caller+0x6a/0x220 [ 182.450302][ T7940] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 182.450323][ T7940] ? retint_kernel+0x2d/0x2d [ 182.450351][ T7940] udpv6_sendmsg+0x13a4/0x28d0 [ 182.450364][ T7940] ? udpv6_sendmsg+0x13a4/0x28d0 [ 182.450383][ T7940] ? mark_held_locks+0xa4/0xf0 [ 182.450403][ T7940] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 182.450427][ T7940] ? aa_profile_af_perm+0x320/0x320 [ 182.450444][ T7940] ? __might_fault+0x12b/0x1e0 [ 182.450459][ T7940] ? find_held_lock+0x35/0x130 [ 182.450477][ T7940] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 182.450494][ T7940] ? rw_copy_check_uvector+0x2a6/0x330 [ 182.450521][ T7940] ? ___might_sleep+0x163/0x280 [ 182.450539][ T7940] ? __might_sleep+0x95/0x190 [ 182.450558][ T7940] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 182.450571][ T7940] ? aa_sk_perm+0x288/0x880 [ 182.450605][ T7940] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 182.450624][ T7940] inet_sendmsg+0x147/0x5e0 [ 182.450637][ T7940] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 182.450649][ T7940] ? inet_sendmsg+0x147/0x5e0 [ 182.450661][ T7940] ? ipip_gro_receive+0x100/0x100 [ 182.450680][ T7940] sock_sendmsg+0xdd/0x130 [ 182.450709][ T7940] ___sys_sendmsg+0x3e2/0x930 [ 182.450729][ T7940] ? copy_msghdr_from_user+0x430/0x430 [ 182.450747][ T7940] ? __lock_acquire+0x548/0x3fb0 [ 182.450767][ T7940] ? lock_downgrade+0x880/0x880 [ 182.450780][ T7940] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 182.450800][ T7940] ? kasan_check_read+0x11/0x20 [ 182.450819][ T7940] ? __might_fault+0x12b/0x1e0 [ 182.692007][ T7940] ? find_held_lock+0x35/0x130 [ 182.696774][ T7940] ? __might_fault+0x12b/0x1e0 [ 182.701543][ T7940] ? lock_downgrade+0x880/0x880 [ 182.706402][ T7940] ? ___might_sleep+0x163/0x280 [ 182.711253][ T7940] __sys_sendmmsg+0x1bf/0x4d0 [ 182.716304][ T7940] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 182.721341][ T7940] ? _copy_to_user+0xc9/0x120 [ 182.726021][ T7940] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 182.732261][ T7940] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 182.738518][ T7940] ? put_timespec64+0xda/0x140 [ 182.743636][ T7940] ? nsecs_to_jiffies+0x30/0x30 [ 182.748494][ T7940] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 182.753959][ T7940] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 182.759420][ T7940] ? do_syscall_64+0x26/0x610 [ 182.764099][ T7940] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 182.770171][ T7940] ? do_syscall_64+0x26/0x610 [ 182.774856][ T7940] __x64_sys_sendmmsg+0x9d/0x100 [ 182.779797][ T7940] do_syscall_64+0x103/0x610 [ 182.784394][ T7940] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 182.790284][ T7940] RIP: 0033:0x4582b9 [ 182.794181][ T7940] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 182.813790][ T7940] RSP: 002b:00007f2146b26c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 182.822204][ T7940] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 182.830173][ T7940] RDX: 00000000000000c6 RSI: 00000000200002c0 RDI: 0000000000000008 [ 182.838139][ T7940] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 182.846108][ T7940] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2146b276d4 [ 182.854079][ T7940] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 182.862072][ T7935] CPU: 0 PID: 7935 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 182.871106][ T7935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 182.881162][ T7935] Call Trace: [ 182.884484][ T7935] dump_stack+0x172/0x1f0 [ 182.888849][ T7935] __this_cpu_preempt_check+0x246/0x270 [ 182.894260][ T7940] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7940 [ 182.894411][ T7935] sk_mc_loop+0x1d/0x210 [ 182.903760][ T7940] caller is sk_mc_loop+0x1d/0x210 [ 182.907931][ T7935] ip_mc_output+0x2ef/0xf70 [ 182.917439][ T7935] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 182.922559][ T7935] ? ip_append_data.part.0+0x170/0x170 [ 182.928015][ T7935] ? ip_make_skb+0x1b1/0x2c0 [ 182.932603][ T7935] ? ip_reply_glue_bits+0xc0/0xc0 [ 182.937628][ T7935] ip_local_out+0xc4/0x1b0 [ 182.942049][ T7935] ip_send_skb+0x42/0xf0 [ 182.946292][ T7935] udp_send_skb.isra.0+0x6b2/0x1180 [ 182.951490][ T7935] ? xfrm_lookup_route+0x5b/0x1f0 [ 182.956519][ T7935] udp_sendmsg+0x1dfd/0x2820 [ 182.961107][ T7935] ? perf_swevent_start_hrtimer.part.0+0xc0/0x130 [ 182.967516][ T7935] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 182.973232][ T7935] ? ip_reply_glue_bits+0xc0/0xc0 [ 182.978273][ T7935] ? udp4_lib_lookup_skb+0x440/0x440 [ 182.983560][ T7935] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 182.989834][ T7935] ? retint_kernel+0x2d/0x2d [ 182.994420][ T7935] ? trace_hardirqs_on_caller+0x6a/0x220 [ 183.000055][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.005515][ T7935] ? retint_kernel+0x2d/0x2d [ 183.010119][ T7935] udpv6_sendmsg+0x13a4/0x28d0 [ 183.014885][ T7935] ? udpv6_sendmsg+0x13a4/0x28d0 [ 183.019850][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.025330][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.030794][ T7935] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 183.036782][ T7935] ? aa_profile_af_perm+0x320/0x320 [ 183.042006][ T7935] ? __might_fault+0x12b/0x1e0 [ 183.046778][ T7935] ? find_held_lock+0x35/0x130 [ 183.051541][ T7935] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 183.057790][ T7935] ? rw_copy_check_uvector+0x2a6/0x330 [ 183.063285][ T7935] ? ___might_sleep+0x163/0x280 [ 183.068159][ T7935] ? __might_sleep+0x95/0x190 [ 183.072837][ T7935] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 183.078474][ T7935] ? aa_sk_perm+0x288/0x880 [ 183.082981][ T7935] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 183.088524][ T7935] inet_sendmsg+0x147/0x5e0 [ 183.093023][ T7935] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 183.098992][ T7935] ? inet_sendmsg+0x147/0x5e0 [ 183.103676][ T7935] ? ipip_gro_receive+0x100/0x100 [ 183.108699][ T7935] sock_sendmsg+0xdd/0x130 [ 183.113127][ T7935] ___sys_sendmsg+0x3e2/0x930 [ 183.117803][ T7935] ? copy_msghdr_from_user+0x430/0x430 [ 183.123263][ T7935] ? __lock_acquire+0x548/0x3fb0 [ 183.128200][ T7935] ? lock_downgrade+0x880/0x880 [ 183.133055][ T7935] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 183.139298][ T7935] ? kasan_check_read+0x11/0x20 [ 183.144162][ T7935] ? __might_fault+0x12b/0x1e0 [ 183.148933][ T7935] ? find_held_lock+0x35/0x130 [ 183.153694][ T7935] ? __might_fault+0x12b/0x1e0 [ 183.158460][ T7935] ? lock_downgrade+0x880/0x880 [ 183.163316][ T7935] ? ___might_sleep+0x163/0x280 [ 183.168169][ T7935] __sys_sendmmsg+0x1bf/0x4d0 [ 183.172860][ T7935] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 183.177892][ T7935] ? _copy_to_user+0xc9/0x120 [ 183.182599][ T7935] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 183.188835][ T7935] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 183.195073][ T7935] ? put_timespec64+0xda/0x140 [ 183.199846][ T7935] ? nsecs_to_jiffies+0x30/0x30 [ 183.204717][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.210174][ T7935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.215637][ T7935] ? do_syscall_64+0x26/0x610 [ 183.220314][ T7935] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.226374][ T7935] ? do_syscall_64+0x26/0x610 [ 183.231055][ T7935] __x64_sys_sendmmsg+0x9d/0x100 [ 183.235991][ T7935] do_syscall_64+0x103/0x610 [ 183.240583][ T7935] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.246474][ T7935] RIP: 0033:0x4582b9 [ 183.250367][ T7935] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 183.269967][ T7935] RSP: 002b:00007f2146b68c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 183.278388][ T7935] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 183.286358][ T7935] RDX: 00000000000000c6 RSI: 00000000200002c0 RDI: 0000000000000005 [ 183.294340][ T7935] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 183.302305][ T7935] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2146b696d4 [ 183.310270][ T7935] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 183.318262][ T7940] CPU: 1 PID: 7940 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 183.327314][ T7940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 183.332125][ T7907] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 183.337365][ T7940] Call Trace: [ 183.337396][ T7940] dump_stack+0x172/0x1f0 [ 183.350090][ T7907] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 183.352799][ T7940] __this_cpu_preempt_check+0x246/0x270 [ 183.366037][ T7940] sk_mc_loop+0x1d/0x210 [ 183.370298][ T7940] ip_mc_output+0x2ef/0xf70 [ 183.374808][ T7940] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 183.379943][ T7940] ? ip_append_data.part.0+0x170/0x170 [ 183.385409][ T7940] ? ip_make_skb+0x1b1/0x2c0 [ 183.390005][ T7940] ? ip_reply_glue_bits+0xc0/0xc0 [ 183.390025][ T7940] ip_local_out+0xc4/0x1b0 [ 183.390043][ T7940] ip_send_skb+0x42/0xf0 [ 183.390066][ T7940] udp_send_skb.isra.0+0x6b2/0x1180 [ 183.399483][ T7940] ? xfrm_lookup_route+0x5b/0x1f0 [ 183.399506][ T7940] udp_sendmsg+0x1dfd/0x2820 [ 183.399529][ T7940] ? ip_reply_glue_bits+0xc0/0xc0 [ 183.423642][ T7940] ? udp4_lib_lookup_skb+0x440/0x440 [ 183.429036][ T7940] ? flexible_sched_in+0xcb/0x9c0 [ 183.434076][ T7940] ? visit_groups_merge+0x4c0/0x5d0 [ 183.439279][ T7940] ? retint_kernel+0x2d/0x2d [ 183.443867][ T7940] ? trace_hardirqs_on_caller+0x6a/0x220 [ 183.449501][ T7940] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.454966][ T7940] ? retint_kernel+0x2d/0x2d [ 183.459569][ T7940] udpv6_sendmsg+0x13a4/0x28d0 [ 183.464333][ T7940] ? udpv6_sendmsg+0x13a4/0x28d0 [ 183.469272][ T7940] ? mark_held_locks+0xa4/0xf0 [ 183.474039][ T7940] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 183.480064][ T7940] ? aa_profile_af_perm+0x320/0x320 [ 183.485281][ T7940] ? __might_fault+0x12b/0x1e0 [ 183.490054][ T7940] ? find_held_lock+0x35/0x130 [ 183.494812][ T7940] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 183.501071][ T7940] ? rw_copy_check_uvector+0x2a6/0x330 [ 183.506541][ T7940] ? ___might_sleep+0x163/0x280 [ 183.511388][ T7940] ? __might_sleep+0x95/0x190 [ 183.516071][ T7940] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 183.521714][ T7940] ? aa_sk_perm+0x288/0x880 [ 183.526228][ T7940] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 183.531777][ T7940] inet_sendmsg+0x147/0x5e0 [ 183.536277][ T7940] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 183.542246][ T7940] ? inet_sendmsg+0x147/0x5e0 [ 183.546924][ T7940] ? ipip_gro_receive+0x100/0x100 [ 183.553469][ T7940] sock_sendmsg+0xdd/0x130 [ 183.557917][ T7940] ___sys_sendmsg+0x3e2/0x930 [ 183.562596][ T7940] ? copy_msghdr_from_user+0x430/0x430 [ 183.568053][ T7940] ? __lock_acquire+0x548/0x3fb0 [ 183.572984][ T7940] ? lock_downgrade+0x880/0x880 [ 183.577827][ T7940] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 183.584069][ T7940] ? kasan_check_read+0x11/0x20 [ 183.588931][ T7940] ? __might_fault+0x12b/0x1e0 [ 183.593707][ T7940] ? find_held_lock+0x35/0x130 [ 183.598465][ T7940] ? __might_fault+0x12b/0x1e0 [ 183.603229][ T7940] ? lock_downgrade+0x880/0x880 [ 183.608112][ T7940] ? ___might_sleep+0x163/0x280 [ 183.612964][ T7940] __sys_sendmmsg+0x1bf/0x4d0 [ 183.617649][ T7940] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 183.622682][ T7940] ? _copy_to_user+0xc9/0x120 [ 183.627363][ T7940] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 183.633600][ T7940] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 183.639843][ T7940] ? put_timespec64+0xda/0x140 [ 183.644605][ T7940] ? nsecs_to_jiffies+0x30/0x30 [ 183.649471][ T7940] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.654949][ T7940] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.660419][ T7940] ? do_syscall_64+0x26/0x610 [ 183.665099][ T7940] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.671161][ T7940] ? do_syscall_64+0x26/0x610 [ 183.675839][ T7940] __x64_sys_sendmmsg+0x9d/0x100 [ 183.680780][ T7940] do_syscall_64+0x103/0x610 [ 183.685370][ T7940] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.691282][ T7940] RIP: 0033:0x4582b9 [ 183.695178][ T7940] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 183.714827][ T7940] RSP: 002b:00007f2146b26c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 183.723254][ T7940] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 183.731237][ T7940] RDX: 00000000000000c6 RSI: 00000000200002c0 RDI: 0000000000000008 [ 183.739211][ T7940] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 183.747184][ T7940] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2146b276d4 [ 183.755173][ T7940] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 183.792493][ T7909] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.820029][ T7909] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.829175][ T7909] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.836262][ T7909] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.850101][ T7909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.864572][ T7909] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.884690][ T7909] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.891856][ T7909] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.899871][ T7909] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 183.908695][ T7909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 183.917813][ T7909] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 183.926758][ T7909] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.935966][ T7909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 183.945200][ T7909] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.953765][ T7909] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 183.962565][ T7909] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 183.975941][ T7898] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 183.992369][ T7906] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 184.040840][ T7906] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 184.054864][ T7909] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 184.064148][ T7909] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 184.072604][ T7909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 184.081126][ T7909] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 184.098069][ T7901] 8021q: adding VLAN 0 to HW filter on device batadv0 20:10:21 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_create(0x0, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) write(r0, &(0x7f0000000080)="220000002000070700be0000090007010a0000f801003c0100ff040405000c008000", 0x22) [ 184.173038][ T7954] vhci_hcd: default hub control req: c000 v2000 i0000 l0 [ 184.195670][ T7906] 8021q: adding VLAN 0 to HW filter on device batadv0 20:10:21 executing program 0: syz_open_dev$video(0x0, 0x4000000000000009, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x2000, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) connect$netrom(0xffffffffffffffff, 0x0, 0x0) shmctl$SHM_INFO(0x0, 0xe, &(0x7f0000000200)=""/234) add_key(&(0x7f0000000600)='encrypted\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) add_key(&(0x7f00000017c0)='ceph\x00', 0x0, &(0x7f0000001840), 0x0, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000004c0)={0x1000000a, 0xfffbffffffffffff, 0x1}) 20:10:21 executing program 4: socket$inet_udp(0x2, 0x2, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000280)=0x7, 