[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 39.238899][ T25] audit: type=1800 audit(1554625302.833:25): pid=7752 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 39.267862][ T25] audit: type=1800 audit(1554625302.833:26): pid=7752 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 39.293249][ T25] audit: type=1800 audit(1554625302.833:27): pid=7752 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.116' (ECDSA) to the list of known hosts. 2019/04/07 08:21:53 fuzzer started 2019/04/07 08:21:56 dialing manager at 10.128.0.26:34543 2019/04/07 08:21:57 syscalls: 2408 2019/04/07 08:21:57 code coverage: enabled 2019/04/07 08:21:57 comparison tracing: enabled 2019/04/07 08:21:57 extra coverage: extra coverage is not supported by the kernel 2019/04/07 08:21:57 setuid sandbox: enabled 2019/04/07 08:21:57 namespace sandbox: enabled 2019/04/07 08:21:57 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/07 08:21:57 fault injection: enabled 2019/04/07 08:21:57 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/07 08:21:57 net packet injection: enabled 2019/04/07 08:21:57 net device setup: enabled 08:24:06 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x246) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0xfffd}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffff57) futex(&(0x7f0000000040), 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syzkaller login: [ 183.437409][ T7918] IPVS: ftp: loaded support on port[0] = 21 08:24:07 executing program 1: kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) [ 183.590760][ T7918] chnl_net:caif_netlink_parms(): no params data found [ 183.678538][ T7918] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.694198][ T7918] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.702833][ T7918] device bridge_slave_0 entered promiscuous mode [ 183.713149][ T7918] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.720211][ T7918] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.728950][ T7918] device bridge_slave_1 entered promiscuous mode [ 183.745775][ T7921] IPVS: ftp: loaded support on port[0] = 21 08:24:07 executing program 2: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) pipe(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/.yz0\x00', 0x1ff) mount$fuse(0x20000000, &(0x7f0000000540)='./file0\x00', 0x0, 0x807a00, 0x0) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, 0x0) r0 = open(&(0x7f0000000500)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000180), 0x12) [ 183.775215][ T7918] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 183.801508][ T7918] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 183.860915][ T7918] team0: Port device team_slave_0 added [ 183.868137][ T7918] team0: Port device team_slave_1 added 08:24:07 executing program 3: socketpair$unix(0x1, 0x10000000000001, 0x0, &(0x7f0000000040)) r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0xb, 0x140001) ioctl$BLKDISCARD(r0, 0x1277, 0x0) ioctl$sock_SIOCGIFBR(0xffffffffffffffff, 0x8940, &(0x7f00000001c0)=@get={0x1, &(0x7f00000002c0)=""/205, 0x2}) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(0xffffffffffffffff, 0xc040564a, &(0x7f0000000180)={0x0, 0x1}) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) fcntl$lock(r0, 0x7, &(0x7f00000005c0)={0x2, 0x0, 0x800, 0xe6ab}) clock_getres(0x83fffffc, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc\x00', 0x0, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(r1, 0x7003, 0x0) fchmod(r1, 0x0) prctl$PR_CAPBSET_READ(0x17, 0x22) preadv(r1, &(0x7f0000000280)=[{&(0x7f00000003c0)=""/116, 0x74}], 0x1, 0x0) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000100)) [ 184.034663][ T7918] device hsr_slave_0 entered promiscuous mode [ 184.100792][ T7918] device hsr_slave_1 entered promiscuous mode [ 184.168003][ T7926] IPVS: ftp: loaded support on port[0] = 21 [ 184.179821][ T7924] IPVS: ftp: loaded support on port[0] = 21 08:24:07 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600)) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r1, 0x5437, 0x0) [ 184.217203][ T7918] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.224445][ T7918] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.232089][ T7918] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.239165][ T7918] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.374949][ T7921] chnl_net:caif_netlink_parms(): no params data found [ 184.444515][ T7930] IPVS: ftp: loaded support on port[0] = 21 [ 184.541932][ T7921] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.549087][ T7921] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.557614][ T7921] device bridge_slave_0 entered promiscuous mode [ 184.565845][ T7921] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.573227][ T7921] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.582313][ T7921] device bridge_slave_1 entered promiscuous mode 08:24:08 executing program 5: timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000044000)) pause() r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) tkill(r0, 0x14) [ 184.620273][ T7923] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.640921][ T7923] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.691773][ T7921] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 184.717370][ T7924] chnl_net:caif_netlink_parms(): no params data found [ 184.735434][ T7921] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 184.767537][ T7918] 8021q: adding VLAN 0 to HW filter on device bond0 [ 184.816229][ T7921] team0: Port device team_slave_0 added [ 184.834471][ T7926] chnl_net:caif_netlink_parms(): no params data found [ 184.854716][ T7921] team0: Port device team_slave_1 added [ 184.872530][ T7924] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.879592][ T7924] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.887308][ T7924] device bridge_slave_0 entered promiscuous mode [ 184.895187][ T7924] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.902705][ T7924] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.910456][ T7924] device bridge_slave_1 entered promiscuous mode [ 184.945586][ T7936] IPVS: ftp: loaded support on port[0] = 21 [ 184.993317][ T7921] device hsr_slave_0 entered promiscuous mode [ 185.041062][ T7921] device hsr_slave_1 entered promiscuous mode [ 185.107274][ T7924] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 185.123776][ T7926] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.131936][ T7926] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.139559][ T7926] device bridge_slave_0 entered promiscuous mode [ 185.147661][ T7926] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.154839][ T7926] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.162760][ T7926] device bridge_slave_1 entered promiscuous mode [ 185.172943][ T258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 185.182324][ T258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 185.204890][ T7924] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 185.236535][ T7918] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.259193][ T7924] team0: Port device team_slave_0 added [ 185.266203][ T7924] team0: Port device team_slave_1 added [ 185.287943][ T7926] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 185.337866][ T7926] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 185.403208][ T7924] device hsr_slave_0 entered promiscuous mode [ 185.460826][ T7924] device hsr_slave_1 entered promiscuous mode [ 185.529008][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 185.537585][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 185.546011][ T7932] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.553122][ T7932] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.571107][ T7926] team0: Port device team_slave_0 added [ 185.582271][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 185.593537][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 185.602031][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.609079][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.617028][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 185.628196][ T7921] 8021q: adding VLAN 0 to HW filter on device bond0 [ 185.642126][ T7930] chnl_net:caif_netlink_parms(): no params data found [ 185.652299][ T7926] team0: Port device team_slave_1 added [ 185.706292][ T7923] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 185.716026][ T7923] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 185.723940][ T7923] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 185.731977][ T7923] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 185.740374][ T7923] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 185.749081][ T7923] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 185.843866][ T7926] device hsr_slave_0 entered promiscuous mode [ 185.880998][ T7926] device hsr_slave_1 entered promiscuous mode [ 185.924168][ T7930] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.931622][ T7930] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.939208][ T7930] device bridge_slave_0 entered promiscuous mode [ 185.947085][ T7930] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.954277][ T7930] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.962202][ T7930] device bridge_slave_1 entered promiscuous mode [ 185.970280][ T7921] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.985740][ T7936] chnl_net:caif_netlink_parms(): no params data found [ 186.008384][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 186.017302][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 186.057833][ T7930] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 186.068729][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 186.077740][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 186.086455][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.095079][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.103874][ T2402] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.110987][ T2402] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.118502][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 186.126826][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 186.135075][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.143710][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 186.152313][ T2402] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.159350][ T2402] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.192434][ T7918] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 186.200254][ T7936] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.210850][ T7936] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.218452][ T7936] device bridge_slave_0 entered promiscuous mode [ 186.226570][ T7936] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.233757][ T7936] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.241918][ T7936] device bridge_slave_1 entered promiscuous mode [ 186.255971][ T7930] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 186.278272][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.307521][ T7930] team0: Port device team_slave_0 added [ 186.320302][ T7936] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 186.332217][ T7936] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 186.357069][ T7936] team0: Port device team_slave_0 added [ 186.367040][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 186.377045][ T7930] team0: Port device team_slave_1 added [ 186.397797][ T7936] team0: Port device team_slave_1 added [ 186.425830][ T7923] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 186.435051][ T7923] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.443694][ T7923] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.469673][ T7924] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.513256][ T7930] device hsr_slave_0 entered promiscuous mode [ 186.551131][ T7930] device hsr_slave_1 entered promiscuous mode [ 186.642368][ T7923] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 186.682591][ T7936] device hsr_slave_0 entered promiscuous mode [ 186.731204][ T7936] device hsr_slave_1 entered promiscuous mode [ 186.787568][ T7918] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 186.811895][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 186.822253][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 186.839169][ T7926] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.864916][ T7924] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.886432][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 186.895183][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 186.904002][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 186.912395][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 186.921168][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 186.928699][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 186.944290][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 186.952017][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 186.992575][ T7942] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 187.009952][ T7921] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 187.035577][ T7926] 8021q: adding VLAN 0 to HW filter on device team0 [ 187.050926][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 187.059466][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 187.074972][ T7932] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.082093][ T7932] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.090306][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 187.099063][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.107703][ T7932] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.114826][ T7932] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.123467][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 187.132791][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 187.134353][ T7943] kvm: emulating exchange as write [ 187.179305][ T7921] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 187.206011][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.216561][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 187.228835][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 187.239259][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 187.254209][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 187.264578][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 187.276707][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 187.294367][ T7924] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 187.306812][ T7924] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 187.339540][ T7930] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.358519][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 187.373475][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 187.385605][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 187.395808][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 187.408294][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 187.419340][ T7932] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.426451][ T7932] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.440314][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 187.449343][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.464615][ T7932] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.471748][ T7932] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.489279][ T7936] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.512970][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.531657][ T7932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 08:24:11 executing program 1: semop(0x0, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_pts(r0, 0x0) pipe(&(0x7f0000000140)) write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x35b) ioctl$TCSETA(r1, 0x5406, &(0x7f00000000c0)={0xfffffffffffffffd, 0x0, 0x0, 0x100000009b4b62b}) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x17, 0x5b03}) time(&(0x7f0000000440)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 187.565454][ T7930] 8021q: adding VLAN 0 to HW filter on device team0 [ 187.594830][ T7936] 8021q: adding VLAN 0 to HW filter on device team0 [ 187.602934][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.624902][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.641465][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 187.665333][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.676046][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.698468][ T7924] 8021q: adding VLAN 0 to HW filter on device batadv0 08:24:11 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x2, 0x0, 0x0, 0x62, 0xa, 0xffdc}}, &(0x7f0000000180)='EP\xd4\x00\x1f\x91\xeb/W\xb72$C0%\x03\x9c0\x96\xb2\fkC\x93H\xbfh\x9c\b`\x857\xd6\">c\xad\xc0bO\xba\xe2\xe1\t5\x9d\xcei\"2L\xcc\x13\x16\vh\xca\xe6C\x06\x97%\x9d\xd5-\x1fs\xe1j\xdc5\x92\xd0)%\xdf\xfa\xe8^\x9c\xd29\x8clg\xc8\x7f\xb5\xb1&\x02\xf1E\xb4\x84\xbeE\x91)f\xe8\xb7\xe2\xf6`i\xc5m\xd7l\x1d\xc1\x12\x01<:kM\xe9\x99\xcd\xcd\xc8\x85Z\xee47\xdc\xc8u\x80\xcf\xbeTo\xbb\xfb\xc0\xebV\xd8\xbb\xbe\xa2\x90J|s\xc2'}, 0x48) [ 187.726006][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 187.741308][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 187.757290][ T2402] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.764452][ T2402] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.787936][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 187.821320][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 187.829819][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 08:24:11 executing program 1: r0 = socket$kcm(0x2, 0x3, 0x2) sendmsg$kcm(r0, &(0x7f00000004c0)={&(0x7f00000001c0)=@nl=@unspec, 0x80, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0f000000000000000100000025000000"], 0x10}, 0x0) [ 187.847418][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.856449][ T2402] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.863584][ T2402] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.880840][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 187.890177][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 187.911544][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 187.919468][ T7960] raw_sendmsg: syz-executor.1 forgot to set AF_INET. Fix it! [ 187.920189][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready 08:24:11 executing program 1: open(0x0, 0x0, 0x0) clone(0x3102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xa7}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 187.960962][ T2402] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.968059][ T2402] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.979437][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 187.990144][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 188.004357][ T2402] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.011475][ T2402] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.045935][ T7926] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network 08:24:11 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r2, &(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) r3 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r3, &(0x7f00000000c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}, 0x4, 0x8}}, 0x2e) close(r3) [ 188.059102][ T7926] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 188.095802][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 188.106558][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 188.125104][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 188.138720][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 188.149071][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 188.157958][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 188.166991][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 188.175848][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 188.184266][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 188.192552][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 188.201340][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 188.209742][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 188.218299][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 188.226650][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 188.235144][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 188.243681][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 188.253245][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 188.261778][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 188.270088][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 188.278940][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 188.286732][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 188.294731][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 188.323589][ T7926] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 188.339733][ T7930] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 188.351805][ T7930] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 188.364768][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready 08:24:11 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001440)="caa44c0e67572ce60cc0425024cf2353365b9465e0d6982d2e89d91c8ae5070a1d5c0c0c5a2029505fe8d50de2d979191d066dd9188ad8cd8d52734f57b8d3fb04204f5fc7b7c726983b6037e320e84bf30d8e36fddeac7cc4c6be345a28671e83a1615e572c5616d7ae485d954745fda22bd90d2147227a548a7fdde52b7851a3e450425715d0f9296f4208221495090bfb149fda22a017df9f7a635fc28b124f0dd170dfd6b2d5b9adb40516e43a68e6e962bea266516e69408531492d6dcbb450049057a5e2dea2257f5cb27dc9aafa38b20c2796967451fa9b3888243d1eb768e870baf612e2f04441ee5f96903018a709450e0aa83d21e9f0641719c015d70939c0710c4af1dfc819875e5859e0509ebba12a48b6c9929a8c3ba07a39f6219c55c17a057ed421d05551a6c8471323567e936fe74c7b32abb8c06b1a260dc5cfaebc41f6681da0c1ffb5a614feaf822aae19cb0d4635f8ad4a211cfe3791267e597a80f56f44e4d9a8db6225ad8d346f6576e65733b851d449258ce0006f9e271ae750a2989954d958bbb32743bb12f7af6010e8b5ee1b30b44ca4febdea2c678bdcdb8dce7a474130981535a41fbc24601f3e3eeca0f21b83ed42587681d9983fc9e81c57f65f69fd53595e7cf00247c22c3d407c48cef886208560384b9fb414666c4af752c1393dad2fcc83d953898570141598e4cae0af391de53552d98f77ad1d2f32219cd1c717a7805fae74b40c5823390e04aa53d40713e1d5260b26d405aae66114825b9bc109bb4668ca52c85122f21743fda3771b10d0fbcc5c15a17f4d5ed0142638fb2334d38a5f08cef4920ee65647888bd2996d4ae3c953ce381671f7f453f63afd6ff13f526decbae4395018229dcebef532c06a30cbea407bbf960fa893a126e22bfe06fa1e760c013272286f25ecc828b073872247dc61567718d70f4e297b68976c8d49b1f7ba9d89bb8809934006758ac17c5428c01e83b74b9554c44f3a791934885619adb2a560100b97ac80de47e37ed1af20d5528919410d3aa5b71001a9341b6a4346b453ef880c62d7f23b9c9d6fbbdfd2e724fa6547c7eb51917fe6c61e584d1c3c3b4d19136e9d9c6121031145154c13ff794564fe0618b12929b08784dd8bd05ebe33fc9b415bb30f1e9323e547d9fdd0b2c2834834d507883e91d6b1a1001373665baf89f69bf1fd169d133cf5e86169428f659e59d7350fa11330f2c62a33670f70625e27c186ed83759de92a36730a417c5e3ecfed446e240f9bfb077d532169d3eaa7e28bdb3e5ae64d452414bfed25c94229db4610e6eb7dcfc47236a4728a7b22845e0d07fb749d8496a41e6f2f51341e7e2acdee6ce9e1d7af6f0a88982694690f7f4ea599985f06f935f8f540c79af602a8a4ec85d999fb0ac28dc11785b39a02f7fc55d66c5ca5a7f10596aad2902f7c5686aa1822d3b2d314da9bf7474439a33468de6c156c281f94d927b47b0436366a65fc065f745c6fc1064e5bc1a582a57a4ee6a9b04935e8bd282b8473249f4793931cec4ccbc2f068202c865523d799e0189fe73878afbbe7f4d9a3eb1378dfbc1738c2c52e45949ba35d16759bb29fad5d8289e4a82611c8ed365a3c141a49c03c44e188447f59309201c5d2939e505613ebe7e53f206cf7d4da68c2e8214877f6b1133a7d1b20d0841c8de2b7d7297f22ce9bb885eb19a83b8a73aba0ec1a78b10341f8e38fc3e8110a2a138a8436a1c89bac621ca242e03af4c913e62a79b812efcb7bc45d0cf3536e0141fa0d1f72cd90b4ae890d822d0a69236efccb72124526d13f04c932f1a3fd51485b4bb886e9c6b08dac942f273d9bba7aff90cef7f9b818e52ea0b175ad86da5adc1541ce17e6db4d43f32e1ee2dca1e5dbe790df2006f7ab597e5053016fdfd862adaba96a865789e93b7dcf3b085180ba6b9f8432aa1ecdfe970709033015f00426e77c587959c6d6735ae1afa2d65bd999b9b75e87ac396b2d039d984cf48e38af5ba4734b6274ac29c6332d63b48855dbd3255d9b2a78bcf1c16c0b4840c3727218e469f4c8b14eb9100932ed5e1c48563001b53270afe978b244dca299e30eff14dbfe9f87b796cdb9fa5b1b4ca672c95424e536bfbcfd17a9bf335c5d9dfe8d0d0493514ab2c90a8220", 0x5fe) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000380)='/group.sta\x9f\xd4t\x00+\x04J{\t\xab\v\x02t\xe1\t\x85\xa6\xfa\x15\xb3[\xa6\x94!\xf2\x04\xde\xc5f\x8a\x06\x00\x00\x00\xb9\x0f\xf8`\xe0\x1f&+\xaf\xacu\nm\\\xe2Y\xcba\xea\f\xd9DXX>\xef/\xc5\x97\xea\x93\xa7\xde\xc9\xb4\x16\x8eF\x8b\xe0Wm\x1d\x0e\xbf\x8b\xc4G\x8f\x8e\xd8[T|i$\x88\x04\x00\x00\x00\x00\x00\x00\x00\x90\x1eB\x8b\x98\xad\xd17_Q\xe15\x84\x8f\xea\x98\xc6\xe3WE\x11\xe0\xc6\x1f\xf2/\xf6\x1f', 0x2761, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000002740)}, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x7d5, 0x80000001, 0x0, 0x200, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x4030582a, &(0x7f0000000000)) [ 188.381425][ C1] hrtimer: interrupt took 31798 ns [ 188.383588][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 188.395196][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 188.424112][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 188.442977][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 188.451826][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 188.464215][ T7936] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 188.476819][ T7936] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 188.506171][ T7936] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 188.514839][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 08:24:12 executing program 0: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070") clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x21) ptrace$cont(0x18, r2, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x8}) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r2, 0x0, 0x0) [ 188.529820][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 188.551402][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 08:24:12 executing program 2: sendmsg$unix(0xffffffffffffffff, 0x0, 0x20000805) keyctl$clear(0x7, 0x0) unshare(0x8020000) restart_syscall() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, 0x0, 0x0, 0x0) msgget$private(0x0, 0x21) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sys/net/ipv4/vs/nat_icmp_send\x00', 0x2, 0x0) r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000140)='ns/mnt\x00') flistxattr(0xffffffffffffffff, 0x0, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f0000000180)=ANY=[@ANYBLOB="736563757269747900000000000000000000000000000000000000000000650002000000000000800000000000000000000000004000"/63], 0x1) setns(r1, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, &(0x7f0000000100)) clone(0x10062100, &(0x7f00000002c0)="abad55c6bc05ef12f6a99a8b96c1d3d0430483997f13da23d6b5e55a9f9b98d438cf533464a8abad86c5aedcd70c79293e7a2711bebc3abe8603de0366416fe1588a16d10d84366994bbe25c064560d2044733ae8384cee09c4a831940fe3a70929d59dbb7a6c88eda2797fecef75eae2b7b1bcdaa65dfed4d9b9939795b2bb10a5f3ac1aebb756c516e9d15305ab444be163a4200"/163, 0x0, 0x0, 0x0) utimensat(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={@rand_addr="5cb76f0570d8a282d353767c1fa51d30", 0x2d}) semget(0x0, 0x0, 0x10) semget(0x0, 0x2, 0x100) semget(0x1, 0x3, 0x2) r2 = semget$private(0x0, 0x4, 0x80) semctl$IPC_SET(r2, 0x0, 0x1, 0x0) syz_open_pts(0xffffffffffffffff, 0x0) [ 188.587674][ T7930] 8021q: adding VLAN 0 to HW filter on device batadv0 08:24:12 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f00000000c0), 0x0, 0x0, 0x8) r1 = getpid() recvmmsg(r0, &(0x7f0000006480)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) ptrace(0x10, r1) waitid(0x0, 0x0, &(0x7f0000002ff9), 0x1000003, 0x0) 08:24:12 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) shmat(0x0, &(0x7f0000ffc000/0x1000)=nil, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) getgid() listen(r1, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, 0x0) accept4$unix(r1, 0x0, &(0x7f0000000040), 0x80000) connect$unix(r0, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 08:24:12 executing program 2: r0 = socket$kcm(0x2b, 0x200000000000001, 0x0) close(r0) 08:24:13 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x72, 0xa, 0xffdc}}, &(0x7f0000000180)='EP\xd4\x00\x1f\x91\xeb/W\xb72$C0%\x03\x9c0\x96\xb2\fkC\x93H\xbfh\x9c\b`\x857\xd6\">c\xad\xc0bO\xba\xe2\xe1\t5\x9d\xcei\"2L\xcc\x13\x16\vh\xca\xe6C\x06\x97%\x9d\xd5-\x1fs\xe1j\xdc5\x92\xd0)%\xdf\xfa\xe8^\x9c\xd29\x8clg\xc8\x7f\xb5\xb1&\x02\xf1E\xb4\x84\xbeE\x91)f\xe8\xb7\xe2\xf6`i\xc5m\xd7l\x1d\xc1\x12\x01<:kM\xe9\x99\xcd\xcd\xc8\x85Z\xee47\xdc\xc8u\x80\xcf\xbeTo\xbb\xfb\xc0\xebV\xd8\xbb\xbe\xa2\x90J|s\xc2'}, 0x48) 08:24:13 executing program 4: lseek(0xffffffffffffffff, 0x0, 0x4) ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x4c05, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) rmdir(&(0x7f0000000100)='./file0\x00') futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) syz_open_dev$evdev(0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003840)=[{{0x0, 0x0, &(0x7f0000002b80)=[{&(0x7f0000001880)=""/190, 0xbe}], 0x1}}], 0x400000000000098, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/snmp\x00') preadv(r0, &(0x7f00000017c0), 0x1d0, 0x0) socket$inet6(0xa, 0x0, 0x0) setsockopt$IP_VS_SO_SET_DELDEST(0xffffffffffffffff, 0x0, 0x488, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) getpeername$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000100)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000007, 0x6031, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00') sendfile(r1, r2, 0x0, 0x80000001) 08:24:13 executing program 2: mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0xffffffffffffffff) r0 = open(&(0x7f0000000080)='./file0\x00', 0x40002, 0x0) r1 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8004002, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) openat$cgroup_procs(r0, 0x0, 0x2, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) write$P9_RSTATu(r0, &(0x7f0000000480)=ANY=[@ANYBLOB="8a"], 0x1) sendfile(r0, r1, 0x0, 0x7fffffff) ioctl$EVIOCSABS3F(0xffffffffffffffff, 0x401845ff, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x8800000) recvfrom(r0, 0x0, 0x0, 0x40000000, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f00000000c0), &(0x7f0000000100)=0xc) mount(&(0x7f0000000a00)=ANY=[], 0x0, 0x0, 0x0, 0x0) 08:24:13 executing program 3: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fchdir(0xffffffffffffffff) ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0x0) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000500)={0x0}, &(0x7f0000000540)=0xc) perf_event_open(&(0x7f0000000480)={0x4, 0x70, 0x3, 0xd7c4, 0x1, 0x10000, 0x0, 0x62f, 0x801, 0x0, 0x100000000, 0x3111, 0xffffffff, 0x7fe000, 0x0, 0xa03, 0x762d, 0x1, 0x4, 0xfff, 0x7, 0x9, 0x6a3, 0x4, 0x7, 0xffffffffffff605f, 0xfffffffffffffffc, 0x1, 0x80000001, 0x5, 0x9, 0x0, 0x0, 0x5, 0x0, 0x8, 0xa78, 0x6, 0x0, 0x3ff, 0x0, @perf_config_ext={0x100}, 0x20000, 0x8001, 0x0, 0x0, 0xfffffffffffffff8, 0xfffffffffffffffd, 0x8}, r1, 0x9, r0, 0xb) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) fcntl$getown(r0, 0x9) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee67, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x4000000000000004, 0x5}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='ramfs\x00', 0x50, 0x0) r2 = creat(&(0x7f00000000c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r2, 0x7, &(0x7f0000027000)={0x1}) r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$binfmt_aout(r4, &(0x7f0000000100)=ANY=[], 0x225) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r4, r4, &(0x7f0000000300), 0x7fff) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) accept(0xffffffffffffffff, &(0x7f0000000240)=@can, &(0x7f00000002c0)=0x80) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1f, &(0x7f0000000340)={@ipv4={[], [], @initdev}}, &(0x7f0000000380)=0x14) r5 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r5, 0x29, 0x0, 0x0, 0x0) bind$inet6(r5, &(0x7f0000000080), 0x1c) recvmmsg(r5, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) 08:24:13 executing program 1: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000100)='/dev/full\x00', 0x0, 0x0) write$P9_RCREATE(0xffffffffffffffff, 0x0, 0xfffffdf5) close(r0) prctl$PR_MCE_KILL_GET(0x22) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000400)) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000140)={@in={{0x2, 0x4e22, @multicast2}}, 0x0, 0x4997, 0x0, "39314c7b39ef9a8232e585702d3a952314380a9cbb297d8effd550918dc810ac3a2a09e4c18f7be3222c6d768bb24dd229ac764b7661949987d5a6c57a735b43ded46e469a27159f163f09ee8ea57f0a"}, 0xd8) 08:24:13 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x246) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffff57) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) ioctl$KVM_RUN(r2, 0xae80, 0x0) 08:24:13 executing program 5: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000200)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020301002904027400f8", 0x16}], 0x8003, 0x0) 08:24:15 executing program 0: socket$pppoe(0x18, 0x1, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = socket$pppoe(0x18, 0x1, 0x0) pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) set_mempolicy(0x1, &(0x7f0000000380)=0x5b4, 0x20) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/.yz0\x04', 0x1ff) mount$fuse(0x20000000, &(0x7f0000000540)='./file0\x00', 0x0, 0x807a00, 0x0) ioctl$sock_ifreq(r0, 0x891e, &(0x7f0000000100)={'veth1\x00', @ifru_addrs=@isdn={0x22, 0x7, 0x9, 0xa2bd, 0x100000000}}) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x1) fcntl$F_SET_RW_HINT(r1, 0x40c, &(0x7f0000000040)=0x7) r3 = open(&(0x7f0000000500)='./file0\x00', 0x0, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000140)={0x0}, &(0x7f0000000240)=0xc) write$cgroup_pid(r1, &(0x7f0000000280)=r5, 0x12) lsetxattr$trusted_overlay_opaque(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='trusted.overlay.opaque\x00', &(0x7f0000000340)='y\x00', 0x2, 0x1) ioctl$UI_DEV_DESTROY(r1, 0x5502) write$cgroup_pid(r4, &(0x7f0000000180), 0x12) ioctl$UI_DEV_SETUP(r3, 0x405c5503, &(0x7f00000001c0)={{0x3, 0x8, 0xffffffffffffff00, 0x400}, 'syz1\x00', 0x54}) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 08:24:15 executing program 5: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000200)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020301002904027400f8", 0x16}], 0x8003, 0x0) 08:24:15 executing program 1: mkdir(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000640)={{{@in6=@dev, @in6=@ipv4}}, {{@in6}, 0x0, @in6=@mcast1}}, 0x0) syz_mount_image$jfs(&(0x7f0000000040)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x8, 0x0, 0x0, 0x0, 0x0) 08:24:15 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_ifreq(r0, 