0x4) sendmmsg(r0, &(0x7f00000002c0), 0xc6, 0x0) 20:10:21 executing program 5: socket$inet_udp(0x2, 0x2, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000280)=0x7, 0x4) sendmmsg(r0, &(0x7f00000002c0), 0xc6, 0x0) 20:10:21 executing program 3: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x80000000006, 0x1000000000000001) ioctl$FS_IOC_FSGETXATTR(r0, 0x802c550a, &(0x7f0000000100)={0x2, 0x0, 0x0, 0x740008, 0xffffffff7ff0bdbe}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$SCSI_IOCTL_GET_PCI(r0, 0x4004550d, &(0x7f0000000240)) 20:10:21 executing program 1: socket$inet_udp(0x2, 0x2, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000280)=0x7, 0x4) sendmmsg(r0, &(0x7f00000002c0), 0xc6, 0x0) 20:10:21 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_create(0x0, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) write(r0, &(0x7f0000000080)="220000002000070700be0000090007010a0000f801003c0100ff040405000c008000", 0x22) 20:10:21 executing program 0: syz_open_dev$video(0x0, 0x4000000000000009, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x2000, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) connect$netrom(0xffffffffffffffff, 0x0, 0x0) shmctl$SHM_INFO(0x0, 0xe, &(0x7f0000000200)=""/234) add_key(&(0x7f0000000600)='encrypted\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) add_key(&(0x7f00000017c0)='ceph\x00', 0x0, &(0x7f0000001840), 0x0, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000004c0)={0x1000000a, 0xfffbffffffffffff, 0x1}) [ 184.487998][ T7976] vhci_hcd: default hub control req: c000 v2000 i0000 l0 [ 184.555050][ T7975] check_preemption_disabled: 386 callbacks suppressed [ 184.555103][ T7975] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7975 [ 184.574784][ T7975] caller is sk_mc_loop+0x1d/0x210 [ 184.580089][ T7975] CPU: 0 PID: 7975 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 184.589129][ T7975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 184.596500][ T7984] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/7984 [ 184.599200][ T7975] Call Trace: [ 184.599230][ T7975] dump_stack+0x172/0x1f0 [ 184.599259][ T7975] __this_cpu_preempt_check+0x246/0x270 [ 184.599281][ T7975] sk_mc_loop+0x1d/0x210 [ 184.599303][ T7975] ip_mc_output+0x2ef/0xf70 [ 184.599328][ T7975] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 184.599351][ T7975] ? ip_append_data.part.0+0x170/0x170 [ 184.599375][ T7975] ? retint_kernel+0x2d/0x2d [ 184.609207][ T7984] caller is sk_mc_loop+0x1d/0x210 [ 184.612385][ T7975] ip_local_out+0xc4/0x1b0 [ 184.612405][ T7975] ip_send_skb+0x42/0xf0 [ 184.612424][ T7975] udp_send_skb.isra.0+0x6b2/0x1180 [ 184.612438][ T7975] ? ip_reply_glue_bits+0xc0/0xc0 [ 184.612469][ T7975] udp_sendmsg+0x1dfd/0x2820 [ 184.675035][ T7975] ? perf_swevent_start_hrtimer.part.0+0xc0/0x130 [ 184.681467][ T7975] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 184.687212][ T7975] ? ip_reply_glue_bits+0xc0/0xc0 [ 184.692262][ T7975] ? udp4_lib_lookup_skb+0x440/0x440 [ 184.697564][ T7975] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 184.703834][ T7975] ? retint_kernel+0x2d/0x2d [ 184.708440][ T7975] ? trace_hardirqs_on_caller+0x6a/0x220 [ 184.714318][ T7975] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.720120][ T7975] ? retint_kernel+0x2d/0x2d [ 184.724741][ T7975] udpv6_sendmsg+0x13a4/0x28d0 [ 184.729525][ T7975] ? udpv6_sendmsg+0x13a4/0x28d0 [ 184.734481][ T7975] ? retint_kernel+0x2d/0x2d [ 184.739175][ T7975] ? trace_hardirqs_on_caller+0x6a/0x220 [ 184.744840][ T7975] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 184.750963][ T7975] ? aa_profile_af_perm+0x320/0x320 [ 184.756184][ T7975] ? rw_copy_check_uvector+0x34/0x330 [ 184.761583][ T7975] ? rw_copy_check_uvector+0x2a1/0x330 [ 184.767059][ T7975] ? rw_copy_check_uvector+0x2a6/0x330 [ 184.772543][ T7975] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.778032][ T7975] ? lockdep_hardirqs_on+0x418/0x5d0 [ 184.783342][ T7975] ? ___might_sleep+0x163/0x280 [ 184.788215][ T7975] ? __might_sleep+0x95/0x190 [ 184.792943][ T7975] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 184.798597][ T7975] ? aa_sk_perm+0x288/0x880 [ 184.803257][ T7975] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 184.808893][ T7975] inet_sendmsg+0x147/0x5e0 [ 184.813441][ T7975] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 184.819433][ T7975] ? inet_sendmsg+0x147/0x5e0 [ 184.824126][ T7975] ? ipip_gro_receive+0x100/0x100 [ 184.829174][ T7975] sock_sendmsg+0xdd/0x130 [ 184.833615][ T7975] ___sys_sendmsg+0x3e2/0x930 [ 184.838318][ T7975] ? copy_msghdr_from_user+0x430/0x430 [ 184.843803][ T7975] ? lock_downgrade+0x880/0x880 [ 184.848806][ T7975] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 184.855069][ T7975] ? kasan_check_read+0x11/0x20 [ 184.859972][ T7975] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.865533][ T7975] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.871009][ T7975] ? lockdep_hardirqs_on+0x418/0x5d0 [ 184.876311][ T7975] ? retint_kernel+0x2d/0x2d [ 184.880944][ T7975] ? trace_hardirqs_on_caller+0x6a/0x220 [ 184.886613][ T7975] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.892091][ T7975] ? retint_kernel+0x2d/0x2d [ 184.896709][ T7975] ? __sys_sendmmsg+0x15f/0x4d0 [ 184.902027][ T7975] __sys_sendmmsg+0x1bf/0x4d0 [ 184.906738][ T7975] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 184.911792][ T7975] ? _copy_to_user+0xc9/0x120 [ 184.916494][ T7975] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 184.922750][ T7975] ? put_timespec64+0xda/0x140 [ 184.927528][ T7975] ? nsecs_to_jiffies+0x30/0x30 [ 184.932494][ T7975] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.937985][ T7975] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.943483][ T7975] ? do_syscall_64+0x26/0x610 [ 184.948178][ T7975] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 184.954266][ T7975] ? do_syscall_64+0x26/0x610 [ 184.958982][ T7975] __x64_sys_sendmmsg+0x9d/0x100 [ 184.963968][ T7975] do_syscall_64+0x103/0x610 [ 184.968705][ T7975] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 184.974744][ T7975] RIP: 0033:0x4582b9 [ 184.978653][ T7975] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 184.998387][ T7975] RSP: 002b:00007f2146b68c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 185.006813][ T7975] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 185.014884][ T7975] RDX: 00000000000000c6 RSI: 00000000200002c0 RDI: 0000000000000005 [ 185.022901][ T7975] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 185.030942][ T7975] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2146b696d4 [ 185.038978][ T7975] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 185.047012][ T7984] CPU: 1 PID: 7984 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 185.056055][ T7984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 185.066287][ T7984] Call Trace: [ 185.069604][ T7984] dump_stack+0x172/0x1f0 [ 185.073996][ T7984] __this_cpu_preempt_check+0x246/0x270 [ 185.079568][ T7984] sk_mc_loop+0x1d/0x210 [ 185.083990][ T7984] ip_mc_output+0x2ef/0xf70 [ 185.085616][ T7987] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7987 [ 185.088516][ T7984] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 185.088538][ T7984] ? ip_append_data.part.0+0x170/0x170 [ 185.088557][ T7984] ? retint_kernel+0x2d/0x2d [ 185.088576][ T7984] ip_local_out+0xc4/0x1b0 [ 185.088594][ T7984] ip_send_skb+0x42/0xf0 [ 185.088612][ T7984] udp_send_skb.isra.0+0x6b2/0x1180 [ 185.088637][ T7984] ? xfrm_lookup_route+0x5b/0x1f0 [ 185.100977][ T7987] caller is sk_mc_loop+0x1d/0x210 [ 185.103092][ T7984] udp_sendmsg+0x1dfd/0x2820 [ 185.103115][ T7984] ? ip_reply_glue_bits+0xc0/0xc0 [ 185.103136][ T7984] ? udp4_lib_lookup_skb+0x440/0x440 [ 185.103156][ T7984] ? flexible_sched_in+0xcb/0x9c0 [ 185.103179][ T7984] ? visit_groups_merge+0x4c0/0x5d0 [ 185.162233][ T7984] ? __perf_event_task_sched_in+0x640/0x820 [ 185.168147][ T7984] ? find_held_lock+0x35/0x130 [ 185.172966][ T7984] ? __lock_acquire+0x548/0x3fb0 [ 185.177964][ T7984] udpv6_sendmsg+0x13a4/0x28d0 [ 185.182748][ T7984] ? udpv6_sendmsg+0x13a4/0x28d0 [ 185.187708][ T7984] ? mark_held_locks+0xa4/0xf0 [ 185.192495][ T7984] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 185.198503][ T7984] ? aa_profile_af_perm+0x320/0x320 [ 185.203721][ T7984] ? lockdep_hardirqs_on+0x418/0x5d0 [ 185.209027][ T7984] ? retint_kernel+0x2d/0x2d [ 185.213635][ T7984] ? trace_hardirqs_on_caller+0x6a/0x220 [ 185.219432][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.225020][ T7984] ? retint_kernel+0x2d/0x2d [ 185.229759][ T7984] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 185.235406][ T7984] ? aa_sk_perm+0x288/0x880 [ 185.239962][ T7984] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 185.245642][ T7984] inet_sendmsg+0x147/0x5e0 [ 185.250165][ T7984] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 185.256161][ T7984] ? inet_sendmsg+0x147/0x5e0 [ 185.260855][ T7984] ? ipip_gro_receive+0x100/0x100 [ 185.265899][ T7984] sock_sendmsg+0xdd/0x130 [ 185.270369][ T7984] ___sys_sendmsg+0x3e2/0x930 [ 185.275067][ T7984] ? copy_msghdr_from_user+0x430/0x430 [ 185.280738][ T7984] ? lock_downgrade+0x880/0x880 [ 185.285607][ T7984] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.291866][ T7984] ? kasan_check_read+0x11/0x20 [ 185.296738][ T7984] ? __fget+0x381/0x550 [ 185.301040][ T7984] ? ksys_dup3+0x3e0/0x3e0 [ 185.305637][ T7984] ? __fget_light+0x1a9/0x230 [ 185.310336][ T7984] ? __fdget+0x1b/0x20 [ 185.314426][ T7984] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 185.320685][ T7984] ? sockfd_lookup_light+0xcb/0x180 [ 185.325908][ T7984] __sys_sendmmsg+0x1bf/0x4d0 [ 185.330728][ T7984] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 185.335783][ T7984] ? lockdep_hardirqs_on+0x418/0x5d0 [ 185.341213][ T7984] ? retint_kernel+0x2d/0x2d [ 185.345890][ T7984] ? trace_hardirqs_on_caller+0x6a/0x220 [ 185.351576][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.357057][ T7984] ? retint_kernel+0x2d/0x2d [ 185.361676][ T7984] __x64_sys_sendmmsg+0x9d/0x100 [ 185.366652][ T7984] do_syscall_64+0x103/0x610 [ 185.371269][ T7984] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.377293][ T7984] RIP: 0033:0x4582b9 [ 185.381210][ T7984] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 185.400826][ T7984] RSP: 002b:00007fad8e823c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 185.409251][ T7984] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 185.417372][ T7984] RDX: 00000000000000c6 RSI: 00000000200002c0 RDI: 0000000000000005 [ 185.425358][ T7984] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 185.433350][ T7984] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fad8e8246d4 [ 185.441334][ T7984] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 185.449449][ T7987] CPU: 0 PID: 7987 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 185.458872][ T7987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 185.469336][ T7987] Call Trace: [ 185.472654][ T7987] dump_stack+0x172/0x1f0 [ 185.477014][ T7987] __this_cpu_preempt_check+0x246/0x270 [ 185.482586][ T7987] sk_mc_loop+0x1d/0x210 [ 185.486852][ T7987] ip_mc_output+0x2ef/0xf70 [ 185.491384][ T7987] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 185.496532][ T7987] ? retint_kernel+0x2d/0x2d [ 185.501147][ T7987] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 185.506291][ T7987] ip_local_out+0xc4/0x1b0 [ 185.510729][ T7987] ip_send_skb+0x42/0xf0 [ 185.514998][ T7987] udp_send_skb.isra.0+0x6b2/0x1180 [ 185.520228][ T7987] ? xfrm_lookup_route+0x5b/0x1f0 [ 185.525428][ T7987] udp_sendmsg+0x1dfd/0x2820 [ 185.530154][ T7987] ? perf_swevent_start_hrtimer.part.0+0xc0/0x130 [ 185.536614][ T7987] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 185.536635][ T7987] ? ip_reply_glue_bits+0xc0/0xc0 [ 185.547547][ T7987] ? udp4_lib_lookup_skb+0x440/0x440 [ 185.547568][ T7987] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.547597][ T7987] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.564708][ T7987] ? trace_hardirqs_on_caller+0x6a/0x220 [ 185.570364][ T7987] ? retint_kernel+0x2d/0x2d [ 185.574992][ T7987] ? udpv6_sendmsg+0x1ea/0x28d0 [ 185.579860][ T7987] udpv6_sendmsg+0x13a4/0x28d0 [ 185.584638][ T7987] ? udpv6_sendmsg+0x13a4/0x28d0 [ 185.589591][ T7987] ? lock_downgrade+0x880/0x880 [ 185.594462][ T7987] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 185.600481][ T7987] ? trace_hardirqs_on_caller+0x6a/0x220 [ 185.606125][ T7987] ? aa_profile_af_perm+0x320/0x320 [ 185.611350][ T7987] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.616826][ T7987] ? retint_kernel+0x2d/0x2d [ 185.621455][ T7987] ? ___might_sleep+0x163/0x280 [ 185.626325][ T7987] ? __might_sleep+0x95/0x190 [ 185.631031][ T7987] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 185.636685][ T7987] ? aa_sk_perm+0x288/0x880 [ 185.641226][ T7987] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 185.646797][ T7987] inet_sendmsg+0x147/0x5e0 [ 185.651320][ T7987] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 185.657315][ T7987] ? inet_sendmsg+0x147/0x5e0 [ 185.662016][ T7987] ? ipip_gro_receive+0x100/0x100 [ 185.667060][ T7987] sock_sendmsg+0xdd/0x130 [ 185.671615][ T7987] ___sys_sendmsg+0x3e2/0x930 [ 185.676315][ T7987] ? copy_msghdr_from_user+0x430/0x430 [ 185.682004][ T7987] ? lock_downgrade+0x880/0x880 [ 185.686870][ T7987] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.693126][ T7987] ? kasan_check_read+0x11/0x20 [ 185.697998][ T7987] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.703614][ T7987] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.709086][ T7987] ? lockdep_hardirqs_on+0x418/0x5d0 [ 185.714565][ T7987] ? retint_kernel+0x2d/0x2d [ 185.719170][ T7987] ? trace_hardirqs_on_caller+0x6a/0x220 [ 185.724828][ T7987] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.730370][ T7987] ? retint_kernel+0x2d/0x2d [ 185.734994][ T7987] __sys_sendmmsg+0x1bf/0x4d0 [ 185.739685][ T7987] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 185.744747][ T7987] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.750364][ T7987] ? lockdep_hardirqs_on+0x418/0x5d0 [ 185.755723][ T7987] ? retint_kernel+0x2d/0x2d [ 185.760328][ T7987] ? trace_hardirqs_on_caller+0x6a/0x220 [ 185.765985][ T7987] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.771457][ T7987] ? retint_kernel+0x2d/0x2d [ 185.776066][ T7987] __x64_sys_sendmmsg+0x9d/0x100 [ 185.781016][ T7987] ? do_syscall_64+0x5b/0x610 [ 185.785702][ T7987] do_syscall_64+0x103/0x610 [ 185.790308][ T7987] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.796209][ T7987] RIP: 0033:0x4582b9 [ 185.800128][ T7987] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 185.819855][ T7987] RSP: 002b:00007f81a60c4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 185.828276][ T7987] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 185.836321][ T7987] RDX: 00000000000000c6 RSI: 00000000200002c0 RDI: 0000000000000005 [ 185.844318][ T7987] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 185.852297][ T7987] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f81a60c56d4 20:10:22 executing program 3: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x80000000006, 0x1000000000000001) ioctl$FS_IOC_FSGETXATTR(r0, 0x802c550a, &(0x7f0000000100)={0x2, 0x0, 0x0, 0x740008, 0xffffffff7ff0bdbe}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$SCSI_IOCTL_GET_PCI(r0, 0x4004550d, &(0x7f0000000240)) 20:10:23 