0x8943, &(0x7f00000001c0)={'syz_tun\x00\x00\x00\x00\x00\x00\x00\xe5\x00', @ifru_ivalue}) 08:24:15 executing program 3: openat$ashmem(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0xc, 0x100082) r1 = memfd_create(&(0x7f0000000c80)='[trusted$\x00', 0x0) pwritev(r1, &(0x7f00000000c0)=[{&(0x7f00000005c0)='\'', 0x1}], 0x1, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) pkey_alloc(0x0, 0x2) openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0xc80, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r1, 0x0, 0x20000102000007) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x6, 0x5, 0x0, 0x0, 0x6, 0x1, "b92481f2b6049517f74de08916cf213343b15d035fc2fe51426f3c9125e1da89cad2929cd06aca1bd4b0a988279268e61234ff8a41cd19abd481eb55130d64ca", "a3510a8deb27705deb2fac58f4f379ddd8e50e8d868ee0425ecfc1c6f4a716df3e4be867d973bcc3e056a1a04eafdeacbd0e434a62db69a6bd53316c42f16b21", "f0642b0793a51cd04ad5c00d6cf24b506d17a8df96c5968a4226e09f847e4b08", [0x0, 0x4]}) setsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, 0x0, 0x0) ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x541a, 0x0) 08:24:15 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000080)=0x400000000001, 0x9) connect$inet6(r0, &(0x7f0000000000), 0x1c) r2 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r2, 0x29, 0x11, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 08:24:16 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000017000)=0xfffff7fffffffffd, 0x4) r0 = socket$inet(0x2, 0x1, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) bind$inet(r1, &(0x7f0000000300)={0x2, 0x0, @multicast2}, 0x10) bind$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) ioctl$VT_GETSTATE(0xffffffffffffffff, 0x5603, &(0x7f0000000240)={0x7, 0x7}) ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000340)={'sit0\x00', 0xffff}) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$inet_udp(0x2, 0x2, 0x0) close(r5) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0xfffffdc6) r6 = socket$inet(0x2, 0x3, 0x1) setsockopt$inet_mreqn(r5, 0x0, 0x20, &(0x7f00000000c0)={@rand_addr, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x14) connect$inet(r5, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IP_VS_SO_GET_SERVICE(r2, 0x0, 0x483, &(0x7f0000000100), &(0x7f0000000080)=0x68) setitimer(0x1, &(0x7f0000000180)={{}, {0x0, 0x2710}}, 0x0) splice(r3, 0x0, r6, 0x0, 0x810005, 0x8) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x10ffff) fcntl$getownex(r2, 0x10, &(0x7f0000000000)) connect$bt_rfcomm(0xffffffffffffffff, 0x0, 0x0) setxattr(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000280)=@random={'osx.', '.posix_acl_access\x00'}, &(0x7f00000002c0)='-system%eth1wlan1\x00', 0x12, 0x3) listen(0xffffffffffffffff, 0x0) 08:24:16 executing program 0: socket$pppoe(0x18, 0x1, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = socket$pppoe(0x18, 0x1, 0x0) pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) set_mempolicy(0x1, &(0x7f0000000380)=0x5b4, 0x20) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/.yz0\x04', 0x1ff) mount$fuse(0x20000000, &(0x7f0000000540)='./file0\x00', 0x0, 0x807a00, 0x0) ioctl$sock_ifreq(r0, 0x891e, &(0x7f0000000100)={'veth1\x00', @ifru_addrs=@isdn={0x22, 0x7, 0x9, 0xa2bd, 0x100000000}}) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x1) fcntl$F_SET_RW_HINT(r1, 0x40c, &(0x7f0000000040)=0x7) r3 = open(&(0x7f0000000500)='./file0\x00', 0x0, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000140)={0x0}, &(0x7f0000000240)=0xc) write$cgroup_pid(r1, &(0x7f0000000280)=r5, 0x12) lsetxattr$trusted_overlay_opaque(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='trusted.overlay.opaque\x00', &(0x7f0000000340)='y\x00', 0x2, 0x1) ioctl$UI_DEV_DESTROY(r1, 0x5502) write$cgroup_pid(r4, &(0x7f0000000180), 0x12) ioctl$UI_DEV_SETUP(r3, 0x405c5503, &(0x7f00000001c0)={{0x3, 0x8, 0xffffffffffffff00, 0x400}, 'syz1\x00', 0x54}) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 08:24:16 executing program 5: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000200)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020301002904027400f8", 0x16}], 0x8003, 0x0) 08:24:16 executing program 3: r0 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f0000000c80)='[trusted$\x00', 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x6, 0x0, "b92481f2b6049517f74de08916cf213343b15d035fc2fe51426f3c9125e1da89cad2929cd06aca1bd4b0a988279268e61234ff8a41cd19abd481eb55130d64ca", "a3510a8deb27705deb2fac58f4f379ddd8e50e8d868ee0425ecfc1c6f4a716df3e4be867d973bcc3e056a1a04eafdeacbd0e434a62db69a6bd53316c42f16b21", "f0642b0793a51cd04ad5c00d6cf24b506d17a8df96c5968a4226e09f847e4b08", [0x100]}) 08:24:16 executing program 2: sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) connect$bt_l2cap(r0, &(0x7f00000000c0)={0x1f, 0x0, {}, 0x4, 0x8001}, 0xe) 08:24:16 executing program 1: mkdir(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000640)={{{@in6=@dev, @in6=@ipv4}}, {{@in6}, 0x0, @in6=@mcast1}}, 0x0) syz_mount_image$jfs(&(0x7f0000000040)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x8, 0x0, 0x0, 0x0, 0x0) 08:24:16 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg(r1, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0) recvmsg(r0, &(0x7f000000a840)={0x0, 0x0, 0x0}, 0x0) 08:24:16 executing program 0: socket$pppoe(0x18, 0x1, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = socket$pppoe(0x18, 0x1, 0x0) pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) set_mempolicy(0x1, &(0x7f0000000380)=0x5b4, 0x20) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/.yz0\x04', 0x1ff) mount$fuse(0x20000000, &(0x7f0000000540)='./file0\x00', 0x0, 0x807a00, 0x0) ioctl$sock_ifreq(r0, 0x891e, &(0x7f0000000100)={'veth1\x00', @ifru_addrs=@isdn={0x22, 0x7, 0x9, 0xa2bd, 0x100000000}}) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x1) fcntl$F_SET_RW_HINT(r1, 0x40c, &(0x7f0000000040)=0x7) r3 = open(&(0x7f0000000500)='./file0\x00', 0x0, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000140)={0x0}, &(0x7f0000000240)=0xc) write$cgroup_pid(r1, &(0x7f0000000280)=r5, 0x12) lsetxattr$trusted_overlay_opaque(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='trusted.overlay.opaque\x00', &(0x7f0000000340)='y\x00', 0x2, 0x1) ioctl$UI_DEV_DESTROY(r1, 0x5502) write$cgroup_pid(r4, &(0x7f0000000180), 0x12) ioctl$UI_DEV_SETUP(r3, 0x405c5503, &(0x7f00000001c0)={{0x3, 0x8, 0xffffffffffffff00, 0x400}, 'syz1\x00', 0x54}) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) [ 193.165530][ T8134] check_preemption_disabled: 3 callbacks suppressed [ 193.165574][ T8134] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8134 [ 193.182814][ T8134] caller is sk_mc_loop+0x1d/0x210 [ 193.187968][ T8134] CPU: 0 PID: 8134 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 193.197007][ T8134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 193.207068][ T8134] Call Trace: [ 193.210360][ T8134] dump_stack+0x172/0x1f0 08:24:16 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000100)={'tunl0\x00', 0x600}) [ 193.214696][ T8134] __this_cpu_preempt_check+0x246/0x270 [ 193.220240][ T8134] sk_mc_loop+0x1d/0x210 [ 193.224493][ T8134] ip_mc_output+0x2ef/0xf70 [ 193.229016][ T8134] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 193.234144][ T8134] ? ip_append_data.part.0+0x170/0x170 [ 193.239604][ T8134] ? retint_kernel+0x2d/0x2d [ 193.244214][ T8134] ip_local_out+0xc4/0x1b0 [ 193.248639][ T8134] ip_send_skb+0x42/0xf0 [ 193.252887][ T8134] ip_push_pending_frames+0x64/0x80 [ 193.258083][ T8134] raw_sendmsg+0x1e6d/0x2f20 [ 193.262711][ T8134] ? compat_raw_getsockopt+0x100/0x100 [ 193.268328][ T8134] ? mark_held_locks+0xa4/0xf0 [ 193.273093][ T8134] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 193.278551][ T8134] ? lockdep_hardirqs_on+0x418/0x5d0 [ 193.284233][ T8134] ? retint_kernel+0x2d/0x2d [ 193.288834][ T8134] ? mark_held_locks+0xa4/0xf0 [ 193.293602][ T8134] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 193.299066][ T8134] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 193.304535][ T8134] ? 0xffffffff81000000 [ 193.308712][ T8134] ? retint_kernel+0x2d/0x2d [ 193.313322][ T8134] ? compat_raw_getsockopt+0x100/0x100 [ 193.318798][ T8134] inet_sendmsg+0x147/0x5e0 [ 193.323318][ T8134] ? compat_raw_getsockopt+0x100/0x100 [ 193.328756][ T8134] ? inet_sendmsg+0x147/0x5e0 [ 193.333428][ T8134] ? ipip_gro_receive+0x100/0x100 [ 193.338445][ T8134] sock_sendmsg+0xdd/0x130 [ 193.342883][ T8134] kernel_sendmsg+0x44/0x50 [ 193.347394][ T8134] sock_no_sendpage+0x116/0x150 [ 193.352237][ T8134] ? sock_kfree_s+0x70/0x70 [ 193.356772][ T8134] ? retint_kernel+0x2d/0x2d [ 193.361398][ T8134] inet_sendpage+0x44a/0x630 [ 193.366003][ T8134] kernel_sendpage+0x95/0xf0 [ 193.370583][ T8134] ? inet_sendmsg+0x5e0/0x5e0 [ 193.375270][ T8134] sock_sendpage+0x8b/0xc0 [ 193.379670][ T8134] pipe_to_sendpage+0x299/0x370 [ 193.384503][ T8134] ? kernel_sendpage+0xf0/0xf0 [ 193.389264][ T8134] ? direct_splice_actor+0x1a0/0x1a0 [ 193.394553][ T8134] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.400794][ T8134] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 193.406849][ T8134] __splice_from_pipe+0x395/0x7d0 [ 193.411861][ T8134] ? direct_splice_actor+0x1a0/0x1a0 [ 193.417151][ T8134] ? direct_splice_actor+0x1a0/0x1a0 [ 193.422431][ T8134] splice_from_pipe+0x108/0x170 [ 193.427269][ T8134] ? splice_shrink_spd+0xd0/0xd0 [ 193.432233][ T8134] ? apparmor_file_permission+0x25/0x30 [ 193.437774][ T8134] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.443999][ T8134] ? security_file_permission+0x94/0x380 [ 193.449644][ T8134] generic_splice_sendpage+0x3c/0x50 [ 193.454930][ T8134] ? splice_from_pipe+0x170/0x170 [ 193.459942][ T8134] do_splice+0x70a/0x13c0 [ 193.464257][ T8134] ? opipe_prep.part.0+0x2d0/0x2d0 [ 193.469365][ T8134] ? __fget_light+0x1a9/0x230 [ 193.474050][ T8134] __x64_sys_splice+0x2c6/0x330 [ 193.478920][ T8134] do_syscall_64+0x103/0x610 [ 193.483510][ T8134] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.489391][ T8134] RIP: 0033:0x4582b9 [ 193.493273][ T8134] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 193.512877][ T8134] RSP: 002b:00007f1edc29bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 193.521314][ T8134] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 193.529337][ T8134] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000005 [ 193.537290][ T8134] RBP: 000000000073bfa0 R08: 0000000000810005 R09: 0000000000000008 [ 193.545265][ T8134] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1edc29c6d4 [ 193.553244][ T8134] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 193.578667][ T8134] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8134 [ 193.588074][ T8134] caller is sk_mc_loop+0x1d/0x210 [ 193.593228][ T8134] CPU: 0 PID: 8134 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 193.602250][ T8134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 193.612297][ T8134] Call Trace: [ 193.615607][ T8134] dump_stack+0x172/0x1f0 [ 193.619962][ T8134] __this_cpu_preempt_check+0x246/0x270 [ 193.625546][ T8134] sk_mc_loop+0x1d/0x210 [ 193.629784][ T8134] ip_mc_output+0x2ef/0xf70 [ 193.634291][ T8134] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 193.639411][ T8134] ? __ip_make_skb+0xf15/0x1820 [ 193.644243][ T8134] ? ip_append_data.part.0+0x170/0x170 [ 193.649704][ T8134] ? dst_release+0x62/0xb0 [ 193.654121][ T8134] ? __ip_make_skb+0xf93/0x1820 [ 193.658977][ T8134] ip_local_out+0xc4/0x1b0 [ 193.663398][ T8134] ip_send_skb+0x42/0xf0 [ 193.667642][ T8134] ip_push_pending_frames+0x64/0x80 [ 193.672851][ T8134] raw_sendmsg+0x1e6d/0x2f20 [ 193.677443][ T8134] ? compat_raw_getsockopt+0x100/0x100 [ 193.682898][ T8134] ? lockdep_hardirqs_on+0x418/0x5d0 [ 193.688176][ T8134] ? retint_kernel+0x2d/0x2d [ 193.692793][ T8134] ? ___might_sleep+0x163/0x280 [ 193.697639][ T8134] ? __might_sleep+0x95/0x190 [ 193.702341][ T8134] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 193.707963][ T8134] ? aa_sk_perm+0x288/0x880 [ 193.712463][ T8134] ? retint_kernel+0x2d/0x2d [ 193.717067][ T8134] ? trace_hardirqs_on_caller+0x6a/0x220 [ 193.722698][ T8134] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 193.728236][ T8134] inet_sendmsg+0x147/0x5e0 [ 193.732752][ T8134] ? compat_raw_getsockopt+0x100/0x100 [ 193.738204][ T8134] ? inet_sendmsg+0x147/0x5e0 [ 193.742870][ T8134] ? ipip_gro_receive+0x100/0x100 [ 193.747921][ T8134] sock_sendmsg+0xdd/0x130 [ 193.752390][ T8134] kernel_sendmsg+0x44/0x50 [ 193.756903][ T8134] sock_no_sendpage+0x116/0x150 [ 193.761769][ T8134] ? sock_kfree_s+0x70/0x70 [ 193.766269][ T8134] ? sock_sendmsg+0x5b/0x130 [ 193.770867][ T8134] inet_sendpage+0x44a/0x630 [ 193.775467][ T8134] kernel_sendpage+0x95/0xf0 [ 193.780047][ T8134] ? inet_sendmsg+0x5e0/0x5e0 [ 193.784714][ T8134] sock_sendpage+0x8b/0xc0 [ 193.789110][ T8134] pipe_to_sendpage+0x299/0x370 [ 193.793954][ T8134] ? kernel_sendpage+0xf0/0xf0 [ 193.798726][ T8134] ? direct_splice_actor+0x1a0/0x1a0 [ 193.804007][ T8134] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.810227][ T8134] ? anon_pipe_buf_release+0x1c6/0x270 [ 193.815674][ T8134] __splice_from_pipe+0x395/0x7d0 [ 193.820701][ T8134] ? direct_splice_actor+0x1a0/0x1a0 [ 193.825991][ T8134] ? direct_splice_actor+0x1a0/0x1a0 [ 193.831283][ T8134] splice_from_pipe+0x108/0x170 [ 193.836132][ T8134] ? splice_shrink_spd+0xd0/0xd0 [ 193.841069][ T8134] ? apparmor_file_permission+0x25/0x30 [ 193.846624][ T8134] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.852885][ T8134] ? security_file_permission+0x94/0x380 [ 193.858535][ T8134] generic_splice_sendpage+0x3c/0x50 [ 193.863827][ T8134] ? splice_from_pipe+0x170/0x170 [ 193.868843][ T8134] do_splice+0x70a/0x13c0 [ 193.873169][ T8134] ? opipe_prep.part.0+0x2d0/0x2d0 [ 193.878260][ T8134] ? __fget_light+0x1a9/0x230 [ 193.882933][ T8134] __x64_sys_splice+0x2c6/0x330 [ 193.887800][ T8134] do_syscall_64+0x103/0x610 [ 193.892416][ T8134] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.898317][ T8134] RIP: 0033:0x4582b9 [ 193.902207][ T8134] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 193.921811][ T8134] RSP: 002b:00007f1edc29bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 193.930221][ T8134] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 193.938184][ T8134] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000005 [ 193.946149][ T8134] RBP: 000000000073bfa0 R08: 0000000000810005 R09: 0000000000000008 [ 193.954112][ T8134] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1edc29c6d4 [ 193.962076][ T8134] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 193.978050][ T8134] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8134 [ 193.987455][ T8134] caller is sk_mc_loop+0x1d/0x210 [ 193.992638][ T8134] CPU: 0 PID: 8134 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 194.001653][ T8134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.011706][ T8134] Call Trace: [ 194.015000][ T8134] dump_stack+0x172/0x1f0 [ 194.019336][ T8134] __this_cpu_preempt_check+0x246/0x270 [ 194.024892][ T8134] sk_mc_loop+0x1d/0x210 [ 194.024920][ T8134] ip_mc_output+0x2ef/0xf70 [ 194.024939][ T8134] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 194.024959][ T8134] ? __ip_make_skb+0xf15/0x1820 [ 194.024973][ T8134] ? ip_append_data.part.0+0x170/0x170 [ 194.024984][ T8134] ? dst_release+0x62/0xb0 [ 194.024996][ T8134] ? __ip_make_skb+0xf93/0x1820 [ 194.025021][ T8134] ip_local_out+0xc4/0x1b0 [ 194.025035][ T8134] ip_send_skb+0x42/0xf0 [ 194.067105][ T8134] ip_push_pending_frames+0x64/0x80 [ 194.072304][ T8134] raw_sendmsg+0x1e6d/0x2f20 [ 194.076900][ T8134] ? compat_raw_getsockopt+0x100/0x100 [ 194.082359][ T8134] ? lockdep_hardirqs_on+0x418/0x5d0 [ 194.087639][ T8134] ? retint_kernel+0x2d/0x2d [ 194.092243][ T8134] ? ___might_sleep+0x163/0x280 [ 194.097099][ T8134] ? __might_sleep+0x95/0x190 [ 194.101770][ T8134] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 194.107397][ T8134] ? aa_sk_perm+0x288/0x880 [ 194.111911][ T8134] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 194.117450][ T8134] inet_sendmsg+0x147/0x5e0 [ 194.121943][ T8134] ? compat_raw_getsockopt+0x100/0x100 [ 194.127389][ T8134] ? inet_sendmsg+0x147/0x5e0 [ 194.132059][ T8134] ? ipip_gro_receive+0x100/0x100 [ 194.137093][ T8134] sock_sendmsg+0xdd/0x130 [ 194.141535][ T8134] kernel_sendmsg+0x44/0x50 [ 194.146061][ T8134] sock_no_sendpage+0x116/0x150 [ 194.150919][ T8134] ? sock_kfree_s+0x70/0x70 [ 194.155419][ T8134] ? debug_check_no_obj_freed+0x211/0x444 [ 194.161143][ T8134] ? mark_held_locks+0xa4/0xf0 [ 194.165905][ T8134] inet_sendpage+0x44a/0x630 [ 194.170495][ T8134] kernel_sendpage+0x95/0xf0 [ 194.175537][ T8134] ? inet_sendmsg+0x5e0/0x5e0 [ 194.180223][ T8134] sock_sendpage+0x8b/0xc0 [ 194.184649][ T8134] ? lockdep_hardirqs_on+0x418/0x5d0 [ 194.189932][ T8134] pipe_to_sendpage+0x299/0x370 [ 194.194781][ T8134] ? kernel_sendpage+0xf0/0xf0 [ 194.199539][ T8134] ? direct_splice_actor+0x1a0/0x1a0 [ 194.208379][ T8134] ? __put_page+0x92/0xd0 [ 194.212718][ T8134] ? anon_pipe_buf_release+0x1c6/0x270 [ 194.218176][ T8134] __splice_from_pipe+0x395/0x7d0 [ 194.223242][ T8134] ? direct_splice_actor+0x1a0/0x1a0 [ 194.228543][ T8134] ? direct_splice_actor+0x1a0/0x1a0 [ 194.233851][ T8134] splice_from_pipe+0x108/0x170 [ 194.238710][ T8134] ? splice_shrink_spd+0xd0/0xd0 [ 194.243653][ T8134] ? apparmor_file_permission+0x25/0x30 [ 194.249201][ T8134] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.255439][ T8134] ? security_file_permission+0x94/0x380 [ 194.261067][ T8134] generic_splice_sendpage+0x3c/0x50 [ 194.266343][ T8134] ? splice_from_pipe+0x170/0x170 [ 194.271366][ T8134] do_splice+0x70a/0x13c0 [ 194.275703][ T8134] ? opipe_prep.part.0+0x2d0/0x2d0 [ 194.280812][ T8134] ? __fget_light+0x1a9/0x230 [ 194.285508][ T8134] __x64_sys_splice+0x2c6/0x330 [ 194.290358][ T8134] do_syscall_64+0x103/0x610 [ 194.294951][ T8134] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.300837][ T8134] RIP: 0033:0x4582b9 [ 194.304746][ T8134] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 194.324350][ T8134] RSP: 002b:00007f1edc29bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 194.332755][ T8134] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 194.340714][ T8134] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000005 [ 194.348678][ T8134] RBP: 000000000073bfa0 R08: 0000000000810005 R09: 0000000000000008 [ 194.356640][ T8134] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1edc29c6d4 [ 194.364618][ T8134] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 194.380153][ T8134] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8134 [ 194.389533][ T8134] caller is sk_mc_loop+0x1d/0x210 [ 194.394648][ T8134] CPU: 1 PID: 8134 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 194.403673][ T8134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.413720][ T8134] Call Trace: [ 194.413757][ T8134] dump_stack+0x172/0x1f0 [ 194.413805][ T8134] __this_cpu_preempt_check+0x246/0x270 [ 194.413821][ T8134] sk_mc_loop+0x1d/0x210 [ 194.413842][ T8134] ip_mc_output+0x2ef/0xf70 [ 194.435703][ T8134] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 194.440832][ T8134] ? __ip_make_skb+0xf15/0x1820 [ 194.445690][ T8134] ? ip_append_data.part.0+0x170/0x170 [ 194.451157][ T8134] ? dst_release+0x62/0xb0 [ 194.455588][ T8134] ? __ip_make_skb+0xf93/0x1820 [ 194.460441][ T8134] ip_local_out+0xc4/0x1b0 [ 194.464856][ T8134] ip_send_skb+0x42/0xf0 [ 194.469103][ T8134] ip_push_pending_frames+0x64/0x80 [ 194.474308][ T8134] raw_sendmsg+0x1e6d/0x2f20 [ 194.478915][ T8134] ? compat_raw_getsockopt+0x100/0x100 [ 194.484384][ T8134] ? lockdep_hardirqs_on+0x418/0x5d0 [ 194.489667][ T8134] ? retint_kernel+0x2d/0x2d [ 194.494328][ T8134] ? ___might_sleep+0x163/0x280 [ 194.499184][ T8134] ? __might_sleep+0x95/0x190 [ 194.503863][ T8134] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 194.509492][ T8134] ? aa_sk_perm+0x288/0x880 [ 194.514006][ T8134] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 194.519564][ T8134] inet_sendmsg+0x147/0x5e0 [ 194.524063][ T8134] ? compat_raw_getsockopt+0x100/0x100 [ 194.529515][ T8134] ? inet_sendmsg+0x147/0x5e0 [ 194.534189][ T8134] ? ipip_gro_receive+0x100/0x100 [ 194.539214][ T8134] sock_sendmsg+0xdd/0x130 [ 194.543634][ T8134] kernel_sendmsg+0x44/0x50 [ 194.548145][ T8134] sock_no_sendpage+0x116/0x150 [ 194.552993][ T8134] ? sock_kfree_s+0x70/0x70 [ 194.557499][ T8134] ? debug_check_no_obj_freed+0x211/0x444 [ 194.563227][ T8134] ? mark_held_locks+0xa4/0xf0 [ 194.568005][ T8134] inet_sendpage+0x44a/0x630 [ 194.572629][ T8134] kernel_sendpage+0x95/0xf0 [ 194.577217][ T8134] ? inet_sendmsg+0x5e0/0x5e0 [ 194.581896][ T8134] sock_sendpage+0x8b/0xc0 [ 194.586305][ T8134] ? lockdep_hardirqs_on+0x418/0x5d0 [ 194.591593][ T8134] pipe_to_sendpage+0x299/0x370 [ 194.596455][ T8134] ? kernel_sendpage+0xf0/0xf0 [ 194.601234][ T8134] ? direct_splice_actor+0x1a0/0x1a0 [ 194.606537][ T8134] ? __put_page+0x92/0xd0 [ 194.610872][ T8134] ? anon_pipe_buf_release+0x1c6/0x270 [ 194.616344][ T8134] __splice_from_pipe+0x395/0x7d0 [ 194.621368][ T8134] ? direct_splice_actor+0x1a0/0x1a0 [ 194.626658][ T8134] ? direct_splice_actor+0x1a0/0x1a0 [ 194.631938][ T8134] splice_from_pipe+0x108/0x170 [ 194.636793][ T8134] ? splice_shrink_spd+0xd0/0xd0 [ 194.641737][ T8134] ? apparmor_file_permission+0x25/0x30 [ 194.647297][ T8134] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.653550][ T8134] ? security_file_permission+0x94/0x380 [ 194.659186][ T8134] generic_splice_sendpage+0x3c/0x50 [ 194.664466][ T8134] ? splice_from_pipe+0x170/0x170 [ 194.669489][ T8134] do_splice+0x70a/0x13c0 [ 194.673834][ T8134] ? opipe_prep.part.0+0x2d0/0x2d0 [ 194.678950][ T8134] ? __fget_light+0x1a9/0x230 [ 194.683657][ T8134] __x64_sys_splice+0x2c6/0x330 [ 194.688515][ T8134] do_syscall_64+0x103/0x610 [ 194.693160][ T8134] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.699046][ T8134] RIP: 0033:0x4582b9 [ 194.702940][ T8134] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 194.722558][ T8134] RSP: 002b:00007f1edc29bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 194.730968][ T8134] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 194.738938][ T8134] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000005 [ 194.746904][ T8134] RBP: 000000000073bfa0 R08: 0000000000810005 R09: 0000000000000008 [ 194.754883][ T8134] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1edc29c6d4 [ 194.762874][ T8134] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 194.785565][ T8134] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8134 [ 194.794990][ T8134] caller is sk_mc_loop+0x1d/0x210 [ 194.800048][ T8134] CPU: 0 PID: 8134 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 194.809062][ T8134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.809068][ T8134] Call Trace: [ 194.809088][ T8134] dump_stack+0x172/0x1f0 [ 194.809110][ T8134] __this_cpu_preempt_check+0x246/0x270 [ 194.809125][ T8134] sk_mc_loop+0x1d/0x210 [ 194.809141][ T8134] ip_mc_output+0x2ef/0xf70 [ 194.832512][ T8134] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 194.832528][ T8134] ? __ip_make_skb+0xf15/0x1820 [ 194.832547][ T8134] ? ip_append_data.part.0+0x170/0x170 [ 194.832561][ T8134] ? dst_release+0x62/0xb0 [ 194.832579][ T8134] ? __ip_make_skb+0xf93/0x1820 [ 194.832598][ T8134] ip_local_out+0xc4/0x1b0 [ 194.832626][ T8134] ip_send_skb+0x42/0xf0 [ 194.874571][ T8134] ip_push_pending_frames+0x64/0x80 [ 194.879787][ T8134] raw_sendmsg+0x1e6d/0x2f20 [ 194.884394][ T8134] ? compat_raw_getsockopt+0x100/0x100 [ 194.889868][ T8134] ? lockdep_hardirqs_on+0x418/0x5d0 [ 194.895167][ T8134] ? retint_kernel+0x2d/0x2d [ 194.899788][ T8134] ? ___might_sleep+0x163/0x280 [ 194.904648][ T8134] ? __might_sleep+0x95/0x190 [ 194.909329][ T8134] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 194.914962][ T8134] ? aa_sk_perm+0x288/0x880 [ 194.919473][ T8134] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 194.925020][ T8134] inet_sendmsg+0x147/0x5e0 [ 194.929515][ T8134] ? compat_raw_getsockopt+0x100/0x100 [ 194.935005][ T8134] ? inet_sendmsg+0x147/0x5e0 [ 194.939701][ T8134] ? ipip_gro_receive+0x100/0x100 [ 194.944741][ T8134] sock_sendmsg+0xdd/0x130 [ 194.949155][ T8134] kernel_sendmsg+0x44/0x50 [ 194.953663][ T8134] sock_no_sendpage+0x116/0x150 [ 194.958503][ T8134] ? sock_kfree_s+0x70/0x70 [ 194.963008][ T8134] ? debug_check_no_obj_freed+0x211/0x444 [ 194.968731][ T8134] ? mark_held_locks+0xa4/0xf0 [ 194.973496][ T8134] inet_sendpage+0x44a/0x630 [ 194.978089][ T8134] kernel_sendpage+0x95/0xf0 [ 194.982675][ T8134] ? inet_sendmsg+0x5e0/0x5e0 [ 194.987352][ T8134] sock_sendpage+0x8b/0xc0 [ 194.991782][ T8134] ? lockdep_hardirqs_on+0x418/0x5d0 [ 194.997087][ T8134] pipe_to_sendpage+0x299/0x370 [ 195.001941][ T8134] ? kernel_sendpage+0xf0/0xf0 [ 195.006711][ T8134] ? direct_splice_actor+0x1a0/0x1a0 [ 195.011996][ T8134] ? __put_page+0x92/0xd0 [ 195.016346][ T8134] ? anon_pipe_buf_release+0x1c6/0x270 [ 195.021807][ T8134] __splice_from_pipe+0x395/0x7d0 [ 195.026833][ T8134] ? direct_splice_actor+0x1a0/0x1a0 [ 195.032126][ T8134] ? direct_splice_actor+0x1a0/0x1a0 [ 195.037428][ T8134] splice_from_pipe+0x108/0x170 [ 195.042282][ T8134] ? splice_shrink_spd+0xd0/0xd0 [ 195.047226][ T8134] ? apparmor_file_permission+0x25/0x30 [ 195.052770][ T8134] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.059015][ T8134] ? security_file_permission+0x94/0x380 [ 195.064654][ T8134] generic_splice_sendpage+0x3c/0x50 [ 195.069947][ T8134] ? splice_from_pipe+0x170/0x170 [ 195.074970][ T8134] do_splice+0x70a/0x13c0 [ 195.079326][ T8134] ? opipe_prep.part.0+0x2d0/0x2d0 [ 195.084440][ T8134] ? __fget_light+0x1a9/0x230 [ 195.089122][ T8134] __x64_sys_splice+0x2c6/0x330 [ 195.093986][ T8134] do_syscall_64+0x103/0x610 [ 195.098581][ T8134] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 195.104481][ T8134] RIP: 0033:0x4582b9 [ 195.108376][ T8134] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 195.127974][ T8134] RSP: 002b:00007f1edc29bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 08:24:18 executing program 5: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000200)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020301002904027400f8", 0x16}], 0x8003, 0x0) [ 195.136386][ T8134] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 195.144366][ T8134] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000005 [ 195.152348][ T8134] RBP: 000000000073bfa0 R08: 0000000000810005 R09: 0000000000000008 [ 195.160329][ T8134] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1edc29c6d4 [ 195.168296][ T8134] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff 08:24:18 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000100)={'tunl0\x00', 0x600}) [ 195.198729][ T8134] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8134 [ 195.208127][ T8134] caller is sk_mc_loop+0x1d/0x210 [ 195.213239][ T8134] CPU: 1 PID: 8134 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 195.222277][ T8134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 195.232330][ T8134] Call Trace: [ 195.235628][ T8134] dump_stack+0x172/0x1f0 [ 195.239972][ T8134] __this_cpu_preempt_check+0x246/0x270 [ 195.245511][ T8134] sk_mc_loop+0x1d/0x210 [ 195.249760][ T8134] ip_mc_output+0x2ef/0xf70 [ 195.254264][ T8134] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 195.259373][ T8134] ? __ip_make_skb+0xf15/0x1820 [ 195.264203][ T8134] ? ip_append_data.part.0+0x170/0x170 [ 195.269643][ T8134] ? dst_release+0x62/0xb0 [ 195.274039][ T8134] ? __ip_make_skb+0xf93/0x1820 [ 195.278887][ T8134] ip_local_out+0xc4/0x1b0 [ 195.283286][ T8134] ip_send_skb+0x42/0xf0 [ 195.287508][ T8134] ip_push_pending_frames+0x64/0x80 [ 195.292695][ T8134] raw_sendmsg+0x1e6d/0x2f20 [ 195.297352][ T8134] ? compat_raw_getsockopt+0x100/0x100 [ 195.302814][ T8134] ? lockdep_hardirqs_on+0x418/0x5d0 [ 195.308136][ T8134] ? retint_kernel+0x2d/0x2d [ 195.312715][ T8134] ? ___might_sleep+0x163/0x280 [ 195.317569][ T8134] ? __might_sleep+0x95/0x190 [ 195.322243][ T8134] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 195.327865][ T8134] ? aa_sk_perm+0x288/0x880 [ 195.332380][ T8134] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 195.337941][ T8134] inet_sendmsg+0x147/0x5e0 [ 195.342430][ T8134] ? compat_raw_getsockopt+0x100/0x100 [ 195.347866][ T8134] ? inet_sendmsg+0x147/0x5e0 [ 195.352520][ T8134] ? ipip_gro_receive+0x100/0x100 [ 195.357551][ T8134] sock_sendmsg+0xdd/0x130 [ 195.361983][ T8134] kernel_sendmsg+0x44/0x50 [ 195.366496][ T8134] sock_no_sendpage+0x116/0x150 [ 195.371340][ T8134] ? sock_kfree_s+0x70/0x70 [ 195.375851][ T8134] ? debug_check_no_obj_freed+0x211/0x444 [ 195.381567][ T8134] ? mark_held_locks+0xa4/0xf0 [ 195.386318][ T8134] inet_sendpage+0x44a/0x630 [ 195.390903][ T8134] kernel_sendpage+0x95/0xf0 [ 195.395469][ T8134] ? inet_sendmsg+0x5e0/0x5e0 [ 195.400154][ T8134] sock_sendpage+0x8b/0xc0 [ 195.404586][ T8134] ? lockdep_hardirqs_on+0x418/0x5d0 [ 195.409876][ T8134] pipe_to_sendpage+0x299/0x370 [ 195.414717][ T8134] ? kernel_sendpage+0xf0/0xf0 [ 195.419472][ T8134] ? direct_splice_actor+0x1a0/0x1a0 [ 195.424737][ T8134] ? __put_page+0x92/0xd0 [ 195.429043][ T8134] ? anon_pipe_buf_release+0x1c6/0x270 [ 195.434479][ T8134] __splice_from_pipe+0x395/0x7d0 [ 195.439490][ T8134] ? direct_splice_actor+0x1a0/0x1a0 [ 195.444763][ T8134] ? direct_splice_actor+0x1a0/0x1a0 [ 195.450031][ T8134] splice_from_pipe+0x108/0x170 [ 195.454862][ T8134] ? splice_shrink_spd+0xd0/0xd0 [ 195.459783][ T8134] ? apparmor_file_permission+0x25/0x30 [ 195.465328][ T8134] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.471564][ T8134] ? security_file_permission+0x94/0x380 [ 195.477179][ T8134] generic_splice_sendpage+0x3c/0x50 [ 195.482466][ T8134] ? splice_from_pipe+0x170/0x170 [ 195.487492][ T8134] do_splice+0x70a/0x13c0 [ 195.491816][ T8134] ? opipe_prep.part.0+0x2d0/0x2d0 [ 195.496918][ T8134] ? __fget_light+0x1a9/0x230 [ 195.501589][ T8134] __x64_sys_splice+0x2c6/0x330 [ 195.506461][ T8134] do_syscall_64+0x103/0x610 [ 195.511055][ T8134] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 195.516924][ T8134] RIP: 0033:0x4582b9 [ 195.520798][ T8134] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 195.540399][ T8134] RSP: 002b:00007f1edc29bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 195.548818][ T8134] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 195.556766][ T8134] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000005 [ 195.564711][ T8134] RBP: 000000000073bfa0 R08: 0000000000810005 R09: 0000000000000008 [ 195.572687][ T8134] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1edc29c6d4 [ 195.580638][ T8134] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff 08:24:19 executing program 1: r0 = socket$kcm(0xa, 0x20122000000003, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f0000000040), 0x4) sendmsg$kcm(r0, &(0x7f0000000140)={&(0x7f0000003840)=@nl=@unspec={0x40000000, 0xa000000, 0xffffffffa0010000, 0x80fe}, 0x80, &(0x7f0000000000)=[{&(0x7f0000003900)="d90d000076862c681d012f629c75adfa4208d5febf524a024aface6a6ac7d846ed2fa163e15ffb5033e9ad60d7a8a295", 0x30}], 0x1}, 0x0) [ 195.607144][ T8134] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8134 [ 195.616555][ T8134] caller is sk_mc_loop+0x1d/0x210 [ 195.621870][ T8134] CPU: 1 PID: 8134 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 195.630915][ T8134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 195.640968][ T8134] Call Trace: [ 195.644262][ T8134] dump_stack+0x172/0x1f0 [ 195.648663][ T8134] __this_cpu_preempt_check+0x246/0x270 [ 195.654216][ T8134] sk_mc_loop+0x1d/0x210 [ 195.658459][ T8134] ip_mc_output+0x2ef/0xf70 [ 195.662972][ T8134] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 195.668089][ T8134] ? __ip_make_skb+0xf15/0x1820 [ 195.672961][ T8134] ? ip_append_data.part.0+0x170/0x170 [ 195.678422][ T8134] ? dst_release+0x62/0xb0 [ 195.682838][ T8134] ? __ip_make_skb+0xf93/0x1820 [ 195.687690][ T8134] ip_local_out+0xc4/0x1b0 [ 195.692118][ T8134] ip_send_skb+0x42/0xf0 [ 195.696374][ T8134] ip_push_pending_frames+0x64/0x80 [ 195.701583][ T8134] raw_sendmsg+0x1e6d/0x2f20 [ 195.706184][ T8134] ? compat_raw_getsockopt+0x100/0x100 [ 195.711643][ T8134] ? lockdep_hardirqs_on+0x418/0x5d0 [ 195.716926][ T8134] ? retint_kernel+0x2d/0x2d [ 195.721573][ T8134] ? ___might_sleep+0x163/0x280 [ 195.726430][ T8134] ? __might_sleep+0x95/0x190 [ 195.731129][ T8134] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 195.736759][ T8134] ? aa_sk_perm+0x288/0x880 [ 195.741269][ T8134] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 195.746826][ T8134] inet_sendmsg+0x147/0x5e0 [ 195.751331][ T8134] ? compat_raw_getsockopt+0x100/0x100 [ 195.756791][ T8134] ? inet_sendmsg+0x147/0x5e0 [ 195.761469][ T8134] ? ipip_gro_receive+0x100/0x100 [ 195.766504][ T8134] sock_sendmsg+0xdd/0x130 [ 195.770923][ T8134] kernel_sendmsg+0x44/0x50 [ 195.775428][ T8134] sock_no_sendpage+0x116/0x150 [ 195.780277][ T8134] ? sock_kfree_s+0x70/0x70 [ 195.784786][ T8134] ? debug_check_no_obj_freed+0x211/0x444 [ 195.790516][ T8134] ? mark_held_locks+0xa4/0xf0 [ 195.795282][ T8134] inet_sendpage+0x44a/0x630 [ 195.799885][ T8134] kernel_sendpage+0x95/0xf0 [ 195.804471][ T8134] ? inet_sendmsg+0x5e0/0x5e0 [ 195.809166][ T8134] sock_sendpage+0x8b/0xc0 [ 195.813598][ T8134] ? lockdep_hardirqs_on+0x418/0x5d0 [ 195.818883][ T8134] pipe_to_sendpage+0x299/0x370 [ 195.823731][ T8134] ? kernel_sendpage+0xf0/0xf0 [ 195.828495][ T8134] ? direct_splice_actor+0x1a0/0x1a0 [ 195.833781][ T8134] ? __put_page+0x92/0xd0 [ 195.838135][ T8134] ? anon_pipe_buf_release+0x1c6/0x270 [ 195.843597][ T8134] __splice_from_pipe+0x395/0x7d0 [ 195.848620][ T8134] ? direct_splice_actor+0x1a0/0x1a0 [ 195.853917][ T8134] ? direct_splice_actor+0x1a0/0x1a0 [ 195.859202][ T8134] splice_from_pipe+0x108/0x170 [ 195.864066][ T8134] ? splice_shrink_spd+0xd0/0xd0 [ 195.869014][ T8134] ? apparmor_file_permission+0x25/0x30 [ 195.874567][ T8134] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.880805][ T8134] ? security_file_permission+0x94/0x380 [ 195.886441][ T8134] generic_splice_sendpage+0x3c/0x50 [ 195.891726][ T8134] ? splice_from_pipe+0x170/0x170 [ 195.896749][ T8134] do_splice+0x70a/0x13c0 [ 195.901110][ T8134] ? opipe_prep.part.0+0x2d0/0x2d0 [ 195.906249][ T8134] ? __fget_light+0x1a9/0x230 [ 195.910946][ T8134] __x64_sys_splice+0x2c6/0x330 [ 195.915806][ T8134] do_syscall_64+0x103/0x610 [ 195.920394][ T8134] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 195.926281][ T8134] RIP: 0033:0x4582b9 [ 195.930172][ T8134] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 195.949779][ T8134] RSP: 002b:00007f1edc29bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 195.958206][ T8134] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 195.966186][ T8134] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000005 [ 195.974166][ T8134] RBP: 000000000073bfa0 R08: 0000000000810005 R09: 0000000000000008 [ 195.982139][ T8134] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1edc29c6d4 [ 195.990104][ T8134] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 195.999622][ T8134] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8134 [ 196.009257][ T8134] caller is sk_mc_loop+0x1d/0x210 [ 196.014814][ T8134] CPU: 1 PID: 8134 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 196.023837][ T8134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 196.033892][ T8134] Call Trace: [ 196.037180][ T8134] dump_stack+0x172/0x1f0 [ 196.041535][ T8134] __this_cpu_preempt_check+0x246/0x270 [ 196.047079][ T8134] sk_mc_loop+0x1d/0x210 [ 196.051324][ T8134] ip_mc_output+0x2ef/0xf70 [ 196.055840][ T8134] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 196.060946][ T8134] ? __ip_make_skb+0xf15/0x1820 [ 196.065816][ T8134] ? ip_append_data.part.0+0x170/0x170 [ 196.071275][ T8134] ? dst_release+0x62/0xb0 [ 196.075695][ T8134] ? __ip_make_skb+0xf93/0x1820 [ 196.080554][ T8134] ip_local_out+0xc4/0x1b0 [ 196.084972][ T8134] ip_send_skb+0x42/0xf0 [ 196.089215][ T8134] ip_push_pending_frames+0x64/0x80 [ 196.094414][ T8134] raw_sendmsg+0x1e6d/0x2f20 [ 196.099018][ T8134] ? compat_raw_getsockopt+0x100/0x100 [ 196.104481][ T8134] ? lockdep_hardirqs_on+0x418/0x5d0 [ 196.109767][ T8134] ? retint_kernel+0x2d/0x2d [ 196.114384][ T8134] ? ___might_sleep+0x163/0x280 [ 196.119241][ T8134] ? __might_sleep+0x95/0x190 [ 196.123923][ T8134] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 196.129567][ T8134] ? aa_sk_perm+0x288/0x880 [ 196.134079][ T8134] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 196.139632][ T8134] inet_sendmsg+0x147/0x5e0 [ 196.144138][ T8134] ? compat_raw_getsockopt+0x100/0x100 [ 196.149590][ T8134] ? inet_sendmsg+0x147/0x5e0 [ 196.154290][ T8134] ? ipip_gro_receive+0x100/0x100 [ 196.159333][ T8134] sock_sendmsg+0xdd/0x130 [ 196.163777][ T8134] kernel_sendmsg+0x44/0x50 [ 196.168283][ T8134] sock_no_sendpage+0x116/0x150 [ 196.173142][ T8134] ? sock_kfree_s+0x70/0x70 [ 196.177648][ T8134] ? debug_check_no_obj_freed+0x211/0x444 [ 196.183388][ T8134] ? mark_held_locks+0xa4/0xf0 [ 196.188154][ T8134] inet_sendpage+0x44a/0x630 [ 196.192749][ T8134] kernel_sendpage+0x95/0xf0 [ 196.197333][ T8134] ? inet_sendmsg+0x5e0/0x5e0 [ 196.202011][ T8134] sock_sendpage+0x8b/0xc0 [ 196.206420][ T8134] ? lockdep_hardirqs_on+0x418/0x5d0 [ 196.211706][ T8134] pipe_to_sendpage+0x299/0x370 [ 196.216570][ T8134] ? kernel_sendpage+0xf0/0xf0 [ 196.221334][ T8134] ? direct_splice_actor+0x1a0/0x1a0 [ 196.226622][ T8134] ? __put_page+0x92/0xd0 [ 196.230956][ T8134] ? anon_pipe_buf_release+0x1c6/0x270 [ 196.236415][ T8134] __splice_from_pipe+0x395/0x7d0 [ 196.241475][ T8134] ? direct_splice_actor+0x1a0/0x1a0 [ 196.246769][ T8134] ? direct_splice_actor+0x1a0/0x1a0 [ 196.252051][ T8134] splice_from_pipe+0x108/0x170 [ 196.256911][ T8134] ? splice_shrink_spd+0xd0/0xd0 [ 196.261852][ T8134] ? apparmor_file_permission+0x25/0x30 [ 196.267394][ T8134] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 196.273638][ T8134] ? security_file_permission+0x94/0x380 [ 196.279293][ T8134] generic_splice_sendpage+0x3c/0x50 [ 196.284586][ T8134] ? splice_from_pipe+0x170/0x170 [ 196.289610][ T8134] do_splice+0x70a/0x13c0 [ 196.293954][ T8134] ? opipe_prep.part.0+0x2d0/0x2d0 [ 196.299069][ T8134] ? __fget_light+0x1a9/0x230 [ 196.303759][ T8134] __x64_sys_splice+0x2c6/0x330 [ 196.308616][ T8134] do_syscall_64+0x103/0x610 [ 196.313214][ T8134] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.319107][ T8134] RIP: 0033:0x4582b9 [ 196.323023][ T8134] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 196.342618][ T8134] RSP: 002b:00007f1edc29bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 196.351025][ T8134] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 196.358989][ T8134] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000005 [ 196.366957][ T8134] RBP: 000000000073bfa0 R08: 0000000000810005 R09: 0000000000000008 [ 196.374924][ T8134] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1edc29c6d4 [ 196.382894][ T8134] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 196.394442][ T8134] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8134 [ 196.404093][ T8134] caller is sk_mc_loop+0x1d/0x210 [ 196.409165][ T8134] CPU: 0 PID: 8134 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 196.418211][ T8134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 196.428255][ T8134] Call Trace: [ 196.431549][ T8134] dump_stack+0x172/0x1f0 [ 196.435898][ T8134] __this_cpu_preempt_check+0x246/0x270 [ 196.441464][ T8134] sk_mc_loop+0x1d/0x210 [ 196.445717][ T8134] ip_mc_output+0x2ef/0xf70 [ 196.450219][ T8134] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 196.455325][ T8134] ? __ip_make_skb+0xf15/0x1820 [ 196.460185][ T8134] ? ip_append_data.part.0+0x170/0x170 [ 196.465641][ T8134] ? dst_release+0x62/0xb0 [ 196.470053][ T8134] ? __ip_make_skb+0xf93/0x1820 [ 196.474917][ T8134] ip_local_out+0xc4/0x1b0 [ 196.479335][ T8134] ip_send_skb+0x42/0xf0 [ 196.483574][ T8134] ip_push_pending_frames+0x64/0x80 [ 196.488764][ T8134] raw_sendmsg+0x1e6d/0x2f20 [ 196.493359][ T8134] ? compat_raw_getsockopt+0x100/0x100 [ 196.498819][ T8134] ? lockdep_hardirqs_on+0x418/0x5d0 [ 196.504096][ T8134] ? retint_kernel+0x2d/0x2d [ 196.508702][ T8134] ? ___might_sleep+0x163/0x280 [ 196.513555][ T8134] ? __might_sleep+0x95/0x190 [ 196.518249][ T8134] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 196.523900][ T8134] ? aa_sk_perm+0x288/0x880 [ 196.528408][ T8134] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 196.533951][ T8134] inet_sendmsg+0x147/0x5e0 [ 196.538448][ T8134] ? compat_raw_getsockopt+0x100/0x100 [ 196.543895][ T8134] ? inet_sendmsg+0x147/0x5e0 [ 196.548563][ T8134] ? ipip_gro_receive+0x100/0x100 [ 196.553588][ T8134] sock_sendmsg+0xdd/0x130 [ 196.558021][ T8134] kernel_sendmsg+0x44/0x50 [ 196.562529][ T8134] sock_no_sendpage+0x116/0x150 [ 196.567370][ T8134] ? sock_kfree_s+0x70/0x70 [ 196.571883][ T8134] ? debug_check_no_obj_freed+0x211/0x444 [ 196.577610][ T8134] ? mark_held_locks+0xa4/0xf0 [ 196.582380][ T8134] inet_sendpage+0x44a/0x630 [ 196.586970][ T8134] kernel_sendpage+0x95/0xf0 [ 196.591554][ T8134] ? inet_sendmsg+0x5e0/0x5e0 [ 196.596231][ T8134] sock_sendpage+0x8b/0xc0 [ 196.600646][ T8134] ? lockdep_hardirqs_on+0x418/0x5d0 [ 196.605927][ T8134] pipe_to_sendpage+0x299/0x370 [ 196.610773][ T8134] ? kernel_sendpage+0xf0/0xf0 [ 196.615535][ T8134] ? direct_splice_actor+0x1a0/0x1a0 [ 196.620813][ T8134] ? __put_page+0x92/0xd0 [ 196.625140][ T8134] ? anon_pipe_buf_release+0x1c6/0x270 [ 196.630594][ T8134] __splice_from_pipe+0x395/0x7d0 [ 196.635622][ T8134] ? direct_splice_actor+0x1a0/0x1a0 [ 196.640907][ T8134] ? direct_splice_actor+0x1a0/0x1a0 [ 196.646205][ T8134] splice_from_pipe+0x108/0x170 [ 196.651053][ T8134] ? splice_shrink_spd+0xd0/0xd0 [ 196.656006][ T8134] ? apparmor_file_permission+0x25/0x30 [ 196.661548][ T8134] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 196.667786][ T8134] ? security_file_permission+0x94/0x380 [ 196.673421][ T8134] generic_splice_sendpage+0x3c/0x50 [ 196.678705][ T8134] ? splice_from_pipe+0x170/0x170 [ 196.683726][ T8134] do_splice+0x70a/0x13c0 [ 196.688063][ T8134] ? opipe_prep.part.0+0x2d0/0x2d0 [ 196.693179][ T8134] ? __fget_light+0x1a9/0x230 [ 196.697858][ T8134] __x64_sys_splice+0x2c6/0x330 [ 196.702720][ T8134] do_syscall_64+0x103/0x610 [ 196.707307][ T8134] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.713189][ T8134] RIP: 0033:0x4582b9 [ 196.717079][ T8134] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 196.736674][ T8134] RSP: 002b:00007f1edc29bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 196.745094][ T8134] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 196.753058][ T8134] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000005 [ 196.761024][ T8134] RBP: 000000000073bfa0 R08: 0000000000810005 R09: 0000000000000008 [ 196.768988][ T8134] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1edc29c6d4 [ 196.776956][ T8134] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 196.795154][ T8134] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8134 [ 196.804781][ T8134] caller is sk_mc_loop+0x1d/0x210 [ 196.809811][ T8134] CPU: 1 PID: 8134 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 196.818808][ T8134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 196.818813][ T8134] Call Trace: [ 196.818833][ T8134] dump_stack+0x172/0x1f0 [ 196.818857][ T8134] __this_cpu_preempt_check+0x246/0x270 [ 196.832175][ T8134] sk_mc_loop+0x1d/0x210 [ 196.832192][ T8134] ip_mc_output+0x2ef/0xf70 [ 196.832211][ T8134] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 196.832225][ T8134] ? __ip_make_skb+0xf15/0x1820 [ 196.832257][ T8134] ? ip_append_data.part.0+0x170/0x170 [ 196.866195][ T8134] ? dst_release+0x62/0xb0 [ 196.870621][ T8134] ? __ip_make_skb+0xf93/0x1820 [ 196.875485][ T8134] ip_local_out+0xc4/0x1b0 [ 196.879918][ T8134] ip_send_skb+0x42/0xf0 [ 196.884167][ T8134] ip_push_pending_frames+0x64/0x80 [ 196.889381][ T8134] raw_sendmsg+0x1e6d/0x2f20 [ 196.893983][ T8134] ? compat_raw_getsockopt+0x100/0x100 [ 196.899460][ T8134] ? lockdep_hardirqs_on+0x418/0x5d0 [ 196.904748][ T8134] ? retint_kernel+0x2d/0x2d [ 196.909361][ T8134] ? ___might_sleep+0x163/0x280 [ 196.914219][ T8134] ? __might_sleep+0x95/0x190 [ 196.918900][ T8134] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 196.924538][ T8134] ? aa_sk_perm+0x288/0x880 [ 196.929067][ T8134] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 196.934629][ T8134] inet_sendmsg+0x147/0x5e0 [ 196.939147][ T8134] ? compat_raw_getsockopt+0x100/0x100 [ 196.944593][ T8134] ? inet_sendmsg+0x147/0x5e0 [ 196.949258][ T8134] ? ipip_gro_receive+0x100/0x100 [ 196.954263][ T8134] sock_sendmsg+0xdd/0x130 [ 196.958672][ T8134] kernel_sendmsg+0x44/0x50 [ 196.963209][ T8134] sock_no_sendpage+0x116/0x150 [ 196.968038][ T8134] ? sock_kfree_s+0x70/0x70 [ 196.972523][ T8134] ? debug_check_no_obj_freed+0x211/0x444 [ 196.978223][ T8134] ? mark_held_locks+0xa4/0xf0 [ 196.982996][ T8134] inet_sendpage+0x44a/0x630 [ 196.987590][ T8134] kernel_sendpage+0x95/0xf0 [ 196.992155][ T8134] ? inet_sendmsg+0x5e0/0x5e0 [ 196.996833][ T8134] sock_sendpage+0x8b/0xc0 [ 197.001223][ T8134] ? lockdep_hardirqs_on+0x418/0x5d0 [ 197.006497][ T8134] pipe_to_sendpage+0x299/0x370 [ 197.011327][ T8134] ? kernel_sendpage+0xf0/0xf0 [ 197.016094][ T8134] ? direct_splice_actor+0x1a0/0x1a0 [ 197.021360][ T8134] ? __put_page+0x92/0xd0 [ 197.025669][ T8134] ? anon_pipe_buf_release+0x1c6/0x270 [ 197.031119][ T8134] __splice_from_pipe+0x395/0x7d0 [ 197.036144][ T8134] ? direct_splice_actor+0x1a0/0x1a0 [ 197.041410][ T8134] ? direct_splice_actor+0x1a0/0x1a0 [ 197.046673][ T8134] splice_from_pipe+0x108/0x170 [ 197.051500][ T8134] ? splice_shrink_spd+0xd0/0xd0 [ 197.056454][ T8134] ? apparmor_file_permission+0x25/0x30 [ 197.061999][ T8134] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 197.068253][ T8134] ? security_file_permission+0x94/0x380 [ 197.073865][ T8134] generic_splice_sendpage+0x3c/0x50 [ 197.079134][ T8134] ? splice_from_pipe+0x170/0x170 [ 197.084142][ T8134] do_splice+0x70a/0x13c0 [ 197.088458][ T8134] ? opipe_prep.part.0+0x2d0/0x2d0 [ 197.093553][ T8134] ? __fget_light+0x1a9/0x230 [ 197.098213][ T8134] __x64_sys_splice+0x2c6/0x330 [ 197.103046][ T8134] do_syscall_64+0x103/0x610 [ 197.107672][ T8134] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.113537][ T8134] RIP: 0033:0x4582b9 [ 197.117407][ T8134] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 197.136984][ T8134] RSP: 002b:00007f1edc29bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 197.145374][ T8134] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 197.153340][ T8134] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000005 08:24:20 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000017000)=0xfffff7fffffffffd, 0x4) r0 = socket$inet(0x2, 0x1, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) bind$inet(r1, &(0x7f0000000300)={0x2, 0x0, @multicast2}, 0x10) bind$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) ioctl$VT_GETSTATE(0xffffffffffffffff, 0x5603, &(0x7f0000000240)={0x7, 0x7}) ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000340)={'sit0\x00', 0xffff}) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$inet_udp(0x2, 0x2, 0x0) close(r5) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0xfffffdc6) r6 = socket$inet(0x2, 0x3, 0x1) setsockopt$inet_mreqn(r5, 0x0, 0x20, &(0x7f00000000c0)={@rand_addr, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x14) connect$inet(r5, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IP_VS_SO_GET_SERVICE(r2, 0x0, 0x483, &(0x7f0000000100), &(0x7f0000000080)=0x68) setitimer(0x1, &(0x7f0000000180)={{}, {0x0, 0x2710}}, 0x0) splice(r3, 0x0, r6, 0x0, 0x810005, 0x8) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x10ffff) fcntl$getownex(r2, 0x10, &(0x7f0000000000)) connect$bt_rfcomm(0xffffffffffffffff, 0x0, 0x0) setxattr(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000280)=@random={'osx.', '.posix_acl_access\x00'}, &(0x7f00000002c0)='-system%eth1wlan1\x00', 0x12, 0x3) listen(0xffffffffffffffff, 0x0) 08:24:20 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg(r1, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0) recvmsg(r0, &(0x7f000000a840)={0x0, 0x0, 0x0}, 0x0) 08:24:20 executing program 0: socket$pppoe(0x18, 0x1, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = socket$pppoe(0x18, 0x1, 0x0) pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) set_mempolicy(0x1, &(0x7f0000000380)=0x5b4, 0x20) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/.yz0\x04', 0x1ff) mount$fuse(0x20000000, &(0x7f0000000540)='./file0\x00', 0x0, 0x807a00, 0x0) ioctl$sock_ifreq(r0, 0x891e, &(0x7f0000000100)={'veth1\x00', @ifru_addrs=@isdn={0x22, 0x7, 0x9, 0xa2bd, 0x100000000}}) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x1) fcntl$F_SET_RW_HINT(r1, 0x40c, &(0x7f0000000040)=0x7) r3 = open(&(0x7f0000000500)='./file0\x00', 0x0, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000140)={0x0}, &(0x7f0000000240)=0xc) write$cgroup_pid(r1, &(0x7f0000000280)=r5, 0x12) lsetxattr$trusted_overlay_opaque(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='trusted.overlay.opaque\x00', &(0x7f0000000340)='y\x00', 0x2, 0x1) ioctl$UI_DEV_DESTROY(r1, 0x5502) write$cgroup_pid(r4, &(0x7f0000000180), 0x12) ioctl$UI_DEV_SETUP(r3, 0x405c5503, &(0x7f00000001c0)={{0x3, 0x8, 0xffffffffffffff00, 0x400}, 'syz1\x00', 0x54}) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 08:24:20 executing program 3: r0 = socket(0x2, 0x10000001, 0x84) connect$unix(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="82022e2f66696c6530006a5f2aac7d2118869ccf3d69fb3c10fae9738a6503ee277502b9c7843bbaa75ecea60cb8"], 0x1) sendto$inet(r0, &(0x7f0000000100)='%', 0x1, 0x0, 0x0, 0x0) [ 197.161309][ T8134] RBP: 000000000073bfa0 R08: 0000000000810005 R09: 0000000000000008 [ 197.169396][ T8134] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1edc29c6d4 [ 197.177778][ T8134] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff 08:24:21 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x2) write$evdev(r0, &(0x7f0000057fa0)=[{}, {}], 0xfffffd24) r1 = dup2(r0, r0) clone(0x6102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$EVIOCGREP(r1, 0x80084503, 0x0) ioctl$EVIOCGABS2F(r0, 0x8018456f, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) 08:24:21 executing program 5: syz_mount_image$msdos(0x0, &(0x7f0000000200)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020301002904027400f8", 0x16}], 0x8003, 0x0) 08:24:21 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000040)=0x4) 08:24:21 executing program 3: socketpair$unix(0x1, 0x10000000000001, 0x0, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0xb, 0x140001) ioctl$BLKDISCARD(r0, 0x1277, 0x0) r1 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x3, 0x0) ioctl$sock_SIOCGIFBR(0xffffffffffffffff, 0x8940, &(0x7f00000001c0)=@get={0x1, &(0x7f00000002c0)=""/205, 0x2}) ioctl$sock_inet_SIOCSIFNETMASK(0xffffffffffffffff, 0x891c, 0x0) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r1, 0xc040564a, &(0x7f0000000180)={0x0, 0x1}) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) clock_getres(0x83fffffc, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc\x00', 0x0, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(r2, 0x7003, 0x0) fchmod(r2, 0x0) prctl$PR_CAPBSET_READ(0x17, 0x22) preadv(r2, &(0x7f0000000280)=[{&(0x7f00000003c0)=""/116, 0x74}], 0x1, 0x0) 08:24:21 executing program 0: openat$dlm_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) eventfd(0x8) 08:24:21 executing program 5: syz_mount_image$msdos(0x0, &(0x7f0000000200)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020301002904027400f8", 0x16}], 0x8003, 0x0) 08:24:21 executing program 1: r0 = socket$kcm(0x2, 0x3, 0x2) sendmsg$kcm(r0, &(0x7f00000004c0)={&(0x7f00000001c0)=@nl=@unspec, 0x80, 0x0}, 0x10) 08:24:21 executing program 2: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x5452, &(0x7f0000000240)='cpu\t&-6\n\x00\xff\x00\xdc.\xdf\xbbk\xad\x1b\xf3\xf6_|S\x93>\xb4\x15#b\x91\xec\xf2\x12\xbb\xd0\xcd0\xa4\xda\xa8\xe1o+\xbd}EV\xba6\xae\xee(4\xe4\x8d\x17\b\xa7\xb04G\xc28\xfb\x19\x94\xdf\x11JE\x02\x98Pm\x0f(\x98\xff\x05[\xd9\xad|\xa3\xc9Y~\xf4\xf7\xf9F\x9c\xf0\x83H\xb5\x12\xdeM\x802\x1f\xa6\x8a\x89\x1c') close(r0) 08:24:21 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000017000)=0xfffff7fffffffffd, 0x4) r0 = socket$inet(0x2, 0x1, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) bind$inet(r1, &(0x7f0000000300)={0x2, 0x0, @multicast2}, 0x10) bind$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) ioctl$VT_GETSTATE(0xffffffffffffffff, 0x5603, &(0x7f0000000240)={0x7, 0x7}) ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000340)={'sit0\x00', 0xffff}) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$inet_udp(0x2, 0x2, 0x0) close(r5) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0xfffffdc6) r6 = socket$inet(0x2, 0x3, 0x1) setsockopt$inet_mreqn(r5, 0x0, 0x20, &(0x7f00000000c0)={@rand_addr, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x14) connect$inet(r5, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IP_VS_SO_GET_SERVICE(r2, 0x0, 0x483, &(0x7f0000000100), &(0x7f0000000080)=0x68) setitimer(0x1, &(0x7f0000000180)={{}, {0x0, 0x2710}}, 0x0) splice(r3, 0x0, r6, 0x0, 0x810005, 0x8) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x10ffff) fcntl$getownex(r2, 0x10, &(0x7f0000000000)) connect$bt_rfcomm(0xffffffffffffffff, 0x0, 0x0) setxattr(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000280)=@random={'osx.', '.posix_acl_access\x00'}, &(0x7f00000002c0)='-system%eth1wlan1\x00', 0x12, 0x3) listen(0xffffffffffffffff, 0x0) 08:24:21 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffff57) openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) ioctl$KVM_RUN(r2, 0xae80, 0x0) 08:24:21 executing program 0: r0 = perf_event_open(&(0x7f0000000100)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_config_ext={0x0, 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) exit(0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_submit(0x0, 0x0, &(0x7f0000bd9fe0)) poll(&(0x7f0000000000)=[{r0}], 0x1, 0x0) 08:24:21 executing program 5: syz_mount_image$msdos(0x0, &(0x7f0000000200)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020301002904027400f8", 0x16}], 0x8003, 0x0) 08:24:21 executing program 2: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x5452, &(0x7f0000000240)='cpu\t&-6\n\x00\xff\x00\xdc.\xdf\xbbk\xad\x1b\xf3\xf6_|S\x93>\xb4\x15#b\x91\xec\xf2\x12\xbb\xd0\xcd0\xa4\xda\xa8\xe1o+\xbd}EV\xba6\xae\xee(4\xe4\x8d\x17\b\xa7\xb04G\xc28\xfb\x19\x94\xdf\x11JE\x02\x98Pm\x0f(\x98\xff\x05[\xd9\xad|\xa3\xc9Y~\xf4\xf7\xf9F\x9c\xf0\x83H\xb5\x12\xdeM\x802\x1f\xa6\x8a\x89\x1c') close(r0) 08:24:21 executing program 2: openat$ashmem(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x1000010000, 0x2000) r1 = memfd_create(&(0x7f0000000c80)='[trusted$\x00', 0x100000000) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) [ 198.258258][ T8234] check_preemption_disabled: 86 callbacks suppressed [ 198.258310][ T8234] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8234 [ 198.275424][ T8234] caller is sk_mc_loop+0x1d/0x210 [ 198.280808][ T8234] CPU: 1 PID: 8234 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 198.289951][ T8234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 198.300506][ T8234] Call Trace: [ 198.303794][ T8234] dump_stack+0x172/0x1f0 [ 198.308133][ T8234] __this_cpu_preempt_check+0x246/0x270 [ 198.313674][ T8234] sk_mc_loop+0x1d/0x210 [ 198.317915][ T8234] ip_mc_output+0x2ef/0xf70 [ 198.322417][ T8234] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 198.327538][ T8234] ip_local_out+0xc4/0x1b0 [ 198.331950][ T8234] ip_send_skb+0x42/0xf0 [ 198.336195][ T8234] ip_push_pending_frames+0x64/0x80 [ 198.341386][ T8234] raw_sendmsg+0x1e6d/0x2f20 [ 198.345980][ T8234] ? compat_raw_getsockopt+0x100/0x100 [ 198.351440][ T8234] ? mark_held_locks+0xa4/0xf0 [ 198.356198][ T8234] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.361649][ T8234] ? lockdep_hardirqs_on+0x418/0x5d0 [ 198.366937][ T8234] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.372401][ T8234] ? aa_sk_perm+0x22c/0x880 [ 198.376894][ T8234] ? audit_add_tree_rule.cold+0x37/0x37 [ 198.382448][ T8234] ? aa_sk_perm+0x288/0x880 [ 198.386978][ T8234] ? lockdep_hardirqs_on+0x418/0x5d0 [ 198.392261][ T8234] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 198.397799][ T8234] inet_sendmsg+0x147/0x5e0 [ 198.402293][ T8234] ? compat_raw_getsockopt+0x100/0x100 [ 198.407746][ T8234] ? inet_sendmsg+0x147/0x5e0 [ 198.412414][ T8234] ? ipip_gro_receive+0x100/0x100 [ 198.417433][ T8234] sock_sendmsg+0xdd/0x130 [ 198.421846][ T8234] kernel_sendmsg+0x44/0x50 [ 198.426343][ T8234] sock_no_sendpage+0x116/0x150 [ 198.431184][ T8234] ? sock_kfree_s+0x70/0x70 [ 198.435677][ T8234] ? trace_hardirqs_on_caller+0x6a/0x220 [ 198.441311][ T8234] ? retint_kernel+0x2d/0x2d [ 198.445907][ T8234] inet_sendpage+0x44a/0x630 [ 198.450507][ T8234] kernel_sendpage+0x95/0xf0 [ 198.455106][ T8234] ? inet_sendmsg+0x5e0/0x5e0 [ 198.459787][ T8234] sock_sendpage+0x8b/0xc0 [ 198.464196][ T8234] ? pipe_lock+0x6e/0x80 [ 198.468459][ T8234] pipe_to_sendpage+0x299/0x370 [ 198.473321][ T8234] ? kernel_sendpage+0xf0/0xf0 [ 198.478086][ T8234] ? direct_splice_actor+0x1a0/0x1a0 [ 198.483377][ T8234] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 198.489612][ T8234] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 198.495706][ T8234] __splice_from_pipe+0x395/0x7d0 [ 198.500734][ T8234] ? direct_splice_actor+0x1a0/0x1a0 [ 198.506045][ T8234] ? direct_splice_actor+0x1a0/0x1a0 [ 198.511353][ T8234] splice_from_pipe+0x108/0x170 [ 198.516245][ T8234] ? splice_shrink_spd+0xd0/0xd0 [ 198.521198][ T8234] ? apparmor_file_permission+0x25/0x30 [ 198.526737][ T8234] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 198.532997][ T8234] ? security_file_permission+0x94/0x380 [ 198.538626][ T8234] generic_splice_sendpage+0x3c/0x50 [ 198.543902][ T8234] ? splice_from_pipe+0x170/0x170 [ 198.548932][ T8234] do_splice+0x70a/0x13c0 [ 198.553263][ T8234] ? opipe_prep.part.0+0x2d0/0x2d0 [ 198.558372][ T8234] ? __fget_light+0x1a9/0x230 [ 198.563048][ T8234] __x64_sys_splice+0x2c6/0x330 [ 198.567899][ T8234] do_syscall_64+0x103/0x610 [ 198.572492][ T8234] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.578375][ T8234] RIP: 0033:0x4582b9 [ 198.582265][ T8234] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 198.601871][ T8234] RSP: 002b:00007f1edc29bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 198.610272][ T8234] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 198.618233][ T8234] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000005 [ 198.626210][ T8234] RBP: 000000000073bfa0 R08: 0000000000810005 R09: 0000000000000008 [ 198.634172][ T8234] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1edc29c6d4 [ 198.642134][ T8234] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 198.674393][ T8234] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8234 [ 198.684504][ T8234] caller is sk_mc_loop+0x1d/0x210 [ 198.689735][ T8234] CPU: 0 PID: 8234 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 198.698746][ T8234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 198.708799][ T8234] Call Trace: [ 198.708821][ T8234] dump_stack+0x172/0x1f0 [ 198.708844][ T8234] __this_cpu_preempt_check+0x246/0x270 [ 198.708860][ T8234] sk_mc_loop+0x1d/0x210 [ 198.708877][ T8234] ip_mc_output+0x2ef/0xf70 [ 198.708900][ T8234] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 198.716510][ T8234] ? __ip_make_skb+0xf15/0x1820 [ 198.716527][ T8234] ? ip_append_data.part.0+0x170/0x170 [ 198.716549][ T8234] ? dst_release+0x62/0xb0 [ 198.735891][ T8234] ? __ip_make_skb+0xf93/0x1820 [ 198.735910][ T8234] ip_local_out+0xc4/0x1b0 [ 198.735929][ T8234] ip_send_skb+0x42/0xf0 [ 198.735946][ T8234] ip_push_pending_frames+0x64/0x80 [ 198.735962][ T8234] raw_sendmsg+0x1e6d/0x2f20 [ 198.735987][ T8234] ? compat_raw_getsockopt+0x100/0x100 [ 198.755506][ T8234] ? mark_held_locks+0xa4/0xf0 [ 198.755550][ T8234] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.755577][ T8234] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.755593][ T8234] ? lockdep_hardirqs_on+0x418/0x5d0 [ 198.755677][ T8234] ? ___might_sleep+0x163/0x280 [ 198.769626][ T8234] ? __might_sleep+0x95/0x190 [ 198.769645][ T8234] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 198.769660][ T8234] ? aa_sk_perm+0x288/0x880 [ 198.769683][ T8234] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 198.769702][ T8234] inet_sendmsg+0x147/0x5e0 [ 198.830257][ T8234] ? compat_raw_getsockopt+0x100/0x100 [ 198.835712][ T8234] ? inet_sendmsg+0x147/0x5e0 [ 198.840377][ T8234] ? ipip_gro_receive+0x100/0x100 [ 198.845402][ T8234] sock_sendmsg+0xdd/0x130 [ 198.849814][ T8234] kernel_sendmsg+0x44/0x50 [ 198.854311][ T8234] sock_no_sendpage+0x116/0x150 [ 198.859148][ T8234] ? sock_kfree_s+0x70/0x70 [ 198.863647][ T8234] ? lockdep_hardirqs_on+0x418/0x5d0 [ 198.868926][ T8234] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.874384][ T8234] inet_sendpage+0x44a/0x630 [ 198.878972][ T8234] kernel_sendpage+0x95/0xf0 [ 198.883556][ T8234] ? inet_sendmsg+0x5e0/0x5e0 [ 198.888228][ T8234] sock_sendpage+0x8b/0xc0 [ 198.892640][ T8234] ? pipe_lock+0x6e/0x80 [ 198.896892][ T8234] pipe_to_sendpage+0x299/0x370 [ 198.901735][ T8234] ? kernel_sendpage+0xf0/0xf0 [ 198.906492][ T8234] ? direct_splice_actor+0x1a0/0x1a0 [ 198.911786][ T8234] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 198.918022][ T8234] ? anon_pipe_buf_release+0x1c6/0x270 [ 198.923480][ T8234] __splice_from_pipe+0x395/0x7d0 [ 198.928501][ T8234] ? direct_splice_actor+0x1a0/0x1a0 [ 198.933806][ T8234] ? direct_splice_actor+0x1a0/0x1a0 [ 198.939083][ T8234] splice_from_pipe+0x108/0x170 [ 198.943952][ T8234] ? splice_shrink_spd+0xd0/0xd0 [ 198.948888][ T8234] ? apparmor_file_permission+0x25/0x30 [ 198.954436][ T8234] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 198.960695][ T8234] ? security_file_permission+0x94/0x380 [ 198.966332][ T8234] generic_splice_sendpage+0x3c/0x50 [ 198.971610][ T8234] ? splice_from_pipe+0x170/0x170 [ 198.976637][ T8234] do_splice+0x70a/0x13c0 [ 198.980972][ T8234] ? opipe_prep.part.0+0x2d0/0x2d0 [ 198.986080][ T8234] ? __fget_light+0x1a9/0x230 [ 198.990753][ T8234] __x64_sys_splice+0x2c6/0x330 [ 198.995604][ T8234] do_syscall_64+0x103/0x610 [ 199.000196][ T8234] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.006077][ T8234] RIP: 0033:0x4582b9 [ 199.010005][ T8234] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.029597][ T8234] RSP: 002b:00007f1edc29bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 199.038002][ T8234] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 199.045991][ T8234] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000005 [ 199.053948][ T8234] RBP: 000000000073bfa0 R08: 0000000000810005 R09: 0000000000000008 [ 199.061915][ T8234] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1edc29c6d4 08:24:22 executing program 5: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', 0x0, 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020301002904027400f8", 0x16}], 0x8003, 0x0) [ 199.069876][ T8234] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 199.096022][ T8234] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8234 [ 199.105601][ T8234] caller is sk_mc_loop+0x1d/0x210 [ 199.110802][ T8234] CPU: 1 PID: 8234 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 199.119810][ T8234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.129886][ T8234] Call Trace: [ 199.133202][ T8234] dump_stack+0x172/0x1f0 [ 199.137539][ T8234] __this_cpu_preempt_check+0x246/0x270 [ 199.143132][ T8234] sk_mc_loop+0x1d/0x210 [ 199.147378][ T8234] ip_mc_output+0x2ef/0xf70 [ 199.152023][ T8234] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 199.152043][ T8234] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 199.152083][ T8234] ip_local_out+0xc4/0x1b0 [ 199.162285][ T8234] ip_send_skb+0x42/0xf0 [ 199.162303][ T8234] ip_push_pending_frames+0x64/0x80 [ 199.162319][ T8234] raw_sendmsg+0x1e6d/0x2f20 [ 199.162343][ T8234] ? compat_raw_getsockopt+0x100/0x100 [ 199.186944][ T8234] ? mark_held_locks+0xa4/0xf0 [ 199.191730][ T8234] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.197179][ T8234] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.206119][ T8234] ? lockdep_hardirqs_on+0x418/0x5d0 [ 199.211406][ T8234] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.216865][ T8234] ? lockdep_hardirqs_on+0x418/0x5d0 [ 199.222144][ T8234] ? __kprobes_text_end+0x69030/0x69030 [ 199.227694][ T8234] ? trace_hardirqs_on_caller+0x6a/0x220 [ 199.233320][ T8234] ? __might_sleep+0x95/0x190 [ 199.238010][ T8234] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.243472][ T8234] ? retint_kernel+0x2d/0x2d [ 199.248062][ T8234] inet_sendmsg+0x147/0x5e0 [ 199.252594][ T8234] ? compat_raw_getsockopt+0x100/0x100 [ 199.258065][ T8234] ? inet_sendmsg+0x147/0x5e0 [ 199.262743][ T8234] ? ipip_gro_receive+0x100/0x100 [ 199.267776][ T8234] sock_sendmsg+0xdd/0x130 [ 199.272183][ T8234] kernel_sendmsg+0x44/0x50 [ 199.276680][ T8234] sock_no_sendpage+0x116/0x150 [ 199.282016][ T8234] ? sock_kfree_s+0x70/0x70 [ 199.286523][ T8234] ? trace_hardirqs_on_caller+0x6a/0x220 [ 199.292159][ T8234] ? retint_kernel+0x2d/0x2d [ 199.296768][ T8234] inet_sendpage+0x44a/0x630 [ 199.301374][ T8234] kernel_sendpage+0x95/0xf0 [ 199.305952][ T8234] ? inet_sendmsg+0x5e0/0x5e0 [ 199.310623][ T8234] sock_sendpage+0x8b/0xc0 [ 199.315036][ T8234] pipe_to_sendpage+0x299/0x370 [ 199.319879][ T8234] ? kernel_sendpage+0xf0/0xf0 [ 199.324639][ T8234] ? direct_splice_actor+0x1a0/0x1a0 [ 199.329920][ T8234] ? __put_page+0x92/0xd0 [ 199.334248][ T8234] ? anon_pipe_buf_release+0x1c6/0x270 [ 199.339709][ T8234] __splice_from_pipe+0x395/0x7d0 [ 199.344740][ T8234] ? direct_splice_actor+0x1a0/0x1a0 [ 199.350025][ T8234] ? direct_splice_actor+0x1a0/0x1a0 [ 199.355307][ T8234] splice_from_pipe+0x108/0x170 [ 199.360151][ T8234] ? splice_shrink_spd+0xd0/0xd0 [ 199.365086][ T8234] ? apparmor_file_permission+0x25/0x30 [ 199.370632][ T8234] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.376873][ T8234] ? security_file_permission+0x94/0x380 [ 199.382505][ T8234] generic_splice_sendpage+0x3c/0x50 [ 199.387784][ T8234] ? splice_from_pipe+0x170/0x170 [ 199.392802][ T8234] do_splice+0x70a/0x13c0 [ 199.397141][ T8234] ? opipe_prep.part.0+0x2d0/0x2d0 [ 199.402258][ T8234] ? __fget_light+0x1a9/0x230 [ 199.406944][ T8234] __x64_sys_splice+0x2c6/0x330 [ 199.411797][ T8234] do_syscall_64+0x103/0x610 [ 199.416403][ T8234] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.422303][ T8234] RIP: 0033:0x4582b9 [ 199.426188][ T8234] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.445820][ T8234] RSP: 002b:00007f1edc29bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 199.454231][ T8234] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 199.462204][ T8234] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000005 [ 199.470176][ T8234] RBP: 000000000073bfa0 R08: 0000000000810005 R09: 0000000000000008 [ 199.478144][ T8234] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1edc29c6d4 [ 199.486111][ T8234] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 199.539941][ T8234] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8234 [ 199.551045][ T8234] caller is sk_mc_loop+0x1d/0x210 [ 199.556255][ T8234] CPU: 1 PID: 8234 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 199.565277][ T8234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.575341][ T8234] Call Trace: [ 199.578632][ T8234] dump_stack+0x172/0x1f0 [ 199.582975][ T8234] __this_cpu_preempt_check+0x246/0x270 [ 199.588629][ T8234] sk_mc_loop+0x1d/0x210 [ 199.592877][ T8234] ip_mc_output+0x2ef/0xf70 [ 199.597374][ T8234] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.602828][ T8234] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 199.607933][ T8234] ? retint_kernel+0x2d/0x2d [ 199.612524][ T8234] ? ip_local_out+0x4b/0x1b0 [ 199.617106][ T8234] ip_local_out+0xc4/0x1b0 [ 199.621522][ T8234] ip_send_skb+0x42/0xf0 [ 199.625755][ T8234] ip_push_pending_frames+0x64/0x80 [ 199.630947][ T8234] raw_sendmsg+0x1e6d/0x2f20 [ 199.635557][ T8234] ? compat_raw_getsockopt+0x100/0x100 [ 199.641015][ T8234] ? mark_held_locks+0xa4/0xf0 [ 199.645783][ T8234] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.651232][ T8234] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.656705][ T8234] ? ___might_sleep+0x163/0x280 [ 199.661595][ T8234] ? __might_sleep+0x95/0x190 [ 199.666274][ T8234] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 199.671913][ T8234] ? aa_sk_perm+0x288/0x880 [ 199.676430][ T8234] ? retint_kernel+0x2d/0x2d [ 199.681026][ T8234] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 199.686569][ T8234] inet_sendmsg+0x147/0x5e0 [ 199.691067][ T8234] ? compat_raw_getsockopt+0x100/0x100 [ 199.696525][ T8234] ? inet_sendmsg+0x147/0x5e0 [ 199.701200][ T8234] ? ipip_gro_receive+0x100/0x100 [ 199.706238][ T8234] sock_sendmsg+0xdd/0x130 [ 199.710651][ T8234] kernel_sendmsg+0x44/0x50 [ 199.715146][ T8234] sock_no_sendpage+0x116/0x150 [ 199.720012][ T8234] ? sock_kfree_s+0x70/0x70 [ 199.724519][ T8234] ? debug_check_no_obj_freed+0x211/0x444 [ 199.730235][ T8234] ? mark_held_locks+0xa4/0xf0 [ 199.734996][ T8234] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.740457][ T8234] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.745912][ T8234] inet_sendpage+0x44a/0x630 [ 199.750501][ T8234] kernel_sendpage+0x95/0xf0 [ 199.755091][ T8234] ? inet_sendmsg+0x5e0/0x5e0 [ 199.759792][ T8234] sock_sendpage+0x8b/0xc0 [ 199.764207][ T8234] pipe_to_sendpage+0x299/0x370 [ 199.769049][ T8234] ? kernel_sendpage+0xf0/0xf0 [ 199.773816][ T8234] ? direct_splice_actor+0x1a0/0x1a0 [ 199.779089][ T8234] ? __put_page+0x92/0xd0 [ 199.783419][ T8234] ? anon_pipe_buf_release+0x1c6/0x270 [ 199.788886][ T8234] __splice_from_pipe+0x395/0x7d0 [ 199.793900][ T8234] ? direct_splice_actor+0x1a0/0x1a0 [ 199.799180][ T8234] ? direct_splice_actor+0x1a0/0x1a0 [ 199.804453][ T8234] splice_from_pipe+0x108/0x170 [ 199.809305][ T8234] ? splice_shrink_spd+0xd0/0xd0 [ 199.814237][ T8234] ? apparmor_file_permission+0x25/0x30 [ 199.819778][ T8234] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.826014][ T8234] ? security_file_permission+0x94/0x380 [ 199.831642][ T8234] generic_splice_sendpage+0x3c/0x50 [ 199.836917][ T8234] ? splice_from_pipe+0x170/0x170 [ 199.841967][ T8234] do_splice+0x70a/0x13c0 [ 199.846312][ T8234] ? opipe_prep.part.0+0x2d0/0x2d0 [ 199.851417][ T8234] ? __fget_light+0x1a9/0x230 [ 199.856087][ T8234] __x64_sys_splice+0x2c6/0x330 [ 199.860942][ T8234] do_syscall_64+0x103/0x610 [ 199.865531][ T8234] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.871520][ T8234] RIP: 0033:0x4582b9 [ 199.875410][ T8234] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.895011][ T8234] RSP: 002b:00007f1edc29bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 199.903425][ T8234] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 199.911386][ T8234] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000005 [ 199.919348][ T8234] RBP: 000000000073bfa0 R08: 0000000000810005 R09: 0000000000000008 [ 199.927316][ T8234] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1edc29c6d4 08:24:23 executing program 3: socketpair$unix(0x1, 0x10000000000001, 0x0, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0xb, 0x140001) ioctl$BLKDISCARD(r0, 0x1277, 0x0) r1 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x3, 0x0) ioctl$sock_SIOCGIFBR(0xffffffffffffffff, 0x8940, &(0x7f00000001c0)=@get={0x1, &(0x7f00000002c0)=""/205, 0x2}) ioctl$sock_inet_SIOCSIFNETMASK(0xffffffffffffffff, 0x891c, 0x0) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r1, 0xc040564a, &(0x7f0000000180)={0x0, 0x1}) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) clock_getres(0x83fffffc, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc\x00', 0x0, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(r2, 0x7003, 0x0) fchmod(r2, 0x0) prctl$PR_CAPBSET_READ(0x17, 0x22) preadv(r2, &(0x7f0000000280)=[{&(0x7f00000003c0)=""/116, 0x74}], 0x1, 0x0) 08:24:23 executing program 2: openat$ashmem(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x1000010000, 0x2000) r1 = memfd_create(&(0x7f0000000c80)='[trusted$\x00', 0x100000000) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) 08:24:23 executing program 5: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', 0x0, 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020301002904027400f8", 0x16}], 0x8003, 0x0) [ 199.935275][ T8234] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 199.979058][ T8234] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8234 [ 199.990039][ T8234] caller is sk_mc_loop+0x1d/0x210 [ 199.995347][ T8234] CPU: 1 PID: 8234 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 200.004365][ T8234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 200.014435][ T8234] Call Trace: [ 200.014457][ T8234] dump_stack+0x172/0x1f0 [ 200.014492][ T8234] __this_cpu_preempt_check+0x246/0x270 [ 200.014511][ T8234] sk_mc_loop+0x1d/0x210 [ 200.031911][ T8234] ip_mc_output+0x2ef/0xf70 [ 200.036424][ T8234] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 200.041565][ T8234] ? __ip_make_skb+0xf15/0x1820 [ 200.046475][ T8234] ? ip_append_data.part.0+0x170/0x170 [ 200.051943][ T8234] ? dst_release+0x62/0xb0 [ 200.051960][ T8234] ? __ip_make_skb+0xf93/0x1820 [ 200.051979][ T8234] ip_local_out+0xc4/0x1b0 [ 200.052006][ T8234] ip_send_skb+0x42/0xf0 [ 200.061289][ T8234] ip_push_pending_frames+0x64/0x80 [ 200.061306][ T8234] raw_sendmsg+0x1e6d/0x2f20 [ 200.061324][ T8234] ? __sanitizer_cov_trace_cmp1+0x11/0x20 [ 200.061345][ T8234] ? compat_raw_getsockopt+0x100/0x100 [ 200.061371][ T8234] ? find_held_lock+0x35/0x130 [ 200.061392][ T8234] ? free_one_page+0x9e2/0x1260 [ 200.100625][ T8234] ? ___might_sleep+0x163/0x280 [ 200.105482][ T8234] ? __might_sleep+0x95/0x190 [ 200.110180][ T8234] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 200.115808][ T8234] ? aa_sk_perm+0x288/0x880 [ 200.120323][ T8234] ? mark_held_locks+0xa4/0xf0 [ 200.125084][ T8234] ? __free_pages_ok+0x625/0xda0 [ 200.130021][ T8234] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 200.135592][ T8234] inet_sendmsg+0x147/0x5e0 [ 200.140086][ T8234] ? compat_raw_getsockopt+0x100/0x100 [ 200.145535][ T8234] ? inet_sendmsg+0x147/0x5e0 [ 200.150202][ T8234] ? ipip_gro_receive+0x100/0x100 [ 200.155229][ T8234] sock_sendmsg+0xdd/0x130 [ 200.159635][ T8234] kernel_sendmsg+0x44/0x50 [ 200.164138][ T8234] sock_no_sendpage+0x116/0x150 [ 200.168980][ T8234] ? sock_kfree_s+0x70/0x70 [ 200.173487][ T8234] ? retint_kernel+0x2d/0x2d [ 200.178085][ T8234] ? trace_hardirqs_on_caller+0x6a/0x220 [ 200.183720][ T8234] inet_sendpage+0x44a/0x630 [ 200.188307][ T8234] kernel_sendpage+0x95/0xf0 [ 200.192897][ T8234] ? inet_sendmsg+0x5e0/0x5e0 [ 200.197567][ T8234] sock_sendpage+0x8b/0xc0 [ 200.201979][ T8234] ? lockdep_hardirqs_on+0x418/0x5d0 [ 200.207253][ T8234] pipe_to_sendpage+0x299/0x370 [ 200.212093][ T8234] ? kernel_sendpage+0xf0/0xf0 [ 200.216850][ T8234] ? direct_splice_actor+0x1a0/0x1a0 [ 200.222130][ T8234] ? __put_page+0x92/0xd0 [ 200.226473][ T8234] ? anon_pipe_buf_release+0x1c6/0x270 [ 200.231988][ T8234] __splice_from_pipe+0x395/0x7d0 [ 200.237019][ T8234] ? direct_splice_actor+0x1a0/0x1a0 [ 200.242321][ T8234] ? direct_splice_actor+0x1a0/0x1a0 [ 200.247596][ T8234] splice_from_pipe+0x108/0x170 [ 200.252438][ T8234] ? splice_shrink_spd+0xd0/0xd0 [ 200.257379][ T8234] ? apparmor_file_permission+0x25/0x30 [ 200.262945][ T8234] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 200.269188][ T8234] ? security_file_permission+0x94/0x380 [ 200.274828][ T8234] generic_splice_sendpage+0x3c/0x50 [ 200.280628][ T8234] ? splice_from_pipe+0x170/0x170 [ 200.285648][ T8234] do_splice+0x70a/0x13c0 [ 200.289980][ T8234] ? opipe_prep.part.0+0x2d0/0x2d0 [ 200.295099][ T8234] ? __fget_light+0x1a9/0x230 [ 200.299828][ T8234] __x64_sys_splice+0x2c6/0x330 [ 200.304680][ T8234] do_syscall_64+0x103/0x610 [ 200.309264][ T8234] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.315152][ T8234] RIP: 0033:0x4582b9 [ 200.319037][ T8234] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 200.338644][ T8234] RSP: 002b:00007f1edc29bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 200.347061][ T8234] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 200.355086][ T8234] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000005 [ 200.363064][ T8234] RBP: 000000000073bfa0 R08: 0000000000810005 R09: 0000000000000008 [ 200.371045][ T8234] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1edc29c6d4 08:24:24 executing program 1: socketpair$unix(0x1, 0x10000000000001, 0x0, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0xb, 0x140001) ioctl$BLKDISCARD(r0, 0x1277, 0x0) r1 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x3, 0x0) ioctl$sock_SIOCGIFBR(0xffffffffffffffff, 0x8940, &(0x7f00000001c0)=@get={0x1, &(0x7f00000002c0)=""/205, 0x2}) ioctl$sock_inet_SIOCSIFNETMASK(0xffffffffffffffff, 0x891c, 0x0) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r1, 0xc040564a, &(0x7f0000000180)={0x0, 0x1}) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) clock_getres(0x83fffffc, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc\x00', 0x0, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(r2, 0x7003, 0x0) fchmod(r2, 0x0) prctl$PR_CAPBSET_READ(0x17, 0x22) preadv(r2, &(0x7f0000000280)=[{&(0x7f00000003c0)=""/116, 0x74}], 0x1, 0x0) [ 200.379010][ T8234] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff 08:24:24 executing program 0: socketpair$unix(0x1, 0x10000000000001, 0x0, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0xb, 0x140001) ioctl$BLKDISCARD(r0, 0x1277, 0x0) r1 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x3, 0x0) ioctl$sock_SIOCGIFBR(0xffffffffffffffff, 0x8940, &(0x7f00000001c0)=@get={0x1, &(0x7f00000002c0)=""/205, 0x2}) ioctl$sock_inet_SIOCSIFNETMASK(0xffffffffffffffff, 0x891c, 0x0) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r1, 0xc040564a, &(0x7f0000000180)={0x0, 0x1}) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) clock_getres(0x83fffffc, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc\x00', 0x0, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(r2, 0x7003, 0x0) fchmod(r2, 0x0) prctl$PR_CAPBSET_READ(0x17, 0x22) preadv(r2, &(0x7f0000000280)=[{&(0x7f00000003c0)=""/116, 0x74}], 0x1, 0x0) [ 200.424957][ T8234] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8234 [ 200.436699][ T8234] caller is sk_mc_loop+0x1d/0x210 [ 200.442038][ T8234] CPU: 1 PID: 8234 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 200.451058][ T8234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 200.461124][ T8234] Call Trace: [ 200.464440][ T8234] dump_stack+0x172/0x1f0 [ 200.468792][ T8234] __this_cpu_preempt_check+0x246/0x270 [ 200.474348][ T8234] sk_mc_loop+0x1d/0x210 [ 200.478604][ T8234] ip_mc_output+0x2ef/0xf70 [ 200.483091][ T8234] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 200.488202][ T8234] ? __ip_make_skb+0xf15/0x1820 [ 200.493049][ T8234] ? ip_append_data.part.0+0x170/0x170 [ 200.498484][ T8234] ? dst_release+0x62/0xb0 [ 200.502876][ T8234] ? __ip_make_skb+0xf93/0x1820 [ 200.507713][ T8234] ip_local_out+0xc4/0x1b0 [ 200.512155][ T8234] ip_send_skb+0x42/0xf0 [ 200.516410][ T8234] ip_push_pending_frames+0x64/0x80 [ 200.516428][ T8234] raw_sendmsg+0x1e6d/0x2f20 [ 200.516464][ T8234] ? compat_raw_getsockopt+0x100/0x100 [ 200.526233][ T8234] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.526256][ T8234] ? retint_kernel+0x2d/0x2d [ 200.526284][ T8234] ? ___might_sleep+0x163/0x280 [ 200.526303][ T8234] ? __might_sleep+0x95/0x190 [ 200.526328][ T8234] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 200.556866][ T8234] ? aa_sk_perm+0x288/0x880 [ 200.561383][ T8234] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 200.566955][ T8234] inet_sendmsg+0x147/0x5e0 [ 200.571458][ T8234] ? compat_raw_getsockopt+0x100/0x100 [ 200.576915][ T8234] ? inet_sendmsg+0x147/0x5e0 [ 200.581599][ T8234] ? ipip_gro_receive+0x100/0x100 [ 200.586617][ T8234] sock_sendmsg+0xdd/0x130 [ 200.591017][ T8234] kernel_sendmsg+0x44/0x50 [ 200.595502][ T8234] sock_no_sendpage+0x116/0x150 [ 200.600346][ T8234] ? sock_kfree_s+0x70/0x70 [ 200.604852][ T8234] ? trace_hardirqs_on_caller+0x6a/0x220 [ 200.610487][ T8234] ? retint_kernel+0x2d/0x2d [ 200.615073][ T8234] inet_sendpage+0x44a/0x630 [ 200.619664][ T8234] kernel_sendpage+0x95/0xf0 [ 200.624272][ T8234] ? inet_sendmsg+0x5e0/0x5e0 [ 200.628978][ T8234] sock_sendpage+0x8b/0xc0 [ 200.633406][ T8234] ? lockdep_hardirqs_on+0x418/0x5d0 [ 200.638698][ T8234] pipe_to_sendpage+0x299/0x370 [ 200.643561][ T8234] ? kernel_sendpage+0xf0/0xf0 [ 200.648334][ T8234] ? direct_splice_actor+0x1a0/0x1a0 [ 200.653617][ T8234] ? __put_page+0x92/0xd0 [ 200.653635][ T8234] ? anon_pipe_buf_release+0x1c6/0x270 [ 200.653654][ T8234] __splice_from_pipe+0x395/0x7d0 [ 200.653671][ T8234] ? direct_splice_actor+0x1a0/0x1a0 [ 200.653700][ T8234] ? direct_splice_actor+0x1a0/0x1a0 [ 200.663505][ T8234] splice_from_pipe+0x108/0x170 [ 200.663523][ T8234] ? splice_shrink_spd+0xd0/0xd0 [ 200.663544][ T8234] ? apparmor_file_permission+0x25/0x30 [ 200.663564][ T8234] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 200.700667][ T8234] ? security_file_permission+0x94/0x380 [ 200.700691][ T8234] generic_splice_sendpage+0x3c/0x50 [ 200.700707][ T8234] ? splice_from_pipe+0x170/0x170 [ 200.700723][ T8234] do_splice+0x70a/0x13c0 [ 200.700748][ T8234] ? opipe_prep.part.0+0x2d0/0x2d0 [ 200.700770][ T8234] ? __fget_light+0x1a9/0x230 [ 200.711683][ T8234] __x64_sys_splice+0x2c6/0x330 [ 200.711709][ T8234] do_syscall_64+0x103/0x610 [ 200.711730][ T8234] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.711743][ T8234] RIP: 0033:0x4582b9 [ 200.711758][ T8234] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 200.711766][ T8234] RSP: 002b:00007f1edc29bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 200.778059][ T8234] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 200.786058][ T8234] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000005 [ 200.794030][ T8234] RBP: 000000000073bfa0 R08: 0000000000810005 R09: 0000000000000008 [ 200.802003][ T8234] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1edc29c6d4 [ 200.809979][ T8234] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 200.825168][ T8234] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8234 [ 200.835024][ T8234] caller is sk_mc_loop+0x1d/0x210 [ 200.840160][ T8234] CPU: 1 PID: 8234 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 200.849183][ T8234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 200.859246][ T8234] Call Trace: [ 200.862548][ T8234] dump_stack+0x172/0x1f0 [ 200.862572][ T8234] __this_cpu_preempt_check+0x246/0x270 [ 200.862589][ T8234] sk_mc_loop+0x1d/0x210 [ 200.862609][ T8234] ip_mc_output+0x2ef/0xf70 [ 200.872506][ T8234] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 200.872521][ T8234] ? retint_kernel+0x2d/0x2d [ 200.872538][ T8234] ? ip_append_data.part.0+0x170/0x170 [ 200.872559][ T8234] ip_local_out+0xc4/0x1b0 [ 200.872574][ T8234] ip_send_skb+0x42/0xf0 [ 200.872593][ T8234] ip_push_pending_frames+0x64/0x80 [ 200.910302][ T8234] raw_sendmsg+0x1e6d/0x2f20 [ 200.914906][ T8234] ? compat_raw_getsockopt+0x100/0x100 [ 200.920374][ T8234] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.925844][ T8234] ? retint_kernel+0x2d/0x2d [ 200.930457][ T8234] ? ___might_sleep+0x163/0x280 [ 200.935319][ T8234] ? __might_sleep+0x95/0x190 [ 200.940029][ T8234] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 200.945667][ T8234] ? aa_sk_perm+0x288/0x880 [ 200.950171][ T8234] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 200.955697][ T8234] inet_sendmsg+0x147/0x5e0 [ 200.960188][ T8234] ? compat_raw_getsockopt+0x100/0x100 [ 200.965625][ T8234] ? inet_sendmsg+0x147/0x5e0 [ 200.970281][ T8234] ? ipip_gro_receive+0x100/0x100 [ 200.975290][ T8234] sock_sendmsg+0xdd/0x130 [ 200.979690][ T8234] kernel_sendmsg+0x44/0x50 [ 200.984196][ T8234] sock_no_sendpage+0x116/0x150 [ 200.989031][ T8234] ? sock_kfree_s+0x70/0x70 [ 200.993512][ T8234] ? debug_check_no_obj_freed+0x211/0x444 [ 200.999213][ T8234] ? mark_held_locks+0xa4/0xf0 [ 201.003954][ T8234] inet_sendpage+0x44a/0x630 [ 201.008542][ T8234] kernel_sendpage+0x95/0xf0 [ 201.013130][ T8234] ? inet_sendmsg+0x5e0/0x5e0 [ 201.017884][ T8234] sock_sendpage+0x8b/0xc0 [ 201.022284][ T8234] ? lockdep_hardirqs_on+0x418/0x5d0 [ 201.027563][ T8234] pipe_to_sendpage+0x299/0x370 [ 201.032408][ T8234] ? kernel_sendpage+0xf0/0xf0 [ 201.037155][ T8234] ? direct_splice_actor+0x1a0/0x1a0 [ 201.042417][ T8234] ? __put_page+0x92/0xd0 [ 201.046726][ T8234] ? anon_pipe_buf_release+0x1c6/0x270 [ 201.052179][ T8234] __splice_from_pipe+0x395/0x7d0 [ 201.057218][ T8234] ? direct_splice_actor+0x1a0/0x1a0 [ 201.062493][ T8234] ? direct_splice_actor+0x1a0/0x1a0 [ 201.067767][ T8234] splice_from_pipe+0x108/0x170 [ 201.072612][ T8234] ? splice_shrink_spd+0xd0/0xd0 [ 201.077533][ T8234] ? apparmor_file_permission+0x25/0x30 [ 201.083054][ T8234] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 201.089284][ T8234] ? security_file_permission+0x94/0x380 [ 201.094923][ T8234] generic_splice_sendpage+0x3c/0x50 [ 201.100202][ T8234] ? splice_from_pipe+0x170/0x170 [ 201.105212][ T8234] do_splice+0x70a/0x13c0 [ 201.109545][ T8234] ? opipe_prep.part.0+0x2d0/0x2d0 [ 201.114636][ T8234] ? __fget_light+0x1a9/0x230 [ 201.119303][ T8234] __x64_sys_splice+0x2c6/0x330 [ 201.124139][ T8234] do_syscall_64+0x103/0x610 [ 201.128837][ T8234] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 201.134715][ T8234] RIP: 0033:0x4582b9 [ 201.138587][ T8234] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 201.158163][ T8234] RSP: 002b:00007f1edc29bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 201.166548][ T8234] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 201.174761][ T8234] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000005 [ 201.182719][ T8234] RBP: 000000000073bfa0 R08: 0000000000810005 R09: 0000000000000008 [ 201.190666][ T8234] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1edc29c6d4 [ 201.198614][ T8234] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 201.230434][ T8234] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8234 [ 201.239744][ T8234] caller is sk_mc_loop+0x1d/0x210 [ 201.246289][ T8234] CPU: 0 PID: 8234 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 201.255320][ T8234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 201.265392][ T8234] Call Trace: [ 201.268822][ T8234] dump_stack+0x172/0x1f0 [ 201.273139][ T8234] __this_cpu_preempt_check+0x246/0x270 [ 201.278677][ T8234] sk_mc_loop+0x1d/0x210 [ 201.283266][ T8234] ip_mc_output+0x2ef/0xf70 [ 201.287771][ T8234] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 201.292886][ T8234] ? __ip_make_skb+0xf15/0x1820 [ 201.297731][ T8234] ? ip_append_data.part.0+0x170/0x170 [ 201.303181][ T8234] ? dst_release+0x62/0xb0 [ 201.307598][ T8234] ? __ip_make_skb+0xf93/0x1820 [ 201.312455][ T8234] ip_local_out+0xc4/0x1b0 [ 201.317275][ T8234] ip_send_skb+0x42/0xf0 [ 201.321643][ T8234] ip_push_pending_frames+0x64/0x80 [ 201.326848][ T8234] raw_sendmsg+0x1e6d/0x2f20 [ 201.331457][ T8234] ? compat_raw_getsockopt+0x100/0x100 [ 201.336915][ T8234] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 201.342373][ T8234] ? mark_held_locks+0xa4/0xf0 [ 201.347143][ T8234] ? ___might_sleep+0x163/0x280 [ 201.351994][ T8234] ? __might_sleep+0x95/0x190 [ 201.356671][ T8234] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 201.362297][ T8234] ? aa_sk_perm+0x288/0x880 [ 201.366802][ T8234] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 201.372344][ T8234] inet_sendmsg+0x147/0x5e0 [ 201.376837][ T8234] ? compat_raw_getsockopt+0x100/0x100 [ 201.382286][ T8234] ? inet_sendmsg+0x147/0x5e0 [ 201.386959][ T8234] ? ipip_gro_receive+0x100/0x100 [ 201.391977][ T8234] sock_sendmsg+0xdd/0x130 [ 201.396414][ T8234] kernel_sendmsg+0x44/0x50 [ 201.400934][ T8234] sock_no_sendpage+0x116/0x150 [ 201.405778][ T8234] ? sock_kfree_s+0x70/0x70 [ 201.410311][ T8234] ? mark_held_locks+0xa4/0xf0 [ 201.415084][ T8234] inet_sendpage+0x44a/0x630 [ 201.419685][ T8234] kernel_sendpage+0x95/0xf0 [ 201.424269][ T8234] ? inet_sendmsg+0x5e0/0x5e0 [ 201.428945][ T8234] sock_sendpage+0x8b/0xc0 [ 201.433372][ T8234] pipe_to_sendpage+0x299/0x370 [ 201.438237][ T8234] ? kernel_sendpage+0xf0/0xf0 [ 201.442998][ T8234] ? direct_splice_actor+0x1a0/0x1a0 [ 201.448300][ T8234] ? pipe_to_sendpage+0x2c/0x370 [ 201.453246][ T8234] __splice_from_pipe+0x395/0x7d0 [ 201.458262][ T8234] ? direct_splice_actor+0x1a0/0x1a0 [ 201.463547][ T8234] ? direct_splice_actor+0x1a0/0x1a0 [ 201.468821][ T8234] splice_from_pipe+0x108/0x170 [ 201.473694][ T8234] ? splice_shrink_spd+0xd0/0xd0 [ 201.478636][ T8234] ? apparmor_file_permission+0x25/0x30 [ 201.484181][ T8234] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 201.490417][ T8234] ? security_file_permission+0x94/0x380 [ 201.496068][ T8234] generic_splice_sendpage+0x3c/0x50 [ 201.501343][ T8234] ? splice_from_pipe+0x170/0x170 [ 201.506356][ T8234] do_splice+0x70a/0x13c0 [ 201.510682][ T8234] ? opipe_prep.part.0+0x2d0/0x2d0 [ 201.515787][ T8234] ? __fget_light+0x1a9/0x230 [ 201.520478][ T8234] __x64_sys_splice+0x2c6/0x330 [ 201.525330][ T8234] do_syscall_64+0x103/0x610 [ 201.529918][ T8234] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 201.535808][ T8234] RIP: 0033:0x4582b9 [ 201.539698][ T8234] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 201.559292][ T8234] RSP: 002b:00007f1edc29bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 201.567723][ T8234] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 201.575684][ T8234] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000005 [ 201.583648][ T8234] RBP: 000000000073bfa0 R08: 0000000000810005 R09: 0000000000000008 [ 201.591612][ T8234] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1edc29c6d4 [ 201.599580][ T8234] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 201.623429][ T8234] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8234 [ 201.633336][ T8234] caller is sk_mc_loop+0x1d/0x210 [ 201.638543][ T8234] CPU: 1 PID: 8234 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 201.647557][ T8234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 201.657622][ T8234] Call Trace: [ 201.660904][ T8234] dump_stack+0x172/0x1f0 [ 201.665220][ T8234] __this_cpu_preempt_check+0x246/0x270 [ 201.670744][ T8234] sk_mc_loop+0x1d/0x210 [ 201.674966][ T8234] ip_mc_output+0x2ef/0xf70 [ 201.679459][ T8234] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 201.685014][ T8234] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 201.690101][ T8234] ? retint_kernel+0x2d/0x2d [ 201.694674][ T8234] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 201.699785][ T8234] ip_local_out+0xc4/0x1b0 [ 201.704228][ T8234] ip_send_skb+0x42/0xf0 [ 201.708447][ T8234] ip_push_pending_frames+0x64/0x80 [ 201.713635][ T8234] raw_sendmsg+0x1e6d/0x2f20 [ 201.718202][ T8234] ? compat_raw_getsockopt+0x100/0x100 [ 201.723665][ T8234] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 201.729115][ T8234] ? mark_held_locks+0xa4/0xf0 [ 201.733865][ T8234] ? ___might_sleep+0x163/0x280 [ 201.738694][ T8234] ? __might_sleep+0x95/0x190 [ 201.743348][ T8234] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 201.748966][ T8234] ? aa_sk_perm+0x288/0x880 [ 201.753443][ T8234] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 201.758872][ T8234] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 201.764333][ T8234] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 201.769881][ T8234] inet_sendmsg+0x147/0x5e0 [ 201.774361][ T8234] ? compat_raw_getsockopt+0x100/0x100 [ 201.779792][ T8234] ? inet_sendmsg+0x147/0x5e0 [ 201.784453][ T8234] ? ipip_gro_receive+0x100/0x100 [ 201.789455][ T8234] sock_sendmsg+0xdd/0x130 [ 201.793849][ T8234] kernel_sendmsg+0x44/0x50 [ 201.798342][ T8234] sock_no_sendpage+0x116/0x150 [ 201.803164][ T8234] ? sock_kfree_s+0x70/0x70 [ 201.807661][ T8234] ? inet_sendpage+0x26/0x630 [ 201.812325][ T8234] inet_sendpage+0x44a/0x630 [ 201.816890][ T8234] kernel_sendpage+0x95/0xf0 [ 201.821466][ T8234] ? inet_sendmsg+0x5e0/0x5e0 [ 201.826158][ T8234] sock_sendpage+0x8b/0xc0 [ 201.830581][ T8234] ? lockdep_hardirqs_on+0x418/0x5d0 [ 201.835840][ T8234] pipe_to_sendpage+0x299/0x370 [ 201.840666][ T8234] ? kernel_sendpage+0xf0/0xf0 [ 201.845410][ T8234] ? direct_splice_actor+0x1a0/0x1a0 [ 201.850672][ T8234] ? __put_page+0x92/0xd0 [ 201.854992][ T8234] ? anon_pipe_buf_release+0x1c6/0x270 [ 201.860430][ T8234] __splice_from_pipe+0x395/0x7d0 [ 201.865429][ T8234] ? direct_splice_actor+0x1a0/0x1a0 [ 201.870694][ T8234] ? direct_splice_actor+0x1a0/0x1a0 [ 201.875950][ T8234] splice_from_pipe+0x108/0x170 [ 201.880778][ T8234] ? splice_shrink_spd+0xd0/0xd0 [ 201.885690][ T8234] ? apparmor_file_permission+0x25/0x30 [ 201.891211][ T8234] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 201.897446][ T8234] ? security_file_permission+0x94/0x380 [ 201.903059][ T8234] generic_splice_sendpage+0x3c/0x50 [ 201.908333][ T8234] ? splice_from_pipe+0x170/0x170 [ 201.913356][ T8234] do_splice+0x70a/0x13c0 [ 201.917667][ T8234] ? opipe_prep.part.0+0x2d0/0x2d0 [ 201.922759][ T8234] ? __fget_light+0x1a9/0x230 [ 201.927413][ T8234] __x64_sys_splice+0x2c6/0x330 [ 201.932247][ T8234] do_syscall_64+0x103/0x610 [ 201.936829][ T8234] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 201.942706][ T8234] RIP: 0033:0x4582b9 [ 201.946572][ T8234] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 201.966175][ T8234] RSP: 002b:00007f1edc29bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 201.974572][ T8234] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 201.982522][ T8234] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000005 [ 201.990501][ T8234] RBP: 000000000073bfa0 R08: 0000000000810005 R09: 0000000000000008 [ 201.998449][ T8234] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1edc29c6d4 [ 202.006399][ T8234] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 202.023044][ T8234] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8234 [ 202.032582][ T8234] caller is sk_mc_loop+0x1d/0x210 [ 202.037663][ T8234] CPU: 1 PID: 8234 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 202.046657][ T8234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 202.056684][ T8234] Call Trace: [ 202.059977][ T8234] dump_stack+0x172/0x1f0 [ 202.064316][ T8234] __this_cpu_preempt_check+0x246/0x270 [ 202.069837][ T8234] sk_mc_loop+0x1d/0x210 [ 202.074058][ T8234] ip_mc_output+0x2ef/0xf70 [ 202.078565][ T8234] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 202.084038][ T8234] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 202.089130][ T8234] ? retint_kernel+0x2d/0x2d [ 202.093716][ T8234] ? ip_local_out+0x4b/0x1b0 [ 202.098292][ T8234] ip_local_out+0xc4/0x1b0 [ 202.102685][ T8234] ip_send_skb+0x42/0xf0 [ 202.106902][ T8234] ip_push_pending_frames+0x64/0x80 [ 202.112074][ T8234] raw_sendmsg+0x1e6d/0x2f20 [ 202.116644][ T8234] ? compat_raw_getsockopt+0x100/0x100 [ 202.122078][ T8234] ? mark_held_locks+0xa4/0xf0 [ 202.126838][ T8234] ? lockdep_hardirqs_on+0x418/0x5d0 [ 202.132130][ T8234] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 202.137577][ T8234] ? ___might_sleep+0x163/0x280 [ 202.142443][ T8234] ? __might_sleep+0x95/0x190 [ 202.147110][ T8234] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 202.152766][ T8234] ? aa_sk_perm+0x288/0x880 [ 202.157261][ T8234] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 202.162794][ T8234] inet_sendmsg+0x147/0x5e0 [ 202.167288][ T8234] ? compat_raw_getsockopt+0x100/0x100 [ 202.172719][ T8234] ? inet_sendmsg+0x147/0x5e0 [ 202.177367][ T8234] ? ipip_gro_receive+0x100/0x100 [ 202.182369][ T8234] sock_sendmsg+0xdd/0x130 [ 202.186766][ T8234] kernel_sendmsg+0x44/0x50 [ 202.191256][ T8234] sock_no_sendpage+0x116/0x150 [ 202.196084][ T8234] ? sock_kfree_s+0x70/0x70 [ 202.200566][ T8234] ? trace_hardirqs_on_caller+0x6a/0x220 [ 202.206203][ T8234] ? retint_kernel+0x2d/0x2d [ 202.210772][ T8234] inet_sendpage+0x44a/0x630 [ 202.215356][ T8234] kernel_sendpage+0x95/0xf0 [ 202.219935][ T8234] ? inet_sendmsg+0x5e0/0x5e0 [ 202.224590][ T8234] sock_sendpage+0x8b/0xc0 [ 202.228988][ T8234] ? lockdep_hardirqs_on+0x418/0x5d0 [ 202.234250][ T8234] pipe_to_sendpage+0x299/0x370 [ 202.239080][ T8234] ? kernel_sendpage+0xf0/0xf0 [ 202.243823][ T8234] ? direct_splice_actor+0x1a0/0x1a0 [ 202.249085][ T8234] ? __put_page+0x92/0xd0 [ 202.253390][ T8234] ? anon_pipe_buf_release+0x1c6/0x270 [ 202.258836][ T8234] __splice_from_pipe+0x395/0x7d0 [ 202.263834][ T8234] ? direct_splice_actor+0x1a0/0x1a0 [ 202.269108][ T8234] ? direct_splice_actor+0x1a0/0x1a0 [ 202.274390][ T8234] splice_from_pipe+0x108/0x170 [ 202.279217][ T8234] ? splice_shrink_spd+0xd0/0xd0 [ 202.284139][ T8234] ? apparmor_file_permission+0x25/0x30 [ 202.289663][ T8234] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.295909][ T8234] ? security_file_permission+0x94/0x380 [ 202.301523][ T8234] generic_splice_sendpage+0x3c/0x50 [ 202.306788][ T8234] ? splice_from_pipe+0x170/0x170 [ 202.311788][ T8234] do_splice+0x70a/0x13c0 [ 202.316097][ T8234] ? opipe_prep.part.0+0x2d0/0x2d0 [ 202.321191][ T8234] ? __fget_light+0x1a9/0x230 [ 202.325845][ T8234] __x64_sys_splice+0x2c6/0x330 [ 202.330691][ T8234] do_syscall_64+0x103/0x610 [ 202.335273][ T8234] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.341143][ T8234] RIP: 0033:0x4582b9 [ 202.345044][ T8234] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 202.364632][ T8234] RSP: 002b:00007f1edc29bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 202.373016][ T8234] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 202.380958][ T8234] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000005 [ 202.388910][ T8234] RBP: 000000000073bfa0 R08: 0000000000810005 R09: 0000000000000008 [ 202.396855][ T8234] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1edc29c6d4 [ 202.404812][ T8234] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff 08:24:26 executing program 4: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000100)='/dev/full\x00', 0x0, 0x0) write$P9_RCREATE(0xffffffffffffffff, 0x0, 0xfffffdf5) close(r0) prctl$PR_MCE_KILL_GET(0x22) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000340)) getpid() setsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) ioctl$TIOCSLCKTRMIOS(0xffffffffffffffff, 0x5457, 0x0) setsockopt$inet_mreq(r0, 0x0, 0x0, &(0x7f0000000080)={@remote, @remote}, 0x8) 08:24:26 executing program 5: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', 0x0, 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020301002904027400f8", 0x16}], 0x8003, 0x0) 08:24:26 executing program 3: socketpair$unix(0x1, 0x10000000000001, 0x0, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0xb, 0x140001) ioctl$BLKDISCARD(r0, 0x1277, 0x0) r1 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x3, 0x0) ioctl$sock_SIOCGIFBR(0xffffffffffffffff, 0x8940, &(0x7f00000001c0)=@get={0x1, &(0x7f00000002c0)=""/205, 0x2}) ioctl$sock_inet_SIOCSIFNETMASK(0xffffffffffffffff, 0x891c, 0x0) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r1, 0xc040564a, &(0x7f0000000180)={0x0, 0x1}) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) clock_getres(0x83fffffc, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc\x00', 0x0, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(r2, 0x7003, 0x0) fchmod(r2, 0x0) prctl$PR_CAPBSET_READ(0x17, 0x22) preadv(r2, &(0x7f0000000280)=[{&(0x7f00000003c0)=""/116, 0x74}], 0x1, 0x0) 08:24:26 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000003c0)=""/27, 0x1b}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/fib_triestat\x00') preadv(r1, &(0x7f0000000480), 0x2000000000000113, 0x0) 08:24:26 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_pts(r0, 0x0) write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x35b) ioctl$TCSETA(r1, 0x5406, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x100000009b4b62b}) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x17}) 08:24:26 executing program 0: socketpair$unix(0x1, 0x10000000000001, 0x0, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0xb, 0x140001) ioctl$BLKDISCARD(r0, 0x1277, 0x0) r1 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x3, 0x0) ioctl$sock_SIOCGIFBR(0xffffffffffffffff, 0x8940, &(0x7f00000001c0)=@get={0x1, &(0x7f00000002c0)=""/205, 0x2}) ioctl$sock_inet_SIOCSIFNETMASK(0xffffffffffffffff, 0x891c, 0x0) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r1, 0xc040564a, &(0x7f0000000180)={0x0, 0x1}) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) clock_getres(0x83fffffc, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc\x00', 0x0, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(r2, 0x7003, 0x0) fchmod(r2, 0x0) prctl$PR_CAPBSET_READ(0x17, 0x22) preadv(r2, &(0x7f0000000280)=[{&(0x7f00000003c0)=""/116, 0x74}], 0x1, 0x0) 08:24:26 executing program 4: lseek(0xffffffffffffffff, 0x0, 0x0) clone(0x3102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0xa7}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:24:26 executing program 5: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020301002904027400f8", 0x16}], 0x8003, 0x0) 08:24:26 executing program 0: socketpair$unix(0x1, 0x10000000000001, 0x0, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0xb, 0x140001) ioctl$BLKDISCARD(r0, 0x1277, 0x0) r1 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x3, 0x0) ioctl$sock_SIOCGIFBR(0xffffffffffffffff, 0x8940, &(0x7f00000001c0)=@get={0x1, &(0x7f00000002c0)=""/205, 0x2}) ioctl$sock_inet_SIOCSIFNETMASK(0xffffffffffffffff, 0x891c, 0x0) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r1, 0xc040564a, &(0x7f0000000180)={0x0, 0x1}) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) clock_getres(0x83fffffc, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc\x00', 0x0, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(r2, 0x7003, 0x0) fchmod(r2, 0x0) prctl$PR_CAPBSET_READ(0x17, 0x22) preadv(r2, &(0x7f0000000280)=[{&(0x7f00000003c0)=""/116, 0x74}], 0x1, 0x0) 08:24:26 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCFLSH(r0, 0x540b, 0x0) 08:24:26 executing program 0: socketpair$unix(0x1, 0x10000000000001, 0x0, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0xb, 0x140001) ioctl$BLKDISCARD(r0, 0x1277, 0x0) r1 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x3, 0x0) ioctl$sock_SIOCGIFBR(0xffffffffffffffff, 0x8940, &(0x7f00000001c0)=@get={0x1, &(0x7f00000002c0)=""/205, 0x2}) ioctl$sock_inet_SIOCSIFNETMASK(0xffffffffffffffff, 0x891c, 0x0) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r1, 0xc040564a, &(0x7f0000000180)={0x0, 0x1}) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) clock_getres(0x83fffffc, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc\x00', 0x0, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(r2, 0x7003, 0x0) fchmod(r2, 0x0) prctl$PR_CAPBSET_READ(0x17, 0x22) 08:24:26 executing program 5: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020301002904027400f8", 0x16}], 0x8003, 0x0) 08:24:26 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x8800, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001440), 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000380)='/group.sta\x9f\xd4t\x00+\x04J{\t\xab\v\x02t\xe1\t\x85\xa6\xfa\x15\xb3[\xa6\x94!\xf2\x04\xde\xc5f\x8a\x06\x00\x00\x00\xb9\x0f\xf8`\xe0\x1f&+\xaf\xacu\nm\\\xe2Y\xcba\xea\f\xd9DXX>\xef/\xc5\x97\xea\x93\xa7\xde\xc9\xb4\x16\x8eF\x8b\xe0Wm\x1d\x0e\xbf\x8b\xc4G\x8f\x8e\xd8[T|i$\x88\x04\x00\x00\x00\x00\x00\x00\x00\x90\x1eB\x8b\x98\xad\xd17_Q\xe15\x84\x8f\xea\x98\xc6\xe3WE\x11\xe0\xc6\x1f\xf2/\xf6\x1f', 0x2761, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x5460, &(0x7f0000000000)) 08:24:26 executing program 0: socketpair$unix(0x1, 0x10000000000001, 0x0, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0xb, 0x140001) ioctl$BLKDISCARD(r0, 0x1277, 0x0) r1 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x3, 0x0) ioctl$sock_SIOCGIFBR(0xffffffffffffffff, 0x8940, &(0x7f00000001c0)=@get={0x1, &(0x7f00000002c0)=""/205, 0x2}) ioctl$sock_inet_SIOCSIFNETMASK(0xffffffffffffffff, 0x891c, 0x0) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r1, 0xc040564a, &(0x7f0000000180)={0x0, 0x1}) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) clock_getres(0x83fffffc, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc\x00', 0x0, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(r2, 0x7003, 0x0) fchmod(r2, 0x0)