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_create(0x0, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) write(r0, &(0x7f0000000080)="220000002000070700be0000090007010a0000f801003c0100ff040405000c008000", 0x22) [ 185.860279][ T7987] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 185.883099][ T7987] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7987 [ 185.885467][ T7984] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/7984 [ 185.892675][ T7987] caller is sk_mc_loop+0x1d/0x210 [ 185.892771][ T7987] CPU: 1 PID: 7987 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 185.892780][ T7987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 185.892785][ T7987] Call Trace: [ 185.892805][ T7987] dump_stack+0x172/0x1f0 [ 185.892832][ T7987] __this_cpu_preempt_check+0x246/0x270 [ 185.892849][ T7987] sk_mc_loop+0x1d/0x210 [ 185.892867][ T7987] ip_mc_output+0x2ef/0xf70 [ 185.892888][ T7987] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 185.892909][ T7987] ? ip_append_data.part.0+0x170/0x170 [ 185.892960][ T7987] ? retint_kernel+0x2d/0x2d [ 185.892979][ T7987] ip_local_out+0xc4/0x1b0 [ 185.892997][ T7987] ip_send_skb+0x42/0xf0 [ 185.893015][ T7987] udp_send_skb.isra.0+0x6b2/0x1180 [ 185.893032][ T7987] ? xfrm_lookup_route+0x5b/0x1f0 [ 185.893056][ T7987] udp_sendmsg+0x1dfd/0x2820 [ 185.893073][ T7987] ? perf_swevent_start_hrtimer.part.0+0xc0/0x130 [ 185.893088][ T7987] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 185.893107][ T7987] ? ip_reply_glue_bits+0xc0/0xc0 [ 185.893128][ T7987] ? udp4_lib_lookup_skb+0x440/0x440 [ 185.893147][ T7987] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.893170][ T7987] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.893192][ T7987] ? trace_hardirqs_on_caller+0x6a/0x220 [ 185.893218][ T7987] ? retint_kernel+0x2d/0x2d [ 185.893242][ T7987] ? udpv6_sendmsg+0x1ea/0x28d0 [ 185.893262][ T7987] udpv6_sendmsg+0x13a4/0x28d0 [ 185.893277][ T7987] ? udpv6_sendmsg+0x13a4/0x28d0 [ 185.893293][ T7987] ? lock_downgrade+0x880/0x880 [ 185.893316][ T7987] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 185.893339][ T7987] ? aa_profile_af_perm+0x320/0x320 [ 185.893357][ T7987] ? __might_fault+0x12b/0x1e0 [ 185.893371][ T7987] ? find_held_lock+0x35/0x130 [ 185.893389][ T7987] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 185.893406][ T7987] ? rw_copy_check_uvector+0x2a6/0x330 [ 185.893424][ T7987] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.893441][ T7987] ? lockdep_hardirqs_on+0x418/0x5d0 [ 185.893462][ T7987] ? ___might_sleep+0x163/0x280 [ 185.893479][ T7987] ? __might_sleep+0x95/0x190 [ 185.893498][ T7987] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 185.893511][ T7987] ? aa_sk_perm+0x288/0x880 [ 185.893535][ T7987] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 185.893554][ T7987] inet_sendmsg+0x147/0x5e0 [ 185.893570][ T7987] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 185.893582][ T7987] ? inet_sendmsg+0x147/0x5e0 [ 185.893596][ T7987] ? ipip_gro_receive+0x100/0x100 [ 185.893615][ T7987] sock_sendmsg+0xdd/0x130 [ 185.893632][ T7987] ___sys_sendmsg+0x3e2/0x930 [ 185.893653][ T7987] ? copy_msghdr_from_user+0x430/0x430 [ 185.893671][ T7987] ? __lock_acquire+0x548/0x3fb0 [ 185.893687][ T7987] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.893717][ T7987] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.903240][ T7984] caller is sk_mc_loop+0x1d/0x210 [ 185.908196][ T7987] ? lockdep_hardirqs_on+0x418/0x5d0 [ 185.908212][ T7987] ? retint_kernel+0x2d/0x2d [ 185.908227][ T7987] ? trace_hardirqs_on_caller+0x6a/0x220 [ 185.908247][ T7987] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.908268][ T7987] ? retint_kernel+0x2d/0x2d [ 185.908297][ T7987] ? ___might_sleep+0x163/0x280 [ 186.207485][ T7987] __sys_sendmmsg+0x1bf/0x4d0 [ 186.212208][ T7987] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 186.217262][ T7987] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.222740][ T7987] ? lockdep_hardirqs_on+0x418/0x5d0 [ 186.228227][ T7987] ? trace_hardirqs_on_caller+0x6a/0x220 [ 186.233887][ T7987] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.239540][ T7987] ? retint_kernel+0x2d/0x2d [ 186.244154][ T7987] __x64_sys_sendmmsg+0x9d/0x100 [ 186.249111][ T7987] ? do_syscall_64+0x5b/0x610 [ 186.253943][ T7987] do_syscall_64+0x103/0x610 [ 186.258561][ T7987] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 186.264637][ T7987] RIP: 0033:0x4582b9 [ 186.268662][ T7987] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 186.288495][ T7987] RSP: 002b:00007f81a60c4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 186.296948][ T7987] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 186.304960][ T7987] RDX: 00000000000000c6 RSI: 00000000200002c0 RDI: 0000000000000005 [ 186.312971][ T7987] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 186.320974][ T7987] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f81a60c56d4 [ 186.328985][ T7987] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 186.337061][ T7984] CPU: 0 PID: 7984 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 186.346106][ T7984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 186.356165][ T7984] Call Trace: [ 186.359477][ T7984] dump_stack+0x172/0x1f0 [ 186.363828][ T7984] __this_cpu_preempt_check+0x246/0x270 [ 186.369387][ T7984] sk_mc_loop+0x1d/0x210 [ 186.373645][ T7984] ip_mc_output+0x2ef/0xf70 [ 186.378164][ T7984] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 186.383293][ T7984] ? retint_kernel+0x2d/0x2d [ 186.387896][ T7984] ? ip_append_data.part.0+0x170/0x170 [ 186.393401][ T7984] ip_local_out+0xc4/0x1b0 [ 186.397832][ T7984] ip_send_skb+0x42/0xf0 [ 186.402090][ T7984] udp_send_skb.isra.0+0x6b2/0x1180 [ 186.407298][ T7984] ? xfrm_lookup_route+0x5b/0x1f0 [ 186.412357][ T7984] udp_sendmsg+0x1dfd/0x2820 [ 186.416994][ T7984] ? ip_reply_glue_bits+0xc0/0xc0 [ 186.422037][ T7984] ? udp4_lib_lookup_skb+0x440/0x440 [ 186.427334][ T7984] ? flexible_sched_in+0xcb/0x9c0 [ 186.432386][ T7984] ? visit_groups_merge+0x4c0/0x5d0 [ 186.437607][ T7984] ? __perf_event_task_sched_in+0x640/0x820 [ 186.443512][ T7984] ? find_held_lock+0x35/0x130 [ 186.448290][ T7984] ? __lock_acquire+0x548/0x3fb0 [ 186.453249][ T7984] udpv6_sendmsg+0x13a4/0x28d0 [ 186.458022][ T7984] ? udpv6_sendmsg+0x13a4/0x28d0 [ 186.463061][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.468530][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.474104][ T7984] ? lockdep_hardirqs_on+0x418/0x5d0 [ 186.479403][ T7984] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 186.485407][ T7984] ? aa_profile_af_perm+0x320/0x320 [ 186.490870][ T7984] ? lock_is_held_type+0x272/0x320 [ 186.496005][ T7984] ? ___might_sleep+0x163/0x280 [ 186.500868][ T7984] ? __might_sleep+0x95/0x190 [ 186.505559][ T7984] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 186.511203][ T7984] ? aa_sk_perm+0x288/0x880 [ 186.515725][ T7984] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 186.521282][ T7984] inet_sendmsg+0x147/0x5e0 [ 186.525795][ T7984] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 186.531782][ T7984] ? inet_sendmsg+0x147/0x5e0 [ 186.536494][ T7984] ? ipip_gro_receive+0x100/0x100 [ 186.541544][ T7984] sock_sendmsg+0xdd/0x130 [ 186.545982][ T7984] ___sys_sendmsg+0x3e2/0x930 [ 186.550678][ T7984] ? copy_msghdr_from_user+0x430/0x430 [ 186.556147][ T7984] ? __lock_acquire+0x548/0x3fb0 [ 186.561095][ T7984] ? trace_hardirqs_on_caller+0x6a/0x220 [ 186.566825][ T7984] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 186.573170][ T7984] ? __might_fault+0x12b/0x1e0 [ 186.577967][ T7984] ? find_held_lock+0x35/0x130 [ 186.582740][ T7984] ? __might_fault+0x12b/0x1e0 [ 186.587518][ T7984] ? lock_downgrade+0x880/0x880 [ 186.592409][ T7984] ? ___might_sleep+0x163/0x280 [ 186.597337][ T7984] __sys_sendmmsg+0x1bf/0x4d0 [ 186.602196][ T7984] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 186.607243][ T7984] ? lockdep_hardirqs_on+0x418/0x5d0 [ 186.613083][ T7984] ? retint_kernel+0x2d/0x2d [ 186.617690][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.626438][ T7984] ? retint_kernel+0x2d/0x2d [ 186.631051][ T7984] __x64_sys_sendmmsg+0x9d/0x100 [ 186.636103][ T7984] do_syscall_64+0x103/0x610 [ 186.640722][ T7984] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 186.646625][ T7984] RIP: 0033:0x4582b9 [ 186.650533][ T7984] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 186.670387][ T7984] RSP: 002b:00007fad8e823c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 186.678945][ T7984] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 186.686950][ T7984] RDX: 00000000000000c6 RSI: 00000000200002c0 RDI: 0000000000000005 [ 186.694954][ T7984] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 186.702963][ T7984] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fad8e8246d4 [ 186.710964][ T7984] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 186.771979][ T7975] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7975 [ 186.775140][ T7994] vhci_hcd: default hub control req: c000 v2000 i0000 l0 [ 186.781443][ T7975] caller is sk_mc_loop+0x1d/0x210 [ 186.793752][ T7975] CPU: 1 PID: 7975 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 186.802791][ T7975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 186.812856][ T7975] Call Trace: [ 186.816173][ T7975] dump_stack+0x172/0x1f0 [ 186.820533][ T7975] __this_cpu_preempt_check+0x246/0x270 [ 186.826190][ T7975] sk_mc_loop+0x1d/0x210 [ 186.830466][ T7975] ip_mc_output+0x2ef/0xf70 [ 186.834997][ T7975] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 186.840131][ T7975] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.845627][ T7975] ? ip_append_data.part.0+0x170/0x170 [ 186.851111][ T7975] ? retint_kernel+0x2d/0x2d [ 186.855728][ T7975] ip_local_out+0xc4/0x1b0 [ 186.860162][ T7975] ip_send_skb+0x42/0xf0 [ 186.864432][ T7975] udp_send_skb.isra.0+0x6b2/0x1180 [ 186.869650][ T7975] ? xfrm_lookup_route+0x5b/0x1f0 [ 186.874882][ T7975] udp_sendmsg+0x1dfd/0x2820 [ 186.879543][ T7975] ? perf_swevent_start_hrtimer.part.0+0xc0/0x130 [ 186.885998][ T7975] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 186.891736][ T7975] ? ip_reply_glue_bits+0xc0/0xc0 [ 186.896818][ T7975] ? udp4_lib_lookup_skb+0x440/0x440 [ 186.902133][ T7975] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 186.908413][ T7975] ? retint_kernel+0x2d/0x2d [ 186.913136][ T7975] ? trace_hardirqs_on_caller+0x6a/0x220 20:10:24 executing program 3: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x80000000006, 0x1000000000000001) ioctl$FS_IOC_FSGETXATTR(r0, 0x802c550a, &(0x7f0000000100)={0x2, 0x0, 0x0, 0x740008, 0xffffffff7ff0bdbe}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$SCSI_IOCTL_GET_PCI(r0, 0x4004550d, &(0x7f0000000240)) 20:10:24 executing program 2: syz_open_dev$video(0x0, 0x4000000000000009, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x2000, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) connect$netrom(0xffffffffffffffff, 0x0, 0x0) shmctl$SHM_INFO(0x0, 0xe, &(0x7f0000000200)=""/234) add_key(&(0x7f0000000600)='encrypted\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) add_key(&(0x7f00000017c0)='ceph\x00', 0x0, &(0x7f0000001840), 0x0, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000004c0)={0x1000000a, 0xfffbffffffffffff, 0x1}) [ 186.918799][ T7975] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.924282][ T7975] ? retint_kernel+0x2d/0x2d [ 186.928906][ T7975] udpv6_sendmsg+0x13a4/0x28d0 [ 186.933737][ T7975] ? udpv6_sendmsg+0x13a4/0x28d0 [ 186.938785][ T7975] ? retint_kernel+0x2d/0x2d [ 186.943400][ T7975] ? trace_hardirqs_on_caller+0x6a/0x220 [ 186.949062][ T7975] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 186.955076][ T7975] ? aa_profile_af_perm+0x320/0x320 [ 186.960300][ T7975] ? lockdep_hardirqs_on+0x418/0x5d0 [ 186.965608][ T7975] ? retint_kernel+0x2d/0x2d [ 186.970221][ T7975] ? trace_hardirqs_on_caller+0x6a/0x220 [ 186.976028][ T7975] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.981743][ T7975] ? ___might_sleep+0x163/0x280 [ 186.986632][ T7975] ? __might_sleep+0x95/0x190 [ 186.991634][ T7975] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 186.997543][ T7975] ? aa_sk_perm+0x288/0x880 [ 187.002183][ T7975] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 187.007755][ T7975] inet_sendmsg+0x147/0x5e0 [ 187.012517][ T7975] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 187.018521][ T7975] ? inet_sendmsg+0x147/0x5e0 [ 187.023741][ T7975] ? ipip_gro_receive+0x100/0x100 [ 187.028790][ T7975] sock_sendmsg+0xdd/0x130 [ 187.033235][ T7975] ___sys_sendmsg+0x3e2/0x930 [ 187.038220][ T7975] ? copy_msghdr_from_user+0x430/0x430 [ 187.043713][ T7975] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 187.049197][ T7975] ? lockdep_hardirqs_on+0x418/0x5d0 [ 187.054504][ T7975] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 187.060253][ T7975] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 187.065732][ T7975] ? lockdep_hardirqs_on+0x418/0x5d0 [ 187.071038][ T7975] ? retint_kernel+0x2d/0x2d [ 187.075649][ T7975] ? trace_hardirqs_on_caller+0x6a/0x220 [ 187.081313][ T7975] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 187.086798][ T7975] ? retint_kernel+0x2d/0x2d [ 187.091426][ T7975] ? ___might_sleep+0x163/0x280 [ 187.096312][ T7975] __sys_sendmmsg+0x1bf/0x4d0 [ 187.101177][ T7975] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 187.106232][ T7975] ? _copy_to_user+0xc9/0x120 [ 187.111621][ T7975] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 187.117879][ T7975] ? put_timespec64+0xda/0x140 [ 187.122699][ T7975] ? nsecs_to_jiffies+0x30/0x30 [ 187.127580][ T7975] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 187.133061][ T7975] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 187.138552][ T7975] ? do_syscall_64+0x26/0x610 [ 187.143250][ T7975] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 187.149336][ T7975] ? do_syscall_64+0x26/0x610 [ 187.154038][ T7975] __x64_sys_sendmmsg+0x9d/0x100 [ 187.159637][ T7975] do_syscall_64+0x103/0x610 [ 187.164863][ T7975] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 187.170769][ T7975] RIP: 0033:0x4582b9 [ 187.174696][ T7975] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 187.194408][ T7975] RSP: 002b:00007f2146b68c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 187.202980][ T7975] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 187.210981][ T7975] RDX: 00000000000000c6 RSI: 00000000200002c0 RDI: 0000000000000005 [ 187.218985][ T7975] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 187.227730][ T7975] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2146b696d4 [ 187.235840][ T7975] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff 20:10:24 executing program 0: syz_open_dev$video(0x0, 0x4000000000000009, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x2000, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) connect$netrom(0xffffffffffffffff, 0x0, 0x0) shmctl$SHM_INFO(0x0, 0xe, &(0x7f0000000200)=""/234) add_key(&(0x7f0000000600)='encrypted\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) add_key(&(0x7f00000017c0)='ceph\x00', 0x0, &(0x7f0000001840), 0x0, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000004c0)={0x1000000a, 0xfffbffffffffffff, 0x1}) [ 187.277359][ T8001] vhci_hcd: default hub control req: c000 v2000 i0000 l0 20:10:24 executing program 3: syz_open_dev$video(0x0, 0x4000000000000009, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x2000, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) connect$netrom(0xffffffffffffffff, 0x0, 0x0) shmctl$SHM_INFO(0x0, 0xe, &(0x7f0000000200)=""/234) add_key(&(0x7f0000000600)='encrypted\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) add_key(&(0x7f00000017c0)='ceph\x00', 0x0, &(0x7f0000001840), 0x0, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000004c0)={0x1000000a, 0xfffbffffffffffff, 0x1}) [ 187.388341][ T7984] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/7984 [ 187.397807][ T7984] caller is sk_mc_loop+0x1d/0x210 [ 187.403279][ T7984] CPU: 1 PID: 7984 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 187.412348][ T7984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 187.422414][ T7984] Call Trace: [ 187.425765][ T7984] dump_stack+0x172/0x1f0 [ 187.430125][ T7984] __this_cpu_preempt_check+0x246/0x270 [ 187.435703][ T7984] sk_mc_loop+0x1d/0x210 [ 187.439992][ T7984] ip_mc_output+0x2ef/0xf70 [ 187.444522][ T7984] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 187.449656][ T7984] ? retint_kernel+0x2d/0x2d [ 187.454278][ T7984] ? ip_append_data.part.0+0x170/0x170 [ 187.459770][ T7984] ip_local_out+0xc4/0x1b0 [ 187.464210][ T7984] ip_send_skb+0x42/0xf0 [ 187.468480][ T7984] udp_send_skb.isra.0+0x6b2/0x1180 [ 187.473725][ T7984] udp_sendmsg+0x1dfd/0x2820 [ 187.478340][ T7984] ? ip_reply_glue_bits+0xc0/0xc0 [ 187.483394][ T7984] ? udp4_lib_lookup_skb+0x440/0x440 [ 187.488726][ T7984] ? flexible_sched_in+0xcb/0x9c0 [ 187.493891][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 187.499433][ T7984] ? trace_hardirqs_on_caller+0x6a/0x220 [ 187.505108][ T7984] ? retint_kernel+0x2d/0x2d [ 187.509859][ T7984] udpv6_sendmsg+0x13a4/0x28d0 [ 187.514644][ T7984] ? udpv6_sendmsg+0x13a4/0x28d0 [ 187.519790][ T7984] ? retint_kernel+0x2d/0x2d [ 187.524405][ T7984] ? trace_hardirqs_on_caller+0x6a/0x220 [ 187.530070][ T7984] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 187.536074][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 187.541565][ T7984] ? aa_profile_af_perm+0x320/0x320 [ 187.546782][ T7984] ? lockdep_hardirqs_on+0x418/0x5d0 [ 187.552346][ T7984] ? retint_kernel+0x2d/0x2d [ 187.556990][ T7984] ? trace_hardirqs_on_caller+0x6a/0x220 [ 187.562654][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 187.565302][ T7975] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7975 [ 187.568147][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 187.568164][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 187.568181][ T7984] ? lockdep_hardirqs_on+0x418/0x5d0 [ 187.568194][ T7984] ? retint_kernel+0x2d/0x2d [ 187.568210][ T7984] ? trace_hardirqs_on_caller+0x6a/0x220 [ 187.568226][ T7984] ? __might_sleep+0x95/0x190 [ 187.568245][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 187.568273][ T7984] ? retint_kernel+0x2d/0x2d [ 187.581211][ T7975] caller is sk_mc_loop+0x1d/0x210 [ 187.583130][ T7984] inet_sendmsg+0x147/0x5e0 [ 187.583148][ T7984] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 187.583161][ T7984] ? inet_sendmsg+0x147/0x5e0 [ 187.583175][ T7984] ? ipip_gro_receive+0x100/0x100 [ 187.583194][ T7984] sock_sendmsg+0xdd/0x130 [ 187.583213][ T7984] ___sys_sendmsg+0x3e2/0x930 [ 187.583234][ T7984] ? copy_msghdr_from_user+0x430/0x430 [ 187.583250][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 187.583270][ T7984] ? lockdep_hardirqs_on+0x418/0x5d0 [ 187.670325][ T7984] ? retint_kernel+0x2d/0x2d [ 187.675110][ T7984] ? trace_hardirqs_on_caller+0x6a/0x220 [ 187.680772][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 187.686389][ T7984] ? __might_fault+0x12b/0x1e0 [ 187.691169][ T7984] ? find_held_lock+0x35/0x130 [ 187.695973][ T7984] ? __might_fault+0x12b/0x1e0 [ 187.700878][ T7984] ? lock_downgrade+0x880/0x880 [ 187.705982][ T7984] ? ___might_sleep+0x163/0x280 [ 187.710852][ T7984] __sys_sendmmsg+0x1bf/0x4d0 [ 187.715565][ T7984] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 187.720620][ T7984] ? lockdep_hardirqs_on+0x418/0x5d0 [ 187.725949][ T7984] ? retint_kernel+0x2d/0x2d [ 187.730566][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 187.736044][ T7984] ? retint_kernel+0x2d/0x2d [ 187.740660][ T7984] __x64_sys_sendmmsg+0x9d/0x100 [ 187.745621][ T7984] do_syscall_64+0x103/0x610 [ 187.750233][ T7984] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 187.756136][ T7984] RIP: 0033:0x4582b9 [ 187.760049][ T7984] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 187.779961][ T7984] RSP: 002b:00007fad8e823c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 187.788389][ T7984] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 187.796396][ T7984] RDX: 00000000000000c6 RSI: 00000000200002c0 RDI: 0000000000000005 [ 187.804520][ T7984] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 187.812509][ T7984] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fad8e8246d4 [ 187.820542][ T7984] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 187.828745][ T7975] CPU: 0 PID: 7975 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 187.837786][ T7975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 187.847983][ T7975] Call Trace: [ 187.851291][ T7975] dump_stack+0x172/0x1f0 [ 187.855639][ T7975] __this_cpu_preempt_check+0x246/0x270 [ 187.861204][ T7975] sk_mc_loop+0x1d/0x210 [ 187.865460][ T7975] ip_mc_output+0x2ef/0xf70 [ 187.869989][ T7975] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 187.875113][ T7975] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 187.880617][ T7975] ? ip_append_data.part.0+0x170/0x170 [ 187.886200][ T7975] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 187.891677][ T7975] ip_local_out+0xc4/0x1b0 [ 187.896105][ T7975] ip_send_skb+0x42/0xf0 [ 187.900363][ T7975] udp_send_skb.isra.0+0x6b2/0x1180 [ 187.905580][ T7975] udp_sendmsg+0x1dfd/0x2820 [ 187.910251][ T7975] ? perf_swevent_start_hrtimer.part.0+0xc0/0x130 [ 187.916672][ T7975] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 187.922539][ T7975] ? ip_reply_glue_bits+0xc0/0xc0 [ 187.927579][ T7975] ? udp4_lib_lookup_skb+0x440/0x440 [ 187.932876][ T7975] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 187.939136][ T7975] ? retint_kernel+0x2d/0x2d [ 187.943751][ T7975] ? trace_hardirqs_on_caller+0x6a/0x220 [ 187.949545][ T7975] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 187.955045][ T7975] ? retint_kernel+0x2d/0x2d [ 187.959734][ T7975] udpv6_sendmsg+0x13a4/0x28d0 [ 187.964524][ T7975] ? udpv6_sendmsg+0x13a4/0x28d0 [ 187.969614][ T7975] ? lockdep_hardirqs_on+0x418/0x5d0 [ 187.974945][ T7975] ? retint_kernel+0x2d/0x2d [ 187.979557][ T7975] ? trace_hardirqs_on_caller+0x6a/0x220 [ 187.985291][ T7975] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 187.991300][ T7975] ? retint_kernel+0x2d/0x2d [ 187.995951][ T7975] ? aa_profile_af_perm+0x320/0x320 [ 188.001188][ T7975] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 188.007468][ T7975] ? rw_copy_check_uvector+0x2a6/0x330 [ 188.013106][ T7975] ? ___might_sleep+0x163/0x280 [ 188.018010][ T7975] ? __might_sleep+0x95/0x190 [ 188.022714][ T7975] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 188.028428][ T7975] ? aa_sk_perm+0x288/0x880 [ 188.032972][ T7975] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 188.038548][ T7975] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 188.044116][ T7975] inet_sendmsg+0x147/0x5e0 [ 188.048635][ T7975] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 188.054804][ T7975] ? inet_sendmsg+0x147/0x5e0 [ 188.059497][ T7975] ? ipip_gro_receive+0x100/0x100 [ 188.064822][ T7975] sock_sendmsg+0xdd/0x130 [ 188.069259][ T7975] ___sys_sendmsg+0x3e2/0x930 [ 188.074081][ T7975] ? copy_msghdr_from_user+0x430/0x430 [ 188.079563][ T7975] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 188.085043][ T7975] ? lockdep_hardirqs_on+0x418/0x5d0 [ 188.090481][ T7975] ? retint_kernel+0x2d/0x2d [ 188.095090][ T7975] ? trace_hardirqs_on_caller+0x6a/0x220 [ 188.100806][ T7975] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 188.106285][ T7975] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 188.111759][ T7975] ? __might_fault+0x12b/0x1e0 [ 188.116542][ T7975] ? find_held_lock+0x35/0x130 [ 188.121320][ T7975] ? __might_fault+0x12b/0x1e0 [ 188.126105][ T7975] ? lock_downgrade+0x880/0x880 [ 188.130994][ T7975] ? ___might_sleep+0x163/0x280 [ 188.135856][ T7975] __sys_sendmmsg+0x1bf/0x4d0 [ 188.140552][ T7975] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 188.145602][ T7975] ? _copy_to_user+0xc9/0x120 [ 188.150296][ T7975] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 188.156544][ T7975] ? put_timespec64+0xda/0x140 [ 188.161319][ T7975] ? nsecs_to_jiffies+0x30/0x30 [ 188.166200][ T7975] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 188.171671][ T7975] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 188.177138][ T7975] ? do_syscall_64+0x26/0x610 [ 188.181825][ T7975] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 188.187902][ T7975] ? do_syscall_64+0x26/0x610 [ 188.192626][ T7975] __x64_sys_sendmmsg+0x9d/0x100 [ 188.197585][ T7975] do_syscall_64+0x103/0x610 [ 188.202203][ T7975] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 188.208225][ T7975] RIP: 0033:0x4582b9 [ 188.212312][ T7975] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 188.231961][ T7975] RSP: 002b:00007f2146b68c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 188.240394][ T7975] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 188.248376][ T7975] RDX: 00000000000000c6 RSI: 00000000200002c0 RDI: 0000000000000005 [ 188.256357][ T7975] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 188.264342][ T7975] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2146b696d4 [ 188.272395][ T7975] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 188.429414][ T7987] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7987 [ 188.439332][ T7987] caller is sk_mc_loop+0x1d/0x210 [ 188.444556][ T7987] CPU: 1 PID: 7987 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 188.453609][ T7987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 188.463698][ T7987] Call Trace: [ 188.467036][ T7987] dump_stack+0x172/0x1f0 [ 188.471410][ T7987] __this_cpu_preempt_check+0x246/0x270 [ 188.477006][ T7987] sk_mc_loop+0x1d/0x210 [ 188.481414][ T7987] ip_mc_output+0x2ef/0xf70 [ 188.486093][ T7987] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 188.491235][ T7987] ? retint_kernel+0x2d/0x2d [ 188.495866][ T7987] ip_local_out+0xc4/0x1b0 [ 188.500312][ T7987] ip_send_skb+0x42/0xf0 [ 188.504586][ T7987] udp_send_skb.isra.0+0x6b2/0x1180 [ 188.509813][ T7987] ? ip_reply_glue_bits+0xc0/0xc0 [ 188.514877][ T7987] udp_sendmsg+0x1dfd/0x2820 [ 188.519533][ T7987] ? perf_swevent_start_hrtimer.part.0+0xc0/0x130 [ 188.525998][ T7987] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 188.531740][ T7987] ? ip_reply_glue_bits+0xc0/0xc0 [ 188.536791][ T7987] ? udp4_lib_lookup_skb+0x440/0x440 [ 188.542102][ T7987] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 188.548384][ T7987] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 188.553869][ T7987] ? retint_kernel+0x2d/0x2d [ 188.558473][ T7987] ? trace_hardirqs_on_caller+0x6a/0x220 [ 188.564127][ T7987] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 188.569623][ T7987] ? retint_kernel+0x2d/0x2d [ 188.574244][ T7987] udpv6_sendmsg+0x13a4/0x28d0 [ 188.579022][ T7987] ? udpv6_sendmsg+0x13a4/0x28d0 [ 188.583993][ T7987] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 188.589470][ T7987] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 188.593002][ T7984] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/7984 [ 188.594977][ T7987] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 188.594999][ T7987] ? trace_hardirqs_on_caller+0x6a/0x220 [ 188.595017][ T7987] ? aa_profile_af_perm+0x320/0x320 [ 188.595034][ T7987] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 188.595057][ T7987] ? retint_kernel+0x2d/0x2d [ 188.595082][ T7987] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 188.604814][ T7984] caller is sk_mc_loop+0x1d/0x210 [ 188.610958][ T7987] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 188.610976][ T7987] ? lockdep_hardirqs_on+0x418/0x5d0 [ 188.610990][ T7987] ? retint_kernel+0x2d/0x2d [ 188.611017][ T7987] ? trace_hardirqs_on_caller+0x6a/0x220 [ 188.611037][ T7987] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 188.611058][ T7987] ? retint_kernel+0x2d/0x2d [ 188.611081][ T7987] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 188.611101][ T7987] inet_sendmsg+0x147/0x5e0 [ 188.611117][ T7987] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 188.611129][ T7987] ? inet_sendmsg+0x147/0x5e0 [ 188.611142][ T7987] ? ipip_gro_receive+0x100/0x100 [ 188.611161][ T7987] sock_sendmsg+0xdd/0x130 [ 188.611180][ T7987] ___sys_sendmsg+0x3e2/0x930 [ 188.611200][ T7987] ? copy_msghdr_from_user+0x430/0x430 [ 188.611218][ T7987] ? __lock_acquire+0x548/0x3fb0 [ 188.611234][ T7987] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 188.611249][ T7987] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 188.611264][ T7987] ? lockdep_hardirqs_on+0x418/0x5d0 [ 188.611286][ T7987] ? __might_fault+0x12b/0x1e0 [ 188.611301][ T7987] ? find_held_lock+0x35/0x130 [ 188.611316][ T7987] ? __might_fault+0x12b/0x1e0 [ 188.611338][ T7987] ? lock_downgrade+0x880/0x880 [ 188.611363][ T7987] ? ___might_sleep+0x163/0x280 [ 188.611380][ T7987] __sys_sendmmsg+0x1bf/0x4d0 [ 188.611399][ T7987] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 188.611428][ T7987] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 188.611443][ T7987] ? lockdep_hardirqs_on+0x418/0x5d0 [ 188.611461][ T7987] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 188.611476][ T7987] ? trace_hardirqs_on_caller+0x6a/0x220 [ 188.611496][ T7987] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 188.611516][ T7987] ? retint_kernel+0x2d/0x2d [ 188.611539][ T7987] __x64_sys_sendmmsg+0x9d/0x100 [ 188.611555][ T7987] ? do_syscall_64+0x5b/0x610 [ 188.611572][ T7987] do_syscall_64+0x103/0x610 [ 188.611591][ T7987] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 188.611603][ T7987] RIP: 0033:0x4582b9 [ 188.611618][ T7987] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 188.611627][ T7987] RSP: 002b:00007f81a60c4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 188.611641][ T7987] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 188.611650][ T7987] RDX: 00000000000000c6 RSI: 00000000200002c0 RDI: 0000000000000005 [ 188.611658][ T7987] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 188.611667][ T7987] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f81a60c56d4 [ 188.611676][ T7987] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 188.904270][ T7984] CPU: 0 PID: 7984 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 188.913383][ T7984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 188.923582][ T7984] Call Trace: [ 188.926897][ T7984] dump_stack+0x172/0x1f0 [ 188.931293][ T7984] __this_cpu_preempt_check+0x246/0x270 [ 188.936863][ T7984] sk_mc_loop+0x1d/0x210 [ 188.941129][ T7984] ip_mc_output+0x2ef/0xf70 [ 188.945655][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 188.951145][ T7984] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 188.956361][ T7984] ? retint_kernel+0x2d/0x2d [ 188.960997][ T7984] ip_local_out+0xc4/0x1b0 [ 188.965457][ T7984] ip_send_skb+0x42/0xf0 [ 188.969724][ T7984] udp_send_skb.isra.0+0x6b2/0x1180 [ 188.974975][ T7984] ? xfrm_lookup_route+0x5b/0x1f0